From a2913ab24db1404791bc408e36d9611a8e45cea3 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Thu, 16 Apr 2026 04:55:00 -0400 Subject: [PATCH] import CS python3.14-3.14.3-1.el9 --- .fmf/version | 1 - .gitignore | 4 +- .python3.14.metadata | 1 + 00478-cve-2026-4519.patch | 114 ------------------ .../00251-change-user-install-location.patch | 0 00329-fips.patch => SOURCES/00329-fips.patch | 0 ...-pac-and-bti-protections-for-aarch64.patch | 0 ...not-working-with-older-expat-version.patch | 0 .../00474-cve-2025-15366.patch | 0 .../00475-cve-2025-15367.patch | 0 ...piled-for-a-different-python-version.patch | 0 .../check-pyc-timestamps.py | 0 .../idle3.appdata.xml | 0 idle3.desktop => SOURCES/idle3.desktop | 0 python3.14.spec => SPECS/python3.14.spec | 49 ++------ expat-requires.py | 50 -------- gating.yaml | 6 - plan.fmf | 80 ------------ rpminspect.yaml | 37 ------ rpmlint.toml | 106 ---------------- sources | 1 - 21 files changed, 10 insertions(+), 439 deletions(-) delete mode 100644 .fmf/version create mode 100644 .python3.14.metadata delete mode 100644 00478-cve-2026-4519.patch rename 00251-change-user-install-location.patch => SOURCES/00251-change-user-install-location.patch (100%) rename 00329-fips.patch => SOURCES/00329-fips.patch (100%) rename 00464-enable-pac-and-bti-protections-for-aarch64.patch => SOURCES/00464-enable-pac-and-bti-protections-for-aarch64.patch (100%) rename 00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch => SOURCES/00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch (100%) rename 00474-cve-2025-15366.patch => SOURCES/00474-cve-2025-15366.patch (100%) rename 00475-cve-2025-15367.patch => SOURCES/00475-cve-2025-15367.patch (100%) rename 00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch => SOURCES/00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch (100%) rename check-pyc-timestamps.py => SOURCES/check-pyc-timestamps.py (100%) rename idle3.appdata.xml => SOURCES/idle3.appdata.xml (100%) rename idle3.desktop => SOURCES/idle3.desktop (100%) rename python3.14.spec => SPECS/python3.14.spec (97%) delete mode 100755 expat-requires.py delete mode 100644 gating.yaml delete mode 100644 plan.fmf delete mode 100644 rpminspect.yaml delete mode 100644 rpmlint.toml delete mode 100644 sources diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index 1107137..abf3999 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ -/*.tar.* -/*.src.rpm -/results_python3* +SOURCES/Python-3.14.3.tar.xz diff --git a/.python3.14.metadata b/.python3.14.metadata new file mode 100644 index 0000000..99fa2b8 --- /dev/null +++ b/.python3.14.metadata @@ -0,0 +1 @@ +83eed62ba54742382542474db798717e6ee6b3f2 SOURCES/Python-3.14.3.tar.xz diff --git a/00478-cve-2026-4519.patch b/00478-cve-2026-4519.patch deleted file mode 100644 index ca5603c..0000000 --- a/00478-cve-2026-4519.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Tue, 24 Mar 2026 00:16:27 +0100 -Subject: 00478: CVE-2026-4519 - -Reject leading dashes in webbrowser URLs (GH-146214) - -(cherry picked from commit 82a24a4442312bdcfc4c799885e8b3e00990f02b) - -Co-authored-by: Seth Michael Larson ---- - Lib/test/test_webbrowser.py | 5 +++++ - Lib/webbrowser.py | 13 +++++++++++++ - .../2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst | 1 + - 3 files changed, 19 insertions(+) - create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst - -diff --git a/Lib/test/test_webbrowser.py b/Lib/test/test_webbrowser.py -index 4c3ea1cd8d..22e9d7493a 100644 ---- a/Lib/test/test_webbrowser.py -+++ b/Lib/test/test_webbrowser.py -@@ -67,6 +67,11 @@ def test_open(self): - options=[], - arguments=[URL]) - -+ def test_reject_dash_prefixes(self): -+ browser = self.browser_class(name=CMD_NAME) -+ with self.assertRaises(ValueError): -+ browser.open(f"--key=val {URL}") -+ - - class BackgroundBrowserCommandTest(CommandTestMixin, unittest.TestCase): - -diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py -index f2e2394089..9ead2990e8 100644 ---- a/Lib/webbrowser.py -+++ b/Lib/webbrowser.py -@@ -163,6 +163,12 @@ def open_new(self, url): - def open_new_tab(self, url): - return self.open(url, 2) - -+ @staticmethod -+ def _check_url(url): -+ """Ensures that the URL is safe to pass to subprocesses as a parameter""" -+ if url and url.lstrip().startswith("-"): -+ raise ValueError(f"Invalid URL: {url}") -+ - - class GenericBrowser(BaseBrowser): - """Class for all browsers started with a command -@@ -180,6 +186,7 @@ def __init__(self, name): - - def open(self, url, new=0, autoraise=True): - sys.audit("webbrowser.open", url) -+ self._check_url(url) - cmdline = [self.name] + [arg.replace("%s", url) - for arg in self.args] - try: -@@ -200,6 +207,7 @@ def open(self, url, new=0, autoraise=True): - cmdline = [self.name] + [arg.replace("%s", url) - for arg in self.args] - sys.audit("webbrowser.open", url) -+ self._check_url(url) - try: - if sys.platform[:3] == 'win': - p = subprocess.Popen(cmdline) -@@ -266,6 +274,7 @@ def _invoke(self, args, remote, autoraise, url=None): - - def open(self, url, new=0, autoraise=True): - sys.audit("webbrowser.open", url) -+ self._check_url(url) - if new == 0: - action = self.remote_action - elif new == 1: -@@ -357,6 +366,7 @@ class Konqueror(BaseBrowser): - - def open(self, url, new=0, autoraise=True): - sys.audit("webbrowser.open", url) -+ self._check_url(url) - # XXX Currently I know no way to prevent KFM from opening a new win. - if new == 2: - action = "newTab" -@@ -588,6 +598,7 @@ def register_standard_browsers(): - class WindowsDefault(BaseBrowser): - def open(self, url, new=0, autoraise=True): - sys.audit("webbrowser.open", url) -+ self._check_url(url) - try: - os.startfile(url) - except OSError: -@@ -608,6 +619,7 @@ def __init__(self, name='default'): - - def open(self, url, new=0, autoraise=True): - sys.audit("webbrowser.open", url) -+ self._check_url(url) - url = url.replace('"', '%22') - if self.name == 'default': - proto, _sep, _rest = url.partition(":") -@@ -664,6 +676,7 @@ def open(self, url, new=0, autoraise=True): - class IOSBrowser(BaseBrowser): - def open(self, url, new=0, autoraise=True): - sys.audit("webbrowser.open", url) -+ self._check_url(url) - # If ctypes isn't available, we can't open a browser - if objc is None: - return False -diff --git a/Misc/NEWS.d/next/Security/2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst b/Misc/NEWS.d/next/Security/2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst -new file mode 100644 -index 0000000000..0f27eae99a ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2026-01-16-12-04-49.gh-issue-143930.zYC5x3.rst -@@ -0,0 +1 @@ -+Reject leading dashes in URLs passed to :func:`webbrowser.open` diff --git a/00251-change-user-install-location.patch b/SOURCES/00251-change-user-install-location.patch similarity index 100% rename from 00251-change-user-install-location.patch rename to SOURCES/00251-change-user-install-location.patch diff --git a/00329-fips.patch b/SOURCES/00329-fips.patch similarity index 100% rename from 00329-fips.patch rename to SOURCES/00329-fips.patch diff --git a/00464-enable-pac-and-bti-protections-for-aarch64.patch b/SOURCES/00464-enable-pac-and-bti-protections-for-aarch64.patch similarity index 100% rename from 00464-enable-pac-and-bti-protections-for-aarch64.patch rename to SOURCES/00464-enable-pac-and-bti-protections-for-aarch64.patch diff --git a/00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch b/SOURCES/00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch similarity index 100% rename from 00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch rename to SOURCES/00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch diff --git a/00474-cve-2025-15366.patch b/SOURCES/00474-cve-2025-15366.patch similarity index 100% rename from 00474-cve-2025-15366.patch rename to SOURCES/00474-cve-2025-15366.patch diff --git a/00475-cve-2025-15367.patch b/SOURCES/00475-cve-2025-15367.patch similarity index 100% rename from 00475-cve-2025-15367.patch rename to SOURCES/00475-cve-2025-15367.patch diff --git a/00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch b/SOURCES/00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch similarity index 100% rename from 00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch rename to SOURCES/00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch diff --git a/check-pyc-timestamps.py b/SOURCES/check-pyc-timestamps.py similarity index 100% rename from check-pyc-timestamps.py rename to SOURCES/check-pyc-timestamps.py diff --git a/idle3.appdata.xml b/SOURCES/idle3.appdata.xml similarity index 100% rename from idle3.appdata.xml rename to SOURCES/idle3.appdata.xml diff --git a/idle3.desktop b/SOURCES/idle3.desktop similarity index 100% rename from idle3.desktop rename to SOURCES/idle3.desktop diff --git a/python3.14.spec b/SPECS/python3.14.spec similarity index 97% rename from python3.14.spec rename to SPECS/python3.14.spec index fb3d247..b7c78f2 100644 --- a/python3.14.spec +++ b/SPECS/python3.14.spec @@ -49,7 +49,7 @@ URL: https://www.python.org/ #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 2%{?dist} +Release: 1%{?dist} License: Python-2.0.1 @@ -341,9 +341,6 @@ Source0: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz # Originally written by bkabrda Source8: check-pyc-timestamps.py -# A script that determines the required expat version -Source9: expat-requires.py - # Desktop menu entry for idle3 Source10: idle3.desktop @@ -438,12 +435,6 @@ Patch475: 00475-cve-2025-15367.patch # direct call to the check function. Patch477: 00477-raise-an-error-when-importing-stdlib-modules-compiled-for-a-different-python-version.patch -# 00478 # d9d794656850591a4e6aeddcf853505aeea08028 -# CVE-2026-4519 -# -# Reject leading dashes in webbrowser URLs (GH-146214) -Patch478: 00478-cve-2026-4519.patch - # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -624,20 +615,6 @@ Recommends: (%{pkgname}-tkinter%{?_isa} if tk%{?_isa}) # The zoneinfo module needs tzdata Requires: tzdata -# The requirement on libexpat is generated, but we need to version it. -# When built with a specific expat version, but installed with an older one, -# we sometimes get: -# ImportError: /usr/lib64/python3.X/lib-dynload/pyexpat.cpython-....so: -# undefined symbol: XML_... -# The pyexpat module has build-time checks for expat version to only use the -# available symbols. However, there is no runtime protection, so when the module -# is later installed with an older expat, it may error due to undefined symbols. -# This breaks many things, including python -m venv. -# We avoid this problem by requiring expat equal or greater than the latest known -# version which introduced new symbols used by Python. -# Other subpackages (like -debug) also need this, but they all depend on -libs. -%global expat_min_version 2.7.2 -Requires: expat%{?_isa} >= %{expat_min_version} %description -n %{pkgname}-libs This package contains runtime libraries for use by Python: @@ -662,6 +639,10 @@ Requires: (python3-rpm-macros if rpm-build) # On Fedora, we keep this to avoid one additional round of %%generate_buildrequires. %{!?rhel:Requires: (pyproject-rpm-macros if rpm-build)} +# We provide the python3.14-rpm-macros here to make it possible to +# BuildRequire them in the same manner as RHEL8. +Provides: %{pkgname}-rpm-macros = %{version}-%{release} + %unversioned_obsoletes_of_python3_X_if_main devel %if %{with main_python} @@ -835,7 +816,6 @@ License: %{libs_license} AND Apache-2.0 AND ISC AND LGPL-2.1-only AND MPL-2.0 AN # See the comments in the definition of main -libs subpackage for detailed explanations Provides: bundled(mimalloc) = 2.12 Requires: tzdata -Requires: expat%{?_isa} >= %{expat_min_version} # There are files in the standard library that have python shebang. # We've filtered the automatic requirement out so libs are installable without @@ -1460,12 +1440,6 @@ for Module in %{buildroot}/%{dynload_dir}/*.so ; do esac done -# Check the expat compatibility -expat_found=$(LD_LIBRARY_PATH="%{buildroot}%{_libdir}" PYTHONPATH="%{buildroot}%{pylibdir}" %{buildroot}%{_bindir}/python%{pybasever} %{SOURCE9}) -if [ "${expat_found}" != "%{expat_min_version}" ]; then - echo "Found expat version is different than the declared one, found: ${expat_found}" ; exit 1 -fi - # ====================================================== # Running the upstream test suite @@ -1981,24 +1955,17 @@ CheckPython freethreading # ====================================================== %changelog -* Thu Mar 26 2026 Lumír Balhar - 3.14.3-2 -- Security fix for CVE-2026-4519 -Resolves: RHEL-158114 - * Wed Feb 04 2026 Karolina Surma - 3.14.3-1 - Update to Python 3.14.3 - Security fixes for CVE-2025-11468, CVE-2026-0672,CVE-2026-0865, CVE-2025-15282, CVE-2026-1299, CVE-2025-11468, CVE-2025-15366, CVE-2025-15367 -Resolves: RHEL-144855, RHEL-143058, RHEL-143111 +Resolves: RHEL-144896, RHEL-143115, RHEL-143173 -* Mon Jan 19 2026 Charalampos Stratakis - 3.14.2-3 +* Fri Jan 09 2026 Charalampos Stratakis - 3.14.2-3 - Support OpenSSL FIPS mode - Disable the builtin hashlib hashes except blake2 -Related: RHEL-120788 - -* Mon Jan 12 2026 Karolina Surma - 3.14.2-2 -- Explicitly require expat >= 2.7.2 +Related: RHEL-120823 * Fri Dec 05 2025 Miro Hrončok - 3.14.2-1 - Update to Python 3.14.2 diff --git a/expat-requires.py b/expat-requires.py deleted file mode 100755 index fe23fa9..0000000 --- a/expat-requires.py +++ /dev/null @@ -1,50 +0,0 @@ -import pathlib -import pyexpat -import sys - - -# This will determine the version of currently installed expat -EXPAT_VERSION = pyexpat.EXPAT_VERSION.removeprefix('expat_') -MAJOR, MINOR, PATCH = (int(i) for i in EXPAT_VERSION.split('.')) -EXPAT_COMBINED_VERSION = 10000*MAJOR + 100*MINOR + PATCH - -# For the listed files, we find all XML_COMBINED_VERSION-based #ifs -SRC = pathlib.Path.cwd() -SOURCES = [ - SRC / 'Modules/pyexpat.c', - SRC / 'Modules/clinic/pyexpat.c.h', -] -versions = set() -for source in SOURCES: - for line in source.read_text().splitlines(): - if 'XML_COMBINED_VERSION' not in line: - continue - words = line.split() - if words[0] == '#define': - continue - if len(words) != 4: - continue - if words[0] not in ('#if', '#elif'): - continue - if words[1].startswith('(') and words[-1].endswith(')'): - words[1] = words[1][1:] - words[-1] = words[-1][:-1] - if words[1] == 'XML_COMBINED_VERSION': - version = int(words[3]) - if words[2] == '>': - versions.add(version+1) - continue - if words[2] == '>=': - versions.add(version) - continue - raise ValueError( - 'Unknown line with XML_COMBINED_VERSION, adjust this script:\n\n' - f'{line}' - ) - -# We need the highest satisfiable version used in the #ifs, in x.y.z notation -v = max({v for v in versions if v <= EXPAT_COMBINED_VERSION}) -major, minor_patch = divmod(v, 10000) -minor, patch = divmod(minor_patch, 100) -print(f"{major}.{minor}.{patch}") - diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 2c7ed80..0000000 --- a/gating.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- !Policy -product_versions: - - rhel-* -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plan.fmf b/plan.fmf deleted file mode 100644 index 860a1bc..0000000 --- a/plan.fmf +++ /dev/null @@ -1,80 +0,0 @@ -execute: - how: tmt - -provision: - hardware: - memory: '>= 3 GB' - -environment: - pybasever: '3.14' - -discover: - - name: tests_python - how: shell - url: https://gitlab.com/redhat/centos-stream/tests/python.git - tests: - - name: smoke - path: /smoke - test: "VERSION=${pybasever} CYTHON=true ./venv.sh" - - name: smoke_virtualenv - path: /smoke - test: "VERSION=${pybasever} METHOD=virtualenv CYTHON=true ./venv.sh" - - name: debugsmoke - path: /smoke - test: "PYTHON=python${pybasever}d TOX=false VERSION=${pybasever} CYTHON=true ./venv.sh" - - name: selftest - path: /selftest - test: "VERSION=${pybasever} X='-i test_check_probes' ./parallel.sh" - - name: debugtest - path: /selftest - # test_base_interpreter: https://github.com/python/cpython/issues/131372 - test: "VERSION=${pybasever} PYTHON=python${pybasever}d X='-i test_check_probes -i test_base_interpreter' ./parallel.sh" - - name: freethreadingtest - path: /selftest - test: "VERSION=${pybasever}t X='-i test_check_probes -i test_base_interpreter' ./parallel.sh" - - name: optimizedflags - path: /flags - test: "python${pybasever} ./assertflags.py -O3 CFLAGS PY_BUILTIN_MODULE_CFLAGS PY_CFLAGS PY_CORE_CFLAGS PY_CFLAGS_NODIST PY_STDMODULE_CFLAGS" - - name: debugflags - path: /flags - test: "python${pybasever}d ./assertflags.py -O0 CFLAGS PY_BUILTIN_MODULE_CFLAGS PY_CFLAGS PY_CORE_CFLAGS PY_CFLAGS_NODIST PY_STDMODULE_CFLAGS" - - name: freethreadingflags - path: /flags - test: "python${pybasever}t ./assertflags.py -O3 CFLAGS PY_BUILTIN_MODULE_CFLAGS PY_CFLAGS PY_CORE_CFLAGS PY_CFLAGS_NODIST PY_STDMODULE_CFLAGS" - - name: freethreadingdebugflags - path: /flags - test: "python${pybasever}td ./assertflags.py -O0 CFLAGS PY_BUILTIN_MODULE_CFLAGS PY_CFLAGS PY_CORE_CFLAGS PY_CFLAGS_NODIST PY_STDMODULE_CFLAGS" - - name: marshalparser - path: /marshalparser - test: "VERSION=${pybasever} SAMPLE=10 ./test_marshalparser_compatibility.sh" - -prepare: - - name: Install dependencies - how: install - package: - - 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm' - - gcc # for extension building in venv and selftest - - gcc-c++ # for test_cppext - - gdb # for test_gdb - - "python${pybasever}" # the test subject - - "python${pybasever}-debug" # for leak testing - - "python${pybasever}-devel" # for extension building in venv and selftest - - "python${pybasever}-tkinter" # for selftest - - "python${pybasever}-test" # for selftest - - "python${pybasever}-freethreading" # for -O... flag test - - "python${pybasever}-freethreading-debug" # for -O... flag test - - "python${pybasever}-freethreading-tkinter" # for freethreadingtest - - "python${pybasever}-freethreading-test" # for freethreadingtest - - tox # for venv tests - - virtualenv # for virtualenv tests - - glibc-all-langpacks # for locale tests - - marshalparser # for testing compatibility (magic numbers) with marshalparser - - rpm # for debugging - - dnf # for upgrade - - name: Update packages - how: shell - script: dnf upgrade -y - - name: rpm_qa - order: 100 - how: shell - script: rpm -qa | sort | tee $TMT_PLAN_DATA/rpmqa.txt diff --git a/rpminspect.yaml b/rpminspect.yaml deleted file mode 100644 index 8cc18cb..0000000 --- a/rpminspect.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# exclude test XML data (not always valid) from XML validity check: -xml: - ignore: - - '/usr/lib*/python*/test/xmltestdata/*' - - '/usr/lib*/python*/test/xmltestdata/*/*' - -# exclude _socket from ipv4 only functions check, it has both ipv4 and ipv6 only -badfuncs: - allowed: - '/usr/lib*/python*/lib-dynload/_socket.*': - - inet_aton - - inet_ntoa - -# exclude the debug build from annocheck entirely -annocheck: - ignore: - - '/usr/bin/python*d' - - '/usr/lib*/libpython*d.so.1.0' - - '/usr/lib*/python*/lib-dynload/*.cpython-*d-*-*-*.so' - -# don't report changed content of compiled files -# that is expected with every toolchain update and not reproducible yet -changedfiles: - # note that this is a posix regex, so no \d - exclude_path: (\.so(\.[0-9]+(\.[0-9]+)?)?$|^/usr/bin/python[0-9]+\.[0-9]+d?m?$) - -# files change size all the time, we don't need to VERIFY it -# however, the INFO is useful, so we don't disable the check entirely -filesize: - # artificially large number, TODO a better way - size_threshold: 100000 - - -# completely disabled inspections: -inspections: - # we know about our patches, no need to report anything - patches: off diff --git a/rpmlint.toml b/rpmlint.toml deleted file mode 100644 index 0864a1c..0000000 --- a/rpmlint.toml +++ /dev/null @@ -1,106 +0,0 @@ -Filters = [ - - # KNOWN BUGS: - # https://bugzilla.redhat.com/show_bug.cgi?id=1489816 - 'crypto-policy-non-compliance-openssl', - - - # TESTS: - '(zero-length|pem-certificate|uncompressed-zip) /usr/lib(64)?/python3\.\d+t?/test', - - - # OTHER DELIBERATES: - # chroot function - 'missing-call-to-chdir-with-chroot', - - # gethostbyname function calls gethostbyname - '(E|W): binary-or-shlib-calls-gethostbyname /usr/lib(64)?/python3\.\d+t?/lib-dynload/_socket\.', - - # intentionally unversioned and selfobsoleted - 'unversioned-explicit-obsoletes python', - 'unversioned Obsoletes: Obsoletes: python3\.\d+$', - 'self-obsoletion python3\.\d+(-\S+)? obsoletes python3\.\d+(-\S+)?', - - # intentionally hardcoded - 'hardcoded-library-path in %{_prefix}/lib/(debug/%{_libdir}|python%{pybasever})', - - # we have non binary stuff, python files - 'only-non-binary-in-usr-lib', - - # some devel files that are deliberately needed - 'devel-file-in-non-devel-package /usr/include/python3\.\d+m?t?/pyconfig-(32|64)\.h', - 'devel-file-in-non-devel-package /usr/lib(64)?/python3\.\d+t?/distutils/tests/xxmodule\.c', - # ...or are used as test data - 'devel-file-in-non-devel-package /usr/lib(64)?/python3\.\d+t?/test', - - # some bytecode is shipped without sources on purpose, as a space optimization - # if this regex needs to be relaxed in the future, make sure it **does not** match pyc files in __pycache__ - 'python-bytecode-without-source /usr/lib(64)?/python3\.\d+t?/(encodings|pydoc_data)/[^/]+.pyc', - - # DUPLICATE FILES - # test data are often duplicated - '(E|W): files-duplicate /usr/lib(64)?/python3\.\d+t?/(test|__phello__)/', - # duplicated inits or mains are also common - '(E|W): files-duplicate .+__init__\.py.+__init__\.py', - '(E|W): files-duplicate .+__main__\.py.+__main__\.py', - # files in the debugsource package - '(E|W): files-duplicate /usr/src/debug', - # general waste report - '(E|W): files-duplicated-waste', - - # SORRY, NOT SORRY: - # manual pages - 'no-manual-page-for-binary (idle|pydoc|pyvenv|2to3|python3?-debug|pathfix|msgfmt|pygettext)', - 'no-manual-page-for-binary python3?.*-config$', - 'no-manual-page-for-binary python3\.\d+t?dm?$', - - # missing documentation from subpackages - '^python3(\.\d+)?-(freethreading(-debug)?|debug|tkinter|test|idle)\.[^:]+: (E|W): no-documentation', - - # platform python is obsoleted, but not provided - 'obsolete-not-provided platform-python', - - # we have extra tokens at the end of %endif/%else directives, we consider them useful - 'extra tokens at the end of %(endif|else) directive', - - - # RPMLINT IMPERFECTIONS - # https://github.com/rpm-software-management/rpmlint/issues/780 - '/usr/lib/debug', - - # we provide python(abi) manually to be sure. createrepo will merge this with the automatic - 'python3(\.\d+)?\.[^:-]+: (E|W): useless-provides python\(abi\)', - - # debugsource and debuginfo have no docs - '^python3(\.\d+)?-debug(source|info)\.[^:]+: (E|W): no-documentation', - - # this is OK for F28+ - 'library-without-ldconfig-post', - - # freethreading/debug package contains devel and non-devel files - 'python3(\.\d+)?-(freethreading(-debug)?|debug)\.[^:]+: (E|W): (non-)?devel-file-in-(non-)?devel-package', - - # this goes to other subpackage, hence not actually dangling - 'dangling-relative-symlink /usr/bin/python python3', - 'dangling-relative-symlink /usr/share/man/man1/python\.1\.gz python3\.1\.gz', - 'dangling-relative-symlink /usr/lib(64)?/pkgconfig/python-3\.\d+t?d?m?(-embed)?\.pc python-3\.\d+t?(-embed)?\.pc', - - # the python-unversioned-command package contains dangling symlinks by design - '^python-unversioned-command\.[^:]+: (E|W): dangling-relative-symlink (/usr/bin/python \./python3|/usr/share/man/man1/python\.1\S* ./python3\.1\S*)$', - - # we need this macro to evaluate, even if the line starts with # - 'macro-in-comment %\{_pyconfig(32|64)_h\}', - - # Python modules don't need to be linked against libc - # Since 3.8 they are no longer linked against libpython3.8.so.1.0 - '(E|W): library-not-linked-against-libc /usr/lib(64)?/python3\.\d+/lib-dynload/', - '(E|W): shared-lib(rary)?-without-dependency-information /usr/lib(64)?/python3\.\d+/lib-dynload/', - - # specfile-errors are listed twice, once with reason and once without - # we filter out the empty ones - '\bpython3(\.\d+)?\.(src|spec): (E|W): specfile-error\s+$', - - # SPELLING ERRORS - 'spelling-error .* en_US (bytecode|pyc|filename|tkinter|namespaces|pytest|unittest|gil) ', - -] diff --git a/sources b/sources deleted file mode 100644 index ece54ca..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -SHA512 (Python-3.14.3.tar.xz) = 9fd875f7a1d96d64e7150913ef38b72b0aeecfcbc24ba46967e57b6495146b0cba6b940c273561fc4d656b6d0ce2e23ffb7bd32bcd0b61fd59a6d90585998c07