From 51ec33bbc404396809ef460de97b84433afac68b Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 18 Dec 2025 12:43:58 +0000 Subject: [PATCH] import UBI python3.9-3.9.25-2.el9_7 --- .gitignore | 2 +- .python3.9.metadata | 2 +- SOURCES/00189-use-rpm-wheels.patch | 4 +- SOURCES/00397-tarfile-filter.patch | 28 ++-- SOURCES/00467-CVE-2025-8194.patch | 215 ----------------------------- SOURCES/Python-3.9.23.tar.xz.asc | 16 --- SOURCES/Python-3.9.25.tar.xz.asc | 16 +++ SPECS/python3.9.spec | 30 ++-- 8 files changed, 53 insertions(+), 260 deletions(-) delete mode 100644 SOURCES/00467-CVE-2025-8194.patch delete mode 100644 SOURCES/Python-3.9.23.tar.xz.asc create mode 100644 SOURCES/Python-3.9.25.tar.xz.asc diff --git a/.gitignore b/.gitignore index ad441f6..e45d6ba 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Python-3.9.23.tar.xz +SOURCES/Python-3.9.25.tar.xz diff --git a/.python3.9.metadata b/.python3.9.metadata index 6062d60..3b7f785 100644 --- a/.python3.9.metadata +++ b/.python3.9.metadata @@ -1 +1 @@ -73d07237b70b19e4cd530bbc204cccd668ec05d4 SOURCES/Python-3.9.23.tar.xz +36c7257ec30dca042679626d0dff79715acd4efb SOURCES/Python-3.9.25.tar.xz diff --git a/SOURCES/00189-use-rpm-wheels.patch b/SOURCES/00189-use-rpm-wheels.patch index ccc8245..774aca6 100644 --- a/SOURCES/00189-use-rpm-wheels.patch +++ b/SOURCES/00189-use-rpm-wheels.patch @@ -12,7 +12,7 @@ We might eventually pursuit upstream support, but it's low prio 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py -index e510cc7..5bd16a6 100644 +index d61bb089e3..77d7ec5a65 100644 --- a/Lib/ensurepip/__init__.py +++ b/Lib/ensurepip/__init__.py @@ -1,3 +1,5 @@ @@ -30,7 +30,7 @@ index e510cc7..5bd16a6 100644 __all__ = ["version", "bootstrap"] --_SETUPTOOLS_VERSION = "58.1.0" +-_SETUPTOOLS_VERSION = "79.0.1" -_PIP_VERSION = "23.0.1" + +_WHEEL_DIR = "/usr/share/python-wheels/" diff --git a/SOURCES/00397-tarfile-filter.patch b/SOURCES/00397-tarfile-filter.patch index 3851cb6..fd984b6 100644 --- a/SOURCES/00397-tarfile-filter.patch +++ b/SOURCES/00397-tarfile-filter.patch @@ -1,8 +1,8 @@ -From 8b70605b594b3831331a9340ba764ff751871612 Mon Sep 17 00:00:00 2001 +From fc3e5ff91495aaf9905bd38ac61db0c3279d17e0 Mon Sep 17 00:00:00 2001 From: Petr Viktorin -Date: Mon, 6 Mar 2023 17:24:24 +0100 -Subject: [PATCH 2/2] CVE-2007-4559, PEP-706: Add filters for tarfile - extraction (downstream) +Date: Fri, 21 Nov 2025 14:30:02 +0100 +Subject: [PATCH] CVE-2007-4559, PEP-706: Add filters for tarfile extraction + (downstream) Add and test RHEL-specific ways of configuring the default behavior: environment variable and config file. @@ -13,7 +13,7 @@ variable and config file. 3 files changed, 169 insertions(+), 4 deletions(-) diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index b6ad7dbe2a4..dc7050b2c63 100755 +index 209c206..fa3f922 100755 --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -72,6 +72,13 @@ __all__ = ["TarFile", "TarInfo", "is_tarfile", "TarError", "ReadError", @@ -30,7 +30,7 @@ index b6ad7dbe2a4..dc7050b2c63 100755 #--------------------------------------------------------- # tar constants -@@ -2197,6 +2204,41 @@ class TarFile(object): +@@ -2253,6 +2260,41 @@ class TarFile(object): if filter is None: filter = self.extraction_filter if filter is None: @@ -73,7 +73,7 @@ index b6ad7dbe2a4..dc7050b2c63 100755 if isinstance(filter, str): raise TypeError( diff --git a/Lib/test/test_shutil.py b/Lib/test/test_shutil.py -index 9041e7aa368..1eb1116cc10 100644 +index 9041e7a..1eb1116 100644 --- a/Lib/test/test_shutil.py +++ b/Lib/test/test_shutil.py @@ -1613,7 +1613,8 @@ class TestArchives(BaseTest, unittest.TestCase): @@ -87,10 +87,10 @@ index 9041e7aa368..1eb1116cc10 100644 def test_unpack_archive_tar(self): diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py -index a66f7efd2d6..6fd3c384b5c 100644 +index 17d2239..8b9aea2 100644 --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py -@@ -2,7 +2,7 @@ import sys +@@ -3,7 +3,7 @@ import sys import os import io from hashlib import sha256 @@ -99,7 +99,7 @@ index a66f7efd2d6..6fd3c384b5c 100644 from random import Random import pathlib import shutil -@@ -2929,7 +2929,11 @@ class NoneInfoExtractTests(ReadTest): +@@ -2999,7 +2999,11 @@ class NoneInfoExtractTests(ReadTest): tar = tarfile.open(tarname, mode='r', encoding="iso8859-1") cls.control_dir = pathlib.Path(TEMPDIR) / "extractall_ctrl" tar.errorlevel = 0 @@ -112,7 +112,7 @@ index a66f7efd2d6..6fd3c384b5c 100644 tar.close() cls.control_paths = set( p.relative_to(cls.control_dir) -@@ -3592,7 +3596,8 @@ class TestExtractionFilters(unittest.TestCase): +@@ -4065,7 +4069,8 @@ class TestExtractionFilters(unittest.TestCase): """Ensure the default filter does not warn (like in 3.12)""" with ArchiveMaker() as arc: arc.add('foo') @@ -122,8 +122,8 @@ index a66f7efd2d6..6fd3c384b5c 100644 with self.check_context(arc.open(), None): self.expect_file('foo') -@@ -3762,6 +3767,123 @@ class TestExtractionFilters(unittest.TestCase): - self.expect_exception(TypeError) # errorlevel is not int +@@ -4390,6 +4395,123 @@ class OffsetValidationTests(unittest.TestCase): + self.assertEqual(members[0].offset, expected_offset) + @contextmanager @@ -247,5 +247,5 @@ index a66f7efd2d6..6fd3c384b5c 100644 support.unlink(TEMPDIR) os.makedirs(TEMPDIR) -- -2.40.1 +2.51.1 diff --git a/SOURCES/00467-CVE-2025-8194.patch b/SOURCES/00467-CVE-2025-8194.patch deleted file mode 100644 index 01159f6..0000000 --- a/SOURCES/00467-CVE-2025-8194.patch +++ /dev/null @@ -1,215 +0,0 @@ -From eda136637fc7f056b403e1797a9b0403d6914d9e Mon Sep 17 00:00:00 2001 -From: Alexander Urieles -Date: Tue, 19 Aug 2025 12:18:15 +0200 -Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member - offsets are non-negative (GH-137027) - -Co-authored-by: Gregory P. Smith -(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38) ---- - Lib/tarfile.py | 3 + - Lib/test/test_tarfile.py | 156 ++++++++++++++++++ - ...-07-23-00-35-29.gh-issue-130577.c7EITy.rst | 3 + - 3 files changed, 162 insertions(+) - create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst - -diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index 21ffd83..fa3f922 100755 ---- a/Lib/tarfile.py -+++ b/Lib/tarfile.py -@@ -1609,6 +1609,9 @@ class TarInfo(object): - """Round up a byte count by BLOCKSIZE and return it, - e.g. _block(834) => 1024. - """ -+ # Only non-negative offsets are allowed -+ if count < 0: -+ raise InvalidHeaderError("invalid offset") - blocks, remainder = divmod(count, BLOCKSIZE) - if remainder: - blocks += 1 -diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py -index 29f65d0..0bba25a 100644 ---- a/Lib/test/test_tarfile.py -+++ b/Lib/test/test_tarfile.py -@@ -48,6 +48,7 @@ bz2name = os.path.join(TEMPDIR, "testtar.tar.bz2") - xzname = os.path.join(TEMPDIR, "testtar.tar.xz") - tmpname = os.path.join(TEMPDIR, "tmp.tar") - dotlessname = os.path.join(TEMPDIR, "testtar") -+SPACE = b" " - - sha256_regtype = ( - "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce" -@@ -4356,6 +4357,161 @@ class TestExtractionFilters(unittest.TestCase): - self.check_trusted_default(tar, tempdir) - - -+class OffsetValidationTests(unittest.TestCase): -+ tarname = tmpname -+ invalid_posix_header = ( -+ # name: 100 bytes -+ tarfile.NUL * tarfile.LENGTH_NAME -+ # mode, space, null terminator: 8 bytes -+ + b"000755" + SPACE + tarfile.NUL -+ # uid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # gid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # size, space: 12 bytes -+ + b"\xff" * 11 + SPACE -+ # mtime, space: 12 bytes -+ + tarfile.NUL * 11 + SPACE -+ # chksum: 8 bytes -+ + b"0011407" + tarfile.NUL -+ # type: 1 byte -+ + tarfile.REGTYPE -+ # linkname: 100 bytes -+ + tarfile.NUL * tarfile.LENGTH_LINK -+ # magic: 6 bytes, version: 2 bytes -+ + tarfile.POSIX_MAGIC -+ # uname: 32 bytes -+ + tarfile.NUL * 32 -+ # gname: 32 bytes -+ + tarfile.NUL * 32 -+ # devmajor, space, null terminator: 8 bytes -+ + tarfile.NUL * 6 + SPACE + tarfile.NUL -+ # devminor, space, null terminator: 8 bytes -+ + tarfile.NUL * 6 + SPACE + tarfile.NUL -+ # prefix: 155 bytes -+ + tarfile.NUL * tarfile.LENGTH_PREFIX -+ # padding: 12 bytes -+ + tarfile.NUL * 12 -+ ) -+ invalid_gnu_header = ( -+ # name: 100 bytes -+ tarfile.NUL * tarfile.LENGTH_NAME -+ # mode, null terminator: 8 bytes -+ + b"0000755" + tarfile.NUL -+ # uid, null terminator: 8 bytes -+ + b"0000001" + tarfile.NUL -+ # gid, space, null terminator: 8 bytes -+ + b"0000001" + tarfile.NUL -+ # size, space: 12 bytes -+ + b"\xff" * 11 + SPACE -+ # mtime, space: 12 bytes -+ + tarfile.NUL * 11 + SPACE -+ # chksum: 8 bytes -+ + b"0011327" + tarfile.NUL -+ # type: 1 byte -+ + tarfile.REGTYPE -+ # linkname: 100 bytes -+ + tarfile.NUL * tarfile.LENGTH_LINK -+ # magic: 8 bytes -+ + tarfile.GNU_MAGIC -+ # uname: 32 bytes -+ + tarfile.NUL * 32 -+ # gname: 32 bytes -+ + tarfile.NUL * 32 -+ # devmajor, null terminator: 8 bytes -+ + tarfile.NUL * 8 -+ # devminor, null terminator: 8 bytes -+ + tarfile.NUL * 8 -+ # padding: 167 bytes -+ + tarfile.NUL * 167 -+ ) -+ invalid_v7_header = ( -+ # name: 100 bytes -+ tarfile.NUL * tarfile.LENGTH_NAME -+ # mode, space, null terminator: 8 bytes -+ + b"000755" + SPACE + tarfile.NUL -+ # uid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # gid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # size, space: 12 bytes -+ + b"\xff" * 11 + SPACE -+ # mtime, space: 12 bytes -+ + tarfile.NUL * 11 + SPACE -+ # chksum: 8 bytes -+ + b"0010070" + tarfile.NUL -+ # type: 1 byte -+ + tarfile.REGTYPE -+ # linkname: 100 bytes -+ + tarfile.NUL * tarfile.LENGTH_LINK -+ # padding: 255 bytes -+ + tarfile.NUL * 255 -+ ) -+ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT) -+ data_block = b"\xff" * tarfile.BLOCKSIZE -+ -+ def _write_buffer(self, buffer): -+ with open(self.tarname, "wb") as f: -+ f.write(buffer) -+ -+ def _get_members(self, ignore_zeros=None): -+ with open(self.tarname, "rb") as f: -+ with tarfile.open( -+ mode="r", fileobj=f, ignore_zeros=ignore_zeros -+ ) as tar: -+ return tar.getmembers() -+ -+ def _assert_raises_read_error_exception(self): -+ with self.assertRaisesRegex( -+ tarfile.ReadError, "file could not be opened successfully" -+ ): -+ self._get_members() -+ -+ def test_invalid_offset_header_validations(self): -+ for tar_format, invalid_header in ( -+ ("posix", self.invalid_posix_header), -+ ("gnu", self.invalid_gnu_header), -+ ("v7", self.invalid_v7_header), -+ ): -+ with self.subTest(format=tar_format): -+ self._write_buffer(invalid_header) -+ self._assert_raises_read_error_exception() -+ -+ def test_early_stop_at_invalid_offset_header(self): -+ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header -+ self._write_buffer(buffer) -+ members = self._get_members() -+ self.assertEqual(len(members), 1) -+ self.assertEqual(members[0].name, "filename") -+ self.assertEqual(members[0].offset, 0) -+ -+ def test_ignore_invalid_archive(self): -+ # 3 invalid headers with their respective data -+ buffer = (self.invalid_gnu_header + self.data_block) * 3 -+ self._write_buffer(buffer) -+ members = self._get_members(ignore_zeros=True) -+ self.assertEqual(len(members), 0) -+ -+ def test_ignore_invalid_offset_headers(self): -+ for first_block, second_block, expected_offset in ( -+ ( -+ (self.valid_gnu_header), -+ (self.invalid_gnu_header + self.data_block), -+ 0, -+ ), -+ ( -+ (self.invalid_gnu_header + self.data_block), -+ (self.valid_gnu_header), -+ 1024, -+ ), -+ ): -+ self._write_buffer(first_block + second_block) -+ members = self._get_members(ignore_zeros=True) -+ self.assertEqual(len(members), 1) -+ self.assertEqual(members[0].name, "filename") -+ self.assertEqual(members[0].offset, expected_offset) -+ -+ - def setUpModule(): - support.unlink(TEMPDIR) - os.makedirs(TEMPDIR) -diff --git a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst -new file mode 100644 -index 0000000..342cabb ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst -@@ -0,0 +1,3 @@ -+:mod:`tarfile` now validates archives to ensure member offsets are -+non-negative. (Contributed by Alexander Enrique Urieles Nieto in -+:gh:`130577`.) --- -2.50.1 - diff --git a/SOURCES/Python-3.9.23.tar.xz.asc b/SOURCES/Python-3.9.23.tar.xz.asc deleted file mode 100644 index 44ac441..0000000 --- a/SOURCES/Python-3.9.23.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmg/SAkACgkQsmmV4xAl -BWjuNA/+Ogt83qY+v8J1o1+YRcJo8w3FUhuOgCALHOd1Q562xldiVyH3Y9uo7sla -j15qz8dFzHPrJddeA993oONnyiXKvsvo8oQ1P41b5BgpifNepCTFVRq/eJA/ZJVV -Dj1g7XwsFo4tbtu9uG51msGaqNFO9OZkwtZG8ucb0njxoA0sO3kIZhbVVG8g2OKM -JLw8dxVmZaQzjCQGBqTMf5cnCwP1TFaaVaJjm1+tVga45G+TIFInwR7kowwPyoWD -7IuZwXu3syPWJP+cMjOxcykMA3HLUBhAV6o9pMvM3JWNdmrwUJRwt41LxY4Q8ZVa -QubnCB9B/uED+PakumiyH2P+gNhAOwzrq7iC8XvxW+/bsJAObTj4cj1WGY7ot+cE -kE7pNoe8NwLiCwt3ENO2QieiHFQvYL9Y+ukQwB2xl+ywsyEwa6RLOvSA5GQs+5r4 -Pv/BgE9nDIzLYVnUMtHic75pmI773pUiHuNXOqdMw4kb61GY5fG+kzVY1HEM1Y8p -krMaEeOEbBNww3Ce0TCzuS/1EhsOB8cB1w9IjtZrtJYCxiVvtdZS8S6F0Y8eJGV2 -xPPcADFv6QKogPrrkbWkwIkT+TKn9s22Dkkr0zdTZ4sTMkGAm08B0kqxbsteI+fJ -I39hHo92mP6W8PuhFJiBkF4ebm61kMwg0mElcueOZiqwW2zRey0= -=Lgxm ------END PGP SIGNATURE----- diff --git a/SOURCES/Python-3.9.25.tar.xz.asc b/SOURCES/Python-3.9.25.tar.xz.asc new file mode 100644 index 0000000..3075c39 --- /dev/null +++ b/SOURCES/Python-3.9.25.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmkFBpsACgkQsmmV4xAl +BWgwbw//Tx78tZg3/tJ47YDzDCf68XurBPbdgSfmmGTRrveMt6nQbV+c7XKS5MKK +6hP0jt4W8tP6zC/zRPTexqYwetTaM7+ZKuxzwXABXzi+rfmL/L6BtQQpzwK+vesE +hSSkjl4R2FF3YBrTBNqG0ewf5j4Y41yc4V9UHJWXbmQt6sg/nF+lDvG3K3wzP6zV +rs6LsayeO3AXhi7+c0q7d2oYTFhv/RPOGl6/fLy5j1bxNNE1i2yeIfcR9BqjqB9y +Ue1Tea8RGjh3dSq06/8ubpcqf+tlE4cCDkLERqDWSafZnNA5X4eymAQP9urUoH2n +78X8DXkGbKqyJ+3w97S6zqVnZvL2jSOog8R+yvT5snqzJDp+UK0lcbowPILsOGm4 +BE54dQTG5bT+1bUicvQZIbP4vOswZufl8LGmodkW06edSEcylwO8bHWNcY/gC5HO +WcTbqTFyV+FtwAJxsfgkqKcI6xUyYHqeMhqCUvkpHFFMjsinVOBFVbow8fgiJGUV +GIo3kMNPZPirqgl9bhc3F7qvdgVDQsCqnKJ8B1WegdIlKWxXBj3qQB0U4Qbecpdt +2AhVQAmcOu4LzJYtatDp/0tw6KMr8nWGdofrLVJgzQuu6MmhGW+2cJ0e+wUAxw6v +OBjQ0o42ylQKeS8VGP4yFbYv1umeeWHje26z9az3uOVUFaAoptk= +=5qMt +-----END PGP SIGNATURE----- diff --git a/SPECS/python3.9.spec b/SPECS/python3.9.spec index d4c90b2..bb2ced2 100644 --- a/SPECS/python3.9.spec +++ b/SPECS/python3.9.spec @@ -13,7 +13,7 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.23 +%global general_version %{pybasever}.25 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} @@ -321,7 +321,7 @@ Patch1: 00001-rpath.patch # See https://bugzilla.redhat.com/show_bug.cgi?id=556092 Patch111: 00111-no-static-lib.patch -# 00189 # d06cf137c00fd3907b436fdb92a8f007a7f2fb50 +# 00189 # 0c6dd5d318a22bbe89e09e1cd5513eaaca549aa5 # Instead of bundled wheels, use our RPM packaged wheels # # We keep them in /usr/share/python-wheels @@ -334,7 +334,7 @@ Patch189: 00189-use-rpm-wheels.patch # When the bundled setuptools/pip wheel is updated, the patch no longer applies cleanly. # In such cases, the patch needs to be amended and the versions updated here: %global pip_version 23.0.1 -%global setuptools_version 58.1.0 +%global setuptools_version 79.0.1 # 00251 # 1b1047c14ff98eae6d355b4aac4df3e388813f62 # Change user install location @@ -438,14 +438,6 @@ Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-par # CVE-2023-52425. Future versions of Expat may be more reactive. Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch -# 00467 # -# CVE-2025-8194 -# -# tarfile now validates archives to ensure member offsets are non-negative. -# -# Upstream issue: https://github.com/python/cpython/issues/130577 -Patch467: 00467-CVE-2025-8194.patch - # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1502,6 +1494,10 @@ CheckPython optimized %dir %{pylibdir}/site-packages/ %dir %{pylibdir}/site-packages/__pycache__/ %{pylibdir}/site-packages/README.txt + +%exclude %{pylibdir}/_sysconfigdata_d_linux_%{platform_triplet}.py +%exclude %{pylibdir}/__pycache__/_sysconfigdata_d_linux_%{platform_triplet}%{bytecode_suffixes} + %{pylibdir}/*.py %dir %{pylibdir}/__pycache__/ %{pylibdir}/__pycache__/*%{bytecode_suffixes} @@ -1827,6 +1823,9 @@ CheckPython optimized %{dynload_dir}/_testinternalcapi.%{SOABI_debug}.so %{dynload_dir}/_testmultiphase.%{SOABI_debug}.so +%{pylibdir}/_sysconfigdata_d_linux_%{platform_triplet}.py +%{pylibdir}/__pycache__/_sysconfigdata_d_linux_%{platform_triplet}%{bytecode_suffixes} + %endif # with debug_build # We put the debug-gdb.py file inside /usr/lib/debug to avoid noise from ldconfig @@ -1850,6 +1849,15 @@ CheckPython optimized # ====================================================== %changelog +* Mon Nov 10 2025 Tomas Orsava - 3.9.25-2 +- Move _sysconfigdata_d_linux*.py to the debug subpackage + +* Mon Nov 03 2025 Karolina Surma - 3.9.25-1 +- Update to Python 3.9.25 + +* Fri Oct 10 2025 Karolina Surma - 3.9.24-1 +- Update to Python 3.9.24 + * Tue Aug 19 2025 Lumír Balhar - 3.9.23-2 - Security fix for CVE-2025-8194 Resolves: RHEL-106374