Compare commits
No commits in common. "c9-beta" and "c9s" have entirely different histories.
|
@ -1 +1,3 @@
|
|||
SOURCES/Python-3.9.18.tar.xz
|
||||
/*.tar.*
|
||||
/*.src.rpm
|
||||
/results_python3*
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
abe4a20dcc11798495b17611ef9f8f33d6975722 SOURCES/Python-3.9.18.tar.xz
|
||||
57d08ec0b329a78923b486abae906d4fa12fadb7 Python-3.9.19.tar.xz
|
||||
32f548c34c008a8065acc90089d2f0f523a7f079 Python-3.9.19.tar.xz.asc
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
From 60d40d7095983e0bc23a103b2050adc519dc7fe3 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Fri, 3 May 2024 14:17:48 +0200
|
||||
Subject: [PATCH] Expect failures in tests not working properly with expat with
|
||||
a fixed CVE in RHEL
|
||||
|
||||
---
|
||||
Lib/test/test_pyexpat.py | 1 +
|
||||
Lib/test/test_sax.py | 1 +
|
||||
Lib/test/test_xml_etree.py | 3 +++
|
||||
3 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py
|
||||
index 43cbd27..27b1502 100644
|
||||
--- a/Lib/test/test_pyexpat.py
|
||||
+++ b/Lib/test/test_pyexpat.py
|
||||
@@ -793,6 +793,7 @@ class ReparseDeferralTest(unittest.TestCase):
|
||||
|
||||
self.assertEqual(started, ['doc'])
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_reparse_deferral_disabled(self):
|
||||
started = []
|
||||
|
||||
diff --git a/Lib/test/test_sax.py b/Lib/test/test_sax.py
|
||||
index 9b3014a..646c92d 100644
|
||||
--- a/Lib/test/test_sax.py
|
||||
+++ b/Lib/test/test_sax.py
|
||||
@@ -1240,6 +1240,7 @@ class ExpatReaderTest(XmlTestBase):
|
||||
|
||||
self.assertEqual(result.getvalue(), start + b"<doc></doc>")
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_flush_reparse_deferral_disabled(self):
|
||||
result = BytesIO()
|
||||
xmlgen = XMLGenerator(result)
|
||||
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
|
||||
index 9c382d1..62f2871 100644
|
||||
--- a/Lib/test/test_xml_etree.py
|
||||
+++ b/Lib/test/test_xml_etree.py
|
||||
@@ -1424,9 +1424,11 @@ class XMLPullParserTest(unittest.TestCase):
|
||||
self.assert_event_tags(parser, [('end', 'root')])
|
||||
self.assertIsNone(parser.close())
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_simple_xml_chunk_1(self):
|
||||
self.test_simple_xml(chunk_size=1, flush=True)
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_simple_xml_chunk_5(self):
|
||||
self.test_simple_xml(chunk_size=5, flush=True)
|
||||
|
||||
@@ -1651,6 +1653,7 @@ class XMLPullParserTest(unittest.TestCase):
|
||||
|
||||
self.assert_event_tags(parser, [('end', 'doc')])
|
||||
|
||||
+ @unittest.expectedFailure
|
||||
def test_flush_reparse_deferral_disabled(self):
|
||||
parser = ET.XMLPullParser(events=('start', 'end'))
|
||||
|
||||
--
|
||||
2.44.0
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnntEACgkQsmmV4xAl
|
||||
BWgmQw/9EFWMXtSfWBV93AQF37r0nbUnOBvrOcubkO7ygt+GfHKzN8EPuNeO2It7
|
||||
yNZDuCmwepnNGaIkO7UkgbwYyNw3YaoHQqxG8izAfJAVqK6BSk8UAET/YKWFXbLv
|
||||
cZBfgxSa0tTEkwq3BAY4vDewRXnLkUq7k6JRRCKFGLNSi/ygC56SijxyAV2g4Vio
|
||||
Qcwr9VhsTvz6ujoWuPrfVpUY4I81LBJxKK7n9zBreYzh5uUXRu5k4lN2W8HrE4q0
|
||||
7tTdsccB9j1CJAiUacYLxTFsvwd/hBs9+g9Eu5kqGeChqEU56Gd8wR96TEu8cVIZ
|
||||
Bv5UEo9MgT1KsJwk0FMfV8qVScqZrGG3QaoMtNAeAm/tUrhhZO9ANYsC9dey03ut
|
||||
tU6s5GAeh6i17bqW5WfvzCdhY9ayCInndzkq7SPi9F7fYx79PgdsofqPdyCSBXUo
|
||||
Ozfn1VQkYQJTmYtrwqLfdAivubaEPIf1+fLqMOXbrI85Ujuy5xzlgVrrqO2K9rbE
|
||||
DYyPgGZjPtss/yZGRCUdJX6rbW8Tq0HKt/8HpbW5fCt9o0wCSawR71GhzPA1fpNs
|
||||
0mkAGvvoNGdiSizTLLPvNCaecw4kSzeBNViyP6oRCv69ifNqHPErItsMZ0YIMU14
|
||||
w4/d9yI9kUa2bvE3cmx6G+9OS8PYip9MsJbQgP7kJsZ8wgt9rQU=
|
||||
=aw+P
|
||||
-----END PGP SIGNATURE-----
|
|
@ -0,0 +1,6 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
|
@ -0,0 +1,90 @@
|
|||
# KNOWN BUGS:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1489816
|
||||
addFilter(r'crypto-policy-non-compliance-openssl')
|
||||
|
||||
|
||||
# TESTS:
|
||||
addFilter(r'(zero-length|pem-certificate|uncompressed-zip) /usr/lib(64)?/python3\.\d+/test')
|
||||
|
||||
|
||||
# OTHER DELIBERATES:
|
||||
# chroot function
|
||||
addFilter(r'missing-call-to-chdir-with-chroot')
|
||||
|
||||
# intentionally unversioned and selfobsoleted
|
||||
addFilter(r'unversioned-explicit-obsoletes python')
|
||||
addFilter(r'self-obsoletion python3\.\d+ obsoletes python3\.\d+')
|
||||
|
||||
# intentionally hardcoded
|
||||
addFilter(r'hardcoded-library-path in %{_prefix}/lib/(debug/%{_libdir}|python%{pybasever})')
|
||||
|
||||
# intentional for our pythonXY package
|
||||
addFilter(r'python3\.\d+\.[^:]+: (E|W): devel-file-in-non-devel-package')
|
||||
|
||||
# we have non binary stuff, python files
|
||||
addFilter(r'only-non-binary-in-usr-lib')
|
||||
|
||||
# some devel files that are deliberately needed
|
||||
addFilter(r'devel-file-in-non-devel-package /usr/include/python3\.\d+m?/pyconfig-(32|64)\.h')
|
||||
addFilter(r'devel-file-in-non-devel-package /usr/lib(64)?/python3\.\d+/distutils/tests/xxmodule\.c')
|
||||
|
||||
# some bytecode is shipped without sources on purpose, as a space optimization
|
||||
# if this regex needs to be relaxed in the future, make sure it **does not** match pyc files in __pycache__
|
||||
addFilter(r'python-bytecode-without-source /usr/lib(64)?/python3\.\d+/(encodings|pydoc_data)/[^/]+.pyc')
|
||||
|
||||
# SORRY, NOT SORRY:
|
||||
# manual pages
|
||||
addFilter(r'no-manual-page-for-binary (idle|pydoc|pyvenv|2to3|python3?-debug|pathfix|msgfmt|pygettext)')
|
||||
addFilter(r'no-manual-page-for-binary python3?.*-config$')
|
||||
addFilter(r'no-manual-page-for-binary python3\.\d+dm?$')
|
||||
|
||||
# missing documentation from subpackages
|
||||
addFilter(r'^python3(\.\d+)?-(debug|tkinter|test|idle)\.[^:]+: (E|W): no-documentation')
|
||||
|
||||
# platform python is obsoleted, but not provided
|
||||
addFilter(r'obsolete-not-provided platform-python')
|
||||
|
||||
|
||||
# RPMLINT IMPERFECTIONS
|
||||
# https://github.com/rpm-software-management/rpmlint/issues/123
|
||||
addFilter(r'python-bytecode-wrong-magic-value .* expected 33\d\d \(3\.7\), found 3393')
|
||||
# https://github.com/rpm-software-management/rpmlint/pull/133
|
||||
addFilter(r'python-bytecode-wrong-magic-value .* expected 33\d\d \(3\.7\), found 3394')
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1550562
|
||||
# https://github.com/rpm-software-management/rpmlint/issues/128
|
||||
addFilter(r'python-bytecode-inconsistent-mtime .* 1970')
|
||||
|
||||
# we provide python(abi) manually to be sure. createrepo will merge this with the automatic
|
||||
addFilter(r'python3(\.\d+)?\.[^:-]+: (E|W): useless-provides python\(abi\)')
|
||||
|
||||
# debugsource
|
||||
addFilter(r'^python3(\.\d+)?-debugsource\.[^:]+: (E|W): no-documentation')
|
||||
|
||||
# debuginfo
|
||||
addFilter(r'^python3(\.\d+)?-debuginfo\.[^:]+: (E|W): useless-provides debuginfo\(build-id\)')
|
||||
|
||||
# this is OK for F28+
|
||||
addFilter(r'library-without-ldconfig-post')
|
||||
|
||||
# debug package contains devel and non-devel files
|
||||
addFilter(r'python3(\.\d+)?-debug\.[^:]+: (E|W): (non-)?devel-file-in-(non-)?devel-package')
|
||||
|
||||
# this goes to other subpackage, hence not actually dangling, the read error is bogus
|
||||
addFilter(r'dangling-relative-symlink /usr/lib(64)?/pkgconfig/python-3\.\d+dm?(-embed)?\.pc python-3\.\d+(-embed)?\.pc')
|
||||
addFilter(r'read-error /usr/lib(64)?/pkgconfig/python-3\.\d+dm?(-embed)?\.pc \[Errno 2\]')
|
||||
|
||||
# the python-unversioned-command package contains dangling symlinks by design
|
||||
addFilter(r'^python-unversioned-command\.[^:]+: (E|W): dangling-relative-symlink '
|
||||
r'(/usr/bin/python \./python3|/usr/share/man/man1/python\.1\S* ./python3\.1\S*)$')
|
||||
|
||||
# we need this macro to evaluate, even if the line starts with #
|
||||
addFilter(r'macro-in-comment %\{_pyconfig(32|64)_h\}')
|
||||
|
||||
# Python modules don't need to be linked against libc
|
||||
# Since 3.8 they are no longer linked against libpython3.8.so.1.0
|
||||
addFilter(r'E: library-not-linked-against-libc /usr/lib(64)?/python3\.\d+/lib-dynload/')
|
||||
addFilter(r'E: shared-lib-without-dependency-information /usr/lib(64)?/python3\.\d+/lib-dynload/')
|
||||
|
||||
# SPELLING ERRORS
|
||||
addFilter(r'spelling-error .* en_US (bytecode|pyc|filename|tkinter|namespaces|pytest) ')
|
|
@ -13,11 +13,11 @@ URL: https://www.python.org/
|
|||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
%global general_version %{pybasever}.18
|
||||
%global general_version %{pybasever}.19
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 3%{?dist}
|
||||
Release: 1%{?dist}
|
||||
License: Python
|
||||
|
||||
|
||||
|
@ -429,6 +429,13 @@ Patch414: 00414-skip_test_zlib_s390x.patch
|
|||
# config file or environment variable.
|
||||
Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch
|
||||
|
||||
# 00422 # a353cebef737c41420dc7ae2469dd657371b8881
|
||||
# Fix tests for XMLPullParser with Expat 2.6.0
|
||||
#
|
||||
# Feeding the parser by too small chunks defers parsing to prevent
|
||||
# CVE-2023-52425. Future versions of Expat may be more reactive.
|
||||
Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
|
@ -1830,6 +1837,12 @@ CheckPython optimized
|
|||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Mon Apr 22 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.9.19-1
|
||||
- Update to 3.9.19
|
||||
- Security fixes for CVE-2023-6597 and CVE-2024-0450
|
||||
- Fix tests for XMLPullParser with Expat with fixed CVE
|
||||
Resolves: RHEL-33679, RHEL-33691
|
||||
|
||||
* Wed Jan 24 2024 Lumír Balhar <lbalhar@redhat.com> - 3.9.18-3
|
||||
- Fix tests on s390x with hw acceleration
|
||||
Resolves: RHEL-13043
|
|
@ -0,0 +1,32 @@
|
|||
# exclude test XML data (not always valid) from XML validity check:
|
||||
xml:
|
||||
ignore:
|
||||
- /usr/lib*/python*/test/xmltestdata/*
|
||||
- /usr/lib*/python*/test/xmltestdata/*/*
|
||||
|
||||
# exclude _socket from ipv4 only functions check, it has both ipv4 and ipv6 only
|
||||
badfuncs:
|
||||
ignore:
|
||||
- /usr/lib*/python*/lib-dynload/_socket.*
|
||||
|
||||
# don't report changed content of compiled files
|
||||
# that is expected with every toolchain update and not reproducible yet
|
||||
changedfiles:
|
||||
# note that this is a posix regex, so no \d
|
||||
exclude_path: (\.so(\.[0-9]+(\.[0-9]+)?)?$|^/usr/bin/python[0-9]+\.[0-9]+d?m?$)
|
||||
|
||||
# files change size all the time, we don't need to VERIFY it
|
||||
# however, the INFO is useful, so we don't disable the check entirely
|
||||
filesize:
|
||||
# artificially large number, TODO a better way
|
||||
size_threshold: 100000
|
||||
|
||||
debuginfo:
|
||||
ignore:
|
||||
# libpython3.so doesn't contain compiled code
|
||||
- /usr/lib/debug/usr/lib*/libpython3.so*debug
|
||||
|
||||
# completely disabled inspections:
|
||||
inspections:
|
||||
# we know about our patches, no need to report anything
|
||||
patches: off
|
|
@ -0,0 +1,2 @@
|
|||
SHA512 (Python-3.9.19.tar.xz) = 5577830c734e63a70bbc62cd33d263b9aa87c4381b49cb694c3559067c4c682a55506b65ec5514a8e0a5abf6294dc728e909385d449ae1c388e62f83cea9bb89
|
||||
SHA512 (Python-3.9.19.tar.xz.asc) = f7f4946243dfc56de2c84f50276b088d347f17054f50e3331d1e312e2a8e2c6ed1b4b4a807202b51137fd2af3fc9218cafa42ed348a954ace896d9a432e2defd
|
|
@ -0,0 +1 @@
|
|||
1
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
standard-inventory-qcow2:
|
||||
qemu:
|
||||
m: 3G # Amount of VM memory
|
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
tags:
|
||||
- classic
|
||||
tasks:
|
||||
- dnf:
|
||||
name: "*"
|
||||
state: latest
|
||||
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-basic
|
||||
tags:
|
||||
- classic
|
||||
repositories:
|
||||
- repo: "https://src.fedoraproject.org/tests/python.git"
|
||||
dest: "python"
|
||||
tests:
|
||||
- smoke:
|
||||
dir: python/smoke
|
||||
run: VERSION=3.9 ./venv.sh
|
||||
- debugsmoke:
|
||||
dir: python/smoke
|
||||
run: PYTHON=python3-debug TOX=false VERSION=3.9 ./venv.sh
|
||||
- selftest:
|
||||
dir: python/selftest
|
||||
run: VERSION=3.9 X="-x test_wsgiref" ./parallel.sh
|
||||
- debugtest:
|
||||
dir: python/selftest
|
||||
run: VERSION=3.9 PYTHON=python3-debug X="-x test_wsgiref" ./parallel.sh
|
||||
- debugflags:
|
||||
dir: python/flags
|
||||
run: python3-debug ./assertflags.py -O0
|
||||
- marshalparser:
|
||||
dir: python/marshalparser
|
||||
run: VERSION=3.9 SAMPLE=10 test_marshalparser_compatibility.sh
|
||||
required_packages:
|
||||
- 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm'
|
||||
- 'https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm'
|
||||
- gcc # for extension building in venv and selftest
|
||||
- gdb # for test_gdb
|
||||
- python3.9 # the test subject
|
||||
- python3-debug # for leak testing
|
||||
- python3-devel # for extension building in venv and selftest
|
||||
- python3-tkinter # for selftest
|
||||
- python3-test # for selftest
|
||||
- python3-tox # for venv tests
|
||||
- glibc-all-langpacks # for locale tests
|
||||
- marshalparser # for testing compatibility (magic numbers) with marshalparser
|
Loading…
Reference in New Issue