From 87132fa40876bc688d897839c91c77b3d6503284 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 06:43:02 -0500 Subject: [PATCH] import python3-3.6.8-31.el8 --- SOURCES/00102-lib64.patch | 16 + ...78-dont-duplicate-flags-in-sysconfig.patch | 30 -- SOURCES/00205-make-libpl-respect-lib64.patch | 12 - SOURCES/00329-fips.patch | 354 ++++++++++-------- SOURCES/00338-fix-test_gdb-for-LTO.patch | 22 ++ SOURCES/00344-CVE-2019-16935.patch | 54 +++ ...5-fix-test_site-with-extra-pth-files.patch | 44 +++ SOURCES/00346-CVE-2020-8492.patch | 193 ++++++++++ ...-infinite-loop-in-the-tarfile-module.patch | 67 ++++ ...-for-ipv4interface-and-ipv6interface.patch | 70 ++++ SPECS/python3.spec | 105 +++++- 11 files changed, 745 insertions(+), 222 deletions(-) delete mode 100644 SOURCES/00178-dont-duplicate-flags-in-sysconfig.patch delete mode 100644 SOURCES/00205-make-libpl-respect-lib64.patch create mode 100644 SOURCES/00338-fix-test_gdb-for-LTO.patch create mode 100644 SOURCES/00344-CVE-2019-16935.patch create mode 100644 SOURCES/00345-fix-test_site-with-extra-pth-files.patch create mode 100644 SOURCES/00346-CVE-2020-8492.patch create mode 100644 SOURCES/00351-avoid-infinite-loop-in-the-tarfile-module.patch create mode 100644 SOURCES/00352-resolve-hash-collisions-for-ipv4interface-and-ipv6interface.patch diff --git a/SOURCES/00102-lib64.patch b/SOURCES/00102-lib64.patch index 2b913ca..6111c0f 100644 --- a/SOURCES/00102-lib64.patch +++ b/SOURCES/00102-lib64.patch @@ -200,3 +200,19 @@ index 0f2dfc4..da37896 100644 ] ) if (ssl_incs is not None and +diff --git a/configure.ac b/configure.ac +index 01c66fe..1e6d515 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4772,9 +4772,9 @@ AC_MSG_RESULT($LDVERSION) + dnl define LIBPL after ABIFLAGS and LDVERSION is defined. + AC_SUBST(PY_ENABLE_SHARED) + if test x$PLATFORM_TRIPLET = x; then +- LIBPL='$(prefix)'"/lib/python${VERSION}/config-${LDVERSION}" ++ LIBPL='$(prefix)'"/lib64/python${VERSION}/config-${LDVERSION}" + else +- LIBPL='$(prefix)'"/lib/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" ++ LIBPL='$(prefix)'"/lib64/python${VERSION}/config-${LDVERSION}-${PLATFORM_TRIPLET}" + fi + AC_SUBST(LIBPL) + diff --git a/SOURCES/00178-dont-duplicate-flags-in-sysconfig.patch b/SOURCES/00178-dont-duplicate-flags-in-sysconfig.patch deleted file mode 100644 index fc49b30..0000000 --- a/SOURCES/00178-dont-duplicate-flags-in-sysconfig.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -r 39b9b05c3085 Lib/distutils/sysconfig.py ---- a/Lib/distutils/sysconfig.py Wed Apr 10 00:27:23 2013 +0200 -+++ b/Lib/distutils/sysconfig.py Wed Apr 10 10:14:18 2013 +0200 -@@ -362,7 +362,10 @@ - done[n] = item = "" - if found: - after = value[m.end():] -- value = value[:m.start()] + item + after -+ value = value[:m.start()] -+ if item.strip() not in value: -+ value += item -+ value += after - if "$" in after: - notdone[name] = value - else: -diff -r 39b9b05c3085 Lib/sysconfig.py ---- a/Lib/sysconfig.py Wed Apr 10 00:27:23 2013 +0200 -+++ b/Lib/sysconfig.py Wed Apr 10 10:14:18 2013 +0200 -@@ -296,7 +296,10 @@ - - if found: - after = value[m.end():] -- value = value[:m.start()] + item + after -+ value = value[:m.start()] -+ if item.strip() not in value: -+ value += item -+ value += after - if "$" in after: - notdone[name] = value - else: diff --git a/SOURCES/00205-make-libpl-respect-lib64.patch b/SOURCES/00205-make-libpl-respect-lib64.patch deleted file mode 100644 index 3e7c797..0000000 --- a/SOURCES/00205-make-libpl-respect-lib64.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up Python-3.5.0/Makefile.pre.in.lib Python-3.5.0/Makefile.pre.in ---- Python-3.5.0/Makefile.pre.in.lib 2015-09-21 15:39:47.928286620 +0200 -+++ Python-3.5.0/Makefile.pre.in 2015-09-21 15:42:58.004042762 +0200 -@@ -1340,7 +1340,7 @@ inclinstall: - - # Install the library and miscellaneous stuff needed for extending/embedding - # This goes into $(exec_prefix) --LIBPL= @LIBPL@ -+LIBPL= $(LIBDEST)/config-$(LDVERSION)-$(MULTIARCH) - - # pkgconfig directory - LIBPC= $(LIBDIR)/pkgconfig diff --git a/SOURCES/00329-fips.patch b/SOURCES/00329-fips.patch index e250caa..7490bae 100644 --- a/SOURCES/00329-fips.patch +++ b/SOURCES/00329-fips.patch @@ -2,7 +2,7 @@ From 53d108c5103c99079f1f231b0e731f3f47a142fc Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Wed, 25 Sep 2019 08:50:31 -0700 -Subject: [PATCH 01/36] [3.8] bpo-38270: Check for hash digest algorithms and +Subject: [PATCH 01/37] [3.8] bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382) (GH-16393) Make it easier to run and test Python on systems with restrict crypto policies: @@ -31,7 +31,7 @@ Automerge-Triggered-By: @tiran 7 files changed, 112 insertions(+), 53 deletions(-) diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py -index 66c0fed8411..a43819904e0 100644 +index 66c0fed841..a43819904e 100644 --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -11,6 +11,7 @@ import faulthandler @@ -71,7 +71,7 @@ index 66c0fed8411..a43819904e0 100644 # Don't use "localhost", since resolving it uses the DNS under recent # Windows versions (see issue #18792). diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index 067e13f1079..81c3485f761 100644 +index 067e13f107..81c3485f76 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -4,6 +4,8 @@ import hashlib @@ -271,7 +271,7 @@ index 067e13f1079..81c3485f761 100644 h2 = h1.copy() self.assertEqual(h1.digest(), h2.digest(), diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py -index 0593a3756b0..086cc0ac4e0 100644 +index 0593a3756b..086cc0ac4e 100644 --- a/Lib/test/test_imaplib.py +++ b/Lib/test/test_imaplib.py @@ -14,7 +14,8 @@ import calendar @@ -309,7 +309,7 @@ index 0593a3756b0..086cc0ac4e0 100644 class AuthHandler(SimpleIMAPHandler): diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py -index 234c855545c..b8146be3a8c 100644 +index 234c855545..b8146be3a8 100644 --- a/Lib/test/test_poplib.py +++ b/Lib/test/test_poplib.py @@ -304,9 +304,11 @@ class TestPOP3Class(TestCase): @@ -325,7 +325,7 @@ index 234c855545c..b8146be3a8c 100644 # Replace welcome with very long evil welcome. # NB The upper bound on welcome length is currently 2048. diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py -index 87047514e7a..64b3201254a 100644 +index 87047514e7..64b3201254 100644 --- a/Lib/test/test_smtplib.py +++ b/Lib/test/test_smtplib.py @@ -4,6 +4,7 @@ import email.mime.text @@ -368,7 +368,7 @@ index 87047514e7a..64b3201254a 100644 self.serv.add_feature("AUTH {}".format(mechanism)) for mechanism in supported: diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py -index 4cd7d5370f5..b5e855e0d7e 100644 +index 4cd7d5370f..b5e855e0d7 100644 --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py @@ -1,7 +1,7 @@ @@ -557,7 +557,7 @@ index 4cd7d5370f5..b5e855e0d7e 100644 # See issues #1578269, #8879, and #17689 for some history on these skips @unittest.skipIf(hasattr(os.path, "islink"), diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py -index ef0091c4930..895f97cc09a 100644 +index ef0091c493..895f97cc09 100644 --- a/Lib/test/test_urllib2_localnet.py +++ b/Lib/test/test_urllib2_localnet.py @@ -325,6 +325,7 @@ class ProxyAuthTests(unittest.TestCase): @@ -569,13 +569,13 @@ index ef0091c4930..895f97cc09a 100644 super(ProxyAuthTests, self).setUp() # Ignore proxy bypass settings in the environment. -- -2.21.0 +2.25.1 From 75d9613294e1cbd5aab9363cf3c435871a25f065 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 30 Sep 2019 09:10:38 +0200 -Subject: [PATCH 02/36] [3.8] bpo-38270: More fixes for strict crypto policy +Subject: [PATCH 02/37] [3.8] bpo-38270: More fixes for strict crypto policy (GH-16418) (#16437) test_hmac and test_hashlib test built-in hashing implementations and @@ -599,7 +599,7 @@ Co-authored-by: Christian Heimes 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py -index a43819904e0..3342218cf0a 100644 +index a43819904e..3342218cf0 100644 --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -71,6 +71,11 @@ try: @@ -655,7 +655,7 @@ index a43819904e0..3342218cf0a 100644 raise unittest.SkipTest( f"hash digest '{digestname}' is not available." diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index 9711856853d..1b1b4d54112 100644 +index 9711856853..1b1b4d5411 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -8,6 +8,7 @@ @@ -683,7 +683,7 @@ index 9711856853d..1b1b4d54112 100644 # These two algorithms should always be present when this module # is compiled. If not, something was compiled wrong. diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index 81c3485f761..2a5a0d3d061 100644 +index 81c3485f76..2a5a0d3d06 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -19,7 +19,7 @@ def ignore_warning(func): @@ -729,13 +729,13 @@ index 81c3485f761..2a5a0d3d061 100644 self._rfc4231_test_cases(hashlib.sha512, 'sha512', 64, 128) -- -2.21.0 +2.25.1 From 19a40f7e820bb991c03e03c05dc832539b676983 Mon Sep 17 00:00:00 2001 From: stratakis Date: Tue, 3 Dec 2019 16:35:54 +0100 -Subject: [PATCH 03/36] bpo-38270: Fix indentation of test_hmac assertions +Subject: [PATCH 03/37] bpo-38270: Fix indentation of test_hmac assertions (GH-17446) Since https://github.com/python/cpython/commit/c64a1a61e6fc542cada40eb069a239317e1af36e two assertions were indented and thus ignored when running test_hmac. @@ -749,7 +749,7 @@ https://bugs.python.org/issue38270 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index 2a5a0d3d061..338e0215a41 100644 +index 2a5a0d3d06..338e0215a4 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -329,7 +329,7 @@ class ConstructorTestCase(unittest.TestCase): @@ -771,13 +771,13 @@ index 2a5a0d3d061..338e0215a41 100644 @requires_hashdigest('sha256') def test_withmodule(self): -- -2.21.0 +2.25.1 From 5fa96205b380f2cb555ac346e6b7039746cb51ca Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 16:19:52 +0200 -Subject: [PATCH 04/36] Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode() +Subject: [PATCH 04/37] Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode() --- Lib/hashlib.py | 5 +++++ @@ -786,7 +786,7 @@ Subject: [PATCH 04/36] Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode() 3 files changed, 65 insertions(+), 1 deletion(-) diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index 98d2d7981a3..ae17c585110 100644 +index 98d2d7981a..ae17c58511 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -236,6 +236,11 @@ try: @@ -802,7 +802,7 @@ index 98d2d7981a3..ae17c585110 100644 for __func_name in __always_supported: # try them all, some may not work due to the OpenSSL diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 84edd72c85a..4876a7f7aa7 100644 +index 84edd72c85..4876a7f7aa 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -25,6 +25,9 @@ @@ -863,7 +863,7 @@ index 84edd72c85a..4876a7f7aa7 100644 CONSTRUCTOR_METH_DEF(sha1), CONSTRUCTOR_METH_DEF(sha224), diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h -index 04453526040..8828e2776e9 100644 +index 0445352604..8828e2776e 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -54,7 +54,30 @@ exit: @@ -899,13 +899,13 @@ index 04453526040..8828e2776e9 100644 -/*[clinic end generated code: output=118cd7036fa0fb52 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=7d683c930bbb7c36 input=a9049054013a1b77]*/ -- -2.21.0 +2.25.1 From e60cc93037b913ca2a410d73b52d8301ab0d76cd Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 25 Jul 2019 17:04:06 +0200 -Subject: [PATCH 05/36] Use python's fall backs for the crypto it implements +Subject: [PATCH 05/37] Use python's fall backs for the crypto it implements only if we are not in FIPS mode --- @@ -914,7 +914,7 @@ Subject: [PATCH 05/36] Use python's fall backs for the crypto it implements 2 files changed, 81 insertions(+), 129 deletions(-) diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index ae17c585110..7db1e02601f 100644 +index ae17c58511..7db1e02601 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -67,56 +67,64 @@ algorithms_available = set(__always_supported) @@ -1181,7 +1181,7 @@ index ae17c585110..7db1e02601f 100644 +if not get_fips_mode(): + del __py_new diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index 1b1b4d54112..4e6b5b607a9 100644 +index 1b1b4d5411..4e6b5b607a 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -933,6 +933,7 @@ class KDFTests(unittest.TestCase): @@ -1193,13 +1193,13 @@ index 1b1b4d54112..4e6b5b607a9 100644 self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac) -- -2.21.0 +2.25.1 From 4803386d980b9ad1a9bdde829e8642676acd8bf4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 17:19:06 +0200 -Subject: [PATCH 06/36] Disable Python's hash implementations in FIPS mode, +Subject: [PATCH 06/37] Disable Python's hash implementations in FIPS mode, forcing OpenSSL --- @@ -1215,7 +1215,7 @@ Subject: [PATCH 06/36] Disable Python's hash implementations in FIPS mode, diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h new file mode 100644 -index 00000000000..a726c0d3fbf +index 0000000000..a726c0d3fb --- /dev/null +++ b/Include/_hashopenssl.h @@ -0,0 +1,66 @@ @@ -1286,7 +1286,7 @@ index 00000000000..a726c0d3fbf + +#endif // !Py_HASHOPENSSL_H diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c -index 418c0184006..341e67a8fcc 100644 +index 418c018400..341e67a8fc 100644 --- a/Modules/_blake2/blake2b_impl.c +++ b/Modules/_blake2/blake2b_impl.c @@ -14,6 +14,7 @@ @@ -1316,7 +1316,7 @@ index 418c0184006..341e67a8fcc 100644 #ifdef WITH_THREAD diff --git a/Modules/_blake2/blake2module.c b/Modules/_blake2/blake2module.c -index e2a3d420d4e..817b7165684 100644 +index e2a3d420d4..817b716568 100644 --- a/Modules/_blake2/blake2module.c +++ b/Modules/_blake2/blake2module.c @@ -9,6 +9,7 @@ @@ -1337,7 +1337,7 @@ index e2a3d420d4e..817b7165684 100644 if (m == NULL) return NULL; diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c -index 24e529b6596..0dfe0586b57 100644 +index 24e529b659..0dfe0586b5 100644 --- a/Modules/_blake2/blake2s_impl.c +++ b/Modules/_blake2/blake2s_impl.c @@ -14,6 +14,7 @@ @@ -1367,7 +1367,7 @@ index 24e529b6596..0dfe0586b57 100644 #ifdef WITH_THREAD diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 4876a7f7aa7..02cf6087a2e 100644 +index 4876a7f7aa..02cf6087a2 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -17,16 +17,13 @@ @@ -1427,7 +1427,7 @@ index 4876a7f7aa7..02cf6087a2e 100644 newEVPobject(PyObject *name) { diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c -index 2c2b2dbc5c7..624f7f247d4 100644 +index 2c2b2dbc5c..624f7f247d 100644 --- a/Modules/_sha3/sha3module.c +++ b/Modules/_sha3/sha3module.c @@ -18,6 +18,7 @@ @@ -1464,7 +1464,7 @@ index 2c2b2dbc5c7..624f7f247d4 100644 return NULL; } diff --git a/setup.py b/setup.py -index e2c18982532..e2e659ef795 100644 +index e2c1898253..e2e659ef79 100644 --- a/setup.py +++ b/setup.py @@ -901,31 +901,30 @@ class PyBuildExt(build_ext): @@ -1531,13 +1531,13 @@ index e2c18982532..e2e659ef795 100644 # Modules that provide persistent dictionary-like semantics. You will # probably want to arrange for at least one of them to be available on -- -2.21.0 +2.25.1 From 0f35f480e2134c7d5c4ea3d68d8c0af14f56afa3 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 17:35:27 +0200 -Subject: [PATCH 07/36] Expose all hashes available to OpenSSL, using a list +Subject: [PATCH 07/37] Expose all hashes available to OpenSSL, using a list --- Modules/_hashopenssl.c | 44 ++++++++++++++----------------------- @@ -1546,7 +1546,7 @@ Subject: [PATCH 07/36] Expose all hashes available to OpenSSL, using a list create mode 100644 Modules/_hashopenssl_list.h diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 02cf6087a2e..7dfd70822b9 100644 +index 02cf6087a2..7dfd70822b 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -66,12 +66,9 @@ static PyTypeObject EVPtype; @@ -1643,7 +1643,7 @@ index 02cf6087a2e..7dfd70822b9 100644 } diff --git a/Modules/_hashopenssl_list.h b/Modules/_hashopenssl_list.h new file mode 100644 -index 00000000000..3c11b2eb6c6 +index 0000000000..3c11b2eb6c --- /dev/null +++ b/Modules/_hashopenssl_list.h @@ -0,0 +1,21 @@ @@ -1669,13 +1669,13 @@ index 00000000000..3c11b2eb6c6 +_HASH(shake_128, "shake128") +_HASH(shake_256, "shake256") -- -2.21.0 +2.25.1 From 7e5b74b7268e4fb7d473d24cd023493e4e87eb76 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 18:13:45 +0200 -Subject: [PATCH 08/36] Fix tests +Subject: [PATCH 08/37] Fix tests --- Lib/hashlib.py | 5 +++- @@ -1683,7 +1683,7 @@ Subject: [PATCH 08/36] Fix tests 2 files changed, 49 insertions(+), 14 deletions(-) diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index 7db1e02601f..2def0a310c6 100644 +index 7db1e02601..2def0a310c 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -122,7 +122,10 @@ if not get_fips_mode(): @@ -1699,7 +1699,7 @@ index 7db1e02601f..2def0a310c6 100644 return __get_builtin_constructor(name) try: diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index 4e6b5b607a9..e57c93b42f5 100644 +index 4e6b5b607a..e57c93b42f 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -182,7 +182,9 @@ class HashLibTestCase(unittest.TestCase): @@ -1818,13 +1818,13 @@ index 4e6b5b607a9..e57c93b42f5 100644 @requires_sha3 def test_extra_sha3(self): -- -2.21.0 +2.25.1 From d6618795dd079acd8585f830b129d7f2fc9a6c52 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 26 Jul 2019 11:27:57 +0200 -Subject: [PATCH 09/36] Change FIPS exceptions from _blake2, _sha3 module init +Subject: [PATCH 09/37] Change FIPS exceptions from _blake2, _sha3 module init to ImportError --- @@ -1836,7 +1836,7 @@ Subject: [PATCH 09/36] Change FIPS exceptions from _blake2, _sha3 module init 5 files changed, 13 insertions(+), 14 deletions(-) diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h -index a726c0d3fbf..47ed0030422 100644 +index a726c0d3fb..47ed003042 100644 --- a/Include/_hashopenssl.h +++ b/Include/_hashopenssl.h @@ -39,7 +39,7 @@ _setException(PyObject *exc) @@ -1872,7 +1872,7 @@ index a726c0d3fbf..47ed0030422 100644 #endif // !Py_HASHOPENSSL_H diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c -index 341e67a8fcc..f6bfce823b8 100644 +index 341e67a8fc..f6bfce823b 100644 --- a/Modules/_blake2/blake2b_impl.c +++ b/Modules/_blake2/blake2b_impl.c @@ -104,7 +104,7 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size, @@ -1894,7 +1894,7 @@ index 341e67a8fcc..f6bfce823b8 100644 GET_BUFFER_VIEW_OR_ERROUT(data, &buf); diff --git a/Modules/_blake2/blake2module.c b/Modules/_blake2/blake2module.c -index 817b7165684..a9c7cbc7ebe 100644 +index 817b716568..a9c7cbc7eb 100644 --- a/Modules/_blake2/blake2module.c +++ b/Modules/_blake2/blake2module.c @@ -58,7 +58,7 @@ PyInit__blake2(void) @@ -1907,7 +1907,7 @@ index 817b7165684..a9c7cbc7ebe 100644 m = PyModule_Create(&blake2_module); if (m == NULL) diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c -index 0dfe0586b57..28ae5b65101 100644 +index 0dfe0586b5..28ae5b6510 100644 --- a/Modules/_blake2/blake2s_impl.c +++ b/Modules/_blake2/blake2s_impl.c @@ -104,7 +104,7 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size, @@ -1929,7 +1929,7 @@ index 0dfe0586b57..28ae5b65101 100644 GET_BUFFER_VIEW_OR_ERROUT(data, &buf); diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c -index 624f7f247d4..2783a75644f 100644 +index 624f7f247d..2783a75644 100644 --- a/Modules/_sha3/sha3module.c +++ b/Modules/_sha3/sha3module.c @@ -163,7 +163,7 @@ static PyTypeObject SHAKE256type; @@ -1960,20 +1960,20 @@ index 624f7f247d4..2783a75644f 100644 if ((m = PyModule_Create(&_SHA3module)) == NULL) { return NULL; -- -2.21.0 +2.25.1 From eb78e4b4179842185f53edba2073ab7644db7ad3 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 26 Jul 2019 11:24:09 +0200 -Subject: [PATCH 10/36] Make hashlib importable under FIPS mode +Subject: [PATCH 10/37] Make hashlib importable under FIPS mode --- Lib/hashlib.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index 2def0a310c6..ca1dd202251 100644 +index 2def0a310c..ca1dd20225 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -132,12 +132,14 @@ def __get_openssl_constructor(name): @@ -1995,13 +1995,13 @@ index 2def0a310c6..ca1dd202251 100644 if not get_fips_mode(): -- -2.21.0 +2.25.1 From 0f313f65457f1e7d0e7238a71935f5d4e0d197ee Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 26 Jul 2019 15:41:10 +0200 -Subject: [PATCH 11/36] Implement hmac.new using new built-in module, +Subject: [PATCH 11/37] Implement hmac.new using new built-in module, _hmacopenssl --- @@ -2014,7 +2014,7 @@ Subject: [PATCH 11/36] Implement hmac.new using new built-in module, create mode 100644 Modules/clinic/_hmacopenssl.c.h diff --git a/Lib/hmac.py b/Lib/hmac.py -index 121029aa670..ed98406bd2e 100644 +index 121029aa67..ed98406bd2 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -6,6 +6,8 @@ Implements the HMAC algorithm as described by RFC 2104. @@ -2084,7 +2084,7 @@ index 121029aa670..ed98406bd2e 100644 + return HMAC(key, msg, digestmod) diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c new file mode 100644 -index 00000000000..ca95d725f01 +index 0000000000..ca95d725f0 --- /dev/null +++ b/Modules/_hmacopenssl.c @@ -0,0 +1,396 @@ @@ -2486,7 +2486,7 @@ index 00000000000..ca95d725f01 +} diff --git a/Modules/clinic/_hmacopenssl.c.h b/Modules/clinic/_hmacopenssl.c.h new file mode 100644 -index 00000000000..b472a6eddd3 +index 0000000000..b472a6eddd --- /dev/null +++ b/Modules/clinic/_hmacopenssl.c.h @@ -0,0 +1,133 @@ @@ -2624,7 +2624,7 @@ index 00000000000..b472a6eddd3 +} +/*[clinic end generated code: output=10b6e8cac6d7a2c9 input=a9049054013a1b77]*/ diff --git a/setup.py b/setup.py -index e2e659ef795..282aa4178ed 100644 +index e2e659ef79..282aa4178e 100644 --- a/setup.py +++ b/setup.py @@ -922,6 +922,10 @@ class PyBuildExt(build_ext): @@ -2639,13 +2639,13 @@ index e2e659ef795..282aa4178ed 100644 # don't build Python's implementations. # sha3 and blake2 have extra functionality, so do build those: -- -2.21.0 +2.25.1 From 37797b4d89e7b4859dc4728da91cbebf5fdb2a52 Mon Sep 17 00:00:00 2001 From: Marcel Plch Date: Mon, 29 Jul 2019 12:45:11 +0200 -Subject: [PATCH 12/36] FIPS review +Subject: [PATCH 12/37] FIPS review * Port _hmacopenssl to multiphase init. * Make _hmacopenssl.HMAC.copy create same type as self. @@ -2656,7 +2656,7 @@ Subject: [PATCH 12/36] FIPS review 2 files changed, 70 insertions(+), 44 deletions(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index ed98406bd2e..b9bf16b84ca 100644 +index ed98406bd2..b9bf16b84c 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -42,7 +42,7 @@ class HMAC: @@ -2669,7 +2669,7 @@ index ed98406bd2e..b9bf16b84ca 100644 if not isinstance(key, (bytes, bytearray)): diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c -index ca95d725f01..216ed04f236 100644 +index ca95d725f0..216ed04f23 100644 --- a/Modules/_hmacopenssl.c +++ b/Modules/_hmacopenssl.c @@ -24,7 +24,10 @@ @@ -2854,13 +2854,13 @@ index ca95d725f01..216ed04f236 100644 + return PyModuleDef_Init(&_hmacopenssl_def); } -- -2.21.0 +2.25.1 From 9a3bf73d382cda99a665cab8438f3cd0388256b0 Mon Sep 17 00:00:00 2001 From: Marcel Plch Date: Mon, 29 Jul 2019 13:05:04 +0200 -Subject: [PATCH 13/36] revert cosmetic nitpick and remove trailing whitespace +Subject: [PATCH 13/37] revert cosmetic nitpick and remove trailing whitespace --- Lib/hmac.py | 2 +- @@ -2868,7 +2868,7 @@ Subject: [PATCH 13/36] revert cosmetic nitpick and remove trailing whitespace 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index b9bf16b84ca..ed98406bd2e 100644 +index b9bf16b84c..ed98406bd2 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -42,7 +42,7 @@ class HMAC: @@ -2881,7 +2881,7 @@ index b9bf16b84ca..ed98406bd2e 100644 if not isinstance(key, (bytes, bytearray)): diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c -index 216ed04f236..221714ca434 100644 +index 216ed04f23..221714ca43 100644 --- a/Modules/_hmacopenssl.c +++ b/Modules/_hmacopenssl.c @@ -363,7 +363,7 @@ static PyType_Slot HmacType_slots[] = { @@ -2903,13 +2903,13 @@ index 216ed04f236..221714ca434 100644 .m_methods = hmacopenssl_functions, .m_slots = hmacopenssl_slots, -- -2.21.0 +2.25.1 From b2853963d35c60595cec7e5cd40f31b1c9c59426 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 31 Jul 2019 15:43:43 +0200 -Subject: [PATCH 14/36] Add initial tests for various hashes under FIPS mode +Subject: [PATCH 14/37] Add initial tests for various hashes under FIPS mode --- Lib/test/test_fips.py | 64 +++++++++++++++++++++++++++++++++++++++++++ @@ -2918,7 +2918,7 @@ Subject: [PATCH 14/36] Add initial tests for various hashes under FIPS mode diff --git a/Lib/test/test_fips.py b/Lib/test/test_fips.py new file mode 100644 -index 00000000000..bee911ef405 +index 0000000000..bee911ef40 --- /dev/null +++ b/Lib/test/test_fips.py @@ -0,0 +1,64 @@ @@ -2987,20 +2987,20 @@ index 00000000000..bee911ef405 +if __name__ == "__main__": + unittest.main() -- -2.21.0 +2.25.1 From b3a8214b5afe4809983e6a5e5d339527e8238318 Mon Sep 17 00:00:00 2001 From: Marcel Plch Date: Thu, 1 Aug 2019 16:39:37 +0200 -Subject: [PATCH 15/36] Initialize HMAC type. +Subject: [PATCH 15/37] Initialize HMAC type. --- Modules/_hmacopenssl.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c -index 221714ca434..239445a0831 100644 +index 221714ca43..239445a083 100644 --- a/Modules/_hmacopenssl.c +++ b/Modules/_hmacopenssl.c @@ -22,12 +22,12 @@ @@ -3056,13 +3056,13 @@ index 221714ca434..239445a0831 100644 fail: -- -2.21.0 +2.25.1 From 5bd6eb14097fe4ff2bb639e5c50260b1379d0a69 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 1 Aug 2019 17:57:05 +0200 -Subject: [PATCH 16/36] Use a stronger hash in multiprocessing handshake +Subject: [PATCH 16/37] Use a stronger hash in multiprocessing handshake Adapted from patch by David Malcolm, https://bugs.python.org/issue17258 @@ -3071,7 +3071,7 @@ https://bugs.python.org/issue17258 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py -index d3797503a75..a0b1538f88b 100644 +index d3797503a7..a0b1538f88 100644 --- a/Lib/multiprocessing/connection.py +++ b/Lib/multiprocessing/connection.py @@ -42,6 +42,10 @@ BUFSIZE = 8192 @@ -3104,20 +3104,20 @@ index d3797503a75..a0b1538f88b 100644 response = connection.recv_bytes(256) # reject large message if response != WELCOME: -- -2.21.0 +2.25.1 From 1dd4b2d6c4797b828ac38d8c62f1e69fce49f1e9 Mon Sep 17 00:00:00 2001 From: Marcel Plch Date: Fri, 2 Aug 2019 17:36:01 +0200 -Subject: [PATCH 17/36] Fix refcounting +Subject: [PATCH 17/37] Fix refcounting --- Modules/_hmacopenssl.c | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c -index 239445a0831..9c2882833d1 100644 +index 239445a083..9c2882833d 100644 --- a/Modules/_hmacopenssl.c +++ b/Modules/_hmacopenssl.c @@ -373,6 +373,34 @@ static struct PyMethodDef hmacopenssl_functions[] = { @@ -3178,20 +3178,20 @@ index 239445a0831..9c2882833d1 100644 -- -2.21.0 +2.25.1 From 4e1351cc2d704e8da7bb8125ad0ab194e8a02ec4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 13:37:05 +0200 -Subject: [PATCH 18/36] hmac: Don't default to md5 in FIPS mode +Subject: [PATCH 18/37] hmac: Don't default to md5 in FIPS mode --- Lib/hmac.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index ed98406bd2e..7b8821edd58 100644 +index ed98406bd2..7b8821edd5 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -165,7 +165,7 @@ def new(key, msg = None, digestmod = None): @@ -3204,13 +3204,13 @@ index ed98406bd2e..7b8821edd58 100644 result = _hmacopenssl.new(key, digestmod=name) if msg: -- -2.21.0 +2.25.1 From ea44160c242101f14d22242a0722e730ef304b8b Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 14:20:58 +0200 -Subject: [PATCH 19/36] Make _hmacopenssl.HMAC subclassable; subclass it as +Subject: [PATCH 19/37] Make _hmacopenssl.HMAC subclassable; subclass it as hmac.HMAC under FIPS This removes the _hmacopenssl.new function. @@ -3222,7 +3222,7 @@ This removes the _hmacopenssl.new function. 4 files changed, 56 insertions(+), 87 deletions(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index 7b8821edd58..d479c5a4492 100644 +index 7b8821edd5..d479c5a449 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -141,6 +141,8 @@ class HMAC: @@ -3271,7 +3271,7 @@ index 7b8821edd58..d479c5a4492 100644 - return HMAC(key, msg, digestmod) + return HMAC(key, msg, digestmod) diff --git a/Lib/test/test_fips.py b/Lib/test/test_fips.py -index bee911ef405..34812e6098a 100644 +index bee911ef40..34812e6098 100644 --- a/Lib/test/test_fips.py +++ b/Lib/test/test_fips.py @@ -54,7 +54,7 @@ class HashlibFipsTests(unittest.TestCase): @@ -3284,7 +3284,7 @@ index bee911ef405..34812e6098a 100644 diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c -index 9c2882833d1..7d3d9739f3a 100644 +index 9c2882833d..7d3d9739f3 100644 --- a/Modules/_hmacopenssl.c +++ b/Modules/_hmacopenssl.c @@ -41,33 +41,25 @@ typedef struct { @@ -3439,7 +3439,7 @@ index 9c2882833d1..7d3d9739f3a 100644 .m_size = sizeof(hmacopenssl_state), .m_traverse = hmacopenssl_traverse, diff --git a/Modules/clinic/_hmacopenssl.c.h b/Modules/clinic/_hmacopenssl.c.h -index b472a6eddd3..861acc11bfd 100644 +index b472a6eddd..861acc11bf 100644 --- a/Modules/clinic/_hmacopenssl.c.h +++ b/Modules/clinic/_hmacopenssl.c.h @@ -2,43 +2,6 @@ @@ -3493,20 +3493,20 @@ index b472a6eddd3..861acc11bfd 100644 -/*[clinic end generated code: output=10b6e8cac6d7a2c9 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=d93ad460795d49b5 input=a9049054013a1b77]*/ -- -2.21.0 +2.25.1 From e3d6a5adbe0032726dff0b1f6473ce3ff63fad51 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 16:10:36 +0200 -Subject: [PATCH 20/36] Fix _hmacopenssl.HMAC.block_size +Subject: [PATCH 20/37] Fix _hmacopenssl.HMAC.block_size --- Modules/_hmacopenssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c -index 7d3d9739f3a..a24c8ba0229 100644 +index 7d3d9739f3..a24c8ba022 100644 --- a/Modules/_hmacopenssl.c +++ b/Modules/_hmacopenssl.c @@ -318,7 +318,7 @@ _hmacopenssl_get_block_size(HmacObject *self, void *closure) @@ -3519,13 +3519,13 @@ index 7d3d9739f3a..a24c8ba0229 100644 static PyMethodDef Hmac_methods[] = { -- -2.21.0 +2.25.1 From f925a1165d7b07fb4d0bba216f7dbc387b94e94d Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 15:02:08 +0200 -Subject: [PATCH 21/36] distutils upload: Skip md5 checksum in FIPS mode +Subject: [PATCH 21/37] distutils upload: Skip md5 checksum in FIPS mode --- Lib/distutils/command/upload.py | 11 ++++++++++- @@ -3533,7 +3533,7 @@ Subject: [PATCH 21/36] distutils upload: Skip md5 checksum in FIPS mode 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Lib/distutils/command/upload.py b/Lib/distutils/command/upload.py -index 32dda359bad..0edb39efd4c 100644 +index 32dda359ba..0edb39efd4 100644 --- a/Lib/distutils/command/upload.py +++ b/Lib/distutils/command/upload.py @@ -102,7 +102,6 @@ class upload(PyPIRCCommand): @@ -3562,7 +3562,7 @@ index 32dda359bad..0edb39efd4c 100644 if command == 'bdist_rpm': dist, version, id = platform.dist() diff --git a/Lib/distutils/tests/test_upload.py b/Lib/distutils/tests/test_upload.py -index c17d8e7d54e..b4b64e97737 100644 +index c17d8e7d54..b4b64e9773 100644 --- a/Lib/distutils/tests/test_upload.py +++ b/Lib/distutils/tests/test_upload.py @@ -3,6 +3,7 @@ import os @@ -3600,13 +3600,13 @@ index c17d8e7d54e..b4b64e97737 100644 def test_upload_fails(self): -- -2.21.0 +2.25.1 From 936a7835a1873952eab8f7ec3b9b67f63786c001 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 15:32:25 +0200 -Subject: [PATCH 22/36] Fix HMAC tests on FIPS mode +Subject: [PATCH 22/37] Fix HMAC tests on FIPS mode --- Lib/hmac.py | 3 +++ @@ -3614,7 +3614,7 @@ Subject: [PATCH 22/36] Fix HMAC tests on FIPS mode 2 files changed, 29 insertions(+) diff --git a/Lib/hmac.py b/Lib/hmac.py -index d479c5a4492..7af94c39ed6 100644 +index d479c5a449..7af94c39ed 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -157,6 +157,9 @@ def _get_openssl_name(digestmod): @@ -3628,7 +3628,7 @@ index d479c5a4492..7af94c39ed6 100644 result = _hmacopenssl.HMAC.__new__(cls, key, digestmod=name) if msg: diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index 338e0215a41..5b090727ef6 100644 +index 338e0215a4..5b090727ef 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -250,6 +250,7 @@ class TestVectorsTestCase(unittest.TestCase): @@ -3693,20 +3693,20 @@ index 338e0215a41..5b090727ef6 100644 def test_equality(self): # Testing if the copy has the same digests. -- -2.21.0 +2.25.1 From 264c6eed5a5d060fe7bad7e4410d920cecbb083c Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 16:37:12 +0200 -Subject: [PATCH 23/36] test_tools: Skip md5sum tests in FIPS mode +Subject: [PATCH 23/37] test_tools: Skip md5sum tests in FIPS mode --- Lib/test/test_tools/test_md5sum.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Lib/test/test_tools/test_md5sum.py b/Lib/test/test_tools/test_md5sum.py -index fb565b73778..7028a4dc214 100644 +index fb565b7377..7028a4dc21 100644 --- a/Lib/test/test_tools/test_md5sum.py +++ b/Lib/test/test_tools/test_md5sum.py @@ -4,11 +4,15 @@ import os @@ -3726,20 +3726,20 @@ index fb565b73778..7028a4dc214 100644 @classmethod def setUpClass(cls): -- -2.21.0 +2.25.1 From c5373f5e7ae4ecfe8337ee3c73b594b5f0ebb411 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 17:21:16 +0200 -Subject: [PATCH 24/36] _hashopenssl: Include hash name in the error message +Subject: [PATCH 24/37] _hashopenssl: Include hash name in the error message --- Modules/_hashopenssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 7dfd70822b9..0563473c627 100644 +index 7dfd70822b..0563473c62 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -431,7 +431,7 @@ EVPnew(PyObject *name_obj, @@ -3761,13 +3761,13 @@ index 7dfd70822b9..0563473c627 100644 } -- -2.21.0 +2.25.1 From c3f9e194eb5f86ebec4db2820b8968d6896abc8b Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 18:23:57 +0200 -Subject: [PATCH 25/36] Make hashlib tests pass in FIPS mode (with some hashlib +Subject: [PATCH 25/37] Make hashlib tests pass in FIPS mode (with some hashlib changes) --- @@ -3777,7 +3777,7 @@ Subject: [PATCH 25/36] Make hashlib tests pass in FIPS mode (with some hashlib 3 files changed, 78 insertions(+), 21 deletions(-) diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index ca1dd202251..d3344f60b2e 100644 +index ca1dd20225..d3344f60b2 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -155,7 +155,18 @@ def __hash_new(name, data=b'', **kwargs): @@ -3813,7 +3813,7 @@ index ca1dd202251..d3344f60b2e 100644 # If the _hashlib module (OpenSSL) doesn't support the named # hash, try using our builtin implementations. diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index e57c93b42f5..9745bfd6fa2 100644 +index e57c93b42f..9745bfd6fa 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -31,6 +31,11 @@ COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount') @@ -3995,7 +3995,7 @@ index e57c93b42f5..9745bfd6fa2 100644 @unittest.skipUnless(threading, 'Threading required for this test.') @support.reap_threads diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index 0563473c627..e330423e266 100644 +index 0563473c62..e330423e26 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -256,11 +256,25 @@ EVP_update(EVPobject *self, PyObject *args) @@ -4025,13 +4025,13 @@ index 0563473c627..e330423e266 100644 }; -- -2.21.0 +2.25.1 From a40d1cb8672bc2c5403b6e9ff6eaa3324282de09 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 14 Aug 2019 14:43:07 +0200 -Subject: [PATCH 26/36] distutils upload: only add md5 if available, but +Subject: [PATCH 26/37] distutils upload: only add md5 if available, but *always* use sha256 --- @@ -4040,7 +4040,7 @@ Subject: [PATCH 26/36] distutils upload: only add md5 if available, but 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Lib/distutils/command/upload.py b/Lib/distutils/command/upload.py -index 0edb39efd4c..170acb3d6b6 100644 +index 0edb39efd4..170acb3d6b 100644 --- a/Lib/distutils/command/upload.py +++ b/Lib/distutils/command/upload.py @@ -102,6 +102,7 @@ class upload(PyPIRCCommand): @@ -4061,7 +4061,7 @@ index 0edb39efd4c..170acb3d6b6 100644 # this really shouldn't fail raise diff --git a/Lib/distutils/tests/test_upload.py b/Lib/distutils/tests/test_upload.py -index b4b64e97737..f720a7905dd 100644 +index b4b64e9773..f720a7905d 100644 --- a/Lib/distutils/tests/test_upload.py +++ b/Lib/distutils/tests/test_upload.py @@ -132,10 +132,11 @@ class uploadTestCase(BasePyPIRCCommandTestCase): @@ -4095,13 +4095,13 @@ index b4b64e97737..f720a7905dd 100644 def test_upload_fails(self): -- -2.21.0 +2.25.1 From e0d2cca338186bbc5cb9c67bb4402dec38fed5a7 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 15:55:48 +0200 -Subject: [PATCH 27/36] Add the usedforsecurity argument back +Subject: [PATCH 27/37] Add the usedforsecurity argument back --- Lib/hashlib.py | 4 ++- @@ -4109,7 +4109,7 @@ Subject: [PATCH 27/36] Add the usedforsecurity argument back 2 files changed, 65 insertions(+), 21 deletions(-) diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index d3344f60b2e..cd3b035b1d7 100644 +index d3344f60b2..cd3b035b1d 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -174,7 +174,9 @@ def __hash_new(name, data=b'', **kwargs): @@ -4124,7 +4124,7 @@ index d3344f60b2e..cd3b035b1d7 100644 retval._set_name(orig_name) return retval diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index e330423e266..b621c330c32 100644 +index e330423e26..b621c330c3 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -318,6 +318,25 @@ EVP_repr(EVPobject *self) @@ -4301,13 +4301,13 @@ index e330423e266..b621c330c32 100644 " hash object; optionally initialized with a string") \ }, -- -2.21.0 +2.25.1 From 0d169ad7d9aa48bdb3313b6d72682d097dc9dea5 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 18:59:15 +0200 -Subject: [PATCH 28/36] Add no-op usedforsecurity argument to internal hash +Subject: [PATCH 28/37] Add no-op usedforsecurity argument to internal hash implementations --- @@ -4319,7 +4319,7 @@ Subject: [PATCH 28/36] Add no-op usedforsecurity argument to internal hash 5 files changed, 31 insertions(+), 18 deletions(-) diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c -index f6bfce823b8..ae9d244200a 100644 +index f6bfce823b..ae9d244200 100644 --- a/Modules/_blake2/blake2b_impl.c +++ b/Modules/_blake2/blake2b_impl.c @@ -87,6 +87,8 @@ _blake2.blake2b.__new__ as py_blake2b_new @@ -4343,7 +4343,7 @@ index f6bfce823b8..ae9d244200a 100644 BLAKE2bObject *self = NULL; Py_buffer buf; diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c -index 28ae5b65101..bf80d6b7428 100644 +index 28ae5b6510..bf80d6b742 100644 --- a/Modules/_blake2/blake2s_impl.c +++ b/Modules/_blake2/blake2s_impl.c @@ -87,6 +87,8 @@ _blake2.blake2s.__new__ as py_blake2s_new @@ -4367,7 +4367,7 @@ index 28ae5b65101..bf80d6b7428 100644 BLAKE2sObject *self = NULL; Py_buffer buf; diff --git a/Modules/_blake2/clinic/blake2b_impl.c.h b/Modules/_blake2/clinic/blake2b_impl.c.h -index 9b2965eb6b3..9688c04dda8 100644 +index 9b2965eb6b..9688c04dda 100644 --- a/Modules/_blake2/clinic/blake2b_impl.c.h +++ b/Modules/_blake2/clinic/blake2b_impl.c.h @@ -5,7 +5,8 @@ preserve @@ -4421,7 +4421,7 @@ index 9b2965eb6b3..9688c04dda8 100644 -/*[clinic end generated code: output=0eb559f418fc0a21 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=d5f214b052c75135 input=a9049054013a1b77]*/ diff --git a/Modules/_blake2/clinic/blake2s_impl.c.h b/Modules/_blake2/clinic/blake2s_impl.c.h -index 42b87b7099d..5653e93044d 100644 +index 42b87b7099..5653e93044 100644 --- a/Modules/_blake2/clinic/blake2s_impl.c.h +++ b/Modules/_blake2/clinic/blake2s_impl.c.h @@ -5,7 +5,8 @@ preserve @@ -4475,7 +4475,7 @@ index 42b87b7099d..5653e93044d 100644 -/*[clinic end generated code: output=13d4b08ea9ee2d62 input=a9049054013a1b77]*/ +/*[clinic end generated code: output=2373a3b3fa542e89 input=a9049054013a1b77]*/ diff --git a/Modules/_sha3/sha3module.c b/Modules/_sha3/sha3module.c -index 2783a75644f..62db9cb5616 100644 +index 2783a75644..62db9cb561 100644 --- a/Modules/_sha3/sha3module.c +++ b/Modules/_sha3/sha3module.c @@ -185,6 +185,11 @@ py_sha3_new(PyTypeObject *type, PyObject *args, PyObject *kwargs) @@ -4491,20 +4491,20 @@ index 2783a75644f..62db9cb5616 100644 return NULL; } -- -2.21.0 +2.25.1 From c451744d82f78f42bfa947b782a24ff7c8c6ad9d Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 19:09:39 +0200 -Subject: [PATCH 29/36] Test the usedforsecurity flag +Subject: [PATCH 29/37] Test the usedforsecurity flag --- Lib/test/test_hashlib.py | 82 ++++++++++++++++++++++++++-------------- 1 file changed, 54 insertions(+), 28 deletions(-) diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index 9745bfd6fa2..19a2fbdf294 100644 +index 9745bfd6fa..19a2fbdf29 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -24,6 +24,7 @@ from test import support @@ -4731,13 +4731,13 @@ index 9745bfd6fa2..19a2fbdf294 100644 class KDFTests(unittest.TestCase): -- -2.21.0 +2.25.1 From 327707f185572cf13da66851e0af824a81d65aa9 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 29 Aug 2019 10:25:28 +0200 -Subject: [PATCH 30/36] Skip error checking in _hashlib.get_fips_mode +Subject: [PATCH 30/37] Skip error checking in _hashlib.get_fips_mode Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745499 --- @@ -4745,7 +4745,7 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745499 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index b621c330c32..6bfb12c5618 100644 +index b621c330c3..6bfb12c561 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -1021,20 +1021,22 @@ static PyObject * @@ -4786,13 +4786,13 @@ index b621c330c32..6bfb12c5618 100644 -- -2.21.0 +2.25.1 From 695039674b78b19d9ff26d637c11acea99c44807 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 10 Oct 2019 13:04:50 +0200 -Subject: [PATCH 31/36] Skip error checking in _Py_hashlib_fips_error +Subject: [PATCH 31/37] Skip error checking in _Py_hashlib_fips_error https://bugzilla.redhat.com/show_bug.cgi?id=1760106 --- @@ -4800,7 +4800,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1760106 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h -index 47ed0030422..d4cbdef984d 100644 +index 47ed003042..d4cbdef984 100644 --- a/Include/_hashopenssl.h +++ b/Include/_hashopenssl.h @@ -42,16 +42,10 @@ static int @@ -4824,13 +4824,13 @@ index 47ed0030422..d4cbdef984d 100644 } PyErr_Format(exc, "%s is not available in FIPS mode", name); -- -2.21.0 +2.25.1 From 0f9008e92b62f5f22e2bfd0a73d5325d16eedf6f Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 21 Nov 2019 00:20:09 +0100 -Subject: [PATCH 32/36] Use usedforsecurity=False in uuid +Subject: [PATCH 32/37] Use usedforsecurity=False in uuid Partially backport commit 7cad53e6b084435a220e6604010f1fa5778bd0b1 only for uuid @@ -4839,7 +4839,7 @@ only for uuid 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Lib/uuid.py b/Lib/uuid.py -index db8b2ef94ed..7e680a24d06 100644 +index db8b2ef94e..7e680a24d0 100644 --- a/Lib/uuid.py +++ b/Lib/uuid.py @@ -615,8 +615,11 @@ def uuid1(node=None, clock_seq=None): @@ -4857,13 +4857,13 @@ index db8b2ef94ed..7e680a24d06 100644 def uuid4(): """Generate a random UUID.""" -- -2.21.0 +2.25.1 From 75829df72b65fb573f3b310033978e493ff700b4 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 5 Aug 2019 19:12:38 +0200 -Subject: [PATCH 33/36] Fixups +Subject: [PATCH 33/37] Fixups - Adjust error message of the original hmac.HMAC class - Don't duplicate a test name @@ -4873,7 +4873,7 @@ Subject: [PATCH 33/36] Fixups 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index 7af94c39ed6..33b5be613d9 100644 +index 7af94c39ed..33b5be613d 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -41,7 +41,7 @@ class HMAC: @@ -4886,7 +4886,7 @@ index 7af94c39ed6..33b5be613d9 100644 ) diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index 5b090727ef6..449b1366314 100644 +index 5b090727ef..449b136631 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -401,7 +401,7 @@ class CopyTestCase(unittest.TestCase): @@ -4899,13 +4899,13 @@ index 5b090727ef6..449b1366314 100644 h1 = hmac.HMAC(b"key", digestmod="sha1") h2 = h1.copy() -- -2.21.0 +2.25.1 From 86f1f161b5aab08975379dbae6ebac08a697e3d7 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 19:39:48 +0200 -Subject: [PATCH 34/36] Don't re-export get_fips_mode from hashlib +Subject: [PATCH 34/37] Don't re-export get_fips_mode from hashlib Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745685 --- @@ -4923,7 +4923,7 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745685 11 files changed, 44 insertions(+), 33 deletions(-) diff --git a/Lib/distutils/command/upload.py b/Lib/distutils/command/upload.py -index 170acb3d6b6..d0a4aee001e 100644 +index 170acb3d6b..d0a4aee001 100644 --- a/Lib/distutils/command/upload.py +++ b/Lib/distutils/command/upload.py @@ -126,7 +126,8 @@ class upload(PyPIRCCommand): @@ -4937,7 +4937,7 @@ index 170acb3d6b6..d0a4aee001e 100644 raise else: diff --git a/Lib/distutils/tests/test_upload.py b/Lib/distutils/tests/test_upload.py -index f720a7905dd..a198b213577 100644 +index f720a7905d..a198b21357 100644 --- a/Lib/distutils/tests/test_upload.py +++ b/Lib/distutils/tests/test_upload.py @@ -4,6 +4,7 @@ import unittest @@ -4967,7 +4967,7 @@ index f720a7905dd..a198b213577 100644 self.assertEqual(headers['Content-length'], '2207') else: diff --git a/Lib/hashlib.py b/Lib/hashlib.py -index cd3b035b1d7..3e9a4aa27a7 100644 +index cd3b035b1d..3e9a4aa27a 100644 --- a/Lib/hashlib.py +++ b/Lib/hashlib.py @@ -68,13 +68,13 @@ __all__ = __always_supported + ('new', 'algorithms_guaranteed', @@ -5059,7 +5059,7 @@ index cd3b035b1d7..3e9a4aa27a7 100644 del __py_new +del _hashlib_get_fips_mode diff --git a/Lib/hmac.py b/Lib/hmac.py -index 33b5be613d9..ca83d9dc0d3 100644 +index 33b5be613d..ca83d9dc0d 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -39,7 +39,7 @@ class HMAC: @@ -5090,7 +5090,7 @@ index 33b5be613d9..ca83d9dc0d3 100644 diff --git a/Lib/test/test_fips.py b/Lib/test/test_fips.py -index 34812e6098a..86e61e29c0b 100644 +index 34812e6098..86e61e29c0 100644 --- a/Lib/test/test_fips.py +++ b/Lib/test/test_fips.py @@ -6,7 +6,7 @@ import hashlib, _hashlib @@ -5121,7 +5121,7 @@ index 34812e6098a..86e61e29c0b 100644 self.compare_hashes(hashlib.shake_128(b'abc'), _hashlib.openssl_shake_128(b'abc')) self.compare_hashes(hashlib.shake_256(b'abc'), _hashlib.openssl_shake_256(b'abc')) diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py -index 19a2fbdf294..a6f9a353fd1 100644 +index 19a2fbdf29..a6f9a353fd 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -32,7 +32,9 @@ COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount') @@ -5187,7 +5187,7 @@ index 19a2fbdf294..a6f9a353fd1 100644 """Make sure usedforsecurity flag isn't copied to other contexts""" for i in range(3): diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index 449b1366314..35b893509cb 100644 +index 449b136631..35b893509c 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -3,6 +3,7 @@ import hmac @@ -5234,7 +5234,7 @@ index 449b1366314..35b893509cb 100644 def test_realcopy(self): # Testing if the copy method created a real copy. diff --git a/Lib/test/test_logging.py b/Lib/test/test_logging.py -index d5c63b483ee..45b72e3bc7e 100644 +index d5c63b483e..45b72e3bc7 100644 --- a/Lib/test/test_logging.py +++ b/Lib/test/test_logging.py @@ -46,6 +46,7 @@ import time @@ -5246,7 +5246,7 @@ index d5c63b483ee..45b72e3bc7e 100644 import threading # The following imports are needed only for tests which diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py -index 64b3201254a..704b2bc0d35 100644 +index 64b3201254..704b2bc0d3 100644 --- a/Lib/test/test_smtplib.py +++ b/Lib/test/test_smtplib.py @@ -16,6 +16,8 @@ import time @@ -5268,7 +5268,7 @@ index 64b3201254a..704b2bc0d35 100644 resp = smtp.login(sim_auth[0], sim_auth[1]) self.assertEqual(resp, (235, b'Authentication Succeeded')) diff --git a/Lib/test/test_tools/test_md5sum.py b/Lib/test/test_tools/test_md5sum.py -index 7028a4dc214..3ba1ca0f146 100644 +index 7028a4dc21..3ba1ca0f14 100644 --- a/Lib/test/test_tools/test_md5sum.py +++ b/Lib/test/test_tools/test_md5sum.py @@ -4,13 +4,13 @@ import os @@ -5288,7 +5288,7 @@ index 7028a4dc214..3ba1ca0f146 100644 class MD5SumTests(unittest.TestCase): diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py -index 895f97cc09a..b4fb13ad092 100644 +index 895f97cc09..b4fb13ad09 100644 --- a/Lib/test/test_urllib2_localnet.py +++ b/Lib/test/test_urllib2_localnet.py @@ -6,6 +6,7 @@ import urllib.request @@ -5300,13 +5300,13 @@ index 895f97cc09a..b4fb13ad092 100644 from test import support -- -2.21.0 +2.25.1 From 3538f31cc15c633f1df2d6ed18471c1f771c4a52 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Wed, 20 Nov 2019 10:59:25 +0100 -Subject: [PATCH 35/36] Use FIPS compliant CSPRNG +Subject: [PATCH 35/37] Use FIPS compliant CSPRNG Kernel's getrandom() source is not yet FIPS compliant. Use OpenSSL's DRBG in FIPS mode and disable os.getrandom() function. @@ -5320,7 +5320,7 @@ Signed-off-by: Christian Heimes 4 files changed, 89 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py -index 7a839c83fe4..91816afa47d 100644 +index 7a839c83fe..91816afa47 100644 --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -1362,6 +1362,11 @@ class GetRandomTests(unittest.TestCase): @@ -5336,7 +5336,7 @@ index 7a839c83fe4..91816afa47d 100644 def test_getrandom_type(self): data = os.getrandom(16) diff --git a/Makefile.pre.in b/Makefile.pre.in -index d15d93509d1..40502fc36d6 100644 +index d15d93509d..40502fc36d 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -112,7 +112,7 @@ CFLAGSFORSHARED=@CFLAGSFORSHARED@ @@ -5349,7 +5349,7 @@ index d15d93509d1..40502fc36d6 100644 CFLAGS_ALIASING=@CFLAGS_ALIASING@ diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c -index 776a3d249a8..647dbd3b4d6 100644 +index 776a3d249a..647dbd3b4d 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -397,6 +397,9 @@ static int win32_can_symlink = 0; @@ -5375,7 +5375,7 @@ index 776a3d249a8..647dbd3b4d6 100644 if (bytes == NULL) { PyErr_NoMemory(); diff --git a/Python/random.c b/Python/random.c -index d4747d61eb8..ab3cee29a39 100644 +index d4747d61eb..ab3cee29a3 100644 --- a/Python/random.c +++ b/Python/random.c @@ -410,6 +410,77 @@ dev_urandom_close(void) @@ -5468,13 +5468,13 @@ index d4747d61eb8..ab3cee29a39 100644 return win32_urandom((unsigned char *)buffer, size, raise); #else -- -2.21.0 +2.25.1 From ed4103bbd15a09bff4fb94a38d1b3f02df5e7c96 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 28 Nov 2019 17:26:02 +0100 -Subject: [PATCH 36/36] Fixups for FIPS compliant CSPRNG +Subject: [PATCH 36/37] Fixups for FIPS compliant CSPRNG --- Lib/test/test_os.py | 3 ++- @@ -5482,7 +5482,7 @@ Subject: [PATCH 36/36] Fixups for FIPS compliant CSPRNG 2 files changed, 5 insertions(+), 31 deletions(-) diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py -index 91816afa47d..f2572bb6c44 100644 +index 91816afa47..f2572bb6c4 100644 --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -27,6 +27,7 @@ import time @@ -5503,7 +5503,7 @@ index 91816afa47d..f2572bb6c44 100644 else: raise diff --git a/Python/random.c b/Python/random.c -index ab3cee29a39..222d651407c 100644 +index ab3cee29a3..222d651407 100644 --- a/Python/random.c +++ b/Python/random.c @@ -410,40 +410,13 @@ dev_urandom_close(void) @@ -5567,5 +5567,31 @@ index ab3cee29a39..222d651407c 100644 return 0; } -- -2.21.0 +2.25.1 + + +From 4f39a76f51aab22ef1e58b69decc5229d77bbcdd Mon Sep 17 00:00:00 2001 +From: Charalampos Stratakis +Date: Tue, 31 Mar 2020 18:00:42 +0200 +Subject: [PATCH 37/37] Add a sentinel value on the Hmac_members table of the + hmac module + +--- + Modules/_hmacopenssl.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c +index a24c8ba022..a3481003f6 100644 +--- a/Modules/_hmacopenssl.c ++++ b/Modules/_hmacopenssl.c +@@ -337,6 +337,7 @@ static PyGetSetDef Hmac_getset[] = { + + static PyMemberDef Hmac_members[] = { + {"name", T_OBJECT, offsetof(HmacObject, name), READONLY, PyDoc_STR("HMAC name")}, ++ {NULL} /* Sentinel */ + }; + + PyDoc_STRVAR(hmactype_doc, +-- +2.25.1 diff --git a/SOURCES/00338-fix-test_gdb-for-LTO.patch b/SOURCES/00338-fix-test_gdb-for-LTO.patch new file mode 100644 index 0000000..6c4217b --- /dev/null +++ b/SOURCES/00338-fix-test_gdb-for-LTO.patch @@ -0,0 +1,22 @@ +diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py +index 9c15fca..c972409 100644 +--- a/Lib/test/test_gdb.py ++++ b/Lib/test/test_gdb.py +@@ -279,8 +279,15 @@ class DebuggerTests(unittest.TestCase): + # gdb can insert additional '\n' and space characters in various places + # in its output, depending on the width of the terminal it's connected + # to (using its "wrap_here" function) +- m = re.match(r'.*#0\s+builtin_id\s+\(self\=.*,\s+v=\s*(.*?)\)\s+at\s+\S*Python/bltinmodule.c.*', +- gdb_output, re.DOTALL) ++ m = re.search( ++ # Match '#0 builtin_id(self=..., v=...)' ++ r'#0\s+builtin_id\s+\(self\=.*,\s+v=\s*(.*?)?\)' ++ # Match ' at Python/bltinmodule.c'. ++ # bpo-38239: builtin_id() is defined in Python/bltinmodule.c, ++ # but accept any "Directory\file.c" to support Link Time ++ # Optimization (LTO). ++ r'\s+at\s+\S*[A-Za-z]+/[A-Za-z0-9_-]+\.c', ++ gdb_output, re.DOTALL) + if not m: + self.fail('Unexpected gdb output: %r\n%s' % (gdb_output, gdb_output)) + return m.group(1), gdb_output diff --git a/SOURCES/00344-CVE-2019-16935.patch b/SOURCES/00344-CVE-2019-16935.patch new file mode 100644 index 0000000..77a054a --- /dev/null +++ b/SOURCES/00344-CVE-2019-16935.patch @@ -0,0 +1,54 @@ +diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py +index 0090333..d2adb21 100644 +--- a/Lib/test/test_docxmlrpc.py ++++ b/Lib/test/test_docxmlrpc.py +@@ -1,5 +1,6 @@ + from xmlrpc.server import DocXMLRPCServer + import http.client ++import re + import sys + from test import support + threading = support.import_module('threading') +@@ -193,6 +194,21 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase): + b'method_annotation(x: bytes)'), + response.read()) + ++ def test_server_title_escape(self): ++ # bpo-38243: Ensure that the server title and documentation ++ # are escaped for HTML. ++ self.serv.set_server_title('test_title