import python38-3.8.12-1.module+el8.6.0+12642+c3710b74
This commit is contained in:
parent
09494c8ac4
commit
3197658843
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/Python-3.8.8-noexe.tar.xz
|
||||
SOURCES/Python-3.8.12-noexe.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
e3e4bc64d5e353b8db5882570d6eaec8e4d42f71 SOURCES/Python-3.8.8-noexe.tar.xz
|
||||
d6a093ce67cb3c7b43a75c1925b8823e571a8311 SOURCES/Python-3.8.12-noexe.tar.xz
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From 7558ea14881f9afdf622375b5140b209c0c2f84d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
|
||||
Date: Wed, 15 Aug 2018 15:36:29 +0200
|
||||
Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels
|
||||
@ -8,11 +8,11 @@ We keep them in /usr/share/python-wheels
|
||||
Downstream only: upstream bundles
|
||||
We might eventually pursuit upstream support, but it's low prio
|
||||
---
|
||||
Lib/ensurepip/__init__.py | 32 ++++++++++++++++++++++----------
|
||||
1 file changed, 22 insertions(+), 10 deletions(-)
|
||||
Lib/ensurepip/__init__.py | 33 +++++++++++++++++++++++----------
|
||||
1 file changed, 23 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py
|
||||
index 38bb42104b..413c1b300e 100644
|
||||
index 597a1ef..3c2287f 100644
|
||||
--- a/Lib/ensurepip/__init__.py
|
||||
+++ b/Lib/ensurepip/__init__.py
|
||||
@@ -1,6 +1,7 @@
|
||||
@ -24,16 +24,16 @@ index 38bb42104b..413c1b300e 100644
|
||||
import sys
|
||||
import runpy
|
||||
import tempfile
|
||||
@@ -9,10 +10,24 @@ import subprocess
|
||||
@@ -9,9 +10,24 @@ import subprocess
|
||||
|
||||
__all__ = ["version", "bootstrap"]
|
||||
|
||||
-_SETUPTOOLS_VERSION = "56.0.0"
|
||||
+_WHEEL_DIR = "/usr/share/python38-wheels/"
|
||||
|
||||
-_SETUPTOOLS_VERSION = "49.2.1"
|
||||
-_PIP_VERSION = "21.1.1"
|
||||
+_wheels = {}
|
||||
|
||||
-_PIP_VERSION = "20.2.3"
|
||||
+
|
||||
+def _get_most_recent_wheel_version(pkg):
|
||||
+ prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg))
|
||||
+ _wheels[pkg] = {}
|
||||
@ -51,7 +51,7 @@ index 38bb42104b..413c1b300e 100644
|
||||
|
||||
_PROJECTS = [
|
||||
("setuptools", _SETUPTOOLS_VERSION, "py3"),
|
||||
@@ -102,13 +117,10 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
|
||||
@@ -101,13 +117,10 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
|
||||
# additional paths that need added to sys.path
|
||||
additional_paths = []
|
||||
for project, version, py_tag in _PROJECTS:
|
||||
@ -69,3 +69,6 @@ index 38bb42104b..413c1b300e 100644
|
||||
|
||||
additional_paths.append(os.path.join(tmpdir, wheel_name))
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 7b70e87ecc1a75f005bdffd644ceca6c9e9679fa Mon Sep 17 00:00:00 2001
|
||||
From 9e1da6c093529d7b314f3703158a213824c3521e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 16:19:52 +0200
|
||||
Subject: [PATCH 01/36] Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode()
|
||||
@ -26,12 +26,12 @@ index 56873b7..63ae836 100644
|
||||
for __func_name in __always_supported:
|
||||
# try them all, some may not work due to the OpenSSL
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index edadbcb..9874b06 100644
|
||||
index 93bf25f..2409522 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -26,6 +26,9 @@
|
||||
@@ -33,6 +33,9 @@
|
||||
#include <openssl/objects.h>
|
||||
#include "openssl/err.h"
|
||||
#include <openssl/err.h>
|
||||
|
||||
+/* Expose FIPS_mode */
|
||||
+#include <openssl/crypto.h>
|
||||
@ -39,7 +39,7 @@ index edadbcb..9874b06 100644
|
||||
#ifndef OPENSSL_THREADS
|
||||
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||
#endif
|
||||
@@ -1072,12 +1075,46 @@ generate_hash_name_list(void)
|
||||
@@ -1079,12 +1082,46 @@ generate_hash_name_list(void)
|
||||
return state.set;
|
||||
}
|
||||
|
||||
@ -123,10 +123,10 @@ index 9aaea47..30fd8a9 100644
|
||||
-/*[clinic end generated code: output=38c2637f67e9bb79 input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=5467006d93e7479e input=a9049054013a1b77]*/
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 4e1fa0339c257987984caa278516d46c35463385 Mon Sep 17 00:00:00 2001
|
||||
From 5a8faeb61d7acd6c7036efe24efe269c683dc1a0 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 17:04:06 +0200
|
||||
Subject: [PATCH 02/36] Use python's fall backs for the crypto it implements
|
||||
@ -422,10 +422,10 @@ index 8b53d23..e9abcbb 100644
|
||||
self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac)
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 91b5c97d586a98cb95e215ecd2c02b18c8783e7a Mon Sep 17 00:00:00 2001
|
||||
From d21c5a098dda889de21985e57f12852ce9fbbcf1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 17:19:06 +0200
|
||||
Subject: [PATCH 03/36] Disable Python's hash implementations in FIPS mode,
|
||||
@ -438,8 +438,8 @@ Subject: [PATCH 03/36] Disable Python's hash implementations in FIPS mode,
|
||||
Modules/_blake2/blake2s_impl.c | 5 +++
|
||||
Modules/_hashopenssl.c | 37 +------------------
|
||||
Modules/_sha3/sha3module.c | 5 +++
|
||||
setup.py | 47 ++++++++++++------------
|
||||
7 files changed, 110 insertions(+), 58 deletions(-)
|
||||
setup.py | 48 +++++++++++++------------
|
||||
7 files changed, 111 insertions(+), 58 deletions(-)
|
||||
create mode 100644 Include/_hashopenssl.h
|
||||
|
||||
diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h
|
||||
@ -596,10 +596,10 @@ index ef2f7e1..389711a 100644
|
||||
|
||||
if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE)
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index 9874b06..d733a39 100644
|
||||
index 2409522..a51c502 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -17,6 +17,7 @@
|
||||
@@ -24,6 +24,7 @@
|
||||
#include "structmember.h"
|
||||
#include "hashlib.h"
|
||||
#include "pystrhex.h"
|
||||
@ -607,18 +607,18 @@ index 9874b06..d733a39 100644
|
||||
|
||||
|
||||
/* EVP is the preferred interface to hashing in OpenSSL */
|
||||
@@ -24,10 +25,6 @@
|
||||
@@ -31,10 +32,6 @@
|
||||
#include <openssl/hmac.h>
|
||||
/* We use the object interface to discover what hashes OpenSSL supports. */
|
||||
#include <openssl/objects.h>
|
||||
-#include "openssl/err.h"
|
||||
-#include <openssl/err.h>
|
||||
-
|
||||
-/* Expose FIPS_mode */
|
||||
-#include <openssl/crypto.h>
|
||||
|
||||
#ifndef OPENSSL_THREADS
|
||||
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||
@@ -69,38 +66,6 @@ class _hashlib.HASH "EVPobject *" "&EVPtype"
|
||||
@@ -76,38 +73,6 @@ class _hashlib.HASH "EVPobject *" "&EVPtype"
|
||||
[clinic start generated code]*/
|
||||
/*[clinic end generated code: output=da39a3ee5e6b4b0d input=a881a5092eecad28]*/
|
||||
|
||||
@ -695,10 +695,10 @@ index c1fb618..34d09b4 100644
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 84f7300..06d1ce6 100644
|
||||
index c28c096..a11bbda 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -1688,7 +1688,6 @@ class PyBuildExt(build_ext):
|
||||
@@ -1673,7 +1673,6 @@ class PyBuildExt(build_ext):
|
||||
def detect_modules(self):
|
||||
self.configure_compiler()
|
||||
self.init_inc_lib_dirs()
|
||||
@ -706,7 +706,7 @@ index 84f7300..06d1ce6 100644
|
||||
self.detect_simple_extensions()
|
||||
if TEST_EXTENSIONS:
|
||||
self.detect_test_extensions()
|
||||
@@ -2187,7 +2186,7 @@ class PyBuildExt(build_ext):
|
||||
@@ -2161,7 +2160,7 @@ class PyBuildExt(build_ext):
|
||||
sources=sources,
|
||||
depends=depends))
|
||||
|
||||
@ -715,7 +715,7 @@ index 84f7300..06d1ce6 100644
|
||||
# Detect SSL support for the socket module (via _ssl)
|
||||
config_vars = sysconfig.get_config_vars()
|
||||
|
||||
@@ -2208,7 +2207,7 @@ class PyBuildExt(build_ext):
|
||||
@@ -2182,7 +2181,7 @@ class PyBuildExt(build_ext):
|
||||
if not openssl_libs:
|
||||
# libssl and libcrypto not found
|
||||
self.missing.extend(['_ssl', '_hashlib'])
|
||||
@ -724,7 +724,7 @@ index 84f7300..06d1ce6 100644
|
||||
|
||||
# Find OpenSSL includes
|
||||
ssl_incs = find_file(
|
||||
@@ -2216,7 +2215,7 @@ class PyBuildExt(build_ext):
|
||||
@@ -2190,7 +2189,7 @@ class PyBuildExt(build_ext):
|
||||
)
|
||||
if ssl_incs is None:
|
||||
self.missing.extend(['_ssl', '_hashlib'])
|
||||
@ -733,7 +733,7 @@ index 84f7300..06d1ce6 100644
|
||||
|
||||
# OpenSSL 1.0.2 uses Kerberos for KRB5 ciphers
|
||||
krb5_h = find_file(
|
||||
@@ -2226,12 +2225,23 @@ class PyBuildExt(build_ext):
|
||||
@@ -2200,12 +2199,24 @@ class PyBuildExt(build_ext):
|
||||
if krb5_h:
|
||||
ssl_incs.extend(krb5_h)
|
||||
|
||||
@ -749,6 +749,7 @@ index 84f7300..06d1ce6 100644
|
||||
+ def detect_openssl_hashlib(self):
|
||||
+
|
||||
+ config_vars = sysconfig.get_config_vars()
|
||||
+
|
||||
+
|
||||
if config_vars.get("HAVE_X509_VERIFY_PARAM_SET1_HOST"):
|
||||
self.add(Extension(
|
||||
@ -757,10 +758,10 @@ index 84f7300..06d1ce6 100644
|
||||
- library_dirs=openssl_libdirs,
|
||||
- libraries=openssl_libs,
|
||||
+ **self.detect_openssl_args(),
|
||||
depends=['socketmodule.h', '_ssl/debughelpers.c'])
|
||||
)
|
||||
else:
|
||||
@@ -2239,22 +2249,12 @@ class PyBuildExt(build_ext):
|
||||
depends=[
|
||||
'socketmodule.h',
|
||||
'_ssl/debughelpers.c',
|
||||
@@ -2218,22 +2229,12 @@ class PyBuildExt(build_ext):
|
||||
|
||||
self.add(Extension('_hashlib', ['_hashopenssl.c'],
|
||||
depends=['hashlib.h'],
|
||||
@ -787,7 +788,7 @@ index 84f7300..06d1ce6 100644
|
||||
|
||||
blake2_deps = glob(os.path.join(escape(self.srcdir),
|
||||
'Modules/_blake2/impl/*'))
|
||||
@@ -2264,6 +2264,7 @@ class PyBuildExt(build_ext):
|
||||
@@ -2243,6 +2244,7 @@ class PyBuildExt(build_ext):
|
||||
['_blake2/blake2module.c',
|
||||
'_blake2/blake2b_impl.c',
|
||||
'_blake2/blake2s_impl.c'],
|
||||
@ -795,7 +796,7 @@ index 84f7300..06d1ce6 100644
|
||||
depends=blake2_deps))
|
||||
|
||||
sha3_deps = glob(os.path.join(escape(self.srcdir),
|
||||
@@ -2271,7 +2272,9 @@ class PyBuildExt(build_ext):
|
||||
@@ -2250,7 +2252,9 @@ class PyBuildExt(build_ext):
|
||||
sha3_deps.append('hashlib.h')
|
||||
self.add(Extension('_sha3',
|
||||
['_sha3/sha3module.c'],
|
||||
@ -807,10 +808,10 @@ index 84f7300..06d1ce6 100644
|
||||
def detect_nis(self):
|
||||
if MS_WINDOWS or CYGWIN or HOST_PLATFORM == 'qnx6':
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From d9b8f21a1b5feb177ece4c595ce8b639f02548c8 Mon Sep 17 00:00:00 2001
|
||||
From 668177d86702b10da881f76cf17bda44d8823be9 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 12 Dec 2019 16:58:31 +0100
|
||||
Subject: [PATCH 04/36] Expose all hashes available to OpenSSL
|
||||
@ -821,10 +822,10 @@ Subject: [PATCH 04/36] Expose all hashes available to OpenSSL
|
||||
2 files changed, 447 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index d733a39..6982268 100644
|
||||
index a51c502..713e15a 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -194,6 +194,12 @@ py_digest_by_name(const char *name)
|
||||
@@ -201,6 +201,12 @@ py_digest_by_name(const char *name)
|
||||
else if (!strcmp(name, "blake2b512")) {
|
||||
digest = EVP_blake2b512();
|
||||
}
|
||||
@ -837,7 +838,7 @@ index d733a39..6982268 100644
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -712,6 +718,142 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -719,6 +725,142 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
|
||||
return EVP_fast_new(module, data_obj, EVP_sha512());
|
||||
}
|
||||
|
||||
@ -980,7 +981,7 @@ index d733a39..6982268 100644
|
||||
|
||||
/*[clinic input]
|
||||
_hashlib.pbkdf2_hmac as pbkdf2_hmac
|
||||
@@ -1087,6 +1229,14 @@ static struct PyMethodDef EVP_functions[] = {
|
||||
@@ -1094,6 +1236,14 @@ static struct PyMethodDef EVP_functions[] = {
|
||||
_HASHLIB_OPENSSL_SHA256_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA384_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA512_METHODDEF
|
||||
@ -1309,10 +1310,10 @@ index 30fd8a9..e96a752 100644
|
||||
-/*[clinic end generated code: output=5467006d93e7479e input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=be8e21a10dff71e7 input=a9049054013a1b77]*/
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From d4c78750ffb431fe34a18aab7cdf84d3a68d7fc1 Mon Sep 17 00:00:00 2001
|
||||
From 7137c003853b8672eed4d28fe8703756b75ab790 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 18:13:45 +0200
|
||||
Subject: [PATCH 05/36] Fix tests
|
||||
@ -1441,10 +1442,10 @@ index e9abcbb..2a55fd4 100644
|
||||
@requires_sha3
|
||||
def test_extra_sha3(self):
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 4ec7034d73e681041758fc80f75e061c0e506449 Mon Sep 17 00:00:00 2001
|
||||
From 94f13c68d2a4845e58d4c7b7adf01e64f993c4f5 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 11:27:57 +0200
|
||||
Subject: [PATCH 06/36] Change FIPS exceptions from _blake2, _sha3 module init
|
||||
@ -1583,10 +1584,10 @@ index 34d09b4..3079e1e 100644
|
||||
if ((m = PyModule_Create(&_SHA3module)) == NULL) {
|
||||
return NULL;
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From ed6f93218c2190d34ee0b0f4c7599d306708449f Mon Sep 17 00:00:00 2001
|
||||
From 805af2c3dcbe1855a9fb8eb534b985aed338c2ba Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 11:24:09 +0200
|
||||
Subject: [PATCH 07/36] Make hashlib importable under FIPS mode
|
||||
@ -1618,10 +1619,10 @@ index 1bcfdf9..898e6dc 100644
|
||||
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 66c5862bb09586168caac4d6ba6142ed3198fe1d Mon Sep 17 00:00:00 2001
|
||||
From bc3f033f0a832e6b7ddf50e1059de8fc5df08d3f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 15:41:10 +0200
|
||||
Subject: [PATCH 08/36] Implement hmac.new using new built-in module,
|
||||
@ -2249,10 +2250,10 @@ index 0000000..b472a6e
|
||||
+}
|
||||
+/*[clinic end generated code: output=10b6e8cac6d7a2c9 input=a9049054013a1b77]*/
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 06d1ce6..ca8bc2b 100644
|
||||
index a11bbda..ca30105 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -2251,6 +2251,10 @@ class PyBuildExt(build_ext):
|
||||
@@ -2231,6 +2231,10 @@ class PyBuildExt(build_ext):
|
||||
depends=['hashlib.h'],
|
||||
**self.detect_openssl_args()) )
|
||||
|
||||
@ -2264,10 +2265,10 @@ index 06d1ce6..ca8bc2b 100644
|
||||
# RHEL: Always force OpenSSL for md5, sha1, sha256, sha512;
|
||||
# don't build Python's implementations.
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 6ec3a1afd87a3aa411a19727e212ebf81fee49cc Mon Sep 17 00:00:00 2001
|
||||
From da75615e1f3e6b8f44a16e5113a4a6fd55e48629 Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Mon, 29 Jul 2019 12:45:11 +0200
|
||||
Subject: [PATCH 09/36] FIPS review
|
||||
@ -2479,10 +2480,10 @@ index ca95d72..216ed04 100644
|
||||
+ return PyModuleDef_Init(&_hmacopenssl_def);
|
||||
}
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 8645a4cf6ee2ad10fac3d081da78eabb06099a9c Mon Sep 17 00:00:00 2001
|
||||
From f48fab4946308008e989d845ce0dbc2cff6ce9ff Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Mon, 29 Jul 2019 13:05:04 +0200
|
||||
Subject: [PATCH 10/36] revert cosmetic nitpick and remove trailing whitespace
|
||||
@ -2528,10 +2529,10 @@ index 216ed04..221714c 100644
|
||||
.m_methods = hmacopenssl_functions,
|
||||
.m_slots = hmacopenssl_slots,
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From d80ae6ac0abf1e0ca5a32ff80343e927587cf5a6 Mon Sep 17 00:00:00 2001
|
||||
From dc55436077250ba791ee67692fdc8704a900987b Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Wed, 31 Jul 2019 15:43:43 +0200
|
||||
Subject: [PATCH 11/36] Add initial tests for various hashes under FIPS mode
|
||||
@ -2612,10 +2613,10 @@ index 0000000..bee911e
|
||||
+if __name__ == "__main__":
|
||||
+ unittest.main()
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 414c04713ad89bdeeb7a074f953c0085d541eae6 Mon Sep 17 00:00:00 2001
|
||||
From 446c6a790ef878bda6137ebfc570f36dee01c380 Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 16:39:37 +0200
|
||||
Subject: [PATCH 12/36] Initialize HMAC type.
|
||||
@ -2681,10 +2682,10 @@ index 221714c..239445a 100644
|
||||
|
||||
fail:
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 0157b52ac7f15610526497f9188eb84ed3846993 Mon Sep 17 00:00:00 2001
|
||||
From 357007a6034cc3409ad2e2fe9fc77974ea6de626 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 17:57:05 +0200
|
||||
Subject: [PATCH 13/36] Use a stronger hash in multiprocessing handshake
|
||||
@ -2729,10 +2730,10 @@ index 8e2facf..bb4acb6 100644
|
||||
response = connection.recv_bytes(256) # reject large message
|
||||
if response != WELCOME:
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 3730b4186cf708bb8ea528c22734d4c1176fc9ad Mon Sep 17 00:00:00 2001
|
||||
From fddd82fedc5ea8b49ceab49296c7bddb9f3f1204 Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Fri, 2 Aug 2019 17:36:01 +0200
|
||||
Subject: [PATCH 14/36] Fix refcounting
|
||||
@ -2803,10 +2804,10 @@ index 239445a..9c28828 100644
|
||||
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 1873bfe385a1b952ba11c2b2f15755353f2411df Mon Sep 17 00:00:00 2001
|
||||
From 42f7d2fbefe161607ad146f44d2abd19fe804810 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 13:37:05 +0200
|
||||
Subject: [PATCH 15/36] hmac: Don't default to md5 in FIPS mode
|
||||
@ -2829,10 +2830,10 @@ index daabc8c..0302364 100644
|
||||
result = _hmacopenssl.new(key, digestmod=name)
|
||||
if msg:
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From f77c854b9c5aab3e2bb517b6d0c08197a116efb1 Mon Sep 17 00:00:00 2001
|
||||
From e285342c3b17de9b13ccbf2dbdb68cce5b4df86c Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 14:20:58 +0200
|
||||
Subject: [PATCH 16/36] Make _hmacopenssl.HMAC subclassable; subclass it as
|
||||
@ -3120,10 +3121,10 @@ index b472a6e..861acc1 100644
|
||||
-/*[clinic end generated code: output=10b6e8cac6d7a2c9 input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=d93ad460795d49b5 input=a9049054013a1b77]*/
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From b357a1f823b7b231d1a8bc149b5a950246350d3c Mon Sep 17 00:00:00 2001
|
||||
From 5dab92e1f96fc0940a2d5d365708329e8c282587 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 16:10:36 +0200
|
||||
Subject: [PATCH 17/36] Fix _hmacopenssl.HMAC.block_size
|
||||
@ -3146,10 +3147,10 @@ index 7d3d973..a24c8ba 100644
|
||||
|
||||
static PyMethodDef Hmac_methods[] = {
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From ee03c8ff14206070a7e4e4d13c4b067bcf25193d Mon Sep 17 00:00:00 2001
|
||||
From d39cc2e44d6debffce096b82d30909e2662379ab Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 15:02:08 +0200
|
||||
Subject: [PATCH 18/36] distutils upload: Skip md5 checksum in FIPS mode
|
||||
@ -3228,10 +3229,10 @@ index c17d8e7..b4b64e9 100644
|
||||
|
||||
def test_upload_fails(self):
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From fd0fd3310ff7c7dae0ea4377b71928ca3e242a21 Mon Sep 17 00:00:00 2001
|
||||
From 124f7e862bdbf6615e64fedfa73a76e199d68644 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 15:32:25 +0200
|
||||
Subject: [PATCH 19/36] Fix HMAC tests on FIPS mode
|
||||
@ -3321,10 +3322,10 @@ index 23c108f..0a85981 100644
|
||||
def test_equality(self):
|
||||
# Testing if the copy has the same digests.
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From e0c4dfcfc3070d0b3b25f77357509b9daa5f9891 Mon Sep 17 00:00:00 2001
|
||||
From 6bc6c745da5c2d860de9f76402ccf554e398bbbc Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 16:37:12 +0200
|
||||
Subject: [PATCH 20/36] test_tools: Skip md5sum tests in FIPS mode
|
||||
@ -3354,10 +3355,10 @@ index fb565b7..7028a4d 100644
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 510915020bb7c7c91d297fb3330ee9be3ee16b6f Mon Sep 17 00:00:00 2001
|
||||
From 22f2476f2a19dfc4e4c25e5df2f059bf8e15d397 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 18:23:57 +0200
|
||||
Subject: [PATCH 21/36] Make hashlib tests pass in FIPS mode
|
||||
@ -3549,10 +3550,10 @@ index 2a55fd4..9ae5efc 100644
|
||||
@support.reap_threads
|
||||
def test_threaded_hashing(self):
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From de9997db1f55fe4c70f0a5c4fe5b497e8c6839a2 Mon Sep 17 00:00:00 2001
|
||||
From ca8655cc0f8c1bcfb5ae970d33a826c092746203 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Wed, 14 Aug 2019 14:43:07 +0200
|
||||
Subject: [PATCH 22/36] distutils upload: only add md5 if available, but
|
||||
@ -3619,10 +3620,10 @@ index b4b64e9..f720a79 100644
|
||||
|
||||
def test_upload_fails(self):
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 30407ef6fd2fb0fcb950cab57d4bd23121ef9084 Mon Sep 17 00:00:00 2001
|
||||
From 12f506902ee04749565485bb60f0b927b2895e71 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Heimes <christian@python.org>
|
||||
Date: Fri, 13 Sep 2019 02:30:00 +0200
|
||||
Subject: [PATCH 23/36] bpo-9216: Add usedforsecurity to hashlib constructors
|
||||
@ -3656,7 +3657,7 @@ Contributed and Signed-off-by: Christian Heimes christian@python.org
|
||||
create mode 100644 Misc/NEWS.d/next/Library/2019-09-12-14-54-45.bpo-9216.W7QMpC.rst
|
||||
|
||||
diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst
|
||||
index a16c7cd..6eb3a7b 100644
|
||||
index f5da6ec..86b9f65 100644
|
||||
--- a/Doc/library/hashlib.rst
|
||||
+++ b/Doc/library/hashlib.rst
|
||||
@@ -67,7 +67,7 @@ Constructors for hash algorithms that are always present in this module are
|
||||
@ -3944,10 +3945,10 @@ index 560bd68..71c5706 100644
|
||||
-/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index 6982268..a1f81eb 100644
|
||||
index 713e15a..b4d05ab 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -521,7 +521,7 @@ static PyTypeObject EVPtype = {
|
||||
@@ -528,7 +528,7 @@ static PyTypeObject EVPtype = {
|
||||
\
|
||||
static PyObject *
|
||||
EVPnew(const EVP_MD *digest,
|
||||
@ -3956,7 +3957,7 @@ index 6982268..a1f81eb 100644
|
||||
{
|
||||
int result = 0;
|
||||
EVPobject *self;
|
||||
@@ -534,6 +534,12 @@ EVPnew(const EVP_MD *digest,
|
||||
@@ -541,6 +541,12 @@ EVPnew(const EVP_MD *digest,
|
||||
if ((self = newEVPobject()) == NULL)
|
||||
return NULL;
|
||||
|
||||
@ -3969,7 +3970,7 @@ index 6982268..a1f81eb 100644
|
||||
if (!EVP_DigestInit_ex(self->ctx, digest, NULL)) {
|
||||
_setException(PyExc_ValueError);
|
||||
Py_DECREF(self);
|
||||
@@ -565,6 +571,8 @@ _hashlib.new as EVP_new
|
||||
@@ -572,6 +578,8 @@ _hashlib.new as EVP_new
|
||||
|
||||
name as name_obj: object
|
||||
string as data_obj: object(c_default="NULL") = b''
|
||||
@ -3978,7 +3979,7 @@ index 6982268..a1f81eb 100644
|
||||
|
||||
Return a new hash object using the named algorithm.
|
||||
|
||||
@@ -575,8 +583,9 @@ The MD5 and SHA1 algorithms are always supported.
|
||||
@@ -582,8 +590,9 @@ The MD5 and SHA1 algorithms are always supported.
|
||||
[clinic start generated code]*/
|
||||
|
||||
static PyObject *
|
||||
@ -3990,7 +3991,7 @@ index 6982268..a1f81eb 100644
|
||||
{
|
||||
Py_buffer view = { 0 };
|
||||
PyObject *ret_obj;
|
||||
@@ -593,7 +602,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
@@ -600,7 +609,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
|
||||
digest = py_digest_by_name(name);
|
||||
|
||||
@ -4001,7 +4002,7 @@ index 6982268..a1f81eb 100644
|
||||
|
||||
if (data_obj)
|
||||
PyBuffer_Release(&view);
|
||||
@@ -601,7 +612,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
@@ -608,7 +619,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
}
|
||||
|
||||
static PyObject*
|
||||
@ -4011,7 +4012,7 @@ index 6982268..a1f81eb 100644
|
||||
{
|
||||
Py_buffer view = { 0 };
|
||||
PyObject *ret_obj;
|
||||
@@ -609,7 +621,8 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
@@ -616,7 +628,8 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
if (data_obj)
|
||||
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
|
||||
|
||||
@ -4021,7 +4022,7 @@ index 6982268..a1f81eb 100644
|
||||
|
||||
if (data_obj)
|
||||
PyBuffer_Release(&view);
|
||||
@@ -621,16 +634,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
@@ -628,16 +641,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
_hashlib.openssl_md5
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4044,7 +4045,7 @@ index 6982268..a1f81eb 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -638,16 +654,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -645,16 +661,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha1
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4067,7 +4068,7 @@ index 6982268..a1f81eb 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -655,16 +674,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -662,16 +681,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha224
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4090,7 +4091,7 @@ index 6982268..a1f81eb 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -672,16 +694,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -679,16 +701,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha256
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4113,7 +4114,7 @@ index 6982268..a1f81eb 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -689,16 +714,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -696,16 +721,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha384
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4136,7 +4137,7 @@ index 6982268..a1f81eb 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -706,152 +734,179 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -713,152 +741,179 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha512
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -5729,7 +5730,7 @@ index 459a934..b8185b6 100644
|
||||
-/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/
|
||||
diff --git a/Modules/md5module.c b/Modules/md5module.c
|
||||
index c2ebaaf..fdc4d7b 100644
|
||||
index 64fab80..ee4efe4 100644
|
||||
--- a/Modules/md5module.c
|
||||
+++ b/Modules/md5module.c
|
||||
@@ -503,13 +503,15 @@ static PyTypeObject MD5type = {
|
||||
@ -5751,7 +5752,7 @@ index c2ebaaf..fdc4d7b 100644
|
||||
MD5object *new;
|
||||
Py_buffer buf;
|
||||
diff --git a/Modules/sha1module.c b/Modules/sha1module.c
|
||||
index ce2ad26..4d191c3 100644
|
||||
index 4a8dbd8..aec0bad 100644
|
||||
--- a/Modules/sha1module.c
|
||||
+++ b/Modules/sha1module.c
|
||||
@@ -480,13 +480,15 @@ static PyTypeObject SHA1type = {
|
||||
@ -5773,7 +5774,7 @@ index ce2ad26..4d191c3 100644
|
||||
SHA1object *new;
|
||||
Py_buffer buf;
|
||||
diff --git a/Modules/sha256module.c b/Modules/sha256module.c
|
||||
index b8d6c4c..245f4c0 100644
|
||||
index a1c8b1a..8777c59 100644
|
||||
--- a/Modules/sha256module.c
|
||||
+++ b/Modules/sha256module.c
|
||||
@@ -601,13 +601,15 @@ static PyTypeObject SHA256type = {
|
||||
@ -5813,7 +5814,7 @@ index b8d6c4c..245f4c0 100644
|
||||
SHAobject *new;
|
||||
Py_buffer buf;
|
||||
diff --git a/Modules/sha512module.c b/Modules/sha512module.c
|
||||
index 98b9791..df4f9d2 100644
|
||||
index 4167fd3..504d40a 100644
|
||||
--- a/Modules/sha512module.c
|
||||
+++ b/Modules/sha512module.c
|
||||
@@ -666,13 +666,15 @@ static PyTypeObject SHA512type = {
|
||||
@ -5853,10 +5854,10 @@ index 98b9791..df4f9d2 100644
|
||||
SHAobject *new;
|
||||
Py_buffer buf;
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 095d8ea318b20b5d42ada0367ca770c15e6f6fa2 Mon Sep 17 00:00:00 2001
|
||||
From 041f34e22d7c458b611a72e3927deb85f20d1a85 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 26 Aug 2019 19:09:39 +0200
|
||||
Subject: [PATCH 24/36] Test the usedforsecurity flag
|
||||
@ -6099,10 +6100,10 @@ index 08bb91f..1368e91 100644
|
||||
class KDFTests(unittest.TestCase):
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 59b7e853d919380ca6c11655bbc7041ee395417d Mon Sep 17 00:00:00 2001
|
||||
From 6ae69003979add3243d700e1f5154cf83818ea62 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 29 Aug 2019 10:25:28 +0200
|
||||
Subject: [PATCH 25/36] Skip error checking in _hashlib.get_fips_mode
|
||||
@ -6113,10 +6114,10 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745499
|
||||
1 file changed, 16 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index a1f81eb..eff331b 100644
|
||||
index b4d05ab..a48b607 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -1253,20 +1253,22 @@ _hashlib_get_fips_mode_impl(PyObject *module)
|
||||
@@ -1260,20 +1260,22 @@ _hashlib_get_fips_mode_impl(PyObject *module)
|
||||
/*[clinic end generated code: output=ad8a7793310d3f98 input=f42a2135df2a5e11]*/
|
||||
|
||||
{
|
||||
@ -6154,10 +6155,10 @@ index a1f81eb..eff331b 100644
|
||||
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 7f5432d72546f60078989b6cadf26cd51de84ebd Mon Sep 17 00:00:00 2001
|
||||
From 95b58ae12206c7889e0159a720c1a96fcb2dc050 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 10 Oct 2019 13:04:50 +0200
|
||||
Subject: [PATCH 26/36] Skip error checking in _Py_hashlib_fips_error
|
||||
@ -6192,10 +6193,10 @@ index 47ed003..d4cbdef 100644
|
||||
}
|
||||
PyErr_Format(exc, "%s is not available in FIPS mode", name);
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 05f7188136bda8eeec06428aa4ddf9ab14a178a0 Mon Sep 17 00:00:00 2001
|
||||
From ba0462edf8fb3ae3cb04151460002cf687758605 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 19:12:38 +0200
|
||||
Subject: [PATCH 27/36] Fixups
|
||||
@ -6234,10 +6235,10 @@ index 0a85981..0b481ec 100644
|
||||
h1 = hmac.HMAC(b"key", digestmod="sha1")
|
||||
h2 = h1.copy()
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 0f707443431d9dc22218be7208d940f4d42f122d Mon Sep 17 00:00:00 2001
|
||||
From d2596ea3fab68d2fc586abaae64323599c2a74c8 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 26 Aug 2019 19:39:48 +0200
|
||||
Subject: [PATCH 28/36] Don't re-export get_fips_mode from hashlib
|
||||
@ -6550,7 +6551,7 @@ index 0b481ec..cc77928 100644
|
||||
def test_realcopy(self):
|
||||
# Testing if the copy method created a real copy.
|
||||
diff --git a/Lib/test/test_smtplib.py b/Lib/test/test_smtplib.py
|
||||
index d0c9862..9a44c0d 100644
|
||||
index c9205ae..e4d7fb4 100644
|
||||
--- a/Lib/test/test_smtplib.py
|
||||
+++ b/Lib/test/test_smtplib.py
|
||||
@@ -17,6 +17,8 @@ import select
|
||||
@ -6562,7 +6563,7 @@ index d0c9862..9a44c0d 100644
|
||||
|
||||
import unittest
|
||||
from test import support, mock_socket
|
||||
@@ -1021,7 +1023,7 @@ class SMTPSimTests(unittest.TestCase):
|
||||
@@ -1059,7 +1061,7 @@ class SMTPSimTests(unittest.TestCase):
|
||||
|
||||
def testAUTH_multiple(self):
|
||||
# Test that multiple authentication methods are tried.
|
||||
@ -6604,10 +6605,10 @@ index 1cb358f..6f5cb7f 100644
|
||||
from test import support
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 9515f9be3409fdc59cf9c09dd200917483e1651a Mon Sep 17 00:00:00 2001
|
||||
From 7873a4a314732768bc4d11a095ae50f0553bdebd Mon Sep 17 00:00:00 2001
|
||||
From: Christian Heimes <christian@python.org>
|
||||
Date: Wed, 20 Nov 2019 10:59:25 +0100
|
||||
Subject: [PATCH 29/36] Use FIPS compliant CSPRNG
|
||||
@ -6624,7 +6625,7 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
4 files changed, 89 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
|
||||
index 2a4ae15..5ad5bd6 100644
|
||||
index 5302b1c..ed335ad 100644
|
||||
--- a/Lib/test/test_os.py
|
||||
+++ b/Lib/test/test_os.py
|
||||
@@ -1546,6 +1546,11 @@ class GetRandomTests(unittest.TestCase):
|
||||
@ -6640,7 +6641,7 @@ index 2a4ae15..5ad5bd6 100644
|
||||
def test_getrandom_type(self):
|
||||
data = os.getrandom(16)
|
||||
diff --git a/Makefile.pre.in b/Makefile.pre.in
|
||||
index 917303d..ddfbfd0 100644
|
||||
index 381a8ab..e7778f4 100644
|
||||
--- a/Makefile.pre.in
|
||||
+++ b/Makefile.pre.in
|
||||
@@ -116,7 +116,7 @@ PY_STDMODULE_CFLAGS= $(PY_CFLAGS) $(PY_CFLAGS_NODIST) $(PY_CPPFLAGS) $(CFLAGSFOR
|
||||
@ -6653,10 +6654,10 @@ index 917303d..ddfbfd0 100644
|
||||
CFLAGS_ALIASING=@CFLAGS_ALIASING@
|
||||
|
||||
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
|
||||
index 726e372..9a1249a 100644
|
||||
index d7edabe..f825d5a 100644
|
||||
--- a/Modules/posixmodule.c
|
||||
+++ b/Modules/posixmodule.c
|
||||
@@ -388,6 +388,9 @@ extern char *ctermid_r(char *);
|
||||
@@ -389,6 +389,9 @@ extern char *ctermid_r(char *);
|
||||
#define MODNAME "posix"
|
||||
#endif
|
||||
|
||||
@ -6666,7 +6667,7 @@ index 726e372..9a1249a 100644
|
||||
#if defined(__sun)
|
||||
/* Something to implement in autoconf, not present in autoconf 2.69 */
|
||||
#define HAVE_STRUCT_STAT_ST_FSTYPE 1
|
||||
@@ -13558,6 +13561,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
|
||||
@@ -13650,6 +13653,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
|
||||
return posix_error();
|
||||
}
|
||||
|
||||
@ -6772,10 +6773,10 @@ index eb2b6d0..cb38cfe 100644
|
||||
return win32_urandom((unsigned char *)buffer, size, raise);
|
||||
#else
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From ba95383d9b37f252bd153674404dc4055d49bf82 Mon Sep 17 00:00:00 2001
|
||||
From 99ee25369116bf17731502e77a81bd0c5ac59b38 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 28 Nov 2019 17:26:02 +0100
|
||||
Subject: [PATCH 30/36] Fixups for FIPS compliant CSPRNG
|
||||
@ -6786,7 +6787,7 @@ Subject: [PATCH 30/36] Fixups for FIPS compliant CSPRNG
|
||||
2 files changed, 5 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
|
||||
index 5ad5bd6..ae53de9 100644
|
||||
index ed335ad..f306316 100644
|
||||
--- a/Lib/test/test_os.py
|
||||
+++ b/Lib/test/test_os.py
|
||||
@@ -28,6 +28,7 @@ import time
|
||||
@ -6871,10 +6872,10 @@ index cb38cfe..08fa29a 100644
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 496a58146aa42b97661c5ea1afeaa223e8fd4ceb Mon Sep 17 00:00:00 2001
|
||||
From 3750c8b8b4c09c6bc795721bc353da23b015fe4d Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 2 Apr 2020 16:50:37 +0200
|
||||
Subject: [PATCH 31/36] Do not raise a ValueError if digestmod is missing in
|
||||
@ -6901,10 +6902,10 @@ index 5055027..ee1ad76 100644
|
||||
return digestmod.lower()
|
||||
elif callable(digestmod):
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 3f346ea93c2504e169a2df21e2de206031a08600 Mon Sep 17 00:00:00 2001
|
||||
From 737af204f04bb39e5f87d53fe07713137639234e Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 2 Apr 2020 16:55:36 +0200
|
||||
Subject: [PATCH 32/36] Regenerate the clinic files
|
||||
@ -6988,10 +6989,10 @@ index 861acc1..527be83 100644
|
||||
-/*[clinic end generated code: output=d93ad460795d49b5 input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=9b75c31e1116bf6f input=a9049054013a1b77]*/
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From f4465980ae75c0e56cd1edecf9a42fa38b9cd12a Mon Sep 17 00:00:00 2001
|
||||
From d0e7edf46ceef6ffb6075bb8b8b966f31df018fc Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Tue, 7 Apr 2020 15:16:45 +0200
|
||||
Subject: [PATCH 33/36] Pass kwargs (like usedforsecurity) through __hash_new
|
||||
@ -7023,10 +7024,10 @@ index 2fc214e..785858f 100644
|
||||
|
||||
try:
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 6c0ba219c01052f8b079ce67b89a75920b3aa867 Mon Sep 17 00:00:00 2001
|
||||
From 0e3f635871d22831cbb5f0bffb9962f2a1ad29eb Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Tue, 7 Apr 2020 15:18:48 +0200
|
||||
Subject: [PATCH 34/36] Adjust new upstream test for failing hashes with
|
||||
@ -7069,10 +7070,10 @@ index a4b7840..a858bf4 100644
|
||||
self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam')
|
||||
self.assertRaises(TypeError, hashlib.new, 1)
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From 041105f888785599e58213dfea55115a4e861d77 Mon Sep 17 00:00:00 2001
|
||||
From 8145cfd2f71749a9fe844e5abc725f36e9085b22 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Fri, 24 Apr 2020 19:57:16 +0200
|
||||
Subject: [PATCH 35/36] Skip the test_with_digestmod_no_default under FIPS
|
||||
@ -7115,10 +7116,10 @@ index cc77928..fd068e0 100644
|
||||
class ConstructorTestCase(unittest.TestCase):
|
||||
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
||||
From e20750200d560a549cbbf224ded74bb086ef3e66 Mon Sep 17 00:00:00 2001
|
||||
From 969498fda9699b2e9d2df4a78a671e37d578daea Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Tue, 31 Mar 2020 18:00:42 +0200
|
||||
Subject: [PATCH 36/36] Add a sentinel value on the Hmac_members table of the
|
||||
@ -7141,5 +7142,5 @@ index 9577cad..4bd7c15 100644
|
||||
|
||||
PyDoc_STRVAR(hmactype_doc,
|
||||
--
|
||||
2.25.4
|
||||
2.31.1
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From a11d61081c3887c2b4c36e8726597e05f789c2e2 Mon Sep 17 00:00:00 2001
|
||||
From 78da9e020385fe78e36c20f99a0910bbc4a0c100 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Thu, 1 Apr 2021 08:18:07 +0200
|
||||
Subject: [PATCH] CVE-2021-23336: Add `separator` argument to parse_qs; warn
|
||||
@ -24,12 +24,10 @@ Co-authored-by: Éric Araujo <merwok@netwok.org>
|
||||
Doc/library/cgi.rst | 2 +-
|
||||
Doc/library/urllib.parse.rst | 12 +-
|
||||
Lib/cgi.py | 4 +-
|
||||
Lib/test/test_cgi.py | 29 +++
|
||||
Lib/test/test_urlparse.py | 232 +++++++++++++++++-
|
||||
Lib/urllib/parse.py | 77 +++++-
|
||||
.../2021-02-14-15-59-16.bpo-42967.YApqDS.rst | 1 +
|
||||
7 files changed, 340 insertions(+), 17 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
|
||||
Lib/test/test_cgi.py | 29 +++++
|
||||
Lib/test/test_urlparse.py | 232 ++++++++++++++++++++++++++++++++++-
|
||||
Lib/urllib/parse.py | 78 +++++++++++-
|
||||
6 files changed, 339 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst
|
||||
index 880074b..d8a6dc1 100644
|
||||
@ -45,7 +43,7 @@ index 880074b..d8a6dc1 100644
|
||||
Parse a query in the environment or from a file (the file defaults to
|
||||
``sys.stdin``). The *keep_blank_values*, *strict_parsing* and *separator* parameters are
|
||||
diff --git a/Doc/library/urllib.parse.rst b/Doc/library/urllib.parse.rst
|
||||
index fcad707..9bcef69 100644
|
||||
index a6cfc5d..85b2448 100644
|
||||
--- a/Doc/library/urllib.parse.rst
|
||||
+++ b/Doc/library/urllib.parse.rst
|
||||
@@ -165,7 +165,7 @@ or on combining URL components into a URL string.
|
||||
@ -144,7 +142,7 @@ index 4e1506a..49b6926 100644
|
||||
# test dict interface
|
||||
self.assertEqual(len(expect), len(fs))
|
||||
diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
|
||||
index 90c8d69..90349ee 100644
|
||||
index 0f99130..4e0d7e5 100644
|
||||
--- a/Lib/test/test_urlparse.py
|
||||
+++ b/Lib/test/test_urlparse.py
|
||||
@@ -2,6 +2,11 @@ import sys
|
||||
@ -294,7 +292,7 @@ index 90c8d69..90349ee 100644
|
||||
def test_roundtrips(self):
|
||||
str_cases = [
|
||||
('file:///tmp/junk.txt',
|
||||
@@ -871,8 +961,8 @@ class UrlParseTestCase(unittest.TestCase):
|
||||
@@ -919,8 +1009,8 @@ class UrlParseTestCase(unittest.TestCase):
|
||||
|
||||
def test_parse_qsl_max_num_fields(self):
|
||||
with self.assertRaises(ValueError):
|
||||
@ -305,8 +303,8 @@ index 90c8d69..90349ee 100644
|
||||
|
||||
def test_parse_qs_separator(self):
|
||||
parse_qs_semicolon_cases = [
|
||||
@@ -912,6 +1002,136 @@ class UrlParseTestCase(unittest.TestCase):
|
||||
self.assertEqual(result, expect, "Error parsing %r" % orig)
|
||||
@@ -964,6 +1054,136 @@ class UrlParseTestCase(unittest.TestCase):
|
||||
self.assertEqual(result_bytes, expect, "Error parsing %r" % orig)
|
||||
|
||||
|
||||
+ @contextlib.contextmanager
|
||||
@ -443,7 +441,7 @@ index 90c8d69..90349ee 100644
|
||||
# Other tests incidentally urlencode things; test non-covered cases:
|
||||
# Sequence and object values.
|
||||
diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
|
||||
index 0c1c94f..83638bb 100644
|
||||
index f0d9d4d..70fc268 100644
|
||||
--- a/Lib/urllib/parse.py
|
||||
+++ b/Lib/urllib/parse.py
|
||||
@@ -28,6 +28,7 @@ test_urlparse.py provides a good indicator of parsing behavior.
|
||||
@ -454,7 +452,7 @@ index 0c1c94f..83638bb 100644
|
||||
import sys
|
||||
import collections
|
||||
import warnings
|
||||
@@ -650,7 +651,7 @@ def unquote(string, encoding='utf-8', errors='replace'):
|
||||
@@ -660,7 +661,7 @@ def unquote(string, encoding='utf-8', errors='replace'):
|
||||
|
||||
|
||||
def parse_qs(qs, keep_blank_values=False, strict_parsing=False,
|
||||
@ -463,7 +461,7 @@ index 0c1c94f..83638bb 100644
|
||||
"""Parse a query given as a string argument.
|
||||
|
||||
Arguments:
|
||||
@@ -690,9 +691,16 @@ def parse_qs(qs, keep_blank_values=False, strict_parsing=False,
|
||||
@@ -700,9 +701,16 @@ def parse_qs(qs, keep_blank_values=False, strict_parsing=False,
|
||||
parsed_result[name] = [value]
|
||||
return parsed_result
|
||||
|
||||
@ -481,9 +479,11 @@ index 0c1c94f..83638bb 100644
|
||||
"""Parse a query given as a string argument.
|
||||
|
||||
Arguments:
|
||||
@@ -722,18 +730,77 @@ def parse_qsl(qs, keep_blank_values=False, strict_parsing=False,
|
||||
@@ -731,20 +739,78 @@ def parse_qsl(qs, keep_blank_values=False, strict_parsing=False,
|
||||
Returns a list, as G-d intended.
|
||||
"""
|
||||
qs, _coerce_result = _coerce_args(qs)
|
||||
- separator, _ = _coerce_args(separator)
|
||||
|
||||
- if not separator or (not isinstance(separator, (str, bytes))):
|
||||
+ if isinstance(separator, bytes):
|
||||
@ -562,13 +562,6 @@ index 0c1c94f..83638bb 100644
|
||||
r = []
|
||||
for name_value in pairs:
|
||||
if not name_value and not strict_parsing:
|
||||
diff --git a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
|
||||
new file mode 100644
|
||||
index 0000000..bc82c96
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
|
||||
@@ -0,0 +1 @@
|
||||
+Make it possible to fix web cache poisoning vulnerability by allowing the user to choose a custom separator query args.
|
||||
--
|
||||
2.30.2
|
||||
2.31.1
|
||||
|
||||
|
@ -1,100 +0,0 @@
|
||||
From 7e38d3309e0a5a7b9e23ef933aef0079c6e317f7 Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Mon, 29 Mar 2021 06:02:40 -0700
|
||||
Subject: [PATCH] bpo-42988: Remove the pydoc getfile feature (GH-25015)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
|
||||
could be abused to read arbitrary files on the disk (directory
|
||||
traversal vulnerability). Moreover, even source code of Python
|
||||
modules can contain sensitive data like passwords. Vulnerability
|
||||
reported by David Schwörer.
|
||||
(cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048)
|
||||
|
||||
Co-authored-by: Victor Stinner <vstinner@python.org>
|
||||
---
|
||||
Lib/pydoc.py | 18 ------------------
|
||||
Lib/test/test_pydoc.py | 6 ------
|
||||
.../2021-03-24-14-16-56.bpo-42988.P2aNco.rst | 4 ++++
|
||||
3 files changed, 4 insertions(+), 24 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
|
||||
|
||||
diff --git a/Lib/pydoc.py b/Lib/pydoc.py
|
||||
index dc3377d68f8caa..afec613dd85a06 100644
|
||||
--- a/Lib/pydoc.py
|
||||
+++ b/Lib/pydoc.py
|
||||
@@ -2364,9 +2364,6 @@ def page(self, title, contents):
|
||||
%s</head><body bgcolor="#f0f0f8">%s<div style="clear:both;padding-top:.5em;">%s</div>
|
||||
</body></html>''' % (title, css_link, html_navbar(), contents)
|
||||
|
||||
- def filelink(self, url, path):
|
||||
- return '<a href="getfile?key=%s">%s</a>' % (url, path)
|
||||
-
|
||||
|
||||
html = _HTMLDoc()
|
||||
|
||||
@@ -2452,19 +2449,6 @@ def bltinlink(name):
|
||||
'key = %s' % key, '#ffffff', '#ee77aa', '<br>'.join(results))
|
||||
return 'Search Results', contents
|
||||
|
||||
- def html_getfile(path):
|
||||
- """Get and display a source file listing safely."""
|
||||
- path = urllib.parse.unquote(path)
|
||||
- with tokenize.open(path) as fp:
|
||||
- lines = html.escape(fp.read())
|
||||
- body = '<pre>%s</pre>' % lines
|
||||
- heading = html.heading(
|
||||
- '<big><big><strong>File Listing</strong></big></big>',
|
||||
- '#ffffff', '#7799ee')
|
||||
- contents = heading + html.bigsection(
|
||||
- 'File: %s' % path, '#ffffff', '#ee77aa', body)
|
||||
- return 'getfile %s' % path, contents
|
||||
-
|
||||
def html_topics():
|
||||
"""Index of topic texts available."""
|
||||
|
||||
@@ -2556,8 +2540,6 @@ def get_html_page(url):
|
||||
op, _, url = url.partition('=')
|
||||
if op == "search?key":
|
||||
title, content = html_search(url)
|
||||
- elif op == "getfile?key":
|
||||
- title, content = html_getfile(url)
|
||||
elif op == "topic?key":
|
||||
# try topics first, then objects.
|
||||
try:
|
||||
diff --git a/Lib/test/test_pydoc.py b/Lib/test/test_pydoc.py
|
||||
index c80477c50f0980..72ed8a93b712b0 100644
|
||||
--- a/Lib/test/test_pydoc.py
|
||||
+++ b/Lib/test/test_pydoc.py
|
||||
@@ -1360,18 +1360,12 @@ def test_url_requests(self):
|
||||
("topic?key=def", "Pydoc: KEYWORD def"),
|
||||
("topic?key=STRINGS", "Pydoc: TOPIC STRINGS"),
|
||||
("foobar", "Pydoc: Error - foobar"),
|
||||
- ("getfile?key=foobar", "Pydoc: Error - getfile?key=foobar"),
|
||||
]
|
||||
|
||||
with self.restrict_walk_packages():
|
||||
for url, title in requests:
|
||||
self.call_url_handler(url, title)
|
||||
|
||||
- path = string.__file__
|
||||
- title = "Pydoc: getfile " + path
|
||||
- url = "getfile?key=" + path
|
||||
- self.call_url_handler(url, title)
|
||||
-
|
||||
|
||||
class TestHelper(unittest.TestCase):
|
||||
def test_keywords(self):
|
||||
diff --git a/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst b/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
|
||||
new file mode 100644
|
||||
index 00000000000000..4b42dd05305a83
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
|
||||
@@ -0,0 +1,4 @@
|
||||
+CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module which
|
||||
+could be abused to read arbitrary files on the disk (directory traversal
|
||||
+vulnerability). Moreover, even source code of Python modules can contain
|
||||
+sensitive data like passwords. Vulnerability reported by David Schwörer.
|
@ -1,62 +0,0 @@
|
||||
diff --git a/Doc/library/ipaddress.rst b/Doc/library/ipaddress.rst
|
||||
index 2cdfddb..d464d2a 100644
|
||||
--- a/Doc/library/ipaddress.rst
|
||||
+++ b/Doc/library/ipaddress.rst
|
||||
@@ -104,8 +104,7 @@ write code that handles both IP versions correctly. Address objects are
|
||||
1. A string in decimal-dot notation, consisting of four decimal integers in
|
||||
the inclusive range 0--255, separated by dots (e.g. ``192.168.0.1``). Each
|
||||
integer represents an octet (byte) in the address. Leading zeroes are
|
||||
- tolerated only for values less than 8 (as there is no ambiguity
|
||||
- between the decimal and octal interpretations of such strings).
|
||||
+ not tolerated to prevent confusion with octal notation.
|
||||
2. An integer that fits into 32 bits.
|
||||
3. An integer packed into a :class:`bytes` object of length 4 (most
|
||||
significant octet first).
|
||||
diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
|
||||
index 28b7b61..d351f07 100644
|
||||
--- a/Lib/ipaddress.py
|
||||
+++ b/Lib/ipaddress.py
|
||||
@@ -1173,6 +1173,11 @@ class _BaseV4:
|
||||
if len(octet_str) > 3:
|
||||
msg = "At most 3 characters permitted in %r"
|
||||
raise ValueError(msg % octet_str)
|
||||
+ # Handle leading zeros as strict as glibc's inet_pton()
|
||||
+ # See security bug bpo-36384
|
||||
+ if octet_str != '0' and octet_str[0] == '0':
|
||||
+ msg = "Leading zeros are not permitted in %r"
|
||||
+ raise ValueError(msg % octet_str)
|
||||
# Convert to integer (we know digits are legal)
|
||||
octet_int = int(octet_str, 10)
|
||||
if octet_int > 255:
|
||||
diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
|
||||
index 2f1c5b6..1297b83 100644
|
||||
--- a/Lib/test/test_ipaddress.py
|
||||
+++ b/Lib/test/test_ipaddress.py
|
||||
@@ -97,10 +97,23 @@ class CommonTestMixin:
|
||||
class CommonTestMixin_v4(CommonTestMixin):
|
||||
|
||||
def test_leading_zeros(self):
|
||||
- self.assertInstancesEqual("000.000.000.000", "0.0.0.0")
|
||||
- self.assertInstancesEqual("192.168.000.001", "192.168.0.1")
|
||||
- self.assertInstancesEqual("016.016.016.016", "16.16.16.16")
|
||||
- self.assertInstancesEqual("001.000.008.016", "1.0.8.16")
|
||||
+ # bpo-36384: no leading zeros to avoid ambiguity with octal notation
|
||||
+ msg = "Leading zeros are not permitted in '\d+'"
|
||||
+ addresses = [
|
||||
+ "000.000.000.000",
|
||||
+ "192.168.000.001",
|
||||
+ "016.016.016.016",
|
||||
+ "192.168.000.001",
|
||||
+ "001.000.008.016",
|
||||
+ "01.2.3.40",
|
||||
+ "1.02.3.40",
|
||||
+ "1.2.03.40",
|
||||
+ "1.2.3.040",
|
||||
+ ]
|
||||
+ for address in addresses:
|
||||
+ with self.subTest(address=address):
|
||||
+ with self.assertAddressError(msg):
|
||||
+ self.factory(address)
|
||||
|
||||
def test_int(self):
|
||||
self.assertInstancesEqual(0, "0.0.0.0")
|
@ -13,11 +13,11 @@ URL: https://www.python.org/
|
||||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
%global general_version %{pybasever}.8
|
||||
%global general_version %{pybasever}.12
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 4%{?dist}
|
||||
Release: 1%{?dist}
|
||||
License: Python
|
||||
|
||||
# Exclude i686 arch. Due to a modularity issue it's being added to the
|
||||
@ -357,18 +357,6 @@ Patch353: 00353-architecture-names-upstream-downstream.patch
|
||||
# Main BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1928904
|
||||
Patch359: 00359-CVE-2021-23336.patch
|
||||
|
||||
# 00360 #
|
||||
# CVE-2021-3426: information disclosure via pydoc
|
||||
# Upstream: https://bugs.python.org/issue42988
|
||||
# Main BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1935913
|
||||
Patch360: 00360-CVE-2021-3426.patch
|
||||
|
||||
# 00365 #
|
||||
# CVE-2021-29921: Improper input validation of octal strings in the ipaddress module
|
||||
# Upstream: https://bugs.python.org/issue36384
|
||||
# Main bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1957458
|
||||
Patch365: 00365-CVE-2021-29921.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
@ -661,8 +649,8 @@ The debug runtime additionally supports debug builds of C-API extensions
|
||||
Requires: python38-setuptools-wheel
|
||||
Requires: python38-pip-wheel
|
||||
%else
|
||||
Provides: bundled(python38-pip) = 19.2.3
|
||||
Provides: bundled(python38-setuptools) = 41.2.0
|
||||
Provides: bundled(python38-pip) = 21.1.1
|
||||
Provides: bundled(python38-setuptools) = 56.0.0
|
||||
%endif
|
||||
|
||||
# The description for the flat package
|
||||
@ -725,8 +713,6 @@ rm Lib/ensurepip/_bundled/*.whl
|
||||
%patch329 -p1
|
||||
%patch353 -p1
|
||||
%patch359 -p1
|
||||
%patch360 -p1
|
||||
%patch365 -p1
|
||||
|
||||
# Remove files that should be generated by the build
|
||||
# (This is after patching, so that we can use patches directly from upstream)
|
||||
@ -1815,6 +1801,15 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Wed Sep 15 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.8.12-1
|
||||
- Update to 3.8.12
|
||||
Resolves: rhbz#2004587
|
||||
|
||||
* Tue Sep 07 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.8.11-1
|
||||
- Update to 3.8.11
|
||||
- Fix for CVE-2021-3733 and CVE-2021-3737
|
||||
Resolves: rhbz#1995234, rhbz#1995162
|
||||
|
||||
* Mon Aug 02 2021 Tomas Orsava <torsava@redhat.com> - 3.8.8-4
|
||||
- Adjusted the postun scriptlets to enable upgrading to RHEL 9
|
||||
- Resolves: rhbz#1933055
|
||||
|
Loading…
Reference in New Issue
Block a user