import python38-3.8.6-3.module+el8.4.0+9579+e9717e18

This commit is contained in:
CentOS Sources 2021-03-30 08:56:26 -04:00 committed by Stepan Oksanichenko
parent 6f035bd18b
commit 3b3eb22c65
12 changed files with 512 additions and 11844 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/Python-3.8.3.tar.xz
SOURCES/Python-3.8.6-noexe.tar.xz

View File

@ -1 +1 @@
3bafa40df1cd069c112761c388a9f2e94b5d33dd SOURCES/Python-3.8.3.tar.xz
e77d08894869ecf483e9f945663f75316ad68bf1 SOURCES/Python-3.8.6-noexe.tar.xz

View File

@ -1,15 +1,18 @@
From 36f1f2b4620b13bdc7ac1c349253ac07960c33b3 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
Date: Wed, 15 Aug 2018 15:36:29 +0200
Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels
We keep them in /usr/share/python-wheels
Downstream only: upstream bundles
We might eventually pursuit upstream support, but it's low prio
---
Lib/ensurepip/__init__.py | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py
index 566fb2a096..47da08d3d5 100644
index 9415fd73b8..f58dab1800 100644
--- a/Lib/ensurepip/__init__.py
+++ b/Lib/ensurepip/__init__.py
@@ -1,6 +1,7 @@
@ -27,10 +30,10 @@ index 566fb2a096..47da08d3d5 100644
+_WHEEL_DIR = "/usr/share/python38-wheels/"
-_SETUPTOOLS_VERSION = "41.2.0"
-_SETUPTOOLS_VERSION = "49.2.1"
+_wheels = {}
-_PIP_VERSION = "19.2.3"
-_PIP_VERSION = "20.2.1"
+def _get_most_recent_wheel_version(pkg):
+ prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg))
+ _wheels[pkg] = {}
@ -47,12 +50,12 @@ index 566fb2a096..47da08d3d5 100644
+_PIP_VERSION = _get_most_recent_wheel_version("pip")
_PROJECTS = [
("setuptools", _SETUPTOOLS_VERSION),
("setuptools", _SETUPTOOLS_VERSION, "py3"),
@@ -105,13 +120,10 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
# additional paths that need added to sys.path
additional_paths = []
for project, version in _PROJECTS:
- wheel_name = "{}-{}-py2.py3-none-any.whl".format(project, version)
for project, version, py_tag in _PROJECTS:
- wheel_name = "{}-{}-{}-none-any.whl".format(project, version, py_tag)
- whl = pkgutil.get_data(
- "ensurepip",
- "_bundled/{}".format(wheel_name),
@ -66,6 +69,3 @@ index 566fb2a096..47da08d3d5 100644
additional_paths.append(os.path.join(tmpdir, wheel_name))
--
2.26.2

View File

@ -1,86 +0,0 @@
From 3172104314227af128f3ce68e9650663a7c1268c Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 28 Aug 2017 17:16:46 +0200
Subject: [PATCH] 00274: Upstream uses Debian-style architecture naming, change
to match Fedora
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Petr Viktorin <pviktori@redhat.com>
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
Co-authored-by: Tomas Orsava <torsava@redhat.com>
---
config.sub | 2 +-
configure.ac | 16 ++++++++--------
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/config.sub b/config.sub
index ba37cf99e2..52a9ec6662 100755
--- a/config.sub
+++ b/config.sub
@@ -1042,7 +1042,7 @@ case $basic_machine in
;;
ppc64) basic_machine=powerpc64-unknown
;;
- ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+ ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little)
basic_machine=powerpc64le-unknown
diff --git a/configure.ac b/configure.ac
index 477a5ff1cb..aea27ef86a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -747,9 +747,9 @@ cat >> conftest.c <<EOF
alpha-linux-gnu
# elif defined(__ARM_EABI__) && defined(__ARM_PCS_VFP)
# if defined(__ARMEL__)
- arm-linux-gnueabihf
+ arm-linux-gnueabi
# else
- armeb-linux-gnueabihf
+ armeb-linux-gnueabi
# endif
# elif defined(__ARM_EABI__) && !defined(__ARM_PCS_VFP)
# if defined(__ARMEL__)
@@ -789,7 +789,7 @@ cat >> conftest.c <<EOF
# elif _MIPS_SIM == _ABIN32
mips64el-linux-gnuabin32
# elif _MIPS_SIM == _ABI64
- mips64el-linux-gnuabi64
+ mips64el-linux-gnu
# else
# error unknown platform triplet
# endif
@@ -799,22 +799,22 @@ cat >> conftest.c <<EOF
# elif _MIPS_SIM == _ABIN32
mips64-linux-gnuabin32
# elif _MIPS_SIM == _ABI64
- mips64-linux-gnuabi64
+ mips64-linux-gnu
# else
# error unknown platform triplet
# endif
# elif defined(__or1k__)
or1k-linux-gnu
# elif defined(__powerpc__) && defined(__SPE__)
- powerpc-linux-gnuspe
+ ppc-linux-gnuspe
# elif defined(__powerpc64__)
# if defined(__LITTLE_ENDIAN__)
- powerpc64le-linux-gnu
+ ppc64le-linux-gnu
# else
- powerpc64-linux-gnu
+ ppc64-linux-gnu
# endif
# elif defined(__powerpc__)
- powerpc-linux-gnu
+ ppc-linux-gnu
# elif defined(__s390x__)
s390x-linux-gnu
# elif defined(__s390__)
--
2.26.2

View File

@ -1,4 +1,4 @@
From eba7874ad8a269c1e6e7f56a3f1d759448a0ea83 Mon Sep 17 00:00:00 2001
From 7b70e87ecc1a75f005bdffd644ceca6c9e9679fa Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 25 Jul 2019 16:19:52 +0200
Subject: [PATCH 01/36] Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode()
@ -26,7 +26,7 @@ index 56873b7..63ae836 100644
for __func_name in __always_supported:
# try them all, some may not work due to the OpenSSL
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 3e5f9c3..d38aae9 100644
index edadbcb..9874b06 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -26,6 +26,9 @@
@ -36,10 +36,10 @@ index 3e5f9c3..d38aae9 100644
+/* Expose FIPS_mode */
+#include <openssl/crypto.h>
+
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL < 1.1.0 */
#define EVP_MD_CTX_new EVP_MD_CTX_create
@@ -1068,12 +1071,46 @@ generate_hash_name_list(void)
#ifndef OPENSSL_THREADS
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
#endif
@@ -1072,12 +1075,46 @@ generate_hash_name_list(void)
return state.set;
}
@ -126,7 +126,7 @@ index 9aaea47..30fd8a9 100644
2.25.4
From 692168044948a41211bb0efabacf0cbfade8db14 Mon Sep 17 00:00:00 2001
From 4e1fa0339c257987984caa278516d46c35463385 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 25 Jul 2019 17:04:06 +0200
Subject: [PATCH 02/36] Use python's fall backs for the crypto it implements
@ -425,7 +425,7 @@ index 8b53d23..e9abcbb 100644
2.25.4
From 25b2075a04c0622cd11b8ea986d7d817a1a5d375 Mon Sep 17 00:00:00 2001
From 91b5c97d586a98cb95e215ecd2c02b18c8783e7a Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 25 Jul 2019 17:19:06 +0200
Subject: [PATCH 03/36] Disable Python's hash implementations in FIPS mode,
@ -438,8 +438,8 @@ Subject: [PATCH 03/36] Disable Python's hash implementations in FIPS mode,
Modules/_blake2/blake2s_impl.c | 5 +++
Modules/_hashopenssl.c | 37 +------------------
Modules/_sha3/sha3module.c | 5 +++
setup.py | 48 +++++++++++++------------
7 files changed, 110 insertions(+), 59 deletions(-)
setup.py | 47 ++++++++++++------------
7 files changed, 110 insertions(+), 58 deletions(-)
create mode 100644 Include/_hashopenssl.h
diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h
@ -596,7 +596,7 @@ index ef2f7e1..389711a 100644
if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE)
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index d38aae9..10a987d 100644
index 9874b06..d733a39 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -17,6 +17,7 @@
@ -616,9 +616,9 @@ index d38aae9..10a987d 100644
-/* Expose FIPS_mode */
-#include <openssl/crypto.h>
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL < 1.1.0 */
@@ -65,38 +62,6 @@ class _hashlib.HASH "EVPobject *" "&EVPtype"
#ifndef OPENSSL_THREADS
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
@@ -69,38 +66,6 @@ class _hashlib.HASH "EVPobject *" "&EVPtype"
[clinic start generated code]*/
/*[clinic end generated code: output=da39a3ee5e6b4b0d input=a881a5092eecad28]*/
@ -695,7 +695,7 @@ index c1fb618..34d09b4 100644
return NULL;
}
diff --git a/setup.py b/setup.py
index 024a103..a16961e 100644
index 84f7300..06d1ce6 100644
--- a/setup.py
+++ b/setup.py
@@ -1688,7 +1688,6 @@ class PyBuildExt(build_ext):
@ -785,24 +785,24 @@ index 024a103..a16961e 100644
+ # don't build Python's implementations.
+ # sha3 and blake2 have extra functionality, so do build those:
blake2_deps = glob(os.path.join(self.srcdir,
blake2_deps = glob(os.path.join(escape(self.srcdir),
'Modules/_blake2/impl/*'))
@@ -2264,14 +2264,16 @@ class PyBuildExt(build_ext):
@@ -2264,6 +2264,7 @@ class PyBuildExt(build_ext):
['_blake2/blake2module.c',
'_blake2/blake2b_impl.c',
'_blake2/blake2s_impl.c'],
- depends=blake2_deps))
+ **self.detect_openssl_args(),
+ depends=blake2_deps))
+ **self.detect_openssl_args(),
depends=blake2_deps))
sha3_deps = glob(os.path.join(self.srcdir,
'Modules/_sha3/kcp/*'))
sha3_deps = glob(os.path.join(escape(self.srcdir),
@@ -2271,7 +2272,9 @@ class PyBuildExt(build_ext):
sha3_deps.append('hashlib.h')
self.add(Extension('_sha3',
['_sha3/sha3module.c'],
- depends=sha3_deps))
+ **self.detect_openssl_args(),
+ depends=sha3_deps + ['hashlib.h']))
+
def detect_nis(self):
if MS_WINDOWS or CYGWIN or HOST_PLATFORM == 'qnx6':
@ -810,7 +810,7 @@ index 024a103..a16961e 100644
2.25.4
From 97d839b2d8c03a7b428907e51a44269fdfe3a48d Mon Sep 17 00:00:00 2001
From d9b8f21a1b5feb177ece4c595ce8b639f02548c8 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 12 Dec 2019 16:58:31 +0100
Subject: [PATCH 04/36] Expose all hashes available to OpenSSL
@ -821,10 +821,10 @@ Subject: [PATCH 04/36] Expose all hashes available to OpenSSL
2 files changed, 447 insertions(+), 1 deletion(-)
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 10a987d..e10dbd7 100644
index d733a39..6982268 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -190,6 +190,12 @@ py_digest_by_name(const char *name)
@@ -194,6 +194,12 @@ py_digest_by_name(const char *name)
else if (!strcmp(name, "blake2b512")) {
digest = EVP_blake2b512();
}
@ -837,7 +837,7 @@ index 10a987d..e10dbd7 100644
#endif
}
@@ -708,6 +714,142 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
@@ -712,6 +718,142 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
return EVP_fast_new(module, data_obj, EVP_sha512());
}
@ -980,7 +980,7 @@ index 10a987d..e10dbd7 100644
/*[clinic input]
_hashlib.pbkdf2_hmac as pbkdf2_hmac
@@ -1083,6 +1225,14 @@ static struct PyMethodDef EVP_functions[] = {
@@ -1087,6 +1229,14 @@ static struct PyMethodDef EVP_functions[] = {
_HASHLIB_OPENSSL_SHA256_METHODDEF
_HASHLIB_OPENSSL_SHA384_METHODDEF
_HASHLIB_OPENSSL_SHA512_METHODDEF
@ -1312,7 +1312,7 @@ index 30fd8a9..e96a752 100644
2.25.4
From b681f084a48d5f2f3eb5257b33e968268850ea7b Mon Sep 17 00:00:00 2001
From d4c78750ffb431fe34a18aab7cdf84d3a68d7fc1 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 25 Jul 2019 18:13:45 +0200
Subject: [PATCH 05/36] Fix tests
@ -1444,7 +1444,7 @@ index e9abcbb..2a55fd4 100644
2.25.4
From 78dea79c8a284940a5d5997646745cb29f74d720 Mon Sep 17 00:00:00 2001
From 4ec7034d73e681041758fc80f75e061c0e506449 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 26 Jul 2019 11:27:57 +0200
Subject: [PATCH 06/36] Change FIPS exceptions from _blake2, _sha3 module init
@ -1586,7 +1586,7 @@ index 34d09b4..3079e1e 100644
2.25.4
From be76f342f801a674fdbb622fd6e096bd7a09e1e6 Mon Sep 17 00:00:00 2001
From ed6f93218c2190d34ee0b0f4c7599d306708449f Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 26 Jul 2019 11:24:09 +0200
Subject: [PATCH 07/36] Make hashlib importable under FIPS mode
@ -1621,7 +1621,7 @@ index 1bcfdf9..898e6dc 100644
2.25.4
From 15b34c0943d79ec7d236a5eefab636a288dc0ae1 Mon Sep 17 00:00:00 2001
From 66c5862bb09586168caac4d6ba6142ed3198fe1d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 26 Jul 2019 15:41:10 +0200
Subject: [PATCH 08/36] Implement hmac.new using new built-in module,
@ -2249,7 +2249,7 @@ index 0000000..b472a6e
+}
+/*[clinic end generated code: output=10b6e8cac6d7a2c9 input=a9049054013a1b77]*/
diff --git a/setup.py b/setup.py
index a16961e..3d2465d 100644
index 06d1ce6..ca8bc2b 100644
--- a/setup.py
+++ b/setup.py
@@ -2251,6 +2251,10 @@ class PyBuildExt(build_ext):
@ -2267,7 +2267,7 @@ index a16961e..3d2465d 100644
2.25.4
From f72ffcdcee6c59aa61a8df4a3bf6633d200d6417 Mon Sep 17 00:00:00 2001
From 6ec3a1afd87a3aa411a19727e212ebf81fee49cc Mon Sep 17 00:00:00 2001
From: Marcel Plch <mplch@redhat.com>
Date: Mon, 29 Jul 2019 12:45:11 +0200
Subject: [PATCH 09/36] FIPS review
@ -2482,7 +2482,7 @@ index ca95d72..216ed04 100644
2.25.4
From 408a7d606654249f4aaa2c26cd960b770429229c Mon Sep 17 00:00:00 2001
From 8645a4cf6ee2ad10fac3d081da78eabb06099a9c Mon Sep 17 00:00:00 2001
From: Marcel Plch <mplch@redhat.com>
Date: Mon, 29 Jul 2019 13:05:04 +0200
Subject: [PATCH 10/36] revert cosmetic nitpick and remove trailing whitespace
@ -2531,7 +2531,7 @@ index 216ed04..221714c 100644
2.25.4
From 6ed4037723b1ac437cfd8401355350ef5c47f0e1 Mon Sep 17 00:00:00 2001
From d80ae6ac0abf1e0ca5a32ff80343e927587cf5a6 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Wed, 31 Jul 2019 15:43:43 +0200
Subject: [PATCH 11/36] Add initial tests for various hashes under FIPS mode
@ -2615,7 +2615,7 @@ index 0000000..bee911e
2.25.4
From 2548227dff8ae23fb7d3dd45b6e044ff17796547 Mon Sep 17 00:00:00 2001
From 414c04713ad89bdeeb7a074f953c0085d541eae6 Mon Sep 17 00:00:00 2001
From: Marcel Plch <mplch@redhat.com>
Date: Thu, 1 Aug 2019 16:39:37 +0200
Subject: [PATCH 12/36] Initialize HMAC type.
@ -2684,7 +2684,7 @@ index 221714c..239445a 100644
2.25.4
From 4d40c61ed97eae9169df2e526d935d4997902f97 Mon Sep 17 00:00:00 2001
From 0157b52ac7f15610526497f9188eb84ed3846993 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 1 Aug 2019 17:57:05 +0200
Subject: [PATCH 13/36] Use a stronger hash in multiprocessing handshake
@ -2696,7 +2696,7 @@ https://bugs.python.org/issue17258
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
index c9f995e..64180b2 100644
index 8e2facf..bb4acb6 100644
--- a/Lib/multiprocessing/connection.py
+++ b/Lib/multiprocessing/connection.py
@@ -42,6 +42,10 @@ BUFSIZE = 8192
@ -2710,7 +2710,7 @@ index c9f995e..64180b2 100644
_mmap_counter = itertools.count()
default_family = 'AF_INET'
@@ -735,7 +739,7 @@ def deliver_challenge(connection, authkey):
@@ -736,7 +740,7 @@ def deliver_challenge(connection, authkey):
"Authkey must be bytes, not {0!s}".format(type(authkey)))
message = os.urandom(MESSAGE_LENGTH)
connection.send_bytes(CHALLENGE + message)
@ -2719,7 +2719,7 @@ index c9f995e..64180b2 100644
response = connection.recv_bytes(256) # reject large message
if response == digest:
connection.send_bytes(WELCOME)
@@ -751,7 +755,7 @@ def answer_challenge(connection, authkey):
@@ -752,7 +756,7 @@ def answer_challenge(connection, authkey):
message = connection.recv_bytes(256) # reject large message
assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
message = message[len(CHALLENGE):]
@ -2732,7 +2732,7 @@ index c9f995e..64180b2 100644
2.25.4
From bc917ee79da1166e9ff94e76bbb2a64044db2fc0 Mon Sep 17 00:00:00 2001
From 3730b4186cf708bb8ea528c22734d4c1176fc9ad Mon Sep 17 00:00:00 2001
From: Marcel Plch <mplch@redhat.com>
Date: Fri, 2 Aug 2019 17:36:01 +0200
Subject: [PATCH 14/36] Fix refcounting
@ -2806,7 +2806,7 @@ index 239445a..9c28828 100644
2.25.4
From 5807870fbc69dcd107a2fac7ce58da052d5e7fea Mon Sep 17 00:00:00 2001
From 1873bfe385a1b952ba11c2b2f15755353f2411df Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 13:37:05 +0200
Subject: [PATCH 15/36] hmac: Don't default to md5 in FIPS mode
@ -2832,7 +2832,7 @@ index daabc8c..0302364 100644
2.25.4
From 04a69823b36ee8626aa74b40d5a631dd09759451 Mon Sep 17 00:00:00 2001
From f77c854b9c5aab3e2bb517b6d0c08197a116efb1 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 14:20:58 +0200
Subject: [PATCH 16/36] Make _hmacopenssl.HMAC subclassable; subclass it as
@ -3123,7 +3123,7 @@ index b472a6e..861acc1 100644
2.25.4
From e0cbbc9dac64f173baa5348cf3608536ea8aea70 Mon Sep 17 00:00:00 2001
From b357a1f823b7b231d1a8bc149b5a950246350d3c Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 16:10:36 +0200
Subject: [PATCH 17/36] Fix _hmacopenssl.HMAC.block_size
@ -3149,7 +3149,7 @@ index 7d3d973..a24c8ba 100644
2.25.4
From d90c5c55ad983d84b09b366d4b62f06aa535fad6 Mon Sep 17 00:00:00 2001
From ee03c8ff14206070a7e4e4d13c4b067bcf25193d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 15:02:08 +0200
Subject: [PATCH 18/36] distutils upload: Skip md5 checksum in FIPS mode
@ -3231,7 +3231,7 @@ index c17d8e7..b4b64e9 100644
2.25.4
From 885f7b41697f252260a67d78ca8c46450843fa5e Mon Sep 17 00:00:00 2001
From fd0fd3310ff7c7dae0ea4377b71928ca3e242a21 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 15:32:25 +0200
Subject: [PATCH 19/36] Fix HMAC tests on FIPS mode
@ -3324,7 +3324,7 @@ index 23c108f..0a85981 100644
2.25.4
From 288d91b4752801264b37f7e94d964e1dffdee562 Mon Sep 17 00:00:00 2001
From e0c4dfcfc3070d0b3b25f77357509b9daa5f9891 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 16:37:12 +0200
Subject: [PATCH 20/36] test_tools: Skip md5sum tests in FIPS mode
@ -3357,7 +3357,7 @@ index fb565b7..7028a4d 100644
2.25.4
From 2c89b2e465e60558e0e066cc42a087ee6f31d520 Mon Sep 17 00:00:00 2001
From 510915020bb7c7c91d297fb3330ee9be3ee16b6f Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 18:23:57 +0200
Subject: [PATCH 21/36] Make hashlib tests pass in FIPS mode
@ -3552,7 +3552,7 @@ index 2a55fd4..9ae5efc 100644
2.25.4
From 14f26f4f378718024d0b0f300ab2f84429d23044 Mon Sep 17 00:00:00 2001
From de9997db1f55fe4c70f0a5c4fe5b497e8c6839a2 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Wed, 14 Aug 2019 14:43:07 +0200
Subject: [PATCH 22/36] distutils upload: only add md5 if available, but
@ -3622,7 +3622,7 @@ index b4b64e9..f720a79 100644
2.25.4
From 24e57cc45dc18146a583257e5825d6b6e672742d Mon Sep 17 00:00:00 2001
From 30407ef6fd2fb0fcb950cab57d4bd23121ef9084 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Fri, 13 Sep 2019 02:30:00 +0200
Subject: [PATCH 23/36] bpo-9216: Add usedforsecurity to hashlib constructors
@ -3728,10 +3728,10 @@ index 9ae5efc..08bb91f 100644
self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam')
self.assertRaises(TypeError, hashlib.new, 1)
diff --git a/Lib/uuid.py b/Lib/uuid.py
index 188e16b..5f3bc9e 100644
index 9540c21..be724ba 100644
--- a/Lib/uuid.py
+++ b/Lib/uuid.py
@@ -772,8 +772,11 @@ def uuid1(node=None, clock_seq=None):
@@ -774,8 +774,11 @@ def uuid1(node=None, clock_seq=None):
def uuid3(namespace, name):
"""Generate a UUID from the MD5 hash of a namespace UUID and a name."""
from hashlib import md5
@ -3944,10 +3944,10 @@ index 560bd68..71c5706 100644
-/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index e10dbd7..29c1bd8 100644
index 6982268..a1f81eb 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -517,7 +517,7 @@ static PyTypeObject EVPtype = {
@@ -521,7 +521,7 @@ static PyTypeObject EVPtype = {
\
static PyObject *
EVPnew(const EVP_MD *digest,
@ -3956,7 +3956,7 @@ index e10dbd7..29c1bd8 100644
{
int result = 0;
EVPobject *self;
@@ -530,6 +530,12 @@ EVPnew(const EVP_MD *digest,
@@ -534,6 +534,12 @@ EVPnew(const EVP_MD *digest,
if ((self = newEVPobject()) == NULL)
return NULL;
@ -3969,7 +3969,7 @@ index e10dbd7..29c1bd8 100644
if (!EVP_DigestInit_ex(self->ctx, digest, NULL)) {
_setException(PyExc_ValueError);
Py_DECREF(self);
@@ -561,6 +567,8 @@ _hashlib.new as EVP_new
@@ -565,6 +571,8 @@ _hashlib.new as EVP_new
name as name_obj: object
string as data_obj: object(c_default="NULL") = b''
@ -3978,7 +3978,7 @@ index e10dbd7..29c1bd8 100644
Return a new hash object using the named algorithm.
@@ -571,8 +579,9 @@ The MD5 and SHA1 algorithms are always supported.
@@ -575,8 +583,9 @@ The MD5 and SHA1 algorithms are always supported.
[clinic start generated code]*/
static PyObject *
@ -3990,7 +3990,7 @@ index e10dbd7..29c1bd8 100644
{
Py_buffer view = { 0 };
PyObject *ret_obj;
@@ -589,7 +598,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
@@ -593,7 +602,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
digest = py_digest_by_name(name);
@ -4001,7 +4001,7 @@ index e10dbd7..29c1bd8 100644
if (data_obj)
PyBuffer_Release(&view);
@@ -597,7 +608,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
@@ -601,7 +612,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
}
static PyObject*
@ -4011,7 +4011,7 @@ index e10dbd7..29c1bd8 100644
{
Py_buffer view = { 0 };
PyObject *ret_obj;
@@ -605,7 +617,8 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
@@ -609,7 +621,8 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
if (data_obj)
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
@ -4021,7 +4021,7 @@ index e10dbd7..29c1bd8 100644
if (data_obj)
PyBuffer_Release(&view);
@@ -617,16 +630,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
@@ -621,16 +634,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
_hashlib.openssl_md5
string as data_obj: object(py_default="b''") = NULL
@ -4044,7 +4044,7 @@ index e10dbd7..29c1bd8 100644
}
@@ -634,16 +650,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
@@ -638,16 +654,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha1
string as data_obj: object(py_default="b''") = NULL
@ -4067,7 +4067,7 @@ index e10dbd7..29c1bd8 100644
}
@@ -651,16 +670,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
@@ -655,16 +674,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha224
string as data_obj: object(py_default="b''") = NULL
@ -4090,7 +4090,7 @@ index e10dbd7..29c1bd8 100644
}
@@ -668,16 +690,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
@@ -672,16 +694,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha256
string as data_obj: object(py_default="b''") = NULL
@ -4113,7 +4113,7 @@ index e10dbd7..29c1bd8 100644
}
@@ -685,16 +710,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
@@ -689,16 +714,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha384
string as data_obj: object(py_default="b''") = NULL
@ -4136,7 +4136,7 @@ index e10dbd7..29c1bd8 100644
}
@@ -702,152 +730,179 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
@@ -706,152 +734,179 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
_hashlib.openssl_sha512
string as data_obj: object(py_default="b''") = NULL
@ -5729,7 +5729,7 @@ index 459a934..b8185b6 100644
-/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/
+/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/
diff --git a/Modules/md5module.c b/Modules/md5module.c
index b9a351a..f2c2d32 100644
index c2ebaaf..fdc4d7b 100644
--- a/Modules/md5module.c
+++ b/Modules/md5module.c
@@ -503,13 +503,15 @@ static PyTypeObject MD5type = {
@ -5856,7 +5856,7 @@ index 98b9791..df4f9d2 100644
2.25.4
From 372b2b63bf8ffb3201dc3c8d2488f6a5a55c5b21 Mon Sep 17 00:00:00 2001
From 095d8ea318b20b5d42ada0367ca770c15e6f6fa2 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 26 Aug 2019 19:09:39 +0200
Subject: [PATCH 24/36] Test the usedforsecurity flag
@ -6102,7 +6102,7 @@ index 08bb91f..1368e91 100644
2.25.4
From 7e2295b42d705d7d9cc0ccea472ff93bfa268b8c Mon Sep 17 00:00:00 2001
From 59b7e853d919380ca6c11655bbc7041ee395417d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 29 Aug 2019 10:25:28 +0200
Subject: [PATCH 25/36] Skip error checking in _hashlib.get_fips_mode
@ -6113,10 +6113,10 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745499
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 29c1bd8..d208f5c 100644
index a1f81eb..eff331b 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -1249,20 +1249,22 @@ _hashlib_get_fips_mode_impl(PyObject *module)
@@ -1253,20 +1253,22 @@ _hashlib_get_fips_mode_impl(PyObject *module)
/*[clinic end generated code: output=ad8a7793310d3f98 input=f42a2135df2a5e11]*/
{
@ -6157,7 +6157,7 @@ index 29c1bd8..d208f5c 100644
2.25.4
From dd5f58152edbcac44bcb1cafbee511c44d60ff67 Mon Sep 17 00:00:00 2001
From 7f5432d72546f60078989b6cadf26cd51de84ebd Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 10 Oct 2019 13:04:50 +0200
Subject: [PATCH 26/36] Skip error checking in _Py_hashlib_fips_error
@ -6195,7 +6195,7 @@ index 47ed003..d4cbdef 100644
2.25.4
From c76f0df2561ae64952f347d294aec2866e6b0586 Mon Sep 17 00:00:00 2001
From 05f7188136bda8eeec06428aa4ddf9ab14a178a0 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 5 Aug 2019 19:12:38 +0200
Subject: [PATCH 27/36] Fixups
@ -6237,7 +6237,7 @@ index 0a85981..0b481ec 100644
2.25.4
From b6139620fa7aaf401ebd510a0dbca14629096f94 Mon Sep 17 00:00:00 2001
From 0f707443431d9dc22218be7208d940f4d42f122d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 26 Aug 2019 19:39:48 +0200
Subject: [PATCH 28/36] Don't re-export get_fips_mode from hashlib
@ -6607,7 +6607,7 @@ index 1cb358f..6f5cb7f 100644
2.25.4
From 1de6c9e0e86e5c661ae32517492ecdf79a372e52 Mon Sep 17 00:00:00 2001
From 9515f9be3409fdc59cf9c09dd200917483e1651a Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Wed, 20 Nov 2019 10:59:25 +0100
Subject: [PATCH 29/36] Use FIPS compliant CSPRNG
@ -6624,7 +6624,7 @@ Signed-off-by: Christian Heimes <christian@python.org>
4 files changed, 89 insertions(+), 1 deletion(-)
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
index 4a076e3..f60ad6d 100644
index 2a4ae15..5ad5bd6 100644
--- a/Lib/test/test_os.py
+++ b/Lib/test/test_os.py
@@ -1546,6 +1546,11 @@ class GetRandomTests(unittest.TestCase):
@ -6640,7 +6640,7 @@ index 4a076e3..f60ad6d 100644
def test_getrandom_type(self):
data = os.getrandom(16)
diff --git a/Makefile.pre.in b/Makefile.pre.in
index 72d202d..9c34f99 100644
index 917303d..ddfbfd0 100644
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@@ -116,7 +116,7 @@ PY_STDMODULE_CFLAGS= $(PY_CFLAGS) $(PY_CFLAGS_NODIST) $(PY_CPPFLAGS) $(CFLAGSFOR
@ -6653,7 +6653,7 @@ index 72d202d..9c34f99 100644
CFLAGS_ALIASING=@CFLAGS_ALIASING@
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 850769f..039392e 100644
index 726e372..9a1249a 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -388,6 +388,9 @@ extern char *ctermid_r(char *);
@ -6666,7 +6666,7 @@ index 850769f..039392e 100644
#if defined(__sun)
/* Something to implement in autoconf, not present in autoconf 2.69 */
#define HAVE_STRUCT_STAT_ST_FSTYPE 1
@@ -13388,6 +13391,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
@@ -13558,6 +13561,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
return posix_error();
}
@ -6679,7 +6679,7 @@ index 850769f..039392e 100644
if (bytes == NULL) {
PyErr_NoMemory();
diff --git a/Python/bootstrap_hash.c b/Python/bootstrap_hash.c
index 43f5264..6716647 100644
index eb2b6d0..cb38cfe 100644
--- a/Python/bootstrap_hash.c
+++ b/Python/bootstrap_hash.c
@@ -409,6 +409,77 @@ dev_urandom_close(void)
@ -6775,7 +6775,7 @@ index 43f5264..6716647 100644
2.25.4
From 2af1274a6f6f7eb7aeb106007fd62e9fc889a86e Mon Sep 17 00:00:00 2001
From ba95383d9b37f252bd153674404dc4055d49bf82 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 28 Nov 2019 17:26:02 +0100
Subject: [PATCH 30/36] Fixups for FIPS compliant CSPRNG
@ -6786,7 +6786,7 @@ Subject: [PATCH 30/36] Fixups for FIPS compliant CSPRNG
2 files changed, 5 insertions(+), 31 deletions(-)
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
index f60ad6d..be057ad 100644
index 5ad5bd6..ae53de9 100644
--- a/Lib/test/test_os.py
+++ b/Lib/test/test_os.py
@@ -28,6 +28,7 @@ import time
@ -6807,7 +6807,7 @@ index f60ad6d..be057ad 100644
else:
raise
diff --git a/Python/bootstrap_hash.c b/Python/bootstrap_hash.c
index 6716647..7466d5f 100644
index cb38cfe..08fa29a 100644
--- a/Python/bootstrap_hash.c
+++ b/Python/bootstrap_hash.c
@@ -409,40 +409,13 @@ dev_urandom_close(void)
@ -6874,7 +6874,7 @@ index 6716647..7466d5f 100644
2.25.4
From 17c962efe979581d12e1cf80a04b9538bdfe7c45 Mon Sep 17 00:00:00 2001
From 496a58146aa42b97661c5ea1afeaa223e8fd4ceb Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 2 Apr 2020 16:50:37 +0200
Subject: [PATCH 31/36] Do not raise a ValueError if digestmod is missing in
@ -6904,7 +6904,7 @@ index 5055027..ee1ad76 100644
2.25.4
From 4acd1c8665231881335b6036a8595ac3220c0220 Mon Sep 17 00:00:00 2001
From 3f346ea93c2504e169a2df21e2de206031a08600 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 2 Apr 2020 16:55:36 +0200
Subject: [PATCH 32/36] Regenerate the clinic files
@ -6991,7 +6991,7 @@ index 861acc1..527be83 100644
2.25.4
From 900bbdc1e2d9498829731da4591f1ea4a5602fa4 Mon Sep 17 00:00:00 2001
From f4465980ae75c0e56cd1edecf9a42fa38b9cd12a Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 7 Apr 2020 15:16:45 +0200
Subject: [PATCH 33/36] Pass kwargs (like usedforsecurity) through __hash_new
@ -7026,7 +7026,7 @@ index 2fc214e..785858f 100644
2.25.4
From ab62e35c2c3a71b2ff50098966e654c91fb861d0 Mon Sep 17 00:00:00 2001
From 6c0ba219c01052f8b079ce67b89a75920b3aa867 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 7 Apr 2020 15:18:48 +0200
Subject: [PATCH 34/36] Adjust new upstream test for failing hashes with
@ -7072,7 +7072,7 @@ index a4b7840..a858bf4 100644
2.25.4
From 2b6bf1615e9e04a688f622e4b45e0e062a09578f Mon Sep 17 00:00:00 2001
From 041105f888785599e58213dfea55115a4e861d77 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Fri, 24 Apr 2020 19:57:16 +0200
Subject: [PATCH 35/36] Skip the test_with_digestmod_no_default under FIPS
@ -7118,7 +7118,7 @@ index cc77928..fd068e0 100644
2.25.4
From 65903540be85cbd6f188f6b5e69431859d0cbc0e Mon Sep 17 00:00:00 2001
From e20750200d560a549cbbf224ded74bb086ef3e66 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com>
Date: Tue, 31 Mar 2020 18:00:42 +0200
Subject: [PATCH 36/36] Add a sentinel value on the Hmac_members table of the

View File

@ -1,76 +0,0 @@
commit 00a240bf7f95bbd220f1cfbf9eb58484a5f9681a
Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Fri May 29 05:46:34 2020 -0700
bpo-40784: Fix sqlite3 deterministic test (GH-20448)
(cherry picked from commit c610d970f5373b143bf5f5900d4645e6a90fb460)
Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
diff --git a/Lib/sqlite3/test/userfunctions.py b/Lib/sqlite3/test/userfunctions.py
index 9501f53..c11c82e 100644
--- a/Lib/sqlite3/test/userfunctions.py
+++ b/Lib/sqlite3/test/userfunctions.py
@@ -1,8 +1,7 @@
-#-*- coding: iso-8859-1 -*-
# pysqlite2/test/userfunctions.py: tests for user-defined functions and
# aggregates.
#
-# Copyright (C) 2005-2007 Gerhard Häring <gh@ghaering.de>
+# Copyright (C) 2005-2007 Gerhard Häring <gh@ghaering.de>
#
# This file is part of pysqlite.
#
@@ -158,6 +157,7 @@ class FunctionTests(unittest.TestCase):
self.con.create_function("isblob", 1, func_isblob)
self.con.create_function("islonglong", 1, func_islonglong)
self.con.create_function("spam", -1, func)
+ self.con.execute("create table test(t text)")
def tearDown(self):
self.con.close()
@@ -276,18 +276,36 @@ class FunctionTests(unittest.TestCase):
val = cur.fetchone()[0]
self.assertEqual(val, 2)
+ # Regarding deterministic functions:
+ #
+ # Between 3.8.3 and 3.15.0, deterministic functions were only used to
+ # optimize inner loops, so for those versions we can only test if the
+ # sqlite machinery has factored out a call or not. From 3.15.0 and onward,
+ # deterministic functions were permitted in WHERE clauses of partial
+ # indices, which allows testing based on syntax, iso. the query optimizer.
+ @unittest.skipIf(sqlite.sqlite_version_info < (3, 8, 3), "Requires SQLite 3.8.3 or higher")
def CheckFuncNonDeterministic(self):
mock = unittest.mock.Mock(return_value=None)
- self.con.create_function("deterministic", 0, mock, deterministic=False)
- self.con.execute("select deterministic() = deterministic()")
- self.assertEqual(mock.call_count, 2)
-
- @unittest.skipIf(sqlite.sqlite_version_info < (3, 8, 3), "deterministic parameter not supported")
+ self.con.create_function("nondeterministic", 0, mock, deterministic=False)
+ if sqlite.sqlite_version_info < (3, 15, 0):
+ self.con.execute("select nondeterministic() = nondeterministic()")
+ self.assertEqual(mock.call_count, 2)
+ else:
+ with self.assertRaises(sqlite.OperationalError):
+ self.con.execute("create index t on test(t) where nondeterministic() is not null")
+
+ @unittest.skipIf(sqlite.sqlite_version_info < (3, 8, 3), "Requires SQLite 3.8.3 or higher")
def CheckFuncDeterministic(self):
mock = unittest.mock.Mock(return_value=None)
self.con.create_function("deterministic", 0, mock, deterministic=True)
- self.con.execute("select deterministic() = deterministic()")
- self.assertEqual(mock.call_count, 1)
+ if sqlite.sqlite_version_info < (3, 15, 0):
+ self.con.execute("select deterministic() = deterministic()")
+ self.assertEqual(mock.call_count, 1)
+ else:
+ try:
+ self.con.execute("create index t on test(t) where deterministic() is not null")
+ except sqlite.OperationalError:
+ self.fail("Unexpected failure while creating partial index")
@unittest.skipIf(sqlite.sqlite_version_info >= (3, 8, 3), "SQLite < 3.8.3 needed")
def CheckFuncDeterministicNotSupported(self):

View File

@ -0,0 +1,97 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Tue, 4 Aug 2020 12:04:03 +0200
Subject: [PATCH] 00353: Original names for architectures with different names
downstream
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
Pythons in RHEL/Fedora used different names for some architectures
than upstream and other distros (for example ppc64 vs. powerpc64).
This was patched in patch 274, now it is sedded if %with legacy_archnames.
That meant that an extension built with the default upstream settings
(on other distro or as an manylinux wheel) could not been found by Python
on RHEL/Fedora because it had a different suffix.
This patch adds the legacy names to importlib so Python is able
to import extensions with a legacy architecture name in its
file name.
It work both ways, so it support both %with and %without legacy_archnames.
WARNING: This patch has no effect on Python built with bootstrap
enabled because Python/importlib_external.h is not regenerated
and therefore Python during bootstrap contains importlib from
upstream without this feature. It's possible to include
Python/importlib_external.h to this patch but it'd make rebasing
a nightmare because it's basically a binary file.
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
---
Lib/importlib/_bootstrap_external.py | 40 ++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/Lib/importlib/_bootstrap_external.py b/Lib/importlib/_bootstrap_external.py
index b8ac482994..62e937b819 100644
--- a/Lib/importlib/_bootstrap_external.py
+++ b/Lib/importlib/_bootstrap_external.py
@@ -1559,7 +1559,7 @@ def _get_supported_file_loaders():
Each item is a tuple (loader, suffixes).
"""
- extensions = ExtensionFileLoader, _imp.extension_suffixes()
+ extensions = ExtensionFileLoader, _alternative_architectures(_imp.extension_suffixes())
source = SourceFileLoader, SOURCE_SUFFIXES
bytecode = SourcelessFileLoader, BYTECODE_SUFFIXES
return [extensions, source, bytecode]
@@ -1623,7 +1623,7 @@ def _setup(_bootstrap_module):
# Constants
setattr(self_module, '_relax_case', _make_relax_case())
- EXTENSION_SUFFIXES.extend(_imp.extension_suffixes())
+ EXTENSION_SUFFIXES.extend(_alternative_architectures(_imp.extension_suffixes()))
if builtin_os == 'nt':
SOURCE_SUFFIXES.append('.pyw')
if '_d.pyd' in EXTENSION_SUFFIXES:
@@ -1636,3 +1636,39 @@ def _install(_bootstrap_module):
supported_loaders = _get_supported_file_loaders()
sys.path_hooks.extend([FileFinder.path_hook(*supported_loaders)])
sys.meta_path.append(PathFinder)
+
+
+_ARCH_MAP = {
+ "-arm-linux-gnueabi.": "-arm-linux-gnueabihf.",
+ "-armeb-linux-gnueabi.": "-armeb-linux-gnueabihf.",
+ "-mips64-linux-gnu.": "-mips64-linux-gnuabi64.",
+ "-mips64el-linux-gnu.": "-mips64el-linux-gnuabi64.",
+ "-ppc-linux-gnu.": "-powerpc-linux-gnu.",
+ "-ppc-linux-gnuspe.": "-powerpc-linux-gnuspe.",
+ "-ppc64-linux-gnu.": "-powerpc64-linux-gnu.",
+ "-ppc64le-linux-gnu.": "-powerpc64le-linux-gnu.",
+ # The above, but the other way around:
+ "-arm-linux-gnueabihf.": "-arm-linux-gnueabi.",
+ "-armeb-linux-gnueabihf.": "-armeb-linux-gnueabi.",
+ "-mips64-linux-gnuabi64.": "-mips64-linux-gnu.",
+ "-mips64el-linux-gnuabi64.": "-mips64el-linux-gnu.",
+ "-powerpc-linux-gnu.": "-ppc-linux-gnu.",
+ "-powerpc-linux-gnuspe.": "-ppc-linux-gnuspe.",
+ "-powerpc64-linux-gnu.": "-ppc64-linux-gnu.",
+ "-powerpc64le-linux-gnu.": "-ppc64le-linux-gnu.",
+}
+
+
+def _alternative_architectures(suffixes):
+ """Add a suffix with an alternative architecture name
+ to the list of suffixes so an extension built with
+ the default (upstream) setting is loadable with our Pythons
+ """
+
+ for suffix in suffixes:
+ for original, alternative in _ARCH_MAP.items():
+ if original in suffix:
+ suffixes.append(suffix.replace(original, alternative))
+ return suffixes
+
+ return suffixes

View File

@ -0,0 +1,186 @@
From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Mon, 18 Jan 2021 13:28:52 -0800
Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
formatting in ctypes param reprs. (GH-24248)
(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
Co-authored-by: Benjamin Peterson <benjamin@python.org>
---
Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
.../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
Modules/_ctypes/callproc.c | 51 +++++++------------
3 files changed, 64 insertions(+), 32 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
index e4c25fd880cef..531894fdec838 100644
--- a/Lib/ctypes/test/test_parameters.py
+++ b/Lib/ctypes/test/test_parameters.py
@@ -201,6 +201,49 @@ def __dict__(self):
with self.assertRaises(ZeroDivisionError):
WorseStruct().__setstate__({}, b'foo')
+ def test_parameter_repr(self):
+ from ctypes import (
+ c_bool,
+ c_char,
+ c_wchar,
+ c_byte,
+ c_ubyte,
+ c_short,
+ c_ushort,
+ c_int,
+ c_uint,
+ c_long,
+ c_ulong,
+ c_longlong,
+ c_ulonglong,
+ c_float,
+ c_double,
+ c_longdouble,
+ c_char_p,
+ c_wchar_p,
+ c_void_p,
+ )
+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
+
################################################################
if __name__ == '__main__':
diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
new file mode 100644
index 0000000000000..7df65a156feab
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
@@ -0,0 +1,2 @@
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+:class:`ctypes.c_longdouble` values.
diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
index a9b8675cd951b..de75918d49f37 100644
--- a/Modules/_ctypes/callproc.c
+++ b/Modules/_ctypes/callproc.c
@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
static PyObject *
PyCArg_repr(PyCArgObject *self)
{
- char buffer[256];
switch(self->tag) {
case 'b':
case 'B':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.b);
- break;
case 'h':
case 'H':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.h);
- break;
case 'i':
case 'I':
- sprintf(buffer, "<cparam '%c' (%d)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
self->tag, self->value.i);
- break;
case 'l':
case 'L':
- sprintf(buffer, "<cparam '%c' (%ld)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
self->tag, self->value.l);
- break;
case 'q':
case 'Q':
- sprintf(buffer,
-#ifdef MS_WIN32
- "<cparam '%c' (%I64d)>",
-#else
- "<cparam '%c' (%lld)>",
-#endif
+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
self->tag, self->value.q);
- break;
case 'd':
- sprintf(buffer, "<cparam '%c' (%f)>",
- self->tag, self->value.d);
- break;
- case 'f':
- sprintf(buffer, "<cparam '%c' (%f)>",
- self->tag, self->value.f);
- break;
-
+ case 'f': {
+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
+ if (f == NULL) {
+ return NULL;
+ }
+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
+ Py_DECREF(f);
+ return result;
+ }
case 'c':
if (is_literal_char((unsigned char)self->value.c)) {
- sprintf(buffer, "<cparam '%c' ('%c')>",
+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
self->tag, self->value.c);
}
else {
- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
self->tag, (unsigned char)self->value.c);
}
- break;
/* Hm, are these 'z' and 'Z' codes useful at all?
Shouldn't they be replaced by the functionality of c_string
@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
case 'z':
case 'Z':
case 'P':
- sprintf(buffer, "<cparam '%c' (%p)>",
+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
self->tag, self->value.p);
break;
default:
if (is_literal_char((unsigned char)self->tag)) {
- sprintf(buffer, "<cparam '%c' at %p>",
+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
(unsigned char)self->tag, (void *)self);
}
else {
- sprintf(buffer, "<cparam 0x%02x at %p>",
+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
(unsigned char)self->tag, (void *)self);
}
- break;
}
- return PyUnicode_FromString(buffer);
}
static PyMemberDef PyCArgType_members[] = {

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAl68Z1QACgkQsmmV4xAl
BWhdxQ/+PUi0er9eBEaWNaatCsEDXnBvrCs1OooL3WWJ2GC5zf3buMwj2pFOZf9D
YFFGdomhYhvRnyQCJQSXuWJXQaafzKAl1tvkgS2ycOnLvCJ/qw71SqorQxkMGK1m
TYZyLEapNkXrfDXRHfGybuVlNsHw9++abpEITqwucTWm9LiHZoF/zdK+JX/5RYQ0
bfb8819DMZEyCsF+S8Jo6ZNyEIQyQxidFFt5HbMllFwsgzu37P8RqGSIoVNFJ8n9
f7BWfXAIyGr7pIlJ+3qBYDXOeOx8iwIUxGu3Gbmiri+dlxz28Iei4mxPYHG4ji5B
3zMsqKcaVAMHzKuAwdF5ZbUg0DRRJweNoiDOsfKp0CI814pXmOLH0zi9OiLrxBzj
7v9H3dAPMC2f2zAFdNcjYVBRovCxIork/Lj3+6jGn67+8oV+eb23gnN5YpDAFAAu
ybtrt6fEi0uVJuxUl+MO5HkSmH3sLggVDskvuWPFLiuahcbSuiZoCvlB+osO9J0H
el/3Awv5TjckY/EVDt1T61aYLX0CHNcb8c/CjAf0OSd/96WxV3svtusllqcSYwiC
NxBRf0klpGn0Tpa+9hTAMc4dEKILgao1KsKiI8dj8YY3HcE0Lb3y9UdFcIDLCeqn
Sk5turYyKak7apZTY31/0eqqCUl/RlZwpmxVUUNViwR5F2ZPeAQ=
=jF/G
-----END PGP SIGNATURE-----

28
SOURCES/get-source.sh Executable file
View File

@ -0,0 +1,28 @@
#! /bin/bash -ex
# Download a release of Python (if missing) and remove .exe files from it
version=$1
if [ -z "${version}" ]; then
echo "Usage: $0 VERSION" >& 2
echo "" >& 2
echo "example: $0 3.6.6" >& 2
exit 1
fi
versionedname=Python-${version}
orig_archive=${versionedname}.tar.xz
new_archive=${versionedname}-noexe.tar.xz
if [ ! -e ${orig_archive} ]; then
wget -N https://www.python.org/ftp/python/${version}/${orig_archive}
fi
deleted_names=$(tar --list -Jf ${orig_archive} | grep '\.exe$')
# tar --delete does not operate on compressed archives, so do
# xz compression/decompression explicitly
xz --decompress --stdout ${orig_archive} | \
tar --delete -v ${deleted_names} | \
xz --compress --stdout -3 -T0 > ${new_archive}

File diff suppressed because it is too large Load Diff

View File

@ -13,11 +13,11 @@ URL: https://www.python.org/
# WARNING When rebasing to a new Python version,
# remember to update the python3-docs package as well
%global general_version %{pybasever}.3
%global general_version %{pybasever}.6
#global prerel ...
%global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}}
Release: 1%{?dist}
Release: 3%{?dist}
License: Python
# Exclude i686 arch. Due to a modularity issue it's being added to the
@ -92,6 +92,15 @@ ExcludeArch: i686
%bcond_with valgrind
%endif
# https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
# For a very long time we have converted "upstream architecture names" to "Fedora names".
# This made sense at the time, see https://github.com/pypa/manylinux/issues/687#issuecomment-666362947
# However, with manylinux wheels popularity growth, this is now a problem.
# Wheels built on a Linux that doesn't do this were not compatible with ours and vice versa.
# We now have a compatibility layer to workaround a problem,
# but we also no longer use the legacy arch names in Fedora 34+.
# This bcond controls the behavior. The defaults should be good for anybody.
%bcond_without legacy_archnames
# =====================
# General global macros
@ -114,8 +123,21 @@ ExcludeArch: i686
%global LDVERSION_optimized %{pybasever}%{ABIFLAGS_optimized}
%global LDVERSION_debug %{pybasever}%{ABIFLAGS_debug}
%global SOABI_optimized cpython-%{pyshortver}%{ABIFLAGS_optimized}-%{_arch}-linux%{_gnu}
%global SOABI_debug cpython-%{pyshortver}%{ABIFLAGS_debug}-%{_arch}-linux%{_gnu}
# When we use the upstream arch triplets, we convert them from the legacy ones
# This is reversed in prep when %%with legacy_archnames, so we keep both macros
%global platform_triplet_legacy %{_arch}-linux%{_gnu}
%global platform_triplet_upstream %{expand:%(echo %{platform_triplet_legacy} | sed -E \\
-e 's/^arm(eb)?-linux-gnueabi$/arm\\1-linux-gnueabihf/' \\
-e 's/^mips64(el)?-linux-gnu$/mips64\\1-linux-gnuabi64/' \\
-e 's/^ppc(64)?(le)?-linux-gnu$/powerpc\\1\\2-linux-gnu/')}
%if %{with legacy_archnames}
%global platform_triplet %{platform_triplet_legacy}
%else
%global platform_triplet %{platform_triplet_upstream}
%endif
%global SOABI_optimized cpython-%{pyshortver}%{ABIFLAGS_optimized}-%{platform_triplet}
%global SOABI_debug cpython-%{pyshortver}%{ABIFLAGS_debug}-%{platform_triplet}
# All bytecode files are in a __pycache__ subdirectory, with a name
# reflecting the version of the bytecode.
@ -216,9 +238,17 @@ BuildRequires: python%{pyshortver}
# Source code and patches
# =======================
Source0: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz
Source1: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz.asc
Source2: %{url}static/files/pubkeys.txt
# The upstream tarball includes questionable executable files for Windows,
# which we should not ship even in the SRPM.
# Run the "get-source.sh" with the version as argument to download the upstream
# tarball and generate a version with the .exe files removed. For example:
# $ ./get-source.sh 3.7.0
Source: Python-%{version}-noexe.tar.xz
# A script to remove .exe files from the source distribution
Source1: get-source.sh
Source3: macros.python38
# A simple script to check timestamps of bytecode files
@ -265,10 +295,6 @@ Patch189: 00189-use-rpm-wheels.patch
# Downstream only: Awaiting resources to work on upstream PEP
Patch251: 00251-change-user-install-location.patch
# 00274 #
# Upstream uses Debian-style architecture naming. Change to match Fedora.
Patch274: 00274-fix-arch-names.patch
# 00328 #
# Restore pyc to TIMESTAMP invalidation mode as default in rpmbubild
# See https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57#comment-27426
@ -299,11 +325,36 @@ Patch328: 00328-pyc-timestamp-invalidation-mode.patch
# Resolves: rhbz#1731424
Patch329: 00329-fips.patch
# 00350 #
# bpo-40784: Fix sqlite3 deterministic test (GH-20448)
# https://bugs.python.org/issue40784
# https://github.com/python/cpython/commit/00a240bf7f95bbd220f1cfbf9eb58484a5f9681a
Patch350: 00350-sqlite-fix-deterministic-test.patch
# 00353 #
# Original names for architectures with different names downstream
#
# https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
#
# Pythons in RHEL/Fedora used different names for some architectures
# than upstream and other distros (for example ppc64 vs. powerpc64).
# This was patched in patch 274, now it is sedded if %%with legacy_archnames.
#
# That meant that an extension built with the default upstream settings
# (on other distro or as an manylinux wheel) could not been found by Python
# on RHEL/Fedora because it had a different suffix.
# This patch adds the legacy names to importlib so Python is able
# to import extensions with a legacy architecture name in its
# file name.
# It work both ways, so it support both %%with and %%without legacy_archnames.
#
# WARNING: This patch has no effect on Python built with bootstrap
# enabled because Python/importlib_external.h is not regenerated
# and therefore Python during bootstrap contains importlib from
# upstream without this feature. It's possible to include
# Python/importlib_external.h to this patch but it'd make rebasing
# a nightmare because it's basically a binary file.
Patch353: 00353-architecture-names-upstream-downstream.patch
# 00357 #
# Security fix for CVE-2021-3177
# Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
# Resolves upstream: https://bugs.python.org/issue42938
Patch357: 00357-CVE-2021-3177.patch
# (New patches go here ^^^)
#
@ -649,16 +700,22 @@ rm Lib/ensurepip/_bundled/*.whl
%endif
%patch251 -p1
%patch274 -p1
%patch328 -p1
%patch329 -p1
%patch350 -p1
%patch353 -p1
%patch357 -p1
# Remove files that should be generated by the build
# (This is after patching, so that we can use patches directly from upstream)
rm configure pyconfig.h.in
# When we use the legacy arch names, we need to change them in configure.ac
%if %{with legacy_archnames}
sed -i configure.ac \
-e 's/\b%{platform_triplet_upstream}\b/%{platform_triplet_legacy}/'
%endif
# ======================================================
# Configuring and building the code:
@ -1471,8 +1528,8 @@ fi
# "Makefile" and the config-32/64.h file are needed by
# distutils/sysconfig.py:_init_posix(), so we include them in the core
# package, along with their parent directories (bug 531901):
%dir %{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/
%{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/Makefile
%dir %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/
%{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/Makefile
%dir %{_includedir}/python%{LDVERSION_optimized}/
%{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h}
@ -1490,9 +1547,9 @@ fi
%{_bindir}/2to3
%endif
%{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/*
%{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/*
%if %{without flatpackage}
%exclude %{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/Makefile
%exclude %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/Makefile
%exclude %{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h}
%endif
%{_includedir}/python%{LDVERSION_optimized}/*.h
@ -1687,7 +1744,7 @@ fi
%{_libdir}/%{py_INSTSONAME_debug}
# Analog of the -devel subpackage's files:
%{pylibdir}/config-%{LDVERSION_debug}-%{_arch}-linux%{_gnu}
%{pylibdir}/config-%{LDVERSION_debug}-%{platform_triplet}
%{_includedir}/python%{LDVERSION_debug}
%{_bindir}/python%{LDVERSION_debug}-config
%{_bindir}/python%{LDVERSION_debug}-*-config
@ -1736,6 +1793,26 @@ fi
# ======================================================
%changelog
* Fri Jan 22 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.8.6-3
- Security fix for CVE-2021-3177
Resolves: rhbz#1919161
* Fri Oct 23 2020 Lumír Balhar <lbalhar@redhat.com> - 3.8.6-2
- Add support for upstream architecture names
https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
Resolves: rhbz#1868006
* Fri Oct 09 2020 Charalampos Stratakis <cstratak@redhat.com> - 3.8.6-1
- Update to 3.8.6
- Security fix for CVE-2020-26116
Resolves: rhbz#1886755, rhbz#1883259
* Mon Aug 17 2020 Tomas Orsava <torsava@redhat.com> - 3.8.3-3
- Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
Resolves: rhbz#1856481
- Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
Resolves: rhbz#1854926
* Wed Jun 24 2020 Tomas Orsava <torsava@redhat.com> - 3.8.3-2
- Fix sqlite3 deterministic test
Related: rhbz#1847416