import python38-3.8.6-3.module+el8.4.0+9579+e9717e18
This commit is contained in:
parent
6f035bd18b
commit
3b3eb22c65
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/Python-3.8.3.tar.xz
|
||||
SOURCES/Python-3.8.6-noexe.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
3bafa40df1cd069c112761c388a9f2e94b5d33dd SOURCES/Python-3.8.3.tar.xz
|
||||
e77d08894869ecf483e9f945663f75316ad68bf1 SOURCES/Python-3.8.6-noexe.tar.xz
|
||||
|
@ -1,15 +1,18 @@
|
||||
From 36f1f2b4620b13bdc7ac1c349253ac07960c33b3 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
|
||||
Date: Wed, 15 Aug 2018 15:36:29 +0200
|
||||
Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels
|
||||
|
||||
We keep them in /usr/share/python-wheels
|
||||
|
||||
Downstream only: upstream bundles
|
||||
We might eventually pursuit upstream support, but it's low prio
|
||||
---
|
||||
Lib/ensurepip/__init__.py | 32 ++++++++++++++++++++++----------
|
||||
1 file changed, 22 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py
|
||||
index 566fb2a096..47da08d3d5 100644
|
||||
index 9415fd73b8..f58dab1800 100644
|
||||
--- a/Lib/ensurepip/__init__.py
|
||||
+++ b/Lib/ensurepip/__init__.py
|
||||
@@ -1,6 +1,7 @@
|
||||
@ -27,10 +30,10 @@ index 566fb2a096..47da08d3d5 100644
|
||||
|
||||
+_WHEEL_DIR = "/usr/share/python38-wheels/"
|
||||
|
||||
-_SETUPTOOLS_VERSION = "41.2.0"
|
||||
-_SETUPTOOLS_VERSION = "49.2.1"
|
||||
+_wheels = {}
|
||||
|
||||
-_PIP_VERSION = "19.2.3"
|
||||
-_PIP_VERSION = "20.2.1"
|
||||
+def _get_most_recent_wheel_version(pkg):
|
||||
+ prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg))
|
||||
+ _wheels[pkg] = {}
|
||||
@ -47,12 +50,12 @@ index 566fb2a096..47da08d3d5 100644
|
||||
+_PIP_VERSION = _get_most_recent_wheel_version("pip")
|
||||
|
||||
_PROJECTS = [
|
||||
("setuptools", _SETUPTOOLS_VERSION),
|
||||
("setuptools", _SETUPTOOLS_VERSION, "py3"),
|
||||
@@ -105,13 +120,10 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
|
||||
# additional paths that need added to sys.path
|
||||
additional_paths = []
|
||||
for project, version in _PROJECTS:
|
||||
- wheel_name = "{}-{}-py2.py3-none-any.whl".format(project, version)
|
||||
for project, version, py_tag in _PROJECTS:
|
||||
- wheel_name = "{}-{}-{}-none-any.whl".format(project, version, py_tag)
|
||||
- whl = pkgutil.get_data(
|
||||
- "ensurepip",
|
||||
- "_bundled/{}".format(wheel_name),
|
||||
@ -66,6 +69,3 @@ index 566fb2a096..47da08d3d5 100644
|
||||
|
||||
additional_paths.append(os.path.join(tmpdir, wheel_name))
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
@ -1,86 +0,0 @@
|
||||
From 3172104314227af128f3ce68e9650663a7c1268c Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 28 Aug 2017 17:16:46 +0200
|
||||
Subject: [PATCH] 00274: Upstream uses Debian-style architecture naming, change
|
||||
to match Fedora
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Co-authored-by: Petr Viktorin <pviktori@redhat.com>
|
||||
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
|
||||
Co-authored-by: Tomas Orsava <torsava@redhat.com>
|
||||
---
|
||||
config.sub | 2 +-
|
||||
configure.ac | 16 ++++++++--------
|
||||
2 files changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/config.sub b/config.sub
|
||||
index ba37cf99e2..52a9ec6662 100755
|
||||
--- a/config.sub
|
||||
+++ b/config.sub
|
||||
@@ -1042,7 +1042,7 @@ case $basic_machine in
|
||||
;;
|
||||
ppc64) basic_machine=powerpc64-unknown
|
||||
;;
|
||||
- ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
|
||||
+ ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppc64le | powerpc64little)
|
||||
basic_machine=powerpc64le-unknown
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 477a5ff1cb..aea27ef86a 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -747,9 +747,9 @@ cat >> conftest.c <<EOF
|
||||
alpha-linux-gnu
|
||||
# elif defined(__ARM_EABI__) && defined(__ARM_PCS_VFP)
|
||||
# if defined(__ARMEL__)
|
||||
- arm-linux-gnueabihf
|
||||
+ arm-linux-gnueabi
|
||||
# else
|
||||
- armeb-linux-gnueabihf
|
||||
+ armeb-linux-gnueabi
|
||||
# endif
|
||||
# elif defined(__ARM_EABI__) && !defined(__ARM_PCS_VFP)
|
||||
# if defined(__ARMEL__)
|
||||
@@ -789,7 +789,7 @@ cat >> conftest.c <<EOF
|
||||
# elif _MIPS_SIM == _ABIN32
|
||||
mips64el-linux-gnuabin32
|
||||
# elif _MIPS_SIM == _ABI64
|
||||
- mips64el-linux-gnuabi64
|
||||
+ mips64el-linux-gnu
|
||||
# else
|
||||
# error unknown platform triplet
|
||||
# endif
|
||||
@@ -799,22 +799,22 @@ cat >> conftest.c <<EOF
|
||||
# elif _MIPS_SIM == _ABIN32
|
||||
mips64-linux-gnuabin32
|
||||
# elif _MIPS_SIM == _ABI64
|
||||
- mips64-linux-gnuabi64
|
||||
+ mips64-linux-gnu
|
||||
# else
|
||||
# error unknown platform triplet
|
||||
# endif
|
||||
# elif defined(__or1k__)
|
||||
or1k-linux-gnu
|
||||
# elif defined(__powerpc__) && defined(__SPE__)
|
||||
- powerpc-linux-gnuspe
|
||||
+ ppc-linux-gnuspe
|
||||
# elif defined(__powerpc64__)
|
||||
# if defined(__LITTLE_ENDIAN__)
|
||||
- powerpc64le-linux-gnu
|
||||
+ ppc64le-linux-gnu
|
||||
# else
|
||||
- powerpc64-linux-gnu
|
||||
+ ppc64-linux-gnu
|
||||
# endif
|
||||
# elif defined(__powerpc__)
|
||||
- powerpc-linux-gnu
|
||||
+ ppc-linux-gnu
|
||||
# elif defined(__s390x__)
|
||||
s390x-linux-gnu
|
||||
# elif defined(__s390__)
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,4 +1,4 @@
|
||||
From eba7874ad8a269c1e6e7f56a3f1d759448a0ea83 Mon Sep 17 00:00:00 2001
|
||||
From 7b70e87ecc1a75f005bdffd644ceca6c9e9679fa Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 16:19:52 +0200
|
||||
Subject: [PATCH 01/36] Expose OpenSSL FIPS_mode() as hashlib.get_fips_mode()
|
||||
@ -26,7 +26,7 @@ index 56873b7..63ae836 100644
|
||||
for __func_name in __always_supported:
|
||||
# try them all, some may not work due to the OpenSSL
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index 3e5f9c3..d38aae9 100644
|
||||
index edadbcb..9874b06 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -26,6 +26,9 @@
|
||||
@ -36,10 +36,10 @@ index 3e5f9c3..d38aae9 100644
|
||||
+/* Expose FIPS_mode */
|
||||
+#include <openssl/crypto.h>
|
||||
+
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/* OpenSSL < 1.1.0 */
|
||||
#define EVP_MD_CTX_new EVP_MD_CTX_create
|
||||
@@ -1068,12 +1071,46 @@ generate_hash_name_list(void)
|
||||
#ifndef OPENSSL_THREADS
|
||||
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||
#endif
|
||||
@@ -1072,12 +1075,46 @@ generate_hash_name_list(void)
|
||||
return state.set;
|
||||
}
|
||||
|
||||
@ -126,7 +126,7 @@ index 9aaea47..30fd8a9 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 692168044948a41211bb0efabacf0cbfade8db14 Mon Sep 17 00:00:00 2001
|
||||
From 4e1fa0339c257987984caa278516d46c35463385 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 17:04:06 +0200
|
||||
Subject: [PATCH 02/36] Use python's fall backs for the crypto it implements
|
||||
@ -425,7 +425,7 @@ index 8b53d23..e9abcbb 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 25b2075a04c0622cd11b8ea986d7d817a1a5d375 Mon Sep 17 00:00:00 2001
|
||||
From 91b5c97d586a98cb95e215ecd2c02b18c8783e7a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 17:19:06 +0200
|
||||
Subject: [PATCH 03/36] Disable Python's hash implementations in FIPS mode,
|
||||
@ -438,8 +438,8 @@ Subject: [PATCH 03/36] Disable Python's hash implementations in FIPS mode,
|
||||
Modules/_blake2/blake2s_impl.c | 5 +++
|
||||
Modules/_hashopenssl.c | 37 +------------------
|
||||
Modules/_sha3/sha3module.c | 5 +++
|
||||
setup.py | 48 +++++++++++++------------
|
||||
7 files changed, 110 insertions(+), 59 deletions(-)
|
||||
setup.py | 47 ++++++++++++------------
|
||||
7 files changed, 110 insertions(+), 58 deletions(-)
|
||||
create mode 100644 Include/_hashopenssl.h
|
||||
|
||||
diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h
|
||||
@ -596,7 +596,7 @@ index ef2f7e1..389711a 100644
|
||||
|
||||
if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE)
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index d38aae9..10a987d 100644
|
||||
index 9874b06..d733a39 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -17,6 +17,7 @@
|
||||
@ -616,9 +616,9 @@ index d38aae9..10a987d 100644
|
||||
-/* Expose FIPS_mode */
|
||||
-#include <openssl/crypto.h>
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/* OpenSSL < 1.1.0 */
|
||||
@@ -65,38 +62,6 @@ class _hashlib.HASH "EVPobject *" "&EVPtype"
|
||||
#ifndef OPENSSL_THREADS
|
||||
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||
@@ -69,38 +66,6 @@ class _hashlib.HASH "EVPobject *" "&EVPtype"
|
||||
[clinic start generated code]*/
|
||||
/*[clinic end generated code: output=da39a3ee5e6b4b0d input=a881a5092eecad28]*/
|
||||
|
||||
@ -695,7 +695,7 @@ index c1fb618..34d09b4 100644
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 024a103..a16961e 100644
|
||||
index 84f7300..06d1ce6 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -1688,7 +1688,6 @@ class PyBuildExt(build_ext):
|
||||
@ -785,24 +785,24 @@ index 024a103..a16961e 100644
|
||||
+ # don't build Python's implementations.
|
||||
+ # sha3 and blake2 have extra functionality, so do build those:
|
||||
|
||||
blake2_deps = glob(os.path.join(self.srcdir,
|
||||
blake2_deps = glob(os.path.join(escape(self.srcdir),
|
||||
'Modules/_blake2/impl/*'))
|
||||
@@ -2264,14 +2264,16 @@ class PyBuildExt(build_ext):
|
||||
@@ -2264,6 +2264,7 @@ class PyBuildExt(build_ext):
|
||||
['_blake2/blake2module.c',
|
||||
'_blake2/blake2b_impl.c',
|
||||
'_blake2/blake2s_impl.c'],
|
||||
- depends=blake2_deps))
|
||||
+ **self.detect_openssl_args(),
|
||||
+ depends=blake2_deps))
|
||||
+ **self.detect_openssl_args(),
|
||||
depends=blake2_deps))
|
||||
|
||||
sha3_deps = glob(os.path.join(self.srcdir,
|
||||
'Modules/_sha3/kcp/*'))
|
||||
sha3_deps = glob(os.path.join(escape(self.srcdir),
|
||||
@@ -2271,7 +2272,9 @@ class PyBuildExt(build_ext):
|
||||
sha3_deps.append('hashlib.h')
|
||||
self.add(Extension('_sha3',
|
||||
['_sha3/sha3module.c'],
|
||||
- depends=sha3_deps))
|
||||
+ **self.detect_openssl_args(),
|
||||
+ depends=sha3_deps + ['hashlib.h']))
|
||||
+
|
||||
|
||||
def detect_nis(self):
|
||||
if MS_WINDOWS or CYGWIN or HOST_PLATFORM == 'qnx6':
|
||||
@ -810,7 +810,7 @@ index 024a103..a16961e 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 97d839b2d8c03a7b428907e51a44269fdfe3a48d Mon Sep 17 00:00:00 2001
|
||||
From d9b8f21a1b5feb177ece4c595ce8b639f02548c8 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 12 Dec 2019 16:58:31 +0100
|
||||
Subject: [PATCH 04/36] Expose all hashes available to OpenSSL
|
||||
@ -821,10 +821,10 @@ Subject: [PATCH 04/36] Expose all hashes available to OpenSSL
|
||||
2 files changed, 447 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index 10a987d..e10dbd7 100644
|
||||
index d733a39..6982268 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -190,6 +190,12 @@ py_digest_by_name(const char *name)
|
||||
@@ -194,6 +194,12 @@ py_digest_by_name(const char *name)
|
||||
else if (!strcmp(name, "blake2b512")) {
|
||||
digest = EVP_blake2b512();
|
||||
}
|
||||
@ -837,7 +837,7 @@ index 10a987d..e10dbd7 100644
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -708,6 +714,142 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -712,6 +718,142 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj)
|
||||
return EVP_fast_new(module, data_obj, EVP_sha512());
|
||||
}
|
||||
|
||||
@ -980,7 +980,7 @@ index 10a987d..e10dbd7 100644
|
||||
|
||||
/*[clinic input]
|
||||
_hashlib.pbkdf2_hmac as pbkdf2_hmac
|
||||
@@ -1083,6 +1225,14 @@ static struct PyMethodDef EVP_functions[] = {
|
||||
@@ -1087,6 +1229,14 @@ static struct PyMethodDef EVP_functions[] = {
|
||||
_HASHLIB_OPENSSL_SHA256_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA384_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA512_METHODDEF
|
||||
@ -1312,7 +1312,7 @@ index 30fd8a9..e96a752 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From b681f084a48d5f2f3eb5257b33e968268850ea7b Mon Sep 17 00:00:00 2001
|
||||
From d4c78750ffb431fe34a18aab7cdf84d3a68d7fc1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 18:13:45 +0200
|
||||
Subject: [PATCH 05/36] Fix tests
|
||||
@ -1444,7 +1444,7 @@ index e9abcbb..2a55fd4 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 78dea79c8a284940a5d5997646745cb29f74d720 Mon Sep 17 00:00:00 2001
|
||||
From 4ec7034d73e681041758fc80f75e061c0e506449 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 11:27:57 +0200
|
||||
Subject: [PATCH 06/36] Change FIPS exceptions from _blake2, _sha3 module init
|
||||
@ -1586,7 +1586,7 @@ index 34d09b4..3079e1e 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From be76f342f801a674fdbb622fd6e096bd7a09e1e6 Mon Sep 17 00:00:00 2001
|
||||
From ed6f93218c2190d34ee0b0f4c7599d306708449f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 11:24:09 +0200
|
||||
Subject: [PATCH 07/36] Make hashlib importable under FIPS mode
|
||||
@ -1621,7 +1621,7 @@ index 1bcfdf9..898e6dc 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 15b34c0943d79ec7d236a5eefab636a288dc0ae1 Mon Sep 17 00:00:00 2001
|
||||
From 66c5862bb09586168caac4d6ba6142ed3198fe1d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 15:41:10 +0200
|
||||
Subject: [PATCH 08/36] Implement hmac.new using new built-in module,
|
||||
@ -2249,7 +2249,7 @@ index 0000000..b472a6e
|
||||
+}
|
||||
+/*[clinic end generated code: output=10b6e8cac6d7a2c9 input=a9049054013a1b77]*/
|
||||
diff --git a/setup.py b/setup.py
|
||||
index a16961e..3d2465d 100644
|
||||
index 06d1ce6..ca8bc2b 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -2251,6 +2251,10 @@ class PyBuildExt(build_ext):
|
||||
@ -2267,7 +2267,7 @@ index a16961e..3d2465d 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From f72ffcdcee6c59aa61a8df4a3bf6633d200d6417 Mon Sep 17 00:00:00 2001
|
||||
From 6ec3a1afd87a3aa411a19727e212ebf81fee49cc Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Mon, 29 Jul 2019 12:45:11 +0200
|
||||
Subject: [PATCH 09/36] FIPS review
|
||||
@ -2482,7 +2482,7 @@ index ca95d72..216ed04 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 408a7d606654249f4aaa2c26cd960b770429229c Mon Sep 17 00:00:00 2001
|
||||
From 8645a4cf6ee2ad10fac3d081da78eabb06099a9c Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Mon, 29 Jul 2019 13:05:04 +0200
|
||||
Subject: [PATCH 10/36] revert cosmetic nitpick and remove trailing whitespace
|
||||
@ -2531,7 +2531,7 @@ index 216ed04..221714c 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 6ed4037723b1ac437cfd8401355350ef5c47f0e1 Mon Sep 17 00:00:00 2001
|
||||
From d80ae6ac0abf1e0ca5a32ff80343e927587cf5a6 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Wed, 31 Jul 2019 15:43:43 +0200
|
||||
Subject: [PATCH 11/36] Add initial tests for various hashes under FIPS mode
|
||||
@ -2615,7 +2615,7 @@ index 0000000..bee911e
|
||||
2.25.4
|
||||
|
||||
|
||||
From 2548227dff8ae23fb7d3dd45b6e044ff17796547 Mon Sep 17 00:00:00 2001
|
||||
From 414c04713ad89bdeeb7a074f953c0085d541eae6 Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 16:39:37 +0200
|
||||
Subject: [PATCH 12/36] Initialize HMAC type.
|
||||
@ -2684,7 +2684,7 @@ index 221714c..239445a 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 4d40c61ed97eae9169df2e526d935d4997902f97 Mon Sep 17 00:00:00 2001
|
||||
From 0157b52ac7f15610526497f9188eb84ed3846993 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 17:57:05 +0200
|
||||
Subject: [PATCH 13/36] Use a stronger hash in multiprocessing handshake
|
||||
@ -2696,7 +2696,7 @@ https://bugs.python.org/issue17258
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
|
||||
index c9f995e..64180b2 100644
|
||||
index 8e2facf..bb4acb6 100644
|
||||
--- a/Lib/multiprocessing/connection.py
|
||||
+++ b/Lib/multiprocessing/connection.py
|
||||
@@ -42,6 +42,10 @@ BUFSIZE = 8192
|
||||
@ -2710,7 +2710,7 @@ index c9f995e..64180b2 100644
|
||||
_mmap_counter = itertools.count()
|
||||
|
||||
default_family = 'AF_INET'
|
||||
@@ -735,7 +739,7 @@ def deliver_challenge(connection, authkey):
|
||||
@@ -736,7 +740,7 @@ def deliver_challenge(connection, authkey):
|
||||
"Authkey must be bytes, not {0!s}".format(type(authkey)))
|
||||
message = os.urandom(MESSAGE_LENGTH)
|
||||
connection.send_bytes(CHALLENGE + message)
|
||||
@ -2719,7 +2719,7 @@ index c9f995e..64180b2 100644
|
||||
response = connection.recv_bytes(256) # reject large message
|
||||
if response == digest:
|
||||
connection.send_bytes(WELCOME)
|
||||
@@ -751,7 +755,7 @@ def answer_challenge(connection, authkey):
|
||||
@@ -752,7 +756,7 @@ def answer_challenge(connection, authkey):
|
||||
message = connection.recv_bytes(256) # reject large message
|
||||
assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
|
||||
message = message[len(CHALLENGE):]
|
||||
@ -2732,7 +2732,7 @@ index c9f995e..64180b2 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From bc917ee79da1166e9ff94e76bbb2a64044db2fc0 Mon Sep 17 00:00:00 2001
|
||||
From 3730b4186cf708bb8ea528c22734d4c1176fc9ad Mon Sep 17 00:00:00 2001
|
||||
From: Marcel Plch <mplch@redhat.com>
|
||||
Date: Fri, 2 Aug 2019 17:36:01 +0200
|
||||
Subject: [PATCH 14/36] Fix refcounting
|
||||
@ -2806,7 +2806,7 @@ index 239445a..9c28828 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 5807870fbc69dcd107a2fac7ce58da052d5e7fea Mon Sep 17 00:00:00 2001
|
||||
From 1873bfe385a1b952ba11c2b2f15755353f2411df Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 13:37:05 +0200
|
||||
Subject: [PATCH 15/36] hmac: Don't default to md5 in FIPS mode
|
||||
@ -2832,7 +2832,7 @@ index daabc8c..0302364 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 04a69823b36ee8626aa74b40d5a631dd09759451 Mon Sep 17 00:00:00 2001
|
||||
From f77c854b9c5aab3e2bb517b6d0c08197a116efb1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 14:20:58 +0200
|
||||
Subject: [PATCH 16/36] Make _hmacopenssl.HMAC subclassable; subclass it as
|
||||
@ -3123,7 +3123,7 @@ index b472a6e..861acc1 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From e0cbbc9dac64f173baa5348cf3608536ea8aea70 Mon Sep 17 00:00:00 2001
|
||||
From b357a1f823b7b231d1a8bc149b5a950246350d3c Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 16:10:36 +0200
|
||||
Subject: [PATCH 17/36] Fix _hmacopenssl.HMAC.block_size
|
||||
@ -3149,7 +3149,7 @@ index 7d3d973..a24c8ba 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From d90c5c55ad983d84b09b366d4b62f06aa535fad6 Mon Sep 17 00:00:00 2001
|
||||
From ee03c8ff14206070a7e4e4d13c4b067bcf25193d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 15:02:08 +0200
|
||||
Subject: [PATCH 18/36] distutils upload: Skip md5 checksum in FIPS mode
|
||||
@ -3231,7 +3231,7 @@ index c17d8e7..b4b64e9 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 885f7b41697f252260a67d78ca8c46450843fa5e Mon Sep 17 00:00:00 2001
|
||||
From fd0fd3310ff7c7dae0ea4377b71928ca3e242a21 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 15:32:25 +0200
|
||||
Subject: [PATCH 19/36] Fix HMAC tests on FIPS mode
|
||||
@ -3324,7 +3324,7 @@ index 23c108f..0a85981 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 288d91b4752801264b37f7e94d964e1dffdee562 Mon Sep 17 00:00:00 2001
|
||||
From e0c4dfcfc3070d0b3b25f77357509b9daa5f9891 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 16:37:12 +0200
|
||||
Subject: [PATCH 20/36] test_tools: Skip md5sum tests in FIPS mode
|
||||
@ -3357,7 +3357,7 @@ index fb565b7..7028a4d 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 2c89b2e465e60558e0e066cc42a087ee6f31d520 Mon Sep 17 00:00:00 2001
|
||||
From 510915020bb7c7c91d297fb3330ee9be3ee16b6f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 18:23:57 +0200
|
||||
Subject: [PATCH 21/36] Make hashlib tests pass in FIPS mode
|
||||
@ -3552,7 +3552,7 @@ index 2a55fd4..9ae5efc 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 14f26f4f378718024d0b0f300ab2f84429d23044 Mon Sep 17 00:00:00 2001
|
||||
From de9997db1f55fe4c70f0a5c4fe5b497e8c6839a2 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Wed, 14 Aug 2019 14:43:07 +0200
|
||||
Subject: [PATCH 22/36] distutils upload: only add md5 if available, but
|
||||
@ -3622,7 +3622,7 @@ index b4b64e9..f720a79 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 24e57cc45dc18146a583257e5825d6b6e672742d Mon Sep 17 00:00:00 2001
|
||||
From 30407ef6fd2fb0fcb950cab57d4bd23121ef9084 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Heimes <christian@python.org>
|
||||
Date: Fri, 13 Sep 2019 02:30:00 +0200
|
||||
Subject: [PATCH 23/36] bpo-9216: Add usedforsecurity to hashlib constructors
|
||||
@ -3728,10 +3728,10 @@ index 9ae5efc..08bb91f 100644
|
||||
self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam')
|
||||
self.assertRaises(TypeError, hashlib.new, 1)
|
||||
diff --git a/Lib/uuid.py b/Lib/uuid.py
|
||||
index 188e16b..5f3bc9e 100644
|
||||
index 9540c21..be724ba 100644
|
||||
--- a/Lib/uuid.py
|
||||
+++ b/Lib/uuid.py
|
||||
@@ -772,8 +772,11 @@ def uuid1(node=None, clock_seq=None):
|
||||
@@ -774,8 +774,11 @@ def uuid1(node=None, clock_seq=None):
|
||||
def uuid3(namespace, name):
|
||||
"""Generate a UUID from the MD5 hash of a namespace UUID and a name."""
|
||||
from hashlib import md5
|
||||
@ -3944,10 +3944,10 @@ index 560bd68..71c5706 100644
|
||||
-/*[clinic end generated code: output=39af5a74c8805b36 input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=c80d8d06ce40a192 input=a9049054013a1b77]*/
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index e10dbd7..29c1bd8 100644
|
||||
index 6982268..a1f81eb 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -517,7 +517,7 @@ static PyTypeObject EVPtype = {
|
||||
@@ -521,7 +521,7 @@ static PyTypeObject EVPtype = {
|
||||
\
|
||||
static PyObject *
|
||||
EVPnew(const EVP_MD *digest,
|
||||
@ -3956,7 +3956,7 @@ index e10dbd7..29c1bd8 100644
|
||||
{
|
||||
int result = 0;
|
||||
EVPobject *self;
|
||||
@@ -530,6 +530,12 @@ EVPnew(const EVP_MD *digest,
|
||||
@@ -534,6 +534,12 @@ EVPnew(const EVP_MD *digest,
|
||||
if ((self = newEVPobject()) == NULL)
|
||||
return NULL;
|
||||
|
||||
@ -3969,7 +3969,7 @@ index e10dbd7..29c1bd8 100644
|
||||
if (!EVP_DigestInit_ex(self->ctx, digest, NULL)) {
|
||||
_setException(PyExc_ValueError);
|
||||
Py_DECREF(self);
|
||||
@@ -561,6 +567,8 @@ _hashlib.new as EVP_new
|
||||
@@ -565,6 +571,8 @@ _hashlib.new as EVP_new
|
||||
|
||||
name as name_obj: object
|
||||
string as data_obj: object(c_default="NULL") = b''
|
||||
@ -3978,7 +3978,7 @@ index e10dbd7..29c1bd8 100644
|
||||
|
||||
Return a new hash object using the named algorithm.
|
||||
|
||||
@@ -571,8 +579,9 @@ The MD5 and SHA1 algorithms are always supported.
|
||||
@@ -575,8 +583,9 @@ The MD5 and SHA1 algorithms are always supported.
|
||||
[clinic start generated code]*/
|
||||
|
||||
static PyObject *
|
||||
@ -3990,7 +3990,7 @@ index e10dbd7..29c1bd8 100644
|
||||
{
|
||||
Py_buffer view = { 0 };
|
||||
PyObject *ret_obj;
|
||||
@@ -589,7 +598,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
@@ -593,7 +602,9 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
|
||||
digest = py_digest_by_name(name);
|
||||
|
||||
@ -4001,7 +4001,7 @@ index e10dbd7..29c1bd8 100644
|
||||
|
||||
if (data_obj)
|
||||
PyBuffer_Release(&view);
|
||||
@@ -597,7 +608,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
@@ -601,7 +612,8 @@ EVP_new_impl(PyObject *module, PyObject *name_obj, PyObject *data_obj)
|
||||
}
|
||||
|
||||
static PyObject*
|
||||
@ -4011,7 +4011,7 @@ index e10dbd7..29c1bd8 100644
|
||||
{
|
||||
Py_buffer view = { 0 };
|
||||
PyObject *ret_obj;
|
||||
@@ -605,7 +617,8 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
@@ -609,7 +621,8 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
if (data_obj)
|
||||
GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
|
||||
|
||||
@ -4021,7 +4021,7 @@ index e10dbd7..29c1bd8 100644
|
||||
|
||||
if (data_obj)
|
||||
PyBuffer_Release(&view);
|
||||
@@ -617,16 +630,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
@@ -621,16 +634,19 @@ EVP_fast_new(PyObject *module, PyObject *data_obj, const EVP_MD *digest)
|
||||
_hashlib.openssl_md5
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4044,7 +4044,7 @@ index e10dbd7..29c1bd8 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -634,16 +650,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -638,16 +654,19 @@ _hashlib_openssl_md5_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha1
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4067,7 +4067,7 @@ index e10dbd7..29c1bd8 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -651,16 +670,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -655,16 +674,19 @@ _hashlib_openssl_sha1_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha224
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4090,7 +4090,7 @@ index e10dbd7..29c1bd8 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -668,16 +690,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -672,16 +694,19 @@ _hashlib_openssl_sha224_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha256
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4113,7 +4113,7 @@ index e10dbd7..29c1bd8 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -685,16 +710,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -689,16 +714,19 @@ _hashlib_openssl_sha256_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha384
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -4136,7 +4136,7 @@ index e10dbd7..29c1bd8 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -702,152 +730,179 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
|
||||
@@ -706,152 +734,179 @@ _hashlib_openssl_sha384_impl(PyObject *module, PyObject *data_obj)
|
||||
_hashlib.openssl_sha512
|
||||
|
||||
string as data_obj: object(py_default="b''") = NULL
|
||||
@ -5729,7 +5729,7 @@ index 459a934..b8185b6 100644
|
||||
-/*[clinic end generated code: output=580df4b667084a7e input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=bbfa72d8703c82b5 input=a9049054013a1b77]*/
|
||||
diff --git a/Modules/md5module.c b/Modules/md5module.c
|
||||
index b9a351a..f2c2d32 100644
|
||||
index c2ebaaf..fdc4d7b 100644
|
||||
--- a/Modules/md5module.c
|
||||
+++ b/Modules/md5module.c
|
||||
@@ -503,13 +503,15 @@ static PyTypeObject MD5type = {
|
||||
@ -5856,7 +5856,7 @@ index 98b9791..df4f9d2 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 372b2b63bf8ffb3201dc3c8d2488f6a5a55c5b21 Mon Sep 17 00:00:00 2001
|
||||
From 095d8ea318b20b5d42ada0367ca770c15e6f6fa2 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 26 Aug 2019 19:09:39 +0200
|
||||
Subject: [PATCH 24/36] Test the usedforsecurity flag
|
||||
@ -6102,7 +6102,7 @@ index 08bb91f..1368e91 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 7e2295b42d705d7d9cc0ccea472ff93bfa268b8c Mon Sep 17 00:00:00 2001
|
||||
From 59b7e853d919380ca6c11655bbc7041ee395417d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 29 Aug 2019 10:25:28 +0200
|
||||
Subject: [PATCH 25/36] Skip error checking in _hashlib.get_fips_mode
|
||||
@ -6113,10 +6113,10 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745499
|
||||
1 file changed, 16 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index 29c1bd8..d208f5c 100644
|
||||
index a1f81eb..eff331b 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -1249,20 +1249,22 @@ _hashlib_get_fips_mode_impl(PyObject *module)
|
||||
@@ -1253,20 +1253,22 @@ _hashlib_get_fips_mode_impl(PyObject *module)
|
||||
/*[clinic end generated code: output=ad8a7793310d3f98 input=f42a2135df2a5e11]*/
|
||||
|
||||
{
|
||||
@ -6157,7 +6157,7 @@ index 29c1bd8..d208f5c 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From dd5f58152edbcac44bcb1cafbee511c44d60ff67 Mon Sep 17 00:00:00 2001
|
||||
From 7f5432d72546f60078989b6cadf26cd51de84ebd Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 10 Oct 2019 13:04:50 +0200
|
||||
Subject: [PATCH 26/36] Skip error checking in _Py_hashlib_fips_error
|
||||
@ -6195,7 +6195,7 @@ index 47ed003..d4cbdef 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From c76f0df2561ae64952f347d294aec2866e6b0586 Mon Sep 17 00:00:00 2001
|
||||
From 05f7188136bda8eeec06428aa4ddf9ab14a178a0 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 19:12:38 +0200
|
||||
Subject: [PATCH 27/36] Fixups
|
||||
@ -6237,7 +6237,7 @@ index 0a85981..0b481ec 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From b6139620fa7aaf401ebd510a0dbca14629096f94 Mon Sep 17 00:00:00 2001
|
||||
From 0f707443431d9dc22218be7208d940f4d42f122d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 26 Aug 2019 19:39:48 +0200
|
||||
Subject: [PATCH 28/36] Don't re-export get_fips_mode from hashlib
|
||||
@ -6607,7 +6607,7 @@ index 1cb358f..6f5cb7f 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 1de6c9e0e86e5c661ae32517492ecdf79a372e52 Mon Sep 17 00:00:00 2001
|
||||
From 9515f9be3409fdc59cf9c09dd200917483e1651a Mon Sep 17 00:00:00 2001
|
||||
From: Christian Heimes <christian@python.org>
|
||||
Date: Wed, 20 Nov 2019 10:59:25 +0100
|
||||
Subject: [PATCH 29/36] Use FIPS compliant CSPRNG
|
||||
@ -6624,7 +6624,7 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
4 files changed, 89 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
|
||||
index 4a076e3..f60ad6d 100644
|
||||
index 2a4ae15..5ad5bd6 100644
|
||||
--- a/Lib/test/test_os.py
|
||||
+++ b/Lib/test/test_os.py
|
||||
@@ -1546,6 +1546,11 @@ class GetRandomTests(unittest.TestCase):
|
||||
@ -6640,7 +6640,7 @@ index 4a076e3..f60ad6d 100644
|
||||
def test_getrandom_type(self):
|
||||
data = os.getrandom(16)
|
||||
diff --git a/Makefile.pre.in b/Makefile.pre.in
|
||||
index 72d202d..9c34f99 100644
|
||||
index 917303d..ddfbfd0 100644
|
||||
--- a/Makefile.pre.in
|
||||
+++ b/Makefile.pre.in
|
||||
@@ -116,7 +116,7 @@ PY_STDMODULE_CFLAGS= $(PY_CFLAGS) $(PY_CFLAGS_NODIST) $(PY_CPPFLAGS) $(CFLAGSFOR
|
||||
@ -6653,7 +6653,7 @@ index 72d202d..9c34f99 100644
|
||||
CFLAGS_ALIASING=@CFLAGS_ALIASING@
|
||||
|
||||
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
|
||||
index 850769f..039392e 100644
|
||||
index 726e372..9a1249a 100644
|
||||
--- a/Modules/posixmodule.c
|
||||
+++ b/Modules/posixmodule.c
|
||||
@@ -388,6 +388,9 @@ extern char *ctermid_r(char *);
|
||||
@ -6666,7 +6666,7 @@ index 850769f..039392e 100644
|
||||
#if defined(__sun)
|
||||
/* Something to implement in autoconf, not present in autoconf 2.69 */
|
||||
#define HAVE_STRUCT_STAT_ST_FSTYPE 1
|
||||
@@ -13388,6 +13391,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
|
||||
@@ -13558,6 +13561,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
|
||||
return posix_error();
|
||||
}
|
||||
|
||||
@ -6679,7 +6679,7 @@ index 850769f..039392e 100644
|
||||
if (bytes == NULL) {
|
||||
PyErr_NoMemory();
|
||||
diff --git a/Python/bootstrap_hash.c b/Python/bootstrap_hash.c
|
||||
index 43f5264..6716647 100644
|
||||
index eb2b6d0..cb38cfe 100644
|
||||
--- a/Python/bootstrap_hash.c
|
||||
+++ b/Python/bootstrap_hash.c
|
||||
@@ -409,6 +409,77 @@ dev_urandom_close(void)
|
||||
@ -6775,7 +6775,7 @@ index 43f5264..6716647 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 2af1274a6f6f7eb7aeb106007fd62e9fc889a86e Mon Sep 17 00:00:00 2001
|
||||
From ba95383d9b37f252bd153674404dc4055d49bf82 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 28 Nov 2019 17:26:02 +0100
|
||||
Subject: [PATCH 30/36] Fixups for FIPS compliant CSPRNG
|
||||
@ -6786,7 +6786,7 @@ Subject: [PATCH 30/36] Fixups for FIPS compliant CSPRNG
|
||||
2 files changed, 5 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
|
||||
index f60ad6d..be057ad 100644
|
||||
index 5ad5bd6..ae53de9 100644
|
||||
--- a/Lib/test/test_os.py
|
||||
+++ b/Lib/test/test_os.py
|
||||
@@ -28,6 +28,7 @@ import time
|
||||
@ -6807,7 +6807,7 @@ index f60ad6d..be057ad 100644
|
||||
else:
|
||||
raise
|
||||
diff --git a/Python/bootstrap_hash.c b/Python/bootstrap_hash.c
|
||||
index 6716647..7466d5f 100644
|
||||
index cb38cfe..08fa29a 100644
|
||||
--- a/Python/bootstrap_hash.c
|
||||
+++ b/Python/bootstrap_hash.c
|
||||
@@ -409,40 +409,13 @@ dev_urandom_close(void)
|
||||
@ -6874,7 +6874,7 @@ index 6716647..7466d5f 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 17c962efe979581d12e1cf80a04b9538bdfe7c45 Mon Sep 17 00:00:00 2001
|
||||
From 496a58146aa42b97661c5ea1afeaa223e8fd4ceb Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 2 Apr 2020 16:50:37 +0200
|
||||
Subject: [PATCH 31/36] Do not raise a ValueError if digestmod is missing in
|
||||
@ -6904,7 +6904,7 @@ index 5055027..ee1ad76 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 4acd1c8665231881335b6036a8595ac3220c0220 Mon Sep 17 00:00:00 2001
|
||||
From 3f346ea93c2504e169a2df21e2de206031a08600 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 2 Apr 2020 16:55:36 +0200
|
||||
Subject: [PATCH 32/36] Regenerate the clinic files
|
||||
@ -6991,7 +6991,7 @@ index 861acc1..527be83 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 900bbdc1e2d9498829731da4591f1ea4a5602fa4 Mon Sep 17 00:00:00 2001
|
||||
From f4465980ae75c0e56cd1edecf9a42fa38b9cd12a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Tue, 7 Apr 2020 15:16:45 +0200
|
||||
Subject: [PATCH 33/36] Pass kwargs (like usedforsecurity) through __hash_new
|
||||
@ -7026,7 +7026,7 @@ index 2fc214e..785858f 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From ab62e35c2c3a71b2ff50098966e654c91fb861d0 Mon Sep 17 00:00:00 2001
|
||||
From 6c0ba219c01052f8b079ce67b89a75920b3aa867 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Tue, 7 Apr 2020 15:18:48 +0200
|
||||
Subject: [PATCH 34/36] Adjust new upstream test for failing hashes with
|
||||
@ -7072,7 +7072,7 @@ index a4b7840..a858bf4 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 2b6bf1615e9e04a688f622e4b45e0e062a09578f Mon Sep 17 00:00:00 2001
|
||||
From 041105f888785599e58213dfea55115a4e861d77 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Fri, 24 Apr 2020 19:57:16 +0200
|
||||
Subject: [PATCH 35/36] Skip the test_with_digestmod_no_default under FIPS
|
||||
@ -7118,7 +7118,7 @@ index cc77928..fd068e0 100644
|
||||
2.25.4
|
||||
|
||||
|
||||
From 65903540be85cbd6f188f6b5e69431859d0cbc0e Mon Sep 17 00:00:00 2001
|
||||
From e20750200d560a549cbbf224ded74bb086ef3e66 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Tue, 31 Mar 2020 18:00:42 +0200
|
||||
Subject: [PATCH 36/36] Add a sentinel value on the Hmac_members table of the
|
||||
|
@ -1,76 +0,0 @@
|
||||
commit 00a240bf7f95bbd220f1cfbf9eb58484a5f9681a
|
||||
Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Fri May 29 05:46:34 2020 -0700
|
||||
|
||||
bpo-40784: Fix sqlite3 deterministic test (GH-20448)
|
||||
|
||||
(cherry picked from commit c610d970f5373b143bf5f5900d4645e6a90fb460)
|
||||
|
||||
Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
|
||||
|
||||
diff --git a/Lib/sqlite3/test/userfunctions.py b/Lib/sqlite3/test/userfunctions.py
|
||||
index 9501f53..c11c82e 100644
|
||||
--- a/Lib/sqlite3/test/userfunctions.py
|
||||
+++ b/Lib/sqlite3/test/userfunctions.py
|
||||
@@ -1,8 +1,7 @@
|
||||
-#-*- coding: iso-8859-1 -*-
|
||||
# pysqlite2/test/userfunctions.py: tests for user-defined functions and
|
||||
# aggregates.
|
||||
#
|
||||
-# Copyright (C) 2005-2007 Gerhard Häring <gh@ghaering.de>
|
||||
+# Copyright (C) 2005-2007 Gerhard Häring <gh@ghaering.de>
|
||||
#
|
||||
# This file is part of pysqlite.
|
||||
#
|
||||
@@ -158,6 +157,7 @@ class FunctionTests(unittest.TestCase):
|
||||
self.con.create_function("isblob", 1, func_isblob)
|
||||
self.con.create_function("islonglong", 1, func_islonglong)
|
||||
self.con.create_function("spam", -1, func)
|
||||
+ self.con.execute("create table test(t text)")
|
||||
|
||||
def tearDown(self):
|
||||
self.con.close()
|
||||
@@ -276,18 +276,36 @@ class FunctionTests(unittest.TestCase):
|
||||
val = cur.fetchone()[0]
|
||||
self.assertEqual(val, 2)
|
||||
|
||||
+ # Regarding deterministic functions:
|
||||
+ #
|
||||
+ # Between 3.8.3 and 3.15.0, deterministic functions were only used to
|
||||
+ # optimize inner loops, so for those versions we can only test if the
|
||||
+ # sqlite machinery has factored out a call or not. From 3.15.0 and onward,
|
||||
+ # deterministic functions were permitted in WHERE clauses of partial
|
||||
+ # indices, which allows testing based on syntax, iso. the query optimizer.
|
||||
+ @unittest.skipIf(sqlite.sqlite_version_info < (3, 8, 3), "Requires SQLite 3.8.3 or higher")
|
||||
def CheckFuncNonDeterministic(self):
|
||||
mock = unittest.mock.Mock(return_value=None)
|
||||
- self.con.create_function("deterministic", 0, mock, deterministic=False)
|
||||
- self.con.execute("select deterministic() = deterministic()")
|
||||
- self.assertEqual(mock.call_count, 2)
|
||||
-
|
||||
- @unittest.skipIf(sqlite.sqlite_version_info < (3, 8, 3), "deterministic parameter not supported")
|
||||
+ self.con.create_function("nondeterministic", 0, mock, deterministic=False)
|
||||
+ if sqlite.sqlite_version_info < (3, 15, 0):
|
||||
+ self.con.execute("select nondeterministic() = nondeterministic()")
|
||||
+ self.assertEqual(mock.call_count, 2)
|
||||
+ else:
|
||||
+ with self.assertRaises(sqlite.OperationalError):
|
||||
+ self.con.execute("create index t on test(t) where nondeterministic() is not null")
|
||||
+
|
||||
+ @unittest.skipIf(sqlite.sqlite_version_info < (3, 8, 3), "Requires SQLite 3.8.3 or higher")
|
||||
def CheckFuncDeterministic(self):
|
||||
mock = unittest.mock.Mock(return_value=None)
|
||||
self.con.create_function("deterministic", 0, mock, deterministic=True)
|
||||
- self.con.execute("select deterministic() = deterministic()")
|
||||
- self.assertEqual(mock.call_count, 1)
|
||||
+ if sqlite.sqlite_version_info < (3, 15, 0):
|
||||
+ self.con.execute("select deterministic() = deterministic()")
|
||||
+ self.assertEqual(mock.call_count, 1)
|
||||
+ else:
|
||||
+ try:
|
||||
+ self.con.execute("create index t on test(t) where deterministic() is not null")
|
||||
+ except sqlite.OperationalError:
|
||||
+ self.fail("Unexpected failure while creating partial index")
|
||||
|
||||
@unittest.skipIf(sqlite.sqlite_version_info >= (3, 8, 3), "SQLite < 3.8.3 needed")
|
||||
def CheckFuncDeterministicNotSupported(self):
|
97
SOURCES/00353-architecture-names-upstream-downstream.patch
Normal file
97
SOURCES/00353-architecture-names-upstream-downstream.patch
Normal file
@ -0,0 +1,97 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Tue, 4 Aug 2020 12:04:03 +0200
|
||||
Subject: [PATCH] 00353: Original names for architectures with different names
|
||||
downstream
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
|
||||
|
||||
Pythons in RHEL/Fedora used different names for some architectures
|
||||
than upstream and other distros (for example ppc64 vs. powerpc64).
|
||||
This was patched in patch 274, now it is sedded if %with legacy_archnames.
|
||||
|
||||
That meant that an extension built with the default upstream settings
|
||||
(on other distro or as an manylinux wheel) could not been found by Python
|
||||
on RHEL/Fedora because it had a different suffix.
|
||||
This patch adds the legacy names to importlib so Python is able
|
||||
to import extensions with a legacy architecture name in its
|
||||
file name.
|
||||
It work both ways, so it support both %with and %without legacy_archnames.
|
||||
|
||||
WARNING: This patch has no effect on Python built with bootstrap
|
||||
enabled because Python/importlib_external.h is not regenerated
|
||||
and therefore Python during bootstrap contains importlib from
|
||||
upstream without this feature. It's possible to include
|
||||
Python/importlib_external.h to this patch but it'd make rebasing
|
||||
a nightmare because it's basically a binary file.
|
||||
|
||||
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
|
||||
---
|
||||
Lib/importlib/_bootstrap_external.py | 40 ++++++++++++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/Lib/importlib/_bootstrap_external.py b/Lib/importlib/_bootstrap_external.py
|
||||
index b8ac482994..62e937b819 100644
|
||||
--- a/Lib/importlib/_bootstrap_external.py
|
||||
+++ b/Lib/importlib/_bootstrap_external.py
|
||||
@@ -1559,7 +1559,7 @@ def _get_supported_file_loaders():
|
||||
|
||||
Each item is a tuple (loader, suffixes).
|
||||
"""
|
||||
- extensions = ExtensionFileLoader, _imp.extension_suffixes()
|
||||
+ extensions = ExtensionFileLoader, _alternative_architectures(_imp.extension_suffixes())
|
||||
source = SourceFileLoader, SOURCE_SUFFIXES
|
||||
bytecode = SourcelessFileLoader, BYTECODE_SUFFIXES
|
||||
return [extensions, source, bytecode]
|
||||
@@ -1623,7 +1623,7 @@ def _setup(_bootstrap_module):
|
||||
|
||||
# Constants
|
||||
setattr(self_module, '_relax_case', _make_relax_case())
|
||||
- EXTENSION_SUFFIXES.extend(_imp.extension_suffixes())
|
||||
+ EXTENSION_SUFFIXES.extend(_alternative_architectures(_imp.extension_suffixes()))
|
||||
if builtin_os == 'nt':
|
||||
SOURCE_SUFFIXES.append('.pyw')
|
||||
if '_d.pyd' in EXTENSION_SUFFIXES:
|
||||
@@ -1636,3 +1636,39 @@ def _install(_bootstrap_module):
|
||||
supported_loaders = _get_supported_file_loaders()
|
||||
sys.path_hooks.extend([FileFinder.path_hook(*supported_loaders)])
|
||||
sys.meta_path.append(PathFinder)
|
||||
+
|
||||
+
|
||||
+_ARCH_MAP = {
|
||||
+ "-arm-linux-gnueabi.": "-arm-linux-gnueabihf.",
|
||||
+ "-armeb-linux-gnueabi.": "-armeb-linux-gnueabihf.",
|
||||
+ "-mips64-linux-gnu.": "-mips64-linux-gnuabi64.",
|
||||
+ "-mips64el-linux-gnu.": "-mips64el-linux-gnuabi64.",
|
||||
+ "-ppc-linux-gnu.": "-powerpc-linux-gnu.",
|
||||
+ "-ppc-linux-gnuspe.": "-powerpc-linux-gnuspe.",
|
||||
+ "-ppc64-linux-gnu.": "-powerpc64-linux-gnu.",
|
||||
+ "-ppc64le-linux-gnu.": "-powerpc64le-linux-gnu.",
|
||||
+ # The above, but the other way around:
|
||||
+ "-arm-linux-gnueabihf.": "-arm-linux-gnueabi.",
|
||||
+ "-armeb-linux-gnueabihf.": "-armeb-linux-gnueabi.",
|
||||
+ "-mips64-linux-gnuabi64.": "-mips64-linux-gnu.",
|
||||
+ "-mips64el-linux-gnuabi64.": "-mips64el-linux-gnu.",
|
||||
+ "-powerpc-linux-gnu.": "-ppc-linux-gnu.",
|
||||
+ "-powerpc-linux-gnuspe.": "-ppc-linux-gnuspe.",
|
||||
+ "-powerpc64-linux-gnu.": "-ppc64-linux-gnu.",
|
||||
+ "-powerpc64le-linux-gnu.": "-ppc64le-linux-gnu.",
|
||||
+}
|
||||
+
|
||||
+
|
||||
+def _alternative_architectures(suffixes):
|
||||
+ """Add a suffix with an alternative architecture name
|
||||
+ to the list of suffixes so an extension built with
|
||||
+ the default (upstream) setting is loadable with our Pythons
|
||||
+ """
|
||||
+
|
||||
+ for suffix in suffixes:
|
||||
+ for original, alternative in _ARCH_MAP.items():
|
||||
+ if original in suffix:
|
||||
+ suffixes.append(suffix.replace(original, alternative))
|
||||
+ return suffixes
|
||||
+
|
||||
+ return suffixes
|
186
SOURCES/00357-CVE-2021-3177.patch
Normal file
186
SOURCES/00357-CVE-2021-3177.patch
Normal file
@ -0,0 +1,186 @@
|
||||
From ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Mon, 18 Jan 2021 13:28:52 -0800
|
||||
Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
|
||||
formatting in ctypes param reprs. (GH-24248)
|
||||
|
||||
(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
|
||||
|
||||
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
||||
|
||||
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
||||
---
|
||||
Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
|
||||
.../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
|
||||
Modules/_ctypes/callproc.c | 51 +++++++------------
|
||||
3 files changed, 64 insertions(+), 32 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
|
||||
|
||||
diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py
|
||||
index e4c25fd880cef..531894fdec838 100644
|
||||
--- a/Lib/ctypes/test/test_parameters.py
|
||||
+++ b/Lib/ctypes/test/test_parameters.py
|
||||
@@ -201,6 +201,49 @@ def __dict__(self):
|
||||
with self.assertRaises(ZeroDivisionError):
|
||||
WorseStruct().__setstate__({}, b'foo')
|
||||
|
||||
+ def test_parameter_repr(self):
|
||||
+ from ctypes import (
|
||||
+ c_bool,
|
||||
+ c_char,
|
||||
+ c_wchar,
|
||||
+ c_byte,
|
||||
+ c_ubyte,
|
||||
+ c_short,
|
||||
+ c_ushort,
|
||||
+ c_int,
|
||||
+ c_uint,
|
||||
+ c_long,
|
||||
+ c_ulong,
|
||||
+ c_longlong,
|
||||
+ c_ulonglong,
|
||||
+ c_float,
|
||||
+ c_double,
|
||||
+ c_longdouble,
|
||||
+ c_char_p,
|
||||
+ c_wchar_p,
|
||||
+ c_void_p,
|
||||
+ )
|
||||
+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$")
|
||||
+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>")
|
||||
+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$")
|
||||
+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
|
||||
+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>")
|
||||
+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>")
|
||||
+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>")
|
||||
+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
|
||||
+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
|
||||
+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$")
|
||||
+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$")
|
||||
+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$")
|
||||
+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$")
|
||||
+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>")
|
||||
+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>")
|
||||
+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>")
|
||||
+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
|
||||
+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$")
|
||||
+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$")
|
||||
+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$")
|
||||
+
|
||||
################################################################
|
||||
|
||||
if __name__ == '__main__':
|
||||
diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
|
||||
new file mode 100644
|
||||
index 0000000000000..7df65a156feab
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
|
||||
@@ -0,0 +1,2 @@
|
||||
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
|
||||
+:class:`ctypes.c_longdouble` values.
|
||||
diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
|
||||
index a9b8675cd951b..de75918d49f37 100644
|
||||
--- a/Modules/_ctypes/callproc.c
|
||||
+++ b/Modules/_ctypes/callproc.c
|
||||
@@ -484,58 +484,47 @@ is_literal_char(unsigned char c)
|
||||
static PyObject *
|
||||
PyCArg_repr(PyCArgObject *self)
|
||||
{
|
||||
- char buffer[256];
|
||||
switch(self->tag) {
|
||||
case 'b':
|
||||
case 'B':
|
||||
- sprintf(buffer, "<cparam '%c' (%d)>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
|
||||
self->tag, self->value.b);
|
||||
- break;
|
||||
case 'h':
|
||||
case 'H':
|
||||
- sprintf(buffer, "<cparam '%c' (%d)>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
|
||||
self->tag, self->value.h);
|
||||
- break;
|
||||
case 'i':
|
||||
case 'I':
|
||||
- sprintf(buffer, "<cparam '%c' (%d)>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
|
||||
self->tag, self->value.i);
|
||||
- break;
|
||||
case 'l':
|
||||
case 'L':
|
||||
- sprintf(buffer, "<cparam '%c' (%ld)>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
|
||||
self->tag, self->value.l);
|
||||
- break;
|
||||
|
||||
case 'q':
|
||||
case 'Q':
|
||||
- sprintf(buffer,
|
||||
-#ifdef MS_WIN32
|
||||
- "<cparam '%c' (%I64d)>",
|
||||
-#else
|
||||
- "<cparam '%c' (%lld)>",
|
||||
-#endif
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
|
||||
self->tag, self->value.q);
|
||||
- break;
|
||||
case 'd':
|
||||
- sprintf(buffer, "<cparam '%c' (%f)>",
|
||||
- self->tag, self->value.d);
|
||||
- break;
|
||||
- case 'f':
|
||||
- sprintf(buffer, "<cparam '%c' (%f)>",
|
||||
- self->tag, self->value.f);
|
||||
- break;
|
||||
-
|
||||
+ case 'f': {
|
||||
+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d);
|
||||
+ if (f == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f);
|
||||
+ Py_DECREF(f);
|
||||
+ return result;
|
||||
+ }
|
||||
case 'c':
|
||||
if (is_literal_char((unsigned char)self->value.c)) {
|
||||
- sprintf(buffer, "<cparam '%c' ('%c')>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
|
||||
self->tag, self->value.c);
|
||||
}
|
||||
else {
|
||||
- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
|
||||
self->tag, (unsigned char)self->value.c);
|
||||
}
|
||||
- break;
|
||||
|
||||
/* Hm, are these 'z' and 'Z' codes useful at all?
|
||||
Shouldn't they be replaced by the functionality of c_string
|
||||
@@ -544,22 +533,20 @@ PyCArg_repr(PyCArgObject *self)
|
||||
case 'z':
|
||||
case 'Z':
|
||||
case 'P':
|
||||
- sprintf(buffer, "<cparam '%c' (%p)>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
|
||||
self->tag, self->value.p);
|
||||
break;
|
||||
|
||||
default:
|
||||
if (is_literal_char((unsigned char)self->tag)) {
|
||||
- sprintf(buffer, "<cparam '%c' at %p>",
|
||||
+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
|
||||
(unsigned char)self->tag, (void *)self);
|
||||
}
|
||||
else {
|
||||
- sprintf(buffer, "<cparam 0x%02x at %p>",
|
||||
+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
|
||||
(unsigned char)self->tag, (void *)self);
|
||||
}
|
||||
- break;
|
||||
}
|
||||
- return PyUnicode_FromString(buffer);
|
||||
}
|
||||
|
||||
static PyMemberDef PyCArgType_members[] = {
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAl68Z1QACgkQsmmV4xAl
|
||||
BWhdxQ/+PUi0er9eBEaWNaatCsEDXnBvrCs1OooL3WWJ2GC5zf3buMwj2pFOZf9D
|
||||
YFFGdomhYhvRnyQCJQSXuWJXQaafzKAl1tvkgS2ycOnLvCJ/qw71SqorQxkMGK1m
|
||||
TYZyLEapNkXrfDXRHfGybuVlNsHw9++abpEITqwucTWm9LiHZoF/zdK+JX/5RYQ0
|
||||
bfb8819DMZEyCsF+S8Jo6ZNyEIQyQxidFFt5HbMllFwsgzu37P8RqGSIoVNFJ8n9
|
||||
f7BWfXAIyGr7pIlJ+3qBYDXOeOx8iwIUxGu3Gbmiri+dlxz28Iei4mxPYHG4ji5B
|
||||
3zMsqKcaVAMHzKuAwdF5ZbUg0DRRJweNoiDOsfKp0CI814pXmOLH0zi9OiLrxBzj
|
||||
7v9H3dAPMC2f2zAFdNcjYVBRovCxIork/Lj3+6jGn67+8oV+eb23gnN5YpDAFAAu
|
||||
ybtrt6fEi0uVJuxUl+MO5HkSmH3sLggVDskvuWPFLiuahcbSuiZoCvlB+osO9J0H
|
||||
el/3Awv5TjckY/EVDt1T61aYLX0CHNcb8c/CjAf0OSd/96WxV3svtusllqcSYwiC
|
||||
NxBRf0klpGn0Tpa+9hTAMc4dEKILgao1KsKiI8dj8YY3HcE0Lb3y9UdFcIDLCeqn
|
||||
Sk5turYyKak7apZTY31/0eqqCUl/RlZwpmxVUUNViwR5F2ZPeAQ=
|
||||
=jF/G
|
||||
-----END PGP SIGNATURE-----
|
28
SOURCES/get-source.sh
Executable file
28
SOURCES/get-source.sh
Executable file
@ -0,0 +1,28 @@
|
||||
#! /bin/bash -ex
|
||||
|
||||
# Download a release of Python (if missing) and remove .exe files from it
|
||||
|
||||
version=$1
|
||||
|
||||
if [ -z "${version}" ]; then
|
||||
echo "Usage: $0 VERSION" >& 2
|
||||
echo "" >& 2
|
||||
echo "example: $0 3.6.6" >& 2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
versionedname=Python-${version}
|
||||
orig_archive=${versionedname}.tar.xz
|
||||
new_archive=${versionedname}-noexe.tar.xz
|
||||
|
||||
if [ ! -e ${orig_archive} ]; then
|
||||
wget -N https://www.python.org/ftp/python/${version}/${orig_archive}
|
||||
fi
|
||||
|
||||
deleted_names=$(tar --list -Jf ${orig_archive} | grep '\.exe$')
|
||||
|
||||
# tar --delete does not operate on compressed archives, so do
|
||||
# xz compression/decompression explicitly
|
||||
xz --decompress --stdout ${orig_archive} | \
|
||||
tar --delete -v ${deleted_names} | \
|
||||
xz --compress --stdout -3 -T0 > ${new_archive}
|
11542
SOURCES/pubkeys.txt
11542
SOURCES/pubkeys.txt
File diff suppressed because it is too large
Load Diff
@ -13,11 +13,11 @@ URL: https://www.python.org/
|
||||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
%global general_version %{pybasever}.3
|
||||
%global general_version %{pybasever}.6
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 1%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: Python
|
||||
|
||||
# Exclude i686 arch. Due to a modularity issue it's being added to the
|
||||
@ -92,6 +92,15 @@ ExcludeArch: i686
|
||||
%bcond_with valgrind
|
||||
%endif
|
||||
|
||||
# https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
|
||||
# For a very long time we have converted "upstream architecture names" to "Fedora names".
|
||||
# This made sense at the time, see https://github.com/pypa/manylinux/issues/687#issuecomment-666362947
|
||||
# However, with manylinux wheels popularity growth, this is now a problem.
|
||||
# Wheels built on a Linux that doesn't do this were not compatible with ours and vice versa.
|
||||
# We now have a compatibility layer to workaround a problem,
|
||||
# but we also no longer use the legacy arch names in Fedora 34+.
|
||||
# This bcond controls the behavior. The defaults should be good for anybody.
|
||||
%bcond_without legacy_archnames
|
||||
|
||||
# =====================
|
||||
# General global macros
|
||||
@ -114,8 +123,21 @@ ExcludeArch: i686
|
||||
%global LDVERSION_optimized %{pybasever}%{ABIFLAGS_optimized}
|
||||
%global LDVERSION_debug %{pybasever}%{ABIFLAGS_debug}
|
||||
|
||||
%global SOABI_optimized cpython-%{pyshortver}%{ABIFLAGS_optimized}-%{_arch}-linux%{_gnu}
|
||||
%global SOABI_debug cpython-%{pyshortver}%{ABIFLAGS_debug}-%{_arch}-linux%{_gnu}
|
||||
# When we use the upstream arch triplets, we convert them from the legacy ones
|
||||
# This is reversed in prep when %%with legacy_archnames, so we keep both macros
|
||||
%global platform_triplet_legacy %{_arch}-linux%{_gnu}
|
||||
%global platform_triplet_upstream %{expand:%(echo %{platform_triplet_legacy} | sed -E \\
|
||||
-e 's/^arm(eb)?-linux-gnueabi$/arm\\1-linux-gnueabihf/' \\
|
||||
-e 's/^mips64(el)?-linux-gnu$/mips64\\1-linux-gnuabi64/' \\
|
||||
-e 's/^ppc(64)?(le)?-linux-gnu$/powerpc\\1\\2-linux-gnu/')}
|
||||
%if %{with legacy_archnames}
|
||||
%global platform_triplet %{platform_triplet_legacy}
|
||||
%else
|
||||
%global platform_triplet %{platform_triplet_upstream}
|
||||
%endif
|
||||
|
||||
%global SOABI_optimized cpython-%{pyshortver}%{ABIFLAGS_optimized}-%{platform_triplet}
|
||||
%global SOABI_debug cpython-%{pyshortver}%{ABIFLAGS_debug}-%{platform_triplet}
|
||||
|
||||
# All bytecode files are in a __pycache__ subdirectory, with a name
|
||||
# reflecting the version of the bytecode.
|
||||
@ -216,9 +238,17 @@ BuildRequires: python%{pyshortver}
|
||||
# Source code and patches
|
||||
# =======================
|
||||
|
||||
Source0: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz
|
||||
Source1: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz.asc
|
||||
Source2: %{url}static/files/pubkeys.txt
|
||||
# The upstream tarball includes questionable executable files for Windows,
|
||||
# which we should not ship even in the SRPM.
|
||||
# Run the "get-source.sh" with the version as argument to download the upstream
|
||||
# tarball and generate a version with the .exe files removed. For example:
|
||||
# $ ./get-source.sh 3.7.0
|
||||
|
||||
Source: Python-%{version}-noexe.tar.xz
|
||||
|
||||
# A script to remove .exe files from the source distribution
|
||||
Source1: get-source.sh
|
||||
|
||||
Source3: macros.python38
|
||||
|
||||
# A simple script to check timestamps of bytecode files
|
||||
@ -265,10 +295,6 @@ Patch189: 00189-use-rpm-wheels.patch
|
||||
# Downstream only: Awaiting resources to work on upstream PEP
|
||||
Patch251: 00251-change-user-install-location.patch
|
||||
|
||||
# 00274 #
|
||||
# Upstream uses Debian-style architecture naming. Change to match Fedora.
|
||||
Patch274: 00274-fix-arch-names.patch
|
||||
|
||||
# 00328 #
|
||||
# Restore pyc to TIMESTAMP invalidation mode as default in rpmbubild
|
||||
# See https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57#comment-27426
|
||||
@ -299,11 +325,36 @@ Patch328: 00328-pyc-timestamp-invalidation-mode.patch
|
||||
# Resolves: rhbz#1731424
|
||||
Patch329: 00329-fips.patch
|
||||
|
||||
# 00350 #
|
||||
# bpo-40784: Fix sqlite3 deterministic test (GH-20448)
|
||||
# https://bugs.python.org/issue40784
|
||||
# https://github.com/python/cpython/commit/00a240bf7f95bbd220f1cfbf9eb58484a5f9681a
|
||||
Patch350: 00350-sqlite-fix-deterministic-test.patch
|
||||
# 00353 #
|
||||
# Original names for architectures with different names downstream
|
||||
#
|
||||
# https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
|
||||
#
|
||||
# Pythons in RHEL/Fedora used different names for some architectures
|
||||
# than upstream and other distros (for example ppc64 vs. powerpc64).
|
||||
# This was patched in patch 274, now it is sedded if %%with legacy_archnames.
|
||||
#
|
||||
# That meant that an extension built with the default upstream settings
|
||||
# (on other distro or as an manylinux wheel) could not been found by Python
|
||||
# on RHEL/Fedora because it had a different suffix.
|
||||
# This patch adds the legacy names to importlib so Python is able
|
||||
# to import extensions with a legacy architecture name in its
|
||||
# file name.
|
||||
# It work both ways, so it support both %%with and %%without legacy_archnames.
|
||||
#
|
||||
# WARNING: This patch has no effect on Python built with bootstrap
|
||||
# enabled because Python/importlib_external.h is not regenerated
|
||||
# and therefore Python during bootstrap contains importlib from
|
||||
# upstream without this feature. It's possible to include
|
||||
# Python/importlib_external.h to this patch but it'd make rebasing
|
||||
# a nightmare because it's basically a binary file.
|
||||
Patch353: 00353-architecture-names-upstream-downstream.patch
|
||||
|
||||
# 00357 #
|
||||
# Security fix for CVE-2021-3177
|
||||
# Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
|
||||
# Resolves upstream: https://bugs.python.org/issue42938
|
||||
Patch357: 00357-CVE-2021-3177.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
@ -649,16 +700,22 @@ rm Lib/ensurepip/_bundled/*.whl
|
||||
%endif
|
||||
|
||||
%patch251 -p1
|
||||
%patch274 -p1
|
||||
%patch328 -p1
|
||||
%patch329 -p1
|
||||
%patch350 -p1
|
||||
%patch353 -p1
|
||||
%patch357 -p1
|
||||
|
||||
|
||||
# Remove files that should be generated by the build
|
||||
# (This is after patching, so that we can use patches directly from upstream)
|
||||
rm configure pyconfig.h.in
|
||||
|
||||
# When we use the legacy arch names, we need to change them in configure.ac
|
||||
%if %{with legacy_archnames}
|
||||
sed -i configure.ac \
|
||||
-e 's/\b%{platform_triplet_upstream}\b/%{platform_triplet_legacy}/'
|
||||
%endif
|
||||
|
||||
|
||||
# ======================================================
|
||||
# Configuring and building the code:
|
||||
@ -1471,8 +1528,8 @@ fi
|
||||
# "Makefile" and the config-32/64.h file are needed by
|
||||
# distutils/sysconfig.py:_init_posix(), so we include them in the core
|
||||
# package, along with their parent directories (bug 531901):
|
||||
%dir %{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/
|
||||
%{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/Makefile
|
||||
%dir %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/
|
||||
%{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/Makefile
|
||||
%dir %{_includedir}/python%{LDVERSION_optimized}/
|
||||
%{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h}
|
||||
|
||||
@ -1490,9 +1547,9 @@ fi
|
||||
%{_bindir}/2to3
|
||||
%endif
|
||||
|
||||
%{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/*
|
||||
%{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/*
|
||||
%if %{without flatpackage}
|
||||
%exclude %{pylibdir}/config-%{LDVERSION_optimized}-%{_arch}-linux%{_gnu}/Makefile
|
||||
%exclude %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/Makefile
|
||||
%exclude %{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h}
|
||||
%endif
|
||||
%{_includedir}/python%{LDVERSION_optimized}/*.h
|
||||
@ -1687,7 +1744,7 @@ fi
|
||||
%{_libdir}/%{py_INSTSONAME_debug}
|
||||
|
||||
# Analog of the -devel subpackage's files:
|
||||
%{pylibdir}/config-%{LDVERSION_debug}-%{_arch}-linux%{_gnu}
|
||||
%{pylibdir}/config-%{LDVERSION_debug}-%{platform_triplet}
|
||||
%{_includedir}/python%{LDVERSION_debug}
|
||||
%{_bindir}/python%{LDVERSION_debug}-config
|
||||
%{_bindir}/python%{LDVERSION_debug}-*-config
|
||||
@ -1736,6 +1793,26 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Fri Jan 22 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.8.6-3
|
||||
- Security fix for CVE-2021-3177
|
||||
Resolves: rhbz#1919161
|
||||
|
||||
* Fri Oct 23 2020 Lumír Balhar <lbalhar@redhat.com> - 3.8.6-2
|
||||
- Add support for upstream architecture names
|
||||
https://fedoraproject.org/wiki/Changes/Python_Upstream_Architecture_Names
|
||||
Resolves: rhbz#1868006
|
||||
|
||||
* Fri Oct 09 2020 Charalampos Stratakis <cstratak@redhat.com> - 3.8.6-1
|
||||
- Update to 3.8.6
|
||||
- Security fix for CVE-2020-26116
|
||||
Resolves: rhbz#1886755, rhbz#1883259
|
||||
|
||||
* Mon Aug 17 2020 Tomas Orsava <torsava@redhat.com> - 3.8.3-3
|
||||
- Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
|
||||
Resolves: rhbz#1856481
|
||||
- Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
|
||||
Resolves: rhbz#1854926
|
||||
|
||||
* Wed Jun 24 2020 Tomas Orsava <torsava@redhat.com> - 3.8.3-2
|
||||
- Fix sqlite3 deterministic test
|
||||
Related: rhbz#1847416
|
||||
|
Loading…
Reference in New Issue
Block a user