import python39-3.9.6-1.module+el8.5.0+12043+ff46b40f
This commit is contained in:
parent
6821411dff
commit
eb7dc5ac30
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/Python-3.9.2.tar.xz
|
||||
SOURCES/Python-3.9.6.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
110ca5bca7989f9558a54ee6762e6774a4b9644a SOURCES/Python-3.9.2.tar.xz
|
||||
05826c93a178872958f6685094ee3514e53ba653 SOURCES/Python-3.9.6.tar.xz
|
||||
|
@ -33,10 +33,10 @@ index 97dfa7ea71..984e587ea0 100644
|
||||
|
||||
+_WHEEL_DIR = "/usr/share/python39-wheels/"
|
||||
|
||||
-_SETUPTOOLS_VERSION = "49.2.1"
|
||||
-_SETUPTOOLS_VERSION = "56.0.0"
|
||||
+_wheels = {}
|
||||
|
||||
-_PIP_VERSION = "20.2.3"
|
||||
-_PIP_VERSION = "21.1.3"
|
||||
+def _get_most_recent_wheel_version(pkg):
|
||||
+ prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg))
|
||||
+ _wheels[pkg] = {}
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 0d4515001c99025c024d773f34d3eb97833d0b5d Mon Sep 17 00:00:00 2001
|
||||
From 918e294d56e646e67553550c87b4a9e30cac1f67 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Fri, 29 Jan 2021 14:16:21 +0100
|
||||
Subject: [PATCH 01/13] Use python's fall backs for the crypto it implements
|
||||
@ -10,7 +10,7 @@ Subject: [PATCH 01/13] Use python's fall backs for the crypto it implements
|
||||
2 files changed, 76 insertions(+), 119 deletions(-)
|
||||
|
||||
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
|
||||
index 58c340d56e3..1fd80c7d4fd 100644
|
||||
index 58c340d..1fd80c7 100644
|
||||
--- a/Lib/hashlib.py
|
||||
+++ b/Lib/hashlib.py
|
||||
@@ -68,8 +68,6 @@ __all__ = __always_supported + ('new', 'algorithms_guaranteed',
|
||||
@ -260,7 +260,7 @@ index 58c340d56e3..1fd80c7d4fd 100644
|
||||
+if not get_fips_mode():
|
||||
+ del __py_new
|
||||
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
|
||||
index 86f31a55878..8235505092b 100644
|
||||
index 86f31a5..8235505 100644
|
||||
--- a/Lib/test/test_hashlib.py
|
||||
+++ b/Lib/test/test_hashlib.py
|
||||
@@ -1039,6 +1039,7 @@ class KDFTests(unittest.TestCase):
|
||||
@ -272,10 +272,10 @@ index 86f31a55878..8235505092b 100644
|
||||
def test_pbkdf2_hmac_py(self):
|
||||
self._test_pbkdf2_hmac(builtin_hashlib.pbkdf2_hmac, builtin_hashes)
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 8a174c9a8d4180a5a7b19f4419b98c63b91b13ab Mon Sep 17 00:00:00 2001
|
||||
From 93696af7133bf08fd76fb759b24c7f82b90220da Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 17:19:06 +0200
|
||||
Subject: [PATCH 02/13] Disable Python's hash implementations in FIPS mode,
|
||||
@ -293,7 +293,7 @@ Subject: [PATCH 02/13] Disable Python's hash implementations in FIPS mode,
|
||||
|
||||
diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h
|
||||
new file mode 100644
|
||||
index 00000000000..a726c0d3fbf
|
||||
index 0000000..a726c0d
|
||||
--- /dev/null
|
||||
+++ b/Include/_hashopenssl.h
|
||||
@@ -0,0 +1,66 @@
|
||||
@ -364,7 +364,7 @@ index 00000000000..a726c0d3fbf
|
||||
+
|
||||
+#endif // !Py_HASHOPENSSL_H
|
||||
diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c
|
||||
index 7fb1296f8b2..67620afcad2 100644
|
||||
index 7fb1296..67620af 100644
|
||||
--- a/Modules/_blake2/blake2b_impl.c
|
||||
+++ b/Modules/_blake2/blake2b_impl.c
|
||||
@@ -14,6 +14,7 @@
|
||||
@ -394,7 +394,7 @@ index 7fb1296f8b2..67620afcad2 100644
|
||||
|
||||
if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE)
|
||||
diff --git a/Modules/_blake2/blake2module.c b/Modules/_blake2/blake2module.c
|
||||
index ff142c9f3ed..bc67529cb5e 100644
|
||||
index ff142c9..bc67529 100644
|
||||
--- a/Modules/_blake2/blake2module.c
|
||||
+++ b/Modules/_blake2/blake2module.c
|
||||
@@ -9,6 +9,7 @@
|
||||
@ -415,7 +415,7 @@ index ff142c9f3ed..bc67529cb5e 100644
|
||||
if (m == NULL)
|
||||
return NULL;
|
||||
diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c
|
||||
index e3e90d0587b..57c0f3fcbd7 100644
|
||||
index e3e90d0..57c0f3f 100644
|
||||
--- a/Modules/_blake2/blake2s_impl.c
|
||||
+++ b/Modules/_blake2/blake2s_impl.c
|
||||
@@ -14,6 +14,7 @@
|
||||
@ -445,28 +445,28 @@ index e3e90d0587b..57c0f3fcbd7 100644
|
||||
|
||||
if (self->lock == NULL && buf.len >= HASHLIB_GIL_MINSIZE)
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index adc86537732..deecc077ef8 100644
|
||||
index ff3a1ae..3d788f5 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -16,6 +16,7 @@
|
||||
@@ -23,6 +23,7 @@
|
||||
#include "Python.h"
|
||||
#include "hashlib.h"
|
||||
#include "pystrhex.h"
|
||||
+#include "_hashopenssl.h"
|
||||
|
||||
|
||||
/* EVP is the preferred interface to hashing in OpenSSL */
|
||||
@@ -24,9 +25,6 @@
|
||||
#include <openssl/evp.h>
|
||||
@@ -30,9 +31,6 @@
|
||||
#include <openssl/crypto.h>
|
||||
/* We use the object interface to discover what hashes OpenSSL supports. */
|
||||
#include <openssl/objects.h>
|
||||
-#include "openssl/err.h"
|
||||
-#include <openssl/err.h>
|
||||
-
|
||||
-#include <openssl/crypto.h> // FIPS_mode()
|
||||
|
||||
#ifndef OPENSSL_THREADS
|
||||
# error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
|
||||
@@ -118,37 +116,6 @@ class _hashlib.HMAC "HMACobject *" "((_hashlibstate *)PyModule_GetState(module))
|
||||
@@ -124,37 +122,6 @@ class _hashlib.HMAC "HMACobject *" "((_hashlibstate *)PyModule_GetState(module))
|
||||
/*[clinic end generated code: output=da39a3ee5e6b4b0d input=7df1bcf6f75cb8ef]*/
|
||||
|
||||
|
||||
@ -505,7 +505,7 @@ index adc86537732..deecc077ef8 100644
|
||||
static PyObject *
|
||||
_disabled_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
|
||||
diff --git a/setup.py b/setup.py
|
||||
index bd5f7369244..89edbb627fa 100644
|
||||
index 04eb6b2..f72d7ca 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -2306,7 +2306,7 @@ class PyBuildExt(build_ext):
|
||||
@ -559,10 +559,10 @@ index bd5f7369244..89edbb627fa 100644
|
||||
- library_dirs=openssl_libdirs,
|
||||
- libraries=openssl_libs,
|
||||
+ **self.detect_openssl_args(),
|
||||
depends=['socketmodule.h', '_ssl/debughelpers.c'])
|
||||
)
|
||||
else:
|
||||
@@ -2358,9 +2369,7 @@ class PyBuildExt(build_ext):
|
||||
depends=[
|
||||
'socketmodule.h',
|
||||
'_ssl/debughelpers.c',
|
||||
@@ -2363,9 +2374,7 @@ class PyBuildExt(build_ext):
|
||||
|
||||
self.add(Extension('_hashlib', ['_hashopenssl.c'],
|
||||
depends=['hashlib.h'],
|
||||
@ -573,7 +573,7 @@ index bd5f7369244..89edbb627fa 100644
|
||||
|
||||
def detect_hash_builtins(self):
|
||||
# By default we always compile these even when OpenSSL is available
|
||||
@@ -2417,6 +2426,7 @@ class PyBuildExt(build_ext):
|
||||
@@ -2422,6 +2431,7 @@ class PyBuildExt(build_ext):
|
||||
'_blake2/blake2b_impl.c',
|
||||
'_blake2/blake2s_impl.c'
|
||||
],
|
||||
@ -582,10 +582,10 @@ index bd5f7369244..89edbb627fa 100644
|
||||
))
|
||||
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 56171083467bd5798adcb1946cfc0b1d68403755 Mon Sep 17 00:00:00 2001
|
||||
From 0b9b72c27e24e159ed3180e9a7a2a9efa24de7e8 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Thu, 12 Dec 2019 16:58:31 +0100
|
||||
Subject: [PATCH 03/13] Expose all hashes available to OpenSSL
|
||||
@ -600,7 +600,7 @@ Subject: [PATCH 03/13] Expose all hashes available to OpenSSL
|
||||
6 files changed, 158 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/Include/_hashopenssl.h b/Include/_hashopenssl.h
|
||||
index a726c0d3fbf..47ed0030422 100644
|
||||
index a726c0d..47ed003 100644
|
||||
--- a/Include/_hashopenssl.h
|
||||
+++ b/Include/_hashopenssl.h
|
||||
@@ -39,7 +39,7 @@ _setException(PyObject *exc)
|
||||
@ -636,7 +636,7 @@ index a726c0d3fbf..47ed0030422 100644
|
||||
|
||||
#endif // !Py_HASHOPENSSL_H
|
||||
diff --git a/Modules/_blake2/blake2b_impl.c b/Modules/_blake2/blake2b_impl.c
|
||||
index 67620afcad2..9e125dcbf43 100644
|
||||
index 67620af..9e125dc 100644
|
||||
--- a/Modules/_blake2/blake2b_impl.c
|
||||
+++ b/Modules/_blake2/blake2b_impl.c
|
||||
@@ -97,7 +97,7 @@ py_blake2b_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
|
||||
@ -658,7 +658,7 @@ index 67620afcad2..9e125dcbf43 100644
|
||||
GET_BUFFER_VIEW_OR_ERROUT(data, &buf);
|
||||
|
||||
diff --git a/Modules/_blake2/blake2module.c b/Modules/_blake2/blake2module.c
|
||||
index bc67529cb5e..79a9eed5c13 100644
|
||||
index bc67529..79a9eed 100644
|
||||
--- a/Modules/_blake2/blake2module.c
|
||||
+++ b/Modules/_blake2/blake2module.c
|
||||
@@ -58,7 +58,7 @@ PyInit__blake2(void)
|
||||
@ -671,7 +671,7 @@ index bc67529cb5e..79a9eed5c13 100644
|
||||
m = PyModule_Create(&blake2_module);
|
||||
if (m == NULL)
|
||||
diff --git a/Modules/_blake2/blake2s_impl.c b/Modules/_blake2/blake2s_impl.c
|
||||
index 57c0f3fcbd7..b59624d7d98 100644
|
||||
index 57c0f3f..b59624d 100644
|
||||
--- a/Modules/_blake2/blake2s_impl.c
|
||||
+++ b/Modules/_blake2/blake2s_impl.c
|
||||
@@ -97,7 +97,7 @@ py_blake2s_new_impl(PyTypeObject *type, PyObject *data, int digest_size,
|
||||
@ -693,10 +693,10 @@ index 57c0f3fcbd7..b59624d7d98 100644
|
||||
GET_BUFFER_VIEW_OR_ERROUT(data, &buf);
|
||||
|
||||
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
|
||||
index deecc077ef8..a805183721b 100644
|
||||
index 3d788f5..dc130f6 100644
|
||||
--- a/Modules/_hashopenssl.c
|
||||
+++ b/Modules/_hashopenssl.c
|
||||
@@ -253,6 +253,12 @@ py_digest_by_name(const char *name)
|
||||
@@ -259,6 +259,12 @@ py_digest_by_name(const char *name)
|
||||
else if (!strcmp(name, "blake2b512")) {
|
||||
digest = EVP_blake2b512();
|
||||
}
|
||||
@ -709,7 +709,7 @@ index deecc077ef8..a805183721b 100644
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -946,6 +952,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
|
||||
@@ -952,6 +958,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
|
||||
}
|
||||
|
||||
|
||||
@ -751,7 +751,7 @@ index deecc077ef8..a805183721b 100644
|
||||
#ifdef PY_OPENSSL_HAS_SHA3
|
||||
|
||||
/*[clinic input]
|
||||
@@ -1931,6 +1972,8 @@ static struct PyMethodDef EVP_functions[] = {
|
||||
@@ -1938,6 +1979,8 @@ static struct PyMethodDef EVP_functions[] = {
|
||||
_HASHLIB_OPENSSL_SHA256_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA384_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA512_METHODDEF
|
||||
@ -761,7 +761,7 @@ index deecc077ef8..a805183721b 100644
|
||||
_HASHLIB_OPENSSL_SHA3_256_METHODDEF
|
||||
_HASHLIB_OPENSSL_SHA3_384_METHODDEF
|
||||
diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h
|
||||
index 68aa765e529..2957ae2e135 100644
|
||||
index 68aa765..2957ae2 100644
|
||||
--- a/Modules/clinic/_hashopenssl.c.h
|
||||
+++ b/Modules/clinic/_hashopenssl.c.h
|
||||
@@ -540,6 +540,110 @@ exit:
|
||||
@ -882,10 +882,10 @@ index 68aa765e529..2957ae2e135 100644
|
||||
-/*[clinic end generated code: output=b6b280e46bf0b139 input=a9049054013a1b77]*/
|
||||
+/*[clinic end generated code: output=4f8cc45bf0337f8e input=a9049054013a1b77]*/
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From e024cae691bffa2d093a63f8e2058331fce94d2a Mon Sep 17 00:00:00 2001
|
||||
From 23e9a37ced6523d2e15c97f716d4dcb6605b1b9a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 25 Jul 2019 18:13:45 +0200
|
||||
Subject: [PATCH 04/13] Fix tests
|
||||
@ -895,7 +895,7 @@ Subject: [PATCH 04/13] Fix tests
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
|
||||
index 8235505092b..a838bcee2a8 100644
|
||||
index 8235505..a838bce 100644
|
||||
--- a/Lib/test/test_hashlib.py
|
||||
+++ b/Lib/test/test_hashlib.py
|
||||
@@ -354,6 +354,11 @@ class HashLibTestCase(unittest.TestCase):
|
||||
@ -911,10 +911,10 @@ index 8235505092b..a838bcee2a8 100644
|
||||
computed = m.hexdigest() if not shake else m.hexdigest(length)
|
||||
self.assertEqual(
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 3e87bf1c3d32c09a50385d8576b1164cafce4158 Mon Sep 17 00:00:00 2001
|
||||
From 20828756a8df0a693b09167d03bf2724bcfddc51 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Fri, 26 Jul 2019 15:41:10 +0200
|
||||
Subject: [PATCH 05/13] Implement hmac.new using new built-in module,
|
||||
@ -934,7 +934,7 @@ This removes the _hmacopenssl.new function.
|
||||
create mode 100644 Modules/clinic/_hmacopenssl.c.h
|
||||
|
||||
diff --git a/Lib/hmac.py b/Lib/hmac.py
|
||||
index 180bc378b52..482e443bfe4 100644
|
||||
index 180bc37..482e443 100644
|
||||
--- a/Lib/hmac.py
|
||||
+++ b/Lib/hmac.py
|
||||
@@ -14,6 +14,8 @@ else:
|
||||
@ -1003,7 +1003,7 @@ index 180bc378b52..482e443bfe4 100644
|
||||
"""Create a new hashing object and return it.
|
||||
|
||||
diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py
|
||||
index 6daf22ca06f..544ec7cb411 100644
|
||||
index 6daf22c..544ec7c 100644
|
||||
--- a/Lib/test/test_hmac.py
|
||||
+++ b/Lib/test/test_hmac.py
|
||||
@@ -322,6 +322,7 @@ class TestVectorsTestCase(unittest.TestCase):
|
||||
@ -1078,7 +1078,7 @@ index 6daf22ca06f..544ec7cb411 100644
|
||||
# Testing if the copy has the same digests.
|
||||
diff --git a/Modules/_hmacopenssl.c b/Modules/_hmacopenssl.c
|
||||
new file mode 100644
|
||||
index 00000000000..c31d233fbe4
|
||||
index 0000000..c31d233
|
||||
--- /dev/null
|
||||
+++ b/Modules/_hmacopenssl.c
|
||||
@@ -0,0 +1,459 @@
|
||||
@ -1543,7 +1543,7 @@ index 00000000000..c31d233fbe4
|
||||
+}
|
||||
diff --git a/Modules/clinic/_hmacopenssl.c.h b/Modules/clinic/_hmacopenssl.c.h
|
||||
new file mode 100644
|
||||
index 00000000000..a2af550838a
|
||||
index 0000000..a2af550
|
||||
--- /dev/null
|
||||
+++ b/Modules/clinic/_hmacopenssl.c.h
|
||||
@@ -0,0 +1,104 @@
|
||||
@ -1652,10 +1652,10 @@ index 00000000000..a2af550838a
|
||||
+}
|
||||
+/*[clinic end generated code: output=e0c910f3c9ed523e input=a9049054013a1b77]*/
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 89edbb627fa..5c2cbd665af 100644
|
||||
index f72d7ca..11fca20 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -2371,6 +2371,10 @@ class PyBuildExt(build_ext):
|
||||
@@ -2376,6 +2376,10 @@ class PyBuildExt(build_ext):
|
||||
depends=['hashlib.h'],
|
||||
**self.detect_openssl_args()) )
|
||||
|
||||
@ -1667,10 +1667,10 @@ index 89edbb627fa..5c2cbd665af 100644
|
||||
# By default we always compile these even when OpenSSL is available
|
||||
# (issue #14693). It's harmless and the object code is tiny
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From a6d7c4268a6e305b1178b633e59dde7b5c8a1069 Mon Sep 17 00:00:00 2001
|
||||
From bda4c9de583ee2272812c25d506bea294a54dee8 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 17:57:05 +0200
|
||||
Subject: [PATCH 06/13] Use a stronger hash in multiprocessing handshake
|
||||
@ -1682,7 +1682,7 @@ https://bugs.python.org/issue17258
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
|
||||
index 510e4b5aba4..b68f2fb837a 100644
|
||||
index 510e4b5..b68f2fb 100644
|
||||
--- a/Lib/multiprocessing/connection.py
|
||||
+++ b/Lib/multiprocessing/connection.py
|
||||
@@ -42,6 +42,10 @@ BUFSIZE = 8192
|
||||
@ -1715,10 +1715,10 @@ index 510e4b5aba4..b68f2fb837a 100644
|
||||
response = connection.recv_bytes(256) # reject large message
|
||||
if response != WELCOME:
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 86868ca46c47112f771d54a54ee89e2d6c00f56f Mon Sep 17 00:00:00 2001
|
||||
From 381d423df59d59f953ed817e1611dd929393dea9 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Wed, 31 Jul 2019 15:43:43 +0200
|
||||
Subject: [PATCH 07/13] Add initial tests for various hashes under FIPS mode
|
||||
@ -1730,7 +1730,7 @@ Subject: [PATCH 07/13] Add initial tests for various hashes under FIPS mode
|
||||
|
||||
diff --git a/Lib/test/test_fips.py b/Lib/test/test_fips.py
|
||||
new file mode 100644
|
||||
index 00000000000..fe4ea72296e
|
||||
index 0000000..fe4ea72
|
||||
--- /dev/null
|
||||
+++ b/Lib/test/test_fips.py
|
||||
@@ -0,0 +1,31 @@
|
||||
@ -1766,10 +1766,10 @@ index 00000000000..fe4ea72296e
|
||||
+if __name__ == "__main__":
|
||||
+ unittest.main()
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 5badab85d3fc725b56a19658f1e9b16aeb0ed663 Mon Sep 17 00:00:00 2001
|
||||
From 31c0ebb0612e0f058a45058b5c92d1cfa672eca2 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 5 Aug 2019 18:23:57 +0200
|
||||
Subject: [PATCH 08/13] Make hashlib tests pass in FIPS mode
|
||||
@ -1779,7 +1779,7 @@ Subject: [PATCH 08/13] Make hashlib tests pass in FIPS mode
|
||||
1 file changed, 24 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
|
||||
index a838bcee2a8..6f60ad4b8fb 100644
|
||||
index a838bce..6f60ad4 100644
|
||||
--- a/Lib/test/test_hashlib.py
|
||||
+++ b/Lib/test/test_hashlib.py
|
||||
@@ -44,6 +44,12 @@ if builtin_hashes == default_builtin_hashes:
|
||||
@ -1878,10 +1878,10 @@ index a838bcee2a8..6f60ad4b8fb 100644
|
||||
self.check(
|
||||
'md5',
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 0f7a3094bc4cf691ae0dd093567ceea149e14e8a Mon Sep 17 00:00:00 2001
|
||||
From 42e85e3a54a806e9460ae67598f473b4a839d223 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 26 Aug 2019 19:09:39 +0200
|
||||
Subject: [PATCH 09/13] Test the usedforsecurity flag
|
||||
@ -1891,7 +1891,7 @@ Subject: [PATCH 09/13] Test the usedforsecurity flag
|
||||
1 file changed, 42 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
|
||||
index 6f60ad4b8fb..f306ba33b20 100644
|
||||
index 6f60ad4..f306ba3 100644
|
||||
--- a/Lib/test/test_hashlib.py
|
||||
+++ b/Lib/test/test_hashlib.py
|
||||
@@ -20,6 +20,7 @@ import warnings
|
||||
@ -2070,10 +2070,10 @@ index 6f60ad4b8fb..f306ba33b20 100644
|
||||
class KDFTests(unittest.TestCase):
|
||||
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 5feafbf68d297e3f4fcafe4cbeff97817c592c53 Mon Sep 17 00:00:00 2001
|
||||
From 7ea94845a8c8f5b2081237e69ff41993da1e5a5e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Mon, 26 Aug 2019 19:39:48 +0200
|
||||
Subject: [PATCH 10/13] Don't re-export get_fips_mode from hashlib
|
||||
@ -2089,7 +2089,7 @@ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1745685
|
||||
6 files changed, 29 insertions(+), 29 deletions(-)
|
||||
|
||||
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
|
||||
index 1fd80c7d4fd..6121d251267 100644
|
||||
index 1fd80c7..6121d25 100644
|
||||
--- a/Lib/hashlib.py
|
||||
+++ b/Lib/hashlib.py
|
||||
@@ -53,6 +53,8 @@ More condensed:
|
||||
@ -2169,7 +2169,7 @@ index 1fd80c7d4fd..6121d251267 100644
|
||||
+if not _hashlib.get_fips_mode():
|
||||
del __py_new
|
||||
diff --git a/Lib/hmac.py b/Lib/hmac.py
|
||||
index 482e443bfe4..ff466322d7b 100644
|
||||
index 482e443..ff46632 100644
|
||||
--- a/Lib/hmac.py
|
||||
+++ b/Lib/hmac.py
|
||||
@@ -50,7 +50,7 @@ class HMAC:
|
||||
@ -2200,7 +2200,7 @@ index 482e443bfe4..ff466322d7b 100644
|
||||
|
||||
|
||||
diff --git a/Lib/test/test_fips.py b/Lib/test/test_fips.py
|
||||
index fe4ea72296e..6b50f8b45d4 100644
|
||||
index fe4ea72..6b50f8b 100644
|
||||
--- a/Lib/test/test_fips.py
|
||||
+++ b/Lib/test/test_fips.py
|
||||
@@ -6,7 +6,7 @@ import hashlib, _hashlib
|
||||
@ -2222,7 +2222,7 @@ index fe4ea72296e..6b50f8b45d4 100644
|
||||
self.assertEqual(hashlib.blake2b(b'abc').hexdigest(), _hashlib.openssl_blake2b(b'abc').hexdigest())
|
||||
self.assertEqual(hashlib.blake2s(b'abc').hexdigest(), _hashlib.openssl_blake2s(b'abc').hexdigest())
|
||||
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
|
||||
index f306ba33b20..03cfb6b2fb4 100644
|
||||
index f306ba3..03cfb6b 100644
|
||||
--- a/Lib/test/test_hashlib.py
|
||||
+++ b/Lib/test/test_hashlib.py
|
||||
@@ -46,7 +46,9 @@ else:
|
||||
@ -2288,7 +2288,7 @@ index f306ba33b20..03cfb6b2fb4 100644
|
||||
"""Make sure usedforsecurity flag isn't copied to other contexts"""
|
||||
for i in range(3):
|
||||
diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py
|
||||
index 544ec7cb411..2d4484911c2 100644
|
||||
index 544ec7c..2d44849 100644
|
||||
--- a/Lib/test/test_hmac.py
|
||||
+++ b/Lib/test/test_hmac.py
|
||||
@@ -5,6 +5,7 @@ import hashlib
|
||||
@ -2336,7 +2336,7 @@ index 544ec7cb411..2d4484911c2 100644
|
||||
def test_properties(self):
|
||||
# deprecated properties
|
||||
diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py
|
||||
index ed426b05a71..faec6844f9a 100644
|
||||
index ed426b0..faec684 100644
|
||||
--- a/Lib/test/test_urllib2_localnet.py
|
||||
+++ b/Lib/test/test_urllib2_localnet.py
|
||||
@@ -7,6 +7,7 @@ import http.server
|
||||
@ -2348,10 +2348,10 @@ index ed426b05a71..faec6844f9a 100644
|
||||
from test import support
|
||||
from test.support import hashlib_helper
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 3e314b647bc316dda3cef1f611fbac9170ed1030 Mon Sep 17 00:00:00 2001
|
||||
From 62c667aed616986e8b6df9883ccebf9326f041ee Mon Sep 17 00:00:00 2001
|
||||
From: Christian Heimes <christian@python.org>
|
||||
Date: Wed, 20 Nov 2019 10:59:25 +0100
|
||||
Subject: [PATCH 11/13] Use FIPS compliant CSPRNG
|
||||
@ -2368,7 +2368,7 @@ Signed-off-by: Christian Heimes <christian@python.org>
|
||||
4 files changed, 63 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
|
||||
index bf1cb5f5112..d3b1d9c8969 100644
|
||||
index 35933e9..f67a65d 100644
|
||||
--- a/Lib/test/test_os.py
|
||||
+++ b/Lib/test/test_os.py
|
||||
@@ -29,6 +29,7 @@ import types
|
||||
@ -2392,7 +2392,7 @@ index bf1cb5f5112..d3b1d9c8969 100644
|
||||
def test_getrandom_type(self):
|
||||
data = os.getrandom(16)
|
||||
diff --git a/Makefile.pre.in b/Makefile.pre.in
|
||||
index f128444b985..3ea348a5461 100644
|
||||
index c57fc96..7b94db1 100644
|
||||
--- a/Makefile.pre.in
|
||||
+++ b/Makefile.pre.in
|
||||
@@ -116,7 +116,7 @@ PY_STDMODULE_CFLAGS= $(PY_CFLAGS) $(PY_CFLAGS_NODIST) $(PY_CPPFLAGS) $(CFLAGSFOR
|
||||
@ -2405,10 +2405,10 @@ index f128444b985..3ea348a5461 100644
|
||||
CFLAGS_ALIASING=@CFLAGS_ALIASING@
|
||||
|
||||
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
|
||||
index 12f72f525f7..d244d264d8a 100644
|
||||
index c984e2e..d1b0e39 100644
|
||||
--- a/Modules/posixmodule.c
|
||||
+++ b/Modules/posixmodule.c
|
||||
@@ -495,6 +495,9 @@ extern char *ctermid_r(char *);
|
||||
@@ -502,6 +502,9 @@ extern char *ctermid_r(char *);
|
||||
# define MODNAME "posix"
|
||||
#endif
|
||||
|
||||
@ -2418,7 +2418,7 @@ index 12f72f525f7..d244d264d8a 100644
|
||||
#if defined(__sun)
|
||||
/* Something to implement in autoconf, not present in autoconf 2.69 */
|
||||
# define HAVE_STRUCT_STAT_ST_FSTYPE 1
|
||||
@@ -14171,6 +14174,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
|
||||
@@ -14256,6 +14259,11 @@ os_getrandom_impl(PyObject *module, Py_ssize_t size, int flags)
|
||||
return posix_error();
|
||||
}
|
||||
|
||||
@ -2431,7 +2431,7 @@ index 12f72f525f7..d244d264d8a 100644
|
||||
if (bytes == NULL) {
|
||||
PyErr_NoMemory();
|
||||
diff --git a/Python/bootstrap_hash.c b/Python/bootstrap_hash.c
|
||||
index a212f69870e..6333cd446dc 100644
|
||||
index a212f69..6333cd4 100644
|
||||
--- a/Python/bootstrap_hash.c
|
||||
+++ b/Python/bootstrap_hash.c
|
||||
@@ -429,6 +429,50 @@ dev_urandom_close(void)
|
||||
@ -2497,10 +2497,10 @@ index a212f69870e..6333cd446dc 100644
|
||||
return win32_urandom((unsigned char *)buffer, size, raise);
|
||||
#else
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 16b9a981697b94c348fdc0d73d2d12e12b1b4227 Mon Sep 17 00:00:00 2001
|
||||
From 58e51c67ce2afa268e7a44100d4ca9025b54117c Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <pviktori@redhat.com>
|
||||
Date: Tue, 7 Apr 2020 15:16:45 +0200
|
||||
Subject: [PATCH 12/13] Pass kwargs (like usedforsecurity) through __hash_new
|
||||
@ -2510,7 +2510,7 @@ Subject: [PATCH 12/13] Pass kwargs (like usedforsecurity) through __hash_new
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
|
||||
index 6121d251267..00794adffc1 100644
|
||||
index 6121d25..00794ad 100644
|
||||
--- a/Lib/hashlib.py
|
||||
+++ b/Lib/hashlib.py
|
||||
@@ -171,7 +171,7 @@ def __hash_new(name, data=b'', **kwargs):
|
||||
@ -2523,10 +2523,10 @@ index 6121d251267..00794adffc1 100644
|
||||
|
||||
try:
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
||||
From 48fb6366a0fcb95c8565be35495b25a23dc03896 Mon Sep 17 00:00:00 2001
|
||||
From ea7b14d45e9a41182ca2411ad6730a9987ec49f1 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Fri, 24 Apr 2020 19:57:16 +0200
|
||||
Subject: [PATCH 13/13] Skip the test_with_digestmod_no_default under FIPS
|
||||
@ -2538,7 +2538,7 @@ the digestmod parameter misuse under FIPS mode.
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py
|
||||
index 2d4484911c2..e0a5b6a053b 100644
|
||||
index 2d44849..e0a5b6a 100644
|
||||
--- a/Lib/test/test_hmac.py
|
||||
+++ b/Lib/test/test_hmac.py
|
||||
@@ -347,6 +347,7 @@ class TestVectorsTestCase(unittest.TestCase):
|
||||
@ -2569,5 +2569,5 @@ index 2d4484911c2..e0a5b6a053b 100644
|
||||
class ConstructorTestCase(unittest.TestCase):
|
||||
|
||||
--
|
||||
2.26.2
|
||||
2.31.1
|
||||
|
||||
|
@ -1,100 +0,0 @@
|
||||
From ed753d94856213ae9fc028195f670e66a24e2334 Mon Sep 17 00:00:00 2001
|
||||
From: "Miss Islington (bot)"
|
||||
<31488909+miss-islington@users.noreply.github.com>
|
||||
Date: Mon, 29 Mar 2021 06:08:00 -0700
|
||||
Subject: [PATCH] bpo-42988: Remove the pydoc getfile feature (GH-25015)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
|
||||
could be abused to read arbitrary files on the disk (directory
|
||||
traversal vulnerability). Moreover, even source code of Python
|
||||
modules can contain sensitive data like passwords. Vulnerability
|
||||
reported by David Schwörer.
|
||||
(cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048)
|
||||
|
||||
Co-authored-by: Victor Stinner <vstinner@python.org>
|
||||
---
|
||||
Lib/pydoc.py | 18 ------------------
|
||||
Lib/test/test_pydoc.py | 6 ------
|
||||
.../2021-03-24-14-16-56.bpo-42988.P2aNco.rst | 4 ++++
|
||||
3 files changed, 4 insertions(+), 24 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
|
||||
|
||||
diff --git a/Lib/pydoc.py b/Lib/pydoc.py
|
||||
index 35ef3ebdc688e6..ffa4b62c1f17b7 100755
|
||||
--- a/Lib/pydoc.py
|
||||
+++ b/Lib/pydoc.py
|
||||
@@ -2457,9 +2457,6 @@ def page(self, title, contents):
|
||||
%s</head><body bgcolor="#f0f0f8">%s<div style="clear:both;padding-top:.5em;">%s</div>
|
||||
</body></html>''' % (title, css_link, html_navbar(), contents)
|
||||
|
||||
- def filelink(self, url, path):
|
||||
- return '<a href="getfile?key=%s">%s</a>' % (url, path)
|
||||
-
|
||||
|
||||
html = _HTMLDoc()
|
||||
|
||||
@@ -2545,19 +2542,6 @@ def bltinlink(name):
|
||||
'key = %s' % key, '#ffffff', '#ee77aa', '<br>'.join(results))
|
||||
return 'Search Results', contents
|
||||
|
||||
- def html_getfile(path):
|
||||
- """Get and display a source file listing safely."""
|
||||
- path = urllib.parse.unquote(path)
|
||||
- with tokenize.open(path) as fp:
|
||||
- lines = html.escape(fp.read())
|
||||
- body = '<pre>%s</pre>' % lines
|
||||
- heading = html.heading(
|
||||
- '<big><big><strong>File Listing</strong></big></big>',
|
||||
- '#ffffff', '#7799ee')
|
||||
- contents = heading + html.bigsection(
|
||||
- 'File: %s' % path, '#ffffff', '#ee77aa', body)
|
||||
- return 'getfile %s' % path, contents
|
||||
-
|
||||
def html_topics():
|
||||
"""Index of topic texts available."""
|
||||
|
||||
@@ -2649,8 +2633,6 @@ def get_html_page(url):
|
||||
op, _, url = url.partition('=')
|
||||
if op == "search?key":
|
||||
title, content = html_search(url)
|
||||
- elif op == "getfile?key":
|
||||
- title, content = html_getfile(url)
|
||||
elif op == "topic?key":
|
||||
# try topics first, then objects.
|
||||
try:
|
||||
diff --git a/Lib/test/test_pydoc.py b/Lib/test/test_pydoc.py
|
||||
index ffabb7f1b94072..0bbdc42c635be4 100644
|
||||
--- a/Lib/test/test_pydoc.py
|
||||
+++ b/Lib/test/test_pydoc.py
|
||||
@@ -1374,18 +1374,12 @@ def test_url_requests(self):
|
||||
("topic?key=def", "Pydoc: KEYWORD def"),
|
||||
("topic?key=STRINGS", "Pydoc: TOPIC STRINGS"),
|
||||
("foobar", "Pydoc: Error - foobar"),
|
||||
- ("getfile?key=foobar", "Pydoc: Error - getfile?key=foobar"),
|
||||
]
|
||||
|
||||
with self.restrict_walk_packages():
|
||||
for url, title in requests:
|
||||
self.call_url_handler(url, title)
|
||||
|
||||
- path = string.__file__
|
||||
- title = "Pydoc: getfile " + path
|
||||
- url = "getfile?key=" + path
|
||||
- self.call_url_handler(url, title)
|
||||
-
|
||||
|
||||
class TestHelper(unittest.TestCase):
|
||||
def test_keywords(self):
|
||||
diff --git a/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst b/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
|
||||
new file mode 100644
|
||||
index 00000000000000..4b42dd05305a83
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
|
||||
@@ -0,0 +1,4 @@
|
||||
+CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module which
|
||||
+could be abused to read arbitrary files on the disk (directory traversal
|
||||
+vulnerability). Moreover, even source code of Python modules can contain
|
||||
+sensitive data like passwords. Vulnerability reported by David Schwörer.
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmAvyCoACgkQsmmV4xAl
|
||||
BWhP7g//XBDQxNrjEaLSBfGy8tGbNPqlrBAOWsuH02JzvRXnr2gBX2m8TfaUSAnq
|
||||
8Kzafrpsfw0+7LFoPfrp+YwUO5k2WprovW9Iw+LoUM0d5DABL/gXKwVb0j9i8nRj
|
||||
uaPLzX9SRnCQQPfYQW/5wRFIm+/aqz4fx93k3Gw0AfeYh9Ka1pUJOCxCvihS47+E
|
||||
dUeoC6S8SUDrm5lPLj8t1uVVtp8W7GpGMwF5Zn31ThrlUA4V/dTMmqSUXCaAI9Ii
|
||||
zXditd26EfySKSxps+VQgL7GB778XcIYxlnMYzoqd6SD/pCQgagpFP2nZ1zdZ0/g
|
||||
qpwgeGE2SK++w8iiOs2Q59tisREU7PHNVtpdILhw9Me892mwxIjl8wDMTZHY8vvU
|
||||
6OZRI9G8UktpkEcT9FeFgwna2T3T16rEVbrzpteeDLFgqUpt84yXD+pd5W/Oozaj
|
||||
sfbd7lCFBcdzCQIKa+DGDuJKFPExu8oqGg7Zq25wxLvkNosmHXny9NylE1VIJ5ad
|
||||
WHadwBeFSFCR7faplO8s+hO/BmT5PcEwIXrz/xVqwf28o/0im63llkE6WUCRW4MU
|
||||
x/S5uWjB/HSDw2NHLRRc0bLabl30mMCf7J/EkVmm9dsIpmXhn6SLC9YCYjJtIjC7
|
||||
ChSQs+U8MgEnwk/un/DELIRUtu+rQZ1GkQnJ4tooaYJlYr/m7Ww=
|
||||
=s/wm
|
||||
-----END PGP SIGNATURE-----
|
16
SOURCES/Python-3.9.6.tar.xz.asc
Normal file
16
SOURCES/Python-3.9.6.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmDZkQMACgkQsmmV4xAl
|
||||
BWj09RAAoAJZTivNUSuw9H4UBr5Y7O/y09t2SoSDnyQTv8OWXhFh6uSQQvUah8oh
|
||||
BtyfIHHJrPK+h6oX5mNmFcuv0GVKpmn5yuIYExeMBvG78mqSybYuQuHqWISEK5Vt
|
||||
NUt0ZBbOzQyqidO2Q++kRf+zfrc5BK5SZ/iCaT8fTcxISs/GuKmG2R/SoRzjYDNa
|
||||
XSqJi0/3jH/hSS/XIhKzDRzlkSemOCBuGeBi8rLCEtLE1faeeMYBB/StLzs8lkpb
|
||||
VIZ26jMN5BDtT2Srm2tJk3Yze3I4jSvhkDLVS3gWd5IKH0jrFFoGwswXuc8V6aLP
|
||||
tt87artPasOhLvEBy7y/1c3MZw+WOsZS5ogKrfI2QSMbuXT4HMOyFnrb7zz3nsKy
|
||||
wtwRP0I03P1KbI0RrM4LQj1r05RSvMSSJsbslIThL274Fh44/xanNgIM1xyf1Ios
|
||||
GiKkfo9xkkwB2/et2WJd9M4MfWcLiGvkRoFGxyon5uoNDrIaZaQF8JWZeXctIyDP
|
||||
MbdoLQod7PevKnr+XNxZNN1JVQ1uatghuTtXQcZ34WWkSGxb1zf+uh2ghayEKSeC
|
||||
nOhk2/j3CDHh5j+9oYqmDi1yvQGLucVIhu7cc2mFk6nljROzOu5Ga7M1+XSv7RNe
|
||||
cB0N1XRmpD075HEPHDmV7HSQc9A3B6fdDa5bHgyDBML7flIj5Vs=
|
||||
=j4X2
|
||||
-----END PGP SIGNATURE-----
|
@ -13,11 +13,11 @@ URL: https://www.python.org/
|
||||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
%global general_version %{pybasever}.2
|
||||
%global general_version %{pybasever}.6
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 2%{?dist}
|
||||
Release: 1%{?dist}
|
||||
License: Python
|
||||
|
||||
# Exclude i686 arch. Due to a modularity issue it's being added to the
|
||||
@ -164,6 +164,13 @@ ExcludeArch: i686
|
||||
# foo/__pycache__/bar.cpython-%%{pyshortver}.opt-2.pyc
|
||||
%global bytecode_suffixes .cpython-%{pyshortver}*.pyc
|
||||
|
||||
# libmpdec (mpdecimal package in Fedora) is tightly coupled with the
|
||||
# decimal module. We keep it bundled as to avoid incompatibilities
|
||||
# with the packaged version.
|
||||
# The version information can be found at Modules/_decimal/libmpdec/mpdecimal.h
|
||||
# defined as MPD_VERSION.
|
||||
%global libmpdec_version 2.5.0
|
||||
|
||||
# Python's configure script defines SOVERSION, and this is used in the Makefile
|
||||
# to determine INSTSONAME, the name of the libpython DSO:
|
||||
# LDLIBRARY='libpython$(VERSION).so'
|
||||
@ -300,7 +307,7 @@ Patch1: 00001-rpath.patch
|
||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=556092
|
||||
Patch111: 00111-no-static-lib.patch
|
||||
|
||||
# 00189 # 7c07eec60735bd65bda7d8e821d34718497cba27
|
||||
# 00189 # 4242864a6a12f1f4cf9fd63a6699a73f35261aa3
|
||||
# Instead of bundled wheels, use our RPM packaged wheels
|
||||
#
|
||||
# We keep them in /usr/share/python-wheels
|
||||
@ -312,8 +319,8 @@ Patch189: 00189-use-rpm-wheels.patch
|
||||
# The versions are written in Lib/ensurepip/__init__.py, this patch removes them.
|
||||
# When the bundled setuptools/pip wheel is updated, the patch no longer applies cleanly.
|
||||
# In such cases, the patch needs to be amended and the versions updated here:
|
||||
%global pip_version 20.2.3
|
||||
%global setuptools_version 49.2.1
|
||||
%global pip_version 21.1.3
|
||||
%global setuptools_version 56.0.0
|
||||
|
||||
# 00251 # 2eabd04356402d488060bc8fe316ad13fc8a3356
|
||||
# Change user install location
|
||||
@ -383,12 +390,6 @@ Patch329: 00329-fips.patch
|
||||
# a nightmare because it's basically a binary file.
|
||||
Patch353: 00353-architecture-names-upstream-downstream.patch
|
||||
|
||||
# 00360 #
|
||||
# CVE-2021-3426: information disclosure via pydoc
|
||||
# Upstream: https://bugs.python.org/issue42988
|
||||
# Main BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1935913
|
||||
Patch360: 00360-CVE-2021-3426.patch
|
||||
|
||||
# (New patches go here ^^^)
|
||||
#
|
||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||
@ -526,6 +527,11 @@ Requires: python3 == %{version}-%{release}
|
||||
Provides: python = %{version}-%{release}
|
||||
# This also save us an explicit conflict for older python3 builds
|
||||
|
||||
# Also provide the name of the Ubuntu package with the same function,
|
||||
# to be nice to people who temporarily forgot which distro they're on.
|
||||
# C.f. https://packages.ubuntu.com/hirsute/all/python-is-python3/filelist
|
||||
Provides: python-is-python3 = %{version}-%{release}
|
||||
|
||||
%description -n python-unversioned-command
|
||||
This package contains /usr/bin/python - the "python" command that runs Python 3.
|
||||
|
||||
@ -543,6 +549,10 @@ Provides: bundled(python3dist(pip)) = %{pip_version}
|
||||
Provides: bundled(python3dist(setuptools)) = %{setuptools_version}
|
||||
%endif
|
||||
|
||||
# Provides for the bundled libmpdec
|
||||
Provides: bundled(mpdecimal) = %{libmpdec_version}
|
||||
Provides: bundled(libmpdec) = %{libmpdec_version}
|
||||
|
||||
# There are files in the standard library that have python shebang.
|
||||
# We've filtered the automatic requirement out so libs are installable without
|
||||
# the main package. This however makes it pulled in by default.
|
||||
@ -726,6 +736,10 @@ Provides: bundled(python3dist(pip)) = %{pip_version}
|
||||
Provides: bundled(python3dist(setuptools)) = %{setuptools_version}
|
||||
%endif
|
||||
|
||||
# Provides for the bundled libmpdec
|
||||
Provides: bundled(mpdecimal) = %{libmpdec_version}
|
||||
Provides: bundled(libmpdec) = %{libmpdec_version}
|
||||
|
||||
# The zoneinfo module needs tzdata
|
||||
Requires: tzdata
|
||||
|
||||
@ -777,7 +791,6 @@ rm Lib/ensurepip/_bundled/*.whl
|
||||
%apply_patch -q %{PATCH328}
|
||||
%apply_patch -q %{PATCH329}
|
||||
%apply_patch -q %{PATCH353}
|
||||
%apply_patch -q %{PATCH360}
|
||||
|
||||
# Remove all exe files to ensure we are not shipping prebuilt binaries
|
||||
# note that those are only used to create Microsoft Windows installers
|
||||
@ -1251,6 +1264,11 @@ for Module in %{buildroot}/%{dynload_dir}/*.so ; do
|
||||
esac
|
||||
done
|
||||
|
||||
# Verify that the bundled libmpdec version python was compiled with, is the same version we have virtual
|
||||
# provides for in the SPEC.
|
||||
test "$(LD_LIBRARY_PATH=$(pwd)/build/optimized $(pwd)/build/optimized/python -c 'import decimal; print(decimal.__libmpdec_version__)')" = \
|
||||
"%{libmpdec_version}"
|
||||
|
||||
|
||||
# ======================================================
|
||||
# Running the upstream test suite
|
||||
@ -1941,6 +1959,11 @@ fi
|
||||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Tue Jul 27 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.9.6-1
|
||||
- Update to 3.9.6
|
||||
- Fix CVE-2021-29921: Improper input validation of octal strings in the ipaddress module
|
||||
Resolves: rhbz#1957458
|
||||
|
||||
* Fri Apr 30 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.9.2-2
|
||||
- Security fix for CVE-2021-3426: information disclosure via pydoc
|
||||
Resolves: rhbz#1935913
|
||||
|
Loading…
Reference in New Issue
Block a user