diff --git a/.gitignore b/.gitignore index 7049467..2689e97 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Python-3.12.6.tar.xz +SOURCES/Python-3.12.8.tar.xz diff --git a/.python3.12.metadata b/.python3.12.metadata index 02fe4fa..24628ab 100644 --- a/.python3.12.metadata +++ b/.python3.12.metadata @@ -1 +1 @@ -6d2bbe1603b01764c541608938766233bf56f780 SOURCES/Python-3.12.6.tar.xz +8872c7a124c6970833e0bde4f25d6d7d61c6af6e SOURCES/Python-3.12.8.tar.xz diff --git a/SOURCES/00251-change-user-install-location.patch b/SOURCES/00251-change-user-install-location.patch index 2f33b5a..dd7a07a 100644 --- a/SOURCES/00251-change-user-install-location.patch +++ b/SOURCES/00251-change-user-install-location.patch @@ -30,7 +30,7 @@ Co-authored-by: Lumír Balhar 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/Lib/site.py b/Lib/site.py -index 924cfbecec..e2871ecc89 100644 +index aed254ad50..568dbdb945 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -398,8 +398,15 @@ def getsitepackages(prefixes=None): @@ -51,7 +51,7 @@ index 924cfbecec..e2871ecc89 100644 if os.path.isdir(sitedir): addsitedir(sitedir, known_paths) diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py -index 122d441bd1..2d354a11da 100644 +index 517b13acaf..928d1a0541 100644 --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -104,6 +104,11 @@ @@ -86,7 +86,7 @@ index 122d441bd1..2d354a11da 100644 _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', 'scripts', 'data') -@@ -263,11 +281,40 @@ def _extend_dict(target_dict, other_dict): +@@ -261,11 +279,40 @@ def _extend_dict(target_dict, other_dict): target_dict[key] = value @@ -119,7 +119,7 @@ index 122d441bd1..2d354a11da 100644 + # we only change the defaults here, so explicit --prefix will take precedence + # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe + if (scheme == 'posix_prefix' and -+ _PREFIX == '/usr' and ++ sys.prefix == '/usr' and + 'RPM_BUILD_ROOT' not in os.environ): + _extend_dict(vars, _config_vars_local()) + else: @@ -129,10 +129,10 @@ index 122d441bd1..2d354a11da 100644 # On Windows we want to substitute 'lib' for schemes rather # than the native value (without modifying vars, in case it diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py -index 1137c2032b..8fc2b84f52 100644 +index 3468d0ce02..ff31010427 100644 --- a/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py -@@ -110,8 +110,19 @@ def test_get_path(self): +@@ -119,8 +119,19 @@ def test_get_path(self): for scheme in _INSTALL_SCHEMES: for name in _INSTALL_SCHEMES[scheme]: expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) @@ -153,7 +153,7 @@ index 1137c2032b..8fc2b84f52 100644 os.path.normpath(expected), ) -@@ -344,7 +355,7 @@ def test_get_config_h_filename(self): +@@ -353,7 +364,7 @@ def test_get_config_h_filename(self): self.assertTrue(os.path.isfile(config_h), config_h) def test_get_scheme_names(self): @@ -162,7 +162,7 @@ index 1137c2032b..8fc2b84f52 100644 if HAS_USER_BASE: wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) -@@ -356,6 +367,8 @@ def test_symlink(self): # Issue 7880 +@@ -365,6 +376,8 @@ def test_symlink(self): # Issue 7880 cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) diff --git a/SOURCES/00329-fips.patch b/SOURCES/00329-fips.patch index 4fc9f12..6d9944e 100644 --- a/SOURCES/00329-fips.patch +++ b/SOURCES/00329-fips.patch @@ -1,4 +1,4 @@ -From d307f5706434e0cb445fb48291852bd7ec46ddbd Mon Sep 17 00:00:00 2001 +From 11deb3112bd90bc2dce2fcd4a1f5975c08b91360 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 12 Dec 2019 16:58:31 +0100 Subject: [PATCH 1/5] Expose blake2b and blake2s hashes from OpenSSL @@ -29,10 +29,10 @@ index 73d758a..5921360 100644 computed = m.hexdigest() if not shake else m.hexdigest(length) self.assertEqual( diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index af6d1b2..980712f 100644 +index 2998820..b96001e 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c -@@ -1079,6 +1079,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, +@@ -1128,6 +1128,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, } @@ -74,7 +74,7 @@ index af6d1b2..980712f 100644 #ifdef PY_OPENSSL_HAS_SHA3 /*[clinic input] -@@ -2067,6 +2102,8 @@ static struct PyMethodDef EVP_functions[] = { +@@ -2116,6 +2151,8 @@ static struct PyMethodDef EVP_functions[] = { _HASHLIB_OPENSSL_SHA256_METHODDEF _HASHLIB_OPENSSL_SHA384_METHODDEF _HASHLIB_OPENSSL_SHA512_METHODDEF @@ -84,7 +84,7 @@ index af6d1b2..980712f 100644 _HASHLIB_OPENSSL_SHA3_256_METHODDEF _HASHLIB_OPENSSL_SHA3_384_METHODDEF diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h -index fb61a44..1e42b87 100644 +index 84e2346..7fe03a3 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -743,6 +743,156 @@ exit: @@ -248,13 +248,13 @@ index fb61a44..1e42b87 100644 #ifndef _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ --/*[clinic end generated code: output=b339e255db698147 input=a9049054013a1b77]*/ -+/*[clinic end generated code: output=1d988d457a8beebe input=a9049054013a1b77]*/ +-/*[clinic end generated code: output=4734184f6555dc95 input=a9049054013a1b77]*/ ++/*[clinic end generated code: output=f0bfddb963a21208 input=a9049054013a1b77]*/ -- -2.45.0 +2.47.1 -From c247ff164269fb68236a79a1359cc37c1a8a0004 Mon Sep 17 00:00:00 2001 +From ea9d5c84e25b5c04c2823e1edee4354dd6b2b7a5 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 17:19:06 +0200 Subject: [PATCH 2/5] Disable Python's hash implementations in FIPS mode, @@ -445,10 +445,10 @@ index a8bad9d..1b1d937 100644 + if (_Py_hashlib_fips_error(exc, name)) return NULL; \ +} while (0) diff --git a/configure.ac b/configure.ac -index 384718d..c4a1198 100644 +index 9270b5f..a9eb2c9 100644 --- a/configure.ac +++ b/configure.ac -@@ -7445,7 +7445,8 @@ PY_STDLIB_MOD([_sha2], +@@ -7482,7 +7482,8 @@ PY_STDLIB_MOD([_sha2], PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes], [], @@ -459,10 +459,10 @@ index 384718d..c4a1198 100644 PY_STDLIB_MOD([_crypt], [], [test "$ac_cv_crypt_crypt" = yes], -- -2.45.0 +2.47.1 -From e58b32f238f1d4503248f3a8b1489f7567bdbd6d Mon Sep 17 00:00:00 2001 +From 29a7b7ac9e18a501ed78bde7a449b90c57d44e24 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 29 Jan 2021 14:16:21 +0100 Subject: [PATCH 3/5] Use python's fall back crypto implementations only if we @@ -552,10 +552,10 @@ index dd61a9a..6031b02 100644 get_builtin_constructor = getattr(hashlib, '__get_builtin_constructor') -- -2.45.0 +2.47.1 -From 2b14d347948dc01af587b9e21cd448833a38c7b5 Mon Sep 17 00:00:00 2001 +From 59accf544492400c9fd32a8e682fb6f2206e932e Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 31 Jul 2019 15:43:43 +0200 Subject: [PATCH 4/5] Test equivalence of hashes for the various digests with @@ -712,10 +712,10 @@ index 6031b02..5bd5297 100644 class KDFTests(unittest.TestCase): -- -2.45.0 +2.47.1 -From b98c72b356a529a68cb4216526b838a57937cf6f Mon Sep 17 00:00:00 2001 +From 21efadd8b488956482bdc6ccd91c37dcef705129 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 19:39:48 +0200 Subject: [PATCH 5/5] Guard against Python HMAC in FIPS mode @@ -766,7 +766,7 @@ index 8b4eb2f..8930bda 100644 digest_cons = digestmod elif isinstance(digestmod, str): diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py -index a39a2c4..b7b24ab 100644 +index 1502fba..7997073 100644 --- a/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py @@ -5,6 +5,7 @@ import hashlib @@ -805,7 +805,7 @@ index a39a2c4..b7b24ab 100644 @unittest.skipUnless(sha256_module is not None, 'need _sha256') def test_with_sha256_module(self): h = hmac.HMAC(b"key", b"hash this!", digestmod=sha256_module.sha256) -@@ -481,6 +489,7 @@ class SanityTestCase(unittest.TestCase): +@@ -489,6 +497,7 @@ class UpdateTestCase(unittest.TestCase): class CopyTestCase(unittest.TestCase): @@ -813,7 +813,7 @@ index a39a2c4..b7b24ab 100644 @hashlib_helper.requires_hashdigest('sha256') def test_attributes_old(self): # Testing if attributes are of same type. -@@ -492,6 +501,7 @@ class CopyTestCase(unittest.TestCase): +@@ -500,6 +509,7 @@ class CopyTestCase(unittest.TestCase): self.assertEqual(type(h1._outer), type(h2._outer), "Types of outer don't match.") @@ -822,5 +822,5 @@ index a39a2c4..b7b24ab 100644 def test_realcopy_old(self): # Testing if the copy method created a real copy. -- -2.45.0 +2.47.1 diff --git a/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch b/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch index 1a202f7..1268e76 100644 --- a/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch +++ b/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch @@ -16,7 +16,7 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730 2 files changed, 8 insertions(+), 50 deletions(-) diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py -index 2e4b860b97..3066b23ee1 100644 +index 75a56f7830..c2509fced1 100644 --- a/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py @@ -1100,39 +1100,6 @@ def noop(): pass diff --git a/SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch b/SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch new file mode 100644 index 0000000..70778f9 --- /dev/null +++ b/SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Fri, 6 Dec 2024 06:12:40 +0100 +Subject: [PATCH] 00445: CVE-2024-12254: Ensure + _SelectorSocketTransport.writelines pauses the protocol if needed + +Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. + +Resolved upstream: https://github.com/python/cpython/issues/127655 + +Co-authored-by: J. Nick Koston +Co-authored-by: Kumar Aditya +--- + Lib/asyncio/selector_events.py | 1 + + Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++ + .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 + + 3 files changed, 14 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst + +diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py +index 790711f834..dd79ad18df 100644 +--- a/Lib/asyncio/selector_events.py ++++ b/Lib/asyncio/selector_events.py +@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data): + # If the entire buffer couldn't be written, register a write handler + if self._buffer: + self._loop._add_writer(self._sock_fd, self._write_ready) ++ self._maybe_pause_protocol() + + def can_write_eof(self): + return True +diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py +index 47693ea4d3..736c19796e 100644 +--- a/Lib/test/test_asyncio/test_selector_events.py ++++ b/Lib/test/test_asyncio/test_selector_events.py +@@ -805,6 +805,18 @@ def test_writelines_send_partial(self): + self.assertTrue(self.sock.send.called) + self.assertTrue(self.loop.writers) + ++ def test_writelines_pauses_protocol(self): ++ data = memoryview(b'data') ++ self.sock.send.return_value = 2 ++ self.sock.send.fileno.return_value = 7 ++ ++ transport = self.socket_transport() ++ transport._high_water = 1 ++ transport.writelines([data]) ++ self.assertTrue(self.protocol.pause_writing.called) ++ self.assertTrue(self.sock.send.called) ++ self.assertTrue(self.loop.writers) ++ + @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') + def test_write_sendmsg_full(self): + data = memoryview(b'data') +diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +new file mode 100644 +index 0000000000..76cfc58121 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +@@ -0,0 +1 @@ ++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. diff --git a/SOURCES/Python-3.12.6.tar.xz.asc b/SOURCES/Python-3.12.6.tar.xz.asc deleted file mode 100644 index be6cb10..0000000 --- a/SOURCES/Python-3.12.6.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmbbZv1fFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwV51g//WpQjF/Rt19lgaWojZ3qDkvmTM2kpvfDGLe9Tkm1fWYzji4TLS3TnzGEp -dw2K6ApqGX4aO9AKMBRdfiFyhaDp0ENlBzSspvyzVT4LsRxiWXqyJ1qZB9mui/S8 -k5pw2qygaS4gYEAOLrVEwmQ52pig1wMAouSmRuopVk5DGYUN6Wir7RZMrYynsd6P -6HYqpZby2L1fKlcj2xYY44niuL5a+I8ucWN9qOBzRLCuzq20lVoII817vORjCqa7 -ZUMKrDXDlzHnISNqZyyX37/oi6a8UdNm0o8V9yDJLiBu9+Dy3OueoIguuzimk4hq -ZnepBoCcr2YAxIsXvwl2qfQBOCjJ5WAZ/wzA/eQMo9Jn1TYRBwuMC1MmP0ylt7Me -/pS57bGuulkfPv9pMto7qc2lNpotBmAsfGJAJMczeEmyo5tAXnJUBE94JRmiLaR/ -zwPmJB3O9uEQhEa8+cjx4+9bK6+YvAXkb9x92Wn70u+IaalPj8CRA7B45hy1KYHT -5s/ndwFFWThxqxH61oqjPvlZW5PWBC83yi/KovhgDWNL2G9CTusKevMqX/LMUAKz -M3mJU/24vUu9bJNxB2qsa3UeP8hbb6WN5LLQyxRsXPjVQ9iTeMWrQkz1mRGIK2Ec -OFbYH2SGa/RELds6MZWzvZuXIefCoyuc51WsXnc4LFr2ZGv4dAI= -=CK1W ------END PGP SIGNATURE----- diff --git a/SOURCES/Python-3.12.8.tar.xz.asc b/SOURCES/Python-3.12.8.tar.xz.asc new file mode 100644 index 0000000..b342744 --- /dev/null +++ b/SOURCES/Python-3.12.8.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmdPZepfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwV2vQ//enP0FhpesVqbIf52CDqRUxRmO29bgW+a4wvRMMcGhMwVhDYKBSXwpI1O +FJDm6y16mjfgVDJ17aU15+NUGqEDEcDj/59LUgOBkbgGkhhi7qPvqG+8YJoTJtFr +0N3dcYwMSJQmN+y+xAWWHhc576KSkASqTG5OcS/n6yTG+zjFkN2Iznp0INQZpSt2 +44YocvRIK0vozabd47JCx5w/txE3nYtsl6nG5VTMeavbWYzgFBJhVSyykLSJxlyU +mJgL0DMspjsUH2ZeYkHqqnuEZkogwJfI3eL2Z4BdVb96hh/s/L4UaSa3GI1a2Tdf +c6UJLGWTqaFFcohIVrGhgckAQRrit7AZCBb/FwTsDXahxau7ECLNpgcRQCWgAXlN +l7SSQkI2snUs5c+mCuBspDvBVxhAWq1VUelkPurQymR/ajGywwXgdGQwmq7BO+Wr +E7fChlwTKLFkQorrzKw7FoL674gTolCHoO/XTDmCNIkEblykSl9mz9FnI2q1C0id +Q+rM1rGo2ubJhthvpKdA5jDpzK6tPqG2xNgV6+xhXl4Bg7w4dhEKIu1vKH4RRBgR +GTf9LSlJMdaDIyWbbuMFpthCrhnmXbK0qe4whQRtip/TB+1qjl1e5gB0kULujApj +RbtxbR50cCDmocM6nae2P1tq0s3jaSs/VemiptexdTilGcm3088= +=2KVU +-----END PGP SIGNATURE----- diff --git a/SPECS/python3.12.spec b/SPECS/python3.12.spec index f11e559..dd2ed8b 100644 --- a/SPECS/python3.12.spec +++ b/SPECS/python3.12.spec @@ -13,7 +13,7 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.6 +%global general_version %{pybasever}.8 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} @@ -71,7 +71,7 @@ License: Python-2.0.1 # If the rpmwheels condition is disabled, we use the bundled wheel packages # from Python with the versions below. # This needs to be manually updated when we update Python. -%global pip_version 24.2 +%global pip_version 24.3.1 %global setuptools_version 67.6.1 %global wheel_version 0.40.0 # All of those also include a list of indirect bundled libs: @@ -79,8 +79,8 @@ License: Python-2.0.1 # $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) %global pip_bundled_provides %{expand: Provides: bundled(python3dist(cachecontrol)) = 0.14 -Provides: bundled(python3dist(certifi)) = 2024.7.4 -Provides: bundled(python3dist(distlib)) = 0.3.8 +Provides: bundled(python3dist(certifi)) = 2024.8.30 +Provides: bundled(python3dist(distlib)) = 0.3.9 Provides: bundled(python3dist(distro)) = 1.9 Provides: bundled(python3dist(idna)) = 3.7 Provides: bundled(python3dist(msgpack)) = 1.0.8 @@ -93,9 +93,9 @@ Provides: bundled(python3dist(resolvelib)) = 1.0.1 Provides: bundled(python3dist(rich)) = 13.7.1 Provides: bundled(python3dist(setuptools)) = 70.3 Provides: bundled(python3dist(tomli)) = 2.0.1 -Provides: bundled(python3dist(truststore)) = 0.9.1 +Provides: bundled(python3dist(truststore)) = 0.10 Provides: bundled(python3dist(typing-extensions)) = 4.12.2 -Provides: bundled(python3dist(urllib3)) = 1.26.18 +Provides: bundled(python3dist(urllib3)) = 1.26.20 } # setuptools # vendor.txt files not in .whl @@ -301,6 +301,7 @@ BuildRequires: valgrind-devel BuildRequires: xz-devel BuildRequires: zlib-devel +BuildRequires: systemtap-sdt-devel BuildRequires: /usr/bin/dtrace # workaround http://bugs.python.org/issue19804 (test_uuid requires ifconfig) @@ -351,7 +352,7 @@ Source11: idle3.appdata.xml # (Patches taken from github.com/fedora-python/cpython) -# 00251 # cae5a6abc5df08239c85b83e4e250b6f2702e4f5 +# 00251 # 6a4ec74157aa01f1ada9f29f30a371cd9e5369e8 # Change user install location # # Set values of base and platbase in sysconfig from /usr @@ -400,6 +401,14 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g # - https://access.redhat.com/articles/7004769 Patch397: 00397-tarfile-filter.patch +# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e +# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed +# +# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. +# +# Resolved upstream: https://github.com/python/cpython/issues/127655 +Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1765,6 +1774,11 @@ CheckPython optimized # ====================================================== %changelog +* Tue Dec 03 2024 Charalampos Stratakis - 3.12.8-1 +- Update to 3.12.8 +- Security fix for CVE-2024-9287 and CVE-2024-12254 +Resolves: RHEL-64877, RHEL-70450 + * Tue Oct 29 2024 Troy Dawson - 3.12.6-2 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018