import python3.12-3.12.8-2.el10

i10cs changed/i10cs/python3.12-3.12.8-2.el10
MSVSphere Packaging Team 5 days ago
parent 43da9f657d
commit 28acd9ccb0
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

2
.gitignore vendored

@ -1 +1 @@
SOURCES/Python-3.12.6.tar.xz SOURCES/Python-3.12.8.tar.xz

@ -1 +1 @@
6d2bbe1603b01764c541608938766233bf56f780 SOURCES/Python-3.12.6.tar.xz 8872c7a124c6970833e0bde4f25d6d7d61c6af6e SOURCES/Python-3.12.8.tar.xz

@ -30,7 +30,7 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
3 files changed, 71 insertions(+), 4 deletions(-) 3 files changed, 71 insertions(+), 4 deletions(-)
diff --git a/Lib/site.py b/Lib/site.py diff --git a/Lib/site.py b/Lib/site.py
index 924cfbecec..e2871ecc89 100644 index aed254ad50..568dbdb945 100644
--- a/Lib/site.py --- a/Lib/site.py
+++ b/Lib/site.py +++ b/Lib/site.py
@@ -398,8 +398,15 @@ def getsitepackages(prefixes=None): @@ -398,8 +398,15 @@ def getsitepackages(prefixes=None):
@ -51,7 +51,7 @@ index 924cfbecec..e2871ecc89 100644
if os.path.isdir(sitedir): if os.path.isdir(sitedir):
addsitedir(sitedir, known_paths) addsitedir(sitedir, known_paths)
diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
index 122d441bd1..2d354a11da 100644 index 517b13acaf..928d1a0541 100644
--- a/Lib/sysconfig.py --- a/Lib/sysconfig.py
+++ b/Lib/sysconfig.py +++ b/Lib/sysconfig.py
@@ -104,6 +104,11 @@ @@ -104,6 +104,11 @@
@ -86,7 +86,7 @@ index 122d441bd1..2d354a11da 100644
_SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include',
'scripts', 'data') 'scripts', 'data')
@@ -263,11 +281,40 @@ def _extend_dict(target_dict, other_dict): @@ -261,11 +279,40 @@ def _extend_dict(target_dict, other_dict):
target_dict[key] = value target_dict[key] = value
@ -119,7 +119,7 @@ index 122d441bd1..2d354a11da 100644
+ # we only change the defaults here, so explicit --prefix will take precedence + # we only change the defaults here, so explicit --prefix will take precedence
+ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe + # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
+ if (scheme == 'posix_prefix' and + if (scheme == 'posix_prefix' and
+ _PREFIX == '/usr' and + sys.prefix == '/usr' and
+ 'RPM_BUILD_ROOT' not in os.environ): + 'RPM_BUILD_ROOT' not in os.environ):
+ _extend_dict(vars, _config_vars_local()) + _extend_dict(vars, _config_vars_local())
+ else: + else:
@ -129,10 +129,10 @@ index 122d441bd1..2d354a11da 100644
# On Windows we want to substitute 'lib' for schemes rather # On Windows we want to substitute 'lib' for schemes rather
# than the native value (without modifying vars, in case it # than the native value (without modifying vars, in case it
diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
index 1137c2032b..8fc2b84f52 100644 index 3468d0ce02..ff31010427 100644
--- a/Lib/test/test_sysconfig.py --- a/Lib/test/test_sysconfig.py
+++ b/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py
@@ -110,8 +110,19 @@ def test_get_path(self): @@ -119,8 +119,19 @@ def test_get_path(self):
for scheme in _INSTALL_SCHEMES: for scheme in _INSTALL_SCHEMES:
for name in _INSTALL_SCHEMES[scheme]: for name in _INSTALL_SCHEMES[scheme]:
expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars)
@ -153,7 +153,7 @@ index 1137c2032b..8fc2b84f52 100644
os.path.normpath(expected), os.path.normpath(expected),
) )
@@ -344,7 +355,7 @@ def test_get_config_h_filename(self): @@ -353,7 +364,7 @@ def test_get_config_h_filename(self):
self.assertTrue(os.path.isfile(config_h), config_h) self.assertTrue(os.path.isfile(config_h), config_h)
def test_get_scheme_names(self): def test_get_scheme_names(self):
@ -162,7 +162,7 @@ index 1137c2032b..8fc2b84f52 100644
if HAS_USER_BASE: if HAS_USER_BASE:
wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
@@ -356,6 +367,8 @@ def test_symlink(self): # Issue 7880 @@ -365,6 +376,8 @@ def test_symlink(self): # Issue 7880
cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))

@ -1,4 +1,4 @@
From d307f5706434e0cb445fb48291852bd7ec46ddbd Mon Sep 17 00:00:00 2001 From 11deb3112bd90bc2dce2fcd4a1f5975c08b91360 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com> From: Charalampos Stratakis <cstratak@redhat.com>
Date: Thu, 12 Dec 2019 16:58:31 +0100 Date: Thu, 12 Dec 2019 16:58:31 +0100
Subject: [PATCH 1/5] Expose blake2b and blake2s hashes from OpenSSL Subject: [PATCH 1/5] Expose blake2b and blake2s hashes from OpenSSL
@ -29,10 +29,10 @@ index 73d758a..5921360 100644
computed = m.hexdigest() if not shake else m.hexdigest(length) computed = m.hexdigest() if not shake else m.hexdigest(length)
self.assertEqual( self.assertEqual(
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index af6d1b2..980712f 100644 index 2998820..b96001e 100644
--- a/Modules/_hashopenssl.c --- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c
@@ -1079,6 +1079,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, @@ -1128,6 +1128,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj,
} }
@ -74,7 +74,7 @@ index af6d1b2..980712f 100644
#ifdef PY_OPENSSL_HAS_SHA3 #ifdef PY_OPENSSL_HAS_SHA3
/*[clinic input] /*[clinic input]
@@ -2067,6 +2102,8 @@ static struct PyMethodDef EVP_functions[] = { @@ -2116,6 +2151,8 @@ static struct PyMethodDef EVP_functions[] = {
_HASHLIB_OPENSSL_SHA256_METHODDEF _HASHLIB_OPENSSL_SHA256_METHODDEF
_HASHLIB_OPENSSL_SHA384_METHODDEF _HASHLIB_OPENSSL_SHA384_METHODDEF
_HASHLIB_OPENSSL_SHA512_METHODDEF _HASHLIB_OPENSSL_SHA512_METHODDEF
@ -84,7 +84,7 @@ index af6d1b2..980712f 100644
_HASHLIB_OPENSSL_SHA3_256_METHODDEF _HASHLIB_OPENSSL_SHA3_256_METHODDEF
_HASHLIB_OPENSSL_SHA3_384_METHODDEF _HASHLIB_OPENSSL_SHA3_384_METHODDEF
diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h
index fb61a44..1e42b87 100644 index 84e2346..7fe03a3 100644
--- a/Modules/clinic/_hashopenssl.c.h --- a/Modules/clinic/_hashopenssl.c.h
+++ b/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h
@@ -743,6 +743,156 @@ exit: @@ -743,6 +743,156 @@ exit:
@ -248,13 +248,13 @@ index fb61a44..1e42b87 100644
#ifndef _HASHLIB_SCRYPT_METHODDEF #ifndef _HASHLIB_SCRYPT_METHODDEF
#define _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF
#endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */
-/*[clinic end generated code: output=b339e255db698147 input=a9049054013a1b77]*/ -/*[clinic end generated code: output=4734184f6555dc95 input=a9049054013a1b77]*/
+/*[clinic end generated code: output=1d988d457a8beebe input=a9049054013a1b77]*/ +/*[clinic end generated code: output=f0bfddb963a21208 input=a9049054013a1b77]*/
-- --
2.45.0 2.47.1
From c247ff164269fb68236a79a1359cc37c1a8a0004 Mon Sep 17 00:00:00 2001 From ea9d5c84e25b5c04c2823e1edee4354dd6b2b7a5 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com> From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 25 Jul 2019 17:19:06 +0200 Date: Thu, 25 Jul 2019 17:19:06 +0200
Subject: [PATCH 2/5] Disable Python's hash implementations in FIPS mode, Subject: [PATCH 2/5] Disable Python's hash implementations in FIPS mode,
@ -445,10 +445,10 @@ index a8bad9d..1b1d937 100644
+ if (_Py_hashlib_fips_error(exc, name)) return NULL; \ + if (_Py_hashlib_fips_error(exc, name)) return NULL; \
+} while (0) +} while (0)
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 384718d..c4a1198 100644 index 9270b5f..a9eb2c9 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -7445,7 +7445,8 @@ PY_STDLIB_MOD([_sha2], @@ -7482,7 +7482,8 @@ PY_STDLIB_MOD([_sha2],
PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes])
PY_STDLIB_MOD([_blake2], PY_STDLIB_MOD([_blake2],
[test "$with_builtin_blake2" = yes], [], [test "$with_builtin_blake2" = yes], [],
@ -459,10 +459,10 @@ index 384718d..c4a1198 100644
PY_STDLIB_MOD([_crypt], PY_STDLIB_MOD([_crypt],
[], [test "$ac_cv_crypt_crypt" = yes], [], [test "$ac_cv_crypt_crypt" = yes],
-- --
2.45.0 2.47.1
From e58b32f238f1d4503248f3a8b1489f7567bdbd6d Mon Sep 17 00:00:00 2001 From 29a7b7ac9e18a501ed78bde7a449b90c57d44e24 Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com> From: Charalampos Stratakis <cstratak@redhat.com>
Date: Fri, 29 Jan 2021 14:16:21 +0100 Date: Fri, 29 Jan 2021 14:16:21 +0100
Subject: [PATCH 3/5] Use python's fall back crypto implementations only if we Subject: [PATCH 3/5] Use python's fall back crypto implementations only if we
@ -552,10 +552,10 @@ index dd61a9a..6031b02 100644
get_builtin_constructor = getattr(hashlib, get_builtin_constructor = getattr(hashlib,
'__get_builtin_constructor') '__get_builtin_constructor')
-- --
2.45.0 2.47.1
From 2b14d347948dc01af587b9e21cd448833a38c7b5 Mon Sep 17 00:00:00 2001 From 59accf544492400c9fd32a8e682fb6f2206e932e Mon Sep 17 00:00:00 2001
From: Charalampos Stratakis <cstratak@redhat.com> From: Charalampos Stratakis <cstratak@redhat.com>
Date: Wed, 31 Jul 2019 15:43:43 +0200 Date: Wed, 31 Jul 2019 15:43:43 +0200
Subject: [PATCH 4/5] Test equivalence of hashes for the various digests with Subject: [PATCH 4/5] Test equivalence of hashes for the various digests with
@ -712,10 +712,10 @@ index 6031b02..5bd5297 100644
class KDFTests(unittest.TestCase): class KDFTests(unittest.TestCase):
-- --
2.45.0 2.47.1
From b98c72b356a529a68cb4216526b838a57937cf6f Mon Sep 17 00:00:00 2001 From 21efadd8b488956482bdc6ccd91c37dcef705129 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com> From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 26 Aug 2019 19:39:48 +0200 Date: Mon, 26 Aug 2019 19:39:48 +0200
Subject: [PATCH 5/5] Guard against Python HMAC in FIPS mode Subject: [PATCH 5/5] Guard against Python HMAC in FIPS mode
@ -766,7 +766,7 @@ index 8b4eb2f..8930bda 100644
digest_cons = digestmod digest_cons = digestmod
elif isinstance(digestmod, str): elif isinstance(digestmod, str):
diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py diff --git a/Lib/test/test_hmac.py b/Lib/test/test_hmac.py
index a39a2c4..b7b24ab 100644 index 1502fba..7997073 100644
--- a/Lib/test/test_hmac.py --- a/Lib/test/test_hmac.py
+++ b/Lib/test/test_hmac.py +++ b/Lib/test/test_hmac.py
@@ -5,6 +5,7 @@ import hashlib @@ -5,6 +5,7 @@ import hashlib
@ -805,7 +805,7 @@ index a39a2c4..b7b24ab 100644
@unittest.skipUnless(sha256_module is not None, 'need _sha256') @unittest.skipUnless(sha256_module is not None, 'need _sha256')
def test_with_sha256_module(self): def test_with_sha256_module(self):
h = hmac.HMAC(b"key", b"hash this!", digestmod=sha256_module.sha256) h = hmac.HMAC(b"key", b"hash this!", digestmod=sha256_module.sha256)
@@ -481,6 +489,7 @@ class SanityTestCase(unittest.TestCase): @@ -489,6 +497,7 @@ class UpdateTestCase(unittest.TestCase):
class CopyTestCase(unittest.TestCase): class CopyTestCase(unittest.TestCase):
@ -813,7 +813,7 @@ index a39a2c4..b7b24ab 100644
@hashlib_helper.requires_hashdigest('sha256') @hashlib_helper.requires_hashdigest('sha256')
def test_attributes_old(self): def test_attributes_old(self):
# Testing if attributes are of same type. # Testing if attributes are of same type.
@@ -492,6 +501,7 @@ class CopyTestCase(unittest.TestCase): @@ -500,6 +509,7 @@ class CopyTestCase(unittest.TestCase):
self.assertEqual(type(h1._outer), type(h2._outer), self.assertEqual(type(h1._outer), type(h2._outer),
"Types of outer don't match.") "Types of outer don't match.")
@ -822,5 +822,5 @@ index a39a2c4..b7b24ab 100644
def test_realcopy_old(self): def test_realcopy_old(self):
# Testing if the copy method created a real copy. # Testing if the copy method created a real copy.
-- --
2.45.0 2.47.1

@ -16,7 +16,7 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730
2 files changed, 8 insertions(+), 50 deletions(-) 2 files changed, 8 insertions(+), 50 deletions(-)
diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py
index 2e4b860b97..3066b23ee1 100644 index 75a56f7830..c2509fced1 100644
--- a/Lib/test/test_threading.py --- a/Lib/test/test_threading.py
+++ b/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py
@@ -1100,39 +1100,6 @@ def noop(): pass @@ -1100,39 +1100,6 @@ def noop(): pass

@ -0,0 +1,62 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Fri, 6 Dec 2024 06:12:40 +0100
Subject: [PATCH] 00445: CVE-2024-12254: Ensure
_SelectorSocketTransport.writelines pauses the protocol if needed
Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed.
Resolved upstream: https://github.com/python/cpython/issues/127655
Co-authored-by: J. Nick Koston <nick@koston.org>
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
---
Lib/asyncio/selector_events.py | 1 +
Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++
.../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 +
3 files changed, 14 insertions(+)
create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
index 790711f834..dd79ad18df 100644
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data):
# If the entire buffer couldn't be written, register a write handler
if self._buffer:
self._loop._add_writer(self._sock_fd, self._write_ready)
+ self._maybe_pause_protocol()
def can_write_eof(self):
return True
diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
index 47693ea4d3..736c19796e 100644
--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
self.assertTrue(self.sock.send.called)
self.assertTrue(self.loop.writers)
+ def test_writelines_pauses_protocol(self):
+ data = memoryview(b'data')
+ self.sock.send.return_value = 2
+ self.sock.send.fileno.return_value = 7
+
+ transport = self.socket_transport()
+ transport._high_water = 1
+ transport.writelines([data])
+ self.assertTrue(self.protocol.pause_writing.called)
+ self.assertTrue(self.sock.send.called)
+ self.assertTrue(self.loop.writers)
+
@unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
def test_write_sendmsg_full(self):
data = memoryview(b'data')
diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
new file mode 100644
index 0000000000..76cfc58121
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
@@ -0,0 +1 @@
+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmbbZv1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwV51g//WpQjF/Rt19lgaWojZ3qDkvmTM2kpvfDGLe9Tkm1fWYzji4TLS3TnzGEp
dw2K6ApqGX4aO9AKMBRdfiFyhaDp0ENlBzSspvyzVT4LsRxiWXqyJ1qZB9mui/S8
k5pw2qygaS4gYEAOLrVEwmQ52pig1wMAouSmRuopVk5DGYUN6Wir7RZMrYynsd6P
6HYqpZby2L1fKlcj2xYY44niuL5a+I8ucWN9qOBzRLCuzq20lVoII817vORjCqa7
ZUMKrDXDlzHnISNqZyyX37/oi6a8UdNm0o8V9yDJLiBu9+Dy3OueoIguuzimk4hq
ZnepBoCcr2YAxIsXvwl2qfQBOCjJ5WAZ/wzA/eQMo9Jn1TYRBwuMC1MmP0ylt7Me
/pS57bGuulkfPv9pMto7qc2lNpotBmAsfGJAJMczeEmyo5tAXnJUBE94JRmiLaR/
zwPmJB3O9uEQhEa8+cjx4+9bK6+YvAXkb9x92Wn70u+IaalPj8CRA7B45hy1KYHT
5s/ndwFFWThxqxH61oqjPvlZW5PWBC83yi/KovhgDWNL2G9CTusKevMqX/LMUAKz
M3mJU/24vUu9bJNxB2qsa3UeP8hbb6WN5LLQyxRsXPjVQ9iTeMWrQkz1mRGIK2Ec
OFbYH2SGa/RELds6MZWzvZuXIefCoyuc51WsXnc4LFr2ZGv4dAI=
=CK1W
-----END PGP SIGNATURE-----

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmdPZepfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwV2vQ//enP0FhpesVqbIf52CDqRUxRmO29bgW+a4wvRMMcGhMwVhDYKBSXwpI1O
FJDm6y16mjfgVDJ17aU15+NUGqEDEcDj/59LUgOBkbgGkhhi7qPvqG+8YJoTJtFr
0N3dcYwMSJQmN+y+xAWWHhc576KSkASqTG5OcS/n6yTG+zjFkN2Iznp0INQZpSt2
44YocvRIK0vozabd47JCx5w/txE3nYtsl6nG5VTMeavbWYzgFBJhVSyykLSJxlyU
mJgL0DMspjsUH2ZeYkHqqnuEZkogwJfI3eL2Z4BdVb96hh/s/L4UaSa3GI1a2Tdf
c6UJLGWTqaFFcohIVrGhgckAQRrit7AZCBb/FwTsDXahxau7ECLNpgcRQCWgAXlN
l7SSQkI2snUs5c+mCuBspDvBVxhAWq1VUelkPurQymR/ajGywwXgdGQwmq7BO+Wr
E7fChlwTKLFkQorrzKw7FoL674gTolCHoO/XTDmCNIkEblykSl9mz9FnI2q1C0id
Q+rM1rGo2ubJhthvpKdA5jDpzK6tPqG2xNgV6+xhXl4Bg7w4dhEKIu1vKH4RRBgR
GTf9LSlJMdaDIyWbbuMFpthCrhnmXbK0qe4whQRtip/TB+1qjl1e5gB0kULujApj
RbtxbR50cCDmocM6nae2P1tq0s3jaSs/VemiptexdTilGcm3088=
=2KVU
-----END PGP SIGNATURE-----

@ -13,7 +13,7 @@ URL: https://www.python.org/
# WARNING When rebasing to a new Python version, # WARNING When rebasing to a new Python version,
# remember to update the python3-docs package as well # remember to update the python3-docs package as well
%global general_version %{pybasever}.6 %global general_version %{pybasever}.8
#global prerel ... #global prerel ...
%global upstream_version %{general_version}%{?prerel} %global upstream_version %{general_version}%{?prerel}
Version: %{general_version}%{?prerel:~%{prerel}} Version: %{general_version}%{?prerel:~%{prerel}}
@ -71,7 +71,7 @@ License: Python-2.0.1
# If the rpmwheels condition is disabled, we use the bundled wheel packages # If the rpmwheels condition is disabled, we use the bundled wheel packages
# from Python with the versions below. # from Python with the versions below.
# This needs to be manually updated when we update Python. # This needs to be manually updated when we update Python.
%global pip_version 24.2 %global pip_version 24.3.1
%global setuptools_version 67.6.1 %global setuptools_version 67.6.1
%global wheel_version 0.40.0 %global wheel_version 0.40.0
# All of those also include a list of indirect bundled libs: # All of those also include a list of indirect bundled libs:
@ -79,8 +79,8 @@ License: Python-2.0.1
# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) # $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt)
%global pip_bundled_provides %{expand: %global pip_bundled_provides %{expand:
Provides: bundled(python3dist(cachecontrol)) = 0.14 Provides: bundled(python3dist(cachecontrol)) = 0.14
Provides: bundled(python3dist(certifi)) = 2024.7.4 Provides: bundled(python3dist(certifi)) = 2024.8.30
Provides: bundled(python3dist(distlib)) = 0.3.8 Provides: bundled(python3dist(distlib)) = 0.3.9
Provides: bundled(python3dist(distro)) = 1.9 Provides: bundled(python3dist(distro)) = 1.9
Provides: bundled(python3dist(idna)) = 3.7 Provides: bundled(python3dist(idna)) = 3.7
Provides: bundled(python3dist(msgpack)) = 1.0.8 Provides: bundled(python3dist(msgpack)) = 1.0.8
@ -93,9 +93,9 @@ Provides: bundled(python3dist(resolvelib)) = 1.0.1
Provides: bundled(python3dist(rich)) = 13.7.1 Provides: bundled(python3dist(rich)) = 13.7.1
Provides: bundled(python3dist(setuptools)) = 70.3 Provides: bundled(python3dist(setuptools)) = 70.3
Provides: bundled(python3dist(tomli)) = 2.0.1 Provides: bundled(python3dist(tomli)) = 2.0.1
Provides: bundled(python3dist(truststore)) = 0.9.1 Provides: bundled(python3dist(truststore)) = 0.10
Provides: bundled(python3dist(typing-extensions)) = 4.12.2 Provides: bundled(python3dist(typing-extensions)) = 4.12.2
Provides: bundled(python3dist(urllib3)) = 1.26.18 Provides: bundled(python3dist(urllib3)) = 1.26.20
} }
# setuptools # setuptools
# vendor.txt files not in .whl # vendor.txt files not in .whl
@ -301,6 +301,7 @@ BuildRequires: valgrind-devel
BuildRequires: xz-devel BuildRequires: xz-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: systemtap-sdt-devel
BuildRequires: /usr/bin/dtrace BuildRequires: /usr/bin/dtrace
# workaround http://bugs.python.org/issue19804 (test_uuid requires ifconfig) # workaround http://bugs.python.org/issue19804 (test_uuid requires ifconfig)
@ -351,7 +352,7 @@ Source11: idle3.appdata.xml
# (Patches taken from github.com/fedora-python/cpython) # (Patches taken from github.com/fedora-python/cpython)
# 00251 # cae5a6abc5df08239c85b83e4e250b6f2702e4f5 # 00251 # 6a4ec74157aa01f1ada9f29f30a371cd9e5369e8
# Change user install location # Change user install location
# #
# Set values of base and platbase in sysconfig from /usr # Set values of base and platbase in sysconfig from /usr
@ -400,6 +401,14 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g
# - https://access.redhat.com/articles/7004769 # - https://access.redhat.com/articles/7004769
Patch397: 00397-tarfile-filter.patch Patch397: 00397-tarfile-filter.patch
# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e
# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed
#
# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed.
#
# Resolved upstream: https://github.com/python/cpython/issues/127655
Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch
# (New patches go here ^^^) # (New patches go here ^^^)
# #
# When adding new patches to "python" and "python3" in Fedora, EL, etc., # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1765,6 +1774,11 @@ CheckPython optimized
# ====================================================== # ======================================================
%changelog %changelog
* Tue Dec 03 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.8-1
- Update to 3.12.8
- Security fix for CVE-2024-9287 and CVE-2024-12254
Resolves: RHEL-64877, RHEL-70450
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.12.6-2 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.12.6-2
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018

Loading…
Cancel
Save