From 7d58d4ba0779b5d448290952607a608ef34b9b1b Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Thu, 26 Dec 2024 03:11:10 +0300 Subject: [PATCH] import python3.12-3.12.8-1.el8_10 --- .gitignore | 2 +- .python3.12.metadata | 2 +- .../00251-change-user-install-location.patch | 16 ++--- SOURCES/00329-fips.patch | 53 +++++++--------- ...or-the-main-thread-gh-28549-gh-28589.patch | 2 +- ...elines-pauses-the-protocol-if-needed.patch | 62 +++++++++++++++++++ SOURCES/Python-3.12.6.tar.xz.asc | 18 ------ SOURCES/Python-3.12.8.tar.xz.asc | 18 ++++++ SPECS/python3.12.spec | 27 +++++--- 9 files changed, 134 insertions(+), 66 deletions(-) create mode 100644 SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch delete mode 100644 SOURCES/Python-3.12.6.tar.xz.asc create mode 100644 SOURCES/Python-3.12.8.tar.xz.asc diff --git a/.gitignore b/.gitignore index 7049467..2689e97 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Python-3.12.6.tar.xz +SOURCES/Python-3.12.8.tar.xz diff --git a/.python3.12.metadata b/.python3.12.metadata index 02fe4fa..24628ab 100644 --- a/.python3.12.metadata +++ b/.python3.12.metadata @@ -1 +1 @@ -6d2bbe1603b01764c541608938766233bf56f780 SOURCES/Python-3.12.6.tar.xz +8872c7a124c6970833e0bde4f25d6d7d61c6af6e SOURCES/Python-3.12.8.tar.xz diff --git a/SOURCES/00251-change-user-install-location.patch b/SOURCES/00251-change-user-install-location.patch index 2f33b5a..dd7a07a 100644 --- a/SOURCES/00251-change-user-install-location.patch +++ b/SOURCES/00251-change-user-install-location.patch @@ -30,7 +30,7 @@ Co-authored-by: Lumír Balhar 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/Lib/site.py b/Lib/site.py -index 924cfbecec..e2871ecc89 100644 +index aed254ad50..568dbdb945 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -398,8 +398,15 @@ def getsitepackages(prefixes=None): @@ -51,7 +51,7 @@ index 924cfbecec..e2871ecc89 100644 if os.path.isdir(sitedir): addsitedir(sitedir, known_paths) diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py -index 122d441bd1..2d354a11da 100644 +index 517b13acaf..928d1a0541 100644 --- a/Lib/sysconfig.py +++ b/Lib/sysconfig.py @@ -104,6 +104,11 @@ @@ -86,7 +86,7 @@ index 122d441bd1..2d354a11da 100644 _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', 'scripts', 'data') -@@ -263,11 +281,40 @@ def _extend_dict(target_dict, other_dict): +@@ -261,11 +279,40 @@ def _extend_dict(target_dict, other_dict): target_dict[key] = value @@ -119,7 +119,7 @@ index 122d441bd1..2d354a11da 100644 + # we only change the defaults here, so explicit --prefix will take precedence + # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe + if (scheme == 'posix_prefix' and -+ _PREFIX == '/usr' and ++ sys.prefix == '/usr' and + 'RPM_BUILD_ROOT' not in os.environ): + _extend_dict(vars, _config_vars_local()) + else: @@ -129,10 +129,10 @@ index 122d441bd1..2d354a11da 100644 # On Windows we want to substitute 'lib' for schemes rather # than the native value (without modifying vars, in case it diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py -index 1137c2032b..8fc2b84f52 100644 +index 3468d0ce02..ff31010427 100644 --- a/Lib/test/test_sysconfig.py +++ b/Lib/test/test_sysconfig.py -@@ -110,8 +110,19 @@ def test_get_path(self): +@@ -119,8 +119,19 @@ def test_get_path(self): for scheme in _INSTALL_SCHEMES: for name in _INSTALL_SCHEMES[scheme]: expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) @@ -153,7 +153,7 @@ index 1137c2032b..8fc2b84f52 100644 os.path.normpath(expected), ) -@@ -344,7 +355,7 @@ def test_get_config_h_filename(self): +@@ -353,7 +364,7 @@ def test_get_config_h_filename(self): self.assertTrue(os.path.isfile(config_h), config_h) def test_get_scheme_names(self): @@ -162,7 +162,7 @@ index 1137c2032b..8fc2b84f52 100644 if HAS_USER_BASE: wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) -@@ -356,6 +367,8 @@ def test_symlink(self): # Issue 7880 +@@ -365,6 +376,8 @@ def test_symlink(self): # Issue 7880 cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) diff --git a/SOURCES/00329-fips.patch b/SOURCES/00329-fips.patch index f95b71e..6d9944e 100644 --- a/SOURCES/00329-fips.patch +++ b/SOURCES/00329-fips.patch @@ -1,4 +1,4 @@ -From 43ce74d971fad62db6ccd723fe6b01da9c7ff407 Mon Sep 17 00:00:00 2001 +From 11deb3112bd90bc2dce2fcd4a1f5975c08b91360 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Thu, 12 Dec 2019 16:58:31 +0100 Subject: [PATCH 1/5] Expose blake2b and blake2s hashes from OpenSSL @@ -29,10 +29,10 @@ index 73d758a..5921360 100644 computed = m.hexdigest() if not shake else m.hexdigest(length) self.assertEqual( diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c -index af6d1b2..980712f 100644 +index 2998820..b96001e 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c -@@ -1079,6 +1079,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, +@@ -1128,6 +1128,41 @@ _hashlib_openssl_sha512_impl(PyObject *module, PyObject *data_obj, } @@ -74,7 +74,7 @@ index af6d1b2..980712f 100644 #ifdef PY_OPENSSL_HAS_SHA3 /*[clinic input] -@@ -2067,6 +2102,8 @@ static struct PyMethodDef EVP_functions[] = { +@@ -2116,6 +2151,8 @@ static struct PyMethodDef EVP_functions[] = { _HASHLIB_OPENSSL_SHA256_METHODDEF _HASHLIB_OPENSSL_SHA384_METHODDEF _HASHLIB_OPENSSL_SHA512_METHODDEF @@ -84,7 +84,7 @@ index af6d1b2..980712f 100644 _HASHLIB_OPENSSL_SHA3_256_METHODDEF _HASHLIB_OPENSSL_SHA3_384_METHODDEF diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h -index fb61a44..1e42b87 100644 +index 84e2346..7fe03a3 100644 --- a/Modules/clinic/_hashopenssl.c.h +++ b/Modules/clinic/_hashopenssl.c.h @@ -743,6 +743,156 @@ exit: @@ -248,13 +248,13 @@ index fb61a44..1e42b87 100644 #ifndef _HASHLIB_SCRYPT_METHODDEF #define _HASHLIB_SCRYPT_METHODDEF #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */ --/*[clinic end generated code: output=b339e255db698147 input=a9049054013a1b77]*/ -+/*[clinic end generated code: output=1d988d457a8beebe input=a9049054013a1b77]*/ +-/*[clinic end generated code: output=4734184f6555dc95 input=a9049054013a1b77]*/ ++/*[clinic end generated code: output=f0bfddb963a21208 input=a9049054013a1b77]*/ -- -2.45.0 +2.47.1 -From 6872b634078a2c69644235781ebffb07f8edcb83 Mon Sep 17 00:00:00 2001 +From ea9d5c84e25b5c04c2823e1edee4354dd6b2b7a5 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 25 Jul 2019 17:19:06 +0200 Subject: [PATCH 2/5] Disable Python's hash implementations in FIPS mode, @@ -445,10 +445,10 @@ index a8bad9d..1b1d937 100644 + if (_Py_hashlib_fips_error(exc, name)) return NULL; \ +} while (0) diff --git a/configure.ac b/configure.ac -index 65ad1c2..b5f9ab5 100644 +index 9270b5f..a9eb2c9 100644 --- a/configure.ac +++ b/configure.ac -@@ -7463,7 +7463,8 @@ PY_STDLIB_MOD([_sha2], +@@ -7482,7 +7482,8 @@ PY_STDLIB_MOD([_sha2], PY_STDLIB_MOD([_sha3], [test "$with_builtin_sha3" = yes]) PY_STDLIB_MOD([_blake2], [test "$with_builtin_blake2" = yes], [], @@ -459,10 +459,10 @@ index 65ad1c2..b5f9ab5 100644 PY_STDLIB_MOD([_crypt], [], [test "$ac_cv_crypt_crypt" = yes], -- -2.45.0 +2.47.1 -From f904abdd7a607282c2cdfd18288045cedfa28414 Mon Sep 17 00:00:00 2001 +From 29a7b7ac9e18a501ed78bde7a449b90c57d44e24 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 29 Jan 2021 14:16:21 +0100 Subject: [PATCH 3/5] Use python's fall back crypto implementations only if we @@ -552,10 +552,10 @@ index dd61a9a..6031b02 100644 get_builtin_constructor = getattr(hashlib, '__get_builtin_constructor') -- -2.45.0 +2.47.1 -From 9bf0a53b7831409613c44fd7feecb56476f5e5e7 Mon Sep 17 00:00:00 2001 +From 59accf544492400c9fd32a8e682fb6f2206e932e Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Wed, 31 Jul 2019 15:43:43 +0200 Subject: [PATCH 4/5] Test equivalence of hashes for the various digests with @@ -712,21 +712,21 @@ index 6031b02..5bd5297 100644 class KDFTests(unittest.TestCase): -- -2.45.0 +2.47.1 -From 8a76571515a64a57b4ea0586ae8376cf2ef0ac60 Mon Sep 17 00:00:00 2001 +From 21efadd8b488956482bdc6ccd91c37dcef705129 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Mon, 26 Aug 2019 19:39:48 +0200 Subject: [PATCH 5/5] Guard against Python HMAC in FIPS mode --- - Lib/hmac.py | 13 +++++++++---- + Lib/hmac.py | 12 +++++++++--- Lib/test/test_hmac.py | 10 ++++++++++ - 2 files changed, 19 insertions(+), 4 deletions(-) + 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/Lib/hmac.py b/Lib/hmac.py -index 8b4eb2f..e8e4864 100644 +index 8b4eb2f..8930bda 100644 --- a/Lib/hmac.py +++ b/Lib/hmac.py @@ -16,8 +16,9 @@ else: @@ -741,14 +741,7 @@ index 8b4eb2f..e8e4864 100644 # The size of the digests returned by HMAC depends on the underlying # hashing module used. Use digest_size from the instance of HMAC instead. -@@ -48,17 +49,18 @@ class HMAC: - msg argument. Passing it as a keyword argument is - recommended, though not required for legacy API reasons. - """ -- - if not isinstance(key, (bytes, bytearray)): - raise TypeError("key: expected bytes or bytearray, but got %r" % type(key).__name__) - +@@ -55,10 +56,12 @@ class HMAC: if not digestmod: raise TypeError("Missing required argument 'digestmod'.") @@ -762,7 +755,7 @@ index 8b4eb2f..e8e4864 100644 self._init_old(key, msg, digestmod) else: self._init_old(key, msg, digestmod) -@@ -69,6 +71,9 @@ class HMAC: +@@ -69,6 +72,9 @@ class HMAC: self.block_size = self._hmac.block_size def _init_old(self, key, msg, digestmod): @@ -829,5 +822,5 @@ index 1502fba..7997073 100644 def test_realcopy_old(self): # Testing if the copy method created a real copy. -- -2.45.0 +2.47.1 diff --git a/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch b/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch index 1a202f7..1268e76 100644 --- a/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch +++ b/SOURCES/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch @@ -16,7 +16,7 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730 2 files changed, 8 insertions(+), 50 deletions(-) diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py -index 2e4b860b97..3066b23ee1 100644 +index 75a56f7830..c2509fced1 100644 --- a/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py @@ -1100,39 +1100,6 @@ def noop(): pass diff --git a/SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch b/SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch new file mode 100644 index 0000000..70778f9 --- /dev/null +++ b/SOURCES/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Fri, 6 Dec 2024 06:12:40 +0100 +Subject: [PATCH] 00445: CVE-2024-12254: Ensure + _SelectorSocketTransport.writelines pauses the protocol if needed + +Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. + +Resolved upstream: https://github.com/python/cpython/issues/127655 + +Co-authored-by: J. Nick Koston +Co-authored-by: Kumar Aditya +--- + Lib/asyncio/selector_events.py | 1 + + Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++ + .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 + + 3 files changed, 14 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst + +diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py +index 790711f834..dd79ad18df 100644 +--- a/Lib/asyncio/selector_events.py ++++ b/Lib/asyncio/selector_events.py +@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data): + # If the entire buffer couldn't be written, register a write handler + if self._buffer: + self._loop._add_writer(self._sock_fd, self._write_ready) ++ self._maybe_pause_protocol() + + def can_write_eof(self): + return True +diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py +index 47693ea4d3..736c19796e 100644 +--- a/Lib/test/test_asyncio/test_selector_events.py ++++ b/Lib/test/test_asyncio/test_selector_events.py +@@ -805,6 +805,18 @@ def test_writelines_send_partial(self): + self.assertTrue(self.sock.send.called) + self.assertTrue(self.loop.writers) + ++ def test_writelines_pauses_protocol(self): ++ data = memoryview(b'data') ++ self.sock.send.return_value = 2 ++ self.sock.send.fileno.return_value = 7 ++ ++ transport = self.socket_transport() ++ transport._high_water = 1 ++ transport.writelines([data]) ++ self.assertTrue(self.protocol.pause_writing.called) ++ self.assertTrue(self.sock.send.called) ++ self.assertTrue(self.loop.writers) ++ + @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') + def test_write_sendmsg_full(self): + data = memoryview(b'data') +diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +new file mode 100644 +index 0000000000..76cfc58121 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +@@ -0,0 +1 @@ ++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. diff --git a/SOURCES/Python-3.12.6.tar.xz.asc b/SOURCES/Python-3.12.6.tar.xz.asc deleted file mode 100644 index be6cb10..0000000 --- a/SOURCES/Python-3.12.6.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmbbZv1fFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwV51g//WpQjF/Rt19lgaWojZ3qDkvmTM2kpvfDGLe9Tkm1fWYzji4TLS3TnzGEp -dw2K6ApqGX4aO9AKMBRdfiFyhaDp0ENlBzSspvyzVT4LsRxiWXqyJ1qZB9mui/S8 -k5pw2qygaS4gYEAOLrVEwmQ52pig1wMAouSmRuopVk5DGYUN6Wir7RZMrYynsd6P -6HYqpZby2L1fKlcj2xYY44niuL5a+I8ucWN9qOBzRLCuzq20lVoII817vORjCqa7 -ZUMKrDXDlzHnISNqZyyX37/oi6a8UdNm0o8V9yDJLiBu9+Dy3OueoIguuzimk4hq -ZnepBoCcr2YAxIsXvwl2qfQBOCjJ5WAZ/wzA/eQMo9Jn1TYRBwuMC1MmP0ylt7Me -/pS57bGuulkfPv9pMto7qc2lNpotBmAsfGJAJMczeEmyo5tAXnJUBE94JRmiLaR/ -zwPmJB3O9uEQhEa8+cjx4+9bK6+YvAXkb9x92Wn70u+IaalPj8CRA7B45hy1KYHT -5s/ndwFFWThxqxH61oqjPvlZW5PWBC83yi/KovhgDWNL2G9CTusKevMqX/LMUAKz -M3mJU/24vUu9bJNxB2qsa3UeP8hbb6WN5LLQyxRsXPjVQ9iTeMWrQkz1mRGIK2Ec -OFbYH2SGa/RELds6MZWzvZuXIefCoyuc51WsXnc4LFr2ZGv4dAI= -=CK1W ------END PGP SIGNATURE----- diff --git a/SOURCES/Python-3.12.8.tar.xz.asc b/SOURCES/Python-3.12.8.tar.xz.asc new file mode 100644 index 0000000..b342744 --- /dev/null +++ b/SOURCES/Python-3.12.8.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmdPZepfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwV2vQ//enP0FhpesVqbIf52CDqRUxRmO29bgW+a4wvRMMcGhMwVhDYKBSXwpI1O +FJDm6y16mjfgVDJ17aU15+NUGqEDEcDj/59LUgOBkbgGkhhi7qPvqG+8YJoTJtFr +0N3dcYwMSJQmN+y+xAWWHhc576KSkASqTG5OcS/n6yTG+zjFkN2Iznp0INQZpSt2 +44YocvRIK0vozabd47JCx5w/txE3nYtsl6nG5VTMeavbWYzgFBJhVSyykLSJxlyU +mJgL0DMspjsUH2ZeYkHqqnuEZkogwJfI3eL2Z4BdVb96hh/s/L4UaSa3GI1a2Tdf +c6UJLGWTqaFFcohIVrGhgckAQRrit7AZCBb/FwTsDXahxau7ECLNpgcRQCWgAXlN +l7SSQkI2snUs5c+mCuBspDvBVxhAWq1VUelkPurQymR/ajGywwXgdGQwmq7BO+Wr +E7fChlwTKLFkQorrzKw7FoL674gTolCHoO/XTDmCNIkEblykSl9mz9FnI2q1C0id +Q+rM1rGo2ubJhthvpKdA5jDpzK6tPqG2xNgV6+xhXl4Bg7w4dhEKIu1vKH4RRBgR +GTf9LSlJMdaDIyWbbuMFpthCrhnmXbK0qe4whQRtip/TB+1qjl1e5gB0kULujApj +RbtxbR50cCDmocM6nae2P1tq0s3jaSs/VemiptexdTilGcm3088= +=2KVU +-----END PGP SIGNATURE----- diff --git a/SPECS/python3.12.spec b/SPECS/python3.12.spec index a233957..d840543 100644 --- a/SPECS/python3.12.spec +++ b/SPECS/python3.12.spec @@ -16,7 +16,7 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.6 +%global general_version %{pybasever}.8 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} @@ -65,7 +65,7 @@ License: Python-2.0.1 # If the rpmwheels condition is disabled, we use the bundled wheel packages # from Python with the versions below. # This needs to be manually updated when we update Python. -%global pip_version 24.2 +%global pip_version 24.3.1 %global setuptools_version 67.6.1 %global wheel_version 0.40.0 # All of those also include a list of indirect bundled libs: @@ -73,8 +73,8 @@ License: Python-2.0.1 # $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) %global pip_bundled_provides %{expand: Provides: bundled(python3dist(cachecontrol)) = 0.14 -Provides: bundled(python3dist(certifi)) = 2024.7.4 -Provides: bundled(python3dist(distlib)) = 0.3.8 +Provides: bundled(python3dist(certifi)) = 2024.8.30 +Provides: bundled(python3dist(distlib)) = 0.3.9 Provides: bundled(python3dist(distro)) = 1.9 Provides: bundled(python3dist(idna)) = 3.7 Provides: bundled(python3dist(msgpack)) = 1.0.8 @@ -87,9 +87,9 @@ Provides: bundled(python3dist(resolvelib)) = 1.0.1 Provides: bundled(python3dist(rich)) = 13.7.1 Provides: bundled(python3dist(setuptools)) = 70.3 Provides: bundled(python3dist(tomli)) = 2.0.1 -Provides: bundled(python3dist(truststore)) = 0.9.1 +Provides: bundled(python3dist(truststore)) = 0.10 Provides: bundled(python3dist(typing-extensions)) = 4.12.2 -Provides: bundled(python3dist(urllib3)) = 1.26.18 +Provides: bundled(python3dist(urllib3)) = 1.26.20 } # setuptools # vendor.txt files not in .whl @@ -333,7 +333,7 @@ Source11: idle3.appdata.xml # (Patches taken from github.com/fedora-python/cpython) -# 00251 # cae5a6abc5df08239c85b83e4e250b6f2702e4f5 +# 00251 # 6a4ec74157aa01f1ada9f29f30a371cd9e5369e8 # Change user install location # # Set values of base and platbase in sysconfig from /usr @@ -389,6 +389,14 @@ Patch397: 00397-tarfile-filter.patch # CVE-2023-52425. Future versions of Expat may be more reactive. Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch +# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e +# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed +# +# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. +# +# Resolved upstream: https://github.com/python/cpython/issues/127655 +Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1879,6 +1887,11 @@ fi # ====================================================== %changelog +* Tue Dec 03 2024 Charalampos Stratakis - 3.12.8-1 +- Update to 3.12.8 +- Security fix for CVE-2024-9287 and CVE-2024-12254 +Resolves: RHEL-64880, RHEL-70315 + * Mon Sep 09 2024 Tomáš Hrnčiar - 3.12.6-1 - Update to 3.12.6 Resolves: RHEL-57405