| |
@@ -17,7 +17,7 @@
|
| |
#global prerel rc1
|
| |
%global upstream_version %{general_version}%{?prerel}
|
| |
Version: %{general_version}%{?prerel:~%{prerel}}
|
| |
- Release: 1%{?dist}
|
| |
+ Release: 2%{?dist}
|
| |
License: Python
|
| |
|
| |
|
| |
@@ -217,33 +217,39 @@
|
| |
# AppData file for idle3
|
| |
Source11: idle3.appdata.xml
|
| |
|
| |
- # 00001 #
|
| |
- # Fixup distutils/unixccompiler.py to remove standard library path from rpath:
|
| |
- # Was Patch0 in ivazquez' python3000 specfile:
|
| |
- Patch1: 00001-rpath.patch
|
| |
+ # (Patches taken from github.com/fedora-python/cpython)
|
| |
|
| |
- # 00102 #
|
| |
- # Change the various install paths to use /usr/lib64/ instead or /usr/lib
|
| |
- # Only used when "%%{_lib}" == "lib64"
|
| |
- # Not yet sent upstream.
|
| |
+ # 00001 # d06a8853cf4bae9e115f45e1d531d2dc152c5cc8
|
| |
+ # Fixup distutils/unixccompiler.py to remove standard library path from rpath
|
| |
+ # Was Patch0 in ivazquez' python3000 specfile
|
| |
+ Patch1: 00001-rpath.patch
|
| |
+
|
| |
+ # 00102 # f6d9f3a37ec3401472cb317d1e6cf3433c6016e2
|
| |
+ # Change the various install paths to use /usr/lib64/ instead or /usr/lib/
|
| |
+ #
|
| |
+ # Only used when "%%{_lib}" == "lib64".
|
| |
Patch102: 00102-lib64.patch
|
| |
|
| |
- # 00111 #
|
| |
- # Patch the Makefile.pre.in so that the generated Makefile doesn't try to build
|
| |
- # a libpythonMAJOR.MINOR.a
|
| |
+ # 00111 # 8a4a8dc638552be9ef2732dbc08b59b19c72ce05
|
| |
+ # Don't try to build a libpythonMAJOR.MINOR.a
|
| |
+ #
|
| |
+ # Downstream only: not appropriate for upstream.
|
| |
+ #
|
| |
# See https://bugzilla.redhat.com/show_bug.cgi?id=556092
|
| |
- # Downstream only: not appropriate for upstream
|
| |
Patch111: 00111-no-static-lib.patch
|
| |
|
| |
- # 00155 #
|
| |
+ # 00155 # 0ef7ae83073c1bbe610d4678ed56ae775fd6e174
|
| |
+ # avoid allocating thunks in ctypes unless absolutely necessary
|
| |
+ #
|
| |
# Avoid allocating thunks in ctypes unless absolutely necessary, to avoid
|
| |
# generating SELinux denials on "import ctypes" and "import uuid" when
|
| |
# embedding Python within httpd
|
| |
# See https://bugzilla.redhat.com/show_bug.cgi?id=814391
|
| |
Patch155: 00155-avoid-ctypes-thunks.patch
|
| |
|
| |
-
|
| |
- # 00170 #
|
| |
+ # 00170 # f9c8195c1902ea9a05a40bbdc64dd307fb2dc893
|
| |
+ # In debug builds, try to print repr() when a C-level assert fails
|
| |
+ #
|
| |
# In debug builds, try to print repr() when a C-level assert fails in the
|
| |
# garbage collector (typically indicating a reference-counting error
|
| |
# somewhere else e.g in an extension module)
|
| |
@@ -253,9 +259,10 @@
|
| |
# See https://bugzilla.redhat.com/show_bug.cgi?id=614680
|
| |
Patch170: 00170-gc-assertions.patch
|
| |
|
| |
- # 00189 #
|
| |
- # Instead of bundled wheels, use our RPM packaged wheels from
|
| |
- # /usr/share/python-wheels
|
| |
+ # 00189 # 61e5557061c11cbae30cbd9114bd551a339f7a43
|
| |
+ # Instead of bundled wheels, use our RPM packaged wheels
|
| |
+ #
|
| |
+ # We keep them in /usr/share/python-wheels
|
| |
Patch189: 00189-use-rpm-wheels.patch
|
| |
# The following versions of setuptools/pip are bundled when this patch is not applied.
|
| |
# The versions are written in Lib/ensurepip/__init__.py, this patch removes them.
|
| |
@@ -264,27 +271,56 @@
|
| |
%global pip_version 20.1.1
|
| |
%global setuptools_version 47.1.0
|
| |
|
| |
- # 00251
|
| |
+ # 00251 # 2eabd04356402d488060bc8fe316ad13fc8a3356
|
| |
+ # Change user install location
|
| |
+ #
|
| |
# Set values of prefix and exec_prefix in distutils install command
|
| |
# to /usr/local if executable is /usr/bin/python* and RPM build
|
| |
- # is not detected to make pip and distutils install into separate location
|
| |
+ # is not detected to make pip and distutils install into separate location.
|
| |
+ #
|
| |
# Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
|
| |
Patch251: 00251-change-user-install-location.patch
|
| |
|
| |
- # 00274 #
|
| |
- # Upstream uses Debian-style architecture naming. Change to match Fedora.
|
| |
+ # 00274 # 1e9258f6e8f70e86d5130113d3eed22993cf3da9
|
| |
+ # Upstream uses Debian-style architecture naming, change to match Fedora
|
| |
Patch274: 00274-fix-arch-names.patch
|
| |
|
| |
- # 00316 #
|
| |
+ # 00316 # 4fd732b55b7d8a38c25aef566884665ce925eacb
|
| |
+ # Mark bdist_wininst unsupported
|
| |
+ #
|
| |
# We remove the exe files from distutil's bdist_wininst
|
| |
# So we mark the command as unsupported - and the tests are skipped
|
| |
Patch316: 00316-mark-bdist_wininst-unsupported.patch
|
| |
|
| |
- # 00328 #
|
| |
- # Restore pyc to TIMESTAMP invalidation mode as default in rpmbubild
|
| |
- # See https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57#comment-27426
|
| |
+ # 00328 # 367fdcb5a075f083aea83ac174999272a8faf75c
|
| |
+ # Restore pyc to TIMESTAMP invalidation mode as default in rpmbuild
|
| |
+ #
|
| |
+ # Since Fedora 31, the $SOURCE_DATE_EPOCH is set in rpmbuild to the latest
|
| |
+ # %%changelog date. This makes Python default to the CHECKED_HASH pyc
|
| |
+ # invalidation mode, bringing more reproducible builds traded for an import
|
| |
+ # performance decrease. To avoid that, we don't default to CHECKED_HASH
|
| |
+ # when $RPM_BUILD_ROOT is set (i.e. when we are building RPM packages).
|
| |
Patch328: 00328-pyc-timestamp-invalidation-mode.patch
|
| |
|
| |
+ # 00351 # 62210578a7157342bd7cbf426f8934da31773c4d
|
| |
+ # Avoid infinite loop in the tarfile module
|
| |
+ #
|
| |
+ # Avoid infinite loop when reading specially crafted TAR files using the tarfile module
|
| |
+ # (CVE-2019-20907).
|
| |
+ # Fixed upstream: https://bugs.python.org/issue39017
|
| |
+ Patch351: 00351-avoid-infinite-loop-in-the-tarfile-module.patch
|
| |
+
|
| |
+ # 00352 # 5253c417a23b3658fa115d2c72fa54b20293a31c
|
| |
+ # Resolve hash collisions for IPv4Interface and IPv6Interface
|
| |
+ #
|
| |
+ # CVE-2020-14422
|
| |
+ # The hash() methods of classes IPv4Interface and IPv6Interface had issue
|
| |
+ # of generating constant hash values of 32 and 128 respectively causing hash collisions.
|
| |
+ # The fix uses the hash() function to generate hash values for the objects
|
| |
+ # instead of XOR operation.
|
| |
+ # Fixed upstream: https://bugs.python.org/issue41004
|
| |
+ Patch352: 00352-resolve-hash-collisions-for-ipv4interface-and-ipv6interface.patch
|
| |
+
|
| |
# (New patches go here ^^^)
|
| |
#
|
| |
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
| |
@@ -1522,6 +1558,12 @@
|
| |
# ======================================================
|
| |
|
| |
%changelog
|
| |
+ * Tue Jul 28 2020 Charalampos Stratakis <cstratak@redhat.com> - 3.7.8-2
|
| |
+ - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
|
| |
+ Resolves: rhbz#1856481
|
| |
+ - Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
|
| |
+ Resolves: rhbz#1854926
|
| |
+
|
| |
* Tue Jun 30 2020 Petr Viktorin <pviktori@redhat.com> - 3.7.8-1
|
| |
- Update to 3.7.8 final
|
| |
|
| |