rpms / python3.7

Clone
Source Code
GIT

#11 Convert to importpatches and add the latest CVE fixes
Merged 3 years ago by churchyard. Opened 3 years ago by cstratak.
rpms/ cstratak/python3.7 import_patches  into  master

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From 25426c2a831dd67f2c530892160f0cee21a2f7e9 Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: David Malcolm <dmalcolm@redhat.com>
 

  Date: Wed, 13 Jan 2010 21:25:18 +0000
 

  Subject: [PATCH] 00001: Fixup distutils/unixccompiler.py to remove standard
 
@@ -28,6 +28,3 @@ 
 

       def preprocess(self, source, output_file=None, macros=None,
 

                      include_dirs=None, extra_preargs=None, extra_postargs=None):
 

           fixed_args = self._fix_compile_args(None, macros, include_dirs)
 

- -- 

- 2.26.2
 

-

file modified
+2 -5 
@@ -1,4 +1,4 @@ 
 

- From 65fa526f48cb844e59dc6c420314ee46ac6b2901 Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: David Malcolm <dmalcolm@redhat.com>
 

  Date: Wed, 13 Jan 2010 21:25:18 +0000
 

  Subject: [PATCH] 00102: Change the various install paths to use /usr/lib64/
 
@@ -197,7 +197,7 @@ 
 

           return DECODE_LOCALE_ERR("EXEC_PREFIX define", len);
 

       }
 

  diff --git a/configure.ac b/configure.ac
 

- index f9dabd86c2..0c7b6b3aa8 100644
 

+ index 805c0bba08..6f11a6df5b 100644
 

  --- a/configure.ac
 

  +++ b/configure.ac
 

  @@ -4772,9 +4772,9 @@ AC_MSG_RESULT($LDVERSION)
 
@@ -239,6 +239,3 @@ 
 

                                      extra_link_args=readline_extra_link_args,
 

                                      libraries=readline_libs) )
 

           else:
 

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From c7d909928b60c89108e3ebacbf360ba435e7d89a Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: David Malcolm <dmalcolm@redhat.com>
 

  Date: Mon, 18 Jan 2010 17:59:07 +0000
 

  Subject: [PATCH] 00111: Don't try to build a libpythonMAJOR.MINOR.a
 
@@ -73,6 +73,3 @@ 
 

   	$(INSTALL_DATA) Modules/config.c $(DESTDIR)$(LIBPL)/config.c
 

   	$(INSTALL_DATA) Programs/python.o $(DESTDIR)$(LIBPL)/python.o
 

   	$(INSTALL_DATA) $(srcdir)/Modules/config.c.in $(DESTDIR)$(LIBPL)/config.c.in
 

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From a83142fc4200188fec82bb33f84ca0da662b50c7 Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: David Malcolm <dmalcolm@redhat.com>
 

  Date: Fri, 19 Jun 2020 16:02:24 +0200
 

  Subject: [PATCH] 00155: avoid allocating thunks in ctypes unless absolutely
 
@@ -28,6 +28,3 @@ 
 

   

   def create_unicode_buffer(init, size=None):
 

       """create_unicode_buffer(aString) -> character array
 

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From 8f9b508679be68614f2c0602f8809f3293c66f6c Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: David Malcolm <dmalcolm@redhat.com>
 

  Date: Fri, 19 Jun 2020 16:05:07 +0200
 

  Subject: [PATCH] 00170: In debug builds, try to print repr() when a C-level
 
@@ -333,6 +333,3 @@ 
 

   #ifndef Py_TRACE_REFS
 

   /* For Py_LIMITED_API, we need an out-of-line version of _Py_Dealloc.
 

      Define this here, so we can undefine the macro. */
 

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From 03c9287ee6a3a62c69d0902c5c26dad6b4538683 Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
 

  Date: Wed, 15 Aug 2018 15:36:29 +0200
 

  Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels
 
@@ -63,6 +63,3 @@ 
 

   

               additional_paths.append(os.path.join(tmpdir, wheel_name))
 

   

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From f10db82d6e58424d63ceac8aa7f93ec5ecd2e60a Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: Michal Cyprian <m.cyprian@gmail.com>
 

  Date: Mon, 26 Jun 2017 16:32:56 +0200
 

  Subject: [PATCH] 00251: Change user install location
 
@@ -59,6 +59,3 @@ 
 

       for sitedir in getsitepackages(prefixes):
 

           if os.path.isdir(sitedir):
 

               addsitedir(sitedir, known_paths)
 

- -- 

- 2.26.2
 

-

file modified
+2 -5 
@@ -1,4 +1,4 @@ 
 

- From face2aed1fa0c09acc8e9ccd6f24709598a7a349 Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: Petr Viktorin <pviktori@redhat.com>
 

  Date: Mon, 28 Aug 2017 17:16:46 +0200
 

  Subject: [PATCH] 00274: Upstream uses Debian-style architecture naming, change
 
@@ -29,7 +29,7 @@ 
 

   	ppc64le | powerpc64little)
 

   		basic_machine=powerpc64le-unknown
 

  diff --git a/configure.ac b/configure.ac
 

- index 0c7b6b3aa8..1e6d51593c 100644
 

+ index 6f11a6df5b..13340da7c8 100644
 

  --- a/configure.ac
 

  +++ b/configure.ac
 

  @@ -765,9 +765,9 @@ cat >> conftest.c <<EOF
 
@@ -81,6 +81,3 @@ 
 

   # elif defined(__s390x__)
 

           s390x-linux-gnu
 

   # elif defined(__s390__)
 

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From 02d51d7403f37039383528495fc1cab3f30f34b0 Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
 

  Date: Fri, 19 Jun 2020 16:16:41 +0200
 

  Subject: [PATCH] 00316: Mark bdist_wininst unsupported
 
@@ -22,6 +22,3 @@ 
 

   

       description = "create an executable installer for MS Windows"
 

   

- -- 

- 2.26.2
 

-

file modified
+1 -4 
@@ -1,4 +1,4 @@ 
 

- From d88f2fb6700951bcba1071d0f80b3a14c890f44d Mon Sep 17 00:00:00 2001
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

  From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
 

  Date: Fri, 19 Jun 2020 16:18:39 +0200
 

  Subject: [PATCH] 00328: Restore pyc to TIMESTAMP invalidation mode as default
 
@@ -48,6 +48,3 @@ 
 

               return fxn(*args, **kwargs)
 

       return wrapper
 

   

- -- 

- 2.26.2
 

-

file added
+67 
@@ -0,0 +1,67 @@ 
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

+ From: "Miss Islington (bot)"
 

+  <31488909+miss-islington@users.noreply.github.com>
 

+ Date: Wed, 15 Jul 2020 05:35:08 -0700
 

+ Subject: [PATCH] 00351: Avoid infinite loop in the tarfile module
 

+ 

+ Avoid infinite loop when reading specially crafted TAR files using the tarfile module
 

+ (CVE-2019-20907).
 

+ Fixed upstream: https://bugs.python.org/issue39017
 

+ ---
 

+  Lib/tarfile.py                                    |   2 ++
 

+  Lib/test/recursion.tar                            | Bin 0 -> 516 bytes
 

+  Lib/test/test_tarfile.py                          |   7 +++++++
 

+  .../2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst      |   1 +
 

+  4 files changed, 10 insertions(+)
 

+  create mode 100644 Lib/test/recursion.tar
 

+  create mode 100644 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 

+ 

+ diff --git a/Lib/tarfile.py b/Lib/tarfile.py
 

+ index 3b596cbf49..3be5188c8b 100755
 

+ --- a/Lib/tarfile.py
 

+ +++ b/Lib/tarfile.py
 

+ @@ -1233,6 +1233,8 @@ class TarInfo(object):
 

+  

+              length, keyword = match.groups()
 

+              length = int(length)
 

+ +            if length == 0:
 

+ +                raise InvalidHeaderError("invalid header")
 

+              value = buf[match.end(2) + 1:match.start(1) + length - 1]
 

+  

+              # Normally, we could just use "utf-8" as the encoding and "strict"
 

+ diff --git a/Lib/test/recursion.tar b/Lib/test/recursion.tar
 

+ new file mode 100644
 

+ index 0000000000000000000000000000000000000000..b8237251964983f54ed1966297e887636cd0c5f4
 

+ GIT binary patch
 

+ literal 516
 

+ zcmYdFPRz+kEn=W0Fn}74P8%Xw3X=l~85kIuo0>8xq$A1Gm}!7)KUsFc41m#O8A5+e
 

+ I1_}|j06>QaCIA2c
 

+ 

+ literal 0
 

+ HcmV?d00001
 

+ 

+ diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
 

+ index 5e4d75ecfc..9133d60e49 100644
 

+ --- a/Lib/test/test_tarfile.py
 

+ +++ b/Lib/test/test_tarfile.py
 

+ @@ -395,6 +395,13 @@ class CommonReadTest(ReadTest):
 

+                  with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"):
 

+                      tar.extractfile(t).read()
 

+  

+ +    def test_length_zero_header(self):
 

+ +        # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
 

+ +        # with an exception
 

+ +        with self.assertRaisesRegex(tarfile.ReadError, "file could not be opened successfully"):
 

+ +            with tarfile.open(support.findfile('recursion.tar')) as tar:
 

+ +                pass
 

+ +
 

+  class MiscReadTestBase(CommonReadTest):
 

+      def requires_name_attribute(self):
 

+          pass
 

+ diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 

+ new file mode 100644
 

+ index 0000000000..ad26676f8b
 

+ --- /dev/null
 

+ +++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 

+ @@ -0,0 +1 @@
 

+ +Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

file added
+70 
@@ -0,0 +1,70 @@ 
 

+ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 

+ From: Tapas Kundu <39723251+tapakund@users.noreply.github.com>
 

+ Date: Wed, 1 Jul 2020 00:50:21 +0530
 

+ Subject: [PATCH] 00352: Resolve hash collisions for IPv4Interface and
 

+  IPv6Interface
 

+ 

+ CVE-2020-14422
 

+ The hash() methods of classes IPv4Interface and IPv6Interface had issue
 

+ of generating constant hash values of 32 and 128 respectively causing hash collisions.
 

+ The fix uses the hash() function to generate hash values for the objects
 

+ instead of XOR operation.
 

+ Fixed upstream: https://bugs.python.org/issue41004
 

+ ---
 

+  Lib/ipaddress.py                                      |  4 ++--
 

+  Lib/test/test_ipaddress.py                            | 11 +++++++++++
 

+  .../Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst |  1 +
 

+  3 files changed, 14 insertions(+), 2 deletions(-)
 

+  create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
 

+ 

+ diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
 

+ index 80249288d7..54882934c3 100644
 

+ --- a/Lib/ipaddress.py
 

+ +++ b/Lib/ipaddress.py
 

+ @@ -1442,7 +1442,7 @@ class IPv4Interface(IPv4Address):
 

+              return False
 

+  

+      def __hash__(self):
 

+ -        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
 

+ +        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
 

+  

+      __reduce__ = _IPAddressBase.__reduce__
 

+  

+ @@ -2088,7 +2088,7 @@ class IPv6Interface(IPv6Address):
 

+              return False
 

+  

+      def __hash__(self):
 

+ -        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
 

+ +        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
 

+  

+      __reduce__ = _IPAddressBase.__reduce__
 

+  

+ diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
 

+ index 455b893fb1..1fb6a929dc 100644
 

+ --- a/Lib/test/test_ipaddress.py
 

+ +++ b/Lib/test/test_ipaddress.py
 

+ @@ -2091,6 +2091,17 @@ class IpaddrUnitTest(unittest.TestCase):
 

+                           sixtofouraddr.sixtofour)
 

+          self.assertFalse(bad_addr.sixtofour)
 

+  

+ +    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
 

+ +    def testV4HashIsNotConstant(self):
 

+ +        ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
 

+ +        ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
 

+ +        self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
 

+ +
 

+ +    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
 

+ +    def testV6HashIsNotConstant(self):
 

+ +        ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
 

+ +        ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
 

+ +        self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
 

+  

+  if __name__ == '__main__':
 

+      unittest.main()
 

+ diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
 

+ new file mode 100644
 

+ index 0000000000..f5a9db52ff
 

+ --- /dev/null
 

+ +++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
 

+ @@ -0,0 +1 @@
 

+ +CVE-2020-14422: The __hash__() methods of  ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

file modified
+69 -27 
@@ -17,7 +17,7 @@ 
 

  #global prerel rc1
 

  %global upstream_version %{general_version}%{?prerel}
 

  Version: %{general_version}%{?prerel:~%{prerel}}
 

- Release: 1%{?dist}
 

+ Release: 2%{?dist}
 

  License: Python
 

  

  
@@ -217,33 +217,39 @@ 
 

  # AppData file for idle3
 

  Source11: idle3.appdata.xml
 

  

- # 00001 #
 

- # Fixup distutils/unixccompiler.py to remove standard library path from rpath:
 

- # Was Patch0 in ivazquez' python3000 specfile:
 

- Patch1:         00001-rpath.patch
 

+ # (Patches taken from github.com/fedora-python/cpython)
 

  

- # 00102 #
 

- # Change the various install paths to use /usr/lib64/ instead or /usr/lib
 

- # Only used when "%%{_lib}" == "lib64"
 

- # Not yet sent upstream.
 

+ # 00001 # d06a8853cf4bae9e115f45e1d531d2dc152c5cc8
 

+ # Fixup distutils/unixccompiler.py to remove standard library path from rpath
 

+ # Was Patch0 in ivazquez' python3000 specfile
 

+ Patch1: 00001-rpath.patch
 

+ 

+ # 00102 # f6d9f3a37ec3401472cb317d1e6cf3433c6016e2
 

+ # Change the various install paths to use /usr/lib64/ instead or /usr/lib/
 

+ #
 

+ # Only used when "%%{_lib}" == "lib64".
 

  Patch102: 00102-lib64.patch
 

  

- # 00111 #
 

- # Patch the Makefile.pre.in so that the generated Makefile doesn't try to build
 

- # a libpythonMAJOR.MINOR.a
 

+ # 00111 # 8a4a8dc638552be9ef2732dbc08b59b19c72ce05
 

+ # Don't try to build a libpythonMAJOR.MINOR.a
 

+ #
 

+ # Downstream only: not appropriate for upstream.
 

+ #
 

  # See https://bugzilla.redhat.com/show_bug.cgi?id=556092
 

- # Downstream only: not appropriate for upstream
 

  Patch111: 00111-no-static-lib.patch
 

  

- # 00155 #
 

+ # 00155 # 0ef7ae83073c1bbe610d4678ed56ae775fd6e174
 

+ # avoid allocating thunks in ctypes unless absolutely necessary
 

+ #
 

  # Avoid allocating thunks in ctypes unless absolutely necessary, to avoid
 

  # generating SELinux denials on "import ctypes" and "import uuid" when
 

  # embedding Python within httpd
 

  # See https://bugzilla.redhat.com/show_bug.cgi?id=814391
 

  Patch155: 00155-avoid-ctypes-thunks.patch
 

  

- 

- # 00170 #
 

+ # 00170 # f9c8195c1902ea9a05a40bbdc64dd307fb2dc893
 

+ # In debug builds, try to print repr() when a C-level assert fails
 

+ #
 

  # In debug builds, try to print repr() when a C-level assert fails in the
 

  # garbage collector (typically indicating a reference-counting error
 

  # somewhere else e.g in an extension module)
 
@@ -253,9 +259,10 @@ 
 

  # See https://bugzilla.redhat.com/show_bug.cgi?id=614680
 

  Patch170: 00170-gc-assertions.patch
 

  

- # 00189 #
 

- # Instead of bundled wheels, use our RPM packaged wheels from
 

- # /usr/share/python-wheels
 

+ # 00189 # 61e5557061c11cbae30cbd9114bd551a339f7a43
 

+ # Instead of bundled wheels, use our RPM packaged wheels
 

+ #
 

+ # We keep them in /usr/share/python-wheels
 

  Patch189: 00189-use-rpm-wheels.patch
 

  # The following versions of setuptools/pip are bundled when this patch is not applied.
 

  # The versions are written in Lib/ensurepip/__init__.py, this patch removes them.
 
@@ -264,27 +271,56 @@ 
 

  %global pip_version 20.1.1
 

  %global setuptools_version 47.1.0
 

  

- # 00251
 

+ # 00251 # 2eabd04356402d488060bc8fe316ad13fc8a3356
 

+ # Change user install location
 

+ #
 

  # Set values of prefix and exec_prefix in distutils install command
 

  # to /usr/local if executable is /usr/bin/python* and RPM build
 

- # is not detected to make pip and distutils install into separate location
 

+ # is not detected to make pip and distutils install into separate location.
 

+ #
 

  # Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
 

  Patch251: 00251-change-user-install-location.patch
 

  

- # 00274 #
 

- # Upstream uses Debian-style architecture naming. Change to match Fedora.
 

+ # 00274 # 1e9258f6e8f70e86d5130113d3eed22993cf3da9
 

+ # Upstream uses Debian-style architecture naming, change to match Fedora
 

  Patch274: 00274-fix-arch-names.patch
 

  

- # 00316 #
 

+ # 00316 # 4fd732b55b7d8a38c25aef566884665ce925eacb
 

+ # Mark bdist_wininst unsupported
 

+ #
 

  # We remove the exe files from distutil's bdist_wininst
 

  # So we mark the command as unsupported - and the tests are skipped
 

  Patch316: 00316-mark-bdist_wininst-unsupported.patch
 

  

- # 00328 #
 

- # Restore pyc to TIMESTAMP invalidation mode as default in rpmbubild
 

- # See https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57#comment-27426
 

+ # 00328 # 367fdcb5a075f083aea83ac174999272a8faf75c
 

+ # Restore pyc to TIMESTAMP invalidation mode as default in rpmbuild
 

+ #
 

+ # Since Fedora 31, the $SOURCE_DATE_EPOCH is set in rpmbuild to the latest
 

+ # %%changelog date. This makes Python default to the CHECKED_HASH pyc
 

+ # invalidation mode, bringing more reproducible builds traded for an import
 

+ # performance decrease. To avoid that, we don't default to CHECKED_HASH
 

+ # when $RPM_BUILD_ROOT is set (i.e. when we are building RPM packages).
 

  Patch328: 00328-pyc-timestamp-invalidation-mode.patch
 

  

+ # 00351 # 62210578a7157342bd7cbf426f8934da31773c4d
 

+ # Avoid infinite loop in the tarfile module
 

+ #
 

+ # Avoid infinite loop when reading specially crafted TAR files using the tarfile module
 

+ # (CVE-2019-20907).
 

+ # Fixed upstream: https://bugs.python.org/issue39017
 

+ Patch351: 00351-avoid-infinite-loop-in-the-tarfile-module.patch
 

+ 

+ # 00352 # 5253c417a23b3658fa115d2c72fa54b20293a31c
 

+ # Resolve hash collisions for IPv4Interface and IPv6Interface
 

+ #
 

+ # CVE-2020-14422
 

+ # The hash() methods of classes IPv4Interface and IPv6Interface had issue
 

+ # of generating constant hash values of 32 and 128 respectively causing hash collisions.
 

+ # The fix uses the hash() function to generate hash values for the objects
 

+ # instead of XOR operation.
 

+ # Fixed upstream: https://bugs.python.org/issue41004
 

+ Patch352: 00352-resolve-hash-collisions-for-ipv4interface-and-ipv6interface.patch
 

+ 

  # (New patches go here ^^^)
 

  #
 

  # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
 
@@ -1522,6 +1558,12 @@ 
 

  # ======================================================
 

  

  %changelog
 

+ * Tue Jul 28 2020 Charalampos Stratakis <cstratak@redhat.com> - 3.7.8-2
 

+ - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
 

+ Resolves: rhbz#1856481
 

+ - Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
 

+ Resolves: rhbz#1854926
 

+ 

  * Tue Jun 30 2020 Petr Viktorin <pviktori@redhat.com> - 3.7.8-1
 

  - Update to 3.7.8 final

no initial comment

Thanks! Looking good, except that the patches are not applied.

If https://src.fedoraproject.org/rpms/python3.7/pull-request/10 is merged first and this applied on top, they would be.

3 new commits added

  • Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
  • Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
  • Convert patches to use github.com/fedora-python/importpatches
3 years ago

Yep, changed it to WIP to fix that, they are applied now. Better merge #10 though first. Looking at it.

OK, please rebase here -- no need to apply the patches manually.

3 new commits added

  • Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
  • Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
  • Convert patches to use github.com/fedora-python/importpatches
3 years ago

Rebased and also pulled the latest info from https://github.com/fedora-python/cpython/pull/13

rebased onto 60a36f2
3 years ago

Rebased via web interface on top of master.

Is this good to go? (Not merging before CI results are in, but the infra seems overloaded now)

Build succeeded.

Pull-Request has been merged by churchyard
3 years ago
Changes Summary 13
+1 -4
file changed
00001-rpath.patch
+2 -5
file changed
00102-lib64.patch
+1 -4
file changed
00111-no-static-lib.patch
+1 -4
file changed
00155-avoid-ctypes-thunks.patch
+1 -4
file changed
00170-gc-assertions.patch
+1 -4
file changed
00189-use-rpm-wheels.patch
+1 -4
file changed
00251-change-user-install-location.patch
+2 -5
file changed
00274-fix-arch-names.patch
+1 -4
file changed
00316-mark-bdist_wininst-unsupported.patch
+1 -4
file changed
00328-pyc-timestamp-invalidation-mode.patch
+67
file added
00351-avoid-infinite-loop-in-the-tarfile-module.patch
+70
file added
00352-resolve-hash-collisions-for-ipv4interface-and-ipv6interface.patch
+69 -27
file changed
python3.7.spec
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.