From Fedora Project Wiki
m (Fix link) |
Churchyard (talk | contribs) (Add 395) |
||
Line 11: | Line 11: | ||
! Where | ! Where | ||
! Upstream status | ! Upstream status | ||
|- | |||
| 395 || GH-100133: fix asyncio subprocess losing stderr and stdout output || Python 3.11.1 in Fedora (and possibly RHEL) || [https://github.com/python/cpython/pull/100398 Fixed upstream in 3.11.2+] | |||
|- | |||
|- | |- | ||
| 394 ||CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder || Python in RHEL || [https://github.com/python/cpython/issues/98433 Fixed upstream on 3.7+] | | 394 ||CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder || Python in RHEL || [https://github.com/python/cpython/issues/98433 Fixed upstream on 3.7+] |
Revision as of 14:18, 6 January 2023
The Patches
Pushing patches upstream is tracked in the page: Upstream Python Patches.
Patch No. | Patch description | Where | Upstream status |
---|---|---|---|
395 | GH-100133: fix asyncio subprocess losing stderr and stdout output | Python 3.11.1 in Fedora (and possibly RHEL) | Fixed upstream in 3.11.2+ |
394 | CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder | Python in RHEL | Fixed upstream on 3.7+ |
393 | IDLE - fix buggy macosx patch (caused rhbz#2142602) | Python 3.10.8 in Fedora | Fixed upstream |
392 | CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation | Python 3.6 in Fedora | Fixed upstream on 3.7+ |
391 | CVE-2022-42919 - local privilege escalation via the multiprocessing forkserver start method | Python 3.9+ in Fedora and RHEL 8/9 | Fixed upstream |
390 | Fix make regen-test-levenshtein for out-of-tree builds | Python 3.12.0a1 in Fedora | Proposed upstream |
389 | Don't let --with-system-libmpdec / --with-system-expat use the vendored headers | Python 3.12.0a1 in Fedora | Proposed upstream |
388 | gzip/zlib buffer size on s390x - RHBZ#2131172 | Python 3.6-3.10 in RHEL (TBD) | No |
387 | CVE-2020-10735: large int DoS | Python 2.7/3.6 in Fedora/RHEL | Fixed upstream in 3.7+ |
386 | CVE-2021-28861: open redirection in http.server | Python 3.6 in Fedora and 3.6+ in RHEL | Fixed upstream in 3.7+ |
385 | Revert "bpo-23689: re module, fix memory leak..." to fix re slowdown | Python 3.11.0b3 in Fedora | Reverted upstream |
384 | Clear and reset sqlite3 statements properly in cursor iternext | Python 3.11.0b3 in Fedora | Fixed upstream |
383 | PyTuple_SET_ITEM fails to compile in C++ source | Python 3.11.0b3 in Fedora | Fixed upstream |
382 | CVE-2015-20107 | Fedora and RHEL | Fixed upstream |
381 | Ensure that AST nodes without explicit end positions can be compiled | Fedora python3.11 b2 | https://github.com/pytest-dev/pytest/issues/10008 |
380 | Update SSL certs | RHEL | fixed upstream here and here |
379 | Fix OpenSSL version check for 3.0.1 | Fedora python3.8 | commit |
378 | Fix expat test suite | Fedora python2.7, python3.6+ | Fixed upstream |
377 | CVE-2022-0391 | RHEL, Fedora (Py 2) | Fixed upstream |
376 | Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ | python3.10 | commit |
375 | Fix test to enable build in i686 | python2.7, 3.6 | Downstream only |
374 | Fix asyncio initialisation guard | python3.10 | commit |
373 | Revert "bpo-40521: Per-interpreter interned strings | python3.10 | commit |
372 | CVE-2021-4189 | Fixed upstream | |
371 | Revert Fix threading._shutdown() for the main thread | commit | |
370 | Use monotonic clock for the GIL | Fixed upstream | |
369 | Change shouldRollover() methods to only rollover regular files | Fixed upstream | |
368 | CVE-2021-3737 | RHEL, Fedora (Py 2) | Fixed upstream |
367 | sysconfig's posix_user scheme has different platlib value to distutils's unix_user | Python3.10.0rc2 | Fix merged, will be in Python 3.10.0 final |
366 | CVE-2021-3733 | RHEL, Fedora (Py 2) | Fixed upstream |
365 | CVE-2021-29921 | RHEL | Fixed upstream |
364 | Don't call PyThread_exit_thread | RHEL | Fixed upstream |
363 | Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index | Python 3.10.0b3 | Proposed upstream |
362 | Reentrant threading.enumerate() call | RHEL | Fixed upstream |
361 | OpenSSL 3.0.0 compatibility | RHEL and python2.7 in Fedora | |
360 | CVE-2021-3426 | Fixed upstream | |
359 | CVE-2021-23336 | RHEL | Fixed upstream |
358 | Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms | Python 3.6 and below in Fedora | Fixed upstream |
357 | CVE-2021-3177 | Python 3.8 and 3.9 in Fedora | issue with links to PRs |
356 | Backport of -ka options for pathfix.py |
Python 3 in RHEL 8 only | commit |
355 | CVE-2020-27619 | Fixed upstream | |
354 | CVE-2020-26116 - HTTP request method CRLF injection in httplib | Python 2.7, 3.4 | Fixed upstream in 3.5+ |
353 | Alternative architectures' names | All supported Pythons in Fedora/RHEL | Downstream only |
352 | CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes (bpo-41004) | Slated for python3.9 b5 & all maintained releases (3.5+) | |
351 | CVE-2019-20907 Fix infinite loop in the tarfile module (bpo-39017) | Slated for python3.9 b5 & all maintained releases (3.5+) | |
350 | Fix SQLite tests (bpo-40784) | python3.9 | Slated for python3.9 b2, python3.8 |
349 | fix tp_traverse visiting Py_TYPE(self) (bpo-40217, PySide2 bug) | python3.9 b1 | Slated for python3.9 b2 |
348 | never enable lchmod on Linux | python35 | bacport of commit, upstream is doing only security fixes for python35 |
347 | Reserved for lbalhar | SCL7 | fixed in 3.9 |
346 | CVE-2020-8492 | [] | |
345 | test_site fixes | [] | |
344 | CVE-2019-16935 | [] | |
343 | faulthandler fix for GCC 10 | python34, 35 and 36 | fixed upstream |
342 | Reserved for torsava | SCL7 | Downstream only |
341 | bpo39460 backport | python39 | fixed on master, will be in 3.9.0a4 |
340 | bpo39459 backport | python39 | fixed on master, will be in 3.9.0a4 |
339 | bpo16575 backport | python3 (3.7, 3.8) | fixed in git, will be in 3.7.7, 3.8.2. |
338 | test_gdb fixes for LTO | [] | |
337 | Reserved for torsava | [] | |
336 | Fix invocation of pip 19+ in a Python test | python3 in Fedora, EL | Downstream only |
335 | Add options to keep/add flags to pathfix | python3 in Fedora | Fixed upstream |
334 | Fix faulthandler.register(chain=True) stack | python3 in RHEL7 | Fixed upstream |
333 | Reduce the number of tests run during PGO | python3 in RHEL8 | Fixed upstream |
332 | CVE-2019-16056 | python and python3 in RHEL7 | Fixed upstream |
331 | Fix StructUnionType_paramfunc() | python 3.8.0b4 | Fixed upstream |
330 | CVE-2018-20852 | python and python3 in RHEL7 | Fixed upstream |
329 | Support OpenSSL FIPS mode | python3 in RHEL8 | Downstream only, partially upstream |
328 | Restore to TIMESTAMP invalidation mode as default in rpmbubild | python3, python38 | Downstream only |
327 | Enable TLS 1.3 post-handshake authentication in http.client | python3 on RHEL8 | Fixed upstream |
326 | On TLS 1.3 Don't set the post-handshake authentication verify flag on client side | python3 on RHEL8 | Fixed upstream |
325 | CVE-2019-9948 | pythons in RHEL7 and RHEL8 | Fixed upstream |
324 | CVE-2019-9740, CVE-2019-9947 fix | python3 | Fixed upstream |
323 | Coverity scan fixes | python2 and python3 in RHEL8 | Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680 |
322 | Skip test_ssl tests on OpenSSL 1.1.1 | Python 3.4 and 3.5 | PR for Python 3.5 |
321 | OpenSSL 1.1.1 support for Python 3.4 | Python 3.4 in Fedora | Rejected upstream and 3.4 reached EOL |
320 | CVE-2019-9636 and CVE-2019-10160 (regression of the first one) | Python <=3.4 and 2.7 in Fedora and RHEL | Fixed upstream: bpo-36216 and bpo-36742 |
319 | Fix test_tarfile on ppc64 | Python 3.6 in RHEL8 | Fixed upstream: bpo-35772 |
318 | test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 | Python 3.6 in RHEL | bpo-33618, bpo-32947 |
317 | CVE-2019-5010 fix | all CPythons | Fixed upstream |
316 | mark bdist_wininst as unsupported (for the tests) | python3 | |
315 | Fix FTBFS in test_email (mktime overflow) | python3 on F30+ | Fixed upstream |
314 | Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) | python in RHEL7 | Fixed upstream |
313 | Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) | python in RHEL7 | Fixed upstream |
312 | Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) | not used | downstream workaround |
311 | Fix test_dbm_gnu for gdbm 1.15 | python3 in Fedora | Fixed upstream |
310 | CVE-2018-14647 | all cpythons | Fixed upstream |
309 | CVE-2018-1000802 | python2 | Fixed upstream |
308 | TLS 1.3 related upstream fixes | python3 and python36 in F29+ | Fixed upstream |
307 | Allow to call Py_Main() after Py_Initialize() | python3 in F29+ | Fixed upstream |
306 | Fix OSERROR 17 upon semaphore creation | python in RHEL7 | Fixed upstream |
305 | Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) | python in RHEL7 | Fixed upstream |
304 | Pass os.environ to new process in test_posix::test_specify_environment | python37 | Fixed upstream |
303 | CVE-2018-1060 and CVE-2018-1061 | python in RHEL7 | Fixed upstream |
302 | Fix multiprocessing regression on newer glibcs | 3.3-3.7 in F29+ | Fixed upstream |
301 | Tools/scripts/pathfix.py: Add -n option for no backup~ | python3 in F27+ | Fixed upstream |
300 | Append the collection's name to Python's shared library file name | Python Software Collections | Downstream only |
299 | Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) | python2 in F26+ | Fixed upstream |
298 | Do not send IP addresses in SNI TLS extension | python2 and python3 in F26+ | Fixed upstream |
297 | Fix -Wint-in-bool-context warnings - issue31474 | Python 2.7.14 | To be fixed in 2.7.15 |
296 | Re-add the private _set_hostport api to httplib |
Python in RHEL/CentOS 7.5 | downstream only |
295 | Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port | Python in RHEL/CentOS 7.5 | Fixed upstream (a b c)] |
294 | Define TLS cipher suite on build time | Python 3 on F28+ | Fixed upstream |
293 | Fix for GC info alignment issue -- bug 1540316 | python2 in F28+ | Fixed upstream |
292 | Restore the public PyExc_RecursionErrorInst symbol | Python 3 in F26+ | Reported upstream |
291 | Fix undefined references to dlopen / dlsym when using strict symbol checks | Python 3 in F28+ | Fixed upstream |
290 | Fix a segfault with test_crypt when using libxcrypt instead of libcrypt | Python 3 in F28+ | Fixed upstream |
289 | make nis module build with new glibc | python3 in F28+, python37; python2 in F28+ | [] |
288 | See User:Pviktori/Avoid_usr_bin_python_in_RPM_Build | python2 in F28+ (not yet) | downstream only |
287 | Fix hanging of all threads when trying to access an inaccessible NFS server. | Python in RHEL/CentOS 7.5 | Fixed upstream |
286 | CVE-2017-1000158 | python in F25, python3 in F25, python26,33..35 | Fixed upstream |
285 | fix nondeterministic read in test_pty | python2 in Rawhide(28), F27, F26 | Fixed upstream |
284 | add PYTHONSHOWREFCOUNT environment variable | python2 in Rawhide(28), F27, F26 | Fixed upstream |
283 | COUNT_ALLOCS tests fixes | Python 2 in Rawhide (28) | Fixed upstream |
282 | Make it more likely for the system allocator to release free()d memory arenas | Python in RHEL/CentOS 7.5 | Fixed upstream |
281 | Add context parameter to xmlrpclib.ServerProxy | Python in RHEL/CentOS 7.5 | Fixed upstream |
280 | Fix test_regrtest.test_crashed on s390x |
Python 2 in Rawhide (28) | Fixed upstream |
279 | Fix memory corruption due to allocator mix | Python 3 in Rawhide (28), F27, F26, F25 | Fixed upstream |
278 | Skip failing test_sha256 from test_socket on linux kernels < 4.5 | python36 | Fixed upstream |
277 | Fix hanging tests from test_subprocess | Python 3 in Rawhide (28), F27, F26 | Fixed upstream |
276 | Increase imaplib's MAXLINE to accommodate modern mailbox sizes. | Python in RHEL/CentOS 7.5 | Fixed upstream |
275 | Fix fcntl() with integer argument on 64-bit big-endian platforms. | Python in RHEL/CentOS 7.5 | Fixed upstream |
274 | Architecture naming adjustments | Python 3 in Rawhide(28) | [] |
273 | Skip test_float_with_comma (bz#1484497) | Python 3 in F27, Rawhide(28) | [] |
272 | Reject newline characters in ftplib.FTP.putline() (bz#1478916) | Python 3 in F26, Rawhide(27) | Fixed upstream |
271 | Make test_asyncio to not depend on the current signal handler | Python 3 in F26, Rawhide(27) | Fixed upstream |
270 | Fix test_alpn_protocols from test_ssl | Python 2 and Python 3 in F26, Rawhide(27) | Fixed upstream |
269 | Fix python's recompilation with common build commands when using PGO | Python 3 in Fedora 24 | Fixed upstream |
268 | Set stream to None in case an _open() fails | Python in RHEL/CentOS 7.4 | Fixed upstream |
267 | Make pip installable inside a new venv when using the --system-site-packages flag | Python 3 in Fedora 24-25 | Fixed upstream |
266 | Make shutil.make_archive() to not ingore empty directories when creating a zip file | Python in RHEL/CentOS 7.4 | Fixed upstream |
265 | Protect the key list during fork() | Python in RHEL/CentOS 7.4 | Reported upstream |
264 | skip test_pass_by_value on aarch64 | Rawhide(F27) | Reported upstream |
263 | Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c | Python in RHEL/CentOS 7.4 | Fixed upstream |
262 | force C.UTF-8 when Python 3 is run under the C locale | Python 3 in Rawhide(26) | PEP 538 |
261 | Use proper command line parsing in _testembed | Python 3 in F26 | Fixed upstream |
260 | Fix setuptools issues from unbundling its dependencies | Python 3 in Rawhide(26) | Reported upstream |
259 | Magic number workaround -- upstream issue 27286 | Python 3 in F24-f25 | Upstream commit 93602e3 (removed in 3.6) |
258 | skip test_aead_aes_gcm as it fails with Kernel 4.9+ | Python 3 in F26 | Fixed upstream |
257 | Workaround for wait timeouts when the system clock is set backwards (bz#1368076) | Python in RHEL/CentOS 7.4 | [] |
256 | Fix Python's incorrect parsing of certain regular expressions | Python in RHEL/CentOS 7.4 | Fixed upstream |
255 | Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs | Python in RHEL/CentOS 7.4 | Fixed upstream |
254 | Fix error check, so that Random.seed actually uses OS randomness | Python 3 in F26 | Fixed upstream |
253 | Define HAVE_LONG_LONG as 1. | Python 3 in F26 | Fixed upstream |
252 | Add executable option to install.py command to make it work for entry_points | Python 2 and Python 3, reverted in F27, F26 | Reported upstream |
251 | Make pip and distutils in user environment install into separate location | Python 3 in F27 | |
250 | Don't blow up on EL7 kernel (random generator) RHBZ#1410175 | Python 3, python36, python35, python34 in F26 | Reported upstream |
249 | Fix out of tree --with-dtrace builds | Python 3 in F26 | Fixed upstream |
248 | Ensure gc tracking is off when invoking weakref callbacks | Python34 in EPEL | Fixed upstream |
247 | Patch to port the ssl and hashlib module to OpenSSL 1.1.0. | Python 2 and Python 3 in F26 | Fixed upstream |
246 | Backported the build-time check for the getrandom syscall from Python 3.5.2 | Python 3 in F24 | |
245 | Skip stack overflow test on 64 bits | python33 | |
244 | Skip SSL tests | python33 | |
243 | Build properly on MIPS | python3 in F25, F26 | |
242 | HTTPoxy CVE-2016-1000110 | Everywhere | Fixed upstream |
241 | CVE-2016-5636 | python in F23, python3 in F23, F24, F25, F26, Python34 in EPEL7 | Fixed upstream (a b) |
240 | Increase test_smtplib timeouts | Python in RHEL/CentOS 7.5 | Fixed upstream |
239 | OpenSSL - "dh key too small" | EL (rh-python34-rhel-6) | Fixed upstream |
238 | CVE-2016-5699 | python3 in Fedora 23, python34 in EPEL7 | Fixed upstream |
237 | CVE-2016-0772 | Everywhere | Fixed upstream |
231 | Reserved for cstratak | [] | |
209 | Fix test breakage with Pyexpat v2.2.0 | Fedora | Fixed upstream |
208 (py3) | Skip test that fails on ppc64 | Python 3 | |
207 (py3) | Avoid incomplete _math.o with parallel builds | Python 3 | Closed upstream with different fix |
206 (py3) | Remove hf flag from arm triplet (Debianism) | Python 3 | Looks like this might be combined with patch 5001 |
205 (py3) | configure: Make libpl respect lib64 | Python 3 | |
203 (py3) | Disable tests requiring signals (due to Koji behavior) | Python 3 | |
201 (py3) | Memleak fix | Python 3 | Upstreamed, fragment of the patch remains |
200 (py3) | Fix for gettext plural form headers | Python 3 | Upstream: bpo-36239 |
196 (py3) | Test failure on ppc64le | Python 3 | |
194 (py3) | Disable tests requiring SIGHUP (due to Koji bug) | Python 3 | |
190 | gdb py-bt command fix | Python 2 (used to be 189 or 198 before F29) | Fixed upstream |
189 (py3) | Use RPM-packaged wheels for ensurepip | Python 3 in f29+ | |
Add Rewheel to ensurepip | Python 3 up to f28 | ||
188 | Hashlib test patch | Python 3 | Looks removable |
186 | Don't raise from py_compile | Python 3 | Only a test remains in downstream patch |
184 | Fixes build of ctypes against libffi with multilib wrapper | ||
180 | Enable ppc64p7 | As is, the patch is not appropriate upstream | |
178 | Don't duplicate various FLAGS in sysconfig values | Python 3 | Reported, failed review |
170 | Nicer C-level asserts in garbage collector | Python 3 | Reported, work needed to address review comments |
168 | distutils cflags, RHBZ#849994 | Upstream bpo-36235 | |
163 | Skip test with intermittent failure | ||
160 | Skip tests that require new kernel | ||
157 | uid/gid handling, RHBZ#697470 | Upstream bpo-36234 | |
155 | SELinux/httpd/ctypes workaround, RHBZ#814391 | Fixed upstream (Python 3.8.0a1) | |
153 | test_gdb fix | Fedora python2 | Fixed upstream (Python 2.7.14) |
146 | Fixes for FIPS mode | Reported, stuck | |
143 | Fix --with-tsc on ppc64 | Reported, stuck | |
137 | Skip distutils tests that fail in rpmbuild | ||
132 | unittest._skipInRpmBuild | ||
111 | Disable static libpython | ||
103 | lib64-sysconfig | Python 2 | |
102, 104 | s./usr/lib./usr/lib64. | ||
55 | Systemtap support | Reported, to be combined with DTrace, stalled | |
1 (py3) | RPath | Python 3 | |
1 (py2) | pydoc -g | Python 2 | |
0 | Config | Python 2 | — |