From Fedora Project Wiki

< SIGs‎ | Python

No edit summary
No edit summary
(2 intermediate revisions by the same user not shown)
Line 12: Line 12:
! Upstream status
! Upstream status
|-
|-
| 380 || Update SSL certs || RHEL || fixed upstream [https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7  here] and [https://github.com/python/cpython/commit/1f34aece28d143edb94ca202e661364ca394dc8c here]
|-
|-
| 379 || Fix OpenSSL version check for 3.0.1  || Fedora python3.8 || [https://github.com/python/cpython/commit/a9b3edb66f2976a5895b6399ee905ac2f27718ac commit]
| 379 || Fix OpenSSL version check for 3.0.1  || Fedora python3.8 || [https://github.com/python/cpython/commit/a9b3edb66f2976a5895b6399ee905ac2f27718ac commit]
Line 34: Line 35:
|-
|-
|-
|-
| 372|| Reserved for [[User:cstratak|cstratak]] ||
| 372|| CVE-2021-4189 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue43285 Fixed upstream]
| []
|
|-
|-
|-
|-
Line 41: Line 42:
|-
|-
|-
|-
| 370|| Reserved for [[User:cstratak|cstratak]] ||
| 370|| Use monotonic clock for the GIL || RHEL || [https://bugs.python.org/issue12822 Fixed upstream]
| []
|
|-
|-
|-
|-
| 369|| Reserved for [[User:cstratak|cstratak]] ||
| 369|| Change shouldRollover() methods to only rollover regular files || RHEL || [https://bugs.python.org/issue45401 Fixed upstream]  
| []
|
|-
|-
| 368 || CVE-2021-3737 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue44022 Fixed upstream]
| 368 || CVE-2021-3737 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue44022 Fixed upstream]
Line 66: Line 67:
| 362 || Reentrant threading.enumerate() call || RHEL || [https://bugs.python.org/issue44422 Fixed upstream]
| 362 || Reentrant threading.enumerate() call || RHEL || [https://bugs.python.org/issue44422 Fixed upstream]
|-
|-
| 361|| Reserved for [[User:cstratak|cstratak]] OpenSSL 3.0.0 compat ||
| 361|| OpenSSL 3.0.0 compatibility || RHEL
| []
|  
|-
|-
| 360|| Reserved for [[User:cstratak|cstratak]]  CVE-2021-3426 ||
| 360|| CVE-2021-3426 || RHEL || [https://bugs.python.org/issue42988 Fixed upstream]
| []
|
|-
|-
| 359 || CVE-2021-23336 || RHEL
| 359 || CVE-2021-23336 || RHEL
Line 84: Line 85:
| [https://github.com/python/cpython/commit/c71c54c62600fd721baed3c96709e3d6e9c33817 commit]
| [https://github.com/python/cpython/commit/c71c54c62600fd721baed3c96709e3d6e9c33817 commit]
|-
|-
| 355|| Reserved for [[User:cstratak|cstratak]] ||
| 355|| CVE-2020-27619 || RHEL || [https://bugs.python.org/issue41944 Fixed upstream]
| []
|
|-
|-
| 354 || CVE-2020-26116 - HTTP request method CRLF injection in httplib || Python 2.7, 3.4
| 354 || CVE-2020-26116 - HTTP request method CRLF injection in httplib || Python 2.7, 3.4

Revision as of 00:52, 18 May 2022

The Patches

Patches on GitHub
Note that we use git to store the patches: https://github.com/fedora-python/cpython

Pushing patches upstream is tracked in the page: Upstream Python Patches. Fix OpenSSL version check for 3.0.1

Patch No. Patch description Where Upstream status
380 Update SSL certs RHEL fixed upstream here and here
379 Fix OpenSSL version check for 3.0.1 Fedora python3.8 commit
378 Fix expat test suite Fedora python2.7, python3.6+ Fixed upstream
377 CVE-2022-0391 RHEL, Fedora (Py 2) Fixed upstream
376 Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ python3.10 commit
375 Fix test to enable build in i686 python2.7, 3.6 Downstream only
374 Fix asyncio initialisation guard python3.10 commit
373 Revert "bpo-40521: Per-interpreter interned strings python3.10 commit
372 CVE-2021-4189 RHEL, Fedora (Py 2) Fixed upstream
371 Revert Fix threading._shutdown() for the main thread python3.9+ commit
370 Use monotonic clock for the GIL RHEL Fixed upstream
369 Change shouldRollover() methods to only rollover regular files RHEL Fixed upstream
368 CVE-2021-3737 RHEL, Fedora (Py 2) Fixed upstream
367 sysconfig's posix_user scheme has different platlib value to distutils's unix_user Python3.10.0rc2 Fix merged, will be in Python 3.10.0 final
366 CVE-2021-3733 RHEL, Fedora (Py 2) Fixed upstream
365 CVE-2021-29921 RHEL Fixed upstream
364 Don't call PyThread_exit_thread RHEL Fixed upstream
363 Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index Python 3.10.0b3 Proposed upstream
362 Reentrant threading.enumerate() call RHEL Fixed upstream
361 OpenSSL 3.0.0 compatibility RHEL
360 CVE-2021-3426 RHEL Fixed upstream
359 CVE-2021-23336 RHEL Fixed upstream
358 Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms Python 3.6 and below in Fedora Fixed upstream
357 CVE-2021-3177 Python 3.8 and 3.9 in Fedora issue with links to PRs
356 Backport of -ka options for pathfix.py Python 3 in RHEL 8 only commit
355 CVE-2020-27619 RHEL Fixed upstream
354 CVE-2020-26116 - HTTP request method CRLF injection in httplib Python 2.7, 3.4 Fixed upstream in 3.5+
353 Alternative architectures' names All supported Pythons in Fedora/RHEL Downstream only
352 CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes (bpo-41004) Slated for python3.9 b5 & all maintained releases (3.5+)
351 CVE-2019-20907 Fix infinite loop in the tarfile module (bpo-39017) Slated for python3.9 b5 & all maintained releases (3.5+)
350 Fix SQLite tests (bpo-40784) python3.9 Slated for python3.9 b2, python3.8
349 fix tp_traverse visiting Py_TYPE(self) (bpo-40217, PySide2 bug) python3.9 b1 Slated for python3.9 b2
348 never enable lchmod on Linux python35 bacport of commit, upstream is doing only security fixes for python35
347 Reserved for lbalhar SCL7 fixed in 3.9
346 CVE-2020-8492 []
345 test_site fixes []
344 CVE-2019-16935 []
343 faulthandler fix for GCC 10 python34, 35 and 36 fixed upstream
342 Reserved for torsava SCL7 Downstream only
341 bpo39460 backport python39 fixed on master, will be in 3.9.0a4
340 bpo39459 backport python39 fixed on master, will be in 3.9.0a4
339 bpo16575 backport python3 (3.7, 3.8) fixed in git, will be in 3.7.7, 3.8.2.
338 test_gdb fixes for LTO []
337 Reserved for torsava []
336 Fix invocation of pip 19+ in a Python test python3 in Fedora, EL Downstream only
335 Add options to keep/add flags to pathfix python3 in Fedora Fixed upstream
334 Fix faulthandler.register(chain=True) stack python3 in RHEL7 Fixed upstream
333 Reduce the number of tests run during PGO python3 in RHEL8 Fixed upstream
332 CVE-2019-16056 python and python3 in RHEL7 Fixed upstream
331 Fix StructUnionType_paramfunc() python 3.8.0b4 Fixed upstream
330 CVE-2018-20852 python and python3 in RHEL7 Fixed upstream
329 Support OpenSSL FIPS mode python3 in RHEL8 Downstream only, partially upstream
328 Restore to TIMESTAMP invalidation mode as default in rpmbubild python3, python38 Downstream only
327 Enable TLS 1.3 post-handshake authentication in http.client python3 on RHEL8 Fixed upstream
326 On TLS 1.3 Don't set the post-handshake authentication verify flag on client side python3 on RHEL8 Fixed upstream
325 CVE-2019-9948 pythons in RHEL7 and RHEL8 Fixed upstream
324 CVE-2019-9740, CVE-2019-9947 fix python3 Fixed upstream
323 Coverity scan fixes python2 and python3 in RHEL8 Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680
322 Skip test_ssl tests on OpenSSL 1.1.1 Python 3.4 and 3.5 PR for Python 3.5
321 OpenSSL 1.1.1 support for Python 3.4 Python 3.4 in Fedora Rejected upstream and 3.4 reached EOL
320 CVE-2019-9636 and CVE-2019-10160 (regression of the first one) Python <=3.4 and 2.7 in Fedora and RHEL Fixed upstream: bpo-36216 and bpo-36742
319 Fix test_tarfile on ppc64 Python 3.6 in RHEL8 Fixed upstream: bpo-35772
318 test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 Python 3.6 in RHEL bpo-33618, bpo-32947
317 CVE-2019-5010 fix all CPythons Fixed upstream
316 mark bdist_wininst as unsupported (for the tests) python3
315 Fix FTBFS in test_email (mktime overflow) python3 on F30+ Fixed upstream
314 Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) python in RHEL7 Fixed upstream
313 Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) python in RHEL7 Fixed upstream
312 Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) not used downstream workaround
311 Fix test_dbm_gnu for gdbm 1.15 python3 in Fedora Fixed upstream
310 CVE-2018-14647 all cpythons Fixed upstream
309 CVE-2018-1000802 python2 Fixed upstream
308 TLS 1.3 related upstream fixes python3 and python36 in F29+ Fixed upstream
307 Allow to call Py_Main() after Py_Initialize() python3 in F29+ Fixed upstream
306 Fix OSERROR 17 upon semaphore creation python in RHEL7 Fixed upstream
305 Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) python in RHEL7 Fixed upstream
304 Pass os.environ to new process in test_posix::test_specify_environment python37 Fixed upstream
303 CVE-2018-1060 and CVE-2018-1061 python in RHEL7 Fixed upstream
302 Fix multiprocessing regression on newer glibcs 3.3-3.7 in F29+ Fixed upstream
301 Tools/scripts/pathfix.py: Add -n option for no backup~ python3 in F27+ Fixed upstream
300 Append the collection's name to Python's shared library file name Python Software Collections Downstream only
299 Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) python2 in F26+ Fixed upstream
298 Do not send IP addresses in SNI TLS extension python2 and python3 in F26+ Fixed upstream
297 Fix -Wint-in-bool-context warnings - issue31474 Python 2.7.14 To be fixed in 2.7.15
296 Re-add the private _set_hostport api to httplib Python in RHEL/CentOS 7.5 downstream only
295 Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port Python in RHEL/CentOS 7.5 Fixed upstream (a b c)]
294 Define TLS cipher suite on build time Python 3 on F28+ Fixed upstream
293 Fix for GC info alignment issue -- bug 1540316 python2 in F28+ Fixed upstream
292 Restore the public PyExc_RecursionErrorInst symbol Python 3 in F26+ Reported upstream
291 Fix undefined references to dlopen / dlsym when using strict symbol checks Python 3 in F28+ Fixed upstream
290 Fix a segfault with test_crypt when using libxcrypt instead of libcrypt Python 3 in F28+ Fixed upstream
289 make nis module build with new glibc python3 in F28+, python37; python2 in F28+ []
288 See User:Pviktori/Avoid_usr_bin_python_in_RPM_Build python2 in F28+ (not yet) downstream only
287 Fix hanging of all threads when trying to access an inaccessible NFS server. Python in RHEL/CentOS 7.5 Fixed upstream
286 CVE-2017-1000158 python in F25, python3 in F25, python26,33..35 Fixed upstream
285 fix nondeterministic read in test_pty python2 in Rawhide(28), F27, F26 Fixed upstream
284 add PYTHONSHOWREFCOUNT environment variable python2 in Rawhide(28), F27, F26 Fixed upstream
283 COUNT_ALLOCS tests fixes Python 2 in Rawhide (28) Fixed upstream
282 Make it more likely for the system allocator to release free()d memory arenas Python in RHEL/CentOS 7.5 Fixed upstream
281 Add context parameter to xmlrpclib.ServerProxy Python in RHEL/CentOS 7.5 Fixed upstream
280 Fix test_regrtest.test_crashed on s390x Python 2 in Rawhide (28) Fixed upstream
279 Fix memory corruption due to allocator mix Python 3 in Rawhide (28), F27, F26, F25 Fixed upstream
278 Skip failing test_sha256 from test_socket on linux kernels < 4.5 python36 Fixed upstream
277 Fix hanging tests from test_subprocess Python 3 in Rawhide (28), F27, F26 Fixed upstream
276 Increase imaplib's MAXLINE to accommodate modern mailbox sizes. Python in RHEL/CentOS 7.5 Fixed upstream
275 Fix fcntl() with integer argument on 64-bit big-endian platforms. Python in RHEL/CentOS 7.5 Fixed upstream
274 Architecture naming adjustments Python 3 in Rawhide(28) []
273 Skip test_float_with_comma (bz#1484497) Python 3 in F27, Rawhide(28) []
272 Reject newline characters in ftplib.FTP.putline() (bz#1478916) Python 3 in F26, Rawhide(27) Fixed upstream
271 Make test_asyncio to not depend on the current signal handler Python 3 in F26, Rawhide(27) Fixed upstream
270 Fix test_alpn_protocols from test_ssl Python 2 and Python 3 in F26, Rawhide(27) Fixed upstream
269 Fix python's recompilation with common build commands when using PGO Python 3 in Fedora 24 Fixed upstream
268 Set stream to None in case an _open() fails Python in RHEL/CentOS 7.4 Fixed upstream
267 Make pip installable inside a new venv when using the --system-site-packages flag Python 3 in Fedora 24-25 Fixed upstream
266 Make shutil.make_archive() to not ingore empty directories when creating a zip file Python in RHEL/CentOS 7.4 Fixed upstream
265 Protect the key list during fork() Python in RHEL/CentOS 7.4 Reported upstream
264 skip test_pass_by_value on aarch64 Rawhide(F27) Reported upstream
263 Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c Python in RHEL/CentOS 7.4 Fixed upstream
262 force C.UTF-8 when Python 3 is run under the C locale Python 3 in Rawhide(26) PEP 538
261 Use proper command line parsing in _testembed Python 3 in F26 Fixed upstream
260 Fix setuptools issues from unbundling its dependencies Python 3 in Rawhide(26) Reported upstream
259 Magic number workaround -- upstream issue 27286 Python 3 in F24-f25 Upstream commit 93602e3 (removed in 3.6)
258 skip test_aead_aes_gcm as it fails with Kernel 4.9+ Python 3 in F26 Fixed upstream
257 Workaround for wait timeouts when the system clock is set backwards (bz#1368076) Python in RHEL/CentOS 7.4 []
256 Fix Python's incorrect parsing of certain regular expressions Python in RHEL/CentOS 7.4 Fixed upstream
255 Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs Python in RHEL/CentOS 7.4 Fixed upstream
254 Fix error check, so that Random.seed actually uses OS randomness Python 3 in F26 Fixed upstream
253 Define HAVE_LONG_LONG as 1. Python 3 in F26 Fixed upstream
252 Add executable option to install.py command to make it work for entry_points Python 2 and Python 3, reverted in F27, F26 Reported upstream
251 Make pip and distutils in user environment install into separate location Python 3 in F27
250 Don't blow up on EL7 kernel (random generator) RHBZ#1410175 Python 3, python36, python35, python34 in F26 Reported upstream
249 Fix out of tree --with-dtrace builds Python 3 in F26 Fixed upstream
248 Ensure gc tracking is off when invoking weakref callbacks Python34 in EPEL Fixed upstream
247 Patch to port the ssl and hashlib module to OpenSSL 1.1.0. Python 2 and Python 3 in F26 Fixed upstream
246 Backported the build-time check for the getrandom syscall from Python 3.5.2 Python 3 in F24
245 Skip stack overflow test on 64 bits python33
244 Skip SSL tests python33
243 Build properly on MIPS python3 in F25, F26
242 HTTPoxy CVE-2016-1000110 Everywhere Fixed upstream
241 CVE-2016-5636 python in F23, python3 in F23, F24, F25, F26, Python34 in EPEL7 Fixed upstream (a b)
240 Increase test_smtplib timeouts Python in RHEL/CentOS 7.5 Fixed upstream
239 OpenSSL - "dh key too small" EL (rh-python34-rhel-6) Fixed upstream
238 CVE-2016-5699 python3 in Fedora 23, python34 in EPEL7 Fixed upstream
237 CVE-2016-0772 Everywhere Fixed upstream
231 Reserved for cstratak []
209 Fix test breakage with Pyexpat v2.2.0 Fedora Fixed upstream
208 (py3) Skip test that fails on ppc64 Python 3
207 (py3) Avoid incomplete _math.o with parallel builds Python 3 Closed upstream with different fix
206 (py3) Remove hf flag from arm triplet (Debianism) Python 3 Looks like this might be combined with patch 5001
205 (py3) configure: Make libpl respect lib64 Python 3
203 (py3) Disable tests requiring signals (due to Koji behavior) Python 3
201 (py3) Memleak fix Python 3 Upstreamed, fragment of the patch remains
200 (py3) Fix for gettext plural form headers Python 3 Upstream: bpo-36239
196 (py3) Test failure on ppc64le Python 3
194 (py3) Disable tests requiring SIGHUP (due to Koji bug) Python 3
190 gdb py-bt command fix Python 2 (used to be 189 or 198 before F29) Fixed upstream
189 (py3) Use RPM-packaged wheels for ensurepip Python 3 in f29+
Add Rewheel to ensurepip Python 3 up to f28
188 Hashlib test patch Python 3 Looks removable
186 Don't raise from py_compile Python 3 Only a test remains in downstream patch
184 Fixes build of ctypes against libffi with multilib wrapper
180 Enable ppc64p7 As is, the patch is not appropriate upstream
178 Don't duplicate various FLAGS in sysconfig values Python 3 Reported, failed review
170 Nicer C-level asserts in garbage collector Python 3 Reported, work needed to address review comments
168 distutils cflags, RHBZ#849994 Upstream bpo-36235
163 Skip test with intermittent failure
160 Skip tests that require new kernel
157 uid/gid handling, RHBZ#697470 Upstream bpo-36234
155 SELinux/httpd/ctypes workaround, RHBZ#814391 Fixed upstream (Python 3.8.0a1)
153 test_gdb fix Fedora python2 Fixed upstream (Python 2.7.14)
146 Fixes for FIPS mode Reported, stuck
143 Fix --with-tsc on ppc64 Reported, stuck
137 Skip distutils tests that fail in rpmbuild
132 unittest._skipInRpmBuild
111 Disable static libpython
103 lib64-sysconfig Python 2
102, 104 s./usr/lib./usr/lib64.
55 Systemtap support Reported, to be combined with DTrace, stalled
1 (py3) RPath Python 3
1 (py2) pydoc -g Python 2
0 Config Python 2