From Fedora Project Wiki
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 12: | Line 12: | ||
! Upstream status | ! Upstream status | ||
|- | |- | ||
| 380 || Update SSL certs || RHEL || fixed upstream [https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7 here] and [https://github.com/python/cpython/commit/1f34aece28d143edb94ca202e661364ca394dc8c here] | |||
|- | |- | ||
| 379 || Fix OpenSSL version check for 3.0.1 || Fedora python3.8 || [https://github.com/python/cpython/commit/a9b3edb66f2976a5895b6399ee905ac2f27718ac commit] | | 379 || Fix OpenSSL version check for 3.0.1 || Fedora python3.8 || [https://github.com/python/cpython/commit/a9b3edb66f2976a5895b6399ee905ac2f27718ac commit] | ||
Line 34: | Line 35: | ||
|- | |- | ||
|- | |- | ||
| 372|| | | 372|| CVE-2021-4189 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue43285 Fixed upstream] | ||
| [] | | | ||
|- | |- | ||
|- | |- | ||
Line 41: | Line 42: | ||
|- | |- | ||
|- | |- | ||
| 370|| | | 370|| Use monotonic clock for the GIL || RHEL || [https://bugs.python.org/issue12822 Fixed upstream] | ||
| [] | | | ||
|- | |- | ||
|- | |- | ||
| 369|| | | 369|| Change shouldRollover() methods to only rollover regular files || RHEL || [https://bugs.python.org/issue45401 Fixed upstream] | ||
| [] | | | ||
|- | |- | ||
| 368 || CVE-2021-3737 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue44022 Fixed upstream] | | 368 || CVE-2021-3737 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue44022 Fixed upstream] | ||
Line 66: | Line 67: | ||
| 362 || Reentrant threading.enumerate() call || RHEL || [https://bugs.python.org/issue44422 Fixed upstream] | | 362 || Reentrant threading.enumerate() call || RHEL || [https://bugs.python.org/issue44422 Fixed upstream] | ||
|- | |- | ||
| 361|| | | 361|| OpenSSL 3.0.0 compatibility || RHEL | ||
| | | | ||
|- | |- | ||
| 360|| | | 360|| CVE-2021-3426 || RHEL || [https://bugs.python.org/issue42988 Fixed upstream] | ||
| [] | | | ||
|- | |- | ||
| 359 || CVE-2021-23336 || RHEL | | 359 || CVE-2021-23336 || RHEL | ||
Line 84: | Line 85: | ||
| [https://github.com/python/cpython/commit/c71c54c62600fd721baed3c96709e3d6e9c33817 commit] | | [https://github.com/python/cpython/commit/c71c54c62600fd721baed3c96709e3d6e9c33817 commit] | ||
|- | |- | ||
| 355|| | | 355|| CVE-2020-27619 || RHEL || [https://bugs.python.org/issue41944 Fixed upstream] | ||
| [] | | | ||
|- | |- | ||
| 354 || CVE-2020-26116 - HTTP request method CRLF injection in httplib || Python 2.7, 3.4 | | 354 || CVE-2020-26116 - HTTP request method CRLF injection in httplib || Python 2.7, 3.4 |
Revision as of 00:52, 18 May 2022
The Patches
Pushing patches upstream is tracked in the page: Upstream Python Patches. Fix OpenSSL version check for 3.0.1
Patch No. | Patch description | Where | Upstream status | |
---|---|---|---|---|
380 | Update SSL certs | RHEL | fixed upstream here and here | |
379 | Fix OpenSSL version check for 3.0.1 | Fedora python3.8 | commit | |
378 | Fix expat test suite | Fedora python2.7, python3.6+ | Fixed upstream | |
377 | CVE-2022-0391 | RHEL, Fedora (Py 2) | Fixed upstream | |
376 | Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ | python3.10 | commit | |
375 | Fix test to enable build in i686 | python2.7, 3.6 | Downstream only | |
374 | Fix asyncio initialisation guard | python3.10 | commit | |
373 | Revert "bpo-40521: Per-interpreter interned strings | python3.10 | commit | |
372 | CVE-2021-4189 | RHEL, Fedora (Py 2) | Fixed upstream | |
371 | Revert Fix threading._shutdown() for the main thread | python3.9+ | commit | |
370 | Use monotonic clock for the GIL | RHEL | Fixed upstream | |
369 | Change shouldRollover() methods to only rollover regular files | RHEL | Fixed upstream | |
368 | CVE-2021-3737 | RHEL, Fedora (Py 2) | Fixed upstream | |
367 | sysconfig's posix_user scheme has different platlib value to distutils's unix_user | Python3.10.0rc2 | Fix merged, will be in Python 3.10.0 final | |
366 | CVE-2021-3733 | RHEL, Fedora (Py 2) | Fixed upstream | |
365 | CVE-2021-29921 | RHEL | Fixed upstream | |
364 | Don't call PyThread_exit_thread | RHEL | Fixed upstream | |
363 | Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index | Python 3.10.0b3 | Proposed upstream | |
362 | Reentrant threading.enumerate() call | RHEL | Fixed upstream | |
361 | OpenSSL 3.0.0 compatibility | RHEL | ||
360 | CVE-2021-3426 | RHEL | Fixed upstream | |
359 | CVE-2021-23336 | RHEL | Fixed upstream | |
358 | Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms | Python 3.6 and below in Fedora | Fixed upstream | |
357 | CVE-2021-3177 | Python 3.8 and 3.9 in Fedora | issue with links to PRs | |
356 | Backport of -ka options for pathfix.py |
Python 3 in RHEL 8 only | commit | |
355 | CVE-2020-27619 | RHEL | Fixed upstream | |
354 | CVE-2020-26116 - HTTP request method CRLF injection in httplib | Python 2.7, 3.4 | Fixed upstream in 3.5+ | |
353 | Alternative architectures' names | All supported Pythons in Fedora/RHEL | Downstream only | |
352 | CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes (bpo-41004) | Slated for python3.9 b5 & all maintained releases (3.5+) | ||
351 | CVE-2019-20907 Fix infinite loop in the tarfile module (bpo-39017) | Slated for python3.9 b5 & all maintained releases (3.5+) | ||
350 | Fix SQLite tests (bpo-40784) | python3.9 | Slated for python3.9 b2, python3.8 | |
349 | fix tp_traverse visiting Py_TYPE(self) (bpo-40217, PySide2 bug) | python3.9 b1 | Slated for python3.9 b2 | |
348 | never enable lchmod on Linux | python35 | bacport of commit, upstream is doing only security fixes for python35 | |
347 | Reserved for lbalhar | SCL7 | fixed in 3.9 | |
346 | CVE-2020-8492 | [] | ||
345 | test_site fixes | [] | ||
344 | CVE-2019-16935 | [] | ||
343 | faulthandler fix for GCC 10 | python34, 35 and 36 | fixed upstream | |
342 | Reserved for torsava | SCL7 | Downstream only | |
341 | bpo39460 backport | python39 | fixed on master, will be in 3.9.0a4 | |
340 | bpo39459 backport | python39 | fixed on master, will be in 3.9.0a4 | |
339 | bpo16575 backport | python3 (3.7, 3.8) | fixed in git, will be in 3.7.7, 3.8.2. | |
338 | test_gdb fixes for LTO | [] | ||
337 | Reserved for torsava | [] | ||
336 | Fix invocation of pip 19+ in a Python test | python3 in Fedora, EL | Downstream only | |
335 | Add options to keep/add flags to pathfix | python3 in Fedora | Fixed upstream | |
334 | Fix faulthandler.register(chain=True) stack | python3 in RHEL7 | Fixed upstream | |
333 | Reduce the number of tests run during PGO | python3 in RHEL8 | Fixed upstream | |
332 | CVE-2019-16056 | python and python3 in RHEL7 | Fixed upstream | |
331 | Fix StructUnionType_paramfunc() | python 3.8.0b4 | Fixed upstream | |
330 | CVE-2018-20852 | python and python3 in RHEL7 | Fixed upstream | |
329 | Support OpenSSL FIPS mode | python3 in RHEL8 | Downstream only, partially upstream | |
328 | Restore to TIMESTAMP invalidation mode as default in rpmbubild | python3, python38 | Downstream only | |
327 | Enable TLS 1.3 post-handshake authentication in http.client | python3 on RHEL8 | Fixed upstream | |
326 | On TLS 1.3 Don't set the post-handshake authentication verify flag on client side | python3 on RHEL8 | Fixed upstream | |
325 | CVE-2019-9948 | pythons in RHEL7 and RHEL8 | Fixed upstream | |
324 | CVE-2019-9740, CVE-2019-9947 fix | python3 | Fixed upstream | |
323 | Coverity scan fixes | python2 and python3 in RHEL8 | Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680 | |
322 | Skip test_ssl tests on OpenSSL 1.1.1 | Python 3.4 and 3.5 | PR for Python 3.5 | |
321 | OpenSSL 1.1.1 support for Python 3.4 | Python 3.4 in Fedora | Rejected upstream and 3.4 reached EOL | |
320 | CVE-2019-9636 and CVE-2019-10160 (regression of the first one) | Python <=3.4 and 2.7 in Fedora and RHEL | Fixed upstream: bpo-36216 and bpo-36742 | |
319 | Fix test_tarfile on ppc64 | Python 3.6 in RHEL8 | Fixed upstream: bpo-35772 | |
318 | test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 | Python 3.6 in RHEL | bpo-33618, bpo-32947 | |
317 | CVE-2019-5010 fix | all CPythons | Fixed upstream | |
316 | mark bdist_wininst as unsupported (for the tests) | python3 | ||
315 | Fix FTBFS in test_email (mktime overflow) | python3 on F30+ | Fixed upstream | |
314 | Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) | python in RHEL7 | Fixed upstream | |
313 | Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) | python in RHEL7 | Fixed upstream | |
312 | Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) | not used | downstream workaround | |
311 | Fix test_dbm_gnu for gdbm 1.15 | python3 in Fedora | Fixed upstream | |
310 | CVE-2018-14647 | all cpythons | Fixed upstream | |
309 | CVE-2018-1000802 | python2 | Fixed upstream | |
308 | TLS 1.3 related upstream fixes | python3 and python36 in F29+ | Fixed upstream | |
307 | Allow to call Py_Main() after Py_Initialize() | python3 in F29+ | Fixed upstream | |
306 | Fix OSERROR 17 upon semaphore creation | python in RHEL7 | Fixed upstream | |
305 | Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) | python in RHEL7 | Fixed upstream | |
304 | Pass os.environ to new process in test_posix::test_specify_environment | python37 | Fixed upstream | |
303 | CVE-2018-1060 and CVE-2018-1061 | python in RHEL7 | Fixed upstream | |
302 | Fix multiprocessing regression on newer glibcs | 3.3-3.7 in F29+ | Fixed upstream | |
301 | Tools/scripts/pathfix.py: Add -n option for no backup~ | python3 in F27+ | Fixed upstream | |
300 | Append the collection's name to Python's shared library file name | Python Software Collections | Downstream only | |
299 | Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) | python2 in F26+ | Fixed upstream | |
298 | Do not send IP addresses in SNI TLS extension | python2 and python3 in F26+ | Fixed upstream | |
297 | Fix -Wint-in-bool-context warnings - issue31474 | Python 2.7.14 | To be fixed in 2.7.15 | |
296 | Re-add the private _set_hostport api to httplib |
Python in RHEL/CentOS 7.5 | downstream only | |
295 | Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port | Python in RHEL/CentOS 7.5 | Fixed upstream (a b c)] | |
294 | Define TLS cipher suite on build time | Python 3 on F28+ | Fixed upstream | |
293 | Fix for GC info alignment issue -- bug 1540316 | python2 in F28+ | Fixed upstream | |
292 | Restore the public PyExc_RecursionErrorInst symbol | Python 3 in F26+ | Reported upstream | |
291 | Fix undefined references to dlopen / dlsym when using strict symbol checks | Python 3 in F28+ | Fixed upstream | |
290 | Fix a segfault with test_crypt when using libxcrypt instead of libcrypt | Python 3 in F28+ | Fixed upstream | |
289 | make nis module build with new glibc | python3 in F28+, python37; python2 in F28+ | [] | |
288 | See User:Pviktori/Avoid_usr_bin_python_in_RPM_Build | python2 in F28+ (not yet) | downstream only | |
287 | Fix hanging of all threads when trying to access an inaccessible NFS server. | Python in RHEL/CentOS 7.5 | Fixed upstream | |
286 | CVE-2017-1000158 | python in F25, python3 in F25, python26,33..35 | Fixed upstream | |
285 | fix nondeterministic read in test_pty | python2 in Rawhide(28), F27, F26 | Fixed upstream | |
284 | add PYTHONSHOWREFCOUNT environment variable | python2 in Rawhide(28), F27, F26 | Fixed upstream | |
283 | COUNT_ALLOCS tests fixes | Python 2 in Rawhide (28) | Fixed upstream | |
282 | Make it more likely for the system allocator to release free()d memory arenas | Python in RHEL/CentOS 7.5 | Fixed upstream | |
281 | Add context parameter to xmlrpclib.ServerProxy | Python in RHEL/CentOS 7.5 | Fixed upstream | |
280 | Fix test_regrtest.test_crashed on s390x |
Python 2 in Rawhide (28) | Fixed upstream | |
279 | Fix memory corruption due to allocator mix | Python 3 in Rawhide (28), F27, F26, F25 | Fixed upstream | |
278 | Skip failing test_sha256 from test_socket on linux kernels < 4.5 | python36 | Fixed upstream | |
277 | Fix hanging tests from test_subprocess | Python 3 in Rawhide (28), F27, F26 | Fixed upstream | |
276 | Increase imaplib's MAXLINE to accommodate modern mailbox sizes. | Python in RHEL/CentOS 7.5 | Fixed upstream | |
275 | Fix fcntl() with integer argument on 64-bit big-endian platforms. | Python in RHEL/CentOS 7.5 | Fixed upstream | |
274 | Architecture naming adjustments | Python 3 in Rawhide(28) | [] | |
273 | Skip test_float_with_comma (bz#1484497) | Python 3 in F27, Rawhide(28) | [] | |
272 | Reject newline characters in ftplib.FTP.putline() (bz#1478916) | Python 3 in F26, Rawhide(27) | Fixed upstream | |
271 | Make test_asyncio to not depend on the current signal handler | Python 3 in F26, Rawhide(27) | Fixed upstream | |
270 | Fix test_alpn_protocols from test_ssl | Python 2 and Python 3 in F26, Rawhide(27) | Fixed upstream | |
269 | Fix python's recompilation with common build commands when using PGO | Python 3 in Fedora 24 | Fixed upstream | |
268 | Set stream to None in case an _open() fails | Python in RHEL/CentOS 7.4 | Fixed upstream | |
267 | Make pip installable inside a new venv when using the --system-site-packages flag | Python 3 in Fedora 24-25 | Fixed upstream | |
266 | Make shutil.make_archive() to not ingore empty directories when creating a zip file | Python in RHEL/CentOS 7.4 | Fixed upstream | |
265 | Protect the key list during fork() | Python in RHEL/CentOS 7.4 | Reported upstream | |
264 | skip test_pass_by_value on aarch64 | Rawhide(F27) | Reported upstream | |
263 | Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c | Python in RHEL/CentOS 7.4 | Fixed upstream | |
262 | force C.UTF-8 when Python 3 is run under the C locale | Python 3 in Rawhide(26) | PEP 538 | |
261 | Use proper command line parsing in _testembed | Python 3 in F26 | Fixed upstream | |
260 | Fix setuptools issues from unbundling its dependencies | Python 3 in Rawhide(26) | Reported upstream | |
259 | Magic number workaround -- upstream issue 27286 | Python 3 in F24-f25 | Upstream commit 93602e3 (removed in 3.6) | |
258 | skip test_aead_aes_gcm as it fails with Kernel 4.9+ | Python 3 in F26 | Fixed upstream | |
257 | Workaround for wait timeouts when the system clock is set backwards (bz#1368076) | Python in RHEL/CentOS 7.4 | [] | |
256 | Fix Python's incorrect parsing of certain regular expressions | Python in RHEL/CentOS 7.4 | Fixed upstream | |
255 | Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs | Python in RHEL/CentOS 7.4 | Fixed upstream | |
254 | Fix error check, so that Random.seed actually uses OS randomness | Python 3 in F26 | Fixed upstream | |
253 | Define HAVE_LONG_LONG as 1. | Python 3 in F26 | Fixed upstream | |
252 | Add executable option to install.py command to make it work for entry_points | Python 2 and Python 3, reverted in F27, F26 | Reported upstream | |
251 | Make pip and distutils in user environment install into separate location | Python 3 in F27 | ||
250 | Don't blow up on EL7 kernel (random generator) RHBZ#1410175 | Python 3, python36, python35, python34 in F26 | Reported upstream | |
249 | Fix out of tree --with-dtrace builds | Python 3 in F26 | Fixed upstream | |
248 | Ensure gc tracking is off when invoking weakref callbacks | Python34 in EPEL | Fixed upstream | |
247 | Patch to port the ssl and hashlib module to OpenSSL 1.1.0. | Python 2 and Python 3 in F26 | Fixed upstream | |
246 | Backported the build-time check for the getrandom syscall from Python 3.5.2 | Python 3 in F24 | ||
245 | Skip stack overflow test on 64 bits | python33 | ||
244 | Skip SSL tests | python33 | ||
243 | Build properly on MIPS | python3 in F25, F26 | ||
242 | HTTPoxy CVE-2016-1000110 | Everywhere | Fixed upstream | |
241 | CVE-2016-5636 | python in F23, python3 in F23, F24, F25, F26, Python34 in EPEL7 | Fixed upstream (a b) | |
240 | Increase test_smtplib timeouts | Python in RHEL/CentOS 7.5 | Fixed upstream | |
239 | OpenSSL - "dh key too small" | EL (rh-python34-rhel-6) | Fixed upstream | |
238 | CVE-2016-5699 | python3 in Fedora 23, python34 in EPEL7 | Fixed upstream | |
237 | CVE-2016-0772 | Everywhere | Fixed upstream | |
231 | Reserved for cstratak | [] | ||
209 | Fix test breakage with Pyexpat v2.2.0 | Fedora | Fixed upstream | |
208 (py3) | Skip test that fails on ppc64 | Python 3 | ||
207 (py3) | Avoid incomplete _math.o with parallel builds | Python 3 | Closed upstream with different fix | |
206 (py3) | Remove hf flag from arm triplet (Debianism) | Python 3 | Looks like this might be combined with patch 5001 | |
205 (py3) | configure: Make libpl respect lib64 | Python 3 | ||
203 (py3) | Disable tests requiring signals (due to Koji behavior) | Python 3 | ||
201 (py3) | Memleak fix | Python 3 | Upstreamed, fragment of the patch remains | |
200 (py3) | Fix for gettext plural form headers | Python 3 | Upstream: bpo-36239 | |
196 (py3) | Test failure on ppc64le | Python 3 | ||
194 (py3) | Disable tests requiring SIGHUP (due to Koji bug) | Python 3 | ||
190 | gdb py-bt command fix | Python 2 (used to be 189 or 198 before F29) | Fixed upstream | |
189 (py3) | Use RPM-packaged wheels for ensurepip | Python 3 in f29+ | ||
Add Rewheel to ensurepip | Python 3 up to f28 | |||
188 | Hashlib test patch | Python 3 | Looks removable | |
186 | Don't raise from py_compile | Python 3 | Only a test remains in downstream patch | |
184 | Fixes build of ctypes against libffi with multilib wrapper | |||
180 | Enable ppc64p7 | As is, the patch is not appropriate upstream | ||
178 | Don't duplicate various FLAGS in sysconfig values | Python 3 | Reported, failed review | |
170 | Nicer C-level asserts in garbage collector | Python 3 | Reported, work needed to address review comments | |
168 | distutils cflags, RHBZ#849994 | Upstream bpo-36235 | ||
163 | Skip test with intermittent failure | |||
160 | Skip tests that require new kernel | |||
157 | uid/gid handling, RHBZ#697470 | Upstream bpo-36234 | ||
155 | SELinux/httpd/ctypes workaround, RHBZ#814391 | Fixed upstream (Python 3.8.0a1) | ||
153 | test_gdb fix | Fedora python2 | Fixed upstream (Python 2.7.14) | |
146 | Fixes for FIPS mode | Reported, stuck | ||
143 | Fix --with-tsc on ppc64 | Reported, stuck | ||
137 | Skip distutils tests that fail in rpmbuild | |||
132 | unittest._skipInRpmBuild | |||
111 | Disable static libpython | |||
103 | lib64-sysconfig | Python 2 | ||
102, 104 | s./usr/lib./usr/lib64. | |||
55 | Systemtap support | Reported, to be combined with DTrace, stalled | ||
1 (py3) | RPath | Python 3 | ||
1 (py2) | pydoc -g | Python 2 | ||
0 | Config | Python 2 | — |