From Fedora Project Wiki
(CVE-2024-9287) |
|||
(266 intermediate revisions by 13 users not shown) | |||
Line 1: | Line 1: | ||
= The Patches = | |||
{{admon/important|Patches on GitHub|Note that we use git to store the patches: https://github.com/fedora-python/cpython}} | |||
Note that | |||
Pushing patches upstream is tracked in the page: [[SIGs/Python/UpstreamPythonPatches|Upstream Python Patches]]. | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 24: | Line 11: | ||
! Where | ! Where | ||
! Upstream status | ! Upstream status | ||
|- | |||
| 443 || CVE-2024-9287 - Non-quoted paths in venv activation scripts || Python 3.6 in Fedora and RHEL || [https://github.com/python/cpython/issues/124651 Fixed upstream in 3.9+] | |||
|- | |||
| 442 || Require network resource in test_urllib2.HandlerTests.test_ftp_error || Python 3.14.0a1 in Fedora || [https://github.com/python/cpython/pull/125586 Fixed upstream] | |||
|- | |||
| 441 || Make vectorized versions of Blake2 available on x86, too || Python 3.14.0a1 in Fedora || [https://github.com/python/cpython/pull/125244 Open upstream] | |||
|- | |||
| 440 || Pass main_tstate to update_global_state_for_extension() || Python 3.13.0rc2 in Fedora || [https://github.com/python/cpython/pull/124164 Fixed upstream] | |||
|- | |||
| 439 || Handle an empty AST body when reporting tracebacks || Python 3.13.0rc2 in Fedora || [https://github.com/python/cpython/issues/122145 Fixed upstream] | |||
|- | |||
| 438 || Fix ThreadedVSOCKSocketStreamTest || Python 3.8 to 3.11 in Fedora || [https://github.com/python/cpython/pull/119465 Fixed upstream on 3.12+] | |||
|- | |||
| 437 || CVE-2024-6232 - Catastrophic backtracking in tarfile || Everywhere || [https://github.com/python/cpython/issues/121285 Fixed upstream] | |||
|- | |||
| 436 || CVE-2024-8088 - Sanitize names in zipfile.Path || Everywhere || [https://github.com/python/cpython/issues/122905 Fixed upstream] | |||
|- | |||
| 435 || CVE-2024-6923 - newlines in email headers || Everywhere || [https://github.com/python/cpython/issues/121650 Fixed upstream] | |||
|- | |||
| 434 || gh-122728: Fix SystemError in PyEval_GetLocals() || Python 3.13.0rc1 in Fedora || [https://github.com/python/cpython/pull/122735 Fixed upstream] | |||
|- | |||
| 433 || gh-122300: Preserve AST nodes for format specifiers with single elements || Python 3.13.0b4 in Fedora || [https://github.com/python/cpython/pull/122364 Fixed upstream] | |||
|- | |||
| 432 || gh-122014: Account with abi_thread in test_sysconfig.test_user_similar || Python 3.13.0b4 in Fedora || [https://github.com/python/cpython/pull/122017 Fixed upstream] | |||
|- | |||
| 431 || CVE-2024-4032 - incorrect IPv4 and IPv6 private ranges || Everywhere || [https://github.com/python/cpython/issues/113171 Fixed upstream] | |||
|- | |||
| 430 || Fix ~/.python_history emptying || Python 3.13.0b3 in Fedora || [https://github.com/python/cpython/pull/121255 Fixed upstream] | |||
|- | |||
| 429 || Fix JIT build race condition || Python 3.13.0b2 in Fedora || [https://github.com/python/cpython/pull/120690 Fixed upstream] | |||
|- | |||
| 428 || Fix PGO tests in free-threaded build || Python 3.13.0b1 in Fedora || [https://github.com/python/cpython/pull/118862 Fixed upstream] | |||
|- | |||
| 427 || CVE-2024-0450 || Python 3 in CentOS Stream 8 || [https://github.com/python/cpython/issues/109858 Fixed upstream in 3.8+] | |||
|- | |||
| 426 || CVE-2023-6597 || Python 3 in CentOS Stream 8 || [https://github.com/python/cpython/issues/91133 Fixed upstream in 3.8+] | |||
|- | |||
| 425 || Fix test_makefile_test_folders || Python 3.13.0a6, 3.12 in Fedora || [https://github.com/python/cpython/issues/117711 Fixed upstream] | |||
|- | |||
| 424 || Remove internal usage of @LIBPYTHON@ || Python 3.13.0a5 in Fedora || [https://github.com/python/cpython/pull/116746 Fixed upstream] | |||
|- | |||
| 423 || Add triplets for mips-r6 and riscv || Python 3.6 in Fedora || [https://github.com/python/cpython/pull/6655 Fixed upstream for 3.8+] | |||
|- | |||
| 422 || Fix tests for XMLPullParser with Expat 2.6.0 || Python 3.12 and older in Fedora || [https://github.com/python/cpython/issues/115133 Fixed upstream] | |||
|- | |||
| 421 || Fix crash involving exhausted list iterator || Python 3.13.0a4 in Fedora || [https://github.com/python/cpython/commit/520403ed4cdf4890d63403c9cf01ac63233f5ef4 Fixed upstream in main (3.13)] | |||
|- | |||
| 420 || Add again _PyCFunctionFastWithKeywords name || Python 3.13.0a4 in Fedora || [https://github.com/python/cpython/pull/115561 Fixed upstream in main (3.13)] | |||
|- | |||
| 419 || Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix || Python 3.10, 3.9, 3.8, 3.6 in Fedora || [https://github.com/python/cpython/pull/112771 Fixed upstream in 3.8+] | |||
|- | |||
| 418 || Remove generating sbom from make regen-all || Python 3.13.0a3+4 and 3.12.2 in Fedora || Downstream only | |||
|- | |||
| 417 || GCC 14 tkinter -Wincompatible-pointer-types || Python 2.7 in Fedora || Downstream only | |||
|- | |||
| 416 || Casting issue in Python 3.12 || unused at the end || | |||
|- | |||
| 415 || CVE-2023-27043 in email || Everywhere in Fedora and RHEL || [https://github.com/python/cpython/pull/111116 Fixed upstream in main (3.13)] | |||
|- | |||
| 414 || Backport of skip_on_s390x decorator || Python 3.6 in RHEL 8, Python 3.9 in RHEL 9 || [https://github.com/python/cpython/commit/9475dc0b8d2a0db40278bbcb88a89b1265a77ec9 Fixed upstream in 3.11.0a6] | |||
|- | |||
| 413 || CVE-2022-48564 || Python 3.6 in RHEL 8 || [https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 Fixed upstream in 3.6.13] | |||
|- | |||
| 412 || Include new dir test/regrtestdata in the installation || Python 3.11.7 in Fedora || [https://github.com/python/cpython/pull/112784 Fixed upstream in 3.11.8] | |||
|- | |||
| 411 || Intern Statically Allocated Strings Globally || Considered for Python 3.12.0 in Fedora, but was not shipped before 3.12.1 || [https://github.com/python/cpython/pull/110713 Fixed upstream in 3.12.1] | |||
|- | |||
| 410 || Fix implicit function declarations in configure || Python 3.6 and 2.7 in Fedora || [https://github.com/python/cpython/issues/86764 Fixed upstream in 3.8+] | |||
|- | |||
| 409 || Fix broken nice configure test (missing stdlib.h and unistd.h includes) || Python 3.6 in Fedora || [https://github.com/python/cpython/issues/57706 Fixed upstream in 3.7+] | |||
|- | |||
| 408 || CVE-2022-48560 || Python 3.6 and 2.7 in RHEL 8 || [https://github.com/python/cpython/issues/83602 Fixed upstream in 3.6.11+] | |||
|- | |||
| 407 || Fix implicit int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM || Python 2.7, 3.9, and 3.8 in Fedora || [https://github.com/python/cpython/issues/99086 Fixed upstream in 3.10+] | |||
|- | |||
|- | |||
| 406 || CVE-2022-48565 || Python 2.7 in Fedora and RHEL || Fixed upstream in 3.6+. | |||
|- | |||
|- | |||
| 405 || Fix C99 errors: declare functions || Python 2.7 in Fedora || Downstream only. | |||
|- | |||
|- | |||
| 404 || CVE-2023-40217 + fixups || Python in RHEL || [https://github.com/python/cpython/issues/108310 Fixed upstream in 3.8+] | |||
|- | |||
|- | |||
| 403 || Fix TLS version in tests of Python 2.7 to support OpenSSL 3.1 || Python 2.7 in Fedora || [https://github.com/python/cpython/pull/104811 Fixed upstream in 3.12.0b2+] | |||
|- | |||
|- | |||
| 402 || Add PyType_GetDict() || Python 3.12.0b3 in Fedora || [https://github.com/python/cpython/pull/105747 Proposed upstream] | |||
|- | |||
|- | |||
| 401 || Tests: Use setuptools+wheel from sysconfig.get_config_var('WHEEL_PKG_DIR') if set || Python 3.12.0b1 in Fedora || [https://github.com/python/cpython/pull/105056 Proposed upstream] | |||
|- | |||
| 400 || Revert removal of imp and find_module modules || Python 3.12.0b1 in Fedora || Downstream only | |||
|- | |||
| 399 || CVE-2023-24329 in urllib.parse || Everywhere || [https://github.com/python/cpython/commit/2f630e1ce18ad2e07428296532a68b11dc66ad10 Fixed upstream] | |||
|- | |||
|- | |||
| 398 || gh-103295: fix stack overwrite on 32-bit in perf map test harness || Python 3.12.0b1 in Fedora || [https://github.com/python/cpython/pull/104811 Fixed upstream in 3.12.0b2+] | |||
|- | |||
|- | |||
| 397 || CVE-2007-4559, PEP 706: Filter for tarfile.extractall || RHEL (TBD) || Not yet | |||
|- | |||
|- | |||
| 396 || gh-100160: Remove any deprecation warnings in asyncio.get_event_loop() || Python 3.11.1 in Fedora (and possibly RHEL) || [https://github.com/python/cpython/pull/100412 Fixed upstream in 3.11.2+] | |||
|- | |||
|- | |||
| 395 || GH-100133: fix asyncio subprocess losing stderr and stdout output || Python 3.11.1 in Fedora (and possibly RHEL) || [https://github.com/python/cpython/pull/100398 Fixed upstream in 3.11.2+] | |||
|- | |||
|- | |||
| 394 ||CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder || Python in RHEL || [https://github.com/python/cpython/issues/98433 Fixed upstream on 3.7+] | |||
|- | |||
|- | |||
| 393 || IDLE - fix buggy macosx patch (caused [https://bugzilla.redhat.com/show_bug.cgi?id=2142602 rhbz#2142602]) || Python 3.10.8 in Fedora || [https://github.com/python/cpython/commit/928b5f1bdeb4f9ab243ccfdf0aa0ca52839974f9 Fixed upstream] | |||
|- | |||
|- | |||
| 392 || CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation || Python 3.6 in Fedora || [https://github.com/python/cpython/issues/98517 Fixed upstream on 3.7+] | |||
|- | |||
|- | |||
| 391 || CVE-2022-42919 - local privilege escalation via the multiprocessing forkserver start method || Python 3.9+ in Fedora and RHEL 8/9 || [https://github.com/python/cpython/issues/97514 Fixed upstream] | |||
|- | |||
|- | |||
| 390 || Fix make regen-test-levenshtein for out-of-tree builds || Python 3.12.0a1 in Fedora || [https://github.com/python/cpython/pull/98779 Proposed upstream] | |||
|- | |||
|- | |||
| 389 || Don't let --with-system-libmpdec / --with-system-expat use the vendored headers || Python 3.12.0a1 in Fedora || [https://github.com/python/cpython/pull/98711 Proposed upstream] | |||
|- | |||
|- | |||
| 388 || gzip/zlib buffer size on s390x - [https://bugzilla.redhat.com/show_bug.cgi?id=2131172 RHBZ#2131172] || Python 3.6-3.10 in RHEL (TBD) || No | |||
|- | |||
|- | |||
| 387 || CVE-2020-10735: large int DoS || Python 2.7/3.6 in Fedora/RHEL || [https://github.com/python/cpython/pull/96499 Fixed upstream in 3.7+] | |||
|- | |||
|- | |||
| 386 || CVE-2021-28861: open redirection in http.server || Python 3.6 in Fedora and 3.6+ in RHEL || [https://github.com/python/cpython/pull/93879 Fixed upstream in 3.7+] | |||
|- | |||
|- | |||
| 385 || Revert "bpo-23689: re module, fix memory leak..." to fix re slowdown || Python 3.11.0b3 in Fedora || [https://github.com/python/cpython/pull/93928 Reverted upstream] | |||
|- | |||
|- | |||
| 384 || Clear and reset sqlite3 statements properly in cursor iternext || Python 3.11.0b3 in Fedora || [https://github.com/python/cpython/pull/94042 Fixed upstream] | |||
|- | |||
|- | |||
| 383 || PyTuple_SET_ITEM fails to compile in C++ source || Python 3.11.0b3 in Fedora || [https://github.com/python/cpython/issues/93442 Fixed upstream] | |||
|- | |||
|- | |||
| 382 || CVE-2015-20107 || Fedora and RHEL || [https://github.com/python/cpython/commit/b9509ba7a9c668b984dab876c7926fe1dc5aa0ba Fixed upstream] | |||
|- | |||
|- | |||
| 381 || Ensure that AST nodes without explicit end positions can be compiled || Fedora python3.11 b2 || https://github.com/pytest-dev/pytest/issues/10008 | |||
|- | |||
| 380 || Update SSL certs || RHEL || fixed upstream [https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7 here] and [https://github.com/python/cpython/commit/1f34aece28d143edb94ca202e661364ca394dc8c here] | |||
|- | |||
| 379 || Fix OpenSSL version check for 3.0.1 || Fedora python3.8 || [https://github.com/python/cpython/commit/a9b3edb66f2976a5895b6399ee905ac2f27718ac commit] | |||
|- | |||
|- | |||
| 378 || Fix expat test suite || Fedora python2.7, python3.6+ || [https://bugs.python.org/issue46811 Fixed upstream] | |||
|- | |||
|- | |||
| 377 || CVE-2022-0391 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue43882 Fixed upstream] | |||
|- | |||
|- | |||
| 376|| Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ || python3.10 || [https://github.com/python/cpython/commit/4371fbd4328781496f5f2c6938c4d9a84049b187 commit] | |||
|- | |||
|- | |||
| 375|| Fix test to enable build in i686 || python2.7, 3.6 || Downstream only | |||
|- | |||
|- | |||
| 374|| Fix asyncio initialisation guard || python3.10 || [https://github.com/python/cpython/commit/9d18045804f6db8224be14f7a618b77977f90144 commit] | |||
|- | |||
|- | |||
| 373|| Revert "bpo-40521: Per-interpreter interned strings || python3.10 || [https://github.com/python/cpython/commit/72c260cf0c71eb01eb13100b751e9d5007d00b70 commit] | |||
|- | |||
|- | |||
| 372|| CVE-2021-4189 || RHEL, Fedora (Py 2) | [https://bugs.python.org/issue43285 Fixed upstream] | |||
| | |||
|- | |||
|- | |||
| 371|| Revert Fix threading._shutdown() for the main thread || python3.9+ | [https://github.com/python/cpython/commit/94d19f606fa18a1c4d2faca1caf2f470a8ce6d46 commit] | |||
|- | |||
|- | |||
| 370|| Use monotonic clock for the GIL || RHEL | [https://bugs.python.org/issue12822 Fixed upstream] | |||
| | |||
|- | |||
|- | |||
| 369|| Change shouldRollover() methods to only rollover regular files || RHEL | [https://bugs.python.org/issue45401 Fixed upstream] | |||
| | |||
|- | |||
| 368 || CVE-2021-3737 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue44022 Fixed upstream] | |||
|- | |||
|- | |||
| 367 || sysconfig's posix_user scheme has different platlib value to distutils's unix_user || Python3.10.0rc2 || [https://bugs.python.org/issue45136 Fix merged, will be in Python 3.10.0 final] | |||
|- | |||
|- | |||
| 366 || CVE-2021-3733 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue43075 Fixed upstream] | |||
|- | |||
|- | |||
| 365 || CVE-2021-29921 || RHEL || [https://bugs.python.org/issue36384 Fixed upstream] | |||
|- | |||
|- | |||
| 364 || Don't call PyThread_exit_thread || RHEL || [https://bugs.python.org/issue44434 Fixed upstream] | |||
|- | |||
| 363 || Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index || Python 3.10.0b3 || [https://bugs.python.org/issue44451 Proposed upstream] | |||
|- | |||
| 362 || Reentrant threading.enumerate() call || RHEL || [https://bugs.python.org/issue44422 Fixed upstream] | |||
|- | |||
| 361|| OpenSSL 3.0.0 compatibility || RHEL and python2.7 in Fedora | |||
| | |||
|- | |||
| 360|| CVE-2021-3426 || RHEL | [https://bugs.python.org/issue42988 Fixed upstream] | |||
| | |||
|- | |||
| 359 || CVE-2021-23336 || RHEL | |||
| [https://bugs.python.org/issue42967 Fixed upstream] | |||
|- | |||
| 358 || Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms || Python 3.6 and below in Fedora | |||
| [https://bugs.python.org/issue27987 Fixed upstream] | |||
|- | |||
| 357 || CVE-2021-3177 || Python 3.8 and 3.9 in Fedora | |||
| [https://bugs.python.org/issue42938 issue with links to PRs] | |||
|- | |||
| 356|| Backport of `-ka` options for `pathfix.py` || Python 3 in RHEL 8 only | |||
| [https://github.com/python/cpython/commit/c71c54c62600fd721baed3c96709e3d6e9c33817 commit] | |||
|- | |||
| 355|| CVE-2020-27619 || RHEL | [https://bugs.python.org/issue41944 Fixed upstream] | |||
| | |||
|- | |||
| 354 || CVE-2020-26116 - HTTP request method CRLF injection in httplib || Python 2.7, 3.4 | |||
| [https://bugs.python.org/issue39603 Fixed upstream in 3.5+] | |||
|- | |||
| 353 || Alternative architectures' names || All supported Pythons in Fedora/RHEL | |||
| Downstream only | |||
|- | |||
| 352 || CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes ([https://bugs.python.org/issue41004 bpo-41004]) || | |||
| Slated for python3.9 b5 & all maintained releases (3.5+) | |||
|- | |||
| 351 || CVE-2019-20907 Fix infinite loop in the tarfile module ([https://bugs.python.org/issue39017 bpo-39017]) || | |||
| Slated for python3.9 b5 & all maintained releases (3.5+) | |||
|- | |||
| 350 || Fix SQLite tests ([https://bugs.python.org/issue40784 bpo-40784]) || python3.9 | |||
| Slated for python3.9 b2, python3.8 | |||
|- | |||
| 349 || fix tp_traverse visiting Py_TYPE(self) ([https://bugs.python.org/issue40217 bpo-40217], PySide2 bug) || python3.9 b1 | |||
| Slated for python3.9 b2 | |||
|- | |||
| 348|| never enable lchmod on Linux || python35 | |||
| bacport of [https://github.com/python/cpython/commit/40caa05fa4d1810a1a6bfc34e0ec930c351089b7 commit], upstream is doing only security fixes for python35 | |||
|- | |||
| 347|| Reserved for [[User:lbalhar|lbalhar]] || SCL7 | |||
| fixed in 3.9 | |||
|- | |||
| 346|| CVE-2020-8492 || | |||
| [] | |||
|- | |||
| 345|| test_site fixes || | |||
| [] | |||
|- | |||
| 344|| CVE-2019-16935 || | |||
| [] | |||
|- | |||
| 343 || faulthandler fix for GCC 10 || python34, 35 and 36 | |||
| [https://bugs.python.org/issue38965 fixed upstream] | |||
|- | |||
| 342|| Reserved for [[User:torsava|torsava]] || SCL7 | |||
| Downstream only | |||
|- | |||
| 341|| bpo39460 backport || python39 | |||
| fixed on master, will be in 3.9.0a4 | |||
|- | |||
| 340|| bpo39459 backport || python39 | |||
| fixed on master, will be in 3.9.0a4 | |||
|- | |||
| 339|| bpo16575 backport || python3 (3.7, 3.8) | |||
| fixed in git, will be in 3.7.7, 3.8.2. | |||
|- | |||
| 338|| test_gdb fixes for LTO || | |||
| [] | |||
|- | |||
| 337|| Reserved for [[User:torsava|torsava]] || | |||
| [] | |||
|- | |||
|- | |||
| 336|| Fix invocation of pip 19+ in a Python test || python3 in Fedora, EL | |||
| Downstream only | |||
|- | |||
| 335|| Add options to keep/add flags to pathfix || python3 in Fedora | |||
|[https://bugs.python.org/issue37064 Fixed upstream] | |||
|- | |||
| 334|| Fix faulthandler.register(chain=True) stack || python3 in RHEL7 | |||
|[https://bugs.python.org/issue21131 Fixed upstream] | |||
|- | |||
| 333|| Reduce the number of tests run during PGO || python3 in RHEL8 | |||
|[https://bugs.python.org/issue36044 Fixed upstream] | |||
|- | |||
| 332|| CVE-2019-16056 || python and python3 in RHEL7 | |||
|[https://bugs.python.org/issue34155 Fixed upstream] | |||
|- | |||
| 331|| Fix StructUnionType_paramfunc() || python 3.8.0b4 ||[https://bugs.python.org/issue37140 Fixed upstream] | |||
|- | |||
| 330|| CVE-2018-20852 || python and python3 in RHEL7 | |||
|[https://bugs.python.org/issue35121 Fixed upstream] | |||
|- | |||
| 329|| Support OpenSSL FIPS mode || python3 in RHEL8 | |||
| Downstream only, [https://bugs.python.org/issue9216 partially upstream] | |||
|- | |||
| 328|| Restore to TIMESTAMP invalidation mode as default in rpmbubild || python3, python38 ||[https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57#comment-27426 Downstream only] | |||
|- | |||
| 327|| Enable TLS 1.3 post-handshake authentication in http.client || python3 on RHEL8 | |||
|[https://bugs.python.org/issue37440 Fixed upstream] | |||
|- | |||
| 326|| On TLS 1.3 Don't set the post-handshake authentication verify flag on client side || python3 on RHEL8 | |||
|[https://bugs.python.org/issue37428 Fixed upstream] | |||
|- | |||
| 325|| CVE-2019-9948 || pythons in RHEL7 and RHEL8 | |||
|[https://bugs.python.org/issue35907 Fixed upstream] | |||
|- | |||
| 324|| CVE-2019-9740, CVE-2019-9947 fix || python3 ||[https://bugs.python.org/issue30458 Fixed upstream] | |||
|- | |||
| 323|| Coverity scan fixes || python2 and python3 in RHEL8 | |||
|Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680 | |||
|- | |||
| 322|| Skip test_ssl tests on OpenSSL 1.1.1 || Python 3.4 and 3.5 || [https://github.com/python/cpython/pull/12694 PR for Python 3.5] | |||
|- | |||
| 321|| OpenSSL 1.1.1 support for Python 3.4 || Python 3.4 in Fedora || [https://github.com/python/cpython/pull/12211 Rejected upstream] and 3.4 reached EOL | |||
|- | |||
| 320|| CVE-2019-9636 and CVE-2019-10160 (regression of the first one) || Python <=3.4 and 2.7 in Fedora and RHEL || [https://bugs.python.org/issue36216 Fixed upstream: bpo-36216] and [https://bugs.python.org/issue36742 bpo-36742] | |||
|- | |||
| 319|| Fix test_tarfile on ppc64 || Python 3.6 in RHEL8 || [https://bugs.python.org/issue35772 Fixed upstream: bpo-35772] | |||
|- | |||
| 318|| test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 || Python 3.6 in RHEL ||[https://bugs.python.org/issue33618 bpo-33618], [https://bugs.python.org/issue32947 bpo-32947] | |||
|- | |||
| 317|| CVE-2019-5010 fix || all CPythons ||[https://bugs.python.org/issue35746 Fixed upstream] | |||
|- | |||
| 316|| mark bdist_wininst as unsupported (for the tests) || python3 || | |||
|- | |||
| 315|| Fix FTBFS in test_email (mktime overflow) || python3 on F30+ ||[https://bugs.python.org/issue35317 Fixed upstream] | |||
|- | |||
| 314|| Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) || python in RHEL7 ||[https://bugs.python.org/issue25083 Fixed upstream] | |||
|- | |||
| 313|| Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) || python in RHEL7 ||[https://bugs.python.org/issue23420 Fixed upstream] | |||
|- | |||
| 312|| Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) || not used | |||
|downstream workaround | |||
|- | |||
| 311|| Fix test_dbm_gnu for gdbm 1.15 || python3 in Fedora | |||
|[https://bugs.python.org/issue33901 Fixed upstream] | |||
|- | |||
| 310 || CVE-2018-14647 || all cpythons | |||
|[https://bugs.python.org/issue34623 Fixed upstream] | |||
|- | |||
| 309 || CVE-2018-1000802 || python2 | |||
|[https://bugs.python.org/issue34540 Fixed upstream] | |||
|- | |||
| 308 || TLS 1.3 related upstream fixes || python3 and python36 in F29+ | |||
|[https://bugs.python.org/issue34399 Fixed] [https://bugs.python.org/issue34391 upstream] | |||
|- | |||
| 307 || Allow to call Py_Main() after Py_Initialize() || python3 in F29+ | |||
|[https://bugs.python.org/issue34008 Fixed upstream] | |||
|- | |||
| 306|| Fix OSERROR 17 upon semaphore creation || python in RHEL7 | |||
|[https://bugs.python.org/issue24303 Fixed upstream] | |||
|- | |||
| 305 || Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) || python in RHEL7 | |||
|[https://bugs.python.org/issue27850 Fixed upstream] | |||
|- | |||
| 304 || Pass os.environ to new process in test_posix::test_specify_environment || python37 | |||
|[https://bugs.python.org/issue33455 Fixed upstream] | |||
|- | |||
| 303 || CVE-2018-1060 and CVE-2018-1061 || python in RHEL7 | |||
|[https://bugs.python.org/issue32981 Fixed upstream] | |||
|- | |||
| 302 ||Fix multiprocessing regression on newer glibcs || 3.3-3.7 in F29+ | |||
|[https://bugs.python.org/issue33329 Fixed upstream] | |||
|- | |||
| 301 ||Tools/scripts/pathfix.py: Add -n option for no backup~ || python3 in F27+ | |||
|[https://bugs.python.org/issue32885 Fixed upstream] | |||
|- | |||
| 300 || Append the collection's name to Python's shared library file name || Python Software Collections | |||
| Downstream only | |||
|- | |||
| 299 ||Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) || python2 in F26+ | |||
|[https://bugs.python.org/issue32185 Fixed upstream] | |||
|- | |||
| 298 ||Do not send IP addresses in SNI TLS extension || python2 and python3 in F26+ | |||
|[https://bugs.python.org/issue32185 Fixed upstream] | |||
|- | |||
| 297 || Fix -Wint-in-bool-context warnings - [https://bugs.python.org/issue31474 issue31474] || Python 2.7.14 | |||
|To be fixed in 2.7.15 | |||
|- | |||
| 296 || Re-add the private `_set_hostport` api to httplib || Python in RHEL/CentOS 7.5 | |||
|downstream only | |||
|- | |||
| 295 || Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port || Python in RHEL/CentOS 7.5 | |||
|Fixed upstream ([https://bugs.python.org/issue7776 a] [https://bugs.python.org/issue22095 b] [https://bugs.python.org/issue23300 c])] | |||
|- | |||
| 294 || Define TLS cipher suite on build time|| Python 3 on F28+ | |||
|[https://bugs.python.org/issue31429 Fixed upstream] | |||
|- | |||
| 293 || Fix for GC info alignment issue -- [https://bugzilla.redhat.com/show_bug.cgi?id=1540316 bug 1540316] || python2 in F28+ | |||
|[https://bugs.python.org/issue33374 Fixed upstream] | |||
|- | |||
| 292 || Restore the public PyExc_RecursionErrorInst symbol || Python 3 in F26+ | |||
|[https://bugs.python.org/issue30697 Reported upstream ] | |||
|- | |||
| 291 || Fix undefined references to dlopen / dlsym when using strict symbol checks || Python 3 in F28+ | |||
|[https://bugs.python.org/issue32647 Fixed upstream] | |||
|- | |||
| 290 || Fix a segfault with test_crypt when using libxcrypt instead of libcrypt || Python 3 in F28+ | |||
|[https://bugs.python.org/issue32635 Fixed upstream] | |||
|- | |||
| 289 || make nis module build with new glibc || python3 in F28+, python37; python2 in F28+ | |||
|[] | |||
|- | |||
| 288 || See [[User:Pviktori/Avoid_usr_bin_python_in_RPM_Build]] || python2 in F28+ (not yet) | |||
|downstream only | |||
|- | |||
| 287 || Fix hanging of all threads when trying to access an inaccessible NFS server. || Python in RHEL/CentOS 7.5 | |||
|[https://bugs.python.org/issue32186 Fixed upstream] | |||
|- | |||
| 286 || CVE-2017-1000158 || python in F25, python3 in F25, python26,33..35 | |||
|[https://bugs.python.org/issue30657 Fixed upstream] | |||
|- | |||
| 285 || fix nondeterministic read in test_pty || python2 in Rawhide(28), F27, F26 | |||
|[https://bugs.python.org/issue31158 Fixed upstream] | |||
|- | |||
| 284 || add PYTHONSHOWREFCOUNT environment variable || python2 in Rawhide(28), F27, F26 | |||
|[https://bugs.python.org/issue31733 Fixed upstream] | |||
|- | |||
| 283 || COUNT_ALLOCS tests fixes || Python 2 in Rawhide (28) | |||
|[https://bugs.python.org/issue31692 Fixed upstream] | |||
|- | |||
| 282 ||Make it more likely for the system allocator to release free()d memory arenas || Python in RHEL/CentOS 7.5 | |||
|[https://bugs.python.org/issue20494 Fixed upstream] | |||
|- | |||
| 281 || Add context parameter to xmlrpclib.ServerProxy || Python in RHEL/CentOS 7.5 | |||
|[https://bugs.python.org/issue22960 Fixed upstream] | |||
|- | |||
| 280 || Fix `test_regrtest.test_crashed` on s390x || Python 2 in Rawhide (28) | |||
|[https://bugs.python.org/issue31719 Fixed upstream] | |||
|- | |||
| 279 || Fix memory corruption due to allocator mix || Python 3 in Rawhide (28), F27, F26, F25 | |||
|[https://bugs.python.org/issue31532 Fixed upstream] | |||
|- | |||
| 278 || Skip failing test_sha256 from test_socket on linux kernels < 4.5 || python36 | |||
|[https://bugs.python.org/issue31705 Fixed upstream] | |||
|- | |||
| 277 || Fix hanging tests from test_subprocess || Python 3 in Rawhide (28), F27, F26 | |||
|[https://bugs.python.org/issue31178 Fixed upstream] | |||
|- | |||
| 276 || Increase imaplib's MAXLINE to accommodate modern mailbox sizes. || Python in RHEL/CentOS 7.5 | |||
|[https://bugs.python.org/issue23647 Fixed upstream] | |||
|- | |||
| 275 || Fix fcntl() with integer argument on 64-bit big-endian platforms. || Python in RHEL/CentOS 7.5 | |||
|[https://bugs.python.org/issue22821 Fixed upstream] | |||
|- | |||
| 274 || Architecture naming adjustments || Python 3 in Rawhide(28) | |||
|[] | |||
|- | |||
| 273 || Skip test_float_with_comma ([https://bugzilla.redhat.com/show_bug.cgi?id=1484497 bz#1484497]) || Python 3 in F27, Rawhide(28) | |||
|[] | |||
|- | |||
| 272 || Reject newline characters in ftplib.FTP.putline() ([https://bugzilla.redhat.com/show_bug.cgi?id=1478916 bz#1478916]) || Python 3 in F26, Rawhide(27) | |||
|[http://bugs.python.org/issue30119 Fixed upstream] | |||
|- | |||
| 271 || Make test_asyncio to not depend on the current signal handler || Python 3 in F26, Rawhide(27) | |||
|[http://bugs.python.org/issue31034 Fixed upstream] | |||
|- | |||
| 270 || Fix test_alpn_protocols from test_ssl || Python 2 and Python 3 in F26, Rawhide(27) | |||
|[http://bugs.python.org/issue30714 Fixed upstream] | |||
|- | |||
| 269 || Fix python's recompilation with common build commands when using PGO || Python 3 in Fedora 24 | |||
|[http://bugs.python.org/issue29243 Fixed upstream] | |||
|- | |||
| 268 ||Set stream to None in case an _open() fails || Python in RHEL/CentOS 7.4 | |||
|[https://bugs.python.org/issue21742 Fixed upstream] | |||
|- | |||
| 267 || Make pip installable inside a new venv when using the --system-site-packages flag || Python 3 in Fedora 24-25 | |||
|[https://bugs.python.org/issue24875 Fixed upstream] | |||
|- | |||
| 266 || Make shutil.make_archive() to not ingore empty directories when creating a zip file || Python in RHEL/CentOS 7.4 | |||
|[https://bugs.python.org/issue24982 Fixed upstream] | |||
|- | |||
| 265 || Protect the key list during fork() || Python in RHEL/CentOS 7.4 | |||
|[http://bugs.python.org/issue29640 Reported upstream] | |||
|- | |||
| 264 ||skip test_pass_by_value on aarch64 || Rawhide(F27) | |||
|[http://bugs.python.org/issue29804 Reported upstream] | |||
|- | |- | ||
| | | 263 || Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c || Python in RHEL/CentOS 7.4 | ||
|[] | |[http://bugs.python.org/issue27267 Fixed upstream] | ||
|- | |- | ||
| | | 262 || [https://bugzilla.redhat.com/show_bug.cgi?id=1404918 force C.UTF-8 when Python 3 is run under the C locale] || Python 3 in Rawhide(26) | ||
|[https://www.python.org/dev/peps/pep-0538/ PEP 538] | |[https://www.python.org/dev/peps/pep-0538/ PEP 538] | ||
|- | |- | ||
| 260 || Fix setuptools issues from unbundling its dependencies || Python 3 in | | 261 || Use proper command line parsing in _testembed || Python 3 in F26 | ||
|[ | |[https://bugs.python.org/issue24932 Fixed upstream] | ||
|- | |||
| 260 || Fix setuptools issues from unbundling its dependencies || Python 3 in Rawhide(26) | |||
|[https://bugs.python.org/issue29523 Reported upstream] | |||
|- | |- | ||
| 259 || | | 259 || Magic number workaround -- [http://bugs.python.org/issue27286 upstream issue 27286] || Python 3 in F24-f25 | ||
|[] | |[https://github.com/python/cpython/commit/93602e3af70d3b9f98ae2da654b16b3382b68d50 Upstream commit 93602e3] (removed in 3.6) | ||
|- | |- | ||
| 258 || skip test_aead_aes_gcm as it fails with Kernel 4.9+|| Python 3 in F26 | | 258 || skip test_aead_aes_gcm as it fails with Kernel 4.9+|| Python 3 in F26 | ||
|[http://bugs.python.org/issue29324 | |[http://bugs.python.org/issue29324 Fixed upstream] | ||
|- | |- | ||
| 257 || | | 257 || Workaround for wait timeouts when the system clock is set backwards ([https://bugzilla.redhat.com/show_bug.cgi?id=1368076 bz#1368076]) || Python in RHEL/CentOS 7.4 | ||
|[] | |[] | ||
|- | |- | ||
| 256 || | | 256 || Fix Python's incorrect parsing of certain regular expressions || Python in RHEL/CentOS 7.4 | ||
|[] | |[https://bugs.python.org/issue18647 Fixed upstream] | ||
|- | |- | ||
| 255 || | | 255 || Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs || Python in RHEL/CentOS 7.4 | ||
|[] | |[https://bugs.python.org/issue27691 Fixed upstream] | ||
|- | |- | ||
| 254 || Fix error check, so that Random.seed actually uses OS randomness || Python 3 in F26 | | 254 || Fix error check, so that Random.seed actually uses OS randomness || Python 3 in F26 | ||
Line 56: | Line 533: | ||
|[https://hg.python.org/cpython/rev/fad67c66885f Fixed upstream] | |[https://hg.python.org/cpython/rev/fad67c66885f Fixed upstream] | ||
|- | |- | ||
| 252 || Add executable option to install.py command to make it work for entry_points || Python 2 and Python 3 in F26 | | 252 || Add executable option to install.py command to make it work for entry_points || Python 2 and Python 3, reverted in F27, F26 | ||
|[http://bugs.python.org/issue29411 Reported upstream] | |[http://bugs.python.org/issue29411 Reported upstream] | ||
|- | |- | ||
| 251 || | | 251 || Make pip and distutils in user environment install into separate location || Python 3 in F27 | ||
| | | | ||
|- | |- | ||
Line 66: | Line 543: | ||
|- | |- | ||
| 249 || Fix out of tree --with-dtrace builds || Python 3 in F26 | | 249 || Fix out of tree --with-dtrace builds || Python 3 in F26 | ||
|[http://bugs.python.org/issue28787 | |[http://bugs.python.org/issue28787 Fixed upstream] | ||
|- | |- | ||
| 248 || Ensure gc tracking is off when invoking weakref callbacks || Python34 in EPEL | | 248 || Ensure gc tracking is off when invoking weakref callbacks || Python34 in EPEL | ||
Line 88: | Line 565: | ||
| Fixed upstream ([https://hg.python.org/cpython/rev/985fc64c60d6/ a] [https://hg.python.org/cpython/rev/2edbdb79cd6d b]) | | Fixed upstream ([https://hg.python.org/cpython/rev/985fc64c60d6/ a] [https://hg.python.org/cpython/rev/2edbdb79cd6d b]) | ||
|- | |- | ||
| 240 || | | 240 || Increase test_smtplib timeouts || Python in RHEL/CentOS 7.5 | ||
| [https://github.com/python/cpython/commit/1122236c89770466c629aa0f0b0de2b2731b82ee Fixed upstream] | |||
|- | |- | ||
| 239 || OpenSSL - "dh key too small" || EL (rh-python34-rhel-6) || [https://bugs.python.org/issue24985 Fixed upstream] | | 239 || OpenSSL - "dh key too small" || EL (rh-python34-rhel-6) || [https://bugs.python.org/issue24985 Fixed upstream] | ||
Line 97: | Line 575: | ||
| 237 || CVE-2016-0772 || Everywhere | | 237 || CVE-2016-0772 || Everywhere | ||
| [http://bugs.python.org/issue20770 Fixed upstream] | | [http://bugs.python.org/issue20770 Fixed upstream] | ||
|- | |||
| 231|| Reserved for [[User:cstratak|cstratak]] || | |||
|[] | |||
|- | |- | ||
| 209 || Fix test breakage with Pyexpat v2.2.0 || Fedora | | 209 || Fix test breakage with Pyexpat v2.2.0 || Fedora | ||
Line 116: | Line 597: | ||
| [http://bugs.python.org/issue18404 Upstreamed], fragment of the patch remains | | [http://bugs.python.org/issue18404 Upstreamed], fragment of the patch remains | ||
|- | |- | ||
| 200 (py3) || Fix for gettext plural form headers || Python 3 | | 200 (py3) || Fix for gettext plural form headers || Python 3 || [https://bugs.python.org/issue36239 Upstream: bpo-36239] | ||
|- | |- | ||
| 196 (py3) || Test failure on ppc64le || Python 3 | | 196 (py3) || Test failure on ppc64le || Python 3 | ||
Line 122: | Line 603: | ||
| 194 (py3) || Disable tests requiring SIGHUP (due to [https://fedorahosted.org/koji/ticket/270 Koji bug]) || Python 3 | | 194 (py3) || Disable tests requiring SIGHUP (due to [https://fedorahosted.org/koji/ticket/270 Koji bug]) || Python 3 | ||
|- | |- | ||
| 189 (py3) || Add Rewheel to ensurepip || Python 3 | | 190 || gdb py-bt command fix || Python 2 (used to be 189 or 198 before F29) | ||
| [https://bugs.python.org/issue34989 Fixed upstream] | |||
|- | |||
|rowspan="2"| 189 (py3) || Use RPM-packaged wheels for ensurepip || Python 3 in f29+ | |||
|- | |||
| Add Rewheel to ensurepip || Python 3 up to f28 | |||
|- | |- | ||
| 188 || Hashlib test patch || Python 3 | | 188 || Hashlib test patch || Python 3 | ||
Line 140: | Line 626: | ||
| 170 || Nicer C-level asserts in garbage collector || Python 3 | | 170 || Nicer C-level asserts in garbage collector || Python 3 | ||
| [http://bugs.python.org/issue9263 Reported], work needed to address review comments | | [http://bugs.python.org/issue9263 Reported], work needed to address review comments | ||
|- | |||
| 168 || distutils cflags, [https://bugzilla.redhat.com/show_bug.cgi?id=849994 RHBZ#849994] || || [https://bugs.python.org/issue36235 Upstream bpo-36235] | |||
|- | |- | ||
| 163 || Skip test with intermittent failure || | | 163 || Skip test with intermittent failure || | ||
Line 145: | Line 633: | ||
| 160 || Skip tests that require new kernel || | | 160 || Skip tests that require new kernel || | ||
|- | |- | ||
| 157 || uid/gid handling, [https://bugzilla.redhat.com/show_bug.cgi?id=697470 RHBZ#697470] || || | | 157 || uid/gid handling, [https://bugzilla.redhat.com/show_bug.cgi?id=697470 RHBZ#697470] || || [https://bugs.python.org/issue36234 Upstream bpo-36234] | ||
|- | |||
| 155 || SELinux/httpd/ctypes workaround, [https://bugzilla.redhat.com/show_bug.cgi?id=814391 RHBZ#814391] || || [https://bugs.python.org/issue35523 Fixed upstream (Python 3.8.0a1)] | |||
|- | |- | ||
| | | 153 || test_gdb fix || Fedora python2 || [https://github.com/python/cpython/commit/8420cd29053106f97b7d27dcc288882ffea3c1c5 Fixed upstream (Python 2.7.14)] | ||
|- | |- | ||
| 146 || Fixes for FIPS mode || || [http://bugs.python.org/issue9216 Reported], stuck | | 146 || Fixes for FIPS mode || || [http://bugs.python.org/issue9216 Reported], stuck |
Latest revision as of 06:58, 4 November 2024
The Patches
Pushing patches upstream is tracked in the page: Upstream Python Patches.
Patch No. | Patch description | Where | Upstream status |
---|---|---|---|
443 | CVE-2024-9287 - Non-quoted paths in venv activation scripts | Python 3.6 in Fedora and RHEL | Fixed upstream in 3.9+ |
442 | Require network resource in test_urllib2.HandlerTests.test_ftp_error | Python 3.14.0a1 in Fedora | Fixed upstream |
441 | Make vectorized versions of Blake2 available on x86, too | Python 3.14.0a1 in Fedora | Open upstream |
440 | Pass main_tstate to update_global_state_for_extension() | Python 3.13.0rc2 in Fedora | Fixed upstream |
439 | Handle an empty AST body when reporting tracebacks | Python 3.13.0rc2 in Fedora | Fixed upstream |
438 | Fix ThreadedVSOCKSocketStreamTest | Python 3.8 to 3.11 in Fedora | Fixed upstream on 3.12+ |
437 | CVE-2024-6232 - Catastrophic backtracking in tarfile | Everywhere | Fixed upstream |
436 | CVE-2024-8088 - Sanitize names in zipfile.Path | Everywhere | Fixed upstream |
435 | CVE-2024-6923 - newlines in email headers | Everywhere | Fixed upstream |
434 | gh-122728: Fix SystemError in PyEval_GetLocals() | Python 3.13.0rc1 in Fedora | Fixed upstream |
433 | gh-122300: Preserve AST nodes for format specifiers with single elements | Python 3.13.0b4 in Fedora | Fixed upstream |
432 | gh-122014: Account with abi_thread in test_sysconfig.test_user_similar | Python 3.13.0b4 in Fedora | Fixed upstream |
431 | CVE-2024-4032 - incorrect IPv4 and IPv6 private ranges | Everywhere | Fixed upstream |
430 | Fix ~/.python_history emptying | Python 3.13.0b3 in Fedora | Fixed upstream |
429 | Fix JIT build race condition | Python 3.13.0b2 in Fedora | Fixed upstream |
428 | Fix PGO tests in free-threaded build | Python 3.13.0b1 in Fedora | Fixed upstream |
427 | CVE-2024-0450 | Python 3 in CentOS Stream 8 | Fixed upstream in 3.8+ |
426 | CVE-2023-6597 | Python 3 in CentOS Stream 8 | Fixed upstream in 3.8+ |
425 | Fix test_makefile_test_folders | Python 3.13.0a6, 3.12 in Fedora | Fixed upstream |
424 | Remove internal usage of @LIBPYTHON@ | Python 3.13.0a5 in Fedora | Fixed upstream |
423 | Add triplets for mips-r6 and riscv | Python 3.6 in Fedora | Fixed upstream for 3.8+ |
422 | Fix tests for XMLPullParser with Expat 2.6.0 | Python 3.12 and older in Fedora | Fixed upstream |
421 | Fix crash involving exhausted list iterator | Python 3.13.0a4 in Fedora | Fixed upstream in main (3.13) |
420 | Add again _PyCFunctionFastWithKeywords name | Python 3.13.0a4 in Fedora | Fixed upstream in main (3.13) |
419 | Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix | Python 3.10, 3.9, 3.8, 3.6 in Fedora | Fixed upstream in 3.8+ |
418 | Remove generating sbom from make regen-all | Python 3.13.0a3+4 and 3.12.2 in Fedora | Downstream only |
417 | GCC 14 tkinter -Wincompatible-pointer-types | Python 2.7 in Fedora | Downstream only |
416 | Casting issue in Python 3.12 | unused at the end | |
415 | CVE-2023-27043 in email | Everywhere in Fedora and RHEL | Fixed upstream in main (3.13) |
414 | Backport of skip_on_s390x decorator | Python 3.6 in RHEL 8, Python 3.9 in RHEL 9 | Fixed upstream in 3.11.0a6 |
413 | CVE-2022-48564 | Python 3.6 in RHEL 8 | Fixed upstream in 3.6.13 |
412 | Include new dir test/regrtestdata in the installation | Python 3.11.7 in Fedora | Fixed upstream in 3.11.8 |
411 | Intern Statically Allocated Strings Globally | Considered for Python 3.12.0 in Fedora, but was not shipped before 3.12.1 | Fixed upstream in 3.12.1 |
410 | Fix implicit function declarations in configure | Python 3.6 and 2.7 in Fedora | Fixed upstream in 3.8+ |
409 | Fix broken nice configure test (missing stdlib.h and unistd.h includes) | Python 3.6 in Fedora | Fixed upstream in 3.7+ |
408 | CVE-2022-48560 | Python 3.6 and 2.7 in RHEL 8 | Fixed upstream in 3.6.11+ |
407 | Fix implicit int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM | Python 2.7, 3.9, and 3.8 in Fedora | Fixed upstream in 3.10+ |
406 | CVE-2022-48565 | Python 2.7 in Fedora and RHEL | Fixed upstream in 3.6+. |
405 | Fix C99 errors: declare functions | Python 2.7 in Fedora | Downstream only. |
404 | CVE-2023-40217 + fixups | Python in RHEL | Fixed upstream in 3.8+ |
403 | Fix TLS version in tests of Python 2.7 to support OpenSSL 3.1 | Python 2.7 in Fedora | Fixed upstream in 3.12.0b2+ |
402 | Add PyType_GetDict() | Python 3.12.0b3 in Fedora | Proposed upstream |
401 | Tests: Use setuptools+wheel from sysconfig.get_config_var('WHEEL_PKG_DIR') if set | Python 3.12.0b1 in Fedora | Proposed upstream |
400 | Revert removal of imp and find_module modules | Python 3.12.0b1 in Fedora | Downstream only |
399 | CVE-2023-24329 in urllib.parse | Everywhere | Fixed upstream |
398 | gh-103295: fix stack overwrite on 32-bit in perf map test harness | Python 3.12.0b1 in Fedora | Fixed upstream in 3.12.0b2+ |
397 | CVE-2007-4559, PEP 706: Filter for tarfile.extractall | RHEL (TBD) | Not yet |
396 | gh-100160: Remove any deprecation warnings in asyncio.get_event_loop() | Python 3.11.1 in Fedora (and possibly RHEL) | Fixed upstream in 3.11.2+ |
395 | GH-100133: fix asyncio subprocess losing stderr and stdout output | Python 3.11.1 in Fedora (and possibly RHEL) | Fixed upstream in 3.11.2+ |
394 | CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder | Python in RHEL | Fixed upstream on 3.7+ |
393 | IDLE - fix buggy macosx patch (caused rhbz#2142602) | Python 3.10.8 in Fedora | Fixed upstream |
392 | CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation | Python 3.6 in Fedora | Fixed upstream on 3.7+ |
391 | CVE-2022-42919 - local privilege escalation via the multiprocessing forkserver start method | Python 3.9+ in Fedora and RHEL 8/9 | Fixed upstream |
390 | Fix make regen-test-levenshtein for out-of-tree builds | Python 3.12.0a1 in Fedora | Proposed upstream |
389 | Don't let --with-system-libmpdec / --with-system-expat use the vendored headers | Python 3.12.0a1 in Fedora | Proposed upstream |
388 | gzip/zlib buffer size on s390x - RHBZ#2131172 | Python 3.6-3.10 in RHEL (TBD) | No |
387 | CVE-2020-10735: large int DoS | Python 2.7/3.6 in Fedora/RHEL | Fixed upstream in 3.7+ |
386 | CVE-2021-28861: open redirection in http.server | Python 3.6 in Fedora and 3.6+ in RHEL | Fixed upstream in 3.7+ |
385 | Revert "bpo-23689: re module, fix memory leak..." to fix re slowdown | Python 3.11.0b3 in Fedora | Reverted upstream |
384 | Clear and reset sqlite3 statements properly in cursor iternext | Python 3.11.0b3 in Fedora | Fixed upstream |
383 | PyTuple_SET_ITEM fails to compile in C++ source | Python 3.11.0b3 in Fedora | Fixed upstream |
382 | CVE-2015-20107 | Fedora and RHEL | Fixed upstream |
381 | Ensure that AST nodes without explicit end positions can be compiled | Fedora python3.11 b2 | https://github.com/pytest-dev/pytest/issues/10008 |
380 | Update SSL certs | RHEL | fixed upstream here and here |
379 | Fix OpenSSL version check for 3.0.1 | Fedora python3.8 | commit |
378 | Fix expat test suite | Fedora python2.7, python3.6+ | Fixed upstream |
377 | CVE-2022-0391 | RHEL, Fedora (Py 2) | Fixed upstream |
376 | Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ | python3.10 | commit |
375 | Fix test to enable build in i686 | python2.7, 3.6 | Downstream only |
374 | Fix asyncio initialisation guard | python3.10 | commit |
373 | Revert "bpo-40521: Per-interpreter interned strings | python3.10 | commit |
372 | CVE-2021-4189 | Fixed upstream | |
371 | Revert Fix threading._shutdown() for the main thread | commit | |
370 | Use monotonic clock for the GIL | Fixed upstream | |
369 | Change shouldRollover() methods to only rollover regular files | Fixed upstream | |
368 | CVE-2021-3737 | RHEL, Fedora (Py 2) | Fixed upstream |
367 | sysconfig's posix_user scheme has different platlib value to distutils's unix_user | Python3.10.0rc2 | Fix merged, will be in Python 3.10.0 final |
366 | CVE-2021-3733 | RHEL, Fedora (Py 2) | Fixed upstream |
365 | CVE-2021-29921 | RHEL | Fixed upstream |
364 | Don't call PyThread_exit_thread | RHEL | Fixed upstream |
363 | Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index | Python 3.10.0b3 | Proposed upstream |
362 | Reentrant threading.enumerate() call | RHEL | Fixed upstream |
361 | OpenSSL 3.0.0 compatibility | RHEL and python2.7 in Fedora | |
360 | CVE-2021-3426 | Fixed upstream | |
359 | CVE-2021-23336 | RHEL | Fixed upstream |
358 | Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms | Python 3.6 and below in Fedora | Fixed upstream |
357 | CVE-2021-3177 | Python 3.8 and 3.9 in Fedora | issue with links to PRs |
356 | Backport of -ka options for pathfix.py |
Python 3 in RHEL 8 only | commit |
355 | CVE-2020-27619 | Fixed upstream | |
354 | CVE-2020-26116 - HTTP request method CRLF injection in httplib | Python 2.7, 3.4 | Fixed upstream in 3.5+ |
353 | Alternative architectures' names | All supported Pythons in Fedora/RHEL | Downstream only |
352 | CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes (bpo-41004) | Slated for python3.9 b5 & all maintained releases (3.5+) | |
351 | CVE-2019-20907 Fix infinite loop in the tarfile module (bpo-39017) | Slated for python3.9 b5 & all maintained releases (3.5+) | |
350 | Fix SQLite tests (bpo-40784) | python3.9 | Slated for python3.9 b2, python3.8 |
349 | fix tp_traverse visiting Py_TYPE(self) (bpo-40217, PySide2 bug) | python3.9 b1 | Slated for python3.9 b2 |
348 | never enable lchmod on Linux | python35 | bacport of commit, upstream is doing only security fixes for python35 |
347 | Reserved for lbalhar | SCL7 | fixed in 3.9 |
346 | CVE-2020-8492 | [] | |
345 | test_site fixes | [] | |
344 | CVE-2019-16935 | [] | |
343 | faulthandler fix for GCC 10 | python34, 35 and 36 | fixed upstream |
342 | Reserved for torsava | SCL7 | Downstream only |
341 | bpo39460 backport | python39 | fixed on master, will be in 3.9.0a4 |
340 | bpo39459 backport | python39 | fixed on master, will be in 3.9.0a4 |
339 | bpo16575 backport | python3 (3.7, 3.8) | fixed in git, will be in 3.7.7, 3.8.2. |
338 | test_gdb fixes for LTO | [] | |
337 | Reserved for torsava | [] | |
336 | Fix invocation of pip 19+ in a Python test | python3 in Fedora, EL | Downstream only |
335 | Add options to keep/add flags to pathfix | python3 in Fedora | Fixed upstream |
334 | Fix faulthandler.register(chain=True) stack | python3 in RHEL7 | Fixed upstream |
333 | Reduce the number of tests run during PGO | python3 in RHEL8 | Fixed upstream |
332 | CVE-2019-16056 | python and python3 in RHEL7 | Fixed upstream |
331 | Fix StructUnionType_paramfunc() | python 3.8.0b4 | Fixed upstream |
330 | CVE-2018-20852 | python and python3 in RHEL7 | Fixed upstream |
329 | Support OpenSSL FIPS mode | python3 in RHEL8 | Downstream only, partially upstream |
328 | Restore to TIMESTAMP invalidation mode as default in rpmbubild | python3, python38 | Downstream only |
327 | Enable TLS 1.3 post-handshake authentication in http.client | python3 on RHEL8 | Fixed upstream |
326 | On TLS 1.3 Don't set the post-handshake authentication verify flag on client side | python3 on RHEL8 | Fixed upstream |
325 | CVE-2019-9948 | pythons in RHEL7 and RHEL8 | Fixed upstream |
324 | CVE-2019-9740, CVE-2019-9947 fix | python3 | Fixed upstream |
323 | Coverity scan fixes | python2 and python3 in RHEL8 | Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680 |
322 | Skip test_ssl tests on OpenSSL 1.1.1 | Python 3.4 and 3.5 | PR for Python 3.5 |
321 | OpenSSL 1.1.1 support for Python 3.4 | Python 3.4 in Fedora | Rejected upstream and 3.4 reached EOL |
320 | CVE-2019-9636 and CVE-2019-10160 (regression of the first one) | Python <=3.4 and 2.7 in Fedora and RHEL | Fixed upstream: bpo-36216 and bpo-36742 |
319 | Fix test_tarfile on ppc64 | Python 3.6 in RHEL8 | Fixed upstream: bpo-35772 |
318 | test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 | Python 3.6 in RHEL | bpo-33618, bpo-32947 |
317 | CVE-2019-5010 fix | all CPythons | Fixed upstream |
316 | mark bdist_wininst as unsupported (for the tests) | python3 | |
315 | Fix FTBFS in test_email (mktime overflow) | python3 on F30+ | Fixed upstream |
314 | Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) | python in RHEL7 | Fixed upstream |
313 | Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) | python in RHEL7 | Fixed upstream |
312 | Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) | not used | downstream workaround |
311 | Fix test_dbm_gnu for gdbm 1.15 | python3 in Fedora | Fixed upstream |
310 | CVE-2018-14647 | all cpythons | Fixed upstream |
309 | CVE-2018-1000802 | python2 | Fixed upstream |
308 | TLS 1.3 related upstream fixes | python3 and python36 in F29+ | Fixed upstream |
307 | Allow to call Py_Main() after Py_Initialize() | python3 in F29+ | Fixed upstream |
306 | Fix OSERROR 17 upon semaphore creation | python in RHEL7 | Fixed upstream |
305 | Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) | python in RHEL7 | Fixed upstream |
304 | Pass os.environ to new process in test_posix::test_specify_environment | python37 | Fixed upstream |
303 | CVE-2018-1060 and CVE-2018-1061 | python in RHEL7 | Fixed upstream |
302 | Fix multiprocessing regression on newer glibcs | 3.3-3.7 in F29+ | Fixed upstream |
301 | Tools/scripts/pathfix.py: Add -n option for no backup~ | python3 in F27+ | Fixed upstream |
300 | Append the collection's name to Python's shared library file name | Python Software Collections | Downstream only |
299 | Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) | python2 in F26+ | Fixed upstream |
298 | Do not send IP addresses in SNI TLS extension | python2 and python3 in F26+ | Fixed upstream |
297 | Fix -Wint-in-bool-context warnings - issue31474 | Python 2.7.14 | To be fixed in 2.7.15 |
296 | Re-add the private _set_hostport api to httplib |
Python in RHEL/CentOS 7.5 | downstream only |
295 | Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port | Python in RHEL/CentOS 7.5 | Fixed upstream (a b c)] |
294 | Define TLS cipher suite on build time | Python 3 on F28+ | Fixed upstream |
293 | Fix for GC info alignment issue -- bug 1540316 | python2 in F28+ | Fixed upstream |
292 | Restore the public PyExc_RecursionErrorInst symbol | Python 3 in F26+ | Reported upstream |
291 | Fix undefined references to dlopen / dlsym when using strict symbol checks | Python 3 in F28+ | Fixed upstream |
290 | Fix a segfault with test_crypt when using libxcrypt instead of libcrypt | Python 3 in F28+ | Fixed upstream |
289 | make nis module build with new glibc | python3 in F28+, python37; python2 in F28+ | [] |
288 | See User:Pviktori/Avoid_usr_bin_python_in_RPM_Build | python2 in F28+ (not yet) | downstream only |
287 | Fix hanging of all threads when trying to access an inaccessible NFS server. | Python in RHEL/CentOS 7.5 | Fixed upstream |
286 | CVE-2017-1000158 | python in F25, python3 in F25, python26,33..35 | Fixed upstream |
285 | fix nondeterministic read in test_pty | python2 in Rawhide(28), F27, F26 | Fixed upstream |
284 | add PYTHONSHOWREFCOUNT environment variable | python2 in Rawhide(28), F27, F26 | Fixed upstream |
283 | COUNT_ALLOCS tests fixes | Python 2 in Rawhide (28) | Fixed upstream |
282 | Make it more likely for the system allocator to release free()d memory arenas | Python in RHEL/CentOS 7.5 | Fixed upstream |
281 | Add context parameter to xmlrpclib.ServerProxy | Python in RHEL/CentOS 7.5 | Fixed upstream |
280 | Fix test_regrtest.test_crashed on s390x |
Python 2 in Rawhide (28) | Fixed upstream |
279 | Fix memory corruption due to allocator mix | Python 3 in Rawhide (28), F27, F26, F25 | Fixed upstream |
278 | Skip failing test_sha256 from test_socket on linux kernels < 4.5 | python36 | Fixed upstream |
277 | Fix hanging tests from test_subprocess | Python 3 in Rawhide (28), F27, F26 | Fixed upstream |
276 | Increase imaplib's MAXLINE to accommodate modern mailbox sizes. | Python in RHEL/CentOS 7.5 | Fixed upstream |
275 | Fix fcntl() with integer argument on 64-bit big-endian platforms. | Python in RHEL/CentOS 7.5 | Fixed upstream |
274 | Architecture naming adjustments | Python 3 in Rawhide(28) | [] |
273 | Skip test_float_with_comma (bz#1484497) | Python 3 in F27, Rawhide(28) | [] |
272 | Reject newline characters in ftplib.FTP.putline() (bz#1478916) | Python 3 in F26, Rawhide(27) | Fixed upstream |
271 | Make test_asyncio to not depend on the current signal handler | Python 3 in F26, Rawhide(27) | Fixed upstream |
270 | Fix test_alpn_protocols from test_ssl | Python 2 and Python 3 in F26, Rawhide(27) | Fixed upstream |
269 | Fix python's recompilation with common build commands when using PGO | Python 3 in Fedora 24 | Fixed upstream |
268 | Set stream to None in case an _open() fails | Python in RHEL/CentOS 7.4 | Fixed upstream |
267 | Make pip installable inside a new venv when using the --system-site-packages flag | Python 3 in Fedora 24-25 | Fixed upstream |
266 | Make shutil.make_archive() to not ingore empty directories when creating a zip file | Python in RHEL/CentOS 7.4 | Fixed upstream |
265 | Protect the key list during fork() | Python in RHEL/CentOS 7.4 | Reported upstream |
264 | skip test_pass_by_value on aarch64 | Rawhide(F27) | Reported upstream |
263 | Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c | Python in RHEL/CentOS 7.4 | Fixed upstream |
262 | force C.UTF-8 when Python 3 is run under the C locale | Python 3 in Rawhide(26) | PEP 538 |
261 | Use proper command line parsing in _testembed | Python 3 in F26 | Fixed upstream |
260 | Fix setuptools issues from unbundling its dependencies | Python 3 in Rawhide(26) | Reported upstream |
259 | Magic number workaround -- upstream issue 27286 | Python 3 in F24-f25 | Upstream commit 93602e3 (removed in 3.6) |
258 | skip test_aead_aes_gcm as it fails with Kernel 4.9+ | Python 3 in F26 | Fixed upstream |
257 | Workaround for wait timeouts when the system clock is set backwards (bz#1368076) | Python in RHEL/CentOS 7.4 | [] |
256 | Fix Python's incorrect parsing of certain regular expressions | Python in RHEL/CentOS 7.4 | Fixed upstream |
255 | Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs | Python in RHEL/CentOS 7.4 | Fixed upstream |
254 | Fix error check, so that Random.seed actually uses OS randomness | Python 3 in F26 | Fixed upstream |
253 | Define HAVE_LONG_LONG as 1. | Python 3 in F26 | Fixed upstream |
252 | Add executable option to install.py command to make it work for entry_points | Python 2 and Python 3, reverted in F27, F26 | Reported upstream |
251 | Make pip and distutils in user environment install into separate location | Python 3 in F27 | |
250 | Don't blow up on EL7 kernel (random generator) RHBZ#1410175 | Python 3, python36, python35, python34 in F26 | Reported upstream |
249 | Fix out of tree --with-dtrace builds | Python 3 in F26 | Fixed upstream |
248 | Ensure gc tracking is off when invoking weakref callbacks | Python34 in EPEL | Fixed upstream |
247 | Patch to port the ssl and hashlib module to OpenSSL 1.1.0. | Python 2 and Python 3 in F26 | Fixed upstream |
246 | Backported the build-time check for the getrandom syscall from Python 3.5.2 | Python 3 in F24 | |
245 | Skip stack overflow test on 64 bits | python33 | |
244 | Skip SSL tests | python33 | |
243 | Build properly on MIPS | python3 in F25, F26 | |
242 | HTTPoxy CVE-2016-1000110 | Everywhere | Fixed upstream |
241 | CVE-2016-5636 | python in F23, python3 in F23, F24, F25, F26, Python34 in EPEL7 | Fixed upstream (a b) |
240 | Increase test_smtplib timeouts | Python in RHEL/CentOS 7.5 | Fixed upstream |
239 | OpenSSL - "dh key too small" | EL (rh-python34-rhel-6) | Fixed upstream |
238 | CVE-2016-5699 | python3 in Fedora 23, python34 in EPEL7 | Fixed upstream |
237 | CVE-2016-0772 | Everywhere | Fixed upstream |
231 | Reserved for cstratak | [] | |
209 | Fix test breakage with Pyexpat v2.2.0 | Fedora | Fixed upstream |
208 (py3) | Skip test that fails on ppc64 | Python 3 | |
207 (py3) | Avoid incomplete _math.o with parallel builds | Python 3 | Closed upstream with different fix |
206 (py3) | Remove hf flag from arm triplet (Debianism) | Python 3 | Looks like this might be combined with patch 5001 |
205 (py3) | configure: Make libpl respect lib64 | Python 3 | |
203 (py3) | Disable tests requiring signals (due to Koji behavior) | Python 3 | |
201 (py3) | Memleak fix | Python 3 | Upstreamed, fragment of the patch remains |
200 (py3) | Fix for gettext plural form headers | Python 3 | Upstream: bpo-36239 |
196 (py3) | Test failure on ppc64le | Python 3 | |
194 (py3) | Disable tests requiring SIGHUP (due to Koji bug) | Python 3 | |
190 | gdb py-bt command fix | Python 2 (used to be 189 or 198 before F29) | Fixed upstream |
189 (py3) | Use RPM-packaged wheels for ensurepip | Python 3 in f29+ | |
Add Rewheel to ensurepip | Python 3 up to f28 | ||
188 | Hashlib test patch | Python 3 | Looks removable |
186 | Don't raise from py_compile | Python 3 | Only a test remains in downstream patch |
184 | Fixes build of ctypes against libffi with multilib wrapper | ||
180 | Enable ppc64p7 | As is, the patch is not appropriate upstream | |
178 | Don't duplicate various FLAGS in sysconfig values | Python 3 | Reported, failed review |
170 | Nicer C-level asserts in garbage collector | Python 3 | Reported, work needed to address review comments |
168 | distutils cflags, RHBZ#849994 | Upstream bpo-36235 | |
163 | Skip test with intermittent failure | ||
160 | Skip tests that require new kernel | ||
157 | uid/gid handling, RHBZ#697470 | Upstream bpo-36234 | |
155 | SELinux/httpd/ctypes workaround, RHBZ#814391 | Fixed upstream (Python 3.8.0a1) | |
153 | test_gdb fix | Fedora python2 | Fixed upstream (Python 2.7.14) |
146 | Fixes for FIPS mode | Reported, stuck | |
143 | Fix --with-tsc on ppc64 | Reported, stuck | |
137 | Skip distutils tests that fail in rpmbuild | ||
132 | unittest._skipInRpmBuild | ||
111 | Disable static libpython | ||
103 | lib64-sysconfig | Python 2 | |
102, 104 | s./usr/lib./usr/lib64. | ||
55 | Systemtap support | Reported, to be combined with DTrace, stalled | |
1 (py3) | RPath | Python 3 | |
1 (py2) | pydoc -g | Python 2 | |
0 | Config | Python 2 | — |