From Fedora Project Wiki

< SIGs‎ | Python

(CVE-2024-9287)
 
(266 intermediate revisions by 13 users not shown)
Line 1: Line 1:
= The Patches =


This is a catalogue of Python 2 and 3 patches and patch numbers for Fedora and RHEL. It does not include all patches. It serves two purposes:
{{admon/important|Patches on GitHub|Note that we use git to store the patches: https://github.com/fedora-python/cpython}}
 
== Picking numbers for new patches ==
 
Patch numbers should match between all spec files (Python 2/3, Fedora/EL/SCL). Since not all patches appear in all specs, this is tricky to keep track of (and thus it was not always done). This global catalogue should help.
 
Note that the patch doesn't have to be exactly the same in each branch: there will be slight differences if the patch (e.g. due to different Python 2/3 differences). However, if the patch fixes the same issue, then it should have the same number across all branches.
 
If you can, use the same patch name and comment in the spec file, to improve diff output when comparing them.
 
 
== Documenting status of the patches ==
 
Patches should primarily be documented in the spec files. However, for some information it's not practical to update all specs. An example is current upstreaming status: the spec comment should link to an upstream bug if one exists, but "volatile" notes can be put in this global catalogue.
 


= The Patches =
Pushing patches upstream is tracked in the page: [[SIGs/Python/UpstreamPythonPatches|Upstream Python Patches]].


{| class="wikitable"
{| class="wikitable"
Line 24: Line 11:
! Where
! Where
! Upstream status
! Upstream status
|-
| 443 || CVE-2024-9287 - Non-quoted paths in venv activation scripts || Python 3.6 in Fedora and RHEL || [https://github.com/python/cpython/issues/124651 Fixed upstream in 3.9+]
|-
| 442 || Require network resource in test_urllib2.HandlerTests.test_ftp_error || Python 3.14.0a1 in Fedora || [https://github.com/python/cpython/pull/125586 Fixed upstream]
|-
| 441 || Make vectorized versions of Blake2 available on x86, too || Python 3.14.0a1 in Fedora || [https://github.com/python/cpython/pull/125244 Open upstream]
|-
| 440 || Pass main_tstate to update_global_state_for_extension() || Python 3.13.0rc2 in Fedora || [https://github.com/python/cpython/pull/124164 Fixed upstream]
|-
| 439 || Handle an empty AST body when reporting tracebacks || Python 3.13.0rc2 in Fedora || [https://github.com/python/cpython/issues/122145 Fixed upstream]
|-
| 438 || Fix ThreadedVSOCKSocketStreamTest || Python 3.8 to 3.11 in Fedora || [https://github.com/python/cpython/pull/119465 Fixed upstream on 3.12+]
|-
| 437 || CVE-2024-6232 - Catastrophic backtracking in tarfile || Everywhere || [https://github.com/python/cpython/issues/121285 Fixed upstream]
|-
| 436 || CVE-2024-8088 - Sanitize names in zipfile.Path || Everywhere || [https://github.com/python/cpython/issues/122905 Fixed upstream]
|-
| 435 || CVE-2024-6923 - newlines in email headers || Everywhere || [https://github.com/python/cpython/issues/121650 Fixed upstream]
|-
| 434 || gh-122728: Fix SystemError in PyEval_GetLocals() || Python 3.13.0rc1 in Fedora || [https://github.com/python/cpython/pull/122735 Fixed upstream]
|-
| 433 || gh-122300: Preserve AST nodes for format specifiers with single elements || Python 3.13.0b4 in Fedora || [https://github.com/python/cpython/pull/122364 Fixed upstream]
|-
| 432 || gh-122014: Account with abi_thread in test_sysconfig.test_user_similar || Python 3.13.0b4 in Fedora || [https://github.com/python/cpython/pull/122017 Fixed upstream]
|-
| 431 || CVE-2024-4032 - incorrect IPv4 and IPv6 private ranges || Everywhere || [https://github.com/python/cpython/issues/113171 Fixed upstream]
|-
| 430 || Fix ~/.python_history emptying || Python 3.13.0b3 in Fedora || [https://github.com/python/cpython/pull/121255 Fixed upstream]
|-
| 429 || Fix JIT build race condition || Python 3.13.0b2 in Fedora || [https://github.com/python/cpython/pull/120690 Fixed upstream]
|-
| 428 || Fix PGO tests in free-threaded build || Python 3.13.0b1 in Fedora || [https://github.com/python/cpython/pull/118862 Fixed upstream]
|-
| 427 || CVE-2024-0450 || Python 3 in CentOS Stream 8 || [https://github.com/python/cpython/issues/109858 Fixed upstream in 3.8+]
|-
| 426 || CVE-2023-6597 || Python 3 in CentOS Stream 8 || [https://github.com/python/cpython/issues/91133 Fixed upstream in 3.8+]
|-
| 425 || Fix test_makefile_test_folders || Python 3.13.0a6, 3.12 in Fedora || [https://github.com/python/cpython/issues/117711 Fixed upstream]
|-
| 424 || Remove internal usage of @LIBPYTHON@ || Python 3.13.0a5 in Fedora || [https://github.com/python/cpython/pull/116746 Fixed upstream]
|-
| 423 || Add triplets for mips-r6 and riscv || Python 3.6 in Fedora || [https://github.com/python/cpython/pull/6655 Fixed upstream for 3.8+]
|-
| 422 || Fix tests for XMLPullParser with Expat 2.6.0 || Python 3.12 and older in Fedora || [https://github.com/python/cpython/issues/115133 Fixed upstream]
|-
| 421 || Fix crash involving exhausted list iterator || Python 3.13.0a4 in Fedora || [https://github.com/python/cpython/commit/520403ed4cdf4890d63403c9cf01ac63233f5ef4 Fixed upstream in main (3.13)]
|-
| 420 || Add again _PyCFunctionFastWithKeywords name || Python 3.13.0a4 in Fedora || [https://github.com/python/cpython/pull/115561 Fixed upstream in main (3.13)]
|-
| 419 || Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix || Python 3.10, 3.9, 3.8, 3.6 in Fedora || [https://github.com/python/cpython/pull/112771 Fixed upstream in 3.8+]
|-
| 418 || Remove generating sbom from make regen-all || Python 3.13.0a3+4 and 3.12.2 in Fedora || Downstream only
|-
| 417 || GCC 14 tkinter -Wincompatible-pointer-types || Python 2.7 in Fedora || Downstream only
|-
| 416 || Casting issue in Python 3.12 || unused at the end ||
|-
| 415 || CVE-2023-27043 in email || Everywhere in Fedora and RHEL || [https://github.com/python/cpython/pull/111116 Fixed upstream in main (3.13)]
|-
| 414 || Backport of skip_on_s390x decorator || Python 3.6 in RHEL 8, Python 3.9 in RHEL 9 || [https://github.com/python/cpython/commit/9475dc0b8d2a0db40278bbcb88a89b1265a77ec9 Fixed upstream in 3.11.0a6]
|-
| 413 || CVE-2022-48564 || Python 3.6 in RHEL 8 || [https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 Fixed upstream in 3.6.13]
|-
| 412 || Include new dir test/regrtestdata in the installation || Python 3.11.7 in Fedora || [https://github.com/python/cpython/pull/112784 Fixed upstream in 3.11.8]
|-
| 411 || Intern Statically Allocated Strings Globally || Considered for Python 3.12.0 in Fedora, but was not shipped before 3.12.1 || [https://github.com/python/cpython/pull/110713 Fixed upstream in 3.12.1]
|-
| 410 || Fix implicit function declarations in configure || Python 3.6 and 2.7 in Fedora || [https://github.com/python/cpython/issues/86764 Fixed upstream in 3.8+]
|-
| 409 || Fix broken nice configure test (missing stdlib.h and unistd.h includes) || Python 3.6 in Fedora || [https://github.com/python/cpython/issues/57706 Fixed upstream in 3.7+]
|-
| 408 || CVE-2022-48560 || Python 3.6 and 2.7 in RHEL 8 || [https://github.com/python/cpython/issues/83602 Fixed upstream in 3.6.11+]
|-
| 407 || Fix implicit int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM || Python 2.7, 3.9, and 3.8 in Fedora || [https://github.com/python/cpython/issues/99086 Fixed upstream in 3.10+]
|-
|-
| 406 || CVE-2022-48565 || Python 2.7 in Fedora and RHEL || Fixed upstream in 3.6+.
|-
|-
| 405 || Fix C99 errors: declare functions || Python 2.7 in Fedora || Downstream only.
|-
|-
| 404 || CVE-2023-40217 + fixups || Python in RHEL || [https://github.com/python/cpython/issues/108310 Fixed upstream in 3.8+]
|-
|-
| 403 || Fix TLS version in tests of Python 2.7 to support OpenSSL 3.1 || Python 2.7 in Fedora || [https://github.com/python/cpython/pull/104811 Fixed upstream in 3.12.0b2+]
|-
|-
| 402 || Add PyType_GetDict() || Python 3.12.0b3 in Fedora || [https://github.com/python/cpython/pull/105747 Proposed upstream]
|-
|-
| 401 || Tests: Use setuptools+wheel from sysconfig.get_config_var('WHEEL_PKG_DIR') if set || Python 3.12.0b1 in Fedora || [https://github.com/python/cpython/pull/105056 Proposed upstream]
|-
| 400 || Revert removal of imp and find_module modules || Python 3.12.0b1 in Fedora || Downstream only
|-
| 399 || CVE-2023-24329 in urllib.parse || Everywhere || [https://github.com/python/cpython/commit/2f630e1ce18ad2e07428296532a68b11dc66ad10 Fixed upstream]
|-
|-
| 398 || gh-103295: fix stack overwrite on 32-bit in perf map test harness || Python 3.12.0b1 in Fedora || [https://github.com/python/cpython/pull/104811 Fixed upstream in 3.12.0b2+]
|-
|-
| 397 || CVE-2007-4559, PEP 706: Filter for tarfile.extractall || RHEL (TBD) || Not yet
|-
|-
| 396 || gh-100160: Remove any deprecation warnings in asyncio.get_event_loop() || Python 3.11.1 in Fedora (and possibly RHEL) || [https://github.com/python/cpython/pull/100412 Fixed upstream in 3.11.2+]
|-
|-
| 395 || GH-100133: fix asyncio subprocess losing stderr and stdout output || Python 3.11.1 in Fedora (and possibly RHEL) || [https://github.com/python/cpython/pull/100398 Fixed upstream in 3.11.2+]
|-
|-
| 394 ||CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder || Python in RHEL || [https://github.com/python/cpython/issues/98433 Fixed upstream on 3.7+]
|-
|-
| 393 || IDLE - fix buggy macosx patch (caused [https://bugzilla.redhat.com/show_bug.cgi?id=2142602 rhbz#2142602]) || Python 3.10.8 in Fedora || [https://github.com/python/cpython/commit/928b5f1bdeb4f9ab243ccfdf0aa0ca52839974f9 Fixed upstream]
|-
|-
| 392 || CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation || Python 3.6 in Fedora || [https://github.com/python/cpython/issues/98517 Fixed upstream on 3.7+]
|-
|-
| 391 || CVE-2022-42919 - local privilege escalation via the multiprocessing forkserver start method || Python 3.9+ in Fedora and RHEL 8/9 || [https://github.com/python/cpython/issues/97514 Fixed upstream]
|-
|-
| 390 || Fix make regen-test-levenshtein for out-of-tree builds || Python 3.12.0a1 in Fedora || [https://github.com/python/cpython/pull/98779 Proposed upstream]
|-
|-
| 389 || Don't let --with-system-libmpdec / --with-system-expat use the vendored headers  || Python 3.12.0a1 in Fedora || [https://github.com/python/cpython/pull/98711 Proposed upstream]
|-
|-
| 388 || gzip/zlib buffer size on s390x - [https://bugzilla.redhat.com/show_bug.cgi?id=2131172 RHBZ#2131172] || Python 3.6-3.10 in RHEL (TBD) || No
|-
|-
| 387 || CVE-2020-10735: large int DoS || Python 2.7/3.6 in Fedora/RHEL || [https://github.com/python/cpython/pull/96499 Fixed upstream in 3.7+]
|-
|-
| 386 || CVE-2021-28861: open redirection in http.server || Python 3.6 in Fedora and 3.6+ in RHEL || [https://github.com/python/cpython/pull/93879 Fixed upstream in 3.7+]
|-
|-
| 385 || Revert "bpo-23689: re module, fix memory leak..." to fix re slowdown || Python 3.11.0b3 in Fedora || [https://github.com/python/cpython/pull/93928 Reverted upstream]
|-
|-
| 384 || Clear and reset sqlite3 statements properly in cursor iternext  || Python 3.11.0b3 in Fedora || [https://github.com/python/cpython/pull/94042 Fixed upstream]
|-
|-
| 383 || PyTuple_SET_ITEM fails to compile in C++ source || Python 3.11.0b3 in Fedora || [https://github.com/python/cpython/issues/93442 Fixed upstream]
|-
|-
| 382 || CVE-2015-20107 || Fedora and RHEL || [https://github.com/python/cpython/commit/b9509ba7a9c668b984dab876c7926fe1dc5aa0ba Fixed upstream]
|-
|-
| 381 || Ensure that AST nodes without explicit end positions can be compiled || Fedora python3.11 b2 || https://github.com/pytest-dev/pytest/issues/10008
|-
| 380 || Update SSL certs || RHEL || fixed upstream [https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7  here] and [https://github.com/python/cpython/commit/1f34aece28d143edb94ca202e661364ca394dc8c here]
|-
| 379 || Fix OpenSSL version check for 3.0.1  || Fedora python3.8 || [https://github.com/python/cpython/commit/a9b3edb66f2976a5895b6399ee905ac2f27718ac commit]
|-
|-
| 378 || Fix expat test suite || Fedora python2.7, python3.6+ || [https://bugs.python.org/issue46811 Fixed upstream]
|-
|-
| 377 || CVE-2022-0391 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue43882 Fixed upstream]
|-
|-
| 376|| Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ || python3.10 || [https://github.com/python/cpython/commit/4371fbd4328781496f5f2c6938c4d9a84049b187 commit]
|-
|-
| 375|| Fix test to enable build in i686 || python2.7, 3.6 || Downstream only
|-
|-
| 374|| Fix asyncio initialisation guard || python3.10 || [https://github.com/python/cpython/commit/9d18045804f6db8224be14f7a618b77977f90144 commit]
|-
|-
| 373|| Revert "bpo-40521: Per-interpreter interned strings || python3.10 || [https://github.com/python/cpython/commit/72c260cf0c71eb01eb13100b751e9d5007d00b70 commit]
|-
|-
| 372|| CVE-2021-4189 || RHEL, Fedora (Py 2) | [https://bugs.python.org/issue43285 Fixed upstream]
|
|-
|-
| 371|| Revert Fix threading._shutdown() for the main thread || python3.9+ | [https://github.com/python/cpython/commit/94d19f606fa18a1c4d2faca1caf2f470a8ce6d46 commit]
|-
|-
| 370|| Use monotonic clock for the GIL || RHEL | [https://bugs.python.org/issue12822 Fixed upstream]
|
|-
|-
| 369||  Change shouldRollover() methods to only rollover regular files || RHEL | [https://bugs.python.org/issue45401 Fixed upstream]
|
|-
| 368 || CVE-2021-3737 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue44022 Fixed upstream]
|-
|-
| 367 || sysconfig's posix_user scheme has different platlib value to distutils's unix_user || Python3.10.0rc2 || [https://bugs.python.org/issue45136 Fix merged, will be in Python 3.10.0 final]
|-
|-
| 366 || CVE-2021-3733 || RHEL, Fedora (Py 2) || [https://bugs.python.org/issue43075 Fixed upstream]
|-
|-
| 365 || CVE-2021-29921 || RHEL || [https://bugs.python.org/issue36384 Fixed upstream]
|-
|-
| 364 || Don't call PyThread_exit_thread || RHEL || [https://bugs.python.org/issue44434 Fixed upstream]
|-
| 363 || Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index  || Python 3.10.0b3 || [https://bugs.python.org/issue44451 Proposed upstream]
|-
| 362 || Reentrant threading.enumerate() call || RHEL || [https://bugs.python.org/issue44422 Fixed upstream]
|-
| 361|| OpenSSL 3.0.0 compatibility || RHEL and python2.7 in Fedora
|
|-
| 360|| CVE-2021-3426 || RHEL | [https://bugs.python.org/issue42988 Fixed upstream]
|
|-
| 359 || CVE-2021-23336 || RHEL
| [https://bugs.python.org/issue42967 Fixed upstream]
|-
| 358 || Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms || Python 3.6 and below in Fedora
| [https://bugs.python.org/issue27987 Fixed upstream]
|-
| 357 || CVE-2021-3177 || Python 3.8 and 3.9 in Fedora
| [https://bugs.python.org/issue42938 issue with links to PRs]
|-
| 356|| Backport of `-ka` options for `pathfix.py` || Python 3 in RHEL 8 only
| [https://github.com/python/cpython/commit/c71c54c62600fd721baed3c96709e3d6e9c33817 commit]
|-
| 355|| CVE-2020-27619 || RHEL | [https://bugs.python.org/issue41944 Fixed upstream]
|
|-
| 354 || CVE-2020-26116 - HTTP request method CRLF injection in httplib || Python 2.7, 3.4
| [https://bugs.python.org/issue39603 Fixed upstream in 3.5+]
|-
| 353 || Alternative architectures' names || All supported Pythons in Fedora/RHEL
| Downstream only
|-
| 352 || CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes ([https://bugs.python.org/issue41004 bpo-41004]) ||
| Slated for python3.9 b5 & all maintained releases (3.5+)
|-
| 351 || CVE-2019-20907 Fix infinite loop in the tarfile module ([https://bugs.python.org/issue39017 bpo-39017]) ||
| Slated for python3.9 b5 & all maintained releases (3.5+)
|-
| 350 || Fix SQLite tests ([https://bugs.python.org/issue40784 bpo-40784]) || python3.9
| Slated for python3.9 b2, python3.8
|-
| 349 || fix tp_traverse visiting Py_TYPE(self) ([https://bugs.python.org/issue40217 bpo-40217], PySide2 bug) || python3.9 b1
| Slated for python3.9 b2
|-
| 348|| never enable lchmod on Linux || python35
| bacport of [https://github.com/python/cpython/commit/40caa05fa4d1810a1a6bfc34e0ec930c351089b7 commit], upstream is doing only security fixes for python35
|-
| 347|| Reserved for [[User:lbalhar|lbalhar]] || SCL7
| fixed in 3.9
|-
| 346|| CVE-2020-8492 ||
| []
|-
| 345|| test_site fixes ||
| []
|-
| 344|| CVE-2019-16935 ||
| []
|-
| 343 || faulthandler fix for GCC 10 || python34, 35 and 36
| [https://bugs.python.org/issue38965 fixed upstream]
|-
| 342|| Reserved for [[User:torsava|torsava]] || SCL7
| Downstream only
|-
| 341|| bpo39460 backport || python39
| fixed on master, will be in 3.9.0a4
|-
| 340|| bpo39459 backport || python39
| fixed on master, will be in 3.9.0a4
|-
| 339|| bpo16575 backport || python3 (3.7, 3.8)
| fixed in git, will be in 3.7.7, 3.8.2.
|-
| 338|| test_gdb fixes for LTO ||
| []
|-
| 337|| Reserved for [[User:torsava|torsava]] ||
| []
|-
|-
| 336|| Fix invocation of pip 19+ in a Python test || python3 in Fedora, EL
| Downstream only
|-
| 335|| Add options to keep/add flags to pathfix || python3 in Fedora
|[https://bugs.python.org/issue37064 Fixed upstream]
|-
| 334|| Fix faulthandler.register(chain=True) stack || python3 in RHEL7
|[https://bugs.python.org/issue21131 Fixed upstream]
|-
| 333|| Reduce the number of tests run during PGO || python3 in RHEL8
|[https://bugs.python.org/issue36044 Fixed upstream]
|-
| 332|| CVE-2019-16056 || python and python3 in RHEL7
|[https://bugs.python.org/issue34155 Fixed upstream]
|-
| 331|| Fix StructUnionType_paramfunc() || python 3.8.0b4  ||[https://bugs.python.org/issue37140 Fixed upstream]
|-
| 330|| CVE-2018-20852 || python and python3 in RHEL7
|[https://bugs.python.org/issue35121 Fixed upstream]
|-
| 329|| Support OpenSSL FIPS mode || python3 in RHEL8
| Downstream only, [https://bugs.python.org/issue9216 partially upstream]
|-
| 328|| Restore to TIMESTAMP invalidation mode as default in rpmbubild || python3, python38  ||[https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/57#comment-27426 Downstream only]
|-
| 327|| Enable TLS 1.3 post-handshake authentication in http.client || python3 on RHEL8
|[https://bugs.python.org/issue37440 Fixed upstream]
|-
| 326|| On TLS 1.3 Don't set the post-handshake authentication verify flag on client side || python3 on RHEL8
|[https://bugs.python.org/issue37428 Fixed upstream]
|-
| 325|| CVE-2019-9948 || pythons in RHEL7 and RHEL8
|[https://bugs.python.org/issue35907 Fixed upstream]
|-
| 324|| CVE-2019-9740, CVE-2019-9947 fix || python3  ||[https://bugs.python.org/issue30458 Fixed upstream]
|-
| 323|| Coverity scan fixes || python2 and python3 in RHEL8
|Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680
|-
| 322|| Skip test_ssl tests on OpenSSL 1.1.1 || Python 3.4 and 3.5  || [https://github.com/python/cpython/pull/12694 PR for Python 3.5]
|-
| 321||  OpenSSL 1.1.1 support for Python 3.4 || Python 3.4 in Fedora  || [https://github.com/python/cpython/pull/12211 Rejected upstream] and 3.4 reached EOL
|-
| 320||  CVE-2019-9636 and CVE-2019-10160 (regression of the first one) || Python <=3.4 and 2.7 in Fedora and RHEL || [https://bugs.python.org/issue36216 Fixed upstream: bpo-36216] and [https://bugs.python.org/issue36742 bpo-36742]
|-
| 319||  Fix test_tarfile on ppc64 || Python 3.6 in RHEL8  || [https://bugs.python.org/issue35772 Fixed upstream: bpo-35772]
|-
| 318||  test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 || Python 3.6 in RHEL  ||[https://bugs.python.org/issue33618 bpo-33618], [https://bugs.python.org/issue32947 bpo-32947]
|-
| 317|| CVE-2019-5010 fix || all CPythons  ||[https://bugs.python.org/issue35746 Fixed upstream]
|-
| 316|| mark bdist_wininst as unsupported (for the tests) || python3  ||
|-
| 315|| Fix FTBFS in test_email (mktime overflow) || python3 on F30+  ||[https://bugs.python.org/issue35317 Fixed upstream]
|-
| 314|| Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) || python in RHEL7  ||[https://bugs.python.org/issue25083 Fixed upstream]
|-
| 313|| Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) || python in RHEL7  ||[https://bugs.python.org/issue23420 Fixed upstream]
|-
| 312|| Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) || not used
|downstream workaround
|-
| 311|| Fix test_dbm_gnu for gdbm 1.15 || python3 in Fedora
|[https://bugs.python.org/issue33901 Fixed upstream]
|-
| 310 || CVE-2018-14647 ||  all cpythons
|[https://bugs.python.org/issue34623 Fixed upstream]
|-
| 309 || CVE-2018-1000802 ||  python2
|[https://bugs.python.org/issue34540 Fixed upstream]
|-
| 308 || TLS 1.3 related upstream fixes ||  python3 and python36 in F29+
|[https://bugs.python.org/issue34399 Fixed] [https://bugs.python.org/issue34391 upstream]
|-
| 307 || Allow to call Py_Main() after Py_Initialize() ||  python3 in F29+
|[https://bugs.python.org/issue34008 Fixed upstream]
|-
| 306|| Fix OSERROR 17 upon semaphore creation || python in RHEL7
|[https://bugs.python.org/issue24303 Fixed upstream]
|-
| 305 || Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) || python in RHEL7
|[https://bugs.python.org/issue27850 Fixed upstream]
|-
| 304 || Pass os.environ to new process in test_posix::test_specify_environment ||  python37
|[https://bugs.python.org/issue33455 Fixed upstream]
|-
| 303 || CVE-2018-1060 and CVE-2018-1061 || python in RHEL7
|[https://bugs.python.org/issue32981 Fixed upstream]
|-
| 302 ||Fix multiprocessing regression on newer glibcs || 3.3-3.7  in F29+
|[https://bugs.python.org/issue33329 Fixed upstream]
|-
| 301 ||Tools/scripts/pathfix.py: Add -n option for no backup~ || python3  in F27+
|[https://bugs.python.org/issue32885 Fixed upstream]
|-
| 300 || Append the collection's name to Python's shared library file name || Python Software Collections
| Downstream only
|-
| 299 ||Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) || python2  in F26+
|[https://bugs.python.org/issue32185 Fixed upstream]
|-
| 298 ||Do not send IP addresses in SNI TLS extension || python2 and python3 in F26+
|[https://bugs.python.org/issue32185 Fixed upstream]
|-
| 297 || Fix -Wint-in-bool-context warnings - [https://bugs.python.org/issue31474 issue31474] || Python 2.7.14
|To be fixed in 2.7.15
|-
| 296 || Re-add the private `_set_hostport` api to httplib || Python in RHEL/CentOS 7.5
|downstream only
|-
| 295 || Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port || Python in RHEL/CentOS 7.5
|Fixed upstream ([https://bugs.python.org/issue7776 a] [https://bugs.python.org/issue22095 b] [https://bugs.python.org/issue23300 c])]
|-
| 294 || Define TLS cipher suite on build time|| Python 3 on F28+
|[https://bugs.python.org/issue31429 Fixed upstream]
|-
| 293 || Fix for GC info alignment issue -- [https://bugzilla.redhat.com/show_bug.cgi?id=1540316 bug 1540316] || python2 in F28+
|[https://bugs.python.org/issue33374 Fixed upstream]
|-
| 292 || Restore the public PyExc_RecursionErrorInst symbol || Python 3 in F26+
|[https://bugs.python.org/issue30697 Reported upstream ]
|-
| 291 || Fix undefined references to dlopen / dlsym when using strict symbol checks || Python 3 in F28+
|[https://bugs.python.org/issue32647 Fixed upstream]
|-
| 290 || Fix a segfault with test_crypt when using libxcrypt instead of libcrypt || Python 3 in F28+
|[https://bugs.python.org/issue32635 Fixed upstream]
|-
| 289 || make nis module build with new glibc || python3 in F28+, python37; python2 in F28+
|[]
|-
| 288 || See [[User:Pviktori/Avoid_usr_bin_python_in_RPM_Build]] || python2 in F28+ (not yet)
|downstream only
|-
| 287 || Fix hanging of all threads when trying to access an inaccessible NFS server. || Python in RHEL/CentOS 7.5
|[https://bugs.python.org/issue32186 Fixed upstream]
|-
| 286 || CVE-2017-1000158  || python in F25, python3 in F25, python26,33..35
|[https://bugs.python.org/issue30657 Fixed upstream]
|-
| 285 || fix nondeterministic read in test_pty || python2 in Rawhide(28), F27, F26
|[https://bugs.python.org/issue31158 Fixed upstream]
|-
| 284 || add PYTHONSHOWREFCOUNT environment variable || python2 in Rawhide(28), F27, F26
|[https://bugs.python.org/issue31733 Fixed upstream]
|-
| 283 || COUNT_ALLOCS tests fixes || Python 2 in Rawhide (28)
|[https://bugs.python.org/issue31692 Fixed upstream]
|-
| 282 ||Make it more likely for the system allocator to release free()d memory arenas ||  Python in RHEL/CentOS 7.5
|[https://bugs.python.org/issue20494 Fixed upstream]
|-
| 281 || Add context parameter to xmlrpclib.ServerProxy || Python in RHEL/CentOS 7.5
|[https://bugs.python.org/issue22960 Fixed upstream]
|-
| 280 || Fix `test_regrtest.test_crashed` on s390x || Python 2 in Rawhide (28)
|[https://bugs.python.org/issue31719 Fixed upstream]
|-
| 279 || Fix memory corruption due to allocator mix || Python 3 in Rawhide (28), F27, F26, F25
|[https://bugs.python.org/issue31532 Fixed upstream]
|-
| 278 || Skip failing test_sha256 from test_socket on linux kernels < 4.5 || python36
|[https://bugs.python.org/issue31705 Fixed upstream]
|-
| 277 || Fix hanging tests from test_subprocess || Python 3 in Rawhide (28), F27, F26
|[https://bugs.python.org/issue31178 Fixed upstream]
|-
| 276 || Increase imaplib's MAXLINE to accommodate modern mailbox sizes. || Python in RHEL/CentOS 7.5
|[https://bugs.python.org/issue23647 Fixed upstream]
|-
| 275 || Fix fcntl() with integer argument on 64-bit big-endian platforms. || Python in RHEL/CentOS 7.5
|[https://bugs.python.org/issue22821 Fixed upstream]
|-
| 274 || Architecture naming adjustments || Python 3 in Rawhide(28) 
|[]
|-
| 273 || Skip test_float_with_comma ([https://bugzilla.redhat.com/show_bug.cgi?id=1484497 bz#1484497]) || Python 3 in F27, Rawhide(28) 
|[]
|-
| 272 || Reject newline characters in ftplib.FTP.putline() ([https://bugzilla.redhat.com/show_bug.cgi?id=1478916 bz#1478916]) || Python 3 in F26, Rawhide(27)
|[http://bugs.python.org/issue30119 Fixed upstream]
|-
| 271 || Make test_asyncio to not depend on the current signal handler ||  Python 3 in F26, Rawhide(27)
|[http://bugs.python.org/issue31034 Fixed upstream]
|-
| 270 || Fix test_alpn_protocols from test_ssl || Python 2 and Python 3 in F26, Rawhide(27)
|[http://bugs.python.org/issue30714 Fixed upstream]
|-
| 269 || Fix python's recompilation with common build commands when using PGO ||  Python 3 in Fedora 24
|[http://bugs.python.org/issue29243 Fixed upstream]
|-
| 268 ||Set stream to None in case an _open() fails || Python in RHEL/CentOS 7.4
|[https://bugs.python.org/issue21742 Fixed upstream]
|-
| 267 || Make pip installable inside a new venv when using the --system-site-packages flag || Python 3 in Fedora 24-25
|[https://bugs.python.org/issue24875 Fixed upstream]
|-
| 266 || Make shutil.make_archive() to not ingore empty directories when creating a zip file || Python in RHEL/CentOS 7.4
|[https://bugs.python.org/issue24982 Fixed upstream]
|-
| 265 || Protect the key list during fork() || Python in RHEL/CentOS 7.4
|[http://bugs.python.org/issue29640 Reported upstream]
|-
| 264 ||skip test_pass_by_value on aarch64 || Rawhide(F27)
|[http://bugs.python.org/issue29804 Reported upstream]
|-
|-


| 262 || Reserved for [[User:cstratak|cstratak]] ||  
| 263 || Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c || Python in RHEL/CentOS 7.4
|[]
|[http://bugs.python.org/issue27267 Fixed upstream]
|-
|-
| 261 || Reserved for [[User:cstratak|cstratak]] -- [https://bugzilla.redhat.com/show_bug.cgi?id=1404918 force C.UTF-8 when Python 3 is run under the C locale] || Python 3 in F26
| 262 || [https://bugzilla.redhat.com/show_bug.cgi?id=1404918 force C.UTF-8 when Python 3 is run under the C locale] || Python 3 in Rawhide(26)
|[https://www.python.org/dev/peps/pep-0538/ PEP 538]
|[https://www.python.org/dev/peps/pep-0538/ PEP 538]
|-
|-
| 260 || Fix setuptools issues from unbundling its dependencies || Python 3 in F26
| 261 || Use proper command line parsing in _testembed || Python 3 in F26
|[http://bugs.python.org/issue29523 Reported upstream]
|[https://bugs.python.org/issue24932 Fixed upstream]
|-
| 260 || Fix setuptools issues from unbundling its dependencies || Python 3 in Rawhide(26)
|[https://bugs.python.org/issue29523 Reported upstream]
|-
|-
| 259 || Reserved for [[User:pviktori|pviktori]] -- dealing with [http://bugs.python.org/issue27286 issue27286] fallout || Python 3 in F24-f25
| 259 || Magic number workaround -- [http://bugs.python.org/issue27286 upstream issue 27286] || Python 3 in F24-f25
|[]
|[https://github.com/python/cpython/commit/93602e3af70d3b9f98ae2da654b16b3382b68d50 Upstream commit 93602e3] (removed in 3.6)
|-
|-
| 258 || skip test_aead_aes_gcm as it fails with Kernel 4.9+|| Python 3 in F26
| 258 || skip test_aead_aes_gcm as it fails with Kernel 4.9+|| Python 3 in F26
|[http://bugs.python.org/issue29324 Reported upstream]
|[http://bugs.python.org/issue29324 Fixed upstream]
|-
|-
| 257 || Reserved for [[User:cstratak|cstratak]] ||  
| 257 || Workaround for wait timeouts when the system clock is set backwards ([https://bugzilla.redhat.com/show_bug.cgi?id=1368076 bz#1368076]) || Python in RHEL/CentOS 7.4
|[]
|[]
|-
|-
| 256 || Reserved for [[User:cstratak|cstratak]] ||  
| 256 || Fix Python's incorrect parsing of certain regular expressions || Python in RHEL/CentOS 7.4
|[]
|[https://bugs.python.org/issue18647 Fixed upstream]
|-
|-
| 255 || Reserved for [[User:cstratak|cstratak]] ||  
| 255 || Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs || Python in RHEL/CentOS 7.4
|[]
|[https://bugs.python.org/issue27691 Fixed upstream]
|-
|-
| 254 || Fix error check, so that Random.seed actually uses OS randomness || Python 3 in  F26
| 254 || Fix error check, so that Random.seed actually uses OS randomness || Python 3 in  F26
Line 56: Line 533:
|[https://hg.python.org/cpython/rev/fad67c66885f Fixed upstream]
|[https://hg.python.org/cpython/rev/fad67c66885f Fixed upstream]
|-
|-
| 252 || Add executable option to install.py command to make it work for entry_points || Python 2 and Python 3 in F26
| 252 || Add executable option to install.py command to make it work for entry_points || Python 2 and Python 3, reverted in F27, F26
|[http://bugs.python.org/issue29411 Reported upstream]
|[http://bugs.python.org/issue29411 Reported upstream]
|-
|-
| 251 || Set values of prefix and exec_prefix to /usr/local if executable is /usr/bin/python* || Temporarily reverted, will need to be reworked
| 251 || Make pip and distutils in user environment install into separate location || Python 3 in  F27
|
|
|-
|-
Line 66: Line 543:
|-
|-
| 249 || Fix out of tree --with-dtrace builds || Python 3 in F26
| 249 || Fix out of tree --with-dtrace builds || Python 3 in F26
|[http://bugs.python.org/issue28787 Reported upstream]
|[http://bugs.python.org/issue28787 Fixed upstream]
|-
|-
| 248 || Ensure gc tracking is off when invoking weakref callbacks || Python34 in EPEL
| 248 || Ensure gc tracking is off when invoking weakref callbacks || Python34 in EPEL
Line 88: Line 565:
| Fixed upstream ([https://hg.python.org/cpython/rev/985fc64c60d6/ a] [https://hg.python.org/cpython/rev/2edbdb79cd6d b])
| Fixed upstream ([https://hg.python.org/cpython/rev/985fc64c60d6/ a] [https://hg.python.org/cpython/rev/2edbdb79cd6d b])
|-
|-
| 240 || Reserved for [[User:torsava|torsava]] || EL [https://bugzilla.redhat.com/show_bug.cgi?id=1355800]
| 240 || Increase test_smtplib timeouts || Python in RHEL/CentOS 7.5
| [https://github.com/python/cpython/commit/1122236c89770466c629aa0f0b0de2b2731b82ee Fixed upstream]
|-
|-
| 239 || OpenSSL - "dh key too small"  || EL (rh-python34-rhel-6) || [https://bugs.python.org/issue24985 Fixed upstream]  
| 239 || OpenSSL - "dh key too small"  || EL (rh-python34-rhel-6) || [https://bugs.python.org/issue24985 Fixed upstream]  
Line 97: Line 575:
| 237 || CVE-2016-0772 || Everywhere
| 237 || CVE-2016-0772 || Everywhere
| [http://bugs.python.org/issue20770 Fixed upstream]
| [http://bugs.python.org/issue20770 Fixed upstream]
|-
| 231|| Reserved for [[User:cstratak|cstratak]] ||
|[]
|-
|-
| 209 || Fix test breakage with Pyexpat v2.2.0 || Fedora
| 209 || Fix test breakage with Pyexpat v2.2.0 || Fedora
Line 116: Line 597:
| [http://bugs.python.org/issue18404 Upstreamed], fragment of the patch remains
| [http://bugs.python.org/issue18404 Upstreamed], fragment of the patch remains
|-
|-
| 200 (py3) || Fix for gettext plural form headers || Python 3
| 200 (py3) || Fix for gettext plural form headers || Python 3 || [https://bugs.python.org/issue36239 Upstream: bpo-36239]
|-
|-
| 196 (py3) || Test failure on ppc64le || Python 3
| 196 (py3) || Test failure on ppc64le || Python 3
Line 122: Line 603:
| 194 (py3) || Disable tests requiring SIGHUP (due to [https://fedorahosted.org/koji/ticket/270 Koji bug]) || Python 3
| 194 (py3) || Disable tests requiring SIGHUP (due to [https://fedorahosted.org/koji/ticket/270 Koji bug]) || Python 3
|-
|-
| 189 (py3) || Add Rewheel to ensurepip || Python 3
| 190 || gdb py-bt command fix || Python 2 (used to be 189 or 198 before F29)
| [https://bugs.python.org/issue34989 Fixed upstream]
|-
|rowspan="2"| 189 (py3) || Use RPM-packaged wheels for ensurepip || Python 3 in f29+
|-
| Add Rewheel to ensurepip || Python 3 up to f28
|-
|-
| 188 || Hashlib test patch || Python 3
| 188 || Hashlib test patch || Python 3
Line 140: Line 626:
| 170 || Nicer C-level asserts in garbage collector || Python 3
| 170 || Nicer C-level asserts in garbage collector || Python 3
| [http://bugs.python.org/issue9263 Reported], work needed to address review comments
| [http://bugs.python.org/issue9263 Reported], work needed to address review comments
|-
| 168 || distutils cflags, [https://bugzilla.redhat.com/show_bug.cgi?id=849994 RHBZ#849994] || || [https://bugs.python.org/issue36235 Upstream bpo-36235]
|-
|-
| 163 || Skip test with intermittent failure ||
| 163 || Skip test with intermittent failure ||
Line 145: Line 633:
| 160 || Skip tests that require new kernel ||
| 160 || Skip tests that require new kernel ||
|-
|-
| 157 || uid/gid handling, [https://bugzilla.redhat.com/show_bug.cgi?id=697470 RHBZ#697470] || || Just some tests are still downstream-only
| 157 || uid/gid handling, [https://bugzilla.redhat.com/show_bug.cgi?id=697470 RHBZ#697470] || || [https://bugs.python.org/issue36234 Upstream bpo-36234]
|-
| 155 || SELinux/httpd/ctypes workaround, [https://bugzilla.redhat.com/show_bug.cgi?id=814391 RHBZ#814391] || || [https://bugs.python.org/issue35523 Fixed upstream (Python 3.8.0a1)]
|-
|-
| 155 || SELinux/httpd/ctypes workaround, [https://bugzilla.redhat.com/show_bug.cgi?id=814391 RHBZ#814391] ||
| 153 || test_gdb fix || Fedora python2 || [https://github.com/python/cpython/commit/8420cd29053106f97b7d27dcc288882ffea3c1c5 Fixed upstream (Python 2.7.14)]
|-
|-
| 146 || Fixes for FIPS mode || || [http://bugs.python.org/issue9216 Reported], stuck
| 146 || Fixes for FIPS mode || || [http://bugs.python.org/issue9216 Reported], stuck

Latest revision as of 06:58, 4 November 2024

The Patches

Patches on GitHub
Note that we use git to store the patches: https://github.com/fedora-python/cpython

Pushing patches upstream is tracked in the page: Upstream Python Patches.

Patch No. Patch description Where Upstream status
443 CVE-2024-9287 - Non-quoted paths in venv activation scripts Python 3.6 in Fedora and RHEL Fixed upstream in 3.9+
442 Require network resource in test_urllib2.HandlerTests.test_ftp_error Python 3.14.0a1 in Fedora Fixed upstream
441 Make vectorized versions of Blake2 available on x86, too Python 3.14.0a1 in Fedora Open upstream
440 Pass main_tstate to update_global_state_for_extension() Python 3.13.0rc2 in Fedora Fixed upstream
439 Handle an empty AST body when reporting tracebacks Python 3.13.0rc2 in Fedora Fixed upstream
438 Fix ThreadedVSOCKSocketStreamTest Python 3.8 to 3.11 in Fedora Fixed upstream on 3.12+
437 CVE-2024-6232 - Catastrophic backtracking in tarfile Everywhere Fixed upstream
436 CVE-2024-8088 - Sanitize names in zipfile.Path Everywhere Fixed upstream
435 CVE-2024-6923 - newlines in email headers Everywhere Fixed upstream
434 gh-122728: Fix SystemError in PyEval_GetLocals() Python 3.13.0rc1 in Fedora Fixed upstream
433 gh-122300: Preserve AST nodes for format specifiers with single elements Python 3.13.0b4 in Fedora Fixed upstream
432 gh-122014: Account with abi_thread in test_sysconfig.test_user_similar Python 3.13.0b4 in Fedora Fixed upstream
431 CVE-2024-4032 - incorrect IPv4 and IPv6 private ranges Everywhere Fixed upstream
430 Fix ~/.python_history emptying Python 3.13.0b3 in Fedora Fixed upstream
429 Fix JIT build race condition Python 3.13.0b2 in Fedora Fixed upstream
428 Fix PGO tests in free-threaded build Python 3.13.0b1 in Fedora Fixed upstream
427 CVE-2024-0450 Python 3 in CentOS Stream 8 Fixed upstream in 3.8+
426 CVE-2023-6597 Python 3 in CentOS Stream 8 Fixed upstream in 3.8+
425 Fix test_makefile_test_folders Python 3.13.0a6, 3.12 in Fedora Fixed upstream
424 Remove internal usage of @LIBPYTHON@ Python 3.13.0a5 in Fedora Fixed upstream
423 Add triplets for mips-r6 and riscv Python 3.6 in Fedora Fixed upstream for 3.8+
422 Fix tests for XMLPullParser with Expat 2.6.0 Python 3.12 and older in Fedora Fixed upstream
421 Fix crash involving exhausted list iterator Python 3.13.0a4 in Fedora Fixed upstream in main (3.13)
420 Add again _PyCFunctionFastWithKeywords name Python 3.13.0a4 in Fedora Fixed upstream in main (3.13)
419 Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix Python 3.10, 3.9, 3.8, 3.6 in Fedora Fixed upstream in 3.8+
418 Remove generating sbom from make regen-all Python 3.13.0a3+4 and 3.12.2 in Fedora Downstream only
417 GCC 14 tkinter -Wincompatible-pointer-types Python 2.7 in Fedora Downstream only
416 Casting issue in Python 3.12 unused at the end
415 CVE-2023-27043 in email Everywhere in Fedora and RHEL Fixed upstream in main (3.13)
414 Backport of skip_on_s390x decorator Python 3.6 in RHEL 8, Python 3.9 in RHEL 9 Fixed upstream in 3.11.0a6
413 CVE-2022-48564 Python 3.6 in RHEL 8 Fixed upstream in 3.6.13
412 Include new dir test/regrtestdata in the installation Python 3.11.7 in Fedora Fixed upstream in 3.11.8
411 Intern Statically Allocated Strings Globally Considered for Python 3.12.0 in Fedora, but was not shipped before 3.12.1 Fixed upstream in 3.12.1
410 Fix implicit function declarations in configure Python 3.6 and 2.7 in Fedora Fixed upstream in 3.8+
409 Fix broken nice configure test (missing stdlib.h and unistd.h includes) Python 3.6 in Fedora Fixed upstream in 3.7+
408 CVE-2022-48560 Python 3.6 and 2.7 in RHEL 8 Fixed upstream in 3.6.11+
407 Fix implicit int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM Python 2.7, 3.9, and 3.8 in Fedora Fixed upstream in 3.10+
406 CVE-2022-48565 Python 2.7 in Fedora and RHEL Fixed upstream in 3.6+.
405 Fix C99 errors: declare functions Python 2.7 in Fedora Downstream only.
404 CVE-2023-40217 + fixups Python in RHEL Fixed upstream in 3.8+
403 Fix TLS version in tests of Python 2.7 to support OpenSSL 3.1 Python 2.7 in Fedora Fixed upstream in 3.12.0b2+
402 Add PyType_GetDict() Python 3.12.0b3 in Fedora Proposed upstream
401 Tests: Use setuptools+wheel from sysconfig.get_config_var('WHEEL_PKG_DIR') if set Python 3.12.0b1 in Fedora Proposed upstream
400 Revert removal of imp and find_module modules Python 3.12.0b1 in Fedora Downstream only
399 CVE-2023-24329 in urllib.parse Everywhere Fixed upstream
398 gh-103295: fix stack overwrite on 32-bit in perf map test harness Python 3.12.0b1 in Fedora Fixed upstream in 3.12.0b2+
397 CVE-2007-4559, PEP 706: Filter for tarfile.extractall RHEL (TBD) Not yet
396 gh-100160: Remove any deprecation warnings in asyncio.get_event_loop() Python 3.11.1 in Fedora (and possibly RHEL) Fixed upstream in 3.11.2+
395 GH-100133: fix asyncio subprocess losing stderr and stdout output Python 3.11.1 in Fedora (and possibly RHEL) Fixed upstream in 3.11.2+
394 CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder Python in RHEL Fixed upstream on 3.7+
393 IDLE - fix buggy macosx patch (caused rhbz#2142602) Python 3.10.8 in Fedora Fixed upstream
392 CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation Python 3.6 in Fedora Fixed upstream on 3.7+
391 CVE-2022-42919 - local privilege escalation via the multiprocessing forkserver start method Python 3.9+ in Fedora and RHEL 8/9 Fixed upstream
390 Fix make regen-test-levenshtein for out-of-tree builds Python 3.12.0a1 in Fedora Proposed upstream
389 Don't let --with-system-libmpdec / --with-system-expat use the vendored headers Python 3.12.0a1 in Fedora Proposed upstream
388 gzip/zlib buffer size on s390x - RHBZ#2131172 Python 3.6-3.10 in RHEL (TBD) No
387 CVE-2020-10735: large int DoS Python 2.7/3.6 in Fedora/RHEL Fixed upstream in 3.7+
386 CVE-2021-28861: open redirection in http.server Python 3.6 in Fedora and 3.6+ in RHEL Fixed upstream in 3.7+
385 Revert "bpo-23689: re module, fix memory leak..." to fix re slowdown Python 3.11.0b3 in Fedora Reverted upstream
384 Clear and reset sqlite3 statements properly in cursor iternext Python 3.11.0b3 in Fedora Fixed upstream
383 PyTuple_SET_ITEM fails to compile in C++ source Python 3.11.0b3 in Fedora Fixed upstream
382 CVE-2015-20107 Fedora and RHEL Fixed upstream
381 Ensure that AST nodes without explicit end positions can be compiled Fedora python3.11 b2 https://github.com/pytest-dev/pytest/issues/10008
380 Update SSL certs RHEL fixed upstream here and here
379 Fix OpenSSL version check for 3.0.1 Fedora python3.8 commit
378 Fix expat test suite Fedora python2.7, python3.6+ Fixed upstream
377 CVE-2022-0391 RHEL, Fedora (Py 2) Fixed upstream
376 Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ python3.10 commit
375 Fix test to enable build in i686 python2.7, 3.6 Downstream only
374 Fix asyncio initialisation guard python3.10 commit
373 Revert "bpo-40521: Per-interpreter interned strings python3.10 commit
372 CVE-2021-4189 Fixed upstream
371 Revert Fix threading._shutdown() for the main thread commit
370 Use monotonic clock for the GIL Fixed upstream
369 Change shouldRollover() methods to only rollover regular files Fixed upstream
368 CVE-2021-3737 RHEL, Fedora (Py 2) Fixed upstream
367 sysconfig's posix_user scheme has different platlib value to distutils's unix_user Python3.10.0rc2 Fix merged, will be in Python 3.10.0 final
366 CVE-2021-3733 RHEL, Fedora (Py 2) Fixed upstream
365 CVE-2021-29921 RHEL Fixed upstream
364 Don't call PyThread_exit_thread RHEL Fixed upstream
363 Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index Python 3.10.0b3 Proposed upstream
362 Reentrant threading.enumerate() call RHEL Fixed upstream
361 OpenSSL 3.0.0 compatibility RHEL and python2.7 in Fedora
360 CVE-2021-3426 Fixed upstream
359 CVE-2021-23336 RHEL Fixed upstream
358 Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms Python 3.6 and below in Fedora Fixed upstream
357 CVE-2021-3177 Python 3.8 and 3.9 in Fedora issue with links to PRs
356 Backport of -ka options for pathfix.py Python 3 in RHEL 8 only commit
355 CVE-2020-27619 Fixed upstream
354 CVE-2020-26116 - HTTP request method CRLF injection in httplib Python 2.7, 3.4 Fixed upstream in 3.5+
353 Alternative architectures' names All supported Pythons in Fedora/RHEL Downstream only
352 CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes (bpo-41004) Slated for python3.9 b5 & all maintained releases (3.5+)
351 CVE-2019-20907 Fix infinite loop in the tarfile module (bpo-39017) Slated for python3.9 b5 & all maintained releases (3.5+)
350 Fix SQLite tests (bpo-40784) python3.9 Slated for python3.9 b2, python3.8
349 fix tp_traverse visiting Py_TYPE(self) (bpo-40217, PySide2 bug) python3.9 b1 Slated for python3.9 b2
348 never enable lchmod on Linux python35 bacport of commit, upstream is doing only security fixes for python35
347 Reserved for lbalhar SCL7 fixed in 3.9
346 CVE-2020-8492 []
345 test_site fixes []
344 CVE-2019-16935 []
343 faulthandler fix for GCC 10 python34, 35 and 36 fixed upstream
342 Reserved for torsava SCL7 Downstream only
341 bpo39460 backport python39 fixed on master, will be in 3.9.0a4
340 bpo39459 backport python39 fixed on master, will be in 3.9.0a4
339 bpo16575 backport python3 (3.7, 3.8) fixed in git, will be in 3.7.7, 3.8.2.
338 test_gdb fixes for LTO []
337 Reserved for torsava []
336 Fix invocation of pip 19+ in a Python test python3 in Fedora, EL Downstream only
335 Add options to keep/add flags to pathfix python3 in Fedora Fixed upstream
334 Fix faulthandler.register(chain=True) stack python3 in RHEL7 Fixed upstream
333 Reduce the number of tests run during PGO python3 in RHEL8 Fixed upstream
332 CVE-2019-16056 python and python3 in RHEL7 Fixed upstream
331 Fix StructUnionType_paramfunc() python 3.8.0b4 Fixed upstream
330 CVE-2018-20852 python and python3 in RHEL7 Fixed upstream
329 Support OpenSSL FIPS mode python3 in RHEL8 Downstream only, partially upstream
328 Restore to TIMESTAMP invalidation mode as default in rpmbubild python3, python38 Downstream only
327 Enable TLS 1.3 post-handshake authentication in http.client python3 on RHEL8 Fixed upstream
326 On TLS 1.3 Don't set the post-handshake authentication verify flag on client side python3 on RHEL8 Fixed upstream
325 CVE-2019-9948 pythons in RHEL7 and RHEL8 Fixed upstream
324 CVE-2019-9740, CVE-2019-9947 fix python3 Fixed upstream
323 Coverity scan fixes python2 and python3 in RHEL8 Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680
322 Skip test_ssl tests on OpenSSL 1.1.1 Python 3.4 and 3.5 PR for Python 3.5
321 OpenSSL 1.1.1 support for Python 3.4 Python 3.4 in Fedora Rejected upstream and 3.4 reached EOL
320 CVE-2019-9636 and CVE-2019-10160 (regression of the first one) Python <=3.4 and 2.7 in Fedora and RHEL Fixed upstream: bpo-36216 and bpo-36742
319 Fix test_tarfile on ppc64 Python 3.6 in RHEL8 Fixed upstream: bpo-35772
318 test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 Python 3.6 in RHEL bpo-33618, bpo-32947
317 CVE-2019-5010 fix all CPythons Fixed upstream
316 mark bdist_wininst as unsupported (for the tests) python3
315 Fix FTBFS in test_email (mktime overflow) python3 on F30+ Fixed upstream
314 Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) python in RHEL7 Fixed upstream
313 Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) python in RHEL7 Fixed upstream
312 Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) not used downstream workaround
311 Fix test_dbm_gnu for gdbm 1.15 python3 in Fedora Fixed upstream
310 CVE-2018-14647 all cpythons Fixed upstream
309 CVE-2018-1000802 python2 Fixed upstream
308 TLS 1.3 related upstream fixes python3 and python36 in F29+ Fixed upstream
307 Allow to call Py_Main() after Py_Initialize() python3 in F29+ Fixed upstream
306 Fix OSERROR 17 upon semaphore creation python in RHEL7 Fixed upstream
305 Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) python in RHEL7 Fixed upstream
304 Pass os.environ to new process in test_posix::test_specify_environment python37 Fixed upstream
303 CVE-2018-1060 and CVE-2018-1061 python in RHEL7 Fixed upstream
302 Fix multiprocessing regression on newer glibcs 3.3-3.7 in F29+ Fixed upstream
301 Tools/scripts/pathfix.py: Add -n option for no backup~ python3 in F27+ Fixed upstream
300 Append the collection's name to Python's shared library file name Python Software Collections Downstream only
299 Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) python2 in F26+ Fixed upstream
298 Do not send IP addresses in SNI TLS extension python2 and python3 in F26+ Fixed upstream
297 Fix -Wint-in-bool-context warnings - issue31474 Python 2.7.14 To be fixed in 2.7.15
296 Re-add the private _set_hostport api to httplib Python in RHEL/CentOS 7.5 downstream only
295 Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port Python in RHEL/CentOS 7.5 Fixed upstream (a b c)]
294 Define TLS cipher suite on build time Python 3 on F28+ Fixed upstream
293 Fix for GC info alignment issue -- bug 1540316 python2 in F28+ Fixed upstream
292 Restore the public PyExc_RecursionErrorInst symbol Python 3 in F26+ Reported upstream
291 Fix undefined references to dlopen / dlsym when using strict symbol checks Python 3 in F28+ Fixed upstream
290 Fix a segfault with test_crypt when using libxcrypt instead of libcrypt Python 3 in F28+ Fixed upstream
289 make nis module build with new glibc python3 in F28+, python37; python2 in F28+ []
288 See User:Pviktori/Avoid_usr_bin_python_in_RPM_Build python2 in F28+ (not yet) downstream only
287 Fix hanging of all threads when trying to access an inaccessible NFS server. Python in RHEL/CentOS 7.5 Fixed upstream
286 CVE-2017-1000158 python in F25, python3 in F25, python26,33..35 Fixed upstream
285 fix nondeterministic read in test_pty python2 in Rawhide(28), F27, F26 Fixed upstream
284 add PYTHONSHOWREFCOUNT environment variable python2 in Rawhide(28), F27, F26 Fixed upstream
283 COUNT_ALLOCS tests fixes Python 2 in Rawhide (28) Fixed upstream
282 Make it more likely for the system allocator to release free()d memory arenas Python in RHEL/CentOS 7.5 Fixed upstream
281 Add context parameter to xmlrpclib.ServerProxy Python in RHEL/CentOS 7.5 Fixed upstream
280 Fix test_regrtest.test_crashed on s390x Python 2 in Rawhide (28) Fixed upstream
279 Fix memory corruption due to allocator mix Python 3 in Rawhide (28), F27, F26, F25 Fixed upstream
278 Skip failing test_sha256 from test_socket on linux kernels < 4.5 python36 Fixed upstream
277 Fix hanging tests from test_subprocess Python 3 in Rawhide (28), F27, F26 Fixed upstream
276 Increase imaplib's MAXLINE to accommodate modern mailbox sizes. Python in RHEL/CentOS 7.5 Fixed upstream
275 Fix fcntl() with integer argument on 64-bit big-endian platforms. Python in RHEL/CentOS 7.5 Fixed upstream
274 Architecture naming adjustments Python 3 in Rawhide(28) []
273 Skip test_float_with_comma (bz#1484497) Python 3 in F27, Rawhide(28) []
272 Reject newline characters in ftplib.FTP.putline() (bz#1478916) Python 3 in F26, Rawhide(27) Fixed upstream
271 Make test_asyncio to not depend on the current signal handler Python 3 in F26, Rawhide(27) Fixed upstream
270 Fix test_alpn_protocols from test_ssl Python 2 and Python 3 in F26, Rawhide(27) Fixed upstream
269 Fix python's recompilation with common build commands when using PGO Python 3 in Fedora 24 Fixed upstream
268 Set stream to None in case an _open() fails Python in RHEL/CentOS 7.4 Fixed upstream
267 Make pip installable inside a new venv when using the --system-site-packages flag Python 3 in Fedora 24-25 Fixed upstream
266 Make shutil.make_archive() to not ingore empty directories when creating a zip file Python in RHEL/CentOS 7.4 Fixed upstream
265 Protect the key list during fork() Python in RHEL/CentOS 7.4 Reported upstream
264 skip test_pass_by_value on aarch64 Rawhide(F27) Reported upstream
263 Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c Python in RHEL/CentOS 7.4 Fixed upstream
262 force C.UTF-8 when Python 3 is run under the C locale Python 3 in Rawhide(26) PEP 538
261 Use proper command line parsing in _testembed Python 3 in F26 Fixed upstream
260 Fix setuptools issues from unbundling its dependencies Python 3 in Rawhide(26) Reported upstream
259 Magic number workaround -- upstream issue 27286 Python 3 in F24-f25 Upstream commit 93602e3 (removed in 3.6)
258 skip test_aead_aes_gcm as it fails with Kernel 4.9+ Python 3 in F26 Fixed upstream
257 Workaround for wait timeouts when the system clock is set backwards (bz#1368076) Python in RHEL/CentOS 7.4 []
256 Fix Python's incorrect parsing of certain regular expressions Python in RHEL/CentOS 7.4 Fixed upstream
255 Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs Python in RHEL/CentOS 7.4 Fixed upstream
254 Fix error check, so that Random.seed actually uses OS randomness Python 3 in F26 Fixed upstream
253 Define HAVE_LONG_LONG as 1. Python 3 in F26 Fixed upstream
252 Add executable option to install.py command to make it work for entry_points Python 2 and Python 3, reverted in F27, F26 Reported upstream
251 Make pip and distutils in user environment install into separate location Python 3 in F27
250 Don't blow up on EL7 kernel (random generator) RHBZ#1410175 Python 3, python36, python35, python34 in F26 Reported upstream
249 Fix out of tree --with-dtrace builds Python 3 in F26 Fixed upstream
248 Ensure gc tracking is off when invoking weakref callbacks Python34 in EPEL Fixed upstream
247 Patch to port the ssl and hashlib module to OpenSSL 1.1.0. Python 2 and Python 3 in F26 Fixed upstream
246 Backported the build-time check for the getrandom syscall from Python 3.5.2 Python 3 in F24
245 Skip stack overflow test on 64 bits python33
244 Skip SSL tests python33
243 Build properly on MIPS python3 in F25, F26
242 HTTPoxy CVE-2016-1000110 Everywhere Fixed upstream
241 CVE-2016-5636 python in F23, python3 in F23, F24, F25, F26, Python34 in EPEL7 Fixed upstream (a b)
240 Increase test_smtplib timeouts Python in RHEL/CentOS 7.5 Fixed upstream
239 OpenSSL - "dh key too small" EL (rh-python34-rhel-6) Fixed upstream
238 CVE-2016-5699 python3 in Fedora 23, python34 in EPEL7 Fixed upstream
237 CVE-2016-0772 Everywhere Fixed upstream
231 Reserved for cstratak []
209 Fix test breakage with Pyexpat v2.2.0 Fedora Fixed upstream
208 (py3) Skip test that fails on ppc64 Python 3
207 (py3) Avoid incomplete _math.o with parallel builds Python 3 Closed upstream with different fix
206 (py3) Remove hf flag from arm triplet (Debianism) Python 3 Looks like this might be combined with patch 5001
205 (py3) configure: Make libpl respect lib64 Python 3
203 (py3) Disable tests requiring signals (due to Koji behavior) Python 3
201 (py3) Memleak fix Python 3 Upstreamed, fragment of the patch remains
200 (py3) Fix for gettext plural form headers Python 3 Upstream: bpo-36239
196 (py3) Test failure on ppc64le Python 3
194 (py3) Disable tests requiring SIGHUP (due to Koji bug) Python 3
190 gdb py-bt command fix Python 2 (used to be 189 or 198 before F29) Fixed upstream
189 (py3) Use RPM-packaged wheels for ensurepip Python 3 in f29+
Add Rewheel to ensurepip Python 3 up to f28
188 Hashlib test patch Python 3 Looks removable
186 Don't raise from py_compile Python 3 Only a test remains in downstream patch
184 Fixes build of ctypes against libffi with multilib wrapper
180 Enable ppc64p7 As is, the patch is not appropriate upstream
178 Don't duplicate various FLAGS in sysconfig values Python 3 Reported, failed review
170 Nicer C-level asserts in garbage collector Python 3 Reported, work needed to address review comments
168 distutils cflags, RHBZ#849994 Upstream bpo-36235
163 Skip test with intermittent failure
160 Skip tests that require new kernel
157 uid/gid handling, RHBZ#697470 Upstream bpo-36234
155 SELinux/httpd/ctypes workaround, RHBZ#814391 Fixed upstream (Python 3.8.0a1)
153 test_gdb fix Fedora python2 Fixed upstream (Python 2.7.14)
146 Fixes for FIPS mode Reported, stuck
143 Fix --with-tsc on ppc64 Reported, stuck
137 Skip distutils tests that fail in rpmbuild
132 unittest._skipInRpmBuild
111 Disable static libpython
103 lib64-sysconfig Python 2
102, 104 s./usr/lib./usr/lib64.
55 Systemtap support Reported, to be combined with DTrace, stalled
1 (py3) RPath Python 3
1 (py2) pydoc -g Python 2
0 Config Python 2