From Fedora Project Wiki

< SIGs‎ | Python
Revision as of 06:58, 4 November 2024 by Lbalhar (talk | contribs) (CVE-2024-9287)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The Patches

Patches on GitHub
Note that we use git to store the patches: https://github.com/fedora-python/cpython

Pushing patches upstream is tracked in the page: Upstream Python Patches.

Patch No. Patch description Where Upstream status
443 CVE-2024-9287 - Non-quoted paths in venv activation scripts Python 3.6 in Fedora and RHEL Fixed upstream in 3.9+
442 Require network resource in test_urllib2.HandlerTests.test_ftp_error Python 3.14.0a1 in Fedora Fixed upstream
441 Make vectorized versions of Blake2 available on x86, too Python 3.14.0a1 in Fedora Open upstream
440 Pass main_tstate to update_global_state_for_extension() Python 3.13.0rc2 in Fedora Fixed upstream
439 Handle an empty AST body when reporting tracebacks Python 3.13.0rc2 in Fedora Fixed upstream
438 Fix ThreadedVSOCKSocketStreamTest Python 3.8 to 3.11 in Fedora Fixed upstream on 3.12+
437 CVE-2024-6232 - Catastrophic backtracking in tarfile Everywhere Fixed upstream
436 CVE-2024-8088 - Sanitize names in zipfile.Path Everywhere Fixed upstream
435 CVE-2024-6923 - newlines in email headers Everywhere Fixed upstream
434 gh-122728: Fix SystemError in PyEval_GetLocals() Python 3.13.0rc1 in Fedora Fixed upstream
433 gh-122300: Preserve AST nodes for format specifiers with single elements Python 3.13.0b4 in Fedora Fixed upstream
432 gh-122014: Account with abi_thread in test_sysconfig.test_user_similar Python 3.13.0b4 in Fedora Fixed upstream
431 CVE-2024-4032 - incorrect IPv4 and IPv6 private ranges Everywhere Fixed upstream
430 Fix ~/.python_history emptying Python 3.13.0b3 in Fedora Fixed upstream
429 Fix JIT build race condition Python 3.13.0b2 in Fedora Fixed upstream
428 Fix PGO tests in free-threaded build Python 3.13.0b1 in Fedora Fixed upstream
427 CVE-2024-0450 Python 3 in CentOS Stream 8 Fixed upstream in 3.8+
426 CVE-2023-6597 Python 3 in CentOS Stream 8 Fixed upstream in 3.8+
425 Fix test_makefile_test_folders Python 3.13.0a6, 3.12 in Fedora Fixed upstream
424 Remove internal usage of @LIBPYTHON@ Python 3.13.0a5 in Fedora Fixed upstream
423 Add triplets for mips-r6 and riscv Python 3.6 in Fedora Fixed upstream for 3.8+
422 Fix tests for XMLPullParser with Expat 2.6.0 Python 3.12 and older in Fedora Fixed upstream
421 Fix crash involving exhausted list iterator Python 3.13.0a4 in Fedora Fixed upstream in main (3.13)
420 Add again _PyCFunctionFastWithKeywords name Python 3.13.0a4 in Fedora Fixed upstream in main (3.13)
419 Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix Python 3.10, 3.9, 3.8, 3.6 in Fedora Fixed upstream in 3.8+
418 Remove generating sbom from make regen-all Python 3.13.0a3+4 and 3.12.2 in Fedora Downstream only
417 GCC 14 tkinter -Wincompatible-pointer-types Python 2.7 in Fedora Downstream only
416 Casting issue in Python 3.12 unused at the end
415 CVE-2023-27043 in email Everywhere in Fedora and RHEL Fixed upstream in main (3.13)
414 Backport of skip_on_s390x decorator Python 3.6 in RHEL 8, Python 3.9 in RHEL 9 Fixed upstream in 3.11.0a6
413 CVE-2022-48564 Python 3.6 in RHEL 8 Fixed upstream in 3.6.13
412 Include new dir test/regrtestdata in the installation Python 3.11.7 in Fedora Fixed upstream in 3.11.8
411 Intern Statically Allocated Strings Globally Considered for Python 3.12.0 in Fedora, but was not shipped before 3.12.1 Fixed upstream in 3.12.1
410 Fix implicit function declarations in configure Python 3.6 and 2.7 in Fedora Fixed upstream in 3.8+
409 Fix broken nice configure test (missing stdlib.h and unistd.h includes) Python 3.6 in Fedora Fixed upstream in 3.7+
408 CVE-2022-48560 Python 3.6 and 2.7 in RHEL 8 Fixed upstream in 3.6.11+
407 Fix implicit int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM Python 2.7, 3.9, and 3.8 in Fedora Fixed upstream in 3.10+
406 CVE-2022-48565 Python 2.7 in Fedora and RHEL Fixed upstream in 3.6+.
405 Fix C99 errors: declare functions Python 2.7 in Fedora Downstream only.
404 CVE-2023-40217 + fixups Python in RHEL Fixed upstream in 3.8+
403 Fix TLS version in tests of Python 2.7 to support OpenSSL 3.1 Python 2.7 in Fedora Fixed upstream in 3.12.0b2+
402 Add PyType_GetDict() Python 3.12.0b3 in Fedora Proposed upstream
401 Tests: Use setuptools+wheel from sysconfig.get_config_var('WHEEL_PKG_DIR') if set Python 3.12.0b1 in Fedora Proposed upstream
400 Revert removal of imp and find_module modules Python 3.12.0b1 in Fedora Downstream only
399 CVE-2023-24329 in urllib.parse Everywhere Fixed upstream
398 gh-103295: fix stack overwrite on 32-bit in perf map test harness Python 3.12.0b1 in Fedora Fixed upstream in 3.12.0b2+
397 CVE-2007-4559, PEP 706: Filter for tarfile.extractall RHEL (TBD) Not yet
396 gh-100160: Remove any deprecation warnings in asyncio.get_event_loop() Python 3.11.1 in Fedora (and possibly RHEL) Fixed upstream in 3.11.2+
395 GH-100133: fix asyncio subprocess losing stderr and stdout output Python 3.11.1 in Fedora (and possibly RHEL) Fixed upstream in 3.11.2+
394 CVE-2022-45061 - CPU denial of service via inefficient IDNA decoder Python in RHEL Fixed upstream on 3.7+
393 IDLE - fix buggy macosx patch (caused rhbz#2142602) Python 3.10.8 in Fedora Fixed upstream
392 CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation Python 3.6 in Fedora Fixed upstream on 3.7+
391 CVE-2022-42919 - local privilege escalation via the multiprocessing forkserver start method Python 3.9+ in Fedora and RHEL 8/9 Fixed upstream
390 Fix make regen-test-levenshtein for out-of-tree builds Python 3.12.0a1 in Fedora Proposed upstream
389 Don't let --with-system-libmpdec / --with-system-expat use the vendored headers Python 3.12.0a1 in Fedora Proposed upstream
388 gzip/zlib buffer size on s390x - RHBZ#2131172 Python 3.6-3.10 in RHEL (TBD) No
387 CVE-2020-10735: large int DoS Python 2.7/3.6 in Fedora/RHEL Fixed upstream in 3.7+
386 CVE-2021-28861: open redirection in http.server Python 3.6 in Fedora and 3.6+ in RHEL Fixed upstream in 3.7+
385 Revert "bpo-23689: re module, fix memory leak..." to fix re slowdown Python 3.11.0b3 in Fedora Reverted upstream
384 Clear and reset sqlite3 statements properly in cursor iternext Python 3.11.0b3 in Fedora Fixed upstream
383 PyTuple_SET_ITEM fails to compile in C++ source Python 3.11.0b3 in Fedora Fixed upstream
382 CVE-2015-20107 Fedora and RHEL Fixed upstream
381 Ensure that AST nodes without explicit end positions can be compiled Fedora python3.11 b2 https://github.com/pytest-dev/pytest/issues/10008
380 Update SSL certs RHEL fixed upstream here and here
379 Fix OpenSSL version check for 3.0.1 Fedora python3.8 commit
378 Fix expat test suite Fedora python2.7, python3.6+ Fixed upstream
377 CVE-2022-0391 RHEL, Fedora (Py 2) Fixed upstream
376 Remove AC_C_CHAR_UNSIGNED / __CHAR_UNSIGNED__ python3.10 commit
375 Fix test to enable build in i686 python2.7, 3.6 Downstream only
374 Fix asyncio initialisation guard python3.10 commit
373 Revert "bpo-40521: Per-interpreter interned strings python3.10 commit
372 CVE-2021-4189 Fixed upstream
371 Revert Fix threading._shutdown() for the main thread commit
370 Use monotonic clock for the GIL Fixed upstream
369 Change shouldRollover() methods to only rollover regular files Fixed upstream
368 CVE-2021-3737 RHEL, Fedora (Py 2) Fixed upstream
367 sysconfig's posix_user scheme has different platlib value to distutils's unix_user Python3.10.0rc2 Fix merged, will be in Python 3.10.0 final
366 CVE-2021-3733 RHEL, Fedora (Py 2) Fixed upstream
365 CVE-2021-29921 RHEL Fixed upstream
364 Don't call PyThread_exit_thread RHEL Fixed upstream
363 Reset DeprecationWarning filters in test_importlib.test_entry_points_by_index Python 3.10.0b3 Proposed upstream
362 Reentrant threading.enumerate() call RHEL Fixed upstream
361 OpenSSL 3.0.0 compatibility RHEL and python2.7 in Fedora
360 CVE-2021-3426 Fixed upstream
359 CVE-2021-23336 RHEL Fixed upstream
358 Align pymaloc & PyGC_Head to 16 bits on 64-bit platforms Python 3.6 and below in Fedora Fixed upstream
357 CVE-2021-3177 Python 3.8 and 3.9 in Fedora issue with links to PRs
356 Backport of -ka options for pathfix.py Python 3 in RHEL 8 only commit
355 CVE-2020-27619 Fixed upstream
354 CVE-2020-26116 - HTTP request method CRLF injection in httplib Python 2.7, 3.4 Fixed upstream in 3.5+
353 Alternative architectures' names All supported Pythons in Fedora/RHEL Downstream only
352 CVE-2020-14422 DoS via inefficiency in IPv{4,6}Interface classes (bpo-41004) Slated for python3.9 b5 & all maintained releases (3.5+)
351 CVE-2019-20907 Fix infinite loop in the tarfile module (bpo-39017) Slated for python3.9 b5 & all maintained releases (3.5+)
350 Fix SQLite tests (bpo-40784) python3.9 Slated for python3.9 b2, python3.8
349 fix tp_traverse visiting Py_TYPE(self) (bpo-40217, PySide2 bug) python3.9 b1 Slated for python3.9 b2
348 never enable lchmod on Linux python35 bacport of commit, upstream is doing only security fixes for python35
347 Reserved for lbalhar SCL7 fixed in 3.9
346 CVE-2020-8492 []
345 test_site fixes []
344 CVE-2019-16935 []
343 faulthandler fix for GCC 10 python34, 35 and 36 fixed upstream
342 Reserved for torsava SCL7 Downstream only
341 bpo39460 backport python39 fixed on master, will be in 3.9.0a4
340 bpo39459 backport python39 fixed on master, will be in 3.9.0a4
339 bpo16575 backport python3 (3.7, 3.8) fixed in git, will be in 3.7.7, 3.8.2.
338 test_gdb fixes for LTO []
337 Reserved for torsava []
336 Fix invocation of pip 19+ in a Python test python3 in Fedora, EL Downstream only
335 Add options to keep/add flags to pathfix python3 in Fedora Fixed upstream
334 Fix faulthandler.register(chain=True) stack python3 in RHEL7 Fixed upstream
333 Reduce the number of tests run during PGO python3 in RHEL8 Fixed upstream
332 CVE-2019-16056 python and python3 in RHEL7 Fixed upstream
331 Fix StructUnionType_paramfunc() python 3.8.0b4 Fixed upstream
330 CVE-2018-20852 python and python3 in RHEL7 Fixed upstream
329 Support OpenSSL FIPS mode python3 in RHEL8 Downstream only, partially upstream
328 Restore to TIMESTAMP invalidation mode as default in rpmbubild python3, python38 Downstream only
327 Enable TLS 1.3 post-handshake authentication in http.client python3 on RHEL8 Fixed upstream
326 On TLS 1.3 Don't set the post-handshake authentication verify flag on client side python3 on RHEL8 Fixed upstream
325 CVE-2019-9948 pythons in RHEL7 and RHEL8 Fixed upstream
324 CVE-2019-9740, CVE-2019-9947 fix python3 Fixed upstream
323 Coverity scan fixes python2 and python3 in RHEL8 Fixed upstream, bpo issues: 36367, 36292, 36291, 36262, 36289, 36212, 36147, 36186, 35680
322 Skip test_ssl tests on OpenSSL 1.1.1 Python 3.4 and 3.5 PR for Python 3.5
321 OpenSSL 1.1.1 support for Python 3.4 Python 3.4 in Fedora Rejected upstream and 3.4 reached EOL
320 CVE-2019-9636 and CVE-2019-10160 (regression of the first one) Python <=3.4 and 2.7 in Fedora and RHEL Fixed upstream: bpo-36216 and bpo-36742
319 Fix test_tarfile on ppc64 Python 3.6 in RHEL8 Fixed upstream: bpo-35772
318 test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 Python 3.6 in RHEL bpo-33618, bpo-32947
317 CVE-2019-5010 fix all CPythons Fixed upstream
316 mark bdist_wininst as unsupported (for the tests) python3
315 Fix FTBFS in test_email (mktime overflow) python3 on F30+ Fixed upstream
314 Python can sometimes create incorrect .pyc files: check I/O error (rhbz#1629982) python in RHEL7 Fixed upstream
313 Verify the value of '-s' when execute the CLI of cProfile (rhbz#1160640) python in RHEL7 Fixed upstream
312 Workaround for bz1644936 (reverts 3b699932e5ac3 temporarily) not used downstream workaround
311 Fix test_dbm_gnu for gdbm 1.15 python3 in Fedora Fixed upstream
310 CVE-2018-14647 all cpythons Fixed upstream
309 CVE-2018-1000802 python2 Fixed upstream
308 TLS 1.3 related upstream fixes python3 and python36 in F29+ Fixed upstream
307 Allow to call Py_Main() after Py_Initialize() python3 in F29+ Fixed upstream
306 Fix OSERROR 17 upon semaphore creation python in RHEL7 Fixed upstream
305 Remove 3DES from the cipher list to mitigate CVE-2016-2183 (sweet32) python in RHEL7 Fixed upstream
304 Pass os.environ to new process in test_posix::test_specify_environment python37 Fixed upstream
303 CVE-2018-1060 and CVE-2018-1061 python in RHEL7 Fixed upstream
302 Fix multiprocessing regression on newer glibcs 3.3-3.7 in F29+ Fixed upstream
301 Tools/scripts/pathfix.py: Add -n option for no backup~ python3 in F27+ Fixed upstream
300 Append the collection's name to Python's shared library file name Python Software Collections Downstream only
299 Fix ssl module, Python 2.7 doesn't have Py_MAX (fixup for 298) python2 in F26+ Fixed upstream
298 Do not send IP addresses in SNI TLS extension python2 and python3 in F26+ Fixed upstream
297 Fix -Wint-in-bool-context warnings - issue31474 Python 2.7.14 To be fixed in 2.7.15
296 Re-add the private _set_hostport api to httplib Python in RHEL/CentOS 7.5 downstream only
295 Fix http.client.HTTPConnection tunneling and HTTPConnection.set_tunnel with default port Python in RHEL/CentOS 7.5 Fixed upstream (a b c)]
294 Define TLS cipher suite on build time Python 3 on F28+ Fixed upstream
293 Fix for GC info alignment issue -- bug 1540316 python2 in F28+ Fixed upstream
292 Restore the public PyExc_RecursionErrorInst symbol Python 3 in F26+ Reported upstream
291 Fix undefined references to dlopen / dlsym when using strict symbol checks Python 3 in F28+ Fixed upstream
290 Fix a segfault with test_crypt when using libxcrypt instead of libcrypt Python 3 in F28+ Fixed upstream
289 make nis module build with new glibc python3 in F28+, python37; python2 in F28+ []
288 See User:Pviktori/Avoid_usr_bin_python_in_RPM_Build python2 in F28+ (not yet) downstream only
287 Fix hanging of all threads when trying to access an inaccessible NFS server. Python in RHEL/CentOS 7.5 Fixed upstream
286 CVE-2017-1000158 python in F25, python3 in F25, python26,33..35 Fixed upstream
285 fix nondeterministic read in test_pty python2 in Rawhide(28), F27, F26 Fixed upstream
284 add PYTHONSHOWREFCOUNT environment variable python2 in Rawhide(28), F27, F26 Fixed upstream
283 COUNT_ALLOCS tests fixes Python 2 in Rawhide (28) Fixed upstream
282 Make it more likely for the system allocator to release free()d memory arenas Python in RHEL/CentOS 7.5 Fixed upstream
281 Add context parameter to xmlrpclib.ServerProxy Python in RHEL/CentOS 7.5 Fixed upstream
280 Fix test_regrtest.test_crashed on s390x Python 2 in Rawhide (28) Fixed upstream
279 Fix memory corruption due to allocator mix Python 3 in Rawhide (28), F27, F26, F25 Fixed upstream
278 Skip failing test_sha256 from test_socket on linux kernels < 4.5 python36 Fixed upstream
277 Fix hanging tests from test_subprocess Python 3 in Rawhide (28), F27, F26 Fixed upstream
276 Increase imaplib's MAXLINE to accommodate modern mailbox sizes. Python in RHEL/CentOS 7.5 Fixed upstream
275 Fix fcntl() with integer argument on 64-bit big-endian platforms. Python in RHEL/CentOS 7.5 Fixed upstream
274 Architecture naming adjustments Python 3 in Rawhide(28) []
273 Skip test_float_with_comma (bz#1484497) Python 3 in F27, Rawhide(28) []
272 Reject newline characters in ftplib.FTP.putline() (bz#1478916) Python 3 in F26, Rawhide(27) Fixed upstream
271 Make test_asyncio to not depend on the current signal handler Python 3 in F26, Rawhide(27) Fixed upstream
270 Fix test_alpn_protocols from test_ssl Python 2 and Python 3 in F26, Rawhide(27) Fixed upstream
269 Fix python's recompilation with common build commands when using PGO Python 3 in Fedora 24 Fixed upstream
268 Set stream to None in case an _open() fails Python in RHEL/CentOS 7.4 Fixed upstream
267 Make pip installable inside a new venv when using the --system-site-packages flag Python 3 in Fedora 24-25 Fixed upstream
266 Make shutil.make_archive() to not ingore empty directories when creating a zip file Python in RHEL/CentOS 7.4 Fixed upstream
265 Protect the key list during fork() Python in RHEL/CentOS 7.4 Reported upstream
264 skip test_pass_by_value on aarch64 Rawhide(F27) Reported upstream
263 Fix reference leaks of certfile_bytes and keyfile_bytes at _ssl.c Python in RHEL/CentOS 7.4 Fixed upstream
262 force C.UTF-8 when Python 3 is run under the C locale Python 3 in Rawhide(26) PEP 538
261 Use proper command line parsing in _testembed Python 3 in F26 Fixed upstream
260 Fix setuptools issues from unbundling its dependencies Python 3 in Rawhide(26) Reported upstream
259 Magic number workaround -- upstream issue 27286 Python 3 in F24-f25 Upstream commit 93602e3 (removed in 3.6)
258 skip test_aead_aes_gcm as it fails with Kernel 4.9+ Python 3 in F26 Fixed upstream
257 Workaround for wait timeouts when the system clock is set backwards (bz#1368076) Python in RHEL/CentOS 7.4 []
256 Fix Python's incorrect parsing of certain regular expressions Python in RHEL/CentOS 7.4 Fixed upstream
255 Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs Python in RHEL/CentOS 7.4 Fixed upstream
254 Fix error check, so that Random.seed actually uses OS randomness Python 3 in F26 Fixed upstream
253 Define HAVE_LONG_LONG as 1. Python 3 in F26 Fixed upstream
252 Add executable option to install.py command to make it work for entry_points Python 2 and Python 3, reverted in F27, F26 Reported upstream
251 Make pip and distutils in user environment install into separate location Python 3 in F27
250 Don't blow up on EL7 kernel (random generator) RHBZ#1410175 Python 3, python36, python35, python34 in F26 Reported upstream
249 Fix out of tree --with-dtrace builds Python 3 in F26 Fixed upstream
248 Ensure gc tracking is off when invoking weakref callbacks Python34 in EPEL Fixed upstream
247 Patch to port the ssl and hashlib module to OpenSSL 1.1.0. Python 2 and Python 3 in F26 Fixed upstream
246 Backported the build-time check for the getrandom syscall from Python 3.5.2 Python 3 in F24
245 Skip stack overflow test on 64 bits python33
244 Skip SSL tests python33
243 Build properly on MIPS python3 in F25, F26
242 HTTPoxy CVE-2016-1000110 Everywhere Fixed upstream
241 CVE-2016-5636 python in F23, python3 in F23, F24, F25, F26, Python34 in EPEL7 Fixed upstream (a b)
240 Increase test_smtplib timeouts Python in RHEL/CentOS 7.5 Fixed upstream
239 OpenSSL - "dh key too small" EL (rh-python34-rhel-6) Fixed upstream
238 CVE-2016-5699 python3 in Fedora 23, python34 in EPEL7 Fixed upstream
237 CVE-2016-0772 Everywhere Fixed upstream
231 Reserved for cstratak []
209 Fix test breakage with Pyexpat v2.2.0 Fedora Fixed upstream
208 (py3) Skip test that fails on ppc64 Python 3
207 (py3) Avoid incomplete _math.o with parallel builds Python 3 Closed upstream with different fix
206 (py3) Remove hf flag from arm triplet (Debianism) Python 3 Looks like this might be combined with patch 5001
205 (py3) configure: Make libpl respect lib64 Python 3
203 (py3) Disable tests requiring signals (due to Koji behavior) Python 3
201 (py3) Memleak fix Python 3 Upstreamed, fragment of the patch remains
200 (py3) Fix for gettext plural form headers Python 3 Upstream: bpo-36239
196 (py3) Test failure on ppc64le Python 3
194 (py3) Disable tests requiring SIGHUP (due to Koji bug) Python 3
190 gdb py-bt command fix Python 2 (used to be 189 or 198 before F29) Fixed upstream
189 (py3) Use RPM-packaged wheels for ensurepip Python 3 in f29+
Add Rewheel to ensurepip Python 3 up to f28
188 Hashlib test patch Python 3 Looks removable
186 Don't raise from py_compile Python 3 Only a test remains in downstream patch
184 Fixes build of ctypes against libffi with multilib wrapper
180 Enable ppc64p7 As is, the patch is not appropriate upstream
178 Don't duplicate various FLAGS in sysconfig values Python 3 Reported, failed review
170 Nicer C-level asserts in garbage collector Python 3 Reported, work needed to address review comments
168 distutils cflags, RHBZ#849994 Upstream bpo-36235
163 Skip test with intermittent failure
160 Skip tests that require new kernel
157 uid/gid handling, RHBZ#697470 Upstream bpo-36234
155 SELinux/httpd/ctypes workaround, RHBZ#814391 Fixed upstream (Python 3.8.0a1)
153 test_gdb fix Fedora python2 Fixed upstream (Python 2.7.14)
146 Fixes for FIPS mode Reported, stuck
143 Fix --with-tsc on ppc64 Reported, stuck
137 Skip distutils tests that fail in rpmbuild
132 unittest._skipInRpmBuild
111 Disable static libpython
103 lib64-sysconfig Python 2
102, 104 s./usr/lib./usr/lib64.
55 Systemtap support Reported, to be combined with DTrace, stalled
1 (py3) RPath Python 3
1 (py2) pydoc -g Python 2
0 Config Python 2