From 552eb34bb57edb545b4811f9903a6317c0d74f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Wed, 23 Apr 2025 13:54:45 +0200 Subject: [PATCH] Regenerate patches with updated importpatches script --- 00001-rpath.patch | 5 +++-- 00102-lib64.patch | 4 ++-- 00111-no-static-lib.patch | 2 +- 00132-add-rpmbuild-hooks-to-unittest.patch | 2 +- 00155-avoid-ctypes-thunks.patch | 3 +-- 00160-disable-test_fs_holes-in-rpm-build.patch | 2 +- 00163-disable-parts-of-test_socket-in-rpm-build.patch | 2 +- 00170-gc-assertions.patch | 4 ++-- 00189-use-rpm-wheels.patch | 2 +- 00251-change-user-install-location.patch | 2 +- 00262-pep538_coerce_legacy_c_locale.patch | 2 +- 00292-restore-PyExc_RecursionErrorInst-symbol.patch | 2 +- 00294-define-TLS-cipher-suite-on-build-time.patch | 2 +- 00319-test_tarfile_ppc64.patch | 2 +- 00343-faulthandler-gcc10.patch | 2 +- 00353-architecture-names-upstream-downstream.patch | 2 +- ...tions-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch | 2 +- 00361-openssl-3-compatibility.patch | 2 +- 00375-fix-test_distance-to-enable-build-on-i686.patch | 2 +- 00378-support-expat-2-4-5.patch | 2 +- 00382-cve-2015-20107.patch | 2 +- 00386-cve-2021-28861.patch | 2 +- 00387-cve-2020-10735-prevent-dos-by-very-large-int.patch | 2 +- ...cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch | 2 +- ...-cpu-denial-of-service-via-inefficient-idna-decoder.patch | 4 ++-- ...706-cve-2007-4559-filter-api-for-tarfile-extractall.patch | 3 +-- 00399-cve-2023-24329.patch | 2 +- ...warning-in-configure-check-for-pthread_scope_system.patch | 4 ++-- 00409-bpo-13497-fix-broken-nice-configure-test.patch | 2 +- ...598-fix-implicit-function-declarations-in-configure.patch | 3 +-- ...eject-malformed-addresses-in-email-parseaddr-111116.patch | 4 ++-- ...ime_version-with-non-int-suffix-gh-112771-gh-112774.patch | 4 ++-- ...115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch | 3 +-- 00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch | 2 +- 00426-cve-2023-6597.patch | 2 +- 00427-zipextfile-tell-and-seek-cve-2024-0450.patch | 2 +- 00431-cve-2024-4032.patch | 2 +- 00435-gh-121650-encode-newlines-in-headers-and-verify.patch | 4 ++-- ...32-remove-backtracking-when-parsing-tarfile-headers.patch | 3 +-- ...1-quote-template-strings-in-venv-activation-scripts.patch | 3 +-- 00444-security-fix-for-cve-2024-11168.patch | 2 +- 00446-Resolve-sinpi-name-clash-with-libm.patch | 2 +- ...square-brackets-and-in-domain-names-for-parsed-urls.patch | 4 ++-- ...y-apply-exported-cflags-for-dtrace-systemtap-builds.patch | 3 +-- 00457-ssl-raise-oserror-for-err_lib_sys.patch | 2 +- 45 files changed, 55 insertions(+), 61 deletions(-) diff --git a/00001-rpath.patch b/00001-rpath.patch index 5ab70f9..473b240 100644 --- a/00001-rpath.patch +++ b/00001-rpath.patch @@ -1,8 +1,9 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 13 Jan 2010 21:25:18 +0000 -Subject: [PATCH] 00001: Fixup distutils/unixccompiler.py to remove standard - library path from rpath Was Patch0 in ivazquez' python3000 specfile +Subject: =?UTF-8?q?00001:=20Fixup=20distutils/unixccompiler.py=20to=20remo?= + =?UTF-8?q?ve=20standard=20library=20path=20from=20rpath=0AWas=20Patch0=20?= + =?UTF-8?q?in=20ivazquez'=20python3000=20specfile?= --- Lib/distutils/unixccompiler.py | 9 +++++++++ diff --git a/00102-lib64.patch b/00102-lib64.patch index 4567a65..1fcf747 100644 --- a/00102-lib64.patch +++ b/00102-lib64.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 13 Jan 2010 21:25:18 +0000 -Subject: [PATCH] 00102: Change the various install paths to use /usr/lib64/ - instead or /usr/lib/ +Subject: 00102: Change the various install paths to use /usr/lib64/ instead or + /usr/lib/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00111-no-static-lib.patch b/00111-no-static-lib.patch index 630b6db..87ce20f 100644 --- a/00111-no-static-lib.patch +++ b/00111-no-static-lib.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Mon, 18 Jan 2010 17:59:07 +0000 -Subject: [PATCH] 00111: Don't try to build a libpythonMAJOR.MINOR.a +Subject: 00111: Don't try to build a libpythonMAJOR.MINOR.a MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00132-add-rpmbuild-hooks-to-unittest.patch b/00132-add-rpmbuild-hooks-to-unittest.patch index f5db1b1..6c4393b 100644 --- a/00132-add-rpmbuild-hooks-to-unittest.patch +++ b/00132-add-rpmbuild-hooks-to-unittest.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:54:05 +0200 -Subject: [PATCH] 00132: Add rpmbuild hooks to unittest +Subject: 00132: Add rpmbuild hooks to unittest Add non-standard hooks to unittest for use in the "check" phase, when running selftests within the build: diff --git a/00155-avoid-ctypes-thunks.patch b/00155-avoid-ctypes-thunks.patch index c1e06e9..a2824b2 100644 --- a/00155-avoid-ctypes-thunks.patch +++ b/00155-avoid-ctypes-thunks.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:02:24 +0200 -Subject: [PATCH] 00155: avoid allocating thunks in ctypes unless absolutely - necessary +Subject: 00155: avoid allocating thunks in ctypes unless absolutely necessary Avoid allocating thunks in ctypes unless absolutely necessary, to avoid generating SELinux denials on "import ctypes" and "import uuid" when diff --git a/00160-disable-test_fs_holes-in-rpm-build.patch b/00160-disable-test_fs_holes-in-rpm-build.patch index ed979b8..eb3a2db 100644 --- a/00160-disable-test_fs_holes-in-rpm-build.patch +++ b/00160-disable-test_fs_holes-in-rpm-build.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:57:09 +0200 -Subject: [PATCH] 00160: Disable test_fs_holes in RPM build +Subject: 00160: Disable test_fs_holes in RPM build Python 3.3 added os.SEEK_DATA and os.SEEK_HOLE, which may be present in the header files in the build chroot, but may not be supported in the running diff --git a/00163-disable-parts-of-test_socket-in-rpm-build.patch b/00163-disable-parts-of-test_socket-in-rpm-build.patch index 13b7428..f42eac7 100644 --- a/00163-disable-parts-of-test_socket-in-rpm-build.patch +++ b/00163-disable-parts-of-test_socket-in-rpm-build.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:58:24 +0200 -Subject: [PATCH] 00163: Disable parts of test_socket in RPM build +Subject: 00163: Disable parts of test_socket in RPM build Some tests within test_socket fail intermittently when run inside Koji; disable them using unittest._skipInRpmBuild diff --git a/00170-gc-assertions.patch b/00170-gc-assertions.patch index 1ff22b4..1fe7cf3 100644 --- a/00170-gc-assertions.patch +++ b/00170-gc-assertions.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Fri, 19 Jun 2020 16:05:07 +0200 -Subject: [PATCH] 00170: In debug builds, try to print repr() when a C-level - assert fails +Subject: 00170: In debug builds, try to print repr() when a C-level assert + fails In debug builds, try to print repr() when a C-level assert fails in the garbage collector (typically indicating a reference-counting error diff --git a/00189-use-rpm-wheels.patch b/00189-use-rpm-wheels.patch index 5350ea4..6f9690a 100644 --- a/00189-use-rpm-wheels.patch +++ b/00189-use-rpm-wheels.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Wed, 15 Aug 2018 15:36:29 +0200 -Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels +Subject: 00189: Instead of bundled wheels, use our RPM packaged wheels We keep them in /usr/share/python-wheels --- diff --git a/00251-change-user-install-location.patch b/00251-change-user-install-location.patch index 4e18773..bc0c75e 100644 --- a/00251-change-user-install-location.patch +++ b/00251-change-user-install-location.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Michal Cyprian Date: Mon, 26 Jun 2017 16:32:56 +0200 -Subject: [PATCH] 00251: Change user install location +Subject: 00251: Change user install location Set values of prefix and exec_prefix in distutils install command to /usr/local if executable is /usr/bin/python* and RPM build diff --git a/00262-pep538_coerce_legacy_c_locale.patch b/00262-pep538_coerce_legacy_c_locale.patch index de74c31..1acae8d 100644 --- a/00262-pep538_coerce_legacy_c_locale.patch +++ b/00262-pep538_coerce_legacy_c_locale.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Fri, 19 Jun 2020 17:02:52 +0200 -Subject: [PATCH] 00262: PEP538 - Coerce legacy C locale +Subject: 00262: PEP538 - Coerce legacy C locale MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00292-restore-PyExc_RecursionErrorInst-symbol.patch b/00292-restore-PyExc_RecursionErrorInst-symbol.patch index 5ab1bda..297fff8 100644 --- a/00292-restore-PyExc_RecursionErrorInst-symbol.patch +++ b/00292-restore-PyExc_RecursionErrorInst-symbol.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Charalampos Stratakis Date: Fri, 19 Jun 2020 17:06:08 +0200 -Subject: [PATCH] 00292: Restore PyExc_RecursionErrorInst symbol +Subject: 00292: Restore PyExc_RecursionErrorInst symbol Restore the public PyExc_RecursionErrorInst symbol that was removed from the 3.6.4 release upstream. diff --git a/00294-define-TLS-cipher-suite-on-build-time.patch b/00294-define-TLS-cipher-suite-on-build-time.patch index 04e187d..c11b05f 100644 --- a/00294-define-TLS-cipher-suite-on-build-time.patch +++ b/00294-define-TLS-cipher-suite-on-build-time.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 19 Jun 2020 17:13:03 +0200 -Subject: [PATCH] 00294: Define TLS cipher suite on build time +Subject: 00294: Define TLS cipher suite on build time Define TLS cipher suite on build time depending on the OpenSSL default cipher suite selection. diff --git a/00319-test_tarfile_ppc64.patch b/00319-test_tarfile_ppc64.patch index 37b5be8..4686991 100644 --- a/00319-test_tarfile_ppc64.patch +++ b/00319-test_tarfile_ppc64.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 21 Jan 2019 01:44:30 -0800 -Subject: [PATCH] 00319: test_tarfile_ppc64 +Subject: 00319: test_tarfile_ppc64 Fix sparse file tests of test_tarfile on ppc64le with the tmpfs filesystem. diff --git a/00343-faulthandler-gcc10.patch b/00343-faulthandler-gcc10.patch index 068b117..38c9e56 100644 --- a/00343-faulthandler-gcc10.patch +++ b/00343-faulthandler-gcc10.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 19 Jun 2020 17:16:05 +0200 -Subject: [PATCH] 00343: Fix test_faulthandler on GCC 10 +Subject: 00343: Fix test_faulthandler on GCC 10 bpo-21131: Fix faulthandler.register(chain=True) stack (GH-15276) https://bugs.python.org/issue21131 diff --git a/00353-architecture-names-upstream-downstream.patch b/00353-architecture-names-upstream-downstream.patch index 13f2655..fa166c7 100644 --- a/00353-architecture-names-upstream-downstream.patch +++ b/00353-architecture-names-upstream-downstream.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Tue, 4 Aug 2020 12:04:03 +0200 -Subject: [PATCH] 00353: Original names for architectures with different names +Subject: 00353: Original names for architectures with different names downstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch b/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch index 063eb4c..62ef5f7 100644 --- a/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch +++ b/00358-align-allocations-and-pygc_head-to-16-bytes-on-64-bit-platforms.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Inada Naoki Date: Mon, 3 Jun 2019 10:51:32 +0900 -Subject: [PATCH] 00358: align allocations and PyGC_Head to 16 bytes on 64-bit +Subject: 00358: align allocations and PyGC_Head to 16 bytes on 64-bit platforms Upstream bug: https://bugs.python.org/issue27987 diff --git a/00361-openssl-3-compatibility.patch b/00361-openssl-3-compatibility.patch index 768d8f1..5e3d454 100644 --- a/00361-openssl-3-compatibility.patch +++ b/00361-openssl-3-compatibility.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Sat, 7 Dec 2019 09:20:43 -0800 -Subject: [PATCH] 00361: openssl-3-compatibility +Subject: 00361: openssl-3-compatibility Backported from Python 3.8 diff --git a/00375-fix-test_distance-to-enable-build-on-i686.patch b/00375-fix-test_distance-to-enable-build-on-i686.patch index 0eb47b5..f9bf53a 100644 --- a/00375-fix-test_distance-to-enable-build-on-i686.patch +++ b/00375-fix-test_distance-to-enable-build-on-i686.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Karolina Surma Date: Mon, 24 Jan 2022 09:28:30 +0100 -Subject: [PATCH] 00375: Fix test_distance to enable build on i686 +Subject: 00375: Fix test_distance to enable build on i686 Fix precision in test_distance (test.test_turtle.TestVec2D). See: https://bugzilla.redhat.com/show_bug.cgi?id=2038843 diff --git a/00378-support-expat-2-4-5.patch b/00378-support-expat-2-4-5.patch index 9bbf2a9..29d2fc0 100644 --- a/00378-support-expat-2-4-5.patch +++ b/00378-support-expat-2-4-5.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 21 Feb 2022 15:48:32 +0100 -Subject: [PATCH] 00378: Support expat 2.4.5 +Subject: 00378: Support expat 2.4.5 Curly brackets were never allowed in namespace URIs according to RFC 3986, and so-called namespace-validating diff --git a/00382-cve-2015-20107.patch b/00382-cve-2015-20107.patch index 9e981e2..54ee58b 100644 --- a/00382-cve-2015-20107.patch +++ b/00382-cve-2015-20107.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Fri, 3 Jun 2022 11:43:35 +0200 -Subject: [PATCH] 00382: CVE-2015-20107 +Subject: 00382: CVE-2015-20107 Make mailcap refuse to match unsafe filenames/types/params (GH-91993) diff --git a/00386-cve-2021-28861.patch b/00386-cve-2021-28861.patch index 080026b..aee9311 100644 --- a/00386-cve-2021-28861.patch +++ b/00386-cve-2021-28861.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Wed, 22 Jun 2022 15:05:00 -0700 -Subject: [PATCH] 00386: CVE-2021-28861 +Subject: 00386: CVE-2021-28861 Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header diff --git a/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch b/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch index 8ec1957..7b6dfa0 100644 --- a/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch +++ b/00387-cve-2020-10735-prevent-dos-by-very-large-int.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 15 Sep 2022 17:35:24 +0200 -Subject: [PATCH] 00387: CVE-2020-10735: Prevent DoS by very large int() +Subject: 00387: CVE-2020-10735: Prevent DoS by very large int() gh-95778: CVE-2020-10735: Prevent DoS by very large int() (GH-96504) diff --git a/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch b/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch index cd71363..7f3e9cf 100644 --- a/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch +++ b/00392-cve-2022-37454-fix-buffer-overflows-in-_sha3-module.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Fri, 21 Oct 2022 20:37:54 -0700 -Subject: [PATCH] 00392: CVE-2022-37454: Fix buffer overflows in _sha3 module +Subject: 00392: CVE-2022-37454: Fix buffer overflows in _sha3 module This is a port of the applicable part of XKCP's fix [1] for CVE-2022-37454 and avoids the segmentation fault and the infinite diff --git a/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch b/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch index 2eb1aa0..23caf79 100644 --- a/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch +++ b/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch @@ -2,8 +2,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 7 Nov 2022 19:22:14 -0800 -Subject: [PATCH] 00394: CVE-2022-45061: CPU denial of service via inefficient - IDNA decoder +Subject: 00394: CVE-2022-45061: CPU denial of service via inefficient IDNA + decoder gh-98433: Fix quadratic time idna decoding. diff --git a/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch b/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch index b158945..745981a 100644 --- a/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch +++ b/00397-pep-706-cve-2007-4559-filter-api-for-tarfile-extractall.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 7 Jun 2023 14:53:48 +0200 -Subject: [PATCH] 00397: PEP 706, CVE-2007-4559: Filter API for - tarfile.extractall +Subject: 00397: PEP 706, CVE-2007-4559: Filter API for tarfile.extractall Add API for allowing checks on the content of tar files, allowing callers to mitigate directory traversal (CVE-2007-4559) and related issues. diff --git a/00399-cve-2023-24329.patch b/00399-cve-2023-24329.patch index 36bf6e9..503bf7f 100644 --- a/00399-cve-2023-24329.patch +++ b/00399-cve-2023-24329.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 22 May 2023 03:42:37 -0700 -Subject: [PATCH] 00399: CVE-2023-24329 +Subject: 00399: CVE-2023-24329 gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) diff --git a/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch b/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch index 5e83173..084dfb6 100644 --- a/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch +++ b/00407-gh-99086-fix-implicit-int-compiler-warning-in-configure-check-for-pthread_scope_system.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Erlend E. Aasland" Date: Sun, 6 Nov 2022 22:39:34 +0100 -Subject: [PATCH] 00407: gh-99086: Fix implicit int compiler warning in - configure check for PTHREAD_SCOPE_SYSTEM +Subject: 00407: gh-99086: Fix implicit int compiler warning in configure check + for PTHREAD_SCOPE_SYSTEM Co-authored-by: Sam James --- diff --git a/00409-bpo-13497-fix-broken-nice-configure-test.patch b/00409-bpo-13497-fix-broken-nice-configure-test.patch index b4a9205..6fba071 100644 --- a/00409-bpo-13497-fix-broken-nice-configure-test.patch +++ b/00409-bpo-13497-fix-broken-nice-configure-test.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: ngie-eign <1574099+ngie-eign@users.noreply.github.com> Date: Mon, 25 Feb 2019 21:34:24 -0800 -Subject: [PATCH] 00409: bpo-13497: Fix `broken nice` configure test +Subject: 00409: bpo-13497: Fix `broken nice` configure test Per POSIX, `nice(3)` requires `unistd.h` and `exit(3)` requires `stdlib.h`. diff --git a/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch b/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch index 89e2a3e..56a60ee 100644 --- a/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch +++ b/00410-bpo-42598-fix-implicit-function-declarations-in-configure.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Joshua Root Date: Mon, 14 Dec 2020 07:56:34 +1100 -Subject: [PATCH] 00410: bpo-42598: Fix implicit function declarations in - configure +Subject: 00410: bpo-42598: Fix implicit function declarations in configure This is invalid in C99 and later and is an error with some compilers (e.g. clang in Xcode 12), and can thus cause configure checks to diff --git a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch index 3ae30fa..7ed9e84 100644 --- a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +++ b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 15 Dec 2023 16:10:40 +0100 -Subject: [PATCH] 00415: [CVE-2023-27043] gh-102988: Reject malformed addresses - in email.parseaddr() (#111116) +Subject: 00415: [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) Detect email address parsing errors and return empty tuple to indicate the parsing error (old API). Add an optional 'strict' diff --git a/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch b/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch index 6d68ee9..8406a8a 100644 --- a/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch +++ b/00419-gh-112769-test_zlib-fix-comparison-of-zlib_runtime_version-with-non-int-suffix-gh-112771-gh-112774.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 5 Dec 2023 21:02:06 +0100 -Subject: [PATCH] 00419: gh-112769: test_zlib: Fix comparison of - ZLIB_RUNTIME_VERSION with non-int suffix (GH-112771) (GH-112774) +Subject: 00419: gh-112769: test_zlib: Fix comparison of ZLIB_RUNTIME_VERSION + with non-int suffix (GH-112771) (GH-112774) zlib-ng defines the version as "1.3.0.zlib-ng". (cherry picked from commit d384813ff18b33280a90b6d2011654528a2b6ad1) diff --git a/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch b/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch index e053302..d9e85f8 100644 --- a/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch +++ b/00422-gh-115133-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Sun, 11 Feb 2024 12:08:39 +0200 -Subject: [PATCH] 00422: gh-115133: Fix tests for XMLPullParser with Expat - 2.6.0 +Subject: 00422: gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. diff --git a/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch b/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch index 401faef..0e4985c 100644 --- a/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch +++ b/00423-bpo-33377-add-triplets-for-mips-r6-and-riscv.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Matthias Klose Date: Mon, 30 Apr 2018 19:22:16 +0200 -Subject: [PATCH] 00423: bpo-33377: Add triplets for mips-r6 and riscv +Subject: 00423: bpo-33377: Add triplets for mips-r6 and riscv --- .../2018-04-30-16-53-00.bpo-33377.QBh6vP.rst | 2 + diff --git a/00426-cve-2023-6597.patch b/00426-cve-2023-6597.patch index 4900012..49975a6 100644 --- a/00426-cve-2023-6597.patch +++ b/00426-cve-2023-6597.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 24 Apr 2024 00:19:23 +0200 -Subject: [PATCH] 00426: CVE-2023-6597 +Subject: 00426: CVE-2023-6597 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00427-zipextfile-tell-and-seek-cve-2024-0450.patch b/00427-zipextfile-tell-and-seek-cve-2024-0450.patch index 2771a4a..dfb5424 100644 --- a/00427-zipextfile-tell-and-seek-cve-2024-0450.patch +++ b/00427-zipextfile-tell-and-seek-cve-2024-0450.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: John Jolly Date: Tue, 30 Jan 2018 01:51:35 -0700 -Subject: [PATCH] 00427: ZipExtFile tell and seek, CVE-2024-0450 +Subject: 00427: ZipExtFile tell and seek, CVE-2024-0450 Backport of seek and tell methods for ZipExtFile makes it possible to backport the fix for CVE-2024-0450. diff --git a/00431-cve-2024-4032.patch b/00431-cve-2024-4032.patch index 52cf4ec..85b343e 100644 --- a/00431-cve-2024-4032.patch +++ b/00431-cve-2024-4032.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 7 May 2024 11:58:20 +0200 -Subject: [PATCH] 00431: CVE-2024-4032: incorrect IPv4 and IPv6 private ranges +Subject: 00431: CVE-2024-4032: incorrect IPv4 and IPv6 private ranges Upstream issue: https://github.com/python/cpython/issues/113171 diff --git a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch index 32af189..e706c63 100644 --- a/00435-gh-121650-encode-newlines-in-headers-and-verify.patch +++ b/00435-gh-121650-encode-newlines-in-headers-and-verify.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Fri, 16 Aug 2024 14:12:58 +0200 -Subject: [PATCH] 00435: gh-121650: Encode newlines in headers, and verify - headers are sound (GH-122233) +Subject: =?UTF-8?q?00435:=20gh-121650:=20Encode=20newlines=20in=20headers,?= + =?UTF-8?q?=20and=20verify=0A=20headers=20are=20sound=20(GH-122233)?= Per RFC 2047: diff --git a/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch b/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch index a5f704e..3798f64 100644 --- a/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch +++ b/00437-cve-2024-6232-remove-backtracking-when-parsing-tarfile-headers.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 4 Sep 2024 10:41:42 -0500 -Subject: [PATCH] 00437: CVE-2024-6232 Remove backtracking when parsing tarfile - headers +Subject: 00437: CVE-2024-6232 Remove backtracking when parsing tarfile headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch b/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch index aa44096..2d2369f 100644 --- a/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch +++ b/00443-gh-124651-quote-template-strings-in-venv-activation-scripts.patch @@ -1,8 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 1 Nov 2024 14:11:47 +0100 -Subject: [PATCH] 00443: gh-124651: Quote template strings in `venv` activation - scripts +Subject: 00443: gh-124651: Quote template strings in `venv` activation scripts (cherry picked from 3.9) --- diff --git a/00444-security-fix-for-cve-2024-11168.patch b/00444-security-fix-for-cve-2024-11168.patch index c9b6b0f..02fc8ae 100644 --- a/00444-security-fix-for-cve-2024-11168.patch +++ b/00444-security-fix-for-cve-2024-11168.patch @@ -2,7 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Tue, 9 May 2023 23:35:24 -0700 -Subject: [PATCH] 00444: Security fix for CVE-2024-11168 +Subject: 00444: Security fix for CVE-2024-11168 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/00446-Resolve-sinpi-name-clash-with-libm.patch b/00446-Resolve-sinpi-name-clash-with-libm.patch index 6ff4d00..65c41c5 100644 --- a/00446-Resolve-sinpi-name-clash-with-libm.patch +++ b/00446-Resolve-sinpi-name-clash-with-libm.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Dima Pasechnik Date: Wed, 18 Dec 2024 14:31:08 +0100 -Subject: [PATCH] 00446: Resolve sinpi name clash with libm +Subject: 00446: Resolve sinpi name clash with libm bpo-36106: Resolve sinpi name clash with libm (IEEE-754 violation). (GH-12027) diff --git a/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch b/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch index 84d53fd..baa4595 100644 --- a/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch +++ b/00450-cve-2025-0938-disallow-square-brackets-and-in-domain-names-for-parsed-urls.patch @@ -1,8 +1,8 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Fri, 31 Jan 2025 11:41:34 -0600 -Subject: [PATCH] 00450: CVE-2025-0938: Disallow square brackets ([ and ]) in - domain names for parsed URLs +Subject: 00450: CVE-2025-0938: Disallow square brackets ([ and ]) in domain + names for parsed URLs Co-authored-by: Peter Bierma --- diff --git a/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch index e8e4636..7912134 100644 --- a/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch +++ b/00452-properly-apply-exported-cflags-for-dtrace-systemtap-builds.patch @@ -2,8 +2,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 31 Mar 2025 20:29:04 +0200 -Subject: [PATCH] 00452: Properly apply exported CFLAGS for dtrace/systemtap - builds +Subject: 00452: Properly apply exported CFLAGS for dtrace/systemtap builds When using --with-dtrace the resulting object file could be missing specific CFLAGS exported by the build system due to the systemtap diff --git a/00457-ssl-raise-oserror-for-err_lib_sys.patch b/00457-ssl-raise-oserror-for-err_lib_sys.patch index 0f8c5f4..9f2143a 100644 --- a/00457-ssl-raise-oserror-for-err_lib_sys.patch +++ b/00457-ssl-raise-oserror-for-err_lib_sys.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 3 Apr 2025 18:26:17 +0200 -Subject: [PATCH] 00457: ssl: Raise OSError for ERR_LIB_SYS +Subject: 00457: ssl: Raise OSError for ERR_LIB_SYS The patch resolves the flakiness of test_ftplib