diff --git a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
deleted file mode 100644
index 1fcc621..0000000
--- a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
+++ /dev/null
@@ -1,67 +0,0 @@
----
- Lib/test/test_pyexpat.py | 4 ++++
- Lib/test/test_sax.py | 3 +++
- Lib/test/test_xml_etree.py | 10 ++++++++++
- 3 files changed, 17 insertions(+)
-
---- a/Lib/test/test_pyexpat.py
-+++ b/Lib/test/test_pyexpat.py
-@@ -791,6 +791,10 @@ class ReparseDeferralTest(unittest.TestC
- self.assertEqual(started, ['doc'])
-
- def test_reparse_deferral_disabled(self):
-+ if expat.version_info < (2, 6, 0):
-+ self.skipTest(f'Expat {expat.version_info} does not '
-+ 'support reparse deferral')
-+
- started = []
-
- def start_element(name, _):
---- a/Lib/test/test_sax.py
-+++ b/Lib/test/test_sax.py
-@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
-
- self.assertEqual(result.getvalue(), start + b"")
-
-+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
-+ f'Expat {pyexpat.version_info} does not '
-+ 'support reparse deferral')
- def test_flush_reparse_deferral_disabled(self):
- result = BytesIO()
- xmlgen = XMLGenerator(result)
---- a/Lib/test/test_xml_etree.py
-+++ b/Lib/test/test_xml_etree.py
-@@ -121,6 +121,11 @@ ATTLIST_XML = """\
-
- """
-
-+IS_SLE_15_7 = os.environ.get("SLE_VERSION", "") == "0150700"
-+fails_with_expat_2_6_0 = (unittest.expectedFailure
-+ # 2.4 version patched in SLE
-+ if IS_SLE_15_7 and pyexpat.version_info >= (2, 4, 0) else
-+ lambda test: test)
- def checkwarnings(*filters, quiet=False):
- def decorator(test):
- def newtest(*args, **kwargs):
-@@ -1504,9 +1509,11 @@ class XMLPullParserTest(unittest.TestCas
- self.assert_event_tags(parser, [('end', 'root')])
- self.assertIsNone(parser.close())
-
-+ @fails_with_expat_2_6_0
- def test_simple_xml_chunk_1(self):
- self.test_simple_xml(chunk_size=1, flush=True)
-
-+ @fails_with_expat_2_6_0
- def test_simple_xml_chunk_5(self):
- self.test_simple_xml(chunk_size=5, flush=True)
-
-@@ -1731,6 +1738,9 @@ class XMLPullParserTest(unittest.TestCas
-
- self.assert_event_tags(parser, [('end', 'doc')])
-
-+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
-+ f'Expat {pyexpat.version_info} does not '
-+ 'support reparse deferral')
- def test_flush_reparse_deferral_disabled(self):
- parser = ET.XMLPullParser(events=('start', 'end'))
-
diff --git a/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch b/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
new file mode 100644
index 0000000..fc8d1ef
--- /dev/null
+++ b/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
@@ -0,0 +1,46 @@
+From bfc2e93d755bf496e5ef4cae9609d2823122c909 Mon Sep 17 00:00:00 2001
+From: "J. Nick Koston"
+Date: Thu, 5 Dec 2024 10:01:10 -0600
+Subject: [PATCH 01/10] Ensure writelines pauses the protocol if needed
+
+---
+ Lib/asyncio/selector_events.py | 1
+ Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++
+ Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1
+ 3 files changed, 14 insertions(+)
+
+--- a/Lib/asyncio/selector_events.py
++++ b/Lib/asyncio/selector_events.py
+@@ -1175,6 +1175,7 @@ class _SelectorSocketTransport(_Selector
+ # If the entire buffer couldn't be written, register a write handler
+ if self._buffer:
+ self._loop._add_writer(self._sock_fd, self._write_ready)
++ self._maybe_pause_protocol()
+
+ def can_write_eof(self):
+ return True
+--- a/Lib/test/test_asyncio/test_selector_events.py
++++ b/Lib/test/test_asyncio/test_selector_events.py
+@@ -805,6 +805,18 @@ class SelectorSocketTransportTests(test_
+ self.assertTrue(self.sock.send.called)
+ self.assertTrue(self.loop.writers)
+
++ def test_writelines_pauses_protocol(self):
++ data = memoryview(b'data')
++ self.sock.send.return_value = 2
++ self.sock.send.fileno.return_value = 7
++
++ transport = self.socket_transport()
++ transport._high_water = 1
++ transport.writelines([data])
++ self.assertTrue(self.protocol.pause_writing.called)
++ self.assertTrue(self.sock.send.called)
++ self.assertTrue(self.loop.writers)
++
+ @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
+ def test_write_sendmsg_full(self):
+ data = memoryview(b'data')
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+@@ -0,0 +1 @@
++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.
diff --git a/CVE-2024-9287-venv_path_unquoted.patch b/CVE-2024-9287-venv_path_unquoted.patch
deleted file mode 100644
index ac3cd17..0000000
--- a/CVE-2024-9287-venv_path_unquoted.patch
+++ /dev/null
@@ -1,303 +0,0 @@
-From 6fdc7ddc09cf59c63f80fc549c7780c97e9922e7 Mon Sep 17 00:00:00 2001
-From: Y5 <124019959+y5c4l3@users.noreply.github.com>
-Date: Tue, 22 Oct 2024 04:48:04 +0800
-Subject: [PATCH] gh-124651: Quote template strings in `venv` activation
- scripts (GH-124712)
-
-This patch properly quotes template strings in `venv` activation
-scripts. This mitigates potential command injection.
-(cherry picked from commit d48cc82ed25e26b02eb97c6263d95dcaa1e9111b)
-
-Co-authored-by: Y5 <124019959+y5c4l3@users.noreply.github.com>
----
- Lib/test/test_venv.py | 81 ++++++++++
- Lib/venv/__init__.py | 42 ++++-
- Lib/venv/scripts/common/activate | 10 -
- Lib/venv/scripts/common/activate.fish | 8
- Lib/venv/scripts/nt/activate.bat | 6
- Lib/venv/scripts/posix/activate.csh | 8
- Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst | 1
- 7 files changed, 135 insertions(+), 21 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst
-
---- a/Lib/test/test_venv.py
-+++ b/Lib/test/test_venv.py
-@@ -17,6 +17,7 @@ import subprocess
- import sys
- import sysconfig
- import tempfile
-+import shlex
- from test.support import (captured_stdout, captured_stderr,
- skip_if_broken_multiprocessing_synchronize, verbose,
- requires_subprocess, is_android, is_apple_mobile,
-@@ -110,6 +111,10 @@ class BaseTest(unittest.TestCase):
- result = f.read()
- return result
-
-+ def assertEndsWith(self, string, tail):
-+ if not string.endswith(tail):
-+ self.fail(f"String {string!r} does not end with {tail!r}")
-+
- class BasicTest(BaseTest):
- """Test venv module functionality."""
-
-@@ -488,6 +493,82 @@ class BasicTest(BaseTest):
- 'import sys; print(sys.executable)'])
- self.assertEqual(out.strip(), envpy.encode())
-
-+ # gh-124651: test quoted strings
-+ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows')
-+ def test_special_chars_bash(self):
-+ """
-+ Test that the template strings are quoted properly (bash)
-+ """
-+ rmtree(self.env_dir)
-+ bash = shutil.which('bash')
-+ if bash is None:
-+ self.skipTest('bash required for this test')
-+ env_name = '"\';&&$e|\'"'
-+ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name)
-+ builder = venv.EnvBuilder(clear=True)
-+ builder.create(env_dir)
-+ activate = os.path.join(env_dir, self.bindir, 'activate')
-+ test_script = os.path.join(self.env_dir, 'test_special_chars.sh')
-+ with open(test_script, "w") as f:
-+ f.write(f'source {shlex.quote(activate)}\n'
-+ 'python -c \'import sys; print(sys.executable)\'\n'
-+ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n'
-+ 'deactivate\n')
-+ out, err = check_output([bash, test_script])
-+ lines = out.splitlines()
-+ self.assertTrue(env_name.encode() in lines[0])
-+ self.assertEndsWith(lines[1], env_name.encode())
-+
-+ # gh-124651: test quoted strings
-+ @unittest.skipIf(os.name == 'nt', 'contains invalid characters on Windows')
-+ def test_special_chars_csh(self):
-+ """
-+ Test that the template strings are quoted properly (csh)
-+ """
-+ rmtree(self.env_dir)
-+ csh = shutil.which('tcsh') or shutil.which('csh')
-+ if csh is None:
-+ self.skipTest('csh required for this test')
-+ env_name = '"\';&&$e|\'"'
-+ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name)
-+ builder = venv.EnvBuilder(clear=True)
-+ builder.create(env_dir)
-+ activate = os.path.join(env_dir, self.bindir, 'activate.csh')
-+ test_script = os.path.join(self.env_dir, 'test_special_chars.csh')
-+ with open(test_script, "w") as f:
-+ f.write(f'source {shlex.quote(activate)}\n'
-+ 'python -c \'import sys; print(sys.executable)\'\n'
-+ 'python -c \'import os; print(os.environ["VIRTUAL_ENV"])\'\n'
-+ 'deactivate\n')
-+ out, err = check_output([csh, test_script])
-+ lines = out.splitlines()
-+ self.assertTrue(env_name.encode() in lines[0])
-+ self.assertEndsWith(lines[1], env_name.encode())
-+
-+ # gh-124651: test quoted strings on Windows
-+ @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows')
-+ def test_special_chars_windows(self):
-+ """
-+ Test that the template strings are quoted properly on Windows
-+ """
-+ rmtree(self.env_dir)
-+ env_name = "'&&^$e"
-+ env_dir = os.path.join(os.path.realpath(self.env_dir), env_name)
-+ builder = venv.EnvBuilder(clear=True)
-+ builder.create(env_dir)
-+ activate = os.path.join(env_dir, self.bindir, 'activate.bat')
-+ test_batch = os.path.join(self.env_dir, 'test_special_chars.bat')
-+ with open(test_batch, "w") as f:
-+ f.write('@echo off\n'
-+ f'"{activate}" & '
-+ f'{self.exe} -c "import sys; print(sys.executable)" & '
-+ f'{self.exe} -c "import os; print(os.environ[\'VIRTUAL_ENV\'])" & '
-+ 'deactivate')
-+ out, err = check_output([test_batch])
-+ lines = out.splitlines()
-+ self.assertTrue(env_name.encode() in lines[0])
-+ self.assertEndsWith(lines[1], env_name.encode())
-+
- @unittest.skipUnless(os.name == 'nt', 'only relevant on Windows')
- def test_unicode_in_batch_file(self):
- """
---- a/Lib/venv/__init__.py
-+++ b/Lib/venv/__init__.py
-@@ -11,6 +11,7 @@ import subprocess
- import sys
- import sysconfig
- import types
-+import shlex
-
-
- CORE_VENV_DEPS = ('pip',)
-@@ -481,11 +482,41 @@ class EnvBuilder:
- :param context: The information for the environment creation request
- being processed.
- """
-- text = text.replace('__VENV_DIR__', context.env_dir)
-- text = text.replace('__VENV_NAME__', context.env_name)
-- text = text.replace('__VENV_PROMPT__', context.prompt)
-- text = text.replace('__VENV_BIN_NAME__', context.bin_name)
-- text = text.replace('__VENV_PYTHON__', context.env_exe)
-+ replacements = {
-+ '__VENV_DIR__': context.env_dir,
-+ '__VENV_NAME__': context.env_name,
-+ '__VENV_PROMPT__': context.prompt,
-+ '__VENV_BIN_NAME__': context.bin_name,
-+ '__VENV_PYTHON__': context.env_exe,
-+ }
-+
-+ def quote_ps1(s):
-+ """
-+ This should satisfy PowerShell quoting rules [1], unless the quoted
-+ string is passed directly to Windows native commands [2].
-+ [1]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules
-+ [2]: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing#passing-arguments-that-contain-quote-characters
-+ """
-+ s = s.replace("'", "''")
-+ return f"'{s}'"
-+
-+ def quote_bat(s):
-+ return s
-+
-+ # gh-124651: need to quote the template strings properly
-+ quote = shlex.quote
-+ script_path = context.script_path
-+ if script_path.endswith('.ps1'):
-+ quote = quote_ps1
-+ elif script_path.endswith('.bat'):
-+ quote = quote_bat
-+ else:
-+ # fallbacks to POSIX shell compliant quote
-+ quote = shlex.quote
-+
-+ replacements = {key: quote(s) for key, s in replacements.items()}
-+ for key, quoted in replacements.items():
-+ text = text.replace(key, quoted)
- return text
-
- def install_scripts(self, context, path):
-@@ -535,6 +566,7 @@ class EnvBuilder:
- with open(srcfile, 'rb') as f:
- data = f.read()
- try:
-+ context.script_path = srcfile
- new_data = (
- self.replace_variables(data.decode('utf-8'), context)
- .encode('utf-8')
---- a/Lib/venv/scripts/common/activate
-+++ b/Lib/venv/scripts/common/activate
-@@ -40,20 +40,20 @@ case "$(uname)" in
- CYGWIN*|MSYS*)
- # transform D:\path\to\venv to /d/path/to/venv on MSYS
- # and to /cygdrive/d/path/to/venv on Cygwin
-- VIRTUAL_ENV=$(cygpath "__VENV_DIR__")
-+ VIRTUAL_ENV=$(cygpath __VENV_DIR__)
- export VIRTUAL_ENV
- ;;
- *)
- # use the path as-is
-- export VIRTUAL_ENV="__VENV_DIR__"
-+ export VIRTUAL_ENV=__VENV_DIR__
- ;;
- esac
-
- _OLD_VIRTUAL_PATH="$PATH"
--PATH="$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH"
-+PATH="$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH"
- export PATH
-
--VIRTUAL_ENV_PROMPT="__VENV_PROMPT__"
-+VIRTUAL_ENV_PROMPT=__VENV_PROMPT__
- export VIRTUAL_ENV_PROMPT
-
- # unset PYTHONHOME if set
-@@ -66,7 +66,7 @@ fi
-
- if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then
- _OLD_VIRTUAL_PS1="${PS1:-}"
-- PS1="(__VENV_PROMPT__) ${PS1:-}"
-+ PS1="("__VENV_PROMPT__") ${PS1:-}"
- export PS1
- fi
-
---- a/Lib/venv/scripts/common/activate.fish
-+++ b/Lib/venv/scripts/common/activate.fish
-@@ -33,11 +33,11 @@ end
- # Unset irrelevant variables.
- deactivate nondestructive
-
--set -gx VIRTUAL_ENV "__VENV_DIR__"
-+set -gx VIRTUAL_ENV __VENV_DIR__
-
- set -gx _OLD_VIRTUAL_PATH $PATH
--set -gx PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__" $PATH
--set -gx VIRTUAL_ENV_PROMPT "__VENV_PROMPT__"
-+set -gx PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__ $PATH
-+set -gx VIRTUAL_ENV_PROMPT __VENV_PROMPT__
-
- # Unset PYTHONHOME if set.
- if set -q PYTHONHOME
-@@ -57,7 +57,7 @@ if test -z "$VIRTUAL_ENV_DISABLE_PROMPT"
- set -l old_status $status
-
- # Output the venv prompt; color taken from the blue of the Python logo.
-- printf "%s(%s)%s " (set_color 4B8BBE) "__VENV_PROMPT__" (set_color normal)
-+ printf "%s(%s)%s " (set_color 4B8BBE) __VENV_PROMPT__ (set_color normal)
-
- # Restore the return status of the previous command.
- echo "exit $old_status" | .
---- a/Lib/venv/scripts/nt/activate.bat
-+++ b/Lib/venv/scripts/nt/activate.bat
-@@ -8,7 +8,7 @@ if defined _OLD_CODEPAGE (
- "%SystemRoot%\System32\chcp.com" 65001 > nul
- )
-
--set VIRTUAL_ENV=__VENV_DIR__
-+set "VIRTUAL_ENV=__VENV_DIR__"
-
- if not defined PROMPT set PROMPT=$P$G
-
-@@ -24,8 +24,8 @@ set PYTHONHOME=
- if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH%
- if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH%
-
--set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%
--set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__
-+set "PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%"
-+set "VIRTUAL_ENV_PROMPT=__VENV_PROMPT__"
-
- :END
- if defined _OLD_CODEPAGE (
---- a/Lib/venv/scripts/posix/activate.csh
-+++ b/Lib/venv/scripts/posix/activate.csh
-@@ -9,17 +9,17 @@ alias deactivate 'test $?_OLD_VIRTUAL_PA
- # Unset irrelevant variables.
- deactivate nondestructive
-
--setenv VIRTUAL_ENV "__VENV_DIR__"
-+setenv VIRTUAL_ENV __VENV_DIR__
-
- set _OLD_VIRTUAL_PATH="$PATH"
--setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH"
--setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__"
-+setenv PATH "$VIRTUAL_ENV/"__VENV_BIN_NAME__":$PATH"
-+setenv VIRTUAL_ENV_PROMPT __VENV_PROMPT__
-
-
- set _OLD_VIRTUAL_PROMPT="$prompt"
-
- if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then
-- set prompt = "(__VENV_PROMPT__) $prompt"
-+ set prompt = "(L__VENV_PROMPT__") $prompt"
- endif
-
- alias pydoc python -m pydoc
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2024-09-28-02-03-04.gh-issue-124651.bLBGtH.rst
-@@ -0,0 +1 @@
-+Properly quote template strings in :mod:`venv` activation scripts.
diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch
index f136605..a08004d 100644
--- a/F00251-change-user-install-location.patch
+++ b/F00251-change-user-install-location.patch
@@ -24,58 +24,12 @@ Co-authored-by: Miro Hrončok
Co-authored-by: Michal Cyprian
Co-authored-by: Lumír Balhar
---
- Lib/site.py | 9 ++++++-
- Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++-
- Lib/test/test_sysconfig.py | 17 +++++++++++--
- 3 files changed, 71 insertions(+), 4 deletions(-)
+ Lib/sysconfig/__init__.py | 57 +++++++++++++++++++++++++++++++++++++++++----
+ Lib/test/test_sysconfig.py | 17 +++++++++++--
+ 2 files changed, 67 insertions(+), 7 deletions(-)
-Index: Python-3.13.0b4/Lib/test/test_sysconfig.py
-===================================================================
---- Python-3.13.0b4.orig/Lib/test/test_sysconfig.py
-+++ Python-3.13.0b4/Lib/test/test_sysconfig.py
-@@ -121,8 +121,19 @@ class TestSysConfig(unittest.TestCase):
- for scheme in _INSTALL_SCHEMES:
- for name in _INSTALL_SCHEMES[scheme]:
- expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars)
-+ tested = get_path(name, scheme)
-+ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
-+ if tested.startswith('/usr/local'):
-+ # /usr/local should only be used in posix_prefix
-+ self.assertEqual(scheme, 'posix_prefix')
-+ # Fedora CI runs tests for venv and virtualenv that check for other prefixes
-+ self.assertEqual(sys.prefix, '/usr')
-+ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set
-+ # Fedora CI runs this with RPM_BUILD_ROOT unset
-+ self.assertNotIn('RPM_BUILD_ROOT', os.environ)
-+ tested = tested.replace('/usr/local', '/usr')
- self.assertEqual(
-- os.path.normpath(get_path(name, scheme)),
-+ os.path.normpath(tested),
- os.path.normpath(expected),
- )
-
-@@ -377,7 +388,7 @@ class TestSysConfig(unittest.TestCase):
- self.assertTrue(os.path.isfile(config_h), config_h)
-
- def test_get_scheme_names(self):
-- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv']
-+ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix']
- if HAS_USER_BASE:
- wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
- self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
-@@ -389,6 +400,8 @@ class TestSysConfig(unittest.TestCase):
- cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
- self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))
-
-+ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ,
-+ "Test doesn't expect Fedora's paths")
- def test_user_similar(self):
- # Issue #8759: make sure the posix scheme for the users
- # is similar to the global posix_prefix one
-Index: Python-3.13.0b4/Lib/sysconfig/__init__.py
-===================================================================
---- Python-3.13.0b4.orig/Lib/sysconfig/__init__.py
-+++ Python-3.13.0b4/Lib/sysconfig/__init__.py
+--- a/Lib/sysconfig/__init__.py
++++ b/Lib/sysconfig/__init__.py
@@ -106,6 +106,11 @@ if os.name == 'nt':
else:
_INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv']
@@ -88,7 +42,7 @@ Index: Python-3.13.0b4/Lib/sysconfig/__init__.py
def _get_implementation():
return 'Python'
-@@ -167,6 +172,19 @@ if _HAS_USER_BASE:
+@@ -167,13 +172,28 @@ if _HAS_USER_BASE:
},
}
@@ -108,7 +62,16 @@ Index: Python-3.13.0b4/Lib/sysconfig/__init__.py
_SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include',
'scripts', 'data')
-@@ -261,11 +279,40 @@ def _extend_dict(target_dict, other_dict
+ _PY_VERSION = sys.version.split()[0]
+ _PY_VERSION_SHORT = f'{sys.version_info[0]}.{sys.version_info[1]}'
+ _PY_VERSION_SHORT_NO_DOT = f'{sys.version_info[0]}{sys.version_info[1]}'
++_PREFIX = os.path.normpath(sys.prefix)
+ _BASE_PREFIX = os.path.normpath(sys.base_prefix)
++_EXEC_PREFIX = os.path.normpath(sys.exec_prefix)
+ _BASE_EXEC_PREFIX = os.path.normpath(sys.base_exec_prefix)
+ # Mutex guarding initialization of _CONFIG_VARS.
+ _CONFIG_VARS_LOCK = threading.RLock()
+@@ -259,11 +279,40 @@ def _extend_dict(target_dict, other_dict
target_dict[key] = value
@@ -150,3 +113,57 @@ Index: Python-3.13.0b4/Lib/sysconfig/__init__.py
if os.name == 'nt':
# On Windows we want to substitute 'lib' for schemes rather
# than the native value (without modifying vars, in case it
+@@ -464,10 +513,8 @@ def _init_config_vars():
+ # Normalized versions of prefix and exec_prefix are handy to have;
+ # in fact, these are the standard versions used most places in the
+ # Distutils.
+- _PREFIX = os.path.normpath(sys.prefix)
+- _EXEC_PREFIX = os.path.normpath(sys.exec_prefix)
+- _CONFIG_VARS['prefix'] = _PREFIX # FIXME: This gets overwriten by _init_posix.
+- _CONFIG_VARS['exec_prefix'] = _EXEC_PREFIX # FIXME: This gets overwriten by _init_posix.
++ _CONFIG_VARS['prefix'] = _PREFIX
++ _CONFIG_VARS['exec_prefix'] = _EXEC_PREFIX
+ _CONFIG_VARS['py_version'] = _PY_VERSION
+ _CONFIG_VARS['py_version_short'] = _PY_VERSION_SHORT
+ _CONFIG_VARS['py_version_nodot'] = _PY_VERSION_SHORT_NO_DOT
+--- a/Lib/test/test_sysconfig.py
++++ b/Lib/test/test_sysconfig.py
+@@ -130,8 +130,19 @@ class TestSysConfig(unittest.TestCase):
+ for scheme in _INSTALL_SCHEMES:
+ for name in _INSTALL_SCHEMES[scheme]:
+ expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars)
++ tested = get_path(name, scheme)
++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
++ if tested.startswith('/usr/local'):
++ # /usr/local should only be used in posix_prefix
++ self.assertEqual(scheme, 'posix_prefix')
++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes
++ self.assertEqual(sys.prefix, '/usr')
++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set
++ # Fedora CI runs this with RPM_BUILD_ROOT unset
++ self.assertNotIn('RPM_BUILD_ROOT', os.environ)
++ tested = tested.replace('/usr/local', '/usr')
+ self.assertEqual(
+- os.path.normpath(get_path(name, scheme)),
++ os.path.normpath(tested),
+ os.path.normpath(expected),
+ )
+
+@@ -386,7 +397,7 @@ class TestSysConfig(unittest.TestCase):
+ self.assertTrue(os.path.isfile(config_h), config_h)
+
+ def test_get_scheme_names(self):
+- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv']
++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix']
+ if HAS_USER_BASE:
+ wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
+ self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
+@@ -398,6 +409,8 @@ class TestSysConfig(unittest.TestCase):
+ cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
+ self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))
+
++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ,
++ "Test doesn't expect Fedora's paths")
+ def test_user_similar(self):
+ # Issue #8759: make sure the posix scheme for the users
+ # is similar to the global posix_prefix one
diff --git a/Python-3.13.0.tar.xz b/Python-3.13.0.tar.xz
deleted file mode 100644
index ae97bcf..0000000
--- a/Python-3.13.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:086de5882e3cb310d4dca48457522e2e48018ecd43da9cdf827f6a0759efb07d
-size 22532980
diff --git a/Python-3.13.0.tar.xz.asc b/Python-3.13.0.tar.xz.asc
deleted file mode 100644
index 3bb64df..0000000
--- a/Python-3.13.0.tar.xz.asc
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmcDjiVfFIAAAAAALgAo
-aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
-Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
-YwVfzg/8DjSks9r9qRY4JfQ1cPV39scH0jhMTF6xKQshMQt7joSySFB+D73S88MY
-J1guRc3hAvNhAKv9fb8ckG7Lcjd7g6lqyEjRFH1udYcNVYnLEmGacbPscQVIQHqT
-OF6A3QaQyE0bLN6BM6XUM0Jp3ial3yUOHoggkleEnZClnfmIJuUKBGTj9FkCvoPq
-wE9nhaYPRudqpNzG6usuVbXcz6tYnzpd6xztWIgHhCfL02i2cYvO9ytBxh2DczA8
-mI8WoDO9MqMxf2fvWZJGL1CvQS2bFnCDBh/fFlLp4grJqNehoggA8a63UJot++fa
-NRSH1Rl2hL9kEh+6Qy9/XwdU/fnJW95zBzyTjyJAwUng/kJ01AQ2rSw+SK3i7XQ7
-BziKuItmAf51NgFjGAXxA32sUH9R5XmPNIe3Ae9QCFa2+OxqBTYRFxHaXntWc9oV
-bCDCsc0+vXfP9Pb3rHwTSqE3aCqbOk2qM6013+Y74/I2/EFCqWhrwrTGFYSRihpv
-8BOoL49NxtodasARlAefoETJKytMvXhDH5WuVqcF/51fShID5NqkPBIEcHyFgeU0
-oS3O28Vs353ym0jMnVWYd9qRIcWlvZWrDvS2QImbdjVl8/FTX7CFkDK0rbNKeYWe
-IwxGju22KrUs/HTFVqe6MmUUgzsztUA2JxOhJGeyCUAS7FOX8G0=
-=r6IQ
------END PGP SIGNATURE-----
diff --git a/Python-3.13.1.tar.xz b/Python-3.13.1.tar.xz
new file mode 100644
index 0000000..b7a3d58
--- /dev/null
+++ b/Python-3.13.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9cf9427bee9e2242e3877dd0f6b641c1853ca461f39d6503ce260a59c80bf0d9
+size 22589692
diff --git a/Python-3.13.1.tar.xz.sigstore b/Python-3.13.1.tar.xz.sigstore
new file mode 100644
index 0000000..c3e3336
--- /dev/null
+++ b/Python-3.13.1.tar.xz.sigstore
@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyjCCAk+gAwIBAgIUfiRo0msP4Btyv4YsT7fbfQRyL44wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTkwNzExWhcNMjQxMjAzMTkxNzExWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgyPfiH2kHYV7DceSflRFlp5btDS/pzMbY7rGcU3/C6c+yjG51eHdE3fUoe67CXuHOwbgIPQNHwVyA/dqkr29JKOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUsEpdJycICdqLVYOxzZ+3oce6bZgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjetYvwAABAMARjBEAiBEl+lmHciXxSTROv68p7UQzS1OQoN18xhfAXwV0xLiKwIgAr+FYa/WMHhvwIr/LRmVCsEGM+drSpXc1TsRRKZUOe0wCgYIKoZIzj0EAwMDaQAwZgIxAOQBkKlywlTHYpHXwx7+W00RYgxWXXweL7k5hkOlyzyy+wxA9Z2EwkQ2K495VlzuQwIxAL7feRY0xgdEyHCUE7tOwjnmCc1Rx/DqU/IURk398WWzZgR02sVQks7Tbm6GknYBBg=="}, "tlogEntries": [{"logIndex": "153126388", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733252831", "inclusionPromise": {"signedEntryTimestamp": "MEUCIEr6ERelNiQ0shguyVEIZr62jZOmkiRvFDab0vH/+TyPAiEA7wjmefhpgSGj9OZK5OLyFERJmCdOAyo0ugYvcvo/BRI="}, "inclusionProof": {"logIndex": "31222126", "rootHash": "bw8DUGFtTR8UX3p/PsDBTOd7+9XoUhpc9p9rx8iBudU=", "treeSize": "31222127", "hashes": ["VDJuQRvWiSGKYaVUeg1KQzTOcArB3z4zhlKXQiCXpBA=", "d4PXrjiAFZkT0q5LEqDIKdp/3LzyJNDT3ieTmTFo/hk=", "hpWulX1/EJ4WX5RZYHRuNoNQPY022IQxlvT6PQdo0zM=", "Der2RBJcWt5krDHF37vOqiTIMOPFBfJYHpEzH2AFz94=", "50fxHcr98Af7eRu0IaTdqt95Xr1ex/qKGF8Gp4SWOWg=", "Xdd/TFK+GoJvuW1nyelo2knYtds5k/Go6cPMSEa6MAg=", "6d4xqhjtBqvVigZuo5cpcPrzEjWB2pnhc9sKleMMhto=", "tH2CD4P6s9/APjnJWsTvHjNo8l825tfN4DUr+zItATY=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31222127\nbw8DUGFtTR8UX3p/PsDBTOd7+9XoUhpc9p9rx8iBudU=\n\n\u2014 rekor.sigstore.dev wNI9ajBDAh9aKBYaMe0sjCiN7C4kOKDmZcatnj6bJnRXihklmSI0AiAYKc0QI8JdydiiPPfM7JezFEypOIF9c7nD9OegcFT8mw==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5Y2Y5NDI3YmVlOWUyMjQyZTM4NzdkZDBmNmI2NDFjMTg1M2NhNDYxZjM5ZDY1MDNjZTI2MGE1OWM4MGJmMGQ5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUROY0lGSlBMNEwwK25YVGtUSVZmVCtUd20yYUlleW9iNUYrenFFUWZVejdRSWhBS2JHTkFlbVp5VVdQYkNZb2lQTmNDYXpkWUpqWGNORGMxQzBSRmlicWwwRiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVha05EUVdzclowRjNTVUpCWjBsVlptbFNiekJ0YzFBMFFuUjVkalJaYzFRM1ptSm1VVko1VERRMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHdDNUbnBGZUZkb1kwNU5hbEY0VFdwQmVrMVVhM2hPZWtWNFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZuZVZCbWFVZ3lhMGhaVmpkRVkyVlRabXhTUm14d05XSjBSRk12Y0hwTllsazNja2NLWTFVekwwTTJZeXQ1YWtjMU1XVklaRVV6WmxWdlpUWTNRMWgxU0U5M1ltZEpVRkZPU0hkV2VVRXZaSEZyY2pJNVNrdFBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZ6UlhCa0NrcDVZMGxEWkhGTVZsbFBlSHBhS3pOdlkyVTJZbHBuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIVkdwbGRGbDJkMEZCUWtGTlFRcFNha0pGUVdsQ1JXd3JiRzFJWTJsWWVGTlVVazkyTmpod04xVlJlbE14VDFGdlRqRTRlR2htUVZoM1ZqQjRUR2xMZDBsblFYSXJSbGxoTDFkTlNHaDJDbmRKY2k5TVVtMVdRM05GUjAwclpISlRjRmhqTVZSelVsSkxXbFZQWlRCM1EyZFpTVXR2V2tsNmFqQkZRWGROUkdGUlFYZGFaMGw0UVU5UlFtdExiSGtLZDJ4VVNGbHdTRmgzZURjclZ6QXdVbGxuZUZkWVdIZGxURGRyTldoclQyeDVlbmw1SzNkNFFUbGFNa1YzYTFFeVN6UTVOVlpzZW5WUmQwbDRRVXczWmdwbFVsa3dlR2RrUlhsSVExVkZOM1JQZDJwdWJVTmpNVko0TDBSeFZTOUpWVkpyTXprNFYxZDZXbWRTTURKelZsRnJjemRVWW0wMlIydHVXVUpDWnowOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "nPlCe+6eIkLjh33Q9rZBwYU8pGHznWUDziYKWcgL8Nk="}, "signature": "MEYCIQDNcIFJPL4L0+nXTkTIVfT+Twm2aIeyob5F+zqEQfUz7QIhAKbGNAemZyUWPbCYoiPNcCazdYJjXcNDc1C0RFibql0F"}}
diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch
index 81c0deb..0a6b091 100644
--- a/python-3.3.0b1-test-posix_fadvise.patch
+++ b/python-3.3.0b1-test-posix_fadvise.patch
@@ -4,7 +4,7 @@
--- a/Lib/test/test_posix.py
+++ b/Lib/test/test_posix.py
-@@ -435,7 +435,7 @@ class PosixTester(unittest.TestCase):
+@@ -437,7 +437,7 @@ class PosixTester(unittest.TestCase):
def test_posix_fadvise(self):
fd = os.open(os_helper.TESTFN, os.O_RDONLY)
try:
diff --git a/python313-rpmlintrc b/python313-rpmlintrc
index 5b35f34..2a18978 100644
--- a/python313-rpmlintrc
+++ b/python313-rpmlintrc
@@ -1,3 +1,4 @@
addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem")
addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c")
+addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.c")
addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp")
diff --git a/python313.changes b/python313.changes
index 1333c69..5cc4eec 100644
--- a/python313.changes
+++ b/python313.changes
@@ -1,3 +1,567 @@
+-------------------------------------------------------------------
+Fri Dec 6 20:39:56 UTC 2024 - Matej Cepl
+
+- Add CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
+ preventing exhaustion of memory (gh#python/cpython#127655,
+ bsc#1234290, CVE-2024-12254).
+
+-------------------------------------------------------------------
+Wed Dec 4 21:57:12 UTC 2024 - Matej Cepl
+
+- Update to 3.13.1:
+ - Tools/Demos
+ - gh-126807: Fix extraction warnings in pygettext.py caused
+ by mistaking function definitions for function calls.
+ - gh-126167: The iOS testbed was modified so that it can be
+ used by third-party projects for testing purposes.
+ - Tests
+ - gh-126909: Fix test_os extended attribute tests to work on
+ filesystems with 1 KiB xattr size limit.
+ - gh-125041: Re-enable skipped tests for zlib on the
+ s390x architecture: only skip checks of the compressed
+ bytes, which can be different between zlib’s software
+ implementation and the hardware-accelerated implementation.
+ - gh-124295: Add translation tests to the argparse module.
+ - Security
+ - gh-126623: Upgrade libexpat to 2.6.4
+ - gh-125140: Remove the current directory from sys.path when
+ using PyREPL.
+ - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
+ consistently use the mapped IPv4 address value for deciding
+ properties. Properties which have their behavior fixed are
+ is_multicast, is_reserved, is_link_local, is_global, and
+ is_unspecified.
+ - Library
+ - gh-127321: pdb.set_trace() will not stop at an opcode that
+ does not have an associated line number anymore.
+ - gh-127303: Publicly expose EXACT_TOKEN_TYPES in
+ token.__all__.
+ - gh-123967: Fix faulthandler for trampoline frames. If the
+ top-most frame is a trampoline frame, skip it. Patch by
+ Victor Stinner.
+ - gh-127182: Fix io.StringIO.__setstate__() crash, when None
+ was passed as the first value.
+ - gh-127217: Fix urllib.request.pathname2url() for paths
+ starting with multiple slashes on Posix.
+ - gh-127035: Fix shutil.which on Windows. Now it looks at
+ direct match if and only if the command ends with a PATHEXT
+ extension or X_OK is not in mode. Support extensionless
+ files if “.” is in PATHEXT. Support PATHEXT extensions that
+ end with a dot.
+ - gh-122273: Support PyREPL history on Windows. Patch by
+ devdanzin and Victor Stinner.
+ - gh-127078: Fix issue where urllib.request.url2pathname()
+ failed to discard an extra slash before a UNC drive in the
+ URL path on Windows.
+ - gh-126766: Fix issue where urllib.request.url2pathname()
+ failed to discard any ‘localhost’ authority present in the
+ URL.
+ - gh-127065: Fix crash when calling a operator.methodcaller()
+ instance from multiple threads in the free threading build.
+ - gh-126997: Fix support of STRING and GLOBAL opcodes with
+ non-ASCII arguments in pickletools. pickletools.dis()
+ now outputs non-ASCII bytes in STRING, BINSTRING and
+ SHORT_BINSTRING arguments as escaped (\xXX).
+ - gh-126316: grp: Make grp.getgrall() thread-safe by adding a
+ mutex. Patch by Victor Stinner.
+ - gh-126618: Fix the representation of itertools.count
+ objects when the count value is sys.maxsize.
+ - gh-85168: Fix issue where urllib.request.url2pathname() and
+ pathname2url() always used UTF-8 when quoting and unquoting
+ file URIs. They now use the filesystem encoding and error
+ handler.
+ - gh-67877: Fix memory leaks when regular expression matching
+ terminates abruptly, either because of a signal or because
+ memory allocation fails.
+ - gh-126789: Fixed the values of sysconfig.get_config_vars(),
+ sysconfig.get_paths(), and their siblings when the site
+ initialization happens after sysconfig has built a cache
+ for sysconfig.get_config_vars().
+ - gh-126188: Update bundled pip to 24.3.1
+ - gh-126780: Fix os.path.normpath() for drive-relative paths
+ on Windows.
+ - gh-126766: Fix issue where urllib.request.url2pathname()
+ failed to discard two leading slashes introducing an empty
+ authority section.
+ - gh-126727: locale.nl_langinfo(locale.ERA) now returns
+ multiple era description segments separated by
+ semicolons. Previously it only returned the first segment
+ on platforms with Glibc.
+ - gh-126699: Allow collections.abc.AsyncIterator to be a base
+ for Protocols.
+ - gh-126654: Fix crash when non-dict was passed to several
+ functions in _interpreters module.
+ - gh-104745: Limit starting a patcher (from
+ unittest.mock.patch() or unittest.mock.patch.object()) more
+ than once without stopping it
+ - gh-126595: Fix a crash when instantiating itertools.count
+ with an initial count of sys.maxsize on debug builds. Patch
+ by Bénédikt Tran.
+ - gh-120423: Fix issue where urllib.request.pathname2url()
+ mishandled Windows paths with embedded forward slashes.
+ - gh-126565: Improve performances of zipfile.Path.open() for
+ non-reading modes.
+ - gh-126505: Fix bugs in compiling case-insensitive regular
+ expressions with character classes containing non-BMP
+ characters: upper-case non-BMP character did was ignored
+ and the ASCII flag was ignored when matching a character
+ range whose upper bound is beyond the BMP region.
+ - gh-117378: Fixed the multiprocessing "forkserver"
+ start method forkserver process to correctly inherit
+ the parent’s sys.path during the importing of
+ multiprocessing.set_forkserver_preload() modules in the
+ same manner as sys.path is configured in workers before
+ executing work items.
+ - This bug caused some forkserver module preloading to
+ silently fail to preload. This manifested as a performance
+ degration in child processes when the sys.path was required
+ due to additional repeated work in every worker.
+ - It could also have a side effect of "" remaining in
+ sys.path during forkserver preload imports instead of the
+ absolute path from os.getcwd() at multiprocessing import
+ time used in the worker sys.path.
+ - The sys.path differences between phases in the child
+ process could potentially have caused preload to import
+ incorrect things from the wrong location. We are unaware of
+ that actually having happened in practice.
+ - gh-125679: The multiprocessing.Lock and
+ multiprocessing.RLock repr values no longer say “unknown”
+ on macOS.
+ - gh-126476: Raise calendar.IllegalMonthError (now a subclass
+ of IndexError) for calendar.month() when the input month is
+ not correct.
+ - gh-126489: The Python implementation of pickle no longer
+ calls pickle.Pickler.persistent_id() for the result of
+ persistent_id().
+ - gh-126313: Fix an issue in curses.napms() when
+ curses.initscr() has not yet been called. Patch by Bénédikt
+ Tran.
+ - gh-126303: Fix pickling and copying of os.sched_param
+ objects.
+ - gh-126138: Fix a use-after-free crash on asyncio.Task
+ objects whose underlying coroutine yields an object that
+ implements an evil __getattribute__(). Patch by Nico
+ Posada.
+ - gh-126220: Fix crash in cProfile.Profile and
+ _lsprof.Profiler when their callbacks were directly called
+ with 0 arguments.
+ - gh-126212: Fix issue where urllib.request.pathname2url()
+ and url2pathname() removed slashes from Windows DOS drive
+ paths and URLs.
+ - gh-126223: Raise a UnicodeEncodeError instead of a
+ SystemError upon calling _interpreters.create() with an
+ invalid Unicode character.
+ - gh-126205: Fix issue where urllib.request.pathname2url()
+ generated URLs beginning with four slashes (rather than
+ two) when given a Windows UNC path.
+ - gh-126105: Fix a crash in ast when the ast.AST._fields
+ attribute is deleted.
+ - gh-126106: Fixes a possible NULL pointer dereference in
+ ssl.
+ - gh-126080: Fix a use-after-free crash on asyncio.Task
+ objects for which the underlying event loop implements an
+ evil __getattribute__(). Reported by Nico-Posada. Patch by
+ Bénédikt Tran.
+ - gh-126083: Fixed a reference leak in asyncio.Task objects
+ when reinitializing the same object with a non-None
+ context. Patch by Nico Posada.
+ - gh-125984: Fix use-after-free crashes on asyncio.Future
+ objects for which the underlying event loop implements an
+ evil __getattribute__(). Reported by Nico-Posada. Patch by
+ Bénédikt Tran.
+ - gh-125969: Fix an out-of-bounds crash when an evil
+ asyncio.loop.call_soon() mutates the length of the internal
+ callbacks list. Patch by Bénédikt Tran.
+ - gh-125966: Fix a use-after-free crash in
+ asyncio.Future.remove_done_callback(). Patch by Bénédikt
+ Tran.
+ - gh-125789: Fix possible crash when mutating list of
+ callbacks returned by asyncio.Future._callbacks. It
+ now always returns a new copy in C implementation
+ _asyncio. Patch by Kumar Aditya.
+ - gh-124452: Fix an issue in
+ email.policy.EmailPolicy.header_source_parse() and
+ email.policy.Compat32.header_source_parse() that introduced
+ spurious leading whitespaces into header values when the
+ header includes a newline character after the header name
+ delimiter (:) and before the value.
+ - gh-125884: Fixed the bug for pdb where it can’t set
+ breakpoints on functions with certain annotations.
+ - gh-125355: Fix several bugs in
+ argparse.ArgumentParser.parse_intermixed_args().
+ - The parser no longer changes temporarily during
+ parsing.
+ - Default values are not processed twice.
+ - Required mutually exclusive groups containing
+ positional arguments are now supported.
+ - The missing arguments report now includes the names of
+ all required optional and positional arguments.
+ - Unknown options can be intermixed with positional
+ arguments in parse_known_intermixed_args().
+ - gh-125666: Avoid the exiting the interpreter if a null byte
+ is given as input in the new REPL.
+ - gh-125710: [Enum] fix hashable<->nonhashable comparisons
+ for member values
+ - gh-125631: Restore ability to set persistent_id and
+ persistent_load attributes of instances of the Pickler and
+ Unpickler classes in the pickle module.
+ - gh-125378: Fixed the bug in pdb where after a multi-line
+ command, an empty line repeats the first line of the
+ multi-line command, instead of the full command.
+ - gh-125682: Reject non-ASCII digits in the Python
+ implementation of json.loads() conforming to the JSON
+ specification.
+ - gh-125660: Reject invalid unicode escapes for Python
+ implementation of json.loads().
+ - gh-125259: Fix the notes removal logic for errors thrown in
+ enum initialization.
+ - gh-125590: Allow FrameLocalsProxy to delete and pop if the
+ key is not a fast variable.
+ - gh-125519: Improve traceback if importlib.reload() is
+ called with an object that is not a module. Patch by Alex
+ Waygood.
+ - gh-125451: Fix deadlock when
+ concurrent.futures.ProcessPoolExecutor shuts down
+ concurrently with an error when feeding a job to a worker
+ process.
+ - gh-125422: Fixed the bug where pdb and bdb can step into
+ the bottom caller frame.
+ - gh-100141: Fixed the bug where pdb will be stuck in an
+ infinite loop when debugging an empty file.
+ - gh-125115: Fixed a bug in pdb where arguments starting with
+ - can’t be passed to the debugged script.
+ - gh-53203: Fix time.strptime() for %c, %x and %X formats
+ in many locales that use non-ASCII digits, like Persian,
+ Burmese, Odia and Shan.
+ - gh-125398: Fix the conversion of the VIRTUAL_ENV path in
+ the activate script in venv when running in Git Bash for
+ Windows.
+ - gh-125316: Fix using functools.partial() as enum.Enum
+ member. A FutureWarning with suggestion to use
+ enum.member() is now emitted when the partial instance is
+ used as an enum member.
+ - gh-125245: Fix race condition when importing
+ collections.abc, which could incorrectly return an empty
+ module.
+ - gh-125243: Fix data race when creating zoneinfo.ZoneInfo
+ objects in the free threading build.
+ - gh-125254: Fix a bug where ArgumentError includes the
+ incorrect ambiguous option in argparse.
+ - gh-125235: Keep tkinter TCL paths in venv pointing to base
+ installation on Windows.
+ - gh-61011: Fix inheritance of nested mutually
+ exclusive groups from parent parser in
+ argparse.ArgumentParser. Previously, all nested mutually
+ exclusive groups lost their connection to the group
+ containing them and were displayed as belonging directly to
+ the parser.
+ - gh-52551: Fix encoding issues in time.strftime(), the
+ strftime() method of the datetime classes datetime, date
+ and time and formatting of these classes. Characters
+ not encodable in the current locale are now acceptable
+ in the format string. Surrogate pairs and sequence
+ of surrogatescape-encoded bytes are no longer
+ recombinated. Embedded null character no longer terminates
+ the format string.
+ - gh-125118: Don’t copy arbitrary values to _Bool in the
+ struct module.
+ - gh-125069: Fix an issue where providing a pathlib.PurePath
+ object as an initializer argument to a second PurePath
+ object with a different parser resulted in arguments to
+ the former object’s initializer being joined by the latter
+ object’s parser.
+ - gh-125096: If the PYTHON_BASIC_REPL environment variable
+ is set, the site module no longer imports the _pyrepl
+ module. Moreover, the site module now respects -E and -I
+ command line options: ignore PYTHON_BASIC_REPL in this
+ case. Patch by Victor Stinner.
+ - gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on
+ platforms with glibc. Now it returns a string consisting of
+ up to 100 semicolon-separated symbols (an empty string in
+ most locales) on all Posix platforms. Previously it only
+ returned the first symbol or an empty string.
+ - gh-124960: Fix support for the barry_as_FLUFL future flag
+ in the new REPL.
+ - gh-124984: Fixed thread safety in ssl in the free-threaded
+ build. OpenSSL operations are now protected by a per-object
+ lock.
+ - gh-124958: Fix refcycles in exceptions raised from
+ asyncio.TaskGroup and the python implementation of
+ asyncio.Future
+ - gh-53203: Fix time.strptime() for %c and %x formats in many
+ locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash,
+ Estonian, French, Irish, Ge’ez, Gurajati, Manx Gaelic,
+ Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese,
+ Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk,
+ Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese,
+ Yau/Nungon and Chinese.
+ - gh-124917: Allow calling os.path.exists() and
+ os.path.lexists() with keyword arguments on Windows. Fixes
+ a regression in 3.13.0.
+ - gh-124653: Fix detection of the minimal Queue API needed by
+ the logging module. Patch by Bénédikt Tran.
+ - gh-124858: Fix reference cycles left in tracebacks
+ in asyncio.open_connection() when used with
+ happy_eyeballs_delay
+ - gh-124390: Fixed AssertionError when using
+ asyncio.staggered.staggered_race() with
+ asyncio.eager_task_factory.
+ - gh-124651: Properly quote template strings in venv
+ activation scripts (bsc#1232241, CVE-2024-9287).
+ - gh-116850: Fix argparse for namespaces with not directly
+ writable dict (e.g. classes).
+ - gh-58573: Fix conflicts between abbreviated long options in
+ the parent parser and subparsers in argparse.
+ - gh-124594: All asyncio REPL prompts run in the same
+ context. Contributed by Bartosz Sławecki.
+ - gh-61181: Fix support of choices with string value in
+ argparse. Substrings of the specified string no longer
+ considered valid values.
+ - gh-80259: Fix argparse support of positional arguments with
+ nargs='?', default=argparse.SUPPRESS and specified type.
+ - gh-120378: Fix a crash related to an integer overflow in
+ curses.resizeterm() and curses.resize_term().
+ - gh-123884: Fixed bug in itertools.tee() handling of other
+ tee inputs (a tee in a tee). The output now has the
+ promised n independent new iterators. Formerly, the first
+ iterator was identical (not independent) to the input
+ iterator. This would sometimes give surprising results.
+ - gh-58956: Fixed a bug in pdb where sometimes the breakpoint
+ won’t trigger if it was set on a function which is already
+ in the call stack.
+ - gh-124345: argparse vim supports abbreviated single-dash
+ long options separated by = from its value.
+ - gh-104860: Fix disallowing abbreviation of single-dash long
+ options in argparse with allow_abbrev=False.
+ - gh-63143: Fix parsing mutually exclusive arguments in
+ argparse. Arguments with the value identical to the default
+ value (e.g. booleans, small integers, empty or 1-character
+ strings) are no longer considered “not present”.
+ - gh-72795: Positional arguments with nargs equal to '*' or
+ argparse.REMAINDER are no longer required. This allows to
+ use positional argument with nargs='*' and without default
+ in mutually exclusive group and improves error message
+ about required arguments.
+ - gh-59317: Fix parsing positional argument with nargs equal
+ to '?' or '*' if it is preceded by an option and another
+ positional argument.
+ - gh-53780: argparse now ignores the first "--" (double dash)
+ between an option and command.
+ - gh-124217: Add RFC 9637 reserved IPv6 block 3fff::/20 in
+ ipaddress module.
+ - gh-81691: Fix handling of multiple "--" (double dashes)
+ in argparse. Only the first one has now been removed, all
+ subsequent ones are now taken literally.
+ - gh-123978: Remove broken time.thread_time() and
+ time.thread_time_ns() on NetBSD.
+ - gh-124008: Fix possible crash (in debug build), incorrect
+ output or returning incorrect value from raw binary write()
+ when writing to console on Windows.
+ - gh-123935: Fix parent slots detection for dataclasses that
+ inherit from classes with __dictoffset__.
+ - gh-122765: Fix unbalanced quote errors occurring when
+ activate.csh in venv was sourced with a custom prompt
+ containing unpaired quotes or newlines.
+ - gh-123370: Fix the canvas not clearing after running
+ turtledemo clock.
+ - gh-116810: Resolve a memory leak introduced in CPython
+ 3.10’s ssl when the ssl.SSLSocket.session property was
+ accessed. Speeds up read and write access to said property
+ by no longer unnecessarily cloning session objects via
+ serialization.
+ - gh-120754: Update unbounded read calls in zipfile to
+ specify an explicit size putting a limit on how much data
+ they may read. This also updates handling around ZIP max
+ comment size to match the standard instead of reading
+ comments that are one byte too long.
+ - gh-70764: Fixed an issue where inspect.getclosurevars()
+ would incorrectly classify an attribute name as a global
+ variable when the name exists both as an attribute name and
+ a global variable.
+ - gh-118289: posixpath.realpath() now raises
+ NotADirectoryError when strict mode is enabled and a
+ non-directory path with a trailing slash is supplied.
+ - gh-119826: Always return an absolute path for
+ os.path.abspath() on Windows.
+ - gh-117766: Always use str() to print choices in argparse.
+ - gh-101955: Fix SystemError when match regular expression
+ pattern containing some combination of possessive
+ quantifier, alternative and capture group.
+ - gh-88110: Fixed multiprocessing.Process reporting a
+ .exitcode of 1 even on success when using the "fork" start
+ method while using a concurrent.futures.ThreadPoolExecutor.
+ - gh-71936: Fix a race condition in
+ multiprocessing.pool.Pool.
+ - bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack
+ frames from reported stacktraces.
+ - bpo-14074: Fix argparse metavar processing to allow
+ positional arguments to have a tuple metavar.
+ - IDLE
+ - gh-122392: Increase currently inadequate vertical spacing
+ for the IDLE browsers (path, module, and stack) on
+ high-resolution monitors.
+ - Documentation
+ - gh-126622: Added stub pages for removed modules explaining
+ their removal, where to find replacements, and linking to
+ the last Python version that supported them. Contributed by
+ Ned Batchelder.
+ - gh-125277: Require Sphinx 7.2.6 or later to build the
+ Python documentation. Patch by Adam Turner.
+ - gh-124872: Added definitions for context, current
+ context, and context management protocol, updated
+ related definitions to be consistent, and expanded the
+ documentation for contextvars.Context.
+ - gh-125018: The importlib.metadata documentation now
+ includes semantic cross-reference targets for the
+ significant documented APIs. This means intersphinx
+ references like importlib.metadata.version() will now work
+ as expected.
+ - gh-70870: Clarified the dual usage of the term “free
+ variable” (both the formal meaning of any reference
+ to names defined outside the local scope, and the
+ narrower pragmatic meaning of nonlocal variables named in
+ co_freevars).
+ - gh-121277: Writers of CPython’s documentation can now use
+ next as the version for the versionchanged, versionadded,
+ deprecated directives.
+ - gh-60712: Include the object type in the lists of
+ documented types. Change by Furkan Onder and Martin Panter.
+ - bpo-34008: The Py_Main() documentation moved from the
+ “Very High Level API” section to the “Initialization and
+ Finalization” section.
+ - Also make it explicit that we expect Py_Main to
+ typically be called instead of Py_Initialize rather
+ than after it (since Py_Main makes its own call to
+ Py_Initialize). Document that calling both is supported
+ but is version dependent on which settings will be applied
+ correctly.
+ - Core and Builtins
+ - gh-113841: Fix possible undefined behavior division by zero
+ in complex’s _Py_c_pow().
+ - gh-127020: Fix a crash in the free threading build
+ when PyCode_GetCode(), PyCode_GetVarnames(),
+ PyCode_GetCellvars(), or PyCode_GetFreevars() were called
+ from multiple threads at the same time.
+ - gh-126980: Fix __buffer__() of bytearray crashing when READ
+ or WRITE are passed as flags.
+ - gh-126881: Fix crash in finalization of dtoa state. Patch
+ by Kumar Aditya.
+ - gh-126341: Now ValueError is raised instead of SystemError
+ when trying to iterate over a released memoryview object.
+ - gh-126688: Fix a crash when calling os.fork() on some
+ operating systems, including SerenityOS.
+ - gh-126066: Fix importlib to not write an incomplete
+ .pyc files when a ulimit or some other operating system
+ mechanism is preventing the write to go through fully.
+ - gh-126312: Fix crash during garbage collection on an object
+ frozen by gc.freeze() on the free-threaded build.
+ - gh-126139: Provide better error location when attempting to
+ use a future statement with an unknown future feature.
+ - gh-126018: Fix a crash in sys.audit() when passing a
+ non-string as first argument and Python was compiled in
+ debug mode.
+ - gh-125942: On Android, the errors setting of sys.stdout was
+ changed from surrogateescape to backslashreplace.
+ - gh-125859: Fix a crash in the free threading build when
+ gc.get_objects() or gc.get_referrers() is called during an
+ in-progress garbage collection.
+ - gh-125703: Correctly honour tracemalloc hooks in
+ specialized Py_DECREF paths. Patch by Pablo Galindo
+ - gh-125593: Use color to highlight error locations in
+ traceback from exception group
+ - gh-125444: Fix illegal instruction for older Arm
+ architectures. Patch by Diego Russo, testing by Ross
+ Burton.
+ - gh-124375: Fix a crash in the free threading build when the
+ GC runs concurrently with a new thread starting.
+ - gh-125221: Fix possible race condition when calling
+ __reduce_ex__() for the first time in the free threading
+ build.
+ - gh-125038: Fix crash when iterating over a generator
+ expression after direct changes on gi_frame.f_locals. Patch
+ by Mikhail Efimov.
+ - gh-123378: Fix a crash in the __str__() method of
+ UnicodeError objects when the UnicodeError.start and
+ UnicodeError.end values are invalid or out-of-range. Patch
+ by Bénédikt Tran.
+ - gh-116510: Fix a crash caused by immortal interned strings
+ being shared between sub-interpreters that use basic
+ single-phase init. In that case, the string can be used
+ by an interpreter that outlives the interpreter that
+ created and interned it. For interpreters that share
+ obmalloc state, also share the interned dict with the main
+ interpreter.
+ - gh-122878: Use the pager binary, if available (e.g. on
+ Debian and derivatives), to display REPL help().
+ - gh-124188: Fix reading and decoding a line from the source
+ file witn non-UTF-8 encoding for syntax errors raised in
+ the compiler.
+ - gh-123930: Improve the error message when a script
+ shadowing a module from the standard library causes
+ ImportError to be raised during a “from” import. Similarly,
+ improve the error message when a script shadowing a third
+ party module attempts to “from” import an attribute from
+ that third party module while still initialising.
+ - gh-122907: Building with HAVE_DYNAMIC_LOADING
+ now works as well as it did in 3.12. Existing
+ deficiences will be addressed separately. (See
+ https://github.com/python/cpython/issues/122950.)
+ - gh-118950: Fix bug where SSLProtocol.connection_lost wasn’t
+ getting called when OSError was thrown on writing to
+ socket.
+ - gh-113570: Fixed a bug in reprlib.repr where it incorrectly
+ called the repr method on shadowed Python built-in types.
+ - gh-109746: If _thread.start_new_thread() fails to start a
+ new thread, it deletes its state from interpreter and thus
+ avoids its repeated cleanup on finalization.
+ - C API
+ - gh-126554: Fix error handling in ctypes.CDLL objects which
+ could result in a crash in rare situations.
+ - gh-125608: Fix a bug where dictionary watchers
+ (e.g., PyDict_Watch()) on an object’s attribute dictionary
+ (__dict__) were not triggered when the object’s attributes
+ were modified.
+ - bpo-34008: Added Py_IsInitialized to the list of APIs that
+ are safe to call before the interpreter is initialized, and
+ updated the embedding tests to cover it.
+ - Build
+ - gh-123877: Set wasm32-wasip1 as the WASI target. The old
+ wasm32-wasi target is deprecated so it can be used for an
+ eventual WASI 1.0.
+ - gh-89640: Hard-code float word ordering as little endian on
+ WASM.
+ - gh-125940: The Android build now supports 16 KB page sizes.
+ - gh-89640: Improve detection of float word ordering on Linux
+ when link-time optimizations are enabled.
+ - gh-125269: Fix detection of whether -latomic is needed when
+ cross-compiling CPython using the configure script.
+ - gh-121634: Allow for specifying the target compile triple
+ for WASI.
+ - gh-122578: Use WASI SDK 24 for testing.
+ - gh-115382: Fix cross compile failures when the host and
+ target SOABIs match.
+- Remove upstreamed patches:
+ - CVE-2024-9287-venv_path_unquoted.patch
+
+-------------------------------------------------------------------
+Fri Nov 29 12:14:59 UTC 2024 - Daniel Garcia
+
+- Drop CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch, not needed
+ anymore because libexpat is updated to 2.6 in SP7. bsc#1233777
+
+-------------------------------------------------------------------
+Fri Nov 15 11:25:06 UTC 2024 - Dominique Leuenberger
+
+- Allow building with default LLVM version 19: just replace the
+ hard-coded LLVM_version in the scripts.
+
+-------------------------------------------------------------------
+Thu Nov 14 07:06:20 UTC 2024 - Matej Cepl
+
+- Remove -IVendor/ from python-config boo#1231795
+- Require exact clang18 and llvm18, because apparently CPython is
+ not ready for 19 yet (gh#python/cpython!125499).
+
-------------------------------------------------------------------
Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl
diff --git a/python313.spec b/python313.spec
index ed901cf..fec5acf 100644
--- a/python313.spec
+++ b/python313.spec
@@ -111,7 +111,7 @@
# %%define tarversion %%{version}
# %%endif
# We don't process beta signs well
-%define folderversion 3.13.0
+%define folderversion %{version}
%define sitedir %{_libdir}/python%{python_version}
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
%define abi_kind %{nil}
@@ -149,15 +149,15 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
-Version: 3.13.0
-%define tarversion 3.13.0
+Version: 3.13.1
+%define tarversion %{version}
%define tarname Python-%{tarversion}
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
URL: https://www.python.org/
Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
-Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
+Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
Source2: baselibs.conf
Source3: README.SUSE
Source4: externally_managed.in
@@ -203,17 +203,12 @@ Patch07: bpo-31046_ensurepip_honours_prefix.patch
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com
# skip a test failing on SLE-15
Patch09: skip-test_pyobject_freed_is_freed.patch
-# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
-# This problem on libexpat is patched on 15.6 without version
-# update, this patch changes the tests to match the libexpat provided
-# by SUSE
-Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
# Skip some failing tests in test_compile for i586 arch in 15.6.
Patch40: fix-test-recursion-limit-15.6.patch
-# PATCH-FIX-UPSTREAM CVE-2024-9287-venv_path_unquoted.patch gh#python/cpython#124651 mcepl@suse.com
-# venv should properly quote path names provided when creating a venv
-Patch41: CVE-2024-9287-venv_path_unquoted.patch
+# PATCH-FIX-UPSTREAM CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch bsc#1234290 mcepl@suse.com
+# prevents exhaustion of memory
+Patch41: CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -257,8 +252,8 @@ BuildRequires: python3-python-docs-theme >= 2022.1
%if %{with experimental_jit}
# needed for experimental_jit
-BuildRequires: clang => 18
-BuildRequires: llvm => 18
+BuildRequires: clang >= 18
+BuildRequires: llvm >= 18
%endif
%if %{without GIL}
@@ -495,8 +490,7 @@ This package contains libpython3.2 shared library for embedding in
other applications.
%prep
-%setup -q -n %{tarname}
-%autopatch -p1
+%autosetup -p1 -n %{tarname}
# Fix devhelp doc build gh#python/cpython#120150
echo "master_doc = 'contents'" >> Doc/conf.py
@@ -504,6 +498,8 @@ echo "master_doc = 'contents'" >> Doc/conf.py
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
+sed -i "s/_LLVM_VERSION = .*/_LLVM_VERSION = $(realpath /usr/bin/clang | awk -F- '{print $2}')/g" ./Tools/jit/_llvm.py
+
%if %{primary_interpreter}
# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3
for dir in Lib Tools; do
@@ -836,6 +832,9 @@ install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%
# install devel files to /config
#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/
+# Remove -IVendor/ from python-config boo#1231795
+sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config
+
# RPM macros
%if %{primary_interpreter}
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/