diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch deleted file mode 100644 index fc4b1d6..0000000 --- a/CVE-2025-4516-DecodeError-handler.patch +++ /dev/null @@ -1,504 +0,0 @@ -From 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Tue, 20 May 2025 15:46:57 +0300 -Subject: [PATCH] [3.11] gh-133767: Fix use-after-free in the unicode-escape - decoder with an error handler (GH-129648) (GH-133944) - -If the error handler is used, a new bytes object is created to set as -the object attribute of UnicodeDecodeError, and that bytes object then -replaces the original data. A pointer to the decoded data will became invalid -after destroying that temporary bytes object. So we need other way to return -the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). - -_PyBytes_DecodeEscape() does not have such issue, because it does not -use the error handlers registry, but it should be changed for compatibility -with _PyUnicode_DecodeUnicodeEscapeInternal(). -(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) -(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) -(cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) - -Co-authored-by: Serhiy Storchaka ---- - Include/cpython/bytesobject.h | 4 - Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 39 ++++++ - Lib/test/test_codecs.py | 52 ++++++-- - Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 - Objects/bytesobject.c | 56 ++++++-- - Objects/unicodeobject.c | 63 +++++++--- - Parser/string_parser.c | 24 ++- - 8 files changed, 197 insertions(+), 56 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst - ---- a/Include/cpython/bytesobject.h -+++ b/Include/cpython/bytesobject.h -@@ -25,6 +25,10 @@ PyAPI_FUNC(PyObject*) _PyBytes_FromHex( - int use_bytearray); - - /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ -+PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, -+ const char *, -+ int *, const char **); -+// Export for binary compatibility. - PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, - const char *, const char **); - ---- a/Include/cpython/unicodeobject.h -+++ b/Include/cpython/unicodeobject.h -@@ -914,6 +914,19 @@ PyAPI_FUNC(PyObject*) _PyUnicode_DecodeU - ); - /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape - chars. */ -+PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( -+ const char *string, /* Unicode-Escape encoded string */ -+ Py_ssize_t length, /* size of string */ -+ const char *errors, /* error handling */ -+ Py_ssize_t *consumed, /* bytes consumed */ -+ int *first_invalid_escape_char, /* on return, if not -1, contain the first -+ invalid escaped char (<= 0xff) or invalid -+ octal escape (> 0xff) in string. */ -+ const char **first_invalid_escape_ptr); /* on return, if not NULL, may -+ point to the first invalid escaped -+ char in string. -+ May be NULL if errors is not NULL. */ -+// Export for binary compatibility. - PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( - const char *string, /* Unicode-Escape encoded string */ - Py_ssize_t length, /* size of string */ ---- a/Lib/test/test_codeccallbacks.py -+++ b/Lib/test/test_codeccallbacks.py -@@ -1,6 +1,7 @@ - import codecs - import html.entities - import itertools -+import re - import sys - import unicodedata - import unittest -@@ -1124,7 +1125,7 @@ class CodecCallbackTest(unittest.TestCas - text = 'abcghi'*n - text.translate(charmap) - -- def test_mutatingdecodehandler(self): -+ def test_mutating_decode_handler(self): - baddata = [ - ("ascii", b"\xff"), - ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ class CodecCallbackTest(unittest.TestCas - for (encoding, data) in baddata: - self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") - -+ def test_mutating_decode_handler_unicode_escape(self): -+ decode = codecs.unicode_escape_decode -+ def mutating(exc): -+ if isinstance(exc, UnicodeDecodeError): -+ r = data.get(exc.object[:exc.end]) -+ if r is not None: -+ exc.object = r[0] + exc.object[exc.end:] -+ return ('\u0404', r[1]) -+ raise AssertionError("don't know how to handle %r" % exc) -+ -+ codecs.register_error('test.mutating2', mutating) -+ data = { -+ br'\x0': (b'\\', 0), -+ br'\x3': (b'xxx\\', 3), -+ br'\x5': (b'x\\', 1), -+ } -+ def check(input, expected, msg): -+ with self.assertWarns(DeprecationWarning) as cm: -+ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) -+ self.assertIn(msg, str(cm.warning)) -+ -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") -+ -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") -+ -+ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") -+ - # issue32583 - def test_crashing_decode_handler(self): - # better generating one more character to fill the extra space slot ---- a/Lib/test/test_codecs.py -+++ b/Lib/test/test_codecs.py -@@ -1198,23 +1198,39 @@ class EscapeDecodeTest(unittest.TestCase - check(br"[\1010]", b"[A0]") - check(br"[\x41]", b"[A]") - check(br"[\x410]", b"[A0]") -+ -+ def test_warnings(self): -+ decode = codecs.escape_decode -+ check = coding_checker(self, decode) - for i in range(97, 123): - b = bytes([i]) - if b not in b'abfnrtvx': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % i): - check(b"\\" + b, b"\\" + b) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % (i-32)): - check(b"\\" + b.upper(), b"\\" + b.upper()) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\8'"): - check(br"\8", b"\\8") - with self.assertWarns(DeprecationWarning): - check(br"\9", b"\\9") -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\\xfa'") as cm: - check(b"\\\xfa", b"\\\xfa") - for i in range(0o400, 0o1000): -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\%o'" % i): - check(rb'\%o' % i, bytes([i & 0o377])) - -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\z'"): -+ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\501'"): -+ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) -+ - def test_errors(self): - decode = codecs.escape_decode - self.assertRaises(ValueError, decode, br"\x") -@@ -2487,24 +2503,40 @@ class UnicodeEscapeTest(ReadTest, unitte - check(br"[\x410]", "[A0]") - check(br"\u20ac", "\u20ac") - check(br"\U0001d120", "\U0001d120") -+ -+ def test_decode_warnings(self): -+ decode = codecs.unicode_escape_decode -+ check = coding_checker(self, decode) - for i in range(97, 123): - b = bytes([i]) - if b not in b'abfnrtuvx': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % i): - check(b"\\" + b, "\\" + chr(i)) - if b.upper() not in b'UN': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % (i-32)): - check(b"\\" + b.upper(), "\\" + chr(i-32)) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\8'"): - check(br"\8", "\\8") - with self.assertWarns(DeprecationWarning): - check(br"\9", "\\9") -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\\xfa'") as cm: - check(b"\\\xfa", "\\\xfa") - for i in range(0o400, 0o1000): -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\%o'" % i): - check(rb'\%o' % i, chr(i)) - -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\z'"): -+ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\501'"): -+ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) -+ - def test_decode_errors(self): - decode = codecs.unicode_escape_decode - for c, d in (b'x', 2), (b'u', 4), (b'U', 4): ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -@@ -0,0 +1,2 @@ -+Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error -+handler. ---- a/Objects/bytesobject.c -+++ b/Objects/bytesobject.c -@@ -1057,10 +1057,11 @@ _PyBytes_FormatEx(const char *format, Py - } - - /* Unescape a backslash-escaped string. */ --PyObject *_PyBytes_DecodeEscape(const char *s, -+PyObject *_PyBytes_DecodeEscape2(const char *s, - Py_ssize_t len, - const char *errors, -- const char **first_invalid_escape) -+ int *first_invalid_escape_char, -+ const char **first_invalid_escape_ptr) - { - int c; - char *p; -@@ -1074,7 +1075,8 @@ PyObject *_PyBytes_DecodeEscape(const ch - return NULL; - writer.overallocate = 1; - -- *first_invalid_escape = NULL; -+ *first_invalid_escape_char = -1; -+ *first_invalid_escape_ptr = NULL; - - end = s + len; - while (s < end) { -@@ -1112,9 +1114,10 @@ PyObject *_PyBytes_DecodeEscape(const ch - c = (c<<3) + *s++ - '0'; - } - if (c > 0377) { -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-3; /* Back up 3 chars, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = c; -+ /* Back up 3 chars, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 3; - } - } - *p++ = c; -@@ -1155,9 +1158,10 @@ PyObject *_PyBytes_DecodeEscape(const ch - break; - - default: -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-1; /* Back up one char, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = (unsigned char)s[-1]; -+ /* Back up one char, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 1; - } - *p++ = '\\'; - s--; -@@ -1171,23 +1175,39 @@ PyObject *_PyBytes_DecodeEscape(const ch - return NULL; - } - -+// Export for binary compatibility. -+PyObject *_PyBytes_DecodeEscape(const char *s, -+ Py_ssize_t len, -+ const char *errors, -+ const char **first_invalid_escape) -+{ -+ int first_invalid_escape_char; -+ return _PyBytes_DecodeEscape2( -+ s, len, errors, -+ &first_invalid_escape_char, -+ first_invalid_escape); -+} -+ - PyObject *PyBytes_DecodeEscape(const char *s, - Py_ssize_t len, - const char *errors, - Py_ssize_t Py_UNUSED(unicode), - const char *Py_UNUSED(recode_encoding)) - { -- const char* first_invalid_escape; -- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, -- &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) - return NULL; -- if (first_invalid_escape != NULL) { -- unsigned char c = *first_invalid_escape; -- if ('4' <= c && c <= '7') { -+ if (first_invalid_escape_char != -1) { -+ if (first_invalid_escape_char > 0xff) { -+ char buf[12] = ""; -+ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, -- "invalid octal escape sequence '\\%.3s'", -- first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%s'", -+ buf) < 0) - { - Py_DECREF(result); - return NULL; -@@ -1196,7 +1216,7 @@ PyObject *PyBytes_DecodeEscape(const cha - else { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", -- c) < 0) -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; ---- a/Objects/unicodeobject.c -+++ b/Objects/unicodeobject.c -@@ -6301,20 +6301,23 @@ PyUnicode_AsUTF16String(PyObject *unicod - static _PyUnicode_Name_CAPI *ucnhash_capi = NULL; - - PyObject * --_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, -+_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, - Py_ssize_t size, - const char *errors, - Py_ssize_t *consumed, -- const char **first_invalid_escape) -+ int *first_invalid_escape_char, -+ const char **first_invalid_escape_ptr) - { - const char *starts = s; -+ const char *initial_starts = starts; - _PyUnicodeWriter writer; - const char *end; - PyObject *errorHandler = NULL; - PyObject *exc = NULL; - - // so we can remember if we've seen an invalid escape char or not -- *first_invalid_escape = NULL; -+ *first_invalid_escape_char = -1; -+ *first_invalid_escape_ptr = NULL; - - if (size == 0) { - if (consumed) { -@@ -6402,9 +6405,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c - } - } - if (ch > 0377) { -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-3; /* Back up 3 chars, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = ch; -+ if (starts == initial_starts) { -+ /* Back up 3 chars, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 3; -+ } - } - } - WRITE_CHAR(ch); -@@ -6503,9 +6509,12 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c - goto error; - - default: -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-1; /* Back up one char, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = c; -+ if (starts == initial_starts) { -+ /* Back up one char, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 1; -+ } - } - WRITE_ASCII_CHAR('\\'); - WRITE_CHAR(c); -@@ -6544,24 +6553,42 @@ _PyUnicode_DecodeUnicodeEscapeInternal(c - return NULL; - } - -+// Export for binary compatibility. -+PyObject * -+_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, -+ Py_ssize_t size, -+ const char *errors, -+ Py_ssize_t *consumed, -+ const char **first_invalid_escape) -+{ -+ int first_invalid_escape_char; -+ return _PyUnicode_DecodeUnicodeEscapeInternal2( -+ s, size, errors, consumed, -+ &first_invalid_escape_char, -+ first_invalid_escape); -+} -+ - PyObject * - _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, - Py_ssize_t size, - const char *errors, - Py_ssize_t *consumed) - { -- const char *first_invalid_escape; -- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, - consumed, -- &first_invalid_escape); -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) - return NULL; -- if (first_invalid_escape != NULL) { -- unsigned char c = *first_invalid_escape; -- if ('4' <= c && c <= '7') { -+ if (first_invalid_escape_char != -1) { -+ if (first_invalid_escape_char > 0xff) { -+ char buf[12] = ""; -+ snprintf(buf, sizeof buf, "%o", first_invalid_escape_char); - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, -- "invalid octal escape sequence '\\%.3s'", -- first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%s'", -+ buf) < 0) - { - Py_DECREF(result); - return NULL; -@@ -6570,7 +6597,7 @@ _PyUnicode_DecodeUnicodeEscapeStateful(c - else { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", -- c) < 0) -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; ---- a/Parser/string_parser.c -+++ b/Parser/string_parser.c -@@ -130,12 +130,15 @@ decode_unicode_with_escapes(Parser *pars - len = p - buf; - s = buf; - -- const char *first_invalid_escape; -- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - -- if (v != NULL && first_invalid_escape != NULL) { -- if (warn_invalid_escape_sequence(parser, first_invalid_escape, t) < 0) { -- /* We have not decref u before because first_invalid_escape points -+ if (v != NULL && first_invalid_escape_ptr != NULL) { -+ if (warn_invalid_escape_sequence(parser, first_invalid_escape_ptr, t) < 0) { -+ /* We have not decref u before because first_invalid_escape_ptr points - inside u. */ - Py_XDECREF(u); - Py_DECREF(v); -@@ -149,14 +152,17 @@ decode_unicode_with_escapes(Parser *pars - static PyObject * - decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) - { -- const char *first_invalid_escape; -- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) { - return NULL; - } - -- if (first_invalid_escape != NULL) { -- if (warn_invalid_escape_sequence(p, first_invalid_escape, t) < 0) { -+ if (first_invalid_escape_ptr != NULL) { -+ if (warn_invalid_escape_sequence(p, first_invalid_escape_ptr, t) < 0) { - Py_DECREF(result); - return NULL; - } diff --git a/Python-3.11.12.tar.xz b/Python-3.11.12.tar.xz deleted file mode 100644 index e2b3c80..0000000 --- a/Python-3.11.12.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:849da87af4df137710c1796e276a955f7a85c9f971081067c8f565d15c352a09 -size 20112232 diff --git a/Python-3.11.12.tar.xz.sigstore b/Python-3.11.12.tar.xz.sigstore deleted file mode 100644 index 36fb8a6..0000000 --- a/Python-3.11.12.tar.xz.sigstore +++ /dev/null @@ -1 +0,0 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUdXXo3kfUuTRxhwfBaDz2hbLdc00wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTUwMzI1WhcNMjUwNDA4MTUxMzI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEChWB96w27HEQAug03xOuj5aVvdcEBkLaseC6PKbhc3lq1vL78o96RMSdWdBSmBQ4OrRHKvop8VRwn4SI6KPIN6OCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUDQFNdUPu8lJprLgYTWMF//JnS0owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFe1zcgAABAMARzBFAiAMLue9b86BfjeZl9ML7LekLskkUPTEhI2ciiZrYgaF/gIhAIt66OYOVpC39L+bRXJd1K+T39IGMxYcKoaDrMk0DX59MAoGCCqGSM49BAMDA2cAMGQCMEJ+IEScHRIlOwToBZxVVJjrSxOVvqRSfUO5hvYNkqhYz97LxxUFWpcB/DMiQJOUbwIwKJRh5d7c30z1XyE5zsjOZZmz37ah6aJtyuHLCn3QKJniWBMxIMy9lbXlRZWZgsf0"}, "tlogEntries": [{"logIndex": "193896942", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744124605", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBvc4N4pmeJKalSbAgT5X5MiHnHfiFJ3q/ifYIUDQORwIgNCMUBexEGM4B8VSSWkSDK8uZDGqzA7bgurZdWE0z/vc="}, "inclusionProof": {"logIndex": "71992680", "rootHash": "jow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=", "treeSize": "71992683", "hashes": ["V5p0el9OkIku5PMpzeGtSeSQLNkd4d0DVh6qNlixrlk=", "CbJfH60w3vsS3xzOzbMZQaokwVM+6efm7OCLjQ5og/k=", "fJZsSVsDo+dpw5484/+8Rm3EH3JostySBfLMVDBUZOU=", "/C+wK2WU/SrXLMnuHDzeBP4K+Jlt/S0nAvzvcXJPp30=", "m6j5meZeKpBfFqNeI7qiCogWjT2IT5NZkgJYwot9sRo=", "V7VMIiqIq7yvzO+ic8vLqIJr3+iGA6whYAGN7YvWhsQ=", "2ap6N1WIsMWGC/Zrnzsx//K9223/3B9lLpJP87M+rXE=", "2kwW2rqY/EMS68q/rOjagVYsEMybFHgxIfbokSa8yKU=", "QReFEOB9XSZtDKsjRtA0fGnYGMYD2Z7qn50auG1YlWo=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71992683\njow4GaqK8wgGK0YaQkHyINNk1eJRvrgCUSax5oC+bgc=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEA7u1b4P659JpwuXMf6lhvC1RhOj/ZH7CpYcAQbitQSwUCIQDJrflW8FGweaiB88lSuLfpfD/a6l6jWhUyOQB/mIJ9rA==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NDlkYTg3YWY0ZGYxMzc3MTBjMTc5NmUyNzZhOTU1ZjdhODVjOWY5NzEwODEwNjdjOGY1NjVkMTVjMzUyYTA5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRnMzQi9oTk9OMVY2TXFaUkxzRmNHNlU2Qjkza2FsL1VLZWsvYkRVb3o2MUFpQWZydmsrWXpjK0hHZGJYemRRQ203cjlKU2RNUCtuR1BOblVCZzFoSnAySVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlpGaFliek5yWmxWMVZGSjRhSGRtUW1GRWVqSm9Za3hrWXpBd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZGVjNUWHBKTVZkb1kwNU5hbFYzVGtSQk5FMVVWWGhOZWtreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZEYUZkQ09UWjNNamRJUlZGQmRXY3dNM2hQZFdvMVlWWjJaR05GUW10TVlYTmxRellLVUV0aWFHTXpiSEV4ZGt3M09HODVObEpOVTJSWFpFSlRiVUpSTkU5eVVraExkbTl3T0ZaU2QyNDBVMGsyUzFCSlRqWlBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZFVVVaT0NtUlZVSFU0YkVwd2NreG5XVlJYVFVZdkwwcHVVekJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdaVEY2WTJkQlFRcENRVTFCVW5wQ1JrRnBRVTFNZFdVNVlqZzJRbVpxWlZwc09VMU1OMHhsYTB4emEydFZVRlJGYUVreVkybHBXbkpaWjJGR0wyZEphRUZKZERZMlQxbFBDbFp3UXpNNVRDdGlVbGhLWkRGTEsxUXpPVWxIVFhoWlkwdHZZVVJ5VFdzd1JGZzFPVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUZTaXNLU1VWVFkwaFNTV3hQZDFSdlFscDRWbFpLYW5KVGVFOVdkbkZTVTJaVlR6Vm9kbGxPYTNGb1dYbzVOMHg0ZUZWR1YzQmpRaTlFVFdsUlNrOVZZbmRKZHdwTFNsSm9OV1EzWXpNd2VqRlllVVUxZW5OcVQxcGFiWG96TjJGb05tRktkSGwxU0V4RGJqTlJTMHB1YVZkQ1RYaEpUWGs1YkdKWWJGSmFWMXBuYzJZd0NpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "hJ2oevTfE3cQwXluJ2qVX3qFyflxCBBnyPVl0Vw1Kgk="}, "signature": "MEQCIFs3B/hNON1V6MqZRLsFcG6U6B93kal/UKek/bDUoz61AiAfrvk+Yzc+HGdbXzdQCm7r9JSdMP+nGPNnUBg1hJp2IQ=="}} diff --git a/Python-3.11.13.tar.xz b/Python-3.11.13.tar.xz new file mode 100644 index 0000000..80a2b4d --- /dev/null +++ b/Python-3.11.13.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8fb5f9fbc7609fa822cb31549884575db7fd9657cbffb89510b5d7975963a83a +size 20117496 diff --git a/Python-3.11.13.tar.xz.sigstore b/Python-3.11.13.tar.xz.sigstore new file mode 100644 index 0000000..a6d0be7 --- /dev/null +++ b/Python-3.11.13.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUfnOGm4U1QCsCXWiDvPy5Tgni2HUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTkyNzM1WhcNMjUwNjAzMTkzNzM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpTsf/wrCdu4Domf4WOtO4CLkj51wmj4iesYv5N6DYhghPjqQFwGYI9gFc/WX6QMIWh5YHU2NGxrmM7KfbAYzz6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUkQ2/O4Fivj1bTq7NTQczm1RdtYAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXN0NwGwAABAMASDBGAiEA6pD8PjS+5z2SQre/NS/wOdFSjVMsxvtfF6A1jg+1T3YCIQDC44S/Z3c0dNddM7EkE+A3j7Vft3hqRUoFkNe4U6g5qTAKBggqhkjOPQQDAwNoADBlAjA6lBI2r3KCZFc+2affpH3S3Xj3gMOKh8Lr5Z7TgkGp3Q6QsnExGmJJ0leXhqH6rQkCMQDfxk/6DyhbO7KTrIUfmrbZoa7dV75cresJS69Xk67XN57qsqY52DZj9o4fbUIw4ro="}, "tlogEntries": [{"logIndex": "228953871", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748978856", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQC9nXmfcRqyOL2Zmw1zI7+kulTbmDE3Yfzew81mXJGU4QIgF8Uhdg2uzttSA6erOuEchX68PCyJ0cVFHE0XJX2+ZfE="}, "inclusionProof": {"logIndex": "107049609", "rootHash": "Ilofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=", "treeSize": "107049610", "hashes": ["AcD1iyjU7nuIPqAq29ynz7PEdq6zPXglj6e2tkH+/do=", "1BNDCN01B3dbUo/TfLaQgKIYTvPyrkcrHKd69GxuF2E=", "t59A0CV2pHM2S9AgZgcEA6FbXhgNZGo0jMRIXHiqsJ0=", "bCrkgWpJ8MBic+mIfCRsKi+5XAMqgM8Lc6G0LLfzZ7M=", "4iwdOrGkcqdN0qqZUx/gv8a8qpLMqVj8aXRVmhQ558c=", "mAX/zvx1jR0ujLtDApsQpHyxmoDGidClHMOn0BX1aQA=", "u5LKLBPTYgXZg0fBi6/8LuEeNy3EBAxJF0AkkB4Co6E=", "SPUVncwJRVX/n/RICCYqLpAzraqx7S0eMdXRr1RLRgg=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107049610\nIlofw5POqC/C3zqfrdMQP1DyhNW+UfB9fHdjrbK6qaM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAjtzTnsnrGx0G3Dg99s89cPUh6EA+cxkicQ9j4qYU60wCIQCKcAL4kdakbq2JrBVgk7bRNf3FoJRrEI6SCjv16f7Crg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZmI1ZjlmYmM3NjA5ZmE4MjJjYjMxNTQ5ODg0NTc1ZGI3ZmQ5NjU3Y2JmZmI4OTUxMGI1ZDc5NzU5NjNhODNhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUM5Q1JZRjNSWGUzdDNxQlBJd2UrR3pMMTJCOXVLTjIrRFpWa2JjZW1FTS93SWdPMDFKaVhnbUJxZEN5RVhoM05JUEt5QlRBb2hpcjZHTkhZdXhiSUxKNDlRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlptNVBSMjAwVlRGUlEzTkRXRmRwUkhaUWVUVlVaMjVwTWtoVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHdDVUbnBOTVZkb1kwNU5hbFYzVG1wQmVrMVVhM3BPZWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ3VkhObUwzZHlRMlIxTkVSdmJXWTBWMDkwVHpSRFRHdHFOVEYzYldvMGFXVnpXWFlLTlU0MlJGbG9aMmhRYW5GUlJuZEhXVWs1WjBaakwxZFlObEZOU1Zkb05WbElWVEpPUjNoeWJVMDNTMlppUVZsNmVqWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZyVVRJdkNrODBSbWwyYWpGaVZIRTNUbFJSWTNwdE1WSmtkRmxCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9NRTUzUjNkQlFRcENRVTFCVTBSQ1IwRnBSVUUyY0VRNFVHcFRLelY2TWxOUmNtVXZUbE12ZDA5a1JsTnFWazF6ZUhaMFprWTJRVEZxWnlzeFZETlpRMGxSUkVNME5GTXZDbG96WXpCa1RtUmtUVGRGYTBVclFUTnFOMVptZEROb2NWSlZiMFpyVG1VMFZUWm5OWEZVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRVFlLYkVKSk1uSXpTME5hUm1Nck1tRm1abkJJTTFNeldHb3paMDFQUzJnNFRISTFXamRVWjJ0SGNETlJObEZ6YmtWNFIyMUtTakJzWlZob2NVZzJjbEZyUXdwTlVVUm1lR3N2TmtSNWFHSlBOMHRVY2tsVlptMXlZbHB2WVRka1ZqYzFZM0psYzBwVE5qbFlhelkzV0U0MU4zRnpjVmsxTWtSYWFqbHZOR1ppVlVsM0NqUnliejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "j7X5+8dgn6giyzFUmIRXXbf9llfL/7iVELXXl1ljqDo="}, "signature": "MEUCIQC9CRYF3RXe3t3qBPIwe+GzL12B9uKN2+DZVkbcemEM/wIgO01JiXgmBqdCyEXh3NIPKyBTAohir6GNHYuxbILJ49Q="}} diff --git a/add-loongarch64-support.patch b/add-loongarch64-support.patch index f0c8035..10cc846 100644 --- a/add-loongarch64-support.patch +++ b/add-loongarch64-support.patch @@ -1,5 +1,9 @@ Description: Add platform triplets for LoongArch. +--- + configure.ac | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + --- a/configure.ac +++ b/configure.ac @@ -976,6 +976,20 @@ cat > conftest.c <`. @@ -15,7 +13,7 @@ Index: Python-3.11.12/Doc/using/configure.rst .. option:: --with-cxx-main=COMPILER Compile the Python ``main()`` function and link Python executable with C++ -@@ -529,13 +528,11 @@ +@@ -529,13 +528,11 @@ macOS Options See ``Mac/README.rst``. @@ -29,11 +27,9 @@ Index: Python-3.11.12/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.12/Misc/NEWS -=================================================================== ---- Python-3.11.12.orig/Misc/NEWS 2025-04-08 16:15:29.000000000 +0200 -+++ Python-3.11.12/Misc/NEWS 2025-04-11 10:52:39.425550531 +0200 -@@ -9872,7 +9872,7 @@ +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -9911,7 +9911,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch b/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch deleted file mode 100644 index 292efba..0000000 --- a/gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 3d390148c05a7ea2d401c4633e7d4db75ebf97d9 Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Thu, 7 Nov 2024 11:07:02 +0100 -Subject: [PATCH] gh-126500: test_ssl: Don't stop ThreadedEchoServer on OSError - in ConnectionHandler; rely on __exit__ (GH-126503) - -If `read()` in the ConnectionHandler thread raises `OSError` (except `ConnectionError`), -the ConnectionHandler shuts down the entire ThreadedEchoServer, -preventing further connections. -It also does that for `EPROTOTYPE` in `wrap_conn`. - -As far as I can see, this is done to avoid the server thread getting stuck, -forgotten, in its accept loop. However, since 2011 (5b95eb90a7167285b6544b50865227c584943c9a) -the server is used as a context manager, and its `__exit__` does `stop()` and `join()`. -(I'm not sure if we *always* used `with` since that commit, but currently we do.) - -Make sure that the context manager *is* used, and remove the `server.stop()` -calls from ConnectionHandler. -(cherry picked from commit c9cda1608edf7664c10f4f467e24591062c2fe62) - -Co-authored-by: Petr Viktorin ---- - Lib/test/test_ssl.py | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -Index: Python-3.11.12/Lib/test/test_ssl.py -=================================================================== ---- Python-3.11.12.orig/Lib/test/test_ssl.py 2025-04-19 19:55:02.157545844 +0200 -+++ Python-3.11.12/Lib/test/test_ssl.py 2025-04-19 19:55:05.014552345 +0200 -@@ -2516,7 +2516,6 @@ - # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ - if e.errno != errno.EPROTOTYPE and sys.platform != "darwin": - self.running = False -- self.server.stop() - self.close() - return False - else: -@@ -2651,10 +2650,6 @@ - self.close() - self.running = False - -- # normally, we'd just stop here, but for the test -- # harness, we want to stop the server -- self.server.stop() -- - def __init__(self, certificate=None, ssl_version=None, - certreqs=None, cacerts=None, - chatty=True, connectionchatty=False, starttls_server=False, -@@ -2688,21 +2683,33 @@ - self.conn_errors = [] - threading.Thread.__init__(self) - self.daemon = True -+ self._in_context = False - - def __enter__(self): -+ if self._in_context: -+ raise ValueError('Re-entering ThreadedEchoServer context') -+ self._in_context = True - self.start(threading.Event()) - self.flag.wait() - return self - - def __exit__(self, *args): -+ assert self._in_context -+ self._in_context = False - self.stop() - self.join() - - def start(self, flag=None): -+ if not self._in_context: -+ raise ValueError( -+ 'ThreadedEchoServer must be used as a context manager') - self.flag = flag - threading.Thread.start(self) - - def run(self): -+ if not self._in_context: -+ raise ValueError( -+ 'ThreadedEchoServer must be used as a context manager') - self.sock.settimeout(1.0) - self.sock.listen(5) - self.active = True diff --git a/python311.changes b/python311.changes index 323f0c5..35d93e5 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Mon Jun 9 17:19:32 UTC 2025 - Matej Cepl + +- Update to 3.11.13: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") to be + bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch + - CVE-2025-4516-DecodeError-handler.patch + ------------------------------------------------------------------- Thu May 22 13:01:17 UTC 2025 - Matej Cepl diff --git a/python311.spec b/python311.spec index 95d07f7..51d6365 100644 --- a/python311.spec +++ b/python311.spec @@ -107,7 +107,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.11.12 +Version: 3.11.13 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -186,12 +186,6 @@ Patch19: bso1227999-reproducible-builds.patch Patch22: gh120226-fix-sendfile-test-kernel-610.patch # PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com Patch24: add-loongarch64-support.patch -# PATCH-FIX-UPSTREAM gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch bsc#1241067 mcepl@suse.com -# don't stop ThreadedEchoServer on OSError, makes test_ssl fail with OpenSSL 3.5 -Patch25: gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch -# PATCH-FIX-UPSTREAM CVE-2025-4516-DecodeError-handler.patch bsc#1243273 mcepl@suse.com -# this patch makes things totally awesome -Patch26: CVE-2025-4516-DecodeError-handler.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: crypto-policies-scripts