diff --git a/CVE-2025-4516-DecodeError-handler.patch b/CVE-2025-4516-DecodeError-handler.patch deleted file mode 100644 index fc761c2..0000000 --- a/CVE-2025-4516-DecodeError-handler.patch +++ /dev/null @@ -1,520 +0,0 @@ -From a75953b347716fff694aa59a7c7c2489fa50d1f5 Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Tue, 20 May 2025 15:46:57 +0300 -Subject: [PATCH] [3.12] gh-133767: Fix use-after-free in the unicode-escape - decoder with an error handler (GH-129648) (GH-133944) - -If the error handler is used, a new bytes object is created to set as -the object attribute of UnicodeDecodeError, and that bytes object then -replaces the original data. A pointer to the decoded data will became invalid -after destroying that temporary bytes object. So we need other way to return -the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). - -_PyBytes_DecodeEscape() does not have such issue, because it does not -use the error handlers registry, but it should be changed for compatibility -with _PyUnicode_DecodeUnicodeEscapeInternal(). -(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) -(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) - -Co-authored-by: Serhiy Storchaka ---- - Include/cpython/bytesobject.h | 4 - Include/cpython/unicodeobject.h | 13 ++ - Lib/test/test_codeccallbacks.py | 39 ++++++ - Lib/test/test_codecs.py | 52 ++++++-- - Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst | 2 - Objects/bytesobject.c | 54 +++++--- - Objects/unicodeobject.c | 61 +++++++--- - Parser/string_parser.c | 26 ++-- - 8 files changed, 194 insertions(+), 57 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst - -Index: Python-3.12.10/Include/cpython/bytesobject.h -=================================================================== ---- Python-3.12.10.orig/Include/cpython/bytesobject.h 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Include/cpython/bytesobject.h 2025-05-22 12:38:07.205729906 +0000 -@@ -25,6 +25,10 @@ - int use_bytearray); - - /* Helper for PyBytes_DecodeEscape that detects invalid escape chars. */ -+PyAPI_FUNC(PyObject*) _PyBytes_DecodeEscape2(const char *, Py_ssize_t, -+ const char *, -+ int *, const char **); -+// Export for binary compatibility. - PyAPI_FUNC(PyObject *) _PyBytes_DecodeEscape(const char *, Py_ssize_t, - const char *, const char **); - -Index: Python-3.12.10/Include/cpython/unicodeobject.h -=================================================================== ---- Python-3.12.10.orig/Include/cpython/unicodeobject.h 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Include/cpython/unicodeobject.h 2025-05-22 12:38:07.205905378 +0000 -@@ -684,6 +684,19 @@ - ); - /* Helper for PyUnicode_DecodeUnicodeEscape that detects invalid escape - chars. */ -+PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal2( -+ const char *string, /* Unicode-Escape encoded string */ -+ Py_ssize_t length, /* size of string */ -+ const char *errors, /* error handling */ -+ Py_ssize_t *consumed, /* bytes consumed */ -+ int *first_invalid_escape_char, /* on return, if not -1, contain the first -+ invalid escaped char (<= 0xff) or invalid -+ octal escape (> 0xff) in string. */ -+ const char **first_invalid_escape_ptr); /* on return, if not NULL, may -+ point to the first invalid escaped -+ char in string. -+ May be NULL if errors is not NULL. */ -+// Export for binary compatibility. - PyAPI_FUNC(PyObject*) _PyUnicode_DecodeUnicodeEscapeInternal( - const char *string, /* Unicode-Escape encoded string */ - Py_ssize_t length, /* size of string */ -Index: Python-3.12.10/Lib/test/test_codeccallbacks.py -=================================================================== ---- Python-3.12.10.orig/Lib/test/test_codeccallbacks.py 2025-05-22 12:37:58.935377659 +0000 -+++ Python-3.12.10/Lib/test/test_codeccallbacks.py 2025-05-22 12:38:07.206131787 +0000 -@@ -1,6 +1,7 @@ - import codecs - import html.entities - import itertools -+import re - import sys - import unicodedata - import unittest -@@ -1124,7 +1125,7 @@ - text = 'abcghi'*n - text.translate(charmap) - -- def test_mutatingdecodehandler(self): -+ def test_mutating_decode_handler(self): - baddata = [ - ("ascii", b"\xff"), - ("utf-7", b"++"), -@@ -1159,6 +1160,42 @@ - for (encoding, data) in baddata: - self.assertEqual(data.decode(encoding, "test.mutating"), "\u4242") - -+ def test_mutating_decode_handler_unicode_escape(self): -+ decode = codecs.unicode_escape_decode -+ def mutating(exc): -+ if isinstance(exc, UnicodeDecodeError): -+ r = data.get(exc.object[:exc.end]) -+ if r is not None: -+ exc.object = r[0] + exc.object[exc.end:] -+ return ('\u0404', r[1]) -+ raise AssertionError("don't know how to handle %r" % exc) -+ -+ codecs.register_error('test.mutating2', mutating) -+ data = { -+ br'\x0': (b'\\', 0), -+ br'\x3': (b'xxx\\', 3), -+ br'\x5': (b'x\\', 1), -+ } -+ def check(input, expected, msg): -+ with self.assertWarns(DeprecationWarning) as cm: -+ self.assertEqual(decode(input, 'test.mutating2'), (expected, len(input))) -+ self.assertIn(msg, str(cm.warning)) -+ -+ check(br'\x0n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x0n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x0z', '\u0404\\z', r"invalid escape sequence '\z'") -+ -+ check(br'\x3n\zr', '\u0404\n\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3zr', '\u0404\\zr', r"invalid escape sequence '\z'") -+ check(br'\x3z5', '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5x')[:-1], '\u0404\\z5', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x3z5xy')[:-2], '\u0404\\z5', r"invalid escape sequence '\z'") -+ -+ check(br'\x5n\z', '\u0404\n\\z', r"invalid escape sequence '\z'") -+ check(br'\x5n\501', '\u0404\n\u0141', r"invalid octal escape sequence '\501'") -+ check(br'\x5z', '\u0404\\z', r"invalid escape sequence '\z'") -+ check(memoryview(br'\x5zy')[:-1], '\u0404\\z', r"invalid escape sequence '\z'") -+ - # issue32583 - def test_crashing_decode_handler(self): - # better generating one more character to fill the extra space slot -Index: Python-3.12.10/Lib/test/test_codecs.py -=================================================================== ---- Python-3.12.10.orig/Lib/test/test_codecs.py 2025-05-22 12:37:58.952566393 +0000 -+++ Python-3.12.10/Lib/test/test_codecs.py 2025-05-22 12:38:07.206633606 +0000 -@@ -1196,23 +1196,39 @@ - check(br"[\1010]", b"[A0]") - check(br"[\x41]", b"[A]") - check(br"[\x410]", b"[A0]") -+ -+ def test_warnings(self): -+ decode = codecs.escape_decode -+ check = coding_checker(self, decode) - for i in range(97, 123): - b = bytes([i]) - if b not in b'abfnrtvx': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % i): - check(b"\\" + b, b"\\" + b) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % (i-32)): - check(b"\\" + b.upper(), b"\\" + b.upper()) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\8'"): - check(br"\8", b"\\8") - with self.assertWarns(DeprecationWarning): - check(br"\9", b"\\9") -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\\xfa'") as cm: - check(b"\\\xfa", b"\\\xfa") - for i in range(0o400, 0o1000): -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\%o'" % i): - check(rb'\%o' % i, bytes([i & 0o377])) - -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\z'"): -+ self.assertEqual(decode(br'\x\z', 'ignore'), (b'\\z', 4)) -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\501'"): -+ self.assertEqual(decode(br'\x\501', 'ignore'), (b'A', 6)) -+ - def test_errors(self): - decode = codecs.escape_decode - self.assertRaises(ValueError, decode, br"\x") -@@ -2479,24 +2495,40 @@ - check(br"[\x410]", "[A0]") - check(br"\u20ac", "\u20ac") - check(br"\U0001d120", "\U0001d120") -+ -+ def test_decode_warnings(self): -+ decode = codecs.unicode_escape_decode -+ check = coding_checker(self, decode) - for i in range(97, 123): - b = bytes([i]) - if b not in b'abfnrtuvx': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % i): - check(b"\\" + b, "\\" + chr(i)) - if b.upper() not in b'UN': -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\%c'" % (i-32)): - check(b"\\" + b.upper(), "\\" + chr(i-32)) -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\8'"): - check(br"\8", "\\8") - with self.assertWarns(DeprecationWarning): - check(br"\9", "\\9") -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\\xfa'") as cm: - check(b"\\\xfa", "\\\xfa") - for i in range(0o400, 0o1000): -- with self.assertWarns(DeprecationWarning): -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\%o'" % i): - check(rb'\%o' % i, chr(i)) - -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid escape sequence '\\z'"): -+ self.assertEqual(decode(br'\x\z', 'ignore'), ('\\z', 4)) -+ with self.assertWarnsRegex(DeprecationWarning, -+ r"invalid octal escape sequence '\\501'"): -+ self.assertEqual(decode(br'\x\501', 'ignore'), ('\u0141', 6)) -+ - def test_decode_errors(self): - decode = codecs.unicode_escape_decode - for c, d in (b'x', 2), (b'u', 4), (b'U', 4): -Index: Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.10/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst 2025-05-22 12:38:07.207057599 +0000 -@@ -0,0 +1,2 @@ -+Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error -+handler. -Index: Python-3.12.10/Objects/bytesobject.c -=================================================================== ---- Python-3.12.10.orig/Objects/bytesobject.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Objects/bytesobject.c 2025-05-22 12:38:07.207534041 +0000 -@@ -1048,10 +1048,11 @@ - } - - /* Unescape a backslash-escaped string. */ --PyObject *_PyBytes_DecodeEscape(const char *s, -+PyObject *_PyBytes_DecodeEscape2(const char *s, - Py_ssize_t len, - const char *errors, -- const char **first_invalid_escape) -+ int *first_invalid_escape_char, -+ const char **first_invalid_escape_ptr) - { - int c; - char *p; -@@ -1065,7 +1066,8 @@ - return NULL; - writer.overallocate = 1; - -- *first_invalid_escape = NULL; -+ *first_invalid_escape_char = -1; -+ *first_invalid_escape_ptr = NULL; - - end = s + len; - while (s < end) { -@@ -1103,9 +1105,10 @@ - c = (c<<3) + *s++ - '0'; - } - if (c > 0377) { -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-3; /* Back up 3 chars, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = c; -+ /* Back up 3 chars, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 3; - } - } - *p++ = c; -@@ -1146,9 +1149,10 @@ - break; - - default: -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-1; /* Back up one char, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = (unsigned char)s[-1]; -+ /* Back up one char, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 1; - } - *p++ = '\\'; - s--; -@@ -1162,23 +1166,37 @@ - return NULL; - } - -+// Export for binary compatibility. -+PyObject *_PyBytes_DecodeEscape(const char *s, -+ Py_ssize_t len, -+ const char *errors, -+ const char **first_invalid_escape) -+{ -+ int first_invalid_escape_char; -+ return _PyBytes_DecodeEscape2( -+ s, len, errors, -+ &first_invalid_escape_char, -+ first_invalid_escape); -+} -+ - PyObject *PyBytes_DecodeEscape(const char *s, - Py_ssize_t len, - const char *errors, - Py_ssize_t Py_UNUSED(unicode), - const char *Py_UNUSED(recode_encoding)) - { -- const char* first_invalid_escape; -- PyObject *result = _PyBytes_DecodeEscape(s, len, errors, -- &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyBytes_DecodeEscape2(s, len, errors, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) - return NULL; -- if (first_invalid_escape != NULL) { -- unsigned char c = *first_invalid_escape; -- if ('4' <= c && c <= '7') { -+ if (first_invalid_escape_char != -1) { -+ if (first_invalid_escape_char > 0xff) { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, -- "invalid octal escape sequence '\\%.3s'", -- first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -@@ -1187,7 +1205,7 @@ - else { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", -- c) < 0) -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -Index: Python-3.12.10/Objects/unicodeobject.c -=================================================================== ---- Python-3.12.10.orig/Objects/unicodeobject.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Objects/unicodeobject.c 2025-05-22 12:38:07.209060814 +0000 -@@ -6046,13 +6046,15 @@ - /* --- Unicode Escape Codec ----------------------------------------------- */ - - PyObject * --_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, -+_PyUnicode_DecodeUnicodeEscapeInternal2(const char *s, - Py_ssize_t size, - const char *errors, - Py_ssize_t *consumed, -- const char **first_invalid_escape) -+ int *first_invalid_escape_char, -+ const char **first_invalid_escape_ptr) - { - const char *starts = s; -+ const char *initial_starts = starts; - _PyUnicodeWriter writer; - const char *end; - PyObject *errorHandler = NULL; -@@ -6061,7 +6063,8 @@ - PyInterpreterState *interp = _PyInterpreterState_Get(); - - // so we can remember if we've seen an invalid escape char or not -- *first_invalid_escape = NULL; -+ *first_invalid_escape_char = -1; -+ *first_invalid_escape_ptr = NULL; - - if (size == 0) { - if (consumed) { -@@ -6149,9 +6152,12 @@ - } - } - if (ch > 0377) { -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-3; /* Back up 3 chars, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = ch; -+ if (starts == initial_starts) { -+ /* Back up 3 chars, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 3; -+ } - } - } - WRITE_CHAR(ch); -@@ -6252,9 +6258,12 @@ - goto error; - - default: -- if (*first_invalid_escape == NULL) { -- *first_invalid_escape = s-1; /* Back up one char, since we've -- already incremented s. */ -+ if (*first_invalid_escape_char == -1) { -+ *first_invalid_escape_char = c; -+ if (starts == initial_starts) { -+ /* Back up one char, since we've already incremented s. */ -+ *first_invalid_escape_ptr = s - 1; -+ } - } - WRITE_ASCII_CHAR('\\'); - WRITE_CHAR(c); -@@ -6293,24 +6302,40 @@ - return NULL; - } - -+// Export for binary compatibility. -+PyObject * -+_PyUnicode_DecodeUnicodeEscapeInternal(const char *s, -+ Py_ssize_t size, -+ const char *errors, -+ Py_ssize_t *consumed, -+ const char **first_invalid_escape) -+{ -+ int first_invalid_escape_char; -+ return _PyUnicode_DecodeUnicodeEscapeInternal2( -+ s, size, errors, consumed, -+ &first_invalid_escape_char, -+ first_invalid_escape); -+} -+ - PyObject * - _PyUnicode_DecodeUnicodeEscapeStateful(const char *s, - Py_ssize_t size, - const char *errors, - Py_ssize_t *consumed) - { -- const char *first_invalid_escape; -- PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal(s, size, errors, -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyUnicode_DecodeUnicodeEscapeInternal2(s, size, errors, - consumed, -- &first_invalid_escape); -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) - return NULL; -- if (first_invalid_escape != NULL) { -- unsigned char c = *first_invalid_escape; -- if ('4' <= c && c <= '7') { -+ if (first_invalid_escape_char != -1) { -+ if (first_invalid_escape_char > 0xff) { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, -- "invalid octal escape sequence '\\%.3s'", -- first_invalid_escape) < 0) -+ "invalid octal escape sequence '\\%o'", -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -@@ -6319,7 +6344,7 @@ - else { - if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1, - "invalid escape sequence '\\%c'", -- c) < 0) -+ first_invalid_escape_char) < 0) - { - Py_DECREF(result); - return NULL; -Index: Python-3.12.10/Parser/string_parser.c -=================================================================== ---- Python-3.12.10.orig/Parser/string_parser.c 2025-04-08 11:35:47.000000000 +0000 -+++ Python-3.12.10/Parser/string_parser.c 2025-05-22 12:38:07.209950694 +0000 -@@ -181,15 +181,18 @@ - len = p - buf; - s = buf; - -- const char *first_invalid_escape; -- v = _PyUnicode_DecodeUnicodeEscapeInternal(s, len, NULL, NULL, &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ v = _PyUnicode_DecodeUnicodeEscapeInternal2(s, (Py_ssize_t)len, NULL, NULL, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - - // HACK: later we can simply pass the line no, since we don't preserve the tokens - // when we are decoding the string but we preserve the line numbers. -- if (v != NULL && first_invalid_escape != NULL && t != NULL) { -- if (warn_invalid_escape_sequence(parser, s, first_invalid_escape, t) < 0) { -- /* We have not decref u before because first_invalid_escape points -- inside u. */ -+ if (v != NULL && first_invalid_escape_ptr != NULL && t != NULL) { -+ if (warn_invalid_escape_sequence(parser, s, first_invalid_escape_ptr, t) < 0) { -+ /* We have not decref u before because first_invalid_escape_ptr -+ points inside u. */ - Py_XDECREF(u); - Py_DECREF(v); - return NULL; -@@ -202,14 +205,17 @@ - static PyObject * - decode_bytes_with_escapes(Parser *p, const char *s, Py_ssize_t len, Token *t) - { -- const char *first_invalid_escape; -- PyObject *result = _PyBytes_DecodeEscape(s, len, NULL, &first_invalid_escape); -+ int first_invalid_escape_char; -+ const char *first_invalid_escape_ptr; -+ PyObject *result = _PyBytes_DecodeEscape2(s, len, NULL, -+ &first_invalid_escape_char, -+ &first_invalid_escape_ptr); - if (result == NULL) { - return NULL; - } - -- if (first_invalid_escape != NULL) { -- if (warn_invalid_escape_sequence(p, s, first_invalid_escape, t) < 0) { -+ if (first_invalid_escape_ptr != NULL) { -+ if (warn_invalid_escape_sequence(p, s, first_invalid_escape_ptr, t) < 0) { - Py_DECREF(result); - return NULL; - } diff --git a/Python-3.12.10.tar.xz b/Python-3.12.10.tar.xz deleted file mode 100644 index a673e29..0000000 --- a/Python-3.12.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:07ab697474595e06f06647417d3c7fa97ded07afc1a7e4454c5639919b46eaea -size 20520960 diff --git a/Python-3.12.10.tar.xz.asc b/Python-3.12.10.tar.xz.asc deleted file mode 100644 index 8283288..0000000 --- a/Python-3.12.10.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmf1EjJfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwXAwBAAncWm4sMrSvGW4bgyp7bHE0CeaA9ErIq55CmHfigrlxPKQUYVlzj38N7H -MVlpmqZSQ8wqDFy3gN0QeCXBGapxgO2dEcrgy5HxvtktXge25j1f7LvVraSFB9/F -DrOCZr54gVrE/r0242f1JmJQ1BDeMDSUbEYE6fd0xqWYCZ2xpzvYmQG/+6jD5FFC -UE6PYxJlq+rfSawj974//BDhrY4hZ3g0xxyiyhfXBBYMhZO3OzCckrAD5zZOQfNE -y/JK94nVWXLU/Lx3R+L7TvJgJ3ej4ggq5LRwrn09GU5jExwyITh4yUO7i56vbmvx -EtOobQC0RVz/xrsciJ4Gn3zByaO0XPjrGaCOU53nCsNlfJcBQhj2UQpum8CL9S9C -BJPCV4jL+Mo8EL91cJTyX4LqFoAXayMwPS0HKVOvYn33+pmVNe+duY/UjUpG50kw -jdsHbKAthh8QbSIO0VPk4eH3pVEQ3O9aG+3r/puGjPRWG8CMyLbQUVmlj4Sh3/Kh -vh7ydOjzJeuIUhAmFOLLqYG4mah71q1yBXx9jhyxzQSwvyoQaQwgpA+Yn+yB1bXy -ttxp2r4fS0ZvGYB44C1WrAxeKRI+J1z19i1IYMc2bV6SfSBoU9AaJqh2o4dMHHUS -F3Ko4UTyjU4bTfI18dCs2OgUEED6BAe5cs3ZyqDm3zL4fGIgNXs= -=k0VQ ------END PGP SIGNATURE----- diff --git a/Python-3.12.10.tar.xz.sigstore b/Python-3.12.10.tar.xz.sigstore deleted file mode 100644 index edb8a40..0000000 --- a/Python-3.12.10.tar.xz.sigstore +++ /dev/null @@ -1 +0,0 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyDCCAk+gAwIBAgIUV/pqMus1I52YzHj6d8XivxhMQIUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTIxMTIwWhcNMjUwNDA4MTIyMTIwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWygZnqBGHMJ6qn1QvD7+VsHJruX4Z3T9PUzXTmbl/fpD/n1GPY3Mp5pB50d6U2rfpbCSYERgppKvcuykX9qTaaOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUt8+5h4MSS5dk0L9D1ytJzB5Vs7QwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFU/nEwAABAMARjBEAiBIlU/EjElPuHeg0S/ByFOF7MDUsJus2IcrFZ1jOj/D1wIgEugM3UFxN3SFgLU+K9GMo6rciVW+P+9SQxiSrXDydrwwCgYIKoZIzj0EAwMDZwAwZAIwNkqoiOIKLy1qh7S7nijCh3pmS8ol+lP9vR19kzBLU0UseRpk/RHJQKL/aUHdFuOsAjBfHDXC7SC/3/659CBDEDR8tjGHB0wrgTOr3askW3HD70Xjnkgh6FCnrRTb3fLVKCE="}, "tlogEntries": [{"logIndex": "193829212", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744114280", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDBIo5pHwogbg/goPtkWgVyz8zFP/olU2b+OU3SrU1TxQIgGh9u+YsN9LPcQTyoa6wCQmcwyEixANgLIfSb9iMDj04="}, "inclusionProof": {"logIndex": "71924950", "rootHash": "UjYqyELsc0qjUIHDSygvBe1JfXf3lGvpJDFvzqH7MWY=", "treeSize": "71924951", "hashes": ["o8iZ18aF/C6mMqtk487ge7PxtY95U6iXJ8aGmYXsDgU=", "Fw/vO9/kdamS2X70S5CmsF2B31S2RUX9ey/YY6DCQdE=", "1SHDD4NA+lqeJ7CG3KQuHpxGYl96AfqFn35U2bXxa2M=", "5yOaWkOXu1U6FhwkSs/Q5LvlfzKaoIDmsjZuCp7d9+o=", "wwcWBqOQyJLSK5Nwv8la9mGM4JTdemmwnHJxjdS2+zM=", "TzNxImLzqcFj7Mw6ijhc3K+oqOOChRwEsN45HmmR5Dg=", "HuWZg7u4+Jt1xi9OThUa81qCPhcfNnk7f65sB+Ydo+4=", "Uhh7+7E3v+7XORukXCZuNmoD2orl9UZRSHY0l4VjPKk=", "3KxPDv8uRtvXjzsH0IV9lZeXU31GVI2JE78JftFzcgM=", "ZiXTzR4fu03x4ORDazcYIvmdsRcp0oLWMY0I0ewiDRw=", "wz8AVqzGBjixNiXtnCb16MFP7zOW54eYx/zJ/1Jey/E=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71924951\nUjYqyELsc0qjUIHDSygvBe1JfXf3lGvpJDFvzqH7MWY=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAcWE2EYs/YqdFFFfYRhXj7zoff3e6rDoGaffPaGnpWBwIgGaYvZPKB8qJLWt1KDBCDbqm7yqfGt7n3dErdPpIi1Xg=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIwN2FiNjk3NDc0NTk1ZTA2ZjA2NjQ3NDE3ZDNjN2ZhOTdkZWQwN2FmYzFhN2U0NDU0YzU2Mzk5MTliNDZlYWVhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURHYVBYbVZicnBHaEFQTS9hQ0VvOXFZWFN1V2hVUWNZOHp1bDVxWEJialpRSWhBTVFnOGpkM01BYm43WUw0Tk9IK1JpUjZaWE5hWStsTGk4K2dzWUNpR25ZRyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzclowRjNTVUpCWjBsVlZpOXdjVTExY3pGSk5USlpla2hxTm1RNFdHbDJlR2hOVVVsVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZFbDRUVlJKZDFkb1kwNU5hbFYzVGtSQk5FMVVTWGxOVkVsM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZYZVdkYWJuRkNSMGhOU2paeGJqRlJka1EzSzFaelNFcHlkVmcwV2pOVU9WQlZlbGdLVkcxaWJDOW1jRVF2YmpGSFVGa3pUWEExY0VJMU1HUTJWVEp5Wm5CaVExTlpSVkpuY0hCTGRtTjFlV3RZT1hGVVlXRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlYwT0NzMUNtZzBUVk5UTldSck1FdzVSREY1ZEVwNlFqVldjemRSZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIVjBaVkwyNUZkMEZCUWtGTlFRcFNha0pGUVdsQ1NXeFZMMFZxUld4UWRVaGxaekJUTDBKNVJrOUdOMDFFVlhOS2RYTXlTV055UmxveGFrOXFMMFF4ZDBsblJYVm5UVE5WUm5oT00xTkdDbWRNVlN0TE9VZE5ielp5WTJsV1Z5dFFLemxUVVhocFUzSllSSGxrY25kM1EyZFpTVXR2V2tsNmFqQkZRWGROUkZwM1FYZGFRVWwzVG10eGIybFBTVXNLVEhreGNXZzNVemR1YVdwRGFETndiVk00YjJ3cmJGQTVkbEl4T1d0NlFreFZNRlZ6WlZKd2F5OVNTRXBSUzB3dllWVklaRVoxVDNOQmFrSm1TRVJZUXdvM1UwTXZNeTgyTlRsRFFrUkZSRkk0ZEdwSFNFSXdkM0puVkU5eU0yRnphMWN6U0VRM01GaHFibXRuYURaR1EyNXlVbFJpTTJaTVZrdERSVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "B6tpdHRZXgbwZkdBfTx/qX3tB6/Bp+RFTFY5kZtG6uo="}, "signature": "MEYCIQDGaPXmVbrpGhAPM/aCEo9qYXSuWhUQcY8zul5qXBbjZQIhAMQg8jd3MAbn7YL4NOH+RiR6ZXNaY+lLi8+gsYCiGnYG"}} diff --git a/Python-3.12.11.tar.xz b/Python-3.12.11.tar.xz new file mode 100644 index 0000000..64fb9b5 --- /dev/null +++ b/Python-3.12.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb +size 20525812 diff --git a/Python-3.12.11.tar.xz.asc b/Python-3.12.11.tar.xz.asc new file mode 100644 index 0000000..0c071fe --- /dev/null +++ b/Python-3.12.11.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmg/MbpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwXySQ/7Ba9qlnTLmxqTCO8C7Gf545WNMBL2Ep6JZPgjOcgNk9e1QdAnNV5OOtGm +gW5nNPSTNNcIcPn058GuI24D4RpTQCJfMbMLsfYgvio0E7ij1gC19PsJHb6ejtCS +H2kK237Y1kuqRUdbTZssFDoAR4R9+UCaDuo4XdW+UKQk2GgdNQDMWLKmWF/Xk6Ob +/LihMXj27mDU9nXVdWR55sJzTFzfGB015vmORvcpuctkf1lZ4AfVFMgGw1CgjRjF +kjrOkrDErjDUQ8BIhMh90deiTpigfg7cg1HBDI6GRzklFg6cMfIdfvmfM0MfamX3 +Tow08TGBzmYXWgrqjYXW6JknKhBGOrjXMB7/yNDk9bJVLcOJaLbOmbcG0WRQF/Py +DMOCvr09l0yt5KFYpdKrDvyCuKYfpX33B4C60kU9JzmfXGyQ6LDTPXapZooJ+8Fg +GRTUsc0YWXoaDVCcxMIdiG+jEMQkjWVwW7E/nC/d7WT5L9KPoYFA1sZ834kKq3jr +NmZynbBnKH7m7L+u6HP6B+pa84FKEME69osAXZk0HJOIHB+SOX3E6BXRo6IV8Q/K +J6f5Ja26gJ7KXcUxTgkTkYh7tz0bhb+WeL3j6N/BC0eK7ZVsKRZ/3WnntGsG5B2m +FjVOYKolfkF4tf63SjdFuudgaKGCaDK1PvfwIr7k0oozxrB2ZEA= +=SYH/ +-----END PGP SIGNATURE----- diff --git a/Python-3.12.11.tar.xz.sigstore b/Python-3.12.11.tar.xz.sigstore new file mode 100644 index 0000000..793b770 --- /dev/null +++ b/Python-3.12.11.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyzCCAlGgAwIBAgIUYnM19yJLe8BOsB5QSK0ApWs7UFYwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTczMzU5WhcNMjUwNjAzMTc0MzU5WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEorc8E1btqvKxfzhMFNReGMAAH20rdFPI7kk7GPHd6PdKM7voZXQ95LgSzo2plgysqaIgn3em1cFPQ4JDfZj8FqOCAXAwggFsMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVdDqigJFvvkJ9bwHazqUCUbFWHwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXNttt1QAABAMASDBGAiEAqqQMp3XA3a5TFLhTtiligp2CQqGlqGE/KfJbdVIQnjUCIQDVOfo4//KX7sZMwYpkhdj7xr/H60oTncyTAQjov+3OTTAKBggqhkjOPQQDAwNoADBlAjEA7RpgIF7whv9DvpnOVavPj4kQxM+gIbCvib3ue2STONKO+JnllxtScT+CypbscLT4AjBQFn7rmkKLgY/lT8YTDf9DqvopFJHXCdlbitQ1imoqOhZqJMEI17CMKMdBcc+BmnU="}, "tlogEntries": [{"logIndex": "228874048", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748972040", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDC8I5uDgetSuD63qAPtlnnW58xKiSIGEX9AOJ5AnzNEgIgGfb+03Lf8DsOb1NkU5UNmPUeURv4bkQTgiZjtSfGJX0="}, "inclusionProof": {"logIndex": "106969786", "rootHash": "i3vbVg/L11/yzRE1My+dx8hKb/mLlOrFShOkXpDwz/o=", "treeSize": "106969787", "hashes": ["1fUlZVjuybf+gadL7+hmmzV88MK0fLFhuT2TIf4ruWE=", "h2PCG2d55a7VHzNH7amIjA/LgNJZQAVba+vKss3pYCc=", "fx5Vsw4rXULuFJQV5sKe1/WI5XEQGzkWHHyU/B1zfYw=", "iqK8b0KpsJULg7aqHgSStaU4dNbgrth5QDarXmEl3To=", "5S2DqBJZbuLio6e9iBmJWALzYi0hcpXFV3Z8ydE2lrA=", "n5MzQvR+waONXmENXriYi92eiz9pa5whuAyHmzyZa9Q=", "S+DrHAWb67kO9sHsAjIJ89A0RLlbeXy6mUvzoKO3dMI=", "JQ9xTJKo/o9IWVV8l4RTm06tpXUcGCeAh8ciAprOIoE=", "pqCD1LoiP58WZ9AfwL1uMRLqmiQQKDHHSdnl+4lB+/0=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n106969787\ni3vbVg/L11/yzRE1My+dx8hKb/mLlOrFShOkXpDwz/o=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiBibpE+dFaiZHUWTGPDNXeNfevho16eXV6wm1qMxN/m3wIhAN3M8Rs699nSFmZYP9sEHy6sNglaGwzKb+Nv8tJU7G7B\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMzBiYjI0YjdmMWU5YTE5YjExYjU1YTU0NjQzNGY3NGU3MzliYjRjMjcxYTNlM2E4MGZmNDM4MGQ0OWY3YWRiIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQ2piY2JONkNNK1FNbFE4dG1MdkhHbXFuakNrMm9tMmp0WlBsaUdJUWJieUFpQi9wNjAxVTN6RUcxSjFVTk1GWHlCekNhcVhVemhnRTVzVXUwUGFhT2IyelE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVla05EUVd4SFowRjNTVUpCWjBsVldXNU5NVGw1U2t4bE9FSlBjMEkxVVZOTE1FRndWM00zVlVaWmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHTjZUWHBWTlZkb1kwNU5hbFYzVG1wQmVrMVVZekJOZWxVMVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ2Y21NNFJURmlkSEYyUzNobWVtaE5SazVTWlVkTlFVRklNakJ5WkVaUVNUZHJhemNLUjFCSVpEWlFaRXROTjNadldsaFJPVFZNWjFONmJ6SndiR2Q1YzNGaFNXZHVNMlZ0TVdOR1VGRTBTa1JtV21vNFJuRlBRMEZZUVhkblowWnpUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZXWkVSeENtbG5Ta1oyZG10S09XSjNTR0Y2Y1ZWRFZXSkdWMGgzZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIweENaMjl5UW1kRlJVRmtXalZCWjFGRFFrZ3dSV1YzUWpVS1FVaGpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIV0U1MGRIUXhVVUZCUWtGTlFRcFRSRUpIUVdsRlFYRnhVVTF3TTFoQk0yRTFWRVpNYUZSMGFXeHBaM0F5UTFGeFIyeHhSMFV2UzJaS1ltUldTVkZ1YWxWRFNWRkVWazltYnpRdkwwdFlDamR6V2sxM1dYQnJhR1JxTjNoeUwwZzJNRzlVYm1ONVZFRlJhbTkyS3pOUFZGUkJTMEpuWjNGb2EycFBVRkZSUkVGM1RtOUJSRUpzUVdwRlFUZFNjR2NLU1VZM2QyaDJPVVIyY0c1UFZtRjJVR28wYTFGNFRTdG5TV0pEZG1saU0zVmxNbE5VVDA1TFR5dEtibXhzZUhSVFkxUXJRM2x3WW5OalRGUTBRV3BDVVFwR2JqZHliV3RMVEdkWkwyeFVPRmxVUkdZNVJIRjJiM0JHU2toWVEyUnNZbWwwVVRGcGJXOXhUMmhhY1VwTlJVa3hOME5OUzAxa1FtTmpLMEp0YmxVOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "wwuyS38emhmxG1WlRkNPdOc5u0wnGj46gP9DgNSfets="}, "signature": "MEQCICjbcbN6CM+QMlQ8tmLvHGmqnjCk2om2jtZPliGIQbbyAiB/p601U3zEG1J1UNMFXyBzCaqXUzhgE5sUu0PaaOb2zQ=="}} diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 836b0f5..cacfcc3 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,11 +3,9 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) -Index: Python-3.12.10/Doc/using/configure.rst -=================================================================== ---- Python-3.12.10.orig/Doc/using/configure.rst 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Doc/using/configure.rst 2025-04-11 21:16:27.319169087 +0200 -@@ -640,13 +640,11 @@ +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -640,13 +640,11 @@ macOS Options See ``Mac/README.rst``. @@ -21,11 +19,9 @@ Index: Python-3.12.10/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.12.10/Misc/NEWS -=================================================================== ---- Python-3.12.10.orig/Misc/NEWS 2025-04-08 13:35:47.000000000 +0200 -+++ Python-3.12.10/Misc/NEWS 2025-04-11 21:16:27.326169052 +0200 -@@ -15106,7 +15106,7 @@ +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -15146,7 +15146,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python312.changes b/python312.changes index 2670871..e22afaa 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Mon Jun 9 19:41:07 UTC 2025 - Matej Cepl + +- Update to 3.12.11: + - Security + - gh-135034: Fixes multiple issues that allowed tarfile + extraction filters (filter="data" and filter="tar") to be + bypassed using crafted symlinks and hard links. + Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 + (bsc#1244059), CVE-2025-4330 (bsc#1244060), and + CVE-2025-4517 (bsc#1244032). + - gh-133767: Fix use-after-free in the “unicode-escape” + decoder with a non-“strict” error handler (CVE-2025-4516, + bsc#1243273). + - gh-128840: Short-circuit the processing of long IPv6 + addresses early in ipaddress to prevent excessive memory + consumption and a minor denial-of-service. + - Library + - gh-128840: Fix parsing long IPv6 addresses with embedded + IPv4 address. + - gh-134062: ipaddress: fix collisions in __hash__() for + IPv4Network and IPv6Network objects. + - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output + according to RFC 3596, §2.5. Patch by Bénédikt Tran. + - bpo-43633: Improve the textual representation of + IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) + in ipaddress. Patch by Oleksandr Pavliuk. +- Remove upstreamed patches: + - CVE-2025-4516-DecodeError-handler.patch + ------------------------------------------------------------------- Fri May 16 13:44:12 UTC 2025 - Matej Cepl @@ -1218,7 +1248,7 @@ Wed Aug 7 18:05:57 UTC 2024 - Matej Cepl ------------------------------------------------------------------- Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl - + - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz @@ -1859,7 +1889,7 @@ Mon Feb 12 13:32:43 UTC 2024 - Matej Cepl indicate the parsing error (old API). Add an optional 'strict' parameter to getaddresses() and parseaddr() functions. Patch by Thomas Dwyer. - + ------------------------------------------------------------------- Thu Feb 8 07:08:51 UTC 2024 - Daniel Garcia @@ -2937,7 +2967,7 @@ Wed Sep 20 07:14:17 UTC 2023 - Daniel Garcia ------------------------------------------------------------------- Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller -- restrict PEP668 to ALP/Tumbleweed +- restrict PEP668 to ALP/Tumbleweed ------------------------------------------------------------------- Mon Aug 7 07:31:27 UTC 2023 - Daniel Garcia @@ -4470,7 +4500,7 @@ Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik - Add patch support-expat-245.patch: - * Support Expat >= 2.4.5 + * Support Expat >= 2.4.5 ------------------------------------------------------------------- Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl @@ -4660,7 +4690,7 @@ Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl ------------------------------------------------------------------- Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller -- allow build with Sphinx >= 3.x +- allow build with Sphinx >= 3.x ------------------------------------------------------------------- Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák @@ -5212,7 +5242,7 @@ Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner - Last try before this results in an editwar: - * remove importlib_resources and importlib-metadata + * remove importlib_resources and importlib-metadata provides/obsoletes * import importlib_resources is not the same as import importlib.resources, same for metadata @@ -5329,54 +5359,54 @@ Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer - Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream - Removed recursion.tar: contained in upstream - Update to 3.9.0b5: - - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801). - bpo-41162: Audit hooks are now cleared later during finalization to avoid missing events. - - bpo-29778: Ensure python3.dll is loaded from correct locations + - bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523). - - bpo-39603: Prevent http header injection by rejecting control + - bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…). - bpo-41295: Resolve a regression in CPython 3.8.4 where defining - “__setattr__” in a multi-inheritance setup and + “__setattr__” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types. - - bpo-41247: Always cache the running loop holder when running + - bpo-41247: Always cache the running loop holder when running asyncio.set_running_loop. - - bpo-41252: Fix incorrect refcounting in + - bpo-41252: Fix incorrect refcounting in _ssl.c’s _servername_callback(). - - bpo-41215: Use non-NULL default values in the PEG parser + - bpo-41215: Use non-NULL default values in the PEG parser keyword list to overcome a bug that was ' preventing Python from being properly compiled when using the XLC compiler. Patch by Pablo Galindo. - - bpo-41218: Python 3.8.3 had a regression where compiling with - ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would aggressively mark list comprehension with CO_COROUTINE. Now only list comprehension making use of async/await will tagged as so. - - bpo-41175: Guard against a NULL pointer dereference within + - bpo-41175: Guard against a NULL pointer dereference within bytearrayobject triggered by the bytearray() + bytearray() operation. - - bpo-39960: The “hackcheck” that prevents sneaking around a type’s - __setattr__() by calling the superclass method was + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was rewritten to allow C implemented heap types. - - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. - - bpo-39017: Avoid infinite loop when reading specially crafted + - bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). - - bpo-41207: In distutils.spawn, restore expectation that + - bpo-41207: In distutils.spawn, restore expectation that DistutilsExecError is raised when the command is not found. - bpo-39168: Remove the __new__ method of typing.Generic. - - bpo-41194: Fix a crash in the _ast module: it can no longer be + - bpo-41194: Fix a crash in the _ast module: it can no longer be loaded more than once. It now uses a global state rather than a module state. - - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a null string. - - bpo-41300: Save files with non-ascii chars. + - bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4. - - bpo-37765: Add keywords to module name completion list. + - bpo-37765: Add keywords to module name completion list. Rewrite Completions section of IDLE doc. - - bpo-40170: Revert PyType_HasFeature() change: it reads - again directly the PyTypeObject.tp_flags - member when the limited C API is not used, rather than always calling + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling PyType_GetFlags() which hides implementation details. ------------------------------------------------------------------- @@ -5897,7 +5927,7 @@ Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl pickling costs between processes - typed_ast is merged back to CPython - LOAD_GLOBAL is now 40% faster - - pickle now uses Protocol 4 by default, improving performance + - pickle now uses Protocol 4 by default, improving performance - Remove patches which were included in the upstream: - 00251-change-user-install-location.patch - 00316-mark-bdist_wininst-unsupported.patch @@ -6042,7 +6072,7 @@ Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com - Upgrade to 3.7.2rc1: * bugfix release, for the full list of all changes see - https://docs.python.org/3.7/whatsnew/changelog.html#changelog + https://docs.python.org/3.7/whatsnew/changelog.html#changelog - Make run of the test suite more verbose ------------------------------------------------------------------- @@ -6469,7 +6499,7 @@ Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com - Add 0001-allow-for-reproducible-builds-of-python-packages.patch - upstream https://github.com/python/cpython/pull/296 + upstream https://github.com/python/cpython/pull/296 ------------------------------------------------------------------- Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com @@ -6535,7 +6565,7 @@ Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com - Add Python-3.5.1-fix_lru_cache_copying.patch Fix copying the lru_cache() wrapper object. - Fixes deep-copying lru_cache regression, which worked on + Fixes deep-copying lru_cache regression, which worked on previous versions of python but fails on python 3.5. This fixes a bunch of packages in devel:languages:python3. See: https://bugs.python.org/issue25447 @@ -6673,7 +6703,7 @@ Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com ------------------------------------------------------------------- Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org -- Only pkgconfig(x11) is required for build, not the whole +- Only pkgconfig(x11) is required for build, not the whole set of packages provided by xorg-x11-devel metapackage. ------------------------------------------------------------------- @@ -6733,7 +6763,7 @@ Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com ------------------------------------------------------------------- Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com -- remove blacklisting of test_posix on aarch64: qemu bug is fixed +- remove blacklisting of test_posix on aarch64: qemu bug is fixed ------------------------------------------------------------------- Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com @@ -6836,7 +6866,7 @@ Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com ------------------------------------------------------------------- Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org -- build with -DOPENSSL_LOAD_CONF for the same reasons +- build with -DOPENSSL_LOAD_CONF for the same reasons described in the python2 package. ------------------------------------------------------------------- @@ -6848,7 +6878,7 @@ Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com ------------------------------------------------------------------- Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com -- Exclue test_faulthandler from tests on powerpc due to bnc#831629 +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 ------------------------------------------------------------------- Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com @@ -6907,7 +6937,7 @@ Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com - add ctypes-libffi-aarch64.patch: * import aarch64 support for libffi in _ctypes module -- add aarch64 to the list of lib64 based archs +- add aarch64 to the list of lib64 based archs - add movetogetdents64.diff: * port to getdents64, as SYS_getdents is not implemented everywhere @@ -6961,9 +6991,9 @@ Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com ------------------------------------------------------------------- Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com -- exclude test_math for SLE 11; math library fails on negative +- exclude test_math for SLE 11; math library fails on negative gamma function values close to integers and 0, probably - due to imprecision in -lm on SLE_11_SP2. + due to imprecision in -lm on SLE_11_SP2. ------------------------------------------------------------------- Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com @@ -6987,7 +7017,7 @@ Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com ------------------------------------------------------------------- Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com -- Correct dependency for python3-testsuite, +- Correct dependency for python3-testsuite, python3-tkinter -> python3-tk ------------------------------------------------------------------- @@ -7020,7 +7050,7 @@ Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com ------------------------------------------------------------------- Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com -- skip test_io on ppc +- skip test_io on ppc - drop test_io ppc patch ------------------------------------------------------------------- @@ -7069,8 +7099,8 @@ Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com ------------------------------------------------------------------- Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com -- Use system ffi, included one is broken see - http://bugs.python.org/issue11729 and +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and http://bugs.python.org/issue12081 ------------------------------------------------------------------- diff --git a/python312.spec b/python312.spec index 48af8a9..17fba23 100644 --- a/python312.spec +++ b/python312.spec @@ -118,7 +118,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.12.10 +Version: 3.12.11 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -184,9 +184,6 @@ Patch41: docs-docutils_014-Sphinx_420.patch # PATCH-FIX-SLE doc-py38-to-py36.patch mcepl@suse.com # Make documentation extensions working with Python 3.6 Patch44: doc-py38-to-py36.patch -# PATCH-FIX-UPSTREAM CVE-2025-4516-DecodeError-handler.patch bsc#1243273 mcepl@suse.com -# patch from gh#python/cpython!134337 -Patch45: CVE-2025-4516-DecodeError-handler.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes