Tags: fedora-python/cpython
Tags
00466: Downstream only: Skip tests not working with older expat version We want to run these tests in Fedora and EPEL 10, but not in EPEL 9, which has too old version of expat. We set the upper bound version in the conditionalized skip to a release available in CentOS Stream 10, which is tested as working.
00466: Downstream only: Skip tests not working with older expat version We want to run these tests in Fedora and EPEL 10, but not in EPEL 9, which has too old version of expat. We set the upper bound version in the conditionalized skip to a release available in CentOS Stream 10, which is tested as working.
00466: Downstream only: Skip tests not working with older expat version We want to run these tests in Fedora and EPEL 10, but not in EPEL 9, which has too old version of expat. We set the upper bound version in the conditionalized skip to a release available in CentOS Stream 10, which is tested as working.
00467: pythongh-130577: tarfile now validates archives to ensure memb… …er offsets are non-negative (cherry picked from commit 7040aa5) Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
00467: tarfile CVE-2025-8194 tarfile now validates archives to ensure member offsets are non-negative (pythonGH-137027) Co-authored-by: Gregory P. Smith <greg@krypto.org>
00466: Downstream only: Skip tests not working with older expat version We want to run these tests in Fedora and EPEL 10, but not in EPEL 9, which has too old version of expat. We set the upper bound version in the conditionalized skip to a release available in CentOS Stream 10, which is tested as working.
00465: tarfile cves Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on tarfile The backported fixes do not contain changes for ntpath.py and related tests, because the support for symlinks and junctions were added later in Python 3.9, and it does not make sense to backport them to 3.6 here. The patch is contains the following changes: - python@42deeab fixes symlink handling for tarfile.data_filter - python@9d2c2a8 fixes handling of existing files/symlinks in tarfile - python@00af979 adds a new "strict" argument to realpath() - python@dd8f187 fixes mulriple CVE fixes in the tarfile module - downstream only fixes that makes the changes work and compatible with Python 3.6
00462: Fix PySSL_SetError handling SSL_ERROR_SYSCALL Python 3.10 changed from using SSL_write() and SSL_read() to SSL_write_ex() and SSL_read_ex(), but did not update handling of the return value. Change error handling so that the return value is not examined. OSError (not EOF) is now returned when retval is 0. This resolves the issue of failing tests when a system is stressed on OpenSSL 3.5. Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Petr Viktorin <encukou@gmail.com>
00462: Fix PySSL_SetError handling SSL_ERROR_SYSCALL Python 3.10 changed from using SSL_write() and SSL_read() to SSL_write_ex() and SSL_read_ex(), but did not update handling of the return value. Change error handling so that the return value is not examined. OSError (not EOF) is now returned when retval is 0. This resolves the issue of failing tests when a system is stressed on OpenSSL 3.5. Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Petr Viktorin <encukou@gmail.com>
00452: Properly apply exported CFLAGS for dtrace/systemtap builds When using --with-dtrace the resulting object file could be missing specific CFLAGS exported by the build system due to the systemtap script using specific defaults. Exporting the CC and CFLAGS variables before the dtrace invocation allows us to properly apply CFLAGS exported by the build system even when cross-compiling. Co-authored-by: stratakis <cstratak@redhat.com>
PreviousNext