diff --git a/00251-change-user-install-location.patch b/00251-change-user-install-location.patch index 1622e53..dc29bca 100644 --- a/00251-change-user-install-location.patch +++ b/00251-change-user-install-location.patch @@ -30,10 +30,10 @@ Co-authored-by: Lumír Balhar 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/Lib/site.py b/Lib/site.py -index 672fa7b000..0a9c5be53e 100644 +index 924b2460d9..51b5baca93 100644 --- a/Lib/site.py +++ b/Lib/site.py -@@ -377,8 +377,15 @@ def getsitepackages(prefixes=None): +@@ -387,8 +387,15 @@ def getsitepackages(prefixes=None): return sitepackages def addsitepackages(known_paths, prefixes=None): diff --git a/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch b/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch index 5603025..7146a82 100644 --- a/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch +++ b/00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch @@ -16,10 +16,10 @@ https://github.com/GrahamDumpleton/mod_wsgi/issues/730 2 files changed, 8 insertions(+), 50 deletions(-) diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py -index 756d5e329f..5d09775efc 100644 +index 00d9e591c7..3314319fec 100644 --- a/Lib/test/test_threading.py +++ b/Lib/test/test_threading.py -@@ -1007,39 +1007,6 @@ def noop(): pass +@@ -1089,39 +1089,6 @@ def noop(): pass threading.Thread(target=noop).start() # Thread.join() is not called @@ -60,10 +60,10 @@ index 756d5e329f..5d09775efc 100644 code = """if 1: import atexit diff --git a/Lib/threading.py b/Lib/threading.py -index 8dcaf8ca6a..ed0b0f4632 100644 +index 98cb43c697..ee647f8549 100644 --- a/Lib/threading.py +++ b/Lib/threading.py -@@ -1586,29 +1586,20 @@ def _shutdown(): +@@ -1585,29 +1585,20 @@ def _shutdown(): global _SHUTTING_DOWN _SHUTTING_DOWN = True diff --git a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch index e77ddd8..352fef8 100644 --- a/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +++ b/00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch @@ -72,7 +72,7 @@ index 345b64001c..d693a9bc39 100644 .. function:: parsedate(date) diff --git a/Lib/email/utils.py b/Lib/email/utils.py -index 81da5394ea..43c3627fca 100644 +index aa949aa933..af2fb14754 100644 --- a/Lib/email/utils.py +++ b/Lib/email/utils.py @@ -48,6 +48,7 @@ @@ -81,7 +81,7 @@ index 81da5394ea..43c3627fca 100644 + def _has_surrogates(s): - """Return True if s contains surrogate-escaped binary data.""" + """Return True if s may contain surrogate-escaped binary data.""" # This check is based on the fact that unless there are surrogates, utf8 @@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): return address diff --git a/00418-don-t-generate-sbom-in-make-regen-all.patch b/00418-don-t-generate-sbom-in-make-regen-all.patch new file mode 100644 index 0000000..d41da28 --- /dev/null +++ b/00418-don-t-generate-sbom-in-make-regen-all.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Thu, 8 Feb 2024 15:53:26 +0100 +Subject: [PATCH] 00418: Don't generate sbom in make regen-all +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The script and make target, added in Python 3.12.2, assumes a fixed +location of pip wheel and other bundled libraries, resulting in an +error and failed build when not found. +Reported upstream: https://github.com/python/cpython/issues/114240 +and https://github.com/python/cpython/issues/114244 + +Co-Authored-By: Tomáš Hrnčiar +--- + Makefile.pre.in | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/Makefile.pre.in b/Makefile.pre.in +index dd5e69f7ab..40097647b5 100644 +--- a/Makefile.pre.in ++++ b/Makefile.pre.in +@@ -1320,9 +1320,10 @@ regen-limited-abi: all + regen-all: regen-cases regen-opcode regen-opcode-targets regen-typeslots \ + regen-token regen-ast regen-keyword regen-sre regen-frozen \ + regen-pegen-metaparser regen-pegen regen-test-frozenmain \ +- regen-test-levenshtein regen-global-objects regen-sbom ++ regen-test-levenshtein regen-global-objects + @echo +- @echo "Note: make regen-stdlib-module-names and make regen-configure should be run manually" ++ @echo "Note: make regen-stdlib-module-names, make regen-configure and make regen-sbom " ++ @echo "should be run manually" + + ############################################################################ + # Special rules for object files diff --git a/python3.12.spec b/python3.12.spec index b061c94..1323fb0 100644 --- a/python3.12.spec +++ b/python3.12.spec @@ -13,11 +13,11 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.1 +%global general_version %{pybasever}.2 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} -Release: 2.3.riscv64%{?dist} +Release: 1.0.riscv64%{?dist} License: Python-2.0.1 @@ -71,18 +71,18 @@ License: Python-2.0.1 # If the rpmwheels condition is disabled, we use the bundled wheel packages # from Python with the versions below. # This needs to be manually updated when we update Python. -%global pip_version 23.2.1 +%global pip_version 24.0 %global setuptools_version 67.6.1 %global wheel_version 0.40.0 # All of those also include a list of indirect bundled libs: # pip # $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) %global pip_bundled_provides %{expand: -Provides: bundled(python3dist(cachecontrol)) = 0.12.11 -Provides: bundled(python3dist(certifi)) = 2023.5.7 +Provides: bundled(python3dist(cachecontrol)) = 0.13.1 +Provides: bundled(python3dist(certifi)) = 2023.7.22 Provides: bundled(python3dist(chardet)) = 5.1 Provides: bundled(python3dist(colorama)) = 0.4.6 -Provides: bundled(python3dist(distlib)) = 0.3.6 +Provides: bundled(python3dist(distlib)) = 0.3.8 Provides: bundled(python3dist(distro)) = 1.8 Provides: bundled(python3dist(idna)) = 3.4 Provides: bundled(python3dist(msgpack)) = 1.0.5 @@ -98,8 +98,9 @@ Provides: bundled(python3dist(setuptools)) = 68 Provides: bundled(python3dist(six)) = 1.16 Provides: bundled(python3dist(tenacity)) = 8.2.2 Provides: bundled(python3dist(tomli)) = 2.0.1 +Provides: bundled(python3dist(truststore)) = 0.8 Provides: bundled(python3dist(typing-extensions)) = 4.7.1 -Provides: bundled(python3dist(urllib3)) = 1.26.16 +Provides: bundled(python3dist(urllib3)) = 1.26.17 Provides: bundled(python3dist(webencodings)) = 0.5.1 } # setuptools @@ -121,7 +122,7 @@ Provides: bundled(python3dist(typing-extensions)) = 4.4 Provides: bundled(python3dist(zipp)) = 3.7 } # wheel -# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheel-*.whl wheel/vendored/vendor.txt) +# $ %%{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt) %global wheel_bundled_provides %{expand: Provides: bundled(python3dist(packaging)) = 23 } @@ -310,6 +311,9 @@ BuildRequires: %{python_wheel_pkg_prefix}-wheel-wheel # upgrading the main python3 to a new Python version, this would pull in the # old version instead. BuildRequires: python%{pybasever} +%endif + +%if %{without bootstrap} || %{without main_python} # for proper automatic provides BuildRequires: python3-rpm-generators %endif @@ -364,7 +368,7 @@ Patch251: 00251-change-user-install-location.patch # https://github.com/GrahamDumpleton/mod_wsgi/issues/730 Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch -# 00415 # 83e0fc3ec7bc38055c536f482578a10f6efcc08c +# 00415 # 5b830b814be638d1a167802780b5f498a4a5e97c # [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (#111116) # # Detect email address parsing errors and return empty tuple to @@ -373,6 +377,16 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g # Thomas Dwyer. Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch +# 00418 # 153905265371131e1227ace0dfef34a5c5efde59 +# Don't generate sbom in make regen-all +# +# The script and make target, added in Python 3.12.2, assumes a fixed +# location of pip wheel and other bundled libraries, resulting in an +# error and failed build when not found. +# Reported upstream: https://github.com/python/cpython/issues/114240 +# and https://github.com/python/cpython/issues/114244 +Patch418: 00418-don-t-generate-sbom-in-make-regen-all.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -555,7 +569,8 @@ Recommends: %{pkgname}-pip # tox users are likely to need the devel subpackage Supplements: tox -%if %{without bootstrap} +%if %{without bootstrap} || %{without main_python} +# Generators run on the main Python 3 so we cannot require them when bootstrapping it Requires: (python3-rpm-generators if rpm-build) %endif @@ -693,13 +708,13 @@ The debug runtime additionally supports debug builds of C-API extensions # setuptools.whl does not contain the vendored.txt files if [ -f %{_rpmconfigdir}/pythonbundles.py ]; then %{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/ensurepip/_bundled/pip-*.whl pip/_vendor/vendor.txt) --compare-with '%pip_bundled_provides' - %{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheel-*.whl wheel/vendored/vendor.txt) --compare-with '%wheel_bundled_provides' + %{_rpmconfigdir}/pythonbundles.py <(unzip -p Lib/test/wheeldata/wheel-*.whl wheel/vendored/vendor.txt) --compare-with '%wheel_bundled_provides' fi %if %{with rpmwheels} rm Lib/ensurepip/_bundled/pip-%{pip_version}-py3-none-any.whl -rm Lib/test/setuptools-%{setuptools_version}-py3-none-any.whl -rm Lib/test/wheel-%{wheel_version}-py3-none-any.whl +rm Lib/test/wheeldata/setuptools-%{setuptools_version}-py3-none-any.whl +rm Lib/test/wheeldata/wheel-%{wheel_version}-py3-none-any.whl %endif # Remove all exe files to ensure we are not shipping prebuilt binaries @@ -1690,11 +1705,20 @@ CheckPython optimized # ====================================================== %changelog -* Tue Jan 23 2024 David Abdurachmanov - 3.12.1-2.3.riscv64 +* Wed Feb 21 2024 David Abdurachmanov - 3.12.2-2.3.riscv64 - Disable test_peg_generator test on riscv64. - Increase tests timeout on riscv64 by 10x. - Disable test_eintr test on riscv64. +* Wed Feb 07 2024 Tomáš Hrnčiar - 3.12.2-1 +- Update to 3.12.2 + +* Fri Jan 26 2024 Fedora Release Engineering - 3.12.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 3.12.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Mon Dec 18 2023 Lumír Balhar - 3.12.1-2 - Security fix for CVE-2023-27043 (rhbz#2196190) diff --git a/sources b/sources index b9328ce..2c3fe1d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (Python-3.12.1.tar.xz) = 44cf06b89ade692d87ca3105d8e3de5c7ce3f5fb318690fff513cf56f909ff5e0d0f6a0b22ae270b12e1fe3051b1bde3ec786506ec87c810b1d02e92e45dff07 -SHA512 (Python-3.12.1.tar.xz.asc) = 1c85237b5921fbf940ded4e038d99c8d02682fcb357b5de761eb5bebf94142b308a11654fc6312129663727e2ce1f546fbb5a5a3747d7dc02fc7dced9cb968fd +SHA512 (Python-3.12.2.tar.xz) = 2ccfae7b9f95d8e15ea85d3f66eea5f6a8fdcaffc0b405095fecb33efc0df50b831c1215542910ced948b54e6de1f7242b0b8b9afc5f89079451c552430d7d9f +SHA512 (Python-3.12.2.tar.xz.asc) = fb477acb49864a662b1586db79e80fd8ebab85d4e5e14acd3bfb5afc3dbe8d6b9bf97eb518dfb77662e27040d400f451ed7575fe1264a6cc0d9feb06e4f2dc84