diff --git a/SOURCES/00146-hashlib-fips.patch b/SOURCES/00146-hashlib-fips.patch
new file mode 100644
index 0000000..a4a8bb0
--- /dev/null
+++ b/SOURCES/00146-hashlib-fips.patch
@@ -0,0 +1,705 @@
+diff --git a/Lib/hashlib.py b/Lib/hashlib.py
+index 98d2d79..fa6cdbc 100644
+--- a/Lib/hashlib.py
++++ b/Lib/hashlib.py
+@@ -24,6 +24,16 @@ the zlib module.
+ Choose your hash function wisely. Some have known collision weaknesses.
+ sha384 and sha512 will be slow on 32 bit platforms.
+
++If the underlying implementation supports "FIPS mode", and this is enabled, it
++may restrict the available hashes to only those that are compliant with FIPS
++regulations. For example, it may deny the use of MD5, on the grounds that this
++is not secure for uses such as authentication, system integrity checking, or
++digital signatures. If you need to use such a hash for non-security purposes
++(such as indexing into a data structure for speed), you can override the keyword
++argument "usedforsecurity" from True to False to signify that your code is not
++relying on the hash for security purposes, and this will allow the hash to be
++usable even in FIPS mode.
++
+ Hash objects have these methods:
+ - update(data): Update the hash object with the bytes in data. Repeated calls
+ are equivalent to a single call with the concatenation of all
+@@ -67,6 +77,19 @@ algorithms_available = set(__always_supported)
+ __all__ = __always_supported + ('new', 'algorithms_guaranteed',
+ 'algorithms_available', 'pbkdf2_hmac')
+
++import functools
++def __ignore_usedforsecurity(func):
++ """Used for sha3_* functions. Until OpenSSL implements them, we want
++ to use them from Python _sha3 module, but we want them to accept
++ usedforsecurity argument too."""
++ # TODO: remove this function when OpenSSL implements sha3
++ @functools.wraps(func)
++ def inner(*args, **kwargs):
++ if 'usedforsecurity' in kwargs:
++ kwargs.pop('usedforsecurity')
++ return func(*args, **kwargs)
++ return inner
++
+
+ __builtin_constructor_cache = {}
+
+@@ -121,24 +144,33 @@ def __get_openssl_constructor(name):
+ f = getattr(_hashlib, 'openssl_' + name)
+ # Allow the C module to raise ValueError. The function will be
+ # defined but the hash not actually available thanks to OpenSSL.
+- f()
++ # We pass "usedforsecurity=False" to disable FIPS-based restrictions:
++ # at this stage we're merely seeing if the function is callable,
++ # rather than using it for actual work.
++ f(usedforsecurity=False)
+ # Use the C function directly (very fast)
+ return f
+ except (AttributeError, ValueError):
++ # TODO: We want to just raise here when OpenSSL implements sha3
++ # because we want to make sure that Fedora uses everything from OpenSSL
+ return __get_builtin_constructor(name)
+
+
+-def __py_new(name, data=b'', **kwargs):
+- """new(name, data=b'', **kwargs) - Return a new hashing object using the
+- named algorithm; optionally initialized with data (which must be
+- a bytes-like object).
++def __py_new(name, data=b'', *, usedforsecurity=True, **kwargs):
++ """new(name, data=b'', usedforsecurity=True) - Return a new hashing object using
++ the named algorithm; optionally initialized with data (which must be bytes).
++ The 'usedforsecurity' keyword argument does nothing, and is for compatibilty
++ with the OpenSSL implementation
+ """
+ return __get_builtin_constructor(name)(data, **kwargs)
+
+
+-def __hash_new(name, data=b'', **kwargs):
+- """new(name, data=b'') - Return a new hashing object using the named algorithm;
+- optionally initialized with data (which must be a bytes-like object).
++def __hash_new(name, data=b'', *, usedforsecurity=True, **kwargs):
++ """new(name, data=b'', usedforsecurity=True) - Return a new hashing object using
++ the named algorithm; optionally initialized with data (which must be bytes).
++
++ Override 'usedforsecurity' to False when using for non-security purposes in
++ a FIPS environment
+ """
+ if name in {'blake2b', 'blake2s'}:
+ # Prefer our blake2 implementation.
+@@ -147,12 +179,10 @@ def __hash_new(name, data=b'', **kwargs):
+ # salt, personal, tree hashing or SSE.
+ return __get_builtin_constructor(name)(data, **kwargs)
+ try:
+- return _hashlib.new(name, data)
++ return _hashlib.new(name, data, usedforsecurity)
+ except ValueError:
+- # If the _hashlib module (OpenSSL) doesn't support the named
+- # hash, try using our builtin implementations.
+- # This allows for SHA224/256 and SHA384/512 support even though
+- # the OpenSSL library prior to 0.9.8 doesn't provide them.
++ # TODO: We want to just raise here when OpenSSL implements sha3
++ # because we want to make sure that Fedora uses everything from OpenSSL
+ return __get_builtin_constructor(name)(data)
+
+
+@@ -163,8 +193,8 @@ try:
+ algorithms_available = algorithms_available.union(
+ _hashlib.openssl_md_meth_names)
+ except ImportError:
+- new = __py_new
+- __get_hash = __get_builtin_constructor
++ # We don't build the legacy modules
++ raise
+
+ try:
+ # OpenSSL's PKCS5_PBKDF2_HMAC requires OpenSSL 1.0+ with HMAC and SHA
+@@ -241,7 +271,10 @@ for __func_name in __always_supported:
+ # try them all, some may not work due to the OpenSSL
+ # version not supporting that algorithm.
+ try:
+- globals()[__func_name] = __get_hash(__func_name)
++ func = __get_hash(__func_name)
++ if __func_name.startswith(('sha3_', 'blake2', 'shake_')):
++ func = __ignore_usedforsecurity(func)
++ globals()[__func_name] = func
+ except ValueError:
+ import logging
+ logging.exception('code for hash %s was not found.', __func_name)
+@@ -249,4 +282,5 @@ for __func_name in __always_supported:
+
+ # Cleanup locals()
+ del __always_supported, __func_name, __get_hash
+-del __py_new, __hash_new, __get_openssl_constructor
++del __hash_new, __get_openssl_constructor
++del __ignore_usedforsecurity
+diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
+index 9711856..254dbd3 100644
+--- a/Lib/test/test_hashlib.py
++++ b/Lib/test/test_hashlib.py
+@@ -27,7 +27,22 @@ from http.client import HTTPException
+ COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount')
+
+ c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
+-py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
++# skipped on Fedora, since we always use OpenSSL implementation
++# py_hashlib = import_fresh_module('hashlib', blocked=['_hashlib'])
++
++def openssl_enforces_fips():
++ # Use the "openssl" command (if present) to try to determine if the local
++ # OpenSSL is configured to enforce FIPS
++ from subprocess import Popen, PIPE
++ try:
++ p = Popen(['openssl', 'md5'],
++ stdin=PIPE, stdout=PIPE, stderr=PIPE)
++ except OSError:
++ # "openssl" command not found
++ return False
++ stdout, stderr = p.communicate(input=b'abc')
++ return b'unknown cipher' in stderr
++OPENSSL_ENFORCES_FIPS = openssl_enforces_fips()
+
+ try:
+ import _blake2
+@@ -71,6 +86,17 @@ def read_vectors(hash_name):
+ yield parts
+
+
++# hashlib and _hashlib-based functions support a "usedforsecurity" keyword
++# argument, and FIPS mode requires that it be used overridden with a False
++# value for these selftests to work. Other cryptographic code within Python
++# doesn't support this keyword.
++# Modify a function to one in which "usedforsecurity=False" is added to the
++# keyword arguments:
++def suppress_fips(f):
++ def g(*args, **kwargs):
++ return f(*args, usedforsecurity=False, **kwargs)
++ return g
++
+ class HashLibTestCase(unittest.TestCase):
+ supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1',
+ 'sha224', 'SHA224', 'sha256', 'SHA256',
+@@ -109,11 +135,11 @@ class HashLibTestCase(unittest.TestCase):
+ # For each algorithm, test the direct constructor and the use
+ # of hashlib.new given the algorithm name.
+ for algorithm, constructors in self.constructors_to_test.items():
+- constructors.add(getattr(hashlib, algorithm))
+- def _test_algorithm_via_hashlib_new(data=None, _alg=algorithm, **kwargs):
++ constructors.add(suppress_fips(getattr(hashlib, algorithm)))
++ def _test_algorithm_via_hashlib_new(data=None, _alg=algorithm, usedforsecurity=True, **kwargs):
+ if data is None:
+- return hashlib.new(_alg, **kwargs)
+- return hashlib.new(_alg, data, **kwargs)
++ return suppress_fips(hashlib.new)(_alg, **kwargs)
++ return suppress_fips(hashlib.new)(_alg, data, **kwargs)
+ constructors.add(_test_algorithm_via_hashlib_new)
+
+ _hashlib = self._conditional_import_module('_hashlib')
+@@ -125,26 +151,12 @@ class HashLibTestCase(unittest.TestCase):
+ for algorithm, constructors in self.constructors_to_test.items():
+ constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
+ if constructor:
+- constructors.add(constructor)
++ constructors.add(suppress_fips(constructor))
+
+ def add_builtin_constructor(name):
+ constructor = getattr(hashlib, "__get_builtin_constructor")(name)
+ self.constructors_to_test[name].add(constructor)
+
+- _md5 = self._conditional_import_module('_md5')
+- if _md5:
+- add_builtin_constructor('md5')
+- _sha1 = self._conditional_import_module('_sha1')
+- if _sha1:
+- add_builtin_constructor('sha1')
+- _sha256 = self._conditional_import_module('_sha256')
+- if _sha256:
+- add_builtin_constructor('sha224')
+- add_builtin_constructor('sha256')
+- _sha512 = self._conditional_import_module('_sha512')
+- if _sha512:
+- add_builtin_constructor('sha384')
+- add_builtin_constructor('sha512')
+ if _blake2:
+ add_builtin_constructor('blake2s')
+ add_builtin_constructor('blake2b')
+@@ -219,9 +231,6 @@ class HashLibTestCase(unittest.TestCase):
+ else:
+ del sys.modules['_md5']
+ self.assertRaises(TypeError, get_builtin_constructor, 3)
+- constructor = get_builtin_constructor('md5')
+- self.assertIs(constructor, _md5.md5)
+- self.assertEqual(sorted(builtin_constructor_cache), ['MD5', 'md5'])
+
+ def test_hexdigest(self):
+ for cons in self.hash_constructors:
+@@ -840,6 +849,65 @@ class HashLibTestCase(unittest.TestCase):
+
+ self.assertEqual(expected_hash, hasher.hexdigest())
+
++ def test_issue9146(self):
++ # Ensure that various ways to use "MD5" from "hashlib" don't segfault:
++ m = hashlib.md5(usedforsecurity=False)
++ m.update(b'abc\n')
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ m = hashlib.new('md5', usedforsecurity=False)
++ m.update(b'abc\n')
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ m = hashlib.md5(b'abc\n', usedforsecurity=False)
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ m = hashlib.new('md5', b'abc\n', usedforsecurity=False)
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ @unittest.skipUnless(OPENSSL_ENFORCES_FIPS,
++ 'FIPS enforcement required for this test.')
++ def test_hashlib_fips_mode(self):
++ # Ensure that we raise a ValueError on vanilla attempts to use MD5
++ # in hashlib in a FIPS-enforced setting:
++ with self.assertRaisesRegexp(ValueError, '.*unknown cipher'):
++ m = hashlib.md5()
++
++ if not self._conditional_import_module('_md5'):
++ with self.assertRaisesRegexp(ValueError, '.*unknown cipher'):
++ m = hashlib.new('md5')
++
++ @unittest.skipUnless(OPENSSL_ENFORCES_FIPS,
++ 'FIPS enforcement required for this test.')
++ def test_hashopenssl_fips_mode(self):
++ # Verify the _hashlib module's handling of md5:
++ _hashlib = self._conditional_import_module('_hashlib')
++ if _hashlib:
++ assert hasattr(_hashlib, 'openssl_md5')
++
++ # Ensure that _hashlib raises a ValueError on vanilla attempts to
++ # use MD5 in a FIPS-enforced setting:
++ with self.assertRaisesRegexp(ValueError, '.*unknown cipher'):
++ m = _hashlib.openssl_md5()
++ with self.assertRaisesRegexp(ValueError, '.*unknown cipher'):
++ m = _hashlib.new('md5')
++
++ # Ensure that in such a setting we can whitelist a callsite with
++ # usedforsecurity=False and have it succeed:
++ m = _hashlib.openssl_md5(usedforsecurity=False)
++ m.update(b'abc\n')
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ m = _hashlib.new('md5', usedforsecurity=False)
++ m.update(b'abc\n')
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ m = _hashlib.openssl_md5(b'abc\n', usedforsecurity=False)
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
++ m = _hashlib.new('md5', b'abc\n', usedforsecurity=False)
++ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
++
+
+ class KDFTests(unittest.TestCase):
+
+@@ -930,6 +998,7 @@ class KDFTests(unittest.TestCase):
+ iterations=1, dklen=None)
+ self.assertEqual(out, self.pbkdf2_results['sha1'][0][0])
+
++ @unittest.skip('skipped on Fedora, as we always use OpenSSL pbkdf2_hmac')
+ def test_pbkdf2_hmac_py(self):
+ self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac)
+
+diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
+index 84edd72..cc602c4 100644
+--- a/Modules/_hashopenssl.c
++++ b/Modules/_hashopenssl.c
+@@ -20,6 +20,7 @@
+
+
+ /* EVP is the preferred interface to hashing in OpenSSL */
++#include <openssl/ssl.h>
+ #include <openssl/evp.h>
+ /* We use the object interface to discover what hashes OpenSSL supports. */
+ #include <openssl/objects.h>
+@@ -61,10 +62,19 @@ typedef struct {
+
+ static PyTypeObject EVPtype;
+
++/* Struct to hold all the cached information we need on a specific algorithm.
++ We have one of these per algorithm */
++typedef struct {
++ PyObject *name_obj;
++ EVP_MD_CTX ctxs[2];
++ /* ctx_ptrs will point to ctxs unless an error occurred, when it will
++ be NULL: */
++ EVP_MD_CTX *ctx_ptrs[2];
++ PyObject *error_msgs[2];
++} EVPCachedInfo;
+
+-#define DEFINE_CONSTS_FOR_NEW(Name) \
+- static PyObject *CONST_ ## Name ## _name_obj = NULL; \
+- static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;
++#define DEFINE_CONSTS_FOR_NEW(Name) \
++ static EVPCachedInfo cached_info_ ##Name;
+
+ DEFINE_CONSTS_FOR_NEW(md5)
+ DEFINE_CONSTS_FOR_NEW(sha1)
+@@ -139,15 +149,54 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len)
+ process = MUNCH_SIZE;
+ else
+ process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);
+- if (!EVP_DigestUpdate(self->ctx, (const void*)cp, process)) {
+- _setException(PyExc_ValueError);
+- break;
+- }
++ EVP_DigestUpdate(self->ctx, (const void*)cp, process);
+ len -= process;
+ cp += process;
+ }
+ }
+
++static void
++mc_ctx_init(EVP_MD_CTX *ctx, int usedforsecurity)
++{
++ EVP_MD_CTX_init(ctx);
++
++ /*
++ If the user has declared that this digest is being used in a
++ non-security role (e.g. indexing into a data structure), set
++ the exception flag for openssl to allow it
++ */
++ if (!usedforsecurity) {
++#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
++ EVP_MD_CTX_set_flags(ctx,
++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
++#endif
++ }
++}
++
++/* Get an error msg for the last error as a PyObject */
++static PyObject *
++error_msg_for_last_error(void)
++{
++ char *errstr;
++
++ errstr = ERR_error_string(ERR_peek_last_error(), NULL);
++ ERR_clear_error();
++
++ return PyUnicode_FromString(errstr); /* Can be NULL */
++}
++
++static void
++set_evp_exception(void)
++{
++ char *errstr;
++
++ errstr = ERR_error_string(ERR_peek_last_error(), NULL);
++ ERR_clear_error();
++
++ PyErr_SetString(PyExc_ValueError, errstr);
++}
++
++
+ /* Internal methods for a hash object */
+
+ static void
+@@ -212,10 +261,7 @@ EVP_digest(EVPobject *self, PyObject *unused)
+ return _setException(PyExc_ValueError);
+ }
+ digest_size = EVP_MD_CTX_size(temp_ctx);
+- if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
+- _setException(PyExc_ValueError);
+- return NULL;
+- }
++ EVP_DigestFinal(temp_ctx, digest, NULL);
+
+ retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
+ EVP_MD_CTX_free(temp_ctx);
+@@ -243,10 +289,7 @@ EVP_hexdigest(EVPobject *self, PyObject *unused)
+ return _setException(PyExc_ValueError);
+ }
+ digest_size = EVP_MD_CTX_size(temp_ctx);
+- if (!EVP_DigestFinal(temp_ctx, digest, NULL)) {
+- _setException(PyExc_ValueError);
+- return NULL;
+- }
++ EVP_DigestFinal(temp_ctx, digest, NULL);
+
+ EVP_MD_CTX_free(temp_ctx);
+
+@@ -342,15 +385,16 @@ EVP_repr(EVPobject *self)
+ static int
+ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
+ {
+- static char *kwlist[] = {"name", "string", NULL};
++ static char *kwlist[] = {"name", "string", "usedforsecurity", NULL};
+ PyObject *name_obj = NULL;
+ PyObject *data_obj = NULL;
++ int usedforsecurity = 1;
+ Py_buffer view;
+ char *nameStr;
+ const EVP_MD *digest;
+
+- if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|O:HASH", kwlist,
+- &name_obj, &data_obj)) {
++ if (!PyArg_ParseTupleAndKeywords(args, kwds, "O|Oi:HASH", kwlist,
++ &name_obj, &data_obj, &usedforsecurity)) {
+ return -1;
+ }
+
+@@ -371,11 +415,11 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
+ PyBuffer_Release(&view);
+ return -1;
+ }
+- if (!EVP_DigestInit(self->ctx, digest)) {
+- _setException(PyExc_ValueError);
+- if (data_obj)
+- PyBuffer_Release(&view);
+- return -1;
++ mc_ctx_init(self->ctx, usedforsecurity);
++ if (!EVP_DigestInit_ex(self->ctx, digest, NULL)) {
++ set_evp_exception();
++ PyBuffer_Release(&view);
++ Py_RETURN_NONE;
+ }
+
+ Py_INCREF(name_obj);
+@@ -460,7 +504,8 @@ static PyTypeObject EVPtype = {
+ static PyObject *
+ EVPnew(PyObject *name_obj,
+ const EVP_MD *digest, const EVP_MD_CTX *initial_ctx,
+- const unsigned char *cp, Py_ssize_t len)
++ const unsigned char *cp, Py_ssize_t len,
++ int usedforsecurity)
+ {
+ EVPobject *self;
+
+@@ -475,8 +520,9 @@ EVPnew(PyObject *name_obj,
+ if (initial_ctx) {
+ EVP_MD_CTX_copy(self->ctx, initial_ctx);
+ } else {
+- if (!EVP_DigestInit(self->ctx, digest)) {
+- _setException(PyExc_ValueError);
++ mc_ctx_init(self->ctx, usedforsecurity);
++ if (!EVP_DigestInit_ex(self->ctx, digest, NULL)) {
++ set_evp_exception();
+ Py_DECREF(self);
+ return NULL;
+ }
+@@ -503,21 +549,29 @@ PyDoc_STRVAR(EVP_new__doc__,
+ An optional string argument may be provided and will be\n\
+ automatically hashed.\n\
+ \n\
+-The MD5 and SHA1 algorithms are always supported.\n");
++The MD5 and SHA1 algorithms are always supported.\n\
++\n\
++An optional \"usedforsecurity=True\" keyword argument is provided for use in\n\
++environments that enforce FIPS-based restrictions. Some implementations of\n\
++OpenSSL can be configured to prevent the usage of non-secure algorithms (such\n\
++as MD5). If you have a non-security use for these algorithms (e.g. a hash\n\
++table), you can override this argument by marking the callsite as\n\
++\"usedforsecurity=False\".");
+
+ static PyObject *
+ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
+ {
+- static char *kwlist[] = {"name", "string", NULL};
++ static char *kwlist[] = {"name", "string", "usedforsecurity", NULL};
+ PyObject *name_obj = NULL;
+ PyObject *data_obj = NULL;
++ int usedforsecurity = 1;
+ Py_buffer view = { 0 };
+ PyObject *ret_obj;
+ char *name;
+ const EVP_MD *digest;
+
+- if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O|O:new", kwlist,
+- &name_obj, &data_obj)) {
++ if (!PyArg_ParseTupleAndKeywords(args, kwdict, "O|Oi:new", kwlist,
++ &name_obj, &data_obj, &usedforsecurity)) {
+ return NULL;
+ }
+
+@@ -531,7 +585,8 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
+
+ digest = EVP_get_digestbyname(name);
+
+- ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len);
++ ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len,
++ usedforsecurity);
+
+ if (data_obj)
+ PyBuffer_Release(&view);
+@@ -919,66 +974,116 @@ generate_hash_name_list(void)
+
+
+ /*
+- * This macro generates constructor function definitions for specific
+- * hash algorithms. These constructors are much faster than calling
+- * the generic one passing it a python string and are noticeably
+- * faster than calling a python new() wrapper. That is important for
++ * This macro and function generates a family of constructor function
++ * definitions for specific hash algorithms. These constructors are much
++ * faster than calling the generic one passing it a python string and are
++ * noticably faster than calling a python new() wrapper. That's important for
+ * code that wants to make hashes of a bunch of small strings.
+ * The first call will lazy-initialize, which reports an exception
+ * if initialization fails.
+ */
+ #define GEN_CONSTRUCTOR(NAME) \
+ static PyObject * \
+- EVP_new_ ## NAME (PyObject *self, PyObject *args) \
++ EVP_new_ ## NAME (PyObject *self, PyObject *args, PyObject *kwdict) \
+ { \
+- PyObject *data_obj = NULL; \
+- Py_buffer view = { 0 }; \
+- PyObject *ret_obj; \
+- \
+- if (!PyArg_ParseTuple(args, "|O:" #NAME , &data_obj)) { \
+- return NULL; \
+- } \
+- \
+- if (CONST_new_ ## NAME ## _ctx_p == NULL) { \
+- EVP_MD_CTX *ctx_p = EVP_MD_CTX_new(); \
+- if (!EVP_get_digestbyname(#NAME) || \
+- !EVP_DigestInit(ctx_p, EVP_get_digestbyname(#NAME))) { \
+- _setException(PyExc_ValueError); \
+- EVP_MD_CTX_free(ctx_p); \
+- return NULL; \
+- } \
+- CONST_new_ ## NAME ## _ctx_p = ctx_p; \
+- } \
+- \
+- if (data_obj) \
+- GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view); \
+- \
+- ret_obj = EVPnew( \
+- CONST_ ## NAME ## _name_obj, \
+- NULL, \
+- CONST_new_ ## NAME ## _ctx_p, \
+- (unsigned char*)view.buf, \
+- view.len); \
+- \
+- if (data_obj) \
+- PyBuffer_Release(&view); \
+- return ret_obj; \
++ return implement_specific_EVP_new(self, args, kwdict, \
++ "|Oi:" #NAME, \
++ &cached_info_ ## NAME ); \
++ }
++
++static PyObject *
++implement_specific_EVP_new(PyObject *self, PyObject *args, PyObject *kwdict,
++ const char *format,
++ EVPCachedInfo *cached_info)
++{
++ static char *kwlist[] = {"string", "usedforsecurity", NULL};
++ PyObject *data_obj = NULL;
++ Py_buffer view = { 0 };
++ int usedforsecurity = 1;
++ int idx;
++ PyObject *ret_obj = NULL;
++
++ assert(cached_info);
++
++ if (!PyArg_ParseTupleAndKeywords(args, kwdict, format, kwlist,
++ &data_obj, &usedforsecurity)) {
++ return NULL;
+ }
+
++ if (data_obj)
++ GET_BUFFER_VIEW_OR_ERROUT(data_obj, &view);
++
++ idx = usedforsecurity ? 1 : 0;
++
++ /*
++ * If an error occurred during creation of the global content, the ctx_ptr
++ * will be NULL, and the error_msg will hopefully be non-NULL:
++ */
++ if (cached_info->ctx_ptrs[idx]) {
++ /* We successfully initialized this context; copy it: */
++ ret_obj = EVPnew(cached_info->name_obj,
++ NULL,
++ cached_info->ctx_ptrs[idx],
++ (unsigned char*)view.buf, view.len,
++ usedforsecurity);
++ } else {
++ /* Some kind of error happened initializing the global context for
++ this (digest, usedforsecurity) pair.
++ Raise an exception with the saved error message: */
++ if (cached_info->error_msgs[idx]) {
++ PyErr_SetObject(PyExc_ValueError, cached_info->error_msgs[idx]);
++ } else {
++ PyErr_SetString(PyExc_ValueError, "Error initializing hash");
++ }
++ }
++
++ if (data_obj)
++ PyBuffer_Release(&view);
++
++ return ret_obj;
++}
++
+ /* a PyMethodDef structure for the constructor */
+ #define CONSTRUCTOR_METH_DEF(NAME) \
+- {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, METH_VARARGS, \
++ {"openssl_" #NAME, (PyCFunction)EVP_new_ ## NAME, \
++ METH_VARARGS|METH_KEYWORDS, \
+ PyDoc_STR("Returns a " #NAME \
+ " hash object; optionally initialized with a string") \
+ }
+
+-/* used in the init function to setup a constructor: initialize OpenSSL
+- constructor constants if they haven't been initialized already. */
+-#define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \
+- if (CONST_ ## NAME ## _name_obj == NULL) { \
+- CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \
+- } \
++/*
++ Macro/function pair to set up the constructors.
++
++ Try to initialize a context for each hash twice, once with
++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW and once without.
++
++ Any that have errors during initialization will end up with a NULL ctx_ptrs
++ entry, and err_msgs will be set (unless we're very low on memory)
++*/
++#define INIT_CONSTRUCTOR_CONSTANTS(NAME) do { \
++ init_constructor_constant(&cached_info_ ## NAME, #NAME); \
+ } while (0);
++static void
++init_constructor_constant(EVPCachedInfo *cached_info, const char *name)
++{
++ assert(cached_info);
++ cached_info->name_obj = PyUnicode_FromString(name);
++ if (EVP_get_digestbyname(name)) {
++ int i;
++ for (i=0; i<2; i++) {
++ mc_ctx_init(&cached_info->ctxs[i], i);
++ if (EVP_DigestInit_ex(&cached_info->ctxs[i],
++ EVP_get_digestbyname(name), NULL)) {
++ /* Success: */
++ cached_info->ctx_ptrs[i] = &cached_info->ctxs[i];
++ } else {
++ /* Failure: */
++ cached_info->ctx_ptrs[i] = NULL;
++ cached_info->error_msgs[i] = error_msg_for_last_error();
++ }
++ }
++ }
++}
+
+ GEN_CONSTRUCTOR(md5)
+ GEN_CONSTRUCTOR(sha1)
+@@ -1026,16 +1131,10 @@ PyInit__hashlib(void)
+ {
+ PyObject *m, *openssl_md_meth_names;
+
+-#ifndef OPENSSL_VERSION_1_1
+- /* Load all digest algorithms and initialize cpuid */
+- OPENSSL_add_all_algorithms_noconf();
+- ERR_load_crypto_strings();
+-#endif
++ SSL_load_error_strings();
++ SSL_library_init();
+
+- /* TODO build EVP_functions openssl_* entries dynamically based
+- * on what hashes are supported rather than listing many
+- * but having some be unsupported. Only init appropriate
+- * constants. */
++ OpenSSL_add_all_digests();
+
+ Py_TYPE(&EVPtype) = &PyType_Type;
+ if (PyType_Ready(&EVPtype) < 0)
diff --git a/SOURCES/00330-CVE-2018-20852.patch b/SOURCES/00330-CVE-2018-20852.patch
new file mode 100644
index 0000000..380fc33
--- /dev/null
+++ b/SOURCES/00330-CVE-2018-20852.patch
@@ -0,0 +1,93 @@
+diff --git a/Lib/http/cookiejar.py b/Lib/http/cookiejar.py
+index adf956d..97599d4 100644
+--- a/Lib/http/cookiejar.py
++++ b/Lib/http/cookiejar.py
+@@ -1148,6 +1148,11 @@ class DefaultCookiePolicy(CookiePolicy):
+ req_host, erhn = eff_request_host(request)
+ domain = cookie.domain
+
++ if domain and not domain.startswith("."):
++ dotdomain = "." + domain
++ else:
++ dotdomain = domain
++
+ # strict check of non-domain cookies: Mozilla does this, MSIE5 doesn't
+ if (cookie.version == 0 and
+ (self.strict_ns_domain & self.DomainStrictNonDomain) and
+@@ -1160,7 +1165,7 @@ class DefaultCookiePolicy(CookiePolicy):
+ _debug(" effective request-host name %s does not domain-match "
+ "RFC 2965 cookie domain %s", erhn, domain)
+ return False
+- if cookie.version == 0 and not ("."+erhn).endswith(domain):
++ if cookie.version == 0 and not ("."+erhn).endswith(dotdomain):
+ _debug(" request-host %s does not match Netscape cookie domain "
+ "%s", req_host, domain)
+ return False
+@@ -1174,7 +1179,11 @@ class DefaultCookiePolicy(CookiePolicy):
+ req_host = "."+req_host
+ if not erhn.startswith("."):
+ erhn = "."+erhn
+- if not (req_host.endswith(domain) or erhn.endswith(domain)):
++ if domain and not domain.startswith("."):
++ dotdomain = "." + domain
++ else:
++ dotdomain = domain
++ if not (req_host.endswith(dotdomain) or erhn.endswith(dotdomain)):
+ #_debug(" request domain %s does not match cookie domain %s",
+ # req_host, domain)
+ return False
+diff --git a/Lib/test/test_http_cookiejar.py b/Lib/test/test_http_cookiejar.py
+index abc625d..6e1b308 100644
+--- a/Lib/test/test_http_cookiejar.py
++++ b/Lib/test/test_http_cookiejar.py
+@@ -415,6 +415,7 @@ class CookieTests(unittest.TestCase):
+ ("http://foo.bar.com/", ".foo.bar.com", True),
+ ("http://foo.bar.com/", "foo.bar.com", True),
+ ("http://foo.bar.com/", ".bar.com", True),
++ ("http://foo.bar.com/", "bar.com", True),
+ ("http://foo.bar.com/", "com", True),
+ ("http://foo.com/", "rhubarb.foo.com", False),
+ ("http://foo.com/", ".foo.com", True),
+@@ -425,6 +426,8 @@ class CookieTests(unittest.TestCase):
+ ("http://foo/", "foo", True),
+ ("http://foo/", "foo.local", True),
+ ("http://foo/", ".local", True),
++ ("http://barfoo.com", ".foo.com", False),
++ ("http://barfoo.com", "foo.com", False),
+ ]:
+ request = urllib.request.Request(url)
+ r = pol.domain_return_ok(domain, request)
+@@ -959,6 +962,33 @@ class CookieTests(unittest.TestCase):
+ c.add_cookie_header(req)
+ self.assertFalse(req.has_header("Cookie"))
+
++ c.clear()
++
++ pol.set_blocked_domains([])
++ req = urllib.request.Request("http://acme.com/")
++ res = FakeResponse(headers, "http://acme.com/")
++ cookies = c.make_cookies(res, req)
++ c.extract_cookies(res, req)
++ self.assertEqual(len(c), 1)
++
++ req = urllib.request.Request("http://acme.com/")
++ c.add_cookie_header(req)
++ self.assertTrue(req.has_header("Cookie"))
++
++ req = urllib.request.Request("http://badacme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(pol.return_ok(cookies[0], req))
++ self.assertFalse(req.has_header("Cookie"))
++
++ p = pol.set_blocked_domains(["acme.com"])
++ req = urllib.request.Request("http://acme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(req.has_header("Cookie"))
++
++ req = urllib.request.Request("http://badacme.com/")
++ c.add_cookie_header(req)
++ self.assertFalse(req.has_header("Cookie"))
++
+ def test_secure(self):
+ for ns in True, False:
+ for whitespace in " ", "":
diff --git a/SOURCES/00332-CVE-2019-16056.patch b/SOURCES/00332-CVE-2019-16056.patch
new file mode 100644
index 0000000..1786939
--- /dev/null
+++ b/SOURCES/00332-CVE-2019-16056.patch
@@ -0,0 +1,88 @@
+diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
+index 1fb8cb4..9815e4e 100644
+--- a/Lib/email/_header_value_parser.py
++++ b/Lib/email/_header_value_parser.py
+@@ -1561,6 +1561,8 @@ def get_domain(value):
+ token, value = get_dot_atom(value)
+ except errors.HeaderParseError:
+ token, value = get_atom(value)
++ if value and value[0] == '@':
++ raise errors.HeaderParseError('Invalid Domain')
+ if leader is not None:
+ token[:0] = [leader]
+ domain.append(token)
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index cdfa372..41ff6f8 100644
+--- a/Lib/email/_parseaddr.py
++++ b/Lib/email/_parseaddr.py
+@@ -379,7 +379,12 @@ class AddrlistClass:
+ aslist.append('@')
+ self.pos += 1
+ self.gotonext()
+- return EMPTYSTRING.join(aslist) + self.getdomain()
++ domain = self.getdomain()
++ if not domain:
++ # Invalid domain, return an empty address instead of returning a
++ # local part to denote failed parsing.
++ return EMPTYSTRING
++ return EMPTYSTRING.join(aslist) + domain
+
+ def getdomain(self):
+ """Get the complete domain name from an address."""
+@@ -394,6 +399,10 @@ class AddrlistClass:
+ elif self.field[self.pos] == '.':
+ self.pos += 1
+ sdlist.append('.')
++ elif self.field[self.pos] == '@':
++ # bpo-34155: Don't parse domains with two `@` like
++ # `a@malicious.org@important.com`.
++ return EMPTYSTRING
+ elif self.field[self.pos] in self.atomends:
+ break
+ else:
+diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
+index 676732b..577dc43 100644
+--- a/Lib/test/test_email/test__header_value_parser.py
++++ b/Lib/test/test_email/test__header_value_parser.py
+@@ -1418,6 +1418,16 @@ class TestParser(TestParserMixin, TestEmailBase):
+ self.assertEqual(addr_spec.domain, 'example.com')
+ self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')
+
++ def test_get_addr_spec_multiple_domains(self):
++ with self.assertRaises(errors.HeaderParseError):
++ parser.get_addr_spec('star@a.star@example.com')
++
++ with self.assertRaises(errors.HeaderParseError):
++ parser.get_addr_spec('star@a@example.com')
++
++ with self.assertRaises(errors.HeaderParseError):
++ parser.get_addr_spec('star@172.17.0.1@example.com')
++
+ # get_obs_route
+
+ def test_get_obs_route_simple(self):
+diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
+index f97ccc6..68d0522 100644
+--- a/Lib/test/test_email/test_email.py
++++ b/Lib/test/test_email/test_email.py
+@@ -3035,6 +3035,20 @@ class TestMiscellaneous(TestEmailBase):
+ self.assertEqual(utils.parseaddr('<>'), ('', ''))
+ self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')
+
++ def test_parseaddr_multiple_domains(self):
++ self.assertEqual(
++ utils.parseaddr('a@b@c'),
++ ('', '')
++ )
++ self.assertEqual(
++ utils.parseaddr('a@b.c@c'),
++ ('', '')
++ )
++ self.assertEqual(
++ utils.parseaddr('a@172.17.0.1@c'),
++ ('', '')
++ )
++
+ def test_noquote_dump(self):
+ self.assertEqual(
+ utils.formataddr(('A Silly Person', 'person@dom.ain')),
diff --git a/SOURCES/00333-fix-faulthandler-stack.patch b/SOURCES/00333-fix-faulthandler-stack.patch
new file mode 100644
index 0000000..c5805be
--- /dev/null
+++ b/SOURCES/00333-fix-faulthandler-stack.patch
@@ -0,0 +1,17 @@
+diff --git a/Modules/faulthandler.c b/Modules/faulthandler.c
+index 890c645..ccab553 100644
+--- a/Modules/faulthandler.c
++++ b/Modules/faulthandler.c
+@@ -1333,7 +1333,11 @@ int _PyFaulthandler_Init(void)
+ * be able to allocate memory on the stack, even on a stack overflow. If it
+ * fails, ignore the error. */
+ stack.ss_flags = 0;
+- stack.ss_size = SIGSTKSZ;
++ /* bpo-21131: allocate dedicated stack of SIGSTKSZ*2 bytes, instead of just
++ SIGSTKSZ bytes. Calling the previous signal handler in faulthandler
++ signal handler uses more than SIGSTKSZ bytes of stack memory on some
++ platforms. */
++ stack.ss_size = SIGSTKSZ * 2;
+ stack.ss_sp = PyMem_Malloc(stack.ss_size);
+ if (stack.ss_sp != NULL) {
+ err = sigaltstack(&stack, &old_stack);
diff --git a/SPECS/python3.spec b/SPECS/python3.spec
index 21d2703..1ed329e 100644
--- a/SPECS/python3.spec
+++ b/SPECS/python3.spec
@@ -14,7 +14,7 @@ URL: https://www.python.org/
# WARNING When rebasing to a new Python version,
# remember to update the python3-docs package as well
Version: %{pybasever}.8
-Release: 10%{?dist}
+Release: 13%{?dist}
License: Python
@@ -281,6 +281,38 @@ Patch111: 00111-no-static-lib.patch
# these unittest hooks in their own "check" phases)
Patch132: 00132-add-rpmbuild-hooks-to-unittest.patch
+# 00146 #
+# Support OpenSSL FIPS mode (e.g. when OPENSSL_FORCE_FIPS_MODE=1 is set)
+# - handle failures from OpenSSL (e.g. on attempts to use MD5 in a
+# FIPS-enforcing environment)
+# - add a new "usedforsecurity" keyword argument to the various digest
+# algorithms in hashlib so that you can whitelist a callsite with
+# "usedforsecurity=False"
+# (sent upstream for python 3 as http://bugs.python.org/issue9216 ; see RHEL6
+# python patch 119)
+# - enforce usage of the _hashlib implementation: don't fall back to the _md5
+# and _sha* modules (leading to clearer error messages if fips selftests
+# fail)
+# - don't build the _md5 and _sha* modules; rely on the _hashlib implementation
+# of hashlib
+# (rhbz#1732908)
+# Note: Up to Python 3.4.0.b1, upstream had their own implementation of what
+# they assumed would become sha3. This patch was adapted to give it the
+# usedforsecurity argument, even though it did nothing (OpenSSL didn't have
+# sha3 implementation at that time).In 3.4.0.b2, sha3 implementation was reverted
+# (see http://bugs.python.org/issue16113), but the alterations were left in the
+# patch, since they may be useful again if upstream decides to rerevert sha3
+# implementation and OpenSSL still doesn't support it. For now, they're harmless.
+
+# Patch is updated to be compatible with blake2 and shake algorithms
+
+# As of python 3.6.3, upstream raises a ValueError when a hash function
+# fails to be initialized (e.g. in fips mode).
+# https://github.com/python/cpython/commit/31b8efeaa893e95358b71eb2b8365552d3966b4a
+# Since we carry downstream our own implementation of hashlib for fips mode
+# we remove the implementation that was introduced with python 3.6.3 for now.
+Patch146: 00146-hashlib-fips.patch
+
# 00155 #
# Avoid allocating thunks in ctypes unless absolutely necessary, to avoid
# generating SELinux denials on "import ctypes" and "import uuid" when
@@ -393,6 +425,24 @@ Patch324: 00324-disallow-control-chars-in-http-urls.patch
# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714642
Patch325: 00325-CVE-2019-9948.patch
+# 00330 #
+# Fix CVE-2018-20852: cookie domain check returning incorrect results
+# Fixed upstream: https://bugs.python.org/issue35121
+# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741552
+Patch330: 00330-CVE-2018-20852.patch
+
+# 00332 #
+# Fix CVE-2019-16056: Dont parse domains containing @
+# Fixed upstream: https://bugs.python.org/issue34155
+# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1750774
+Patch332: 00332-CVE-2019-16056.patch
+
+# 00333 #
+# Fix faulthandler.register(chain=True) stack which was using
+# more stack memory on some hardware.
+# Fixed upstream: https://bugs.python.org/issue21131
+Patch333: 00333-fix-faulthandler-stack.patch
+
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -686,6 +736,7 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en
%endif
%patch111 -p1
%patch132 -p1
+%patch146 -p1
%patch155 -p1
%patch160 -p1
%patch163 -p1
@@ -707,6 +758,9 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en
%patch320 -p1
%patch324 -p1
%patch325 -p1
+%patch330 -p1
+%patch332 -p1
+%patch333 -p1
# Remove files that should be generated by the build
@@ -1096,9 +1150,6 @@ CheckPython() {
-wW --slowest --findleaks \
-x test_distutils \
-x test_bdist_rpm \
- %ifarch %{arm}
- -x test_gdb \
- %endif
%ifarch %{mips64}
-x test_ctypes \
%endif
@@ -1590,6 +1641,19 @@ CheckPython optimized
# ======================================================
%changelog
+* Thu Sep 26 2019 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-13
+- Security fix for CVE-2019-16056
+Resolves: rhbz#1750774
+
+* Wed Sep 25 2019 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-12
+- Add support for OpenSSL FIPS mode
+- Fix faulthandler stack size
+Resolves: rhbz#1732908
+
+* Tue Aug 27 2019 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-11
+- Security fix for CVE-2018-20852
+Resolves: rhbz#1741552
+
* Tue Jun 11 2019 Charalampos Stratakis <cstratak@redhat.com> - 3.6.8-10
- Security fix for CVE-2019-10160
Resolves: rhbz#1718403