import python39-3.9.2-1.module+el8.4.0+10237+bdc77aac

.gitignore

@@ -1 +1 @@
-SOURCES/Python-3.9.16.tar.xz
+SOURCES/Python-3.9.2.tar.xz

.python39.metadata

@@ -1 +1 @@
-19acd6a341e4f2d7ff97c10c2eada258e9898624 SOURCES/Python-3.9.16.tar.xz
+110ca5bca7989f9558a54ee6762e6774a4b9644a SOURCES/Python-3.9.2.tar.xz

SOURCES/00189-use-rpm-wheels.patch

@@ -1,4 +1,4 @@
-From 2c91575950d4de95d308e30cc4ab20d032b1aceb Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
 Date: Wed, 15 Aug 2018 15:36:29 +0200
 Subject: [PATCH] 00189: Instead of bundled wheels, use our RPM packaged wheels
@@ -8,11 +8,11 @@ We keep them in /usr/share/python-wheels
 Downstream only: upstream bundles
 We might eventually pursuit upstream support, but it's low prio
 ---
- Lib/ensurepip/__init__.py | 37 ++++++++++++++++++++++++++-----------
- 1 file changed, 26 insertions(+), 11 deletions(-)
+ Lib/ensurepip/__init__.py | 33 ++++++++++++++++++++++-----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
 
 diff --git a/Lib/ensurepip/__init__.py b/Lib/ensurepip/__init__.py
-index e510cc7..8de2e55 100644
+index 97dfa7ea71..984e587ea0 100644
 --- a/Lib/ensurepip/__init__.py
 +++ b/Lib/ensurepip/__init__.py
 @@ -1,3 +1,5 @@
@@ -21,7 +21,7 @@ index e510cc7..8de2e55 100644
  import os
  import os.path
  import sys
-@@ -6,13 +8,29 @@ import tempfile
+@@ -6,16 +8,28 @@ import tempfile
  import subprocess
  from importlib import resources
  
@@ -30,13 +30,13 @@ index e510cc7..8de2e55 100644
  
  
  __all__ = ["version", "bootstrap"]
--_SETUPTOOLS_VERSION = "58.1.0"
--_PIP_VERSION = "22.0.4"
-+
+ 
 +_WHEEL_DIR = "/usr/share/python39-wheels/"
-+
+ 
+-_SETUPTOOLS_VERSION = "49.2.1"
 +_wheels = {}
-+
+ 
+-_PIP_VERSION = "20.2.3"
 +def _get_most_recent_wheel_version(pkg):
 +    prefix = os.path.join(_WHEEL_DIR, "{}-".format(pkg))
 +    _wheels[pkg] = {}
@@ -51,11 +51,10 @@ index e510cc7..8de2e55 100644
 +_SETUPTOOLS_VERSION = _get_most_recent_wheel_version("setuptools")
 +
 +_PIP_VERSION = _get_most_recent_wheel_version("pip")
-+
+ 
  _PROJECTS = [
      ("setuptools", _SETUPTOOLS_VERSION, "py3"),
-     ("pip", _PIP_VERSION, "py3"),
-@@ -101,13 +119,10 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
+@@ -105,13 +119,10 @@ def _bootstrap(*, root=None, upgrade=False, user=False,
          # additional paths that need added to sys.path
          additional_paths = []
          for project, version, py_tag in _PROJECTS:
@@ -73,6 +72,3 @@ index e510cc7..8de2e55 100644
  
              additional_paths.append(os.path.join(tmpdir, wheel_name))
  
--- 
-2.35.3
-

SOURCES/00378-support-expat-2-4-5.patch

@@ -1,47 +0,0 @@
-From db083095e3bdb93e4f8170d814664c482b1e94da Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Tue, 14 Jun 2022 06:38:43 +0200
-Subject: [PATCH] Fix test suite for Expat >= 2.4.5
-
----
- Lib/test/test_minidom.py | 17 +++++------------
- 1 file changed, 5 insertions(+), 12 deletions(-)
-
-diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
-index 9762025..5f52ed1 100644
---- a/Lib/test/test_minidom.py
-+++ b/Lib/test/test_minidom.py
-@@ -1149,14 +1149,10 @@ class MinidomTest(unittest.TestCase):
- 
-         # Verify that character decoding errors raise exceptions instead
-         # of crashing
--        if pyexpat.version_info >= (2, 4, 5):
--            self.assertRaises(ExpatError, parseString,
--                    b'<fran\xe7ais></fran\xe7ais>')
--            self.assertRaises(ExpatError, parseString,
--                    b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
--        else:
--            self.assertRaises(UnicodeDecodeError, parseString,
--                b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
-+        self.assertRaises(ExpatError, parseString,
-+                b'<fran\xe7ais></fran\xe7ais>')
-+        self.assertRaises(ExpatError, parseString,
-+                b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
- 
-         doc.unlink()
- 
-@@ -1617,10 +1613,7 @@ class MinidomTest(unittest.TestCase):
-         self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
- 
-     def testExceptionOnSpacesInXMLNSValue(self):
--        if pyexpat.version_info >= (2, 4, 5):
--            context = self.assertRaisesRegex(ExpatError, 'syntax error')
--        else:
--            context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
-+        context = self.assertRaisesRegex(ExpatError, 'syntax error')
- 
-         with context:
-             parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>')
--- 
-2.35.3
-

SOURCES/Python-3.9.16.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmOPjAQACgkQsmmV4xAl
-BWjzjQ//TQ9AtAs3RwRfGfJigHl3TG5lfYYdzAZIwEtt6NUw8tVKriCBMSvsJDjD
-rlFX64SPWaDlTggnatU88sj1y4AtGpf517GbYKwJ1oLQjcCSIs6WSxD7CZAfb4CL
-257KMANkT/n46luovTraqhAyLXp8fVWIEoSt3+6RgNYshjv00V6+L0HoE6jkzBRV
-si6KHDUCyIydOJEtAt79w5Ze/pFxJjIlGZ6WxyRVEy77cyQKh0g4dSdQ15HZAsfr
-fvv8rOmd8VXwIMi4xaUaHMddQxNrydDldDpKR4L1Lay/nY3OvSLI1AMw0D7n/FVO
-HxgYvxwkRqHPgbDIBLoHe7nsou0621ELS+j6M7cRoqAjsSfEOwpHOBw7k4+zOoa3
-4FHvru6TmT1p2iT6GSRllp/XspAzSelJeaFWA0Rs57MQ14gtXrw5hQHyZ1NgMzZi
-TMpnj0tGHufQYn2ZQqGUIySvtH3S5eIZgZGdPETJ5k09mcRVEKcdujTbkrIcOYtC
-GoPCw+3Qe7feVZLzElnsela9bDZi3uWfZh2kVyhZPAvxXJ0VNVCLvPlCKpr0R7t5
-JJ7jMpblsA05FT6ZanbqWNFZtCHMjlkK1259oST3BMbBSHTFgY/KGJEHQTkYU3M2
-U5OSn4za47qFBTVIXQsqkLGEBU/wrxtNmerJel8YW3ZIrkoTv2E=
-=dXB5
------END PGP SIGNATURE-----

SOURCES/Python-3.9.2.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmAvyCoACgkQsmmV4xAl
+BWhP7g//XBDQxNrjEaLSBfGy8tGbNPqlrBAOWsuH02JzvRXnr2gBX2m8TfaUSAnq
+8Kzafrpsfw0+7LFoPfrp+YwUO5k2WprovW9Iw+LoUM0d5DABL/gXKwVb0j9i8nRj
+uaPLzX9SRnCQQPfYQW/5wRFIm+/aqz4fx93k3Gw0AfeYh9Ka1pUJOCxCvihS47+E
+dUeoC6S8SUDrm5lPLj8t1uVVtp8W7GpGMwF5Zn31ThrlUA4V/dTMmqSUXCaAI9Ii
+zXditd26EfySKSxps+VQgL7GB778XcIYxlnMYzoqd6SD/pCQgagpFP2nZ1zdZ0/g
+qpwgeGE2SK++w8iiOs2Q59tisREU7PHNVtpdILhw9Me892mwxIjl8wDMTZHY8vvU
+6OZRI9G8UktpkEcT9FeFgwna2T3T16rEVbrzpteeDLFgqUpt84yXD+pd5W/Oozaj
+sfbd7lCFBcdzCQIKa+DGDuJKFPExu8oqGg7Zq25wxLvkNosmHXny9NylE1VIJ5ad
+WHadwBeFSFCR7faplO8s+hO/BmT5PcEwIXrz/xVqwf28o/0im63llkE6WUCRW4MU
+x/S5uWjB/HSDw2NHLRRc0bLabl30mMCf7J/EkVmm9dsIpmXhn6SLC9YCYjJtIjC7
+ChSQs+U8MgEnwk/un/DELIRUtu+rQZ1GkQnJ4tooaYJlYr/m7Ww=
+=s/wm
+-----END PGP SIGNATURE-----

SPECS/python39.spec

@@ -13,7 +13,7 @@ URL: https://www.python.org/
 
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.16
+%global general_version %{pybasever}.2
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
@@ -164,13 +164,6 @@ ExcludeArch: i686
 #   foo/__pycache__/bar.cpython-%%{pyshortver}.opt-2.pyc
 %global bytecode_suffixes .cpython-%{pyshortver}*.pyc
 
-# libmpdec (mpdecimal package in Fedora) is tightly coupled with the
-# decimal module. We keep it bundled as to avoid incompatibilities
-# with the packaged version.
-# The version information can be found at Modules/_decimal/libmpdec/mpdecimal.h
-# defined as MPD_VERSION.
-%global libmpdec_version 2.5.0
-
 # Python's configure script defines SOVERSION, and this is used in the Makefile
 # to determine INSTSONAME, the name of the libpython DSO:
 #   LDLIBRARY='libpython$(VERSION).so'
@@ -307,7 +300,7 @@ Patch1: 00001-rpath.patch
 # See https://bugzilla.redhat.com/show_bug.cgi?id=556092
 Patch111: 00111-no-static-lib.patch
 
-# 00189 # 4242864a6a12f1f4cf9fd63a6699a73f35261aa3
+# 00189 # 7c07eec60735bd65bda7d8e821d34718497cba27
 # Instead of bundled wheels, use our RPM packaged wheels
 #
 # We keep them in /usr/share/python-wheels
@@ -319,8 +312,8 @@ Patch189: 00189-use-rpm-wheels.patch
 # The versions are written in Lib/ensurepip/__init__.py, this patch removes them.
 # When the bundled setuptools/pip wheel is updated, the patch no longer applies cleanly.
 # In such cases, the patch needs to be amended and the versions updated here:
-%global pip_version 21.2.3
-%global setuptools_version 57.4.0
+%global pip_version 20.2.3
+%global setuptools_version 49.2.1
 
 # 00251 # 2eabd04356402d488060bc8fe316ad13fc8a3356
 # Change user install location
@@ -390,31 +383,6 @@ Patch329: 00329-fips.patch
 # a nightmare because it's basically a binary file.
 Patch353: 00353-architecture-names-upstream-downstream.patch
 
-# 00378 #
-# Support expat 2.4.5
-#
-# Curly brackets were never allowed in namespace URIs
-# according to RFC 3986, and so-called namespace-validating
-# XML parsers have the right to reject them a invalid URIs.
-#
-# libexpat >=2.4.5 has become strcter in that regard due to
-# related security issues; with ET.XML instantiating a
-# namespace-aware parser under the hood, this test has no
-# future in CPython.
-#
-# References:
-# - https://datatracker.ietf.org/doc/html/rfc3968
-# - https://www.w3.org/TR/xml-names/
-#
-# Also, test_minidom.py: Support Expat >=2.4.5
-#
-# The patch has diverged from upstream as the python test
-# suite was relying on checking the expat version, whereas
-# in RHEL fixes get backported instead of rebasing packages.
-#
-# Upstream: https://bugs.python.org/issue46811
-Patch378: 00378-support-expat-2-4-5.patch
-
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -433,10 +401,10 @@ Patch378: 00378-support-expat-2-4-5.patch
 # Descriptions, and metadata for subpackages
 # ==========================================
 
-# Require alternatives version that implements the --keep-foreign flag
-Requires:         alternatives >= 1.19.1-1
-Requires(post):   alternatives >= 1.19.1-1
-Requires(postun): alternatives >= 1.19.1-1
+# Runtime require alternatives
+Requires:         %{_sbindir}/alternatives
+Requires(post):   %{_sbindir}/alternatives
+Requires(postun): %{_sbindir}/alternatives
 
 # When the user tries to `yum install python`, yum will list this package among
 # the possible alternatives
@@ -552,11 +520,6 @@ Requires: python3 == %{version}-%{release}
 Provides: python = %{version}-%{release}
 # This also save us an explicit conflict for older python3 builds
 
-# Also provide the name of the Ubuntu package with the same function,
-# to be nice to people who temporarily forgot which distro they're on.
-# C.f. https://packages.ubuntu.com/hirsute/all/python-is-python3/filelist
-Provides: python-is-python3 = %{version}-%{release}
-
 %description -n python-unversioned-command
 This package contains /usr/bin/python - the "python" command that runs Python 3.
 
@@ -574,10 +537,6 @@ Provides: bundled(python3dist(pip)) = %{pip_version}
 Provides: bundled(python3dist(setuptools)) = %{setuptools_version}
 %endif
 
-# Provides for the bundled libmpdec
-Provides: bundled(mpdecimal) = %{libmpdec_version}
-Provides: bundled(libmpdec) = %{libmpdec_version}
-
 # There are files in the standard library that have python shebang.
 # We've filtered the automatic requirement out so libs are installable without
 # the main package. This however makes it pulled in by default.
@@ -609,8 +568,6 @@ Requires: %{pkgname}-libs%{?_isa} = %{version}-%{release}
 Requires: (python-rpm-macros if rpm-build)
 Requires: (python3-rpm-macros if rpm-build)
 
-# Require alternatives version that implements the --keep-foreign flag
-Requires(postun): alternatives >= 1.19.1-1
 # python39 installs the alternatives master symlink to which we attach a slave
 Requires(post): %{pkgname}
 Requires(postun): %{pkgname}
@@ -659,8 +616,6 @@ Provides: %{pkgname}-tools = %{version}-%{release}
 Provides: %{pkgname}-tools%{?_isa} = %{version}-%{release}
 Obsoletes: %{pkgname}-tools < %{version}-%{release}
 
-# Require alternatives version that implements the --keep-foreign flag
-Requires(postun): alternatives >= 1.19.1-1
 # python39 installs the alternatives master symlink to which we attach a slave
 Requires(post): %{pkgname}
 Requires(postun): %{pkgname}
@@ -720,8 +675,6 @@ Provides:  platform-python-debug%{?_isa} = %{version}-%{release}
 Obsoletes: platform-python-debug < %{pybasever}
 %endif
 
-# Require alternatives version that implements the --keep-foreign flag
-Requires(postun): alternatives >= 1.19.1-1
 # python39 installs the alternatives master symlink to which we attach a slave
 Requires(post): %{pkgname}
 Requires(postun): %{pkgname}
@@ -767,10 +720,6 @@ Provides: bundled(python3dist(pip)) = %{pip_version}
 Provides: bundled(python3dist(setuptools)) = %{setuptools_version}
 %endif
 
-# Provides for the bundled libmpdec
-Provides: bundled(mpdecimal) = %{libmpdec_version}
-Provides: bundled(libmpdec) = %{libmpdec_version}
-
 # The zoneinfo module needs tzdata
 Requires: tzdata
 
@@ -808,9 +757,6 @@ If you want to build an RPM against the python%{pyshortver} module, you need to
 %prep
 %autosetup -S git_am -N -n Python-%{upstream_version}
 
-# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
-%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
-
 # Apply patches up to 188
 %apply_patch -q %{PATCH1}
 %apply_patch -q %{PATCH111}
@@ -825,7 +771,6 @@ rm Lib/ensurepip/_bundled/*.whl
 %apply_patch -q %{PATCH328}
 %apply_patch -q %{PATCH329}
 %apply_patch -q %{PATCH353}
-%apply_patch -q %{PATCH378}
 
 # Remove all exe files to ensure we are not shipping prebuilt binaries
 # note that those are only used to create Microsoft Windows installers
@@ -1299,11 +1244,6 @@ for Module in %{buildroot}/%{dynload_dir}/*.so ; do
     esac
 done
 
-# Verify that the bundled libmpdec version python was compiled with, is the same version we have virtual
-# provides for in the SPEC.
-test "$(LD_LIBRARY_PATH=$(pwd)/build/optimized $(pwd)/build/optimized/python -c 'import decimal; print(decimal.__libmpdec_version__)')" = \
-     "%{libmpdec_version}"
-
 
 # ======================================================
 # Running the upstream test suite
@@ -1404,15 +1344,15 @@ fi
 %postun
 # Do this only during uninstall process (not during update)
 if [ $1 -eq 0 ]; then
-    alternatives --keep-foreign --remove python \
+    alternatives --remove python \
                         %{_bindir}/python3.9
 
-    alternatives --keep-foreign --remove python3 \
+    alternatives --remove python3 \
                         %{_bindir}/python3.9
 
     # Remove link python → python3 if no other python3.* exists
     if ! alternatives --display python3 > /dev/null; then
-        alternatives --keep-foreign --remove python \
+        alternatives --remove python \
                             %{_bindir}/python3
     fi
 fi
@@ -1427,7 +1367,7 @@ alternatives --add-slave python3 %{_bindir}/python3.9 \
 %postun devel
 # Do this only during uninstall process (not during update)
 if [ $1 -eq 0 ]; then
-    alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.9 \
+    alternatives --remove-slave python3 %{_bindir}/python3.9 \
         python3-config
 fi
 
@@ -1445,9 +1385,9 @@ alternatives --add-slave python3 %{_bindir}/python3.9 \
 %postun debug
 # Do this only during uninstall process (not during update)
 if [ $1 -eq 0 ]; then
-    alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.9 \
+    alternatives --remove-slave python3 %{_bindir}/python3.9 \
         python3-debug
-    alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.9 \
+    alternatives --remove-slave python3 %{_bindir}/python3.9 \
         python3-debug-config
 fi
 
@@ -1461,7 +1401,7 @@ alternatives --add-slave python3 %{_bindir}/python3.9 \
 %postun idle
 # Do this only during uninstall process (not during update)
 if [ $1 -eq 0 ]; then
-    alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.9 \
+    alternatives --remove-slave python3 %{_bindir}/python3.9 \
        idle3
 fi
 
@@ -1570,6 +1510,7 @@ fi
 %{pylibdir}/pydoc_data
 
 %{dynload_dir}/_blake2.%{SOABI_optimized}.so
+%{dynload_dir}/_hmacopenssl.%{SOABI_optimized}.so
 
 %{dynload_dir}/_asyncio.%{SOABI_optimized}.so
 %{dynload_dir}/_bisect.%{SOABI_optimized}.so
@@ -1862,6 +1803,7 @@ fi
 # ...with debug builds of the built-in "extension" modules:
 
 %{dynload_dir}/_blake2.%{SOABI_debug}.so
+%{dynload_dir}/_hmacopenssl.%{SOABI_debug}.so
 
 %{dynload_dir}/_asyncio.%{SOABI_debug}.so
 %{dynload_dir}/_bisect.%{SOABI_debug}.so
@@ -1992,43 +1934,6 @@ fi
 # ======================================================
 
 %changelog
-* Tue Dec 13 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
-- Update to 3.9.16
-- Security fix for CVE-2022-45061
-Resolves: rhbz#2144072
-
-* Mon Nov 07 2022 Lumír Balhar <lbalhar@redhat.com> - 3.9.14-2
-- Fix for CVE-2022-42919
-Resolves: rhbz#2138705
-
-* Mon Sep 12 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.14-1
-- Update to 3.9.14
-- Security fixes for CVE-2020-10735 and CVE-2021-28861
-Resolves: rhbz#1834423, rhbz#2120642
-
-* Tue Jun 14 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.13-1
-- Update to 3.9.13
-- Security fix for CVE-2015-20107
-- Fix the test suite support for Expat >= 2.4.5
-Resolves: rhbz#2075390
-
-* Tue Sep 07 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.9.7-1
-- Update to 3.9.7
-Resolves: rhbz#2003102
-
-* Thu Aug 05 2021 Tomas Orsava <torsava@redhat.com> - 3.9.6-2
-- Adjusted the postun scriptlets to enable upgrading to RHEL 9
-- Resolves: rhbz#1933055
-
-* Tue Jul 27 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.9.6-1
-- Update to 3.9.6
-- Fix CVE-2021-29921: Improper input validation of octal strings in the ipaddress module
-Resolves: rhbz#1957458
-
-* Fri Apr 30 2021 Charalampos Stratakis <cstratak@redhat.com> - 3.9.2-2
-- Security fix for CVE-2021-3426: information disclosure via pydoc
-Resolves: rhbz#1935913
-
 * Wed Mar 03 2021 Lumír Balhar <lbalhar@redhat.com> - 3.9.2-1
 - Update to 3.9.2 to fix CVE-2021-23336
 Resolves: rhbz#1928904