From 0e0fe4ff87c90aa88ad57b5456a7229c0051c0df Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@redhat.com>
Date: Tue, 18 Dec 2018 15:41:35 +0100
Subject: [PATCH] Remove patches fixed upstream

Remove patches:

* 00291-setup-Link-ctypes-against-dl-explicitly.patch
  Fixed upstream: https://bugs.python.org/issue32647
* 00292-restore-PyExc_RecursionErrorInst-symbol.patch
  Fixed upstream: https://bugs.python.org/issue30697
* 00294-define-TLS-cipher-suite-on-build-time.patch
  Fixed upstream: https://bugs.python.org/issue31429
* 00301-pathfix-add-n-option-for-no-backup.patch
  Fixed upstream: https://bugs.python.org/issue32885
* 00302-fix-multiprocessing-regression-on-newer-glibcs.patch
  Fixed upstream: https://bugs.python.org/issue33329

Note: the ctypes issue has been fixed differently (better fix)
upstream.
---
 ...up-Link-ctypes-against-dl-explicitly.patch |  25 --
 ...tore-PyExc_RecursionErrorInst-symbol.patch | 106 --------
 ...efine-TLS-cipher-suite-on-build-time.patch | 228 ------------------
 ...1-pathfix-add-n-option-for-no-backup.patch | 104 --------
 ...rocessing-regression-on-newer-glibcs.patch |  55 -----
 python3.spec                                  |   7 -
 6 files changed, 525 deletions(-)
 delete mode 100644 00291-setup-Link-ctypes-against-dl-explicitly.patch
 delete mode 100644 00292-restore-PyExc_RecursionErrorInst-symbol.patch
 delete mode 100644 00294-define-TLS-cipher-suite-on-build-time.patch
 delete mode 100644 00301-pathfix-add-n-option-for-no-backup.patch
 delete mode 100644 00302-fix-multiprocessing-regression-on-newer-glibcs.patch

diff --git a/00291-setup-Link-ctypes-against-dl-explicitly.patch b/00291-setup-Link-ctypes-against-dl-explicitly.patch
deleted file mode 100644
index 4bf4801..0000000
--- a/00291-setup-Link-ctypes-against-dl-explicitly.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From aae2ef0bace0e38f4ee5aaa4642aa32450a84216 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
-Date: Tue, 23 Jan 2018 14:43:43 +0100
-Subject: [PATCH] setup: Link ctypes against dl explicitly
-
----
- setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index c23628a2a9..9e40bb53e6 100644
---- a/setup.py
-+++ b/setup.py
-@@ -1935,7 +1935,7 @@ class PyBuildExt(build_ext):
-         self.use_system_libffi = False
-         include_dirs = []
-         extra_compile_args = []
--        extra_link_args = []
-+        extra_link_args = ['-ldl']
-         sources = ['_ctypes/_ctypes.c',
-                    '_ctypes/callbacks.c',
-                    '_ctypes/callproc.c',
--- 
-2.16.1
-
diff --git a/00292-restore-PyExc_RecursionErrorInst-symbol.patch b/00292-restore-PyExc_RecursionErrorInst-symbol.patch
deleted file mode 100644
index 89671f8..0000000
--- a/00292-restore-PyExc_RecursionErrorInst-symbol.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-diff --git a/Doc/whatsnew/3.6.rst b/Doc/whatsnew/3.6.rst
-index 847b50140a6..570dc3ed6fe 100644
---- a/Doc/whatsnew/3.6.rst
-+++ b/Doc/whatsnew/3.6.rst
-@@ -1852,10 +1852,10 @@ Build and C API Changes
- * The :c:func:`PyUnicode_FSConverter` and :c:func:`PyUnicode_FSDecoder`
-   functions will now accept :term:`path-like objects <path-like object>`.
- 
--* The ``PyExc_RecursionErrorInst`` singleton that was part of the public API
--  has been removed as its members being never cleared may cause a segfault
--  during finalization of the interpreter. Contributed by Xavier de Gaye in
--  :issue:`22898` and :issue:`30697`.
-+* The ``PyExc_RecursionErrorInst`` singleton is not used anymore as its members
-+  being never cleared may cause a segfault during finalization of the
-+  interpreter. Contributed by Xavier de Gaye in :issue:`22898` and
-+  :issue:`30697`.
- 
- 
- Other Improvements
-diff --git a/Include/pyerrors.h b/Include/pyerrors.h
-index c28c1373f82..8c1dbc5047b 100644
---- a/Include/pyerrors.h
-+++ b/Include/pyerrors.h
-@@ -219,6 +219,8 @@ PyAPI_DATA(PyObject *) PyExc_IOError;
- PyAPI_DATA(PyObject *) PyExc_WindowsError;
- #endif
- 
-+PyAPI_DATA(PyObject *) PyExc_RecursionErrorInst;
-+
- /* Predefined warning categories */
- PyAPI_DATA(PyObject *) PyExc_Warning;
- PyAPI_DATA(PyObject *) PyExc_UserWarning;
-diff --git a/Misc/NEWS.d/next/C API/2017-12-20-15-23-06.bpo-30697.v9FmgG.rst b/Misc/NEWS.d/next/C API/2017-12-20-15-23-06.bpo-30697.v9FmgG.rst
-new file mode 100644
-index 00000000000..28f74ad4f30
---- /dev/null
-+++ b/Misc/NEWS.d/next/C API/2017-12-20-15-23-06.bpo-30697.v9FmgG.rst	
-@@ -0,0 +1 @@
-+Restore PyExc_RecursionErrorInst in 3.6
-diff --git a/Objects/exceptions.c b/Objects/exceptions.c
-index df4899372a5..271e293e325 100644
---- a/Objects/exceptions.c
-+++ b/Objects/exceptions.c
-@@ -2430,6 +2430,12 @@ SimpleExtendsException(PyExc_Warning, ResourceWarning,
- 
- 
- 
-+/* Pre-computed RecursionError instance for when recursion depth is reached.
-+   Meant to be used when normalizing the exception for exceeding the recursion
-+   depth will cause its own infinite recursion.
-+*/
-+PyObject *PyExc_RecursionErrorInst = NULL;
-+
- #define PRE_INIT(TYPE) \
-     if (!(_PyExc_ ## TYPE.tp_flags & Py_TPFLAGS_READY)) { \
-         if (PyType_Ready(&_PyExc_ ## TYPE) < 0) \
-@@ -2691,11 +2697,37 @@ _PyExc_Init(PyObject *bltinmod)
-     ADD_ERRNO(TimeoutError, ETIMEDOUT);
- 
-     preallocate_memerrors();
-+
-+    if (!PyExc_RecursionErrorInst) {
-+        PyExc_RecursionErrorInst = BaseException_new(&_PyExc_RecursionError, NULL, NULL);
-+        if (!PyExc_RecursionErrorInst)
-+            Py_FatalError("Cannot pre-allocate RecursionError instance for "
-+                            "recursion errors");
-+        else {
-+            PyBaseExceptionObject *err_inst =
-+                (PyBaseExceptionObject *)PyExc_RecursionErrorInst;
-+            PyObject *args_tuple;
-+            PyObject *exc_message;
-+            exc_message = PyUnicode_FromString("maximum recursion depth exceeded");
-+            if (!exc_message)
-+                Py_FatalError("cannot allocate argument for RecursionError "
-+                                "pre-allocation");
-+            args_tuple = PyTuple_Pack(1, exc_message);
-+            if (!args_tuple)
-+                Py_FatalError("cannot allocate tuple for RecursionError "
-+                                "pre-allocation");
-+            Py_DECREF(exc_message);
-+            if (BaseException_init(err_inst, args_tuple, NULL))
-+                Py_FatalError("init of pre-allocated RecursionError failed");
-+            Py_DECREF(args_tuple);
-+        }
-+    }
- }
- 
- void
- _PyExc_Fini(void)
- {
-+    Py_CLEAR(PyExc_RecursionErrorInst);
-     free_preallocated_memerrors();
-     Py_CLEAR(errnomap);
- }
-diff --git a/PC/python3.def b/PC/python3.def
-index 4fc4a6814ee..ff70718fc37 100644
---- a/PC/python3.def
-+++ b/PC/python3.def
-@@ -224,6 +224,7 @@ EXPORTS
-   PyExc_PermissionError=python36.PyExc_PermissionError DATA
-   PyExc_ProcessLookupError=python36.PyExc_ProcessLookupError DATA
-   PyExc_RecursionError=python36.PyExc_RecursionError DATA
-+  PyExc_RecursionErrorInst=python36.PyExc_RecursionErrorInst DATA
-   PyExc_ReferenceError=python36.PyExc_ReferenceError DATA
-   PyExc_ResourceWarning=python36.PyExc_ResourceWarning DATA
-   PyExc_RuntimeError=python36.PyExc_RuntimeError DATA
diff --git a/00294-define-TLS-cipher-suite-on-build-time.patch b/00294-define-TLS-cipher-suite-on-build-time.patch
deleted file mode 100644
index 1aa348c..0000000
--- a/00294-define-TLS-cipher-suite-on-build-time.patch
+++ /dev/null
@@ -1,228 +0,0 @@
-diff --git a/Lib/ssl.py b/Lib/ssl.py
-index 1f3a31a..b54a684 100644
---- a/Lib/ssl.py
-+++ b/Lib/ssl.py
-@@ -116,6 +116,7 @@ except ImportError:
- 
- 
- from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN, HAS_ALPN, HAS_TLSv1_3
-+from _ssl import _DEFAULT_CIPHERS
- from _ssl import _OPENSSL_API_VERSION
- 
- 
-@@ -174,48 +175,7 @@ else:
-     CHANNEL_BINDING_TYPES = []
- 
- 
--# Disable weak or insecure ciphers by default
--# (OpenSSL's default setting is 'DEFAULT:!aNULL:!eNULL')
--# Enable a better set of ciphers by default
--# This list has been explicitly chosen to:
--#   * TLS 1.3 ChaCha20 and AES-GCM cipher suites
--#   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
--#   * Prefer ECDHE over DHE for better performance
--#   * Prefer AEAD over CBC for better performance and security
--#   * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
--#     (ChaCha20 needs OpenSSL 1.1.0 or patched 1.0.2)
--#   * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
--#     performance and security
--#   * Then Use HIGH cipher suites as a fallback
--#   * Disable NULL authentication, NULL encryption, 3DES and MD5 MACs
--#     for security reasons
--_DEFAULT_CIPHERS = (
--    'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:'
--    'TLS13-AES-128-GCM-SHA256:'
--    'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
--    'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
--    '!aNULL:!eNULL:!MD5:!3DES'
--    )
--
--# Restricted and more secure ciphers for the server side
--# This list has been explicitly chosen to:
--#   * TLS 1.3 ChaCha20 and AES-GCM cipher suites
--#   * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE)
--#   * Prefer ECDHE over DHE for better performance
--#   * Prefer AEAD over CBC for better performance and security
--#   * Prefer AES-GCM over ChaCha20 because most platforms have AES-NI
--#   * Prefer any AES-GCM and ChaCha20 over any AES-CBC for better
--#     performance and security
--#   * Then Use HIGH cipher suites as a fallback
--#   * Disable NULL authentication, NULL encryption, MD5 MACs, DSS, RC4, and
--#     3DES for security reasons
--_RESTRICTED_SERVER_CIPHERS = (
--    'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:'
--    'TLS13-AES-128-GCM-SHA256:'
--    'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:'
--    'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:'
--    '!aNULL:!eNULL:!MD5:!DSS:!RC4:!3DES'
--)
-+_RESTRICTED_SERVER_CIPHERS = _DEFAULT_CIPHERS
- 
- 
- class CertificateError(ValueError):
-@@ -389,8 +349,6 @@ class SSLContext(_SSLContext):
- 
-     def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs):
-         self = _SSLContext.__new__(cls, protocol)
--        if protocol != _SSLv2_IF_EXISTS:
--            self.set_ciphers(_DEFAULT_CIPHERS)
-         return self
- 
-     def __init__(self, protocol=PROTOCOL_TLS):
-@@ -505,8 +463,6 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
-         # verify certs and host name in client mode
-         context.verify_mode = CERT_REQUIRED
-         context.check_hostname = True
--    elif purpose == Purpose.CLIENT_AUTH:
--        context.set_ciphers(_RESTRICTED_SERVER_CIPHERS)
- 
-     if cafile or capath or cadata:
-         context.load_verify_locations(cafile, capath, cadata)
-diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
-index 54644e1..799100c 100644
---- a/Lib/test/test_ssl.py
-+++ b/Lib/test/test_ssl.py
-@@ -18,6 +18,7 @@ import asyncore
- import weakref
- import platform
- import functools
-+import sysconfig
- try:
-     import ctypes
- except ImportError:
-@@ -36,7 +37,7 @@ PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
- HOST = support.HOST
- IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
- IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
--
-+PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS')
- 
- def data_file(*name):
-     return os.path.join(os.path.dirname(__file__), *name)
-@@ -889,6 +890,19 @@ class ContextTests(unittest.TestCase):
-         with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
-             ctx.set_ciphers("^$:,;?*'dorothyx")
- 
-+    @unittest.skipUnless(PY_SSL_DEFAULT_CIPHERS == 1,
-+                         "Test applies only to Python default ciphers")
-+    def test_python_ciphers(self):
-+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-+        ciphers = ctx.get_ciphers()
-+        for suite in ciphers:
-+            name = suite['name']
-+            self.assertNotIn("PSK", name)
-+            self.assertNotIn("SRP", name)
-+            self.assertNotIn("MD5", name)
-+            self.assertNotIn("RC4", name)
-+            self.assertNotIn("3DES", name)
-+
-     @unittest.skipIf(ssl.OPENSSL_VERSION_INFO < (1, 0, 2, 0, 0), 'OpenSSL too old')
-     def test_get_ciphers(self):
-         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
-diff --git a/Modules/_ssl.c b/Modules/_ssl.c
-index df8c6a7..e23a569 100644
---- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -206,6 +206,31 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
- 
- #endif /* OpenSSL < 1.1.0 or LibreSSL */
- 
-+/* Default cipher suites */
-+#ifndef PY_SSL_DEFAULT_CIPHERS
-+#define PY_SSL_DEFAULT_CIPHERS 1
-+#endif
-+
-+#if PY_SSL_DEFAULT_CIPHERS == 0
-+  #ifndef PY_SSL_DEFAULT_CIPHER_STRING
-+     #error "Py_SSL_DEFAULT_CIPHERS 0 needs Py_SSL_DEFAULT_CIPHER_STRING"
-+  #endif
-+#elif PY_SSL_DEFAULT_CIPHERS == 1
-+/* Python custom selection of sensible ciper suites
-+ * DEFAULT: OpenSSL's default cipher list. Since 1.0.2 the list is in sensible order.
-+ * !aNULL:!eNULL: really no NULL ciphers
-+ * !MD5:!3DES:!DES:!RC4:!IDEA:!SEED: no weak or broken algorithms on old OpenSSL versions.
-+ * !aDSS: no authentication with discrete logarithm DSA algorithm
-+ * !SRP:!PSK: no secure remote password or pre-shared key authentication
-+ */
-+  #define PY_SSL_DEFAULT_CIPHER_STRING "DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK"
-+#elif PY_SSL_DEFAULT_CIPHERS == 2
-+/* Ignored in SSLContext constructor, only used to as _ssl.DEFAULT_CIPHER_STRING */
-+  #define PY_SSL_DEFAULT_CIPHER_STRING SSL_DEFAULT_CIPHER_LIST
-+#else
-+  #error "Unsupported PY_SSL_DEFAULT_CIPHERS"
-+#endif
-+
- 
- enum py_ssl_error {
-     /* these mirror ssl.h */
-@@ -2739,7 +2764,12 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
-     /* A bare minimum cipher list without completely broken cipher suites.
-      * It's far from perfect but gives users a better head start. */
-     if (proto_version != PY_SSL_VERSION_SSL2) {
--        result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL:!MD5");
-+#if PY_SSL_DEFAULT_CIPHERS == 2
-+        /* stick to OpenSSL's default settings */
-+        result = 1;
-+#else
-+        result = SSL_CTX_set_cipher_list(ctx, PY_SSL_DEFAULT_CIPHER_STRING);
-+#endif
-     } else {
-         /* SSLv2 needs MD5 */
-         result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
-@@ -5279,6 +5309,9 @@ PyInit__ssl(void)
-                              (PyObject *)&PySSLSession_Type) != 0)
-         return NULL;
- 
-+    PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS",
-+                               PY_SSL_DEFAULT_CIPHER_STRING);
-+
-     PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
-                             PY_SSL_ERROR_ZERO_RETURN);
-     PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
-diff --git a/configure.ac b/configure.ac
-index 7ea62f8..4b42393 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -5555,6 +5555,42 @@ if test "$have_getrandom" = yes; then
-               [Define to 1 if the getrandom() function is available])
- fi
- 
-+# ssl module default cipher suite string
-+AH_TEMPLATE(PY_SSL_DEFAULT_CIPHERS,
-+  [Default cipher suites list for ssl module.
-+   1: Python's preferred selection, 2: leave OpenSSL defaults untouched, 0: custom string])
-+AH_TEMPLATE(PY_SSL_DEFAULT_CIPHER_STRING,
-+  [Cipher suite string for PY_SSL_DEFAULT_CIPHERS=0]
-+)
-+AC_MSG_CHECKING(for --with-ssl-default-suites)
-+AC_ARG_WITH(ssl-default-suites,
-+            AS_HELP_STRING([--with-ssl-default-suites=@<:@python|openssl|STRING@:>@],
-+                           [Override default cipher suites string,
-+                            python: use Python's preferred selection (default),
-+                            openssl: leave OpenSSL's defaults untouched,
-+                            STRING: use a custom string,
-+                            PROTOCOL_SSLv2 ignores the setting]),
-+[
-+AC_MSG_RESULT($withval)
-+case "$withval" in
-+    python)
-+        AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 1)
-+        ;;
-+    openssl)
-+        AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 2)
-+        ;;
-+    *)
-+        AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 0)
-+        AC_DEFINE_UNQUOTED(PY_SSL_DEFAULT_CIPHER_STRING, "$withval")
-+        ;;
-+esac
-+],
-+[
-+AC_MSG_RESULT(python)
-+AC_DEFINE(PY_SSL_DEFAULT_CIPHERS, 1)
-+])
-+
-+
- # generate output files
- AC_CONFIG_FILES(Makefile.pre Modules/Setup.config Misc/python.pc Misc/python-config.sh)
- AC_CONFIG_FILES([Modules/ld_so_aix], [chmod +x Modules/ld_so_aix])
diff --git a/00301-pathfix-add-n-option-for-no-backup.patch b/00301-pathfix-add-n-option-for-no-backup.patch
deleted file mode 100644
index 350fe97..0000000
--- a/00301-pathfix-add-n-option-for-no-backup.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 5affd5c29eb1493cb31ef3cfdde15538ac134689 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
-Date: Tue, 13 Mar 2018 10:56:43 +0100
-Subject: [PATCH] bpo-32885: Tools/scripts/pathfix.py: Add -n option for no
- backup~ (#5772)
-
-Creating backup files with ~ suffix can be undesirable in some environment,
-such as when building RPM packages. Instead of requiring the user to remove
-those files manually, option -n was added, that simply disables this feature.
-
--n was selected because 2to3 has the same option with this behavior.
----
- Misc/ACKS                                          |  1 +
- .../2018-02-20-12-16-47.bpo-32885.dL5x7C.rst       |  2 ++
- Tools/scripts/pathfix.py                           | 28 +++++++++++++++-------
- 3 files changed, 23 insertions(+), 8 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst
-
-diff --git a/Misc/ACKS b/Misc/ACKS
-index d8179c8b03ab..d752d8a35434 100644
---- a/Misc/ACKS
-+++ b/Misc/ACKS
-@@ -687,6 +687,7 @@ Ken Howard
- Brad Howes
- Mike Hoy
- Ben Hoyt
-+Miro HronĨok
- Chiu-Hsiang Hsu
- Chih-Hao Huang
- Christian Hudon
-diff --git a/Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst b/Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst
-new file mode 100644
-index 000000000000..e003e1d84fd0
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tools-Demos/2018-02-20-12-16-47.bpo-32885.dL5x7C.rst
-@@ -0,0 +1,2 @@
-+Add an ``-n`` flag for ``Tools/scripts/pathfix.py`` to disbale automatic
-+backup creation (files with ``~`` suffix).
-diff --git a/Tools/scripts/pathfix.py b/Tools/scripts/pathfix.py
-index 562bbc737812..c5bf984306a3 100755
---- a/Tools/scripts/pathfix.py
-+++ b/Tools/scripts/pathfix.py
-@@ -7,8 +7,9 @@
- # Directories are searched recursively for files whose name looks
- # like a python module.
- # Symbolic links are always ignored (except as explicit directory
--# arguments).  Of course, the original file is kept as a back-up
--# (with a "~" attached to its name).
-+# arguments).
-+# The original file is kept as a back-up (with a "~" attached to its name),
-+# -n flag can be used to disable this.
- #
- # Undoubtedly you can do this using find and sed or perl, but this is
- # a nice example of Python code that recurses down a directory tree
-@@ -31,14 +32,17 @@
- 
- new_interpreter = None
- preserve_timestamps = False
-+create_backup = True
-+
- 
- def main():
-     global new_interpreter
-     global preserve_timestamps
--    usage = ('usage: %s -i /interpreter -p file-or-directory ...\n' %
-+    global create_backup
-+    usage = ('usage: %s -i /interpreter -p -n file-or-directory ...\n' %
-              sys.argv[0])
-     try:
--        opts, args = getopt.getopt(sys.argv[1:], 'i:p')
-+        opts, args = getopt.getopt(sys.argv[1:], 'i:pn')
-     except getopt.error as msg:
-         err(str(msg) + '\n')
-         err(usage)
-@@ -48,6 +52,8 @@ def main():
-             new_interpreter = a.encode()
-         if o == '-p':
-             preserve_timestamps = True
-+        if o == '-n':
-+            create_backup = False
-     if not new_interpreter or not new_interpreter.startswith(b'/') or \
-            not args:
-         err('-i option or file-or-directory missing\n')
-@@ -134,10 +140,16 @@ def fix(filename):
-     except OSError as msg:
-         err('%s: warning: chmod failed (%r)\n' % (tempname, msg))
-     # Then make a backup of the original file as filename~
--    try:
--        os.rename(filename, filename + '~')
--    except OSError as msg:
--        err('%s: warning: backup failed (%r)\n' % (filename, msg))
-+    if create_backup:
-+        try:
-+            os.rename(filename, filename + '~')
-+        except OSError as msg:
-+            err('%s: warning: backup failed (%r)\n' % (filename, msg))
-+    else:
-+        try:
-+            os.remove(filename)
-+        except OSError as msg:
-+            err('%s: warning: removing failed (%r)\n' % (filename, msg))
-     # Now move the temp file to the original file
-     try:
-         os.rename(tempname, filename)
diff --git a/00302-fix-multiprocessing-regression-on-newer-glibcs.patch b/00302-fix-multiprocessing-regression-on-newer-glibcs.patch
deleted file mode 100644
index 965792a..0000000
--- a/00302-fix-multiprocessing-regression-on-newer-glibcs.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From a3febe3cba14b89885f42ca2f0224096a52885f6 Mon Sep 17 00:00:00 2001
-From: Antoine Pitrou <antoine@python.org>
-Date: Mon, 23 Apr 2018 13:19:42 +0200
-Subject: [PATCH] bpo-33329: Fix multiprocessing regression on newer glibcs
-
-Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some
-reserved signal numbers between 1 and NSIG.  The `range(1, NSIG)` idiom
-is commonly used to select all signals for blocking with `pthread_sigmask`.
-So we ignore the sigaddset() return value until we expose sigfillset()
-to provide a better idiom.
----
- .../next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst  |  1 +
- Modules/signalmodule.c                                     | 14 ++++++++------
- 2 files changed, 9 insertions(+), 6 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst
-
-diff --git a/Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst b/Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst
-new file mode 100644
-index 000000000000..d1a4e56d04b9
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2018-04-23-13-21-39.bpo-33329.lQ-Eod.rst
-@@ -0,0 +1 @@
-+Fix multiprocessing regression on newer glibcs
-diff --git a/Modules/signalmodule.c b/Modules/signalmodule.c
-index 791616014384..35fd87e2d1e7 100644
---- a/Modules/signalmodule.c
-+++ b/Modules/signalmodule.c
-@@ -819,7 +819,6 @@ iterable_to_sigset(PyObject *iterable, sigset_t *mask)
-     int result = -1;
-     PyObject *iterator, *item;
-     long signum;
--    int err;
- 
-     sigemptyset(mask);
- 
-@@ -841,11 +840,14 @@ iterable_to_sigset(PyObject *iterable, sigset_t *mask)
-         Py_DECREF(item);
-         if (signum == -1 && PyErr_Occurred())
-             goto error;
--        if (0 < signum && signum < NSIG)
--            err = sigaddset(mask, (int)signum);
--        else
--            err = 1;
--        if (err) {
-+        if (0 < signum && signum < NSIG) {
-+            /* bpo-33329: ignore sigaddset() return value as it can fail
-+             * for some reserved signals, but we want the `range(1, NSIG)`
-+             * idiom to allow selecting all valid signals.
-+             */
-+            (void) sigaddset(mask, (int)signum);
-+        }
-+        else {
-             PyErr_Format(PyExc_ValueError,
-                          "signal number %ld out of range", signum);
-             goto error;
diff --git a/python3.spec b/python3.spec
index 7472a57..6ba9805 100644
--- a/python3.spec
+++ b/python3.spec
@@ -300,12 +300,6 @@ Patch251: 00251-change-user-install-location.patch
 # Upstream uses Debian-style architecture naming. Change to match Fedora.
 Patch274: 00274-fix-arch-names.patch
 
-# 00291 #
-# Build fails with undefined references to dlopen / dlsym otherwise.
-# See: https://bugzilla.redhat.com/show_bug.cgi?id=1537489
-# and: https://src.fedoraproject.org/rpms/redhat-rpm-config/c/078af19
-Patch291: 00291-setup-Link-ctypes-against-dl-explicitly.patch
-
 # 00312 #
 # Revert "bpo-6721: Hold logging locks across fork() 3b699932e5ac3e7
 # This is a TEMPORARY WORKAROUND for an urgent Fedora bug
@@ -659,7 +653,6 @@ rm Lib/ensurepip/_bundled/*.whl
 %patch205 -p1
 %patch251 -p1
 %patch274 -p1
-%patch291 -p1
 %patch312 -p1
 %patch313 -p1
 %patch315 -p1