Update to 3.9.21

Security fix for CVE-2024-11168 and CVE-2024-9287

Resolves: RHEL-64889
Resolves: RHEL-69942

00414-skip_test_zlib_s390x.patch

@@ -1,88 +0,0 @@
-From f253f1e7e8283b876d40af385d5729646f2c18b6 Mon Sep 17 00:00:00 2001
-From: Victor Stinner <vstinner@python.org>
-Date: Wed, 24 Jan 2024 18:14:14 +0100
-Subject: [PATCH] bpo-46623: Skip two test_zlib tests on s390x (GH-31096)
-
-Skip test_pair() and test_speech128() of test_zlib on s390x since
-they fail if zlib uses the s390x hardware accelerator.
----
- Lib/test/test_zlib.py                         | 32 +++++++++++++++++++
- .../2022-02-03-09-45-26.bpo-46623.vxzuhV.rst  |  2 ++
- 2 files changed, 34 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Tests/2022-02-03-09-45-26.bpo-46623.vxzuhV.rst
-
-diff --git a/Lib/test/test_zlib.py b/Lib/test/test_zlib.py
-index aa7943f..8945b10 100644
---- a/Lib/test/test_zlib.py
-+++ b/Lib/test/test_zlib.py
-@@ -2,6 +2,7 @@ import unittest
- from test import support
- import binascii
- import copy
-+import os
- import pickle
- import random
- import sys
-@@ -16,6 +17,35 @@ requires_Decompress_copy = unittest.skipUnless(
-         hasattr(zlib.decompressobj(), "copy"),
-         'requires Decompress.copy()')
- 
-+# bpo-46623: On s390x, when a hardware accelerator is used, using different
-+# ways to compress data with zlib can produce different compressed data.
-+# Simplified test_pair() code:
-+#
-+#   def func1(data):
-+#       return zlib.compress(data)
-+#
-+#   def func2(data)
-+#       co = zlib.compressobj()
-+#       x1 = co.compress(data)
-+#       x2 = co.flush()
-+#       return x1 + x2
-+#
-+# On s390x if zlib uses a hardware accelerator, func1() creates a single
-+# "final" compressed block whereas func2() produces 3 compressed blocks (the
-+# last one is a final block). On other platforms with no accelerator, func1()
-+# and func2() produce the same compressed data made of a single (final)
-+# compressed block.
-+#
-+# Only the compressed data is different, the decompression returns the original
-+# data:
-+#
-+#   zlib.decompress(func1(data)) == zlib.decompress(func2(data)) == data
-+#
-+# Make the assumption that s390x always has an accelerator to simplify the skip
-+# condition. Windows doesn't have os.uname() but it doesn't support s390x.
-+skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x',
-+                                 'skipped on s390x')
-+
- def _zlib_runtime_version_tuple(zlib_version=zlib.ZLIB_RUNTIME_VERSION):
-     # Register "1.2.3" as "1.2.3.0"
-     # or "1.2.0-linux","1.2.0.f","1.2.0.f-linux"
-@@ -187,6 +217,7 @@ class CompressTestCase(BaseCompressTestCase, unittest.TestCase):
-                                          bufsize=zlib.DEF_BUF_SIZE),
-                          HAMLET_SCENE)
- 
-+    @skip_on_s390x
-     def test_speech128(self):
-         # compress more data
-         data = HAMLET_SCENE * 128
-@@ -238,6 +269,7 @@ class CompressTestCase(BaseCompressTestCase, unittest.TestCase):
- 
- class CompressObjectTestCase(BaseCompressTestCase, unittest.TestCase):
-     # Test compression object
-+    @skip_on_s390x
-     def test_pair(self):
-         # straightforward compress/decompress objects
-         datasrc = HAMLET_SCENE * 128
-diff --git a/Misc/NEWS.d/next/Tests/2022-02-03-09-45-26.bpo-46623.vxzuhV.rst b/Misc/NEWS.d/next/Tests/2022-02-03-09-45-26.bpo-46623.vxzuhV.rst
-new file mode 100644
-index 0000000..be085c0
---- /dev/null
-+++ b/Misc/NEWS.d/next/Tests/2022-02-03-09-45-26.bpo-46623.vxzuhV.rst
-@@ -0,0 +1,2 @@
-+Skip test_pair() and test_speech128() of test_zlib on s390x since they fail
-+if zlib uses the s390x hardware accelerator. Patch by Victor Stinner.
--- 
-2.46.0
-

python3.9.spec

@@ -13,7 +13,7 @@ URL: https://www.python.org/
 
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.20
+%global general_version %{pybasever}.21
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
@@ -416,12 +416,6 @@ Patch353: 00353-architecture-names-upstream-downstream.patch
 # - https://access.redhat.com/articles/7004769
 Patch397: 00397-tarfile-filter.patch
 
-# 00414 #
-#
-# Skip test_pair() and test_speech128() of test_zlib on s390x since
-# they fail if zlib uses the s390x hardware accelerator.
-Patch414: 00414-skip_test_zlib_s390x.patch
-
 # 00415 #
 # [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (#111116)
 #
@@ -1847,6 +1841,12 @@ CheckPython optimized
 # ======================================================
 
 %changelog
+* Wed Dec 04 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.9.21-1
+- Update to 3.9.21
+- Security fix for CVE-2024-11168 and CVE-2024-9287
+Resolves: RHEL-64889
+Resolves: RHEL-69942
+
 * Mon Sep 09 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.9.20-1
 - Update to 3.9.20
 Resolves: RHEL-57422

sources

@@ -1,2 +1,2 @@
-SHA512 (Python-3.9.20.tar.xz) = c828f33edf1704e3149499d6d34e89264cb5cdb2b09ff05561641b359716d7996f0fe928629e09f006b1fd7850fdaf937275919c7fdd83f5efc32707c64d814b
-SHA512 (Python-3.9.20.tar.xz.asc) = f21c012f4f642542479ba329da9654589e5a7f7305c39fb1b6f136b578316bdb115cef9773c9a9fe4e195677af01cb80af05780613cca83f42fae131862a9584
+SHA512 (Python-3.9.21.tar.xz) = cc84c967cd7a05361ec144d87ca044bd416032ee92dfb78658758d4e1274971f5fb288876d9c599a729bb21258974a786089341bce6bdcffd9c30ebd69b7ca58
+SHA512 (Python-3.9.21.tar.xz.asc) = 1e5e5a5db8074a7ee5eb51e6c789d6e46467165d72d2d636d1fc0d3e15d4355051f9f7ad3063ba43b37b611095765c9d654ed890067c201c087da1eecb620ef9