Update to 3.9.19

Security fixes for CVE-2023-6597 and CVE-2024-0450 Resolves: RHEL-33679, RHEL-33691
2024-04-22 23:01:10 +02:00 · 2024-04-22 23:01:10 +02:00 · 9abceef125
commit 9abceef125
parent 9946831cb4
3 changed files with 80 additions and 4 deletions
--- a/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
+++ b/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
@ -0,0 +1,63 @@
 From 60d40d7095983e0bc23a103b2050adc519dc7fe3 Mon Sep 17 00:00:00 2001
 From: Lumir Balhar <lbalhar@redhat.com>
 Date: Fri, 3 May 2024 14:17:48 +0200
 Subject: [PATCH] Expect failures in tests not working properly with expat with
 a fixed CVE in RHEL
 ---
 Lib/test/test_pyexpat.py   | 1 +
 Lib/test/test_sax.py       | 1 +
 Lib/test/test_xml_etree.py | 3 +++
 3 files changed, 5 insertions(+)
 diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py
 index 43cbd27..27b1502 100644
 --- a/Lib/test/test_pyexpat.py
 +++ b/Lib/test/test_pyexpat.py
@@ -793,6 +793,7 @@ class ReparseDeferralTest(unittest.TestCase):
         self.assertEqual(started, ['doc'])
 +    @unittest.expectedFailure
     def test_reparse_deferral_disabled(self):
         started = []
 diff --git a/Lib/test/test_sax.py b/Lib/test/test_sax.py
 index 9b3014a..646c92d 100644
 --- a/Lib/test/test_sax.py
 +++ b/Lib/test/test_sax.py
@@ -1240,6 +1240,7 @@ class ExpatReaderTest(XmlTestBase):
         self.assertEqual(result.getvalue(), start + b"<doc></doc>")
 +    @unittest.expectedFailure
     def test_flush_reparse_deferral_disabled(self):
         result = BytesIO()
         xmlgen = XMLGenerator(result)
 diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
 index 9c382d1..62f2871 100644
 --- a/Lib/test/test_xml_etree.py
 +++ b/Lib/test/test_xml_etree.py
@@ -1424,9 +1424,11 @@ class XMLPullParserTest(unittest.TestCase):
         self.assert_event_tags(parser, [('end', 'root')])
         self.assertIsNone(parser.close())
 +    @unittest.expectedFailure
     def test_simple_xml_chunk_1(self):
         self.test_simple_xml(chunk_size=1, flush=True)
 +    @unittest.expectedFailure
     def test_simple_xml_chunk_5(self):
         self.test_simple_xml(chunk_size=5, flush=True)
@@ -1651,6 +1653,7 @@ class XMLPullParserTest(unittest.TestCase):
         self.assert_event_tags(parser, [('end', 'doc')])
 +    @unittest.expectedFailure
     def test_flush_reparse_deferral_disabled(self):
         parser = ET.XMLPullParser(events=('start', 'end'))
 -- 
 2.44.0
--- a/python3.9.spec
+++ b/python3.9.spec
@ -13,11 +13,11 @@ URL: https://www.python.org/
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.18
+%global general_version %{pybasever}.19
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 3%{?dist}
+Release: 1%{?dist}
 License: Python
@ -429,6 +429,13 @@ Patch414: 00414-skip_test_zlib_s390x.patch
 # config file or environment variable.
 Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch
 # 00422 # a353cebef737c41420dc7ae2469dd657371b8881
 # Fix tests for XMLPullParser with Expat 2.6.0
 #
 # Feeding the parser by too small chunks defers parsing to prevent
 # CVE-2023-52425. Future versions of Expat may be more reactive.
 Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1830,6 +1837,12 @@ CheckPython optimized
 # ======================================================
 %changelog
 * Mon Apr 22 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.9.19-1
 - Update to 3.9.19
 - Security fixes for CVE-2023-6597 and CVE-2024-0450
 - Fix tests for XMLPullParser with Expat with fixed CVE
 Resolves: RHEL-33679, RHEL-33691
 * Wed Jan 24 2024 Lumír Balhar <lbalhar@redhat.com> - 3.9.18-3
 - Fix tests on s390x with hw acceleration
 Resolves: RHEL-13043
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (Python-3.9.18.tar.xz) = aab155aca757d298394eddb91ff9a8f239665bd46feb495c6b6f735bbcb7489c05c858cc4cd08f1575c24f293b33492d763e9a140d92f0b2b0cc81a165a677c7
+SHA512 (Python-3.9.19.tar.xz) = 5577830c734e63a70bbc62cd33d263b9aa87c4381b49cb694c3559067c4c682a55506b65ec5514a8e0a5abf6294dc728e909385d449ae1c388e62f83cea9bb89
-SHA512 (Python-3.9.18.tar.xz.asc) = dff9a86df2b0774b68e7c762bacf05e2482dbb218301acfdc9128fc600bbc51c97a3a44f6b7cee87bd4e153bcb4a0af3c98109560d0c7861b7508edc9ae05ea1
+SHA512 (Python-3.9.19.tar.xz.asc) = f7f4946243dfc56de2c84f50276b088d347f17054f50e3331d1e312e2a8e2c6ed1b4b4a807202b51137fd2af3fc9218cafa42ed348a954ace896d9a432e2defd
`@ -1,2 +1,2 @@`
	`SHA512 (Python-3.9.18.tar.xz) = aab155aca757d298394eddb91ff9a8f239665bd46feb495c6b6f735bbcb7489c05c858cc4cd08f1575c24f293b33492d763e9a140d92f0b2b0cc81a165a677c7`	`SHA512 (Python-3.9.19.tar.xz) = 5577830c734e63a70bbc62cd33d263b9aa87c4381b49cb694c3559067c4c682a55506b65ec5514a8e0a5abf6294dc728e909385d449ae1c388e62f83cea9bb89`
	`SHA512 (Python-3.9.18.tar.xz.asc) = dff9a86df2b0774b68e7c762bacf05e2482dbb218301acfdc9128fc600bbc51c97a3a44f6b7cee87bd4e153bcb4a0af3c98109560d0c7861b7508edc9ae05ea1`	`SHA512 (Python-3.9.19.tar.xz.asc) = f7f4946243dfc56de2c84f50276b088d347f17054f50e3331d1e312e2a8e2c6ed1b4b4a807202b51137fd2af3fc9218cafa42ed348a954ace896d9a432e2defd`