From 615e5a80f2f4da459d00a9550d985164fa6bf868 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 29 May 2024 19:10:58 +0000
Subject: [PATCH] import UBI python39-3.9.19-1.module+el8.10.0+21815+bb024982

---
 .gitignore                                    |  2 +-
 .python39.metadata                            |  2 +-
 ...s-for-xmlpullparser-with-expat-2-6-0.patch | 63 +++++++++++++++++++
 SOURCES/Python-3.9.18.tar.xz.asc              | 16 -----
 SOURCES/Python-3.9.19.tar.xz.asc              | 16 +++++
 SPECS/python39.spec                           | 18 +++++-
 6 files changed, 97 insertions(+), 20 deletions(-)
 create mode 100644 SOURCES/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
 delete mode 100644 SOURCES/Python-3.9.18.tar.xz.asc
 create mode 100644 SOURCES/Python-3.9.19.tar.xz.asc

diff --git a/.gitignore b/.gitignore
index 4298d55..aced865 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/Python-3.9.18.tar.xz
+SOURCES/Python-3.9.19.tar.xz
diff --git a/.python39.metadata b/.python39.metadata
index b810bf3..4e88085 100644
--- a/.python39.metadata
+++ b/.python39.metadata
@@ -1 +1 @@
-abe4a20dcc11798495b17611ef9f8f33d6975722 SOURCES/Python-3.9.18.tar.xz
+57d08ec0b329a78923b486abae906d4fa12fadb7 SOURCES/Python-3.9.19.tar.xz
diff --git a/SOURCES/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch b/SOURCES/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
new file mode 100644
index 0000000..59637d8
--- /dev/null
+++ b/SOURCES/00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
@@ -0,0 +1,63 @@
+From 60d40d7095983e0bc23a103b2050adc519dc7fe3 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 3 May 2024 14:17:48 +0200
+Subject: [PATCH] Expect failures in tests not working properly with expat with
+ a fixed CVE in RHEL
+
+---
+ Lib/test/test_pyexpat.py   | 1 +
+ Lib/test/test_sax.py       | 1 +
+ Lib/test/test_xml_etree.py | 3 +++
+ 3 files changed, 5 insertions(+)
+
+diff --git a/Lib/test/test_pyexpat.py b/Lib/test/test_pyexpat.py
+index 43cbd27..27b1502 100644
+--- a/Lib/test/test_pyexpat.py
++++ b/Lib/test/test_pyexpat.py
+@@ -793,6 +793,7 @@ class ReparseDeferralTest(unittest.TestCase):
+ 
+         self.assertEqual(started, ['doc'])
+ 
++    @unittest.expectedFailure
+     def test_reparse_deferral_disabled(self):
+         started = []
+ 
+diff --git a/Lib/test/test_sax.py b/Lib/test/test_sax.py
+index 9b3014a..646c92d 100644
+--- a/Lib/test/test_sax.py
++++ b/Lib/test/test_sax.py
+@@ -1240,6 +1240,7 @@ class ExpatReaderTest(XmlTestBase):
+ 
+         self.assertEqual(result.getvalue(), start + b"<doc></doc>")
+ 
++    @unittest.expectedFailure
+     def test_flush_reparse_deferral_disabled(self):
+         result = BytesIO()
+         xmlgen = XMLGenerator(result)
+diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
+index 9c382d1..62f2871 100644
+--- a/Lib/test/test_xml_etree.py
++++ b/Lib/test/test_xml_etree.py
+@@ -1424,9 +1424,11 @@ class XMLPullParserTest(unittest.TestCase):
+         self.assert_event_tags(parser, [('end', 'root')])
+         self.assertIsNone(parser.close())
+ 
++    @unittest.expectedFailure
+     def test_simple_xml_chunk_1(self):
+         self.test_simple_xml(chunk_size=1, flush=True)
+ 
++    @unittest.expectedFailure
+     def test_simple_xml_chunk_5(self):
+         self.test_simple_xml(chunk_size=5, flush=True)
+ 
+@@ -1651,6 +1653,7 @@ class XMLPullParserTest(unittest.TestCase):
+ 
+         self.assert_event_tags(parser, [('end', 'doc')])
+ 
++    @unittest.expectedFailure
+     def test_flush_reparse_deferral_disabled(self):
+         parser = ET.XMLPullParser(events=('start', 'end'))
+ 
+-- 
+2.44.0
+
diff --git a/SOURCES/Python-3.9.18.tar.xz.asc b/SOURCES/Python-3.9.18.tar.xz.asc
deleted file mode 100644
index ea44585..0000000
--- a/SOURCES/Python-3.9.18.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnntEACgkQsmmV4xAl
-BWgmQw/9EFWMXtSfWBV93AQF37r0nbUnOBvrOcubkO7ygt+GfHKzN8EPuNeO2It7
-yNZDuCmwepnNGaIkO7UkgbwYyNw3YaoHQqxG8izAfJAVqK6BSk8UAET/YKWFXbLv
-cZBfgxSa0tTEkwq3BAY4vDewRXnLkUq7k6JRRCKFGLNSi/ygC56SijxyAV2g4Vio
-Qcwr9VhsTvz6ujoWuPrfVpUY4I81LBJxKK7n9zBreYzh5uUXRu5k4lN2W8HrE4q0
-7tTdsccB9j1CJAiUacYLxTFsvwd/hBs9+g9Eu5kqGeChqEU56Gd8wR96TEu8cVIZ
-Bv5UEo9MgT1KsJwk0FMfV8qVScqZrGG3QaoMtNAeAm/tUrhhZO9ANYsC9dey03ut
-tU6s5GAeh6i17bqW5WfvzCdhY9ayCInndzkq7SPi9F7fYx79PgdsofqPdyCSBXUo
-Ozfn1VQkYQJTmYtrwqLfdAivubaEPIf1+fLqMOXbrI85Ujuy5xzlgVrrqO2K9rbE
-DYyPgGZjPtss/yZGRCUdJX6rbW8Tq0HKt/8HpbW5fCt9o0wCSawR71GhzPA1fpNs
-0mkAGvvoNGdiSizTLLPvNCaecw4kSzeBNViyP6oRCv69ifNqHPErItsMZ0YIMU14
-w4/d9yI9kUa2bvE3cmx6G+9OS8PYip9MsJbQgP7kJsZ8wgt9rQU=
-=aw+P
------END PGP SIGNATURE-----
diff --git a/SOURCES/Python-3.9.19.tar.xz.asc b/SOURCES/Python-3.9.19.tar.xz.asc
new file mode 100644
index 0000000..0dbbb22
--- /dev/null
+++ b/SOURCES/Python-3.9.19.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmX5uMIACgkQsmmV4xAl
+BWj1tQ//T2qX0m08xWGV7az0D1sH3qjoY+4fEYrknw5uAHqZFiQecRsF27jxv6iH
+gP/6GAUw+lbH+9UofhCc0NbPOklliS7gFLNqJdKYFB6JXRNxiRYKh3uVx5o2n0ES
+kR3kRl77S47rtCbSMrKTh6ZoWowyIUZGFsIonk5KsLv+oELXY1AK/Im9i3/iTJ1Z
+jd/e2oHWuseIxbGZAO8AEP8zOsMMIHfsL3ry8H9xhhPyQM6t5DldqLH3UVE6kq95
+fs+olGO4FEKif3VDuLaHVlgtGZOUr6aDIYUmWxctPicboSb6RJAq37CCYgWykOyB
+WQec0ONbU7lxt5jhemLSDRy0mEio7+nXIKsO9rDN0Wk1QMpHUl77/C5qVlzfHal7
+NhPt8Yl0hBnOjzTq+di+xhAKJcdKp+zZH7/ugAbthuqhNfnkqiF68PANHrCm3gbY
+myN0eSaQ9yIa/MbHW8Am9NL/nuFbxdJUL/OIKQ9kFHgD7Qid86TZF0G2vbiBH/eF
+IVYoMxRZLd7eu5dIcwXSef+Ai97pODbx9y7bOCFyBO9FuFrlhPObgc7KXCeAzP+y
+k5eWvZtWTvvQ+2si2iT22EPBO0D0pnhYWZKpGK5EuKuw8nasNS1yLbhDTVpARynd
+8buQh3t2wPfILlQr0+JzDY8GSdQ/nIHGgx2IERdSX/v+9Yo2AvU=
+=gYAl
+-----END PGP SIGNATURE-----
diff --git a/SPECS/python39.spec b/SPECS/python39.spec
index 0c950ee..294de70 100644
--- a/SPECS/python39.spec
+++ b/SPECS/python39.spec
@@ -13,11 +13,11 @@ URL: https://www.python.org/
 
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.18
+%global general_version %{pybasever}.19
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 3%{?dist}
+Release: 1%{?dist}
 License: Python
 
 # Exclude i686 arch. Due to a modularity issue it's being added to the
@@ -445,6 +445,13 @@ Patch414: 00414-skip_test_zlib_s390x.patch
 # config file or environment variable.
 Patch415: 00415-cve-2023-27043-gh-102988-reject-malformed-addresses-in-email-parseaddr-111116.patch
 
+# 00422 # a353cebef737c41420dc7ae2469dd657371b8881
+# Fix tests for XMLPullParser with Expat 2.6.0
+#
+# Feeding the parser by too small chunks defers parsing to prevent
+# CVE-2023-52425. Future versions of Expat may be more reactive.
+Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -859,6 +866,7 @@ rm Lib/ensurepip/_bundled/*.whl
 %apply_patch -q %{PATCH397}
 %apply_patch -q %{PATCH414}
 %apply_patch -q %{PATCH415}
+%apply_patch -q %{PATCH422}
 
 # Remove all exe files to ensure we are not shipping prebuilt binaries
 # note that those are only used to create Microsoft Windows installers
@@ -2030,6 +2038,12 @@ fi
 # ======================================================
 
 %changelog
+* Mon Apr 22 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.9.19-1
+- Update to 3.9.19
+- Security fixes for CVE-2023-6597 and CVE-2024-0450
+- Fix tests for XMLPullParser with Expat with fixed CVE
+Resolves: RHEL-33676, RHEL-33688
+
 * Wed Jan 17 2024 Lumír Balhar <lbalhar@redhat.com> - 3.9.18-3
 - Skip tests failing on s390x
 Resolves: RHEL-21905