diff --git a/packages/p/python39/.files b/packages/p/python39/.files
index 83fe2c4b404..ce16a8c8b3d 100644
Binary files a/packages/p/python39/.files and b/packages/p/python39/.files differ
diff --git a/packages/p/python39/.rev b/packages/p/python39/.rev
index 9f6982457c8..0c463929e17 100644
--- a/packages/p/python39/.rev
+++ b/packages/p/python39/.rev
@@ -1024,4 +1024,64 @@
Automatic submission by obs-autosubmit
1157648
+
+ 8819880258c03e8766833c037179190a
+ 3.9.19
+
+ anag+factory
+ - Add old-libexpat.patch making the test suite work with
+ libexpat < 2.6.0 (gh#python/cpython#117187).
+- Update to 3.9.19:
+ - Security
+ - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+ (CVE-2023-52425, bsc#1219559) by adding five new methods:
+ xml.etree.ElementTree.XMLParser.flush()
+ xml.etree.ElementTree.XMLPullParser.flush()
+ xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+ xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+ xml.sax.expatreader.ExpatParser.flush()
+ - gh-115399: Update bundled libexpat to 2.6.0
+ - gh-113659: Skip .pth files with names starting with a dot
+ or hidden file attribute.
+ - Core and Builtins
+ - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
+ codecs read out of bounds
+ - Library
+ - gh-115197: urllib.request no longer resolves the hostname
+ before checking it against the system’s proxy bypass list
+ on macOS and Windows.
+ - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+ - gh-81194: Fix a crash in socket.if_indextoname() with
+ specific value (UINT_MAX). Fix an integer overflow in
+ socket.if_indextoname() on 64-bit non-Windows platforms.
+ - gh-109858: Protect zipfile from “quoted-overlap”
+ zipbomb. It now raises BadZipFile when try to read an
+ entry that overlaps with other entry or central directory
+ (CVE-2024-0450, bsc#1221854).
+ - gh-107077: Seems that in some conditions, OpenSSL will
+ return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
+ when a certification verification has failed, but
+ the error parameters will still contain ERR_LIB_SSL
+ and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now
+ detecting this situation and raising the appropiate
+ ssl.SSLCertVerificationError. Patch by Pablo Galindo
+ - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
+ which now no longer dereferences symlinks when working
+ around file system permission errors (CVE-2023-6597,
+ bsc#1219666).
+ - Documentation
+ - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
+ “XML vulnerabilities”.
+ - Tools/Demos
+ - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11
+ and multissltests to use 1.1.1w and 3.0.11.
+- Remove upstreamed patches:
+ - CVE-2023-6597-TempDir-cleaning-symlink.patch
+ - libexpat260.patch
+- Refreshed patches:
+ - F00251-change-user-install-location.patch
+ - python-3.3.0b1-localpath.patch
+
+ 1161042
+
diff --git a/packages/p/python39/CVE-2023-6597-TempDir-cleaning-symlink.patch b/packages/p/python39/CVE-2023-6597-TempDir-cleaning-symlink.patch
deleted file mode 100644
index d886f202c87..00000000000
--- a/packages/p/python39/CVE-2023-6597-TempDir-cleaning-symlink.patch
+++ /dev/null
@@ -1,191 +0,0 @@
----
- Lib/tempfile.py | 26 +-
- Lib/test/test_tempfile.py | 117 +++++++++-
- Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2
- 3 files changed, 136 insertions(+), 9 deletions(-)
-
---- a/Lib/tempfile.py
-+++ b/Lib/tempfile.py
-@@ -268,6 +268,22 @@ def _mkstemp_inner(dir, pre, suf, flags,
- raise FileExistsError(_errno.EEXIST,
- "No usable temporary file name found")
-
-+def _dont_follow_symlinks(func, path, *args):
-+ # Pass follow_symlinks=False, unless not supported on this platform.
-+ if func in _os.supports_follow_symlinks:
-+ func(path, *args, follow_symlinks=False)
-+ elif _os.name == 'nt' or not _os.path.islink(path):
-+ func(path, *args)
-+
-+def _resetperms(path):
-+ try:
-+ chflags = _os.chflags
-+ except AttributeError:
-+ pass
-+ else:
-+ _dont_follow_symlinks(chflags, path, 0)
-+ _dont_follow_symlinks(_os.chmod, path, 0o700)
-+
-
- # User visible interfaces.
-
-@@ -789,17 +805,11 @@ class TemporaryDirectory(object):
- def _rmtree(cls, name):
- def onerror(func, path, exc_info):
- if issubclass(exc_info[0], PermissionError):
-- def resetperms(path):
-- try:
-- _os.chflags(path, 0)
-- except AttributeError:
-- pass
-- _os.chmod(path, 0o700)
-
- try:
- if path != name:
-- resetperms(_os.path.dirname(path))
-- resetperms(path)
-+ _resetperms(_os.path.dirname(path))
-+ _resetperms(path)
-
- try:
- _os.unlink(path)
---- a/Lib/test/test_tempfile.py
-+++ b/Lib/test/test_tempfile.py
-@@ -1394,6 +1394,103 @@ class TestTemporaryDirectory(BaseTestCas
- "were deleted")
- d2.cleanup()
-
-+ @support.skip_unless_symlink
-+ def test_cleanup_with_symlink_modes(self):
-+ # cleanup() should not follow symlinks when fixing mode bits (#91133)
-+ with self.do_create(recurse=0) as d2:
-+ file1 = os.path.join(d2, 'file1')
-+ open(file1, 'wb').close()
-+ dir1 = os.path.join(d2, 'dir1')
-+ os.mkdir(dir1)
-+ for mode in range(8):
-+ mode <<= 6
-+ with self.subTest(mode=format(mode, '03o')):
-+ def test(target, target_is_directory):
-+ d1 = self.do_create(recurse=0)
-+ symlink = os.path.join(d1.name, 'symlink')
-+ os.symlink(target, symlink,
-+ target_is_directory=target_is_directory)
-+ try:
-+ os.chmod(symlink, mode, follow_symlinks=False)
-+ except NotImplementedError:
-+ pass
-+ try:
-+ os.chmod(symlink, mode)
-+ except FileNotFoundError:
-+ pass
-+ os.chmod(d1.name, mode)
-+ d1.cleanup()
-+ self.assertFalse(os.path.exists(d1.name))
-+
-+ with self.subTest('nonexisting file'):
-+ test('nonexisting', target_is_directory=False)
-+ with self.subTest('nonexisting dir'):
-+ test('nonexisting', target_is_directory=True)
-+
-+ with self.subTest('existing file'):
-+ os.chmod(file1, mode)
-+ old_mode = os.stat(file1).st_mode
-+ test(file1, target_is_directory=False)
-+ new_mode = os.stat(file1).st_mode
-+ self.assertEqual(new_mode, old_mode,
-+ '%03o != %03o' % (new_mode, old_mode))
-+
-+ with self.subTest('existing dir'):
-+ os.chmod(dir1, mode)
-+ old_mode = os.stat(dir1).st_mode
-+ test(dir1, target_is_directory=True)
-+ new_mode = os.stat(dir1).st_mode
-+ self.assertEqual(new_mode, old_mode,
-+ '%03o != %03o' % (new_mode, old_mode))
-+
-+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
-+ @support.skip_unless_symlink
-+ def test_cleanup_with_symlink_flags(self):
-+ # cleanup() should not follow symlinks when fixing flags (#91133)
-+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
-+ self.check_flags(flags)
-+
-+ with self.do_create(recurse=0) as d2:
-+ file1 = os.path.join(d2, 'file1')
-+ open(file1, 'wb').close()
-+ dir1 = os.path.join(d2, 'dir1')
-+ os.mkdir(dir1)
-+ def test(target, target_is_directory):
-+ d1 = self.do_create(recurse=0)
-+ symlink = os.path.join(d1.name, 'symlink')
-+ os.symlink(target, symlink,
-+ target_is_directory=target_is_directory)
-+ try:
-+ os.chflags(symlink, flags, follow_symlinks=False)
-+ except NotImplementedError:
-+ pass
-+ try:
-+ os.chflags(symlink, flags)
-+ except FileNotFoundError:
-+ pass
-+ os.chflags(d1.name, flags)
-+ d1.cleanup()
-+ self.assertFalse(os.path.exists(d1.name))
-+
-+ with self.subTest('nonexisting file'):
-+ test('nonexisting', target_is_directory=False)
-+ with self.subTest('nonexisting dir'):
-+ test('nonexisting', target_is_directory=True)
-+
-+ with self.subTest('existing file'):
-+ os.chflags(file1, flags)
-+ old_flags = os.stat(file1).st_flags
-+ test(file1, target_is_directory=False)
-+ new_flags = os.stat(file1).st_flags
-+ self.assertEqual(new_flags, old_flags)
-+
-+ with self.subTest('existing dir'):
-+ os.chflags(dir1, flags)
-+ old_flags = os.stat(dir1).st_flags
-+ test(dir1, target_is_directory=True)
-+ new_flags = os.stat(dir1).st_flags
-+ self.assertEqual(new_flags, old_flags)
-+
- @support.cpython_only
- def test_del_on_collection(self):
- # A TemporaryDirectory is deleted when garbage collected
-@@ -1506,9 +1603,27 @@ class TestTemporaryDirectory(BaseTestCas
- d.cleanup()
- self.assertFalse(os.path.exists(d.name))
-
-- @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.lchflags')
-+ def check_flags(self, flags):
-+ # skip the test if these flags are not supported (ex: FreeBSD 13)
-+ filename = support.TESTFN
-+ try:
-+ open(filename, "w").close()
-+ try:
-+ os.chflags(filename, flags)
-+ except OSError as exc:
-+ # "OSError: [Errno 45] Operation not supported"
-+ self.skipTest(f"chflags() doesn't support flags "
-+ f"{flags:#b}: {exc}")
-+ else:
-+ os.chflags(filename, 0)
-+ finally:
-+ support.unlink(filename)
-+
-+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
- def test_flags(self):
- flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
-+ self.check_flags(flags)
-+
- d = self.do_create(recurse=3, dirs=2, files=2)
- with d:
- # Change files and directories flags recursively.
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
-@@ -0,0 +1,2 @@
-+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer
-+dereferences symlinks when working around file system permission errors.
diff --git a/packages/p/python39/F00251-change-user-install-location.patch b/packages/p/python39/F00251-change-user-install-location.patch
index 3f2f2d06994..b4ed2af433a 100644
--- a/packages/p/python39/F00251-change-user-install-location.patch
+++ b/packages/p/python39/F00251-change-user-install-location.patch
@@ -9,8 +9,8 @@ is not detected to make pip and distutils install into separate location.
Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
---
- Lib/distutils/command/install.py | 15 +++++++++++++--
- Lib/site.py | 9 ++++++++-
+ Lib/distutils/command/install.py | 15 +++++++++++++--
+ Lib/site.py | 9 ++++++++-
2 files changed, 21 insertions(+), 3 deletions(-)
--- a/Lib/distutils/command/install.py
@@ -39,7 +39,7 @@ Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe
if self.exec_prefix is None:
--- a/Lib/site.py
+++ b/Lib/site.py
-@@ -353,7 +353,14 @@ def getsitepackages(prefixes=None):
+@@ -362,7 +362,14 @@ def getsitepackages(prefixes=None):
return sitepackages
def addsitepackages(known_paths, prefixes=None):
diff --git a/packages/p/python39/Python-3.9.18.tar.xz b/packages/p/python39/Python-3.9.18.tar.xz
deleted file mode 120000
index e74226e454c..00000000000
--- a/packages/p/python39/Python-3.9.18.tar.xz
+++ /dev/null
@@ -1 +0,0 @@
-/ipfs/bafybeigiq4wly67om7tim7juyb2zpyo46zpolrkftww5wfbhglacvmfjbq
\ No newline at end of file
diff --git a/packages/p/python39/Python-3.9.18.tar.xz.asc b/packages/p/python39/Python-3.9.18.tar.xz.asc
deleted file mode 100644
index ea445852436..00000000000
--- a/packages/p/python39/Python-3.9.18.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmTnntEACgkQsmmV4xAl
-BWgmQw/9EFWMXtSfWBV93AQF37r0nbUnOBvrOcubkO7ygt+GfHKzN8EPuNeO2It7
-yNZDuCmwepnNGaIkO7UkgbwYyNw3YaoHQqxG8izAfJAVqK6BSk8UAET/YKWFXbLv
-cZBfgxSa0tTEkwq3BAY4vDewRXnLkUq7k6JRRCKFGLNSi/ygC56SijxyAV2g4Vio
-Qcwr9VhsTvz6ujoWuPrfVpUY4I81LBJxKK7n9zBreYzh5uUXRu5k4lN2W8HrE4q0
-7tTdsccB9j1CJAiUacYLxTFsvwd/hBs9+g9Eu5kqGeChqEU56Gd8wR96TEu8cVIZ
-Bv5UEo9MgT1KsJwk0FMfV8qVScqZrGG3QaoMtNAeAm/tUrhhZO9ANYsC9dey03ut
-tU6s5GAeh6i17bqW5WfvzCdhY9ayCInndzkq7SPi9F7fYx79PgdsofqPdyCSBXUo
-Ozfn1VQkYQJTmYtrwqLfdAivubaEPIf1+fLqMOXbrI85Ujuy5xzlgVrrqO2K9rbE
-DYyPgGZjPtss/yZGRCUdJX6rbW8Tq0HKt/8HpbW5fCt9o0wCSawR71GhzPA1fpNs
-0mkAGvvoNGdiSizTLLPvNCaecw4kSzeBNViyP6oRCv69ifNqHPErItsMZ0YIMU14
-w4/d9yI9kUa2bvE3cmx6G+9OS8PYip9MsJbQgP7kJsZ8wgt9rQU=
-=aw+P
------END PGP SIGNATURE-----
diff --git a/packages/p/python39/Python-3.9.19.tar.xz b/packages/p/python39/Python-3.9.19.tar.xz
new file mode 120000
index 00000000000..dff164dc27f
--- /dev/null
+++ b/packages/p/python39/Python-3.9.19.tar.xz
@@ -0,0 +1 @@
+/ipfs/bafybeib5zdhewyy2jyrskifhq45pbv5zldajmwppbc2izqt6zjw4ewl5nm
\ No newline at end of file
diff --git a/packages/p/python39/Python-3.9.19.tar.xz.asc b/packages/p/python39/Python-3.9.19.tar.xz.asc
new file mode 100644
index 00000000000..0dbbb2252e1
--- /dev/null
+++ b/packages/p/python39/Python-3.9.19.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmX5uMIACgkQsmmV4xAl
+BWj1tQ//T2qX0m08xWGV7az0D1sH3qjoY+4fEYrknw5uAHqZFiQecRsF27jxv6iH
+gP/6GAUw+lbH+9UofhCc0NbPOklliS7gFLNqJdKYFB6JXRNxiRYKh3uVx5o2n0ES
+kR3kRl77S47rtCbSMrKTh6ZoWowyIUZGFsIonk5KsLv+oELXY1AK/Im9i3/iTJ1Z
+jd/e2oHWuseIxbGZAO8AEP8zOsMMIHfsL3ry8H9xhhPyQM6t5DldqLH3UVE6kq95
+fs+olGO4FEKif3VDuLaHVlgtGZOUr6aDIYUmWxctPicboSb6RJAq37CCYgWykOyB
+WQec0ONbU7lxt5jhemLSDRy0mEio7+nXIKsO9rDN0Wk1QMpHUl77/C5qVlzfHal7
+NhPt8Yl0hBnOjzTq+di+xhAKJcdKp+zZH7/ugAbthuqhNfnkqiF68PANHrCm3gbY
+myN0eSaQ9yIa/MbHW8Am9NL/nuFbxdJUL/OIKQ9kFHgD7Qid86TZF0G2vbiBH/eF
+IVYoMxRZLd7eu5dIcwXSef+Ai97pODbx9y7bOCFyBO9FuFrlhPObgc7KXCeAzP+y
+k5eWvZtWTvvQ+2si2iT22EPBO0D0pnhYWZKpGK5EuKuw8nasNS1yLbhDTVpARynd
+8buQh3t2wPfILlQr0+JzDY8GSdQ/nIHGgx2IERdSX/v+9Yo2AvU=
+=gYAl
+-----END PGP SIGNATURE-----
diff --git a/packages/p/python39/libexpat260.patch b/packages/p/python39/libexpat260.patch
deleted file mode 100644
index f0225ca6679..00000000000
--- a/packages/p/python39/libexpat260.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka
-Date: Sun, 11 Feb 2024 12:08:39 +0200
-Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
- (GH-115164)
-
-Feeding the parser by too small chunks defers parsing to prevent
-CVE-2023-52425. Future versions of Expat may be more reactive.
-(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
-
-Co-authored-by: Serhiy Storchaka
----
- Lib/test/test_xml_etree.py | 58 ++++++++++++-------
- ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 +
- 2 files changed, 38 insertions(+), 22 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
-
-Index: Python-3.9.18/Lib/test/test_xml_etree.py
-===================================================================
---- Python-3.9.18.orig/Lib/test/test_xml_etree.py
-+++ Python-3.9.18/Lib/test/test_xml_etree.py
-@@ -13,6 +13,7 @@ import itertools
- import operator
- import os
- import pickle
-+import pyexpat
- import sys
- import textwrap
- import types
-@@ -102,6 +103,10 @@ EXTERNAL_ENTITY_XML = """\
- &entity;
- """
-
-+fails_with_expat_2_6_0 = (unittest.expectedFailure
-+ if pyexpat.version_info >= (2, 6, 0) else
-+ lambda test: test)
-+
- def checkwarnings(*filters, quiet=False):
- def decorator(test):
- def newtest(*args, **kwargs):
-@@ -1391,28 +1396,37 @@ class XMLPullParserTest(unittest.TestCas
- self.assertEqual([(action, elem.tag) for action, elem in events],
- expected)
-
-- def test_simple_xml(self):
-- for chunk_size in (None, 1, 5):
-- with self.subTest(chunk_size=chunk_size):
-- parser = ET.XMLPullParser()
-- self.assert_event_tags(parser, [])
-- self._feed(parser, "\n", chunk_size)
-- self.assert_event_tags(parser, [])
-- self._feed(parser,
-- "\n text\n", chunk_size)
-- self.assert_event_tags(parser, [('end', 'element')])
-- self._feed(parser, "texttail\n", chunk_size)
-- self._feed(parser, "\n", chunk_size)
-- self.assert_event_tags(parser, [
-- ('end', 'element'),
-- ('end', 'empty-element'),
-- ])
-- self._feed(parser, "\n", chunk_size)
-- self.assert_event_tags(parser, [('end', 'root')])
-- self.assertIsNone(parser.close())
-+ def test_simple_xml(self, chunk_size=None):
-+ parser = ET.XMLPullParser()
-+ self.assert_event_tags(parser, [])
-+ self._feed(parser, "\n", chunk_size)
-+ self.assert_event_tags(parser, [])
-+ self._feed(parser,
-+ "\n text\n", chunk_size)
-+ self.assert_event_tags(parser, [('end', 'element')])
-+ self._feed(parser, "texttail\n", chunk_size)
-+ self._feed(parser, "\n", chunk_size)
-+ self.assert_event_tags(parser, [
-+ ('end', 'element'),
-+ ('end', 'empty-element'),
-+ ])
-+ self._feed(parser, "\n", chunk_size)
-+ self.assert_event_tags(parser, [('end', 'root')])
-+ self.assertIsNone(parser.close())
-+
-+ @fails_with_expat_2_6_0
-+ def test_simple_xml_chunk_1(self):
-+ self.test_simple_xml(chunk_size=1)
-+
-+ @fails_with_expat_2_6_0
-+ def test_simple_xml_chunk_5(self):
-+ self.test_simple_xml(chunk_size=5)
-+
-+ def test_simple_xml_chunk_22(self):
-+ self.test_simple_xml(chunk_size=22)
-
- def test_feed_while_iterating(self):
- parser = ET.XMLPullParser()
-Index: Python-3.9.18/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
-===================================================================
---- /dev/null
-+++ Python-3.9.18/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
-@@ -0,0 +1,2 @@
-+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
-+2.6.0.
diff --git a/packages/p/python39/old-libexpat.patch b/packages/p/python39/old-libexpat.patch
new file mode 100644
index 00000000000..b443628f3a9
--- /dev/null
+++ b/packages/p/python39/old-libexpat.patch
@@ -0,0 +1,79 @@
+---
+ Lib/test/test_sax.py | 10 +++++-----
+ Lib/test/test_xml_etree.py | 17 ++++++++---------
+ 2 files changed, 13 insertions(+), 14 deletions(-)
+
+--- a/Lib/test/test_sax.py
++++ b/Lib/test/test_sax.py
+@@ -1211,10 +1211,9 @@ class ExpatReaderTest(XmlTestBase):
+
+ self.assertEqual(result.getvalue(), start + b"text")
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ "Reparse deferral not defined for libexpat < 2.6.0")
+ def test_flush_reparse_deferral_enabled(self):
+- if pyexpat.version_info < (2, 6, 0):
+- self.skipTest(f'Expat {pyexpat.version_info} does not support reparse deferral')
+-
+ result = BytesIO()
+ xmlgen = XMLGenerator(result)
+ parser = create_parser()
+@@ -1236,6 +1235,8 @@ class ExpatReaderTest(XmlTestBase):
+
+ self.assertEqual(result.getvalue(), start + b"")
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ "Reparse deferral not defined for libexpat < 2.6.0")
+ def test_flush_reparse_deferral_disabled(self):
+ result = BytesIO()
+ xmlgen = XMLGenerator(result)
+@@ -1245,8 +1246,7 @@ class ExpatReaderTest(XmlTestBase):
+ for chunk in (""):
+ parser.feed(chunk)
+
+- if pyexpat.version_info >= (2, 6, 0):
+- parser._parser.SetReparseDeferralEnabled(False)
++ parser._parser.SetReparseDeferralEnabled(False)
+
+ self.assertEqual(result.getvalue(), start) # i.e. no elements started
+ self.assertFalse(parser._parser.GetReparseDeferralEnabled())
+--- a/Lib/test/test_xml_etree.py
++++ b/Lib/test/test_xml_etree.py
+@@ -1619,11 +1619,9 @@ class XMLPullParserTest(unittest.TestCas
+ with self.assertRaises(ValueError):
+ ET.XMLPullParser(events=('start', 'end', 'bogus'))
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ "Reparse deferral not defined for libexpat < 2.6.0")
+ def test_flush_reparse_deferral_enabled(self):
+- if pyexpat.version_info < (2, 6, 0):
+- self.skipTest(f'Expat {pyexpat.version_info} does not '
+- 'support reparse deferral')
+-
+ parser = ET.XMLPullParser(events=('start', 'end'))
+
+ for chunk in (""):
+@@ -1644,17 +1642,18 @@ class XMLPullParserTest(unittest.TestCas
+
+ self.assert_event_tags(parser, [('end', 'doc')])
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ "Reparse deferral not defined for libexpat < 2.6.0")
+ def test_flush_reparse_deferral_disabled(self):
+ parser = ET.XMLPullParser(events=('start', 'end'))
+
+ for chunk in (""):
+ parser.feed(chunk)
+
+- if pyexpat.version_info >= (2, 6, 0):
+- if not ET is pyET:
+- self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled '
+- 'methods not available in C')
+- parser._parser._parser.SetReparseDeferralEnabled(False)
++ if not ET is pyET:
++ self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled '
++ 'methods not available in C')
++ parser._parser._parser.SetReparseDeferralEnabled(False)
+
+ self.assert_event_tags(parser, []) # i.e. no elements started
+ if ET is pyET:
diff --git a/packages/p/python39/python-3.3.0b1-localpath.patch b/packages/p/python39/python-3.3.0b1-localpath.patch
index f6cac491334..8d2f8a5134c 100644
--- a/packages/p/python39/python-3.3.0b1-localpath.patch
+++ b/packages/p/python39/python-3.3.0b1-localpath.patch
@@ -1,7 +1,11 @@
+---
+ Lib/site.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
--- a/Lib/site.py
+++ b/Lib/site.py
-@@ -76,7 +76,7 @@ import _sitebuiltins
- import io
+@@ -77,7 +77,7 @@ import io
+ import stat
# Prefixes for site-packages; add additional prefixes like /usr/local here
-PREFIXES = [sys.prefix, sys.exec_prefix]
diff --git a/packages/p/python39/python39.changes b/packages/p/python39/python39.changes
index f6950c0d1a5..412c78b218c 100644
--- a/packages/p/python39/python39.changes
+++ b/packages/p/python39/python39.changes
@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Sun Mar 24 00:43:14 UTC 2024 - Matej Cepl
+
+- Add old-libexpat.patch making the test suite work with
+ libexpat < 2.6.0 (gh#python/cpython#117187).
+
+-------------------------------------------------------------------
+Thu Mar 21 20:24:05 UTC 2024 - Matej Cepl
+
+- Update to 3.9.19:
+ - Security
+ - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+ (CVE-2023-52425, bsc#1219559) by adding five new methods:
+ xml.etree.ElementTree.XMLParser.flush()
+ xml.etree.ElementTree.XMLPullParser.flush()
+ xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+ xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+ xml.sax.expatreader.ExpatParser.flush()
+ - gh-115399: Update bundled libexpat to 2.6.0
+ - gh-113659: Skip .pth files with names starting with a dot
+ or hidden file attribute.
+ - Core and Builtins
+ - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
+ codecs read out of bounds
+ - Library
+ - gh-115197: urllib.request no longer resolves the hostname
+ before checking it against the system’s proxy bypass list
+ on macOS and Windows.
+ - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+ - gh-81194: Fix a crash in socket.if_indextoname() with
+ specific value (UINT_MAX). Fix an integer overflow in
+ socket.if_indextoname() on 64-bit non-Windows platforms.
+ - gh-109858: Protect zipfile from “quoted-overlap”
+ zipbomb. It now raises BadZipFile when try to read an
+ entry that overlaps with other entry or central directory
+ (CVE-2024-0450, bsc#1221854).
+ - gh-107077: Seems that in some conditions, OpenSSL will
+ return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
+ when a certification verification has failed, but
+ the error parameters will still contain ERR_LIB_SSL
+ and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now
+ detecting this situation and raising the appropiate
+ ssl.SSLCertVerificationError. Patch by Pablo Galindo
+ - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
+ which now no longer dereferences symlinks when working
+ around file system permission errors (CVE-2023-6597,
+ bsc#1219666).
+ - Documentation
+ - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
+ “XML vulnerabilities”.
+ - Tools/Demos
+ - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11
+ and multissltests to use 1.1.1w and 3.0.11.
+- Remove upstreamed patches:
+ - CVE-2023-6597-TempDir-cleaning-symlink.patch
+ - libexpat260.patch
+- Refreshed patches:
+ - F00251-change-user-install-location.patch
+ - python-3.3.0b1-localpath.patch
+
-------------------------------------------------------------------
Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal
diff --git a/packages/p/python39/python39.spec b/packages/p/python39/python39.spec
index 30f5625c809..1be138c2165 100644
--- a/packages/p/python39/python39.spec
+++ b/packages/p/python39/python39.spec
@@ -93,7 +93,7 @@
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.9.18
+Version: 3.9.19
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -178,12 +178,9 @@ Patch41: downport-Sphinx-features.patch
# indicate the parsing error (old API), from gh#python/cpython!105127
# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also partially REVERTED
Patch42: CVE-2023-27043-email-parsing-errors.patch
-# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
-# Fix tests for XMLPullParser with Expat 2.6.0
-Patch43: libexpat260.patch
-# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
-# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
-Patch44: CVE-2023-6597-TempDir-cleaning-symlink.patch
+# PATCH-FIX-UPSTREAM old-libexpat.patch gh#python/cpython#117187 mcepl@suse.com
+# Make the test suite work with libexpat < 2.6.0
+Patch43: old-libexpat.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -449,7 +446,6 @@ other applications.
%endif
%patch -P 42 -p1
%patch -P 43 -p1
-%patch -P 44 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac