diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch
new file mode 100644
index 0000000..6600f2c
--- /dev/null
+++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch
@@ -0,0 +1,57 @@
+Index: Python-3.11.9/Lib/test/test_xml_etree.py
+===================================================================
+--- Python-3.11.9.orig/Lib/test/test_xml_etree.py
++++ Python-3.11.9/Lib/test/test_xml_etree.py
+@@ -1424,9 +1424,13 @@ class XMLPullParserTest(unittest.TestCas
+ self.assert_event_tags(parser, [('end', 'root')])
+ self.assertIsNone(parser.close())
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Fail with patched version of Expat {pyexpat.version_info}')
+ def test_simple_xml_chunk_1(self):
+ self.test_simple_xml(chunk_size=1, flush=True)
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Fail with patched version of Expat {pyexpat.version_info}')
+ def test_simple_xml_chunk_5(self):
+ self.test_simple_xml(chunk_size=5, flush=True)
+
+@@ -1651,6 +1655,9 @@ class XMLPullParserTest(unittest.TestCas
+
+ self.assert_event_tags(parser, [('end', 'doc')])
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Expat {pyexpat.version_info} does not '
++ 'support reparse deferral')
+ def test_flush_reparse_deferral_disabled(self):
+ parser = ET.XMLPullParser(events=('start', 'end'))
+
+Index: Python-3.11.9/Lib/test/test_sax.py
+===================================================================
+--- Python-3.11.9.orig/Lib/test/test_sax.py
++++ Python-3.11.9/Lib/test/test_sax.py
+@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
+
+ self.assertEqual(result.getvalue(), start + b"")
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Expat {pyexpat.version_info} does not '
++ 'support reparse deferral')
+ def test_flush_reparse_deferral_disabled(self):
+ result = BytesIO()
+ xmlgen = XMLGenerator(result)
+Index: Python-3.11.9/Lib/test/test_pyexpat.py
+===================================================================
+--- Python-3.11.9.orig/Lib/test/test_pyexpat.py
++++ Python-3.11.9/Lib/test/test_pyexpat.py
+@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC
+ self.assertEqual(started, ['doc'])
+
+ def test_reparse_deferral_disabled(self):
++ if expat.version_info < (2, 6, 0):
++ self.skipTest(f'Expat {expat.version_info} does not '
++ 'support reparse deferral')
++
+ started = []
+
+ def start_element(name, _):
diff --git a/CVE-2023-6597-TempDir-cleaning-symlink.patch b/CVE-2023-6597-TempDir-cleaning-symlink.patch
deleted file mode 100644
index 21580de..0000000
--- a/CVE-2023-6597-TempDir-cleaning-symlink.patch
+++ /dev/null
@@ -1,165 +0,0 @@
----
- Lib/tempfile.py | 16 +
- Lib/test/test_tempfile.py | 113 ++++++++++
- Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2
- 3 files changed, 131 insertions(+)
-
---- a/Lib/tempfile.py
-+++ b/Lib/tempfile.py
-@@ -286,6 +286,22 @@ def _resetperms(path):
- _dont_follow_symlinks(chflags, path, 0)
- _dont_follow_symlinks(_os.chmod, path, 0o700)
-
-+def _dont_follow_symlinks(func, path, *args):
-+ # Pass follow_symlinks=False, unless not supported on this platform.
-+ if func in _os.supports_follow_symlinks:
-+ func(path, *args, follow_symlinks=False)
-+ elif _os.name == 'nt' or not _os.path.islink(path):
-+ func(path, *args)
-+
-+def _resetperms(path):
-+ try:
-+ chflags = _os.chflags
-+ except AttributeError:
-+ pass
-+ else:
-+ _dont_follow_symlinks(chflags, path, 0)
-+ _dont_follow_symlinks(_os.chmod, path, 0o700)
-+
-
- # User visible interfaces.
-
---- a/Lib/test/test_tempfile.py
-+++ b/Lib/test/test_tempfile.py
-@@ -1673,6 +1673,103 @@ class TestTemporaryDirectory(BaseTestCas
- new_flags = os.stat(dir1).st_flags
- self.assertEqual(new_flags, old_flags)
-
-+ @os_helper.skip_unless_symlink
-+ def test_cleanup_with_symlink_modes(self):
-+ # cleanup() should not follow symlinks when fixing mode bits (#91133)
-+ with self.do_create(recurse=0) as d2:
-+ file1 = os.path.join(d2, 'file1')
-+ open(file1, 'wb').close()
-+ dir1 = os.path.join(d2, 'dir1')
-+ os.mkdir(dir1)
-+ for mode in range(8):
-+ mode <<= 6
-+ with self.subTest(mode=format(mode, '03o')):
-+ def test(target, target_is_directory):
-+ d1 = self.do_create(recurse=0)
-+ symlink = os.path.join(d1.name, 'symlink')
-+ os.symlink(target, symlink,
-+ target_is_directory=target_is_directory)
-+ try:
-+ os.chmod(symlink, mode, follow_symlinks=False)
-+ except NotImplementedError:
-+ pass
-+ try:
-+ os.chmod(symlink, mode)
-+ except FileNotFoundError:
-+ pass
-+ os.chmod(d1.name, mode)
-+ d1.cleanup()
-+ self.assertFalse(os.path.exists(d1.name))
-+
-+ with self.subTest('nonexisting file'):
-+ test('nonexisting', target_is_directory=False)
-+ with self.subTest('nonexisting dir'):
-+ test('nonexisting', target_is_directory=True)
-+
-+ with self.subTest('existing file'):
-+ os.chmod(file1, mode)
-+ old_mode = os.stat(file1).st_mode
-+ test(file1, target_is_directory=False)
-+ new_mode = os.stat(file1).st_mode
-+ self.assertEqual(new_mode, old_mode,
-+ '%03o != %03o' % (new_mode, old_mode))
-+
-+ with self.subTest('existing dir'):
-+ os.chmod(dir1, mode)
-+ old_mode = os.stat(dir1).st_mode
-+ test(dir1, target_is_directory=True)
-+ new_mode = os.stat(dir1).st_mode
-+ self.assertEqual(new_mode, old_mode,
-+ '%03o != %03o' % (new_mode, old_mode))
-+
-+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
-+ @os_helper.skip_unless_symlink
-+ def test_cleanup_with_symlink_flags(self):
-+ # cleanup() should not follow symlinks when fixing flags (#91133)
-+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
-+ self.check_flags(flags)
-+
-+ with self.do_create(recurse=0) as d2:
-+ file1 = os.path.join(d2, 'file1')
-+ open(file1, 'wb').close()
-+ dir1 = os.path.join(d2, 'dir1')
-+ os.mkdir(dir1)
-+ def test(target, target_is_directory):
-+ d1 = self.do_create(recurse=0)
-+ symlink = os.path.join(d1.name, 'symlink')
-+ os.symlink(target, symlink,
-+ target_is_directory=target_is_directory)
-+ try:
-+ os.chflags(symlink, flags, follow_symlinks=False)
-+ except NotImplementedError:
-+ pass
-+ try:
-+ os.chflags(symlink, flags)
-+ except FileNotFoundError:
-+ pass
-+ os.chflags(d1.name, flags)
-+ d1.cleanup()
-+ self.assertFalse(os.path.exists(d1.name))
-+
-+ with self.subTest('nonexisting file'):
-+ test('nonexisting', target_is_directory=False)
-+ with self.subTest('nonexisting dir'):
-+ test('nonexisting', target_is_directory=True)
-+
-+ with self.subTest('existing file'):
-+ os.chflags(file1, flags)
-+ old_flags = os.stat(file1).st_flags
-+ test(file1, target_is_directory=False)
-+ new_flags = os.stat(file1).st_flags
-+ self.assertEqual(new_flags, old_flags)
-+
-+ with self.subTest('existing dir'):
-+ os.chflags(dir1, flags)
-+ old_flags = os.stat(dir1).st_flags
-+ test(dir1, target_is_directory=True)
-+ new_flags = os.stat(dir1).st_flags
-+ self.assertEqual(new_flags, old_flags)
-+
- @support.cpython_only
- def test_del_on_collection(self):
- # A TemporaryDirectory is deleted when garbage collected
-@@ -1847,6 +1944,22 @@ class TestTemporaryDirectory(BaseTestCas
-
- def check_flags(self, flags):
- # skip the test if these flags are not supported (ex: FreeBSD 13)
-+ filename = os_helper.TESTFN
-+ try:
-+ open(filename, "w").close()
-+ try:
-+ os.chflags(filename, flags)
-+ except OSError as exc:
-+ # "OSError: [Errno 45] Operation not supported"
-+ self.skipTest(f"chflags() doesn't support flags "
-+ f"{flags:#b}: {exc}")
-+ else:
-+ os.chflags(filename, 0)
-+ finally:
-+ os_helper.unlink(filename)
-+
-+ def check_flags(self, flags):
-+ # skip the test if these flags are not supported (ex: FreeBSD 13)
- filename = os_helper.TESTFN
- try:
- open(filename, "w").close()
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
-@@ -0,0 +1,2 @@
-+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer
-+dereferences symlinks when working around file system permission errors.
diff --git a/Python-3.11.8.tar.xz b/Python-3.11.8.tar.xz
deleted file mode 100644
index 9263767..0000000
--- a/Python-3.11.8.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9e06008c8901924395bc1da303eac567a729ae012baa182ab39269f650383bb3
-size 20041256
diff --git a/Python-3.11.8.tar.xz.asc b/Python-3.11.8.tar.xz.asc
deleted file mode 100644
index bd8cff8..0000000
--- a/Python-3.11.8.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmXCppEACgkQ/+h0BBaL
-2Edi6g//dRagLHlrmPyCrch7ZqAazLMXTHb3cerXg41QEqfwIl7osk1HnqObBgVN
-w8vgXy9ZlxWwv+cWvwrNLY1AWEfarhwRzWLkikHwycBIIgep1HmSvyU4wLKaN7mI
-c/LxGHfQZ6suu3gCVmRFBoB/ACpT0P5qvDpoUehrADE6wCqs0vbRiW/InLCTUpOy
-zZ+5ncK302JtafJkjIGf2VNB4yQATk/v7fO/z43sEQqhvzgtlWlXNmtCKshGBIt1
-mJpLEs8gCq97jObfbN7FkC3Ti/kEan7PbjDzsDKcBv/jJudvWywHtMzplgbjtOYG
-AgBM8bXbVC119BwmfBpvAxgsVKmmGi9d2McJUPOcIHKiHCb17fU0srRbSV47rE9N
-PWEHgQC2ICbdT9N1oimOEp16eYt5omFWfDy5C91oqUnBFtz8wqiNmyeQimegMgBe
-cDpOY73C2H7Vi6rX9EbyrG+LOkfJ6Vt5rTCa+zbAPy2ihz/ajA7UNH72t1uuzFQZ
-pPdUBNhtGxr5EB3zAqBxDuoh9DMOmDZACbT+npHR3Y7KaXTHYIe7Ot8CCrLpH+Ra
-8Yt6/CCD7KnsCWz6pfyH+ulIL4vw+dPnC809+neiXhiUuM5qiIr9K7HidzXi0Lwj
-sb8MVErS8dURFZP48e1dfbyJqsAvAosiGmjDDqbrlAC5attKjg8=
-=VFx6
------END PGP SIGNATURE-----
diff --git a/Python-3.11.9.tar.xz b/Python-3.11.9.tar.xz
new file mode 100644
index 0000000..81a4f9d
--- /dev/null
+++ b/Python-3.11.9.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9b1e896523fc510691126c864406d9360a3d1e986acbda59cda57b5abda45b87
+size 20175816
diff --git a/Python-3.11.9.tar.xz.asc b/Python-3.11.9.tar.xz.asc
new file mode 100644
index 0000000..92bf2d0
--- /dev/null
+++ b/Python-3.11.9.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmYNMEcACgkQ/+h0BBaL
+2EeHhxAAuuIM9bl0dgAWOjbgRjCeXR8aFdfcI4dkO7bZrUy8eKbM+XCvPUUvloRJ
+vzGkxYyTmI4kcNPOHfscUwH7AVVij8nGv7WeaXBUZGIXNwfHwvqOxvYvSsNNNFnr
+70yJB7Df8/2s0XqFx3X1aWcnyMDerWKpfJ/VI/NPmCVxkYXGshuTTSFcCMTSFBQB
+sNrIb5NWAsBF4R85uRQDlCg1AoyaKOdJNQkPo1Nrjol1ExJ+MHE7+E+QL9pQkUWG
+SBISPUhJySBAegxolw6YR5dz1L4nukueQDJz3NizUeQGDvH7h1ImY8cypRi44U61
+SUUHhBfmUBiC2dS/tTQawySULWcgbkV4GJ6cJZfDd95uffd4S/GDJCa2wCE2UTlA
+XzQHwbcnIeoL064gX7ruBuFHJ6n/Oz7nZkFqbH2aqLTAWgLiUq31xH3HY734sL6X
+zIJQRbcK1EM7cnNjKMVPlnHpAeKbsbHbU6yzWwZ7reIoyWlZ7vEGrfXO7Kmul93K
+wVaWu0AiOY566ugekdDx4cKV+FQN6oppAN63yTfPJ2Ddcmxs4KNrtozw9OAgDTPE
+GTPFD6V1CMuyQj/jOpAmbj+4bRD4Mx3u2PSittvrIeopxrXPsGGSZ5kdl62Xa2+A
+DzKyYNXzcmxqS9lGdFb+OWCTyAIXxwZrdz1Q61g5xDvR9z/wZiI=
+=Br9/
+-----END PGP SIGNATURE-----
diff --git a/libexpat260.patch b/libexpat260.patch
deleted file mode 100644
index c9bbe84..0000000
--- a/libexpat260.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka
-Date: Sun, 11 Feb 2024 12:08:39 +0200
-Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0
- (GH-115164)
-
-Feeding the parser by too small chunks defers parsing to prevent
-CVE-2023-52425. Future versions of Expat may be more reactive.
-(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4)
-
-Co-authored-by: Serhiy Storchaka
----
- Lib/test/test_xml_etree.py | 58 ++++++++++++-------
- ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 +
- 2 files changed, 38 insertions(+), 22 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
-
-diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
-index 267982a8233c92..fa03f381fac92a 100644
---- a/Lib/test/test_xml_etree.py
-+++ b/Lib/test/test_xml_etree.py
-@@ -13,6 +13,7 @@
- import operator
- import os
- import pickle
-+import pyexpat
- import sys
- import textwrap
- import types
-@@ -120,6 +121,10 @@
-
- """
-
-+fails_with_expat_2_6_0 = (unittest.expectedFailure
-+ if pyexpat.version_info >= (2, 6, 0) else
-+ lambda test: test)
-+
- def checkwarnings(*filters, quiet=False):
- def decorator(test):
- def newtest(*args, **kwargs):
-@@ -1400,28 +1405,37 @@ def assert_event_tags(self, parser, expected, max_events=None):
- self.assertEqual([(action, elem.tag) for action, elem in events],
- expected)
-
-- def test_simple_xml(self):
-- for chunk_size in (None, 1, 5):
-- with self.subTest(chunk_size=chunk_size):
-- parser = ET.XMLPullParser()
-- self.assert_event_tags(parser, [])
-- self._feed(parser, "\n", chunk_size)
-- self.assert_event_tags(parser, [])
-- self._feed(parser,
-- "\n text\n", chunk_size)
-- self.assert_event_tags(parser, [('end', 'element')])
-- self._feed(parser, "texttail\n", chunk_size)
-- self._feed(parser, "\n", chunk_size)
-- self.assert_event_tags(parser, [
-- ('end', 'element'),
-- ('end', 'empty-element'),
-- ])
-- self._feed(parser, "\n", chunk_size)
-- self.assert_event_tags(parser, [('end', 'root')])
-- self.assertIsNone(parser.close())
-+ def test_simple_xml(self, chunk_size=None):
-+ parser = ET.XMLPullParser()
-+ self.assert_event_tags(parser, [])
-+ self._feed(parser, "\n", chunk_size)
-+ self.assert_event_tags(parser, [])
-+ self._feed(parser,
-+ "\n text\n", chunk_size)
-+ self.assert_event_tags(parser, [('end', 'element')])
-+ self._feed(parser, "texttail\n", chunk_size)
-+ self._feed(parser, "\n", chunk_size)
-+ self.assert_event_tags(parser, [
-+ ('end', 'element'),
-+ ('end', 'empty-element'),
-+ ])
-+ self._feed(parser, "\n", chunk_size)
-+ self.assert_event_tags(parser, [('end', 'root')])
-+ self.assertIsNone(parser.close())
-+
-+ @fails_with_expat_2_6_0
-+ def test_simple_xml_chunk_1(self):
-+ self.test_simple_xml(chunk_size=1)
-+
-+ @fails_with_expat_2_6_0
-+ def test_simple_xml_chunk_5(self):
-+ self.test_simple_xml(chunk_size=5)
-+
-+ def test_simple_xml_chunk_22(self):
-+ self.test_simple_xml(chunk_size=22)
-
- def test_feed_while_iterating(self):
- parser = ET.XMLPullParser()
-diff --git a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
-new file mode 100644
-index 00000000000000..6f1015235cc25d
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
-@@ -0,0 +1,2 @@
-+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
-+2.6.0.
diff --git a/python311.changes b/python311.changes
index 25fb86c..5bcc5da 100644
--- a/python311.changes
+++ b/python311.changes
@@ -1,3 +1,268 @@
+-------------------------------------------------------------------
+Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia
+
+- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
+ patched libexpat below 2.6.0 that doesn't update the version number,
+ just in SLE.
+
+-------------------------------------------------------------------
+Mon Apr 8 05:44:04 UTC 2024 - Daniel Garcia
+
+- Remove not needed upstream patches:
+ * libexpat260.patch
+ * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
+
+- Update to 3.11.9:
+ * Security
+ - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
+ (CVE-2023-52425, bsc#1219559) by adding five new methods:
+ xml.etree.ElementTree.XMLParser.flush()
+ xml.etree.ElementTree.XMLPullParser.flush()
+ xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
+ xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
+ xml.sax.expatreader.ExpatParser.flush()
+ - gh-115399: Update bundled libexpat to 2.6.0
+ - gh-115243: Fix possible crashes in collections.deque.index()
+ when the deque is concurrently modified.
+ - gh-114572: ssl.SSLContext.cert_store_stats() and
+ ssl.SSLContext.get_ca_certs() now correctly lock access to the
+ certificate store, when the ssl.SSLContext is shared across
+ multiple threads.
+ * Core and Builtins
+ - gh-116296: Fix possible refleak in object.__reduce__() internal
+ error handling.
+ - gh-116034: Fix location of the error on a failed assertion.
+ - gh-115823: Properly calculate error ranges in the parser when
+ raising SyntaxError exceptions caused by invalid byte sequences.
+ Patch by Pablo Galindo
+ - gh-112087: For an empty reverse iterator for list will be
+ reduced to reversed(). Patch by Donghee Na.
+ - gh-115011: Setters for members with an unsigned integer type now
+ support the same range of valid values for objects that has a
+ __index__() method as for int.
+ - gh-96497: Fix incorrect resolution of mangled class variables
+ used in assignment expressions in comprehensions.
+ * Library
+ - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
+ crash in ssl when creating a new _ssl._SSLContext if CPython was
+ built implausibly such that the default cipher list is empty or
+ the SSL library it was linked against reports a failure from its
+ C SSL_CTX_set_cipher_list() API.
+ - gh-117178: Fix regression in lazy loading of self-referential
+ modules, introduced in gh-114781.
+ - gh-117084: Fix zipfile extraction for directory entries with the
+ name containing backslashes on Windows.
+ - gh-117110: Fix a bug that prevents subclasses of typing.Any to
+ be instantiated with arguments. Patch by Chris Fu.
+ - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
+ WaitForSingleObject() with a negative timeout: pass 0 ms if the
+ timeout is negative. Patch by Victor Stinner.
+ - gh-116957: configparser: Don’t leave ConfigParser values in an
+ invalid state (stored as a list instead of a str) after an
+ earlier read raised DuplicateSectionError or
+ DuplicateOptionError.
+ - gh-90095: Ignore empty lines and comments in .pdbrc
+ - gh-116764: Restore support of None and other false values in
+ urllib.parse functions parse_qs() and parse_qsl(). Also, they
+ now raise a TypeError for non-zero integers and non-empty
+ sequences.
+ - gh-116811: In PathFinder.invalidate_caches, delegate to
+ MetadataPathFinder.invalidate_caches.
+ - gh-116600: Fix repr() for global Flag members.
+ - gh-116484: Change automatically generated tkinter.Checkbutton
+ widget names to avoid collisions with automatically generated
+ tkinter.ttk.Checkbutton widget names within the same parent
+ widget.
+ - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
+ opening named pipe.
+ - gh-116143: Fix a race in pydoc _start_server, eliminating a
+ window in which _start_server can return a thread that is
+ “serving” but without a docserver set.
+ - gh-116325: typing: raise SyntaxError instead of AttributeError
+ on forward references as empty strings.
+ - gh-90535: Fix support of interval values > 1 in
+ logging.TimedRotatingFileHandler for when='MIDNIGHT' and
+ when='Wx'.
+ - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
+ WASI.
+ - Under wasmtime for WASI 0.2, these functions don’t pass
+ test_posix
+ (https://github.com/bytecodealliance/wasmtime/issues/7830).
+ - gh-88352: Fix the computation of the next rollover time in the
+ logging.TimedRotatingFileHandler handler. computeRollover() now
+ always returns a timestamp larger than the specified time and
+ works correctly during the DST change. doRollover() no longer
+ overwrite the already rolled over file, saving from data loss
+ when run at midnight or during repeated time at the DST change.
+ - gh-87115: Set __main__.__spec__ to None when running a script
+ with pdb
+ - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
+ that results when a message that claims to be in the ascii
+ character set actually has non-ascii characters. Non-ascii
+ characters are now replaced with the U+FFFD replacement
+ character, like in the replace error handler.
+ - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
+ through to the wrapped object to return the real result.
+ - gh-115881: Fix issue where ast.parse() would incorrectly flag
+ conditional context managers (such as with (x() if y else z()):
+ ...) as invalid syntax if feature_version=(3, 8) was passed.
+ This reverts changes to the grammar made as part of gh-94949.
+ - gh-115886: Fix silent truncation of the name with an embedded
+ null character in multiprocessing.shared_memory.SharedMemory.
+ - gh-115809: Improve algorithm for computing which rolled-over log
+ files to delete in logging.TimedRotatingFileHandler. It is now
+ reliable for handlers without namer and with arbitrary
+ deterministic namer that leaves the datetime part in the file
+ name unmodified.
+ - gh-74668: urllib.parse functions parse_qs() and parse_qsl() now
+ support bytes arguments containing raw and percent-encoded
+ non-ASCII data.
+ - gh-67044: csv.writer() now always quotes or escapes '\r' and
+ '\n', regardless of lineterminator value.
+ - gh-115712: csv.writer() now quotes empty fields if delimiter is
+ a space and skipinitialspace is true and raises exception if
+ quoting is not possible.
+ - gh-115618: Fix improper decreasing the reference count for None
+ argument in property methods getter(), setter() and deleter().
+ - gh-115570: A DeprecationWarning is no longer omitted on access
+ to the __doc__ attributes of the deprecated typing.io and
+ typing.re pseudo-modules.
+ - gh-112006: Fix inspect.unwrap() for types with the __wrapper__
+ data descriptor.
+ - gh-101293: Support callables with the __call__() method and
+ types with __new__() and __init__() methods set to class
+ methods, static methods, bound methods, partial functions, and
+ other types of methods and descriptors in
+ inspect.Signature.from_callable().
+ - gh-115392: Fix a bug in doctest where incorrect line numbers
+ would be reported for decorated functions.
+ - gh-114563: Fix several format() bugs when using the C
+ implementation of Decimal: * memory leak in some rare cases when
+ using the z format option (coerce negative 0) * incorrect output
+ when applying the z format option to type F (fixed-point with
+ capital NAN / INF) * incorrect output when applying the # format
+ option (alternate form)
+ - gh-115197: urllib.request no longer resolves the hostname before
+ checking it against the system’s proxy bypass list on macOS and
+ Windows.
+ - gh-115198: Fix support of Docutils >= 0.19 in distutils.
+ - gh-115165: Most exceptions are now ignored when attempting to
+ set the __orig_class__ attribute on objects returned when
+ calling typing generic aliases (including generic aliases
+ created using typing.Annotated). Previously only AttributeError
+ was ignored. Patch by Dave Shawley.
+ - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
+ - gh-115059: io.BufferedRandom.read1() now flushes the underlying
+ write buffer.
+ - gh-79382: Trailing ** no longer allows to match files and
+ non-existing paths in recursive glob().
+ - gh-114763: Protect modules loaded with importlib.util.LazyLoader
+ from race conditions when multiple threads try to access
+ attributes before the loading is complete.
+ - gh-97959: Fix rendering class methods, bound methods, method and
+ function aliases in pydoc. Class methods no longer have “method
+ of builtins.type instance” note. Corresponding notes are now
+ added for class and unbound methods. Method and function aliases
+ now have references to the module or the class where the origin
+ was defined if it differs from the current. Bound methods are
+ now listed in the static methods section. Methods of builtin
+ classes are now supported as well as methods of Python classes.
+ - gh-112281: Allow creating union of types for typing.Annotated
+ with unhashable metadata.
+ - gh-111775: Fix importlib.resources.simple.ResourceHandle.open()
+ for text mode, added missed stream argument.
+ - gh-90095: Make .pdbrc and -c work with any valid pdb commands.
+ - gh-107155: Fix incorrect output of help(x) where x is a lambda
+ function, which has an __annotations__ dictionary attribute with
+ a "return" key.
+ - gh-105866: Fixed _get_slots bug which caused error when defining
+ dataclasses with slots and a weakref_slot.
+ - gh-60346: Fix ArgumentParser inconsistent with parse_known_args.
+ - gh-100985: Update HTTPSConnection to consistently wrap IPv6
+ Addresses when using a proxy.
+ - gh-100884: email: fix misfolding of comma in address-lists over
+ multiple lines in combination with unicode encoding.
+ - gh-95782: Fix io.BufferedReader.tell(),
+ io.BufferedReader.seek(), _pyio.BufferedReader.tell(),
+ io.BufferedRandom.tell(), io.BufferedRandom.seek() and
+ _pyio.BufferedRandom.tell() being able to return negative
+ offsets.
+ - gh-96310: Fix a traceback in argparse when all options in a
+ mutually exclusive group are suppressed.
+ - gh-93205: Fixed a bug in
+ logging.handlers.TimedRotatingFileHandler where multiple
+ rotating handler instances pointing to files with the same name
+ but different extensions would conflict and not delete the
+ correct files.
+ - bpo-44865: Add missing call to localization function in
+ argparse.
+ - bpo-43952: Fix multiprocessing.connection.Listener.accept() to
+ accept empty bytes as authkey. Not accepting empty bytes as key
+ causes it to hang indefinitely.
+ - bpo-42125: linecache: get module name from __spec__ if
+ available. This allows getting source code for the __main__
+ module when a custom loader is used.
+ - gh-66543: Make mimetypes.guess_type() properly parsing of URLs
+ with only a host name, URLs containing fragment or query, and
+ filenames with only a UNC sharepoint on Windows. Based on patch
+ by Dong-hee Na.
+ - bpo-33775: Add ‘default’ and ‘version’ help text for
+ localization in argparse.
+ * Documentation
+ - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML
+ vulnerabilities”.
+ - gh-115233: Fix an example for LoggerAdapter in the Logging
+ Cookbook.
+ * Tests
+ - gh-83434: Disable JUnit XML output (--junit-xml=FILE command
+ line option) in regrtest when hunting for reference leaks (-R
+ option). Patch by Victor Stinner.
+ - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+ - gh-115979: Update test_importlib so that it passes under WASI
+ SDK 21.
+ - gh-116307: Added import helper isolated_modules as CleanImport
+ does not remove modules imported during the context.
+ - gh-115720: Leak tests (-R, --huntrleaks) now show a summary of
+ the number of leaks found in each iteration.
+ - gh-115122: Add --bisect option to regrtest test runner: run
+ failed tests with test.bisect_cmd to identify failing tests.
+ Patch by Victor Stinner.
+ - gh-115596: Fix ProgramPriorityTests in test_os permanently
+ changing the process priority.
+ - gh-115198: Fix test_check_metadata_deprecate in distutils tests
+ with a newer Docutils.
+ * Build
+ - gh-116313: Get WASI builds to work under wasmtime 18 w/ WASI
+ 0.2/preview2 primitives.
+ - gh-115167: Avoid vendoring vcruntime140_threads.dll when
+ building with Visual Studio 2022 version 17.8.
+ * Windows
+ - gh-116773: Fix instances of <_overlapped.Overlapped object at
+ 0xXXX> still has pending operation at deallocation, the process
+ may crash.
+ - gh-91227: Fix the asyncio ProactorEventLoop implementation so
+ that sending a datagram to an address that is not listening does
+ not prevent receiving any more datagrams.
+ - gh-115554: The installer now has more strict rules about
+ updating the Python Launcher for Windows. In general, most users
+ only have a single launcher installed and will see no
+ difference. When multiple launchers have been installed, the
+ option to install the launcher is disabled until all but one
+ have been removed. Downgrading the launcher (which was never
+ allowed) is now more obviously blocked.
+ - gh-115543: Python Launcher for Windows can now detect Python
+ 3.13 when installed from the Microsoft Store, and will install
+ Python 3.12 by default when PYLAUNCHER_ALLOW_INSTALL is set.
+ - gh-115009: Update Windows installer to use SQLite 3.45.1.
+ * IDLE
+ - gh-88516: On macOS show a proxy icon in the title bar of editor
+ windows to match platform behaviour.
+ * Tools/Demos
+ - gh-113516: Don’t set LDSHARED when building for WASI.
+ * C API
+ - gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows
+ 64-bit platforms.
+
-------------------------------------------------------------------
Sun Mar 24 07:51:45 UTC 2024 - Matej Cepl
diff --git a/python311.spec b/python311.spec
index ac653f7..e5c3514 100644
--- a/python311.spec
+++ b/python311.spec
@@ -94,7 +94,7 @@
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
-Version: 3.11.8
+Version: 3.11.9
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -165,15 +165,14 @@ Patch13: skip_if_buildbot-extend.patch
# Detect email address parsing errors and return empty tuple to
# indicate the parsing error (old API)
Patch14: CVE-2023-27043-email-parsing-errors.patch
-# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
-# Fix tests for XMLPullParser with Expat 2.6.0
-Patch15: libexpat260.patch
-# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
-# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
-Patch16: CVE-2023-6597-TempDir-cleaning-symlink.patch
# PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com
# prevent ResourceWarning in test_asyncio tests
-Patch17: bsc1221260-test_asyncio-ResourceWarning.patch
+Patch15: bsc1221260-test_asyncio-ResourceWarning.patch
+# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch
+# This problem on libexpat is patched on SLE without version
+# update, this patch changes the tests to match the libexpat provided
+# by SUSE
+Patch16: CVE-2023-52425-libexpat-2.6.0-backport.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -435,7 +434,6 @@ other applications.
%patch -p1 -P 14
%patch -p1 -P 15
%patch -p1 -P 16
-%patch -p1 -P 17
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac