diff --git a/CVE-2023-52425-libexpat-2.6.0-backport.patch b/CVE-2023-52425-libexpat-2.6.0-backport.patch
new file mode 100644
index 0000000..334b7b8
--- /dev/null
+++ b/CVE-2023-52425-libexpat-2.6.0-backport.patch
@@ -0,0 +1,57 @@
+---
+ Lib/test/test_pyexpat.py | 4 ++++
+ Lib/test/test_sax.py | 3 +++
+ Lib/test/test_xml_etree.py | 7 +++++++
+ 3 files changed, 14 insertions(+)
+
+--- a/Lib/test/test_pyexpat.py
++++ b/Lib/test/test_pyexpat.py
+@@ -766,6 +766,10 @@ class ReparseDeferralTest(unittest.TestC
+ self.assertEqual(started, ['doc'])
+
+ def test_reparse_deferral_disabled(self):
++ if expat.version_info < (2, 6, 0):
++ self.skipTest(f'Expat {expat.version_info} does not '
++ 'support reparse deferral')
++
+ started = []
+
+ def start_element(name, _):
+--- a/Lib/test/test_sax.py
++++ b/Lib/test/test_sax.py
+@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
+
+ self.assertEqual(result.getvalue(), start + b"")
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Expat {pyexpat.version_info} does not '
++ 'support reparse deferral')
+ def test_flush_reparse_deferral_disabled(self):
+ result = BytesIO()
+ xmlgen = XMLGenerator(result)
+--- a/Lib/test/test_xml_etree.py
++++ b/Lib/test/test_xml_etree.py
+@@ -1420,9 +1420,13 @@ class XMLPullParserTest(unittest.TestCas
+ self.assert_event_tags(parser, [('end', 'root')])
+ self.assertIsNone(parser.close())
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Fail with patched version of Expat {pyexpat.version_info}')
+ def test_simple_xml_chunk_1(self):
+ self.test_simple_xml(chunk_size=1, flush=True)
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Fail with patched version of Expat {pyexpat.version_info}')
+ def test_simple_xml_chunk_5(self):
+ self.test_simple_xml(chunk_size=5, flush=True)
+
+@@ -1648,6 +1652,9 @@ class XMLPullParserTest(unittest.TestCas
+
+ self.assert_event_tags(parser, [('end', 'doc')])
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Expat {pyexpat.version_info} does not '
++ 'support reparse deferral')
+ def test_flush_reparse_deferral_disabled(self):
+ parser = ET.XMLPullParser(events=('start', 'end'))
+
diff --git a/old-libexpat.patch b/old-libexpat.patch
deleted file mode 100644
index 77f45e3..0000000
--- a/old-libexpat.patch
+++ /dev/null
@@ -1,79 +0,0 @@
----
- Lib/test/test_sax.py | 10 +++++-----
- Lib/test/test_xml_etree.py | 17 ++++++++---------
- 2 files changed, 13 insertions(+), 14 deletions(-)
-
---- a/Lib/test/test_sax.py
-+++ b/Lib/test/test_sax.py
-@@ -1211,10 +1211,9 @@ class ExpatReaderTest(XmlTestBase):
-
- self.assertEqual(result.getvalue(), start + b"text")
-
-+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
-+ "Reparse deferral not defined for libexpat < 2.6.0")
- def test_flush_reparse_deferral_enabled(self):
-- if pyexpat.version_info < (2, 6, 0):
-- self.skipTest(f'Expat {pyexpat.version_info} does not support reparse deferral')
--
- result = BytesIO()
- xmlgen = XMLGenerator(result)
- parser = create_parser()
-@@ -1236,6 +1235,8 @@ class ExpatReaderTest(XmlTestBase):
-
- self.assertEqual(result.getvalue(), start + b"")
-
-+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
-+ "Reparse deferral not defined for libexpat < 2.6.0")
- def test_flush_reparse_deferral_disabled(self):
- result = BytesIO()
- xmlgen = XMLGenerator(result)
-@@ -1245,8 +1246,7 @@ class ExpatReaderTest(XmlTestBase):
- for chunk in (""):
- parser.feed(chunk)
-
-- if pyexpat.version_info >= (2, 6, 0):
-- parser._parser.SetReparseDeferralEnabled(False)
-+ parser._parser.SetReparseDeferralEnabled(False)
-
- self.assertEqual(result.getvalue(), start) # i.e. no elements started
- self.assertFalse(parser._parser.GetReparseDeferralEnabled())
---- a/Lib/test/test_xml_etree.py
-+++ b/Lib/test/test_xml_etree.py
-@@ -1619,11 +1619,9 @@ class XMLPullParserTest(unittest.TestCas
- with self.assertRaises(ValueError):
- ET.XMLPullParser(events=('start', 'end', 'bogus'))
-
-+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
-+ "Reparse deferral not defined for libexpat < 2.6.0")
- def test_flush_reparse_deferral_enabled(self):
-- if pyexpat.version_info < (2, 6, 0):
-- self.skipTest(f'Expat {pyexpat.version_info} does not '
-- 'support reparse deferral')
--
- parser = ET.XMLPullParser(events=('start', 'end'))
-
- for chunk in (""):
-@@ -1644,17 +1642,18 @@ class XMLPullParserTest(unittest.TestCas
-
- self.assert_event_tags(parser, [('end', 'doc')])
-
-+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
-+ "Reparse deferral not defined for libexpat < 2.6.0")
- def test_flush_reparse_deferral_disabled(self):
- parser = ET.XMLPullParser(events=('start', 'end'))
-
- for chunk in (""):
- parser.feed(chunk)
-
-- if pyexpat.version_info >= (2, 6, 0):
-- if not ET is pyET:
-- self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled '
-- 'methods not available in C')
-- parser._parser._parser.SetReparseDeferralEnabled(False)
-+ if not ET is pyET:
-+ self.skipTest(f'XMLParser.(Get|Set)ReparseDeferralEnabled '
-+ 'methods not available in C')
-+ parser._parser._parser.SetReparseDeferralEnabled(False)
-
- self.assert_event_tags(parser, []) # i.e. no elements started
- if ET is pyET:
diff --git a/python39.changes b/python39.changes
index a85584b..194295b 100644
--- a/python39.changes
+++ b/python39.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Sep 5 08:11:45 UTC 2024 - Matej Cepl
+
+- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
+ patched libexpat below 2.6.0 that doesn't update the version number,
+ just in SLE.
+- Remove old-libexpat.patch, of course.
+
-------------------------------------------------------------------
Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl
diff --git a/python39.spec b/python39.spec
index 11f30ed..1e7c7e2 100644
--- a/python39.spec
+++ b/python39.spec
@@ -164,6 +164,9 @@ Patch34: skip-test_pyobject_freed_is_freed.patch
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
# Makes Python resilient to changes of API of libexpat
Patch35: support-expat-CVE-2022-25236-patched.patch
+# PATCH-FIX-UPSTREAM CVE-2023-52425-libexpat-2.6.0-backport.patch gh#python/cpython#117187 mcepl@suse.com
+# Make the test suite work with libexpat < 2.6.0
+Patch36: CVE-2023-52425-libexpat-2.6.0-backport.patch
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
# this patch makes things totally awesome
Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
@@ -184,9 +187,6 @@ Patch41: downport-Sphinx-features.patch
# indicate the parsing error (old API), from gh#python/cpython!105127
# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also partially REVERTED
Patch42: CVE-2023-27043-email-parsing-errors.patch
-# PATCH-FIX-UPSTREAM old-libexpat.patch gh#python/cpython#117187 mcepl@suse.com
-# Make the test suite work with libexpat < 2.6.0
-Patch43: old-libexpat.patch
# PATCH-FIX-UPSTREAM CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch bsc#1226447 mcepl@suse.com
# removes memory race condition in ssl.SSLContext certificate store methods
Patch44: CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
@@ -463,6 +463,7 @@ other applications.
%patch -P 05 -p1
%endif
%patch -P 35 -p1
+%patch -P 36 -p1
%patch -P 37 -p1
%patch -P 38 -p1
%patch -P 39 -p1