diff --git a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
new file mode 100644
index 0000000..5424315
--- /dev/null
+++ b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
@@ -0,0 +1,67 @@
+---
+ Lib/test/test_pyexpat.py | 4 ++++
+ Lib/test/test_sax.py | 3 +++
+ Lib/test/test_xml_etree.py | 10 ++++++++++
+ 3 files changed, 17 insertions(+)
+
+--- a/Lib/test/test_pyexpat.py
++++ b/Lib/test/test_pyexpat.py
+@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC
+ self.assertEqual(started, ['doc'])
+
+ def test_reparse_deferral_disabled(self):
++ if expat.version_info < (2, 6, 0):
++ self.skipTest(f'Expat {expat.version_info} does not '
++ 'support reparse deferral')
++
+ started = []
+
+ def start_element(name, _):
+--- a/Lib/test/test_sax.py
++++ b/Lib/test/test_sax.py
+@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
+
+ self.assertEqual(result.getvalue(), start + b"")
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Expat {pyexpat.version_info} does not '
++ 'support reparse deferral')
+ def test_flush_reparse_deferral_disabled(self):
+ result = BytesIO()
+ xmlgen = XMLGenerator(result)
+--- a/Lib/test/test_xml_etree.py
++++ b/Lib/test/test_xml_etree.py
+@@ -121,6 +121,11 @@ ATTLIST_XML = """\
+
+ """
+
++IS_SLE_15_7 = os.environ.get("SLE_VERSION", "") == "0150700"
++fails_with_expat_2_6_0 = (unittest.expectedFailure
++ # 2.4 version patched in SLE
++ if IS_SLE_15_7 and pyexpat.version_info >= (2, 4, 0) else
++ lambda test: test)
+ def checkwarnings(*filters, quiet=False):
+ def decorator(test):
+ def newtest(*args, **kwargs):
+@@ -1424,9 +1429,11 @@ class XMLPullParserTest(unittest.TestCas
+ self.assert_event_tags(parser, [('end', 'root')])
+ self.assertIsNone(parser.close())
+
++ @fails_with_expat_2_6_0
+ def test_simple_xml_chunk_1(self):
+ self.test_simple_xml(chunk_size=1, flush=True)
+
++ @fails_with_expat_2_6_0
+ def test_simple_xml_chunk_5(self):
+ self.test_simple_xml(chunk_size=5, flush=True)
+
+@@ -1651,6 +1658,9 @@ class XMLPullParserTest(unittest.TestCas
+
+ self.assert_event_tags(parser, [('end', 'doc')])
+
++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
++ f'Expat {pyexpat.version_info} does not '
++ 'support reparse deferral')
+ def test_flush_reparse_deferral_disabled(self):
+ parser = ET.XMLPullParser(events=('start', 'end'))
+
diff --git a/fix-test-recursion-limit-15.6.patch b/fix-test-recursion-limit-15.6.patch
new file mode 100644
index 0000000..4ec26b5
--- /dev/null
+++ b/fix-test-recursion-limit-15.6.patch
@@ -0,0 +1,34 @@
+---
+ Lib/test/test_compile.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: Python-3.13.0rc2/Lib/test/test_compile.py
+===================================================================
+--- Python-3.13.0rc2.orig/Lib/test/test_compile.py
++++ Python-3.13.0rc2/Lib/test/test_compile.py
+@@ -20,6 +20,9 @@ from test.support import (script_helper,
+ from test.support.bytecode_helper import instructions_with_positions
+ from test.support.os_helper import FakePath
+
++IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150700"
++IS_32bit = hasattr(os, "uname") and os.uname().machine in ["i386", "i486", "i586", "i686"]
++
+ class TestSpecifics(unittest.TestCase):
+
+ def compile_single(self, source):
+@@ -116,6 +119,7 @@ class TestSpecifics(unittest.TestCase):
+ self.assertEqual(d['z'], 12)
+
+ @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
++ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
+ def test_extended_arg(self):
+ repeat = int(get_c_recursion_limit() * 0.9)
+ longexpr = 'x = x or ' + '-x' * repeat
+@@ -687,6 +691,7 @@ class TestSpecifics(unittest.TestCase):
+
+ @support.cpython_only
+ @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI")
++ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586")
+ def test_compiler_recursion_limit(self):
+ # Expected limit is Py_C_RECURSION_LIMIT
+ limit = get_c_recursion_limit()
diff --git a/gh-124040-fix-test-math-i586.patch b/gh-124040-fix-test-math-i586.patch
new file mode 100644
index 0000000..7a60ea3
--- /dev/null
+++ b/gh-124040-fix-test-math-i586.patch
@@ -0,0 +1,45 @@
+From a4b73ddc0d395ec2e4d2e15637be8e1b51f35f22 Mon Sep 17 00:00:00 2001
+From: Sergey B Kirpichev
+Date: Fri, 13 Sep 2024 13:10:39 +0300
+Subject: [PATCH 1/4] gh-124040: simplify two hypot tests
+
+One-argument form is enough to test L2636 and compare computed
+values exactly.
+---
+ Lib/test/test_math.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: Python-3.13.0rc2/Lib/test/test_math.py
+===================================================================
+--- Python-3.13.0rc2.orig/Lib/test/test_math.py
++++ Python-3.13.0rc2/Lib/test/test_math.py
+@@ -809,11 +809,13 @@ class MathTests(unittest.TestCase):
+ # Test allowable types (those with __float__)
+ self.assertEqual(hypot(12.0, 5.0), 13.0)
+ self.assertEqual(hypot(12, 5), 13)
+- self.assertEqual(hypot(1, -1), math.sqrt(2))
+- self.assertEqual(hypot(1, FloatLike(-1.)), math.sqrt(2))
++ self.assertEqual(hypot(0.75, -1), 1.25)
++ self.assertEqual(hypot(-1, 0.75), 1.25)
++ self.assertEqual(hypot(0.75, FloatLike(-1.)), 1.25)
++ self.assertEqual(hypot(FloatLike(-1.), 0.75), 1.25)
+ self.assertEqual(hypot(Decimal(12), Decimal(5)), 13)
+ self.assertEqual(hypot(Fraction(12, 32), Fraction(5, 32)), Fraction(13, 32))
+- self.assertEqual(hypot(bool(1), bool(0), bool(1), bool(1)), math.sqrt(3))
++ self.assertEqual(hypot(True, False, True, True, True), 2.0)
+
+ # Test corner cases
+ self.assertEqual(hypot(0.0, 0.0), 0.0) # Max input is zero
+@@ -969,9 +971,9 @@ class MathTests(unittest.TestCase):
+ self.assertEqual(dist((D(14), D(1)), (D(2), D(-4))), D(13))
+ self.assertEqual(dist((F(14, 32), F(1, 32)), (F(2, 32), F(-4, 32))),
+ F(13, 32))
+- self.assertEqual(dist((True, True, False, True, False),
+- (True, False, True, True, False)),
+- sqrt(2.0))
++ self.assertEqual(dist((True, True, False, False, True, True),
++ (True, False, True, False, False, False)),
++ 2.0)
+
+ # Test corner cases
+ self.assertEqual(dist((13.25, 12.5, -3.25),
diff --git a/python313.changes b/python313.changes
index fca3fda..6bf767f 100644
--- a/python313.changes
+++ b/python313.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Sep 12 12:05:43 UTC 2024 - Daniel Garcia
+
+- Make it build for SLE SP7 (jsc#PED-10075):
+ - Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to build in
+ SLE-15-SP7.
+ - Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083
+ - Add gh-124040-fix-test-math-i586.patch, gh#python/cpython#124042
+
-------------------------------------------------------------------
Sat Sep 7 15:36:03 UTC 2024 - Matej Cepl
diff --git a/python313.spec b/python313.spec
index 9437cc3..57a6f80 100644
--- a/python313.spec
+++ b/python313.spec
@@ -60,13 +60,18 @@
%bcond_with profileopt
%endif
+# No experimental_jit in SLES, there's no clang >=18
+%if 0%{?suse_version} <= 1600
+%bcond_with experimental_jit
+%else
# Currently supported architectures
# https://peps.python.org/pep-0744/#support
-%ifarch %{x86_64} aarch64
+%ifarch x86_64 %{x86_64} aarch64
%bcond_without experimental_jit
%else
%bcond_with experimental_jit
%endif
+%endif
%define python_pkg_name python313
%if %{without GIL}
@@ -201,6 +206,16 @@ Patch08: no-skipif-doctests.patch
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com
# skip a test failing on SLE-15
Patch09: skip-test_pyobject_freed_is_freed.patch
+# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
+# This problem on libexpat is patched on 15.6 without version
+# update, this patch changes the tests to match the libexpat provided
+# by SUSE
+Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
+# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
+# Skip some failing tests in test_compile for i586 arch in 15.6.
+Patch40: fix-test-recursion-limit-15.6.patch
+# PATCH-FIX-UPSTREAM gh-124040-fix-test-math-i586.patch gh#python/cpython#124042
+Patch41: gh-124040-fix-test-math-i586.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -228,15 +243,25 @@ BuildRequires: pkgconfig(libtirpc)
BuildRequires: mpdecimal-devel
%endif
%if %{with doc}
+
+%if 0%{?sle_version} >= 150700 && !0%{?is_opensuse}
+BuildRequires: python311-Sphinx
+BuildRequires: python311-python-docs-theme
+%else
BuildRequires: python3-Sphinx >= 4.0.0
%if 0%{?suse_version} >= 1500
BuildRequires: python3-python-docs-theme >= 2022.1
%endif
-%endif
+%endif
+%endif
+# end of {with doc}
+
+%if %{with experimental_jit}
# needed for experimental_jit
BuildRequires: clang => 18
BuildRequires: llvm => 18
+%endif
%if %{without GIL}
ExcludeArch: aarch64
@@ -506,6 +531,9 @@ tar xvf %{SOURCE21}
# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
%build
+export SUSE_VERSION="0%{?suse_version}"
+export SLE_VERSION="0%{?sle_version}"
+
%if %{with doc}
TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"`
# TODO use not date of tarball but date of latest patch
@@ -564,7 +592,6 @@ export CFLAGS="%{optflags} -IVendor/"
# Objects/typeslots.inc \
# Python/opcode_targets.h \
# Include/opcode.h
-%make_build
%if %{with general}
%make_build
@@ -581,6 +608,8 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \
%endif
%check
+export SUSE_VERSION="0%{?suse_version}"
+export SLE_VERSION="0%{?sle_version}"
%if %{with general}
# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos
# when you install gdb into your test env
@@ -709,7 +738,6 @@ install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_abi}
)
# keep just idle3.X
-ls -l %{buildroot}%{_bindir}/
rm %{buildroot}%{_bindir}/idle3
# mve idle binary to idle3.13t to avoid conflict