From 2253eadce984c4668f3b66358049b1fd96ddd8f0dfb9e16e9c337c28139e7f5a Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Fri, 10 Jun 2022 18:01:18 +0000
Subject: [PATCH] - Fix building of documentation and the universal
 configuration of the   %primary_interpreter. - (bsc#1196784, CVE-2022-25236)
 Rename patch:   support-expat-245.patch to
 support-expat-CVE-2022-25236-patched.patch   and update the patch to detect
 expat >= 2.4.4 instead of >= 2.4.5   as it was fully patched against
 CVE-2022-25236.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=103
---
 python39.changes                           |  6 ++
 python39.spec                              | 22 ++++---
 support-expat-245.patch                    | 75 ----------------------
 support-expat-CVE-2022-25236-patched.patch | 49 ++++++++++++++
 4 files changed, 67 insertions(+), 85 deletions(-)
 delete mode 100644 support-expat-245.patch
 create mode 100644 support-expat-CVE-2022-25236-patched.patch

diff --git a/python39.changes b/python39.changes
index fc24719..2b9b921 100644
--- a/python39.changes
+++ b/python39.changes
@@ -4,6 +4,12 @@ Thu Jun  9 16:43:30 UTC 2022 - Matej Cepl <mcepl@suse.com>
 - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
   CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
   command injection in the mailcap module.
+- Fix building of documentation and the universal configuration of the
+  %primary_interpreter.
+- (bsc#1196784, CVE-2022-25236) Rename patch:
+  support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
+  and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
+  as it was fully patched against CVE-2022-25236.
 
 -------------------------------------------------------------------
 Fri May 20 14:18:15 UTC 2022 - Matej Cepl <mcepl@suse.com>
diff --git a/python39.spec b/python39.spec
index c21c2c8..dc1b989 100644
--- a/python39.spec
+++ b/python39.spec
@@ -51,7 +51,11 @@
 %define         python_pkg_name python39
 # Will provide the python3-* provides
 # Will do the /usr/bin/python3 and all the core links
-%define         primary_interpreter 0
+%if 0%{?sle_version} || 0%{?suse_version} >= 1550
+%define primary_interpreter 0
+%else
+%define primary_interpreter 1
+%endif
 # We don't process beta signs well
 %define         folderversion 3.9.13
 %define         tarname    Python-%{tarversion}
@@ -151,9 +155,9 @@ Patch33:        no-skipif-doctests.patch
 # PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com
 # skip a test failing on SLE-15
 Patch34:        skip-test_pyobject_freed_is_freed.patch
-# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com
+# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
 # Makes Python resilient to changes of API of libexpat
-Patch35:        support-expat-245.patch
+Patch35:        support-expat-CVE-2022-25236-patched.patch
 # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
 # avoid the command injection in the mailcap module.
 Patch36:        CVE-2015-20107-mailcap-unsafe-filenames.patch
@@ -184,12 +188,12 @@ BuildRequires:  pkgconfig(libtirpc)
 BuildRequires:  mpdecimal-devel
 %endif
 %if %{with doc}
-%if 0%{?suse_version} >= 1550
-BuildRequires:  %{python_pkg_name}-Sphinx
-BuildRequires:  %{python_pkg_name}-python-docs-theme >= 2022.1
-%else
+%if 0%{?sle_version} && 0%{?sle_version} <= 150300
 BuildRequires:  python3-Sphinx
 BuildRequires:  python3-python-docs-theme >= 2022.1
+%else
+BuildRequires:  %{python_pkg_name}-Sphinx
+BuildRequires:  %{python_pkg_name}-python-docs-theme >= 2022.1
 %endif
 %endif
 %if %{with general}
@@ -407,10 +411,8 @@ other applications.
 %patch25 -p1
 %patch29 -p1
 %patch32 -p1
-%if 0%{?suse_version} <= 1500
-%patch33 -p1
-%endif
 %if 0%{?sle_version} && 0%{?sle_version} <= 150300
+%patch33 -p1
 %patch34 -p1
 %endif
 %if %{with mpdecimal}
diff --git a/support-expat-245.patch b/support-expat-245.patch
deleted file mode 100644
index f4761ee..0000000
--- a/support-expat-245.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From d4f5bb912e67299b59b814b89a5afd9a8821a14e Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Mon, 21 Feb 2022 11:03:08 -0800
-Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
- (GH-31471)
-
-Curly brackets were never allowed in namespace URIs
-according to RFC 3986, and so-called namespace-validating
-XML parsers have the right to reject them a invalid URIs.
-
-libexpat >=2.4.5 has become strcter in that regard due to
-related security issues; with ET.XML instantiating a
-namespace-aware parser under the hood, this test has no
-future in CPython.
-
-References:
-- https://datatracker.ietf.org/doc/html/rfc3968
-- https://www.w3.org/TR/xml-names/
-
-Also, test_minidom.py: Support Expat >=2.4.5
-(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
-
-Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
----
- Lib/test/test_minidom.py                                          |   13 ++++------
- Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst |    1 
- 2 files changed, 7 insertions(+), 7 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
-
---- a/Lib/test/test_minidom.py
-+++ b/Lib/test/test_minidom.py
-@@ -6,12 +6,11 @@ import io
- from test import support
- import unittest
- 
--import pyexpat
-+import xml.parsers.expat
- import xml.dom.minidom
- 
- from xml.dom.minidom import parse, Node, Document, parseString
- from xml.dom.minidom import getDOMImplementation
--from xml.parsers.expat import ExpatError
- 
- 
- tstfile = support.findfile("test.xml", subdir="xmltestdata")
-@@ -1149,10 +1148,10 @@ class MinidomTest(unittest.TestCase):
- 
-         # Verify that character decoding errors raise exceptions instead
-         # of crashing
--        if pyexpat.version_info >= (2, 4, 5):
--            self.assertRaises(ExpatError, parseString,
-+        if xml.parsers.expat.version_info >= (2, 4, 4):
-+            self.assertRaises(xml.parsers.expat.ExpatError, parseString,
-                     b'<fran\xe7ais></fran\xe7ais>')
--            self.assertRaises(ExpatError, parseString,
-+            self.assertRaises(xml.parsers.expat.ExpatError, parseString,
-                     b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
-         else:
-             self.assertRaises(UnicodeDecodeError, parseString,
-@@ -1617,8 +1616,8 @@ class MinidomTest(unittest.TestCase):
-         self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
- 
-     def testExceptionOnSpacesInXMLNSValue(self):
--        if pyexpat.version_info >= (2, 4, 5):
--            context = self.assertRaisesRegex(ExpatError, 'syntax error')
-+        if xml.parsers.expat.version_info >= (2, 4, 4):
-+            context = self.assertRaisesRegex(xml.parsers.expat.ExpatError, 'syntax error')
-         else:
-             context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
- 
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
-@@ -0,0 +1 @@
-+Make test suite support Expat >=2.4.5
diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch
new file mode 100644
index 0000000..34cc199
--- /dev/null
+++ b/support-expat-CVE-2022-25236-patched.patch
@@ -0,0 +1,49 @@
+From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 21 Feb 2022 08:16:09 -0800
+Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
+ (GH-31472)
+
+Curly brackets were never allowed in namespace URIs
+according to RFC 3986, and so-called namespace-validating
+XML parsers have the right to reject them a invalid URIs.
+
+libexpat >=2.4.5 has become strcter in that regard due to
+related security issues; with ET.XML instantiating a
+namespace-aware parser under the hood, this test has no
+future in CPython.
+
+References:
+- https://datatracker.ietf.org/doc/html/rfc3968
+- https://www.w3.org/TR/xml-names/
+
+Also, test_minidom.py: Support Expat >=2.4.5
+(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
+
+Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
+---
+ Lib/test/test_minidom.py |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
+
+--- a/Lib/test/test_minidom.py
++++ b/Lib/test/test_minidom.py
+@@ -1149,7 +1149,7 @@ class MinidomTest(unittest.TestCase):
+ 
+         # Verify that character decoding errors raise exceptions instead
+         # of crashing
+-        if pyexpat.version_info >= (2, 4, 5):
++        if pyexpat.version_info >= (2, 4, 4):
+             self.assertRaises(ExpatError, parseString,
+                     b'<fran\xe7ais></fran\xe7ais>')
+             self.assertRaises(ExpatError, parseString,
+@@ -1617,7 +1617,7 @@ class MinidomTest(unittest.TestCase):
+         self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
+ 
+     def testExceptionOnSpacesInXMLNSValue(self):
+-        if pyexpat.version_info >= (2, 4, 5):
++        if pyexpat.version_info >= (2, 4, 4):
+             context = self.assertRaisesRegex(ExpatError, 'syntax error')
+         else:
+             context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')