From 4c508562f05742418002a75c8537ea8c5d79274b Mon Sep 17 00:00:00 2001
From: Tomáš Hrnčiar <thrnciar@redhat.com>
Date: Dec 07 2022 11:02:58 +0000
Subject: Update to 3.10.9


---

diff --git a/00391-don-t-use-linux-abstract-sockets-for-multiprocessing.patch b/00391-don-t-use-linux-abstract-sockets-for-multiprocessing.patch
deleted file mode 100644
index fb7dbad..0000000
--- a/00391-don-t-use-linux-abstract-sockets-for-multiprocessing.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Thu, 20 Oct 2022 16:55:51 -0700
-Subject: [PATCH] 00391: Don't use Linux abstract sockets for multiprocessing
-
-Linux abstract sockets are insecure as they lack any form of filesystem
-permissions so their use allows anyone on the system to inject code into
-the process.
-
-This removes the default preference for abstract sockets in
-multiprocessing introduced in Python 3.9+ via
-https://github.com/python/cpython/pull/18866 while fixing
-https://github.com/python/cpython/issues/84031.
-
-Explicit use of an abstract socket by a user now generates a
-RuntimeWarning.  If we choose to keep this warning, it should be
-backported to the 3.7 and 3.8 branches.
-(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
-
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
-
-Automerge-Triggered-By: GH:gpshead
----
- Lib/multiprocessing/connection.py                 |  5 -----
- .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++
- 2 files changed, 15 insertions(+), 5 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-
-diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
-index 510e4b5aba..8e2facf92a 100644
---- a/Lib/multiprocessing/connection.py
-+++ b/Lib/multiprocessing/connection.py
-@@ -73,11 +73,6 @@ def arbitrary_address(family):
-     if family == 'AF_INET':
-         return ('localhost', 0)
-     elif family == 'AF_UNIX':
--        # Prefer abstract sockets if possible to avoid problems with the address
--        # size.  When coding portable applications, some implementations have
--        # sun_path as short as 92 bytes in the sockaddr_un struct.
--        if util.abstract_sockets_supported:
--            return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
-         return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
-     elif family == 'AF_PIPE':
-         return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
-diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-new file mode 100644
-index 0000000000..02d95b5705
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-@@ -0,0 +1,15 @@
-+On Linux the :mod:`multiprocessing` module returns to using filesystem backed
-+unix domain sockets for communication with the *forkserver* process instead of
-+the Linux abstract socket namespace.  Only code that chooses to use the
-+:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
-+
-+Abstract sockets have no permissions and could allow any user on the system in
-+the same `network namespace
-+<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
-+whole system) to inject code into the multiprocessing *forkserver* process.
-+This was a potential privilege escalation. Filesystem based socket permissions
-+restrict this to the *forkserver* process user as was the default in Python 3.8
-+and earlier.
-+
-+This prevents Linux `CVE-2022-42919
-+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
diff --git a/00393-idle---fix-buggy-macosx-patch.patch b/00393-idle---fix-buggy-macosx-patch.patch
deleted file mode 100644
index 5bb80dc..0000000
--- a/00393-idle---fix-buggy-macosx-patch.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Sun, 16 Oct 2022 08:33:33 -0700
-Subject: [PATCH] 00393: IDLE - fix buggy macosx patch
-
-GH-97530 fixed IDLE tests possibly crashing on a Mac without a GUI.
-But it resulted in IDLE not starting in 3.10.8, 3.12.0a1, and
-Microsoft Python 3.10.2288.0 when test/* is not installed.
-After this patch, test.* is only imported when testing on Mac.
-(cherry picked from commit 35fa5d5e7f2b0971b39b2659dc70cb77e34a7dd6)
-
-Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
----
- Lib/idlelib/NEWS.txt                          |  5 +++
- Lib/idlelib/macosx.py                         | 42 ++++++++++++-------
- ...2-10-15-21-20-40.gh-issue-97527.otAHJM.rst |  3 ++
- 3 files changed, 34 insertions(+), 16 deletions(-)
- create mode 100644 Misc/NEWS.d/next/IDLE/2022-10-15-21-20-40.gh-issue-97527.otAHJM.rst
-
-diff --git a/Lib/idlelib/NEWS.txt b/Lib/idlelib/NEWS.txt
-index 277fd9429a..521b1f12f9 100644
---- a/Lib/idlelib/NEWS.txt
-+++ b/Lib/idlelib/NEWS.txt
-@@ -4,6 +4,11 @@ Released 2023-04-03?
- =========================
- 
- 
-+gh-97527: Fix a bug in the previous bugfix that caused IDLE to not
-+start when run with 3.10.8, 3.12.0a1, and at least Microsoft Python
-+3.10.2288.0 installed without the Lib/test package.  3.11.0 was never
-+affected.
-+
- gh-65802: Document handling of extensions in Save As dialogs.
- 
- gh-95191: Include prompts when saving Shell (interactive input/output).
-diff --git a/Lib/idlelib/macosx.py b/Lib/idlelib/macosx.py
-index 1085d689f6..f53bd58970 100644
---- a/Lib/idlelib/macosx.py
-+++ b/Lib/idlelib/macosx.py
-@@ -4,7 +4,6 @@
- from os.path import expanduser
- import plistlib
- from sys import platform  # Used in _init_tk_type, changed by test.
--from test.support import requires, ResourceDenied
- 
- import tkinter
- 
-@@ -16,27 +15,38 @@
- 
- def _init_tk_type():
-     """ Initialize _tk_type for isXyzTk functions.
-+
-+    This function is only called once, when _tk_type is still None.
-     """
-     global _tk_type
-     if platform == 'darwin':
--        try:
--            requires('gui')
--        except ResourceDenied:  # Possible when testing.
--            _tk_type = "cocoa"  # Newest and most common.
--        else:
--            root = tkinter.Tk()
--            ws = root.tk.call('tk', 'windowingsystem')
--            if 'x11' in ws:
--                _tk_type = "xquartz"
--            elif 'aqua' not in ws:
--                _tk_type = "other"
--            elif 'AppKit' in root.tk.call('winfo', 'server', '.'):
-+
-+        # When running IDLE, GUI is present, test/* may not be.
-+        # When running tests, test/* is present, GUI may not be.
-+        # If not, guess most common.  Does not matter for testing.
-+        from idlelib.__init__ import testing
-+        if testing:
-+            from test.support import requires, ResourceDenied
-+            try:
-+                requires('gui')
-+            except ResourceDenied:
-                 _tk_type = "cocoa"
--            else:
--                _tk_type = "carbon"
--            root.destroy()
-+                return
-+
-+        root = tkinter.Tk()
-+        ws = root.tk.call('tk', 'windowingsystem')
-+        if 'x11' in ws:
-+            _tk_type = "xquartz"
-+        elif 'aqua' not in ws:
-+            _tk_type = "other"
-+        elif 'AppKit' in root.tk.call('winfo', 'server', '.'):
-+            _tk_type = "cocoa"
-+        else:
-+            _tk_type = "carbon"
-+        root.destroy()
-     else:
-         _tk_type = "other"
-+    return
- 
- def isAquaTk():
-     """
-diff --git a/Misc/NEWS.d/next/IDLE/2022-10-15-21-20-40.gh-issue-97527.otAHJM.rst b/Misc/NEWS.d/next/IDLE/2022-10-15-21-20-40.gh-issue-97527.otAHJM.rst
-new file mode 100644
-index 0000000000..e7fda89741
---- /dev/null
-+++ b/Misc/NEWS.d/next/IDLE/2022-10-15-21-20-40.gh-issue-97527.otAHJM.rst
-@@ -0,0 +1,3 @@
-+Fix a bug in the previous bugfix that caused IDLE to not start when run with
-+3.10.8, 3.12.0a1, and at least Microsoft Python 3.10.2288.0 installed
-+without the Lib/test package.  3.11.0 was never affected.
diff --git a/python3.10.spec b/python3.10.spec
index 1f0ea58..432eedd 100644
--- a/python3.10.spec
+++ b/python3.10.spec
@@ -13,11 +13,11 @@ URL: https://www.python.org/
 
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.8
+%global general_version %{pybasever}.9
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 3%{?dist}
+Release: 1%{?dist}
 License: Python-2.0.1
 
 
@@ -67,8 +67,8 @@ License: Python-2.0.1
 # If the rpmwheels condition is disabled, we use the bundled wheel packages
 # from Python with the versions below.
 # This needs to be manually updated when we update Python.
-%global pip_version 22.2.2
-%global setuptools_version 63.2.0
+%global pip_version 22.3.1
+%global setuptools_version 65.5.0
 
 # Expensive optimizations (mainly, profile-guided optimizations)
 %bcond_without optimizations
@@ -322,35 +322,6 @@ Patch328: 00328-pyc-timestamp-invalidation-mode.patch
 # https://github.com/GrahamDumpleton/mod_wsgi/issues/730
 Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch
 
-# 00391 # e6d12d8fca6afad3a56dc076c220f213b723a28e
-# Don't use Linux abstract sockets for multiprocessing
-#
-# Linux abstract sockets are insecure as they lack any form of filesystem
-# permissions so their use allows anyone on the system to inject code into
-# the process.
-#
-# This removes the default preference for abstract sockets in
-# multiprocessing introduced in Python 3.9+ via
-# https://github.com/python/cpython/pull/18866 while fixing
-# https://github.com/python/cpython/issues/84031.
-#
-# Explicit use of an abstract socket by a user now generates a
-# RuntimeWarning.  If we choose to keep this warning, it should be
-# backported to the 3.7 and 3.8 branches.
-#
-#
-# Automerge-Triggered-By: GH:gpshead
-Patch391: 00391-don-t-use-linux-abstract-sockets-for-multiprocessing.patch
-
-# 00393 # 353b3ca7b9e0884839cd6dea28c9bafd9f878571
-# IDLE - fix buggy macosx patch
-#
-# GH-97530 fixed IDLE tests possibly crashing on a Mac without a GUI.
-# But it resulted in IDLE not starting in 3.10.8, 3.12.0a1, and
-# Microsoft Python 3.10.2288.0 when test/* is not installed.
-# After this patch, test.* is only imported when testing on Mac.
-Patch393: 00393-idle---fix-buggy-macosx-patch.patch
-
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -1608,6 +1579,9 @@ CheckPython optimized
 # ======================================================
 
 %changelog
+* Wed Dec 07 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.9-1
+- Update to 3.10.9
+
 * Mon Nov 14 2022 Miro Hrončok <mhroncok@redhat.com> - 3.10.8-3
 - Make IDLE work without python3-test installed
 - Fixes rhbz#2142602
diff --git a/sources b/sources
index f04c9ab..f7775cf 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (Python-3.10.8.tar.xz) = 40e3e77d79618c81d6fc57c5d119b99c2959dcf932f40aad6b26f2ec39c5e713e6ff298f7597b4fad2ab94680db3732483b5ca0a45e6ae58c14580b3ea44cb0f
-SHA512 (Python-3.10.8.tar.xz.asc) = 0c2ef09d898257ba5e9ec7c5bb224a7e50e5ebca96843b4d9e25be6cdd2f17144772aafc92280af20c21491e3c8cedc697414688ece613c93b28ff7ecddcf93f
+SHA512 (Python-3.10.9.tar.xz) = d66ea8adeb6dc4951e612175f8838b3092967ff275b7a3470f2d86f470036aa2221e722c3144d90bcd230b88efd53dde204213f72f703e524e4b833e2ccc68e2
+SHA512 (Python-3.10.9.tar.xz.asc) = 525e166ede6836086de814c26fc880f41eaf1ed4bff6118f00342e42f7ab1c47148447ced1b565e146d3125fa06b5cd6b394a256bc61096766b26e07f18bbf10