From: Theo Buehler Subject: Python 3.13.11 To: ports@openbsd.org Cc: kmos@openbsd.org Date: Wed, 10 Dec 2025 17:39:09 +0100 3.13.10 was a rather massive update and .11 adds a few fixes on top, some of them for not too terrible security issues: https://www.python.org/downloads/release/python-31310/ https://www.python.org/downloads/release/python-31311/ The annoying bit about this update is that our homegrown expat build system does not install expat_config.h, which, strangely, is autoconf results exposed in a public header (next to a few XML_ things). Until that's sorted in base we get to patch the Python code since the expat maintainer made the mitigation knobs only available behind some config knobs, which the new Python code assumes to be enabled. Index: Makefile =================================================================== RCS file: /cvs/ports/lang/python/3/Makefile,v diff -u -p -r1.17 Makefile --- Makefile 14 Nov 2025 17:46:17 -0000 1.17 +++ Makefile 10 Dec 2025 06:34:31 -0000 @@ -3,12 +3,15 @@ # requirement of the PSF license, if it constitutes a change to # Python itself. -FULL_VERSION = 3.13.9 +FULL_VERSION = 3.13.11 SHARED_LIBS = python3.13 0.0 VERSION_SPEC = >=3.13,<3.14 PORTROACH = limit:^3\.12 AUTOCONF_VERSION = 2.71 + +# XXX - should come from expat_config.h, which isn't installed in base +CFLAGS += -DXML_DTD -DXML_GE=1 CONFIGURE_ENV += ac_cv_working_openssl_hashlib=yes \ TCLTK_CFLAGS="-I${MODTCL_INCDIR} -I${MODTK_INCDIR} -I${X11BASE}/include" \ Index: distinfo =================================================================== RCS file: /cvs/ports/lang/python/3/distinfo,v diff -u -p -r1.8 distinfo --- distinfo 14 Nov 2025 17:46:17 -0000 1.8 +++ distinfo 10 Dec 2025 06:34:31 -0000 @@ -1,2 +1,2 @@ -SHA256 (Python-3.13.9.tgz) = xMBmrxnJj7eDXUc769fiO+hPbph01H2545po7l0M41w= -SIZE (Python-3.13.9.tgz) = 29289375 +SHA256 (Python-3.13.11.tgz) = A8/tvgbOIbxEzgkkXgkad/L+6eyb5cUgaQSKGBMAsgI= +SIZE (Python-3.13.11.tgz) = 29362906 Index: files/CHANGES.OpenBSD =================================================================== RCS file: /cvs/ports/lang/python/3/files/CHANGES.OpenBSD,v diff -u -p -r1.3 CHANGES.OpenBSD --- files/CHANGES.OpenBSD 14 Nov 2025 17:46:17 -0000 1.3 +++ files/CHANGES.OpenBSD 10 Dec 2025 06:34:31 -0000 @@ -22,5 +22,7 @@ which results in loading an incorrect ve 7. Adjust #ifdef to use LibreSSL's version of X509_STORE_get1_objects(). +8. Work around expat_config.h missing from base. + These changes are available in the OpenBSD CVS repository in ports/lang/python/3. Index: patches/patch-Modules_pyexpat_c =================================================================== RCS file: patches/patch-Modules_pyexpat_c diff -N patches/patch-Modules_pyexpat_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-Modules_pyexpat_c 10 Dec 2025 06:34:31 -0000 @@ -0,0 +1,11 @@ +Index: Modules/pyexpat.c +--- Modules/pyexpat.c.orig ++++ Modules/pyexpat.c +@@ -10,7 +10,6 @@ + #include + #include // offsetof() + +-#include "expat_config.h" + #include "expat.h" + #include "pyexpat.h" + Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/python/3/pkg/PLIST-main,v diff -u -p -r1.12 PLIST-main --- pkg/PLIST-main 14 Nov 2025 17:46:17 -0000 1.12 +++ pkg/PLIST-main 10 Dec 2025 06:34:31 -0000 @@ -1805,7 +1805,7 @@ lib/python3.13/ensurepip/__pycache__/_un lib/python3.13/ensurepip/__pycache__/_uninstall.cpython-313.opt-2.pyc lib/python3.13/ensurepip/__pycache__/_uninstall.cpython-313.pyc lib/python3.13/ensurepip/_bundled/ -lib/python3.13/ensurepip/_bundled/pip-25.2-py3-none-any.whl +lib/python3.13/ensurepip/_bundled/pip-25.3-py3-none-any.whl lib/python3.13/ensurepip/_uninstall.py lib/python3.13/enum.py lib/python3.13/filecmp.py