From: Stuart Henderson Subject: Re: Python 3.13.11 To: Theo Buehler Cc: ports@openbsd.org, kmos@openbsd.org Date: Thu, 11 Dec 2025 13:30:16 +0000 On 2025/12/10 17:39, Theo Buehler wrote: > 3.13.10 was a rather massive update and .11 adds a few fixes on top, > some of them for not too terrible security issues: > > https://www.python.org/downloads/release/python-31310/ > https://www.python.org/downloads/release/python-31311/ > > The annoying bit about this update is that our homegrown expat build > system does not install expat_config.h, which, strangely, is autoconf > results exposed in a public header (next to a few XML_ things). Until > that's sorted in base we get to patch the Python code since the expat > maintainer made the mitigation knobs only available behind some config > knobs, which the new Python code assumes to be enabled. That seems a reasonable way to deal with it for now. No issues seen in the tests I've done so far. ok > Index: Makefile > =================================================================== > RCS file: /cvs/ports/lang/python/3/Makefile,v > diff -u -p -r1.17 Makefile > --- Makefile 14 Nov 2025 17:46:17 -0000 1.17 > +++ Makefile 10 Dec 2025 06:34:31 -0000 > @@ -3,12 +3,15 @@ > # requirement of the PSF license, if it constitutes a change to > # Python itself. > > -FULL_VERSION = 3.13.9 > +FULL_VERSION = 3.13.11 > SHARED_LIBS = python3.13 0.0 > VERSION_SPEC = >=3.13,<3.14 > PORTROACH = limit:^3\.12 > > AUTOCONF_VERSION = 2.71 > + > +# XXX - should come from expat_config.h, which isn't installed in base > +CFLAGS += -DXML_DTD -DXML_GE=1 > > CONFIGURE_ENV += ac_cv_working_openssl_hashlib=yes \ > TCLTK_CFLAGS="-I${MODTCL_INCDIR} -I${MODTK_INCDIR} -I${X11BASE}/include" \ > Index: distinfo > =================================================================== > RCS file: /cvs/ports/lang/python/3/distinfo,v > diff -u -p -r1.8 distinfo > --- distinfo 14 Nov 2025 17:46:17 -0000 1.8 > +++ distinfo 10 Dec 2025 06:34:31 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (Python-3.13.9.tgz) = xMBmrxnJj7eDXUc769fiO+hPbph01H2545po7l0M41w= > -SIZE (Python-3.13.9.tgz) = 29289375 > +SHA256 (Python-3.13.11.tgz) = A8/tvgbOIbxEzgkkXgkad/L+6eyb5cUgaQSKGBMAsgI= > +SIZE (Python-3.13.11.tgz) = 29362906 > Index: files/CHANGES.OpenBSD > =================================================================== > RCS file: /cvs/ports/lang/python/3/files/CHANGES.OpenBSD,v > diff -u -p -r1.3 CHANGES.OpenBSD > --- files/CHANGES.OpenBSD 14 Nov 2025 17:46:17 -0000 1.3 > +++ files/CHANGES.OpenBSD 10 Dec 2025 06:34:31 -0000 > @@ -22,5 +22,7 @@ which results in loading an incorrect ve > > 7. Adjust #ifdef to use LibreSSL's version of X509_STORE_get1_objects(). > > +8. Work around expat_config.h missing from base. > + > These changes are available in the OpenBSD CVS repository > in ports/lang/python/3. > Index: patches/patch-Modules_pyexpat_c > =================================================================== > RCS file: patches/patch-Modules_pyexpat_c > diff -N patches/patch-Modules_pyexpat_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-Modules_pyexpat_c 10 Dec 2025 06:34:31 -0000 > @@ -0,0 +1,11 @@ > +Index: Modules/pyexpat.c > +--- Modules/pyexpat.c.orig > ++++ Modules/pyexpat.c > +@@ -10,7 +10,6 @@ > + #include > + #include // offsetof() > + > +-#include "expat_config.h" > + #include "expat.h" > + #include "pyexpat.h" > + > Index: pkg/PLIST-main > =================================================================== > RCS file: /cvs/ports/lang/python/3/pkg/PLIST-main,v > diff -u -p -r1.12 PLIST-main > --- pkg/PLIST-main 14 Nov 2025 17:46:17 -0000 1.12 > +++ pkg/PLIST-main 10 Dec 2025 06:34:31 -0000 > @@ -1805,7 +1805,7 @@ lib/python3.13/ensurepip/__pycache__/_un > lib/python3.13/ensurepip/__pycache__/_uninstall.cpython-313.opt-2.pyc > lib/python3.13/ensurepip/__pycache__/_uninstall.cpython-313.pyc > lib/python3.13/ensurepip/_bundled/ > -lib/python3.13/ensurepip/_bundled/pip-25.2-py3-none-any.whl > +lib/python3.13/ensurepip/_bundled/pip-25.3-py3-none-any.whl > lib/python3.13/ensurepip/_uninstall.py > lib/python3.13/enum.py > lib/python3.13/filecmp.py >