Update to 3.10.6

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

00001-rpath.patch

@@ -9,7 +9,7 @@ Subject: [PATCH] 00001: Fixup distutils/unixccompiler.py to remove standard
  1 file changed, 9 insertions(+)
 
 diff --git a/Lib/distutils/unixccompiler.py b/Lib/distutils/unixccompiler.py
-index f0792de74a..4d837936c6 100644
+index d00c48981e..0283a28c19 100644
 --- a/Lib/distutils/unixccompiler.py
 +++ b/Lib/distutils/unixccompiler.py
 @@ -82,6 +82,15 @@ class UnixCCompiler(CCompiler):

00251-change-user-install-location.patch

@@ -2,6 +2,9 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Lumir Balhar <lbalhar@redhat.com>
 Date: Mon, 15 Feb 2021 12:19:27 +0100
 Subject: [PATCH] 00251: Change user install location
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
 
 Change the values of sysconfig's "posix_prefix" install scheme to /usr/local
 when RPM build or venv/virtualenv is not detected,
@@ -22,11 +25,12 @@ Downstream only for now, waiting for https://bugs.python.org/issue43976
 Co-authored-by: Petr Viktorin <encukou@gmail.com>
 Co-authored-by: Miro Hrončok <miro@hroncok.cz>
 Co-authored-by: Michal Cyprian <m.cyprian@gmail.com>
+Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
 ---
  Lib/site.py                |  9 ++++++++-
- Lib/sysconfig.py           | 19 +++++++++++++++++++
+ Lib/sysconfig.py           | 25 +++++++++++++++++++++++++
  Lib/test/test_sysconfig.py |  4 +++-
- 3 files changed, 30 insertions(+), 2 deletions(-)
+ 3 files changed, 36 insertions(+), 2 deletions(-)
 
 diff --git a/Lib/site.py b/Lib/site.py
 index 939893eb5e..d1316c3355 100644
@@ -50,16 +54,22 @@ index 939893eb5e..d1316c3355 100644
          if os.path.isdir(sitedir):
              addsitedir(sitedir, known_paths)
 diff --git a/Lib/sysconfig.py b/Lib/sysconfig.py
-index 95b48f6429..226b55a556 100644
+index daf9f00006..40e4edf0ae 100644
 --- a/Lib/sysconfig.py
 +++ b/Lib/sysconfig.py
-@@ -58,6 +58,25 @@
+@@ -58,6 +58,31 @@
          },
      }
  
 +# backup the original posix_prefix as rpm_prefix
 +# RPM packages use it and we need to be able to read it even when changed
 +_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix']
++# Virtualenv >= 20.10.0 favors the "venv" scheme over the defaults when creating virtual environments.
++# See: https://github.com/pypa/virtualenv/commit/8da79db86d8a5c74d03667a40e64ff832076445e
++# See: https://bugs.python.org/issue45413
++# "venv" should be the same as the unpatched posix_prefix for us,
++# so new virtual environments aren't created with paths like venv/local/bin/python.
++_INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_prefix']
 +
 +if (not (hasattr(sys, 'real_prefix') or
 +    sys.prefix != sys.base_prefix) and
@@ -80,7 +90,7 @@ index 95b48f6429..226b55a556 100644
  # NOTE: site.py has copy of this function.
  # Sync it when modify this function.
 diff --git a/Lib/test/test_sysconfig.py b/Lib/test/test_sysconfig.py
-index 9408657c91..db4cbc55ec 100644
+index 5ee9839c04..4cc7b13719 100644
 --- a/Lib/test/test_sysconfig.py
 +++ b/Lib/test/test_sysconfig.py
 @@ -263,7 +263,7 @@ def test_get_config_h_filename(self):
@@ -88,7 +98,7 @@ index 9408657c91..db4cbc55ec 100644
  
      def test_get_scheme_names(self):
 -        wanted = ['nt', 'posix_home', 'posix_prefix']
-+        wanted = ['nt', 'posix_home', 'posix_prefix', 'rpm_prefix']
++        wanted = ['nt', 'posix_home', 'posix_prefix', 'rpm_prefix', 'venv']
          if HAS_USER_BASE:
              wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
          self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))

00328-pyc-timestamp-invalidation-mode.patch

@@ -19,7 +19,7 @@ Ideally, we should talk to upstream and explain why we don't want this
  2 files changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/Lib/py_compile.py b/Lib/py_compile.py
-index 0f9b59025c..59dc3fe50b 100644
+index 388614e51b..db52725016 100644
 --- a/Lib/py_compile.py
 +++ b/Lib/py_compile.py
 @@ -70,7 +70,8 @@ class PycInvalidationMode(enum.Enum):

00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch

@@ -0,0 +1,103 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= <thrnciar@redhat.com>
+Date: Tue, 7 Dec 2021 14:41:59 +0100
+Subject: [PATCH] 00371: Revert "bpo-1596321: Fix threading._shutdown() for the
+ main thread (GH-28549) (GH-28589)"
+
+This reverts commit 38c67738c64304928c68d5c2bd78bbb01d979b94. It
+introduced regression causing FreeIPA's tests to fail.
+
+For more info see:
+https://bodhi.fedoraproject.org/updates/FEDORA-2021-e152ce5f31
+https://github.com/GrahamDumpleton/mod_wsgi/issues/730
+---
+ Lib/test/test_threading.py | 33 ---------------------------------
+ Lib/threading.py           | 25 ++++++++-----------------
+ 2 files changed, 8 insertions(+), 50 deletions(-)
+
+diff --git a/Lib/test/test_threading.py b/Lib/test/test_threading.py
+index c54806e594..c51de6f4b8 100644
+--- a/Lib/test/test_threading.py
++++ b/Lib/test/test_threading.py
+@@ -928,39 +928,6 @@ def test_debug_deprecation(self):
+                b'is deprecated and will be removed in Python 3.12')
+         self.assertIn(msg, err)
+ 
+-    def test_import_from_another_thread(self):
+-        # bpo-1596321: If the threading module is first import from a thread
+-        # different than the main thread, threading._shutdown() must handle
+-        # this case without logging an error at Python exit.
+-        code = textwrap.dedent('''
+-            import _thread
+-            import sys
+-
+-            event = _thread.allocate_lock()
+-            event.acquire()
+-
+-            def import_threading():
+-                import threading
+-                event.release()
+-
+-            if 'threading' in sys.modules:
+-                raise Exception('threading is already imported')
+-
+-            _thread.start_new_thread(import_threading, ())
+-
+-            # wait until the threading module is imported
+-            event.acquire()
+-            event.release()
+-
+-            if 'threading' not in sys.modules:
+-                raise Exception('threading is not imported')
+-
+-            # don't wait until the thread completes
+-        ''')
+-        rc, out, err = assert_python_ok("-c", code)
+-        self.assertEqual(out, b'')
+-        self.assertEqual(err, b'')
+-
+ 
+ class ThreadJoinOnShutdown(BaseTestCase):
+ 
+diff --git a/Lib/threading.py b/Lib/threading.py
+index 668126523d..3e14cca8be 100644
+--- a/Lib/threading.py
++++ b/Lib/threading.py
+@@ -1530,29 +1530,20 @@ def _shutdown():
+ 
+     global _SHUTTING_DOWN
+     _SHUTTING_DOWN = True
++    # Main thread
++    tlock = _main_thread._tstate_lock
++    # The main thread isn't finished yet, so its thread state lock can't have
++    # been released.
++    assert tlock is not None
++    assert tlock.locked()
++    tlock.release()
++    _main_thread._stop()
+ 
+     # Call registered threading atexit functions before threads are joined.
+     # Order is reversed, similar to atexit.
+     for atexit_call in reversed(_threading_atexits):
+         atexit_call()
+ 
+-    # Main thread
+-    if _main_thread.ident == get_ident():
+-        tlock = _main_thread._tstate_lock
+-        # The main thread isn't finished yet, so its thread state lock can't
+-        # have been released.
+-        assert tlock is not None
+-        assert tlock.locked()
+-        tlock.release()
+-        _main_thread._stop()
+-    else:
+-        # bpo-1596321: _shutdown() must be called in the main thread.
+-        # If the threading module was not imported by the main thread,
+-        # _main_thread is the thread which imported the threading module.
+-        # In this case, ignore _main_thread, similar behavior than for threads
+-        # spawned by C libraries or using _thread.start_new_thread().
+-        pass
+-
+     # Join all non-deamon threads
+     while True:
+         with _shutdown_locks_lock:

00382-cve-2015-20107.patch

@@ -0,0 +1,150 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Petr Viktorin <encukou@gmail.com>
+Date: Fri, 3 Jun 2022 11:43:35 +0200
+Subject: [PATCH] 00382: CVE-2015-20107
+
+Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
+
+Upstream: https://github.com/python/cpython/issues/68966
+
+Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
+---
+ Doc/library/mailcap.rst                       | 12 +++++++++
+ Lib/mailcap.py                                | 26 +++++++++++++++++--
+ Lib/test/test_mailcap.py                      |  8 ++++--
+ ...2-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |  4 +++
+ 4 files changed, 46 insertions(+), 4 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
+
+diff --git a/Doc/library/mailcap.rst b/Doc/library/mailcap.rst
+index e2e5bb3445..2bc00195cd 100644
+--- a/Doc/library/mailcap.rst
++++ b/Doc/library/mailcap.rst
+@@ -60,6 +60,18 @@ standard.  However, mailcap files are supported on most Unix systems.
+    use) to determine whether or not the mailcap line applies.  :func:`findmatch`
+    will automatically check such conditions and skip the entry if the check fails.
+ 
++   .. versionchanged:: 3.11
++
++      To prevent security issues with shell metacharacters (symbols that have
++      special effects in a shell command line), ``findmatch`` will refuse
++      to inject ASCII characters other than alphanumerics and ``@+=:,./-_``
++      into the returned command line.
++
++      If a disallowed character appears in *filename*, ``findmatch`` will always
++      return ``(None, None)`` as if no entry was found.
++      If such a character appears elsewhere (a value in *plist* or in *MIMEtype*),
++      ``findmatch`` will ignore all mailcap entries which use that value.
++      A :mod:`warning <warnings>` will be raised in either case.
+ 
+ .. function:: getcaps()
+ 
+diff --git a/Lib/mailcap.py b/Lib/mailcap.py
+index ae416a8e9f..444c6408b5 100644
+--- a/Lib/mailcap.py
++++ b/Lib/mailcap.py
+@@ -2,6 +2,7 @@
+ 
+ import os
+ import warnings
++import re
+ 
+ __all__ = ["getcaps","findmatch"]
+ 
+@@ -13,6 +14,11 @@ def lineno_sort_key(entry):
+     else:
+         return 1, 0
+ 
++_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
++
++class UnsafeMailcapInput(Warning):
++    """Warning raised when refusing unsafe input"""
++
+ 
+ # Part 1: top-level interface.
+ 
+@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
+     entry to use.
+ 
+     """
++    if _find_unsafe(filename):
++        msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,)
++        warnings.warn(msg, UnsafeMailcapInput)
++        return None, None
+     entries = lookup(caps, MIMEtype, key)
+     # XXX This code should somehow check for the needsterminal flag.
+     for e in entries:
+         if 'test' in e:
+             test = subst(e['test'], filename, plist)
++            if test is None:
++                continue
+             if test and os.system(test) != 0:
+                 continue
+         command = subst(e[key], MIMEtype, filename, plist)
+-        return command, e
++        if command is not None:
++            return command, e
+     return None, None
+ 
+ def lookup(caps, MIMEtype, key=None):
+@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, plist=[]):
+             elif c == 's':
+                 res = res + filename
+             elif c == 't':
++                if _find_unsafe(MIMEtype):
++                    msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
++                    warnings.warn(msg, UnsafeMailcapInput)
++                    return None
+                 res = res + MIMEtype
+             elif c == '{':
+                 start = i
+@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, plist=[]):
+                     i = i+1
+                 name = field[start:i]
+                 i = i+1
+-                res = res + findparam(name, plist)
++                param = findparam(name, plist)
++                if _find_unsafe(param):
++                    msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
++                    warnings.warn(msg, UnsafeMailcapInput)
++                    return None
++                res = res + param
+             # XXX To do:
+             # %n == number of parts if type is multipart/*
+             # %F == list of alternating type and filename for parts
+diff --git a/Lib/test/test_mailcap.py b/Lib/test/test_mailcap.py
+index ef9cad498a..32f07ab290 100644
+--- a/Lib/test/test_mailcap.py
++++ b/Lib/test/test_mailcap.py
+@@ -123,7 +123,8 @@ def test_subst(self):
+             (["", "audio/*", "foo.txt"], ""),
+             (["echo foo", "audio/*", "foo.txt"], "echo foo"),
+             (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
+-            (["echo %t", "audio/*", "foo.txt"], "echo audio/*"),
++            (["echo %t", "audio/*", "foo.txt"], None),
++            (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
+             (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
+             (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
+             (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
+@@ -207,7 +208,10 @@ def test_findmatch(self):
+              ('"An audio fragment"', audio_basic_entry)),
+             ([c, "audio/*"],
+              {"filename": fname},
+-             ("/usr/local/bin/showaudio audio/*", audio_entry)),
++             (None, None)),
++            ([c, "audio/wav"],
++             {"filename": fname},
++             ("/usr/local/bin/showaudio audio/wav", audio_entry)),
+             ([c, "message/external-body"],
+              {"plist": plist},
+              ("showexternal /dev/null default john python.org     /tmp foo bar", message_entry))
+diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
+new file mode 100644
+index 0000000000..da81a1f699
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
+@@ -0,0 +1,4 @@
++The deprecated mailcap module now refuses to inject unsafe text (filenames,
++MIME types, parameters) into shell commands. Instead of using such text, it
++will warn and act as if a match was not found (or for test commands, as if
++the test failed).

python3.10.rpmlintrc

@@ -19,9 +19,6 @@ addFilter(r'self-obsoletion python3\.\d+ obsoletes python3\.\d+')
 # intentionally hardcoded
 addFilter(r'hardcoded-library-path in %{_prefix}/lib/(debug/%{_libdir}|python%{pybasever})')
 
-# intentional for our pythonXY package
-addFilter(r'python3\.\d+\.[^:]+: (E|W): devel-file-in-non-devel-package')
-
 # we have non binary stuff, python files
 addFilter(r'only-non-binary-in-usr-lib')
 

python3.10.spec

@@ -13,11 +13,11 @@ URL: https://www.python.org/
 
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.0
+%global general_version %{pybasever}.6
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 2%{?dist}
+Release: 1%{?dist}
 License: Python
 
 
@@ -31,7 +31,6 @@ License: Python
 # Main Python, i.e. whether this is the main Python version in the distribution
 # that owns /usr/bin/python3 and other unique paths
 # This also means the built subpackages are called python3 rather than python3X
-# WARNING: This also influences the flatpackage bcond below.
 # By default, this is determined by the %%__default_python3_pkgversion value
 %if "%{?__default_python3_pkgversion}" == "%{pybasever}"
 %bcond_without main_python
@@ -39,13 +38,13 @@ License: Python
 %bcond_with main_python
 %endif
 
-# Flat package, i.e. no separate subpackages
-# Default (in Fedora): if this is a main Python, it is not a flatpackage
-# Not supported: Combination of flatpackage enabled and main_python enabled
-%if %{with main_python}
-%bcond_with flatpackage
+# If this is *not* Main Python, should it contain `Provides: python(abi) ...`?
+# In Fedora no package shall depend on an alternative Python via this tag, so we do not provide it.
+# In ELN/RHEL/CentOS we want to allow building against alternative stacks, so the Provide is enabled.
+%if 0%{?fedora}
+%bcond_with python_abi_provides_for_alt_pythons
 %else
-%bcond_without flatpackage
+%bcond_without python_abi_provides_for_alt_pythons
 %endif
 
 # When bootstrapping python3, we need to build setuptools.
@@ -68,8 +67,8 @@ License: Python
 # If the rpmwheels condition is disabled, we use the bundled wheel packages
 # from Python with the versions below.
 # This needs to be manually updated when we update Python.
-%global pip_version 21.2.3
-%global setuptools_version 57.4.0
+%global pip_version 22.2.1
+%global setuptools_version 63.2.0
 
 # Expensive optimizations (mainly, profile-guided optimizations)
 %bcond_without optimizations
@@ -79,11 +78,7 @@ License: Python
 
 # Extra build for debugging the interpreter or C-API extensions
 # (the -debug subpackages)
-%if %{with flatpackage}
-%bcond_with debug_build
-%else
 %bcond_without debug_build
-%endif
 
 # Support for the GDB debugger
 %bcond_without gdb_hooks
@@ -166,6 +161,20 @@ License: Python
 %{warn:Doing a main_python build with wrong %%__default_python3_pkgversion (0%{?__default_python3_pkgversion}, but this is %pyshortver)}
 %endif
 
+%if %{with main_python}
+# To keep the upgrade path clean, we Obsolete python3.X from the python3
+# package and python3.X-foo from individual subpackages.
+# Note that using Obsoletes without package version is not standard practice.
+# Here we assert that *any* version of the system's default interpreter is
+# preferable to an "extra" interpreter. For example, python3-3.6.1 will
+# replace python3.6-3.6.2.
+%define unversioned_obsoletes_of_python3_X_if_main() %{expand:\
+Obsoletes: python%{pybasever}%{?1:-%{1}}\
+}
+%else
+%define unversioned_obsoletes_of_python3_X_if_main() %{nil}
+%endif
+
 # =======================
 # Build-time requirements
 # =======================
@@ -226,8 +235,8 @@ BuildRequires: /usr/bin/dtrace
 BuildRequires: /usr/sbin/ifconfig
 
 %if %{with rpmwheels}
-BuildRequires: python-setuptools-wheel
-BuildRequires: python-pip-wheel
+BuildRequires: %{python_wheel_pkg_prefix}-setuptools-wheel
+BuildRequires: %{python_wheel_pkg_prefix}-pip-wheel
 %endif
 
 %if %{without bootstrap}
@@ -267,7 +276,7 @@ Source11: idle3.appdata.xml
 # Was Patch0 in ivazquez' python3000 specfile
 Patch1: 00001-rpath.patch
 
-# 00251 # 0952e38e5bf725ebbab48b13a35566e30635ddf8
+# 00251 # 531494a5ded29dad59f617304dab4eb8b7f80b0b
 # Change user install location
 #
 # Change the values of sysconfig's "posix_prefix" install scheme to /usr/local
@@ -301,6 +310,27 @@ Patch251: 00251-change-user-install-location.patch
 # Ideally, we should talk to upstream and explain why we don't want this
 Patch328: 00328-pyc-timestamp-invalidation-mode.patch
 
+# 00371 # c1754d9c2750f89cb702e1b63a99201f5f7cff00
+# Revert "bpo-1596321: Fix threading._shutdown() for the main thread (GH-28549) (GH-28589)"
+#
+# This reverts commit 38c67738c64304928c68d5c2bd78bbb01d979b94. It
+# introduced regression causing FreeIPA's tests to fail.
+#
+# For more info see:
+# https://bodhi.fedoraproject.org/updates/FEDORA-2021-e152ce5f31
+# https://github.com/GrahamDumpleton/mod_wsgi/issues/730
+Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch
+
+# 00382 # 9e275dcdf3934b827994ecc3247d583d5bab7985
+# CVE-2015-20107
+#
+# Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
+#
+# Upstream: https://github.com/python/cpython/issues/68966
+#
+# Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
+Patch382: 00382-cve-2015-20107.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -319,8 +349,7 @@ Patch328: 00328-pyc-timestamp-invalidation-mode.patch
 # Descriptions, and metadata for subpackages
 # ==========================================
 
-# this if branch is ~300 lines long and contains subpackages' definitions
-%if %{without flatpackage}
+
 %if %{with main_python}
 # Description for the python3X SRPM only:
 %description
@@ -333,17 +362,13 @@ third-party libraries.
 Summary: Python %{pybasever} interpreter
 
 # In order to support multiple Python interpreters for development purposes,
-# packages with the naming scheme flatpackage (e.g. python3.5) exist for
+# packages with fully versioned naming scheme (e.g. python3.9*) exist for
 # non-default versions of Python 3.
 # For consistency, we provide python3.X from python3 as well.
 Provides: python%{pybasever} = %{version}-%{release}
 Provides: python%{pybasever}%{?_isa} = %{version}-%{release}
-# To keep the upgrade path clean, we Obsolete python3.X.
-# Note that using Obsoletes without package version is not standard practice.
-# Here we assert that *any* version of the system's default interpreter is
-# preferable to an "extra" interpreter. For example, python3-3.6.1 will
-# replace python3.6-3.6.2.
-Obsoletes: python%{pybasever}
+
+%unversioned_obsoletes_of_python3_X_if_main
 
 # https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package
 # https://fedoraproject.org/wiki/Changes/Python_means_Python3
@@ -357,15 +382,18 @@ Recommends: %{_bindir}/python
 # python39). However, to align it with the executable names and to prepare for
 # Python 3.10, they were renamed to pythonX.Y (e.g. python3.9, python3.10). We
 # provide and obsolete the previous names.
-# - Here are the tags for the nonflat package, regardless if main_python (e.g.
-#   python3) or not (e.g. python39). For the flat package, the provide is
-#   repeated many lines later.
 Provides: python%{pyshortver} = %{version}-%{release}
 Obsoletes: python%{pyshortver} < %{version}-%{release}
 
+%if %{with main_python} || %{with python_abi_provides_for_alt_pythons}
 # Packages with Python modules in standard locations automatically
 # depend on python(abi). Provide that here.
 Provides: python(abi) = %{pybasever}
+%else
+# We exclude the `python(abi)` Provides
+%global __requires_exclude ^python\\(abi\\) = 3\\..+
+%global __provides_exclude ^python\\(abi\\) = 3\\..+
+%endif
 
 Requires: %{pkgname}-libs%{?_isa} = %{version}-%{release}
 
@@ -425,13 +453,15 @@ This package contains /usr/bin/python - the "python" command that runs Python 3.
 Summary:        Python runtime libraries
 
 %if %{with rpmwheels}
-Requires: python-setuptools-wheel
-Requires: python-pip-wheel
+Requires: %{python_wheel_pkg_prefix}-setuptools-wheel
+Requires: %{python_wheel_pkg_prefix}-pip-wheel
 %else
 Provides: bundled(python3dist(pip)) = %{pip_version}
 Provides: bundled(python3dist(setuptools)) = %{setuptools_version}
 %endif
 
+%unversioned_obsoletes_of_python3_X_if_main libs
+
 # There are files in the standard library that have python shebang.
 # We've filtered the automatic requirement out so libs are installable without
 # the main package. This however makes it pulled in by default.
@@ -470,15 +500,22 @@ Requires: (python-rpm-macros >= 3.10-9 if rpm-build)
 Requires: (python3-rpm-macros >= 3.10-9 if rpm-build)
 Requires: (pyproject-rpm-macros if rpm-build)
 
+%unversioned_obsoletes_of_python3_X_if_main devel
+
+%if %{with main_python}
 # Python developers are very likely to need pip
 Recommends: %{pkgname}-pip
+%endif
 
 %if %{without bootstrap}
 Requires: (python3-rpm-generators if rpm-build)
 %endif
 
 Provides: %{pkgname}-2to3 = %{version}-%{release}
+
+%if %{with main_python}
 Provides: 2to3 = %{version}-%{release}
+%endif
 
 Conflicts: %{pkgname} < %{version}-%{release}
 
@@ -496,8 +533,12 @@ Summary: A basic graphical development environment for Python
 Requires: %{pkgname} = %{version}-%{release}
 Requires: %{pkgname}-tkinter = %{version}-%{release}
 
+%unversioned_obsoletes_of_python3_X_if_main idle
+
+%if %{with main_python}
 Provides: idle3 = %{version}-%{release}
 Provides: idle = %{version}-%{release}
+%endif
 
 Provides: %{pkgname}-tools = %{version}-%{release}
 Provides: %{pkgname}-tools%{?_isa} = %{version}-%{release}
@@ -520,6 +561,8 @@ configuration, browsers, and other dialogs.
 Summary: A GUI toolkit for Python
 Requires: %{pkgname} = %{version}-%{release}
 
+%unversioned_obsoletes_of_python3_X_if_main tkinter
+
 # The importable module "turtle" is here, so provide python3-turtle.
 # (We don't provide python3-turtledemo, that's not too useful when imported.)
 %py_provides %{pkgname}-turtle
@@ -534,6 +577,8 @@ Summary: The self-test suite for the main python3 package
 Requires: %{pkgname} = %{version}-%{release}
 Requires: %{pkgname}-libs%{?_isa} = %{version}-%{release}
 
+%unversioned_obsoletes_of_python3_X_if_main test
+
 %description -n %{pkgname}-test
 The self-test suite for the Python interpreter.
 
@@ -556,6 +601,8 @@ Requires: %{pkgname}-test%{?_isa} = %{version}-%{release}
 Requires: %{pkgname}-tkinter%{?_isa} = %{version}-%{release}
 Requires: %{pkgname}-idle%{?_isa} = %{version}-%{release}
 
+%unversioned_obsoletes_of_python3_X_if_main debug
+
 %description -n %{pkgname}-debug
 python3-debug provides a version of the Python runtime with numerous debugging
 features enabled, aimed at advanced Python users such as developers of Python
@@ -573,43 +620,6 @@ The debug runtime additionally supports debug builds of C-API extensions
 (with the "d" ABI flag) for debugging issues in those extensions.
 %endif # with debug_build
 
-%else  # with flatpackage
-
-# We'll not provide this, on purpose
-# No package in Fedora shall ever depend on flatpackage via this
-%global __requires_exclude ^python\\(abi\\) = 3\\..+
-%global __provides_exclude ^python\\(abi\\) = 3\\..+
-
-# Python interpreter packages used to be named (or provide) name pythonXY (e.g.
-# python39). However, to align it with the executable names and to prepare for
-# Python 3.10, they were renamed to pythonX.Y (e.g. python3.9, python3.10). We
-# provide and obsolete the previous names.
-# - Here are the tags for the flat package. For the nonflat package, the
-#   provide is repeated many lines above.
-Provides: python%{pyshortver} = %{version}-%{release}
-Obsoletes: python%{pyshortver} < %{version}-%{release}
-
-%if %{with rpmwheels}
-Requires: python-setuptools-wheel
-Requires: python-pip-wheel
-%else
-Provides: bundled(python3dist(pip)) = %{pip_version}
-Provides: bundled(python3dist(setuptools)) = %{setuptools_version}
-%endif
-
-# The zoneinfo module needs tzdata
-Requires: tzdata
-
-# The description for the flat package (SRPM and built)
-%description
-Python %{pybasever} package for developers.
-
-This package exists to allow developers to test their code against a newer
-version of Python. This is not a full Python stack and if you wish to run
-your applications with Python %{pybasever}, update your Fedora to a newer
-version once Python %{pybasever} is stable.
-
-%endif # with flatpackage
 
 # ======================================================
 # The prep phase of the build:
@@ -724,7 +734,7 @@ BuildPython() {
   --with-ssl-default-suites=openssl \
   --without-static-libpython \
 %if %{with rpmwheels}
-  --with-wheel-pkg-dir=%{_datadir}/python-wheels \
+  --with-wheel-pkg-dir=%{python_wheel_dir} \
 %endif
 %if %{with valgrind}
   --with-valgrind \
@@ -1113,17 +1123,13 @@ CheckPython optimized
 
 
 %if %{with main_python}
-%if %{without flatpackage}
 %files -n python-unversioned-command
-%endif
 %{_bindir}/python
 %{_mandir}/*/python.1*
 %endif
 
-%if %{without flatpackage}
 %files -n %{pkgname}-libs
 %doc README.rst
-%endif
 
 %dir %{pylibdir}
 %dir %{dynload_dir}
@@ -1131,9 +1137,7 @@ CheckPython optimized
 %license %{pylibdir}/LICENSE.txt
 
 %{pylibdir}/lib2to3
-%if %{without flatpackage}
 %exclude %{pylibdir}/lib2to3/tests
-%endif
 
 %dir %{pylibdir}/unittest/
 %dir %{pylibdir}/unittest/__pycache__/
@@ -1256,6 +1260,12 @@ CheckPython optimized
 %dir %{pylibdir}/site-packages/
 %dir %{pylibdir}/site-packages/__pycache__/
 %{pylibdir}/site-packages/README.txt
+
+%if %{with debug_build}
+%exclude %{pylibdir}/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}.py
+%exclude %{pylibdir}/__pycache__/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}%{bytecode_suffixes}
+%endif
+
 %{pylibdir}/*.py
 %dir %{pylibdir}/__pycache__/
 %{pylibdir}/__pycache__/*%{bytecode_suffixes}
@@ -1320,10 +1330,8 @@ CheckPython optimized
 %{pylibdir}/sqlite3/*.py
 %{pylibdir}/sqlite3/__pycache__/*%{bytecode_suffixes}
 
-%if %{without flatpackage}
 %exclude %{pylibdir}/turtle.py
 %exclude %{pylibdir}/__pycache__/turtle*%{bytecode_suffixes}
-%endif
 
 %{pylibdir}/urllib
 %{pylibdir}/xml
@@ -1349,15 +1357,10 @@ CheckPython optimized
 %endif
 
 
-%if %{without flatpackage}
 %files -n %{pkgname}-devel
-%endif
-
 %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/*
-%if %{without flatpackage}
 %exclude %{pylibdir}/config-%{LDVERSION_optimized}-%{platform_triplet}/Makefile
 %exclude %{_includedir}/python%{LDVERSION_optimized}/%{_pyconfig_h}
-%endif
 %{_includedir}/python%{LDVERSION_optimized}/*.h
 %{_includedir}/python%{LDVERSION_optimized}/internal/
 %{_includedir}/python%{LDVERSION_optimized}/cpython/
@@ -1392,10 +1395,7 @@ CheckPython optimized
 %{_libdir}/pkgconfig/python-%{pybasever}-embed.pc
 
 
-%if %{without flatpackage}
 %files -n %{pkgname}-idle
-%endif
-
 %if %{with main_python}
 %{_bindir}/idle*
 %else
@@ -1410,14 +1410,9 @@ CheckPython optimized
 %{_datadir}/icons/hicolor/*/apps/idle3.*
 %endif
 
-%if %{without flatpackage}
 %files -n %{pkgname}-tkinter
-%endif
-
 %{pylibdir}/tkinter
-%if %{without flatpackage}
 %exclude %{pylibdir}/tkinter/test
-%endif
 %{dynload_dir}/_tkinter.%{SOABI_optimized}.so
 %{pylibdir}/turtle.py
 %{pylibdir}/__pycache__/turtle*%{bytecode_suffixes}
@@ -1428,10 +1423,7 @@ CheckPython optimized
 %{pylibdir}/turtledemo/__pycache__/*%{bytecode_suffixes}
 
 
-%if %{without flatpackage}
 %files -n %{pkgname}-test
-%endif
-
 %{pylibdir}/ctypes/test
 %{pylibdir}/distutils/tests
 %{pylibdir}/sqlite3/test
@@ -1454,10 +1446,7 @@ CheckPython optimized
 # all of the other subpackages
 
 %if %{with debug_build}
-%if %{without flatpackage}
 %files -n %{pkgname}-debug
-%endif
-
 %if %{with main_python}
 %{_bindir}/python3-debug
 %{_bindir}/python-debug
@@ -1573,6 +1562,9 @@ CheckPython optimized
 %{dynload_dir}/_testinternalcapi.%{SOABI_debug}.so
 %{dynload_dir}/_testmultiphase.%{SOABI_debug}.so
 
+%{pylibdir}/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}.py
+%{pylibdir}/__pycache__/_sysconfigdata_%{ABIFLAGS_debug}_linux_%{platform_triplet}%{bytecode_suffixes}
+
 %endif # with debug_build
 
 # We put the debug-gdb.py file inside /usr/lib/debug to avoid noise from ldconfig
@@ -1596,6 +1588,58 @@ CheckPython optimized
 # ======================================================
 
 %changelog
+* Tue Aug 02 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.6-1
+- Update to 3.10.6
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.10.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 13 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.5-3
+- Rebuilt for Python 3.11
+
+* Thu Jun 09 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.10.5-2
+- Security fix for CVE-2015-20107
+Resolves: rhbz#2075390
+
+* Tue Jun 07 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.5-1
+- Update to 3.10.5
+
+* Sat May 14 2022 Tomas Orsava <torsava@redhat.com> - 3.10.4-2
+- Move _sysconfigdata_d_linux*.py to the debug subpackage
+
+* Fri Mar 25 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.4-1
+- Update to 3.10.4
+
+* Fri Mar 18 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.3-1
+- Update to 3.10.3
+
+* Tue Feb 01 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.2-3
+- Backport AC_C_CHAR_UNSIGNED/__CHAR_UNSIGNED__ removal
+- Fixes: rhbz#2043555
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.10.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Mon Jan 17 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.2-1
+- Update to 3.10.2
+
+* Mon Jan 10 2022 Miro Hrončok <mhroncok@redhat.com> - 3.10.1-3
+- Backport fixes for two Python 3.10.1 regressions
+- Fixes: rhbz#2030621
+- Fixes: rhbz#2034962
+
+* Sat Jan 08 2022 Miro Hrončok <mhroncok@redhat.com> - 3.10.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34
+
+* Tue Dec 07 2021 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.10.1-1
+- Update to 3.10.1
+
+* Fri Nov 12 2021 Björn Esser <besser82@fedoraproject.org> - 3.10.0-4
+- Rebuild(libnsl2)
+
+* Tue Nov 09 2021 Lumír Balhar <lbalhar@redhat.com> - 3.10.0-3
+- Update patch 251 to include specific install scheme for virtualenv
+
 * Tue Oct 05 2021 Miro Hrončok <mhroncok@redhat.com> - 3.10.0-2
 - Change the values of sysconfig's "posix_prefix" install scheme to /usr/local
   when RPM build or venv/virtualenv is not detected,

rpminspect.yaml

@@ -9,6 +9,13 @@ badfuncs:
     ignore:
         - /usr/lib*/python*/lib-dynload/_socket.*
 
+# exclude the debug build from annocheck entirely
+annocheck:
+    ignore:
+        - /usr/bin/python*d
+        - /usr/lib*/libpython*d.so.1.0
+        - /usr/lib*/python*/lib-dynload/*.cpython-*d-*-*-*.so
+
 # don't report changed content of compiled files
 # that is expected with every toolchain update and not reproducible yet
 changedfiles:

sources

@@ -1,2 +1,2 @@
-SHA512 (Python-3.10.0.tar.xz) = 82b2729afc7d72a80882f199970667dce7d971a2e5ecfe6cf84f7b68612ab2caf6ed6d7a8cb81f24ea85cb0816464bb2e8b2e6884eda62fa40742edc674193bd
-SHA512 (Python-3.10.0.tar.xz.asc) = 67236e02bc49da1423717cb54216b745f613ba2fc4b372a4aa15a36ab15fe69d9b9087070382957d480df7576d13056caedcd979fb56531799a1190b822f673d
+SHA512 (Python-3.10.6.tar.xz) = f2bf424bf4f4caa524ee1248b431e8e06d0745c3fc3ba457710d75f3698e653733feb4b059cd124f1de2a9e851c30d847f567aa47abef12898c9dc8a6507b476
+SHA512 (Python-3.10.6.tar.xz.asc) = 9288e2f62f2e8c8208ad176372261545a64e675d737bb616403bcd888bc91177909257632e4cc0b5d688d612bea38a274030ec6989dc7d56c03064e32ad9903e

tests/tests.yml

@@ -15,38 +15,39 @@
     repositories:
     - repo: "https://src.fedoraproject.org/tests/python.git"
       dest: "python"
+    pybasever: "3.10"
     tests:
     - rpm_qa:
         run: rpm -qa
     - smoke:
         dir: python/smoke
-        run: VERSION=3.10 ./venv.sh
+        run: "VERSION={{ pybasever }} ./venv.sh"
     - smoke_virtualenv:
         dir: python/smoke
-        run: VERSION=3.10 METHOD=virtualenv ./venv.sh
+        run: "VERSION={{ pybasever }} METHOD=virtualenv ./venv.sh"
     - debugsmoke:
         dir: python/smoke
-        run: PYTHON=python3-debug TOX=false VERSION=3.10 ./venv.sh
+        run: "PYTHON=python{{ pybasever }}d TOX=false VERSION={{ pybasever }} ./venv.sh"
     - selftest:
         dir: python/selftest
-        run: VERSION=3.10 X="" ./parallel.sh
+        run: "VERSION={{ pybasever }} X='' ./parallel.sh"
     - debugtest:
         dir: python/selftest
-        run: VERSION=3.10 PYTHON=python3-debug X="" ./parallel.sh
+        run: "VERSION={{ pybasever }} PYTHON=python{{ pybasever }}d X='' ./parallel.sh"
     - debugflags:
         dir: python/flags
-        run: python3-debug ./assertflags.py -O0
+        run: "python{{ pybasever }}d ./assertflags.py -O0"
     - marshalparser:
         dir: python/marshalparser
-        run: VERSION=3.10 SAMPLE=10 test_marshalparser_compatibility.sh
+        run: "VERSION={{ pybasever }} SAMPLE=10 test_marshalparser_compatibility.sh"
     required_packages:
     - gcc  # for extension building in venv and selftest
     - gdb  # for test_gdb
-    - python3.10  # the test subject
-    - python3-debug  # for leak testing
-    - python3-devel  # for extension building in venv and selftest
-    - python3-tkinter  # for selftest
-    - python3-test  # for selftest
+    - "python{{ pybasever }}"  # the test subject
+    - "python{{ pybasever }}-debug"  # for leak testing
+    - "python{{ pybasever }}-devel"  # for extension building in venv and selftest
+    - "python{{ pybasever }}-tkinter"  # for selftest
+    - "python{{ pybasever }}-test"  # for selftest
     - tox  # for venv tests
     - virtualenv  # for virtualenv tests
     - glibc-all-langpacks # for locale tests