diff --git a/SOURCES/2580.patch b/SOURCES/2580.patch
new file mode 100644
index 0000000..ced0cf4
--- /dev/null
+++ b/SOURCES/2580.patch
@@ -0,0 +1,170 @@
+From 21b122e06969a9d85c65ce8276519d34da7dc747 Mon Sep 17 00:00:00 2001
+From: Melissa Li
+Date: Tue, 23 Feb 2021 21:23:35 -0500
+Subject: [PATCH 1/6] Preserve case-sensitive keys in setup.cfg
+
+---
+ setuptools/dist.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/setuptools/dist.py b/setuptools/dist.py
+index 050388de16..c31020f0c4 100644
+--- a/setuptools/dist.py
++++ b/setuptools/dist.py
+@@ -583,6 +583,7 @@ def _parse_config_files(self, filenames=None): # noqa: C901
+ self.announce("Distribution.parse_config_files():")
+
+ parser = ConfigParser()
++ parser.optionxform = str
+ for filename in filenames:
+ with io.open(filename, encoding='utf-8') as reader:
+ if DEBUG:
+
+From 90d8740c353ddf20c1c76d8c06cd923c19b8cc84 Mon Sep 17 00:00:00 2001
+From: Melissa Li
+Date: Tue, 23 Feb 2021 21:06:55 -0500
+Subject: [PATCH 2/6] Add case-sensitive entry point name test
+
+---
+ setuptools/tests/test_config.py | 34 +++++++++++++++++++++++++++++++++
+ 1 file changed, 34 insertions(+)
+
+diff --git a/setuptools/tests/test_config.py b/setuptools/tests/test_config.py
+index 1dee12718f..6cc1d0a46b 100644
+--- a/setuptools/tests/test_config.py
++++ b/setuptools/tests/test_config.py
+@@ -802,6 +802,40 @@ def test_entry_points(self, tmpdir):
+ with get_dist(tmpdir) as dist:
+ assert dist.entry_points == expected
+
++ def test_case_sensitive_entry_points(self, tmpdir):
++ _, config = fake_env(
++ tmpdir,
++ '[options.entry_points]\n'
++ 'GROUP1 = point1 = pack.module:func, '
++ '.point2 = pack.module2:func_rest [rest]\n'
++ 'group2 = point3 = pack.module:func2\n'
++ )
++
++ with get_dist(tmpdir) as dist:
++ assert dist.entry_points == {
++ 'GROUP1': [
++ 'point1 = pack.module:func',
++ '.point2 = pack.module2:func_rest [rest]',
++ ],
++ 'group2': ['point3 = pack.module:func2']
++ }
++
++ expected = (
++ '[blogtool.parsers]\n'
++ '.rst = some.nested.module:SomeClass.some_classmethod[reST]\n'
++ )
++
++ tmpdir.join('entry_points').write(expected)
++
++ # From file.
++ config.write(
++ '[options]\n'
++ 'entry_points = file: entry_points\n'
++ )
++
++ with get_dist(tmpdir) as dist:
++ assert dist.entry_points == expected
++
+ def test_data_files(self, tmpdir):
+ fake_env(
+ tmpdir,
+
+From 39659040bda0664ee08588ecd2faa41b4ea406a1 Mon Sep 17 00:00:00 2001
+From: Melissa Li
+Date: Wed, 24 Feb 2021 00:31:16 -0500
+Subject: [PATCH 3/6] Add change note
+
+---
+ changelog.d/1937.breaking.rst | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 changelog.d/1937.breaking.rst
+
+diff --git a/changelog.d/1937.breaking.rst b/changelog.d/1937.breaking.rst
+new file mode 100644
+index 0000000000..94dc739ab6
+--- /dev/null
++++ b/changelog.d/1937.breaking.rst
+@@ -0,0 +1 @@
++Preserved case-sensitivity of keys in setup.cfg so that entry point names are case-sensitive. Changed sensitivity of configparser -- by :user:`melissa-kun-li`
+\ No newline at end of file
+
+From 7f3e6d688e5ff080ee6bd7ccc6bd81a87c05cfd7 Mon Sep 17 00:00:00 2001
+From: Melissa Li
+Date: Wed, 24 Feb 2021 23:57:59 -0500
+Subject: [PATCH 4/6] Update test for case-sensitive entry point names
+
+---
+ setuptools/tests/test_config.py | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/setuptools/tests/test_config.py b/setuptools/tests/test_config.py
+index 6cc1d0a46b..649075609a 100644
+--- a/setuptools/tests/test_config.py
++++ b/setuptools/tests/test_config.py
+@@ -820,22 +820,6 @@ def test_case_sensitive_entry_points(self, tmpdir):
+ 'group2': ['point3 = pack.module:func2']
+ }
+
+- expected = (
+- '[blogtool.parsers]\n'
+- '.rst = some.nested.module:SomeClass.some_classmethod[reST]\n'
+- )
+-
+- tmpdir.join('entry_points').write(expected)
+-
+- # From file.
+- config.write(
+- '[options]\n'
+- 'entry_points = file: entry_points\n'
+- )
+-
+- with get_dist(tmpdir) as dist:
+- assert dist.entry_points == expected
+-
+ def test_data_files(self, tmpdir):
+ fake_env(
+ tmpdir,
+
+From 11529db0de4081404b37fab17711660faa85abb8 Mon Sep 17 00:00:00 2001
+From: Melissa Li
+Date: Thu, 25 Feb 2021 00:00:23 -0500
+Subject: [PATCH 5/6] Update change log
+
+---
+ changelog.d/1937.change.rst | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 changelog.d/1937.change.rst
+
+diff --git a/changelog.d/1937.change.rst b/changelog.d/1937.change.rst
+new file mode 100644
+index 0000000000..acd4305968
+--- /dev/null
++++ b/changelog.d/1937.change.rst
+@@ -0,0 +1 @@
++Preserved case-sensitivity of keys in setup.cfg so that entry point names are case-sensitive. Changed sensitivity of configparser. NOTE: Any projects relying on case-insensitivity will need to adapt to accept the original case as published. -- by :user:`melissa-kun-li`
+\ No newline at end of file
+
+From 898a0b59427f143efe0bcc0cabf69007fb3ee439 Mon Sep 17 00:00:00 2001
+From: "Jason R. Coombs"
+Date: Thu, 25 Feb 2021 08:57:04 -0500
+Subject: [PATCH 6/6] Remove 'breaking' changelog, superseded by 'change'.
+
+---
+ changelog.d/1937.breaking.rst | 1 -
+ 1 file changed, 1 deletion(-)
+ delete mode 100644 changelog.d/1937.breaking.rst
+
+diff --git a/changelog.d/1937.breaking.rst b/changelog.d/1937.breaking.rst
+deleted file mode 100644
+index 94dc739ab6..0000000000
+--- a/changelog.d/1937.breaking.rst
++++ /dev/null
+@@ -1 +0,0 @@
+-Preserved case-sensitivity of keys in setup.cfg so that entry point names are case-sensitive. Changed sensitivity of configparser -- by :user:`melissa-kun-li`
+\ No newline at end of file
diff --git a/SOURCES/CVE-2022-40897.patch b/SOURCES/CVE-2022-40897.patch
new file mode 100644
index 0000000..4e09c4f
--- /dev/null
+++ b/SOURCES/CVE-2022-40897.patch
@@ -0,0 +1,28 @@
+diff --git a/setuptools/package_index.py b/setuptools/package_index.py
+index 123e958..a90b810 100644
+--- a/setuptools/package_index.py
++++ b/setuptools/package_index.py
+@@ -215,7 +215,7 @@ def unique_values(func):
+ return wrapper
+
+
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+
+
+diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py
+index 8e9435e..bc1e373 100644
+--- a/setuptools/tests/test_packageindex.py
++++ b/setuptools/tests/test_packageindex.py
+@@ -308,3 +308,10 @@ class TestPyPIConfig:
+ cred = cfg.creds_by_repository['https://pypi.org']
+ assert cred.username == 'jaraco'
+ assert cred.password == 'pity%'
++
++@pytest.mark.timeout(1)
++def test_REL_DoS():
++ """
++ REL should not hang on a contrived attack string.
++ """
++ setuptools.package_index.REL.search('< rel=' + ' ' * 2**12)
diff --git a/SPECS/python-setuptools.spec b/SPECS/python-setuptools.spec
index 4e6698f..297146c 100644
--- a/SPECS/python-setuptools.spec
+++ b/SPECS/python-setuptools.spec
@@ -28,7 +28,7 @@
Name: python-setuptools
# When updating, update the bundled libraries versions bellow!
Version: 53.0.0
-Release: 10%{?dist}
+Release: 12%{?dist}
Summary: Easily build and distribute Python packages
# setuptools is MIT
# appdirs is MIT
@@ -55,6 +55,15 @@ Source0: %{pypi_source %{srcname} %{version}}
# depends on the previous one
Patch1: license-file-metadata.patch
+# Fix case sensitivity of entry point names and keys in setup.cfg
+# Fixes https://bugzilla.redhat.com/2124281
+Patch2: https://github.com/pypa/setuptools/pull/2580.patch
+
+# Security fix for CVE-2022-40897
+# Regular Expression Denial of Service (ReDoS) in package_index.py
+# Resolved upstream: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
+Patch3: CVE-2022-40897.patch
+
BuildArch: noarch
BuildRequires: python%{python3_pkgversion}-devel
@@ -225,6 +234,14 @@ PYTHONPATH=$(pwd) %pytest --ignore=pavement.py
%changelog
+* Wed Jan 11 2023 Charalampos Stratakis - 53.0.0-12
+- Security fix for CVE-2022-40897
+Resolves: rhbz#2158559
+
+* Wed Sep 07 2022 Miro HronĨok - 53.0.0-11
+- Fix case sensitivity of entry point names and keys in setup.cfg
+- Resolves: rhbz#2124281
+
* Tue Feb 08 2022 Tomas Orsava - 53.0.0-10
- Add automatically generated Obsoletes tag with the python39- prefix
for smoother upgrade from RHEL8