Accepting request 1269057 from devel:languages:python:Factory

- Update to 3.10.17: - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only OBS-URL: https://build.opensuse.org/request/show/1269057 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=58
2025-04-16 18:37:17 +00:00
parent 6924207e1b d9086c0242
commit ac296bbdef
10 changed files with 603 additions and 538 deletions
--- a/CVE-2025-0938-sq-brackets-domain-names.patch
+++ b/CVE-2025-0938-sq-brackets-domain-names.patch
@@ -1,127 +0,0 @@
-From d91e2c740890837edafaee24d68112b776cda9c5 Mon Sep 17 00:00:00 2001
-From: Seth Michael Larson <seth@python.org>
-Date: Fri, 31 Jan 2025 11:41:34 -0600
-Subject: [PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain
- names for parsed URLs (GH-129418)
-
-* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs
-
-* Use Sphinx references
-
-Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
-
-* Add mismatched bracket test cases, fix news format
-
-* Add more test coverage for ports
-
---------
-
-(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a)
-
-Co-authored-by: Seth Michael Larson <seth@python.org>
-Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
---
- Lib/test/test_urlparse.py                                                |   37 +++++++++-
- Lib/urllib/parse.py                                                      |   20 ++++-
- Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst |    4 +
- 3 files changed, 58 insertions(+), 3 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
-
--- a/Lib/test/test_urlparse.py
-+++ b/Lib/test/test_urlparse.py
-@@ -1149,16 +1149,51 @@ class UrlParseTestCase(unittest.TestCase
-         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query')
-         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query')
-         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix')
- 
-     def test_splitting_bracketed_hosts(self):
-        p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query')
-+        p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query')
-         self.assertEqual(p1.hostname, 'v6a.ip')
-         self.assertEqual(p1.username, 'user')
-         self.assertEqual(p1.path, '/path')
-+        self.assertEqual(p1.port, 1234)
-         p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query')
-         self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test')
-         self.assertEqual(p2.username, 'user')
-         self.assertEqual(p2.path, '/path')
-+        self.assertIs(p2.port, None)
-         p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query')
-         self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test')
-         self.assertEqual(p3.username, 'user')
--- a/Lib/urllib/parse.py
-+++ b/Lib/urllib/parse.py
-@@ -442,6 +442,23 @@ def _checknetloc(netloc):
-             raise ValueError("netloc '" + netloc + "' contains invalid " +
-                              "characters under NFKC normalization")
- 
-+def _check_bracketed_netloc(netloc):
-+    # Note that this function must mirror the splitting
-+    # done in NetlocResultMixins._hostinfo().
-+    hostname_and_port = netloc.rpartition('@')[2]
-+    before_bracket, have_open_br, bracketed = hostname_and_port.partition('[')
-+    if have_open_br:
-+        # No data is allowed before a bracket.
-+        if before_bracket:
-+            raise ValueError("Invalid IPv6 URL")
-+        hostname, _, port = bracketed.partition(']')
-+        # No data is allowed after the bracket but before the port delimiter.
-+        if port and not port.startswith(":"):
-+            raise ValueError("Invalid IPv6 URL")
-+    else:
-+        hostname, _, port = hostname_and_port.partition(':')
-+    _check_bracketed_host(hostname)
-+
- # Valid bracketed hosts are defined in
- # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/
- def _check_bracketed_host(hostname):
-@@ -505,8 +522,7 @@ def urlsplit(url, scheme='', allow_fragm
-                 (']' in netloc and '[' not in netloc)):
-             raise ValueError("Invalid IPv6 URL")
-         if '[' in netloc and ']' in netloc:
-            bracketed_host = netloc.partition('[')[2].partition(']')[0]
-            _check_bracketed_host(bracketed_host)
-+            _check_bracketed_netloc(netloc)
-     if allow_fragments and '#' in url:
-         url, fragment = url.split('#', 1)
-     if '?' in url:
--- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
-@@ -0,0 +1,4 @@
-+When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host
-+parsing would not reject domain names containing square brackets (``[`` and
-+``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to
-+`RFC 3986 Section 3.2.2 <https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.
--- a/Python-3.10.16.tar.xz
+++ b/Python-3.10.16.tar.xz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bfb249609990220491a1b92850a07135ed0831e41738cf681d63cf01b2a8fbd1
-size 19610392
--- a/Python-3.10.16.tar.xz.sigstore
+++ b/Python-3.10.16.tar.xz.sigstore
@@ -1 +0,0 @@
-{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlKgAwIBAgIUH4wr+RBSLHxmoLeVWQFWtLrOickwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgzMzQ0WhcNMjQxMjAzMTg0MzQ0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDu7neWfjmWCoWs4toOwMe5ZS5m/Qod/IAYGdai04Qjx+fJ2JKIML8OXa376wmCRg+1mE5N75M5g55sjeH6AW5KOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVxcoODLOP6ce+ffWUlBZ8dQpAtAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjcy6WQAABAMARjBEAiAWKkpOltF6fngTPFPiPrjo6Mnx7DvjTjhy+I9C8a1E8AIgDFHJXkaNO/cRHZCEycDJfdcJrMlDEI+iTAc9GbhJreMwCgYIKoZIzj0EAwMDaAAwZQIwRlcLZ+KTrMXkSOqoeZkRtIMzrMhiRvjoMfcYt7d3zX+t+fDtaywsYIu0WSWNtwLuAjEAk1LM0s1c13zn/l9B9I8YMDJxCiUY2ed5AK523TIy75cmH+IYO7XODOD86YSkytvS"}, "tlogEntries": [{"logIndex": "153123526", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733250825", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBb+3OGEfIJgweBH+795X/kmenmW5L6lzTaW5mU9DN++AiEAni2MKnETeAsGhc8u0W/Y5AuhYKd14TdRvoUw/bWhzjs="}, "inclusionProof": {"logIndex": "31219264", "rootHash": "EEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=", "treeSize": "31219265", "hashes": ["jy1RZw1zMvGOhV5pYK21mUnw/3hfyXoogDNhzfMT8uA=", "t7CZ1TCAQBidKeIL1f3M7Y3VwBYB2DQeG1Sp8X8Mepc=", "LIvgEWJ5UP1rLp6WPJ2TzjrHAa5MpLpXOdj/yoZvLcM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31219265\nEEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiAnUUia2onArhzOpQclqAm9wBFu32/qoYagpd3PkWeELgIhAPUWvc2y6UP8V2I/ABP9HtsQi208X3nuSI8xunycnmZl\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJiZmIyNDk2MDk5OTAyMjA0OTFhMWI5Mjg1MGEwNzEzNWVkMDgzMWU0MTczOGNmNjgxZDYzY2YwMWIyYThmYmQxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUQyYW4xbTUvSWl4clZsYVlpcUMxQmpuamc3eG55MTBxVWw5WHhIM2hJSkNRSWhBS1l4YzRNeTNYTndscEdEU25QTTBjU1gxM3ljMGNnN3BTVVZCS2RrOHZMaiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4TFowRjNTVUpCWjBsVlNEUjNjaXRTUWxOTVNIaHRiMHhsVmxkUlJsZDBUSEpQYVdOcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDZUWHBSTUZkb1kwNU5hbEY0VFdwQmVrMVVaekJOZWxFd1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZFZFRkdVpWZG1hbTFYUTI5WGN6UjBiMDkzVFdVMVdsTTFiUzlSYjJRdlNVRlpSMlFLWVdrd05GRnFlQ3RtU2pKS1MwbE5URGhQV0dFek56WjNiVU5TWnlzeGJVVTFUamMxVFRWbk5UVnphbVZJTmtGWE5VdFBRMEZZUlhkblowWjBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZXZUdOdkNrOUVURTlRTm1ObEsyWm1WMVZzUWxvNFpGRndRWFJCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRLUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJYzBVS1pWRkNNMEZJVlVFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZM2syVjFGQlFRcENRVTFCVW1wQ1JVRnBRVmRMYTNCUGJIUkdObVp1WjFSUVJsQnBVSEpxYnpaTmJuZzNSSFpxVkdwb2VTdEpPVU00WVRGRk9FRkpaMFJHU0VwWWEyRk9Dazh2WTFKSVdrTkZlV05FU21aa1kwcHlUV3hFUlVrcmFWUkJZemxIWW1oS2NtVk5kME5uV1VsTGIxcEplbW93UlVGM1RVUmhRVUYzV2xGSmQxSnNZMHdLV2l0TFZISk5XR3RUVDNGdlpWcHJVblJKVFhweVRXaHBVblpxYjAxbVkxbDBOMlF6ZWxncmRDdG1SSFJoZVhkeldVbDFNRmRUVjA1MGQweDFRV3BGUVFwck1VeE5NSE14WXpFemVtNHZiRGxDT1VrNFdVMUVTbmhEYVZWWk1tVmtOVUZMTlRJelZFbDVOelZqYlVnclNWbFBOMWhQUkU5RU9EWlpVMnQ1ZEhaVENpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "v7JJYJmQIgSRobkoUKBxNe0IMeQXOM9oHWPPAbKo+9E="}, "signature": "MEYCIQD2an1m5/IixrVlaYiqC1Bjnjg7xny10qUl9XxH3hIJCQIhAKYxc4My3XNwlpGDSnPM0cSX13yc0cg7pSUVBKdk8vLj"}}
--- a/Python-3.10.17.tar.xz
+++ b/Python-3.10.17.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4c68050f049d1b4ac5aadd0df5f27941c0350d2a9e7ab0907ee5eb5225d9d6b0
+size 19608144
--- a/Python-3.10.17.tar.xz.sigstore
+++ b/Python-3.10.17.tar.xz.sigstore
@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlSgAwIBAgIUI5tsj9NzdgrO+5YskNyoC+qi8vkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTMyMzU4WhcNMjUwNDA4MTMzMzU4WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAv6UJQmrkdgLDaQZmsfd0+gKL2DB6IBsuTQ7oauCQQ3l9hD+hyV5dIcacEb6/y+cfdsll0A0sDGcfJxqInKdbqOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUbIExDLYBM5EaJKSM42GWOQ+p+4EwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFZJpOwAABAMASDBGAiEA41BGN2vh87VMWZ04uMz41nJe9XjHclR25kZymgE4EoUCIQDcq1G4PeYggbgsgJRK/wA2oT/9c66Ut00r4FTtzKp8nzAKBggqhkjOPQQDAwNpADBmAjEAiQAaAbnKP6BK0IW3WSeDIxogOIzNlO8A5XBjpD+0gPOJTrdXKlNnpwrIg5IEzVFuAjEAio/NN8hD96Rpy+vU8Gejg6xrGYW7kDhfZfGhDQ7ZCXbG5k/Ue9azE/+dOlZ3zfUe"}, "tlogEntries": [{"logIndex": "193846451", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744118639", "inclusionPromise": {"signedEntryTimestamp": "MEUCIFxLjN8+W16mUiOJzYXkED4rZG+LGsnmcbCknQ+GXGhuAiEA6ARsL3PI6HN7vz2jY2Ef3lzIUqNXJ3fFN08xH1LdWyM="}, "inclusionProof": {"logIndex": "71942189", "rootHash": "t0jBkeXT4fpLCFcUfGvPMrTn6cGyGgGput6RoghhPSM=", "treeSize": "71942196", "hashes": ["+smebvByxaA1Ma1XWJKpZpS5bT3MTjkWgbE8QsnP7iM=", "KTftkiWp8T5wzTX2uRjjb9cOPgzQYm12kVViECWEcF0=", "eT+T8QsO14DNUNRvdA8DN3nkWATbZNBttN7hMwLhDRs=", "/cpMfdkyRFEgNofmHSovLaOnUrMdzl1GlnYJQ83emgU=", "yYb3Qj3G9bz700MryqKxLQkwbVYczRq5u/0VXtsPV2Y=", "yOOivaVwYhqQJnOzhyJxD03KD1BxbsqOm30ZuiDpf6M=", "Pz/WMQQ6nBmkX4L+rVteCufItRYXtXpzlTBnxzaVr8E=", "cuMOBvg9q/3wCGMfCdrFlvXHmcIXecnD3xPny77dAWw=", "wz8AVqzGBjixNiXtnCb16MFP7zOW54eYx/zJ/1Jey/E=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71942196\nt0jBkeXT4fpLCFcUfGvPMrTn6cGyGgGput6RoghhPSM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAp55/To5P2lvHGyciQR/vCYaZ5R5972Hzrj7ZIYnqDk0CIQCEZbKDx3oGXIV5S0tYiR+MrDRDDV5ly/Dep8URvrU4xw==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI0YzY4MDUwZjA0OWQxYjRhYzVhYWRkMGRmNWYyNzk0MWMwMzUwZDJhOWU3YWIwOTA3ZWU1ZWI1MjI1ZDlkNmIwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUR4QUFKRUhOaDY3NzJjQUNWNlFtWEVZK3k5UHA1Z2twUlpuZTZmRFFOazRBSWdaMDJVN1BvNFlYNDRZRTFwdHQ3RHh6MDlCSE5XLzRucjhmdzNVUHdkUStNPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4VFowRjNTVUpCWjBsVlNUVjBjMm81VG5wa1ozSlBLelZaYzJ0T2VXOURLM0ZwT0hacmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZFMTVUWHBWTkZkb1kwNU5hbFYzVGtSQk5FMVVUWHBOZWxVMFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZCZGpaVlNsRnRjbXRrWjB4RVlWRmFiWE5tWkRBclowdE1Na1JDTmtsQ2MzVlVVVGNLYjJGMVExRlJNMnc1YUVRcmFIbFdOV1JKWTJGalJXSTJMM2tyWTJaa2MyeHNNRUV3YzBSSFkyWktlSEZKYmt0a1luRlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZpU1VWNENrUk1XVUpOTlVWaFNrdFRUVFF5UjFkUFVTdHdLelJGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdXa3B3VDNkQlFRcENRVTFCVTBSQ1IwRnBSVUUwTVVKSFRqSjJhRGczVmsxWFdqQTBkVTE2TkRGdVNtVTVXR3BJWTJ4U01qVnJXbmx0WjBVMFJXOVZRMGxSUkdOeE1VYzBDbEJsV1dkblltZHpaMHBTU3k5M1FUSnZWQzg1WXpZMlZYUXdNSEkwUmxSMGVrdHdPRzU2UVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV3UVVSQ2JVRnFSVUVLYVZGQllVRmlia3RRTmtKTE1FbFhNMWRUWlVSSmVHOW5UMGw2VG14UE9FRTFXRUpxY0VRck1HZFFUMHBVY21SWVMyeE9ibkIzY2tsbk5VbEZlbFpHZFFwQmFrVkJhVzh2VGs0NGFFUTVObEp3ZVN0MlZUaEhaV3BuTm5oeVIxbFhOMnRFYUdaYVprZG9SRkUzV2tOWVlrYzFheTlWWlRsaGVrVXZLMlJQYkZvekNucG1WV1VLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "TGgFDwSdG0rFqt0N9fJ5QcA1DSqeerCQfuXrUiXZ1rA="}, "signature": "MEUCIQDxAAJEHNh6772cACV6QmXEY+y9Pp5gkpRZne6fDQNk4AIgZ02U7Po4YX44YE1ptt7Dxz09BHNW/4nr8fw3UPwdQ+M="}}
--- a/fix_configure_rst.patch
+++ b/fix_configure_rst.patch
@@ -3,9 +3,11 @@
 Misc/NEWS               |    2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

--- a/Doc/using/configure.rst
-+++ b/Doc/using/configure.rst
-@@ -42,7 +42,6 @@ General Options
+Index: Python-3.10.17/Doc/using/configure.rst
+===================================================================
+--- Python-3.10.17.orig/Doc/using/configure.rst	2025-04-08 14:10:59.000000000 +0200
+++ Python-3.10.17/Doc/using/configure.rst	2025-04-11 10:07:56.572228089 +0200
+@@ -42,7 +42,6 @@
 
    See :data:`sys.int_info.bits_per_digit <sys.int_info>`.
 
@@ -13,7 +15,7 @@
 .. cmdoption:: --with-cxx-main=COMPILER
 
    Compile the Python ``main()`` function and link Python executable with C++
-@@ -473,13 +472,11 @@ macOS Options
+@@ -473,13 +472,11 @@
 
 See ``Mac/README.rst``.
 
@@ -27,9 +29,11 @@
 .. cmdoption:: --enable-framework=INSTALLDIR
 
    Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
-+++ b/Misc/NEWS
-@@ -3810,7 +3810,7 @@ C API
+Index: Python-3.10.17/Misc/NEWS
+===================================================================
+--- Python-3.10.17.orig/Misc/NEWS	2025-04-08 14:10:59.000000000 +0200
+++ Python-3.10.17/Misc/NEWS	2025-04-11 10:07:56.576558000 +0200
+@@ -3903,7 +3903,7 @@
 -----
 
 - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
--- a/python310.changes
+++ b/python310.changes
@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Fri Apr 11 08:12:14 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.10.17:
+  - gh-131809: Update bundled libexpat to 2.7.1
+  - gh-131261: Upgrade to libexpat 2.7.0
+  - gh-105704: When using urllib.parse.urlsplit() and
+    urllib.parse.urlparse() host parsing would not reject domain
+    names containing square brackets ([ and ]). Square brackets
+    are only valid for IPv6 and IPvFuture hosts according to RFC
+    3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
+    gh#python/cpython#105704).
+  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
+    when flattening an email message using a modern email
+    policy. Previously when an encoded-word was too long for
+    a line, it would be decoded, split across lines, and
+    re-encoded. But commas and other special characters in the
+    original text could be left unencoded and unquoted. This
+    could theoretically be used to spoof header lines using a
+    carefully constructed encoded-word if the resulting rendered
+    email was transmitted or re-parsed.
+  - gh-80222: Fix bug in the folding of quoted strings
+    when flattening an email message using a modern email
+    policy. Previously when a quoted string was folded so that
+    it spanned more than one line, the surrounding quotes and
+    internal escapes would be omitted. This could theoretically
+    be used to spoof header lines using a carefully constructed
+    quoted string if the resulting rendered email was transmitted
+    or re-parsed.
+  - gh-119511: Fix a potential denial of service in the imaplib
+    module. When connecting to a malicious server, it could
+    cause an arbitrary amount of memory to be allocated. On many
+    systems this is harmless as unused virtual memory is only
+    a mapping, but if this hit a virtual address size limit
+    it could lead to a MemoryError or other process crash. On
+    unusual systems or builds where all allocated memory is
+    touched and backed by actual ram or storage it could’ve
+    consumed resources doing so until similarly crashing.
+  - gh-127257: In ssl, system call failures that OpenSSL reports
+    using ERR_LIB_SYS are now raised as OSError.
+  - gh-121277: Writers of CPython’s documentation can now use
+    next as the version for the versionchanged, versionadded,
+    deprecated directives.
+- Remote upstreamed patch:
+  - CVE-2025-0938-sq-brackets-domain-names.patch
+
 -------------------------------------------------------------------
 Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>

--- a/python310.spec
+++ b/python310.spec
@@ -108,7 +108,7 @@ Obsoletes:      python39%{?1:-%{1}}
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.10.16
+Version:        3.10.17
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -204,9 +204,6 @@ Patch27:        gh120226-fix-sendfile-test-kernel-610.patch
 # PATCH-FIX-UPSTREAM sphinx-802.patch mcepl@suse.com
 # status_iterator method moved between the Sphinx versions
 Patch28:        sphinx-802.patch
-# PATCH-FIX-UPSTREAM CVE-2025-0938-sq-brackets-domain-names.patch bsc#1236705 mcepl@suse.com
-# functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets
-Patch29:        CVE-2025-0938-sq-brackets-domain-names.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -490,7 +487,6 @@ other applications.
 %patch -p1 -P 24
 %patch -p1 -P 27
 %patch -p1 -P 28
-%patch -p1 -P 29

 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
--- a/sphinx-72.patch
+++ b/sphinx-72.patch
--- a/sphinx-802.patch
+++ b/sphinx-802.patch
@@ -2,9 +2,11 @@
 Doc/tools/extensions/pyspecific.py |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/Doc/tools/extensions/pyspecific.py
-+++ b/Doc/tools/extensions/pyspecific.py
-@@ -27,7 +27,13 @@ try:
+Index: Python-3.10.17/Doc/tools/extensions/pyspecific.py
+===================================================================
+--- Python-3.10.17.orig/Doc/tools/extensions/pyspecific.py	2025-04-11 10:08:04.200327546 +0200
+++ Python-3.10.17/Doc/tools/extensions/pyspecific.py	2025-04-11 10:08:21.185064035 +0200
+@@ -28,7 +28,13 @@
 except ImportError:
     from sphinx.environment import NoUri
 from sphinx.locale import _ as sphinx_gettext
				`@@ -1 +0,0 @@`
				{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlKgAwIBAgIUH4wr+RBSLHxmoLeVWQFWtLrOickwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMjAzMTgzMzQ0WhcNMjQxMjAzMTg0MzQ0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDu7neWfjmWCoWs4toOwMe5ZS5m/Qod/IAYGdai04Qjx+fJ2JKIML8OXa376wmCRg+1mE5N75M5g55sjeH6AW5KOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVxcoODLOP6ce+ffWUlBZ8dQpAtAwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGTjcy6WQAABAMARjBEAiAWKkpOltF6fngTPFPiPrjo6Mnx7DvjTjhy+I9C8a1E8AIgDFHJXkaNO/cRHZCEycDJfdcJrMlDEI+iTAc9GbhJreMwCgYIKoZIzj0EAwMDaAAwZQIwRlcLZ+KTrMXkSOqoeZkRtIMzrMhiRvjoMfcYt7d3zX+t+fDtaywsYIu0WSWNtwLuAjEAk1LM0s1c13zn/l9B9I8YMDJxCiUY2ed5AK523TIy75cmH+IYO7XODOD86YSkytvS"}, "tlogEntries": [{"logIndex": "153123526", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1733250825", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBb+3OGEfIJgweBH+795X/kmenmW5L6lzTaW5mU9DN++AiEAni2MKnETeAsGhc8u0W/Y5AuhYKd14TdRvoUw/bWhzjs="}, "inclusionProof": {"logIndex": "31219264", "rootHash": "EEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=", "treeSize": "31219265", "hashes": ["jy1RZw1zMvGOhV5pYK21mUnw/3hfyXoogDNhzfMT8uA=", "t7CZ1TCAQBidKeIL1f3M7Y3VwBYB2DQeG1Sp8X8Mepc=", "LIvgEWJ5UP1rLp6WPJ2TzjrHAa5MpLpXOdj/yoZvLcM=", "XjayhjKU3shP7q7lhmhKDv3Vpi4gJgAPCu0KlEzc9Qo=", "go1dmexQYS5etu69upRRX7IFvuA0rIcT9aYjMstmPIU=", "AYwr74Bm2w383UnS7DdbZUUAhusq28JoxKpWrQ7OvGQ=", "u+yWmGIR6sAH32wiSy22mz1Yf+jfPdBTjFbyRISuTZw=", "3eFC7Gp4fWecybDOAw9uUTrM1xB7YRYRAGsfYkiQbV8=", "1uKk2qjOliHMiTk906jrchP8mXWsRG8apaU1sa0lfh0=", "oOecFfN3YqDOkbijS/ej1WF5Da/Gt/AZNhbwE9uoOE8=", "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n31219265\nEEDRbQekcBvIu2A3f37wAtzpj3Tu+lPYLi9AUyS4FBY=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiAnUUia2onArhzOpQclqAm9wBFu32/qoYagpd3PkWeELgIhAPUWvc2y6UP8V2I/ABP9HtsQi208X3nuSI8xunycnmZl\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJiZmIyNDk2MDk5OTAyMjA0OTFhMWI5Mjg1MGEwNzEzNWVkMDgzMWU0MTczOGNmNjgxZDYzY2YwMWIyYThmYmQxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUQyYW4xbTUvSWl4clZsYVlpcUMxQmpuamc3eG55MTBxVWw5WHhIM2hJSkNRSWhBS1l4YzRNeTNYTndscEdEU25QTTBjU1gxM3ljMGNnN3BTVVZCS2RrOHZMaiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4TFowRjNTVUpCWjBsVlNEUjNjaXRTUWxOTVNIaHRiMHhsVmxkUlJsZDBUSEpQYVdOcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFxUVhwTlZHZDZUWHBSTUZkb1kwNU5hbEY0VFdwQmVrMVVaekJOZWxFd1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZFZFRkdVpWZG1hbTFYUTI5WGN6UjBiMDkzVFdVMVdsTTFiUzlSYjJRdlNVRlpSMlFLWVdrd05GRnFlQ3RtU2pKS1MwbE5URGhQV0dFek56WjNiVU5TWnlzeGJVVTFUamMxVFRWbk5UVnphbVZJTmtGWE5VdFBRMEZZUlhkblowWjBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZXZUdOdkNrOUVURTlRTm1ObEsyWm1WMVZzUWxvNFpGRndRWFJCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRLUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJYzBVS1pWRkNNMEZJVlVFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxUnFZM2syVjFGQlFRcENRVTFCVW1wQ1JVRnBRVmRMYTNCUGJIUkdObVp1WjFSUVJsQnBVSEpxYnpaTmJuZzNSSFpxVkdwb2VTdEpPVU00WVRGRk9FRkpaMFJHU0VwWWEyRk9Dazh2WTFKSVdrTkZlV05FU21aa1kwcHlUV3hFUlVrcmFWUkJZemxIWW1oS2NtVk5kME5uV1VsTGIxcEplbW93UlVGM1RVUmhRVUYzV2xGSmQxSnNZMHdLV2l0TFZISk5XR3RUVDNGdlpWcHJVblJKVFhweVRXaHBVblpxYjAxbVkxbDBOMlF6ZWxncmRDdG1SSFJoZVhkeldVbDFNRmRUVjA1MGQweDFRV3BGUVFwck1VeE5NSE14WXpFemVtNHZiRGxDT1VrNFdVMUVTbmhEYVZWWk1tVmtOVUZMTlRJelZFbDVOelZqYlVnclNWbFBOMWhQUkU5RU9EWlpVMnQ1ZEhaVENpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "v7JJYJmQIgSRobkoUKBxNe0IMeQXOM9oHWPPAbKo+9E="}, "signature": "MEYCIQD2an1m5/IixrVlaYiqC1Bjnjg7xny10qUl9XxH3hIJCQIhAKYxc4My3XNwlpGDSnPM0cSX13yc0cg7pSUVBKdk8vLj"}}
				`@@ -0,0 +1 @@`
				{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlSgAwIBAgIUI5tsj9NzdgrO+5YskNyoC+qi8vkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNDA4MTMyMzU4WhcNMjUwNDA4MTMzMzU4WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAv6UJQmrkdgLDaQZmsfd0+gKL2DB6IBsuTQ7oauCQQ3l9hD+hyV5dIcacEb6/y+cfdsll0A0sDGcfJxqInKdbqOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUbIExDLYBM5EaJKSM42GWOQ+p+4EwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGWFZJpOwAABAMASDBGAiEA41BGN2vh87VMWZ04uMz41nJe9XjHclR25kZymgE4EoUCIQDcq1G4PeYggbgsgJRK/wA2oT/9c66Ut00r4FTtzKp8nzAKBggqhkjOPQQDAwNpADBmAjEAiQAaAbnKP6BK0IW3WSeDIxogOIzNlO8A5XBjpD+0gPOJTrdXKlNnpwrIg5IEzVFuAjEAio/NN8hD96Rpy+vU8Gejg6xrGYW7kDhfZfGhDQ7ZCXbG5k/Ue9azE/+dOlZ3zfUe"}, "tlogEntries": [{"logIndex": "193846451", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1744118639", "inclusionPromise": {"signedEntryTimestamp": "MEUCIFxLjN8+W16mUiOJzYXkED4rZG+LGsnmcbCknQ+GXGhuAiEA6ARsL3PI6HN7vz2jY2Ef3lzIUqNXJ3fFN08xH1LdWyM="}, "inclusionProof": {"logIndex": "71942189", "rootHash": "t0jBkeXT4fpLCFcUfGvPMrTn6cGyGgGput6RoghhPSM=", "treeSize": "71942196", "hashes": ["+smebvByxaA1Ma1XWJKpZpS5bT3MTjkWgbE8QsnP7iM=", "KTftkiWp8T5wzTX2uRjjb9cOPgzQYm12kVViECWEcF0=", "eT+T8QsO14DNUNRvdA8DN3nkWATbZNBttN7hMwLhDRs=", "/cpMfdkyRFEgNofmHSovLaOnUrMdzl1GlnYJQ83emgU=", "yYb3Qj3G9bz700MryqKxLQkwbVYczRq5u/0VXtsPV2Y=", "yOOivaVwYhqQJnOzhyJxD03KD1BxbsqOm30ZuiDpf6M=", "Pz/WMQQ6nBmkX4L+rVteCufItRYXtXpzlTBnxzaVr8E=", "cuMOBvg9q/3wCGMfCdrFlvXHmcIXecnD3xPny77dAWw=", "wz8AVqzGBjixNiXtnCb16MFP7zOW54eYx/zJ/1Jey/E=", "K26LG80DXyb+bC58c4Nw00WigG52v0PCsZGY3ExGsts=", "WEm5OgPzJpYROv+4CcrieexCYyQKrLUH3hbxmcQQ+DM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n71942196\nt0jBkeXT4fpLCFcUfGvPMrTn6cGyGgGput6RoghhPSM=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAp55/To5P2lvHGyciQR/vCYaZ5R5972Hzrj7ZIYnqDk0CIQCEZbKDx3oGXIV5S0tYiR+MrDRDDV5ly/Dep8URvrU4xw==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI0YzY4MDUwZjA0OWQxYjRhYzVhYWRkMGRmNWYyNzk0MWMwMzUwZDJhOWU3YWIwOTA3ZWU1ZWI1MjI1ZDlkNmIwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUR4QUFKRUhOaDY3NzJjQUNWNlFtWEVZK3k5UHA1Z2twUlpuZTZmRFFOazRBSWdaMDJVN1BvNFlYNDRZRTFwdHQ3RHh6MDlCSE5XLzRucjhmdzNVUHdkUStNPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4VFowRjNTVUpCWjBsVlNUVjBjMm81VG5wa1ozSlBLelZaYzJ0T2VXOURLM0ZwT0hacmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVFUVRSTlZFMTVUWHBWTkZkb1kwNU5hbFYzVGtSQk5FMVVUWHBOZWxVMFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZCZGpaVlNsRnRjbXRrWjB4RVlWRmFiWE5tWkRBclowdE1Na1JDTmtsQ2MzVlVVVGNLYjJGMVExRlJNMnc1YUVRcmFIbFdOV1JKWTJGalJXSTJMM2tyWTJaa2MyeHNNRUV3YzBSSFkyWktlSEZKYmt0a1luRlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZpU1VWNENrUk1XVUpOTlVWaFNrdFRUVFF5UjFkUFVTdHdLelJGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxZEdXa3B3VDNkQlFRcENRVTFCVTBSQ1IwRnBSVUUwTVVKSFRqSjJhRGczVmsxWFdqQTBkVTE2TkRGdVNtVTVXR3BJWTJ4U01qVnJXbmx0WjBVMFJXOVZRMGxSUkdOeE1VYzBDbEJsV1dkblltZHpaMHBTU3k5M1FUSnZWQzg1WXpZMlZYUXdNSEkwUmxSMGVrdHdPRzU2UVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV3UVVSQ2JVRnFSVUVLYVZGQllVRmlia3RRTmtKTE1FbFhNMWRUWlVSSmVHOW5UMGw2VG14UE9FRTFXRUpxY0VRck1HZFFUMHBVY21SWVMyeE9ibkIzY2tsbk5VbEZlbFpHZFFwQmFrVkJhVzh2VGs0NGFFUTVObEp3ZVN0MlZUaEhaV3BuTm5oeVIxbFhOMnRFYUdaYVprZG9SRkUzV2tOWVlrYzFheTlWWlRsaGVrVXZLMlJQYkZvekNucG1WV1VLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "TGgFDwSdG0rFqt0N9fJ5QcA1DSqeerCQfuXrUiXZ1rA="}, "signature": "MEUCIQDxAAJEHNh6772cACV6QmXEY+y9Pp5gkpRZne6fDQNk4AIgZ02U7Po4YX44YE1ptt7Dxz09BHNW/4nr8fw3UPwdQ+M="}}