Update to 3.13.11

Fix readline history truncation when length is reduced

  The `readline.set_history_length()` function did not previously
  truncate the in-memory history when the new length was set to
  a value smaller than the current number of history items. This
  could lead to unexpected behavior where `get_history_length()`
  would still report the old length and writing the history to a
  file would write more entries than the new limit.

  This patch modifies `set_history_length()` to explicitly
  remove the oldest history entries using `remove_history()`
  when the length is decreased, ensuring the in-memory history
  is correctly truncated to the new limit. This brings the
  function's behavior in line with expectations and fixes
  failures in `test_write_read_limited_history`.

.gitattributes

@@ -21,3 +21,4 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+*.changes merge=merge-changes

.gitignore

@@ -0,0 +1,6 @@
+.osc
+*.obscpio
+*.osc
+_build.*
+.pbuild
+python313-*-build/

CVE-2025-6069-quad-complex-HTMLParser.patch

@@ -1,247 +0,0 @@
-From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka <storchaka@gmail.com>
-Date: Fri, 13 Jun 2025 19:57:48 +0300
-Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special
- input in HTMLParser (GH-135464)
-
-End-of-file errors are now handled according to the HTML5 specs --
-comments and declarations are automatically closed, tags are ignored.
-(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41)
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
----
- Lib/html/parser.py                                                       |   41 +++-
- Lib/test/test_htmlparser.py                                              |   97 +++++++---
- Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst |    4 
- 3 files changed, 111 insertions(+), 31 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
-
-Index: Python-3.13.5/Lib/html/parser.py
-===================================================================
---- Python-3.13.5.orig/Lib/html/parser.py	2025-06-11 17:36:57.000000000 +0200
-+++ Python-3.13.5/Lib/html/parser.py	2025-07-02 16:49:52.020175099 +0200
-@@ -27,6 +27,7 @@
- attr_charref = re.compile(r'&(#[0-9]+|#[xX][0-9a-fA-F]+|[a-zA-Z][a-zA-Z0-9]*)[;=]?')
- 
- starttagopen = re.compile('<[a-zA-Z]')
-+endtagopen = re.compile('</[a-zA-Z]')
- piclose = re.compile('>')
- commentclose = re.compile(r'--\s*>')
- # Note:
-@@ -195,7 +196,7 @@
-                     k = self.parse_pi(i)
-                 elif startswith("<!", i):
-                     k = self.parse_html_declaration(i)
--                elif (i + 1) < n:
-+                elif (i + 1) < n or end:
-                     self.handle_data("<")
-                     k = i + 1
-                 else:
-@@ -203,17 +204,35 @@
-                 if k < 0:
-                     if not end:
-                         break
--                    k = rawdata.find('>', i + 1)
--                    if k < 0:
--                        k = rawdata.find('<', i + 1)
--                        if k < 0:
--                            k = i + 1
-+                    if starttagopen.match(rawdata, i):  # < + letter
-+                        pass
-+                    elif startswith("</", i):
-+                        if i + 2 == n:
-+                            self.handle_data("</")
-+                        elif endtagopen.match(rawdata, i):  # </ + letter
-+                            pass
-+                        else:
-+                            # bogus comment
-+                            self.handle_comment(rawdata[i+2:])
-+                    elif startswith("<!--", i):
-+                        j = n
-+                        for suffix in ("--!", "--", "-"):
-+                            if rawdata.endswith(suffix, i+4):
-+                                j -= len(suffix)
-+                                break
-+                        self.handle_comment(rawdata[i+4:j])
-+                    elif startswith("<![CDATA[", i):
-+                        self.unknown_decl(rawdata[i+3:])
-+                    elif rawdata[i:i+9].lower() == '<!doctype':
-+                        self.handle_decl(rawdata[i+2:])
-+                    elif startswith("<!", i):
-+                        # bogus comment
-+                        self.handle_comment(rawdata[i+2:])
-+                    elif startswith("<?", i):
-+                        self.handle_pi(rawdata[i+2:])
-                     else:
--                        k += 1
--                    if self.convert_charrefs and not self.cdata_elem:
--                        self.handle_data(unescape(rawdata[i:k]))
--                    else:
--                        self.handle_data(rawdata[i:k])
-+                        raise AssertionError("we should not get here!")
-+                    k = n
-                 i = self.updatepos(i, k)
-             elif startswith("&#", i):
-                 match = charref.match(rawdata, i)
-Index: Python-3.13.5/Lib/test/test_htmlparser.py
-===================================================================
---- Python-3.13.5.orig/Lib/test/test_htmlparser.py	2025-06-11 17:36:57.000000000 +0200
-+++ Python-3.13.5/Lib/test/test_htmlparser.py	2025-07-02 16:49:52.020821697 +0200
-@@ -5,6 +5,7 @@
- import unittest
- 
- from unittest.mock import patch
-+from test import support
- 
- 
- class EventCollector(html.parser.HTMLParser):
-@@ -430,28 +431,34 @@
-                             ('data', '<'),
-                             ('starttag', 'bc<', [('a', None)]),
-                             ('endtag', 'html'),
--                            ('data', '\n<img src="URL>'),
--                            ('comment', '/img'),
--                            ('endtag', 'html<')])
-+                            ('data', '\n')])
- 
-     def test_starttag_junk_chars(self):
-+        self._run_check("<", [('data', '<')])
-+        self._run_check("<>", [('data', '<>')])
-+        self._run_check("< >", [('data', '< >')])
-+        self._run_check("< ", [('data', '< ')])
-         self._run_check("</>", [])
-+        self._run_check("<$>", [('data', '<$>')])
-         self._run_check("</$>", [('comment', '$')])
-         self._run_check("</", [('data', '</')])
--        self._run_check("</a", [('data', '</a')])
-+        self._run_check("</a", [])
-+        self._run_check("</ a>", [('endtag', 'a')])
-+        self._run_check("</ a", [('comment', ' a')])
-         self._run_check("<a<a>", [('starttag', 'a<a', [])])
-         self._run_check("</a<a>", [('endtag', 'a<a')])
--        self._run_check("<!", [('data', '<!')])
--        self._run_check("<a", [('data', '<a')])
--        self._run_check("<a foo='bar'", [('data', "<a foo='bar'")])
--        self._run_check("<a foo='bar", [('data', "<a foo='bar")])
--        self._run_check("<a foo='>'", [('data', "<a foo='>'")])
--        self._run_check("<a foo='>", [('data', "<a foo='>")])
-+        self._run_check("<!", [('comment', '')])
-+        self._run_check("<a", [])
-+        self._run_check("<a foo='bar'", [])
-+        self._run_check("<a foo='bar", [])
-+        self._run_check("<a foo='>'", [])
-+        self._run_check("<a foo='>", [])
-         self._run_check("<a$>", [('starttag', 'a$', [])])
-         self._run_check("<a$b>", [('starttag', 'a$b', [])])
-         self._run_check("<a$b/>", [('startendtag', 'a$b', [])])
-         self._run_check("<a$b  >", [('starttag', 'a$b', [])])
-         self._run_check("<a$b  />", [('startendtag', 'a$b', [])])
-+        self._run_check("</a$b>", [('endtag', 'a$b')])
- 
-     def test_slashes_in_starttag(self):
-         self._run_check('<a foo="var"/>', [('startendtag', 'a', [('foo', 'var')])])
-@@ -576,21 +583,50 @@
-         for html, expected in data:
-             self._run_check(html, expected)
- 
--    def test_EOF_in_comments_or_decls(self):
-+    def test_eof_in_comments(self):
-         data = [
--            ('<!', [('data', '<!')]),
--            ('<!-', [('data', '<!-')]),
--            ('<!--', [('data', '<!--')]),
--            ('<![', [('data', '<![')]),
--            ('<![CDATA[', [('data', '<![CDATA[')]),
--            ('<![CDATA[x', [('data', '<![CDATA[x')]),
--            ('<!DOCTYPE', [('data', '<!DOCTYPE')]),
--            ('<!DOCTYPE HTML', [('data', '<!DOCTYPE HTML')]),
-+            ('<!--', [('comment', '')]),
-+            ('<!---', [('comment', '')]),
-+            ('<!----', [('comment', '')]),
-+            ('<!-----', [('comment', '-')]),
-+            ('<!------', [('comment', '--')]),
-+            ('<!----!', [('comment', '')]),
-+            ('<!---!', [('comment', '-!')]),
-+            ('<!---!>', [('comment', '-!>')]),
-+            ('<!--foo', [('comment', 'foo')]),
-+            ('<!--foo-', [('comment', 'foo')]),
-+            ('<!--foo--', [('comment', 'foo')]),
-+            ('<!--foo--!', [('comment', 'foo')]),
-+            ('<!--<!--', [('comment', '<!')]),
-+            ('<!--<!--!', [('comment', '<!')]),
-         ]
-         for html, expected in data:
-             self._run_check(html, expected)
-+
-+    def test_eof_in_declarations(self):
-+        data = [
-+            ('<!', [('comment', '')]),
-+            ('<!-', [('comment', '-')]),
-+            ('<![', [('comment', '[')]),
-+            ('<![CDATA[', [('unknown decl', 'CDATA[')]),
-+            ('<![CDATA[x', [('unknown decl', 'CDATA[x')]),
-+            ('<![CDATA[x]', [('unknown decl', 'CDATA[x]')]),
-+            ('<![CDATA[x]]', [('unknown decl', 'CDATA[x]]')]),
-+            ('<!DOCTYPE', [('decl', 'DOCTYPE')]),
-+            ('<!DOCTYPE ', [('decl', 'DOCTYPE ')]),
-+            ('<!DOCTYPE html', [('decl', 'DOCTYPE html')]),
-+            ('<!DOCTYPE html ', [('decl', 'DOCTYPE html ')]),
-+            ('<!DOCTYPE html PUBLIC', [('decl', 'DOCTYPE html PUBLIC')]),
-+            ('<!DOCTYPE html PUBLIC "foo', [('decl', 'DOCTYPE html PUBLIC "foo')]),
-+            ('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo',
-+             [('decl', 'DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo')]),
-+        ]
-+        for html, expected in data:
-+            self._run_check(html, expected)
-+
-     def test_bogus_comments(self):
--        html = ('<! not really a comment >'
-+        html = ('<!ELEMENT br EMPTY>'
-+                '<! not really a comment >'
-                 '<! not a comment either -->'
-                 '<! -- close enough -->'
-                 '<!><!<-- this was an empty comment>'
-@@ -604,6 +640,7 @@
-                 '<![CDATA]]>'  # required '[' after CDATA
-         )
-         expected = [
-+            ('comment', 'ELEMENT br EMPTY'),
-             ('comment', ' not really a comment '),
-             ('comment', ' not a comment either --'),
-             ('comment', ' -- close enough --'),
-@@ -684,6 +721,26 @@
-              ('endtag', 'a'), ('data', ' bar & baz')]
-         )
- 
-+    @support.requires_resource('cpu')
-+    def test_eof_no_quadratic_complexity(self):
-+        # Each of these examples used to take about an hour.
-+        # Now they take a fraction of a second.
-+        def check(source):
-+            parser = html.parser.HTMLParser()
-+            parser.feed(source)
-+            parser.close()
-+        n = 120_000
-+        check("<a " * n)
-+        check("<a a=" * n)
-+        check("</a " * 14 * n)
-+        check("</a a=" * 11 * n)
-+        check("<!--" * 4 * n)
-+        check("<!" * 60 * n)
-+        check("<?" * 19 * n)
-+        check("</$" * 15 * n)
-+        check("<![CDATA[" * 9 * n)
-+        check("<!doctype" * 35 * n)
-+
- 
- class AttributesTestCase(TestCaseBase):
- 
-Index: Python-3.13.5/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.13.5/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst	2025-07-02 16:49:52.021124951 +0200
-@@ -0,0 +1,4 @@
-+Fix quadratic complexity in processing specially crafted input in
-+:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
-+to the HTML5 specs -- comments and declarations are automatically closed,
-+tags are ignored.

CVE-2025-8194-tarfile-no-neg-offsets.patch

@@ -1,212 +0,0 @@
-From fd29bcd380150035ef825b762d8cd085bdab6e53 Mon Sep 17 00:00:00 2001
-From: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Date: Mon, 28 Jul 2025 17:37:26 +0200
-Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member
- offsets are non-negative (GH-137027) (cherry picked from commit
- 7040aa54f14676938970e10c5f74ea93cd56aa38)
-
-Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
----
- Lib/tarfile.py                                                          |    3 
- Lib/test/test_tarfile.py                                                |  156 ++++++++++
- Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst |    3 
- 3 files changed, 162 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-
-Index: Python-3.13.5/Lib/tarfile.py
-===================================================================
---- Python-3.13.5.orig/Lib/tarfile.py	2025-08-01 22:13:44.185826095 +0200
-+++ Python-3.13.5/Lib/tarfile.py	2025-08-01 22:13:45.524140183 +0200
-@@ -1636,6 +1636,9 @@
-         """Round up a byte count by BLOCKSIZE and return it,
-            e.g. _block(834) => 1024.
-         """
-+        # Only non-negative offsets are allowed
-+        if count < 0:
-+            raise InvalidHeaderError("invalid offset")
-         blocks, remainder = divmod(count, BLOCKSIZE)
-         if remainder:
-             blocks += 1
-Index: Python-3.13.5/Lib/test/test_tarfile.py
-===================================================================
---- Python-3.13.5.orig/Lib/test/test_tarfile.py	2025-06-11 17:36:57.000000000 +0200
-+++ Python-3.13.5/Lib/test/test_tarfile.py	2025-08-01 22:13:45.524778259 +0200
-@@ -50,6 +50,7 @@
- xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
- tmpname = os.path.join(TEMPDIR, "tmp.tar")
- dotlessname = os.path.join(TEMPDIR, "testtar")
-+SPACE = b" "
- 
- sha256_regtype = (
-     "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
-@@ -4578,6 +4579,161 @@
-         ar.extractall(self.testdir, filter='fully_trusted')
- 
- 
-+class OffsetValidationTests(unittest.TestCase):
-+    tarname = tmpname
-+    invalid_posix_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011407" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 6 bytes, version: 2 bytes
-+        + tarfile.POSIX_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # devminor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # prefix: 155 bytes
-+        + tarfile.NUL * tarfile.LENGTH_PREFIX
-+        # padding: 12 bytes
-+        + tarfile.NUL * 12
-+    )
-+    invalid_gnu_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, null terminator: 8 bytes
-+        + b"0000755" + tarfile.NUL
-+        # uid, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011327" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 8 bytes
-+        + tarfile.GNU_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # devminor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # padding: 167 bytes
-+        + tarfile.NUL * 167
-+    )
-+    invalid_v7_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0010070" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # padding: 255 bytes
-+        + tarfile.NUL * 255
-+    )
-+    valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
-+    data_block = b"\xff" * tarfile.BLOCKSIZE
-+
-+    def _write_buffer(self, buffer):
-+        with open(self.tarname, "wb") as f:
-+            f.write(buffer)
-+
-+    def _get_members(self, ignore_zeros=None):
-+        with open(self.tarname, "rb") as f:
-+            with tarfile.open(
-+                mode="r", fileobj=f, ignore_zeros=ignore_zeros
-+            ) as tar:
-+                return tar.getmembers()
-+
-+    def _assert_raises_read_error_exception(self):
-+        with self.assertRaisesRegex(
-+            tarfile.ReadError, "file could not be opened successfully"
-+        ):
-+            self._get_members()
-+
-+    def test_invalid_offset_header_validations(self):
-+        for tar_format, invalid_header in (
-+            ("posix", self.invalid_posix_header),
-+            ("gnu", self.invalid_gnu_header),
-+            ("v7", self.invalid_v7_header),
-+        ):
-+            with self.subTest(format=tar_format):
-+                self._write_buffer(invalid_header)
-+                self._assert_raises_read_error_exception()
-+
-+    def test_early_stop_at_invalid_offset_header(self):
-+        buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
-+        self._write_buffer(buffer)
-+        members = self._get_members()
-+        self.assertEqual(len(members), 1)
-+        self.assertEqual(members[0].name, "filename")
-+        self.assertEqual(members[0].offset, 0)
-+
-+    def test_ignore_invalid_archive(self):
-+        # 3 invalid headers with their respective data
-+        buffer = (self.invalid_gnu_header + self.data_block) * 3
-+        self._write_buffer(buffer)
-+        members = self._get_members(ignore_zeros=True)
-+        self.assertEqual(len(members), 0)
-+
-+    def test_ignore_invalid_offset_headers(self):
-+        for first_block, second_block, expected_offset in (
-+            (
-+                (self.valid_gnu_header),
-+                (self.invalid_gnu_header + self.data_block),
-+                0,
-+            ),
-+            (
-+                (self.invalid_gnu_header + self.data_block),
-+                (self.valid_gnu_header),
-+                1024,
-+            ),
-+        ):
-+            self._write_buffer(first_block + second_block)
-+            members = self._get_members(ignore_zeros=True)
-+            self.assertEqual(len(members), 1)
-+            self.assertEqual(members[0].name, "filename")
-+            self.assertEqual(members[0].offset, expected_offset)
-+
-+
- def setUpModule():
-     os_helper.unlink(TEMPDIR)
-     os.makedirs(TEMPDIR)
-Index: Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:13:45.525174751 +0200
-@@ -0,0 +1,3 @@
-+:mod:`tarfile` now validates archives to ensure member offsets are
-+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
-+:gh:`130577`.)

F00251-change-user-install-location.patch

@@ -28,10 +28,10 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
  Lib/test/test_sysconfig.py |   17 +++++++++++--
  2 files changed, 67 insertions(+), 7 deletions(-)
 
-Index: Python-3.13.3/Lib/sysconfig/__init__.py
+Index: Python-3.13.9/Lib/sysconfig/__init__.py
 ===================================================================
---- Python-3.13.3.orig/Lib/sysconfig/__init__.py	2025-04-08 15:54:08.000000000 +0200
-+++ Python-3.13.3/Lib/sysconfig/__init__.py	2025-04-11 21:52:31.769387873 +0200
+--- Python-3.13.9.orig/Lib/sysconfig/__init__.py	2025-10-14 15:52:31.000000000 +0200
++++ Python-3.13.9/Lib/sysconfig/__init__.py	2025-11-04 17:41:28.521141323 +0100
 @@ -106,6 +106,11 @@
  else:
      _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv']
@@ -128,10 +128,10 @@ Index: Python-3.13.3/Lib/sysconfig/__init__.py
      _CONFIG_VARS['py_version'] = _PY_VERSION
      _CONFIG_VARS['py_version_short'] = _PY_VERSION_SHORT
      _CONFIG_VARS['py_version_nodot'] = _PY_VERSION_SHORT_NO_DOT
-Index: Python-3.13.3/Lib/test/test_sysconfig.py
+Index: Python-3.13.9/Lib/test/test_sysconfig.py
 ===================================================================
---- Python-3.13.3.orig/Lib/test/test_sysconfig.py	2025-04-08 15:54:08.000000000 +0200
-+++ Python-3.13.3/Lib/test/test_sysconfig.py	2025-04-11 21:52:31.769841915 +0200
+--- Python-3.13.9.orig/Lib/test/test_sysconfig.py	2025-10-14 15:52:31.000000000 +0200
++++ Python-3.13.9/Lib/test/test_sysconfig.py	2025-11-04 17:41:28.521386489 +0100
 @@ -130,8 +130,19 @@
          for scheme in _INSTALL_SCHEMES:
              for name in _INSTALL_SCHEMES[scheme]:
@@ -153,7 +153,7 @@ Index: Python-3.13.3/Lib/test/test_sysconfig.py
                      os.path.normpath(expected),
                  )
  
-@@ -386,7 +397,7 @@
+@@ -393,7 +404,7 @@
          self.assertTrue(os.path.isfile(config_h), config_h)
  
      def test_get_scheme_names(self):
@@ -162,7 +162,7 @@ Index: Python-3.13.3/Lib/test/test_sysconfig.py
          if HAS_USER_BASE:
              wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
          self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
-@@ -398,6 +409,8 @@
+@@ -405,6 +416,8 @@
              cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
              self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))
  

Python-3.13.11.tar.xz.sigstore

@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyTCCAk+gAwIBAgIUMZ9OrU89PmgWXWiYxq/s1e8xVkkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMjA1MTY1NjU1WhcNMjUxMjA1MTcwNjU1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ3Wq/mhAIwL1ZNOiCgOmVYXqwl8rWBi+hwTYY+NJLvmuRW7wblbWyTJ1RSZrS9dVGhVdWZP7tT2hvkt56ibycaOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUCukYhSJA3LGmELdmyGSLM/sNqPowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGa73H4UAAABAMARjBEAiAoqadI7BCu3G3jmK140KSkRC+uTKIS7K/yAUtT8zfdiwIgV51hPZZYKSjHglktFhqcxzHLdRyb96/caoR4m+DHvT8wCgYIKoZIzj0EAwMDaAAwZQIwSuCW4+VibjHM96ArSncpYew+tvp7bMlc21AHsgr12ZO6p//IiSdjJlqOTpYwCWtFAjEA0BxY6Y7zl4+baG4+BZ+EEiwDwoCOVTR7ORMuDYeZ/Dy6g47hohxRqtssCYdRKRZq"}, "tlogEntries": [{"logIndex": "743450012", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1764953815", "inclusionPromise": {"signedEntryTimestamp": "MEQCIFAmMfakwQScJ3jGB7ufmmWcvXbT/sQYyb/iIbRyJXYmAiB25k62mSSsvteAacdB4SjQJ100UGRI02mHOZykKqirrQ=="}, "inclusionProof": {"logIndex": "621545750", "rootHash": "lTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=", "treeSize": "621545755", "hashes": ["FqRC4Ydg7KClKWZIe5BLdSoxPOl3L+wXnnctnBbxa5E=", "hyHMJXZjRrPr7N8JDpms6tqWbIuqgBLKkoDomNSzO8g=", "XV5KmKAmcumiCPrjB89usazCvsWagxoKoI5P3Rn5mDQ=", "FKJNSf/yPWGSGCwEZ4ybeMVy+zECYaK/u2yKEboKDQs=", "4wbyhSYvHHiszMmrsBtjXwOt9um81zByZQLFAXJAu0g=", "q0tC4xtUswgodVV8T7OYpkNlp/XC4qAM541kvTHkq4o=", "se5pDnKcF+idDdO0PdbWjF+rFNUWlCzxj+pSmkASRQU=", "YYvp7Leoq6lF3zEs+Bux7BQt/UrxFbOOJAwVroBevek=", "pQtmpjszxrel2u+2I5HrLBwlwvhc19nfAUsa5EHZAe4=", "0jEq6eagxqoSOor9OR//fY6uOsPzLaE1q1n9tZRzfSc=", "ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n621545755\nlTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAS9t8HEV2fPKq2rB20KvscWBUzqlzyZr6asuXxp8whiAIgUxc+PuVjTYduOZ2zKNeaSos22BXxAn7hKgxBroQmIkE=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIxNmVkZTdiYjdjZGJmYTg5NWQxMWIwNjQyZmEwZTUyM2YyOTFlNjQ4NzE5NGQ1M2NmNmQzYjMzOGMzYTE3ZWEyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURENENYVTNMNGlMSkVCb0xFSVlnVU5kTXhjN3VENWdMcUgyeXRFNFQxTnd3SWdKbHBhMHJFbDV0MGdtbTlTYzRoQnpFOG9QK2JLSlVZeExUTmd4dEdnSmo0PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVWRU5EUVdzclowRjNTVUpCWjBsVlRWbzVUM0pWT0RsUWJXZFhXRmRwV1hoeEwzTXhaVGg0Vm10cmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFxUVRGTlZGa3hUbXBWTVZkb1kwNU5hbFY0VFdwQk1VMVVZM2RPYWxVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZSTTFkeEwyMW9RVWwzVERGYVRrOXBRMmRQYlZaWldIRjNiRGh5VjBKcEsyaDNWRmtLV1N0T1NreDJiWFZTVnpkM1lteGlWM2xVU2pGU1UxcHlVemxrVmtkb1ZtUlhXbEEzZEZReWFIWnJkRFUyYVdKNVkyRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZEZFd0WkNtaFRTa0V6VEVkdFJVeGtiWGxIVTB4TkwzTk9jVkJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWVRjelNEUlZRVUZCUWtGTlFRcFNha0pGUVdsQmIzRmhaRWszUWtOMU0wY3phbTFMTVRRd1MxTnJVa01yZFZSTFNWTTNTeTk1UVZWMFZEaDZabVJwZDBsblZqVXhhRkJhV2xsTFUycElDbWRzYTNSR2FIRmplSHBJVEdSU2VXSTVOaTlqWVc5U05HMHJSRWgyVkRoM1EyZFpTVXR2V2tsNmFqQkZRWGROUkdGQlFYZGFVVWwzVTNWRFZ6UXJWbWtLWW1wSVRUazJRWEpUYm1Od1dXVjNLM1IyY0RkaVRXeGpNakZCU0hObmNqRXlXazgyY0M4dlNXbFRaR3BLYkhGUFZIQlpkME5YZEVaQmFrVkJNRUo0V1FvMldUZDZiRFFyWW1GSE5DdENXaXRGUldsM1JIZHZRMDlXVkZJM1QxSk5kVVJaWlZvdlJIazJaelEzYUc5b2VGSnhkSE56UTFsa1VrdFNXbkVLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Fu3nu3zb+oldEbBkL6DlI/KR5khxlNU89tOzOMOhfqI="}, "signature": "MEUCIQDD4CXU3L4iLJEBoLEIYgUNdMxc7uD5gLqH2ytE4T1NwwIgJlpa0rEl5t0gmm9Sc4hBzE8oP+bKJUYxLTNgxtGgJj4="}}

doc-py38-to-py36.patch

@@ -27,10 +27,10 @@
  Doc/tools/extensions/pydoc_topics.py          |   22 +++++-----
  18 files changed, 159 insertions(+), 130 deletions(-)
 
-Index: Python-3.13.5/Doc/Makefile
+Index: Python-3.13.11/Doc/Makefile
 ===================================================================
---- Python-3.13.5.orig/Doc/Makefile	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/Makefile	2025-06-12 21:38:04.908380762 +0200
+--- Python-3.13.11.orig/Doc/Makefile	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/Makefile	2025-12-18 23:36:11.845184450 +0100
 @@ -14,15 +14,15 @@
  SOURCES      =
  DISTVERSION  = $(shell $(PYTHON) tools/extensions/patchlevel.py)
@@ -51,10 +51,10 @@ Index: Python-3.13.5/Doc/Makefile
                  $(PAPEROPT_$(PAPER)) \
                  $(SPHINXOPTS) $(SPHINXERRORHANDLING) \
                  . build/$(BUILDER) $(SOURCES)
-Index: Python-3.13.5/Doc/c-api/arg.rst
+Index: Python-3.13.11/Doc/c-api/arg.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/c-api/arg.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/c-api/arg.rst	2025-06-12 21:38:04.908705133 +0200
+--- Python-3.13.11.orig/Doc/c-api/arg.rst	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/c-api/arg.rst	2025-12-18 23:36:11.845570257 +0100
 @@ -334,7 +334,6 @@
     should raise an exception and leave the content of *address* unmodified.
  
@@ -63,10 +63,10 @@ Index: Python-3.13.5/Doc/c-api/arg.rst
  
     If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
     second time if the argument parsing eventually fails, giving the converter a
-Index: Python-3.13.5/Doc/c-api/typeobj.rst
+Index: Python-3.13.11/Doc/c-api/typeobj.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/c-api/typeobj.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/c-api/typeobj.rst	2025-06-12 21:38:04.908874058 +0200
+--- Python-3.13.11.orig/Doc/c-api/typeobj.rst	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/c-api/typeobj.rst	2025-12-18 23:36:11.846211337 +0100
 @@ -610,7 +610,7 @@
     Functions like :c:func:`PyObject_NewVar` will take the value of N as an
     argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +97,10 @@ Index: Python-3.13.5/Doc/c-api/typeobj.rst
     include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
     whether :c:member:`~PyVarObject.ob_size` should be included). These are
     usually defined by the macro :c:macro:`PyObject_HEAD` or
-Index: Python-3.13.5/Doc/conf.py
+Index: Python-3.13.11/Doc/conf.py
 ===================================================================
---- Python-3.13.5.orig/Doc/conf.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/conf.py	2025-06-12 21:38:04.909609597 +0200
+--- Python-3.13.11.orig/Doc/conf.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/conf.py	2025-12-18 23:36:11.846742416 +0100
 @@ -11,6 +11,8 @@
  from importlib import import_module
  from importlib.util import find_spec
@@ -127,7 +127,7 @@ Index: Python-3.13.5/Doc/conf.py
  '''
  
  manpages_url = 'https://manpages.debian.org/{path}'
-@@ -92,7 +94,7 @@
+@@ -96,7 +98,7 @@
  
  # Minimum version of sphinx required
  # Keep this version in sync with ``Doc/requirements.txt``.
@@ -136,7 +136,7 @@ Index: Python-3.13.5/Doc/conf.py
  
  # Create table of contents entries for domain objects (e.g. functions, classes,
  # attributes, etc.). Default is True.
-@@ -323,6 +325,9 @@
+@@ -246,6 +248,9 @@
  # Avoid a warning with Sphinx >= 4.0
  root_doc = 'contents'
  
@@ -146,7 +146,7 @@ Index: Python-3.13.5/Doc/conf.py
  # Allow translation of index directives
  gettext_additional_targets = [
      'index',
-@@ -362,7 +367,7 @@
+@@ -285,7 +290,7 @@
  # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
  is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
  repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -155,7 +155,7 @@ Index: Python-3.13.5/Doc/conf.py
  html_context = {
      "is_deployment_preview": is_deployment_preview,
      "repository_url": repository_url or None,
-@@ -607,6 +612,16 @@
+@@ -551,6 +556,16 @@
  }
  extlinks_detect_hardcoded_links = True
  
@@ -172,22 +172,22 @@ Index: Python-3.13.5/Doc/conf.py
  # Options for c_annotations extension
  # -----------------------------------
  
-Index: Python-3.13.5/Doc/library/doctest.rst
+Index: Python-3.13.11/Doc/library/doctest.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/library/doctest.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/doctest.rst	2025-06-12 21:38:04.909944989 +0200
-@@ -308,7 +308,6 @@
- searched.  Objects imported into the module are not searched.
+--- Python-3.13.11.orig/Doc/library/doctest.rst	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/library/doctest.rst	2025-12-18 23:36:11.847131855 +0100
+@@ -310,7 +310,6 @@
+ .. currentmodule:: None
  
  .. attribute:: module.__test__
 -   :no-typesetting:
  
- In addition, there are cases when you want tests to be part of a module but not part
- of the help text, which requires that the tests not be included in the docstring.
-Index: Python-3.13.5/Doc/library/email.compat32-message.rst
+ .. currentmodule:: doctest
+ 
+Index: Python-3.13.11/Doc/library/email.compat32-message.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/library/email.compat32-message.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/email.compat32-message.rst	2025-06-12 21:38:04.910320877 +0200
+--- Python-3.13.11.orig/Doc/library/email.compat32-message.rst	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/library/email.compat32-message.rst	2025-12-18 23:36:11.847579332 +0100
 @@ -7,7 +7,6 @@
     :synopsis: The base class representing email messages in a fashion
                backward compatible with Python 3.2
@@ -196,11 +196,11 @@ Index: Python-3.13.5/Doc/library/email.compat32-message.rst
  
  
  The :class:`Message` class is very similar to the
-Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
+Index: Python-3.13.11/Doc/library/xml.etree.elementtree.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:38:04.910594893 +0200
-@@ -874,7 +874,6 @@
+--- Python-3.13.11.orig/Doc/library/xml.etree.elementtree.rst	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/library/xml.etree.elementtree.rst	2025-12-18 23:36:11.847865126 +0100
+@@ -873,7 +873,6 @@
  
  .. module:: xml.etree.ElementTree
     :noindex:
@@ -208,10 +208,10 @@ Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
  
  .. class:: Element(tag, attrib={}, **extra)
  
-Index: Python-3.13.5/Doc/tools/check-warnings.py
+Index: Python-3.13.11/Doc/tools/check-warnings.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/check-warnings.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/check-warnings.py	2025-06-12 21:38:04.910896050 +0200
+--- Python-3.13.11.orig/Doc/tools/check-warnings.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/check-warnings.py	2025-12-18 23:36:11.848175434 +0100
 @@ -228,7 +228,8 @@
              print(filename)
              for warning in warnings:
@@ -231,10 +231,10 @@ Index: Python-3.13.5/Doc/tools/check-warnings.py
          for warning in warnings
          if "Doc/" in warning
      }
-Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.11/Doc/tools/extensions/audit_events.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/audit_events.py	2025-06-12 21:38:04.911151491 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/audit_events.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/audit_events.py	2025-12-18 23:36:11.848442160 +0100
 @@ -1,9 +1,6 @@
  """Support for documenting audit events."""
  
@@ -370,10 +370,10 @@ Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
      ) -> nodes.row:
          row = nodes.row()
          name_node = nodes.paragraph("", nodes.Text(name))
-Index: Python-3.13.5/Doc/tools/extensions/availability.py
+Index: Python-3.13.11/Doc/tools/extensions/availability.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/availability.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/availability.py	2025-06-12 21:38:04.911376735 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/availability.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/availability.py	2025-12-18 23:36:11.848697922 +0100
 @@ -1,8 +1,6 @@
  """Support for documenting platform availability"""
  
@@ -427,10 +427,10 @@ Index: Python-3.13.5/Doc/tools/extensions/availability.py
      app.add_directive("availability", Availability)
  
      return {
-Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
+Index: Python-3.13.11/Doc/tools/extensions/c_annotations.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/c_annotations.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/c_annotations.py	2025-06-12 21:38:04.911575881 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/c_annotations.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/c_annotations.py	2025-12-18 23:37:01.590377119 +0100
 @@ -9,22 +9,26 @@
  * Set ``stable_abi_file`` to the path to stable ABI list.
  """
@@ -525,7 +525,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
              if ROLE_TO_OBJECT_TYPE[record.role] != objtype:
                  msg = (
                      f"Object type mismatch in limited API annotation for {name}: "
-@@ -234,7 +241,7 @@
+@@ -256,7 +263,7 @@
      )
  
  
@@ -534,7 +534,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
      classes = ["refcount"]
      if result_refs is None:
          rc = sphinx_gettext("Return value: Always NULL.")
-@@ -254,7 +261,7 @@
+@@ -276,7 +283,7 @@
      optional_arguments = 0
      final_argument_whitespace = True
  
@@ -543,7 +543,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
          state = self.env.domaindata["c_annotations"]
          content = [
              f"* :c:{record.role}:`{record.name}`"
-@@ -277,13 +284,23 @@
+@@ -344,7 +351,7 @@
      )
  
  
@@ -552,6 +552,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
      app.add_config_value("refcount_file", "", "env", types={str})
      app.add_config_value("stable_abi_file", "", "env", types={str})
      app.add_directive("limited-api-list", LimitedAPIList)
+@@ -352,6 +359,16 @@
      app.connect("builder-inited", init_annotations)
      app.connect("doctree-read", add_annotations)
  
@@ -568,10 +569,10 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
      return {
          "version": "1.0",
          "parallel_read_safe": True,
-Index: Python-3.13.5/Doc/tools/extensions/changes.py
+Index: Python-3.13.11/Doc/tools/extensions/changes.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/changes.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/changes.py	2025-06-12 21:38:04.911758715 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/changes.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/changes.py	2025-12-18 23:36:11.849240594 +0100
 @@ -1,7 +1,5 @@
  """Support for documenting version of changes, additions, deprecations."""
  
@@ -607,10 +608,10 @@ Index: Python-3.13.5/Doc/tools/extensions/changes.py
      # Override Sphinx's directives with support for 'next'
      app.add_directive("versionadded", PyVersionChange, override=True)
      app.add_directive("versionchanged", PyVersionChange, override=True)
-Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
+Index: Python-3.13.11/Doc/tools/extensions/glossary_search.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/glossary_search.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/glossary_search.py	2025-06-12 21:38:04.911907976 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/glossary_search.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/glossary_search.py	2025-12-18 23:36:11.849448932 +0100
 @@ -1,21 +1,27 @@
  """Feature search results for glossary items prominently."""
  
@@ -654,10 +655,10 @@ Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
      app.connect('doctree-resolved', process_glossary_nodes)
      app.connect('build-finished', write_glossary_json)
  
-Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
+Index: Python-3.13.11/Doc/tools/extensions/implementation_detail.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:38:04.912061736 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/implementation_detail.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/implementation_detail.py	2025-12-18 23:36:11.849650427 +0100
 @@ -1,17 +1,10 @@
  """Support for marking up implementation details."""
  
@@ -708,10 +709,10 @@ Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
      app.add_directive("impl-detail", ImplementationDetail)
  
      return {
-Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
+Index: Python-3.13.11/Doc/tools/extensions/issue_role.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/issue_role.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/issue_role.py	2025-06-12 21:38:04.912236134 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/issue_role.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/issue_role.py	2025-12-18 23:36:11.849838302 +0100
 @@ -1,22 +1,18 @@
  """Support for referencing issues in the tracker."""
  
@@ -757,10 +758,10 @@ Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
      app.add_role("issue", BPOIssue())
      app.add_role("gh", GitHubIssue())
  
-Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
+Index: Python-3.13.11/Doc/tools/extensions/misc_news.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/misc_news.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/misc_news.py	2025-06-12 21:38:04.912390144 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/misc_news.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/misc_news.py	2025-12-18 23:36:11.850033510 +0100
 @@ -1,7 +1,5 @@
  """Support for including Misc/NEWS."""
  
@@ -813,10 +814,10 @@ Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
      app.add_directive("miscnews", MiscNews)
  
      return {
-Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
+Index: Python-3.13.11/Doc/tools/extensions/patchlevel.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/patchlevel.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/patchlevel.py	2025-06-12 21:38:04.912563631 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/patchlevel.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/patchlevel.py	2025-12-18 23:36:11.850217264 +0100
 @@ -3,7 +3,7 @@
  import re
  import sys
@@ -854,10 +855,10 @@ Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
      version = f"{info.major}.{info.minor}"
      release = f"{info.major}.{info.minor}.{info.micro}"
      if info.releaselevel != "final":
-Index: Python-3.13.5/Doc/tools/extensions/pydoc_topics.py
+Index: Python-3.13.11/Doc/tools/extensions/pydoc_topics.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:38:04.912726688 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/pydoc_topics.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/pydoc_topics.py	2025-12-18 23:36:11.850437755 +0100
 @@ -1,21 +1,23 @@
  """Support for building "topic help" for pydoc."""
  

gh126985-mv-pyvenv.cfg2getpath.patch

@@ -8,10 +8,10 @@ Date:   Tue Nov 26 13:46:33 2024 +0000
  Lib/test/test_sysconfig.py |   67 ---------------------------------------------
  1 file changed, 1 insertion(+), 66 deletions(-)
 
-Index: Python-3.13.5/Lib/test/test_sysconfig.py
+Index: Python-3.13.9/Lib/test/test_sysconfig.py
 ===================================================================
---- Python-3.13.5.orig/Lib/test/test_sysconfig.py	2025-06-12 19:55:42.184491497 +0200
-+++ Python-3.13.5/Lib/test/test_sysconfig.py	2025-06-12 19:56:05.737665419 +0200
+--- Python-3.13.9.orig/Lib/test/test_sysconfig.py	2025-11-04 17:41:28.521386489 +0100
++++ Python-3.13.9/Lib/test/test_sysconfig.py	2025-11-04 17:42:36.888243505 +0100
 @@ -110,6 +110,7 @@
              **venv_create_args,
          )
@@ -20,7 +20,7 @@ Index: Python-3.13.5/Lib/test/test_sysconfig.py
      def test_get_path_names(self):
          self.assertEqual(get_path_names(), sysconfig._SCHEME_KEYS)
  
-@@ -604,72 +605,6 @@
+@@ -611,72 +612,6 @@
          suffix = sysconfig.get_config_var('EXT_SUFFIX')
          self.assertTrue(suffix.endswith('-darwin.so'), suffix)
  

gh138131-exclude-pycache-from-digest.patch

@@ -0,0 +1,30 @@
+From 4bb41b28d5bac09bccd636d8c5fefe1a462f63a7 Mon Sep 17 00:00:00 2001
+From: Alm <alon.menczer@gmail.com>
+Date: Mon, 25 Aug 2025 08:56:38 +0300
+Subject: [PATCH 1/4] Exclude .pyc files from the computed digest in the jit
+ stencils
+
+---
+ Tools/jit/_targets.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: Python-3.13.7/Tools/jit/_targets.py
+===================================================================
+--- Python-3.13.7.orig/Tools/jit/_targets.py
++++ Python-3.13.7/Tools/jit/_targets.py
+@@ -53,6 +53,9 @@ class _Target(typing.Generic[_S, _R]):
+         hasher.update(PYTHON_EXECUTOR_CASES_C_H.read_bytes())
+         hasher.update((out / "pyconfig.h").read_bytes())
+         for dirpath, _, filenames in sorted(os.walk(TOOLS_JIT)):
++            # Exclude cache files from digest computation to ensure reproducible builds.
++            if dirpath.endswith("__pycache__"):
++                continue
+             for filename in filenames:
+                 hasher.update(pathlib.Path(dirpath, filename).read_bytes())
+         return hasher.hexdigest()
+Index: Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
+===================================================================
+--- /dev/null
++++ Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
+@@ -0,0 +1 @@
++Ensure reproducible builds by making JIT stencil header generation deterministic.

gh139257-Support-docutils-0.22.patch

@@ -0,0 +1,148 @@
+From 19b61747df3d62c822285c488753d6fbdf91e3ac Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Tue, 23 Sep 2025 10:20:16 +0200
+Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22
+
+---
+ Doc/tools/extensions/pyspecific.py |   69 +++++++++++++++++++++++++------------
+ 1 file changed, 47 insertions(+), 22 deletions(-)
+
+Index: Python-3.13.11/Doc/tools/extensions/pyspecific.py
+===================================================================
+--- Python-3.13.11.orig/Doc/tools/extensions/pyspecific.py	2025-12-05 17:06:33.000000000 +0100
++++ Python-3.13.11/Doc/tools/extensions/pyspecific.py	2025-12-18 23:38:44.804668556 +0100
+@@ -1,12 +1,12 @@
+ # -*- coding: utf-8 -*-
+ """
+-    pyspecific.py
+-    ~~~~~~~~~~~~~
++pyspecific.py
++~~~~~~~~~~~~~
+ 
+-    Sphinx extension with Python doc-specific markup.
++Sphinx extension with Python doc-specific markup.
+ 
+-    :copyright: 2008-2014 by Georg Brandl.
+-    :license: Python license.
++:copyright: 2008-2014 by Georg Brandl.
++:license: Python license.
+ """
+ 
+ import re
+@@ -22,30 +22,50 @@
+ from sphinx.util.docutils import SphinxDirective
+ 
+ # Used in conf.py and updated here by python/release-tools/run_release.py
+-SOURCE_URI = 'https://github.com/python/cpython/tree/3.13/%s'
++SOURCE_URI = "https://github.com/python/cpython/tree/3.13/%s"
++
++
++# monkey-patch reST parser to disable alphabetic and roman enumerated lists
++def _disable_alphabetic_and_roman(text):
++    try:
++        # docutils >= 0.22
++        from docutils.parsers.rst.states import InvalidRomanNumeralError
++
++        raise InvalidRomanNumeralError(text)
++    except ImportError:
++        # docutils < 0.22
++        return None
++
++
++from docutils.parsers.rst.states import Body
++
++Body.enum.converters["loweralpha"] = Body.enum.converters["upperalpha"] = (
++    Body.enum.converters["lowerroman"]
++) = Body.enum.converters["upperroman"] = _disable_alphabetic_and_roman
++
+ 
+ class PyAwaitableMixin(object):
+     def handle_signature(self, sig, signode):
+         ret = super(PyAwaitableMixin, self).handle_signature(sig, signode)
+-        signode.insert(0, addnodes.desc_annotation('awaitable ', 'awaitable '))
++        signode.insert(0, addnodes.desc_annotation("awaitable ", "awaitable "))
+         return ret
+ 
+ 
+ class PyAwaitableFunction(PyAwaitableMixin, PyFunction):
+     def run(self):
+-        self.name = 'py:function'
++        self.name = "py:function"
+         return PyFunction.run(self)
+ 
+ 
+ class PyAwaitableMethod(PyAwaitableMixin, PyMethod):
+     def run(self):
+-        self.name = 'py:method'
++        self.name = "py:method"
+         return PyMethod.run(self)
+ 
+ 
+ # Support for documenting Opcodes
+ 
+-opcode_sig_re = re.compile(r'(\w+(?:\+\d)?)(?:\s*\((.*)\))?')
++opcode_sig_re = re.compile(r"(\w+(?:\+\d)?)(?:\s*\((.*)\))?")
+ 
+ 
+ def parse_opcode_signature(env, sig, signode):
+@@ -64,7 +84,7 @@
+ 
+ # Support for documenting pdb commands
+ 
+-pdbcmd_sig_re = re.compile(r'([a-z()!]+)\s*(.*)')
++pdbcmd_sig_re = re.compile(r"([a-z()!]+)\s*(.*)")
+ 
+ # later...
+ # pdbargs_tokens_re = re.compile(r'''[a-zA-Z]+  |  # identifiers
+@@ -80,16 +100,16 @@
+     if m is None:
+         raise ValueError
+     name, args = m.groups()
+-    fullname = name.replace('(', '').replace(')', '')
++    fullname = name.replace("(", "").replace(")", "")
+     signode += addnodes.desc_name(name, name)
+     if args:
+-        signode += addnodes.desc_addname(' '+args, ' '+args)
++        signode += addnodes.desc_addname(" " + args, " " + args)
+     return fullname
+ 
+ 
+ def parse_monitoring_event(env, sig, signode):
+     """Transform a monitoring event signature into RST nodes."""
+-    signode += addnodes.desc_addname('sys.monitoring.events.', 'sys.monitoring.events.')
++    signode += addnodes.desc_addname("sys.monitoring.events.", "sys.monitoring.events.")
+     signode += addnodes.desc_name(sig, sig)
+     return sig
+ 
+@@ -102,7 +122,7 @@
+     As such, we link this to ``env-check-consistency``, even though it has
+     nothing to do with the environment consistency check.
+     """
+-    if app.builder.name != 'gettext':
++    if app.builder.name != "gettext":
+         return
+ 
+     # allow translating deprecated index entries
+@@ -119,10 +139,15 @@
+ 
+ 
+ def setup(app):
+-    app.add_object_type('opcode', 'opcode', '%s (opcode)', parse_opcode_signature)
+-    app.add_object_type('pdbcommand', 'pdbcmd', '%s (pdb command)', parse_pdb_command)
+-    app.add_object_type('monitoring-event', 'monitoring-event', '%s (monitoring event)', parse_monitoring_event)
+-    app.add_directive_to_domain('py', 'awaitablefunction', PyAwaitableFunction)
+-    app.add_directive_to_domain('py', 'awaitablemethod', PyAwaitableMethod)
+-    app.connect('env-check-consistency', patch_pairindextypes)
+-    return {'version': '1.0', 'parallel_read_safe': True}
++    app.add_object_type("opcode", "opcode", "%s (opcode)", parse_opcode_signature)
++    app.add_object_type("pdbcommand", "pdbcmd", "%s (pdb command)", parse_pdb_command)
++    app.add_object_type(
++        "monitoring-event",
++        "monitoring-event",
++        "%s (monitoring event)",
++        parse_monitoring_event,
++    )
++    app.add_directive_to_domain("py", "awaitablefunction", PyAwaitableFunction)
++    app.add_directive_to_domain("py", "awaitablemethod", PyAwaitableMethod)
++    app.connect("env-check-consistency", patch_pairindextypes)
++    return {"version": "1.0", "parallel_read_safe": True}

idle3.appdata.xml

@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<!-- Copyright 2017 Zbigniew Jędrzejewski-Szmek -->
-<application>
-  <id type="desktop">idle3.desktop</id>
+<component type="desktop-application">
+  <id>org.python.IDLE3</id>
+  <launchable type="desktop-id">idle3.desktop</launchable>
+
   <name>IDLE3</name>
-  <metadata_licence>CC0</metadata_licence>
-  <project_license>Python-2.0</project_license>
   <summary>Python 3 Integrated Development and Learning Environment</summary>
+
   <description>
     <p>
       IDLE is Python’s Integrated Development and Learning Environment.
-      The GUI is uniform between Windows, Unix, and Mac OS X.
+      The GUI is uniform between Windows, Unix, and macOS.
       IDLE provides an easy way to start writing, running, and debugging
       Python code.
     </p>
@@ -19,17 +19,33 @@
       It provides:
     </p>
     <ul>
-       <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
-       <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
-       <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
-       <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
+      <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
+      <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
+      <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
+      <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
     </ul>
   </description>
+
+  <developer id="org.python">
+    <name>Python Software Foundation</name>
+  </developer>
+
   <url type="homepage">https://docs.python.org/3/library/idle.html</url>
+
   <screenshots>
-    <screenshot type="default">http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</screenshot>
-    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</screenshot>
-    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</screenshot>
+    <screenshot type="default">
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</image>
+    </screenshot>
+    <screenshot>
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</image>
+    </screenshot>
+    <screenshot>
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</image>
+    </screenshot>
   </screenshots>
+
+  <project_license>Python-2.0</project_license>
+  <metadata_license>CC0-1.0</metadata_license>
   <update_contact>zbyszek@in.waw.pl</update_contact>
-</application>
+</component>
+

pass-test_write_read_limited_history.patch

@@ -0,0 +1,45 @@
+---
+ Modules/readline.c |   23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+Index: Python-3.13.9/Modules/readline.c
+===================================================================
+--- Python-3.13.9.orig/Modules/readline.c	2025-10-14 15:52:31.000000000 +0200
++++ Python-3.13.9/Modules/readline.c	2025-11-20 00:46:45.594286346 +0100
+@@ -175,6 +175,8 @@
+     return PyUnicode_DecodeLocale(s, "surrogateescape");
+ }
+ 
++static int _py_get_history_length(void);
++static void _py_free_history_entry(HIST_ENTRY *entry);
+ 
+ /*
+ Explicitly disable bracketed paste in the interactive interpreter, even if it's
+@@ -399,6 +401,27 @@
+ /*[clinic end generated code: output=e161a53e45987dc7 input=b8901bf16488b760]*/
+ {
+     _history_length = length;
++
++    if (length < 0) {
++        stifle_history(-1);
++    }
++    else {
++        int current_length = _py_get_history_length();
++        if (length < current_length) {
++#if defined(RL_READLINE_VERSION) && RL_READLINE_VERSION >= 0x0500
++            HISTORY_STATE *state = history_get_history_state();
++            if (state) {
++                int i;
++                for (i = 0; i < current_length - length; i++) {
++                    _py_free_history_entry(remove_history(0));
++                }
++                state->length = length;
++                free(state);
++            }
++#endif
++        }
++        stifle_history(length);
++    }
+     Py_RETURN_NONE;
+ }
+ 

python313.changes

@@ -1,3 +1,783 @@
+-------------------------------------------------------------------
+Thu Dec 11 21:36:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.13.11:
+    - gh-142145: Remove quadratic behavior in xml.minidom node ID
+      cache clearing (CVE-2025-12084, bsc#1254997).
+    - gh-119451: Fix a potential memory denial of service in the
+      http.client module. When connecting to a malicious server,
+      it could cause an arbitrary amount of memory to be
+      allocated. This could have led to symptoms including
+      a MemoryError, swapping, out of memory (OOM) killed
+      processes or containers, or even system crashes
+      (bsc#1254400, CVE-2025-13836).
+    - gh-119452: Fix a potential memory denial of service in the
+      http.server module. When a malicious user is connected to
+      the CGI server on Windows, it could cause an arbitrary
+      amount of memory to be allocated. This could have led to
+      symptoms including a MemoryError, swapping, out of memory
+      (OOM) killed processes or containers, or even system
+      crashes.
+- Library
+    - gh-140797: Revert changes to the undocumented re.Scanner
+      class. Capturing groups are still allowed for backward
+      compatibility, although using them can lead to incorrect
+      result. They will be forbidden in future Python versions.
+    - gh-142206: The resource tracker in the multiprocessing
+      module now uses the original communication protocol, as in
+      Python 3.14.0 and below, by default. This avoids issues
+      with upgrading Python while it is running. (Note that such
+      ‘in-place’ upgrades are not tested.) The tracker remains
+      compatible with subprocesses that use new protocol (that
+      is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).
+- Core and Builtins
+    - gh-142218: Fix crash when inserting into a split table
+      dictionary with a non str key that matches an existing key.
+- Update to 3.13.10:
+- Tools/Demos
+    - gh-141442: The iOS testbed now correctly handles test
+      arguments that contain spaces.
+- Tests
+    - gh-140482: Preserve and restore the state of stty echo as
+      part of the test environment.
+    - gh-140082: Update python -m test to set FORCE_COLOR=1 when
+      being run with color enabled so that unittest which is run
+      by it with redirected output will output in color.
+    - gh-136442: Use exitcode 1 instead of 5 if
+      unittest.TestCase.setUpClass() raises an exception
+- Security
+    - gh-139700: Check consistency of the zip64 end of central
+      directory record. Support records with “zip64 extensible
+      data” if there are no bytes prepended to the ZIP file.
+      (CVE-2025-8291, bsc#1251305)
+    - gh-137836: Add support of the “plaintext” element, RAWTEXT
+      elements “xmp”, “iframe”, “noembed” and “noframes”, and
+      optionally RAWTEXT element “noscript” in
+      html.parser.HTMLParser.
+    - gh-136063: email.message: ensure linear complexity for
+      legacy HTTP parameters parsing. Patch by Bénédikt Tran.
+    - gh-136065: Fix quadratic complexity in
+      os.path.expandvars() (CVE-2025-6075, bsc#1252974).
+    - gh-119342: Fix a potential memory denial of service in the
+      plistlib module. When reading a Plist file received from
+      untrusted source, it could cause an arbitrary amount of
+      memory to be allocated. This could have led to symptoms
+      including a MemoryError, swapping, out of memory (OOM)
+      killed processes or containers, or even system crashes
+      (CVE-2025-13837, bsc#1254401).
+- Library
+    - gh-74389: When the stdin being used by a subprocess.Popen
+      instance is closed, this is now ignored in
+      subprocess.Popen.communicate() instead of leaving the class
+      in an inconsistent state.
+    - gh-87512: Fix subprocess.Popen.communicate() timeout
+      handling on Windows when writing large input. Previously,
+      the timeout was ignored during stdin writing, causing the
+      method to block indefinitely if the child process did not
+      consume input quickly. The stdin write is now performed in
+      a background thread, allowing the timeout to be properly
+      enforced.
+    - gh-141473: When subprocess.Popen.communicate() was called
+      with input and a timeout and is called for a second time
+      after a TimeoutExpired exception before the process has
+      died, it should no longer hang.
+    - gh-59000: Fix pdb breakpoint resolution for class methods
+      when the module defining the class is not imported.
+    - gh-141570: Support file-like object raising OSError from
+      fileno() in color detection (_colorize.can_colorize()).
+      This can occur when sys.stdout is redirected.
+    - gh-141659: Fix bad file descriptor errors from
+      _posixsubprocess on AIX.
+    - gh-141497: ipaddress: ensure that the methods
+      IPv4Network.hosts() and IPv6Network.hosts() always return
+      an iterator.
+    - gh-140938: The statistics.stdev() and statistics.pstdev()
+      functions now raise a ValueError when the input contains an
+      infinity or a NaN.
+    - gh-124111: Updated Tcl threading configuration in _tkinter
+      to assume that threads are always available in Tcl 9 and
+      later.
+    - gh-137109: The os.fork and related forking APIs will no
+      longer warn in the common case where Linux or macOS
+      platform APIs return the number of threads in a process and
+      find the answer to be 1 even when a os.register_at_fork()
+      after_in_parent= callback (re)starts a thread.
+    - gh-141314: Fix assertion failure in io.TextIOWrapper.tell()
+      when reading files with standalone carriage return (\r)
+      line endings.
+    - gh-141311: Fix assertion failure in io.BytesIO.readinto()
+      and undefined behavior arising when read position is above
+      capcity in io.BytesIO.
+    - gh-141141: Fix a thread safety issue with
+      base64.b85decode(). Contributed by Benel Tayar.
+    - gh-140911: collections: Ensure that the methods
+      UserString.rindex() and UserString.index() accept
+      collections.UserString instances as the sub argument.
+    - gh-140797: The undocumented re.Scanner class now forbids
+      regular expressions containing capturing groups in its
+      lexicon patterns. Patterns using capturing groups could
+      previously lead to crashes with segmentation fault. Use
+      non-capturing groups (?:…) instead.
+    - gh-140815: faulthandler now detects if a frame or a code
+      object is invalid or freed. Patch by Victor Stinner.
+    - gh-100218: Correctly set errno when socket.if_nametoindex()
+      or socket.if_indextoname() raise an OSError. Patch by
+      Bénédikt Tran.
+    - gh-140875: Fix handling of unclosed character references
+      (named and numerical) followed by the end of file in
+      html.parser.HTMLParser with convert_charrefs=False.
+    - gh-140734: multiprocessing: fix off-by-one error when
+      checking the length of a temporary socket file path. Patch
+      by Bénédikt Tran.
+    - gh-140874: Bump the version of pip bundled in ensurepip to
+      version 25.3
+    - gh-140691: In urllib.request, when opening a FTP URL fails
+      because a data connection cannot be made, the control
+      connection’s socket is now closed to avoid
+      a ResourceWarning.
+    - gh-103847: Fix hang when cancelling process created by
+      asyncio.create_subprocess_exec() or
+      asyncio.create_subprocess_shell(). Patch by Kumar Aditya.
+    - gh-140590: Fix arguments checking for the
+      functools.partial.__setstate__() that may lead to internal
+      state corruption and crash. Patch by Sergey Miryanov.
+    - gh-140634: Fix a reference counting bug in
+      os.sched_param.__reduce__().
+    - gh-140633: Ignore AttributeError when setting a module’s
+      __file__ attribute when loading an extension module
+      packaged as Apple Framework.
+    - gh-140593: xml.parsers.expat: Fix a memory leak that could
+      affect users with ElementDeclHandler() set to a custom
+      element declaration handler. Patch by Sebastian Pipping.
+    - gh-140607: Inside io.RawIOBase.read(), validate that the
+      count of bytes returned by io.RawIOBase.readinto() is valid
+      (inside the provided buffer).
+    - gh-138162: Fix logging.LoggerAdapter with merge_extra=True
+      and without the extra argument.
+    - gh-140474: Fix memory leak in array.array when creating
+      arrays from an empty str and the u type code.
+    - gh-140272: Fix memory leak in the clear() method of the
+      dbm.gnu database.
+    - gh-140041: Fix import of ctypes on Android and Cygwin when
+      ABI flags are present.
+    - gh-139905: Add suggestion to error message for
+      typing.Generic subclasses when cls.__parameters__ is
+      missing due to a parent class failing to call
+      super().__init_subclass__() in its __init_subclass__.
+    - gh-139845: Fix to not print KeyboardInterrupt twice in
+      default asyncio REPL.
+    - gh-139783: Fix inspect.getsourcelines() for the case when
+      a decorator is followed by a comment or an empty line.
+    - gh-70765: http.server: fix default handling of HTTP/0.9
+      requests in BaseHTTPRequestHandler. Previously,
+      BaseHTTPRequestHandler.parse_request() incorrectly waited
+      for headers in the request although those are not supported
+      in HTTP/0.9. Patch by Bénédikt Tran.
+    - gh-139391: Fix an issue when, on non-Windows platforms, it
+      was not possible to gracefully exit a python -m asyncio
+      process suspended by Ctrl+Z and later resumed by fg other
+      than with kill.
+    - gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004',
+      'euc_jisx0213' and 'euc_jis_2004' codecs truncating null
+      chars as they were treated as part of multi-character
+      sequences.
+    - gh-139246: fix: paste zero-width in default repl width is
+      wrong.
+    - gh-90949: Add SetAllocTrackerActivationThreshold() and
+      SetAllocTrackerMaximumAmplification() to xmlparser objects
+      to prevent use of disproportional amounts of dynamic memory
+      from within an Expat parser. Patch by Bénédikt Tran.
+    - gh-139065: Fix trailing space before a wrapped long word if
+      the line length is exactly width in textwrap.
+    - gh-138993: Dedent credits text.
+    - gh-138859: Fix generic type parameterization raising
+      a TypeError when omitting a ParamSpec that has a default
+      which is not a list of types.
+    - gh-138775: Use of python -m with base64 has been fixed to
+      detect input from a terminal so that it properly notices
+      EOF.
+    - gh-98896: Fix a failure in multiprocessing resource_tracker
+      when SharedMemory names contain colons. Patch by Rani
+      Pinchuk.
+    - gh-75989: tarfile.TarFile.extractall() and
+      tarfile.TarFile.extract() now overwrite symlinks when
+      extracting hardlinks. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-75989.)
+    - gh-83424: Allows creating a ctypes.CDLL without name when
+      passing a handle as an argument.
+    - gh-136234: Fix asyncio.WriteTransport.writelines() to be
+      robust to connection failure, by using the same behavior as
+      write().
+    - gh-136057: Fixed the bug in pdb and bdb where next and step
+      can’t go over the line if a loop exists in the line.
+    - gh-135307: email: Fix exception in set_content() when
+      encoding text and max_line_length is set to 0 or None
+      (unlimited).
+    - gh-134453: Fixed subprocess.Popen.communicate() input=
+      handling of memoryview instances that were non-byte shaped
+      on POSIX platforms. Those are now properly cast to a byte
+      shaped view instead of truncating the input. Windows
+      platforms did not have this bug.
+    - gh-102431: Clarify constraints for “logical” arguments in
+      methods of decimal.Context.
+- IDLE
+    - gh-96491: Deduplicate version number in IDLE shell title
+      bar after saving to a file.
+- Documentation
+    - gh-141994: xml.sax.handler: Make Documentation of
+      xml.sax.handler.feature_external_ges warn of opening up to
+      external entity attacks. Patch by Sebastian Pipping.
+    - gh-140578: Remove outdated sencence in the documentation
+      for multiprocessing, that implied that
+      concurrent.futures.ThreadPoolExecutor did not exist.
+- Core and Builtins
+    - gh-142048: Fix quadratically increasing garbage collection
+      delays in free-threaded build.
+    - gh-141930: When importing a module, use Python’s regular
+      file object to ensure that writes to .pyc files are
+      complete or an appropriate error is raised.
+    - gh-120158: Fix inconsistent state when enabling or
+      disabling monitoring events too many times.
+    - gh-141579: Fix sys.activate_stack_trampoline() to properly
+      support the perf_jit backend. Patch by Pablo Galindo.
+    - gh-141312: Fix the assertion failure in the __setstate__
+      method of the range iterator when a non-integer argument is
+      passed. Patch by Sergey Miryanov.
+    - gh-140939: Fix memory leak when bytearray or bytes is
+      formated with the
+      %*b format with a large width that results in
+      %a MemoryError.
+    - gh-140530: Fix a reference leak when raise exc from cause
+      fails. Patch by Bénédikt Tran.
+    - gh-140576: Fixed crash in tokenize.generate_tokens() in
+      case of specific incorrect input. Patch by Mikhail Efimov.
+    - gh-140551: Fixed crash in dict if dict.clear() is called at
+      the lookup stage. Patch by Mikhail Efimov and Inada Naoki.
+    - gh-140471: Fix potential buffer overflow in ast.AST node
+      initialization when encountering malformed _fields
+      containing non-str.
+    - gh-140406: Fix memory leak when an object’s __hash__()
+      method returns an object that isn’t an int.
+    - gh-140306: Fix memory leaks in cross-interpreter channel
+      operations and shared namespace handling.
+    - gh-140301: Fix memory leak of PyConfig in subinterpreters.
+    - gh-140000: Fix potential memory leak when a reference cycle
+      exists between an instance of typing.TypeAliasType,
+      typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple
+      and its __name__ attribute. Patch by Mikhail Efimov.
+    - gh-139748: Fix reference leaks in error branches of
+      functions accepting path strings or bytes such as compile()
+      and os.system(). Patch by Bénédikt Tran.
+    - gh-139516: Fix lambda colon erroneously start format spec
+      in f-string in tokenizer.
+    - gh-139640: Fix swallowing some syntax warnings in different
+      modules if they accidentally have the same message and are
+      emitted from the same line. Fix duplicated warnings in the
+      finally block.
+    - gh-137400: Fix a crash in the free threading build when
+      disabling profiling or tracing across all threads with
+      PyEval_SetProfileAllThreads() or
+      PyEval_SetTraceAllThreads() or their Python equivalents
+      threading.settrace_all_threads() and
+      threading.setprofile_all_threads().
+    - gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to
+      match old pre-3.13 REPL behavior.
+- C API
+    - gh-140042: Removed the sqlite3_shutdown call that could
+      cause closing connections for sqlite when used with
+      multiple sub interpreters.
+    - gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API
+      3.11 and older: don’t treat Py_NotImplemented as immortal.
+      Patch by Victor Stinner.
+- Remove upstreamed patches:
+  - CVE-2025-13836-http-resp-cont-len.patch
+  - CVE-2025-8291-consistency-zip64.patch
+  - CVE-2025-6075-expandvars-perf-degrad.patch
+
+-------------------------------------------------------------------
+Wed Nov 19 19:21:41 UTC 2025 - Matej Cepl <mcepl@suse.com>
+
+- Add pass-test_write_read_limited_history.patch:
+
+  Fix readline history truncation when length is reduced
+ 
+  The `readline.set_history_length()` function did not previously
+  truncate the in-memory history when the new length was set to
+  a value smaller than the current number of history items. This
+  could lead to unexpected behavior where `get_history_length()`
+  would still report the old length and writing the history to a
+  file would write more entries than the new limit.
+ 
+  This patch modifies `set_history_length()` to explicitly
+  remove the oldest history entries using `remove_history()`
+  when the length is decreased, ensuring the in-memory history
+  is correctly truncated to the new limit. This brings the
+  function's behavior in line with expectations and fixes
+  failures in `test_write_read_limited_history`.
+
+-------------------------------------------------------------------
+Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
+  quadratic complexity vulnerabilities of os.path.expandvars()
+  (CVE-2025-6075, bsc#1252974).
+
+-------------------------------------------------------------------
+Tue Nov  4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add CVE-2025-8291-consistency-zip64.patch which checks
+  consistency of the zip64 end of central directory record, and
+  preventing obfuscation of the payload, i.e., you scanning for
+  malicious content in a ZIP file with one ZIP parser (let's say
+  a Rust one) then unpack it in production with another (e.g.,
+  the Python one) and get malicious content that the other parser
+  did not see (CVE-2025-8291, bsc#1251305)
+- Readjust patches while synchronizing between openSUSE and SLE trees:
+  - F00251-change-user-install-location.patch
+  - doc-py38-to-py36.patch
+  - gh126985-mv-pyvenv.cfg2getpath.patch
+
+-------------------------------------------------------------------
+Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.13.9:
+  - Library
+    - gh-139783: Fix inspect.getsourcelines() for the case when a
+      decorator is followed by a comment or an empty line.
+- Update to 3.13.8:
+  - macOS
+    - gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.
+    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
+  - Windows
+    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
+    - gh-138896: Fix error installing C runtime on non-updated Windows
+      machines
+  - Tools/Demos
+    - gh-139330: SBOM generation tool didn’t cross-check the version
+      and checksum values against the Modules/expat/refresh.sh script,
+      leading to the values becoming out-of-date during routine
+      updates.
+    - gh-137873: The iOS test runner has been simplified, resolving
+      some issues that have been observed using the runner in GitHub
+      Actions and Azure Pipelines test environments.
+  - Tests
+    - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
+      --verbose option anymore. Patch by Victor Stinner.
+  - Security
+    - gh-139400: xml.parsers.expat: Make sure that parent Expat
+      parsers are only garbage-collected once they are no longer
+      referenced by subparsers created by
+      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
+    - gh-139283: sqlite3: correctly handle maximum number of rows to
+      fetch in Cursor.fetchmany and reject negative values for
+      Cursor.arraysize. Patch by Bénédikt Tran.
+    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
+      according to the HTML5 standard: ] ]> and ]] > no longer end the
+      CDATA section. Add private method _set_support_cdata() which can
+      be used to specify how to parse <[CDATA[ — as a CDATA section in
+      foreign content (SVG or MathML) or as a bogus comment in the
+      HTML namespace.
+  - Library
+    - gh-139312: Upgrade bundled libexpat to 2.7.3
+    - gh-139289: Do a real lazy-import on rlcompleter in pdb and
+      restore the existing completer after importing rlcompleter.
+    - gh-139210: Fix use-after-free when reporting unknown event in
+      xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
+    - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
+      subprocess.
+    - gh-112729: Fix crash when calling _interpreters.create when the
+      process is out of memory.
+    - gh-139076: Fix a bug in the pydoc module that was hiding
+      functions in a Python module if they were implemented in an
+      extension module and the module did not have __all__.
+    - gh-138998: Update bundled libexpat to 2.7.2
+    - gh-130567: Fix possible crash in locale.strxfrm() due to a
+      platform bug on macOS.
+    - gh-138779: Support device numbers larger than 2**63-1 for the
+      st_rdev field of the os.stat_result structure.
+    - gh-128636: Fix crash in PyREPL when os.environ is overwritten
+      with an invalid value for mac
+    - gh-88375: Fix normalization of the robots.txt rules and URLs in
+      the urllib.robotparser module. No longer ignore trailing ?.
+      Distinguish raw special characters ?, = and & from the
+      percent-encoded ones.
+    - gh-138515: email is added to Emscripten build.
+    - gh-111788: Fix parsing errors in the urllib.robotparser module.
+      Don’t fail trying to parse weird paths. Don’t fail trying to
+      decode non-UTF-8 robots.txt files.
+    - gh-138432: zoneinfo.reset_tzpath() will now convert any
+      os.PathLike objects it receives into strings before adding them
+      to TZPATH. It will raise TypeError if anything other than a
+      string is found after this conversion. If given an os.PathLike
+      object that represents a relative path, it will now raise
+      ValueError instead of TypeError, and present a more informative
+      error message.
+    - gh-138008: Fix segmentation faults in the ctypes module due to
+      invalid argtypes. Patch by Dung Nguyen.
+    - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
+      platforms).
+    - gh-138204: Forbid expansion of shared anonymous memory maps on
+      Linux, which caused a bus error.
+    - gh-138010: Fix an issue where defining a class with a
+      @warnings.deprecated-decorated base class may not invoke the
+      correct __init_subclass__() method in cases involving multiple
+      inheritance. Patch by Brian Schubert.
+    - gh-138133: Prevent infinite traceback loop when sending CTRL^C
+      to Python through strace.
+    - gh-134869: Fix an issue where pressing Ctrl+C during tab
+      completion in the REPL would leave the autocompletion menu in a
+      corrupted state.
+    - gh-137317: inspect.signature() now correctly handles classes
+      that use a descriptor on a wrapped __init__() or __new__()
+      method. Contributed by Yongyu Yan.
+    - gh-137754: Fix import of the zoneinfo module if the C
+      implementation of the datetime module is not available.
+    - gh-137490: Handle ECANCELED in the same way as EINTR in
+      signal.sigwaitinfo() on NetBSD.
+    - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
+      inspect.getsource() for generator expressions.
+    - gh-137017: Fix threading.Thread.is_alive to remain True until
+      the underlying OS thread is fully cleaned up. This avoids false
+      negatives in edge cases involving thread monitoring or premature
+      threading.Thread.is_alive calls.
+    - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
+      instead of a ValueError if Python has been built without MD5
+      support. In particular, SMTP clients will not attempt to use
+      this method even if the remote server is assumed to support it.
+      Patch by Bénédikt Tran.
+    - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
+      CRAM-MD5 authentication is not supported. Patch by Bénédikt
+      Tran.
+    - gh-135386: Fix opening a dbm.sqlite3 database for reading from
+      read-only file or directory.
+    - gh-126631: Fix multiprocessing forkserver bug which prevented
+      __main__ from being preloaded.
+    - gh-123085: In a bare call to importlib.resources.files(), ensure
+      the caller’s frame is properly detected when importlib.resources
+      is itself available as a compiled module only (no source).
+    - gh-118981: Fix potential hang in
+      multiprocessing.popen_spawn_posix that can happen when the child
+      proc dies early by closing the child fds right away.
+    - gh-78319: UTF8 support for the IMAP APPEND command has been made
+      RFC compliant.
+    - bpo-38735: Fix failure when importing a module from the root
+      directory on unix-like platforms with sys.pycache_prefix set.
+    - bpo-41839: Allow negative priority values from
+      os.sched_get_priority_min() and os.sched_get_priority_max()
+      functions.
+  - Core and Builtins
+    - gh-134466: Don’t run PyREPL in a degraded environment where
+      setting termios attributes is not allowed.
+    - gh-71810: Raise OverflowError for (-1).to_bytes() for signed
+      conversions when bytes count is zero. Patch by Sergey B
+      Kirpichev.
+    - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
+      __bases__ from the __dir__() entries of types.GenericAlias.
+    - gh-134163: Fix a hang when the process is out of memory inside
+      an exception handler.
+    - gh-138479: Fix a crash when a generic object’s __typing_subst__
+      returns an object that isn’t a tuple.
+    - gh-137576: Fix for incorrect source code being shown in
+      tracebacks from the Basic REPL when PYTHONSTARTUP is given.
+      Patch by Adam Hartz.
+    - gh-132744: Certain calls now check for runaway recursion and
+      respect the system recursion limit.
+  - C API
+    - gh-87135: Attempting to acquire the GIL after runtime
+      finalization has begun in a different thread now causes the
+      thread to hang rather than terminate, which avoids potential
+      crashes or memory corruption caused by attempting to terminate a
+      thread that is running code not specifically designed to support
+      termination. In most cases this hanging is harmless since the
+      process will soon exit anyway.
+      While not officially marked deprecated until 3.14,
+      PyThread_exit_thread is no longer called internally and remains
+      solely for interface compatibility. Its behavior is inconsistent
+      across platforms, and it can only be used safely in the unlikely
+      case that every function in the entire call stack has been
+      designed to support the platform-dependent termination
+      mechanism. It is recommended that users of this function change
+      their design to not require thread termination. In the unlikely
+      case that thread termination is needed and can be done safely,
+      users may migrate to calling platform-specific APIs such as
+      pthread_exit (POSIX) or _endthreadex (Windows) directly.
+  - Build
+    - gh-135734: Python can correctly be configured and built with
+      ./configure --enable-optimizations --disable-test-modules.
+      Previously, the profile data generation step failed due to PGO
+      tests where immortalization couldn’t be properly suppressed.
+      Patch by Bénédikt Tran.
+
+-------------------------------------------------------------------
+Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add gh139257-Support-docutils-0.22.patch to fix build with latest
+  docutils (>=0.22) gh#python/cpython#139257
+
+-------------------------------------------------------------------
+Mon Sep 22 06:41:53 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Drop AppStream: this results in a different cycle than
+  appstream-glib. As the appdata.xml is controlled by ourselves, we
+  can get away with just manually validating it when changing it.
+
+-------------------------------------------------------------------
+Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Require AppStream to validate appdata file instead of deprecated
+  appstream-glib.
+- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
+
+-------------------------------------------------------------------
+Tue Sep  9 10:11:58 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add gh138131-exclude-pycache-from-digest.patch fixing reproducible
+  build for python-nogil.
+  (bsc#1244680, gh#python/cpython#138131)
+
+-------------------------------------------------------------------
+Fri Aug 15 12:31:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.13.7:
+  - gh-137583: Fix a deadlock introduced in 3.13.6 when a call
+    to ssl.SSLSocket.recv was blocked in one thread, and then
+    another method on the object (such as ssl.SSLSocket.send) was
+    subsequently called in another thread.
+  - gh-137044: Return large limit values as positive integers
+    instead of negative integers in resource.getrlimit().
+    Accept large values and reject negative values (except
+    RLIM_INFINITY) for limits in resource.setrlimit().
+  - gh-136914: Fix retrieval of doctest.DocTest.lineno
+    for objects decorated with functools.cache() or
+    functools.cached_property.
+  - gh-131788: Make ResourceTracker.send from multiprocessing
+    re-entrant safe
+  - gh-136155: We are now checking for fatal errors in EPUB
+    builds in CI.
+  - gh-137400: Fix a crash in the free threading build when
+    disabling profiling or tracing across all threads with
+    PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
+    or their Python equivalents threading.settrace_all_threads()
+    and threading.setprofile_all_threads().
+- Remove upstreamed patch:
+  - gh137583-only-lock-SSL-context.patch
+
+-------------------------------------------------------------------
+Tue Aug 12 09:16:40 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add gh137583-only-lock-SSL-context.patch fixing the
+  regression in 3.13.6 by breaking non-blocking TLS connections
+  (gh#python/cpython#137583).
+
+-------------------------------------------------------------------
+Thu Aug  7 10:08:11 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.13.6:
+  - Security
+    - gh-135661: Fix parsing start and end tags in
+      html.parser.HTMLParser according to the HTML5 standard.
+        - Whitespaces no longer accepted between </ and the tag
+          name. E.g. </ script> does not end the script section.
+        - Vertical tabulation (\v) and non-ASCII whitespaces no
+          longer recognized as whitespaces. The only whitespaces
+          are \t\n\r\f and space.
+        - Null character (U+0000) no longer ends the tag name.
+        - Attributes and slashes after the tag name in end tags
+          are now ignored, instead of terminating after the first
+          > in quoted attribute value. E.g. </script/foo=">"/>.
+        - Multiple slashes and whitespaces between the last
+          attribute and closing > are now ignored in both start
+          and end tags. E.g. <a foo=bar/ //>.
+        - Multiple = between attribute name and value are no
+          longer collapsed. E.g. <a foo==bar> produces attribute
+          “foo” with value “=bar”.
+    - gh-102555: Fix comment parsing in html.parser.HTMLParser
+      according to the HTML5 standard. --!> now ends the comment.
+      -- > no longer ends the comment. Support abnormally ended
+      empty comments <--> and <--->.
+    - gh-135462: Fix quadratic complexity in processing specially
+      crafted input in html.parser.HTMLParser. End-of-file errors
+      are now handled according to the HTML5 specs – comments and
+      declarations are automatically closed, tags are ignored
+      (CVE-2025-6069, bsc#1244705).
+    - gh-118350: Fix support of escapable raw text mode (elements
+      “textarea” and “title”) in html.parser.HTMLParser.
+  - Core and Builtins
+    - gh-58124: Fix name of the Python encoding in Unicode errors
+      of the code page codec: use “cp65000” and “cp65001” instead
+      of “CP_UTF7” and “CP_UTF8” which are not valid Python code
+      names. Patch by Victor Stinner.
+    - gh-137314: Fixed a regression where raw f-strings
+      incorrectly interpreted escape sequences in format
+      specifications. Raw f-strings now properly preserve literal
+      backslashes in format specs, matching the behavior from
+      Python 3.11. For example, rf"{obj:\xFF}" now correctly
+      produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo.
+    - gh-136541: Fix some issues with the perf trampolines
+      on x86-64 and aarch64. The trampolines were not being
+      generated correctly for some cases, which could lead to
+      the perf integration not working correctly. Patch by Pablo
+      Galindo.
+    - gh-109700: Fix memory error handling in
+      PyDict_SetDefault().
+    - gh-78465: Fix error message for cls.__new__(cls, ...) where
+      cls is not instantiable builtin or extension type (with
+      tp_new set to NULL).
+    - gh-135871: Non-blocking mutex lock attempts now return
+      immediately when the lock is busy instead of briefly
+      spinning in the free threading build.
+    - gh-135607: Fix potential weakref races in an object’s
+      destructor on the free threaded build.
+    - gh-135496: Fix typo in the f-string conversion type error
+      (“exclamanation” -> “exclamation”).
+    - gh-130077: Properly raise custom syntax errors when
+      incorrect syntax containing names that are prefixes of soft
+      keywords is encountered. Patch by Pablo Galindo.
+    - gh-135148: Fixed a bug where f-string debug expressions
+      (using =) would incorrectly strip out parts of strings
+      containing escaped quotes and # characters. Patch by Pablo
+      Galindo.
+    - gh-133136: Limit excess memory usage in the free threading
+      build when a large dictionary or list is resized and
+      accessed by multiple threads.
+    - gh-132617: Fix dict.update() modification check that could
+      incorrectly raise a “dict mutated during update” error when
+      a different dictionary was modified that happens to share
+      the same underlying keys object.
+    - gh-91153: Fix a crash when a bytearray is concurrently
+      mutated during item assignment.
+    - gh-127971: Fix off-by-one read beyond the end of a string
+      in string search.
+    - gh-125723: Fix crash with gi_frame.f_locals when generator
+      frames outlive their generator. Patch by Mikhail Efimov.
+  - Library
+    - gh-132710: If possible, ensure that uuid.getnode()
+      returns the same result even across different processes.
+      Previously, the result was constant only within the same
+      process. Patch by Bénédikt Tran.
+    - gh-137273: Fix debug assertion failure in
+      locale.setlocale() on Windows.
+    - gh-137257: Bump the version of pip bundled in ensurepip to
+      version 25.2
+    - gh-81325: tarfile.TarFile now accepts a path-like when
+      working on a tar archive. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-81325.)
+    - gh-130522: Fix unraisable TypeError raised during
+      interpreter shutdown in the threading module.
+    - gh-130577: tarfile now validates archives to ensure member
+      offsets are non-negative. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249).
+    - gh-136549: Fix signature of threading.excepthook().
+    - gh-136523: Fix wave.Wave_write emitting an unraisable when
+      open raises.
+    - gh-52876: Add missing keepends (default True)
+      parameter to codecs.StreamReaderWriter.readline() and
+      codecs.StreamReaderWriter.readlines().
+    - gh-85702: If zoneinfo._common.load_tzdata is given a
+      package without a resource a zoneinfo.ZoneInfoNotFoundError
+      is raised rather than a PermissionError. Patch by Victor
+      Stinner.
+    - gh-134759: Fix UnboundLocalError in
+      email.message.Message.get_payload() when the payload to
+      decode is a bytes object. Patch by Kliment Lamonov.
+    - gh-136028: Fix parsing month names containing “İ” (U+0130,
+      LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime().
+      This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.
+    - gh-135995: In the palmos encoding, make byte 0x9b decode to
+      › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK).
+    - gh-53203: Fix time.strptime() for %c and %x formats on
+      locales byn_ER, wal_ET and lzh_TW, and for %X format on
+      locales ar_SA, bg_BG and lzh_TW.
+    - gh-91555: An earlier change, which was introduced in
+      3.13.4, has been reverted. It disabled logging for a logger
+      during handling of log messages for that logger. Since the
+      reversion, the behaviour should be as it was before 3.13.4.
+    - gh-135878: Fixes a crash of types.SimpleNamespace on free
+      threading builds, when several threads were calling its
+      __repr__() method at the same time.
+    - gh-135836: Fix IndexError in
+      asyncio.loop.create_connection() that could occur when
+      non-OSError exception is raised during connection and
+      socket’s close() raises OSError.
+    - gh-135836: Fix IndexError in
+      asyncio.loop.create_connection() that could occur when the
+      Happy Eyeballs algorithm resulted in an empty exceptions
+      list during connection attempts.
+    - gh-135855: Raise TypeError instead of SystemError when
+      _interpreters.set___main___attrs() is passed a non-dict
+      object. Patch by Brian Schubert.
+    - gh-135815: netrc: skip security checks if os.getuid() is
+      missing. Patch by Bénédikt Tran.
+    - gh-135640: Address bug where it was possible to call
+      xml.etree.ElementTree.ElementTree.write() on an ElementTree
+      object with an invalid root element. This behavior blanked
+      the file passed to write if it already existed.
+    - gh-135444: Fix asyncio.DatagramTransport.sendto() to
+      account for datagram header size when data cannot be sent.
+    - gh-135497: Fix os.getlogin() failing for longer usernames
+      on BSD-based platforms.
+    - gh-135487: Fix reprlib.Repr.repr_int() when given integers
+      with more than sys.get_int_max_str_digits() digits. Patch
+      by Bénédikt Tran.
+    - gh-135335: multiprocessing: Flush stdout and stderr after
+      preloading modules in the forkserver.
+    - gh-135244: uuid: when the MAC address cannot be
+      determined, the 48-bit node ID is now generated with a
+      cryptographically-secure pseudo-random number generator
+      (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1().
+    - gh-135069: Fix the “Invalid error handling” exception in
+      encodings.idna.IncrementalDecoder to correctly replace the
+      ‘errors’ parameter.
+    - gh-134698: Fix a crash when calling methods of
+      ssl.SSLContext or ssl.SSLSocket across multiple threads.
+    - gh-132124: On POSIX-compliant systems,
+      multiprocessing.util.get_temp_dir() now ignores TMPDIR
+      (and similar environment variables) if the path length of
+      AF_UNIX socket files exceeds the platform-specific maximum
+      length when using the forkserver start method. Patch by
+      Bénédikt Tran.
+    - gh-133439: Fix dot commands with trailing spaces are
+      mistaken for multi-line SQL statements in the sqlite3
+      command-line interface.
+    - gh-132969: Prevent the ProcessPoolExecutor executor thread,
+      which remains running when shutdown(wait=False), from
+      attempting to adjust the pool’s worker processes after
+      the object state has already been reset during shutdown.
+      A combination of conditions, including a worker process
+      having terminated abormally, resulted in an exception and
+      a potential hang when the still-running executor thread
+      attempted to replace dead workers within the pool.
+    - gh-130664: Support the '_' digit separator in formatting
+      of the integral part of Decimal’s. Patch by Sergey B
+      Kirpichev.
+    - gh-85702: If zoneinfo._common.load_tzdata is given a
+      package without a resource a ZoneInfoNotFoundError is
+      raised rather than a IsADirectoryError.
+    - gh-130664: Handle corner-case for Fraction’s formatting:
+      treat zero-padding (preceding the width field by a zero
+      ('0') character) as an equivalent to a fill character of
+      '0' with an alignment type of '=', just as in case of
+      float’s.
+  - Tools/Demos
+    - gh-135968: Stubs for strip are now provided as part of an
+      iOS install.
+  - Tests
+    - gh-135966: The iOS testbed now handles the app_packages
+      folder as a site directory.
+    - gh-135494: Fix regrtest to support excluding tests from
+      --pgo tests. Patch by Victor Stinner.
+    - gh-135489: Show verbose output for failing tests during PGO
+      profiling step with –enable-optimizations.
+  - Documentation
+    - gh-135171: Document that the iterator for the leftmost for
+      clause in the generator expression is created immediately.
+  - Build
+    - gh-135497: Fix the detection of MAXLOGNAME in the
+      configure.ac script.
+- Remove upstreamed patches:
+  - CVE-2025-8194-tarfile-no-neg-offsets.patch
+  - CVE-2025-6069-quad-complex-HTMLParser.patch
+
 -------------------------------------------------------------------
 Fri Aug  1 20:09:24 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 

python313.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python313
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -167,7 +167,7 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.13.5
+Version:        3.13.11
 %define         tarversion %{version}
 %define         tarname    Python-%{tarversion}
 Release:        0
@@ -231,12 +231,13 @@ Patch42:        gh126985-mv-pyvenv.cfg2getpath.patch
 # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com
 # Doc: Generate ids for audit_events using docname
 Patch43:        bsc1243155-sphinx-non-determinism.patch
-# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com
-# avoid quadratic complexity when processing malformed inputs with HTMLParser
-Patch44:        CVE-2025-6069-quad-complex-HTMLParser.patch
-# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com
-# tarfile now validates archives to ensure member offsets are non-negative
-Patch45:        CVE-2025-8194-tarfile-no-neg-offsets.patch
+# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 daniel.garcia@suse.com
+Patch44:        gh138131-exclude-pycache-from-digest.patch
+# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
+Patch45:        gh139257-Support-docutils-0.22.patch
+# PATCH-FIX-UPSTREAM pass-test_write_read_limited_history.patch bsc#[0-9]+ mcepl@suse.com
+# Fix readline history truncation when length is reduced
+Patch48:        pass-test_write_read_limited_history.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -291,8 +292,6 @@ ExcludeArch:    aarch64
 %endif
 
 %if %{with general}
-# required for idle3 (.desktop and .appdata.xml files)
-BuildRequires:  appstream-glib
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
 BuildRequires:  gettext
@@ -558,9 +557,6 @@ rm Lib/site-packages/README.txt
 # Add vendored bluez-devel files
 tar xvf %{SOURCE21}
 
-# Don't fail on warnings when building documentation
-# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
-
 %build
 export SUSE_VERSION="0%{?suse_version}"
 export SLE_VERSION="0%{?sle_version}"
@@ -784,7 +780,6 @@ install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desk
 cp %{SOURCE20} idle%{python_abi}.appdata.xml
 sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml
 install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml
-appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
 
 %fdupes %{buildroot}/%{_libdir}/python%{python_abi}
 %endif