Update to 3.13.11

chore: remove files which should be deleted, but they were not
Add pass-test_write_read_limited_history.patch:
2025-12-19 19:38:03 +01:00 · 2025-11-23 02:32:31 +01:00 · 2025-11-20 23:05:53 +01:00 · 2025-11-20 23:05:53 +01:00 · 2025-11-20 23:05:53 +01:00 · 2025-11-20 22:58:40 +01:00
17 changed files with 1132 additions and 569 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -21,3 +21,4 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *.changes merge=merge-changes
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,6 @@
 .osc
 *.obscpio
 *.osc
 _build.*
 .pbuild
 python313-*-build/
--- a/CVE-2025-6069-quad-complex-HTMLParser.patch
+++ b/CVE-2025-6069-quad-complex-HTMLParser.patch
@@ -1,247 +0,0 @@
 From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001
 From: Serhiy Storchaka <storchaka@gmail.com>
 Date: Fri, 13 Jun 2025 19:57:48 +0300
 Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special
 input in HTMLParser (GH-135464)
 End-of-file errors are now handled according to the HTML5 specs --
 comments and declarations are automatically closed, tags are ignored.
 (cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41)
 Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
 ---
 Lib/html/parser.py                                                       |   41 +++-
 Lib/test/test_htmlparser.py                                              |   97 +++++++---
 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst |    4 
 3 files changed, 111 insertions(+), 31 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
 Index: Python-3.13.5/Lib/html/parser.py
 ===================================================================
 --- Python-3.13.5.orig/Lib/html/parser.py	2025-06-11 17:36:57.000000000 +0200
 +++ Python-3.13.5/Lib/html/parser.py	2025-07-02 16:49:52.020175099 +0200
@@ -27,6 +27,7 @@
 attr_charref = re.compile(r'&(#[0-9]+|#[xX][0-9a-fA-F]+|[a-zA-Z][a-zA-Z0-9]*)[;=]?')
 starttagopen = re.compile('<[a-zA-Z]')
 +endtagopen = re.compile('</[a-zA-Z]')
 piclose = re.compile('>')
 commentclose = re.compile(r'--\s*>')
 # Note:
@@ -195,7 +196,7 @@
                     k = self.parse_pi(i)
                 elif startswith("<!", i):
                     k = self.parse_html_declaration(i)
 -                elif (i + 1) < n:
 +                elif (i + 1) < n or end:
                     self.handle_data("<")
                     k = i + 1
                 else:
@@ -203,17 +204,35 @@
                 if k < 0:
                     if not end:
                         break
 -                    k = rawdata.find('>', i + 1)
 -                    if k < 0:
 -                        k = rawdata.find('<', i + 1)
 -                        if k < 0:
 -                            k = i + 1
 +                    if starttagopen.match(rawdata, i):  # < + letter
 +                        pass
 +                    elif startswith("</", i):
 +                        if i + 2 == n:
 +                            self.handle_data("</")
 +                        elif endtagopen.match(rawdata, i):  # </ + letter
 +                            pass
 +                        else:
 +                            # bogus comment
 +                            self.handle_comment(rawdata[i+2:])
 +                    elif startswith("<!--", i):
 +                        j = n
 +                        for suffix in ("--!", "--", "-"):
 +                            if rawdata.endswith(suffix, i+4):
 +                                j -= len(suffix)
 +                                break
 +                        self.handle_comment(rawdata[i+4:j])
 +                    elif startswith("<![CDATA[", i):
 +                        self.unknown_decl(rawdata[i+3:])
 +                    elif rawdata[i:i+9].lower() == '<!doctype':
 +                        self.handle_decl(rawdata[i+2:])
 +                    elif startswith("<!", i):
 +                        # bogus comment
 +                        self.handle_comment(rawdata[i+2:])
 +                    elif startswith("<?", i):
 +                        self.handle_pi(rawdata[i+2:])
                     else:
 -                        k += 1
 -                    if self.convert_charrefs and not self.cdata_elem:
 -                        self.handle_data(unescape(rawdata[i:k]))
 -                    else:
 -                        self.handle_data(rawdata[i:k])
 +                        raise AssertionError("we should not get here!")
 +                    k = n
                 i = self.updatepos(i, k)
             elif startswith("&#", i):
                 match = charref.match(rawdata, i)
 Index: Python-3.13.5/Lib/test/test_htmlparser.py
 ===================================================================
 --- Python-3.13.5.orig/Lib/test/test_htmlparser.py	2025-06-11 17:36:57.000000000 +0200
 +++ Python-3.13.5/Lib/test/test_htmlparser.py	2025-07-02 16:49:52.020821697 +0200
@@ -5,6 +5,7 @@
 import unittest
 from unittest.mock import patch
 +from test import support
 class EventCollector(html.parser.HTMLParser):
@@ -430,28 +431,34 @@
                             ('data', '<'),
                             ('starttag', 'bc<', [('a', None)]),
                             ('endtag', 'html'),
 -                            ('data', '\n<img src="URL>'),
 -                            ('comment', '/img'),
 -                            ('endtag', 'html<')])
 +                            ('data', '\n')])
     def test_starttag_junk_chars(self):
 +        self._run_check("<", [('data', '<')])
 +        self._run_check("<>", [('data', '<>')])
 +        self._run_check("< >", [('data', '< >')])
 +        self._run_check("< ", [('data', '< ')])
         self._run_check("</>", [])
 +        self._run_check("<$>", [('data', '<$>')])
         self._run_check("</$>", [('comment', '$')])
         self._run_check("</", [('data', '</')])
 -        self._run_check("</a", [('data', '</a')])
 +        self._run_check("</a", [])
 +        self._run_check("</ a>", [('endtag', 'a')])
 +        self._run_check("</ a", [('comment', ' a')])
         self._run_check("<a<a>", [('starttag', 'a<a', [])])
         self._run_check("</a<a>", [('endtag', 'a<a')])
 -        self._run_check("<!", [('data', '<!')])
 -        self._run_check("<a", [('data', '<a')])
 -        self._run_check("<a foo='bar'", [('data', "<a foo='bar'")])
 -        self._run_check("<a foo='bar", [('data', "<a foo='bar")])
 -        self._run_check("<a foo='>'", [('data', "<a foo='>'")])
 -        self._run_check("<a foo='>", [('data', "<a foo='>")])
 +        self._run_check("<!", [('comment', '')])
 +        self._run_check("<a", [])
 +        self._run_check("<a foo='bar'", [])
 +        self._run_check("<a foo='bar", [])
 +        self._run_check("<a foo='>'", [])
 +        self._run_check("<a foo='>", [])
         self._run_check("<a$>", [('starttag', 'a$', [])])
         self._run_check("<a$b>", [('starttag', 'a$b', [])])
         self._run_check("<a$b/>", [('startendtag', 'a$b', [])])
         self._run_check("<a$b  >", [('starttag', 'a$b', [])])
         self._run_check("<a$b  />", [('startendtag', 'a$b', [])])
 +        self._run_check("</a$b>", [('endtag', 'a$b')])
     def test_slashes_in_starttag(self):
         self._run_check('<a foo="var"/>', [('startendtag', 'a', [('foo', 'var')])])
@@ -576,21 +583,50 @@
         for html, expected in data:
             self._run_check(html, expected)
 -    def test_EOF_in_comments_or_decls(self):
 +    def test_eof_in_comments(self):
         data = [
 -            ('<!', [('data', '<!')]),
 -            ('<!-', [('data', '<!-')]),
 -            ('<!--', [('data', '<!--')]),
 -            ('<![', [('data', '<![')]),
 -            ('<![CDATA[', [('data', '<![CDATA[')]),
 -            ('<![CDATA[x', [('data', '<![CDATA[x')]),
 -            ('<!DOCTYPE', [('data', '<!DOCTYPE')]),
 -            ('<!DOCTYPE HTML', [('data', '<!DOCTYPE HTML')]),
 +            ('<!--', [('comment', '')]),
 +            ('<!---', [('comment', '')]),
 +            ('<!----', [('comment', '')]),
 +            ('<!-----', [('comment', '-')]),
 +            ('<!------', [('comment', '--')]),
 +            ('<!----!', [('comment', '')]),
 +            ('<!---!', [('comment', '-!')]),
 +            ('<!---!>', [('comment', '-!>')]),
 +            ('<!--foo', [('comment', 'foo')]),
 +            ('<!--foo-', [('comment', 'foo')]),
 +            ('<!--foo--', [('comment', 'foo')]),
 +            ('<!--foo--!', [('comment', 'foo')]),
 +            ('<!--<!--', [('comment', '<!')]),
 +            ('<!--<!--!', [('comment', '<!')]),
         ]
         for html, expected in data:
             self._run_check(html, expected)
 +
 +    def test_eof_in_declarations(self):
 +        data = [
 +            ('<!', [('comment', '')]),
 +            ('<!-', [('comment', '-')]),
 +            ('<![', [('comment', '[')]),
 +            ('<![CDATA[', [('unknown decl', 'CDATA[')]),
 +            ('<![CDATA[x', [('unknown decl', 'CDATA[x')]),
 +            ('<![CDATA[x]', [('unknown decl', 'CDATA[x]')]),
 +            ('<![CDATA[x]]', [('unknown decl', 'CDATA[x]]')]),
 +            ('<!DOCTYPE', [('decl', 'DOCTYPE')]),
 +            ('<!DOCTYPE ', [('decl', 'DOCTYPE ')]),
 +            ('<!DOCTYPE html', [('decl', 'DOCTYPE html')]),
 +            ('<!DOCTYPE html ', [('decl', 'DOCTYPE html ')]),
 +            ('<!DOCTYPE html PUBLIC', [('decl', 'DOCTYPE html PUBLIC')]),
 +            ('<!DOCTYPE html PUBLIC "foo', [('decl', 'DOCTYPE html PUBLIC "foo')]),
 +            ('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo',
 +             [('decl', 'DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo')]),
 +        ]
 +        for html, expected in data:
 +            self._run_check(html, expected)
 +
     def test_bogus_comments(self):
 -        html = ('<! not really a comment >'
 +        html = ('<!ELEMENT br EMPTY>'
 +                '<! not really a comment >'
                 '<! not a comment either -->'
                 '<! -- close enough -->'
                 '<!><!<-- this was an empty comment>'
@@ -604,6 +640,7 @@
                 '<![CDATA]]>'  # required '[' after CDATA
         )
         expected = [
 +            ('comment', 'ELEMENT br EMPTY'),
             ('comment', ' not really a comment '),
             ('comment', ' not a comment either --'),
             ('comment', ' -- close enough --'),
@@ -684,6 +721,26 @@
              ('endtag', 'a'), ('data', ' bar & baz')]
         )
 +    @support.requires_resource('cpu')
 +    def test_eof_no_quadratic_complexity(self):
 +        # Each of these examples used to take about an hour.
 +        # Now they take a fraction of a second.
 +        def check(source):
 +            parser = html.parser.HTMLParser()
 +            parser.feed(source)
 +            parser.close()
 +        n = 120_000
 +        check("<a " * n)
 +        check("<a a=" * n)
 +        check("</a " * 14 * n)
 +        check("</a a=" * 11 * n)
 +        check("<!--" * 4 * n)
 +        check("<!" * 60 * n)
 +        check("<?" * 19 * n)
 +        check("</$" * 15 * n)
 +        check("<![CDATA[" * 9 * n)
 +        check("<!doctype" * 35 * n)
 +
 class AttributesTestCase(TestCaseBase):
 Index: Python-3.13.5/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
 +++ Python-3.13.5/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst	2025-07-02 16:49:52.021124951 +0200
@@ -0,0 +1,4 @@
 +Fix quadratic complexity in processing specially crafted input in
 +:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
 +to the HTML5 specs -- comments and declarations are automatically closed,
 +tags are ignored.
--- a/CVE-2025-8194-tarfile-no-neg-offsets.patch
+++ b/CVE-2025-8194-tarfile-no-neg-offsets.patch
@@ -1,212 +0,0 @@
 From fd29bcd380150035ef825b762d8cd085bdab6e53 Mon Sep 17 00:00:00 2001
 From: Alexander Urieles <aeurielesn@users.noreply.github.com>
 Date: Mon, 28 Jul 2025 17:37:26 +0200
 Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member
 offsets are non-negative (GH-137027) (cherry picked from commit
 7040aa54f14676938970e10c5f74ea93cd56aa38)
 Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
 Co-authored-by: Gregory P. Smith <greg@krypto.org>
 ---
 Lib/tarfile.py                                                          |    3 
 Lib/test/test_tarfile.py                                                |  156 ++++++++++
 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst |    3 
 3 files changed, 162 insertions(+)
 create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
 Index: Python-3.13.5/Lib/tarfile.py
 ===================================================================
 --- Python-3.13.5.orig/Lib/tarfile.py	2025-08-01 22:13:44.185826095 +0200
 +++ Python-3.13.5/Lib/tarfile.py	2025-08-01 22:13:45.524140183 +0200
@@ -1636,6 +1636,9 @@
         """Round up a byte count by BLOCKSIZE and return it,
            e.g. _block(834) => 1024.
         """
 +        # Only non-negative offsets are allowed
 +        if count < 0:
 +            raise InvalidHeaderError("invalid offset")
         blocks, remainder = divmod(count, BLOCKSIZE)
         if remainder:
             blocks += 1
 Index: Python-3.13.5/Lib/test/test_tarfile.py
 ===================================================================
 --- Python-3.13.5.orig/Lib/test/test_tarfile.py	2025-06-11 17:36:57.000000000 +0200
 +++ Python-3.13.5/Lib/test/test_tarfile.py	2025-08-01 22:13:45.524778259 +0200
@@ -50,6 +50,7 @@
 xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
 tmpname = os.path.join(TEMPDIR, "tmp.tar")
 dotlessname = os.path.join(TEMPDIR, "testtar")
 +SPACE = b" "
 sha256_regtype = (
     "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
@@ -4578,6 +4579,161 @@
         ar.extractall(self.testdir, filter='fully_trusted')
 +class OffsetValidationTests(unittest.TestCase):
 +    tarname = tmpname
 +    invalid_posix_header = (
 +        # name: 100 bytes
 +        tarfile.NUL * tarfile.LENGTH_NAME
 +        # mode, space, null terminator: 8 bytes
 +        + b"000755" + SPACE + tarfile.NUL
 +        # uid, space, null terminator: 8 bytes
 +        + b"000001" + SPACE + tarfile.NUL
 +        # gid, space, null terminator: 8 bytes
 +        + b"000001" + SPACE + tarfile.NUL
 +        # size, space: 12 bytes
 +        + b"\xff" * 11 + SPACE
 +        # mtime, space: 12 bytes
 +        + tarfile.NUL * 11 + SPACE
 +        # chksum: 8 bytes
 +        + b"0011407" + tarfile.NUL
 +        # type: 1 byte
 +        + tarfile.REGTYPE
 +        # linkname: 100 bytes
 +        + tarfile.NUL * tarfile.LENGTH_LINK
 +        # magic: 6 bytes, version: 2 bytes
 +        + tarfile.POSIX_MAGIC
 +        # uname: 32 bytes
 +        + tarfile.NUL * 32
 +        # gname: 32 bytes
 +        + tarfile.NUL * 32
 +        # devmajor, space, null terminator: 8 bytes
 +        + tarfile.NUL * 6 + SPACE + tarfile.NUL
 +        # devminor, space, null terminator: 8 bytes
 +        + tarfile.NUL * 6 + SPACE + tarfile.NUL
 +        # prefix: 155 bytes
 +        + tarfile.NUL * tarfile.LENGTH_PREFIX
 +        # padding: 12 bytes
 +        + tarfile.NUL * 12
 +    )
 +    invalid_gnu_header = (
 +        # name: 100 bytes
 +        tarfile.NUL * tarfile.LENGTH_NAME
 +        # mode, null terminator: 8 bytes
 +        + b"0000755" + tarfile.NUL
 +        # uid, null terminator: 8 bytes
 +        + b"0000001" + tarfile.NUL
 +        # gid, space, null terminator: 8 bytes
 +        + b"0000001" + tarfile.NUL
 +        # size, space: 12 bytes
 +        + b"\xff" * 11 + SPACE
 +        # mtime, space: 12 bytes
 +        + tarfile.NUL * 11 + SPACE
 +        # chksum: 8 bytes
 +        + b"0011327" + tarfile.NUL
 +        # type: 1 byte
 +        + tarfile.REGTYPE
 +        # linkname: 100 bytes
 +        + tarfile.NUL * tarfile.LENGTH_LINK
 +        # magic: 8 bytes
 +        + tarfile.GNU_MAGIC
 +        # uname: 32 bytes
 +        + tarfile.NUL * 32
 +        # gname: 32 bytes
 +        + tarfile.NUL * 32
 +        # devmajor, null terminator: 8 bytes
 +        + tarfile.NUL * 8
 +        # devminor, null terminator: 8 bytes
 +        + tarfile.NUL * 8
 +        # padding: 167 bytes
 +        + tarfile.NUL * 167
 +    )
 +    invalid_v7_header = (
 +        # name: 100 bytes
 +        tarfile.NUL * tarfile.LENGTH_NAME
 +        # mode, space, null terminator: 8 bytes
 +        + b"000755" + SPACE + tarfile.NUL
 +        # uid, space, null terminator: 8 bytes
 +        + b"000001" + SPACE + tarfile.NUL
 +        # gid, space, null terminator: 8 bytes
 +        + b"000001" + SPACE + tarfile.NUL
 +        # size, space: 12 bytes
 +        + b"\xff" * 11 + SPACE
 +        # mtime, space: 12 bytes
 +        + tarfile.NUL * 11 + SPACE
 +        # chksum: 8 bytes
 +        + b"0010070" + tarfile.NUL
 +        # type: 1 byte
 +        + tarfile.REGTYPE
 +        # linkname: 100 bytes
 +        + tarfile.NUL * tarfile.LENGTH_LINK
 +        # padding: 255 bytes
 +        + tarfile.NUL * 255
 +    )
 +    valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
 +    data_block = b"\xff" * tarfile.BLOCKSIZE
 +
 +    def _write_buffer(self, buffer):
 +        with open(self.tarname, "wb") as f:
 +            f.write(buffer)
 +
 +    def _get_members(self, ignore_zeros=None):
 +        with open(self.tarname, "rb") as f:
 +            with tarfile.open(
 +                mode="r", fileobj=f, ignore_zeros=ignore_zeros
 +            ) as tar:
 +                return tar.getmembers()
 +
 +    def _assert_raises_read_error_exception(self):
 +        with self.assertRaisesRegex(
 +            tarfile.ReadError, "file could not be opened successfully"
 +        ):
 +            self._get_members()
 +
 +    def test_invalid_offset_header_validations(self):
 +        for tar_format, invalid_header in (
 +            ("posix", self.invalid_posix_header),
 +            ("gnu", self.invalid_gnu_header),
 +            ("v7", self.invalid_v7_header),
 +        ):
 +            with self.subTest(format=tar_format):
 +                self._write_buffer(invalid_header)
 +                self._assert_raises_read_error_exception()
 +
 +    def test_early_stop_at_invalid_offset_header(self):
 +        buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
 +        self._write_buffer(buffer)
 +        members = self._get_members()
 +        self.assertEqual(len(members), 1)
 +        self.assertEqual(members[0].name, "filename")
 +        self.assertEqual(members[0].offset, 0)
 +
 +    def test_ignore_invalid_archive(self):
 +        # 3 invalid headers with their respective data
 +        buffer = (self.invalid_gnu_header + self.data_block) * 3
 +        self._write_buffer(buffer)
 +        members = self._get_members(ignore_zeros=True)
 +        self.assertEqual(len(members), 0)
 +
 +    def test_ignore_invalid_offset_headers(self):
 +        for first_block, second_block, expected_offset in (
 +            (
 +                (self.valid_gnu_header),
 +                (self.invalid_gnu_header + self.data_block),
 +                0,
 +            ),
 +            (
 +                (self.invalid_gnu_header + self.data_block),
 +                (self.valid_gnu_header),
 +                1024,
 +            ),
 +        ):
 +            self._write_buffer(first_block + second_block)
 +            members = self._get_members(ignore_zeros=True)
 +            self.assertEqual(len(members), 1)
 +            self.assertEqual(members[0].name, "filename")
 +            self.assertEqual(members[0].offset, expected_offset)
 +
 +
 def setUpModule():
     os_helper.unlink(TEMPDIR)
     os.makedirs(TEMPDIR)
 Index: Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
 +++ Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:13:45.525174751 +0200
@@ -0,0 +1,3 @@
 +:mod:`tarfile` now validates archives to ensure member offsets are
 +non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
 +:gh:`130577`.)
--- a/F00251-change-user-install-location.patch
+++ b/F00251-change-user-install-location.patch
@@ -28,10 +28,10 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
 Lib/test/test_sysconfig.py |   17 +++++++++++--
 2 files changed, 67 insertions(+), 7 deletions(-)
-Index: Python-3.13.3/Lib/sysconfig/__init__.py
+Index: Python-3.13.9/Lib/sysconfig/__init__.py
 ===================================================================
--- Python-3.13.3.orig/Lib/sysconfig/__init__.py	2025-04-08 15:54:08.000000000 +0200
+--- Python-3.13.9.orig/Lib/sysconfig/__init__.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.3/Lib/sysconfig/__init__.py	2025-04-11 21:52:31.769387873 +0200
+++ Python-3.13.9/Lib/sysconfig/__init__.py	2025-11-04 17:41:28.521141323 +0100
@@ -106,6 +106,11 @@
 else:
     _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv']
@@ -128,10 +128,10 @@ Index: Python-3.13.3/Lib/sysconfig/__init__.py
     _CONFIG_VARS['py_version'] = _PY_VERSION
     _CONFIG_VARS['py_version_short'] = _PY_VERSION_SHORT
     _CONFIG_VARS['py_version_nodot'] = _PY_VERSION_SHORT_NO_DOT
-Index: Python-3.13.3/Lib/test/test_sysconfig.py
+Index: Python-3.13.9/Lib/test/test_sysconfig.py
 ===================================================================
--- Python-3.13.3.orig/Lib/test/test_sysconfig.py	2025-04-08 15:54:08.000000000 +0200
+--- Python-3.13.9.orig/Lib/test/test_sysconfig.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.3/Lib/test/test_sysconfig.py	2025-04-11 21:52:31.769841915 +0200
+++ Python-3.13.9/Lib/test/test_sysconfig.py	2025-11-04 17:41:28.521386489 +0100
@@ -130,8 +130,19 @@
         for scheme in _INSTALL_SCHEMES:
             for name in _INSTALL_SCHEMES[scheme]:
@@ -153,7 +153,7 @@ Index: Python-3.13.3/Lib/test/test_sysconfig.py
                     os.path.normpath(expected),
                 )
-@@ -386,7 +397,7 @@
+@@ -393,7 +404,7 @@
         self.assertTrue(os.path.isfile(config_h), config_h)
     def test_get_scheme_names(self):
@@ -162,7 +162,7 @@ Index: Python-3.13.3/Lib/test/test_sysconfig.py
         if HAS_USER_BASE:
             wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
         self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
-@@ -398,6 +409,8 @@
+@@ -405,6 +416,8 @@
             cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
             self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))
--- a/Python-3.13.11.tar.xz
+++ b/Python-3.13.11.tar.xz
--- a/Python-3.13.11.tar.xz.sigstore
+++ b/Python-3.13.11.tar.xz.sigstore
@@ -0,0 +1 @@
 {"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyTCCAk+gAwIBAgIUMZ9OrU89PmgWXWiYxq/s1e8xVkkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMjA1MTY1NjU1WhcNMjUxMjA1MTcwNjU1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ3Wq/mhAIwL1ZNOiCgOmVYXqwl8rWBi+hwTYY+NJLvmuRW7wblbWyTJ1RSZrS9dVGhVdWZP7tT2hvkt56ibycaOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUCukYhSJA3LGmELdmyGSLM/sNqPowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGa73H4UAAABAMARjBEAiAoqadI7BCu3G3jmK140KSkRC+uTKIS7K/yAUtT8zfdiwIgV51hPZZYKSjHglktFhqcxzHLdRyb96/caoR4m+DHvT8wCgYIKoZIzj0EAwMDaAAwZQIwSuCW4+VibjHM96ArSncpYew+tvp7bMlc21AHsgr12ZO6p//IiSdjJlqOTpYwCWtFAjEA0BxY6Y7zl4+baG4+BZ+EEiwDwoCOVTR7ORMuDYeZ/Dy6g47hohxRqtssCYdRKRZq"}, "tlogEntries": [{"logIndex": "743450012", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1764953815", "inclusionPromise": {"signedEntryTimestamp": "MEQCIFAmMfakwQScJ3jGB7ufmmWcvXbT/sQYyb/iIbRyJXYmAiB25k62mSSsvteAacdB4SjQJ100UGRI02mHOZykKqirrQ=="}, "inclusionProof": {"logIndex": "621545750", "rootHash": "lTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=", "treeSize": "621545755", "hashes": ["FqRC4Ydg7KClKWZIe5BLdSoxPOl3L+wXnnctnBbxa5E=", "hyHMJXZjRrPr7N8JDpms6tqWbIuqgBLKkoDomNSzO8g=", "XV5KmKAmcumiCPrjB89usazCvsWagxoKoI5P3Rn5mDQ=", "FKJNSf/yPWGSGCwEZ4ybeMVy+zECYaK/u2yKEboKDQs=", "4wbyhSYvHHiszMmrsBtjXwOt9um81zByZQLFAXJAu0g=", "q0tC4xtUswgodVV8T7OYpkNlp/XC4qAM541kvTHkq4o=", "se5pDnKcF+idDdO0PdbWjF+rFNUWlCzxj+pSmkASRQU=", "YYvp7Leoq6lF3zEs+Bux7BQt/UrxFbOOJAwVroBevek=", "pQtmpjszxrel2u+2I5HrLBwlwvhc19nfAUsa5EHZAe4=", "0jEq6eagxqoSOor9OR//fY6uOsPzLaE1q1n9tZRzfSc=", "ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n621545755\nlTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAS9t8HEV2fPKq2rB20KvscWBUzqlzyZr6asuXxp8whiAIgUxc+PuVjTYduOZ2zKNeaSos22BXxAn7hKgxBroQmIkE=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIxNmVkZTdiYjdjZGJmYTg5NWQxMWIwNjQyZmEwZTUyM2YyOTFlNjQ4NzE5NGQ1M2NmNmQzYjMzOGMzYTE3ZWEyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURENENYVTNMNGlMSkVCb0xFSVlnVU5kTXhjN3VENWdMcUgyeXRFNFQxTnd3SWdKbHBhMHJFbDV0MGdtbTlTYzRoQnpFOG9QK2JLSlVZeExUTmd4dEdnSmo0PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVWRU5EUVdzclowRjNTVUpCWjBsVlRWbzVUM0pWT0RsUWJXZFhXRmRwV1hoeEwzTXhaVGg0Vm10cmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFxUVRGTlZGa3hUbXBWTVZkb1kwNU5hbFY0VFdwQk1VMVVZM2RPYWxVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZSTTFkeEwyMW9RVWwzVERGYVRrOXBRMmRQYlZaWldIRjNiRGh5VjBKcEsyaDNWRmtLV1N0T1NreDJiWFZTVnpkM1lteGlWM2xVU2pGU1UxcHlVemxrVmtkb1ZtUlhXbEEzZEZReWFIWnJkRFUyYVdKNVkyRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZEZFd0WkNtaFRTa0V6VEVkdFJVeGtiWGxIVTB4TkwzTk9jVkJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWVRjelNEUlZRVUZCUWtGTlFRcFNha0pGUVdsQmIzRmhaRWszUWtOMU0wY3phbTFMTVRRd1MxTnJVa01yZFZSTFNWTTNTeTk1UVZWMFZEaDZabVJwZDBsblZqVXhhRkJhV2xsTFUycElDbWRzYTNSR2FIRmplSHBJVEdSU2VXSTVOaTlqWVc5U05HMHJSRWgyVkRoM1EyZFpTVXR2V2tsNmFqQkZRWGROUkdGQlFYZGFVVWwzVTNWRFZ6UXJWbWtLWW1wSVRUazJRWEpUYm1Od1dXVjNLM1IyY0RkaVRXeGpNakZCU0hObmNqRXlXazgyY0M4dlNXbFRaR3BLYkhGUFZIQlpkME5YZEVaQmFrVkJNRUo0V1FvMldUZDZiRFFyWW1GSE5DdENXaXRGUldsM1JIZHZRMDlXVkZJM1QxSk5kVVJaWlZvdlJIazJaelEzYUc5b2VGSnhkSE56UTFsa1VrdFNXbkVLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Fu3nu3zb+oldEbBkL6DlI/KR5khxlNU89tOzOMOhfqI="}, "signature": "MEUCIQDD4CXU3L4iLJEBoLEIYgUNdMxc7uD5gLqH2ytE4T1NwwIgJlpa0rEl5t0gmm9Sc4hBzE8oP+bKJUYxLTNgxtGgJj4="}}
--- a/Python-3.13.5.tar.xz
+++ b/Python-3.13.5.tar.xz
--- a/Python-3.13.5.tar.xz.sigstore
+++ b/Python-3.13.5.tar.xz.sigstore
--- a/doc-py38-to-py36.patch
+++ b/doc-py38-to-py36.patch
@@ -27,10 +27,10 @@
 Doc/tools/extensions/pydoc_topics.py          |   22 +++++-----
 18 files changed, 159 insertions(+), 130 deletions(-)
-Index: Python-3.13.5/Doc/Makefile
+Index: Python-3.13.11/Doc/Makefile
 ===================================================================
--- Python-3.13.5.orig/Doc/Makefile	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/Makefile	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/Makefile	2025-06-12 21:38:04.908380762 +0200
+++ Python-3.13.11/Doc/Makefile	2025-12-18 23:36:11.845184450 +0100
@@ -14,15 +14,15 @@
 SOURCES      =
 DISTVERSION  = $(shell $(PYTHON) tools/extensions/patchlevel.py)
@@ -51,10 +51,10 @@ Index: Python-3.13.5/Doc/Makefile
                 $(PAPEROPT_$(PAPER)) \
                 $(SPHINXOPTS) $(SPHINXERRORHANDLING) \
                 . build/$(BUILDER) $(SOURCES)
-Index: Python-3.13.5/Doc/c-api/arg.rst
+Index: Python-3.13.11/Doc/c-api/arg.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/c-api/arg.rst	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/c-api/arg.rst	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/c-api/arg.rst	2025-06-12 21:38:04.908705133 +0200
+++ Python-3.13.11/Doc/c-api/arg.rst	2025-12-18 23:36:11.845570257 +0100
@@ -334,7 +334,6 @@
    should raise an exception and leave the content of *address* unmodified.
@@ -63,10 +63,10 @@ Index: Python-3.13.5/Doc/c-api/arg.rst
    If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
    second time if the argument parsing eventually fails, giving the converter a
-Index: Python-3.13.5/Doc/c-api/typeobj.rst
+Index: Python-3.13.11/Doc/c-api/typeobj.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/c-api/typeobj.rst	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/c-api/typeobj.rst	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/c-api/typeobj.rst	2025-06-12 21:38:04.908874058 +0200
+++ Python-3.13.11/Doc/c-api/typeobj.rst	2025-12-18 23:36:11.846211337 +0100
@@ -610,7 +610,7 @@
    Functions like :c:func:`PyObject_NewVar` will take the value of N as an
    argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +97,10 @@ Index: Python-3.13.5/Doc/c-api/typeobj.rst
    include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
    whether :c:member:`~PyVarObject.ob_size` should be included). These are
    usually defined by the macro :c:macro:`PyObject_HEAD` or
-Index: Python-3.13.5/Doc/conf.py
+Index: Python-3.13.11/Doc/conf.py
 ===================================================================
--- Python-3.13.5.orig/Doc/conf.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/conf.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/conf.py	2025-06-12 21:38:04.909609597 +0200
+++ Python-3.13.11/Doc/conf.py	2025-12-18 23:36:11.846742416 +0100
@@ -11,6 +11,8 @@
 from importlib import import_module
 from importlib.util import find_spec
@@ -127,7 +127,7 @@ Index: Python-3.13.5/Doc/conf.py
 '''
 manpages_url = 'https://manpages.debian.org/{path}'
-@@ -92,7 +94,7 @@
+@@ -96,7 +98,7 @@
 # Minimum version of sphinx required
 # Keep this version in sync with ``Doc/requirements.txt``.
@@ -136,7 +136,7 @@ Index: Python-3.13.5/Doc/conf.py
 # Create table of contents entries for domain objects (e.g. functions, classes,
 # attributes, etc.). Default is True.
-@@ -323,6 +325,9 @@
+@@ -246,6 +248,9 @@
 # Avoid a warning with Sphinx >= 4.0
 root_doc = 'contents'
@@ -146,7 +146,7 @@ Index: Python-3.13.5/Doc/conf.py
 # Allow translation of index directives
 gettext_additional_targets = [
     'index',
-@@ -362,7 +367,7 @@
+@@ -285,7 +290,7 @@
 # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
 is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
 repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -155,7 +155,7 @@ Index: Python-3.13.5/Doc/conf.py
 html_context = {
     "is_deployment_preview": is_deployment_preview,
     "repository_url": repository_url or None,
-@@ -607,6 +612,16 @@
+@@ -551,6 +556,16 @@
 }
 extlinks_detect_hardcoded_links = True
@@ -172,22 +172,22 @@ Index: Python-3.13.5/Doc/conf.py
 # Options for c_annotations extension
 # -----------------------------------
-Index: Python-3.13.5/Doc/library/doctest.rst
+Index: Python-3.13.11/Doc/library/doctest.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/library/doctest.rst	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/library/doctest.rst	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/library/doctest.rst	2025-06-12 21:38:04.909944989 +0200
+++ Python-3.13.11/Doc/library/doctest.rst	2025-12-18 23:36:11.847131855 +0100
-@@ -308,7 +308,6 @@
+@@ -310,7 +310,6 @@
- searched.  Objects imported into the module are not searched.
+ .. currentmodule:: None
 .. attribute:: module.__test__
 -   :no-typesetting:
- In addition, there are cases when you want tests to be part of a module but not part
+ .. currentmodule:: doctest
- of the help text, which requires that the tests not be included in the docstring.
+ 
-Index: Python-3.13.5/Doc/library/email.compat32-message.rst
+Index: Python-3.13.11/Doc/library/email.compat32-message.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/library/email.compat32-message.rst	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/library/email.compat32-message.rst	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/library/email.compat32-message.rst	2025-06-12 21:38:04.910320877 +0200
+++ Python-3.13.11/Doc/library/email.compat32-message.rst	2025-12-18 23:36:11.847579332 +0100
@@ -7,7 +7,6 @@
    :synopsis: The base class representing email messages in a fashion
               backward compatible with Python 3.2
@@ -196,11 +196,11 @@ Index: Python-3.13.5/Doc/library/email.compat32-message.rst
 The :class:`Message` class is very similar to the
-Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
+Index: Python-3.13.11/Doc/library/xml.etree.elementtree.rst
 ===================================================================
--- Python-3.13.5.orig/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/library/xml.etree.elementtree.rst	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:38:04.910594893 +0200
+++ Python-3.13.11/Doc/library/xml.etree.elementtree.rst	2025-12-18 23:36:11.847865126 +0100
-@@ -874,7 +874,6 @@
+@@ -873,7 +873,6 @@
 .. module:: xml.etree.ElementTree
    :noindex:
@@ -208,10 +208,10 @@ Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
 .. class:: Element(tag, attrib={}, **extra)
-Index: Python-3.13.5/Doc/tools/check-warnings.py
+Index: Python-3.13.11/Doc/tools/check-warnings.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/check-warnings.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/check-warnings.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/check-warnings.py	2025-06-12 21:38:04.910896050 +0200
+++ Python-3.13.11/Doc/tools/check-warnings.py	2025-12-18 23:36:11.848175434 +0100
@@ -228,7 +228,8 @@
             print(filename)
             for warning in warnings:
@@ -231,10 +231,10 @@ Index: Python-3.13.5/Doc/tools/check-warnings.py
         for warning in warnings
         if "Doc/" in warning
     }
-Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.11/Doc/tools/extensions/audit_events.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/audit_events.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/audit_events.py	2025-06-12 21:38:04.911151491 +0200
+++ Python-3.13.11/Doc/tools/extensions/audit_events.py	2025-12-18 23:36:11.848442160 +0100
@@ -1,9 +1,6 @@
 """Support for documenting audit events."""
@@ -370,10 +370,10 @@ Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
     ) -> nodes.row:
         row = nodes.row()
         name_node = nodes.paragraph("", nodes.Text(name))
-Index: Python-3.13.5/Doc/tools/extensions/availability.py
+Index: Python-3.13.11/Doc/tools/extensions/availability.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/availability.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/availability.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/availability.py	2025-06-12 21:38:04.911376735 +0200
+++ Python-3.13.11/Doc/tools/extensions/availability.py	2025-12-18 23:36:11.848697922 +0100
@@ -1,8 +1,6 @@
 """Support for documenting platform availability"""
@@ -427,10 +427,10 @@ Index: Python-3.13.5/Doc/tools/extensions/availability.py
     app.add_directive("availability", Availability)
     return {
-Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
+Index: Python-3.13.11/Doc/tools/extensions/c_annotations.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/c_annotations.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/c_annotations.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/c_annotations.py	2025-06-12 21:38:04.911575881 +0200
+++ Python-3.13.11/Doc/tools/extensions/c_annotations.py	2025-12-18 23:37:01.590377119 +0100
@@ -9,22 +9,26 @@
 * Set ``stable_abi_file`` to the path to stable ABI list.
 """
@@ -525,7 +525,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
             if ROLE_TO_OBJECT_TYPE[record.role] != objtype:
                 msg = (
                     f"Object type mismatch in limited API annotation for {name}: "
-@@ -234,7 +241,7 @@
+@@ -256,7 +263,7 @@
     )
@@ -534,7 +534,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
     classes = ["refcount"]
     if result_refs is None:
         rc = sphinx_gettext("Return value: Always NULL.")
-@@ -254,7 +261,7 @@
+@@ -276,7 +283,7 @@
     optional_arguments = 0
     final_argument_whitespace = True
@@ -543,7 +543,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
         state = self.env.domaindata["c_annotations"]
         content = [
             f"* :c:{record.role}:`{record.name}`"
-@@ -277,13 +284,23 @@
+@@ -344,7 +351,7 @@
     )
@@ -552,6 +552,7 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
     app.add_config_value("refcount_file", "", "env", types={str})
     app.add_config_value("stable_abi_file", "", "env", types={str})
     app.add_directive("limited-api-list", LimitedAPIList)
@@ -352,6 +359,16 @@
     app.connect("builder-inited", init_annotations)
     app.connect("doctree-read", add_annotations)
@@ -568,10 +569,10 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
     return {
         "version": "1.0",
         "parallel_read_safe": True,
-Index: Python-3.13.5/Doc/tools/extensions/changes.py
+Index: Python-3.13.11/Doc/tools/extensions/changes.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/changes.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/changes.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/changes.py	2025-06-12 21:38:04.911758715 +0200
+++ Python-3.13.11/Doc/tools/extensions/changes.py	2025-12-18 23:36:11.849240594 +0100
@@ -1,7 +1,5 @@
 """Support for documenting version of changes, additions, deprecations."""
@@ -607,10 +608,10 @@ Index: Python-3.13.5/Doc/tools/extensions/changes.py
     # Override Sphinx's directives with support for 'next'
     app.add_directive("versionadded", PyVersionChange, override=True)
     app.add_directive("versionchanged", PyVersionChange, override=True)
-Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
+Index: Python-3.13.11/Doc/tools/extensions/glossary_search.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/glossary_search.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/glossary_search.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/glossary_search.py	2025-06-12 21:38:04.911907976 +0200
+++ Python-3.13.11/Doc/tools/extensions/glossary_search.py	2025-12-18 23:36:11.849448932 +0100
@@ -1,21 +1,27 @@
 """Feature search results for glossary items prominently."""
@@ -654,10 +655,10 @@ Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
     app.connect('doctree-resolved', process_glossary_nodes)
     app.connect('build-finished', write_glossary_json)
-Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
+Index: Python-3.13.11/Doc/tools/extensions/implementation_detail.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/implementation_detail.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:38:04.912061736 +0200
+++ Python-3.13.11/Doc/tools/extensions/implementation_detail.py	2025-12-18 23:36:11.849650427 +0100
@@ -1,17 +1,10 @@
 """Support for marking up implementation details."""
@@ -708,10 +709,10 @@ Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
     app.add_directive("impl-detail", ImplementationDetail)
     return {
-Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
+Index: Python-3.13.11/Doc/tools/extensions/issue_role.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/issue_role.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/issue_role.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/issue_role.py	2025-06-12 21:38:04.912236134 +0200
+++ Python-3.13.11/Doc/tools/extensions/issue_role.py	2025-12-18 23:36:11.849838302 +0100
@@ -1,22 +1,18 @@
 """Support for referencing issues in the tracker."""
@@ -757,10 +758,10 @@ Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
     app.add_role("issue", BPOIssue())
     app.add_role("gh", GitHubIssue())
-Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
+Index: Python-3.13.11/Doc/tools/extensions/misc_news.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/misc_news.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/misc_news.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/misc_news.py	2025-06-12 21:38:04.912390144 +0200
+++ Python-3.13.11/Doc/tools/extensions/misc_news.py	2025-12-18 23:36:11.850033510 +0100
@@ -1,7 +1,5 @@
 """Support for including Misc/NEWS."""
@@ -813,10 +814,10 @@ Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
     app.add_directive("miscnews", MiscNews)
     return {
-Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
+Index: Python-3.13.11/Doc/tools/extensions/patchlevel.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/patchlevel.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/patchlevel.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/patchlevel.py	2025-06-12 21:38:04.912563631 +0200
+++ Python-3.13.11/Doc/tools/extensions/patchlevel.py	2025-12-18 23:36:11.850217264 +0100
@@ -3,7 +3,7 @@
 import re
 import sys
@@ -854,10 +855,10 @@ Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
     version = f"{info.major}.{info.minor}"
     release = f"{info.major}.{info.minor}.{info.micro}"
     if info.releaselevel != "final":
-Index: Python-3.13.5/Doc/tools/extensions/pydoc_topics.py
+Index: Python-3.13.11/Doc/tools/extensions/pydoc_topics.py
 ===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:37:37.257659788 +0200
+--- Python-3.13.11.orig/Doc/tools/extensions/pydoc_topics.py	2025-12-05 17:06:33.000000000 +0100
-+++ Python-3.13.5/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:38:04.912726688 +0200
+++ Python-3.13.11/Doc/tools/extensions/pydoc_topics.py	2025-12-18 23:36:11.850437755 +0100
@@ -1,21 +1,23 @@
 """Support for building "topic help" for pydoc."""
--- a/gh126985-mv-pyvenv.cfg2getpath.patch
+++ b/gh126985-mv-pyvenv.cfg2getpath.patch
@@ -8,10 +8,10 @@ Date:   Tue Nov 26 13:46:33 2024 +0000
 Lib/test/test_sysconfig.py |   67 ---------------------------------------------
 1 file changed, 1 insertion(+), 66 deletions(-)
-Index: Python-3.13.5/Lib/test/test_sysconfig.py
+Index: Python-3.13.9/Lib/test/test_sysconfig.py
 ===================================================================
--- Python-3.13.5.orig/Lib/test/test_sysconfig.py	2025-06-12 19:55:42.184491497 +0200
+--- Python-3.13.9.orig/Lib/test/test_sysconfig.py	2025-11-04 17:41:28.521386489 +0100
-+++ Python-3.13.5/Lib/test/test_sysconfig.py	2025-06-12 19:56:05.737665419 +0200
+++ Python-3.13.9/Lib/test/test_sysconfig.py	2025-11-04 17:42:36.888243505 +0100
@@ -110,6 +110,7 @@
             **venv_create_args,
         )
@@ -20,7 +20,7 @@ Index: Python-3.13.5/Lib/test/test_sysconfig.py
     def test_get_path_names(self):
         self.assertEqual(get_path_names(), sysconfig._SCHEME_KEYS)
-@@ -604,72 +605,6 @@
+@@ -611,72 +612,6 @@
         suffix = sysconfig.get_config_var('EXT_SUFFIX')
         self.assertTrue(suffix.endswith('-darwin.so'), suffix)
--- a/gh138131-exclude-pycache-from-digest.patch
+++ b/gh138131-exclude-pycache-from-digest.patch
@@ -0,0 +1,30 @@
 From 4bb41b28d5bac09bccd636d8c5fefe1a462f63a7 Mon Sep 17 00:00:00 2001
 From: Alm <alon.menczer@gmail.com>
 Date: Mon, 25 Aug 2025 08:56:38 +0300
 Subject: [PATCH 1/4] Exclude .pyc files from the computed digest in the jit
 stencils
 ---
 Tools/jit/_targets.py | 3 +++
 1 file changed, 3 insertions(+)
 Index: Python-3.13.7/Tools/jit/_targets.py
 ===================================================================
 --- Python-3.13.7.orig/Tools/jit/_targets.py
 +++ Python-3.13.7/Tools/jit/_targets.py
@@ -53,6 +53,9 @@ class _Target(typing.Generic[_S, _R]):
         hasher.update(PYTHON_EXECUTOR_CASES_C_H.read_bytes())
         hasher.update((out / "pyconfig.h").read_bytes())
         for dirpath, _, filenames in sorted(os.walk(TOOLS_JIT)):
 +            # Exclude cache files from digest computation to ensure reproducible builds.
 +            if dirpath.endswith("__pycache__"):
 +                continue
             for filename in filenames:
                 hasher.update(pathlib.Path(dirpath, filename).read_bytes())
         return hasher.hexdigest()
 Index: Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
 ===================================================================
 --- /dev/null
 +++ Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
@@ -0,0 +1 @@
 +Ensure reproducible builds by making JIT stencil header generation deterministic.
--- a/gh139257-Support-docutils-0.22.patch
+++ b/gh139257-Support-docutils-0.22.patch
@@ -0,0 +1,148 @@
 From 19b61747df3d62c822285c488753d6fbdf91e3ac Mon Sep 17 00:00:00 2001
 From: Daniel Garcia Moreno <daniel.garcia@suse.com>
 Date: Tue, 23 Sep 2025 10:20:16 +0200
 Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22
 ---
 Doc/tools/extensions/pyspecific.py |   69 +++++++++++++++++++++++++------------
 1 file changed, 47 insertions(+), 22 deletions(-)
 Index: Python-3.13.11/Doc/tools/extensions/pyspecific.py
 ===================================================================
 --- Python-3.13.11.orig/Doc/tools/extensions/pyspecific.py	2025-12-05 17:06:33.000000000 +0100
 +++ Python-3.13.11/Doc/tools/extensions/pyspecific.py	2025-12-18 23:38:44.804668556 +0100
@@ -1,12 +1,12 @@
 # -*- coding: utf-8 -*-
 """
 -    pyspecific.py
 -    ~~~~~~~~~~~~~
 +pyspecific.py
 +~~~~~~~~~~~~~
 -    Sphinx extension with Python doc-specific markup.
 +Sphinx extension with Python doc-specific markup.
 -    :copyright: 2008-2014 by Georg Brandl.
 -    :license: Python license.
 +:copyright: 2008-2014 by Georg Brandl.
 +:license: Python license.
 """
 import re
@@ -22,30 +22,50 @@
 from sphinx.util.docutils import SphinxDirective
 # Used in conf.py and updated here by python/release-tools/run_release.py
 -SOURCE_URI = 'https://github.com/python/cpython/tree/3.13/%s'
 +SOURCE_URI = "https://github.com/python/cpython/tree/3.13/%s"
 +
 +
 +# monkey-patch reST parser to disable alphabetic and roman enumerated lists
 +def _disable_alphabetic_and_roman(text):
 +    try:
 +        # docutils >= 0.22
 +        from docutils.parsers.rst.states import InvalidRomanNumeralError
 +
 +        raise InvalidRomanNumeralError(text)
 +    except ImportError:
 +        # docutils < 0.22
 +        return None
 +
 +
 +from docutils.parsers.rst.states import Body
 +
 +Body.enum.converters["loweralpha"] = Body.enum.converters["upperalpha"] = (
 +    Body.enum.converters["lowerroman"]
 +) = Body.enum.converters["upperroman"] = _disable_alphabetic_and_roman
 +
 class PyAwaitableMixin(object):
     def handle_signature(self, sig, signode):
         ret = super(PyAwaitableMixin, self).handle_signature(sig, signode)
 -        signode.insert(0, addnodes.desc_annotation('awaitable ', 'awaitable '))
 +        signode.insert(0, addnodes.desc_annotation("awaitable ", "awaitable "))
         return ret
 class PyAwaitableFunction(PyAwaitableMixin, PyFunction):
     def run(self):
 -        self.name = 'py:function'
 +        self.name = "py:function"
         return PyFunction.run(self)
 class PyAwaitableMethod(PyAwaitableMixin, PyMethod):
     def run(self):
 -        self.name = 'py:method'
 +        self.name = "py:method"
         return PyMethod.run(self)
 # Support for documenting Opcodes
 -opcode_sig_re = re.compile(r'(\w+(?:\+\d)?)(?:\s*\((.*)\))?')
 +opcode_sig_re = re.compile(r"(\w+(?:\+\d)?)(?:\s*\((.*)\))?")
 def parse_opcode_signature(env, sig, signode):
@@ -64,7 +84,7 @@
 # Support for documenting pdb commands
 -pdbcmd_sig_re = re.compile(r'([a-z()!]+)\s*(.*)')
 +pdbcmd_sig_re = re.compile(r"([a-z()!]+)\s*(.*)")
 # later...
 # pdbargs_tokens_re = re.compile(r'''[a-zA-Z]+  |  # identifiers
@@ -80,16 +100,16 @@
     if m is None:
         raise ValueError
     name, args = m.groups()
 -    fullname = name.replace('(', '').replace(')', '')
 +    fullname = name.replace("(", "").replace(")", "")
     signode += addnodes.desc_name(name, name)
     if args:
 -        signode += addnodes.desc_addname(' '+args, ' '+args)
 +        signode += addnodes.desc_addname(" " + args, " " + args)
     return fullname
 def parse_monitoring_event(env, sig, signode):
     """Transform a monitoring event signature into RST nodes."""
 -    signode += addnodes.desc_addname('sys.monitoring.events.', 'sys.monitoring.events.')
 +    signode += addnodes.desc_addname("sys.monitoring.events.", "sys.monitoring.events.")
     signode += addnodes.desc_name(sig, sig)
     return sig
@@ -102,7 +122,7 @@
     As such, we link this to ``env-check-consistency``, even though it has
     nothing to do with the environment consistency check.
     """
 -    if app.builder.name != 'gettext':
 +    if app.builder.name != "gettext":
         return
     # allow translating deprecated index entries
@@ -119,10 +139,15 @@
 def setup(app):
 -    app.add_object_type('opcode', 'opcode', '%s (opcode)', parse_opcode_signature)
 -    app.add_object_type('pdbcommand', 'pdbcmd', '%s (pdb command)', parse_pdb_command)
 -    app.add_object_type('monitoring-event', 'monitoring-event', '%s (monitoring event)', parse_monitoring_event)
 -    app.add_directive_to_domain('py', 'awaitablefunction', PyAwaitableFunction)
 -    app.add_directive_to_domain('py', 'awaitablemethod', PyAwaitableMethod)
 -    app.connect('env-check-consistency', patch_pairindextypes)
 -    return {'version': '1.0', 'parallel_read_safe': True}
 +    app.add_object_type("opcode", "opcode", "%s (opcode)", parse_opcode_signature)
 +    app.add_object_type("pdbcommand", "pdbcmd", "%s (pdb command)", parse_pdb_command)
 +    app.add_object_type(
 +        "monitoring-event",
 +        "monitoring-event",
 +        "%s (monitoring event)",
 +        parse_monitoring_event,
 +    )
 +    app.add_directive_to_domain("py", "awaitablefunction", PyAwaitableFunction)
 +    app.add_directive_to_domain("py", "awaitablemethod", PyAwaitableMethod)
 +    app.connect("env-check-consistency", patch_pairindextypes)
 +    return {"version": "1.0", "parallel_read_safe": True}
--- a/idle3.appdata.xml
+++ b/idle3.appdata.xml
@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Copyright 2017 Zbigniew Jędrzejewski-Szmek -->
+<component type="desktop-application">
-<application>
+  <id>org.python.IDLE3</id>
-  <id type="desktop">idle3.desktop</id>
+  <launchable type="desktop-id">idle3.desktop</launchable>
  <name>IDLE3</name>
  <metadata_licence>CC0</metadata_licence>
  <project_license>Python-2.0</project_license>
  <summary>Python 3 Integrated Development and Learning Environment</summary>
  <description>
    <p>
      IDLE is Python’s Integrated Development and Learning Environment.
-      The GUI is uniform between Windows, Unix, and Mac OS X.
+      The GUI is uniform between Windows, Unix, and macOS.
      IDLE provides an easy way to start writing, running, and debugging
      Python code.
    </p>
@@ -19,17 +19,33 @@
      It provides:
    </p>
    <ul>
-       <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
+      <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
-       <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
+      <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
-       <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
+      <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
-       <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
+      <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
    </ul>
  </description>
  <developer id="org.python">
    <name>Python Software Foundation</name>
  </developer>
  <url type="homepage">https://docs.python.org/3/library/idle.html</url>
  <screenshots>
-    <screenshot type="default">http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</screenshot>
+    <screenshot type="default">
-    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</screenshot>
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</image>
-    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</screenshot>
+    </screenshot>
    <screenshot>
      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</image>
    </screenshot>
    <screenshot>
      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</image>
    </screenshot>
  </screenshots>
  <project_license>Python-2.0</project_license>
  <metadata_license>CC0-1.0</metadata_license>
  <update_contact>zbyszek@in.waw.pl</update_contact>
-</application>
+</component>
--- a/pass-test_write_read_limited_history.patch
+++ b/pass-test_write_read_limited_history.patch
@@ -0,0 +1,45 @@
 ---
 Modules/readline.c |   23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 Index: Python-3.13.9/Modules/readline.c
 ===================================================================
 --- Python-3.13.9.orig/Modules/readline.c	2025-10-14 15:52:31.000000000 +0200
 +++ Python-3.13.9/Modules/readline.c	2025-11-20 00:46:45.594286346 +0100
@@ -175,6 +175,8 @@
     return PyUnicode_DecodeLocale(s, "surrogateescape");
 }
 +static int _py_get_history_length(void);
 +static void _py_free_history_entry(HIST_ENTRY *entry);
 /*
 Explicitly disable bracketed paste in the interactive interpreter, even if it's
@@ -399,6 +401,27 @@
 /*[clinic end generated code: output=e161a53e45987dc7 input=b8901bf16488b760]*/
 {
     _history_length = length;
 +
 +    if (length < 0) {
 +        stifle_history(-1);
 +    }
 +    else {
 +        int current_length = _py_get_history_length();
 +        if (length < current_length) {
 +#if defined(RL_READLINE_VERSION) && RL_READLINE_VERSION >= 0x0500
 +            HISTORY_STATE *state = history_get_history_state();
 +            if (state) {
 +                int i;
 +                for (i = 0; i < current_length - length; i++) {
 +                    _py_free_history_entry(remove_history(0));
 +                }
 +                state->length = length;
 +                free(state);
 +            }
 +#endif
 +        }
 +        stifle_history(length);
 +    }
     Py_RETURN_NONE;
 }
--- a/python313.changes
+++ b/python313.changes
@@ -1,3 +1,783 @@
 -------------------------------------------------------------------
 Thu Dec 11 21:36:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Update to 3.13.11:
    - gh-142145: Remove quadratic behavior in xml.minidom node ID
      cache clearing (CVE-2025-12084, bsc#1254997).
    - gh-119451: Fix a potential memory denial of service in the
      http.client module. When connecting to a malicious server,
      it could cause an arbitrary amount of memory to be
      allocated. This could have led to symptoms including
      a MemoryError, swapping, out of memory (OOM) killed
      processes or containers, or even system crashes
      (bsc#1254400, CVE-2025-13836).
    - gh-119452: Fix a potential memory denial of service in the
      http.server module. When a malicious user is connected to
      the CGI server on Windows, it could cause an arbitrary
      amount of memory to be allocated. This could have led to
      symptoms including a MemoryError, swapping, out of memory
      (OOM) killed processes or containers, or even system
      crashes.
 - Library
    - gh-140797: Revert changes to the undocumented re.Scanner
      class. Capturing groups are still allowed for backward
      compatibility, although using them can lead to incorrect
      result. They will be forbidden in future Python versions.
    - gh-142206: The resource tracker in the multiprocessing
      module now uses the original communication protocol, as in
      Python 3.14.0 and below, by default. This avoids issues
      with upgrading Python while it is running. (Note that such
      ‘in-place’ upgrades are not tested.) The tracker remains
      compatible with subprocesses that use new protocol (that
      is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).
 - Core and Builtins
    - gh-142218: Fix crash when inserting into a split table
      dictionary with a non str key that matches an existing key.
 - Update to 3.13.10:
 - Tools/Demos
    - gh-141442: The iOS testbed now correctly handles test
      arguments that contain spaces.
 - Tests
    - gh-140482: Preserve and restore the state of stty echo as
      part of the test environment.
    - gh-140082: Update python -m test to set FORCE_COLOR=1 when
      being run with color enabled so that unittest which is run
      by it with redirected output will output in color.
    - gh-136442: Use exitcode 1 instead of 5 if
      unittest.TestCase.setUpClass() raises an exception
 - Security
    - gh-139700: Check consistency of the zip64 end of central
      directory record. Support records with “zip64 extensible
      data” if there are no bytes prepended to the ZIP file.
      (CVE-2025-8291, bsc#1251305)
    - gh-137836: Add support of the “plaintext” element, RAWTEXT
      elements “xmp”, “iframe”, “noembed” and “noframes”, and
      optionally RAWTEXT element “noscript” in
      html.parser.HTMLParser.
    - gh-136063: email.message: ensure linear complexity for
      legacy HTTP parameters parsing. Patch by Bénédikt Tran.
    - gh-136065: Fix quadratic complexity in
      os.path.expandvars() (CVE-2025-6075, bsc#1252974).
    - gh-119342: Fix a potential memory denial of service in the
      plistlib module. When reading a Plist file received from
      untrusted source, it could cause an arbitrary amount of
      memory to be allocated. This could have led to symptoms
      including a MemoryError, swapping, out of memory (OOM)
      killed processes or containers, or even system crashes
      (CVE-2025-13837, bsc#1254401).
 - Library
    - gh-74389: When the stdin being used by a subprocess.Popen
      instance is closed, this is now ignored in
      subprocess.Popen.communicate() instead of leaving the class
      in an inconsistent state.
    - gh-87512: Fix subprocess.Popen.communicate() timeout
      handling on Windows when writing large input. Previously,
      the timeout was ignored during stdin writing, causing the
      method to block indefinitely if the child process did not
      consume input quickly. The stdin write is now performed in
      a background thread, allowing the timeout to be properly
      enforced.
    - gh-141473: When subprocess.Popen.communicate() was called
      with input and a timeout and is called for a second time
      after a TimeoutExpired exception before the process has
      died, it should no longer hang.
    - gh-59000: Fix pdb breakpoint resolution for class methods
      when the module defining the class is not imported.
    - gh-141570: Support file-like object raising OSError from
      fileno() in color detection (_colorize.can_colorize()).
      This can occur when sys.stdout is redirected.
    - gh-141659: Fix bad file descriptor errors from
      _posixsubprocess on AIX.
    - gh-141497: ipaddress: ensure that the methods
      IPv4Network.hosts() and IPv6Network.hosts() always return
      an iterator.
    - gh-140938: The statistics.stdev() and statistics.pstdev()
      functions now raise a ValueError when the input contains an
      infinity or a NaN.
    - gh-124111: Updated Tcl threading configuration in _tkinter
      to assume that threads are always available in Tcl 9 and
      later.
    - gh-137109: The os.fork and related forking APIs will no
      longer warn in the common case where Linux or macOS
      platform APIs return the number of threads in a process and
      find the answer to be 1 even when a os.register_at_fork()
      after_in_parent= callback (re)starts a thread.
    - gh-141314: Fix assertion failure in io.TextIOWrapper.tell()
      when reading files with standalone carriage return (\r)
      line endings.
    - gh-141311: Fix assertion failure in io.BytesIO.readinto()
      and undefined behavior arising when read position is above
      capcity in io.BytesIO.
    - gh-141141: Fix a thread safety issue with
      base64.b85decode(). Contributed by Benel Tayar.
    - gh-140911: collections: Ensure that the methods
      UserString.rindex() and UserString.index() accept
      collections.UserString instances as the sub argument.
    - gh-140797: The undocumented re.Scanner class now forbids
      regular expressions containing capturing groups in its
      lexicon patterns. Patterns using capturing groups could
      previously lead to crashes with segmentation fault. Use
      non-capturing groups (?:…) instead.
    - gh-140815: faulthandler now detects if a frame or a code
      object is invalid or freed. Patch by Victor Stinner.
    - gh-100218: Correctly set errno when socket.if_nametoindex()
      or socket.if_indextoname() raise an OSError. Patch by
      Bénédikt Tran.
    - gh-140875: Fix handling of unclosed character references
      (named and numerical) followed by the end of file in
      html.parser.HTMLParser with convert_charrefs=False.
    - gh-140734: multiprocessing: fix off-by-one error when
      checking the length of a temporary socket file path. Patch
      by Bénédikt Tran.
    - gh-140874: Bump the version of pip bundled in ensurepip to
      version 25.3
    - gh-140691: In urllib.request, when opening a FTP URL fails
      because a data connection cannot be made, the control
      connection’s socket is now closed to avoid
      a ResourceWarning.
    - gh-103847: Fix hang when cancelling process created by
      asyncio.create_subprocess_exec() or
      asyncio.create_subprocess_shell(). Patch by Kumar Aditya.
    - gh-140590: Fix arguments checking for the
      functools.partial.__setstate__() that may lead to internal
      state corruption and crash. Patch by Sergey Miryanov.
    - gh-140634: Fix a reference counting bug in
      os.sched_param.__reduce__().
    - gh-140633: Ignore AttributeError when setting a module’s
      __file__ attribute when loading an extension module
      packaged as Apple Framework.
    - gh-140593: xml.parsers.expat: Fix a memory leak that could
      affect users with ElementDeclHandler() set to a custom
      element declaration handler. Patch by Sebastian Pipping.
    - gh-140607: Inside io.RawIOBase.read(), validate that the
      count of bytes returned by io.RawIOBase.readinto() is valid
      (inside the provided buffer).
    - gh-138162: Fix logging.LoggerAdapter with merge_extra=True
      and without the extra argument.
    - gh-140474: Fix memory leak in array.array when creating
      arrays from an empty str and the u type code.
    - gh-140272: Fix memory leak in the clear() method of the
      dbm.gnu database.
    - gh-140041: Fix import of ctypes on Android and Cygwin when
      ABI flags are present.
    - gh-139905: Add suggestion to error message for
      typing.Generic subclasses when cls.__parameters__ is
      missing due to a parent class failing to call
      super().__init_subclass__() in its __init_subclass__.
    - gh-139845: Fix to not print KeyboardInterrupt twice in
      default asyncio REPL.
    - gh-139783: Fix inspect.getsourcelines() for the case when
      a decorator is followed by a comment or an empty line.
    - gh-70765: http.server: fix default handling of HTTP/0.9
      requests in BaseHTTPRequestHandler. Previously,
      BaseHTTPRequestHandler.parse_request() incorrectly waited
      for headers in the request although those are not supported
      in HTTP/0.9. Patch by Bénédikt Tran.
    - gh-139391: Fix an issue when, on non-Windows platforms, it
      was not possible to gracefully exit a python -m asyncio
      process suspended by Ctrl+Z and later resumed by fg other
      than with kill.
    - gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004',
      'euc_jisx0213' and 'euc_jis_2004' codecs truncating null
      chars as they were treated as part of multi-character
      sequences.
    - gh-139246: fix: paste zero-width in default repl width is
      wrong.
    - gh-90949: Add SetAllocTrackerActivationThreshold() and
      SetAllocTrackerMaximumAmplification() to xmlparser objects
      to prevent use of disproportional amounts of dynamic memory
      from within an Expat parser. Patch by Bénédikt Tran.
    - gh-139065: Fix trailing space before a wrapped long word if
      the line length is exactly width in textwrap.
    - gh-138993: Dedent credits text.
    - gh-138859: Fix generic type parameterization raising
      a TypeError when omitting a ParamSpec that has a default
      which is not a list of types.
    - gh-138775: Use of python -m with base64 has been fixed to
      detect input from a terminal so that it properly notices
      EOF.
    - gh-98896: Fix a failure in multiprocessing resource_tracker
      when SharedMemory names contain colons. Patch by Rani
      Pinchuk.
    - gh-75989: tarfile.TarFile.extractall() and
      tarfile.TarFile.extract() now overwrite symlinks when
      extracting hardlinks. (Contributed by Alexander Enrique
      Urieles Nieto in gh-75989.)
    - gh-83424: Allows creating a ctypes.CDLL without name when
      passing a handle as an argument.
    - gh-136234: Fix asyncio.WriteTransport.writelines() to be
      robust to connection failure, by using the same behavior as
      write().
    - gh-136057: Fixed the bug in pdb and bdb where next and step
      can’t go over the line if a loop exists in the line.
    - gh-135307: email: Fix exception in set_content() when
      encoding text and max_line_length is set to 0 or None
      (unlimited).
    - gh-134453: Fixed subprocess.Popen.communicate() input=
      handling of memoryview instances that were non-byte shaped
      on POSIX platforms. Those are now properly cast to a byte
      shaped view instead of truncating the input. Windows
      platforms did not have this bug.
    - gh-102431: Clarify constraints for “logical” arguments in
      methods of decimal.Context.
 - IDLE
    - gh-96491: Deduplicate version number in IDLE shell title
      bar after saving to a file.
 - Documentation
    - gh-141994: xml.sax.handler: Make Documentation of
      xml.sax.handler.feature_external_ges warn of opening up to
      external entity attacks. Patch by Sebastian Pipping.
    - gh-140578: Remove outdated sencence in the documentation
      for multiprocessing, that implied that
      concurrent.futures.ThreadPoolExecutor did not exist.
 - Core and Builtins
    - gh-142048: Fix quadratically increasing garbage collection
      delays in free-threaded build.
    - gh-141930: When importing a module, use Python’s regular
      file object to ensure that writes to .pyc files are
      complete or an appropriate error is raised.
    - gh-120158: Fix inconsistent state when enabling or
      disabling monitoring events too many times.
    - gh-141579: Fix sys.activate_stack_trampoline() to properly
      support the perf_jit backend. Patch by Pablo Galindo.
    - gh-141312: Fix the assertion failure in the __setstate__
      method of the range iterator when a non-integer argument is
      passed. Patch by Sergey Miryanov.
    - gh-140939: Fix memory leak when bytearray or bytes is
      formated with the
      %*b format with a large width that results in
      %a MemoryError.
    - gh-140530: Fix a reference leak when raise exc from cause
      fails. Patch by Bénédikt Tran.
    - gh-140576: Fixed crash in tokenize.generate_tokens() in
      case of specific incorrect input. Patch by Mikhail Efimov.
    - gh-140551: Fixed crash in dict if dict.clear() is called at
      the lookup stage. Patch by Mikhail Efimov and Inada Naoki.
    - gh-140471: Fix potential buffer overflow in ast.AST node
      initialization when encountering malformed _fields
      containing non-str.
    - gh-140406: Fix memory leak when an object’s __hash__()
      method returns an object that isn’t an int.
    - gh-140306: Fix memory leaks in cross-interpreter channel
      operations and shared namespace handling.
    - gh-140301: Fix memory leak of PyConfig in subinterpreters.
    - gh-140000: Fix potential memory leak when a reference cycle
      exists between an instance of typing.TypeAliasType,
      typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple
      and its __name__ attribute. Patch by Mikhail Efimov.
    - gh-139748: Fix reference leaks in error branches of
      functions accepting path strings or bytes such as compile()
      and os.system(). Patch by Bénédikt Tran.
    - gh-139516: Fix lambda colon erroneously start format spec
      in f-string in tokenizer.
    - gh-139640: Fix swallowing some syntax warnings in different
      modules if they accidentally have the same message and are
      emitted from the same line. Fix duplicated warnings in the
      finally block.
    - gh-137400: Fix a crash in the free threading build when
      disabling profiling or tracing across all threads with
      PyEval_SetProfileAllThreads() or
      PyEval_SetTraceAllThreads() or their Python equivalents
      threading.settrace_all_threads() and
      threading.setprofile_all_threads().
    - gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to
      match old pre-3.13 REPL behavior.
 - C API
    - gh-140042: Removed the sqlite3_shutdown call that could
      cause closing connections for sqlite when used with
      multiple sub interpreters.
    - gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API
      3.11 and older: don’t treat Py_NotImplemented as immortal.
      Patch by Victor Stinner.
 - Remove upstreamed patches:
  - CVE-2025-13836-http-resp-cont-len.patch
  - CVE-2025-8291-consistency-zip64.patch
  - CVE-2025-6075-expandvars-perf-degrad.patch
 -------------------------------------------------------------------
 Wed Nov 19 19:21:41 UTC 2025 - Matej Cepl <mcepl@suse.com>
 - Add pass-test_write_read_limited_history.patch:
  Fix readline history truncation when length is reduced
  The `readline.set_history_length()` function did not previously
  truncate the in-memory history when the new length was set to
  a value smaller than the current number of history items. This
  could lead to unexpected behavior where `get_history_length()`
  would still report the old length and writing the history to a
  file would write more entries than the new limit.
  This patch modifies `set_history_length()` to explicitly
  remove the oldest history entries using `remove_history()`
  when the length is decreased, ensuring the in-memory history
  is correctly truncated to the new limit. This brings the
  function's behavior in line with expectations and fixes
  failures in `test_write_read_limited_history`.
 -------------------------------------------------------------------
 Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
  quadratic complexity vulnerabilities of os.path.expandvars()
  (CVE-2025-6075, bsc#1252974).
 -------------------------------------------------------------------
 Tue Nov  4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Add CVE-2025-8291-consistency-zip64.patch which checks
  consistency of the zip64 end of central directory record, and
  preventing obfuscation of the payload, i.e., you scanning for
  malicious content in a ZIP file with one ZIP parser (let's say
  a Rust one) then unpack it in production with another (e.g.,
  the Python one) and get malicious content that the other parser
  did not see (CVE-2025-8291, bsc#1251305)
 - Readjust patches while synchronizing between openSUSE and SLE trees:
  - F00251-change-user-install-location.patch
  - doc-py38-to-py36.patch
  - gh126985-mv-pyvenv.cfg2getpath.patch
 -------------------------------------------------------------------
 Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
 - Update to 3.13.9:
  - Library
    - gh-139783: Fix inspect.getsourcelines() for the case when a
      decorator is followed by a comment or an empty line.
 - Update to 3.13.8:
  - macOS
    - gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.
    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
  - Windows
    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
    - gh-138896: Fix error installing C runtime on non-updated Windows
      machines
  - Tools/Demos
    - gh-139330: SBOM generation tool didn’t cross-check the version
      and checksum values against the Modules/expat/refresh.sh script,
      leading to the values becoming out-of-date during routine
      updates.
    - gh-137873: The iOS test runner has been simplified, resolving
      some issues that have been observed using the runner in GitHub
      Actions and Azure Pipelines test environments.
  - Tests
    - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
      --verbose option anymore. Patch by Victor Stinner.
  - Security
    - gh-139400: xml.parsers.expat: Make sure that parent Expat
      parsers are only garbage-collected once they are no longer
      referenced by subparsers created by
      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
    - gh-139283: sqlite3: correctly handle maximum number of rows to
      fetch in Cursor.fetchmany and reject negative values for
      Cursor.arraysize. Patch by Bénédikt Tran.
    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
      according to the HTML5 standard: ] ]> and ]] > no longer end the
      CDATA section. Add private method _set_support_cdata() which can
      be used to specify how to parse <[CDATA[ — as a CDATA section in
      foreign content (SVG or MathML) or as a bogus comment in the
      HTML namespace.
  - Library
    - gh-139312: Upgrade bundled libexpat to 2.7.3
    - gh-139289: Do a real lazy-import on rlcompleter in pdb and
      restore the existing completer after importing rlcompleter.
    - gh-139210: Fix use-after-free when reporting unknown event in
      xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
    - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
      subprocess.
    - gh-112729: Fix crash when calling _interpreters.create when the
      process is out of memory.
    - gh-139076: Fix a bug in the pydoc module that was hiding
      functions in a Python module if they were implemented in an
      extension module and the module did not have __all__.
    - gh-138998: Update bundled libexpat to 2.7.2
    - gh-130567: Fix possible crash in locale.strxfrm() due to a
      platform bug on macOS.
    - gh-138779: Support device numbers larger than 2**63-1 for the
      st_rdev field of the os.stat_result structure.
    - gh-128636: Fix crash in PyREPL when os.environ is overwritten
      with an invalid value for mac
    - gh-88375: Fix normalization of the robots.txt rules and URLs in
      the urllib.robotparser module. No longer ignore trailing ?.
      Distinguish raw special characters ?, = and & from the
      percent-encoded ones.
    - gh-138515: email is added to Emscripten build.
    - gh-111788: Fix parsing errors in the urllib.robotparser module.
      Don’t fail trying to parse weird paths. Don’t fail trying to
      decode non-UTF-8 robots.txt files.
    - gh-138432: zoneinfo.reset_tzpath() will now convert any
      os.PathLike objects it receives into strings before adding them
      to TZPATH. It will raise TypeError if anything other than a
      string is found after this conversion. If given an os.PathLike
      object that represents a relative path, it will now raise
      ValueError instead of TypeError, and present a more informative
      error message.
    - gh-138008: Fix segmentation faults in the ctypes module due to
      invalid argtypes. Patch by Dung Nguyen.
    - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
      platforms).
    - gh-138204: Forbid expansion of shared anonymous memory maps on
      Linux, which caused a bus error.
    - gh-138010: Fix an issue where defining a class with a
      @warnings.deprecated-decorated base class may not invoke the
      correct __init_subclass__() method in cases involving multiple
      inheritance. Patch by Brian Schubert.
    - gh-138133: Prevent infinite traceback loop when sending CTRL^C
      to Python through strace.
    - gh-134869: Fix an issue where pressing Ctrl+C during tab
      completion in the REPL would leave the autocompletion menu in a
      corrupted state.
    - gh-137317: inspect.signature() now correctly handles classes
      that use a descriptor on a wrapped __init__() or __new__()
      method. Contributed by Yongyu Yan.
    - gh-137754: Fix import of the zoneinfo module if the C
      implementation of the datetime module is not available.
    - gh-137490: Handle ECANCELED in the same way as EINTR in
      signal.sigwaitinfo() on NetBSD.
    - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
      inspect.getsource() for generator expressions.
    - gh-137017: Fix threading.Thread.is_alive to remain True until
      the underlying OS thread is fully cleaned up. This avoids false
      negatives in edge cases involving thread monitoring or premature
      threading.Thread.is_alive calls.
    - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
      instead of a ValueError if Python has been built without MD5
      support. In particular, SMTP clients will not attempt to use
      this method even if the remote server is assumed to support it.
      Patch by Bénédikt Tran.
    - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
      CRAM-MD5 authentication is not supported. Patch by Bénédikt
      Tran.
    - gh-135386: Fix opening a dbm.sqlite3 database for reading from
      read-only file or directory.
    - gh-126631: Fix multiprocessing forkserver bug which prevented
      __main__ from being preloaded.
    - gh-123085: In a bare call to importlib.resources.files(), ensure
      the caller’s frame is properly detected when importlib.resources
      is itself available as a compiled module only (no source).
    - gh-118981: Fix potential hang in
      multiprocessing.popen_spawn_posix that can happen when the child
      proc dies early by closing the child fds right away.
    - gh-78319: UTF8 support for the IMAP APPEND command has been made
      RFC compliant.
    - bpo-38735: Fix failure when importing a module from the root
      directory on unix-like platforms with sys.pycache_prefix set.
    - bpo-41839: Allow negative priority values from
      os.sched_get_priority_min() and os.sched_get_priority_max()
      functions.
  - Core and Builtins
    - gh-134466: Don’t run PyREPL in a degraded environment where
      setting termios attributes is not allowed.
    - gh-71810: Raise OverflowError for (-1).to_bytes() for signed
      conversions when bytes count is zero. Patch by Sergey B
      Kirpichev.
    - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
      __bases__ from the __dir__() entries of types.GenericAlias.
    - gh-134163: Fix a hang when the process is out of memory inside
      an exception handler.
    - gh-138479: Fix a crash when a generic object’s __typing_subst__
      returns an object that isn’t a tuple.
    - gh-137576: Fix for incorrect source code being shown in
      tracebacks from the Basic REPL when PYTHONSTARTUP is given.
      Patch by Adam Hartz.
    - gh-132744: Certain calls now check for runaway recursion and
      respect the system recursion limit.
  - C API
    - gh-87135: Attempting to acquire the GIL after runtime
      finalization has begun in a different thread now causes the
      thread to hang rather than terminate, which avoids potential
      crashes or memory corruption caused by attempting to terminate a
      thread that is running code not specifically designed to support
      termination. In most cases this hanging is harmless since the
      process will soon exit anyway.
      While not officially marked deprecated until 3.14,
      PyThread_exit_thread is no longer called internally and remains
      solely for interface compatibility. Its behavior is inconsistent
      across platforms, and it can only be used safely in the unlikely
      case that every function in the entire call stack has been
      designed to support the platform-dependent termination
      mechanism. It is recommended that users of this function change
      their design to not require thread termination. In the unlikely
      case that thread termination is needed and can be done safely,
      users may migrate to calling platform-specific APIs such as
      pthread_exit (POSIX) or _endthreadex (Windows) directly.
  - Build
    - gh-135734: Python can correctly be configured and built with
      ./configure --enable-optimizations --disable-test-modules.
      Previously, the profile data generation step failed due to PGO
      tests where immortalization couldn’t be properly suppressed.
      Patch by Bénédikt Tran.
 -------------------------------------------------------------------
 Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
 - Add gh139257-Support-docutils-0.22.patch to fix build with latest
  docutils (>=0.22) gh#python/cpython#139257
 -------------------------------------------------------------------
 Mon Sep 22 06:41:53 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
 - Drop AppStream: this results in a different cycle than
  appstream-glib. As the appdata.xml is controlled by ourselves, we
  can get away with just manually validating it when changing it.
 -------------------------------------------------------------------
 Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
 - Require AppStream to validate appdata file instead of deprecated
  appstream-glib.
 - Update idle3.appdata.xml to pass the more pedantic appstreamcli.
 -------------------------------------------------------------------
 Tue Sep  9 10:11:58 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
 - Add gh138131-exclude-pycache-from-digest.patch fixing reproducible
  build for python-nogil.
  (bsc#1244680, gh#python/cpython#138131)
 -------------------------------------------------------------------
 Fri Aug 15 12:31:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Update to 3.13.7:
  - gh-137583: Fix a deadlock introduced in 3.13.6 when a call
    to ssl.SSLSocket.recv was blocked in one thread, and then
    another method on the object (such as ssl.SSLSocket.send) was
    subsequently called in another thread.
  - gh-137044: Return large limit values as positive integers
    instead of negative integers in resource.getrlimit().
    Accept large values and reject negative values (except
    RLIM_INFINITY) for limits in resource.setrlimit().
  - gh-136914: Fix retrieval of doctest.DocTest.lineno
    for objects decorated with functools.cache() or
    functools.cached_property.
  - gh-131788: Make ResourceTracker.send from multiprocessing
    re-entrant safe
  - gh-136155: We are now checking for fatal errors in EPUB
    builds in CI.
  - gh-137400: Fix a crash in the free threading build when
    disabling profiling or tracing across all threads with
    PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
    or their Python equivalents threading.settrace_all_threads()
    and threading.setprofile_all_threads().
 - Remove upstreamed patch:
  - gh137583-only-lock-SSL-context.patch
 -------------------------------------------------------------------
 Tue Aug 12 09:16:40 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Add gh137583-only-lock-SSL-context.patch fixing the
  regression in 3.13.6 by breaking non-blocking TLS connections
  (gh#python/cpython#137583).
 -------------------------------------------------------------------
 Thu Aug  7 10:08:11 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Update to 3.13.6:
  - Security
    - gh-135661: Fix parsing start and end tags in
      html.parser.HTMLParser according to the HTML5 standard.
        - Whitespaces no longer accepted between </ and the tag
          name. E.g. </ script> does not end the script section.
        - Vertical tabulation (\v) and non-ASCII whitespaces no
          longer recognized as whitespaces. The only whitespaces
          are \t\n\r\f and space.
        - Null character (U+0000) no longer ends the tag name.
        - Attributes and slashes after the tag name in end tags
          are now ignored, instead of terminating after the first
          > in quoted attribute value. E.g. </script/foo=">"/>.
        - Multiple slashes and whitespaces between the last
          attribute and closing > are now ignored in both start
          and end tags. E.g. <a foo=bar/ //>.
        - Multiple = between attribute name and value are no
          longer collapsed. E.g. <a foo==bar> produces attribute
          “foo” with value “=bar”.
    - gh-102555: Fix comment parsing in html.parser.HTMLParser
      according to the HTML5 standard. --!> now ends the comment.
      -- > no longer ends the comment. Support abnormally ended
      empty comments <--> and <--->.
    - gh-135462: Fix quadratic complexity in processing specially
      crafted input in html.parser.HTMLParser. End-of-file errors
      are now handled according to the HTML5 specs – comments and
      declarations are automatically closed, tags are ignored
      (CVE-2025-6069, bsc#1244705).
    - gh-118350: Fix support of escapable raw text mode (elements
      “textarea” and “title”) in html.parser.HTMLParser.
  - Core and Builtins
    - gh-58124: Fix name of the Python encoding in Unicode errors
      of the code page codec: use “cp65000” and “cp65001” instead
      of “CP_UTF7” and “CP_UTF8” which are not valid Python code
      names. Patch by Victor Stinner.
    - gh-137314: Fixed a regression where raw f-strings
      incorrectly interpreted escape sequences in format
      specifications. Raw f-strings now properly preserve literal
      backslashes in format specs, matching the behavior from
      Python 3.11. For example, rf"{obj:\xFF}" now correctly
      produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo.
    - gh-136541: Fix some issues with the perf trampolines
      on x86-64 and aarch64. The trampolines were not being
      generated correctly for some cases, which could lead to
      the perf integration not working correctly. Patch by Pablo
      Galindo.
    - gh-109700: Fix memory error handling in
      PyDict_SetDefault().
    - gh-78465: Fix error message for cls.__new__(cls, ...) where
      cls is not instantiable builtin or extension type (with
      tp_new set to NULL).
    - gh-135871: Non-blocking mutex lock attempts now return
      immediately when the lock is busy instead of briefly
      spinning in the free threading build.
    - gh-135607: Fix potential weakref races in an object’s
      destructor on the free threaded build.
    - gh-135496: Fix typo in the f-string conversion type error
      (“exclamanation” -> “exclamation”).
    - gh-130077: Properly raise custom syntax errors when
      incorrect syntax containing names that are prefixes of soft
      keywords is encountered. Patch by Pablo Galindo.
    - gh-135148: Fixed a bug where f-string debug expressions
      (using =) would incorrectly strip out parts of strings
      containing escaped quotes and # characters. Patch by Pablo
      Galindo.
    - gh-133136: Limit excess memory usage in the free threading
      build when a large dictionary or list is resized and
      accessed by multiple threads.
    - gh-132617: Fix dict.update() modification check that could
      incorrectly raise a “dict mutated during update” error when
      a different dictionary was modified that happens to share
      the same underlying keys object.
    - gh-91153: Fix a crash when a bytearray is concurrently
      mutated during item assignment.
    - gh-127971: Fix off-by-one read beyond the end of a string
      in string search.
    - gh-125723: Fix crash with gi_frame.f_locals when generator
      frames outlive their generator. Patch by Mikhail Efimov.
  - Library
    - gh-132710: If possible, ensure that uuid.getnode()
      returns the same result even across different processes.
      Previously, the result was constant only within the same
      process. Patch by Bénédikt Tran.
    - gh-137273: Fix debug assertion failure in
      locale.setlocale() on Windows.
    - gh-137257: Bump the version of pip bundled in ensurepip to
      version 25.2
    - gh-81325: tarfile.TarFile now accepts a path-like when
      working on a tar archive. (Contributed by Alexander Enrique
      Urieles Nieto in gh-81325.)
    - gh-130522: Fix unraisable TypeError raised during
      interpreter shutdown in the threading module.
    - gh-130577: tarfile now validates archives to ensure member
      offsets are non-negative. (Contributed by Alexander Enrique
      Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249).
    - gh-136549: Fix signature of threading.excepthook().
    - gh-136523: Fix wave.Wave_write emitting an unraisable when
      open raises.
    - gh-52876: Add missing keepends (default True)
      parameter to codecs.StreamReaderWriter.readline() and
      codecs.StreamReaderWriter.readlines().
    - gh-85702: If zoneinfo._common.load_tzdata is given a
      package without a resource a zoneinfo.ZoneInfoNotFoundError
      is raised rather than a PermissionError. Patch by Victor
      Stinner.
    - gh-134759: Fix UnboundLocalError in
      email.message.Message.get_payload() when the payload to
      decode is a bytes object. Patch by Kliment Lamonov.
    - gh-136028: Fix parsing month names containing “İ” (U+0130,
      LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime().
      This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.
    - gh-135995: In the palmos encoding, make byte 0x9b decode to
      › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK).
    - gh-53203: Fix time.strptime() for %c and %x formats on
      locales byn_ER, wal_ET and lzh_TW, and for %X format on
      locales ar_SA, bg_BG and lzh_TW.
    - gh-91555: An earlier change, which was introduced in
      3.13.4, has been reverted. It disabled logging for a logger
      during handling of log messages for that logger. Since the
      reversion, the behaviour should be as it was before 3.13.4.
    - gh-135878: Fixes a crash of types.SimpleNamespace on free
      threading builds, when several threads were calling its
      __repr__() method at the same time.
    - gh-135836: Fix IndexError in
      asyncio.loop.create_connection() that could occur when
      non-OSError exception is raised during connection and
      socket’s close() raises OSError.
    - gh-135836: Fix IndexError in
      asyncio.loop.create_connection() that could occur when the
      Happy Eyeballs algorithm resulted in an empty exceptions
      list during connection attempts.
    - gh-135855: Raise TypeError instead of SystemError when
      _interpreters.set___main___attrs() is passed a non-dict
      object. Patch by Brian Schubert.
    - gh-135815: netrc: skip security checks if os.getuid() is
      missing. Patch by Bénédikt Tran.
    - gh-135640: Address bug where it was possible to call
      xml.etree.ElementTree.ElementTree.write() on an ElementTree
      object with an invalid root element. This behavior blanked
      the file passed to write if it already existed.
    - gh-135444: Fix asyncio.DatagramTransport.sendto() to
      account for datagram header size when data cannot be sent.
    - gh-135497: Fix os.getlogin() failing for longer usernames
      on BSD-based platforms.
    - gh-135487: Fix reprlib.Repr.repr_int() when given integers
      with more than sys.get_int_max_str_digits() digits. Patch
      by Bénédikt Tran.
    - gh-135335: multiprocessing: Flush stdout and stderr after
      preloading modules in the forkserver.
    - gh-135244: uuid: when the MAC address cannot be
      determined, the 48-bit node ID is now generated with a
      cryptographically-secure pseudo-random number generator
      (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1().
    - gh-135069: Fix the “Invalid error handling” exception in
      encodings.idna.IncrementalDecoder to correctly replace the
      ‘errors’ parameter.
    - gh-134698: Fix a crash when calling methods of
      ssl.SSLContext or ssl.SSLSocket across multiple threads.
    - gh-132124: On POSIX-compliant systems,
      multiprocessing.util.get_temp_dir() now ignores TMPDIR
      (and similar environment variables) if the path length of
      AF_UNIX socket files exceeds the platform-specific maximum
      length when using the forkserver start method. Patch by
      Bénédikt Tran.
    - gh-133439: Fix dot commands with trailing spaces are
      mistaken for multi-line SQL statements in the sqlite3
      command-line interface.
    - gh-132969: Prevent the ProcessPoolExecutor executor thread,
      which remains running when shutdown(wait=False), from
      attempting to adjust the pool’s worker processes after
      the object state has already been reset during shutdown.
      A combination of conditions, including a worker process
      having terminated abormally, resulted in an exception and
      a potential hang when the still-running executor thread
      attempted to replace dead workers within the pool.
    - gh-130664: Support the '_' digit separator in formatting
      of the integral part of Decimal’s. Patch by Sergey B
      Kirpichev.
    - gh-85702: If zoneinfo._common.load_tzdata is given a
      package without a resource a ZoneInfoNotFoundError is
      raised rather than a IsADirectoryError.
    - gh-130664: Handle corner-case for Fraction’s formatting:
      treat zero-padding (preceding the width field by a zero
      ('0') character) as an equivalent to a fill character of
      '0' with an alignment type of '=', just as in case of
      float’s.
  - Tools/Demos
    - gh-135968: Stubs for strip are now provided as part of an
      iOS install.
  - Tests
    - gh-135966: The iOS testbed now handles the app_packages
      folder as a site directory.
    - gh-135494: Fix regrtest to support excluding tests from
      --pgo tests. Patch by Victor Stinner.
    - gh-135489: Show verbose output for failing tests during PGO
      profiling step with –enable-optimizations.
  - Documentation
    - gh-135171: Document that the iterator for the leftmost for
      clause in the generator expression is created immediately.
  - Build
    - gh-135497: Fix the detection of MAXLOGNAME in the
      configure.ac script.
 - Remove upstreamed patches:
  - CVE-2025-8194-tarfile-no-neg-offsets.patch
  - CVE-2025-6069-quad-complex-HTMLParser.patch
 -------------------------------------------------------------------
 Fri Aug  1 20:09:24 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
--- a/python313.spec
+++ b/python313.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python313
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -167,7 +167,7 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.13.5
+Version:        3.13.11
 %define         tarversion %{version}
 %define         tarname    Python-%{tarversion}
 Release:        0
@@ -231,12 +231,13 @@ Patch42:        gh126985-mv-pyvenv.cfg2getpath.patch
 # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com
 # Doc: Generate ids for audit_events using docname
 Patch43:        bsc1243155-sphinx-non-determinism.patch
-# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com
+# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 daniel.garcia@suse.com
-# avoid quadratic complexity when processing malformed inputs with HTMLParser
+Patch44:        gh138131-exclude-pycache-from-digest.patch
-Patch44:        CVE-2025-6069-quad-complex-HTMLParser.patch
+# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
-# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com
+Patch45:        gh139257-Support-docutils-0.22.patch
-# tarfile now validates archives to ensure member offsets are non-negative
+# PATCH-FIX-UPSTREAM pass-test_write_read_limited_history.patch bsc#[0-9]+ mcepl@suse.com
-Patch45:        CVE-2025-8194-tarfile-no-neg-offsets.patch
+# Fix readline history truncation when length is reduced
 Patch48:        pass-test_write_read_limited_history.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -291,8 +292,6 @@ ExcludeArch:    aarch64
 %endif
 %if %{with general}
 # required for idle3 (.desktop and .appdata.xml files)
 BuildRequires:  appstream-glib
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
 BuildRequires:  gettext
@@ -558,9 +557,6 @@ rm Lib/site-packages/README.txt
 # Add vendored bluez-devel files
 tar xvf %{SOURCE21}
 # Don't fail on warnings when building documentation
 # sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
 %build
 export SUSE_VERSION="0%{?suse_version}"
 export SLE_VERSION="0%{?sle_version}"
@@ -784,7 +780,6 @@ install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desk
 cp %{SOURCE20} idle%{python_abi}.appdata.xml
 sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml
 install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml
 appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
 %fdupes %{buildroot}/%{_libdir}/python%{python_abi}
 %endif
		`@@ -0,0 +1 @@`
							{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyTCCAk+gAwIBAgIUMZ9OrU89PmgWXWiYxq/s1e8xVkkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMjA1MTY1NjU1WhcNMjUxMjA1MTcwNjU1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ3Wq/mhAIwL1ZNOiCgOmVYXqwl8rWBi+hwTYY+NJLvmuRW7wblbWyTJ1RSZrS9dVGhVdWZP7tT2hvkt56ibycaOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUCukYhSJA3LGmELdmyGSLM/sNqPowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGa73H4UAAABAMARjBEAiAoqadI7BCu3G3jmK140KSkRC+uTKIS7K/yAUtT8zfdiwIgV51hPZZYKSjHglktFhqcxzHLdRyb96/caoR4m+DHvT8wCgYIKoZIzj0EAwMDaAAwZQIwSuCW4+VibjHM96ArSncpYew+tvp7bMlc21AHsgr12ZO6p//IiSdjJlqOTpYwCWtFAjEA0BxY6Y7zl4+baG4+BZ+EEiwDwoCOVTR7ORMuDYeZ/Dy6g47hohxRqtssCYdRKRZq"}, "tlogEntries": [{"logIndex": "743450012", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1764953815", "inclusionPromise": {"signedEntryTimestamp": "MEQCIFAmMfakwQScJ3jGB7ufmmWcvXbT/sQYyb/iIbRyJXYmAiB25k62mSSsvteAacdB4SjQJ100UGRI02mHOZykKqirrQ=="}, "inclusionProof": {"logIndex": "621545750", "rootHash": "lTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=", "treeSize": "621545755", "hashes": ["FqRC4Ydg7KClKWZIe5BLdSoxPOl3L+wXnnctnBbxa5E=", "hyHMJXZjRrPr7N8JDpms6tqWbIuqgBLKkoDomNSzO8g=", "XV5KmKAmcumiCPrjB89usazCvsWagxoKoI5P3Rn5mDQ=", "FKJNSf/yPWGSGCwEZ4ybeMVy+zECYaK/u2yKEboKDQs=", "4wbyhSYvHHiszMmrsBtjXwOt9um81zByZQLFAXJAu0g=", "q0tC4xtUswgodVV8T7OYpkNlp/XC4qAM541kvTHkq4o=", "se5pDnKcF+idDdO0PdbWjF+rFNUWlCzxj+pSmkASRQU=", "YYvp7Leoq6lF3zEs+Bux7BQt/UrxFbOOJAwVroBevek=", "pQtmpjszxrel2u+2I5HrLBwlwvhc19nfAUsa5EHZAe4=", "0jEq6eagxqoSOor9OR//fY6uOsPzLaE1q1n9tZRzfSc=", "ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n621545755\nlTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAS9t8HEV2fPKq2rB20KvscWBUzqlzyZr6asuXxp8whiAIgUxc+PuVjTYduOZ2zKNeaSos22BXxAn7hKgxBroQmIkE=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIxNmVkZTdiYjdjZGJmYTg5NWQxMWIwNjQyZmEwZTUyM2YyOTFlNjQ4NzE5NGQ1M2NmNmQzYjMzOGMzYTE3ZWEyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURENENYVTNMNGlMSkVCb0xFSVlnVU5kTXhjN3VENWdMcUgyeXRFNFQxTnd3SWdKbHBhMHJFbDV0MGdtbTlTYzRoQnpFOG9QK2JLSlVZeExUTmd4dEdnSmo0PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVWRU5EUVdzclowRjNTVUpCWjBsVlRWbzVUM0pWT0RsUWJXZFhXRmRwV1hoeEwzTXhaVGg0Vm10cmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFxUVRGTlZGa3hUbXBWTVZkb1kwNU5hbFY0VFdwQk1VMVVZM2RPYWxVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZSTTFkeEwyMW9RVWwzVERGYVRrOXBRMmRQYlZaWldIRjNiRGh5VjBKcEsyaDNWRmtLV1N0T1NreDJiWFZTVnpkM1lteGlWM2xVU2pGU1UxcHlVemxrVmtkb1ZtUlhXbEEzZEZReWFIWnJkRFUyYVdKNVkyRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZEZFd0WkNtaFRTa0V6VEVkdFJVeGtiWGxIVTB4TkwzTk9jVkJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWVRjelNEUlZRVUZCUWtGTlFRcFNha0pGUVdsQmIzRmhaRWszUWtOMU0wY3phbTFMTVRRd1MxTnJVa01yZFZSTFNWTTNTeTk1UVZWMFZEaDZabVJwZDBsblZqVXhhRkJhV2xsTFUycElDbWRzYTNSR2FIRmplSHBJVEdSU2VXSTVOaTlqWVc5U05HMHJSRWgyVkRoM1EyZFpTVXR2V2tsNmFqQkZRWGROUkdGQlFYZGFVVWwzVTNWRFZ6UXJWbWtLWW1wSVRUazJRWEpUYm1Od1dXVjNLM1IyY0RkaVRXeGpNakZCU0hObmNqRXlXazgyY0M4dlNXbFRaR3BLYkhGUFZIQlpkME5YZEVaQmFrVkJNRUo0V1FvMldUZDZiRFFyWW1GSE5DdENXaXRGUldsM1JIZHZRMDlXVkZJM1QxSk5kVVJaWlZvdlJIazJaelEzYUc5b2VGSnhkSE56UTFsa1VrdFNXbkVLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Fu3nu3zb+oldEbBkL6DlI/KR5khxlNU89tOzOMOhfqI="}, "signature": "MEUCIQDD4CXU3L4iLJEBoLEIYgUNdMxc7uD5gLqH2ytE4T1NwwIgJlpa0rEl5t0gmm9Sc4hBzE8oP+bKJUYxLTNgxtGgJj4="}}