Accepting request 1299833 from devel:languages:python:Factory

- Update to 3.13.7:
  - gh-137583: Fix a deadlock introduced in 3.13.6 when a call
    to ssl.SSLSocket.recv was blocked in one thread, and then
    another method on the object (such as ssl.SSLSocket.send) was
    subsequently called in another thread.
  - gh-137044: Return large limit values as positive integers
    instead of negative integers in resource.getrlimit().
    Accept large values and reject negative values (except
    RLIM_INFINITY) for limits in resource.setrlimit().
  - gh-136914: Fix retrieval of doctest.DocTest.lineno
    for objects decorated with functools.cache() or
    functools.cached_property.
  - gh-131788: Make ResourceTracker.send from multiprocessing
    re-entrant safe
  - gh-136155: We are now checking for fatal errors in EPUB
    builds in CI.
  - gh-137400: Fix a crash in the free threading build when
    disabling profiling or tracing across all threads with
    PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
    or their Python equivalents threading.settrace_all_threads()
    and threading.setprofile_all_threads().
- Remove upstreamed patch:
  - gh137583-only-lock-SSL-context.patch

- Add gh137583-only-lock-SSL-context.patch fixing the
  regression in 3.13.6 by breaking non-blocking TLS connections
  (gh#python/cpython#137583).

- Update to 3.13.6:
  - Security

OBS-URL: https://build.opensuse.org/request/show/1299833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python313?expand=0&rev=29

.gitattributes

@@ -21,4 +21,3 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
-*.changes merge=merge-changes

.gitignore

@@ -1,6 +1 @@
 .osc
-*.obscpio
-*.osc
-_build.*
-.pbuild
-python313-*-build/

CVE-2025-6075-expandvars-perf-degrad.patch

@@ -1,373 +0,0 @@
-From 4fc21099da844f85b799d3c4c8b1b5936faa4cdc Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka <storchaka@gmail.com>
-Date: Fri, 31 Oct 2025 15:49:51 +0200
-Subject: [PATCH 1/2] [3.13] gh-136065: Fix quadratic complexity in
- os.path.expandvars() (GH-134952) (cherry picked from commit
- f029e8db626ddc6e3a3beea4eff511a71aaceb5c)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-Co-authored-by: Łukasz Langa <lukasz@langa.pl>
----
- Lib/ntpath.py                                                            |  126 +++-------
- Lib/posixpath.py                                                         |   43 +--
- Lib/test/test_genericpath.py                                             |   21 +
- Lib/test/test_ntpath.py                                                  |   22 +
- Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst |    1 
- 5 files changed, 96 insertions(+), 117 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
-
-Index: Python-3.13.9/Lib/ntpath.py
-===================================================================
---- Python-3.13.9.orig/Lib/ntpath.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Lib/ntpath.py	2025-11-14 01:47:08.155405483 +0100
-@@ -400,17 +400,23 @@
- # XXX With COMMAND.COM you can use any characters in a variable name,
- # XXX except '^|<>='.
- 
-+_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)"
-+_varsub = None
-+_varsubb = None
-+
- def expandvars(path):
-     """Expand shell variables of the forms $var, ${var} and %var%.
- 
-     Unknown variables are left unchanged."""
-     path = os.fspath(path)
-+    global _varsub, _varsubb
-     if isinstance(path, bytes):
-         if b'$' not in path and b'%' not in path:
-             return path
--        import string
--        varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii')
--        quote = b'\''
-+        if not _varsubb:
-+            import re
-+            _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
-+        sub = _varsubb
-         percent = b'%'
-         brace = b'{'
-         rbrace = b'}'
-@@ -419,94 +425,44 @@
-     else:
-         if '$' not in path and '%' not in path:
-             return path
--        import string
--        varchars = string.ascii_letters + string.digits + '_-'
--        quote = '\''
-+        if not _varsub:
-+            import re
-+            _varsub = re.compile(_varpattern, re.ASCII).sub
-+        sub = _varsub
-         percent = '%'
-         brace = '{'
-         rbrace = '}'
-         dollar = '$'
-         environ = os.environ
--    res = path[:0]
--    index = 0
--    pathlen = len(path)
--    while index < pathlen:
--        c = path[index:index+1]
--        if c == quote:   # no expansion within single quotes
--            path = path[index + 1:]
--            pathlen = len(path)
--            try:
--                index = path.index(c)
--                res += c + path[:index + 1]
--            except ValueError:
--                res += c + path
--                index = pathlen - 1
--        elif c == percent:  # variable or '%'
--            if path[index + 1:index + 2] == percent:
--                res += c
--                index += 1
--            else:
--                path = path[index+1:]
--                pathlen = len(path)
--                try:
--                    index = path.index(percent)
--                except ValueError:
--                    res += percent + path
--                    index = pathlen - 1
--                else:
--                    var = path[:index]
--                    try:
--                        if environ is None:
--                            value = os.fsencode(os.environ[os.fsdecode(var)])
--                        else:
--                            value = environ[var]
--                    except KeyError:
--                        value = percent + var + percent
--                    res += value
--        elif c == dollar:  # variable or '$$'
--            if path[index + 1:index + 2] == dollar:
--                res += c
--                index += 1
--            elif path[index + 1:index + 2] == brace:
--                path = path[index+2:]
--                pathlen = len(path)
--                try:
--                    index = path.index(rbrace)
--                except ValueError:
--                    res += dollar + brace + path
--                    index = pathlen - 1
--                else:
--                    var = path[:index]
--                    try:
--                        if environ is None:
--                            value = os.fsencode(os.environ[os.fsdecode(var)])
--                        else:
--                            value = environ[var]
--                    except KeyError:
--                        value = dollar + brace + var + rbrace
--                    res += value
--            else:
--                var = path[:0]
--                index += 1
--                c = path[index:index + 1]
--                while c and c in varchars:
--                    var += c
--                    index += 1
--                    c = path[index:index + 1]
--                try:
--                    if environ is None:
--                        value = os.fsencode(os.environ[os.fsdecode(var)])
--                    else:
--                        value = environ[var]
--                except KeyError:
--                    value = dollar + var
--                res += value
--                if c:
--                    index -= 1
-+
-+    def repl(m):
-+        lastindex = m.lastindex
-+        if lastindex is None:
-+            return m[0]
-+        name = m[lastindex]
-+        if lastindex == 1:
-+            if name == percent:
-+                return name
-+            if not name.endswith(percent):
-+                return m[0]
-+            name = name[:-1]
-         else:
--            res += c
--        index += 1
--    return res
-+            if name == dollar:
-+                return name
-+            if name.startswith(brace):
-+                if not name.endswith(rbrace):
-+                    return m[0]
-+                name = name[1:-1]
-+
-+        try:
-+            if environ is None:
-+                return os.fsencode(os.environ[os.fsdecode(name)])
-+            else:
-+                return environ[name]
-+        except KeyError:
-+            return m[0]
-+
-+    return sub(repl, path)
- 
- 
- # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B.
-Index: Python-3.13.9/Lib/posixpath.py
-===================================================================
---- Python-3.13.9.orig/Lib/posixpath.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Lib/posixpath.py	2025-11-14 01:47:08.155728503 +0100
-@@ -284,42 +284,41 @@
- # This expands the forms $variable and ${variable} only.
- # Non-existent variables are left unchanged.
- 
--_varprog = None
--_varprogb = None
-+_varpattern = r'\$(\w+|\{[^}]*\}?)'
-+_varsub = None
-+_varsubb = None
- 
- def expandvars(path):
-     """Expand shell variables of form $var and ${var}.  Unknown variables
-     are left unchanged."""
-     path = os.fspath(path)
--    global _varprog, _varprogb
-+    global _varsub, _varsubb
-     if isinstance(path, bytes):
-         if b'$' not in path:
-             return path
--        if not _varprogb:
-+        if not _varsubb:
-             import re
--            _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII)
--        search = _varprogb.search
-+            _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
-+        sub = _varsubb
-         start = b'{'
-         end = b'}'
-         environ = getattr(os, 'environb', None)
-     else:
-         if '$' not in path:
-             return path
--        if not _varprog:
-+        if not _varsub:
-             import re
--            _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII)
--        search = _varprog.search
-+            _varsub = re.compile(_varpattern, re.ASCII).sub
-+        sub = _varsub
-         start = '{'
-         end = '}'
-         environ = os.environ
--    i = 0
--    while True:
--        m = search(path, i)
--        if not m:
--            break
--        i, j = m.span(0)
--        name = m.group(1)
--        if name.startswith(start) and name.endswith(end):
-+
-+    def repl(m):
-+        name = m[1]
-+        if name.startswith(start):
-+            if not name.endswith(end):
-+                return m[0]
-             name = name[1:-1]
-         try:
-             if environ is None:
-@@ -327,13 +326,11 @@
-             else:
-                 value = environ[name]
-         except KeyError:
--            i = j
-+            return m[0]
-         else:
--            tail = path[j:]
--            path = path[:i] + value
--            i = len(path)
--            path += tail
--    return path
-+            return value
-+
-+    return sub(repl, path)
- 
- 
- # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B.
-Index: Python-3.13.9/Lib/test/test_genericpath.py
-===================================================================
---- Python-3.13.9.orig/Lib/test/test_genericpath.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Lib/test/test_genericpath.py	2025-11-14 01:47:08.157575687 +0100
-@@ -7,9 +7,9 @@
- import sys
- import unittest
- import warnings
--from test.support import (
--    is_apple, is_emscripten, os_helper, warnings_helper
--)
-+from test import support
-+from test.support import os_helper, is_emscripten
-+from test.support import warnings_helper
- from test.support.script_helper import assert_python_ok
- from test.support.os_helper import FakePath
- 
-@@ -446,6 +446,19 @@
-                   os.fsencode('$bar%s bar' % nonascii))
-             check(b'$spam}bar', os.fsencode('%s}bar' % nonascii))
- 
-+    @support.requires_resource('cpu')
-+    def test_expandvars_large(self):
-+        expandvars = self.pathmodule.expandvars
-+        with os_helper.EnvironmentVarGuard() as env:
-+            env.clear()
-+            env["A"] = "B"
-+            n = 100_000
-+            self.assertEqual(expandvars('$A'*n), 'B'*n)
-+            self.assertEqual(expandvars('${A}'*n), 'B'*n)
-+            self.assertEqual(expandvars('$A!'*n), 'B!'*n)
-+            self.assertEqual(expandvars('${A}A'*n), 'BA'*n)
-+            self.assertEqual(expandvars('${'*10*n), '${'*10*n)
-+
-     def test_abspath(self):
-         self.assertIn("foo", self.pathmodule.abspath("foo"))
-         with warnings.catch_warnings():
-@@ -503,7 +516,7 @@
-             # directory (when the bytes name is used).
-             and sys.platform not in {
-                 "win32", "emscripten", "wasi"
--            } and not is_apple
-+            } and not support.is_apple
-         ):
-             name = os_helper.TESTFN_UNDECODABLE
-         elif os_helper.TESTFN_NONASCII:
-Index: Python-3.13.9/Lib/test/test_ntpath.py
-===================================================================
---- Python-3.13.9.orig/Lib/test/test_ntpath.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Lib/test/test_ntpath.py	2025-11-14 01:47:08.156225429 +0100
-@@ -8,8 +8,7 @@
- import warnings
- from ntpath import ALLOW_MISSING
- from test import support
--from test.support import cpython_only, os_helper
--from test.support import TestFailed, is_emscripten
-+from test.support import os_helper, is_emscripten
- from test.support.os_helper import FakePath
- from test import test_genericpath
- from tempfile import TemporaryFile
-@@ -59,7 +58,7 @@
-     fn = fn.replace("\\", "\\\\")
-     gotResult = eval(fn)
-     if wantResult != gotResult and _norm(wantResult) != _norm(gotResult):
--        raise TestFailed("%s should return: %s but returned: %s" \
-+        raise support.TestFailed("%s should return: %s but returned: %s" \
-               %(str(fn), str(wantResult), str(gotResult)))
- 
-     # then with bytes
-@@ -75,7 +74,7 @@
-         warnings.simplefilter("ignore", DeprecationWarning)
-         gotResult = eval(fn)
-     if _norm(wantResult) != _norm(gotResult):
--        raise TestFailed("%s should return: %s but returned: %s" \
-+        raise support.TestFailed("%s should return: %s but returned: %s" \
-               %(str(fn), str(wantResult), repr(gotResult)))
- 
- 
-@@ -1022,6 +1021,19 @@
-             check('%spam%bar', '%sbar' % nonascii)
-             check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii)
- 
-+    @support.requires_resource('cpu')
-+    def test_expandvars_large(self):
-+        expandvars = ntpath.expandvars
-+        with os_helper.EnvironmentVarGuard() as env:
-+            env.clear()
-+            env["A"] = "B"
-+            n = 100_000
-+            self.assertEqual(expandvars('%A%'*n), 'B'*n)
-+            self.assertEqual(expandvars('%A%A'*n), 'BA'*n)
-+            self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%')
-+            self.assertEqual(expandvars("%%"*n), "%"*n)
-+            self.assertEqual(expandvars("$$"*n), "$"*n)
-+
-     def test_expanduser(self):
-         tester('ntpath.expanduser("test")', 'test')
- 
-@@ -1440,7 +1452,7 @@
-         self.assertTrue(os.path.exists(r"\\.\CON"))
- 
-     @unittest.skipIf(sys.platform != 'win32', "Fast paths are only for win32")
--    @cpython_only
-+    @support.cpython_only
-     def test_fast_paths_in_use(self):
-         # There are fast paths of these functions implemented in posixmodule.c.
-         # Confirm that they are being used, and not the Python fallbacks in
-Index: Python-3.13.9/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.13.9/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst	2025-11-14 01:47:08.156533642 +0100
-@@ -0,0 +1 @@
-+Fix quadratic complexity in :func:`os.path.expandvars`.

CVE-2025-8291-consistency-zip64.patch

@@ -1,307 +0,0 @@
-From 1f2e4ec73cf7ece0a8c0a7a85cb73ec9ec0ef85a Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka <storchaka@gmail.com>
-Date: Tue, 7 Oct 2025 20:15:26 +0300
-Subject: [PATCH] [3.13] gh-139700: Check consistency of the zip64 end of
- central directory record (GH-139702)
-
-Support records with "zip64 extensible data" if there are no bytes
-prepended to the ZIP file.
-(cherry picked from commit 162997bb70e067668c039700141770687bc8f267)
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
----
- Lib/test/test_zipfile/test_core.py            | 82 ++++++++++++++++++-
- Lib/zipfile/__init__.py                       | 51 +++++++-----
- ...-10-07-19-31-34.gh-issue-139700.vNHU1O.rst |  3 +
- 3 files changed, 113 insertions(+), 23 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
-
-diff --git a/Lib/test/test_zipfile/test_core.py b/Lib/test/test_zipfile/test_core.py
-index 41ec6a437ba917..2212d9c91dc899 100644
---- a/Lib/test/test_zipfile/test_core.py
-+++ b/Lib/test/test_zipfile/test_core.py
-@@ -884,6 +884,8 @@ def make_zip64_file(
-         self, file_size_64_set=False, file_size_extra=False,
-         compress_size_64_set=False, compress_size_extra=False,
-         header_offset_64_set=False, header_offset_extra=False,
-+        extensible_data=b'',
-+        end_of_central_dir_size=None, offset_to_end_of_central_dir=None,
-     ):
-         """Generate bytes sequence for a zip with (incomplete) zip64 data.
- 
-@@ -937,6 +939,12 @@ def make_zip64_file(
- 
-         central_dir_size = struct.pack('<Q', 58 + 8 * len(central_zip64_fields))
-         offset_to_central_dir = struct.pack('<Q', 50 + 8 * len(local_zip64_fields))
-+        if end_of_central_dir_size is None:
-+            end_of_central_dir_size = 44 + len(extensible_data)
-+        if offset_to_end_of_central_dir is None:
-+            offset_to_end_of_central_dir = (108
-+                                            + 8 * len(local_zip64_fields)
-+                                            + 8 * len(central_zip64_fields))
- 
-         local_extra_length = struct.pack("<H", 4 + 8 * len(local_zip64_fields))
-         central_extra_length = struct.pack("<H", 4 + 8 * len(central_zip64_fields))
-@@ -965,14 +973,17 @@ def make_zip64_file(
-             + filename
-             + central_extra
-             # Zip64 end of central directory
--            + b"PK\x06\x06,\x00\x00\x00\x00\x00\x00\x00-\x00-"
--            + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00"
-+            + b"PK\x06\x06"
-+            + struct.pack('<Q', end_of_central_dir_size)
-+            + b"-\x00-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00"
-             + b"\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
-             + central_dir_size
-             + offset_to_central_dir
-+            + extensible_data
-             # Zip64 end of central directory locator
--            + b"PK\x06\x07\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x00\x01"
--            + b"\x00\x00\x00"
-+            + b"PK\x06\x07\x00\x00\x00\x00"
-+            + struct.pack('<Q', offset_to_end_of_central_dir)
-+            + b"\x01\x00\x00\x00"
-             # end of central directory
-             + b"PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00:\x00\x00\x002\x00"
-             + b"\x00\x00\x00\x00"
-@@ -1003,6 +1014,7 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_file_size_extra))
-         self.assertIn('file size', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_file_size_extra)))
- 
-         # zip64 file size present, zip64 compress size present, one field in
-         # extra, expecting two, equals missing compress size.
-@@ -1014,6 +1026,7 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_compress_size_extra))
-         self.assertIn('compress size', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_compress_size_extra)))
- 
-         # zip64 compress size present, no fields in extra, expecting one,
-         # equals missing compress size.
-@@ -1023,6 +1036,7 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_compress_size_extra))
-         self.assertIn('compress size', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_compress_size_extra)))
- 
-         # zip64 file size present, zip64 compress size present, zip64 header
-         # offset present, two fields in extra, expecting three, equals missing
-@@ -1037,6 +1051,7 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
-         self.assertIn('header offset', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
- 
-         # zip64 compress size present, zip64 header offset present, one field
-         # in extra, expecting two, equals missing header offset
-@@ -1049,6 +1064,7 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
-         self.assertIn('header offset', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
- 
-         # zip64 file size present, zip64 header offset present, one field in
-         # extra, expecting two, equals missing header offset
-@@ -1061,6 +1077,7 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
-         self.assertIn('header offset', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
- 
-         # zip64 header offset present, no fields in extra, expecting one,
-         # equals missing header offset
-@@ -1072,6 +1089,63 @@ def test_bad_zip64_extra(self):
-         with self.assertRaises(zipfile.BadZipFile) as e:
-             zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
-         self.assertIn('header offset', str(e.exception).lower())
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
-+
-+    def test_bad_zip64_end_of_central_dir(self):
-+        zipdata = self.make_zip64_file(end_of_central_dir_size=0)
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*record'):
-+            zipfile.ZipFile(io.BytesIO(zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+        zipdata = self.make_zip64_file(end_of_central_dir_size=100)
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*record'):
-+            zipfile.ZipFile(io.BytesIO(zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+        zipdata = self.make_zip64_file(offset_to_end_of_central_dir=0)
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*record'):
-+            zipfile.ZipFile(io.BytesIO(zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+        zipdata = self.make_zip64_file(offset_to_end_of_central_dir=1000)
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*locator'):
-+            zipfile.ZipFile(io.BytesIO(zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+    def test_zip64_end_of_central_dir_record_not_found(self):
-+        zipdata = self.make_zip64_file()
-+        zipdata = zipdata.replace(b"PK\x06\x06", b'\x00'*4)
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'record not found'):
-+            zipfile.ZipFile(io.BytesIO(zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+        zipdata = self.make_zip64_file(
-+            extensible_data=b'\xca\xfe\x04\x00\x00\x00data')
-+        zipdata = zipdata.replace(b"PK\x06\x06", b'\x00'*4)
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'record not found'):
-+            zipfile.ZipFile(io.BytesIO(zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+    def test_zip64_extensible_data(self):
-+        # These values are what is set in the make_zip64_file method.
-+        expected_file_size = 8
-+        expected_compress_size = 8
-+        expected_header_offset = 0
-+        expected_content = b"test1234"
-+
-+        zipdata = self.make_zip64_file(
-+            extensible_data=b'\xca\xfe\x04\x00\x00\x00data')
-+        with zipfile.ZipFile(io.BytesIO(zipdata)) as zf:
-+            zinfo = zf.infolist()[0]
-+            self.assertEqual(zinfo.file_size, expected_file_size)
-+            self.assertEqual(zinfo.compress_size, expected_compress_size)
-+            self.assertEqual(zinfo.header_offset, expected_header_offset)
-+            self.assertEqual(zf.read(zinfo), expected_content)
-+        self.assertTrue(zipfile.is_zipfile(io.BytesIO(zipdata)))
-+
-+        with self.assertRaisesRegex(zipfile.BadZipFile, 'record not found'):
-+            zipfile.ZipFile(io.BytesIO(b'prepended' + zipdata))
-+        self.assertFalse(zipfile.is_zipfile(io.BytesIO(b'prepended' + zipdata)))
- 
-     def test_generated_valid_zip64_extra(self):
-         # These values are what is set in the make_zip64_file method.
-diff --git a/Lib/zipfile/__init__.py b/Lib/zipfile/__init__.py
-index 05f387a950ba0a..c01f13729e1c99 100644
---- a/Lib/zipfile/__init__.py
-+++ b/Lib/zipfile/__init__.py
-@@ -245,7 +245,7 @@ def is_zipfile(filename):
-         else:
-             with open(filename, "rb") as fp:
-                 result = _check_zipfile(fp)
--    except OSError:
-+    except (OSError, BadZipFile):
-         pass
-     return result
- 
-@@ -253,16 +253,15 @@ def _EndRecData64(fpin, offset, endrec):
-     """
-     Read the ZIP64 end-of-archive records and use that to update endrec
-     """
--    try:
--        fpin.seek(offset - sizeEndCentDir64Locator, 2)
--    except OSError:
--        # If the seek fails, the file is not large enough to contain a ZIP64
-+    offset -= sizeEndCentDir64Locator
-+    if offset < 0:
-+        # The file is not large enough to contain a ZIP64
-         # end-of-archive record, so just return the end record we were given.
-         return endrec
--
-+    fpin.seek(offset)
-     data = fpin.read(sizeEndCentDir64Locator)
-     if len(data) != sizeEndCentDir64Locator:
--        return endrec
-+        raise OSError("Unknown I/O error")
-     sig, diskno, reloff, disks = struct.unpack(structEndArchive64Locator, data)
-     if sig != stringEndArchive64Locator:
-         return endrec
-@@ -270,16 +269,33 @@ def _EndRecData64(fpin, offset, endrec):
-     if diskno != 0 or disks > 1:
-         raise BadZipFile("zipfiles that span multiple disks are not supported")
- 
--    # Assume no 'zip64 extensible data'
--    fpin.seek(offset - sizeEndCentDir64Locator - sizeEndCentDir64, 2)
-+    offset -= sizeEndCentDir64
-+    if reloff > offset:
-+        raise BadZipFile("Corrupt zip64 end of central directory locator")
-+    # First, check the assumption that there is no prepended data.
-+    fpin.seek(reloff)
-+    extrasz = offset - reloff
-     data = fpin.read(sizeEndCentDir64)
-     if len(data) != sizeEndCentDir64:
--        return endrec
-+        raise OSError("Unknown I/O error")
-+    if not data.startswith(stringEndArchive64) and reloff != offset:
-+        # Since we already have seen the Zip64 EOCD Locator, it's
-+        # possible we got here because there is prepended data.
-+        # Assume no 'zip64 extensible data'
-+        fpin.seek(offset)
-+        extrasz = 0
-+        data = fpin.read(sizeEndCentDir64)
-+        if len(data) != sizeEndCentDir64:
-+            raise OSError("Unknown I/O error")
-+    if not data.startswith(stringEndArchive64):
-+        raise BadZipFile("Zip64 end of central directory record not found")
-+
-     sig, sz, create_version, read_version, disk_num, disk_dir, \
-         dircount, dircount2, dirsize, diroffset = \
-         struct.unpack(structEndArchive64, data)
--    if sig != stringEndArchive64:
--        return endrec
-+    if (diroffset + dirsize != reloff or
-+        sz + 12 != sizeEndCentDir64 + extrasz):
-+        raise BadZipFile("Corrupt zip64 end of central directory record")
- 
-     # Update the original endrec using data from the ZIP64 record
-     endrec[_ECD_SIGNATURE] = sig
-@@ -289,6 +305,7 @@ def _EndRecData64(fpin, offset, endrec):
-     endrec[_ECD_ENTRIES_TOTAL] = dircount2
-     endrec[_ECD_SIZE] = dirsize
-     endrec[_ECD_OFFSET] = diroffset
-+    endrec[_ECD_LOCATION] = offset - extrasz
-     return endrec
- 
- 
-@@ -322,7 +339,7 @@ def _EndRecData(fpin):
-         endrec.append(filesize - sizeEndCentDir)
- 
-         # Try to read the "Zip64 end of central directory" structure
--        return _EndRecData64(fpin, -sizeEndCentDir, endrec)
-+        return _EndRecData64(fpin, filesize - sizeEndCentDir, endrec)
- 
-     # Either this is not a ZIP file, or it is a ZIP file with an archive
-     # comment.  Search the end of the file for the "end of central directory"
-@@ -346,8 +363,7 @@ def _EndRecData(fpin):
-         endrec.append(maxCommentStart + start)
- 
-         # Try to read the "Zip64 end of central directory" structure
--        return _EndRecData64(fpin, maxCommentStart + start - filesize,
--                             endrec)
-+        return _EndRecData64(fpin, maxCommentStart + start, endrec)
- 
-     # Unable to find a valid end of central directory structure
-     return None
-@@ -1458,9 +1474,6 @@ def _RealGetContents(self):
- 
-         # "concat" is zero, unless zip was concatenated to another file
-         concat = endrec[_ECD_LOCATION] - size_cd - offset_cd
--        if endrec[_ECD_SIGNATURE] == stringEndArchive64:
--            # If Zip64 extension structures are present, account for them
--            concat -= (sizeEndCentDir64 + sizeEndCentDir64Locator)
- 
-         if self.debug > 2:
-             inferred = concat + offset_cd
-@@ -2082,7 +2095,7 @@ def _write_end_record(self):
-                                    " would require ZIP64 extensions")
-             zip64endrec = struct.pack(
-                 structEndArchive64, stringEndArchive64,
--                44, 45, 45, 0, 0, centDirCount, centDirCount,
-+                sizeEndCentDir64 - 12, 45, 45, 0, 0, centDirCount, centDirCount,
-                 centDirSize, centDirOffset)
-             self.fp.write(zip64endrec)
- 
-diff --git a/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
-new file mode 100644
-index 00000000000000..a8e7a1f1878c6b
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
-@@ -0,0 +1,3 @@
-+Check consistency of the zip64 end of central directory record. Support
-+records with "zip64 extensible data" if there are no bytes prepended to the
-+ZIP file.

F00251-change-user-install-location.patch

@@ -28,10 +28,10 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
  Lib/test/test_sysconfig.py |   17 +++++++++++--
  2 files changed, 67 insertions(+), 7 deletions(-)
 
-Index: Python-3.13.9/Lib/sysconfig/__init__.py
+Index: Python-3.13.3/Lib/sysconfig/__init__.py
 ===================================================================
---- Python-3.13.9.orig/Lib/sysconfig/__init__.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Lib/sysconfig/__init__.py	2025-11-04 17:41:28.521141323 +0100
+--- Python-3.13.3.orig/Lib/sysconfig/__init__.py	2025-04-08 15:54:08.000000000 +0200
++++ Python-3.13.3/Lib/sysconfig/__init__.py	2025-04-11 21:52:31.769387873 +0200
 @@ -106,6 +106,11 @@
  else:
      _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv']
@@ -128,10 +128,10 @@ Index: Python-3.13.9/Lib/sysconfig/__init__.py
      _CONFIG_VARS['py_version'] = _PY_VERSION
      _CONFIG_VARS['py_version_short'] = _PY_VERSION_SHORT
      _CONFIG_VARS['py_version_nodot'] = _PY_VERSION_SHORT_NO_DOT
-Index: Python-3.13.9/Lib/test/test_sysconfig.py
+Index: Python-3.13.3/Lib/test/test_sysconfig.py
 ===================================================================
---- Python-3.13.9.orig/Lib/test/test_sysconfig.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Lib/test/test_sysconfig.py	2025-11-04 17:41:28.521386489 +0100
+--- Python-3.13.3.orig/Lib/test/test_sysconfig.py	2025-04-08 15:54:08.000000000 +0200
++++ Python-3.13.3/Lib/test/test_sysconfig.py	2025-04-11 21:52:31.769841915 +0200
 @@ -130,8 +130,19 @@
          for scheme in _INSTALL_SCHEMES:
              for name in _INSTALL_SCHEMES[scheme]:
@@ -153,7 +153,7 @@ Index: Python-3.13.9/Lib/test/test_sysconfig.py
                      os.path.normpath(expected),
                  )
  
-@@ -393,7 +404,7 @@
+@@ -386,7 +397,7 @@
          self.assertTrue(os.path.isfile(config_h), config_h)
  
      def test_get_scheme_names(self):
@@ -162,7 +162,7 @@ Index: Python-3.13.9/Lib/test/test_sysconfig.py
          if HAS_USER_BASE:
              wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
          self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
-@@ -405,6 +416,8 @@
+@@ -398,6 +409,8 @@
              cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
              self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))
  

Python-3.13.7.tar.xz.sigstore

@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyTCCAlCgAwIBAgIUZMI+1qoqVltZwoOEGQ4+re/SlS4wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwODE0MTM0OTQyWhcNMjUwODE0MTM1OTQyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkKFnh1U6aDYKiIU0p7mtDbbxTezpcJrivGvrwtuUviVav74GRKEp/vcRZnlnVn6olDcrk33qi78husSHeD1VN6OCAW8wggFrMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUaes5BWscCJHaWxt5BY13fiF+sb8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGYqNf2TAAABAMARzBFAiB3VC3ZdiYFvHtFHxRfU4vdiUZjC+VM/cY0nUHpRZ+aqQIhALglsfszSnn7LZNgw3no+XTnlO+mzMAdCLArnFKuyQo0MAoGCCqGSM49BAMDA2cAMGQCME73khzLHp2xLGwh1g0U5yt9CZu0YfQ52BJ0gL3J2adJsuCvmr76YbDnGWOM2IJLYwIwbWuLaywCs9V1hHqx4IewPWU6kGTDL2p3t7RMb7OK9etOkF4xHxV9IaGZZSFwDmSC"}, "tlogEntries": [{"logIndex": "394375946", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1755179382", "inclusionPromise": {"signedEntryTimestamp": "MEYCIQDofYinceCg3x7ldRHdwLc7aoB6pX2+kukjFdQXFflKdwIhAK7YnONsVnbwsSZpLex8Q7tSMHHglIEQaqavuKAD5taI"}, "inclusionProof": {"logIndex": "272471684", "rootHash": "D6O1d0rPsmFUhblg+N/WsWhcTQVKMGbTlauX5huq8Q0=", "treeSize": "272471685", "hashes": ["12rv4cU8JBEnhl8jcQleuU0gXnRpH2B6oGsUtKoIBHQ=", "PXscKvmfKyXbaxsj99FlqImW6Bg1k3WBNWtHTzgtSVk=", "BaDXQZRZZLXILekCZ5e2TyrtJiYKeNUb2BW6hgybhG0=", "IQvrVF5nsAhxYBjFEIIqcy67H9HEwRdM5XEvXGMlcSc=", "I/JNRoCea85lOiusHIKoAblvRmo6NwnDAtfOV/JiSvQ=", "CjR2KouFHnbUwdf0xk9/f1IcsYFdo4/LMKPy9TV0keM=", "uSQzyFvNic+ZM0goS8qbxn95hvb1YCdWvV0/TnqHDEg=", "LM7bDk+koNXHbb9JB2IH+truLnDDC6WfDzp12zjdFkQ=", "4k9InE/ch3n4a/TapEK+nqfXhlMZEcbvL849wNGtBuo=", "6QfFjG3kfyjFx5PdzVrWBdbNza9Mf4ldecvoXhR3Ip8=", "RllwumeGwAfTxo/zlW3B2deC36+2Lu0FY/hP+QL2aT8=", "vS7O4ozHIQZJWBiov+mkpI27GE8zAmVCEkRcP3NDyNE="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n272471685\nD6O1d0rPsmFUhblg+N/WsWhcTQVKMGbTlauX5huq8Q0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiBr7yQXNBvCAOgKzReWm4ERI79K22ifVZFn9VUxx5nSxQIgWIPYVrO1E+vP3VRWPptUMs1arlLguTIMkT1tX5WCRoM=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1NDYyZjkwOTlkZmQzMGUyMzhkZWY4M2M3MWQ5MTg5N2Q4Y2FhNWZmNmViYzdhNTBmMTRkNDgwMmNkYWFhNzlhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUR4RjM5Z0VUZDgvUWMwbHd5Sk5Mbk5NK3RrTmozaEYyWE1DelZDdjZXOEJBSWdkQUxIWTl3MU14bVNKYUNKMlNtL1p5QWRrL1gwSVF4THFENHA3TSt5UzZRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVWRU5EUVd4RFowRjNTVUpCWjBsVldrMUpLekZ4YjNGV2JIUmFkMjlQUlVkUk5DdHlaUzlUYkZNMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDlFUlRCTlZFMHdUMVJSZVZkb1kwNU5hbFYzVDBSRk1FMVVUVEZQVkZGNVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZyUzBadWFERlZObUZFV1V0cFNWVXdjRGR0ZEVSaVluaFVaWHB3WTBweWFYWkhkbklLZDNSMVZYWnBWbUYyTnpSSFVrdEZjQzkyWTFKYWJteHVWbTQyYjJ4RVkzSnJNek54YVRjNGFIVnpVMGhsUkRGV1RqWlBRMEZYT0hkblowWnlUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZoWlhNMUNrSlhjMk5EU2toaFYzaDBOVUpaTVRObWFVWXJjMkk0ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpRS1FVaFpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIV1hGT1pqSlVRVUZCUWtGTlFRcFNla0pHUVdsQ00xWkRNMXBrYVZsR2RraDBSa2g0VW1aVk5IWmthVlZhYWtNclZrMHZZMWt3YmxWSWNGSmFLMkZ4VVVsb1FVeG5iSE5tYzNwVGJtNDNDa3hhVG1kM00yNXZLMWhVYm14UEsyMTZUVUZrUTB4QmNtNUdTM1Y1VVc4d1RVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVkwRk5SMUZEVFVVM00ydG9la3dLU0hBeWVFeEhkMmd4WnpCVk5YbDBPVU5hZFRCWlpsRTFNa0pLTUdkTU0wb3lZV1JLYzNWRGRtMXlOelpaWWtSdVIxZFBUVEpKU2t4WmQwbDNZbGQxVEFwaGVYZERjemxXTVdoSWNYZzBTV1YzVUZkVk5tdEhWRVJNTW5BemREZFNUV0kzVDBzNVpYUlBhMFkwZUVoNFZqbEpZVWRhV2xOR2QwUnRVME1LTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "VGL5CZ39MOI43vg8cdkYl9jKpf9uvHpQ8U1IAs2qp5o="}, "signature": "MEUCIQDxF39gETd8/Qc0lwyJNLnNM+tkNj3hF2XMCzVCv6W8BAIgdALHY9w1MxmSJaCJ2Sm/ZyAdk/X0IQxLqD4p7M+yS6Q="}}

bsc1243155-sphinx-non-determinism.patch

@@ -14,10 +14,10 @@ https://github.com/python/cpython/issues/130979
  Doc/tools/extensions/audit_events.py |   11 ++++++++---
  1 file changed, 8 insertions(+), 3 deletions(-)
 
-Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py	2025-07-02 15:51:58.388560540 +0200
-+++ Python-3.13.5/Doc/tools/extensions/audit_events.py	2025-07-02 15:51:58.411254070 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py	2025-08-07 12:16:58.257103336 +0200
++++ Python-3.13.6/Doc/tools/extensions/audit_events.py	2025-08-07 12:17:02.709401389 +0200
 @@ -72,8 +72,13 @@
              logger.warning(msg)
              return

doc-py38-to-py36.patch

@@ -27,10 +27,10 @@
  Doc/tools/extensions/pydoc_topics.py          |   22 +++++-----
  18 files changed, 159 insertions(+), 130 deletions(-)
 
-Index: Python-3.13.9/Doc/Makefile
+Index: Python-3.13.6/Doc/Makefile
 ===================================================================
---- Python-3.13.9.orig/Doc/Makefile	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/Makefile	2025-11-20 01:09:35.814292408 +0100
+--- Python-3.13.6.orig/Doc/Makefile	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/Makefile	2025-08-07 12:16:58.253706854 +0200
 @@ -14,15 +14,15 @@
  SOURCES      =
  DISTVERSION  = $(shell $(PYTHON) tools/extensions/patchlevel.py)
@@ -51,10 +51,10 @@ Index: Python-3.13.9/Doc/Makefile
                  $(PAPEROPT_$(PAPER)) \
                  $(SPHINXOPTS) $(SPHINXERRORHANDLING) \
                  . build/$(BUILDER) $(SOURCES)
-Index: Python-3.13.9/Doc/c-api/arg.rst
+Index: Python-3.13.6/Doc/c-api/arg.rst
 ===================================================================
---- Python-3.13.9.orig/Doc/c-api/arg.rst	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/c-api/arg.rst	2025-11-20 01:07:59.902914275 +0100
+--- Python-3.13.6.orig/Doc/c-api/arg.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/c-api/arg.rst	2025-08-07 12:16:58.254160756 +0200
 @@ -334,7 +334,6 @@
     should raise an exception and leave the content of *address* unmodified.
  
@@ -63,10 +63,10 @@ Index: Python-3.13.9/Doc/c-api/arg.rst
  
     If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
     second time if the argument parsing eventually fails, giving the converter a
-Index: Python-3.13.9/Doc/c-api/typeobj.rst
+Index: Python-3.13.6/Doc/c-api/typeobj.rst
 ===================================================================
---- Python-3.13.9.orig/Doc/c-api/typeobj.rst	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/c-api/typeobj.rst	2025-11-20 01:07:59.903382829 +0100
+--- Python-3.13.6.orig/Doc/c-api/typeobj.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/c-api/typeobj.rst	2025-08-07 12:16:58.254692184 +0200
 @@ -610,7 +610,7 @@
     Functions like :c:func:`PyObject_NewVar` will take the value of N as an
     argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +97,10 @@ Index: Python-3.13.9/Doc/c-api/typeobj.rst
     include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
     whether :c:member:`~PyVarObject.ob_size` should be included). These are
     usually defined by the macro :c:macro:`PyObject_HEAD` or
-Index: Python-3.13.9/Doc/conf.py
+Index: Python-3.13.6/Doc/conf.py
 ===================================================================
---- Python-3.13.9.orig/Doc/conf.py	2025-11-20 01:07:14.944126757 +0100
-+++ Python-3.13.9/Doc/conf.py	2025-11-20 01:07:59.903974303 +0100
+--- Python-3.13.6.orig/Doc/conf.py	2025-08-07 12:16:45.115568663 +0200
++++ Python-3.13.6/Doc/conf.py	2025-08-07 12:16:58.255236531 +0200
 @@ -11,6 +11,8 @@
  from importlib import import_module
  from importlib.util import find_spec
@@ -127,7 +127,7 @@ Index: Python-3.13.9/Doc/conf.py
  '''
  
  manpages_url = 'https://manpages.debian.org/{path}'
-@@ -92,7 +94,7 @@
+@@ -96,7 +98,7 @@
  
  # Minimum version of sphinx required
  # Keep this version in sync with ``Doc/requirements.txt``.
@@ -136,7 +136,7 @@ Index: Python-3.13.9/Doc/conf.py
  
  # Create table of contents entries for domain objects (e.g. functions, classes,
  # attributes, etc.). Default is True.
-@@ -257,6 +259,9 @@
+@@ -258,6 +260,9 @@
  # Avoid a warning with Sphinx >= 4.0
  root_doc = 'contents'
  
@@ -146,7 +146,7 @@ Index: Python-3.13.9/Doc/conf.py
  # Allow translation of index directives
  gettext_additional_targets = [
      'index',
-@@ -296,7 +301,7 @@
+@@ -297,7 +302,7 @@
  # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
  is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
  repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -155,7 +155,7 @@ Index: Python-3.13.9/Doc/conf.py
  html_context = {
      "is_deployment_preview": is_deployment_preview,
      "repository_url": repository_url or None,
-@@ -607,6 +612,16 @@
+@@ -542,6 +547,16 @@
  }
  extlinks_detect_hardcoded_links = True
  
@@ -172,10 +172,10 @@ Index: Python-3.13.9/Doc/conf.py
  # Options for c_annotations extension
  # -----------------------------------
  
-Index: Python-3.13.9/Doc/library/doctest.rst
+Index: Python-3.13.6/Doc/library/doctest.rst
 ===================================================================
---- Python-3.13.9.orig/Doc/library/doctest.rst	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/library/doctest.rst	2025-11-20 01:07:59.904511686 +0100
+--- Python-3.13.6.orig/Doc/library/doctest.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/library/doctest.rst	2025-08-07 12:16:58.255583157 +0200
 @@ -310,7 +310,6 @@
  .. currentmodule:: None
  
@@ -184,10 +184,10 @@ Index: Python-3.13.9/Doc/library/doctest.rst
  
  .. currentmodule:: doctest
  
-Index: Python-3.13.9/Doc/library/email.compat32-message.rst
+Index: Python-3.13.6/Doc/library/email.compat32-message.rst
 ===================================================================
---- Python-3.13.9.orig/Doc/library/email.compat32-message.rst	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/library/email.compat32-message.rst	2025-11-20 01:07:59.905009154 +0100
+--- Python-3.13.6.orig/Doc/library/email.compat32-message.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/library/email.compat32-message.rst	2025-08-07 12:16:58.256095517 +0200
 @@ -7,7 +7,6 @@
     :synopsis: The base class representing email messages in a fashion
                backward compatible with Python 3.2
@@ -196,10 +196,10 @@ Index: Python-3.13.9/Doc/library/email.compat32-message.rst
  
  
  The :class:`Message` class is very similar to the
-Index: Python-3.13.9/Doc/library/xml.etree.elementtree.rst
+Index: Python-3.13.6/Doc/library/xml.etree.elementtree.rst
 ===================================================================
---- Python-3.13.9.orig/Doc/library/xml.etree.elementtree.rst	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/library/xml.etree.elementtree.rst	2025-11-20 01:07:59.905273001 +0100
+--- Python-3.13.6.orig/Doc/library/xml.etree.elementtree.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/library/xml.etree.elementtree.rst	2025-08-07 12:16:58.256380542 +0200
 @@ -873,7 +873,6 @@
  
  .. module:: xml.etree.ElementTree
@@ -208,10 +208,10 @@ Index: Python-3.13.9/Doc/library/xml.etree.elementtree.rst
  
  .. class:: Element(tag, attrib={}, **extra)
  
-Index: Python-3.13.9/Doc/tools/check-warnings.py
+Index: Python-3.13.6/Doc/tools/check-warnings.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/check-warnings.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/check-warnings.py	2025-11-20 01:07:59.905613002 +0100
+--- Python-3.13.6.orig/Doc/tools/check-warnings.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/check-warnings.py	2025-08-07 12:16:58.256796101 +0200
 @@ -228,7 +228,8 @@
              print(filename)
              for warning in warnings:
@@ -231,10 +231,10 @@ Index: Python-3.13.9/Doc/tools/check-warnings.py
          for warning in warnings
          if "Doc/" in warning
      }
-Index: Python-3.13.9/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/audit_events.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/audit_events.py	2025-11-20 01:08:35.819222654 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/audit_events.py	2025-08-07 12:16:58.257103336 +0200
 @@ -1,9 +1,6 @@
  """Support for documenting audit events."""
  
@@ -370,10 +370,10 @@ Index: Python-3.13.9/Doc/tools/extensions/audit_events.py
      ) -> nodes.row:
          row = nodes.row()
          name_node = nodes.paragraph("", nodes.Text(name))
-Index: Python-3.13.9/Doc/tools/extensions/availability.py
+Index: Python-3.13.6/Doc/tools/extensions/availability.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/availability.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/availability.py	2025-11-20 01:07:59.906156697 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/availability.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/availability.py	2025-08-07 12:16:58.257352322 +0200
 @@ -1,8 +1,6 @@
  """Support for documenting platform availability"""
  
@@ -427,10 +427,10 @@ Index: Python-3.13.9/Doc/tools/extensions/availability.py
      app.add_directive("availability", Availability)
  
      return {
-Index: Python-3.13.9/Doc/tools/extensions/c_annotations.py
+Index: Python-3.13.6/Doc/tools/extensions/c_annotations.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/c_annotations.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/c_annotations.py	2025-11-20 01:07:59.906354780 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/c_annotations.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/c_annotations.py	2025-08-07 12:16:58.257571556 +0200
 @@ -9,22 +9,26 @@
  * Set ``stable_abi_file`` to the path to stable ABI list.
  """
@@ -568,10 +568,10 @@ Index: Python-3.13.9/Doc/tools/extensions/c_annotations.py
      return {
          "version": "1.0",
          "parallel_read_safe": True,
-Index: Python-3.13.9/Doc/tools/extensions/changes.py
+Index: Python-3.13.6/Doc/tools/extensions/changes.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/changes.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/changes.py	2025-11-20 01:07:59.906539198 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/changes.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/changes.py	2025-08-07 12:16:58.257773818 +0200
 @@ -1,7 +1,5 @@
  """Support for documenting version of changes, additions, deprecations."""
  
@@ -607,10 +607,10 @@ Index: Python-3.13.9/Doc/tools/extensions/changes.py
      # Override Sphinx's directives with support for 'next'
      app.add_directive("versionadded", PyVersionChange, override=True)
      app.add_directive("versionchanged", PyVersionChange, override=True)
-Index: Python-3.13.9/Doc/tools/extensions/glossary_search.py
+Index: Python-3.13.6/Doc/tools/extensions/glossary_search.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/glossary_search.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/glossary_search.py	2025-11-20 01:07:59.906696224 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/glossary_search.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/glossary_search.py	2025-08-07 12:16:58.257959947 +0200
 @@ -1,21 +1,27 @@
  """Feature search results for glossary items prominently."""
  
@@ -654,10 +654,10 @@ Index: Python-3.13.9/Doc/tools/extensions/glossary_search.py
      app.connect('doctree-resolved', process_glossary_nodes)
      app.connect('build-finished', write_glossary_json)
  
-Index: Python-3.13.9/Doc/tools/extensions/implementation_detail.py
+Index: Python-3.13.6/Doc/tools/extensions/implementation_detail.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/implementation_detail.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/implementation_detail.py	2025-11-20 01:07:59.906853200 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/implementation_detail.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/implementation_detail.py	2025-08-07 12:16:58.258140488 +0200
 @@ -1,17 +1,10 @@
  """Support for marking up implementation details."""
  
@@ -708,10 +708,10 @@ Index: Python-3.13.9/Doc/tools/extensions/implementation_detail.py
      app.add_directive("impl-detail", ImplementationDetail)
  
      return {
-Index: Python-3.13.9/Doc/tools/extensions/issue_role.py
+Index: Python-3.13.6/Doc/tools/extensions/issue_role.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/issue_role.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/issue_role.py	2025-11-20 01:07:59.907010386 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/issue_role.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/issue_role.py	2025-08-07 12:16:58.258306293 +0200
 @@ -1,22 +1,18 @@
  """Support for referencing issues in the tracker."""
  
@@ -757,10 +757,10 @@ Index: Python-3.13.9/Doc/tools/extensions/issue_role.py
      app.add_role("issue", BPOIssue())
      app.add_role("gh", GitHubIssue())
  
-Index: Python-3.13.9/Doc/tools/extensions/misc_news.py
+Index: Python-3.13.6/Doc/tools/extensions/misc_news.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/misc_news.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/misc_news.py	2025-11-20 01:07:59.907170899 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/misc_news.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/misc_news.py	2025-08-07 12:16:58.258481107 +0200
 @@ -1,7 +1,5 @@
  """Support for including Misc/NEWS."""
  
@@ -813,10 +813,10 @@ Index: Python-3.13.9/Doc/tools/extensions/misc_news.py
      app.add_directive("miscnews", MiscNews)
  
      return {
-Index: Python-3.13.9/Doc/tools/extensions/patchlevel.py
+Index: Python-3.13.6/Doc/tools/extensions/patchlevel.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/patchlevel.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/patchlevel.py	2025-11-20 01:07:59.907494228 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/patchlevel.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/patchlevel.py	2025-08-07 12:16:58.258716335 +0200
 @@ -3,7 +3,7 @@
  import re
  import sys
@@ -854,10 +854,10 @@ Index: Python-3.13.9/Doc/tools/extensions/patchlevel.py
      version = f"{info.major}.{info.minor}"
      release = f"{info.major}.{info.minor}.{info.micro}"
      if info.releaselevel != "final":
-Index: Python-3.13.9/Doc/tools/extensions/pydoc_topics.py
+Index: Python-3.13.6/Doc/tools/extensions/pydoc_topics.py
 ===================================================================
---- Python-3.13.9.orig/Doc/tools/extensions/pydoc_topics.py	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Doc/tools/extensions/pydoc_topics.py	2025-11-20 01:07:59.907684617 +0100
+--- Python-3.13.6.orig/Doc/tools/extensions/pydoc_topics.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/pydoc_topics.py	2025-08-07 12:16:58.258911962 +0200
 @@ -1,21 +1,23 @@
  """Support for building "topic help" for pydoc."""
  

gh126985-mv-pyvenv.cfg2getpath.patch

@@ -8,10 +8,10 @@ Date:   Tue Nov 26 13:46:33 2024 +0000
  Lib/test/test_sysconfig.py |   67 ---------------------------------------------
  1 file changed, 1 insertion(+), 66 deletions(-)
 
-Index: Python-3.13.9/Lib/test/test_sysconfig.py
+Index: Python-3.13.5/Lib/test/test_sysconfig.py
 ===================================================================
---- Python-3.13.9.orig/Lib/test/test_sysconfig.py	2025-11-04 17:41:28.521386489 +0100
-+++ Python-3.13.9/Lib/test/test_sysconfig.py	2025-11-04 17:42:36.888243505 +0100
+--- Python-3.13.5.orig/Lib/test/test_sysconfig.py	2025-06-12 19:55:42.184491497 +0200
++++ Python-3.13.5/Lib/test/test_sysconfig.py	2025-06-12 19:56:05.737665419 +0200
 @@ -110,6 +110,7 @@
              **venv_create_args,
          )
@@ -20,7 +20,7 @@ Index: Python-3.13.9/Lib/test/test_sysconfig.py
      def test_get_path_names(self):
          self.assertEqual(get_path_names(), sysconfig._SCHEME_KEYS)
  
-@@ -611,72 +612,6 @@
+@@ -604,72 +605,6 @@
          suffix = sysconfig.get_config_var('EXT_SUFFIX')
          self.assertTrue(suffix.endswith('-darwin.so'), suffix)
  

gh138131-exclude-pycache-from-digest.patch

@@ -1,30 +0,0 @@
-From 4bb41b28d5bac09bccd636d8c5fefe1a462f63a7 Mon Sep 17 00:00:00 2001
-From: Alm <alon.menczer@gmail.com>
-Date: Mon, 25 Aug 2025 08:56:38 +0300
-Subject: [PATCH 1/4] Exclude .pyc files from the computed digest in the jit
- stencils
-
----
- Tools/jit/_targets.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-Index: Python-3.13.7/Tools/jit/_targets.py
-===================================================================
---- Python-3.13.7.orig/Tools/jit/_targets.py
-+++ Python-3.13.7/Tools/jit/_targets.py
-@@ -53,6 +53,9 @@ class _Target(typing.Generic[_S, _R]):
-         hasher.update(PYTHON_EXECUTOR_CASES_C_H.read_bytes())
-         hasher.update((out / "pyconfig.h").read_bytes())
-         for dirpath, _, filenames in sorted(os.walk(TOOLS_JIT)):
-+            # Exclude cache files from digest computation to ensure reproducible builds.
-+            if dirpath.endswith("__pycache__"):
-+                continue
-             for filename in filenames:
-                 hasher.update(pathlib.Path(dirpath, filename).read_bytes())
-         return hasher.hexdigest()
-Index: Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
-===================================================================
---- /dev/null
-+++ Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
-@@ -0,0 +1 @@
-+Ensure reproducible builds by making JIT stencil header generation deterministic.

gh139257-Support-docutils-0.22.patch

@@ -1,36 +0,0 @@
-From 19b61747df3d62c822285c488753d6fbdf91e3ac Mon Sep 17 00:00:00 2001
-From: Daniel Garcia Moreno <daniel.garcia@suse.com>
-Date: Tue, 23 Sep 2025 10:20:16 +0200
-Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22
-
----
- Doc/tools/extensions/pyspecific.py | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-Index: Python-3.13.7/Doc/tools/extensions/pyspecific.py
-===================================================================
---- Python-3.13.7.orig/Doc/tools/extensions/pyspecific.py
-+++ Python-3.13.7/Doc/tools/extensions/pyspecific.py
-@@ -25,11 +25,21 @@ from sphinx.util.docutils import SphinxD
- SOURCE_URI = 'https://github.com/python/cpython/tree/3.13/%s'
- 
- # monkey-patch reST parser to disable alphabetic and roman enumerated lists
-+def _disable_alphabetic_and_roman(text):
-+    try:
-+        # docutils >= 0.22
-+        from docutils.parsers.rst.states import InvalidRomanNumeralError
-+        raise InvalidRomanNumeralError(text)
-+    except ImportError:
-+        # docutils < 0.22
-+        return None
-+
-+
- from docutils.parsers.rst.states import Body
- Body.enum.converters['loweralpha'] = \
-     Body.enum.converters['upperalpha'] = \
-     Body.enum.converters['lowerroman'] = \
--    Body.enum.converters['upperroman'] = lambda x: None
-+    Body.enum.converters['upperroman'] = _disable_alphabetic_and_roman
- 
- 
- class PyAwaitableMixin(object):

idle3.appdata.xml

@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<component type="desktop-application">
-  <id>org.python.IDLE3</id>
-  <launchable type="desktop-id">idle3.desktop</launchable>
-
+<!-- Copyright 2017 Zbigniew Jędrzejewski-Szmek -->
+<application>
+  <id type="desktop">idle3.desktop</id>
   <name>IDLE3</name>
+  <metadata_licence>CC0</metadata_licence>
+  <project_license>Python-2.0</project_license>
   <summary>Python 3 Integrated Development and Learning Environment</summary>
-
   <description>
     <p>
       IDLE is Python’s Integrated Development and Learning Environment.
-      The GUI is uniform between Windows, Unix, and macOS.
+      The GUI is uniform between Windows, Unix, and Mac OS X.
       IDLE provides an easy way to start writing, running, and debugging
       Python code.
     </p>
@@ -19,33 +19,17 @@
       It provides:
     </p>
     <ul>
-      <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
-      <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
-      <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
-      <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
+       <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
+       <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
+       <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
+       <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
     </ul>
   </description>
-
-  <developer id="org.python">
-    <name>Python Software Foundation</name>
-  </developer>
-
   <url type="homepage">https://docs.python.org/3/library/idle.html</url>
-
   <screenshots>
-    <screenshot type="default">
-      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</image>
-    </screenshot>
-    <screenshot>
-      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</image>
-    </screenshot>
-    <screenshot>
-      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</image>
-    </screenshot>
+    <screenshot type="default">http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</screenshot>
+    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</screenshot>
+    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</screenshot>
   </screenshots>
-
-  <project_license>Python-2.0</project_license>
-  <metadata_license>CC0-1.0</metadata_license>
   <update_contact>zbyszek@in.waw.pl</update_contact>
-</component>
-
+</application>

pass-test_write_read_limited_history.patch

@@ -1,45 +0,0 @@
----
- Modules/readline.c |   23 +++++++++++++++++++++++
- 1 file changed, 23 insertions(+)
-
-Index: Python-3.13.9/Modules/readline.c
-===================================================================
---- Python-3.13.9.orig/Modules/readline.c	2025-10-14 15:52:31.000000000 +0200
-+++ Python-3.13.9/Modules/readline.c	2025-11-20 00:46:45.594286346 +0100
-@@ -175,6 +175,8 @@
-     return PyUnicode_DecodeLocale(s, "surrogateescape");
- }
- 
-+static int _py_get_history_length(void);
-+static void _py_free_history_entry(HIST_ENTRY *entry);
- 
- /*
- Explicitly disable bracketed paste in the interactive interpreter, even if it's
-@@ -399,6 +401,27 @@
- /*[clinic end generated code: output=e161a53e45987dc7 input=b8901bf16488b760]*/
- {
-     _history_length = length;
-+
-+    if (length < 0) {
-+        stifle_history(-1);
-+    }
-+    else {
-+        int current_length = _py_get_history_length();
-+        if (length < current_length) {
-+#if defined(RL_READLINE_VERSION) && RL_READLINE_VERSION >= 0x0500
-+            HISTORY_STATE *state = history_get_history_state();
-+            if (state) {
-+                int i;
-+                for (i = 0; i < current_length - length; i++) {
-+                    _py_free_history_entry(remove_history(0));
-+                }
-+                state->length = length;
-+                free(state);
-+            }
-+#endif
-+        }
-+        stifle_history(length);
-+    }
-     Py_RETURN_NONE;
- }
- 

python313.changes

@@ -1,244 +1,3 @@
--------------------------------------------------------------------
-Wed Nov 19 19:21:41 UTC 2025 - Matej Cepl <mcepl@suse.com>
-
-- Add pass-test_write_read_limited_history.patch:
-
-  Fix readline history truncation when length is reduced
- 
-  The `readline.set_history_length()` function did not previously
-  truncate the in-memory history when the new length was set to
-  a value smaller than the current number of history items. This
-  could lead to unexpected behavior where `get_history_length()`
-  would still report the old length and writing the history to a
-  file would write more entries than the new limit.
- 
-  This patch modifies `set_history_length()` to explicitly
-  remove the oldest history entries using `remove_history()`
-  when the length is decreased, ensuring the in-memory history
-  is correctly truncated to the new limit. This brings the
-  function's behavior in line with expectations and fixes
-  failures in `test_write_read_limited_history`.
-
--------------------------------------------------------------------
-Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
-
-- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
-  quadratic complexity vulnerabilities of os.path.expandvars()
-  (CVE-2025-6075, bsc#1252974).
-
--------------------------------------------------------------------
-Tue Nov  4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
-
-- Add CVE-2025-8291-consistency-zip64.patch which checks
-  consistency of the zip64 end of central directory record, and
-  preventing obfuscation of the payload, i.e., you scanning for
-  malicious content in a ZIP file with one ZIP parser (let's say
-  a Rust one) then unpack it in production with another (e.g.,
-  the Python one) and get malicious content that the other parser
-  did not see (CVE-2025-8291, bsc#1251305)
-- Readjust patches while synchronizing between openSUSE and SLE trees:
-  - F00251-change-user-install-location.patch
-  - doc-py38-to-py36.patch
-  - gh126985-mv-pyvenv.cfg2getpath.patch
-
--------------------------------------------------------------------
-Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
-
-- Update to 3.13.9:
-  - Library
-    - gh-139783: Fix inspect.getsourcelines() for the case when a
-      decorator is followed by a comment or an empty line.
-- Update to 3.13.8:
-  - macOS
-    - gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.
-    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
-  - Windows
-    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
-    - gh-138896: Fix error installing C runtime on non-updated Windows
-      machines
-  - Tools/Demos
-    - gh-139330: SBOM generation tool didn’t cross-check the version
-      and checksum values against the Modules/expat/refresh.sh script,
-      leading to the values becoming out-of-date during routine
-      updates.
-    - gh-137873: The iOS test runner has been simplified, resolving
-      some issues that have been observed using the runner in GitHub
-      Actions and Azure Pipelines test environments.
-  - Tests
-    - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
-      --verbose option anymore. Patch by Victor Stinner.
-  - Security
-    - gh-139400: xml.parsers.expat: Make sure that parent Expat
-      parsers are only garbage-collected once they are no longer
-      referenced by subparsers created by
-      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
-    - gh-139283: sqlite3: correctly handle maximum number of rows to
-      fetch in Cursor.fetchmany and reject negative values for
-      Cursor.arraysize. Patch by Bénédikt Tran.
-    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
-      according to the HTML5 standard: ] ]> and ]] > no longer end the
-      CDATA section. Add private method _set_support_cdata() which can
-      be used to specify how to parse <[CDATA[ — as a CDATA section in
-      foreign content (SVG or MathML) or as a bogus comment in the
-      HTML namespace.
-  - Library
-    - gh-139312: Upgrade bundled libexpat to 2.7.3
-    - gh-139289: Do a real lazy-import on rlcompleter in pdb and
-      restore the existing completer after importing rlcompleter.
-    - gh-139210: Fix use-after-free when reporting unknown event in
-      xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
-    - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
-      subprocess.
-    - gh-112729: Fix crash when calling _interpreters.create when the
-      process is out of memory.
-    - gh-139076: Fix a bug in the pydoc module that was hiding
-      functions in a Python module if they were implemented in an
-      extension module and the module did not have __all__.
-    - gh-138998: Update bundled libexpat to 2.7.2
-    - gh-130567: Fix possible crash in locale.strxfrm() due to a
-      platform bug on macOS.
-    - gh-138779: Support device numbers larger than 2**63-1 for the
-      st_rdev field of the os.stat_result structure.
-    - gh-128636: Fix crash in PyREPL when os.environ is overwritten
-      with an invalid value for mac
-    - gh-88375: Fix normalization of the robots.txt rules and URLs in
-      the urllib.robotparser module. No longer ignore trailing ?.
-      Distinguish raw special characters ?, = and & from the
-      percent-encoded ones.
-    - gh-138515: email is added to Emscripten build.
-    - gh-111788: Fix parsing errors in the urllib.robotparser module.
-      Don’t fail trying to parse weird paths. Don’t fail trying to
-      decode non-UTF-8 robots.txt files.
-    - gh-138432: zoneinfo.reset_tzpath() will now convert any
-      os.PathLike objects it receives into strings before adding them
-      to TZPATH. It will raise TypeError if anything other than a
-      string is found after this conversion. If given an os.PathLike
-      object that represents a relative path, it will now raise
-      ValueError instead of TypeError, and present a more informative
-      error message.
-    - gh-138008: Fix segmentation faults in the ctypes module due to
-      invalid argtypes. Patch by Dung Nguyen.
-    - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
-      platforms).
-    - gh-138204: Forbid expansion of shared anonymous memory maps on
-      Linux, which caused a bus error.
-    - gh-138010: Fix an issue where defining a class with a
-      @warnings.deprecated-decorated base class may not invoke the
-      correct __init_subclass__() method in cases involving multiple
-      inheritance. Patch by Brian Schubert.
-    - gh-138133: Prevent infinite traceback loop when sending CTRL^C
-      to Python through strace.
-    - gh-134869: Fix an issue where pressing Ctrl+C during tab
-      completion in the REPL would leave the autocompletion menu in a
-      corrupted state.
-    - gh-137317: inspect.signature() now correctly handles classes
-      that use a descriptor on a wrapped __init__() or __new__()
-      method. Contributed by Yongyu Yan.
-    - gh-137754: Fix import of the zoneinfo module if the C
-      implementation of the datetime module is not available.
-    - gh-137490: Handle ECANCELED in the same way as EINTR in
-      signal.sigwaitinfo() on NetBSD.
-    - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
-      inspect.getsource() for generator expressions.
-    - gh-137017: Fix threading.Thread.is_alive to remain True until
-      the underlying OS thread is fully cleaned up. This avoids false
-      negatives in edge cases involving thread monitoring or premature
-      threading.Thread.is_alive calls.
-    - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
-      instead of a ValueError if Python has been built without MD5
-      support. In particular, SMTP clients will not attempt to use
-      this method even if the remote server is assumed to support it.
-      Patch by Bénédikt Tran.
-    - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
-      CRAM-MD5 authentication is not supported. Patch by Bénédikt
-      Tran.
-    - gh-135386: Fix opening a dbm.sqlite3 database for reading from
-      read-only file or directory.
-    - gh-126631: Fix multiprocessing forkserver bug which prevented
-      __main__ from being preloaded.
-    - gh-123085: In a bare call to importlib.resources.files(), ensure
-      the caller’s frame is properly detected when importlib.resources
-      is itself available as a compiled module only (no source).
-    - gh-118981: Fix potential hang in
-      multiprocessing.popen_spawn_posix that can happen when the child
-      proc dies early by closing the child fds right away.
-    - gh-78319: UTF8 support for the IMAP APPEND command has been made
-      RFC compliant.
-    - bpo-38735: Fix failure when importing a module from the root
-      directory on unix-like platforms with sys.pycache_prefix set.
-    - bpo-41839: Allow negative priority values from
-      os.sched_get_priority_min() and os.sched_get_priority_max()
-      functions.
-  - Core and Builtins
-    - gh-134466: Don’t run PyREPL in a degraded environment where
-      setting termios attributes is not allowed.
-    - gh-71810: Raise OverflowError for (-1).to_bytes() for signed
-      conversions when bytes count is zero. Patch by Sergey B
-      Kirpichev.
-    - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
-      __bases__ from the __dir__() entries of types.GenericAlias.
-    - gh-134163: Fix a hang when the process is out of memory inside
-      an exception handler.
-    - gh-138479: Fix a crash when a generic object’s __typing_subst__
-      returns an object that isn’t a tuple.
-    - gh-137576: Fix for incorrect source code being shown in
-      tracebacks from the Basic REPL when PYTHONSTARTUP is given.
-      Patch by Adam Hartz.
-    - gh-132744: Certain calls now check for runaway recursion and
-      respect the system recursion limit.
-  - C API
-    - gh-87135: Attempting to acquire the GIL after runtime
-      finalization has begun in a different thread now causes the
-      thread to hang rather than terminate, which avoids potential
-      crashes or memory corruption caused by attempting to terminate a
-      thread that is running code not specifically designed to support
-      termination. In most cases this hanging is harmless since the
-      process will soon exit anyway.
-      While not officially marked deprecated until 3.14,
-      PyThread_exit_thread is no longer called internally and remains
-      solely for interface compatibility. Its behavior is inconsistent
-      across platforms, and it can only be used safely in the unlikely
-      case that every function in the entire call stack has been
-      designed to support the platform-dependent termination
-      mechanism. It is recommended that users of this function change
-      their design to not require thread termination. In the unlikely
-      case that thread termination is needed and can be done safely,
-      users may migrate to calling platform-specific APIs such as
-      pthread_exit (POSIX) or _endthreadex (Windows) directly.
-  - Build
-    - gh-135734: Python can correctly be configured and built with
-      ./configure --enable-optimizations --disable-test-modules.
-      Previously, the profile data generation step failed due to PGO
-      tests where immortalization couldn’t be properly suppressed.
-      Patch by Bénédikt Tran.
-
--------------------------------------------------------------------
-Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
-
-- Add gh139257-Support-docutils-0.22.patch to fix build with latest
-  docutils (>=0.22) gh#python/cpython#139257
-
--------------------------------------------------------------------
-Mon Sep 22 06:41:53 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
-
-- Drop AppStream: this results in a different cycle than
-  appstream-glib. As the appdata.xml is controlled by ourselves, we
-  can get away with just manually validating it when changing it.
-
--------------------------------------------------------------------
-Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
-
-- Require AppStream to validate appdata file instead of deprecated
-  appstream-glib.
-- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
-
--------------------------------------------------------------------
-Tue Sep  9 10:11:58 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
-
-- Add gh138131-exclude-pycache-from-digest.patch fixing reproducible
-  build for python-nogil.
-  (bsc#1244680, gh#python/cpython#138131)
-
 -------------------------------------------------------------------
 Fri Aug 15 12:31:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 

python313.spec

@@ -167,7 +167,7 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.13.9
+Version:        3.13.7
 %define         tarversion %{version}
 %define         tarname    Python-%{tarversion}
 Release:        0
@@ -231,19 +231,6 @@ Patch42:        gh126985-mv-pyvenv.cfg2getpath.patch
 # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com
 # Doc: Generate ids for audit_events using docname
 Patch43:        bsc1243155-sphinx-non-determinism.patch
-# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 daniel.garcia@suse.com
-Patch44:        gh138131-exclude-pycache-from-digest.patch
-# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
-Patch45:        gh139257-Support-docutils-0.22.patch
-# PATCH-FIX-UPSTREAM CVE-2025-8291-consistency-zip64.patch bsc#1251305 mcepl@suse.com
-# Check consistency of the zip64 end of central directory record
-Patch46:        CVE-2025-8291-consistency-zip64.patch
-# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
-# Avoid potential quadratic complexity vulnerabilities in path modules
-Patch47:        CVE-2025-6075-expandvars-perf-degrad.patch
-# PATCH-FIX-UPSTREAM pass-test_write_read_limited_history.patch bsc#[0-9]+ mcepl@suse.com
-# Fix readline history truncation when length is reduced
-Patch48:        pass-test_write_read_limited_history.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -298,6 +285,8 @@ ExcludeArch:    aarch64
 %endif
 
 %if %{with general}
+# required for idle3 (.desktop and .appdata.xml files)
+BuildRequires:  appstream-glib
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
 BuildRequires:  gettext
@@ -563,6 +552,9 @@ rm Lib/site-packages/README.txt
 # Add vendored bluez-devel files
 tar xvf %{SOURCE21}
 
+# Don't fail on warnings when building documentation
+# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
+
 %build
 export SUSE_VERSION="0%{?suse_version}"
 export SLE_VERSION="0%{?sle_version}"
@@ -786,6 +778,7 @@ install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desk
 cp %{SOURCE20} idle%{python_abi}.appdata.xml
 sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml
 install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml
+appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
 
 %fdupes %{buildroot}/%{_libdir}/python%{python_abi}
 %endif