pool/python313
SHA256
16
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2 dgarcia:main dgarcia:factory dgarcia:slfo-1.2 dgarcia:slfo-main dgarcia:devel
..
compare: dgarcia:main
Branches Tags
dgarcia:main dgarcia:factory dgarcia:slfo-1.2 dgarcia:slfo-main dgarcia:devel pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
slfo-main ... main

Author SHA256 Message Date
Daniel Garcia Moreno
002a9e718d Sync with devel:languages:python:Factory 2025-10-01 11:01:36 +02:00
15 changed files with 81 additions and 1033 deletions
Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -21,4 +21,3 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
*.changes merge=merge-changes

6
.gitignore vendored
View File

@@ -1,6 +0,0 @@
.osc
*.obscpio
*.osc
_build.*
.pbuild
python313-*-build/

373
CVE-2025-6075-expandvars-perf-degrad.patch
View File

@@ -1,373 +0,0 @@
From 4fc21099da844f85b799d3c4c8b1b5936faa4cdc Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Fri, 31 Oct 2025 15:49:51 +0200
Subject: [PATCH 1/2] [3.13] gh-136065: Fix quadratic complexity in
os.path.expandvars() (GH-134952) (cherry picked from commit
f029e8db626ddc6e3a3beea4eff511a71aaceb5c)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
---
Lib/ntpath.py | 126 +++-------
Lib/posixpath.py | 43 +--
Lib/test/test_genericpath.py | 21 +
Lib/test/test_ntpath.py | 22 +
Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst | 1
5 files changed, 96 insertions(+), 117 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
Index: Python-3.13.9/Lib/ntpath.py
===================================================================
--- Python-3.13.9.orig/Lib/ntpath.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Lib/ntpath.py 2025-11-14 01:47:08.155405483 +0100
@@ -400,17 +400,23 @@
# XXX With COMMAND.COM you can use any characters in a variable name,
# XXX except '^|<>='.
+_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)"
+_varsub = None
+_varsubb = None
+
def expandvars(path):
"""Expand shell variables of the forms $var, ${var} and %var%.
Unknown variables are left unchanged."""
path = os.fspath(path)
+ global _varsub, _varsubb
if isinstance(path, bytes):
if b'$' not in path and b'%' not in path:
return path
- import string
- varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii')
- quote = b'\''
+ if not _varsubb:
+ import re
+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
+ sub = _varsubb
percent = b'%'
brace = b'{'
rbrace = b'}'
@@ -419,94 +425,44 @@
else:
if '$' not in path and '%' not in path:
return path
- import string
- varchars = string.ascii_letters + string.digits + '_-'
- quote = '\''
+ if not _varsub:
+ import re
+ _varsub = re.compile(_varpattern, re.ASCII).sub
+ sub = _varsub
percent = '%'
brace = '{'
rbrace = '}'
dollar = '$'
environ = os.environ
- res = path[:0]
- index = 0
- pathlen = len(path)
- while index < pathlen:
- c = path[index:index+1]
- if c == quote: # no expansion within single quotes
- path = path[index + 1:]
- pathlen = len(path)
- try:
- index = path.index(c)
- res += c + path[:index + 1]
- except ValueError:
- res += c + path
- index = pathlen - 1
- elif c == percent: # variable or '%'
- if path[index + 1:index + 2] == percent:
- res += c
- index += 1
- else:
- path = path[index+1:]
- pathlen = len(path)
- try:
- index = path.index(percent)
- except ValueError:
- res += percent + path
- index = pathlen - 1
- else:
- var = path[:index]
- try:
- if environ is None:
- value = os.fsencode(os.environ[os.fsdecode(var)])
- else:
- value = environ[var]
- except KeyError:
- value = percent + var + percent
- res += value
- elif c == dollar: # variable or '$$'
- if path[index + 1:index + 2] == dollar:
- res += c
- index += 1
- elif path[index + 1:index + 2] == brace:
- path = path[index+2:]
- pathlen = len(path)
- try:
- index = path.index(rbrace)
- except ValueError:
- res += dollar + brace + path
- index = pathlen - 1
- else:
- var = path[:index]
- try:
- if environ is None:
- value = os.fsencode(os.environ[os.fsdecode(var)])
- else:
- value = environ[var]
- except KeyError:
- value = dollar + brace + var + rbrace
- res += value
- else:
- var = path[:0]
- index += 1
- c = path[index:index + 1]
- while c and c in varchars:
- var += c
- index += 1
- c = path[index:index + 1]
- try:
- if environ is None:
- value = os.fsencode(os.environ[os.fsdecode(var)])
- else:
- value = environ[var]
- except KeyError:
- value = dollar + var
- res += value
- if c:
- index -= 1
+
+ def repl(m):
+ lastindex = m.lastindex
+ if lastindex is None:
+ return m[0]
+ name = m[lastindex]
+ if lastindex == 1:
+ if name == percent:
+ return name
+ if not name.endswith(percent):
+ return m[0]
+ name = name[:-1]
else:
- res += c
- index += 1
- return res
+ if name == dollar:
+ return name
+ if name.startswith(brace):
+ if not name.endswith(rbrace):
+ return m[0]
+ name = name[1:-1]
+
+ try:
+ if environ is None:
+ return os.fsencode(os.environ[os.fsdecode(name)])
+ else:
+ return environ[name]
+ except KeyError:
+ return m[0]
+
+ return sub(repl, path)
# Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B.
Index: Python-3.13.9/Lib/posixpath.py
===================================================================
--- Python-3.13.9.orig/Lib/posixpath.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Lib/posixpath.py 2025-11-14 01:47:08.155728503 +0100
@@ -284,42 +284,41 @@
# This expands the forms $variable and ${variable} only.
# Non-existent variables are left unchanged.
-_varprog = None
-_varprogb = None
+_varpattern = r'\$(\w+|\{[^}]*\}?)'
+_varsub = None
+_varsubb = None
def expandvars(path):
"""Expand shell variables of form $var and ${var}. Unknown variables
are left unchanged."""
path = os.fspath(path)
- global _varprog, _varprogb
+ global _varsub, _varsubb
if isinstance(path, bytes):
if b'$' not in path:
return path
- if not _varprogb:
+ if not _varsubb:
import re
- _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII)
- search = _varprogb.search
+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
+ sub = _varsubb
start = b'{'
end = b'}'
environ = getattr(os, 'environb', None)
else:
if '$' not in path:
return path
- if not _varprog:
+ if not _varsub:
import re
- _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII)
- search = _varprog.search
+ _varsub = re.compile(_varpattern, re.ASCII).sub
+ sub = _varsub
start = '{'
end = '}'
environ = os.environ
- i = 0
- while True:
- m = search(path, i)
- if not m:
- break
- i, j = m.span(0)
- name = m.group(1)
- if name.startswith(start) and name.endswith(end):
+
+ def repl(m):
+ name = m[1]
+ if name.startswith(start):
+ if not name.endswith(end):
+ return m[0]
name = name[1:-1]
try:
if environ is None:
@@ -327,13 +326,11 @@
else:
value = environ[name]
except KeyError:
- i = j
+ return m[0]
else:
- tail = path[j:]
- path = path[:i] + value
- i = len(path)
- path += tail
- return path
+ return value
+
+ return sub(repl, path)
# Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B.
Index: Python-3.13.9/Lib/test/test_genericpath.py
===================================================================
--- Python-3.13.9.orig/Lib/test/test_genericpath.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Lib/test/test_genericpath.py 2025-11-14 01:47:08.157575687 +0100
@@ -7,9 +7,9 @@
import sys
import unittest
import warnings
-from test.support import (
- is_apple, is_emscripten, os_helper, warnings_helper
-)
+from test import support
+from test.support import os_helper, is_emscripten
+from test.support import warnings_helper
from test.support.script_helper import assert_python_ok
from test.support.os_helper import FakePath
@@ -446,6 +446,19 @@
os.fsencode('$bar%s bar' % nonascii))
check(b'$spam}bar', os.fsencode('%s}bar' % nonascii))
+ @support.requires_resource('cpu')
+ def test_expandvars_large(self):
+ expandvars = self.pathmodule.expandvars
+ with os_helper.EnvironmentVarGuard() as env:
+ env.clear()
+ env["A"] = "B"
+ n = 100_000
+ self.assertEqual(expandvars('$A'*n), 'B'*n)
+ self.assertEqual(expandvars('${A}'*n), 'B'*n)
+ self.assertEqual(expandvars('$A!'*n), 'B!'*n)
+ self.assertEqual(expandvars('${A}A'*n), 'BA'*n)
+ self.assertEqual(expandvars('${'*10*n), '${'*10*n)
+
def test_abspath(self):
self.assertIn("foo", self.pathmodule.abspath("foo"))
with warnings.catch_warnings():
@@ -503,7 +516,7 @@
# directory (when the bytes name is used).
and sys.platform not in {
"win32", "emscripten", "wasi"
- } and not is_apple
+ } and not support.is_apple
):
name = os_helper.TESTFN_UNDECODABLE
elif os_helper.TESTFN_NONASCII:
Index: Python-3.13.9/Lib/test/test_ntpath.py
===================================================================
--- Python-3.13.9.orig/Lib/test/test_ntpath.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Lib/test/test_ntpath.py 2025-11-14 01:47:08.156225429 +0100
@@ -8,8 +8,7 @@
import warnings
from ntpath import ALLOW_MISSING
from test import support
-from test.support import cpython_only, os_helper
-from test.support import TestFailed, is_emscripten
+from test.support import os_helper, is_emscripten
from test.support.os_helper import FakePath
from test import test_genericpath
from tempfile import TemporaryFile
@@ -59,7 +58,7 @@
fn = fn.replace("\\", "\\\\")
gotResult = eval(fn)
if wantResult != gotResult and _norm(wantResult) != _norm(gotResult):
- raise TestFailed("%s should return: %s but returned: %s" \
+ raise support.TestFailed("%s should return: %s but returned: %s" \
%(str(fn), str(wantResult), str(gotResult)))
# then with bytes
@@ -75,7 +74,7 @@
warnings.simplefilter("ignore", DeprecationWarning)
gotResult = eval(fn)
if _norm(wantResult) != _norm(gotResult):
- raise TestFailed("%s should return: %s but returned: %s" \
+ raise support.TestFailed("%s should return: %s but returned: %s" \
%(str(fn), str(wantResult), repr(gotResult)))
@@ -1022,6 +1021,19 @@
check('%spam%bar', '%sbar' % nonascii)
check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii)
+ @support.requires_resource('cpu')
+ def test_expandvars_large(self):
+ expandvars = ntpath.expandvars
+ with os_helper.EnvironmentVarGuard() as env:
+ env.clear()
+ env["A"] = "B"
+ n = 100_000
+ self.assertEqual(expandvars('%A%'*n), 'B'*n)
+ self.assertEqual(expandvars('%A%A'*n), 'BA'*n)
+ self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%')
+ self.assertEqual(expandvars("%%"*n), "%"*n)
+ self.assertEqual(expandvars("$$"*n), "$"*n)
+
def test_expanduser(self):
tester('ntpath.expanduser("test")', 'test')
@@ -1440,7 +1452,7 @@
self.assertTrue(os.path.exists(r"\\.\CON"))
@unittest.skipIf(sys.platform != 'win32', "Fast paths are only for win32")
- @cpython_only
+ @support.cpython_only
def test_fast_paths_in_use(self):
# There are fast paths of these functions implemented in posixmodule.c.
# Confirm that they are being used, and not the Python fallbacks in
Index: Python-3.13.9/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ Python-3.13.9/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst 2025-11-14 01:47:08.156533642 +0100
@@ -0,0 +1 @@
+Fix quadratic complexity in :func:`os.path.expandvars`.

307
CVE-2025-8291-consistency-zip64.patch
View File

@@ -1,307 +0,0 @@
From 1f2e4ec73cf7ece0a8c0a7a85cb73ec9ec0ef85a Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Tue, 7 Oct 2025 20:15:26 +0300
Subject: [PATCH] [3.13] gh-139700: Check consistency of the zip64 end of
central directory record (GH-139702)
Support records with "zip64 extensible data" if there are no bytes
prepended to the ZIP file.
(cherry picked from commit 162997bb70e067668c039700141770687bc8f267)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
---
Lib/test/test_zipfile/test_core.py | 82 ++++++++++++++++++-
Lib/zipfile/__init__.py | 51 +++++++-----
...-10-07-19-31-34.gh-issue-139700.vNHU1O.rst | 3 +
3 files changed, 113 insertions(+), 23 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
diff --git a/Lib/test/test_zipfile/test_core.py b/Lib/test/test_zipfile/test_core.py
index 41ec6a437ba917..2212d9c91dc899 100644
--- a/Lib/test/test_zipfile/test_core.py
+++ b/Lib/test/test_zipfile/test_core.py
@@ -884,6 +884,8 @@ def make_zip64_file(
self, file_size_64_set=False, file_size_extra=False,
compress_size_64_set=False, compress_size_extra=False,
header_offset_64_set=False, header_offset_extra=False,
+ extensible_data=b'',
+ end_of_central_dir_size=None, offset_to_end_of_central_dir=None,
):
"""Generate bytes sequence for a zip with (incomplete) zip64 data.
@@ -937,6 +939,12 @@ def make_zip64_file(
central_dir_size = struct.pack('<Q', 58 + 8 * len(central_zip64_fields))
offset_to_central_dir = struct.pack('<Q', 50 + 8 * len(local_zip64_fields))
+ if end_of_central_dir_size is None:
+ end_of_central_dir_size = 44 + len(extensible_data)
+ if offset_to_end_of_central_dir is None:
+ offset_to_end_of_central_dir = (108
+ + 8 * len(local_zip64_fields)
+ + 8 * len(central_zip64_fields))
local_extra_length = struct.pack("<H", 4 + 8 * len(local_zip64_fields))
central_extra_length = struct.pack("<H", 4 + 8 * len(central_zip64_fields))
@@ -965,14 +973,17 @@ def make_zip64_file(
+ filename
+ central_extra
# Zip64 end of central directory
- + b"PK\x06\x06,\x00\x00\x00\x00\x00\x00\x00-\x00-"
- + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00"
+ + b"PK\x06\x06"
+ + struct.pack('<Q', end_of_central_dir_size)
+ + b"-\x00-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00"
+ b"\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
+ central_dir_size
+ offset_to_central_dir
+ + extensible_data
# Zip64 end of central directory locator
- + b"PK\x06\x07\x00\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x00\x01"
- + b"\x00\x00\x00"
+ + b"PK\x06\x07\x00\x00\x00\x00"
+ + struct.pack('<Q', offset_to_end_of_central_dir)
+ + b"\x01\x00\x00\x00"
# end of central directory
+ b"PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00:\x00\x00\x002\x00"
+ b"\x00\x00\x00\x00"
@@ -1003,6 +1014,7 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_file_size_extra))
self.assertIn('file size', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_file_size_extra)))
# zip64 file size present, zip64 compress size present, one field in
# extra, expecting two, equals missing compress size.
@@ -1014,6 +1026,7 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_compress_size_extra))
self.assertIn('compress size', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_compress_size_extra)))
# zip64 compress size present, no fields in extra, expecting one,
# equals missing compress size.
@@ -1023,6 +1036,7 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_compress_size_extra))
self.assertIn('compress size', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_compress_size_extra)))
# zip64 file size present, zip64 compress size present, zip64 header
# offset present, two fields in extra, expecting three, equals missing
@@ -1037,6 +1051,7 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
self.assertIn('header offset', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
# zip64 compress size present, zip64 header offset present, one field
# in extra, expecting two, equals missing header offset
@@ -1049,6 +1064,7 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
self.assertIn('header offset', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
# zip64 file size present, zip64 header offset present, one field in
# extra, expecting two, equals missing header offset
@@ -1061,6 +1077,7 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
self.assertIn('header offset', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
# zip64 header offset present, no fields in extra, expecting one,
# equals missing header offset
@@ -1072,6 +1089,63 @@ def test_bad_zip64_extra(self):
with self.assertRaises(zipfile.BadZipFile) as e:
zipfile.ZipFile(io.BytesIO(missing_header_offset_extra))
self.assertIn('header offset', str(e.exception).lower())
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(missing_header_offset_extra)))
+
+ def test_bad_zip64_end_of_central_dir(self):
+ zipdata = self.make_zip64_file(end_of_central_dir_size=0)
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*record'):
+ zipfile.ZipFile(io.BytesIO(zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ zipdata = self.make_zip64_file(end_of_central_dir_size=100)
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*record'):
+ zipfile.ZipFile(io.BytesIO(zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ zipdata = self.make_zip64_file(offset_to_end_of_central_dir=0)
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*record'):
+ zipfile.ZipFile(io.BytesIO(zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ zipdata = self.make_zip64_file(offset_to_end_of_central_dir=1000)
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'Corrupt.*locator'):
+ zipfile.ZipFile(io.BytesIO(zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ def test_zip64_end_of_central_dir_record_not_found(self):
+ zipdata = self.make_zip64_file()
+ zipdata = zipdata.replace(b"PK\x06\x06", b'\x00'*4)
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'record not found'):
+ zipfile.ZipFile(io.BytesIO(zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ zipdata = self.make_zip64_file(
+ extensible_data=b'\xca\xfe\x04\x00\x00\x00data')
+ zipdata = zipdata.replace(b"PK\x06\x06", b'\x00'*4)
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'record not found'):
+ zipfile.ZipFile(io.BytesIO(zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ def test_zip64_extensible_data(self):
+ # These values are what is set in the make_zip64_file method.
+ expected_file_size = 8
+ expected_compress_size = 8
+ expected_header_offset = 0
+ expected_content = b"test1234"
+
+ zipdata = self.make_zip64_file(
+ extensible_data=b'\xca\xfe\x04\x00\x00\x00data')
+ with zipfile.ZipFile(io.BytesIO(zipdata)) as zf:
+ zinfo = zf.infolist()[0]
+ self.assertEqual(zinfo.file_size, expected_file_size)
+ self.assertEqual(zinfo.compress_size, expected_compress_size)
+ self.assertEqual(zinfo.header_offset, expected_header_offset)
+ self.assertEqual(zf.read(zinfo), expected_content)
+ self.assertTrue(zipfile.is_zipfile(io.BytesIO(zipdata)))
+
+ with self.assertRaisesRegex(zipfile.BadZipFile, 'record not found'):
+ zipfile.ZipFile(io.BytesIO(b'prepended' + zipdata))
+ self.assertFalse(zipfile.is_zipfile(io.BytesIO(b'prepended' + zipdata)))
def test_generated_valid_zip64_extra(self):
# These values are what is set in the make_zip64_file method.
diff --git a/Lib/zipfile/__init__.py b/Lib/zipfile/__init__.py
index 05f387a950ba0a..c01f13729e1c99 100644
--- a/Lib/zipfile/__init__.py
+++ b/Lib/zipfile/__init__.py
@@ -245,7 +245,7 @@ def is_zipfile(filename):
else:
with open(filename, "rb") as fp:
result = _check_zipfile(fp)
- except OSError:
+ except (OSError, BadZipFile):
pass
return result
@@ -253,16 +253,15 @@ def _EndRecData64(fpin, offset, endrec):
"""
Read the ZIP64 end-of-archive records and use that to update endrec
"""
- try:
- fpin.seek(offset - sizeEndCentDir64Locator, 2)
- except OSError:
- # If the seek fails, the file is not large enough to contain a ZIP64
+ offset -= sizeEndCentDir64Locator
+ if offset < 0:
+ # The file is not large enough to contain a ZIP64
# end-of-archive record, so just return the end record we were given.
return endrec
-
+ fpin.seek(offset)
data = fpin.read(sizeEndCentDir64Locator)
if len(data) != sizeEndCentDir64Locator:
- return endrec
+ raise OSError("Unknown I/O error")
sig, diskno, reloff, disks = struct.unpack(structEndArchive64Locator, data)
if sig != stringEndArchive64Locator:
return endrec
@@ -270,16 +269,33 @@ def _EndRecData64(fpin, offset, endrec):
if diskno != 0 or disks > 1:
raise BadZipFile("zipfiles that span multiple disks are not supported")
- # Assume no 'zip64 extensible data'
- fpin.seek(offset - sizeEndCentDir64Locator - sizeEndCentDir64, 2)
+ offset -= sizeEndCentDir64
+ if reloff > offset:
+ raise BadZipFile("Corrupt zip64 end of central directory locator")
+ # First, check the assumption that there is no prepended data.
+ fpin.seek(reloff)
+ extrasz = offset - reloff
data = fpin.read(sizeEndCentDir64)
if len(data) != sizeEndCentDir64:
- return endrec
+ raise OSError("Unknown I/O error")
+ if not data.startswith(stringEndArchive64) and reloff != offset:
+ # Since we already have seen the Zip64 EOCD Locator, it's
+ # possible we got here because there is prepended data.
+ # Assume no 'zip64 extensible data'
+ fpin.seek(offset)
+ extrasz = 0
+ data = fpin.read(sizeEndCentDir64)
+ if len(data) != sizeEndCentDir64:
+ raise OSError("Unknown I/O error")
+ if not data.startswith(stringEndArchive64):
+ raise BadZipFile("Zip64 end of central directory record not found")
+
sig, sz, create_version, read_version, disk_num, disk_dir, \
dircount, dircount2, dirsize, diroffset = \
struct.unpack(structEndArchive64, data)
- if sig != stringEndArchive64:
- return endrec
+ if (diroffset + dirsize != reloff or
+ sz + 12 != sizeEndCentDir64 + extrasz):
+ raise BadZipFile("Corrupt zip64 end of central directory record")
# Update the original endrec using data from the ZIP64 record
endrec[_ECD_SIGNATURE] = sig
@@ -289,6 +305,7 @@ def _EndRecData64(fpin, offset, endrec):
endrec[_ECD_ENTRIES_TOTAL] = dircount2
endrec[_ECD_SIZE] = dirsize
endrec[_ECD_OFFSET] = diroffset
+ endrec[_ECD_LOCATION] = offset - extrasz
return endrec
@@ -322,7 +339,7 @@ def _EndRecData(fpin):
endrec.append(filesize - sizeEndCentDir)
# Try to read the "Zip64 end of central directory" structure
- return _EndRecData64(fpin, -sizeEndCentDir, endrec)
+ return _EndRecData64(fpin, filesize - sizeEndCentDir, endrec)
# Either this is not a ZIP file, or it is a ZIP file with an archive
# comment. Search the end of the file for the "end of central directory"
@@ -346,8 +363,7 @@ def _EndRecData(fpin):
endrec.append(maxCommentStart + start)
# Try to read the "Zip64 end of central directory" structure
- return _EndRecData64(fpin, maxCommentStart + start - filesize,
- endrec)
+ return _EndRecData64(fpin, maxCommentStart + start, endrec)
# Unable to find a valid end of central directory structure
return None
@@ -1458,9 +1474,6 @@ def _RealGetContents(self):
# "concat" is zero, unless zip was concatenated to another file
concat = endrec[_ECD_LOCATION] - size_cd - offset_cd
- if endrec[_ECD_SIGNATURE] == stringEndArchive64:
- # If Zip64 extension structures are present, account for them
- concat -= (sizeEndCentDir64 + sizeEndCentDir64Locator)
if self.debug > 2:
inferred = concat + offset_cd
@@ -2082,7 +2095,7 @@ def _write_end_record(self):
" would require ZIP64 extensions")
zip64endrec = struct.pack(
structEndArchive64, stringEndArchive64,
- 44, 45, 45, 0, 0, centDirCount, centDirCount,
+ sizeEndCentDir64 - 12, 45, 45, 0, 0, centDirCount, centDirCount,
centDirSize, centDirOffset)
self.fp.write(zip64endrec)
diff --git a/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
new file mode 100644
index 00000000000000..a8e7a1f1878c6b
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
@@ -0,0 +1,3 @@
+Check consistency of the zip64 end of central directory record. Support
+records with "zip64 extensible data" if there are no bytes prepended to the
+ZIP file.

16
F00251-change-user-install-location.patch
View File

@@ -28,10 +28,10 @@ Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
Lib/test/test_sysconfig.py | 17 +++++++++++--
2 files changed, 67 insertions(+), 7 deletions(-)
Index: Python-3.13.9/Lib/sysconfig/__init__.py
Index: Python-3.13.3/Lib/sysconfig/__init__.py
===================================================================
--- Python-3.13.9.orig/Lib/sysconfig/__init__.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Lib/sysconfig/__init__.py 2025-11-04 17:41:28.521141323 +0100
--- Python-3.13.3.orig/Lib/sysconfig/__init__.py 2025-04-08 15:54:08.000000000 +0200
+++ Python-3.13.3/Lib/sysconfig/__init__.py 2025-04-11 21:52:31.769387873 +0200
@@ -106,6 +106,11 @@
else:
_INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv']
@@ -128,10 +128,10 @@ Index: Python-3.13.9/Lib/sysconfig/__init__.py
_CONFIG_VARS['py_version'] = _PY_VERSION
_CONFIG_VARS['py_version_short'] = _PY_VERSION_SHORT
_CONFIG_VARS['py_version_nodot'] = _PY_VERSION_SHORT_NO_DOT
Index: Python-3.13.9/Lib/test/test_sysconfig.py
Index: Python-3.13.3/Lib/test/test_sysconfig.py
===================================================================
--- Python-3.13.9.orig/Lib/test/test_sysconfig.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Lib/test/test_sysconfig.py 2025-11-04 17:41:28.521386489 +0100
--- Python-3.13.3.orig/Lib/test/test_sysconfig.py 2025-04-08 15:54:08.000000000 +0200
+++ Python-3.13.3/Lib/test/test_sysconfig.py 2025-04-11 21:52:31.769841915 +0200
@@ -130,8 +130,19 @@
for scheme in _INSTALL_SCHEMES:
for name in _INSTALL_SCHEMES[scheme]:
@@ -153,7 +153,7 @@ Index: Python-3.13.9/Lib/test/test_sysconfig.py
os.path.normpath(expected),
)
@@ -393,7 +404,7 @@
@@ -386,7 +397,7 @@
self.assertTrue(os.path.isfile(config_h), config_h)
def test_get_scheme_names(self):
@@ -162,7 +162,7 @@ Index: Python-3.13.9/Lib/test/test_sysconfig.py
if HAS_USER_BASE:
wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
@@ -405,6 +416,8 @@
@@ -398,6 +409,8 @@
cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))

BIN
Python-3.13.7.tar.xz LFS Normal file
View File

Binary file not shown.

1
Python-3.13.7.tar.xz.sigstore Normal file
View File

@@ -0,0 +1 @@
{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyTCCAlCgAwIBAgIUZMI+1qoqVltZwoOEGQ4+re/SlS4wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwODE0MTM0OTQyWhcNMjUwODE0MTM1OTQyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkKFnh1U6aDYKiIU0p7mtDbbxTezpcJrivGvrwtuUviVav74GRKEp/vcRZnlnVn6olDcrk33qi78husSHeD1VN6OCAW8wggFrMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUaes5BWscCJHaWxt5BY13fiF+sb8wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGYqNf2TAAABAMARzBFAiB3VC3ZdiYFvHtFHxRfU4vdiUZjC+VM/cY0nUHpRZ+aqQIhALglsfszSnn7LZNgw3no+XTnlO+mzMAdCLArnFKuyQo0MAoGCCqGSM49BAMDA2cAMGQCME73khzLHp2xLGwh1g0U5yt9CZu0YfQ52BJ0gL3J2adJsuCvmr76YbDnGWOM2IJLYwIwbWuLaywCs9V1hHqx4IewPWU6kGTDL2p3t7RMb7OK9etOkF4xHxV9IaGZZSFwDmSC"}, "tlogEntries": [{"logIndex": "394375946", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1755179382", "inclusionPromise": {"signedEntryTimestamp": "MEYCIQDofYinceCg3x7ldRHdwLc7aoB6pX2+kukjFdQXFflKdwIhAK7YnONsVnbwsSZpLex8Q7tSMHHglIEQaqavuKAD5taI"}, "inclusionProof": {"logIndex": "272471684", "rootHash": "D6O1d0rPsmFUhblg+N/WsWhcTQVKMGbTlauX5huq8Q0=", "treeSize": "272471685", "hashes": ["12rv4cU8JBEnhl8jcQleuU0gXnRpH2B6oGsUtKoIBHQ=", "PXscKvmfKyXbaxsj99FlqImW6Bg1k3WBNWtHTzgtSVk=", "BaDXQZRZZLXILekCZ5e2TyrtJiYKeNUb2BW6hgybhG0=", "IQvrVF5nsAhxYBjFEIIqcy67H9HEwRdM5XEvXGMlcSc=", "I/JNRoCea85lOiusHIKoAblvRmo6NwnDAtfOV/JiSvQ=", "CjR2KouFHnbUwdf0xk9/f1IcsYFdo4/LMKPy9TV0keM=", "uSQzyFvNic+ZM0goS8qbxn95hvb1YCdWvV0/TnqHDEg=", "LM7bDk+koNXHbb9JB2IH+truLnDDC6WfDzp12zjdFkQ=", "4k9InE/ch3n4a/TapEK+nqfXhlMZEcbvL849wNGtBuo=", "6QfFjG3kfyjFx5PdzVrWBdbNza9Mf4ldecvoXhR3Ip8=", "RllwumeGwAfTxo/zlW3B2deC36+2Lu0FY/hP+QL2aT8=", "vS7O4ozHIQZJWBiov+mkpI27GE8zAmVCEkRcP3NDyNE="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n272471685\nD6O1d0rPsmFUhblg+N/WsWhcTQVKMGbTlauX5huq8Q0=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiBr7yQXNBvCAOgKzReWm4ERI79K22ifVZFn9VUxx5nSxQIgWIPYVrO1E+vP3VRWPptUMs1arlLguTIMkT1tX5WCRoM=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1NDYyZjkwOTlkZmQzMGUyMzhkZWY4M2M3MWQ5MTg5N2Q4Y2FhNWZmNmViYzdhNTBmMTRkNDgwMmNkYWFhNzlhIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUR4RjM5Z0VUZDgvUWMwbHd5Sk5Mbk5NK3RrTmozaEYyWE1DelZDdjZXOEJBSWdkQUxIWTl3MU14bVNKYUNKMlNtL1p5QWRrL1gwSVF4THFENHA3TSt5UzZRPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVWRU5EUVd4RFowRjNTVUpCWjBsVldrMUpLekZ4YjNGV2JIUmFkMjlQUlVkUk5DdHlaUzlUYkZNMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDlFUlRCTlZFMHdUMVJSZVZkb1kwNU5hbFYzVDBSRk1FMVVUVEZQVkZGNVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZyUzBadWFERlZObUZFV1V0cFNWVXdjRGR0ZEVSaVluaFVaWHB3WTBweWFYWkhkbklLZDNSMVZYWnBWbUYyTnpSSFVrdEZjQzkyWTFKYWJteHVWbTQyYjJ4RVkzSnJNek54YVRjNGFIVnpVMGhsUkRGV1RqWlBRMEZYT0hkblowWnlUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZoWlhNMUNrSlhjMk5EU2toaFYzaDBOVUpaTVRObWFVWXJjMkk0ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpRS1FVaFpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIV1hGT1pqSlVRVUZCUWtGTlFRcFNla0pHUVdsQ00xWkRNMXBrYVZsR2RraDBSa2g0VW1aVk5IWmthVlZhYWtNclZrMHZZMWt3YmxWSWNGSmFLMkZ4VVVsb1FVeG5iSE5tYzNwVGJtNDNDa3hhVG1kM00yNXZLMWhVYm14UEsyMTZUVUZrUTB4QmNtNUdTM1Y1VVc4d1RVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVkwRk5SMUZEVFVVM00ydG9la3dLU0hBeWVFeEhkMmd4WnpCVk5YbDBPVU5hZFRCWlpsRTFNa0pLTUdkTU0wb3lZV1JLYzNWRGRtMXlOelpaWWtSdVIxZFBUVEpKU2t4WmQwbDNZbGQxVEFwaGVYZERjemxXTVdoSWNYZzBTV1YzVUZkVk5tdEhWRVJNTW5BemREZFNUV0kzVDBzNVpYUlBhMFkwZUVoNFZqbEpZVWRhV2xOR2QwUnRVME1LTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "VGL5CZ39MOI43vg8cdkYl9jKpf9uvHpQ8U1IAs2qp5o="}, "signature": "MEUCIQDxF39gETd8/Qc0lwyJNLnNM+tkNj3hF2XMCzVCv6W8BAIgdALHY9w1MxmSJaCJ2Sm/ZyAdk/X0IQxLqD4p7M+yS6Q="}}

BIN
Python-3.13.9.tar.xz LFS
View File

Binary file not shown.

1
Python-3.13.9.tar.xz.sigstore
View File

File diff suppressed because one or more lines are too long

6
bsc1243155-sphinx-non-determinism.patch
View File

@@ -14,10 +14,10 @@ https://github.com/python/cpython/issues/130979
Doc/tools/extensions/audit_events.py | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
===================================================================
--- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py 2025-07-02 15:51:58.388560540 +0200
+++ Python-3.13.5/Doc/tools/extensions/audit_events.py 2025-07-02 15:51:58.411254070 +0200
--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py 2025-08-07 12:16:58.257103336 +0200
+++ Python-3.13.6/Doc/tools/extensions/audit_events.py 2025-08-07 12:17:02.709401389 +0200
@@ -72,8 +72,13 @@
logger.warning(msg)
return

116
doc-py38-to-py36.patch
View File

@@ -27,10 +27,10 @@
Doc/tools/extensions/pydoc_topics.py | 22 +++++-----
18 files changed, 159 insertions(+), 130 deletions(-)
Index: Python-3.13.9/Doc/Makefile
Index: Python-3.13.6/Doc/Makefile
===================================================================
--- Python-3.13.9.orig/Doc/Makefile 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/Makefile 2025-11-20 01:09:35.814292408 +0100
--- Python-3.13.6.orig/Doc/Makefile 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/Makefile 2025-08-07 12:16:58.253706854 +0200
@@ -14,15 +14,15 @@
SOURCES =
DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py)
@@ -51,10 +51,10 @@ Index: Python-3.13.9/Doc/Makefile
$(PAPEROPT_$(PAPER)) \
$(SPHINXOPTS) $(SPHINXERRORHANDLING) \
. build/$(BUILDER) $(SOURCES)
Index: Python-3.13.9/Doc/c-api/arg.rst
Index: Python-3.13.6/Doc/c-api/arg.rst
===================================================================
--- Python-3.13.9.orig/Doc/c-api/arg.rst 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/c-api/arg.rst 2025-11-20 01:07:59.902914275 +0100
--- Python-3.13.6.orig/Doc/c-api/arg.rst 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/c-api/arg.rst 2025-08-07 12:16:58.254160756 +0200
@@ -334,7 +334,6 @@
should raise an exception and leave the content of *address* unmodified.
@@ -63,10 +63,10 @@ Index: Python-3.13.9/Doc/c-api/arg.rst
If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
second time if the argument parsing eventually fails, giving the converter a
Index: Python-3.13.9/Doc/c-api/typeobj.rst
Index: Python-3.13.6/Doc/c-api/typeobj.rst
===================================================================
--- Python-3.13.9.orig/Doc/c-api/typeobj.rst 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/c-api/typeobj.rst 2025-11-20 01:07:59.903382829 +0100
--- Python-3.13.6.orig/Doc/c-api/typeobj.rst 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/c-api/typeobj.rst 2025-08-07 12:16:58.254692184 +0200
@@ -610,7 +610,7 @@
Functions like :c:func:`PyObject_NewVar` will take the value of N as an
argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +97,10 @@ Index: Python-3.13.9/Doc/c-api/typeobj.rst
include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
whether :c:member:`~PyVarObject.ob_size` should be included). These are
usually defined by the macro :c:macro:`PyObject_HEAD` or
Index: Python-3.13.9/Doc/conf.py
Index: Python-3.13.6/Doc/conf.py
===================================================================
--- Python-3.13.9.orig/Doc/conf.py 2025-11-20 01:07:14.944126757 +0100
+++ Python-3.13.9/Doc/conf.py 2025-11-20 01:07:59.903974303 +0100
--- Python-3.13.6.orig/Doc/conf.py 2025-08-07 12:16:45.115568663 +0200
+++ Python-3.13.6/Doc/conf.py 2025-08-07 12:16:58.255236531 +0200
@@ -11,6 +11,8 @@
from importlib import import_module
from importlib.util import find_spec
@@ -127,7 +127,7 @@ Index: Python-3.13.9/Doc/conf.py
'''
manpages_url = 'https://manpages.debian.org/{path}'
@@ -92,7 +94,7 @@
@@ -96,7 +98,7 @@
# Minimum version of sphinx required
# Keep this version in sync with ``Doc/requirements.txt``.
@@ -136,7 +136,7 @@ Index: Python-3.13.9/Doc/conf.py
# Create table of contents entries for domain objects (e.g. functions, classes,
# attributes, etc.). Default is True.
@@ -257,6 +259,9 @@
@@ -258,6 +260,9 @@
# Avoid a warning with Sphinx >= 4.0
root_doc = 'contents'
@@ -146,7 +146,7 @@ Index: Python-3.13.9/Doc/conf.py
# Allow translation of index directives
gettext_additional_targets = [
'index',
@@ -296,7 +301,7 @@
@@ -297,7 +302,7 @@
# (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -155,7 +155,7 @@ Index: Python-3.13.9/Doc/conf.py
html_context = {
"is_deployment_preview": is_deployment_preview,
"repository_url": repository_url or None,
@@ -607,6 +612,16 @@
@@ -542,6 +547,16 @@
}
extlinks_detect_hardcoded_links = True
@@ -172,10 +172,10 @@ Index: Python-3.13.9/Doc/conf.py
# Options for c_annotations extension
# -----------------------------------
Index: Python-3.13.9/Doc/library/doctest.rst
Index: Python-3.13.6/Doc/library/doctest.rst
===================================================================
--- Python-3.13.9.orig/Doc/library/doctest.rst 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/doctest.rst 2025-11-20 01:07:59.904511686 +0100
--- Python-3.13.6.orig/Doc/library/doctest.rst 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/library/doctest.rst 2025-08-07 12:16:58.255583157 +0200
@@ -310,7 +310,6 @@
.. currentmodule:: None
@@ -184,10 +184,10 @@ Index: Python-3.13.9/Doc/library/doctest.rst
.. currentmodule:: doctest
Index: Python-3.13.9/Doc/library/email.compat32-message.rst
Index: Python-3.13.6/Doc/library/email.compat32-message.rst
===================================================================
--- Python-3.13.9.orig/Doc/library/email.compat32-message.rst 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/email.compat32-message.rst 2025-11-20 01:07:59.905009154 +0100
--- Python-3.13.6.orig/Doc/library/email.compat32-message.rst 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/library/email.compat32-message.rst 2025-08-07 12:16:58.256095517 +0200
@@ -7,7 +7,6 @@
:synopsis: The base class representing email messages in a fashion
backward compatible with Python 3.2
@@ -196,10 +196,10 @@ Index: Python-3.13.9/Doc/library/email.compat32-message.rst
The :class:`Message` class is very similar to the
Index: Python-3.13.9/Doc/library/xml.etree.elementtree.rst
Index: Python-3.13.6/Doc/library/xml.etree.elementtree.rst
===================================================================
--- Python-3.13.9.orig/Doc/library/xml.etree.elementtree.rst 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/library/xml.etree.elementtree.rst 2025-11-20 01:07:59.905273001 +0100
--- Python-3.13.6.orig/Doc/library/xml.etree.elementtree.rst 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/library/xml.etree.elementtree.rst 2025-08-07 12:16:58.256380542 +0200
@@ -873,7 +873,6 @@
.. module:: xml.etree.ElementTree
@@ -208,10 +208,10 @@ Index: Python-3.13.9/Doc/library/xml.etree.elementtree.rst
.. class:: Element(tag, attrib={}, **extra)
Index: Python-3.13.9/Doc/tools/check-warnings.py
Index: Python-3.13.6/Doc/tools/check-warnings.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/check-warnings.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/check-warnings.py 2025-11-20 01:07:59.905613002 +0100
--- Python-3.13.6.orig/Doc/tools/check-warnings.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/check-warnings.py 2025-08-07 12:16:58.256796101 +0200
@@ -228,7 +228,8 @@
print(filename)
for warning in warnings:
@@ -231,10 +231,10 @@ Index: Python-3.13.9/Doc/tools/check-warnings.py
for warning in warnings
if "Doc/" in warning
}
Index: Python-3.13.9/Doc/tools/extensions/audit_events.py
Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/audit_events.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/audit_events.py 2025-11-20 01:08:35.819222654 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/audit_events.py 2025-08-07 12:16:58.257103336 +0200
@@ -1,9 +1,6 @@
"""Support for documenting audit events."""
@@ -370,10 +370,10 @@ Index: Python-3.13.9/Doc/tools/extensions/audit_events.py
) -> nodes.row:
row = nodes.row()
name_node = nodes.paragraph("", nodes.Text(name))
Index: Python-3.13.9/Doc/tools/extensions/availability.py
Index: Python-3.13.6/Doc/tools/extensions/availability.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/availability.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/availability.py 2025-11-20 01:07:59.906156697 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/availability.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/availability.py 2025-08-07 12:16:58.257352322 +0200
@@ -1,8 +1,6 @@
"""Support for documenting platform availability"""
@@ -427,10 +427,10 @@ Index: Python-3.13.9/Doc/tools/extensions/availability.py
app.add_directive("availability", Availability)
return {
Index: Python-3.13.9/Doc/tools/extensions/c_annotations.py
Index: Python-3.13.6/Doc/tools/extensions/c_annotations.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/c_annotations.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/c_annotations.py 2025-11-20 01:07:59.906354780 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/c_annotations.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/c_annotations.py 2025-08-07 12:16:58.257571556 +0200
@@ -9,22 +9,26 @@
* Set ``stable_abi_file`` to the path to stable ABI list.
"""
@@ -568,10 +568,10 @@ Index: Python-3.13.9/Doc/tools/extensions/c_annotations.py
return {
"version": "1.0",
"parallel_read_safe": True,
Index: Python-3.13.9/Doc/tools/extensions/changes.py
Index: Python-3.13.6/Doc/tools/extensions/changes.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/changes.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/changes.py 2025-11-20 01:07:59.906539198 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/changes.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/changes.py 2025-08-07 12:16:58.257773818 +0200
@@ -1,7 +1,5 @@
"""Support for documenting version of changes, additions, deprecations."""
@@ -607,10 +607,10 @@ Index: Python-3.13.9/Doc/tools/extensions/changes.py
# Override Sphinx's directives with support for 'next'
app.add_directive("versionadded", PyVersionChange, override=True)
app.add_directive("versionchanged", PyVersionChange, override=True)
Index: Python-3.13.9/Doc/tools/extensions/glossary_search.py
Index: Python-3.13.6/Doc/tools/extensions/glossary_search.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/glossary_search.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/glossary_search.py 2025-11-20 01:07:59.906696224 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/glossary_search.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/glossary_search.py 2025-08-07 12:16:58.257959947 +0200
@@ -1,21 +1,27 @@
"""Feature search results for glossary items prominently."""
@@ -654,10 +654,10 @@ Index: Python-3.13.9/Doc/tools/extensions/glossary_search.py
app.connect('doctree-resolved', process_glossary_nodes)
app.connect('build-finished', write_glossary_json)
Index: Python-3.13.9/Doc/tools/extensions/implementation_detail.py
Index: Python-3.13.6/Doc/tools/extensions/implementation_detail.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/implementation_detail.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/implementation_detail.py 2025-11-20 01:07:59.906853200 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/implementation_detail.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/implementation_detail.py 2025-08-07 12:16:58.258140488 +0200
@@ -1,17 +1,10 @@
"""Support for marking up implementation details."""
@@ -708,10 +708,10 @@ Index: Python-3.13.9/Doc/tools/extensions/implementation_detail.py
app.add_directive("impl-detail", ImplementationDetail)
return {
Index: Python-3.13.9/Doc/tools/extensions/issue_role.py
Index: Python-3.13.6/Doc/tools/extensions/issue_role.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/issue_role.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/issue_role.py 2025-11-20 01:07:59.907010386 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/issue_role.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/issue_role.py 2025-08-07 12:16:58.258306293 +0200
@@ -1,22 +1,18 @@
"""Support for referencing issues in the tracker."""
@@ -757,10 +757,10 @@ Index: Python-3.13.9/Doc/tools/extensions/issue_role.py
app.add_role("issue", BPOIssue())
app.add_role("gh", GitHubIssue())
Index: Python-3.13.9/Doc/tools/extensions/misc_news.py
Index: Python-3.13.6/Doc/tools/extensions/misc_news.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/misc_news.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/misc_news.py 2025-11-20 01:07:59.907170899 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/misc_news.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/misc_news.py 2025-08-07 12:16:58.258481107 +0200
@@ -1,7 +1,5 @@
"""Support for including Misc/NEWS."""
@@ -813,10 +813,10 @@ Index: Python-3.13.9/Doc/tools/extensions/misc_news.py
app.add_directive("miscnews", MiscNews)
return {
Index: Python-3.13.9/Doc/tools/extensions/patchlevel.py
Index: Python-3.13.6/Doc/tools/extensions/patchlevel.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/patchlevel.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/patchlevel.py 2025-11-20 01:07:59.907494228 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/patchlevel.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/patchlevel.py 2025-08-07 12:16:58.258716335 +0200
@@ -3,7 +3,7 @@
import re
import sys
@@ -854,10 +854,10 @@ Index: Python-3.13.9/Doc/tools/extensions/patchlevel.py
version = f"{info.major}.{info.minor}"
release = f"{info.major}.{info.minor}.{info.micro}"
if info.releaselevel != "final":
Index: Python-3.13.9/Doc/tools/extensions/pydoc_topics.py
Index: Python-3.13.6/Doc/tools/extensions/pydoc_topics.py
===================================================================
--- Python-3.13.9.orig/Doc/tools/extensions/pydoc_topics.py 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Doc/tools/extensions/pydoc_topics.py 2025-11-20 01:07:59.907684617 +0100
--- Python-3.13.6.orig/Doc/tools/extensions/pydoc_topics.py 2025-08-06 15:05:20.000000000 +0200
+++ Python-3.13.6/Doc/tools/extensions/pydoc_topics.py 2025-08-07 12:16:58.258911962 +0200
@@ -1,21 +1,23 @@
"""Support for building "topic help" for pydoc."""

8
gh126985-mv-pyvenv.cfg2getpath.patch
View File

@@ -8,10 +8,10 @@ Date: Tue Nov 26 13:46:33 2024 +0000
Lib/test/test_sysconfig.py | 67 ---------------------------------------------
1 file changed, 1 insertion(+), 66 deletions(-)
Index: Python-3.13.9/Lib/test/test_sysconfig.py
Index: Python-3.13.5/Lib/test/test_sysconfig.py
===================================================================
--- Python-3.13.9.orig/Lib/test/test_sysconfig.py 2025-11-04 17:41:28.521386489 +0100
+++ Python-3.13.9/Lib/test/test_sysconfig.py 2025-11-04 17:42:36.888243505 +0100
--- Python-3.13.5.orig/Lib/test/test_sysconfig.py 2025-06-12 19:55:42.184491497 +0200
+++ Python-3.13.5/Lib/test/test_sysconfig.py 2025-06-12 19:56:05.737665419 +0200
@@ -110,6 +110,7 @@
**venv_create_args,
)
@@ -20,7 +20,7 @@ Index: Python-3.13.9/Lib/test/test_sysconfig.py
def test_get_path_names(self):
self.assertEqual(get_path_names(), sysconfig._SCHEME_KEYS)
@@ -611,72 +612,6 @@
@@ -604,72 +605,6 @@
suffix = sysconfig.get_config_var('EXT_SUFFIX')
self.assertTrue(suffix.endswith('-darwin.so'), suffix)

45
pass-test_write_read_limited_history.patch
View File

@@ -1,45 +0,0 @@
---
Modules/readline.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
Index: Python-3.13.9/Modules/readline.c
===================================================================
--- Python-3.13.9.orig/Modules/readline.c 2025-10-14 15:52:31.000000000 +0200
+++ Python-3.13.9/Modules/readline.c 2025-11-20 00:46:45.594286346 +0100
@@ -175,6 +175,8 @@
return PyUnicode_DecodeLocale(s, "surrogateescape");
}
+static int _py_get_history_length(void);
+static void _py_free_history_entry(HIST_ENTRY *entry);
/*
Explicitly disable bracketed paste in the interactive interpreter, even if it's
@@ -399,6 +401,27 @@
/*[clinic end generated code: output=e161a53e45987dc7 input=b8901bf16488b760]*/
{
_history_length = length;
+
+ if (length < 0) {
+ stifle_history(-1);
+ }
+ else {
+ int current_length = _py_get_history_length();
+ if (length < current_length) {
+#if defined(RL_READLINE_VERSION) && RL_READLINE_VERSION >= 0x0500
+ HISTORY_STATE *state = history_get_history_state();
+ if (state) {
+ int i;
+ for (i = 0; i < current_length - length; i++) {
+ _py_free_history_entry(remove_history(0));
+ }
+ state->length = length;
+ free(state);
+ }
+#endif
+ }
+ stifle_history(length);
+ }
Py_RETURN_NONE;
}

214
python313.changes
View File

@@ -1,217 +1,3 @@
-------------------------------------------------------------------
Wed Nov 19 19:21:41 UTC 2025 - Matej Cepl <mcepl@suse.com>
- Add pass-test_write_read_limited_history.patch:
Fix readline history truncation when length is reduced
The `readline.set_history_length()` function did not previously
truncate the in-memory history when the new length was set to
a value smaller than the current number of history items. This
could lead to unexpected behavior where `get_history_length()`
would still report the old length and writing the history to a
file would write more entries than the new limit.
This patch modifies `set_history_length()` to explicitly
remove the oldest history entries using `remove_history()`
when the length is decreased, ensuring the in-memory history
is correctly truncated to the new limit. This brings the
function's behavior in line with expectations and fixes
failures in `test_write_read_limited_history`.
-------------------------------------------------------------------
Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
-------------------------------------------------------------------
Tue Nov 4 16:44:05 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- Readjust patches while synchronizing between openSUSE and SLE trees:
- F00251-change-user-install-location.patch
- doc-py38-to-py36.patch
- gh126985-mv-pyvenv.cfg2getpath.patch
-------------------------------------------------------------------
Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
- Update to 3.13.9:
- Library
- gh-139783: Fix inspect.getsourcelines() for the case when a
decorator is followed by a comment or an empty line.
- Update to 3.13.8:
- macOS
- gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.
- gh-139573: Updated bundled version of OpenSSL to 3.0.18.
- Windows
- gh-139573: Updated bundled version of OpenSSL to 3.0.18.
- gh-138896: Fix error installing C runtime on non-updated Windows
machines
- Tools/Demos
- gh-139330: SBOM generation tool didnt cross-check the version
and checksum values against the Modules/expat/refresh.sh script,
leading to the values becoming out-of-date during routine
updates.
- gh-137873: The iOS test runner has been simplified, resolving
some issues that have been observed using the runner in GitHub
Actions and Azure Pipelines test environments.
- Tests
- gh-139208: Fix regrtest --fast-ci --verbose: dont ignore the
--verbose option anymore. Patch by Victor Stinner.
- Security
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-139283: sqlite3: correctly handle maximum number of rows to
fetch in Cursor.fetchmany and reject negative values for
Cursor.arraysize. Patch by Bénédikt Tran.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-139289: Do a real lazy-import on rlcompleter in pdb and
restore the existing completer after importing rlcompleter.
- gh-139210: Fix use-after-free when reporting unknown event in
xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
- gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
subprocess.
- gh-112729: Fix crash when calling _interpreters.create when the
process is out of memory.
- gh-139076: Fix a bug in the pydoc module that was hiding
functions in a Python module if they were implemented in an
extension module and the module did not have __all__.
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130567: Fix possible crash in locale.strxfrm() due to a
platform bug on macOS.
- gh-138779: Support device numbers larger than 2**63-1 for the
st_rdev field of the os.stat_result structure.
- gh-128636: Fix crash in PyREPL when os.environ is overwritten
with an invalid value for mac
- gh-88375: Fix normalization of the robots.txt rules and URLs in
the urllib.robotparser module. No longer ignore trailing ?.
Distinguish raw special characters ?, = and & from the
percent-encoded ones.
- gh-138515: email is added to Emscripten build.
- gh-111788: Fix parsing errors in the urllib.robotparser module.
Dont fail trying to parse weird paths. Dont fail trying to
decode non-UTF-8 robots.txt files.
- gh-138432: zoneinfo.reset_tzpath() will now convert any
os.PathLike objects it receives into strings before adding them
to TZPATH. It will raise TypeError if anything other than a
string is found after this conversion. If given an os.PathLike
object that represents a relative path, it will now raise
ValueError instead of TypeError, and present a more informative
error message.
- gh-138008: Fix segmentation faults in the ctypes module due to
invalid argtypes. Patch by Dung Nguyen.
- gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
platforms).
- gh-138204: Forbid expansion of shared anonymous memory maps on
Linux, which caused a bus error.
- gh-138010: Fix an issue where defining a class with a
@warnings.deprecated-decorated base class may not invoke the
correct __init_subclass__() method in cases involving multiple
inheritance. Patch by Brian Schubert.
- gh-138133: Prevent infinite traceback loop when sending CTRL^C
to Python through strace.
- gh-134869: Fix an issue where pressing Ctrl+C during tab
completion in the REPL would leave the autocompletion menu in a
corrupted state.
- gh-137317: inspect.signature() now correctly handles classes
that use a descriptor on a wrapped __init__() or __new__()
method. Contributed by Yongyu Yan.
- gh-137754: Fix import of the zoneinfo module if the C
implementation of the datetime module is not available.
- gh-137490: Handle ECANCELED in the same way as EINTR in
signal.sigwaitinfo() on NetBSD.
- gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
inspect.getsource() for generator expressions.
- gh-137017: Fix threading.Thread.is_alive to remain True until
the underlying OS thread is fully cleaned up. This avoids false
negatives in edge cases involving thread monitoring or premature
threading.Thread.is_alive calls.
- gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
instead of a ValueError if Python has been built without MD5
support. In particular, SMTP clients will not attempt to use
this method even if the remote server is assumed to support it.
Patch by Bénédikt Tran.
- gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
CRAM-MD5 authentication is not supported. Patch by Bénédikt
Tran.
- gh-135386: Fix opening a dbm.sqlite3 database for reading from
read-only file or directory.
- gh-126631: Fix multiprocessing forkserver bug which prevented
__main__ from being preloaded.
- gh-123085: In a bare call to importlib.resources.files(), ensure
the callers frame is properly detected when importlib.resources
is itself available as a compiled module only (no source).
- gh-118981: Fix potential hang in
multiprocessing.popen_spawn_posix that can happen when the child
proc dies early by closing the child fds right away.
- gh-78319: UTF8 support for the IMAP APPEND command has been made
RFC compliant.
- bpo-38735: Fix failure when importing a module from the root
directory on unix-like platforms with sys.pycache_prefix set.
- bpo-41839: Allow negative priority values from
os.sched_get_priority_min() and os.sched_get_priority_max()
functions.
- Core and Builtins
- gh-134466: Dont run PyREPL in a degraded environment where
setting termios attributes is not allowed.
- gh-71810: Raise OverflowError for (-1).to_bytes() for signed
conversions when bytes count is zero. Patch by Sergey B
Kirpichev.
- gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
__bases__ from the __dir__() entries of types.GenericAlias.
- gh-134163: Fix a hang when the process is out of memory inside
an exception handler.
- gh-138479: Fix a crash when a generic objects __typing_subst__
returns an object that isnt a tuple.
- gh-137576: Fix for incorrect source code being shown in
tracebacks from the Basic REPL when PYTHONSTARTUP is given.
Patch by Adam Hartz.
- gh-132744: Certain calls now check for runaway recursion and
respect the system recursion limit.
- C API
- gh-87135: Attempting to acquire the GIL after runtime
finalization has begun in a different thread now causes the
thread to hang rather than terminate, which avoids potential
crashes or memory corruption caused by attempting to terminate a
thread that is running code not specifically designed to support
termination. In most cases this hanging is harmless since the
process will soon exit anyway.
While not officially marked deprecated until 3.14,
PyThread_exit_thread is no longer called internally and remains
solely for interface compatibility. Its behavior is inconsistent
across platforms, and it can only be used safely in the unlikely
case that every function in the entire call stack has been
designed to support the platform-dependent termination
mechanism. It is recommended that users of this function change
their design to not require thread termination. In the unlikely
case that thread termination is needed and can be done safely,
users may migrate to calling platform-specific APIs such as
pthread_exit (POSIX) or _endthreadex (Windows) directly.
- Build
- gh-135734: Python can correctly be configured and built with
./configure --enable-optimizations --disable-test-modules.
Previously, the profile data generation step failed due to PGO
tests where immortalization couldnt be properly suppressed.
Patch by Bénédikt Tran.
-------------------------------------------------------------------
Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>

14
python313.spec
View File

@@ -167,7 +167,7 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
Version: 3.13.9
Version: 3.13.7
%define tarversion %{version}
%define tarname Python-%{tarversion}
Release: 0
@@ -235,15 +235,6 @@ Patch43: bsc1243155-sphinx-non-determinism.patch
Patch44: gh138131-exclude-pycache-from-digest.patch
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
Patch45: gh139257-Support-docutils-0.22.patch
# PATCH-FIX-UPSTREAM CVE-2025-8291-consistency-zip64.patch bsc#1251305 mcepl@suse.com
# Check consistency of the zip64 end of central directory record
Patch46: CVE-2025-8291-consistency-zip64.patch
# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
# Avoid potential quadratic complexity vulnerabilities in path modules
Patch47: CVE-2025-6075-expandvars-perf-degrad.patch
# PATCH-FIX-UPSTREAM pass-test_write_read_limited_history.patch bsc#[0-9]+ mcepl@suse.com
# Fix readline history truncation when length is reduced
Patch48: pass-test_write_read_limited_history.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -563,6 +554,9 @@ rm Lib/site-packages/README.txt
# Add vendored bluez-devel files
tar xvf %{SOURCE21}
# Don't fail on warnings when building documentation
# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
%build
export SUSE_VERSION="0%{?suse_version}"
export SLE_VERSION="0%{?sle_version}"