Accepting request 1245486 from devel:languages:python:Factory

- Update to the fifth development version of 3.14.0: - Tools/Demos - gh-129248: The iOS test runner now strips the log prefix from each line output by the test suite. - gh-104400: Fix several bugs in extraction by switching to an AST parser in pygettext. - Tests - gh-129386: Add test.support.reset_code, which can be used to reset various bytecode-level optimizations and local instrumentation for a function. - gh-128474: Disable test_embed test cases that segfault on BOLT instrument binaries. The tests are only disabled when BOLT is enabled. - gh-128003: Add an option --parallel-threads=N to the regression test runner that runs individual tests in multiple threads in parallel in order to find concurrency bugs. Note that most of the test suite is not yet reviewed for thread-safety or annotated with @thread_unsafe when necessary. - Security - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2. (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode(). - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing. - Library - gh-129939: Comparison pages with highlighted changes generated by the difflib.HtmlDiff class now support dark mode. - gh-129928: Raise sqlite3.ProgrammingError if a user-defined SQL function with invalid number of parameters is created. Patch by Erlend Aasland. - gh-129583: Update bundled pip to 25.0.1 - gh-129766: Fix crash in warnings, when calling _release_lock() with no existing lock. - gh-129005: _pyio.FileIO.readall() now allocates, resizes, and fills a data buffer using the same algorithm _io.FileIO.readall() uses. - gh-129646: Update the locale alias mapping in the locale module to match the latest X Org locale alias mapping and support new locales in Glibc 2.41. - gh-128317: Put CLI calendar highlighting in private class, removing highlight_day from public calendar.TextCalendar API. Patch by Hugo van Kemenade. - gh-129603: Fix bugs where sqlite3.Row objects could segfault if their inherited description was set to None. Patch by Erlend Aasland. - gh-129559: Add bytearray.resize() method so bytearray can be efficiently resized in place. - gh-129502: Unlikely errors in preparing arguments for ctypes callback are now handled in the same way as errors raised in the callback of in converting the result of the callback – using sys.unraisablehook() instead of sys.excepthook() and not setting sys.last_exc and other variables. - gh-129403: Corrected ValueError message for asyncio.Barrier and threading.Barrier. - gh-129409: Fix an integer overflow in the csv module when writing a data field larger than 2GB. - gh-126400: Add a socket timeout keyword argument to logging.handlers.SysLogHandler. - gh-118761: Always lazy import warnings in threading. Patch by Taneli Hukkinen. - gh-118761: Improve import time of subprocess by lazy importing locale and signal. Patch by Taneli Hukkinen. - gh-129346: In sqlite3, handle out-of-memory when creating user-defined SQL functions. - gh-129005: Optimize _pyio.FileIO.readinto by avoiding unnecessary objects and copies using os.readinto(). - gh-129195: Support reporting call graph information from asyncio.staggered.staggered_race(). - gh-129205: Add os.readinto() to read into a buffer object from a file descriptor. - gh-128772: Fix pydoc for methods with the __module__ attribute equal to None. - gh-129061: Fix FORCE_COLOR and NO_COLOR when empty strings. Patch by Hugo van Kemenade. - gh-92897: Scheduled the deprecation of the check_home argument of sysconfig.is_python_build() to Python 3.15. - gh-129064: Deprecate sysconfig.expand_makefile_vars(), in favor of using sysconfig.get_paths() with the vars argument. - gh-128550: Removed an incorrect optimization relating to eager tasks in asyncio.TaskGroup that resulted in cancellations being missed. - gh-128991: Release the enter frame reference within bdb callback - gh-118761: Reduce import time of pstats and zipfile by up to 20%, by removing unnecessary imports to typing. Patch by Bénédikt Tran. - gh-128978: Fix a NameError in sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran. - gh-128961: Fix a crash when setting state on an exhausted array.array iterator. - gh-128894: Fix traceback.TracebackException._format_syntax_error not to fail on exceptions with custom metadata. - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of address families other than AF_INET and AF_INET6, as it is meaningless with these address families, and the call with fail with Linux kernel 6.12.9 and newer. - gh-118761: Improve import time of tomllib by removing typing, string, and tomllib._types imports. Patch by Taneli Hukkinen. - gh-128679: tracemalloc: Fix race conditions when tracemalloc.stop() is called by a thread, while other threads are tracing memory allocations. Patch by Victor Stinner. - gh-128891: Add specialized opcodes to opcode.opname. - gh-118761: Reduce import time of gettext by up to ten times, by importing re on demand. In particular, re is no longer implicitly exposed as gettext.re. Patch by Eli Schwartz. - gh-118761: Reduce the import time of optparse when no help text is printed. Patch by Eli Schwartz. - gh-128657: Fix possible extra reference when using objects returned by hashlib.sha256() under free threading. - gh-118761: Reduce the import time of csv by up to five times, by importing re on demand. In particular, re is no more implicitly exposed as csv.re. Patch by Bénédikt Tran. - gh-128308: Support the name keyword argument for eager tasks in asyncio.loop.create_task(), asyncio.create_task() and asyncio.TaskGroup.create_task(), by passing on all kwargs to the task factory set by asyncio.loop.set_task_factory(). - gh-118761: Improve the performance of base64.b16decode() by up to ten times by more efficiently checking the byte-string for hexadecimal digits. Reduce the import time of base64 by up to six times, by no longer importing re. Patch by Bénédikt Tran, Chris Markiewicz, and Adam Turner. - gh-128156: When using macOS system libffi, support for complex types in ctypes is now checked at runtime (macOS 10.15 or newer). The types must also be available at build time. - gh-128636: Fix PyREPL failure when os.environ is overwritten with an invalid value. - gh-128498: Default to stdout isatty for color detection instead of stderr. Patch by Hugo van Kemenade. - gh-128384: Add locking to warnings to avoid some data races when free-threading is used. Change _warnings_runtime_state.mutex to be a recursive mutex and expose it to warnings, via the _acquire_lock() and _release_lock() functions. The lock is held when filters and _filters_version are updated. - gh-128509: Add sys._is_immortal() for identifying immortal objects at runtime. - gh-128479: Fix asyncio.staggered.staggered_race() leaking tasks and issuing an unhandled exception. - gh-128427: uuid.NIL and uuid.MAX are now available to represent the Nil and Max UUID formats as defined by RFC 9562. - gh-91279: zipfile.ZipFile.writestr() now respect SOURCE_DATE_EPOCH that distributions can set centrally and have build tools consume this in order to produce reproducible output. - gh-112064: Fix incorrect handling of negative read sizes in HTTPResponse.read. Patch by Yury Manushkin. - gh-58956: Fixed a frame reference leak in bdb. - gh-128131: Completely support random access of uncompressed unencrypted read-only zip files obtained by ZipFile.open. - gh-127975: Avoid reusing quote types in ast.unparse() if not needed. - gh-115514: Fix exceptions and incomplete writes after asyncio._SelectorTransport is closed before writes are completed. - gh-121604: Add missing Deprecation warnings for importlib.machinery.DEBUG_BYTECODE_SUFFIXES, importlib.machinery.OPTIMIZED_BYTECODE_SUFFIXES, importlib.machinery.WindowsRegistryFinder, importlib.abc.ResourceLoader, importlib.abc.SourceLoader.path_mtime(). - gh-127873: When -E is set, only ignore PYTHON_COLORS and not FORCE_COLOR/NO_COLOR/TERM when colourising output. Patch by Hugo van Kemenade. - gh-125413: Add pathlib.Path.info attribute, which stores an object implementing the pathlib.types.PathInfo protocol (also new). The object supports querying the file type and internally caching stat() results. Path objects generated by iterdir() are initialized with file type information gleaned from scanning the parent directory. - gh-127712: Fix handling of the secure argument of logging.handlers.SMTPHandler. - gh-127096: Do not recreate unnamed section on every read in configparser.ConfigParser. Patch by Andrey Efremov. - gh-124369: Deprecate pdb.Pdb.curframe_locals - gh-126332: Fix _pyrepl crash when entering a double CTRL-Z on an overflowing line. - gh-125553: Fix round-trip invariance for backslash continuations in tokenize.untokenize(). - gh-91048: Add asyncio.capture_call_graph() and asyncio.print_call_graph() functions. - gh-124703: Quitting pdb in inline mode will emit a confirmation prompt and exit gracefully now, instead of printing an exception traceback. - gh-123987: Fixed issue in NamespaceReader where a non-path item in a namespace path, such as a sentinel added by an editable installer, would break resource loading. - gh-119349: Add the ctypes.util.dllist() function to list the loaded shared libraries for the current process. - gh-55454: Add IMAP4 IDLE support to the imaplib module. Patch by Forest. - gh-119257: Show tab completions menu below the current line, which results in less janky behaviour, and fixes a cursor movement bug. Patch by Daniel Hollas - gh-101410: Support custom messages for domain errors in the math module (math.sqrt(), math.log() and math.atanh() were modified as examples). Patch by Charlie Zhao and Sergey B Kirpichev. - gh-81340: Use os.copy_file_range() in shutil.copy(), shutil.copy2(), and shutil.copyfile() functions by default. An underlying Linux system call gives filesystems an opportunity to implement the use of copy-on-write (in case of btrfs and XFS) or server-side copy (in the case of NFS.) Patch by Illia Volochii. - bpo-27307: Add attribute and item access support to string.Formatter in auto-numbering mode, which allows format strings like ‘{.name}’ and ‘{[1]}’. - IDLE - gh-129873: Simplify displaying the IDLE doc by only copying the text section of idle.html to idlelib/help.html. Patch by Stan Ulbrych. - Documentation - gh-125722: Require Sphinx 8.1.3 or later to build the Python documentation. Patch by Adam Turner. - gh-67206: Document that string.printable is not printable in the POSIX sense. In particular, string.printable.isprintable() returns False. Patch by Bénédikt Tran. - Core and Builtins - gh-100239: Replace the opcode BINARY_SUBSCR and its family by BINARY_OP with oparg NB_SUBSCR. - gh-129732: Fixed a race in _Py_qsbr_reserve in the free threading build. - gh-129763: Remove the internal LLTRACE macro (use Py_DEBUG instead). - gh-129715: Improve JIT performance for generators. - gh-129643: Fix thread safety of PyList_Insert() in free-threading builds. - gh-129668: Fix race condition when raising MemoryError in the free threaded build. - gh-129643: Fix thread safety of PyList_SetItem() in free-threading builds. Patch by Kumar Aditya. - gh-128563: Fix an issue where the “lltrace” debug feature could have been incorrectly enabled for some frames. - gh-129393: On FreeBSD, sys.platform doesn’t contain the major version anymore. It is always 'freebsd', instead of 'freebsd13' or 'freebsd14'. - gh-129345: Fix null pointer dereference in syslog.openlog() when an audit hook raises an exception. - gh-129231: Improve memory layout of JIT traces. Patch by Diego Russo - gh-129149: Add fast path for medium-size integers in PyLong_FromUnsignedLong(), PyLong_FromUnsignedLongLong() and PyLong_FromSize_t(). - gh-129201: The free-threaded version of the cyclic garbage collector has been optimized to conditionally use CPU prefetch instructions during the collection. This can reduce collection times by making it more likely that data is in the CPU cache when it is needed. The prefetch instructions are enabled if the number of long-lived objects (objects surviving a full collection) exceeds a threshold. - gh-129093: Fix f-strings such as f'{expr=}' sometimes not displaying the full expression when the expression contains !=. - gh-124363: Treat debug expressions in f-string as raw strings. Patch by Pablo Galindo - gh-128714: Fix the potential races in get/set dunder methods __annotations__, __annotate__ and __type_params__ for function object, and add related tests. - gh-128799: Add frame of except* to traceback when it wraps a naked exception. - gh-128842: Collect JIT memory stats using pystats. Patch by Diego Russo. - gh-100239: Specialize BINARY_OP for bitwise logical operations on compact ints. - gh-128910: Undocumented and unused private C-API functions _PyTrash_begin and _PyTrash_end are removed. - gh-128807: Add a marking phase to the free-threaded GC. This is similar to what was done in gh-126491. Since the free-threaded GC does not have generations and is not incremental, the marking phase looks for all objects reachable from known roots. The roots are objects known to not be garbage, like the module dictionary for sys. For most programs, this marking phase should make the GC a bit faster since typically less work is done per object. - gh-100239: Add opcode BINARY_OP_EXTEND which executes a pair of functions (guard and specialization functions) accessed from the inline cache. - gh-128563: A new type of interpreter has been added to CPython. This interpreter uses tail calls for its instruction handlers. Preliminary benchmark results suggest 7-11% geometric mean faster on pyperformance (depending on platform), and up to 30% faster on Python-intensive workloads. This interpreter currently only works on newer compilers, such as clang-19. Other compilers will continue using the old interpreter. Patch by Ken Jin, with ideas on how to implement this in CPython by Mark Shannon, Garret Gu, Haoran Xu, and Josh Haberman. - gh-126703: Improve performance of iterating over lists and tuples by using a freelist for the iterator objects. - gh-127953: The time to handle a LINE event in sys.monitoring (and sys.settrace) is now independent of the number of lines in the code object. - gh-128330: Restore terminal control characters on REPL exit. - gh-128016: Improved the SyntaxWarning message for invalid escape sequences to clarify that such sequences will raise a SyntaxError in future Python releases. The new message also suggests a potential fix, i.e., Did you mean "\\e"?. - gh-126004: Fix handling of UnicodeError.start and UnicodeError.end values in the codecs.replace_errors() error handler. Patch by Bénédikt Tran. - gh-126004: Fix handling of UnicodeError.start and UnicodeError.end values in the codecs.backslashreplace_errors() error handler. Patch by Bénédikt Tran. - gh-126004: Fix handling of UnicodeError.start and UnicodeError.end values in the codecs.xmlcharrefreplace_errors() error handler. Patch by Bénédikt Tran. - gh-127119: Slightly optimize the int deallocator. - gh-127349: Fixed the error when resizing terminal in Python REPL. Patch by Semyon Moroz. - gh-125723: Fix crash with gi_frame.f_locals when generator frames outlive their generator. Patch by Mikhail Efimov. - gh-126349: Add turtle.fill(), turtle.poly() and turtle.no_animation() context managers. Patch by Marie Roald and Yngve Mardal Moe. - gh-115911: If the current working directory cannot be determined due to permissions, then import will no longer raise PermissionError. Patch by Alex Willmer. - gh-112713: Added support for the Partitioned cookie flag in http.cookies. - C API - gh-129533: Update PyGC_Enable(), PyGC_Disable(), PyGC_IsEnabled() to use atomic operation for thread-safety at free-threading build. Patch by Donghee Na. - gh-89188: Implement PyUnicode_KIND() and PyUnicode_DATA() as function, in addition to the macros with the same names. The macros rely on C bit fields which have compiler-specific layout. Patch by Victor Stinner. - gh-91417: Remove PySequence_Fast() from the limited C API, since this function has to be used with PySequence_Fast_GET_ITEM which never worked in the limited C API. Patch by Victor Stinner. - gh-128509: Add PyUnstable_IsImmortal() for determining whether an object is immortal. - gh-129033: Remove _PyInterpreterState_GetConfigCopy() and _PyInterpreterState_SetConfig() private functions. Use instead PyConfig_Get() and PyConfig_Set(), public C API added by PEP 741 “Python Configuration C API”. Patch by Victor Stinner. - gh-129033: Remove the private _Py_InitializeMain() function. It was a provisional API added to Python 3.8 by PEP 587. Patch by Victor Stinner. - gh-128844: Add PyUnstable_TryIncRef() and PyUnstable_EnableTryIncRef() unstable APIs. These are helpers for dealing with unowned references in a thread-safe way, particularly in the free threading build. - gh-128911: Add PyImport_ImportModuleAttr() and PyImport_ImportModuleAttrString() helper functions to import a module and get an attribute of the module. Patch by Victor Stinner. - gh-128863: The following private functions are deprecated and planned for removal in Python 3.18: _PyBytes_Join(): use PyBytes_Join(). _PyDict_GetItemStringWithError(): use PyDict_GetItemStringRef(). _PyDict_Pop(): use PyDict_Pop(). _PyLong_Sign(): use PyLong_GetSign(). _PyLong_FromDigits() and _PyLong_New(): use PyLongWriter_Create(). _PyThreadState_UncheckedGet(): use PyThreadState_GetUnchecked(). _PyUnicode_AsString(): use PyUnicode_AsUTF8(). _Py_HashPointer(): use Py_HashPointer(). _Py_fopen_obj(): use Py_fopen(). The pythoncapi-compat project can be used to get these new public functions on Python 3.13 and older. Patch by Victor Stinner. - gh-126599: Remove some internal test APIs for the experimental JIT compiler. - gh-127925: Convert the decimal module to use PEP 757 C API (export-import integers), offering some speed-up if the integer part of the Decimal instance is small. Patch by Sergey B Kirpichev. - Build - gh-129660: Drop test_embed from PGO training, whose contribution in recent versions is considered to be ignorable. - gh-128902: Fix compile errors with Clang 9 and older due to lack of __attribute__((fallthrough)) support. - Remove upstreamed patches: - CVE-2025-0938-sq-brackets-domain-names.patch - 314a4-no-SO_REUSEPORT.patch OBS-URL: https://build.opensuse.org/request/show/1245486 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python314?expand=0&rev=6
2025-02-13 17:39:01 +00:00 · 2025-02-13 17:39:01 +00:00 · 35eb81a93f
commit 35eb81a93f
parent 8659ae7c2d aa6f469fcc
8 changed files with 424 additions and 217 deletions
--- a/314a4-no-SO_REUSEPORT.patch
+++ b/314a4-no-SO_REUSEPORT.patch
@ -1,94 +0,0 @@
-From 1afcfaa5ce01cd949e570bc9035b3a7b6ccdd2be Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
-Date: Fri, 17 Jan 2025 11:46:19 +0100
-Subject: [PATCH 1/2] gh-128916: Do not set `SO_REUSEPORT` on non-`AF_INET*`
- sockets
-
-Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies other
-than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these address
-families, and the call with fail with Linux kernel 6.12.9 and newer.
---
- Lib/asyncio/base_events.py                                 | 4 +++-
- Lib/socket.py                                              | 4 +++-
- Lib/socketserver.py                                        | 7 ++++++-
- .../Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst | 3 +++
- 4 files changed, 15 insertions(+), 3 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
-
-diff --git a/Lib/asyncio/base_events.py b/Lib/asyncio/base_events.py
-index 6e6e5aaac15caf..85018797db33bb 100644
--- a/Lib/asyncio/base_events.py
-+++ b/Lib/asyncio/base_events.py
-@@ -1593,7 +1593,9 @@ async def create_server(
-                     if reuse_address:
-                         sock.setsockopt(
-                             socket.SOL_SOCKET, socket.SO_REUSEADDR, True)
-                    if reuse_port:
-+                    # Since Linux 6.12.9, SO_REUSEPORT is not allowed
-+                    # on other address families than AF_INET/AF_INET6.
-+                    if reuse_port and af in (socket.AF_INET, socket.AF_INET6):
-                         _set_reuseport(sock)
-                     if keep_alive:
-                         sock.setsockopt(
-diff --git a/Lib/socket.py b/Lib/socket.py
-index be37c24d6174a2..727b0e75f03595 100644
--- a/Lib/socket.py
-+++ b/Lib/socket.py
-@@ -937,7 +937,9 @@ def create_server(address, *, family=AF_INET, backlog=None, reuse_port=False,
-                 # Fail later on bind(), for platforms which may not
-                 # support this option.
-                 pass
-        if reuse_port:
-+        # Since Linux 6.12.9, SO_REUSEPORT is not allowed
-+        # on other address families than AF_INET/AF_INET6.
-+        if reuse_port and family in (AF_INET, AF_INET6):
-             sock.setsockopt(SOL_SOCKET, SO_REUSEPORT, 1)
-         if has_ipv6 and family == AF_INET6:
-             if dualstack_ipv6:
-diff --git a/Lib/socketserver.py b/Lib/socketserver.py
-index cd028ef1c63b85..35b2723de3babe 100644
--- a/Lib/socketserver.py
-+++ b/Lib/socketserver.py
-@@ -468,7 +468,12 @@ def server_bind(self):
-         """
-         if self.allow_reuse_address and hasattr(socket, "SO_REUSEADDR"):
-             self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        if self.allow_reuse_port and hasattr(socket, "SO_REUSEPORT"):
-+        # Since Linux 6.12.9, SO_REUSEPORT is not allowed
-+        # on other address families than AF_INET/AF_INET6.
-+        if (
-+            self.allow_reuse_port and hasattr(socket, "SO_REUSEPORT")
-+            and self.address_family in (socket.AF_INET, socket.AF_INET6)
-+        ):
-             self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
-         self.socket.bind(self.server_address)
-         self.server_address = self.socket.getsockname()
-diff --git a/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
-new file mode 100644
-index 00000000000000..5d13825fb2b6ab
--- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
-@@ -0,0 +1,3 @@
-+Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies
-+other than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these
-+address families, and the call with fail with Linux kernel 6.12.9 and newer.
-
-From 8f8f0d67742ce151ea9b104ad0396660e2660b09 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
-Date: Fri, 17 Jan 2025 11:57:41 +0000
-Subject: [PATCH 2/2] Apply suggestions from code review
-
-Co-authored-by: Vinay Sajip <vinay_sajip@yahoo.co.uk>
---
- .../next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
-index 5d13825fb2b6ab..f2db341ef81621 100644
--- a/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
-+++ b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
-@@ -1,3 +1,3 @@
-Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies
-+Do not attempt to set ``SO_REUSEPORT`` on sockets of address families
- other than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these
- address families, and the call with fail with Linux kernel 6.12.9 and newer.
--- a/CVE-2025-0938-sq-brackets-domain-names.patch
+++ b/CVE-2025-0938-sq-brackets-domain-names.patch
@ -1,111 +0,0 @@
-From 6204ab9f989be3841c8c47e1e2cfe6a658fe16d5 Mon Sep 17 00:00:00 2001
-From: Seth Michael Larson <seth@python.org>
-Date: Tue, 28 Jan 2025 14:09:00 -0600
-Subject: [PATCH 1/4] gh-105704: Disallow square brackets ( and ) in domain
- names for parsed URLs
-
---
- Lib/test/test_urlparse.py                                                |   37 +++++++++-
- Lib/urllib/parse.py                                                      |   20 ++++-
- Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst |    4 +
- 3 files changed, 58 insertions(+), 3 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
-
--- a/Lib/test/test_urlparse.py
-+++ b/Lib/test/test_urlparse.py
-@@ -1412,16 +1412,51 @@ class UrlParseTestCase(unittest.TestCase
-         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query')
-         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query')
-         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip')
-+        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix')
- 
-     def test_splitting_bracketed_hosts(self):
-        p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query')
-+        p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query')
-         self.assertEqual(p1.hostname, 'v6a.ip')
-         self.assertEqual(p1.username, 'user')
-         self.assertEqual(p1.path, '/path')
-+        self.assertEqual(p1.port, 1234)
-         p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query')
-         self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test')
-         self.assertEqual(p2.username, 'user')
-         self.assertEqual(p2.path, '/path')
-+        self.assertIs(p2.port, None)
-         p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query')
-         self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test')
-         self.assertEqual(p3.username, 'user')
--- a/Lib/urllib/parse.py
-+++ b/Lib/urllib/parse.py
-@@ -439,6 +439,23 @@ def _checknetloc(netloc):
-             raise ValueError("netloc '" + netloc + "' contains invalid " +
-                              "characters under NFKC normalization")
- 
-+def _check_bracketed_netloc(netloc):
-+    # Note that this function must mirror the splitting
-+    # done in NetlocResultMixins._hostinfo().
-+    hostname_and_port = netloc.rpartition('@')[2]
-+    before_bracket, have_open_br, bracketed = hostname_and_port.partition('[')
-+    if have_open_br:
-+        # No data is allowed before a bracket.
-+        if before_bracket:
-+            raise ValueError("Invalid IPv6 URL")
-+        hostname, _, port = bracketed.partition(']')
-+        # No data is allowed after the bracket but before the port delimiter.
-+        if port and not port.startswith(":"):
-+            raise ValueError("Invalid IPv6 URL")
-+    else:
-+        hostname, _, port = hostname_and_port.partition(':')
-+    _check_bracketed_host(hostname)
-+
- # Valid bracketed hosts are defined in
- # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/
- def _check_bracketed_host(hostname):
-@@ -505,8 +522,7 @@ def _urlsplit(url, scheme=None, allow_fr
-                 (']' in netloc and '[' not in netloc)):
-             raise ValueError("Invalid IPv6 URL")
-         if '[' in netloc and ']' in netloc:
-            bracketed_host = netloc.partition('[')[2].partition(']')[0]
-            _check_bracketed_host(bracketed_host)
-+            _check_bracketed_netloc(netloc)
-     if allow_fragments and '#' in url:
-         url, fragment = url.split('#', 1)
-     if '?' in url:
--- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
-@@ -0,0 +1,4 @@
-+When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host
-+parsing would not reject domain names containing square brackets (``[`` and
-+``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to
-+`RFC 3986 Section 3.2.2 <https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.
--- a/Python-3.14.0a4.tar.xz
+++ b/Python-3.14.0a4.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c24f07881873c1d460228795ca6ca8c99130e30c773c91463d30d7ea8ff0e70b
-size 22798932
--- a/Python-3.14.0a4.tar.xz.sigstore
+++ b/Python-3.14.0a4.tar.xz.sigstore
@ -1 +0,0 @@
-{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlWgAwIBAgIUTNqrmr/M2mihtEwN8O2FyM2q1q4wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwMTE0MTYwMTUwWhcNMjUwMTE0MTYxMTUwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXFyDvDOdj/YAUw6VwCbccPuaGXVlONd/+yU2w6pjOucN7XNrKQzRc2p0B87e6fBJNtrvoQskKm5g5RZRNIaTraOCAXQwggFwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU+FemmqqSGkLeHpehmVT+O/2VD1MwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABlGWMvxkAAAQDAEgwRgIhAMdC5GErGZYgWadLhCcmCxR3wAZ8jSVhTikA8HyIMUjKAiEAjZQMpnwoXgxNEXGAs8J/Myxxp5Lky719397l9nhdPk8wCgYIKoZIzj0EAwMDaAAwZQIxAMcST1Hx0VxHs8dH4fVNnJHRqHV70g4gWXOUahXOh86pLbvOOsGqM3w8o3kUhjO7oAIwRCZiVhDjDq59iDX6/IO7mG/gwNXBVqKSPdcYRS6l/SxM3JRORz8QCQK3HtM5TPvm"}, "tlogEntries": [{"logIndex": "162324179", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1736870510", "inclusionPromise": {"signedEntryTimestamp": "MEQCIAXgFU1gThdT0mhc6q0AXzD3bBXTiacgiLtvj81gdZF4AiBN9qUrwxowhsD9xRkTFuRk/l7pkEkkF84mJouMltHlqw=="}, "inclusionProof": {"logIndex": "40419917", "rootHash": "sQcmJqkpVAfxguDGAn46H0Jx7wI/seLoX5hw8YAhpzE=", "treeSize": "40419918", "hashes": ["qjl0o9LTqPs1qAydDqJeuEjAe7m0r28edbu6YhwigVs=", "ld8TM/ZFyvOEsuFo6tzdkPMu1WXFFF7FkLeePNxTZgQ=", "msMDMUPWOxenW8+fKcA9KtYwJh+qOm8eJ6hD6qMLxgo=", "HB3n8ruKgQ4/hsnPPqqgZqgqrIY+bil6MZEN48iQf5o=", "s4485wmLHDIJ3Uz0cZtlQJMaGl/NcoVYyRSxf8iaGF0=", "ipeSaii1joKqXMjR8vQt0JqN3F2T64mYFe55cZTSE7k=", "Zh8tfYPsaKKLrwZBF7ddhto+2SATy+XV9dtLPctNAlU=", "GVSyTNVOEKppJTUqz+nM5IM0FJ34fKBEIv5VAyJ7Dv4=", "tlaG/ckV5gypfBxP4OGlhhoLQ/VcEe+s4IdoNM+5CJk=", "LxTVSFPuriQ2RUI8Dbu2hz4wzAG1G271/Jivqrd1etw=", "vemyaMj0Na1LMjbB/9Dmkq8T+jAb3o+yCESgAayUABU="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n40419918\nsQcmJqkpVAfxguDGAn46H0Jx7wI/seLoX5hw8YAhpzE=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAv+PVAciPszI4zlpSunN4bfTvMqVTy5p62XGhyX7jQwACIQCNHJdBqkgiBk7OICiGqlcnklnK9wf4okEYP4iC2UpSUQ==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMjRmMDc4ODE4NzNjMWQ0NjAyMjg3OTVjYTZjYThjOTkxMzBlMzBjNzczYzkxNDYzZDMwZDdlYThmZjBlNzBiIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUROejA2OHVmUE1tRUNZL3JldUdNSGRBbUhoazc1MHNaNHdTKytsY1g1Z0xRSWdLdzN1S1oydm9Jd2FMSWk1dFl3d2JBOUZUaFVHK05NUDViYmwyS0xSYXZjPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4WFowRjNTVUpCWjBsVlZFNXhjbTF5TDAweWJXbG9kRVYzVGpoUE1rWjVUVEp4TVhFMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDFVUlRCTlZGbDNUVlJWZDFkb1kwNU5hbFYzVFZSRk1FMVVXWGhOVkZWM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZZUm5sRWRrUlBaR292V1VGVmR6WldkME5pWTJOUWRXRkhXRlpzVDA1a0x5dDVWVElLZHpad2FrOTFZMDQzV0U1eVMxRjZVbU15Y0RCQ09EZGxObVpDU2s1MGNuWnZVWE5yUzIwMVp6VlNXbEpPU1dGVWNtRlBRMEZZVVhkblowWjNUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlVyUm1WdENtMXhjVk5IYTB4bFNIQmxhRzFXVkN0UEx6SldSREZOZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVhkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWprS1FraHpRV1ZSUWpOQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnNSMWROZG5oclFRcEJRVkZFUVVWbmQxSm5TV2hCVFdSRE5VZEZja2RhV1dkWFlXUk1hRU5qYlVONFVqTjNRVm80YWxOV2FGUnBhMEU0U0hsSlRWVnFTMEZwUlVGcVdsRk5DbkJ1ZDI5WVozaE9SVmhIUVhNNFNpOU5lWGg0Y0RWTWEzazNNVGt6T1Rkc09XNW9aRkJyT0hkRFoxbEpTMjlhU1hwcU1FVkJkMDFFWVVGQmQxcFJTWGdLUVUxalUxUXhTSGd3Vm5oSWN6aGtTRFJtVms1dVNraFNjVWhXTnpCbk5HZFhXRTlWWVdoWVQyZzRObkJNWW5aUFQzTkhjVTB6ZHpodk0ydFZhR3BQTndwdlFVbDNVa05hYVZab1JHcEVjVFU1YVVSWU5pOUpUemR0Unk5bmQwNVlRbFp4UzFOUVpHTlpVbE0yYkM5VGVFMHpTbEpQVW5vNFVVTlJTek5JZEUwMUNsUlFkbTBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "wk8HiBhzwdRgIoeVymyoyZEw4wx3PJFGPTDX6o/w5ws="}, "signature": "MEUCIQDNz068ufPMmECY/reuGMHdAmHhk750sZ4wS++lcX5gLQIgKw3uKZ2voIwaLIi5tYwwbA9FThUG+NMP5bbl2KLRavc="}}
--- a/Python-3.14.0a5.tar.xz
+++ b/Python-3.14.0a5.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:74e83f26de1e4fb9eef1b56492cff92508834bb71ac13f5c580438ce9f093682
+size 22859900
--- a/Python-3.14.0a5.tar.xz.sigstore
+++ b/Python-3.14.0a5.tar.xz.sigstore
--- a/python314.changes
+++ b/python314.changes
@ -1,3 +1,421 @@
+-------------------------------------------------------------------
+Wed Feb 12 21:20:43 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to the fifth development version of 3.14.0:
+  - Tools/Demos
+    - gh-129248: The iOS test runner now strips the log prefix
+      from each line output by the test suite.
+    - gh-104400: Fix several bugs in extraction by switching to
+      an AST parser in pygettext.
+  - Tests
+    - gh-129386: Add test.support.reset_code, which can be used
+      to reset various bytecode-level optimizations and local
+      instrumentation for a function.
+    - gh-128474: Disable test_embed test cases that segfault on
+      BOLT instrument binaries. The tests are only disabled when
+      BOLT is enabled.
+    - gh-128003: Add an option --parallel-threads=N to the
+      regression test runner that runs individual tests in
+      multiple threads in parallel in order to find concurrency
+      bugs. Note that most of the test suite is not yet reviewed
+      for thread-safety or annotated with @thread_unsafe when
+      necessary.
+  - Security
+    - gh-105704: When using urllib.parse.urlsplit() and
+      urllib.parse.urlparse() host parsing would not reject
+      domain names containing square brackets ([ and ]). Square
+      brackets are only valid for IPv6 and IPvFuture hosts
+      according to RFC 3986 Section 3.2.2. (bsc#1236705,
+      CVE-2025-0938, gh#python/cpython#105704).
+    - gh-126108: Fix a possible NULL pointer dereference in
+      PySys_AddWarnOptionUnicode().
+    - gh-80222: Fix bug in the folding of quoted strings
+      when flattening an email message using a modern email
+      policy. Previously when a quoted string was folded so
+      that it spanned more than one line, the surrounding
+      quotes and internal escapes would be omitted. This could
+      theoretically be used to spoof header lines using a
+      carefully constructed quoted string if the resulting
+      rendered email was transmitted or re-parsed.
+    - gh-119511: Fix a potential denial of service in the imaplib
+      module. When connecting to a malicious server, it could
+      cause an arbitrary amount of memory to be allocated. On
+      many systems this is harmless as unused virtual memory is
+      only a mapping, but if this hit a virtual address size
+      limit it could lead to a MemoryError or other process
+      crash. On unusual systems or builds where all allocated
+      memory is touched and backed by actual ram or storage
+      it could’ve consumed resources doing so until similarly
+      crashing.
+  - Library
+    - gh-129939: Comparison pages with highlighted changes
+      generated by the difflib.HtmlDiff class now support dark
+      mode.
+    - gh-129928: Raise sqlite3.ProgrammingError if a user-defined
+      SQL function with invalid number of parameters is
+      created. Patch by Erlend Aasland.
+    - gh-129583: Update bundled pip to 25.0.1
+    - gh-129766: Fix crash in warnings, when calling
+      _release_lock() with no existing lock.
+    - gh-129005: _pyio.FileIO.readall() now allocates, resizes,
+      and fills a data buffer using the same algorithm
+      _io.FileIO.readall() uses.
+    - gh-129646: Update the locale alias mapping in the locale
+      module to match the latest X Org locale alias mapping and
+      support new locales in Glibc 2.41.
+    - gh-128317: Put CLI calendar highlighting in private class,
+      removing highlight_day from public calendar.TextCalendar
+      API. Patch by Hugo van Kemenade.
+    - gh-129603: Fix bugs where sqlite3.Row objects could
+      segfault if their inherited description was set to
+      None. Patch by Erlend Aasland.
+    - gh-129559: Add bytearray.resize() method so bytearray can
+      be efficiently resized in place.
+    - gh-129502: Unlikely errors in preparing arguments for
+      ctypes callback are now handled in the same way as errors
+      raised in the callback of in converting the result of
+      the callback – using sys.unraisablehook() instead of
+      sys.excepthook() and not setting sys.last_exc and other
+      variables.
+    - gh-129403: Corrected ValueError message for asyncio.Barrier
+      and threading.Barrier.
+    - gh-129409: Fix an integer overflow in the csv module when
+      writing a data field larger than 2GB.
+    - gh-126400: Add a socket timeout keyword argument to
+      logging.handlers.SysLogHandler.
+    - gh-118761: Always lazy import warnings in threading. Patch
+      by Taneli Hukkinen.
+    - gh-118761: Improve import time of subprocess by lazy
+      importing locale and signal. Patch by Taneli Hukkinen.
+    - gh-129346: In sqlite3, handle out-of-memory when creating
+      user-defined SQL functions.
+    - gh-129005: Optimize _pyio.FileIO.readinto by avoiding
+      unnecessary objects and copies using os.readinto().
+    - gh-129195: Support reporting call graph information from
+      asyncio.staggered.staggered_race().
+    - gh-129205: Add os.readinto() to read into a buffer object
+      from a file descriptor.
+    - gh-128772: Fix pydoc for methods with the __module__
+      attribute equal to None.
+    - gh-129061: Fix FORCE_COLOR and NO_COLOR when empty
+      strings. Patch by Hugo van Kemenade.
+    - gh-92897: Scheduled the deprecation of the check_home
+      argument of sysconfig.is_python_build() to Python 3.15.
+    - gh-129064: Deprecate sysconfig.expand_makefile_vars(),
+      in favor of using sysconfig.get_paths() with the vars
+      argument.
+    - gh-128550: Removed an incorrect optimization relating
+      to eager tasks in asyncio.TaskGroup that resulted in
+      cancellations being missed.
+    - gh-128991: Release the enter frame reference within bdb
+      callback
+    - gh-118761: Reduce import time of pstats and zipfile by up
+      to 20%, by removing unnecessary imports to typing. Patch by
+      Bénédikt Tran.
+    - gh-128978: Fix a NameError in
+      sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran.
+    - gh-128961: Fix a crash when setting state on an exhausted
+      array.array iterator.
+    - gh-128894: Fix
+      traceback.TracebackException._format_syntax_error not to
+      fail on exceptions with custom metadata.
+    - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of
+      address families other than AF_INET and AF_INET6, as it is
+      meaningless with these address families, and the call with
+      fail with Linux kernel 6.12.9 and newer.
+    - gh-118761: Improve import time of tomllib by removing
+      typing, string, and tomllib._types imports. Patch by Taneli
+      Hukkinen.
+    - gh-128679: tracemalloc: Fix race conditions when
+      tracemalloc.stop() is called by a thread, while other
+      threads are tracing memory allocations. Patch by Victor
+      Stinner.
+    - gh-128891: Add specialized opcodes to opcode.opname.
+    - gh-118761: Reduce import time of gettext by up to ten
+      times, by importing re on demand. In particular, re is
+      no longer implicitly exposed as gettext.re. Patch by Eli
+      Schwartz.
+    - gh-118761: Reduce the import time of optparse when no help
+      text is printed. Patch by Eli Schwartz.
+    - gh-128657: Fix possible extra reference when using objects
+      returned by hashlib.sha256() under free threading.
+    - gh-118761: Reduce the import time of csv by up to five
+      times, by importing re on demand. In particular, re is no
+      more implicitly exposed as csv.re. Patch by Bénédikt Tran.
+    - gh-128308: Support the name keyword argument
+      for eager tasks in asyncio.loop.create_task(),
+      asyncio.create_task() and asyncio.TaskGroup.create_task(),
+      by passing on all kwargs to the task factory set by
+      asyncio.loop.set_task_factory().
+    - gh-118761: Improve the performance of base64.b16decode()
+      by up to ten times by more efficiently checking the
+      byte-string for hexadecimal digits. Reduce the import
+      time of base64 by up to six times, by no longer importing
+      re. Patch by Bénédikt Tran, Chris Markiewicz, and Adam
+      Turner.
+    - gh-128156: When using macOS system libffi, support for
+      complex types in ctypes is now checked at runtime (macOS
+      10.15 or newer). The types must also be available at build
+      time.
+    - gh-128636: Fix PyREPL failure when os.environ is
+      overwritten with an invalid value.
+    - gh-128498: Default to stdout isatty for color detection
+      instead of stderr. Patch by Hugo van Kemenade.
+    - gh-128384: Add locking to warnings to avoid some
+      data races when free-threading is used. Change
+      _warnings_runtime_state.mutex to be a recursive mutex
+      and expose it to warnings, via the _acquire_lock() and
+      _release_lock() functions. The lock is held when filters
+      and _filters_version are updated.
+    - gh-128509: Add sys._is_immortal() for identifying immortal
+      objects at runtime.
+    - gh-128479: Fix asyncio.staggered.staggered_race() leaking
+      tasks and issuing an unhandled exception.
+    - gh-128427: uuid.NIL and uuid.MAX are now available to
+      represent the Nil and Max UUID formats as defined by RFC
+      9562.
+    - gh-91279: zipfile.ZipFile.writestr() now respect
+      SOURCE_DATE_EPOCH that distributions can set centrally
+      and have build tools consume this in order to produce
+      reproducible output.
+    - gh-112064: Fix incorrect handling of negative read sizes in
+      HTTPResponse.read. Patch by Yury Manushkin.
+    - gh-58956: Fixed a frame reference leak in bdb.
+    - gh-128131: Completely support random access of uncompressed
+      unencrypted read-only zip files obtained by ZipFile.open.
+    - gh-127975: Avoid reusing quote types in ast.unparse() if
+      not needed.
+    - gh-115514: Fix exceptions and incomplete writes after
+      asyncio._SelectorTransport is closed before writes are
+      completed.
+    - gh-121604: Add missing Deprecation warnings for
+      importlib.machinery.DEBUG_BYTECODE_SUFFIXES,
+      importlib.machinery.OPTIMIZED_BYTECODE_SUFFIXES,
+      importlib.machinery.WindowsRegistryFinder,
+      importlib.abc.ResourceLoader,
+      importlib.abc.SourceLoader.path_mtime().
+    - gh-127873: When -E is set, only ignore PYTHON_COLORS
+      and not FORCE_COLOR/NO_COLOR/TERM when colourising
+      output. Patch by Hugo van Kemenade.
+    - gh-125413: Add pathlib.Path.info attribute, which stores
+      an object implementing the pathlib.types.PathInfo protocol
+      (also new). The object supports querying the file type and
+      internally caching stat() results. Path objects generated
+      by iterdir() are initialized with file type information
+      gleaned from scanning the parent directory.
+    - gh-127712: Fix handling of the secure argument of
+      logging.handlers.SMTPHandler.
+    - gh-127096: Do not recreate unnamed section on every read in
+      configparser.ConfigParser. Patch by Andrey Efremov.
+    - gh-124369: Deprecate pdb.Pdb.curframe_locals
+    - gh-126332: Fix _pyrepl crash when entering a double CTRL-Z
+      on an overflowing line.
+    - gh-125553: Fix round-trip invariance for backslash
+      continuations in tokenize.untokenize().
+    - gh-91048: Add asyncio.capture_call_graph() and
+      asyncio.print_call_graph() functions.
+    - gh-124703: Quitting pdb in inline mode will emit a
+      confirmation prompt and exit gracefully now, instead of
+      printing an exception traceback.
+    - gh-123987: Fixed issue in NamespaceReader where a non-path
+      item in a namespace path, such as a sentinel added by an
+      editable installer, would break resource loading.
+    - gh-119349: Add the ctypes.util.dllist() function to list
+      the loaded shared libraries for the current process.
+    - gh-55454: Add IMAP4 IDLE support to the imaplib
+      module. Patch by Forest.
+    - gh-119257: Show tab completions menu below the current
+      line, which results in less janky behaviour, and fixes a
+      cursor movement bug. Patch by Daniel Hollas
+    - gh-101410: Support custom messages for domain errors in the
+      math module (math.sqrt(), math.log() and math.atanh() were
+      modified as examples). Patch by Charlie Zhao and Sergey B
+      Kirpichev.
+    - gh-81340: Use os.copy_file_range() in shutil.copy(),
+      shutil.copy2(), and shutil.copyfile() functions by
+      default. An underlying Linux system call gives filesystems
+      an opportunity to implement the use of copy-on-write (in
+      case of btrfs and XFS) or server-side copy (in the case of
+      NFS.) Patch by Illia Volochii.
+    - bpo-27307: Add attribute and item access support to
+      string.Formatter in auto-numbering mode, which allows
+      format strings like ‘{.name}’ and ‘{[1]}’.
+  - IDLE
+    - gh-129873: Simplify displaying the IDLE doc by only copying
+      the text section of idle.html to idlelib/help.html. Patch
+      by Stan Ulbrych.
+  - Documentation
+    - gh-125722: Require Sphinx 8.1.3 or later to build the
+      Python documentation. Patch by Adam Turner.
+    - gh-67206: Document that string.printable is not
+      printable in the POSIX sense. In particular,
+      string.printable.isprintable() returns False. Patch by
+      Bénédikt Tran.
+  - Core and Builtins
+    - gh-100239: Replace the opcode BINARY_SUBSCR and its family
+      by BINARY_OP with oparg NB_SUBSCR.
+    - gh-129732: Fixed a race in _Py_qsbr_reserve in the free
+      threading build.
+    - gh-129763: Remove the internal LLTRACE macro (use Py_DEBUG
+      instead).
+    - gh-129715: Improve JIT performance for generators.
+    - gh-129643: Fix thread safety of PyList_Insert() in
+      free-threading builds.
+    - gh-129668: Fix race condition when raising MemoryError in
+      the free threaded build.
+    - gh-129643: Fix thread safety of PyList_SetItem() in
+      free-threading builds. Patch by Kumar Aditya.
+    - gh-128563: Fix an issue where the “lltrace” debug feature
+      could have been incorrectly enabled for some frames.
+    - gh-129393: On FreeBSD, sys.platform doesn’t contain the
+      major version anymore. It is always 'freebsd', instead of
+      'freebsd13' or 'freebsd14'.
+    - gh-129345: Fix null pointer dereference in syslog.openlog()
+      when an audit hook raises an exception.
+    - gh-129231: Improve memory layout of JIT traces. Patch by
+      Diego Russo
+    - gh-129149: Add fast path for medium-size integers in
+      PyLong_FromUnsignedLong(), PyLong_FromUnsignedLongLong()
+      and PyLong_FromSize_t().
+    - gh-129201: The free-threaded version of the cyclic garbage
+      collector has been optimized to conditionally use CPU
+      prefetch instructions during the collection. This can
+      reduce collection times by making it more likely that
+      data is in the CPU cache when it is needed. The prefetch
+      instructions are enabled if the number of long-lived
+      objects (objects surviving a full collection) exceeds a
+      threshold.
+    - gh-129093: Fix f-strings such as f'{expr=}' sometimes not
+      displaying the full expression when the expression contains
+      !=.
+    - gh-124363: Treat debug expressions in f-string as raw
+      strings. Patch by Pablo Galindo
+    - gh-128714: Fix the potential races in get/set dunder
+      methods __annotations__, __annotate__ and __type_params__
+      for function object, and add related tests.
+    - gh-128799: Add frame of except* to traceback when it wraps
+      a naked exception.
+    - gh-128842: Collect JIT memory stats using pystats. Patch by
+      Diego Russo.
+    - gh-100239: Specialize BINARY_OP for bitwise logical
+      operations on compact ints.
+    - gh-128910: Undocumented and unused private C-API functions
+      _PyTrash_begin and _PyTrash_end are removed.
+    - gh-128807: Add a marking phase to the free-threaded
+      GC. This is similar to what was done in gh-126491. Since
+      the free-threaded GC does not have generations and is
+      not incremental, the marking phase looks for all objects
+      reachable from known roots. The roots are objects known to
+      not be garbage, like the module dictionary for sys. For
+      most programs, this marking phase should make the GC a bit
+      faster since typically less work is done per object.
+    - gh-100239: Add opcode BINARY_OP_EXTEND which executes a
+      pair of functions (guard and specialization functions)
+      accessed from the inline cache.
+    - gh-128563: A new type of interpreter has been added
+      to CPython. This interpreter uses tail calls for its
+      instruction handlers. Preliminary benchmark results suggest
+      7-11% geometric mean faster on pyperformance (depending
+      on platform), and up to 30% faster on Python-intensive
+      workloads. This interpreter currently only works on newer
+      compilers, such as clang-19. Other compilers will continue
+      using the old interpreter. Patch by Ken Jin, with ideas on
+      how to implement this in CPython by Mark Shannon, Garret
+      Gu, Haoran Xu, and Josh Haberman.
+    - gh-126703: Improve performance of iterating over lists and
+      tuples by using a freelist for the iterator objects.
+    - gh-127953: The time to handle a LINE event in
+      sys.monitoring (and sys.settrace) is now independent of the
+      number of lines in the code object.
+    - gh-128330: Restore terminal control characters on REPL
+      exit.
+    - gh-128016: Improved the SyntaxWarning message for invalid
+      escape sequences to clarify that such sequences will raise
+      a SyntaxError in future Python releases. The new message
+      also suggests a potential fix, i.e., Did you mean "\\e"?.
+    - gh-126004: Fix handling of UnicodeError.start and
+      UnicodeError.end values in the codecs.replace_errors()
+      error handler. Patch by Bénédikt Tran.
+    - gh-126004: Fix handling of UnicodeError.start
+      and UnicodeError.end values in the
+      codecs.backslashreplace_errors() error handler. Patch by
+      Bénédikt Tran.
+    - gh-126004: Fix handling of UnicodeError.start
+      and UnicodeError.end values in the
+      codecs.xmlcharrefreplace_errors() error handler. Patch by
+      Bénédikt Tran.
+    - gh-127119: Slightly optimize the int deallocator.
+    - gh-127349: Fixed the error when resizing terminal in Python
+      REPL. Patch by Semyon Moroz.
+    - gh-125723: Fix crash with gi_frame.f_locals when generator
+      frames outlive their generator. Patch by Mikhail Efimov.
+    - gh-126349: Add turtle.fill(), turtle.poly() and
+      turtle.no_animation() context managers. Patch by Marie
+      Roald and Yngve Mardal Moe.
+    - gh-115911: If the current working directory cannot be
+      determined due to permissions, then import will no longer
+      raise PermissionError. Patch by Alex Willmer.
+    - gh-112713: Added support for the Partitioned cookie flag in
+      http.cookies.
+  - C API
+    - gh-129533: Update PyGC_Enable(), PyGC_Disable(),
+      PyGC_IsEnabled() to use atomic operation for thread-safety
+      at free-threading build. Patch by Donghee Na.
+    - gh-89188: Implement PyUnicode_KIND() and PyUnicode_DATA()
+      as function, in addition to the macros with the same
+      names. The macros rely on C bit fields which have
+      compiler-specific layout. Patch by Victor Stinner.
+    - gh-91417: Remove PySequence_Fast() from the limited
+      C API, since this function has to be used with
+      PySequence_Fast_GET_ITEM which never worked in the limited
+      C API. Patch by Victor Stinner.
+    - gh-128509: Add PyUnstable_IsImmortal() for determining
+      whether an object is immortal.
+    - gh-129033: Remove _PyInterpreterState_GetConfigCopy() and
+      _PyInterpreterState_SetConfig() private functions. Use
+      instead PyConfig_Get() and PyConfig_Set(), public C API
+      added by PEP 741 “Python Configuration C API”. Patch by
+      Victor Stinner.
+    - gh-129033: Remove the private _Py_InitializeMain()
+      function. It was a provisional API added to Python 3.8 by
+      PEP 587. Patch by Victor Stinner.
+    - gh-128844: Add PyUnstable_TryIncRef() and
+      PyUnstable_EnableTryIncRef() unstable APIs. These
+      are helpers for dealing with unowned references in a
+      thread-safe way, particularly in the free threading build.
+    - gh-128911: Add PyImport_ImportModuleAttr() and
+      PyImport_ImportModuleAttrString() helper functions to
+      import a module and get an attribute of the module. Patch
+      by Victor Stinner.
+    - gh-128863: The following private functions are deprecated
+      and planned for removal in Python 3.18:
+        _PyBytes_Join(): use PyBytes_Join().
+        _PyDict_GetItemStringWithError(): use PyDict_GetItemStringRef().
+        _PyDict_Pop(): use PyDict_Pop().
+        _PyLong_Sign(): use PyLong_GetSign().
+        _PyLong_FromDigits() and _PyLong_New(): use PyLongWriter_Create().
+        _PyThreadState_UncheckedGet(): use PyThreadState_GetUnchecked().
+        _PyUnicode_AsString(): use PyUnicode_AsUTF8().
+        _Py_HashPointer(): use Py_HashPointer().
+        _Py_fopen_obj(): use Py_fopen().
+    The pythoncapi-compat project can be used to get these new
+    public functions on Python 3.13 and older. Patch by Victor Stinner.
+    - gh-126599: Remove some internal test APIs for the
+      experimental JIT compiler.
+    - gh-127925: Convert the decimal module to use PEP 757 C API
+      (export-import integers), offering some speed-up if the
+      integer part of the Decimal instance is small. Patch by
+      Sergey B Kirpichev.
+  - Build
+    - gh-129660: Drop test_embed from PGO training, whose
+      contribution in recent versions is considered to be
+      ignorable.
+    - gh-128902: Fix compile errors with Clang 9 and older due to
+      lack of __attribute__((fallthrough)) support.
+- Remove upstreamed patches:
+    - CVE-2025-0938-sq-brackets-domain-names.patch
+    - 314a4-no-SO_REUSEPORT.patch
+
 -------------------------------------------------------------------
 Tue Feb  4 14:43:13 UTC 2025 - Matej Cepl <mcepl@cepl.eu>

--- a/python314.spec
+++ b/python314.spec
@ -157,8 +157,8 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.14.0~a4
-%define         tarversion 3.14.0a4
+Version:        3.14.0~a5
+%define         tarversion 3.14.0a5
 %define         tarname    Python-%{tarversion}
 Release:        0
 Summary:        Python 3 Interpreter
@ -216,12 +216,6 @@ Patch39:        CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
 # PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
 # Skip some failing tests in test_compile for i586 arch in 15.6.
 Patch40:        fix-test-recursion-limit-15.6.patch
-# PATCH-FIX-UPSTREAM CVE-2025-0938-sq-brackets-domain-names.patch bsc#1236705 mcepl@suse.com
-# functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets
-Patch41:        CVE-2025-0938-sq-brackets-domain-names.patch
-# PATCH-FIX-UPSTREAM 314a4-no-SO_REUSEPORT.patch gh#python/cpython#128916 mcepl@suse.com
-# changes in kernel break Python tests
-Patch42:        314a4-no-SO_REUSEPORT.patch
 #### Python 3.14 DEVELOPMENT PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
				`@ -1 +0,0 @@`
				{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlWgAwIBAgIUTNqrmr/M2mihtEwN8O2FyM2q1q4wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwMTE0MTYwMTUwWhcNMjUwMTE0MTYxMTUwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXFyDvDOdj/YAUw6VwCbccPuaGXVlONd/+yU2w6pjOucN7XNrKQzRc2p0B87e6fBJNtrvoQskKm5g5RZRNIaTraOCAXQwggFwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU+FemmqqSGkLeHpehmVT+O/2VD1MwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABlGWMvxkAAAQDAEgwRgIhAMdC5GErGZYgWadLhCcmCxR3wAZ8jSVhTikA8HyIMUjKAiEAjZQMpnwoXgxNEXGAs8J/Myxxp5Lky719397l9nhdPk8wCgYIKoZIzj0EAwMDaAAwZQIxAMcST1Hx0VxHs8dH4fVNnJHRqHV70g4gWXOUahXOh86pLbvOOsGqM3w8o3kUhjO7oAIwRCZiVhDjDq59iDX6/IO7mG/gwNXBVqKSPdcYRS6l/SxM3JRORz8QCQK3HtM5TPvm"}, "tlogEntries": [{"logIndex": "162324179", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1736870510", "inclusionPromise": {"signedEntryTimestamp": "MEQCIAXgFU1gThdT0mhc6q0AXzD3bBXTiacgiLtvj81gdZF4AiBN9qUrwxowhsD9xRkTFuRk/l7pkEkkF84mJouMltHlqw=="}, "inclusionProof": {"logIndex": "40419917", "rootHash": "sQcmJqkpVAfxguDGAn46H0Jx7wI/seLoX5hw8YAhpzE=", "treeSize": "40419918", "hashes": ["qjl0o9LTqPs1qAydDqJeuEjAe7m0r28edbu6YhwigVs=", "ld8TM/ZFyvOEsuFo6tzdkPMu1WXFFF7FkLeePNxTZgQ=", "msMDMUPWOxenW8+fKcA9KtYwJh+qOm8eJ6hD6qMLxgo=", "HB3n8ruKgQ4/hsnPPqqgZqgqrIY+bil6MZEN48iQf5o=", "s4485wmLHDIJ3Uz0cZtlQJMaGl/NcoVYyRSxf8iaGF0=", "ipeSaii1joKqXMjR8vQt0JqN3F2T64mYFe55cZTSE7k=", "Zh8tfYPsaKKLrwZBF7ddhto+2SATy+XV9dtLPctNAlU=", "GVSyTNVOEKppJTUqz+nM5IM0FJ34fKBEIv5VAyJ7Dv4=", "tlaG/ckV5gypfBxP4OGlhhoLQ/VcEe+s4IdoNM+5CJk=", "LxTVSFPuriQ2RUI8Dbu2hz4wzAG1G271/Jivqrd1etw=", "vemyaMj0Na1LMjbB/9Dmkq8T+jAb3o+yCESgAayUABU="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n40419918\nsQcmJqkpVAfxguDGAn46H0Jx7wI/seLoX5hw8YAhpzE=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAv+PVAciPszI4zlpSunN4bfTvMqVTy5p62XGhyX7jQwACIQCNHJdBqkgiBk7OICiGqlcnklnK9wf4okEYP4iC2UpSUQ==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMjRmMDc4ODE4NzNjMWQ0NjAyMjg3OTVjYTZjYThjOTkxMzBlMzBjNzczYzkxNDYzZDMwZDdlYThmZjBlNzBiIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUROejA2OHVmUE1tRUNZL3JldUdNSGRBbUhoazc1MHNaNHdTKytsY1g1Z0xRSWdLdzN1S1oydm9Jd2FMSWk1dFl3d2JBOUZUaFVHK05NUDViYmwyS0xSYXZjPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4WFowRjNTVUpCWjBsVlZFNXhjbTF5TDAweWJXbG9kRVYzVGpoUE1rWjVUVEp4TVhFMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDFVUlRCTlZGbDNUVlJWZDFkb1kwNU5hbFYzVFZSRk1FMVVXWGhOVkZWM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZZUm5sRWRrUlBaR292V1VGVmR6WldkME5pWTJOUWRXRkhXRlpzVDA1a0x5dDVWVElLZHpad2FrOTFZMDQzV0U1eVMxRjZVbU15Y0RCQ09EZGxObVpDU2s1MGNuWnZVWE5yUzIwMVp6VlNXbEpPU1dGVWNtRlBRMEZZVVhkblowWjNUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlVyUm1WdENtMXhjVk5IYTB4bFNIQmxhRzFXVkN0UEx6SldSREZOZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVhkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWprS1FraHpRV1ZSUWpOQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnNSMWROZG5oclFRcEJRVkZFUVVWbmQxSm5TV2hCVFdSRE5VZEZja2RhV1dkWFlXUk1hRU5qYlVONFVqTjNRVm80YWxOV2FGUnBhMEU0U0hsSlRWVnFTMEZwUlVGcVdsRk5DbkJ1ZDI5WVozaE9SVmhIUVhNNFNpOU5lWGg0Y0RWTWEzazNNVGt6T1Rkc09XNW9aRkJyT0hkRFoxbEpTMjlhU1hwcU1FVkJkMDFFWVVGQmQxcFJTWGdLUVUxalUxUXhTSGd3Vm5oSWN6aGtTRFJtVms1dVNraFNjVWhXTnpCbk5HZFhXRTlWWVdoWVQyZzRObkJNWW5aUFQzTkhjVTB6ZHpodk0ydFZhR3BQTndwdlFVbDNVa05hYVZab1JHcEVjVFU1YVVSWU5pOUpUemR0Unk5bmQwNVlRbFp4UzFOUVpHTlpVbE0yYkM5VGVFMHpTbEpQVW5vNFVVTlJTek5JZEUwMUNsUlFkbTBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "wk8HiBhzwdRgIoeVymyoyZEw4wx3PJFGPTDX6o/w5ws="}, "signature": "MEUCIQDNz068ufPMmECY/reuGMHdAmHhk750sZ4wS++lcX5gLQIgKw3uKZ2voIwaLIi5tYwwbA9FThUG+NMP5bbl2KLRavc="}}