diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch
deleted file mode 100644
index 4cfe513..0000000
--- a/CVE-2025-6069-quad-complex-HTMLParser.patch
+++ /dev/null
@@ -1,238 +0,0 @@
-From ec28625203b5dd4b4447dc4bb512898294cd6d0c Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka <storchaka@gmail.com>
-Date: Fri, 13 Jun 2025 19:57:48 +0300
-Subject: [PATCH] [3.10] gh-135462: Fix quadratic complexity in processing
- special input in HTMLParser (GH-135464)
-
-End-of-file errors are now handled according to the HTML5 specs --
-comments and declarations are automatically closed, tags are ignored.
-(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41)
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
----
- Lib/html/parser.py                                                       |   41 +++-
- Lib/test/test_htmlparser.py                                              |   95 ++++++++--
- Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst |    4 
- 3 files changed, 117 insertions(+), 23 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
-
-Index: Python-3.10.18/Lib/html/parser.py
-===================================================================
---- Python-3.10.18.orig/Lib/html/parser.py	2025-07-02 18:00:32.520419724 +0200
-+++ Python-3.10.18/Lib/html/parser.py	2025-07-02 18:00:42.616018075 +0200
-@@ -25,6 +25,7 @@
- charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]')
- 
- starttagopen = re.compile('<[a-zA-Z]')
-+endtagopen = re.compile('</[a-zA-Z]')
- piclose = re.compile('>')
- commentclose = re.compile(r'--\s*>')
- # Note:
-@@ -176,7 +177,7 @@
-                     k = self.parse_pi(i)
-                 elif startswith("<!", i):
-                     k = self.parse_html_declaration(i)
--                elif (i + 1) < n:
-+                elif (i + 1) < n or end:
-                     self.handle_data("<")
-                     k = i + 1
-                 else:
-@@ -184,17 +185,35 @@
-                 if k < 0:
-                     if not end:
-                         break
--                    k = rawdata.find('>', i + 1)
--                    if k < 0:
--                        k = rawdata.find('<', i + 1)
--                        if k < 0:
--                            k = i + 1
-+                    if starttagopen.match(rawdata, i):  # < + letter
-+                        pass
-+                    elif startswith("</", i):
-+                        if i + 2 == n:
-+                            self.handle_data("</")
-+                        elif endtagopen.match(rawdata, i):  # </ + letter
-+                            pass
-+                        else:
-+                            # bogus comment
-+                            self.handle_comment(rawdata[i+2:])
-+                    elif startswith("<!--", i):
-+                        j = n
-+                        for suffix in ("--!", "--", "-"):
-+                            if rawdata.endswith(suffix, i+4):
-+                                j -= len(suffix)
-+                                break
-+                        self.handle_comment(rawdata[i+4:j])
-+                    elif startswith("<![CDATA[", i):
-+                        self.unknown_decl(rawdata[i+3:])
-+                    elif rawdata[i:i+9].lower() == '<!doctype':
-+                        self.handle_decl(rawdata[i+2:])
-+                    elif startswith("<!", i):
-+                        # bogus comment
-+                        self.handle_comment(rawdata[i+2:])
-+                    elif startswith("<?", i):
-+                        self.handle_pi(rawdata[i+2:])
-                     else:
--                        k += 1
--                    if self.convert_charrefs and not self.cdata_elem:
--                        self.handle_data(unescape(rawdata[i:k]))
--                    else:
--                        self.handle_data(rawdata[i:k])
-+                        raise AssertionError("we should not get here!")
-+                    k = n
-                 i = self.updatepos(i, k)
-             elif startswith("&#", i):
-                 match = charref.match(rawdata, i)
-Index: Python-3.10.18/Lib/test/test_htmlparser.py
-===================================================================
---- Python-3.10.18.orig/Lib/test/test_htmlparser.py	2025-07-02 18:00:33.941415672 +0200
-+++ Python-3.10.18/Lib/test/test_htmlparser.py	2025-07-02 18:00:42.616237238 +0200
-@@ -4,6 +4,8 @@
- import pprint
- import unittest
- 
-+from test import support
-+
- 
- class EventCollector(html.parser.HTMLParser):
- 
-@@ -391,28 +393,34 @@
-                             ('data', '<'),
-                             ('starttag', 'bc<', [('a', None)]),
-                             ('endtag', 'html'),
--                            ('data', '\n<img src="URL>'),
--                            ('comment', '/img'),
--                            ('endtag', 'html<')])
-+                            ('data', '\n')])
- 
-     def test_starttag_junk_chars(self):
-+        self._run_check("<", [('data', '<')])
-+        self._run_check("<>", [('data', '<>')])
-+        self._run_check("< >", [('data', '< >')])
-+        self._run_check("< ", [('data', '< ')])
-         self._run_check("</>", [])
-+        self._run_check("<$>", [('data', '<$>')])
-         self._run_check("</$>", [('comment', '$')])
-         self._run_check("</", [('data', '</')])
--        self._run_check("</a", [('data', '</a')])
-+        self._run_check("</a", [])
-+        self._run_check("</ a>", [('endtag', 'a')])
-+        self._run_check("</ a", [('comment', ' a')])
-         self._run_check("<a<a>", [('starttag', 'a<a', [])])
-         self._run_check("</a<a>", [('endtag', 'a<a')])
--        self._run_check("<!", [('data', '<!')])
--        self._run_check("<a", [('data', '<a')])
--        self._run_check("<a foo='bar'", [('data', "<a foo='bar'")])
--        self._run_check("<a foo='bar", [('data', "<a foo='bar")])
--        self._run_check("<a foo='>'", [('data', "<a foo='>'")])
--        self._run_check("<a foo='>", [('data', "<a foo='>")])
-+        self._run_check("<!", [('comment', '')])
-+        self._run_check("<a", [])
-+        self._run_check("<a foo='bar'", [])
-+        self._run_check("<a foo='bar", [])
-+        self._run_check("<a foo='>'", [])
-+        self._run_check("<a foo='>", [])
-         self._run_check("<a$>", [('starttag', 'a$', [])])
-         self._run_check("<a$b>", [('starttag', 'a$b', [])])
-         self._run_check("<a$b/>", [('startendtag', 'a$b', [])])
-         self._run_check("<a$b  >", [('starttag', 'a$b', [])])
-         self._run_check("<a$b  />", [('startendtag', 'a$b', [])])
-+        self._run_check("</a$b>", [('endtag', 'a$b')])
- 
-     def test_slashes_in_starttag(self):
-         self._run_check('<a foo="var"/>', [('startendtag', 'a', [('foo', 'var')])])
-@@ -537,13 +545,56 @@
-         for html, expected in data:
-             self._run_check(html, expected)
- 
--    def test_broken_comments(self):
--        html = ('<! not really a comment >'
-+    def test_eof_in_comments(self):
-+        data = [
-+            ('<!--', [('comment', '')]),
-+            ('<!---', [('comment', '')]),
-+            ('<!----', [('comment', '')]),
-+            ('<!-----', [('comment', '-')]),
-+            ('<!------', [('comment', '--')]),
-+            ('<!----!', [('comment', '')]),
-+            ('<!---!', [('comment', '-!')]),
-+            ('<!---!>', [('comment', '-!>')]),
-+            ('<!--foo', [('comment', 'foo')]),
-+            ('<!--foo-', [('comment', 'foo')]),
-+            ('<!--foo--', [('comment', 'foo')]),
-+            ('<!--foo--!', [('comment', 'foo')]),
-+            ('<!--<!--', [('comment', '<!')]),
-+            ('<!--<!--!', [('comment', '<!')]),
-+        ]
-+        for html, expected in data:
-+            self._run_check(html, expected)
-+
-+    def test_eof_in_declarations(self):
-+        data = [
-+            ('<!', [('comment', '')]),
-+            ('<!-', [('comment', '-')]),
-+            ('<![', [('comment', '[')]),
-+            ('<![CDATA[', [('unknown decl', 'CDATA[')]),
-+            ('<![CDATA[x', [('unknown decl', 'CDATA[x')]),
-+            ('<![CDATA[x]', [('unknown decl', 'CDATA[x]')]),
-+            ('<![CDATA[x]]', [('unknown decl', 'CDATA[x]]')]),
-+            ('<!DOCTYPE', [('decl', 'DOCTYPE')]),
-+            ('<!DOCTYPE ', [('decl', 'DOCTYPE ')]),
-+            ('<!DOCTYPE html', [('decl', 'DOCTYPE html')]),
-+            ('<!DOCTYPE html ', [('decl', 'DOCTYPE html ')]),
-+            ('<!DOCTYPE html PUBLIC', [('decl', 'DOCTYPE html PUBLIC')]),
-+            ('<!DOCTYPE html PUBLIC "foo', [('decl', 'DOCTYPE html PUBLIC "foo')]),
-+            ('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo',
-+             [('decl', 'DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo')]),
-+        ]
-+        for html, expected in data:
-+            self._run_check(html, expected)
-+
-+    def test_bogus_comments(self):
-+        html = ('<!ELEMENT br EMPTY>'
-+                '<! not really a comment >'
-                 '<! not a comment either -->'
-                 '<! -- close enough -->'
-                 '<!><!<-- this was an empty comment>'
-                 '<!!! another bogus comment !!!>')
-         expected = [
-+            ('comment', 'ELEMENT br EMPTY'),
-             ('comment', ' not really a comment '),
-             ('comment', ' not a comment either --'),
-             ('comment', ' -- close enough --'),
-@@ -598,6 +649,26 @@
-              ('endtag', 'a'), ('data', ' bar & baz')]
-         )
- 
-+    @support.requires_resource('cpu')
-+    def test_eof_no_quadratic_complexity(self):
-+        # Each of these examples used to take about an hour.
-+        # Now they take a fraction of a second.
-+        def check(source):
-+            parser = html.parser.HTMLParser()
-+            parser.feed(source)
-+            parser.close()
-+        n = 120_000
-+        check("<a " * n)
-+        check("<a a=" * n)
-+        check("</a " * 14 * n)
-+        check("</a a=" * 11 * n)
-+        check("<!--" * 4 * n)
-+        check("<!" * 60 * n)
-+        check("<?" * 19 * n)
-+        check("</$" * 15 * n)
-+        check("<![CDATA[" * 9 * n)
-+        check("<!doctype" * 35 * n)
-+
- 
- class AttributesTestCase(TestCaseBase):
- 
-Index: Python-3.10.18/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.10.18/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst	2025-07-02 18:00:42.616466739 +0200
-@@ -0,0 +1,4 @@
-+Fix quadratic complexity in processing specially crafted input in
-+:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
-+to the HTML5 specs -- comments and declarations are automatically closed,
-+tags are ignored.
diff --git a/CVE-2025-8194-tarfile-no-neg-offsets.patch b/CVE-2025-8194-tarfile-no-neg-offsets.patch
deleted file mode 100644
index fea1b69..0000000
--- a/CVE-2025-8194-tarfile-no-neg-offsets.patch
+++ /dev/null
@@ -1,212 +0,0 @@
-From 898ac93eeeabfaffbc008dc3201e17cb39c1a957 Mon Sep 17 00:00:00 2001
-From: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Date: Mon, 28 Jul 2025 17:37:26 +0200
-Subject: [PATCH] [3.10] gh-130577: tarfile now validates archives to ensure
- member offsets are non-negative (GH-137027) (cherry picked from commit
- 7040aa54f14676938970e10c5f74ea93cd56aa38)
-
-Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
----
- Lib/tarfile.py                                                          |    3 
- Lib/test/test_tarfile.py                                                |  156 ++++++++++
- Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst |    3 
- 3 files changed, 162 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-
-Index: Python-3.10.18/Lib/tarfile.py
-===================================================================
---- Python-3.10.18.orig/Lib/tarfile.py	2025-08-02 17:52:24.521273582 +0200
-+++ Python-3.10.18/Lib/tarfile.py	2025-08-02 17:52:28.444044748 +0200
-@@ -1612,6 +1612,9 @@
-         """Round up a byte count by BLOCKSIZE and return it,
-            e.g. _block(834) => 1024.
-         """
-+        # Only non-negative offsets are allowed
-+        if count < 0:
-+            raise InvalidHeaderError("invalid offset")
-         blocks, remainder = divmod(count, BLOCKSIZE)
-         if remainder:
-             blocks += 1
-Index: Python-3.10.18/Lib/test/test_tarfile.py
-===================================================================
---- Python-3.10.18.orig/Lib/test/test_tarfile.py	2025-08-02 17:52:25.849390293 +0200
-+++ Python-3.10.18/Lib/test/test_tarfile.py	2025-08-02 17:52:39.623989523 +0200
-@@ -49,6 +49,7 @@
- xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
- tmpname = os.path.join(TEMPDIR, "tmp.tar")
- dotlessname = os.path.join(TEMPDIR, "testtar")
-+SPACE = b" "
- 
- sha256_regtype = (
-     "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
-@@ -4273,6 +4274,161 @@
-             self.expect_exception(TypeError)  # errorlevel is not int
- 
- 
-+class OffsetValidationTests(unittest.TestCase):
-+    tarname = tmpname
-+    invalid_posix_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011407" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 6 bytes, version: 2 bytes
-+        + tarfile.POSIX_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # devminor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # prefix: 155 bytes
-+        + tarfile.NUL * tarfile.LENGTH_PREFIX
-+        # padding: 12 bytes
-+        + tarfile.NUL * 12
-+    )
-+    invalid_gnu_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, null terminator: 8 bytes
-+        + b"0000755" + tarfile.NUL
-+        # uid, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011327" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 8 bytes
-+        + tarfile.GNU_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # devminor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # padding: 167 bytes
-+        + tarfile.NUL * 167
-+    )
-+    invalid_v7_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0010070" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # padding: 255 bytes
-+        + tarfile.NUL * 255
-+    )
-+    valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
-+    data_block = b"\xff" * tarfile.BLOCKSIZE
-+
-+    def _write_buffer(self, buffer):
-+        with open(self.tarname, "wb") as f:
-+            f.write(buffer)
-+
-+    def _get_members(self, ignore_zeros=None):
-+        with open(self.tarname, "rb") as f:
-+            with tarfile.open(
-+                mode="r", fileobj=f, ignore_zeros=ignore_zeros
-+            ) as tar:
-+                return tar.getmembers()
-+
-+    def _assert_raises_read_error_exception(self):
-+        with self.assertRaisesRegex(
-+            tarfile.ReadError, "file could not be opened successfully"
-+        ):
-+            self._get_members()
-+
-+    def test_invalid_offset_header_validations(self):
-+        for tar_format, invalid_header in (
-+            ("posix", self.invalid_posix_header),
-+            ("gnu", self.invalid_gnu_header),
-+            ("v7", self.invalid_v7_header),
-+        ):
-+            with self.subTest(format=tar_format):
-+                self._write_buffer(invalid_header)
-+                self._assert_raises_read_error_exception()
-+
-+    def test_early_stop_at_invalid_offset_header(self):
-+        buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
-+        self._write_buffer(buffer)
-+        members = self._get_members()
-+        self.assertEqual(len(members), 1)
-+        self.assertEqual(members[0].name, "filename")
-+        self.assertEqual(members[0].offset, 0)
-+
-+    def test_ignore_invalid_archive(self):
-+        # 3 invalid headers with their respective data
-+        buffer = (self.invalid_gnu_header + self.data_block) * 3
-+        self._write_buffer(buffer)
-+        members = self._get_members(ignore_zeros=True)
-+        self.assertEqual(len(members), 0)
-+
-+    def test_ignore_invalid_offset_headers(self):
-+        for first_block, second_block, expected_offset in (
-+            (
-+                (self.valid_gnu_header),
-+                (self.invalid_gnu_header + self.data_block),
-+                0,
-+            ),
-+            (
-+                (self.invalid_gnu_header + self.data_block),
-+                (self.valid_gnu_header),
-+                1024,
-+            ),
-+        ):
-+            self._write_buffer(first_block + second_block)
-+            members = self._get_members(ignore_zeros=True)
-+            self.assertEqual(len(members), 1)
-+            self.assertEqual(members[0].name, "filename")
-+            self.assertEqual(members[0].offset, expected_offset)
-+
-+
- def setUpModule():
-     os_helper.unlink(TEMPDIR)
-     os.makedirs(TEMPDIR)
-Index: Python-3.10.18/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.10.18/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-02 17:52:28.446021271 +0200
-@@ -0,0 +1,3 @@
-+:mod:`tarfile` now validates archives to ensure member offsets are
-+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
-+:gh:`130577`.)
diff --git a/Python-3.10.18.tar.xz b/Python-3.10.18.tar.xz
deleted file mode 100644
index 5fc6dc7..0000000
--- a/Python-3.10.18.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae665bc678abd9ab6a6e1573d2481625a53719bc517e9a634ed2b9fefae3817f
-size 19619316
diff --git a/Python-3.10.18.tar.xz.sigstore b/Python-3.10.18.tar.xz.sigstore
deleted file mode 100644
index 367da25..0000000
--- a/Python-3.10.18.tar.xz.sigstore
+++ /dev/null
@@ -1 +0,0 @@
-{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlOgAwIBAgIUPPj8WFgcPzKI0f+pcaxc3TPA/yswCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjAzMTg1ODI4WhcNMjUwNjAzMTkwODI4WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4NqgXmbx5LR/ICb4FcCE0psZ0nEPhnhmk36DOselqJIUA54Dj0SKcFUP3wbmqi9h9bo7ZqbQ5HTZR0ditz16KKOCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU91EDPL5bqZeofhdNBEBL98Ga+MEwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXNyjEogAABAMARzBFAiBenFTetr0d9XKM2FxuhUPv7YJVxt4F5reAl9D4IOX2JwIhAOULSuk4H79udCf1i4QEIPCrs3oEV3u+VpJ9GTC2Y+/mMAoGCCqGSM49BAMDA2cAMGQCMGGrDPAeA+zuXcHOmXGsqPX274/sjglPqkuXX8wI1JwDUoT5mN7ZZpAJX8XAQQAixwIwfk+a9VmWcY0I1UuAu+NuRRkNQCofemUeEuzhWyK1Yn5G+DcuXVf7lNlwC6awM0mb"}, "tlogEntries": [{"logIndex": "228919874", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1748977108", "inclusionPromise": {"signedEntryTimestamp": "MEUCIBlZWCgOoVzS+qS/YuAKZFDbO/cyOLxdRdDRFQVrjbfzAiEAvs5r5K/zZEJJE5bh/OFQPTex7Hj9OzJ8SQtvX2bATVk="}, "inclusionProof": {"logIndex": "107015612", "rootHash": "SCbCVVGttK0oajRjYxDAulUQEOL1nRy9KG6JbVMfe88=", "treeSize": "107015615", "hashes": ["1jQZ0U0iztYR47T7VqVQL/XmQ1kOJ9VGJAlEV7S12Rk=", "nzFzeKP8TFHjIx2Mf5E5RHDnftKz14VXcXGOv6TjP2U=", "rYdthRwegf6R59Jn79y56HZlg/HgWGq2ThwABpgzIx8=", "itoQl5XnazIM1MaE0xAHfTyJuXWLosPRHBX6LOyQZqw=", "m4vF5qDZ/VpszDAF6BpkLLL9mJUrMqTnDGBzbP1+mAA=", "aPbPdtUCj7gO3JjjsuOf+HO0RD3cth0ZCf7GBkev2jA=", "F1AHv3JuUWYZTcWLZFEo2qDYsdVdytSXRmZu4tASPAk=", "jhwwkSRTGiVvY/O6FZ9c4ASOhW4Uktv0K324Xmy4V/k=", "m/WZEVH9CTs0KJcGZIdK4CVc1WENSbb9gjFrdzj5kYI=", "MRAzh2spHQbvIBIISBBvo0zc0n73qn6TIJ5ur8P4K/8=", "tuZDuieL5jtYIFu4Miyh8eBdvmmkGD1LcMTrLs7j/ZE=", "kbUClUnkU0UJZhuQHiwkFFDXdat+8DImNUFMe+bn0Q4=", "WdQbyoFfuhZe2IciO+mhgtPi9ev0pSFpkBr7XCWylqQ=", "uEJFtwcGQJMd9kjQhkXb7gl2WD3WMElCc15uDFvFGxs=", "VdOKzpQhJlpXgijzXANf/hNlje1G/N1kUuVnKNskkso=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n107015615\nSCbCVVGttK0oajRjYxDAulUQEOL1nRy9KG6JbVMfe88=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAC5UJXNKStXDw/L3DlSxscdhpQvVI3Ann4US9sFgT0mAIgJw8zaZc5WMKv1tIRBEUSw1lTjeEO69ypVTwS3MGF7MQ=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhZTY2NWJjNjc4YWJkOWFiNmE2ZTE1NzNkMjQ4MTYyNWE1MzcxOWJjNTE3ZTlhNjM0ZWQyYjlmZWZhZTM4MTdmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQ3RudW1SZHlqbUVZaHV3MlpNTWdBZFpBeXYvcjVnSjhHbnFUWTBlTS9yNUFpQklQM2pGQWN6TXFhY0N5RE9kMkFKU0VyNmEwSTQxcnRwUHJCRUJMc1ArU0E9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4UFowRjNTVUpCWjBsVlVGQnFPRmRHWjJOUWVrdEpNR1lyY0dOaGVHTXpWRkJCTDNsemQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUVhwTlZHY3hUMFJKTkZkb1kwNU5hbFYzVG1wQmVrMVVhM2RQUkVrMFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVUwVG5GbldHMWllRFZNVWk5SlEySTBSbU5EUlRCd2Mxb3dia1ZRYUc1b2JXc3pOa1FLVDNObGJIRktTVlZCTlRSRWFqQlRTMk5HVlZBemQySnRjV2s1YURsaWJ6ZGFjV0pSTlVoVVdsSXdaR2wwZWpFMlMwdFBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlU1TVVWRUNsQk1OV0p4V21WdlptaGtUa0pGUWt3NU9FZGhLMDFGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRMUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJZDBVS1pXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxaE9lV3BGYjJkQlFRcENRVTFCVW5wQ1JrRnBRbVZ1UmxSbGRISXdaRGxZUzAweVJuaDFhRlZRZGpkWlNsWjRkRFJHTlhKbFFXdzVSRFJKVDFneVNuZEphRUZQVlV4VGRXczBDa2czT1hWa1EyWXhhVFJSUlVsUVEzSnpNMjlGVmpOMUsxWndTamxIVkVNeVdTc3ZiVTFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbU5CVFVkUlEwMUhSM0lLUkZCQlpVRXJlblZZWTBoUGJWaEhjM0ZRV0RJM05DOXphbWRzVUhGcmRWaFlPSGRKTVVwM1JGVnZWRFZ0VGpkYVduQkJTbGc0V0VGUlVVRnBlSGRKZHdwbWF5dGhPVlp0VjJOWk1Fa3hWWFZCZFN0T2RWSlNhMDVSUTI5bVpXMVZaVVYxZW1oWGVVc3hXVzQxUnl0RVkzVllWbVkzYkU1c2QwTTJZWGROTUcxaUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "rmZbxnir2atqbhVz0kgWJaU3GbxRfppjTtK5/vrjgX8="}, "signature": "MEQCICtnumRdyjmEYhuw2ZMMgAdZAyv/r5gJ8GnqTY0eM/r5AiBIP3jFAczMqacCyDOd2AJSEr6a0I41rtpPrBEBLsP+SA=="}}
diff --git a/Python-3.10.19.tar.xz b/Python-3.10.19.tar.xz
new file mode 100644
index 0000000..4cd42b2
--- /dev/null
+++ b/Python-3.10.19.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c8f4a596572201d81dd7df91f70e177e19a70f1d489968b54b5fbbf29a97c076
+size 19873020
diff --git a/Python-3.10.19.tar.xz.sigstore b/Python-3.10.19.tar.xz.sigstore
new file mode 100644
index 0000000..f88b5bd
--- /dev/null
+++ b/Python-3.10.19.tar.xz.sigstore
@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUPLyAcJBqiNboHaWs7BHcTxLyk10wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMDA5MTYwMzQ1WhcNMjUxMDA5MTYxMzQ1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/Ph0DALE7DyuLJPqS8zTKbHvI4d4FTFysDKBex9xr05SkjWCKLXNIrQmtHHOMQxZHtnLqlyGWc9C6R2a1cTbTaOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUybzXPdm39+0wK3RSdJ45ttTJN3kwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGZybbSOQAABAMASDBGAiEAw9xx7UYivhAyYIxj8O/bRt/WdKL74c3MZDyXembfzTMCIQCDyspf74flglREl1yUs9/t+X2OhtzftOQdBPGH4ZWjbTAKBggqhkjOPQQDAwNoADBlAjBDE2ymGrMzZxRO+yRwzl1ujWuR6SeVI1Ty5+VVUW0QGikW9a4+3I+DB3TUxPNvh80CMQCGOyJMos1BBpAgiUyvb22OJ3BhzGgmC9dFSgcvzlyms5blKLAtBjf1+IlyFdEkBIc="}, "tlogEntries": [{"logIndex": "597674983", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1760025826", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQDOhM/d61Xhr0Tn1mq0RFlu6kVvr+yr/OqE5ztg4LdI7AIgD6WPgOpn/1MgSp/XZ+ftU8wtZR32T+2wR03bkJOtQbE="}, "inclusionProof": {"logIndex": "475770721", "rootHash": "B1gv7JXRafrhEphKVN52yfrMBZ3YKQQELBICIGE0Xbk=", "treeSize": "475770722", "hashes": ["WK4RpC4pMLkEw8wOVJNRhaVH/LNHi65GwYW198mWnlA=", "opCnXnHA8HzxF/z3Qb6GpkzKVubqUgILN9729tSo7bk=", "81B2Ob5iKGTzITexeN47H++3/4QI6rNrwIp50yNjvYs=", "y24fAVX92cj3coVxwKg7azZlV2Oy7R0nwdY1HtepWQE=", "ojBgFF5g+M4hyxvL++Yi4mkmz2qJwkCl+1EpxEvLUdk=", "mZCvajPPCTqDtyHpKtXR1PctgiNLlTcGb/DjzXpA/eY=", "wCMog5TY7QnhcGa4vMQ8Scgr8Ti0zxV/CrgLR9sXadk=", "lU4SDoAFOyhGKqjcmr+9hlvgGNEuazsT3vZ4Hl7u4Sw=", "4fiFuSaFvn0p4uqLNF0ReEHj2uOks8Djwmd/wiJjI4I=", "WlOPUw/aSCRGCD82nA+ExVSdSAGkafb1nGxd3PAXPSk=", "V/aAsI+q3p5YLtfajhhBrAJmnMLh+6w/evHpWZ4yYJI=", "qXhJobQjWl6SO/pue3trUW2uL4jXx24Ip7lpd4hc5bU=", "56ObhlROm9L8Q4JyN+mxEQ5pZD5QdobB1xZFIeL0lVg=", "EGaD/cNavzxGYLx1Gl0uNNWBZvyXlSHSdlIeH7m+63A=", "2Wv4GiithwNukRKV06clevnQQYCzXmSS/+/OJtXgsXQ=", "1mfy94KpcItqshH9+gwqV6jccupcaMpVsF28New8zDY=", "vS7O4ozHIQZJWBiov+mkpI27GE8zAmVCEkRcP3NDyNE="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n475770722\nB1gv7JXRafrhEphKVN52yfrMBZ3YKQQELBICIGE0Xbk=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEAi6W3v4n0hXFzBd/6jaKqBKmR6NSI62pITwqVgYWddeMCIG8EzMyqDkIyqMIi18EuboV6kml4tBJox32CvAaQHdnQ\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjOGY0YTU5NjU3MjIwMWQ4MWRkN2RmOTFmNzBlMTc3ZTE5YTcwZjFkNDg5OTY4YjU0YjVmYmJmMjlhOTdjMDc2In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQWltQ1ZnNTF3SzVCU2FoZVlGZFpNRWVPZUZrdEZJT2d3bUZRdnNEdVJ3NUFpQngzRTB5c0t5OEl5V3gyQk5KVzUrVG9GNmUxRmhaKzlNWEhoVGJnTVF6aGc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlVFeDVRV05LUW5GcFRtSnZTR0ZYY3pkQ1NHTlVlRXg1YXpFd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFFUVRWTlZGbDNUWHBSTVZkb1kwNU5hbFY0VFVSQk5VMVVXWGhOZWxFeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVV2VUdnd1JFRk1SVGRFZVhWTVNsQnhVemg2VkV0aVNIWkpOR1EwUmxSR2VYTkVTMElLWlhnNWVISXdOVk5yYWxkRFMweFlUa2x5VVcxMFNFaFBUVkY0V2toMGJreHhiSGxIVjJNNVF6WlNNbUV4WTFSaVZHRlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlY1WW5wWUNsQmtiVE01S3pCM1N6TlNVMlJLTkRWMGRGUktUak5yZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxcDVZbUpUVDFGQlFRcENRVTFCVTBSQ1IwRnBSVUYzT1hoNE4xVlphWFpvUVhsWlNYaHFPRTh2WWxKMEwxZGtTMHczTkdNelRWcEVlVmhsYldKbWVsUk5RMGxSUTBSNWMzQm1DamMwWm14bmJGSkZiREY1VlhNNUwzUXJXREpQYUhSNlpuUlBVV1JDVUVkSU5GcFhhbUpVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRa1FLUlRKNWJVZHlUWHBhZUZKUEszbFNkM3BzTVhWcVYzVlNObE5sVmtreFZIazFLMVpXVlZjd1VVZHBhMWM1WVRRck0wa3JSRUl6VkZWNFVFNTJhRGd3UXdwTlVVTkhUM2xLVFc5ek1VSkNjRUZuYVZWNWRtSXlNazlLTTBKb2VrZG5iVU01WkVaVFoyTjJlbXg1YlhNMVlteExURUYwUW1wbU1TdEpiSGxHWkVWckNrSkpZejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "yPSlllciAdgd19+R9w4XfhmnDx1ImWi1S1+78pqXwHY="}, "signature": "MEQCIAimCVg51wK5BSaheYFdZMEeOeFktFIOgwmFQvsDuRw5AiBx3E0ysKy8IyWx2BNJW5+ToF6e1FhZ+9MXHhTbgMQzhg=="}}
diff --git a/python310.changes b/python310.changes
index 6ea49ec..6568b0b 100644
--- a/python310.changes
+++ b/python310.changes
@@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Wed Oct 15 08:43:33 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.10.19:
+  - Security
+    - gh-139700: Check consistency of the zip64 end of central
+      directory record. Support records with “zip64 extensible data”
+      if there are no bytes prepended to the ZIP file.
+    - gh-139400: xml.parsers.expat: Make sure that parent Expat
+      parsers are only garbage-collected once they are no longer
+      referenced by subparsers created by
+      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
+    - gh-135661: Fix parsing start and end tags in
+      html.parser.HTMLParser according to the HTML5 standard.
+      * Whitespaces no longer accepted between </ and the tag name.
+        E.g. </ script> does not end the script section.
+      * Vertical tabulation (\v) and non-ASCII whitespaces no longer
+        recognized as whitespaces. The only whitespaces are \t\n\r\f
+        and space.
+      * Null character (U+0000) no longer ends the tag name.
+      * Attributes and slashes after the tag name in end tags are now
+        ignored, instead of terminating after the first > in quoted
+        attribute value. E.g. </script/foo=">"/>.
+      * Multiple slashes and whitespaces between the last attribute
+        and closing > are now ignored in both start and end tags. E.g.
+        <a foo=bar/ //>.
+      * Multiple = between attribute name and value are no longer
+        collapsed. E.g. <a foo==bar> produces attribute “foo” with
+        value “=bar”.
+    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
+      according to the HTML5 standard: ] ]> and ]] > no longer end the
+      CDATA section. Add private method _set_support_cdata() which can
+      be used to specify how to parse <[CDATA[ — as a CDATA section in
+      foreign content (SVG or MathML) or as a bogus comment in the
+      HTML namespace.
+    - gh-102555: Fix comment parsing in html.parser.HTMLParser
+      according to the HTML5 standard. --!> now ends the comment. -- >
+      no longer ends the comment. Support abnormally ended empty
+      comments <--> and <--->.
+    - gh-135462: Fix quadratic complexity in processing specially
+      crafted input in html.parser.HTMLParser. End-of-file errors are
+      now handled according to the HTML5 specs – comments and
+      declarations are automatically closed, tags are ignored.
+    - gh-118350: Fix support of escapable raw text mode (elements
+      “textarea” and “title”) in html.parser.HTMLParser.
+    - gh-86155: html.parser.HTMLParser.close() no longer loses data
+      when the <script> tag is not closed. Patch by Waylan Limberg.
+  - Library
+    - gh-139312: Upgrade bundled libexpat to 2.7.3
+    - gh-138998: Update bundled libexpat to 2.7.2
+    - gh-130577: tarfile now validates archives to ensure member
+      offsets are non-negative. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-130577.)
+    - gh-135374: Update the bundled copy of setuptools to 79.0.1.
+
+- Drop upstreamed patches:
+  - CVE-2025-8194-tarfile-no-neg-offsets.patch
+  - CVE-2025-6069-quad-complex-HTMLParser.patch
+
 -------------------------------------------------------------------
 Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
 
diff --git a/python310.spec b/python310.spec
index b9af4c2..2ebb188 100644
--- a/python310.spec
+++ b/python310.spec
@@ -108,7 +108,7 @@ Obsoletes:      python39%{?1:-%{1}}
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.10.18
+Version:        3.10.19
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -202,14 +202,8 @@ Patch27:        gh120226-fix-sendfile-test-kernel-610.patch
 # PATCH-FIX-UPSTREAM sphinx-802.patch mcepl@suse.com
 # status_iterator method moved between the Sphinx versions
 Patch28:        sphinx-802.patch
-# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com
-# avoid quadratic complexity when processing malformed inputs with HTMLParser
-Patch29:        CVE-2025-6069-quad-complex-HTMLParser.patch
-# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com
-# tarfile now validates archives to ensure member offsets are non-negative
-Patch30:        CVE-2025-8194-tarfile-no-neg-offsets.patch
 # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
-Patch31:        gh139257-Support-docutils-0.22.patch
+Patch29:        gh139257-Support-docutils-0.22.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -509,6 +503,9 @@ rm Lib/site-packages/README.txt
 # Add vendored bluez-devel files
 tar xvf %{SOURCE21}
 
+# Don't fail on warnings when building documentation
+sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
+
 %build
 %if %{with doc}
 TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"`