diff --git a/CVE-2024-6923-follow-up-EOL-email-headers.patch b/CVE-2024-6923-follow-up-EOL-email-headers.patch deleted file mode 100644 index a34d87b..0000000 --- a/CVE-2024-6923-follow-up-EOL-email-headers.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 7ef18bbf2f92550e65547c0a55995c423e237944 Mon Sep 17 00:00:00 2001 -From: Seth Michael Larson -Date: Fri, 23 Jan 2026 08:59:35 -0600 -Subject: [PATCH] gh-144125: email: verify headers are sound in BytesGenerator - (cherry picked from commit 052e55e7d44718fe46cbba0ca995cb8fcc359413) - -Co-authored-by: Seth Michael Larson -Co-authored-by: Denis Ledoux -Co-authored-by: Denis Ledoux <5822488+beledouxdenis@users.noreply.github.com> -Co-authored-by: Petr Viktorin <302922+encukou@users.noreply.github.com> -Co-authored-by: Bas Bloemsaat <1586868+basbloemsaat@users.noreply.github.com> ---- - Lib/email/generator.py | 12 +++++++++++- - Lib/test/test_email/test_generator.py | 4 +++- - Lib/test/test_email/test_policy.py | 6 +++++- - .../2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst | 4 ++++ - 4 files changed, 23 insertions(+), 3 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst - -diff --git a/Lib/email/generator.py b/Lib/email/generator.py -index ce94f5c56fe34e..a03eb1fbbc9288 100644 ---- a/Lib/email/generator.py -+++ b/Lib/email/generator.py -@@ -22,6 +22,7 @@ - NLCRE = re.compile(r'\r\n|\r|\n') - fcre = re.compile(r'^From ', re.MULTILINE) - NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') -+NEWLINE_WITHOUT_FWSP_BYTES = re.compile(br'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') - - - class Generator: -@@ -429,7 +430,16 @@ def _write_headers(self, msg): - # This is almost the same as the string version, except for handling - # strings with 8bit bytes. - for h, v in msg.raw_items(): -- self._fp.write(self.policy.fold_binary(h, v)) -+ folded = self.policy.fold_binary(h, v) -+ if self.policy.verify_generated_headers: -+ linesep = self.policy.linesep.encode() -+ if not folded.endswith(linesep): -+ raise HeaderWriteError( -+ f'folded header does not end with {linesep!r}: {folded!r}') -+ if NEWLINE_WITHOUT_FWSP_BYTES.search(folded.removesuffix(linesep)): -+ raise HeaderWriteError( -+ f'folded header contains newline: {folded!r}') -+ self._fp.write(folded) - # A blank line always separates headers from body - self.write(self._NL) - -diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py -index c75a842c33578e..3ca79edf6a65d9 100644 ---- a/Lib/test/test_email/test_generator.py -+++ b/Lib/test/test_email/test_generator.py -@@ -313,7 +313,7 @@ def test_flatten_unicode_linesep(self): - self.assertEqual(s.getvalue(), self.typ(expected)) - - def test_verify_generated_headers(self): -- """gh-121650: by default the generator prevents header injection""" -+ # gh-121650: by default the generator prevents header injection - class LiteralHeader(str): - name = 'Header' - def fold(self, **kwargs): -@@ -334,6 +334,8 @@ def fold(self, **kwargs): - - with self.assertRaises(email.errors.HeaderWriteError): - message.as_string() -+ with self.assertRaises(email.errors.HeaderWriteError): -+ message.as_bytes() - - - class TestBytesGenerator(TestGeneratorBase, TestEmailBase): -diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py -index baa35fd68e49c5..71ec0febb0fd86 100644 ---- a/Lib/test/test_email/test_policy.py -+++ b/Lib/test/test_email/test_policy.py -@@ -296,7 +296,7 @@ def test_short_maxlen_error(self): - policy.fold("Subject", subject) - - def test_verify_generated_headers(self): -- """Turning protection off allows header injection""" -+ # Turning protection off allows header injection - policy = email.policy.default.clone(verify_generated_headers=False) - for text in ( - 'Header: Value\r\nBad: Injection\r\n', -@@ -319,6 +319,10 @@ def fold(self, **kwargs): - message.as_string(), - f"{text}\nBody", - ) -+ self.assertEqual( -+ message.as_bytes(), -+ f"{text}\nBody".encode(), -+ ) - - # XXX: Need subclassing tests. - # For adding subclassed objects, make sure the usual rules apply (subclass -diff --git a/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst b/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst -new file mode 100644 -index 00000000000000..e6333e724972c5 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst -@@ -0,0 +1,4 @@ -+:mod:`~email.generator.BytesGenerator` will now refuse to serialize (write) headers -+that are unsafely folded or delimited; see -+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas -+Bloemsaat and Petr Viktorin in :gh:`121650`). diff --git a/Python-3.13.11.tar.xz b/Python-3.13.11.tar.xz deleted file mode 100644 index 3c2e468..0000000 --- a/Python-3.13.11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:16ede7bb7cdbfa895d11b0642fa0e523f291e6487194d53cf6d3b338c3a17ea2 -size 22704352 diff --git a/Python-3.13.11.tar.xz.sigstore b/Python-3.13.11.tar.xz.sigstore deleted file mode 100644 index 10bc5ee..0000000 --- a/Python-3.13.11.tar.xz.sigstore +++ /dev/null @@ -1 +0,0 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyTCCAk+gAwIBAgIUMZ9OrU89PmgWXWiYxq/s1e8xVkkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMjA1MTY1NjU1WhcNMjUxMjA1MTcwNjU1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ3Wq/mhAIwL1ZNOiCgOmVYXqwl8rWBi+hwTYY+NJLvmuRW7wblbWyTJ1RSZrS9dVGhVdWZP7tT2hvkt56ibycaOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUCukYhSJA3LGmELdmyGSLM/sNqPowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGa73H4UAAABAMARjBEAiAoqadI7BCu3G3jmK140KSkRC+uTKIS7K/yAUtT8zfdiwIgV51hPZZYKSjHglktFhqcxzHLdRyb96/caoR4m+DHvT8wCgYIKoZIzj0EAwMDaAAwZQIwSuCW4+VibjHM96ArSncpYew+tvp7bMlc21AHsgr12ZO6p//IiSdjJlqOTpYwCWtFAjEA0BxY6Y7zl4+baG4+BZ+EEiwDwoCOVTR7ORMuDYeZ/Dy6g47hohxRqtssCYdRKRZq"}, "tlogEntries": [{"logIndex": "743450012", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1764953815", "inclusionPromise": {"signedEntryTimestamp": "MEQCIFAmMfakwQScJ3jGB7ufmmWcvXbT/sQYyb/iIbRyJXYmAiB25k62mSSsvteAacdB4SjQJ100UGRI02mHOZykKqirrQ=="}, "inclusionProof": {"logIndex": "621545750", "rootHash": "lTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=", "treeSize": "621545755", "hashes": ["FqRC4Ydg7KClKWZIe5BLdSoxPOl3L+wXnnctnBbxa5E=", "hyHMJXZjRrPr7N8JDpms6tqWbIuqgBLKkoDomNSzO8g=", "XV5KmKAmcumiCPrjB89usazCvsWagxoKoI5P3Rn5mDQ=", "FKJNSf/yPWGSGCwEZ4ybeMVy+zECYaK/u2yKEboKDQs=", "4wbyhSYvHHiszMmrsBtjXwOt9um81zByZQLFAXJAu0g=", "q0tC4xtUswgodVV8T7OYpkNlp/XC4qAM541kvTHkq4o=", "se5pDnKcF+idDdO0PdbWjF+rFNUWlCzxj+pSmkASRQU=", "YYvp7Leoq6lF3zEs+Bux7BQt/UrxFbOOJAwVroBevek=", "pQtmpjszxrel2u+2I5HrLBwlwvhc19nfAUsa5EHZAe4=", "0jEq6eagxqoSOor9OR//fY6uOsPzLaE1q1n9tZRzfSc=", "ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n621545755\nlTjgILAqSIIoraXAj/bseL/7BMbChIzmHVo5P84pPO8=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAS9t8HEV2fPKq2rB20KvscWBUzqlzyZr6asuXxp8whiAIgUxc+PuVjTYduOZ2zKNeaSos22BXxAn7hKgxBroQmIkE=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIxNmVkZTdiYjdjZGJmYTg5NWQxMWIwNjQyZmEwZTUyM2YyOTFlNjQ4NzE5NGQ1M2NmNmQzYjMzOGMzYTE3ZWEyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURENENYVTNMNGlMSkVCb0xFSVlnVU5kTXhjN3VENWdMcUgyeXRFNFQxTnd3SWdKbHBhMHJFbDV0MGdtbTlTYzRoQnpFOG9QK2JLSlVZeExUTmd4dEdnSmo0PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVWRU5EUVdzclowRjNTVUpCWjBsVlRWbzVUM0pWT0RsUWJXZFhXRmRwV1hoeEwzTXhaVGg0Vm10cmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFxUVRGTlZGa3hUbXBWTVZkb1kwNU5hbFY0VFdwQk1VMVVZM2RPYWxVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZSTTFkeEwyMW9RVWwzVERGYVRrOXBRMmRQYlZaWldIRjNiRGh5VjBKcEsyaDNWRmtLV1N0T1NreDJiWFZTVnpkM1lteGlWM2xVU2pGU1UxcHlVemxrVmtkb1ZtUlhXbEEzZEZReWFIWnJkRFUyYVdKNVkyRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZEZFd0WkNtaFRTa0V6VEVkdFJVeGtiWGxIVTB4TkwzTk9jVkJ2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWVRjelNEUlZRVUZCUWtGTlFRcFNha0pGUVdsQmIzRmhaRWszUWtOMU0wY3phbTFMTVRRd1MxTnJVa01yZFZSTFNWTTNTeTk1UVZWMFZEaDZabVJwZDBsblZqVXhhRkJhV2xsTFUycElDbWRzYTNSR2FIRmplSHBJVEdSU2VXSTVOaTlqWVc5U05HMHJSRWgyVkRoM1EyZFpTVXR2V2tsNmFqQkZRWGROUkdGQlFYZGFVVWwzVTNWRFZ6UXJWbWtLWW1wSVRUazJRWEpUYm1Od1dXVjNLM1IyY0RkaVRXeGpNakZCU0hObmNqRXlXazgyY0M4dlNXbFRaR3BLYkhGUFZIQlpkME5YZEVaQmFrVkJNRUo0V1FvMldUZDZiRFFyWW1GSE5DdENXaXRGUldsM1JIZHZRMDlXVkZJM1QxSk5kVVJaWlZvdlJIazJaelEzYUc5b2VGSnhkSE56UTFsa1VrdFNXbkVLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "Fu3nu3zb+oldEbBkL6DlI/KR5khxlNU89tOzOMOhfqI="}, "signature": "MEUCIQDD4CXU3L4iLJEBoLEIYgUNdMxc7uD5gLqH2ytE4T1NwwIgJlpa0rEl5t0gmm9Sc4hBzE8oP+bKJUYxLTNgxtGgJj4="}} diff --git a/Python-3.13.12.tar.xz b/Python-3.13.12.tar.xz new file mode 100644 index 0000000..ed0f191 --- /dev/null +++ b/Python-3.13.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a84cd31dd8d8ea8aaff75de66fc1b4b0127dd5799aa50a64ae9a313885b4593 +size 22926488 diff --git a/Python-3.13.12.tar.xz.sigstore b/Python-3.13.12.tar.xz.sigstore new file mode 100644 index 0000000..a0189e4 --- /dev/null +++ b/Python-3.13.12.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyjCCAlCgAwIBAgIUd3BGt1gyhZ7BYbeseXA8c2DdibQwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwMjAzMTg0NjE3WhcNMjYwMjAzMTg1NjE3WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhYYPicRn+qIiC5+ir76HQcoQUTnX3KLGAgxVNTF5qRezq3JVyV0AeF353c+3WeEFB7GhcjofduneHxMs2p21A6OCAW8wggFrMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUG3GWlZLEo5y8PJOC6U6XWWbXq8cwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGcJNOo+wAABAMARzBFAiEApD1YZUZXVCGknmq657Zse2+YPJ/iZc2Pph8/wslkS7QCIB5mRDcUKHCP4TLuyjgHeDVI+A3qPbVma4+hhb6mQjIsMAoGCCqGSM49BAMDA2gAMGUCMQClqgtzmDVKL5zwgGROBysRopsp0461OQHyxhASnDJQG/tY0PveEuPbbtU+TQINZaICMFqsBkwPD1Tgi9j/0k13uWkwL0IzBlQYTE/uDGDgGNWuLMGCBrQxmCX0Xf3DcXiSjQ=="}, "tlogEntries": [{"logIndex": "908847189", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1770144377", "inclusionPromise": {"signedEntryTimestamp": "MEUCIGNrL5qqFLzEyrVZqoLqGeluJyDcBiUW+xH2EhahmcsTAiEAm4PesuuW6wzQPbJ9nA2D3mBWVrjAWHkMzCPt3835QRs="}, "inclusionProof": {"logIndex": "786942927", "rootHash": "EgpCmVjI8oTeCJcLVThE/0oBJ+O3miuDi5862MoSKg4=", "treeSize": "786942929", "hashes": ["vDGmESfo+3WREhBX+C0JPCLCXw3NB5qxd5BNDVzbsY8=", "gh3YBupXIi36VWGWTVXREyz/aHq+ahuNYDvqZC5wvEU=", "mv7ccIGFOs2AwaHEU4thGs4NKJLDldENwpQ/I3ti4OY=", "kJutZiX5uChzl1jeE/mTtjkUPgMp1oyjS7NGcv8xdYM=", "+rsRdjiDSje1c9hKWpmUkBTK/nm+MBvFrl5DYf4aU8Y=", "5LuuvmQFM1Ryxvv0Lh7dEFIzxoQoQRnH7N6lRjJcCN4=", "II44u3SxcMKISKszNmAuwI0KJZIa6Un71DErWqv92N8=", "vj08yXl/3gdj1DXG6BkZp92sZ/er/vWcoo0pzk1YCLs=", "jzkc9wE6zVpNiJNdF2fSmIBYCVZtZfNfFENtxUjZK5Q=", "ViaaI9ll2bJAEESz+ovl9K0tZOH1M6bjnFvwAKo5wj8=", "C8IdXG4/BpM/0SMt4jgVtVXsHbREYrssK0MuEKWpuhg=", "QdVJN4pI2za6IrM4/I4o9aeZMiXnx7faJSZQMhMmtU8=", "sCWg+jViEKkz6QEEx56tYG4vykLu2WiALyfOcM96toQ=", "AAtQsmfrXzumS5rosvNxszWd2XG1lRck4WtRuwVAiU8=", "bGXXJ36FovKuLHu/UAyDMaXYRCr5fKcrc9rlbjQ7HDs=", "iEKYdHrZdRVr6DbpjA8Lcwmot+QZOoeZ1BAEuu/Bvro=", "RBHg3kfW74vkatMSjoUEMZxs4pXkX6y3f906Fc2Yc0Y=", "YEPMagC4YFWQMmrwdZHLOWJudK6RRRuGHVQ8/uADabI=", "yeCWAa93hha1YBKuFn93zBzKbqQW3tYHrgkSp5U7ndU=", "4O6YxKguFZGEr7Xsa3hqNAN2Qq7uVVat/IV4masT570=", "F9MSQ5SmoFr+hoADclpdFY52/TLfHDnNPYb9ZNYO5gI=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n786942929\nEgpCmVjI8oTeCJcLVThE/0oBJ+O3miuDi5862MoSKg4=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEAinMhjfRYpijs93FgPot0PIVfGyDAV8ku7dd/XeHM9HQCIEuCtFplaxKCpc0DDbSve4E43M7ldHHk4Yo+Cp2rgcAe\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTg0Y2QzMWRkOGQ4ZWE4YWFmZjc1ZGU2NmZjMWI0YjAxMjdkZDU3OTlhYTUwYTY0YWU5YTMxMzg4NWI0NTkzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNCM3U2MzF0Rk9vV1A5QzA3UEMyWG5HTEd2UllFSGJPZ1ZYVW5OUGxvYnV3SWdaVGxxR2dMYjJ0Wi9XSWp6bEE3RXFQR01LNE10Q3h4RFpvdnVYcUJLditvPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVha05EUVd4RFowRjNTVUpCWjBsVlpETkNSM1F4WjNsb1dqZENXV0psYzJWWVFUaGpNa1JrYVdKUmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDFxUVhwTlZHY3dUbXBGTTFkb1kwNU5hbGwzVFdwQmVrMVVaekZPYWtVelYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZvV1ZsUWFXTlNiaXR4U1dsRE5TdHBjamMyU0ZGamIxRlZWRzVZTTB0TVIwRm5lRllLVGxSR05YRlNaWHB4TTBwV2VWWXdRV1ZHTXpVell5c3pWMlZGUmtJM1IyaGphbTltWkhWdVpVaDRUWE15Y0RJeFFUWlBRMEZYT0hkblowWnlUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZITTBkWENteGFURVZ2TlhrNFVFcFBRelpWTmxoWFYySlljVGhqZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpRS1FVaFpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWTBwT1QyOHJkMEZCUWtGTlFRcFNla0pHUVdsRlFYQkVNVmxhVlZwWVZrTkhhMjV0Y1RZMU4xcHpaVElyV1ZCS0wybGFZekpRY0dnNEwzZHpiR3RUTjFGRFNVSTFiVkpFWTFWTFNFTlFDalJVVEhWNWFtZElaVVJXU1N0Qk0zRlFZbFp0WVRRcmFHaGlObTFSYWtselRVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVowRk5SMVZEVFZGRGJIRm5kSG9LYlVSV1MwdzFlbmRuUjFKUFFubHpVbTl3YzNBd05EWXhUMUZJZVhob1FWTnVSRXBSUnk5MFdUQlFkbVZGZFZCaVluUlZLMVJSU1U1YVlVbERUVVp4Y3dwQ2EzZFFSREZVWjJrNWFpOHdhekV6ZFZkcmQwd3dTWHBDYkZGWlZFVXZkVVJIUkdkSFRsZDFURTFIUTBKeVVYaHRRMWd3V0dZelJHTllhVk5xVVQwOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "KoTNMd2Njqiq/3XeZvwbSwEn3VeZqlCmSumjE4hbRZM="}, "signature": "MEUCIQCB3u631tFOoWP9C07PC2XnGLGvRYEHbOgVXUnNPlobuwIgZTlqGgLb2tZ/WIjzlA7EqPGMK4MtCxxDZovuXqBKv+o="}} diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index 44ed8cc..5158e2f 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -13,9 +13,11 @@ Co-Authored-By: Xavier de Gaye 5 files changed, 37 insertions(+), 9 deletions(-) create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst ---- a/Doc/library/ensurepip.rst -+++ b/Doc/library/ensurepip.rst -@@ -61,7 +61,11 @@ is at least as recent as the one availab +Index: Python-3.13.12/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.13.12.orig/Doc/library/ensurepip.rst 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/library/ensurepip.rst 2026-02-06 11:32:33.737805498 +0100 +@@ -63,7 +63,11 @@ By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no active virtual environment). The installation location can be controlled @@ -28,7 +30,7 @@ Co-Authored-By: Xavier de Gaye .. option:: --root -@@ -102,7 +106,7 @@ Module API +@@ -104,7 +108,7 @@ Returns a string specifying the available version of pip that will be installed when bootstrapping an environment. @@ -37,7 +39,7 @@ Co-Authored-By: Xavier de Gaye altinstall=False, default_pip=False, \ verbosity=0) -@@ -112,6 +116,8 @@ Module API +@@ -114,6 +118,8 @@ If *root* is ``None``, then installation uses the default install location for the current environment. @@ -46,7 +48,7 @@ Co-Authored-By: Xavier de Gaye *upgrade* indicates whether or not to upgrade an existing installation of an earlier version of ``pip`` to the available version. -@@ -132,6 +138,8 @@ Module API +@@ -134,6 +140,8 @@ *verbosity* controls the level of output to :data:`sys.stdout` from the bootstrapping operation. @@ -55,9 +57,11 @@ Co-Authored-By: Xavier de Gaye .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap .. note:: ---- a/Lib/ensurepip/__init__.py -+++ b/Lib/ensurepip/__init__.py -@@ -106,27 +106,27 @@ def _disable_pip_configuration_settings( +Index: Python-3.13.12/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.13.12.orig/Lib/ensurepip/__init__.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Lib/ensurepip/__init__.py 2026-02-06 11:32:33.738107656 +0100 +@@ -106,27 +106,27 @@ os.environ['PIP_CONFIG_FILE'] = os.devnull @@ -90,7 +94,7 @@ Co-Authored-By: Xavier de Gaye Note that calling this function will alter both sys.path and os.environ. """ -@@ -162,6 +162,8 @@ def _bootstrap(*, root=None, upgrade=Fal +@@ -162,6 +162,8 @@ args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] if root: args += ["--root", root] @@ -99,7 +103,7 @@ Co-Authored-By: Xavier de Gaye if upgrade: args += ["--upgrade"] if user: -@@ -238,6 +240,11 @@ def _main(argv=None): +@@ -238,6 +240,11 @@ help="Install everything relative to this alternate root directory.", ) parser.add_argument( @@ -111,7 +115,7 @@ Co-Authored-By: Xavier de Gaye "--altinstall", action="store_true", default=False, -@@ -256,6 +263,7 @@ def _main(argv=None): +@@ -256,6 +263,7 @@ return _bootstrap( root=args.root, @@ -119,9 +123,11 @@ Co-Authored-By: Xavier de Gaye upgrade=args.upgrade, user=args.user, verbosity=args.verbosity, ---- a/Lib/test/test_ensurepip.py -+++ b/Lib/test/test_ensurepip.py -@@ -101,6 +101,17 @@ class TestBootstrap(EnsurepipMixin, unit +Index: Python-3.13.12/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.13.12.orig/Lib/test/test_ensurepip.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Lib/test/test_ensurepip.py 2026-02-06 11:32:33.738349331 +0100 +@@ -101,6 +101,17 @@ unittest.mock.ANY, ) @@ -139,9 +145,11 @@ Co-Authored-By: Xavier de Gaye def test_bootstrapping_with_user(self): ensurepip.bootstrap(user=True) ---- a/Makefile.pre.in -+++ b/Makefile.pre.in -@@ -2145,7 +2145,7 @@ install: @FRAMEWORKINSTALLFIRST@ @INSTAL +Index: Python-3.13.12/Makefile.pre.in +=================================================================== +--- Python-3.13.12.orig/Makefile.pre.in 2026-02-06 11:32:32.095115787 +0100 ++++ Python-3.13.12/Makefile.pre.in 2026-02-06 11:32:33.738723445 +0100 +@@ -2145,7 +2145,7 @@ install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -150,7 +158,7 @@ Co-Authored-By: Xavier de Gaye fi .PHONY: altinstall -@@ -2156,7 +2156,7 @@ altinstall: commoninstall +@@ -2156,7 +2156,7 @@ install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -159,7 +167,9 @@ Co-Authored-By: Xavier de Gaye fi .PHONY: commoninstall ---- /dev/null -+++ b/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +Index: Python-3.13.12/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ Python-3.13.12/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst 2026-02-06 11:32:33.739181056 +0100 @@ -0,0 +1 @@ +A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/doc-py38-to-py36.patch b/doc-py38-to-py36.patch index 937b631..5aeae3e 100644 --- a/doc-py38-to-py36.patch +++ b/doc-py38-to-py36.patch @@ -27,10 +27,10 @@ Doc/tools/extensions/pydoc_topics.py | 22 +++++----- 18 files changed, 159 insertions(+), 130 deletions(-) -Index: Python-3.13.11/Doc/Makefile +Index: Python-3.13.12/Doc/Makefile =================================================================== ---- Python-3.13.11.orig/Doc/Makefile 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/Makefile 2025-12-18 23:36:11.845184450 +0100 +--- Python-3.13.12.orig/Doc/Makefile 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/Makefile 2026-02-06 11:32:43.257524049 +0100 @@ -14,15 +14,15 @@ SOURCES = DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py) @@ -51,10 +51,10 @@ Index: Python-3.13.11/Doc/Makefile $(PAPEROPT_$(PAPER)) \ $(SPHINXOPTS) $(SPHINXERRORHANDLING) \ . build/$(BUILDER) $(SOURCES) -Index: Python-3.13.11/Doc/c-api/arg.rst +Index: Python-3.13.12/Doc/c-api/arg.rst =================================================================== ---- Python-3.13.11.orig/Doc/c-api/arg.rst 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/c-api/arg.rst 2025-12-18 23:36:11.845570257 +0100 +--- Python-3.13.12.orig/Doc/c-api/arg.rst 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/c-api/arg.rst 2026-02-06 11:32:43.257960130 +0100 @@ -334,7 +334,6 @@ should raise an exception and leave the content of *address* unmodified. @@ -63,10 +63,10 @@ Index: Python-3.13.11/Doc/c-api/arg.rst If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a second time if the argument parsing eventually fails, giving the converter a -Index: Python-3.13.11/Doc/c-api/typeobj.rst +Index: Python-3.13.12/Doc/c-api/typeobj.rst =================================================================== ---- Python-3.13.11.orig/Doc/c-api/typeobj.rst 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/c-api/typeobj.rst 2025-12-18 23:36:11.846211337 +0100 +--- Python-3.13.12.orig/Doc/c-api/typeobj.rst 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/c-api/typeobj.rst 2026-02-06 11:32:43.258653093 +0100 @@ -610,7 +610,7 @@ Functions like :c:func:`PyObject_NewVar` will take the value of N as an argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field. @@ -97,10 +97,10 @@ Index: Python-3.13.11/Doc/c-api/typeobj.rst include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on whether :c:member:`~PyVarObject.ob_size` should be included). These are usually defined by the macro :c:macro:`PyObject_HEAD` or -Index: Python-3.13.11/Doc/conf.py +Index: Python-3.13.12/Doc/conf.py =================================================================== ---- Python-3.13.11.orig/Doc/conf.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/conf.py 2025-12-18 23:36:11.846742416 +0100 +--- Python-3.13.12.orig/Doc/conf.py 2026-02-06 11:32:20.252483695 +0100 ++++ Python-3.13.12/Doc/conf.py 2026-02-06 11:32:43.259159426 +0100 @@ -11,6 +11,8 @@ from importlib import import_module from importlib.util import find_spec @@ -172,10 +172,10 @@ Index: Python-3.13.11/Doc/conf.py # Options for c_annotations extension # ----------------------------------- -Index: Python-3.13.11/Doc/library/doctest.rst +Index: Python-3.13.12/Doc/library/doctest.rst =================================================================== ---- Python-3.13.11.orig/Doc/library/doctest.rst 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/library/doctest.rst 2025-12-18 23:36:11.847131855 +0100 +--- Python-3.13.12.orig/Doc/library/doctest.rst 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/library/doctest.rst 2026-02-06 11:32:43.259497242 +0100 @@ -310,7 +310,6 @@ .. currentmodule:: None @@ -184,10 +184,10 @@ Index: Python-3.13.11/Doc/library/doctest.rst .. currentmodule:: doctest -Index: Python-3.13.11/Doc/library/email.compat32-message.rst +Index: Python-3.13.12/Doc/library/email.compat32-message.rst =================================================================== ---- Python-3.13.11.orig/Doc/library/email.compat32-message.rst 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/library/email.compat32-message.rst 2025-12-18 23:36:11.847579332 +0100 +--- Python-3.13.12.orig/Doc/library/email.compat32-message.rst 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/library/email.compat32-message.rst 2026-02-06 11:32:43.259906983 +0100 @@ -7,7 +7,6 @@ :synopsis: The base class representing email messages in a fashion backward compatible with Python 3.2 @@ -196,10 +196,10 @@ Index: Python-3.13.11/Doc/library/email.compat32-message.rst The :class:`Message` class is very similar to the -Index: Python-3.13.11/Doc/library/xml.etree.elementtree.rst +Index: Python-3.13.12/Doc/library/xml.etree.elementtree.rst =================================================================== ---- Python-3.13.11.orig/Doc/library/xml.etree.elementtree.rst 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/library/xml.etree.elementtree.rst 2025-12-18 23:36:11.847865126 +0100 +--- Python-3.13.12.orig/Doc/library/xml.etree.elementtree.rst 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/library/xml.etree.elementtree.rst 2026-02-06 11:32:43.260169777 +0100 @@ -873,7 +873,6 @@ .. module:: xml.etree.ElementTree @@ -208,10 +208,10 @@ Index: Python-3.13.11/Doc/library/xml.etree.elementtree.rst .. class:: Element(tag, attrib={}, **extra) -Index: Python-3.13.11/Doc/tools/check-warnings.py +Index: Python-3.13.12/Doc/tools/check-warnings.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/check-warnings.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/check-warnings.py 2025-12-18 23:36:11.848175434 +0100 +--- Python-3.13.12.orig/Doc/tools/check-warnings.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/check-warnings.py 2026-02-06 11:32:43.260451727 +0100 @@ -228,7 +228,8 @@ print(filename) for warning in warnings: @@ -222,7 +222,7 @@ Index: Python-3.13.11/Doc/tools/check-warnings.py print(" {line}: {msg}".format_map(match)) return -1 return 0 -@@ -316,7 +317,7 @@ +@@ -319,7 +320,7 @@ cwd = str(Path.cwd()) + os.path.sep files_with_nits = { @@ -231,10 +231,10 @@ Index: Python-3.13.11/Doc/tools/check-warnings.py for warning in warnings if "Doc/" in warning } -Index: Python-3.13.11/Doc/tools/extensions/audit_events.py +Index: Python-3.13.12/Doc/tools/extensions/audit_events.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/audit_events.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/audit_events.py 2025-12-18 23:36:11.848442160 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/audit_events.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/audit_events.py 2026-02-06 11:32:43.260742655 +0100 @@ -1,9 +1,6 @@ """Support for documenting audit events.""" @@ -370,10 +370,10 @@ Index: Python-3.13.11/Doc/tools/extensions/audit_events.py ) -> nodes.row: row = nodes.row() name_node = nodes.paragraph("", nodes.Text(name)) -Index: Python-3.13.11/Doc/tools/extensions/availability.py +Index: Python-3.13.12/Doc/tools/extensions/availability.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/availability.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/availability.py 2025-12-18 23:36:11.848697922 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/availability.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/availability.py 2026-02-06 11:32:43.260981454 +0100 @@ -1,8 +1,6 @@ """Support for documenting platform availability""" @@ -427,10 +427,10 @@ Index: Python-3.13.11/Doc/tools/extensions/availability.py app.add_directive("availability", Availability) return { -Index: Python-3.13.11/Doc/tools/extensions/c_annotations.py +Index: Python-3.13.12/Doc/tools/extensions/c_annotations.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/c_annotations.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/c_annotations.py 2025-12-18 23:37:01.590377119 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/c_annotations.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/c_annotations.py 2026-02-06 11:32:43.261164228 +0100 @@ -9,22 +9,26 @@ * Set ``stable_abi_file`` to the path to stable ABI list. """ @@ -569,10 +569,10 @@ Index: Python-3.13.11/Doc/tools/extensions/c_annotations.py return { "version": "1.0", "parallel_read_safe": True, -Index: Python-3.13.11/Doc/tools/extensions/changes.py +Index: Python-3.13.12/Doc/tools/extensions/changes.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/changes.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/changes.py 2025-12-18 23:36:11.849240594 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/changes.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/changes.py 2026-02-06 11:32:43.261401915 +0100 @@ -1,7 +1,5 @@ """Support for documenting version of changes, additions, deprecations.""" @@ -608,10 +608,10 @@ Index: Python-3.13.11/Doc/tools/extensions/changes.py # Override Sphinx's directives with support for 'next' app.add_directive("versionadded", PyVersionChange, override=True) app.add_directive("versionchanged", PyVersionChange, override=True) -Index: Python-3.13.11/Doc/tools/extensions/glossary_search.py +Index: Python-3.13.12/Doc/tools/extensions/glossary_search.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/glossary_search.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/glossary_search.py 2025-12-18 23:36:11.849448932 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/glossary_search.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/glossary_search.py 2026-02-06 11:32:43.261561375 +0100 @@ -1,21 +1,27 @@ """Feature search results for glossary items prominently.""" @@ -655,10 +655,10 @@ Index: Python-3.13.11/Doc/tools/extensions/glossary_search.py app.connect('doctree-resolved', process_glossary_nodes) app.connect('build-finished', write_glossary_json) -Index: Python-3.13.11/Doc/tools/extensions/implementation_detail.py +Index: Python-3.13.12/Doc/tools/extensions/implementation_detail.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/implementation_detail.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/implementation_detail.py 2025-12-18 23:36:11.849650427 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/implementation_detail.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/implementation_detail.py 2026-02-06 11:32:43.261759899 +0100 @@ -1,17 +1,10 @@ """Support for marking up implementation details.""" @@ -709,10 +709,10 @@ Index: Python-3.13.11/Doc/tools/extensions/implementation_detail.py app.add_directive("impl-detail", ImplementationDetail) return { -Index: Python-3.13.11/Doc/tools/extensions/issue_role.py +Index: Python-3.13.12/Doc/tools/extensions/issue_role.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/issue_role.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/issue_role.py 2025-12-18 23:36:11.849838302 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/issue_role.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/issue_role.py 2026-02-06 11:32:43.261920641 +0100 @@ -1,22 +1,18 @@ """Support for referencing issues in the tracker.""" @@ -758,10 +758,10 @@ Index: Python-3.13.11/Doc/tools/extensions/issue_role.py app.add_role("issue", BPOIssue()) app.add_role("gh", GitHubIssue()) -Index: Python-3.13.11/Doc/tools/extensions/misc_news.py +Index: Python-3.13.12/Doc/tools/extensions/misc_news.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/misc_news.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/misc_news.py 2025-12-18 23:36:11.850033510 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/misc_news.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/misc_news.py 2026-02-06 11:32:43.262085421 +0100 @@ -1,7 +1,5 @@ """Support for including Misc/NEWS.""" @@ -814,10 +814,10 @@ Index: Python-3.13.11/Doc/tools/extensions/misc_news.py app.add_directive("miscnews", MiscNews) return { -Index: Python-3.13.11/Doc/tools/extensions/patchlevel.py +Index: Python-3.13.12/Doc/tools/extensions/patchlevel.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/patchlevel.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/patchlevel.py 2025-12-18 23:36:11.850217264 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/patchlevel.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/patchlevel.py 2026-02-06 11:32:43.262245612 +0100 @@ -3,7 +3,7 @@ import re import sys @@ -855,10 +855,10 @@ Index: Python-3.13.11/Doc/tools/extensions/patchlevel.py version = f"{info.major}.{info.minor}" release = f"{info.major}.{info.minor}.{info.micro}" if info.releaselevel != "final": -Index: Python-3.13.11/Doc/tools/extensions/pydoc_topics.py +Index: Python-3.13.12/Doc/tools/extensions/pydoc_topics.py =================================================================== ---- Python-3.13.11.orig/Doc/tools/extensions/pydoc_topics.py 2025-12-05 17:06:33.000000000 +0100 -+++ Python-3.13.11/Doc/tools/extensions/pydoc_topics.py 2025-12-18 23:36:11.850437755 +0100 +--- Python-3.13.12.orig/Doc/tools/extensions/pydoc_topics.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Doc/tools/extensions/pydoc_topics.py 2026-02-06 11:32:43.262420171 +0100 @@ -1,21 +1,23 @@ """Support for building "topic help" for pydoc.""" @@ -890,8 +890,8 @@ Index: Python-3.13.11/Doc/tools/extensions/pydoc_topics.py logger = logging.getLogger(__name__) -@@ -162,7 +164,7 @@ - self.outdir.joinpath("topics.py").write_text(topics, encoding="utf-8") +@@ -188,7 +190,7 @@ + ) -def _display_labels(item: tuple[str, Sequence[tuple[str, str]]]) -> str: @@ -899,7 +899,7 @@ Index: Python-3.13.11/Doc/tools/extensions/pydoc_topics.py _docname, label_ids = item labels = [name for name, _id in label_ids] if len(labels) > 4: -@@ -170,7 +172,7 @@ +@@ -196,7 +198,7 @@ return ", ".join(labels) @@ -908,7 +908,7 @@ Index: Python-3.13.11/Doc/tools/extensions/pydoc_topics.py """Return a triple-single-quoted representation of text.""" if "'''" not in text: return f"r'''{text}'''" -@@ -178,7 +180,7 @@ +@@ -204,7 +206,7 @@ return f"'''{text}'''" diff --git a/fix-test-recursion-limit-15.6.patch b/fix-test-recursion-limit-15.6.patch index fcfe563..1e14af0 100644 --- a/fix-test-recursion-limit-15.6.patch +++ b/fix-test-recursion-limit-15.6.patch @@ -2,9 +2,11 @@ Lib/test/test_compile.py | 5 +++++ 1 file changed, 5 insertions(+) ---- a/Lib/test/test_compile.py -+++ b/Lib/test/test_compile.py -@@ -21,6 +21,9 @@ from test.support import (script_helper, +Index: Python-3.13.12/Lib/test/test_compile.py +=================================================================== +--- Python-3.13.12.orig/Lib/test/test_compile.py 2026-02-03 18:53:27.000000000 +0100 ++++ Python-3.13.12/Lib/test/test_compile.py 2026-02-06 11:32:39.221208472 +0100 +@@ -21,6 +21,9 @@ from test.support.bytecode_helper import instructions_with_positions from test.support.os_helper import FakePath @@ -14,7 +16,7 @@ class TestSpecifics(unittest.TestCase): def compile_single(self, source): -@@ -117,6 +120,7 @@ class TestSpecifics(unittest.TestCase): +@@ -117,6 +120,7 @@ self.assertEqual(d['z'], 12) @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI") @@ -22,7 +24,7 @@ def test_extended_arg(self): repeat = int(get_c_recursion_limit() * 0.9) longexpr = 'x = x or ' + '-x' * repeat -@@ -701,6 +705,7 @@ class TestSpecifics(unittest.TestCase): +@@ -716,6 +720,7 @@ @support.cpython_only @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI") diff --git a/gh138131-exclude-pycache-from-digest.patch b/gh138131-exclude-pycache-from-digest.patch deleted file mode 100644 index 996d217..0000000 --- a/gh138131-exclude-pycache-from-digest.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4bb41b28d5bac09bccd636d8c5fefe1a462f63a7 Mon Sep 17 00:00:00 2001 -From: Alm -Date: Mon, 25 Aug 2025 08:56:38 +0300 -Subject: [PATCH 1/4] Exclude .pyc files from the computed digest in the jit - stencils - ---- - Tools/jit/_targets.py | 3 +++ - 1 file changed, 3 insertions(+) - -Index: Python-3.13.7/Tools/jit/_targets.py -=================================================================== ---- Python-3.13.7.orig/Tools/jit/_targets.py -+++ Python-3.13.7/Tools/jit/_targets.py -@@ -53,6 +53,9 @@ class _Target(typing.Generic[_S, _R]): - hasher.update(PYTHON_EXECUTOR_CASES_C_H.read_bytes()) - hasher.update((out / "pyconfig.h").read_bytes()) - for dirpath, _, filenames in sorted(os.walk(TOOLS_JIT)): -+ # Exclude cache files from digest computation to ensure reproducible builds. -+ if dirpath.endswith("__pycache__"): -+ continue - for filename in filenames: - hasher.update(pathlib.Path(dirpath, filename).read_bytes()) - return hasher.hexdigest() -Index: Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst -=================================================================== ---- /dev/null -+++ Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst -@@ -0,0 +1 @@ -+Ensure reproducible builds by making JIT stencil header generation deterministic. diff --git a/python313.changes b/python313.changes index b44a415..73b1a04 100644 --- a/python313.changes +++ b/python313.changes @@ -1,3 +1,316 @@ +------------------------------------------------------------------- +Fri Feb 6 10:28:12 UTC 2026 - Matej Cepl + +- Update to 3.13.12: +Python 3.13.12 final +Release date: 2026-02-03 + - Tools/Demos + - gh-142095: Make gdb ‘py-bt’ command use frame from thread + local state when available. Patch by Sam Gross and Victor + Stinner. + - Tests + - gh-144415: The Android testbed now distinguishes between + stdout/stderr messages which were triggered by a newline, + and those triggered by a manual call to flush. This fixes + logging of progress indicators and similar content. + - gh-65784: Add support for parametrized resource wantobjects + in regrtests, which allows to run Tkinter tests with the + specified value of tkinter.wantobjects, for example -u + wantobjects=0. + - gh-143553: Add support for parametrized resources, such as + -u xpickle=2.7. + - gh-142836: Accommodated Solaris in + test_pdb.test_script_target_anonymous_pipe. + - gh-129401: Fix a flaky test in test_repr_rlock that checks + the representation of multiprocessing.RLock. + - bpo-31391: Forward-port test_xpickle from Python 2 to + Python 3 and add the resource back to test’s command line. + - Security + - gh-144125: BytesGenerator will now refuse to serialize + (write) headers that are unsafely folded or delimited; see + verify_generated_headers. (Contributed by Bas Bloemsaat and + Petr Viktorin in gh-121650). + - gh-143935: Fixed a bug in the folding of comments when + flattening an email message using a modern email policy. + Comments consisting of a very long sequence of non-foldable + characters could trigger a forced line wrap that omitted + the required leading space on the continuation line, + causing the remainder of the comment to be interpreted as + a new header field. This enabled header injection with + carefully crafted inputs. + - gh-143925: Reject control characters in data: URL media + types. + - gh-143919: Reject control characters in http.cookies.Morsel + fields and values. + - gh-143916: Reject C0 control characters within + wsgiref.headers.Headers fields, values, and parameters. + - Library + - gh-144380: Improve performance of io.BufferedReader line + iteration by ~49%. + - gh-144169: Fix three crashes when non-string keyword + arguments are supplied to objects in the ast module. + - gh-144100: Fixed a crash in ctypes when using a deprecated + POINTER(str) type in argtypes. Instead of aborting, ctypes + now raises a proper Python exception when the pointer + target type is unresolved. + - gh-144050: Fix stat.filemode() in the pure-Python + implementation to avoid misclassifying invalid mode values + as block devices. + - gh-144023: Fixed validation of file descriptor 0 in posix + functions when used with follow_symlinks parameter. + - gh-143999: Fix an issue where inspect.getgeneratorstate() + and inspect.getcoroutinestate() could fail for generators + wrapped by types.coroutine() in the suspended state. + - gh-143706: Fix multiprocessing forkserver so that sys.argv + is correctly set before __main__ is preloaded. Previously, + sys.argv was empty during main module import in forkserver + child processes. This fixes a regression introduced in + 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test + provided by Thomas Watson, thanks! + - gh-143638: Forbid reentrant calls of the pickle.Pickler and + pickle.Unpickler methods for the C implementation. + Previously, this could cause crash or data corruption, now + concurrent calls of methods of the same object raise + RuntimeError. + - gh-78724: Raise RuntimeError’s when user attempts to call + methods on half-initialized Struct objects, For example, + created by Struct.__new__(Struct). Patch by Sergey + B Kirpichev. + - gh-143602: Fix a inconsistency issue in write() that leads + to unexpected buffer overwrite by deduplicating the buffer + exports. + - gh-143547: Fix sys.unraisablehook() when the hook raises an + exception and changes sys.unraisablehook(): hold a strong + reference to the old hook. Patch by Victor Stinner. + - gh-143378: Fix use-after-free crashes when a BytesIO object + is concurrently mutated during write() or writelines(). + - gh-143346: Fix incorrect wrapping of the Base64 data in + plistlib._PlistWriter when the indent contains a mix of + tabs and spaces. + - gh-143310: tkinter: fix a crash when a Python list is + mutated during the conversion to a Tcl object (e.g., when + setting a Tcl variable). Patch by Bénédikt Tran. + - gh-143309: Fix a crash in os.execve() on non-Windows + platforms when given a custom environment mapping which is + then mutated during parsing. Patch by Bénédikt Tran. + - gh-143308: pickle: fix use-after-free crashes when + a PickleBuffer is concurrently mutated by a custom buffer + callback during pickling. Patch by Bénédikt Tran and Aaron + Wieczorek. + - gh-143237: Fix support of named pipes in the rotating + logging handlers. + - gh-143249: Fix possible buffer leaks in Windows overlapped + I/O on error handling. + - gh-143241: zoneinfo: fix infinite loop in + ZoneInfo.from_file when parsing a malformed TZif file. + Patch by Fatih Celik. + - gh-142830: sqlite3: fix use-after-free crashes when the + connection’s callbacks are mutated during a callback + execution. Patch by Bénédikt Tran. + - gh-143200: xml.etree.ElementTree: fix use-after-free + crashes in __getitem__() and __setitem__() methods of + Element when the element is concurrently mutated. Patch by + Bénédikt Tran. + - gh-142195: Updated timeout evaluation logic in subprocess + to be compatible with deterministic environments like + Shadow where time moves exactly as requested. + - gh-143145: Fixed a possible reference leak in ctypes when + constructing results with multiple output parameters on + error. + - gh-122431: Corrected the error message in + readline.append_history_file() to state that nelements must + be non-negative instead of positive. + - gh-143004: Fix a potential use-after-free in + collections.Counter.update() when user code mutates the + Counter during an update. + - gh-143046: The asyncio REPL no longer prints copyright and + version messages in the quiet mode (-q). Patch by Bartosz + Sławecki. + - gh-140648: The asyncio REPL now respects the -I flag + (isolated mode). Previously, it would load and execute + PYTHONSTARTUP even if the flag was set. Contributed by + Bartosz Sławecki. + - gh-142991: Fixed socket operations such as recvfrom() and + sendto() for FreeBSD divert(4) socket. + - gh-143010: Fixed a bug in mailbox where the precise timing + of an external event could result in the library opening an + existing file instead of a file it expected to create. + - gh-142881: Fix concurrent and reentrant call of + atexit.unregister(). + - gh-112127: Fix possible use-after-free in + atexit.unregister() when the callback is unregistered + during comparison. + - gh-142783: Fix zoneinfo use-after-free with descriptor + _weak_cache. a descriptor as _weak_cache could cause + crashes during object creation. The fix ensures proper + reference counting for descriptor-provided objects. + - gh-142754: Add the ownerDocument attribute to + xml.dom.minidom elements and attributes created by directly + instantiating the Element or Attr class. Note that this way + of creating nodes is not supported; creator functions like + xml.dom.Document.documentElement() should be used instead. + - gh-142784: The asyncio REPL now properly closes the loop + upon the end of interactive session. Previously, it could + cause surprising warnings. Contributed by Bartosz Sławecki. + - gh-142555: array: fix a crash in a[i] = v when converting + i to an index via i.__index__ or i.__float__ mutates the + array. + - gh-142594: Fix crash in TextIOWrapper.close() when the + underlying buffer’s closed property calls detach(). + - gh-142451: hmac: Ensure that the HMAC.block_size attribute + is correctly copied by HMAC.copy. Patch by Bénédikt Tran. + - gh-142495: collections.defaultdict now prioritizes + __setitem__() when inserting default values from + default_factory. This prevents race conditions where + a default value would overwrite a value set before + default_factory returns. + - gh-142651: unittest.mock: fix a thread safety issue where + Mock.call_count may return inaccurate values when the mock + is called concurrently from multiple threads. + - gh-142595: Added type check during initialization of the + decimal module to prevent a crash in case of broken stdlib. + Patch by Sergey B Kirpichev. + - gh-142517: The non-compat32 email policies now correctly + handle refolding encoded words that contain bytes that can + not be decoded in their specified character set. Previously + this resulted in an encoding exception during folding. + - gh-112527: The help text for required options in argparse + no longer extended with “ (default: None)”. + - gh-142315: Pdb can now run scripts from anonymous pipes + used in process substitution. Patch by Bartosz Sławecki. + - gh-142282: Fix winreg.QueryValueEx() to not accidentally + read garbage buffer under race condition. + - gh-75949: Fix argparse to preserve | separators in mutually + exclusive groups when the usage line wraps due to length. + - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header + name defects are now correctly passed to the handle_defect + method of policy in FeedParser. + - gh-142006: Fix a bug in the email.policy.default folding + algorithm which incorrectly resulted in a doubled newline + when a line ending at exactly max_line_length was followed + by an unfoldable token. + - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving + underlying cancelled asyncio task running. + - gh-139971: pydoc: Ensure that the link to the online + documentation of a stdlib module is correct. + - gh-139262: Some keystrokes can be swallowed in the new + PyREPL on Windows, especially when used together with the + ALT key. Fix by Chris Eibl. + - gh-138897: Improved license/copyright/credits display in + the REPL: now uses a pager. + - gh-79986: Add parsing for References and In-Reply-To + headers to the email library that parses the header content + as lists of message id tokens. This prevents them from + being folded incorrectly. + - gh-109263: Starting a process from spawn context in + multiprocessing no longer sets the start method globally. + - gh-90871: Fixed an off by one error concerning the backlog + parameter in create_unix_server(). Contributed by Christian + Harries. + - gh-133253: Fix thread-safety issues in linecache. + - gh-132715: Skip writing objects during marshalling once + a failure has occurred. + - gh-127529: Correct behavior of + asyncio.selector_events.BaseSelectorEventLoop._accept_connection() + in handling ConnectionAbortedError in a loop. This improves + performance on OpenBSD. + - IDLE + - gh-143774: Better explain the operation of Format / Format + Paragraph. + - Documentation + - gh-140806: Add documentation for enum.bin(). + - Core and Builtins + - gh-144307: Prevent a reference leak in module teardown at + interpreter finalization. + - gh-144194: Fix error handling in perf jitdump + initialization on memory allocation failure. + - gh-141805: Fix crash in set when objects with the same hash + are concurrently added to the set after removing an element + with the same hash while the set still contains elements + with the same hash. + - gh-143670: Fixes a crash in ga_repr_items_list function. + - gh-143377: Fix a crash in _interpreters.capture_exception() + when the exception is incorrectly formatted. Patch by + Bénédikt Tran. + - gh-143189: Fix crash when inserting a non-str key into + a split table dictionary when the key matches an existing + key in the split table but has no corresponding value in + the dict. + - gh-143228: Fix use-after-free in perf trampoline when + toggling profiling while threads are running or during + interpreter finalization with daemon threads active. The + fix uses reference counting to ensure trampolines are not + freed while any code object could still reference them. + Pach by Pablo Galindo + - gh-142664: Fix a use-after-free crash in + memoryview.__hash__ when the __hash__ method of the + referenced object mutates that object or the view. Patch by + Bénédikt Tran. + - gh-142557: Fix a use-after-free crash in bytearray.__mod__ + when the bytearray is mutated while formatting the %-style + arguments. Patch by Bénédikt Tran. + - gh-143195: Fix use-after-free crashes in bytearray.hex() + and memoryview.hex() when the separator’s __len__() mutates + the original object. Patch by Bénédikt Tran. + - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is + 0. Previously, it was set to 0 in this case. + - gh-143003: Fix an overflow of the shared empty buffer in + bytearray.extend() when __length_hint__() returns 0 for + non-empty iterator. + - gh-143006: Fix a possible assertion error when comparing + negative non-integer float and int with the same number of + bits in the integer part. + - gh-142776: Fix a file descriptor leak in import.c + - gh-142829: Fix a use-after-free crash in + contextvars.Context comparison when a custom __eq__ method + modifies the context via set(). + - gh-142766: Clear the frame of a generator when + generator.close() is called. + - gh-142737: Tracebacks will be displayed in fallback mode + even if io.open() is lost. Previously, this would crash the + interpreter. Patch by Bartosz Sławecki. + - gh-142554: Fix a crash in divmod() when + _pylong.int_divmod() does not return a tuple of length two + exactly. Patch by Bénédikt Tran. + - gh-142560: Fix use-after-free in bytearray search-like + methods (find(), count(), index(), rindex(), and rfind()) + by marking the storage as exported which causes + reallocation attempts to raise BufferError. For contains(), + split(), and rsplit() the buffer protocol is used for this. + - gh-142343: Fix SIGILL crash on m68k due to incorrect + assembly constraint. + - gh-141732: Ensure the __repr__() for ExceptionGroup and + BaseExceptionGroup does not change when the exception + sequence that was original passed in to its constructor is + subsequently mutated. + - gh-100964: Fix reference cycle in exhausted generator + frames. Patch by Savannah Ostrowski. + - gh-140373: Correctly emit PY_UNWIND event when generator + object is closed. Patch by Mikhail Efimov. + - gh-138568: Adjusted the built-in help() function so that + empty inputs are ignored in interactive mode. + - gh-127773: Do not use the type attribute cache for types + with incompatible MRO. + - C API + - gh-142571: PyUnstable_CopyPerfMapFile() now checks that + opening the file succeeded before flushing. + - Build + - gh-142454: When calculating the digest of the JIT stencils + input, sort the hashed files by filenames before adding + their content to the hasher. This ensures deterministic + hash input and hence deterministic hash, independent on + filesystem order. + - gh-141808: When running make clean-retain-profile, keep the + generated JIT stencils. That way, the stencils are not + generated twice when Profile-guided optimization (PGO) is + used. It also allows distributors to supply their own + pre-built JIT stencils. + - gh-138061: Ensure reproducible builds by making JIT stencil + header generation deterministic. +- Remove upstreamed patches: + - CVE-2024-6923-follow-up-EOL-email-headers.patch + - gh138131-exclude-pycache-from-digest.patch + ------------------------------------------------------------------- Tue Jan 27 16:31:12 UTC 2026 - Matej Cepl diff --git a/python313.spec b/python313.spec index 8a2b82b..2225ac5 100644 --- a/python313.spec +++ b/python313.spec @@ -167,7 +167,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.13.11 +Version: 3.13.12 %define tarversion %{version} %define tarname Python-%{tarversion} Release: 0 @@ -231,17 +231,11 @@ Patch42: gh126985-mv-pyvenv.cfg2getpath.patch # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com # Doc: Generate ids for audit_events using docname Patch43: bsc1243155-sphinx-non-determinism.patch -# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 daniel.garcia@suse.com -Patch44: gh138131-exclude-pycache-from-digest.patch # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com Patch45: gh139257-Support-docutils-0.22.patch # PATCH-FIX-UPSTREAM pass-test_write_read_limited_history.patch bsc#[0-9]+ mcepl@suse.com # Fix readline history truncation when length is reduced Patch48: pass-test_write_read_limited_history.patch -# PATCH-FIX-UPSTREAM CVE-2024-6923-follow-up-EOL-email-headers.patch bsc#1257181 mcepl@suse.com -# Encode newlines in headers when using ByteGenerator -# patch from gh#python/cpython#144125 -Patch49: CVE-2024-6923-follow-up-EOL-email-headers.patch #### END OF PATCHES BuildRequires: autoconf-archive BuildRequires: automake