diff --git a/.gitattributes b/.gitattributes index 9b03811..a9bfeea 100644 --- a/.gitattributes +++ b/.gitattributes @@ -21,3 +21,4 @@ *.xz filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text *.zst filter=lfs diff=lfs merge=lfs -text +*.changes merge=merge-changes diff --git a/.gitignore b/.gitignore index 57affb6..a782624 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,6 @@ .osc +*.obscpio +*.osc +_build.* +.pbuild +python313-*-build/ diff --git a/CVE-2025-6069-quad-complex-HTMLParser.patch b/CVE-2025-6069-quad-complex-HTMLParser.patch deleted file mode 100644 index 3336e74..0000000 --- a/CVE-2025-6069-quad-complex-HTMLParser.patch +++ /dev/null @@ -1,247 +0,0 @@ -From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Fri, 13 Jun 2025 19:57:48 +0300 -Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special - input in HTMLParser (GH-135464) - -End-of-file errors are now handled according to the HTML5 specs -- -comments and declarations are automatically closed, tags are ignored. -(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41) - -Co-authored-by: Serhiy Storchaka ---- - Lib/html/parser.py | 41 +++- - Lib/test/test_htmlparser.py | 97 +++++++--- - Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst | 4 - 3 files changed, 111 insertions(+), 31 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst - -Index: Python-3.13.5/Lib/html/parser.py -=================================================================== ---- Python-3.13.5.orig/Lib/html/parser.py 2025-06-11 17:36:57.000000000 +0200 -+++ Python-3.13.5/Lib/html/parser.py 2025-07-02 16:49:52.020175099 +0200 -@@ -27,6 +27,7 @@ - attr_charref = re.compile(r'&(#[0-9]+|#[xX][0-9a-fA-F]+|[a-zA-Z][a-zA-Z0-9]*)[;=]?') - - starttagopen = re.compile('<[a-zA-Z]') -+endtagopen = re.compile('') - commentclose = re.compile(r'--\s*>') - # Note: -@@ -195,7 +196,7 @@ - k = self.parse_pi(i) - elif startswith("', i + 1) -- if k < 0: -- k = rawdata.find('<', i + 1) -- if k < 0: -- k = i + 1 -+ if starttagopen.match(rawdata, i): # < + letter -+ pass -+ elif startswith("'), -- ('comment', '/img'), -- ('endtag', 'html<')]) -+ ('data', '\n')]) - - def test_starttag_junk_chars(self): -+ self._run_check("<", [('data', '<')]) -+ self._run_check("<>", [('data', '<>')]) -+ self._run_check("< >", [('data', '< >')]) -+ self._run_check("< ", [('data', '< ')]) - self._run_check("", []) -+ self._run_check("<$>", [('data', '<$>')]) - self._run_check("", [('comment', '$')]) - self._run_check("", [('endtag', 'a')]) -+ self._run_check("", [('starttag', 'a", [('endtag', 'a'", [('data', "'", []) -+ self._run_check("", [('starttag', 'a$b', [])]) - self._run_check("", [('startendtag', 'a$b', [])]) - self._run_check("", [('starttag', 'a$b', [])]) - self._run_check("", [('startendtag', 'a$b', [])]) -+ self._run_check("", [('endtag', 'a$b')]) - - def test_slashes_in_starttag(self): - self._run_check('', [('startendtag', 'a', [('foo', 'var')])]) -@@ -576,21 +583,50 @@ - for html, expected in data: - self._run_check(html, expected) - -- def test_EOF_in_comments_or_decls(self): -+ def test_eof_in_comments(self): - data = [ -- ('', [('comment', '-!>')]), -+ ('' - '' - '' -@@ -604,6 +640,7 @@ - '' # required '[' after CDATA - ) - expected = [ -+ ('comment', 'ELEMENT br EMPTY'), - ('comment', ' not really a comment '), - ('comment', ' not a comment either --'), - ('comment', ' -- close enough --'), -@@ -684,6 +721,26 @@ - ('endtag', 'a'), ('data', ' bar & baz')] - ) - -+ @support.requires_resource('cpu') -+ def test_eof_no_quadratic_complexity(self): -+ # Each of these examples used to take about an hour. -+ # Now they take a fraction of a second. -+ def check(source): -+ parser = html.parser.HTMLParser() -+ parser.feed(source) -+ parser.close() -+ n = 120_000 -+ check(" -Date: Mon, 28 Jul 2025 17:37:26 +0200 -Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member - offsets are non-negative (GH-137027) (cherry picked from commit - 7040aa54f14676938970e10c5f74ea93cd56aa38) - -Co-authored-by: Alexander Urieles -Co-authored-by: Gregory P. Smith ---- - Lib/tarfile.py | 3 - Lib/test/test_tarfile.py | 156 ++++++++++ - Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst | 3 - 3 files changed, 162 insertions(+) - create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst - -Index: Python-3.13.5/Lib/tarfile.py -=================================================================== ---- Python-3.13.5.orig/Lib/tarfile.py 2025-08-01 22:13:44.185826095 +0200 -+++ Python-3.13.5/Lib/tarfile.py 2025-08-01 22:13:45.524140183 +0200 -@@ -1636,6 +1636,9 @@ - """Round up a byte count by BLOCKSIZE and return it, - e.g. _block(834) => 1024. - """ -+ # Only non-negative offsets are allowed -+ if count < 0: -+ raise InvalidHeaderError("invalid offset") - blocks, remainder = divmod(count, BLOCKSIZE) - if remainder: - blocks += 1 -Index: Python-3.13.5/Lib/test/test_tarfile.py -=================================================================== ---- Python-3.13.5.orig/Lib/test/test_tarfile.py 2025-06-11 17:36:57.000000000 +0200 -+++ Python-3.13.5/Lib/test/test_tarfile.py 2025-08-01 22:13:45.524778259 +0200 -@@ -50,6 +50,7 @@ - xzname = os.path.join(TEMPDIR, "testtar.tar.xz") - tmpname = os.path.join(TEMPDIR, "tmp.tar") - dotlessname = os.path.join(TEMPDIR, "testtar") -+SPACE = b" " - - sha256_regtype = ( - "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce" -@@ -4578,6 +4579,161 @@ - ar.extractall(self.testdir, filter='fully_trusted') - - -+class OffsetValidationTests(unittest.TestCase): -+ tarname = tmpname -+ invalid_posix_header = ( -+ # name: 100 bytes -+ tarfile.NUL * tarfile.LENGTH_NAME -+ # mode, space, null terminator: 8 bytes -+ + b"000755" + SPACE + tarfile.NUL -+ # uid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # gid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # size, space: 12 bytes -+ + b"\xff" * 11 + SPACE -+ # mtime, space: 12 bytes -+ + tarfile.NUL * 11 + SPACE -+ # chksum: 8 bytes -+ + b"0011407" + tarfile.NUL -+ # type: 1 byte -+ + tarfile.REGTYPE -+ # linkname: 100 bytes -+ + tarfile.NUL * tarfile.LENGTH_LINK -+ # magic: 6 bytes, version: 2 bytes -+ + tarfile.POSIX_MAGIC -+ # uname: 32 bytes -+ + tarfile.NUL * 32 -+ # gname: 32 bytes -+ + tarfile.NUL * 32 -+ # devmajor, space, null terminator: 8 bytes -+ + tarfile.NUL * 6 + SPACE + tarfile.NUL -+ # devminor, space, null terminator: 8 bytes -+ + tarfile.NUL * 6 + SPACE + tarfile.NUL -+ # prefix: 155 bytes -+ + tarfile.NUL * tarfile.LENGTH_PREFIX -+ # padding: 12 bytes -+ + tarfile.NUL * 12 -+ ) -+ invalid_gnu_header = ( -+ # name: 100 bytes -+ tarfile.NUL * tarfile.LENGTH_NAME -+ # mode, null terminator: 8 bytes -+ + b"0000755" + tarfile.NUL -+ # uid, null terminator: 8 bytes -+ + b"0000001" + tarfile.NUL -+ # gid, space, null terminator: 8 bytes -+ + b"0000001" + tarfile.NUL -+ # size, space: 12 bytes -+ + b"\xff" * 11 + SPACE -+ # mtime, space: 12 bytes -+ + tarfile.NUL * 11 + SPACE -+ # chksum: 8 bytes -+ + b"0011327" + tarfile.NUL -+ # type: 1 byte -+ + tarfile.REGTYPE -+ # linkname: 100 bytes -+ + tarfile.NUL * tarfile.LENGTH_LINK -+ # magic: 8 bytes -+ + tarfile.GNU_MAGIC -+ # uname: 32 bytes -+ + tarfile.NUL * 32 -+ # gname: 32 bytes -+ + tarfile.NUL * 32 -+ # devmajor, null terminator: 8 bytes -+ + tarfile.NUL * 8 -+ # devminor, null terminator: 8 bytes -+ + tarfile.NUL * 8 -+ # padding: 167 bytes -+ + tarfile.NUL * 167 -+ ) -+ invalid_v7_header = ( -+ # name: 100 bytes -+ tarfile.NUL * tarfile.LENGTH_NAME -+ # mode, space, null terminator: 8 bytes -+ + b"000755" + SPACE + tarfile.NUL -+ # uid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # gid, space, null terminator: 8 bytes -+ + b"000001" + SPACE + tarfile.NUL -+ # size, space: 12 bytes -+ + b"\xff" * 11 + SPACE -+ # mtime, space: 12 bytes -+ + tarfile.NUL * 11 + SPACE -+ # chksum: 8 bytes -+ + b"0010070" + tarfile.NUL -+ # type: 1 byte -+ + tarfile.REGTYPE -+ # linkname: 100 bytes -+ + tarfile.NUL * tarfile.LENGTH_LINK -+ # padding: 255 bytes -+ + tarfile.NUL * 255 -+ ) -+ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT) -+ data_block = b"\xff" * tarfile.BLOCKSIZE -+ -+ def _write_buffer(self, buffer): -+ with open(self.tarname, "wb") as f: -+ f.write(buffer) -+ -+ def _get_members(self, ignore_zeros=None): -+ with open(self.tarname, "rb") as f: -+ with tarfile.open( -+ mode="r", fileobj=f, ignore_zeros=ignore_zeros -+ ) as tar: -+ return tar.getmembers() -+ -+ def _assert_raises_read_error_exception(self): -+ with self.assertRaisesRegex( -+ tarfile.ReadError, "file could not be opened successfully" -+ ): -+ self._get_members() -+ -+ def test_invalid_offset_header_validations(self): -+ for tar_format, invalid_header in ( -+ ("posix", self.invalid_posix_header), -+ ("gnu", self.invalid_gnu_header), -+ ("v7", self.invalid_v7_header), -+ ): -+ with self.subTest(format=tar_format): -+ self._write_buffer(invalid_header) -+ self._assert_raises_read_error_exception() -+ -+ def test_early_stop_at_invalid_offset_header(self): -+ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header -+ self._write_buffer(buffer) -+ members = self._get_members() -+ self.assertEqual(len(members), 1) -+ self.assertEqual(members[0].name, "filename") -+ self.assertEqual(members[0].offset, 0) -+ -+ def test_ignore_invalid_archive(self): -+ # 3 invalid headers with their respective data -+ buffer = (self.invalid_gnu_header + self.data_block) * 3 -+ self._write_buffer(buffer) -+ members = self._get_members(ignore_zeros=True) -+ self.assertEqual(len(members), 0) -+ -+ def test_ignore_invalid_offset_headers(self): -+ for first_block, second_block, expected_offset in ( -+ ( -+ (self.valid_gnu_header), -+ (self.invalid_gnu_header + self.data_block), -+ 0, -+ ), -+ ( -+ (self.invalid_gnu_header + self.data_block), -+ (self.valid_gnu_header), -+ 1024, -+ ), -+ ): -+ self._write_buffer(first_block + second_block) -+ members = self._get_members(ignore_zeros=True) -+ self.assertEqual(len(members), 1) -+ self.assertEqual(members[0].name, "filename") -+ self.assertEqual(members[0].offset, expected_offset) -+ -+ - def setUpModule(): - os_helper.unlink(TEMPDIR) - os.makedirs(TEMPDIR) -Index: Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst 2025-08-01 22:13:45.525174751 +0200 -@@ -0,0 +1,3 @@ -+:mod:`tarfile` now validates archives to ensure member offsets are -+non-negative. (Contributed by Alexander Enrique Urieles Nieto in -+:gh:`130577`.) diff --git a/Python-3.13.5.tar.xz b/Python-3.13.5.tar.xz deleted file mode 100644 index 16b1f7d..0000000 --- a/Python-3.13.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:93e583f243454e6e9e4588ca2c2662206ad961659863277afcdb96801647d640 -size 22856016 diff --git a/Python-3.13.5.tar.xz.sigstore b/Python-3.13.5.tar.xz.sigstore deleted file mode 100644 index 225651c..0000000 --- a/Python-3.13.5.tar.xz.sigstore +++ /dev/null @@ -1 +0,0 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyjCCAlCgAwIBAgIUdRfsw3XxSwqBsRu/Ryhu0kfD1TEwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNjExMTc0NjIzWhcNMjUwNjExMTc1NjIzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE616iCJ8T+boBEGZNSBgbHZ2TS6Bl7yRCs1F78fvUBWcO/fJl9vTWXF+oPaOhLWVl35iAkn1W04PDVWrqNpFntKOCAW8wggFrMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUlLnv2c6W2ETiqJdQsF9NjtUCVqEwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGXYBmnGAAABAMARzBFAiBDOyOIs3CL2AVMb7j6sHu3PYA8pOzJQNmm7J+zPIYzlgIhAK5GqY5j781IK5E7NTaGuPzwcj08xstDLULewS3KRwLBMAoGCCqGSM49BAMDA2gAMGUCMQDn2SkdZvHZZ6RKG8bIgPJdW+qMM9DNUmRm0/F+ePCPjMNwNUY/VQHqgsD4+m7FoX0CMAoIIxK3JZiKBFcP0oUNpnoZcZzZg/SeCkY6fePDlrRMMh5guyKUvMjXOIFREzNaRA=="}, "tlogEntries": [{"logIndex": "235130253", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1749663983", "inclusionPromise": {"signedEntryTimestamp": "MEUCIEXmlLAwKmFPqJl0qZIn6l9LeN1eFpo/O29cweVvcLM6AiEAkPbiV9MFAugYnKigfY2M6d4/IlgLMlamVTNMjYG1Ujc="}, "inclusionProof": {"logIndex": "113225991", "rootHash": "+L93VCZOPa9BkLmARBWDo1xEWF+fT68+yQcazjpxAAU=", "treeSize": "113225992", "hashes": ["Rdu+myw6n6JxBUvJ8Q+8oqhqACFhkt/3w7I+DEesttk=", "RxFdYWKOAXBMCLz1xkC2n0/oY0PPGjB9g/1mK9X9Lpk=", "nRMGDo+FIXFJXJGmLI3xYofkA1BacK+jsaHI6Dah6SQ=", "P4PZCTzvD59p99NgLr2g5UaCSGBHniridbmhL+bTkOA=", "Ho1rvGrV8vApgV6ObQmLHUFtPdLht0dxaKIMr2L227A=", "bUrfsqt1y90MYAQSa4N7IMFLQ58Gr3kyGuZsXADQmyk=", "zQYNyoYKqtevNhM4z5didetaiTZZe4Ydpenxywyp2HM=", "yB2hiozejE1yTbQwbDQpScNo2G9QaqtVTvrtSzcAWLk=", "ni+UOcPDIr1WWONf2Z1uda+A31LRXKpMYBvhb3MyUvI=", "jak2gEavHKki8uP+13+VibRhrrjlEQ57Cu6sFEmzL98=", "x/DbUcJZd7Krichz/nbTRqNRynFXkcgDj6/SVp3Xpa8=", "KL733V6m2mKaszPoebRYld3g+XcUSNldm6GnXG4M7kM=", "f42cOIPnrB9x+HYKZ+7UAkXKjk7k9ttvx1Mm5/glCwo=", "G4CdPz/xjoqWI4G874tZWPeP98DJpseyihrtz0ivBtU=", "mta5fH/gFwxJ/0fT8yGpn3sFCY0G1RY555Iflm0LInM=", "7v8qPHNDLerpduaMx06eb/MwgoQwczTn/cYGKX/9wZ4="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n113225992\n+L93VCZOPa9BkLmARBWDo1xEWF+fT68+yQcazjpxAAU=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiBKR6/aQGwMRmyBmdgiaLd8393XQqJh41H6LIYA8Y6SYgIgDMucmAXZHwIDjA6YXg9k2vhoOuscGewoHiSomHsf+kg=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5M2U1ODNmMjQzNDU0ZTZlOWU0NTg4Y2EyYzI2NjIyMDZhZDk2MTY1OTg2MzI3N2FmY2RiOTY4MDE2NDdkNjQwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRWVnU0xnMVBzNmNEMkpNbTJzK1o4dzBzbGlMazY0SCtHeHQ2VFpRb1NIaUFpRUE1b2FmTTJhNlJqQSszUFpVdmNjUWNhQ0QzRVFsQ1hSdmI3d2x3SU9JQ1IwPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVha05EUVd4RFowRjNTVUpCWjBsVlpGSm1jM2N6V0hoVGQzRkNjMUoxTDFKNWFIVXdhMlpFTVZSRmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDVxUlhoTlZHTXdUbXBKZWxkb1kwNU5hbFYzVG1wRmVFMVVZekZPYWtsNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVUyTVRacFEwbzRWQ3RpYjBKRlIxcE9VMEpuWWtoYU1sUlROa0pzTjNsU1EzTXhSamNLT0daMlZVSlhZMDh2Wmtwc09YWlVWMWhHSzI5UVlVOW9URmRXYkRNMWFVRnJiakZYTURSUVJGWlhjbkZPY0VadWRFdFBRMEZYT0hkblowWnlUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZzVEc1MkNqSmpObGN5UlZScGNVcGtVWE5HT1U1cWRGVkRWbkZGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpRS1FVaFpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIV0ZsQ2JXNUhRVUZCUWtGTlFRcFNla0pHUVdsQ1JFOTVUMGx6TTBOTU1rRldUV0kzYWpaelNIVXpVRmxCT0hCUGVrcFJUbTF0TjBvcmVsQkpXWHBzWjBsb1FVczFSM0ZaTldvM09ERkpDa3MxUlRkT1ZHRkhkVkI2ZDJOcU1EaDRjM1JFVEZWTVpYZFRNMHRTZDB4Q1RVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVowRk5SMVZEVFZGRWJqSlRhMlFLV25aSVdsbzJVa3RIT0dKSloxQktaRmNyY1UxTk9VUk9WVzFTYlRBdlJpdGxVRU5RYWsxT2QwNVZXUzlXVVVoeFozTkVOQ3R0TjBadldEQkRUVUZ2U1FwSmVFc3pTbHBwUzBKR1kxQXdiMVZPY0c1dldtTmFlbHBuTDFObFEydFpObVpsVUVSc2NsSk5UV2cxWjNWNVMxVjJUV3BZVDBsR1VrVjZUbUZTUVQwOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "k+WD8kNFTm6eRYjKLCZiIGrZYWWYYyd6/NuWgBZH1kA="}, "signature": "MEUCIEegSLg1Ps6cD2JMm2s+Z8w0sliLk64H+Gxt6TZQoSHiAiEA5oafM2a6RjA+3PZUvccQcaCD3EQlCXRvb7wlwIOICR0="}} diff --git a/Python-3.13.9.tar.xz b/Python-3.13.9.tar.xz new file mode 100644 index 0000000..760c7af --- /dev/null +++ b/Python-3.13.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ed5ef34cda36cfa2f3a340f07cac7e7814f91c7f3c411f6d3562323a866c5c66 +size 22681368 diff --git a/Python-3.13.9.tar.xz.sigstore b/Python-3.13.9.tar.xz.sigstore new file mode 100644 index 0000000..9f18da1 --- /dev/null +++ b/Python-3.13.9.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyjCCAlCgAwIBAgIUY2me70edxRKEcCCyZ5IxW04GUyowCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMDE0MTQzMTMyWhcNMjUxMDE0MTQ0MTMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELoRO1nGvvt0Re9EEuEURAgbvYfBZGKVeXZJ4TMXRaguoQ234OaePlcAe1i7BwYYC66rIbrcvayVtIGVODpjoKaOCAW8wggFrMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUGNf/veOSM+Ff67rmibv6xt8S+oMwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGZ4yIw9QAABAMARzBFAiBFhajuKoOCWgsAz1l9RlYS7U6cH/3fY1TxkoG7abKa3QIhAKSeSjaz987c/yCcQhU/Qr7Chi7XmXbfZMp2xAh8yBX+MAoGCCqGSM49BAMDA2gAMGUCMERKd5M3HrGRoWEwZuOc4e26LeQz9PSLU6OdlTwejx6QA1XP/0Xir/W/x8lMEOFuzAIxANg4WBGY7CPzXhkLWB4Fc6zEEV0fG/hzsMnlXiv8khUnMn+lCPbvRota+OFCYH2qMA=="}, "tlogEntries": [{"logIndex": "605359044", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1760452293", "inclusionPromise": {"signedEntryTimestamp": "MEQCIAaCd+PcR5ygZyPHR1OsuaW+lNBWINYyIlKeGPEcPwepAiBNdcg2JJu+x5se+ceR53vLqLBjva3kQ4IlP9nlhX9Qog=="}, "inclusionProof": {"logIndex": "483454782", "rootHash": "oZMALhkG2Ovf519HU5mhGbEaroNwGUX6BRT0JwDqOBE=", "treeSize": "483454785", "hashes": ["NrDN7yu6uq+l3SddRxs5n9GNxvPxfC5ztPCuaBEuxBE=", "67FUfgzcBEiMHBjMBhIP7z7NP1Y6OtbC48553/VTk7A=", "VIwMTLnjS3Z1W4xcLQrca60FRxxSnqyUAN8dQtvaRdI=", "i8G+g499zPGEcpT54dYVUUmczZRJucNYWmKOrEO004s=", "+wR1k80yWhpO7od/bitq3mkjQF5vuuWhLFeWqUHVfV8=", "uHZHioqKhUEko9UubGg2/N0lkvsPtoAaqr95f03cHYY=", "EiH2b8iGJWXAiLOBI7xekwQSojCUemRypbzmcQo4vaI=", "2aaLDAVeQGJoklTLWwIPILMvGhrc+9mnB2HsRWCldwY=", "wNzqPqvA41e6acbb4z7HxMdHzg9S6jufxg2MVgB4ykw=", "boLAJ9DO0lKL3HJUTpKJMBhDTVZZCfc/oBPm+gLAx4Q=", "Vxc/L8MXSU0zqWj6P5yi6L02Lc2HxpkHqYzJLcNbzEs=", "PPdBf0yipi+yQC3iEH5JI4MmFnEgb40zV1eCf+8/MOY=", "laQiGsY+h3TioXfWSoLJMMtb2TORNubw90KH+z/fdyw=", "pcc0HeMv4rm7/8RoNMUYk4tbxPt+lc2wMvbSrB3Negw=", "inrOYOb+roitD1EYWHmRPy8aJnjhSAhp5cHXbXVlxU4=", "8nCds1SUzxGg2Xoa+M1tOFTwx+1BGtp8TDMSS4P54xQ=", "V5lOdefY1WOOt4iQp7tZoyj1beBDVi24KsEMcgsqZds=", "2Wv4GiithwNukRKV06clevnQQYCzXmSS/+/OJtXgsXQ=", "1mfy94KpcItqshH9+gwqV6jccupcaMpVsF28New8zDY=", "vS7O4ozHIQZJWBiov+mkpI27GE8zAmVCEkRcP3NDyNE="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n483454785\noZMALhkG2Ovf519HU5mhGbEaroNwGUX6BRT0JwDqOBE=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEA2g7XsvpZpF/BYV+Jr6KRvdE2kuWjmN7xVyr7HLWRXlECIC0okqz3vQ2B/Bng/2BAQVIIiLMhnrXedUeoygtWn4Kh\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJlZDVlZjM0Y2RhMzZjZmEyZjNhMzQwZjA3Y2FjN2U3ODE0ZjkxYzdmM2M0MTFmNmQzNTYyMzIzYTg2NmM1YzY2In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNSMlVSSm44Unc3ZnpmbkhjOFpXSmdTVU1tdEl1RFF2dFF2S05VejlmUkpRSWdNRm1UU0dWUXJDeGlheXpwYVUxcmh0d0wyL256elhjNnh0enF0dW5JZUhjPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVha05EUVd4RFowRjNTVUpCWjBsVldUSnRaVGN3WldSNFVrdEZZME5EZVZvMVNYaFhNRFJIVlhsdmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFFUlRCTlZGRjZUVlJOZVZkb1kwNU5hbFY0VFVSRk1FMVVVVEJOVkUxNVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZNYjFKUE1XNUhkblowTUZKbE9VVkZkVVZWVWtGblluWlpaa0phUjB0V1pWaGFTalFLVkUxWVVtRm5kVzlSTWpNMFQyRmxVR3hqUVdVeGFUZENkMWxaUXpZMmNrbGljbU4yWVhsV2RFbEhWazlFY0dwdlMyRlBRMEZYT0hkblowWnlUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZIVG1ZdkNuWmxUMU5OSzBabU5qZHliV2xpZGpaNGREaFRLMjlOZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpRS1FVaFpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIV2pSNVNYYzVVVUZCUWtGTlFRcFNla0pHUVdsQ1JtaGhhblZMYjA5RFYyZHpRWG94YkRsU2JGbFROMVUyWTBndk0yWlpNVlI0YTI5SE4yRmlTMkV6VVVsb1FVdFRaVk5xWVhvNU9EZGpDaTk1UTJOUmFGVXZVWEkzUTJocE4xaHRXR0ptV2sxd01uaEJhRGg1UWxnclRVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVowRk5SMVZEVFVWU1MyUTFUVE1LU0hKSFVtOVhSWGRhZFU5ak5HVXlOa3hsVVhvNVVGTk1WVFpQWkd4VWQyVnFlRFpSUVRGWVVDOHdXR2x5TDFjdmVEaHNUVVZQUm5WNlFVbDRRVTVuTkFwWFFrZFpOME5RZWxob2EweFhRalJHWXpaNlJVVldNR1pITDJoNmMwMXViRmhwZGpocmFGVnVUVzRyYkVOUVluWlNiM1JoSzA5R1ExbElNbkZOUVQwOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "7V7zTNo2z6Lzo0DwfKx+eBT5HH88QR9tNWIyOoZsXGY="}, "signature": "MEUCIQCR2URJn8Rw7fzfnHc8ZWJgSUMmtIuDQvtQvKNUz9fRJQIgMFmTSGVQrCxiayzpaU1rhtwL2/nzzXc6xtzqtunIeHc="}} diff --git a/bsc1243155-sphinx-non-determinism.patch b/bsc1243155-sphinx-non-determinism.patch index 55259e9..4673367 100644 --- a/bsc1243155-sphinx-non-determinism.patch +++ b/bsc1243155-sphinx-non-determinism.patch @@ -14,10 +14,10 @@ https://github.com/python/cpython/issues/130979 Doc/tools/extensions/audit_events.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) -Index: Python-3.13.5/Doc/tools/extensions/audit_events.py +Index: Python-3.13.6/Doc/tools/extensions/audit_events.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py 2025-07-02 15:51:58.388560540 +0200 -+++ Python-3.13.5/Doc/tools/extensions/audit_events.py 2025-07-02 15:51:58.411254070 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py 2025-08-07 12:16:58.257103336 +0200 ++++ Python-3.13.6/Doc/tools/extensions/audit_events.py 2025-08-07 12:17:02.709401389 +0200 @@ -72,8 +72,13 @@ logger.warning(msg) return diff --git a/doc-py38-to-py36.patch b/doc-py38-to-py36.patch index 8b10ad3..54c162a 100644 --- a/doc-py38-to-py36.patch +++ b/doc-py38-to-py36.patch @@ -27,10 +27,10 @@ Doc/tools/extensions/pydoc_topics.py | 22 +++++----- 18 files changed, 159 insertions(+), 130 deletions(-) -Index: Python-3.13.5/Doc/Makefile +Index: Python-3.13.6/Doc/Makefile =================================================================== ---- Python-3.13.5.orig/Doc/Makefile 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/Makefile 2025-06-12 21:38:04.908380762 +0200 +--- Python-3.13.6.orig/Doc/Makefile 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/Makefile 2025-08-07 12:16:58.253706854 +0200 @@ -14,15 +14,15 @@ SOURCES = DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py) @@ -51,10 +51,10 @@ Index: Python-3.13.5/Doc/Makefile $(PAPEROPT_$(PAPER)) \ $(SPHINXOPTS) $(SPHINXERRORHANDLING) \ . build/$(BUILDER) $(SOURCES) -Index: Python-3.13.5/Doc/c-api/arg.rst +Index: Python-3.13.6/Doc/c-api/arg.rst =================================================================== ---- Python-3.13.5.orig/Doc/c-api/arg.rst 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/c-api/arg.rst 2025-06-12 21:38:04.908705133 +0200 +--- Python-3.13.6.orig/Doc/c-api/arg.rst 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/c-api/arg.rst 2025-08-07 12:16:58.254160756 +0200 @@ -334,7 +334,6 @@ should raise an exception and leave the content of *address* unmodified. @@ -63,10 +63,10 @@ Index: Python-3.13.5/Doc/c-api/arg.rst If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a second time if the argument parsing eventually fails, giving the converter a -Index: Python-3.13.5/Doc/c-api/typeobj.rst +Index: Python-3.13.6/Doc/c-api/typeobj.rst =================================================================== ---- Python-3.13.5.orig/Doc/c-api/typeobj.rst 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/c-api/typeobj.rst 2025-06-12 21:38:04.908874058 +0200 +--- Python-3.13.6.orig/Doc/c-api/typeobj.rst 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/c-api/typeobj.rst 2025-08-07 12:16:58.254692184 +0200 @@ -610,7 +610,7 @@ Functions like :c:func:`PyObject_NewVar` will take the value of N as an argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field. @@ -97,10 +97,10 @@ Index: Python-3.13.5/Doc/c-api/typeobj.rst include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on whether :c:member:`~PyVarObject.ob_size` should be included). These are usually defined by the macro :c:macro:`PyObject_HEAD` or -Index: Python-3.13.5/Doc/conf.py +Index: Python-3.13.6/Doc/conf.py =================================================================== ---- Python-3.13.5.orig/Doc/conf.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/conf.py 2025-06-12 21:38:04.909609597 +0200 +--- Python-3.13.6.orig/Doc/conf.py 2025-08-07 12:16:45.115568663 +0200 ++++ Python-3.13.6/Doc/conf.py 2025-08-07 12:16:58.255236531 +0200 @@ -11,6 +11,8 @@ from importlib import import_module from importlib.util import find_spec @@ -127,7 +127,7 @@ Index: Python-3.13.5/Doc/conf.py ''' manpages_url = 'https://manpages.debian.org/{path}' -@@ -92,7 +94,7 @@ +@@ -96,7 +98,7 @@ # Minimum version of sphinx required # Keep this version in sync with ``Doc/requirements.txt``. @@ -136,7 +136,7 @@ Index: Python-3.13.5/Doc/conf.py # Create table of contents entries for domain objects (e.g. functions, classes, # attributes, etc.). Default is True. -@@ -323,6 +325,9 @@ +@@ -258,6 +260,9 @@ # Avoid a warning with Sphinx >= 4.0 root_doc = 'contents' @@ -146,7 +146,7 @@ Index: Python-3.13.5/Doc/conf.py # Allow translation of index directives gettext_additional_targets = [ 'index', -@@ -362,7 +367,7 @@ +@@ -297,7 +302,7 @@ # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html) is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external" repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "") @@ -155,7 +155,7 @@ Index: Python-3.13.5/Doc/conf.py html_context = { "is_deployment_preview": is_deployment_preview, "repository_url": repository_url or None, -@@ -607,6 +612,16 @@ +@@ -542,6 +547,16 @@ } extlinks_detect_hardcoded_links = True @@ -172,22 +172,22 @@ Index: Python-3.13.5/Doc/conf.py # Options for c_annotations extension # ----------------------------------- -Index: Python-3.13.5/Doc/library/doctest.rst +Index: Python-3.13.6/Doc/library/doctest.rst =================================================================== ---- Python-3.13.5.orig/Doc/library/doctest.rst 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/library/doctest.rst 2025-06-12 21:38:04.909944989 +0200 -@@ -308,7 +308,6 @@ - searched. Objects imported into the module are not searched. +--- Python-3.13.6.orig/Doc/library/doctest.rst 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/library/doctest.rst 2025-08-07 12:16:58.255583157 +0200 +@@ -310,7 +310,6 @@ + .. currentmodule:: None .. attribute:: module.__test__ - :no-typesetting: - In addition, there are cases when you want tests to be part of a module but not part - of the help text, which requires that the tests not be included in the docstring. -Index: Python-3.13.5/Doc/library/email.compat32-message.rst + .. currentmodule:: doctest + +Index: Python-3.13.6/Doc/library/email.compat32-message.rst =================================================================== ---- Python-3.13.5.orig/Doc/library/email.compat32-message.rst 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/library/email.compat32-message.rst 2025-06-12 21:38:04.910320877 +0200 +--- Python-3.13.6.orig/Doc/library/email.compat32-message.rst 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/library/email.compat32-message.rst 2025-08-07 12:16:58.256095517 +0200 @@ -7,7 +7,6 @@ :synopsis: The base class representing email messages in a fashion backward compatible with Python 3.2 @@ -196,11 +196,11 @@ Index: Python-3.13.5/Doc/library/email.compat32-message.rst The :class:`Message` class is very similar to the -Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst +Index: Python-3.13.6/Doc/library/xml.etree.elementtree.rst =================================================================== ---- Python-3.13.5.orig/Doc/library/xml.etree.elementtree.rst 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/library/xml.etree.elementtree.rst 2025-06-12 21:38:04.910594893 +0200 -@@ -874,7 +874,6 @@ +--- Python-3.13.6.orig/Doc/library/xml.etree.elementtree.rst 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/library/xml.etree.elementtree.rst 2025-08-07 12:16:58.256380542 +0200 +@@ -873,7 +873,6 @@ .. module:: xml.etree.ElementTree :noindex: @@ -208,10 +208,10 @@ Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst .. class:: Element(tag, attrib={}, **extra) -Index: Python-3.13.5/Doc/tools/check-warnings.py +Index: Python-3.13.6/Doc/tools/check-warnings.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/check-warnings.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/check-warnings.py 2025-06-12 21:38:04.910896050 +0200 +--- Python-3.13.6.orig/Doc/tools/check-warnings.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/check-warnings.py 2025-08-07 12:16:58.256796101 +0200 @@ -228,7 +228,8 @@ print(filename) for warning in warnings: @@ -231,10 +231,10 @@ Index: Python-3.13.5/Doc/tools/check-warnings.py for warning in warnings if "Doc/" in warning } -Index: Python-3.13.5/Doc/tools/extensions/audit_events.py +Index: Python-3.13.6/Doc/tools/extensions/audit_events.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/audit_events.py 2025-06-12 21:38:04.911151491 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/audit_events.py 2025-08-07 12:16:58.257103336 +0200 @@ -1,9 +1,6 @@ """Support for documenting audit events.""" @@ -370,10 +370,10 @@ Index: Python-3.13.5/Doc/tools/extensions/audit_events.py ) -> nodes.row: row = nodes.row() name_node = nodes.paragraph("", nodes.Text(name)) -Index: Python-3.13.5/Doc/tools/extensions/availability.py +Index: Python-3.13.6/Doc/tools/extensions/availability.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/availability.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/availability.py 2025-06-12 21:38:04.911376735 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/availability.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/availability.py 2025-08-07 12:16:58.257352322 +0200 @@ -1,8 +1,6 @@ """Support for documenting platform availability""" @@ -427,10 +427,10 @@ Index: Python-3.13.5/Doc/tools/extensions/availability.py app.add_directive("availability", Availability) return { -Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py +Index: Python-3.13.6/Doc/tools/extensions/c_annotations.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/c_annotations.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/c_annotations.py 2025-06-12 21:38:04.911575881 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/c_annotations.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/c_annotations.py 2025-08-07 12:16:58.257571556 +0200 @@ -9,22 +9,26 @@ * Set ``stable_abi_file`` to the path to stable ABI list. """ @@ -568,10 +568,10 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py return { "version": "1.0", "parallel_read_safe": True, -Index: Python-3.13.5/Doc/tools/extensions/changes.py +Index: Python-3.13.6/Doc/tools/extensions/changes.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/changes.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/changes.py 2025-06-12 21:38:04.911758715 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/changes.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/changes.py 2025-08-07 12:16:58.257773818 +0200 @@ -1,7 +1,5 @@ """Support for documenting version of changes, additions, deprecations.""" @@ -607,10 +607,10 @@ Index: Python-3.13.5/Doc/tools/extensions/changes.py # Override Sphinx's directives with support for 'next' app.add_directive("versionadded", PyVersionChange, override=True) app.add_directive("versionchanged", PyVersionChange, override=True) -Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py +Index: Python-3.13.6/Doc/tools/extensions/glossary_search.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/glossary_search.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/glossary_search.py 2025-06-12 21:38:04.911907976 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/glossary_search.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/glossary_search.py 2025-08-07 12:16:58.257959947 +0200 @@ -1,21 +1,27 @@ """Feature search results for glossary items prominently.""" @@ -654,10 +654,10 @@ Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py app.connect('doctree-resolved', process_glossary_nodes) app.connect('build-finished', write_glossary_json) -Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py +Index: Python-3.13.6/Doc/tools/extensions/implementation_detail.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/implementation_detail.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/implementation_detail.py 2025-06-12 21:38:04.912061736 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/implementation_detail.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/implementation_detail.py 2025-08-07 12:16:58.258140488 +0200 @@ -1,17 +1,10 @@ """Support for marking up implementation details.""" @@ -708,10 +708,10 @@ Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py app.add_directive("impl-detail", ImplementationDetail) return { -Index: Python-3.13.5/Doc/tools/extensions/issue_role.py +Index: Python-3.13.6/Doc/tools/extensions/issue_role.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/issue_role.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/issue_role.py 2025-06-12 21:38:04.912236134 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/issue_role.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/issue_role.py 2025-08-07 12:16:58.258306293 +0200 @@ -1,22 +1,18 @@ """Support for referencing issues in the tracker.""" @@ -757,10 +757,10 @@ Index: Python-3.13.5/Doc/tools/extensions/issue_role.py app.add_role("issue", BPOIssue()) app.add_role("gh", GitHubIssue()) -Index: Python-3.13.5/Doc/tools/extensions/misc_news.py +Index: Python-3.13.6/Doc/tools/extensions/misc_news.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/misc_news.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/misc_news.py 2025-06-12 21:38:04.912390144 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/misc_news.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/misc_news.py 2025-08-07 12:16:58.258481107 +0200 @@ -1,7 +1,5 @@ """Support for including Misc/NEWS.""" @@ -813,10 +813,10 @@ Index: Python-3.13.5/Doc/tools/extensions/misc_news.py app.add_directive("miscnews", MiscNews) return { -Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py +Index: Python-3.13.6/Doc/tools/extensions/patchlevel.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/patchlevel.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/patchlevel.py 2025-06-12 21:38:04.912563631 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/patchlevel.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/patchlevel.py 2025-08-07 12:16:58.258716335 +0200 @@ -3,7 +3,7 @@ import re import sys @@ -854,10 +854,10 @@ Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py version = f"{info.major}.{info.minor}" release = f"{info.major}.{info.minor}.{info.micro}" if info.releaselevel != "final": -Index: Python-3.13.5/Doc/tools/extensions/pydoc_topics.py +Index: Python-3.13.6/Doc/tools/extensions/pydoc_topics.py =================================================================== ---- Python-3.13.5.orig/Doc/tools/extensions/pydoc_topics.py 2025-06-12 21:37:37.257659788 +0200 -+++ Python-3.13.5/Doc/tools/extensions/pydoc_topics.py 2025-06-12 21:38:04.912726688 +0200 +--- Python-3.13.6.orig/Doc/tools/extensions/pydoc_topics.py 2025-08-06 15:05:20.000000000 +0200 ++++ Python-3.13.6/Doc/tools/extensions/pydoc_topics.py 2025-08-07 12:16:58.258911962 +0200 @@ -1,21 +1,23 @@ """Support for building "topic help" for pydoc.""" diff --git a/gh138131-exclude-pycache-from-digest.patch b/gh138131-exclude-pycache-from-digest.patch new file mode 100644 index 0000000..996d217 --- /dev/null +++ b/gh138131-exclude-pycache-from-digest.patch @@ -0,0 +1,30 @@ +From 4bb41b28d5bac09bccd636d8c5fefe1a462f63a7 Mon Sep 17 00:00:00 2001 +From: Alm +Date: Mon, 25 Aug 2025 08:56:38 +0300 +Subject: [PATCH 1/4] Exclude .pyc files from the computed digest in the jit + stencils + +--- + Tools/jit/_targets.py | 3 +++ + 1 file changed, 3 insertions(+) + +Index: Python-3.13.7/Tools/jit/_targets.py +=================================================================== +--- Python-3.13.7.orig/Tools/jit/_targets.py ++++ Python-3.13.7/Tools/jit/_targets.py +@@ -53,6 +53,9 @@ class _Target(typing.Generic[_S, _R]): + hasher.update(PYTHON_EXECUTOR_CASES_C_H.read_bytes()) + hasher.update((out / "pyconfig.h").read_bytes()) + for dirpath, _, filenames in sorted(os.walk(TOOLS_JIT)): ++ # Exclude cache files from digest computation to ensure reproducible builds. ++ if dirpath.endswith("__pycache__"): ++ continue + for filename in filenames: + hasher.update(pathlib.Path(dirpath, filename).read_bytes()) + return hasher.hexdigest() +Index: Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst +=================================================================== +--- /dev/null ++++ Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst +@@ -0,0 +1 @@ ++Ensure reproducible builds by making JIT stencil header generation deterministic. diff --git a/gh139257-Support-docutils-0.22.patch b/gh139257-Support-docutils-0.22.patch new file mode 100644 index 0000000..1f83363 --- /dev/null +++ b/gh139257-Support-docutils-0.22.patch @@ -0,0 +1,36 @@ +From 19b61747df3d62c822285c488753d6fbdf91e3ac Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Tue, 23 Sep 2025 10:20:16 +0200 +Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22 + +--- + Doc/tools/extensions/pyspecific.py | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +Index: Python-3.13.7/Doc/tools/extensions/pyspecific.py +=================================================================== +--- Python-3.13.7.orig/Doc/tools/extensions/pyspecific.py ++++ Python-3.13.7/Doc/tools/extensions/pyspecific.py +@@ -25,11 +25,21 @@ from sphinx.util.docutils import SphinxD + SOURCE_URI = 'https://github.com/python/cpython/tree/3.13/%s' + + # monkey-patch reST parser to disable alphabetic and roman enumerated lists ++def _disable_alphabetic_and_roman(text): ++ try: ++ # docutils >= 0.22 ++ from docutils.parsers.rst.states import InvalidRomanNumeralError ++ raise InvalidRomanNumeralError(text) ++ except ImportError: ++ # docutils < 0.22 ++ return None ++ ++ + from docutils.parsers.rst.states import Body + Body.enum.converters['loweralpha'] = \ + Body.enum.converters['upperalpha'] = \ + Body.enum.converters['lowerroman'] = \ +- Body.enum.converters['upperroman'] = lambda x: None ++ Body.enum.converters['upperroman'] = _disable_alphabetic_and_roman + + + class PyAwaitableMixin(object): diff --git a/idle3.appdata.xml b/idle3.appdata.xml index 554b7c4..b494f1e 100644 --- a/idle3.appdata.xml +++ b/idle3.appdata.xml @@ -1,16 +1,16 @@ - - - idle3.desktop + + org.python.IDLE3 + idle3.desktop + IDLE3 - CC0 - Python-2.0 Python 3 Integrated Development and Learning Environment +

IDLE is Python’s Integrated Development and Learning Environment. - The GUI is uniform between Windows, Unix, and Mac OS X. + The GUI is uniform between Windows, Unix, and macOS. IDLE provides an easy way to start writing, running, and debugging Python code.

@@ -19,17 +19,33 @@ It provides:

    -
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • -
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • -
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • -
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
    • +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
    • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
    • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
    • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
 + + + Python Software Foundation + + https://docs.python.org/3/library/idle.html + - http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png - http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png - http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + + + https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + + + https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + + Python-2.0 + CC0-1.0 zbyszek@in.waw.pl - + + diff --git a/python313.changes b/python313.changes index a7bcaf0..0793f2d 100644 --- a/python313.changes +++ b/python313.changes @@ -1,3 +1,444 @@ +------------------------------------------------------------------- +Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia + +- Update to 3.13.9: + - Library + - gh-139783: Fix inspect.getsourcelines() for the case when a + decorator is followed by a comment or an empty line. +- Update to 3.13.8: + - macOS + - gh-124111: Update macOS installer to use Tcl/Tk 8.6.17. + - gh-139573: Updated bundled version of OpenSSL to 3.0.18. + - Windows + - gh-139573: Updated bundled version of OpenSSL to 3.0.18. + - gh-138896: Fix error installing C runtime on non-updated Windows + machines + - Tools/Demos + - gh-139330: SBOM generation tool didn’t cross-check the version + and checksum values against the Modules/expat/refresh.sh script, + leading to the values becoming out-of-date during routine + updates. + - gh-137873: The iOS test runner has been simplified, resolving + some issues that have been observed using the runner in GitHub + Actions and Azure Pipelines test environments. + - Tests + - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the + --verbose option anymore. Patch by Victor Stinner. + - Security + - gh-139400: xml.parsers.expat: Make sure that parent Expat + parsers are only garbage-collected once they are no longer + referenced by subparsers created by + ExternalEntityParserCreate(). Patch by Sebastian Pipping. + - gh-139283: sqlite3: correctly handle maximum number of rows to + fetch in Cursor.fetchmany and reject negative values for + Cursor.arraysize. Patch by Bénédikt Tran. + - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser + according to the HTML5 standard: ] ]> and ]] > no longer end the + CDATA section. Add private method _set_support_cdata() which can + be used to specify how to parse <[CDATA[ — as a CDATA section in + foreign content (SVG or MathML) or as a bogus comment in the + HTML namespace. + - Library + - gh-139312: Upgrade bundled libexpat to 2.7.3 + - gh-139289: Do a real lazy-import on rlcompleter in pdb and + restore the existing completer after importing rlcompleter. + - gh-139210: Fix use-after-free when reporting unknown event in + xml.etree.ElementTree.iterparse(). Patch by Ken Jin. + - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in + subprocess. + - gh-112729: Fix crash when calling _interpreters.create when the + process is out of memory. + - gh-139076: Fix a bug in the pydoc module that was hiding + functions in a Python module if they were implemented in an + extension module and the module did not have __all__. + - gh-138998: Update bundled libexpat to 2.7.2 + - gh-130567: Fix possible crash in locale.strxfrm() due to a + platform bug on macOS. + - gh-138779: Support device numbers larger than 2**63-1 for the + st_rdev field of the os.stat_result structure. + - gh-128636: Fix crash in PyREPL when os.environ is overwritten + with an invalid value for mac + - gh-88375: Fix normalization of the robots.txt rules and URLs in + the urllib.robotparser module. No longer ignore trailing ?. + Distinguish raw special characters ?, = and & from the + percent-encoded ones. + - gh-138515: email is added to Emscripten build. + - gh-111788: Fix parsing errors in the urllib.robotparser module. + Don’t fail trying to parse weird paths. Don’t fail trying to + decode non-UTF-8 robots.txt files. + - gh-138432: zoneinfo.reset_tzpath() will now convert any + os.PathLike objects it receives into strings before adding them + to TZPATH. It will raise TypeError if anything other than a + string is found after this conversion. If given an os.PathLike + object that represents a relative path, it will now raise + ValueError instead of TypeError, and present a more informative + error message. + - gh-138008: Fix segmentation faults in the ctypes module due to + invalid argtypes. Patch by Dung Nguyen. + - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other + platforms). + - gh-138204: Forbid expansion of shared anonymous memory maps on + Linux, which caused a bus error. + - gh-138010: Fix an issue where defining a class with a + @warnings.deprecated-decorated base class may not invoke the + correct __init_subclass__() method in cases involving multiple + inheritance. Patch by Brian Schubert. + - gh-138133: Prevent infinite traceback loop when sending CTRL^C + to Python through strace. + - gh-134869: Fix an issue where pressing Ctrl+C during tab + completion in the REPL would leave the autocompletion menu in a + corrupted state. + - gh-137317: inspect.signature() now correctly handles classes + that use a descriptor on a wrapped __init__() or __new__() + method. Contributed by Yongyu Yan. + - gh-137754: Fix import of the zoneinfo module if the C + implementation of the datetime module is not available. + - gh-137490: Handle ECANCELED in the same way as EINTR in + signal.sigwaitinfo() on NetBSD. + - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and + inspect.getsource() for generator expressions. + - gh-137017: Fix threading.Thread.is_alive to remain True until + the underlying OS thread is fully cleaned up. This avoids false + negatives in edge cases involving thread monitoring or premature + threading.Thread.is_alive calls. + - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException + instead of a ValueError if Python has been built without MD5 + support. In particular, SMTP clients will not attempt to use + this method even if the remote server is assumed to support it. + Patch by Bénédikt Tran. + - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if + CRAM-MD5 authentication is not supported. Patch by Bénédikt + Tran. + - gh-135386: Fix opening a dbm.sqlite3 database for reading from + read-only file or directory. + - gh-126631: Fix multiprocessing forkserver bug which prevented + __main__ from being preloaded. + - gh-123085: In a bare call to importlib.resources.files(), ensure + the caller’s frame is properly detected when importlib.resources + is itself available as a compiled module only (no source). + - gh-118981: Fix potential hang in + multiprocessing.popen_spawn_posix that can happen when the child + proc dies early by closing the child fds right away. + - gh-78319: UTF8 support for the IMAP APPEND command has been made + RFC compliant. + - bpo-38735: Fix failure when importing a module from the root + directory on unix-like platforms with sys.pycache_prefix set. + - bpo-41839: Allow negative priority values from + os.sched_get_priority_min() and os.sched_get_priority_max() + functions. + - Core and Builtins + - gh-134466: Don’t run PyREPL in a degraded environment where + setting termios attributes is not allowed. + - gh-71810: Raise OverflowError for (-1).to_bytes() for signed + conversions when bytes count is zero. Patch by Sergey B + Kirpichev. + - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and + __bases__ from the __dir__() entries of types.GenericAlias. + - gh-134163: Fix a hang when the process is out of memory inside + an exception handler. + - gh-138479: Fix a crash when a generic object’s __typing_subst__ + returns an object that isn’t a tuple. + - gh-137576: Fix for incorrect source code being shown in + tracebacks from the Basic REPL when PYTHONSTARTUP is given. + Patch by Adam Hartz. + - gh-132744: Certain calls now check for runaway recursion and + respect the system recursion limit. + - C API + - gh-87135: Attempting to acquire the GIL after runtime + finalization has begun in a different thread now causes the + thread to hang rather than terminate, which avoids potential + crashes or memory corruption caused by attempting to terminate a + thread that is running code not specifically designed to support + termination. In most cases this hanging is harmless since the + process will soon exit anyway. + While not officially marked deprecated until 3.14, + PyThread_exit_thread is no longer called internally and remains + solely for interface compatibility. Its behavior is inconsistent + across platforms, and it can only be used safely in the unlikely + case that every function in the entire call stack has been + designed to support the platform-dependent termination + mechanism. It is recommended that users of this function change + their design to not require thread termination. In the unlikely + case that thread termination is needed and can be done safely, + users may migrate to calling platform-specific APIs such as + pthread_exit (POSIX) or _endthreadex (Windows) directly. + - Build + - gh-135734: Python can correctly be configured and built with + ./configure --enable-optimizations --disable-test-modules. + Previously, the profile data generation step failed due to PGO + tests where immortalization couldn’t be properly suppressed. + Patch by Bénédikt Tran. + +------------------------------------------------------------------- +Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia + +- Add gh139257-Support-docutils-0.22.patch to fix build with latest + docutils (>=0.22) gh#python/cpython#139257 + +------------------------------------------------------------------- +Mon Sep 22 06:41:53 UTC 2025 - Dominique Leuenberger + +- Drop AppStream: this results in a different cycle than + appstream-glib. As the appdata.xml is controlled by ourselves, we + can get away with just manually validating it when changing it. + +------------------------------------------------------------------- +Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger + +- Require AppStream to validate appdata file instead of deprecated + appstream-glib. +- Update idle3.appdata.xml to pass the more pedantic appstreamcli. + +------------------------------------------------------------------- +Tue Sep 9 10:11:58 UTC 2025 - Daniel Garcia + +- Add gh138131-exclude-pycache-from-digest.patch fixing reproducible + build for python-nogil. + (bsc#1244680, gh#python/cpython#138131) + +------------------------------------------------------------------- +Fri Aug 15 12:31:08 UTC 2025 - Matej Cepl + +- Update to 3.13.7: + - gh-137583: Fix a deadlock introduced in 3.13.6 when a call + to ssl.SSLSocket.recv was blocked in one thread, and then + another method on the object (such as ssl.SSLSocket.send) was + subsequently called in another thread. + - gh-137044: Return large limit values as positive integers + instead of negative integers in resource.getrlimit(). + Accept large values and reject negative values (except + RLIM_INFINITY) for limits in resource.setrlimit(). + - gh-136914: Fix retrieval of doctest.DocTest.lineno + for objects decorated with functools.cache() or + functools.cached_property. + - gh-131788: Make ResourceTracker.send from multiprocessing + re-entrant safe + - gh-136155: We are now checking for fatal errors in EPUB + builds in CI. + - gh-137400: Fix a crash in the free threading build when + disabling profiling or tracing across all threads with + PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads() + or their Python equivalents threading.settrace_all_threads() + and threading.setprofile_all_threads(). +- Remove upstreamed patch: + - gh137583-only-lock-SSL-context.patch + +------------------------------------------------------------------- +Tue Aug 12 09:16:40 UTC 2025 - Matej Cepl + +- Add gh137583-only-lock-SSL-context.patch fixing the + regression in 3.13.6 by breaking non-blocking TLS connections + (gh#python/cpython#137583). + +------------------------------------------------------------------- +Thu Aug 7 10:08:11 UTC 2025 - Matej Cepl + +- Update to 3.13.6: + - Security + - gh-135661: Fix parsing start and end tags in + html.parser.HTMLParser according to the HTML5 standard. + - Whitespaces no longer accepted between does not end the script section. + - Vertical tabulation (\v) and non-ASCII whitespaces no + longer recognized as whitespaces. The only whitespaces + are \t\n\r\f and space. + - Null character (U+0000) no longer ends the tag name. + - Attributes and slashes after the tag name in end tags + are now ignored, instead of terminating after the first + > in quoted attribute value. E.g. . + - Multiple slashes and whitespaces between the last + attribute and closing > are now ignored in both start + and end tags. E.g. . + - Multiple = between attribute name and value are no + longer collapsed. E.g. produces attribute + “foo” with value “=bar”. + - gh-102555: Fix comment parsing in html.parser.HTMLParser + according to the HTML5 standard. --!> now ends the comment. + -- > no longer ends the comment. Support abnormally ended + empty comments <--> and <--->. + - gh-135462: Fix quadratic complexity in processing specially + crafted input in html.parser.HTMLParser. End-of-file errors + are now handled according to the HTML5 specs – comments and + declarations are automatically closed, tags are ignored + (CVE-2025-6069, bsc#1244705). + - gh-118350: Fix support of escapable raw text mode (elements + “textarea” and “title”) in html.parser.HTMLParser. + - Core and Builtins + - gh-58124: Fix name of the Python encoding in Unicode errors + of the code page codec: use “cp65000” and “cp65001” instead + of “CP_UTF7” and “CP_UTF8” which are not valid Python code + names. Patch by Victor Stinner. + - gh-137314: Fixed a regression where raw f-strings + incorrectly interpreted escape sequences in format + specifications. Raw f-strings now properly preserve literal + backslashes in format specs, matching the behavior from + Python 3.11. For example, rf"{obj:\xFF}" now correctly + produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo. + - gh-136541: Fix some issues with the perf trampolines + on x86-64 and aarch64. The trampolines were not being + generated correctly for some cases, which could lead to + the perf integration not working correctly. Patch by Pablo + Galindo. + - gh-109700: Fix memory error handling in + PyDict_SetDefault(). + - gh-78465: Fix error message for cls.__new__(cls, ...) where + cls is not instantiable builtin or extension type (with + tp_new set to NULL). + - gh-135871: Non-blocking mutex lock attempts now return + immediately when the lock is busy instead of briefly + spinning in the free threading build. + - gh-135607: Fix potential weakref races in an object’s + destructor on the free threaded build. + - gh-135496: Fix typo in the f-string conversion type error + (“exclamanation” -> “exclamation”). + - gh-130077: Properly raise custom syntax errors when + incorrect syntax containing names that are prefixes of soft + keywords is encountered. Patch by Pablo Galindo. + - gh-135148: Fixed a bug where f-string debug expressions + (using =) would incorrectly strip out parts of strings + containing escaped quotes and # characters. Patch by Pablo + Galindo. + - gh-133136: Limit excess memory usage in the free threading + build when a large dictionary or list is resized and + accessed by multiple threads. + - gh-132617: Fix dict.update() modification check that could + incorrectly raise a “dict mutated during update” error when + a different dictionary was modified that happens to share + the same underlying keys object. + - gh-91153: Fix a crash when a bytearray is concurrently + mutated during item assignment. + - gh-127971: Fix off-by-one read beyond the end of a string + in string search. + - gh-125723: Fix crash with gi_frame.f_locals when generator + frames outlive their generator. Patch by Mikhail Efimov. + - Library + - gh-132710: If possible, ensure that uuid.getnode() + returns the same result even across different processes. + Previously, the result was constant only within the same + process. Patch by Bénédikt Tran. + - gh-137273: Fix debug assertion failure in + locale.setlocale() on Windows. + - gh-137257: Bump the version of pip bundled in ensurepip to + version 25.2 + - gh-81325: tarfile.TarFile now accepts a path-like when + working on a tar archive. (Contributed by Alexander Enrique + Urieles Nieto in gh-81325.) + - gh-130522: Fix unraisable TypeError raised during + interpreter shutdown in the threading module. + - gh-130577: tarfile now validates archives to ensure member + offsets are non-negative. (Contributed by Alexander Enrique + Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249). + - gh-136549: Fix signature of threading.excepthook(). + - gh-136523: Fix wave.Wave_write emitting an unraisable when + open raises. + - gh-52876: Add missing keepends (default True) + parameter to codecs.StreamReaderWriter.readline() and + codecs.StreamReaderWriter.readlines(). + - gh-85702: If zoneinfo._common.load_tzdata is given a + package without a resource a zoneinfo.ZoneInfoNotFoundError + is raised rather than a PermissionError. Patch by Victor + Stinner. + - gh-134759: Fix UnboundLocalError in + email.message.Message.get_payload() when the payload to + decode is a bytes object. Patch by Kliment Lamonov. + - gh-136028: Fix parsing month names containing “İ” (U+0130, + LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime(). + This affects locales az_AZ, ber_DZ, ber_MA and crh_UA. + - gh-135995: In the palmos encoding, make byte 0x9b decode to + › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK). + - gh-53203: Fix time.strptime() for %c and %x formats on + locales byn_ER, wal_ET and lzh_TW, and for %X format on + locales ar_SA, bg_BG and lzh_TW. + - gh-91555: An earlier change, which was introduced in + 3.13.4, has been reverted. It disabled logging for a logger + during handling of log messages for that logger. Since the + reversion, the behaviour should be as it was before 3.13.4. + - gh-135878: Fixes a crash of types.SimpleNamespace on free + threading builds, when several threads were calling its + __repr__() method at the same time. + - gh-135836: Fix IndexError in + asyncio.loop.create_connection() that could occur when + non-OSError exception is raised during connection and + socket’s close() raises OSError. + - gh-135836: Fix IndexError in + asyncio.loop.create_connection() that could occur when the + Happy Eyeballs algorithm resulted in an empty exceptions + list during connection attempts. + - gh-135855: Raise TypeError instead of SystemError when + _interpreters.set___main___attrs() is passed a non-dict + object. Patch by Brian Schubert. + - gh-135815: netrc: skip security checks if os.getuid() is + missing. Patch by Bénédikt Tran. + - gh-135640: Address bug where it was possible to call + xml.etree.ElementTree.ElementTree.write() on an ElementTree + object with an invalid root element. This behavior blanked + the file passed to write if it already existed. + - gh-135444: Fix asyncio.DatagramTransport.sendto() to + account for datagram header size when data cannot be sent. + - gh-135497: Fix os.getlogin() failing for longer usernames + on BSD-based platforms. + - gh-135487: Fix reprlib.Repr.repr_int() when given integers + with more than sys.get_int_max_str_digits() digits. Patch + by Bénédikt Tran. + - gh-135335: multiprocessing: Flush stdout and stderr after + preloading modules in the forkserver. + - gh-135244: uuid: when the MAC address cannot be + determined, the 48-bit node ID is now generated with a + cryptographically-secure pseudo-random number generator + (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1(). + - gh-135069: Fix the “Invalid error handling” exception in + encodings.idna.IncrementalDecoder to correctly replace the + ‘errors’ parameter. + - gh-134698: Fix a crash when calling methods of + ssl.SSLContext or ssl.SSLSocket across multiple threads. + - gh-132124: On POSIX-compliant systems, + multiprocessing.util.get_temp_dir() now ignores TMPDIR + (and similar environment variables) if the path length of + AF_UNIX socket files exceeds the platform-specific maximum + length when using the forkserver start method. Patch by + Bénédikt Tran. + - gh-133439: Fix dot commands with trailing spaces are + mistaken for multi-line SQL statements in the sqlite3 + command-line interface. + - gh-132969: Prevent the ProcessPoolExecutor executor thread, + which remains running when shutdown(wait=False), from + attempting to adjust the pool’s worker processes after + the object state has already been reset during shutdown. + A combination of conditions, including a worker process + having terminated abormally, resulted in an exception and + a potential hang when the still-running executor thread + attempted to replace dead workers within the pool. + - gh-130664: Support the '_' digit separator in formatting + of the integral part of Decimal’s. Patch by Sergey B + Kirpichev. + - gh-85702: If zoneinfo._common.load_tzdata is given a + package without a resource a ZoneInfoNotFoundError is + raised rather than a IsADirectoryError. + - gh-130664: Handle corner-case for Fraction’s formatting: + treat zero-padding (preceding the width field by a zero + ('0') character) as an equivalent to a fill character of + '0' with an alignment type of '=', just as in case of + float’s. + - Tools/Demos + - gh-135968: Stubs for strip are now provided as part of an + iOS install. + - Tests + - gh-135966: The iOS testbed now handles the app_packages + folder as a site directory. + - gh-135494: Fix regrtest to support excluding tests from + --pgo tests. Patch by Victor Stinner. + - gh-135489: Show verbose output for failing tests during PGO + profiling step with –enable-optimizations. + - Documentation + - gh-135171: Document that the iterator for the leftmost for + clause in the generator expression is created immediately. + - Build + - gh-135497: Fix the detection of MAXLOGNAME in the + configure.ac script. +- Remove upstreamed patches: + - CVE-2025-8194-tarfile-no-neg-offsets.patch + - CVE-2025-6069-quad-complex-HTMLParser.patch + ------------------------------------------------------------------- Fri Aug 1 20:09:24 UTC 2025 - Matej Cepl diff --git a/python313.spec b/python313.spec index dce9b8e..1335e0e 100644 --- a/python313.spec +++ b/python313.spec @@ -1,7 +1,7 @@ # # spec file for package python313 # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -167,7 +167,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.13.5 +Version: 3.13.9 %define tarversion %{version} %define tarname Python-%{tarversion} Release: 0 @@ -231,12 +231,10 @@ Patch42: gh126985-mv-pyvenv.cfg2getpath.patch # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com # Doc: Generate ids for audit_events using docname Patch43: bsc1243155-sphinx-non-determinism.patch -# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com -# avoid quadratic complexity when processing malformed inputs with HTMLParser -Patch44: CVE-2025-6069-quad-complex-HTMLParser.patch -# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com -# tarfile now validates archives to ensure member offsets are non-negative -Patch45: CVE-2025-8194-tarfile-no-neg-offsets.patch +# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 daniel.garcia@suse.com +Patch44: gh138131-exclude-pycache-from-digest.patch +# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com +Patch45: gh139257-Support-docutils-0.22.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -291,8 +289,6 @@ ExcludeArch: aarch64 %endif %if %{with general} -# required for idle3 (.desktop and .appdata.xml files) -BuildRequires: appstream-glib BuildRequires: gcc-c++ BuildRequires: gdbm-devel BuildRequires: gettext @@ -559,7 +555,7 @@ rm Lib/site-packages/README.txt tar xvf %{SOURCE21} # Don't fail on warnings when building documentation -# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile +sed -i -e '/^SPHINXERRORHANDLING/s/--fail-on-warning//' Doc/Makefile %build export SUSE_VERSION="0%{?suse_version}" @@ -784,7 +780,6 @@ install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desk cp %{SOURCE20} idle%{python_abi}.appdata.xml sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml -appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml %fdupes %{buildroot}/%{_libdir}/python%{python_abi} %endif