Accepting request 1311758 from devel:languages:python:Factory

OBS-URL: https://build.opensuse.org/request/show/1311758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python313?expand=0&rev=33

CVE-2025-6069-quad-complex-HTMLParser.patch

@@ -1,247 +0,0 @@
-From 9043edabc7e2f0dd655146e0a4571e2a0b2906af Mon Sep 17 00:00:00 2001
-From: Serhiy Storchaka <storchaka@gmail.com>
-Date: Fri, 13 Jun 2025 19:57:48 +0300
-Subject: [PATCH] gh-135462: Fix quadratic complexity in processing special
- input in HTMLParser (GH-135464)
-
-End-of-file errors are now handled according to the HTML5 specs --
-comments and declarations are automatically closed, tags are ignored.
-(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41)
-
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
----
- Lib/html/parser.py                                                       |   41 +++-
- Lib/test/test_htmlparser.py                                              |   97 +++++++---
- Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst |    4 
- 3 files changed, 111 insertions(+), 31 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
-
-Index: Python-3.13.5/Lib/html/parser.py
-===================================================================
---- Python-3.13.5.orig/Lib/html/parser.py	2025-06-11 17:36:57.000000000 +0200
-+++ Python-3.13.5/Lib/html/parser.py	2025-07-02 16:49:52.020175099 +0200
-@@ -27,6 +27,7 @@
- attr_charref = re.compile(r'&(#[0-9]+|#[xX][0-9a-fA-F]+|[a-zA-Z][a-zA-Z0-9]*)[;=]?')
- 
- starttagopen = re.compile('<[a-zA-Z]')
-+endtagopen = re.compile('</[a-zA-Z]')
- piclose = re.compile('>')
- commentclose = re.compile(r'--\s*>')
- # Note:
-@@ -195,7 +196,7 @@
-                     k = self.parse_pi(i)
-                 elif startswith("<!", i):
-                     k = self.parse_html_declaration(i)
--                elif (i + 1) < n:
-+                elif (i + 1) < n or end:
-                     self.handle_data("<")
-                     k = i + 1
-                 else:
-@@ -203,17 +204,35 @@
-                 if k < 0:
-                     if not end:
-                         break
--                    k = rawdata.find('>', i + 1)
--                    if k < 0:
--                        k = rawdata.find('<', i + 1)
--                        if k < 0:
--                            k = i + 1
-+                    if starttagopen.match(rawdata, i):  # < + letter
-+                        pass
-+                    elif startswith("</", i):
-+                        if i + 2 == n:
-+                            self.handle_data("</")
-+                        elif endtagopen.match(rawdata, i):  # </ + letter
-+                            pass
-+                        else:
-+                            # bogus comment
-+                            self.handle_comment(rawdata[i+2:])
-+                    elif startswith("<!--", i):
-+                        j = n
-+                        for suffix in ("--!", "--", "-"):
-+                            if rawdata.endswith(suffix, i+4):
-+                                j -= len(suffix)
-+                                break
-+                        self.handle_comment(rawdata[i+4:j])
-+                    elif startswith("<![CDATA[", i):
-+                        self.unknown_decl(rawdata[i+3:])
-+                    elif rawdata[i:i+9].lower() == '<!doctype':
-+                        self.handle_decl(rawdata[i+2:])
-+                    elif startswith("<!", i):
-+                        # bogus comment
-+                        self.handle_comment(rawdata[i+2:])
-+                    elif startswith("<?", i):
-+                        self.handle_pi(rawdata[i+2:])
-                     else:
--                        k += 1
--                    if self.convert_charrefs and not self.cdata_elem:
--                        self.handle_data(unescape(rawdata[i:k]))
--                    else:
--                        self.handle_data(rawdata[i:k])
-+                        raise AssertionError("we should not get here!")
-+                    k = n
-                 i = self.updatepos(i, k)
-             elif startswith("&#", i):
-                 match = charref.match(rawdata, i)
-Index: Python-3.13.5/Lib/test/test_htmlparser.py
-===================================================================
---- Python-3.13.5.orig/Lib/test/test_htmlparser.py	2025-06-11 17:36:57.000000000 +0200
-+++ Python-3.13.5/Lib/test/test_htmlparser.py	2025-07-02 16:49:52.020821697 +0200
-@@ -5,6 +5,7 @@
- import unittest
- 
- from unittest.mock import patch
-+from test import support
- 
- 
- class EventCollector(html.parser.HTMLParser):
-@@ -430,28 +431,34 @@
-                             ('data', '<'),
-                             ('starttag', 'bc<', [('a', None)]),
-                             ('endtag', 'html'),
--                            ('data', '\n<img src="URL>'),
--                            ('comment', '/img'),
--                            ('endtag', 'html<')])
-+                            ('data', '\n')])
- 
-     def test_starttag_junk_chars(self):
-+        self._run_check("<", [('data', '<')])
-+        self._run_check("<>", [('data', '<>')])
-+        self._run_check("< >", [('data', '< >')])
-+        self._run_check("< ", [('data', '< ')])
-         self._run_check("</>", [])
-+        self._run_check("<$>", [('data', '<$>')])
-         self._run_check("</$>", [('comment', '$')])
-         self._run_check("</", [('data', '</')])
--        self._run_check("</a", [('data', '</a')])
-+        self._run_check("</a", [])
-+        self._run_check("</ a>", [('endtag', 'a')])
-+        self._run_check("</ a", [('comment', ' a')])
-         self._run_check("<a<a>", [('starttag', 'a<a', [])])
-         self._run_check("</a<a>", [('endtag', 'a<a')])
--        self._run_check("<!", [('data', '<!')])
--        self._run_check("<a", [('data', '<a')])
--        self._run_check("<a foo='bar'", [('data', "<a foo='bar'")])
--        self._run_check("<a foo='bar", [('data', "<a foo='bar")])
--        self._run_check("<a foo='>'", [('data', "<a foo='>'")])
--        self._run_check("<a foo='>", [('data', "<a foo='>")])
-+        self._run_check("<!", [('comment', '')])
-+        self._run_check("<a", [])
-+        self._run_check("<a foo='bar'", [])
-+        self._run_check("<a foo='bar", [])
-+        self._run_check("<a foo='>'", [])
-+        self._run_check("<a foo='>", [])
-         self._run_check("<a$>", [('starttag', 'a$', [])])
-         self._run_check("<a$b>", [('starttag', 'a$b', [])])
-         self._run_check("<a$b/>", [('startendtag', 'a$b', [])])
-         self._run_check("<a$b  >", [('starttag', 'a$b', [])])
-         self._run_check("<a$b  />", [('startendtag', 'a$b', [])])
-+        self._run_check("</a$b>", [('endtag', 'a$b')])
- 
-     def test_slashes_in_starttag(self):
-         self._run_check('<a foo="var"/>', [('startendtag', 'a', [('foo', 'var')])])
-@@ -576,21 +583,50 @@
-         for html, expected in data:
-             self._run_check(html, expected)
- 
--    def test_EOF_in_comments_or_decls(self):
-+    def test_eof_in_comments(self):
-         data = [
--            ('<!', [('data', '<!')]),
--            ('<!-', [('data', '<!-')]),
--            ('<!--', [('data', '<!--')]),
--            ('<![', [('data', '<![')]),
--            ('<![CDATA[', [('data', '<![CDATA[')]),
--            ('<![CDATA[x', [('data', '<![CDATA[x')]),
--            ('<!DOCTYPE', [('data', '<!DOCTYPE')]),
--            ('<!DOCTYPE HTML', [('data', '<!DOCTYPE HTML')]),
-+            ('<!--', [('comment', '')]),
-+            ('<!---', [('comment', '')]),
-+            ('<!----', [('comment', '')]),
-+            ('<!-----', [('comment', '-')]),
-+            ('<!------', [('comment', '--')]),
-+            ('<!----!', [('comment', '')]),
-+            ('<!---!', [('comment', '-!')]),
-+            ('<!---!>', [('comment', '-!>')]),
-+            ('<!--foo', [('comment', 'foo')]),
-+            ('<!--foo-', [('comment', 'foo')]),
-+            ('<!--foo--', [('comment', 'foo')]),
-+            ('<!--foo--!', [('comment', 'foo')]),
-+            ('<!--<!--', [('comment', '<!')]),
-+            ('<!--<!--!', [('comment', '<!')]),
-         ]
-         for html, expected in data:
-             self._run_check(html, expected)
-+
-+    def test_eof_in_declarations(self):
-+        data = [
-+            ('<!', [('comment', '')]),
-+            ('<!-', [('comment', '-')]),
-+            ('<![', [('comment', '[')]),
-+            ('<![CDATA[', [('unknown decl', 'CDATA[')]),
-+            ('<![CDATA[x', [('unknown decl', 'CDATA[x')]),
-+            ('<![CDATA[x]', [('unknown decl', 'CDATA[x]')]),
-+            ('<![CDATA[x]]', [('unknown decl', 'CDATA[x]]')]),
-+            ('<!DOCTYPE', [('decl', 'DOCTYPE')]),
-+            ('<!DOCTYPE ', [('decl', 'DOCTYPE ')]),
-+            ('<!DOCTYPE html', [('decl', 'DOCTYPE html')]),
-+            ('<!DOCTYPE html ', [('decl', 'DOCTYPE html ')]),
-+            ('<!DOCTYPE html PUBLIC', [('decl', 'DOCTYPE html PUBLIC')]),
-+            ('<!DOCTYPE html PUBLIC "foo', [('decl', 'DOCTYPE html PUBLIC "foo')]),
-+            ('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo',
-+             [('decl', 'DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "foo')]),
-+        ]
-+        for html, expected in data:
-+            self._run_check(html, expected)
-+
-     def test_bogus_comments(self):
--        html = ('<! not really a comment >'
-+        html = ('<!ELEMENT br EMPTY>'
-+                '<! not really a comment >'
-                 '<! not a comment either -->'
-                 '<! -- close enough -->'
-                 '<!><!<-- this was an empty comment>'
-@@ -604,6 +640,7 @@
-                 '<![CDATA]]>'  # required '[' after CDATA
-         )
-         expected = [
-+            ('comment', 'ELEMENT br EMPTY'),
-             ('comment', ' not really a comment '),
-             ('comment', ' not a comment either --'),
-             ('comment', ' -- close enough --'),
-@@ -684,6 +721,26 @@
-              ('endtag', 'a'), ('data', ' bar & baz')]
-         )
- 
-+    @support.requires_resource('cpu')
-+    def test_eof_no_quadratic_complexity(self):
-+        # Each of these examples used to take about an hour.
-+        # Now they take a fraction of a second.
-+        def check(source):
-+            parser = html.parser.HTMLParser()
-+            parser.feed(source)
-+            parser.close()
-+        n = 120_000
-+        check("<a " * n)
-+        check("<a a=" * n)
-+        check("</a " * 14 * n)
-+        check("</a a=" * 11 * n)
-+        check("<!--" * 4 * n)
-+        check("<!" * 60 * n)
-+        check("<?" * 19 * n)
-+        check("</$" * 15 * n)
-+        check("<![CDATA[" * 9 * n)
-+        check("<!doctype" * 35 * n)
-+
- 
- class AttributesTestCase(TestCaseBase):
- 
-Index: Python-3.13.5/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.13.5/Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst	2025-07-02 16:49:52.021124951 +0200
-@@ -0,0 +1,4 @@
-+Fix quadratic complexity in processing specially crafted input in
-+:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
-+to the HTML5 specs -- comments and declarations are automatically closed,
-+tags are ignored.

CVE-2025-8194-tarfile-no-neg-offsets.patch

@@ -1,212 +0,0 @@
-From fd29bcd380150035ef825b762d8cd085bdab6e53 Mon Sep 17 00:00:00 2001
-From: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Date: Mon, 28 Jul 2025 17:37:26 +0200
-Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member
- offsets are non-negative (GH-137027) (cherry picked from commit
- 7040aa54f14676938970e10c5f74ea93cd56aa38)
-
-Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
----
- Lib/tarfile.py                                                          |    3 
- Lib/test/test_tarfile.py                                                |  156 ++++++++++
- Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst |    3 
- 3 files changed, 162 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-
-Index: Python-3.13.5/Lib/tarfile.py
-===================================================================
---- Python-3.13.5.orig/Lib/tarfile.py	2025-08-01 22:13:44.185826095 +0200
-+++ Python-3.13.5/Lib/tarfile.py	2025-08-01 22:13:45.524140183 +0200
-@@ -1636,6 +1636,9 @@
-         """Round up a byte count by BLOCKSIZE and return it,
-            e.g. _block(834) => 1024.
-         """
-+        # Only non-negative offsets are allowed
-+        if count < 0:
-+            raise InvalidHeaderError("invalid offset")
-         blocks, remainder = divmod(count, BLOCKSIZE)
-         if remainder:
-             blocks += 1
-Index: Python-3.13.5/Lib/test/test_tarfile.py
-===================================================================
---- Python-3.13.5.orig/Lib/test/test_tarfile.py	2025-06-11 17:36:57.000000000 +0200
-+++ Python-3.13.5/Lib/test/test_tarfile.py	2025-08-01 22:13:45.524778259 +0200
-@@ -50,6 +50,7 @@
- xzname = os.path.join(TEMPDIR, "testtar.tar.xz")
- tmpname = os.path.join(TEMPDIR, "tmp.tar")
- dotlessname = os.path.join(TEMPDIR, "testtar")
-+SPACE = b" "
- 
- sha256_regtype = (
-     "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
-@@ -4578,6 +4579,161 @@
-         ar.extractall(self.testdir, filter='fully_trusted')
- 
- 
-+class OffsetValidationTests(unittest.TestCase):
-+    tarname = tmpname
-+    invalid_posix_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011407" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 6 bytes, version: 2 bytes
-+        + tarfile.POSIX_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # devminor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # prefix: 155 bytes
-+        + tarfile.NUL * tarfile.LENGTH_PREFIX
-+        # padding: 12 bytes
-+        + tarfile.NUL * 12
-+    )
-+    invalid_gnu_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, null terminator: 8 bytes
-+        + b"0000755" + tarfile.NUL
-+        # uid, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011327" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 8 bytes
-+        + tarfile.GNU_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # devminor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # padding: 167 bytes
-+        + tarfile.NUL * 167
-+    )
-+    invalid_v7_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0010070" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # padding: 255 bytes
-+        + tarfile.NUL * 255
-+    )
-+    valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
-+    data_block = b"\xff" * tarfile.BLOCKSIZE
-+
-+    def _write_buffer(self, buffer):
-+        with open(self.tarname, "wb") as f:
-+            f.write(buffer)
-+
-+    def _get_members(self, ignore_zeros=None):
-+        with open(self.tarname, "rb") as f:
-+            with tarfile.open(
-+                mode="r", fileobj=f, ignore_zeros=ignore_zeros
-+            ) as tar:
-+                return tar.getmembers()
-+
-+    def _assert_raises_read_error_exception(self):
-+        with self.assertRaisesRegex(
-+            tarfile.ReadError, "file could not be opened successfully"
-+        ):
-+            self._get_members()
-+
-+    def test_invalid_offset_header_validations(self):
-+        for tar_format, invalid_header in (
-+            ("posix", self.invalid_posix_header),
-+            ("gnu", self.invalid_gnu_header),
-+            ("v7", self.invalid_v7_header),
-+        ):
-+            with self.subTest(format=tar_format):
-+                self._write_buffer(invalid_header)
-+                self._assert_raises_read_error_exception()
-+
-+    def test_early_stop_at_invalid_offset_header(self):
-+        buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
-+        self._write_buffer(buffer)
-+        members = self._get_members()
-+        self.assertEqual(len(members), 1)
-+        self.assertEqual(members[0].name, "filename")
-+        self.assertEqual(members[0].offset, 0)
-+
-+    def test_ignore_invalid_archive(self):
-+        # 3 invalid headers with their respective data
-+        buffer = (self.invalid_gnu_header + self.data_block) * 3
-+        self._write_buffer(buffer)
-+        members = self._get_members(ignore_zeros=True)
-+        self.assertEqual(len(members), 0)
-+
-+    def test_ignore_invalid_offset_headers(self):
-+        for first_block, second_block, expected_offset in (
-+            (
-+                (self.valid_gnu_header),
-+                (self.invalid_gnu_header + self.data_block),
-+                0,
-+            ),
-+            (
-+                (self.invalid_gnu_header + self.data_block),
-+                (self.valid_gnu_header),
-+                1024,
-+            ),
-+        ):
-+            self._write_buffer(first_block + second_block)
-+            members = self._get_members(ignore_zeros=True)
-+            self.assertEqual(len(members), 1)
-+            self.assertEqual(members[0].name, "filename")
-+            self.assertEqual(members[0].offset, expected_offset)
-+
-+
- def setUpModule():
-     os_helper.unlink(TEMPDIR)
-     os.makedirs(TEMPDIR)
-Index: Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.13.5/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:13:45.525174751 +0200
-@@ -0,0 +1,3 @@
-+:mod:`tarfile` now validates archives to ensure member offsets are
-+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
-+:gh:`130577`.)

bsc1243155-sphinx-non-determinism.patch

@@ -14,10 +14,10 @@ https://github.com/python/cpython/issues/130979
  Doc/tools/extensions/audit_events.py |   11 ++++++++---
  1 file changed, 8 insertions(+), 3 deletions(-)
 
-Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py	2025-07-02 15:51:58.388560540 +0200
-+++ Python-3.13.5/Doc/tools/extensions/audit_events.py	2025-07-02 15:51:58.411254070 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py	2025-08-07 12:16:58.257103336 +0200
++++ Python-3.13.6/Doc/tools/extensions/audit_events.py	2025-08-07 12:17:02.709401389 +0200
 @@ -72,8 +72,13 @@
              logger.warning(msg)
              return

doc-py38-to-py36.patch

@@ -27,10 +27,10 @@
  Doc/tools/extensions/pydoc_topics.py          |   22 +++++-----
  18 files changed, 159 insertions(+), 130 deletions(-)
 
-Index: Python-3.13.5/Doc/Makefile
+Index: Python-3.13.6/Doc/Makefile
 ===================================================================
---- Python-3.13.5.orig/Doc/Makefile	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/Makefile	2025-06-12 21:38:04.908380762 +0200
+--- Python-3.13.6.orig/Doc/Makefile	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/Makefile	2025-08-07 12:16:58.253706854 +0200
 @@ -14,15 +14,15 @@
  SOURCES      =
  DISTVERSION  = $(shell $(PYTHON) tools/extensions/patchlevel.py)
@@ -51,10 +51,10 @@ Index: Python-3.13.5/Doc/Makefile
                  $(PAPEROPT_$(PAPER)) \
                  $(SPHINXOPTS) $(SPHINXERRORHANDLING) \
                  . build/$(BUILDER) $(SOURCES)
-Index: Python-3.13.5/Doc/c-api/arg.rst
+Index: Python-3.13.6/Doc/c-api/arg.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/c-api/arg.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/c-api/arg.rst	2025-06-12 21:38:04.908705133 +0200
+--- Python-3.13.6.orig/Doc/c-api/arg.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/c-api/arg.rst	2025-08-07 12:16:58.254160756 +0200
 @@ -334,7 +334,6 @@
     should raise an exception and leave the content of *address* unmodified.
  
@@ -63,10 +63,10 @@ Index: Python-3.13.5/Doc/c-api/arg.rst
  
     If the *converter* returns :c:macro:`!Py_CLEANUP_SUPPORTED`, it may get called a
     second time if the argument parsing eventually fails, giving the converter a
-Index: Python-3.13.5/Doc/c-api/typeobj.rst
+Index: Python-3.13.6/Doc/c-api/typeobj.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/c-api/typeobj.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/c-api/typeobj.rst	2025-06-12 21:38:04.908874058 +0200
+--- Python-3.13.6.orig/Doc/c-api/typeobj.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/c-api/typeobj.rst	2025-08-07 12:16:58.254692184 +0200
 @@ -610,7 +610,7 @@
     Functions like :c:func:`PyObject_NewVar` will take the value of N as an
     argument, and store in the instance's :c:member:`~PyVarObject.ob_size` field.
@@ -97,10 +97,10 @@ Index: Python-3.13.5/Doc/c-api/typeobj.rst
     include :c:type:`PyObject` or :c:type:`PyVarObject` (depending on
     whether :c:member:`~PyVarObject.ob_size` should be included). These are
     usually defined by the macro :c:macro:`PyObject_HEAD` or
-Index: Python-3.13.5/Doc/conf.py
+Index: Python-3.13.6/Doc/conf.py
 ===================================================================
---- Python-3.13.5.orig/Doc/conf.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/conf.py	2025-06-12 21:38:04.909609597 +0200
+--- Python-3.13.6.orig/Doc/conf.py	2025-08-07 12:16:45.115568663 +0200
++++ Python-3.13.6/Doc/conf.py	2025-08-07 12:16:58.255236531 +0200
 @@ -11,6 +11,8 @@
  from importlib import import_module
  from importlib.util import find_spec
@@ -127,7 +127,7 @@ Index: Python-3.13.5/Doc/conf.py
  '''
  
  manpages_url = 'https://manpages.debian.org/{path}'
-@@ -92,7 +94,7 @@
+@@ -96,7 +98,7 @@
  
  # Minimum version of sphinx required
  # Keep this version in sync with ``Doc/requirements.txt``.
@@ -136,7 +136,7 @@ Index: Python-3.13.5/Doc/conf.py
  
  # Create table of contents entries for domain objects (e.g. functions, classes,
  # attributes, etc.). Default is True.
-@@ -323,6 +325,9 @@
+@@ -258,6 +260,9 @@
  # Avoid a warning with Sphinx >= 4.0
  root_doc = 'contents'
  
@@ -146,7 +146,7 @@ Index: Python-3.13.5/Doc/conf.py
  # Allow translation of index directives
  gettext_additional_targets = [
      'index',
-@@ -362,7 +367,7 @@
+@@ -297,7 +302,7 @@
  # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
  is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
  repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -155,7 +155,7 @@ Index: Python-3.13.5/Doc/conf.py
  html_context = {
      "is_deployment_preview": is_deployment_preview,
      "repository_url": repository_url or None,
-@@ -607,6 +612,16 @@
+@@ -542,6 +547,16 @@
  }
  extlinks_detect_hardcoded_links = True
  
@@ -172,22 +172,22 @@ Index: Python-3.13.5/Doc/conf.py
  # Options for c_annotations extension
  # -----------------------------------
  
-Index: Python-3.13.5/Doc/library/doctest.rst
+Index: Python-3.13.6/Doc/library/doctest.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/library/doctest.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/doctest.rst	2025-06-12 21:38:04.909944989 +0200
-@@ -308,7 +308,6 @@
- searched.  Objects imported into the module are not searched.
+--- Python-3.13.6.orig/Doc/library/doctest.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/library/doctest.rst	2025-08-07 12:16:58.255583157 +0200
+@@ -310,7 +310,6 @@
+ .. currentmodule:: None
  
  .. attribute:: module.__test__
 -   :no-typesetting:
  
- In addition, there are cases when you want tests to be part of a module but not part
- of the help text, which requires that the tests not be included in the docstring.
-Index: Python-3.13.5/Doc/library/email.compat32-message.rst
+ .. currentmodule:: doctest
+ 
+Index: Python-3.13.6/Doc/library/email.compat32-message.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/library/email.compat32-message.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/email.compat32-message.rst	2025-06-12 21:38:04.910320877 +0200
+--- Python-3.13.6.orig/Doc/library/email.compat32-message.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/library/email.compat32-message.rst	2025-08-07 12:16:58.256095517 +0200
 @@ -7,7 +7,6 @@
     :synopsis: The base class representing email messages in a fashion
                backward compatible with Python 3.2
@@ -196,11 +196,11 @@ Index: Python-3.13.5/Doc/library/email.compat32-message.rst
  
  
  The :class:`Message` class is very similar to the
-Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
+Index: Python-3.13.6/Doc/library/xml.etree.elementtree.rst
 ===================================================================
---- Python-3.13.5.orig/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/library/xml.etree.elementtree.rst	2025-06-12 21:38:04.910594893 +0200
-@@ -874,7 +874,6 @@
+--- Python-3.13.6.orig/Doc/library/xml.etree.elementtree.rst	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/library/xml.etree.elementtree.rst	2025-08-07 12:16:58.256380542 +0200
+@@ -873,7 +873,6 @@
  
  .. module:: xml.etree.ElementTree
     :noindex:
@@ -208,10 +208,10 @@ Index: Python-3.13.5/Doc/library/xml.etree.elementtree.rst
  
  .. class:: Element(tag, attrib={}, **extra)
  
-Index: Python-3.13.5/Doc/tools/check-warnings.py
+Index: Python-3.13.6/Doc/tools/check-warnings.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/check-warnings.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/check-warnings.py	2025-06-12 21:38:04.910896050 +0200
+--- Python-3.13.6.orig/Doc/tools/check-warnings.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/check-warnings.py	2025-08-07 12:16:58.256796101 +0200
 @@ -228,7 +228,8 @@
              print(filename)
              for warning in warnings:
@@ -231,10 +231,10 @@ Index: Python-3.13.5/Doc/tools/check-warnings.py
          for warning in warnings
          if "Doc/" in warning
      }
-Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
+Index: Python-3.13.6/Doc/tools/extensions/audit_events.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/audit_events.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/audit_events.py	2025-06-12 21:38:04.911151491 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/audit_events.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/audit_events.py	2025-08-07 12:16:58.257103336 +0200
 @@ -1,9 +1,6 @@
  """Support for documenting audit events."""
  
@@ -370,10 +370,10 @@ Index: Python-3.13.5/Doc/tools/extensions/audit_events.py
      ) -> nodes.row:
          row = nodes.row()
          name_node = nodes.paragraph("", nodes.Text(name))
-Index: Python-3.13.5/Doc/tools/extensions/availability.py
+Index: Python-3.13.6/Doc/tools/extensions/availability.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/availability.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/availability.py	2025-06-12 21:38:04.911376735 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/availability.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/availability.py	2025-08-07 12:16:58.257352322 +0200
 @@ -1,8 +1,6 @@
  """Support for documenting platform availability"""
  
@@ -427,10 +427,10 @@ Index: Python-3.13.5/Doc/tools/extensions/availability.py
      app.add_directive("availability", Availability)
  
      return {
-Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
+Index: Python-3.13.6/Doc/tools/extensions/c_annotations.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/c_annotations.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/c_annotations.py	2025-06-12 21:38:04.911575881 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/c_annotations.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/c_annotations.py	2025-08-07 12:16:58.257571556 +0200
 @@ -9,22 +9,26 @@
  * Set ``stable_abi_file`` to the path to stable ABI list.
  """
@@ -568,10 +568,10 @@ Index: Python-3.13.5/Doc/tools/extensions/c_annotations.py
      return {
          "version": "1.0",
          "parallel_read_safe": True,
-Index: Python-3.13.5/Doc/tools/extensions/changes.py
+Index: Python-3.13.6/Doc/tools/extensions/changes.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/changes.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/changes.py	2025-06-12 21:38:04.911758715 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/changes.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/changes.py	2025-08-07 12:16:58.257773818 +0200
 @@ -1,7 +1,5 @@
  """Support for documenting version of changes, additions, deprecations."""
  
@@ -607,10 +607,10 @@ Index: Python-3.13.5/Doc/tools/extensions/changes.py
      # Override Sphinx's directives with support for 'next'
      app.add_directive("versionadded", PyVersionChange, override=True)
      app.add_directive("versionchanged", PyVersionChange, override=True)
-Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
+Index: Python-3.13.6/Doc/tools/extensions/glossary_search.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/glossary_search.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/glossary_search.py	2025-06-12 21:38:04.911907976 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/glossary_search.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/glossary_search.py	2025-08-07 12:16:58.257959947 +0200
 @@ -1,21 +1,27 @@
  """Feature search results for glossary items prominently."""
  
@@ -654,10 +654,10 @@ Index: Python-3.13.5/Doc/tools/extensions/glossary_search.py
      app.connect('doctree-resolved', process_glossary_nodes)
      app.connect('build-finished', write_glossary_json)
  
-Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
+Index: Python-3.13.6/Doc/tools/extensions/implementation_detail.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/implementation_detail.py	2025-06-12 21:38:04.912061736 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/implementation_detail.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/implementation_detail.py	2025-08-07 12:16:58.258140488 +0200
 @@ -1,17 +1,10 @@
  """Support for marking up implementation details."""
  
@@ -708,10 +708,10 @@ Index: Python-3.13.5/Doc/tools/extensions/implementation_detail.py
      app.add_directive("impl-detail", ImplementationDetail)
  
      return {
-Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
+Index: Python-3.13.6/Doc/tools/extensions/issue_role.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/issue_role.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/issue_role.py	2025-06-12 21:38:04.912236134 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/issue_role.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/issue_role.py	2025-08-07 12:16:58.258306293 +0200
 @@ -1,22 +1,18 @@
  """Support for referencing issues in the tracker."""
  
@@ -757,10 +757,10 @@ Index: Python-3.13.5/Doc/tools/extensions/issue_role.py
      app.add_role("issue", BPOIssue())
      app.add_role("gh", GitHubIssue())
  
-Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
+Index: Python-3.13.6/Doc/tools/extensions/misc_news.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/misc_news.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/misc_news.py	2025-06-12 21:38:04.912390144 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/misc_news.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/misc_news.py	2025-08-07 12:16:58.258481107 +0200
 @@ -1,7 +1,5 @@
  """Support for including Misc/NEWS."""
  
@@ -813,10 +813,10 @@ Index: Python-3.13.5/Doc/tools/extensions/misc_news.py
      app.add_directive("miscnews", MiscNews)
  
      return {
-Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
+Index: Python-3.13.6/Doc/tools/extensions/patchlevel.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/patchlevel.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/patchlevel.py	2025-06-12 21:38:04.912563631 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/patchlevel.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/patchlevel.py	2025-08-07 12:16:58.258716335 +0200
 @@ -3,7 +3,7 @@
  import re
  import sys
@@ -854,10 +854,10 @@ Index: Python-3.13.5/Doc/tools/extensions/patchlevel.py
      version = f"{info.major}.{info.minor}"
      release = f"{info.major}.{info.minor}.{info.micro}"
      if info.releaselevel != "final":
-Index: Python-3.13.5/Doc/tools/extensions/pydoc_topics.py
+Index: Python-3.13.6/Doc/tools/extensions/pydoc_topics.py
 ===================================================================
---- Python-3.13.5.orig/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:37:37.257659788 +0200
-+++ Python-3.13.5/Doc/tools/extensions/pydoc_topics.py	2025-06-12 21:38:04.912726688 +0200
+--- Python-3.13.6.orig/Doc/tools/extensions/pydoc_topics.py	2025-08-06 15:05:20.000000000 +0200
++++ Python-3.13.6/Doc/tools/extensions/pydoc_topics.py	2025-08-07 12:16:58.258911962 +0200
 @@ -1,21 +1,23 @@
  """Support for building "topic help" for pydoc."""
  

gh138131-exclude-pycache-from-digest.patch

@@ -0,0 +1,30 @@
+From 4bb41b28d5bac09bccd636d8c5fefe1a462f63a7 Mon Sep 17 00:00:00 2001
+From: Alm <alon.menczer@gmail.com>
+Date: Mon, 25 Aug 2025 08:56:38 +0300
+Subject: [PATCH 1/4] Exclude .pyc files from the computed digest in the jit
+ stencils
+
+---
+ Tools/jit/_targets.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: Python-3.13.7/Tools/jit/_targets.py
+===================================================================
+--- Python-3.13.7.orig/Tools/jit/_targets.py
++++ Python-3.13.7/Tools/jit/_targets.py
+@@ -53,6 +53,9 @@ class _Target(typing.Generic[_S, _R]):
+         hasher.update(PYTHON_EXECUTOR_CASES_C_H.read_bytes())
+         hasher.update((out / "pyconfig.h").read_bytes())
+         for dirpath, _, filenames in sorted(os.walk(TOOLS_JIT)):
++            # Exclude cache files from digest computation to ensure reproducible builds.
++            if dirpath.endswith("__pycache__"):
++                continue
+             for filename in filenames:
+                 hasher.update(pathlib.Path(dirpath, filename).read_bytes())
+         return hasher.hexdigest()
+Index: Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
+===================================================================
+--- /dev/null
++++ Python-3.13.7/Misc/NEWS.d/next/Build/2025-08-27-09-52-45.gh-issue-138061.fMVS9w.rst
+@@ -0,0 +1 @@
++Ensure reproducible builds by making JIT stencil header generation deterministic.

gh139257-Support-docutils-0.22.patch

@@ -0,0 +1,36 @@
+From 19b61747df3d62c822285c488753d6fbdf91e3ac Mon Sep 17 00:00:00 2001
+From: Daniel Garcia Moreno <daniel.garcia@suse.com>
+Date: Tue, 23 Sep 2025 10:20:16 +0200
+Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22
+
+---
+ Doc/tools/extensions/pyspecific.py | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+Index: Python-3.13.7/Doc/tools/extensions/pyspecific.py
+===================================================================
+--- Python-3.13.7.orig/Doc/tools/extensions/pyspecific.py
++++ Python-3.13.7/Doc/tools/extensions/pyspecific.py
+@@ -25,11 +25,21 @@ from sphinx.util.docutils import SphinxD
+ SOURCE_URI = 'https://github.com/python/cpython/tree/3.13/%s'
+ 
+ # monkey-patch reST parser to disable alphabetic and roman enumerated lists
++def _disable_alphabetic_and_roman(text):
++    try:
++        # docutils >= 0.22
++        from docutils.parsers.rst.states import InvalidRomanNumeralError
++        raise InvalidRomanNumeralError(text)
++    except ImportError:
++        # docutils < 0.22
++        return None
++
++
+ from docutils.parsers.rst.states import Body
+ Body.enum.converters['loweralpha'] = \
+     Body.enum.converters['upperalpha'] = \
+     Body.enum.converters['lowerroman'] = \
+-    Body.enum.converters['upperroman'] = lambda x: None
++    Body.enum.converters['upperroman'] = _disable_alphabetic_and_roman
+ 
+ 
+ class PyAwaitableMixin(object):

idle3.appdata.xml

@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<!-- Copyright 2017 Zbigniew Jędrzejewski-Szmek -->
-<application>
-  <id type="desktop">idle3.desktop</id>
+<component type="desktop-application">
+  <id>org.python.IDLE3</id>
+  <launchable type="desktop-id">idle3.desktop</launchable>
+
   <name>IDLE3</name>
-  <metadata_licence>CC0</metadata_licence>
-  <project_license>Python-2.0</project_license>
   <summary>Python 3 Integrated Development and Learning Environment</summary>
+
   <description>
     <p>
       IDLE is Python’s Integrated Development and Learning Environment.
-      The GUI is uniform between Windows, Unix, and Mac OS X.
+      The GUI is uniform between Windows, Unix, and macOS.
       IDLE provides an easy way to start writing, running, and debugging
       Python code.
     </p>
@@ -19,17 +19,33 @@
       It provides:
     </p>
     <ul>
-       <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
-       <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
-       <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
-       <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
+      <li>a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,</li>
+      <li>a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,</li>
+      <li>search within any window, replace within editor windows, and search through multiple files (grep),</li>
+      <li>a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.</li>
     </ul>
   </description>
+
+  <developer id="org.python">
+    <name>Python Software Foundation</name>
+  </developer>
+
   <url type="homepage">https://docs.python.org/3/library/idle.html</url>
+
   <screenshots>
-    <screenshot type="default">http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</screenshot>
-    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</screenshot>
-    <screenshot>http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</screenshot>
+    <screenshot type="default">
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png</image>
+    </screenshot>
+    <screenshot>
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png</image>
+    </screenshot>
+    <screenshot>
+      <image>https://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png</image>
+    </screenshot>
   </screenshots>
+
+  <project_license>Python-2.0</project_license>
+  <metadata_license>CC0-1.0</metadata_license>
   <update_contact>zbyszek@in.waw.pl</update_contact>
-</application>
+</component>
+

python313.changes

@@ -1,3 +1,444 @@
+-------------------------------------------------------------------
+Wed Oct 15 09:15:38 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.13.9:
+  - Library
+    - gh-139783: Fix inspect.getsourcelines() for the case when a
+      decorator is followed by a comment or an empty line.
+- Update to 3.13.8:
+  - macOS
+    - gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.
+    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
+  - Windows
+    - gh-139573: Updated bundled version of OpenSSL to 3.0.18.
+    - gh-138896: Fix error installing C runtime on non-updated Windows
+      machines
+  - Tools/Demos
+    - gh-139330: SBOM generation tool didn’t cross-check the version
+      and checksum values against the Modules/expat/refresh.sh script,
+      leading to the values becoming out-of-date during routine
+      updates.
+    - gh-137873: The iOS test runner has been simplified, resolving
+      some issues that have been observed using the runner in GitHub
+      Actions and Azure Pipelines test environments.
+  - Tests
+    - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
+      --verbose option anymore. Patch by Victor Stinner.
+  - Security
+    - gh-139400: xml.parsers.expat: Make sure that parent Expat
+      parsers are only garbage-collected once they are no longer
+      referenced by subparsers created by
+      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
+    - gh-139283: sqlite3: correctly handle maximum number of rows to
+      fetch in Cursor.fetchmany and reject negative values for
+      Cursor.arraysize. Patch by Bénédikt Tran.
+    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
+      according to the HTML5 standard: ] ]> and ]] > no longer end the
+      CDATA section. Add private method _set_support_cdata() which can
+      be used to specify how to parse <[CDATA[ — as a CDATA section in
+      foreign content (SVG or MathML) or as a bogus comment in the
+      HTML namespace.
+  - Library
+    - gh-139312: Upgrade bundled libexpat to 2.7.3
+    - gh-139289: Do a real lazy-import on rlcompleter in pdb and
+      restore the existing completer after importing rlcompleter.
+    - gh-139210: Fix use-after-free when reporting unknown event in
+      xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
+    - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
+      subprocess.
+    - gh-112729: Fix crash when calling _interpreters.create when the
+      process is out of memory.
+    - gh-139076: Fix a bug in the pydoc module that was hiding
+      functions in a Python module if they were implemented in an
+      extension module and the module did not have __all__.
+    - gh-138998: Update bundled libexpat to 2.7.2
+    - gh-130567: Fix possible crash in locale.strxfrm() due to a
+      platform bug on macOS.
+    - gh-138779: Support device numbers larger than 2**63-1 for the
+      st_rdev field of the os.stat_result structure.
+    - gh-128636: Fix crash in PyREPL when os.environ is overwritten
+      with an invalid value for mac
+    - gh-88375: Fix normalization of the robots.txt rules and URLs in
+      the urllib.robotparser module. No longer ignore trailing ?.
+      Distinguish raw special characters ?, = and & from the
+      percent-encoded ones.
+    - gh-138515: email is added to Emscripten build.
+    - gh-111788: Fix parsing errors in the urllib.robotparser module.
+      Don’t fail trying to parse weird paths. Don’t fail trying to
+      decode non-UTF-8 robots.txt files.
+    - gh-138432: zoneinfo.reset_tzpath() will now convert any
+      os.PathLike objects it receives into strings before adding them
+      to TZPATH. It will raise TypeError if anything other than a
+      string is found after this conversion. If given an os.PathLike
+      object that represents a relative path, it will now raise
+      ValueError instead of TypeError, and present a more informative
+      error message.
+    - gh-138008: Fix segmentation faults in the ctypes module due to
+      invalid argtypes. Patch by Dung Nguyen.
+    - gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
+      platforms).
+    - gh-138204: Forbid expansion of shared anonymous memory maps on
+      Linux, which caused a bus error.
+    - gh-138010: Fix an issue where defining a class with a
+      @warnings.deprecated-decorated base class may not invoke the
+      correct __init_subclass__() method in cases involving multiple
+      inheritance. Patch by Brian Schubert.
+    - gh-138133: Prevent infinite traceback loop when sending CTRL^C
+      to Python through strace.
+    - gh-134869: Fix an issue where pressing Ctrl+C during tab
+      completion in the REPL would leave the autocompletion menu in a
+      corrupted state.
+    - gh-137317: inspect.signature() now correctly handles classes
+      that use a descriptor on a wrapped __init__() or __new__()
+      method. Contributed by Yongyu Yan.
+    - gh-137754: Fix import of the zoneinfo module if the C
+      implementation of the datetime module is not available.
+    - gh-137490: Handle ECANCELED in the same way as EINTR in
+      signal.sigwaitinfo() on NetBSD.
+    - gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
+      inspect.getsource() for generator expressions.
+    - gh-137017: Fix threading.Thread.is_alive to remain True until
+      the underlying OS thread is fully cleaned up. This avoids false
+      negatives in edge cases involving thread monitoring or premature
+      threading.Thread.is_alive calls.
+    - gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
+      instead of a ValueError if Python has been built without MD5
+      support. In particular, SMTP clients will not attempt to use
+      this method even if the remote server is assumed to support it.
+      Patch by Bénédikt Tran.
+    - gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
+      CRAM-MD5 authentication is not supported. Patch by Bénédikt
+      Tran.
+    - gh-135386: Fix opening a dbm.sqlite3 database for reading from
+      read-only file or directory.
+    - gh-126631: Fix multiprocessing forkserver bug which prevented
+      __main__ from being preloaded.
+    - gh-123085: In a bare call to importlib.resources.files(), ensure
+      the caller’s frame is properly detected when importlib.resources
+      is itself available as a compiled module only (no source).
+    - gh-118981: Fix potential hang in
+      multiprocessing.popen_spawn_posix that can happen when the child
+      proc dies early by closing the child fds right away.
+    - gh-78319: UTF8 support for the IMAP APPEND command has been made
+      RFC compliant.
+    - bpo-38735: Fix failure when importing a module from the root
+      directory on unix-like platforms with sys.pycache_prefix set.
+    - bpo-41839: Allow negative priority values from
+      os.sched_get_priority_min() and os.sched_get_priority_max()
+      functions.
+  - Core and Builtins
+    - gh-134466: Don’t run PyREPL in a degraded environment where
+      setting termios attributes is not allowed.
+    - gh-71810: Raise OverflowError for (-1).to_bytes() for signed
+      conversions when bytes count is zero. Patch by Sergey B
+      Kirpichev.
+    - gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
+      __bases__ from the __dir__() entries of types.GenericAlias.
+    - gh-134163: Fix a hang when the process is out of memory inside
+      an exception handler.
+    - gh-138479: Fix a crash when a generic object’s __typing_subst__
+      returns an object that isn’t a tuple.
+    - gh-137576: Fix for incorrect source code being shown in
+      tracebacks from the Basic REPL when PYTHONSTARTUP is given.
+      Patch by Adam Hartz.
+    - gh-132744: Certain calls now check for runaway recursion and
+      respect the system recursion limit.
+  - C API
+    - gh-87135: Attempting to acquire the GIL after runtime
+      finalization has begun in a different thread now causes the
+      thread to hang rather than terminate, which avoids potential
+      crashes or memory corruption caused by attempting to terminate a
+      thread that is running code not specifically designed to support
+      termination. In most cases this hanging is harmless since the
+      process will soon exit anyway.
+      While not officially marked deprecated until 3.14,
+      PyThread_exit_thread is no longer called internally and remains
+      solely for interface compatibility. Its behavior is inconsistent
+      across platforms, and it can only be used safely in the unlikely
+      case that every function in the entire call stack has been
+      designed to support the platform-dependent termination
+      mechanism. It is recommended that users of this function change
+      their design to not require thread termination. In the unlikely
+      case that thread termination is needed and can be done safely,
+      users may migrate to calling platform-specific APIs such as
+      pthread_exit (POSIX) or _endthreadex (Windows) directly.
+  - Build
+    - gh-135734: Python can correctly be configured and built with
+      ./configure --enable-optimizations --disable-test-modules.
+      Previously, the profile data generation step failed due to PGO
+      tests where immortalization couldn’t be properly suppressed.
+      Patch by Bénédikt Tran.
+
+-------------------------------------------------------------------
+Mon Sep 29 06:52:07 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add gh139257-Support-docutils-0.22.patch to fix build with latest
+  docutils (>=0.22) gh#python/cpython#139257
+
+-------------------------------------------------------------------
+Mon Sep 22 06:41:53 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Drop AppStream: this results in a different cycle than
+  appstream-glib. As the appdata.xml is controlled by ourselves, we
+  can get away with just manually validating it when changing it.
+
+-------------------------------------------------------------------
+Thu Sep 18 08:15:31 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Require AppStream to validate appdata file instead of deprecated
+  appstream-glib.
+- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
+
+-------------------------------------------------------------------
+Tue Sep  9 10:11:58 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add gh138131-exclude-pycache-from-digest.patch fixing reproducible
+  build for python-nogil.
+  (bsc#1244680, gh#python/cpython#138131)
+
+-------------------------------------------------------------------
+Fri Aug 15 12:31:08 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.13.7:
+  - gh-137583: Fix a deadlock introduced in 3.13.6 when a call
+    to ssl.SSLSocket.recv was blocked in one thread, and then
+    another method on the object (such as ssl.SSLSocket.send) was
+    subsequently called in another thread.
+  - gh-137044: Return large limit values as positive integers
+    instead of negative integers in resource.getrlimit().
+    Accept large values and reject negative values (except
+    RLIM_INFINITY) for limits in resource.setrlimit().
+  - gh-136914: Fix retrieval of doctest.DocTest.lineno
+    for objects decorated with functools.cache() or
+    functools.cached_property.
+  - gh-131788: Make ResourceTracker.send from multiprocessing
+    re-entrant safe
+  - gh-136155: We are now checking for fatal errors in EPUB
+    builds in CI.
+  - gh-137400: Fix a crash in the free threading build when
+    disabling profiling or tracing across all threads with
+    PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
+    or their Python equivalents threading.settrace_all_threads()
+    and threading.setprofile_all_threads().
+- Remove upstreamed patch:
+  - gh137583-only-lock-SSL-context.patch
+
+-------------------------------------------------------------------
+Tue Aug 12 09:16:40 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Add gh137583-only-lock-SSL-context.patch fixing the
+  regression in 3.13.6 by breaking non-blocking TLS connections
+  (gh#python/cpython#137583).
+
+-------------------------------------------------------------------
+Thu Aug  7 10:08:11 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.13.6:
+  - Security
+    - gh-135661: Fix parsing start and end tags in
+      html.parser.HTMLParser according to the HTML5 standard.
+        - Whitespaces no longer accepted between </ and the tag
+          name. E.g. </ script> does not end the script section.
+        - Vertical tabulation (\v) and non-ASCII whitespaces no
+          longer recognized as whitespaces. The only whitespaces
+          are \t\n\r\f and space.
+        - Null character (U+0000) no longer ends the tag name.
+        - Attributes and slashes after the tag name in end tags
+          are now ignored, instead of terminating after the first
+          > in quoted attribute value. E.g. </script/foo=">"/>.
+        - Multiple slashes and whitespaces between the last
+          attribute and closing > are now ignored in both start
+          and end tags. E.g. <a foo=bar/ //>.
+        - Multiple = between attribute name and value are no
+          longer collapsed. E.g. <a foo==bar> produces attribute
+          “foo” with value “=bar”.
+    - gh-102555: Fix comment parsing in html.parser.HTMLParser
+      according to the HTML5 standard. --!> now ends the comment.
+      -- > no longer ends the comment. Support abnormally ended
+      empty comments <--> and <--->.
+    - gh-135462: Fix quadratic complexity in processing specially
+      crafted input in html.parser.HTMLParser. End-of-file errors
+      are now handled according to the HTML5 specs – comments and
+      declarations are automatically closed, tags are ignored
+      (CVE-2025-6069, bsc#1244705).
+    - gh-118350: Fix support of escapable raw text mode (elements
+      “textarea” and “title”) in html.parser.HTMLParser.
+  - Core and Builtins
+    - gh-58124: Fix name of the Python encoding in Unicode errors
+      of the code page codec: use “cp65000” and “cp65001” instead
+      of “CP_UTF7” and “CP_UTF8” which are not valid Python code
+      names. Patch by Victor Stinner.
+    - gh-137314: Fixed a regression where raw f-strings
+      incorrectly interpreted escape sequences in format
+      specifications. Raw f-strings now properly preserve literal
+      backslashes in format specs, matching the behavior from
+      Python 3.11. For example, rf"{obj:\xFF}" now correctly
+      produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo.
+    - gh-136541: Fix some issues with the perf trampolines
+      on x86-64 and aarch64. The trampolines were not being
+      generated correctly for some cases, which could lead to
+      the perf integration not working correctly. Patch by Pablo
+      Galindo.
+    - gh-109700: Fix memory error handling in
+      PyDict_SetDefault().
+    - gh-78465: Fix error message for cls.__new__(cls, ...) where
+      cls is not instantiable builtin or extension type (with
+      tp_new set to NULL).
+    - gh-135871: Non-blocking mutex lock attempts now return
+      immediately when the lock is busy instead of briefly
+      spinning in the free threading build.
+    - gh-135607: Fix potential weakref races in an object’s
+      destructor on the free threaded build.
+    - gh-135496: Fix typo in the f-string conversion type error
+      (“exclamanation” -> “exclamation”).
+    - gh-130077: Properly raise custom syntax errors when
+      incorrect syntax containing names that are prefixes of soft
+      keywords is encountered. Patch by Pablo Galindo.
+    - gh-135148: Fixed a bug where f-string debug expressions
+      (using =) would incorrectly strip out parts of strings
+      containing escaped quotes and # characters. Patch by Pablo
+      Galindo.
+    - gh-133136: Limit excess memory usage in the free threading
+      build when a large dictionary or list is resized and
+      accessed by multiple threads.
+    - gh-132617: Fix dict.update() modification check that could
+      incorrectly raise a “dict mutated during update” error when
+      a different dictionary was modified that happens to share
+      the same underlying keys object.
+    - gh-91153: Fix a crash when a bytearray is concurrently
+      mutated during item assignment.
+    - gh-127971: Fix off-by-one read beyond the end of a string
+      in string search.
+    - gh-125723: Fix crash with gi_frame.f_locals when generator
+      frames outlive their generator. Patch by Mikhail Efimov.
+  - Library
+    - gh-132710: If possible, ensure that uuid.getnode()
+      returns the same result even across different processes.
+      Previously, the result was constant only within the same
+      process. Patch by Bénédikt Tran.
+    - gh-137273: Fix debug assertion failure in
+      locale.setlocale() on Windows.
+    - gh-137257: Bump the version of pip bundled in ensurepip to
+      version 25.2
+    - gh-81325: tarfile.TarFile now accepts a path-like when
+      working on a tar archive. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-81325.)
+    - gh-130522: Fix unraisable TypeError raised during
+      interpreter shutdown in the threading module.
+    - gh-130577: tarfile now validates archives to ensure member
+      offsets are non-negative. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249).
+    - gh-136549: Fix signature of threading.excepthook().
+    - gh-136523: Fix wave.Wave_write emitting an unraisable when
+      open raises.
+    - gh-52876: Add missing keepends (default True)
+      parameter to codecs.StreamReaderWriter.readline() and
+      codecs.StreamReaderWriter.readlines().
+    - gh-85702: If zoneinfo._common.load_tzdata is given a
+      package without a resource a zoneinfo.ZoneInfoNotFoundError
+      is raised rather than a PermissionError. Patch by Victor
+      Stinner.
+    - gh-134759: Fix UnboundLocalError in
+      email.message.Message.get_payload() when the payload to
+      decode is a bytes object. Patch by Kliment Lamonov.
+    - gh-136028: Fix parsing month names containing “İ” (U+0130,
+      LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime().
+      This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.
+    - gh-135995: In the palmos encoding, make byte 0x9b decode to
+      › (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK).
+    - gh-53203: Fix time.strptime() for %c and %x formats on
+      locales byn_ER, wal_ET and lzh_TW, and for %X format on
+      locales ar_SA, bg_BG and lzh_TW.
+    - gh-91555: An earlier change, which was introduced in
+      3.13.4, has been reverted. It disabled logging for a logger
+      during handling of log messages for that logger. Since the
+      reversion, the behaviour should be as it was before 3.13.4.
+    - gh-135878: Fixes a crash of types.SimpleNamespace on free
+      threading builds, when several threads were calling its
+      __repr__() method at the same time.
+    - gh-135836: Fix IndexError in
+      asyncio.loop.create_connection() that could occur when
+      non-OSError exception is raised during connection and
+      socket’s close() raises OSError.
+    - gh-135836: Fix IndexError in
+      asyncio.loop.create_connection() that could occur when the
+      Happy Eyeballs algorithm resulted in an empty exceptions
+      list during connection attempts.
+    - gh-135855: Raise TypeError instead of SystemError when
+      _interpreters.set___main___attrs() is passed a non-dict
+      object. Patch by Brian Schubert.
+    - gh-135815: netrc: skip security checks if os.getuid() is
+      missing. Patch by Bénédikt Tran.
+    - gh-135640: Address bug where it was possible to call
+      xml.etree.ElementTree.ElementTree.write() on an ElementTree
+      object with an invalid root element. This behavior blanked
+      the file passed to write if it already existed.
+    - gh-135444: Fix asyncio.DatagramTransport.sendto() to
+      account for datagram header size when data cannot be sent.
+    - gh-135497: Fix os.getlogin() failing for longer usernames
+      on BSD-based platforms.
+    - gh-135487: Fix reprlib.Repr.repr_int() when given integers
+      with more than sys.get_int_max_str_digits() digits. Patch
+      by Bénédikt Tran.
+    - gh-135335: multiprocessing: Flush stdout and stderr after
+      preloading modules in the forkserver.
+    - gh-135244: uuid: when the MAC address cannot be
+      determined, the 48-bit node ID is now generated with a
+      cryptographically-secure pseudo-random number generator
+      (CSPRNG) as per RFC 9562, §6.10.3. This affects uuid1().
+    - gh-135069: Fix the “Invalid error handling” exception in
+      encodings.idna.IncrementalDecoder to correctly replace the
+      ‘errors’ parameter.
+    - gh-134698: Fix a crash when calling methods of
+      ssl.SSLContext or ssl.SSLSocket across multiple threads.
+    - gh-132124: On POSIX-compliant systems,
+      multiprocessing.util.get_temp_dir() now ignores TMPDIR
+      (and similar environment variables) if the path length of
+      AF_UNIX socket files exceeds the platform-specific maximum
+      length when using the forkserver start method. Patch by
+      Bénédikt Tran.
+    - gh-133439: Fix dot commands with trailing spaces are
+      mistaken for multi-line SQL statements in the sqlite3
+      command-line interface.
+    - gh-132969: Prevent the ProcessPoolExecutor executor thread,
+      which remains running when shutdown(wait=False), from
+      attempting to adjust the pool’s worker processes after
+      the object state has already been reset during shutdown.
+      A combination of conditions, including a worker process
+      having terminated abormally, resulted in an exception and
+      a potential hang when the still-running executor thread
+      attempted to replace dead workers within the pool.
+    - gh-130664: Support the '_' digit separator in formatting
+      of the integral part of Decimal’s. Patch by Sergey B
+      Kirpichev.
+    - gh-85702: If zoneinfo._common.load_tzdata is given a
+      package without a resource a ZoneInfoNotFoundError is
+      raised rather than a IsADirectoryError.
+    - gh-130664: Handle corner-case for Fraction’s formatting:
+      treat zero-padding (preceding the width field by a zero
+      ('0') character) as an equivalent to a fill character of
+      '0' with an alignment type of '=', just as in case of
+      float’s.
+  - Tools/Demos
+    - gh-135968: Stubs for strip are now provided as part of an
+      iOS install.
+  - Tests
+    - gh-135966: The iOS testbed now handles the app_packages
+      folder as a site directory.
+    - gh-135494: Fix regrtest to support excluding tests from
+      --pgo tests. Patch by Victor Stinner.
+    - gh-135489: Show verbose output for failing tests during PGO
+      profiling step with –enable-optimizations.
+  - Documentation
+    - gh-135171: Document that the iterator for the leftmost for
+      clause in the generator expression is created immediately.
+  - Build
+    - gh-135497: Fix the detection of MAXLOGNAME in the
+      configure.ac script.
+- Remove upstreamed patches:
+  - CVE-2025-8194-tarfile-no-neg-offsets.patch
+  - CVE-2025-6069-quad-complex-HTMLParser.patch
+
 -------------------------------------------------------------------
 Fri Aug  1 20:09:24 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 

python313.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python313
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -167,7 +167,7 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.13.5
+Version:        3.13.9
 %define         tarversion %{version}
 %define         tarname    Python-%{tarversion}
 Release:        0
@@ -231,12 +231,10 @@ Patch42:        gh126985-mv-pyvenv.cfg2getpath.patch
 # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com
 # Doc: Generate ids for audit_events using docname
 Patch43:        bsc1243155-sphinx-non-determinism.patch
-# PATCH-FIX-UPSTREAM CVE-2025-6069-quad-complex-HTMLParser.patch bsc#1244705 mcepl@suse.com
-# avoid quadratic complexity when processing malformed inputs with HTMLParser
-Patch44:        CVE-2025-6069-quad-complex-HTMLParser.patch
-# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com
-# tarfile now validates archives to ensure member offsets are non-negative
-Patch45:        CVE-2025-8194-tarfile-no-neg-offsets.patch
+# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 daniel.garcia@suse.com
+Patch44:        gh138131-exclude-pycache-from-digest.patch
+# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
+Patch45:        gh139257-Support-docutils-0.22.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -291,8 +289,6 @@ ExcludeArch:    aarch64
 %endif
 
 %if %{with general}
-# required for idle3 (.desktop and .appdata.xml files)
-BuildRequires:  appstream-glib
 BuildRequires:  gcc-c++
 BuildRequires:  gdbm-devel
 BuildRequires:  gettext
@@ -559,7 +555,7 @@ rm Lib/site-packages/README.txt
 tar xvf %{SOURCE21}
 
 # Don't fail on warnings when building documentation
-# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
+sed -i -e '/^SPHINXERRORHANDLING/s/--fail-on-warning//' Doc/Makefile
 
 %build
 export SUSE_VERSION="0%{?suse_version}"
@@ -784,7 +780,6 @@ install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desk
 cp %{SOURCE20} idle%{python_abi}.appdata.xml
 sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml
 install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml
-appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
 
 %fdupes %{buildroot}/%{_libdir}/python%{python_abi}
 %endif