- Update to 3.14.0~rc2:

- Library
    - gh-137426: Remove the code deprecation of
      importlib.abc.ResourceLoader. It is documented as
      deprecated, but left for backwards compatibility with other
      classes in importlib.abc.
    - gh-137282: Fix tab completion and dir() on
      concurrent.futures.
    - gh-137257: Bump the version of pip bundled in ensurepip to
      version 25.2
    - gh-137226: Fix behavior of
      annotationlib.ForwardRef.evaluate() when the type_params
      parameter is passed and the name of a type param is also
      present in an enclosing scope.
    - gh-130522: Fix unraisable TypeError raised during
      interpreter shutdown in the threading module.
    - gh-137059: Fix handling of file URLs with a
      Windows drive letter in the URL authority by
      urllib.request.url2pathname(). This fixes a regression in
      earlier pre-releases of Python 3.14.
    - gh-130577: tarfile now validates archives to ensure member
      offsets are non-negative. (Contributed by Alexander Enrique
      Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249).
    - gh-135228: When dataclasses replaces a class with a slotted
      dataclass, the original class can now be garbage collected
      again. Earlier changes in Python 3.14 caused this class to
      always remain in existence together with the replacement
      class synthesized by dataclasses.
  - Documentation
    - gh-136155: We are now checking for fatal errors in EPUB

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python314?expand=0&rev=91

CVE-2025-8194-tarfile-no-neg-offsets.patch

@@ -1,212 +0,0 @@
-From 28d130238bfb5604eef4b594d597f7b5ec951eba Mon Sep 17 00:00:00 2001
-From: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Date: Mon, 28 Jul 2025 17:37:26 +0200
-Subject: [PATCH] gh-130577: tarfile now validates archives to ensure member
- offsets are non-negative (GH-137027) (cherry picked from commit
- 7040aa54f14676938970e10c5f74ea93cd56aa38)
-
-Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
----
- Lib/tarfile.py                                                          |    3 
- Lib/test/test_tarfile.py                                                |  156 ++++++++++
- Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst |    3 
- 3 files changed, 162 insertions(+)
- create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-
-Index: Python-3.14.0rc1/Lib/tarfile.py
-===================================================================
---- Python-3.14.0rc1.orig/Lib/tarfile.py	2025-08-01 22:10:15.833118580 +0200
-+++ Python-3.14.0rc1/Lib/tarfile.py	2025-08-01 22:10:21.970557323 +0200
-@@ -1647,6 +1647,9 @@
-         """Round up a byte count by BLOCKSIZE and return it,
-            e.g. _block(834) => 1024.
-         """
-+        # Only non-negative offsets are allowed
-+        if count < 0:
-+            raise InvalidHeaderError("invalid offset")
-         blocks, remainder = divmod(count, BLOCKSIZE)
-         if remainder:
-             blocks += 1
-Index: Python-3.14.0rc1/Lib/test/test_tarfile.py
-===================================================================
---- Python-3.14.0rc1.orig/Lib/test/test_tarfile.py	2025-08-01 22:10:17.621793551 +0200
-+++ Python-3.14.0rc1/Lib/test/test_tarfile.py	2025-08-01 22:10:21.971238980 +0200
-@@ -55,6 +55,7 @@
- zstname = os.path.join(TEMPDIR, "testtar.tar.zst")
- tmpname = os.path.join(TEMPDIR, "tmp.tar")
- dotlessname = os.path.join(TEMPDIR, "testtar")
-+SPACE = b" "
- 
- sha256_regtype = (
-     "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce"
-@@ -4602,6 +4603,161 @@
-         ar.extractall(self.testdir, filter='fully_trusted')
- 
- 
-+class OffsetValidationTests(unittest.TestCase):
-+    tarname = tmpname
-+    invalid_posix_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011407" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 6 bytes, version: 2 bytes
-+        + tarfile.POSIX_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # devminor, space, null terminator: 8 bytes
-+        + tarfile.NUL * 6 + SPACE + tarfile.NUL
-+        # prefix: 155 bytes
-+        + tarfile.NUL * tarfile.LENGTH_PREFIX
-+        # padding: 12 bytes
-+        + tarfile.NUL * 12
-+    )
-+    invalid_gnu_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, null terminator: 8 bytes
-+        + b"0000755" + tarfile.NUL
-+        # uid, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"0000001" + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0011327" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # magic: 8 bytes
-+        + tarfile.GNU_MAGIC
-+        # uname: 32 bytes
-+        + tarfile.NUL * 32
-+        # gname: 32 bytes
-+        + tarfile.NUL * 32
-+        # devmajor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # devminor, null terminator: 8 bytes
-+        + tarfile.NUL * 8
-+        # padding: 167 bytes
-+        + tarfile.NUL * 167
-+    )
-+    invalid_v7_header = (
-+        # name: 100 bytes
-+        tarfile.NUL * tarfile.LENGTH_NAME
-+        # mode, space, null terminator: 8 bytes
-+        + b"000755" + SPACE + tarfile.NUL
-+        # uid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # gid, space, null terminator: 8 bytes
-+        + b"000001" + SPACE + tarfile.NUL
-+        # size, space: 12 bytes
-+        + b"\xff" * 11 + SPACE
-+        # mtime, space: 12 bytes
-+        + tarfile.NUL * 11 + SPACE
-+        # chksum: 8 bytes
-+        + b"0010070" + tarfile.NUL
-+        # type: 1 byte
-+        + tarfile.REGTYPE
-+        # linkname: 100 bytes
-+        + tarfile.NUL * tarfile.LENGTH_LINK
-+        # padding: 255 bytes
-+        + tarfile.NUL * 255
-+    )
-+    valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT)
-+    data_block = b"\xff" * tarfile.BLOCKSIZE
-+
-+    def _write_buffer(self, buffer):
-+        with open(self.tarname, "wb") as f:
-+            f.write(buffer)
-+
-+    def _get_members(self, ignore_zeros=None):
-+        with open(self.tarname, "rb") as f:
-+            with tarfile.open(
-+                mode="r", fileobj=f, ignore_zeros=ignore_zeros
-+            ) as tar:
-+                return tar.getmembers()
-+
-+    def _assert_raises_read_error_exception(self):
-+        with self.assertRaisesRegex(
-+            tarfile.ReadError, "file could not be opened successfully"
-+        ):
-+            self._get_members()
-+
-+    def test_invalid_offset_header_validations(self):
-+        for tar_format, invalid_header in (
-+            ("posix", self.invalid_posix_header),
-+            ("gnu", self.invalid_gnu_header),
-+            ("v7", self.invalid_v7_header),
-+        ):
-+            with self.subTest(format=tar_format):
-+                self._write_buffer(invalid_header)
-+                self._assert_raises_read_error_exception()
-+
-+    def test_early_stop_at_invalid_offset_header(self):
-+        buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header
-+        self._write_buffer(buffer)
-+        members = self._get_members()
-+        self.assertEqual(len(members), 1)
-+        self.assertEqual(members[0].name, "filename")
-+        self.assertEqual(members[0].offset, 0)
-+
-+    def test_ignore_invalid_archive(self):
-+        # 3 invalid headers with their respective data
-+        buffer = (self.invalid_gnu_header + self.data_block) * 3
-+        self._write_buffer(buffer)
-+        members = self._get_members(ignore_zeros=True)
-+        self.assertEqual(len(members), 0)
-+
-+    def test_ignore_invalid_offset_headers(self):
-+        for first_block, second_block, expected_offset in (
-+            (
-+                (self.valid_gnu_header),
-+                (self.invalid_gnu_header + self.data_block),
-+                0,
-+            ),
-+            (
-+                (self.invalid_gnu_header + self.data_block),
-+                (self.valid_gnu_header),
-+                1024,
-+            ),
-+        ):
-+            self._write_buffer(first_block + second_block)
-+            members = self._get_members(ignore_zeros=True)
-+            self.assertEqual(len(members), 1)
-+            self.assertEqual(members[0].name, "filename")
-+            self.assertEqual(members[0].offset, expected_offset)
-+
-+
- def setUpModule():
-     os_helper.unlink(TEMPDIR)
-     os.makedirs(TEMPDIR)
-Index: Python-3.14.0rc1/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.14.0rc1/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst	2025-08-01 22:10:21.971763003 +0200
-@@ -0,0 +1,3 @@
-+:mod:`tarfile` now validates archives to ensure member offsets are
-+non-negative.  (Contributed by Alexander Enrique Urieles Nieto in
-+:gh:`130577`.)

Python-3.14.0rc2.tar.xz.sigstore

@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlWgAwIBAgIUQEKlmQNoiRh225QSksqkOM8IenYwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwODE0MTYxMzQ5WhcNMjUwODE0MTYyMzQ5WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzLzYWrCTywpp57eT75o3g3u6mOfvUPEMby52aGbaPWs6j4uhVv7mk94AHJ749z2LBWt2TKEEjBsH9JQcSt7+6qOCAXQwggFwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUIX8DXq8+NzGXp255fluKplNtcZowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABmKlb6QAAAAQDAEgwRgIhAOpd5jpOMj0+E4zoUZknrn/0le429dCWtvrHqIkUcM3pAiEAyznt+7Rvlhx3bP0EcJe0LCtLO1KW2akdk1VoE2Lb+g4wCgYIKoZIzj0EAwMDaAAwZQIxAOaIcKm8k3VYCA/RFC6KO5i4yoxZLFFhjcydtPYyKetokpzUC5yZKkIRl3hySNaf5QIwKfloit/Poo4P3JOYhjSWK7qIJKF1r/5ZZWnvBpKhURIiFxQx7s9kL01MPCgRUeoa"}, "tlogEntries": [{"logIndex": "394682202", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1755188030", "inclusionPromise": {"signedEntryTimestamp": "MEUCIAavOG9MuKTYRE4q0Fns77HsUjPrRZ1bISheGxlDgbNZAiEA89315EfGt+C+C5GkBDLYMSr6bXkxXzT9PWgE56yVYYk="}, "inclusionProof": {"logIndex": "272777940", "rootHash": "94fZD9GTMc7ctVFYACd2ZmRetfuK9mpq5+VMWJJwmak=", "treeSize": "272777950", "hashes": ["izf5arJPLLyctcMaEwaxxYH8VGWnw9xsgWX3S2WpEV0=", "jARpwTi7gTCzrOOaEjEoCS/kS2bSHKmaNlWm6yut4Yo=", "6sOUCbaiDMXdWNdb4hzsJHyMl1sT3ib1ZC9ztLiug34=", "PNNoFA8l82Dr10vRBqmpGmJ4NBff8yyEzZceO2roeMA=", "xDogK8v4jzKZw6K+weJL+I415z4YGKlaNYbpu4pIHJw=", "RhKVrhK6HuUb1JRqZW25xWciggk7FUc5UKgfyA1w2cI=", "diHzb0EkmL9xXR57YrJSHiTf0lPiHRm1YiCBvr6u+Yk=", "VFCarORkpugC03FeEE1qleQGuDOGuNw1cHLdsQRQNOc=", "SQrQA1o0sqMm1AvDow2P8FTn8h2ANcuz3QfFE1PJuk0=", "TlYW0zjr+tiOJcOsfXER0SPRMMqX0hniotB3gsI+t5o=", "W+k28CiT95aBszrjZFbfyGpEsCOH+n3gc9sBqBw5vqs=", "vS7O4ozHIQZJWBiov+mkpI27GE8zAmVCEkRcP3NDyNE="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n272777950\n94fZD9GTMc7ctVFYACd2ZmRetfuK9mpq5+VMWJJwmak=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAPQipm3l7c4F/4rKjw7KOGX//0IM93z657ckzFBHd5TgIgJQscKWLcVlFhrZO7/8E8ywgLhOeDZeu0ltQlEaFFv8g=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJiYzYyODU0Y2YyMzIzNDViZDIyYzkwOTFhNjg0NjRlMDFlMDU2YzY0NzNhM2ZmZmE4NDU3MmM4YTM0MmRhNjU2In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQlgvR2hwOG45TUhNTHdCc3lOR2RSZUwwNjFGVFIzb3A2ZmhXTWw2YXQ3L0FpQURtWEtaWXBFNDZqUk1UMTJjYk92cTVHcEZBLzQ1Tzh6MUV2VDRiK3hGRlE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4WFowRjNTVUpCWjBsVlVVVkxiRzFSVG05cFVtZ3lNalZSVTJ0emNXdFBUVGhKWlc1WmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDlFUlRCTlZGbDRUWHBSTlZkb1kwNU5hbFYzVDBSRk1FMVVXWGxOZWxFMVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVY2VEhwWlYzSkRWSGwzY0hBMU4yVlVOelZ2TTJjemRUWnRUMloyVlZCRlRXSjVOVElLWVVkaVlWQlhjelpxTkhWb1ZuWTNiV3M1TkVGSVNqYzBPWG95VEVKWGRESlVTMFZGYWtKelNEbEtVV05UZERjck5uRlBRMEZZVVhkblowWjNUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZKV0RoRUNsaHhPQ3RPZWtkWWNESTFOV1pzZFV0d2JFNTBZMXB2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVhkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWprS1FraHpRV1ZSUWpOQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnRTMnhpTmxGQlFRcEJRVkZFUVVWbmQxSm5TV2hCVDNCa05XcHdUMDFxTUN0Rk5IcHZWVnByYm5KdUx6QnNaVFF5T1dSRFYzUjJja2h4U1d0VlkwMHpjRUZwUlVGNWVtNTBDaXMzVW5ac2FIZ3pZbEF3UldOS1pUQk1RM1JNVHpGTFZ6SmhhMlJyTVZadlJUSk1ZaXRuTkhkRFoxbEpTMjlhU1hwcU1FVkJkMDFFWVVGQmQxcFJTWGdLUVU5aFNXTkxiVGhyTTFaWlEwRXZVa1pETmt0UE5XazBlVzk0V2t4R1JtaHFZM2xrZEZCWmVVdGxkRzlyY0hwVlF6VjVXa3RyU1ZKc00yaDVVMDVoWmdvMVVVbDNTMlpzYjJsMEwxQnZielJRTTBwUFdXaHFVMWRMTjNGSlNrdEdNWEl2TlZwYVYyNTJRbkJMYUZWU1NXbEdlRkY0TjNNNWEwd3dNVTFRUTJkU0NsVmxiMkVLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "vGKFTPIyNFvSLJCRpoRk4B4FbGRzo//6hFcsijQtplY="}, "signature": "MEQCIBX/Ghp8n9MHMLwBsyNGdReL061FTR3op6fhWMl6at7/AiADmXKZYpE46jRMT12cbOvq5GpFA/45O8z1EvT4b+xFFQ=="}}

python314.changes

@@ -1,3 +1,72 @@
+-------------------------------------------------------------------
+Fri Aug 15 14:12:35 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.14.0~rc2:
+  - Library
+    - gh-137426: Remove the code deprecation of
+      importlib.abc.ResourceLoader. It is documented as
+      deprecated, but left for backwards compatibility with other
+      classes in importlib.abc.
+    - gh-137282: Fix tab completion and dir() on
+      concurrent.futures.
+    - gh-137257: Bump the version of pip bundled in ensurepip to
+      version 25.2
+    - gh-137226: Fix behavior of
+      annotationlib.ForwardRef.evaluate() when the type_params
+      parameter is passed and the name of a type param is also
+      present in an enclosing scope.
+    - gh-130522: Fix unraisable TypeError raised during
+      interpreter shutdown in the threading module.
+    - gh-137059: Fix handling of file URLs with a
+      Windows drive letter in the URL authority by
+      urllib.request.url2pathname(). This fixes a regression in
+      earlier pre-releases of Python 3.14.
+    - gh-130577: tarfile now validates archives to ensure member
+      offsets are non-negative. (Contributed by Alexander Enrique
+      Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249).
+    - gh-135228: When dataclasses replaces a class with a slotted
+      dataclass, the original class can now be garbage collected
+      again. Earlier changes in Python 3.14 caused this class to
+      always remain in existence together with the replacement
+      class synthesized by dataclasses.
+  - Documentation
+    - gh-136155: We are now checking for fatal errors in EPUB
+      builds in CI.
+  - Core and Builtins
+    - gh-137400: Fix a crash in the free threading
+      build when disabling profiling or tracing across
+      all threads with PyEval_SetProfileAllThreads()
+      or PyEval_SetTraceAllThreads() or their Python
+      equivalents threading.settrace_all_threads() and
+      threading.setprofile_all_threads().
+    - gh-137314: Fixed a regression where raw f-strings
+      incorrectly interpreted escape sequences in format
+      specifications. Raw f-strings now properly preserve literal
+      backslashes in format specs, matching the behavior from
+      Python 3.11. For example, rf"{obj:\xFF}" now correctly
+      produces '\\xFF' instead of 'ÿ'. Patch by Pablo Galindo.
+    - gh-137308: A standalone docstring in a node body is
+      optimized as a pass statement to ensure that the node’s
+      body is never empty. There was a ValueError in compile()
+      otherwise.
+    - gh-137288: Fix bug where some bytecode instructions of a
+      boolean expression are not associated with the correct
+      exception handler.
+    - gh-134291: Remove some newer macOS API usage from the JIT
+      compiler in order to restore compatibility with older OSX
+      10.15 deployment targets.
+    - gh-131338: Disable computed stack limit checks on non-glibc
+      linux platforms to fix crashes on deep recursion.
+    - gh-136870: Fix data races while de-instrumenting bytecode
+      of code objects running concurrently in threads.
+  - C API
+    - gh-137573: Mark _PyOptimizer_Optimize as Py_NO_INLINE to
+      prevent stack overflow crashes on macOS.
+  - Build
+    - gh-132339: Add support for OpenSSL 3.5.
+- Replaces upstreamed patches:
+  - CVE-2025-8194-tarfile-no-neg-offsets.patch
+
 -------------------------------------------------------------------
 Fri Aug  1 20:09:24 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 

python314.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python314
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -162,8 +162,8 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.14.0~rc1
-%define         tarversion 3.14.0rc1
+Version:        3.14.0~rc2
+%define         tarversion 3.14.0rc2
 %define         tarname    Python-%{tarversion}
 Release:        0
 Summary:        Python 3 Interpreter
@@ -222,9 +222,6 @@ Patch40:        fix-test-recursion-limit-15.6.patch
 # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 mcepl@suse.com
 # Doc: Generate ids for audit_events using docname
 Patch41:        bsc1243155-sphinx-non-determinism.patch
-# PATCH-FIX-UPSTREAM CVE-2025-8194-tarfile-no-neg-offsets.patch bsc#1247249 mcepl@suse.com
-# tarfile now validates archives to ensure member offsets are non-negative
-Patch42:        CVE-2025-8194-tarfile-no-neg-offsets.patch
 #### Python 3.14 DEVELOPMENT PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake