Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple

quadratic complexity vulnerabilities of os.path.expandvars() (CVE-2025-6075, bsc#1252974). Skip test_curses on ppc64le (gh#python/cpython#141534) avoid simple quadratic complexity vulnerabilities of (CVE-2025-6075, bsc#1252974). os.path.expandvars() the --verbose option anymore. Patch by Victor Stinner. - gh-95953: A CSS class, diff_changed, was added to th e Patch by Katie Gardner . - gh-138804: Raise TypeError instead of AttributeError whe n an argument of incorrect type is passed to shlex.quote() . This restores the behavior of the function prior to 3.14 . - gh-138514: Raise ValueError when a multi-character strin g is passed to the echo_char parameter of getpass.getpass() . Patch by Benjamin Johnson . - gh-116946: The _random.Random C type is now immutable . Patch by Bénédikt Tran . - gh-136028: Fix parsing month names containing “İ” (U+0130 , LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime() . This affects locales az_AZ, ber_DZ, ber_MA and crh_UA . whether the sign bit of a floating-point value is set . Patch by Bénédikt Tran . - gh-125996: Fix thread safety of collections.OrderedDict . Patch by Kumar Aditya . - gh-133551: Support t-strings (PEP 750) in annotationlib . Patch by Jelle Zijlstra . - gh-87790: Support underscore and comma as thousand s Patch by Sergey B Kirpichev . macro is responsible for raising a curses.error exceptio n. Patch by Bénédikt Tra n. - gh-138378: Move the globals-to-const JIT optimizer pass into to the main JIT optimizer pass - gh-138372: Fix SyntaxWarning emitted for erroneou s subscript expressions involving template string literals . Patch by Brian Schubert . - gh-138004: On Solaris/Illumos platforms, thread names e ar now encoded as ASCII to avoid errors on systems (e.g . OpenIndiana) that don’t support non-ASCII names . Patch by Pablo Galindo . - gh-137728: Fix the JIT’s handling of many local variables . This previously caused a segfault . - gh-137576: Fix for incorrect source code being shown i n Patch by Adam Hartz . PyBytesWriter_Create PyBytesWriter_Discard () PyBytesWriter_FinishWithPointer () PyBytesWriter_FinishWithSize () PyBytesWriter_Finish PyBytesWriter_Format () PyBytesWriter_GetData PyBytesWriter_GetSize () PyBytesWriter_GrowAndUpdatePointer PyBytesWriter_Grow () PyBytesWriter_Resize PyBytesWriter_WriteBytes () - gh-133644: Remove deprecated alia s PyImport_ImportModuleNoBlock() of PyImport_ImportModule() . Patch by Bénédikt Tran .
2025-11-13 22:40:01 +01:00
parent b563206f1a
commit 2c3a121115
4 changed files with 433 additions and 55 deletions
--- a/CVE-2025-6075-expandvars-perf-degrad.patch
+++ b/CVE-2025-6075-expandvars-perf-degrad.patch
@@ -0,0 +1,367 @@
 From e3b2c85d567b51dd84d1faf83398e97c0bf1eb60 Mon Sep 17 00:00:00 2001
 From: Serhiy Storchaka <storchaka@gmail.com>
 Date: Fri, 30 May 2025 22:33:31 +0300
 Subject: [PATCH 1/2] gh-134873: Fix quadratic complexity in
 os.path.expandvars()
 ---
 Lib/ntpath.py                                                            |  126 +++-------
 Lib/posixpath.py                                                         |   43 +--
 Lib/test/test_genericpath.py                                             |   21 +
 Lib/test/test_ntpath.py                                                  |   22 +
 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst |    1 
 5 files changed, 97 insertions(+), 116 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-134873.bu337o.rst
 Index: Python-3.15.0a1/Lib/ntpath.py
 ===================================================================
 --- Python-3.15.0a1.orig/Lib/ntpath.py	2025-10-14 12:46:08.000000000 +0200
 +++ Python-3.15.0a1/Lib/ntpath.py	2025-11-13 18:28:37.445868967 +0100
@@ -400,17 +400,23 @@
 # XXX With COMMAND.COM you can use any characters in a variable name,
 # XXX except '^|<>='.
 +_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)"
 +_varsub = None
 +_varsubb = None
 +
 def expandvars(path):
     """Expand shell variables of the forms $var, ${var} and %var%.
     Unknown variables are left unchanged."""
     path = os.fspath(path)
 +    global _varsub, _varsubb
     if isinstance(path, bytes):
         if b'$' not in path and b'%' not in path:
             return path
 -        import string
 -        varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii')
 -        quote = b'\''
 +        if not _varsubb:
 +            import re
 +            _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
 +        sub = _varsubb
         percent = b'%'
         brace = b'{'
         rbrace = b'}'
@@ -419,94 +425,44 @@
     else:
         if '$' not in path and '%' not in path:
             return path
 -        import string
 -        varchars = string.ascii_letters + string.digits + '_-'
 -        quote = '\''
 +        if not _varsub:
 +            import re
 +            _varsub = re.compile(_varpattern, re.ASCII).sub
 +        sub = _varsub
         percent = '%'
         brace = '{'
         rbrace = '}'
         dollar = '$'
         environ = os.environ
 -    res = path[:0]
 -    index = 0
 -    pathlen = len(path)
 -    while index < pathlen:
 -        c = path[index:index+1]
 -        if c == quote:   # no expansion within single quotes
 -            path = path[index + 1:]
 -            pathlen = len(path)
 -            try:
 -                index = path.index(c)
 -                res += c + path[:index + 1]
 -            except ValueError:
 -                res += c + path
 -                index = pathlen - 1
 -        elif c == percent:  # variable or '%'
 -            if path[index + 1:index + 2] == percent:
 -                res += c
 -                index += 1
 -            else:
 -                path = path[index+1:]
 -                pathlen = len(path)
 -                try:
 -                    index = path.index(percent)
 -                except ValueError:
 -                    res += percent + path
 -                    index = pathlen - 1
 -                else:
 -                    var = path[:index]
 -                    try:
 -                        if environ is None:
 -                            value = os.fsencode(os.environ[os.fsdecode(var)])
 -                        else:
 -                            value = environ[var]
 -                    except KeyError:
 -                        value = percent + var + percent
 -                    res += value
 -        elif c == dollar:  # variable or '$$'
 -            if path[index + 1:index + 2] == dollar:
 -                res += c
 -                index += 1
 -            elif path[index + 1:index + 2] == brace:
 -                path = path[index+2:]
 -                pathlen = len(path)
 -                try:
 -                    index = path.index(rbrace)
 -                except ValueError:
 -                    res += dollar + brace + path
 -                    index = pathlen - 1
 -                else:
 -                    var = path[:index]
 -                    try:
 -                        if environ is None:
 -                            value = os.fsencode(os.environ[os.fsdecode(var)])
 -                        else:
 -                            value = environ[var]
 -                    except KeyError:
 -                        value = dollar + brace + var + rbrace
 -                    res += value
 -            else:
 -                var = path[:0]
 -                index += 1
 -                c = path[index:index + 1]
 -                while c and c in varchars:
 -                    var += c
 -                    index += 1
 -                    c = path[index:index + 1]
 -                try:
 -                    if environ is None:
 -                        value = os.fsencode(os.environ[os.fsdecode(var)])
 -                    else:
 -                        value = environ[var]
 -                except KeyError:
 -                    value = dollar + var
 -                res += value
 -                if c:
 -                    index -= 1
 +
 +    def repl(m):
 +        lastindex = m.lastindex
 +        if lastindex is None:
 +            return m[0]
 +        name = m[lastindex]
 +        if lastindex == 1:
 +            if name == percent:
 +                return name
 +            if not name.endswith(percent):
 +                return m[0]
 +            name = name[:-1]
         else:
 -            res += c
 -        index += 1
 -    return res
 +            if name == dollar:
 +                return name
 +            if name.startswith(brace):
 +                if not name.endswith(rbrace):
 +                    return m[0]
 +                name = name[1:-1]
 +
 +        try:
 +            if environ is None:
 +                return os.fsencode(os.environ[os.fsdecode(name)])
 +            else:
 +                return environ[name]
 +        except KeyError:
 +            return m[0]
 +
 +    return sub(repl, path)
 # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B.
 Index: Python-3.15.0a1/Lib/posixpath.py
 ===================================================================
 --- Python-3.15.0a1.orig/Lib/posixpath.py	2025-10-14 12:46:08.000000000 +0200
 +++ Python-3.15.0a1/Lib/posixpath.py	2025-11-13 18:28:37.446168939 +0100
@@ -285,42 +285,41 @@
 # This expands the forms $variable and ${variable} only.
 # Non-existent variables are left unchanged.
 -_varprog = None
 -_varprogb = None
 +_varpattern = r'\$(\w+|\{[^}]*\}?)'
 +_varsub = None
 +_varsubb = None
 def expandvars(path):
     """Expand shell variables of form $var and ${var}.  Unknown variables
     are left unchanged."""
     path = os.fspath(path)
 -    global _varprog, _varprogb
 +    global _varsub, _varsubb
     if isinstance(path, bytes):
         if b'$' not in path:
             return path
 -        if not _varprogb:
 +        if not _varsubb:
             import re
 -            _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII)
 -        search = _varprogb.search
 +            _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
 +        sub = _varsubb
         start = b'{'
         end = b'}'
         environ = getattr(os, 'environb', None)
     else:
         if '$' not in path:
             return path
 -        if not _varprog:
 +        if not _varsub:
             import re
 -            _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII)
 -        search = _varprog.search
 +            _varsub = re.compile(_varpattern, re.ASCII).sub
 +        sub = _varsub
         start = '{'
         end = '}'
         environ = os.environ
 -    i = 0
 -    while True:
 -        m = search(path, i)
 -        if not m:
 -            break
 -        i, j = m.span(0)
 -        name = m.group(1)
 -        if name.startswith(start) and name.endswith(end):
 +
 +    def repl(m):
 +        name = m[1]
 +        if name.startswith(start):
 +            if not name.endswith(end):
 +                return m[0]
             name = name[1:-1]
         try:
             if environ is None:
@@ -328,13 +327,11 @@
             else:
                 value = environ[name]
         except KeyError:
 -            i = j
 +            return m[0]
         else:
 -            tail = path[j:]
 -            path = path[:i] + value
 -            i = len(path)
 -            path += tail
 -    return path
 +            return value
 +
 +    return sub(repl, path)
 # Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B.
 Index: Python-3.15.0a1/Lib/test/test_genericpath.py
 ===================================================================
 --- Python-3.15.0a1.orig/Lib/test/test_genericpath.py	2025-10-14 12:46:08.000000000 +0200
 +++ Python-3.15.0a1/Lib/test/test_genericpath.py	2025-11-13 18:28:37.446403609 +0100
@@ -9,9 +9,9 @@
 import sys
 import unittest
 import warnings
 -from test.support import (
 -    is_apple, os_helper, warnings_helper
 -)
 +from test import support
 +from test.support import os_helper
 +from test.support import warnings_helper
 from test.support.script_helper import assert_python_ok
 from test.support.os_helper import FakePath
@@ -462,6 +462,19 @@
                   os.fsencode('$bar%s bar' % nonascii))
             check(b'$spam}bar', os.fsencode('%s}bar' % nonascii))
 +    @support.requires_resource('cpu')
 +    def test_expandvars_large(self):
 +        expandvars = self.pathmodule.expandvars
 +        with os_helper.EnvironmentVarGuard() as env:
 +            env.clear()
 +            env["A"] = "B"
 +            n = 100_000
 +            self.assertEqual(expandvars('$A'*n), 'B'*n)
 +            self.assertEqual(expandvars('${A}'*n), 'B'*n)
 +            self.assertEqual(expandvars('$A!'*n), 'B!'*n)
 +            self.assertEqual(expandvars('${A}A'*n), 'BA'*n)
 +            self.assertEqual(expandvars('${'*10*n), '${'*10*n)
 +
     def test_abspath(self):
         self.assertIn("foo", self.pathmodule.abspath("foo"))
         with warnings.catch_warnings():
@@ -519,7 +532,7 @@
             # directory (when the bytes name is used).
             and sys.platform not in {
                 "win32", "emscripten", "wasi"
 -            } and not is_apple
 +            } and not support.is_apple
         ):
             name = os_helper.TESTFN_UNDECODABLE
         elif os_helper.TESTFN_NONASCII:
 Index: Python-3.15.0a1/Lib/test/test_ntpath.py
 ===================================================================
 --- Python-3.15.0a1.orig/Lib/test/test_ntpath.py	2025-10-14 12:46:08.000000000 +0200
 +++ Python-3.15.0a1/Lib/test/test_ntpath.py	2025-11-13 18:28:55.652664525 +0100
@@ -9,7 +9,8 @@
 import warnings
 from ntpath import ALL_BUT_LAST, ALLOW_MISSING
 from test import support
 -from test.support import TestFailed, cpython_only, os_helper
 +from test import support
 +from test.support import os_helper
 from test.support.os_helper import FakePath
 from test import test_genericpath
 from tempfile import TemporaryFile
@@ -59,7 +60,7 @@
     fn = fn.replace("\\", "\\\\")
     gotResult = eval(fn)
     if wantResult != gotResult and _norm(wantResult) != _norm(gotResult):
 -        raise TestFailed("%s should return: %s but returned: %s" \
 +        raise support.TestFailed("%s should return: %s but returned: %s" \
               %(str(fn), str(wantResult), str(gotResult)))
     # then with bytes
@@ -75,7 +76,7 @@
         warnings.simplefilter("ignore", DeprecationWarning)
         gotResult = eval(fn)
     if _norm(wantResult) != _norm(gotResult):
 -        raise TestFailed("%s should return: %s but returned: %s" \
 +        raise support.TestFailed("%s should return: %s but returned: %s" \
               %(str(fn), str(wantResult), repr(gotResult)))
@@ -1133,6 +1134,19 @@
             check('%spam%bar', '%sbar' % nonascii)
             check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii)
 +    @support.requires_resource('cpu')
 +    def test_expandvars_large(self):
 +        expandvars = ntpath.expandvars
 +        with os_helper.EnvironmentVarGuard() as env:
 +            env.clear()
 +            env["A"] = "B"
 +            n = 100_000
 +            self.assertEqual(expandvars('%A%'*n), 'B'*n)
 +            self.assertEqual(expandvars('%A%A'*n), 'BA'*n)
 +            self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%')
 +            self.assertEqual(expandvars("%%"*n), "%"*n)
 +            self.assertEqual(expandvars("$$"*n), "$"*n)
 +
     def test_expanduser(self):
         tester('ntpath.expanduser("test")', 'test')
@@ -1550,7 +1564,7 @@
         self.assertTrue(os.path.exists(r"\\.\CON"))
     @unittest.skipIf(sys.platform != 'win32', "Fast paths are only for win32")
 -    @cpython_only
 +    @support.cpython_only
     def test_fast_paths_in_use(self):
         # There are fast paths of these functions implemented in posixmodule.c.
         # Confirm that they are being used, and not the Python fallbacks in
 Index: Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
 +++ Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst	2025-11-13 18:28:37.447873576 +0100
@@ -0,0 +1 @@
 +Fix quadratic complexity in :func:`os.path.expandvars`.
--- a/5
+++ b/5
@@ -1,3 +1,4 @@
 addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem")
-addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c")
+addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/.*.c")
-addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp")
+addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/.*.cpp")
 addFilter("python-bytecode-inconsistent-mtime.*/usr/lib64/python.*/.*.pyc")
--- a/python315.changes
+++ b/python315.changes
@@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 - Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
  quadratic complexity vulnerabilities of os.path.expandvars()
  (CVE-2025-6075, bsc#1252974).
 - Skip test_curses on ppc64le (gh#python/cpython#141534)
 -------------------------------------------------------------------
 Mon Nov 10 10:01:37 UTC 2025 - Andreas Schwab <schwab@suse.de>
@@ -44,7 +52,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      modules when explicitly specified.
  - Tests
    - gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore
-      the --verbose option anymore. Patch by Victor Stinner.
+      avoid simple quadratic complexity vulnerabilities of
      (CVE-2025-6075, bsc#1252974). os.path.expandvars() the
      --verbose option anymore. Patch by Victor Stinner.
    - gh-138313: Restore skipped test and add janky workaround
      to prevent select buildbots from failing with a
      ResourceWarning.
@@ -193,9 +203,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      arguments now accept any real numbers (such as Decimal and
      Fraction), not only integers or floats, although this does
      not improve precision.
-    - gh-95953: A CSS class, diff_changed, was added to the
+    - gh-95953: A CSS class, diff_changed, was added to th      e
      changed lines in the make_table output of difflib.HtmlDiff.
-      Patch by Katie Gardner.
+      Patch by Katie Gardner                                    .
    - gh-139210: Fix use-after-free when reporting unknown event
      in xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
    - gh-138860: Lazy import rlcompleter in pdb to avoid deadlock
@@ -248,9 +258,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-138899: Executing quit command in pdb will raise
      bdb.BdbQuit when pdb is started from an asyncio console
      using breakpoint() or pdb.set_trace().
-    - gh-138804: Raise TypeError instead of AttributeError when
+    - gh-138804: Raise TypeError instead of AttributeError whe  n
-      an argument of incorrect type is passed to shlex.quote().
+      an argument of incorrect type is passed to shlex.quote()  .
-      This restores the behavior of the function prior to 3.14.
+      This restores the behavior of the function prior to 3.14  .
    - gh-138779: Support device numbers larger than 2**63-1 for
      the st_rdev field of the os.stat_result structure.
    - gh-138682: Added symmetric difference support to
@@ -281,9 +291,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      calling createtimerhandler() on a Tk application) and
      _tkinter.tkapp (the runtime type of Tk applications) are
      now immutable. Patch by Bénédikt Tran.
-    - gh-138514: Raise ValueError when a multi-character string
+    - gh-138514: Raise ValueError when a multi-character strin  g
-      is passed to the echo_char parameter of getpass.getpass().
+      is passed to the echo_char parameter of getpass.getpass() .
-      Patch by Benjamin Johnson.
+      Patch by Benjamin Johnson                                 .
    - gh-137706: Fix the partial evaluation of annotations that
      use typing.Annotated[T, x] where T is a forward reference.
    - gh-88375: Fix normalization of the robots.txt rules and
@@ -307,8 +317,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      copy.deepcopy() in the free-threading build.
    - gh-116946: The types of select.poll() and select.epoll()
      objects are now immutable. Patch by Bénédikt Tran.
-    - gh-116946: The _random.Random C type is now immutable.
+    - gh-116946: The _random.Random C type is now immutable     .
-      Patch by Bénédikt Tran.
+      Patch by Bénédikt Tran                                    .
    - gh-57911: When extracting tar files on Windows, slashes in
      symlink targets will be replaced by backslashes to prevent
      corrupted links.
@@ -597,9 +607,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-134759: Fix UnboundLocalError in
      email.message.Message.get_payload() when the payload to
      decode is a bytes object. Patch by Kliment Lamonov.
-    - gh-136028: Fix parsing month names containing “İ” (U+0130,
+    - gh-136028: Fix parsing month names containing “İ” (U+0130 ,
-      LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime().
+      LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime() .
-      This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.
+      This affects locales az_AZ, ber_DZ, ber_MA and crh_UA     .
    - gh-87135: Acquiring a threading.Lock or threading.RLock at
      interpreter shutdown will raise PythonFinalizationError if
      Python can determine that it would otherwise deadlock.
@@ -621,8 +631,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      non-OSError exception is raised during connection and
      socket’s close() raises OSError.
    - gh-135853: math: expose C99 signbit() function to determine
-      whether the sign bit of a floating-point value is set.
+      whether the sign bit of a floating-point value is set     .
-      Patch by Bénédikt Tran.
+      Patch by Bénédikt Tran                                    .
    - gh-134531: hmac: use the EVP_MAC(3ssl) interface for HMAC
      when Python is built with OpenSSL 3.0 and later instead of
      the deprecated HMAC_CTX(3ssl) interface. Patch by Bénédikt
@@ -917,8 +927,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      and TD = TypedDict("TD", None) calls for constructing
      typing.TypedDict objects with zero field. Patch by Bénédikt
      Tran.
-    - gh-125996: Fix thread safety of collections.OrderedDict.
+    - gh-125996: Fix thread safety of collections.OrderedDict   .
-      Patch by Kumar Aditya.
+      Patch by Kumar Aditya                                     .
    - gh-133817: Remove support for creating NamedTuple classes
      via the undocumented keyword argument syntax. Patch by
      Bénédikt Tran.
@@ -973,8 +983,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      logging.basicConfig().
    - gh-92897: Removed the check_home parameter from
      sysconfig.is_python_build(), deprecated since Python 3.12.
-    - gh-133551: Support t-strings (PEP 750) in annotationlib.
+    - gh-133551: Support t-strings (PEP 750) in annotationlib   .
-      Patch by Jelle Zijlstra.
+      Patch by Jelle Zijlstra                                   .
    - gh-133517: Remove os.listdrives(), os.listvolumes() and
      os.listmounts() in non Windows desktop builds since the
      underlying functionality is missing.
@@ -1035,9 +1045,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-87790: Support underscore and comma as thousands
      separators in the fractional part for Fraction’s
      formatting. Patch by Sergey B Kirpichev.
-    - gh-87790: Support underscore and comma as thousands
+    - gh-87790: Support underscore and comma as thousand        s
      separators in the fractional part for Decimal’s formatting.
-      Patch by Sergey B Kirpichev.
+      Patch by Sergey B Kirpichev                               .
    - gh-131884: Fix formatting issues in json.dump() when both
      indent and skipkeys are used.
    - gh-131788: Make ResourceTracker.send from multiprocessing
@@ -1072,8 +1082,8 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-125028: functools.Placeholder cannot be passed to
      functools.partial() as a keyword argument.
    - gh-125843: If possible, indicate which curses C function or
-      macro is responsible for raising a curses.error exception.
+      macro is responsible for raising a curses.error exceptio n.
-      Patch by Bénédikt Tran.
+      Patch by Bénédikt Tra                                    n.
    - gh-119109: functools.partial() calls are now faster when
      keyword arguments are used.
    - gh-124033: SimplePath is now presented in
@@ -1198,13 +1208,13 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      __typing_subst__ returns an object that isn’t a tuple.
    - gh-138431: Fix a bug in the JIT optimizer when
      round-tripping strings and tuples.
-    - gh-138378: Move the globals-to-const JIT optimizer pass
+    - gh-138378: Move the globals-to-const     JIT optimizer pass
-      into to the main JIT optimizer pass
+      into to the main                         JIT optimizer pass
    - gh-138401: Add missing validation of argument count in
      os.sendfile() to be non-negative.
-    - gh-138372: Fix SyntaxWarning emitted for erroneous
+    - gh-138372: Fix SyntaxWarning emitted for erroneou         s
-      subscript expressions involving template string literals.
+      subscript expressions involving template string literals  .
-      Patch by Brian Schubert.
+      Patch by Brian Schubert                                   .
    - gh-138302: BINARY_OP now specializes to BINARY_OP_ADD_INT,
      BINARY_OP_SUBTRACT_INT or BINARY_OP_MULTIPLY_INT if
      operands are compact ints.
@@ -1229,9 +1239,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      and does not contain double quotes.
    - gh-137384: Fix a crash when using the warnings module in a
      finalizer at shutdown. Patch by Kumar Aditya.
-    - gh-138004: On Solaris/Illumos platforms, thread names are
+    - gh-138004: On Solaris/Illumos platforms, thread names     e
-      now encoded as ASCII to avoid errors on systems (e.g.
+      ar now encoded as ASCII to avoid errors on systems (e.g   .
-      OpenIndiana) that don’t support non-ASCII names.
+      OpenIndiana) that don’t support non-ASCII names           .
    - gh-137976: Removed localtime from the list of reported
      system timezones.
    - gh-137992: Ensure that PyRefTracer_SetTracer() sync with
@@ -1244,18 +1254,18 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-137883: Fix runaway recursion when calling a function
      with keyword arguments.
    - gh-137079: Fix keyword typo recognition when parsing files.
-      Patch by Pablo Galindo.
+      Patch by Pablo Galindo                                    .
-    - gh-137728: Fix the JIT’s handling of many local variables.
+    - gh-137728: Fix the JIT’s handling of many local variables .
-      This previously caused a segfault.
+      This previously caused a segfault                         .
    - gh-137716: Fix double period in AttributeError message for
      invalid mock assertions
    - gh-137433: Fix a potential deadlock in the free threading
      build when daemon threads enable or disable profiling
      or tracing while the main thread is shutting down the
      interpreter.
-    - gh-137576: Fix for incorrect source code being shown in
+    - gh-137576: Fix for incorrect source code being shown i    n
      tracebacks from the Basic REPL when PYTHONSTARTUP is given.
-      Patch by Adam Hartz.
+      Patch by Adam Hartz                                       .
    - gh-37817: Allow assignment to __bases__ of direct
      subclasses of builtin classes.
    - gh-132732: Optimize _COMPARE_OP, _CONTAINS_OP,
@@ -1598,18 +1608,13 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
      function.
    - gh-129813: Implement PEP 782, the PyBytesWriter API. Add
      functions:
-         PyBytesWriter_Create()
+         PyBytesWriter_Create PyBytesWriter_Discard            ()
-         PyBytesWriter_Discard()
+         PyBytesWriter_FinishWithPointer                       ()
-         PyBytesWriter_FinishWithPointer()
+         PyBytesWriter_FinishWithSize                          ()
-         PyBytesWriter_FinishWithSize()
+         PyBytesWriter_Finish PyBytesWriter_Format             ()
-         PyBytesWriter_Finish()
+         PyBytesWriter_GetData PyBytesWriter_GetSize           ()
-         PyBytesWriter_Format()
+         PyBytesWriter_GrowAndUpdatePointer PyBytesWriter_Grow ()
-         PyBytesWriter_GetData()
+         PyBytesWriter_Resize PyBytesWriter_WriteBytes         ()
         PyBytesWriter_GetSize()
         PyBytesWriter_GrowAndUpdatePointer()
         PyBytesWriter_Grow()
         PyBytesWriter_Resize()
         PyBytesWriter_WriteBytes()
    - Patch by Victor Stinner.
    - gh-137956: Display and raise an exception if an extension
      compiled for non-free-threaded Python is loaded in a
@@ -1669,9 +1674,9 @@ Fri Oct 24 21:45:47 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
    - gh-133644: Remove deprecated function PyWeakref_GetObject()
      and macro PyWeakref_GET_OBJECT. Use PyWeakref_GetRef()
      instead. Patch by Bénédikt Tran.
-    - gh-133644: Remove deprecated alias
+    - gh-133644: Remove deprecated alia                         s
-      PyImport_ImportModuleNoBlock() of PyImport_ImportModule().
+      PyImport_ImportModuleNoBlock() of PyImport_ImportModule() .
-      Patch by Bénédikt Tran.
+      Patch by Bénédikt Tran                                    .
    - gh-133610: Remove deprecated functions
      PyUnicode_AsDecodedObject(), PyUnicode_AsDecodedUnicode(),
      PyUnicode_AsEncodedObject(), and
--- a/python315.spec
+++ b/python315.spec
@@ -224,6 +224,9 @@ Patch40:        fix-test-recursion-limit-15.6.patch
 Patch41:        bsc1243155-sphinx-non-determinism.patch
 # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
 Patch42:        gh139257-Support-docutils-0.22.patch
 # PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
 # Avoid potential quadratic complexity vulnerabilities in path modules
 Patch43:        CVE-2025-6075-expandvars-perf-degrad.patch
 #### Python 3.15 DEVELOPMENT PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
@@ -661,8 +664,10 @@ EXCLUDE="$EXCLUDE test_pydoc"
 EXCLUDE="$EXCLUDE test_multiprocessing_forkserver"
 %endif
 %ifarch ppc ppc64 ppc64le
-# exclue test_faulthandler due to bnc#831629
+# exclude test_faulthandler due to bnc#831629
 EXCLUDE="$EXCLUDE test_faulthandler"
 # exclude test_curse for gh#python/cpython#141534
 EXCLUDE="$EXCLUDE test_curses"
 %endif
 # some tests break in QEMU
 %if 0%{?qemu_user_space_build}