diff --git a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
index c66d943..498ff8c 100644
--- a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
+++ b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
@@ -4,10 +4,10 @@
Lib/test/test_xml_etree.py | 10 ++++++++++
3 files changed, 17 insertions(+)
-Index: Python-3.15.0a3/Lib/test/test_pyexpat.py
+Index: Python-3.15.0a5/Lib/test/test_pyexpat.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_pyexpat.py 2025-12-16 13:26:12.000000000 +0100
-+++ Python-3.15.0a3/Lib/test/test_pyexpat.py 2025-12-19 02:26:33.964969539 +0100
+--- Python-3.15.0a5.orig/Lib/test/test_pyexpat.py 2026-02-08 14:31:48.498838928 +0100
++++ Python-3.15.0a5/Lib/test/test_pyexpat.py 2026-02-08 14:31:58.465492442 +0100
@@ -860,6 +860,10 @@
self.assertEqual(started, ['doc'])
@@ -19,10 +19,10 @@ Index: Python-3.15.0a3/Lib/test/test_pyexpat.py
started = []
def start_element(name, _):
-Index: Python-3.15.0a3/Lib/test/test_sax.py
+Index: Python-3.15.0a5/Lib/test/test_sax.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_sax.py 2025-12-16 13:26:12.000000000 +0100
-+++ Python-3.15.0a3/Lib/test/test_sax.py 2025-12-19 02:26:33.966048947 +0100
+--- Python-3.15.0a5.orig/Lib/test/test_sax.py 2026-02-08 14:31:48.575186151 +0100
++++ Python-3.15.0a5/Lib/test/test_sax.py 2026-02-08 14:31:58.465928363 +0100
@@ -1241,6 +1241,9 @@
self.assertEqual(result.getvalue(), start + b"")
@@ -33,10 +33,10 @@ Index: Python-3.15.0a3/Lib/test/test_sax.py
def test_flush_reparse_deferral_disabled(self):
result = BytesIO()
xmlgen = XMLGenerator(result)
-Index: Python-3.15.0a3/Lib/test/test_xml_etree.py
+Index: Python-3.15.0a5/Lib/test/test_xml_etree.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_xml_etree.py 2025-12-16 13:26:12.000000000 +0100
-+++ Python-3.15.0a3/Lib/test/test_xml_etree.py 2025-12-19 02:26:33.966681016 +0100
+--- Python-3.15.0a5.orig/Lib/test/test_xml_etree.py 2026-02-08 14:31:49.084155592 +0100
++++ Python-3.15.0a5/Lib/test/test_xml_etree.py 2026-02-08 14:31:58.466519056 +0100
@@ -138,6 +138,11 @@
return mock.patch.object(cls, "__eq__", autospec=True, wraps=eq)
@@ -49,7 +49,7 @@ Index: Python-3.15.0a3/Lib/test/test_xml_etree.py
def checkwarnings(*filters, quiet=False):
def decorator(test):
def newtest(*args, **kwargs):
-@@ -1620,9 +1625,11 @@
+@@ -1619,9 +1624,11 @@
self.assert_event_tags(parser, [('end', 'root')])
self.assertIsNone(parser.close())
@@ -61,7 +61,7 @@ Index: Python-3.15.0a3/Lib/test/test_xml_etree.py
def test_simple_xml_chunk_5(self):
self.test_simple_xml(chunk_size=5, flush=True)
-@@ -1849,6 +1856,9 @@
+@@ -1848,6 +1855,9 @@
self.assert_event_tags(parser, [('end', 'doc')])
diff --git a/CVE-2025-12781-b64decode-alt-chars.patch b/CVE-2025-12781-b64decode-alt-chars.patch
index a2a1ab6..c528204 100644
--- a/CVE-2025-12781-b64decode-alt-chars.patch
+++ b/CVE-2025-12781-b64decode-alt-chars.patch
@@ -13,11 +13,11 @@ argument of b32decode().
Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst | 5 +
5 files changed, 100 insertions(+), 17 deletions(-)
-Index: Python-3.15.0a3/Doc/library/base64.rst
+Index: Python-3.15.0a5/Doc/library/base64.rst
===================================================================
---- Python-3.15.0a3.orig/Doc/library/base64.rst 2025-12-16 13:26:12.000000000 +0100
-+++ Python-3.15.0a3/Doc/library/base64.rst 2026-02-03 16:15:09.480009542 +0100
-@@ -77,15 +77,20 @@
+--- Python-3.15.0a5.orig/Doc/library/base64.rst 2026-01-14 15:41:32.000000000 +0100
++++ Python-3.15.0a5/Doc/library/base64.rst 2026-02-08 14:34:01.166782651 +0100
+@@ -84,15 +84,20 @@
A :exc:`binascii.Error` exception is raised
if *s* is incorrectly padded.
@@ -43,7 +43,7 @@ Index: Python-3.15.0a3/Doc/library/base64.rst
.. function:: standard_b64encode(s)
-@@ -116,6 +121,9 @@
+@@ -123,6 +128,9 @@
``/`` in the standard Base64 alphabet, and return the decoded
:class:`bytes`.
@@ -53,11 +53,11 @@ Index: Python-3.15.0a3/Doc/library/base64.rst
.. function:: b32encode(s)
-Index: Python-3.15.0a3/Doc/whatsnew/3.15.rst
+Index: Python-3.15.0a5/Doc/whatsnew/3.15.rst
===================================================================
---- Python-3.15.0a3.orig/Doc/whatsnew/3.15.rst 2025-12-16 13:26:12.000000000 +0100
-+++ Python-3.15.0a3/Doc/whatsnew/3.15.rst 2026-02-03 16:15:09.480398395 +0100
-@@ -992,6 +992,15 @@
+--- Python-3.15.0a5.orig/Doc/whatsnew/3.15.rst 2026-01-14 15:41:32.000000000 +0100
++++ Python-3.15.0a5/Doc/whatsnew/3.15.rst 2026-02-08 14:34:01.167289075 +0100
+@@ -1143,6 +1143,15 @@
New deprecations
----------------
@@ -73,11 +73,11 @@ Index: Python-3.15.0a3/Doc/whatsnew/3.15.rst
* CLI:
* Deprecate :option:`-b` and :option:`!-bb` command-line options
-Index: Python-3.15.0a3/Lib/base64.py
+Index: Python-3.15.0a5/Lib/base64.py
===================================================================
---- Python-3.15.0a3.orig/Lib/base64.py 2026-02-03 16:13:28.034477672 +0100
-+++ Python-3.15.0a3/Lib/base64.py 2026-02-03 16:15:09.480836931 +0100
-@@ -69,20 +69,39 @@
+--- Python-3.15.0a5.orig/Lib/base64.py 2026-02-08 14:31:45.441967463 +0100
++++ Python-3.15.0a5/Lib/base64.py 2026-02-08 14:34:01.167638994 +0100
+@@ -72,20 +72,39 @@
The result is returned as a bytes object. A binascii.Error is raised if
s is incorrectly padded.
@@ -121,7 +121,7 @@ Index: Python-3.15.0a3/Lib/base64.py
def standard_b64encode(s):
-@@ -127,8 +146,19 @@
+@@ -130,8 +149,19 @@
The alphabet uses '-' instead of '+' and '_' instead of '/'.
"""
s = _bytes_from_decode_data(s)
@@ -142,11 +142,11 @@ Index: Python-3.15.0a3/Lib/base64.py
-Index: Python-3.15.0a3/Lib/test/test_base64.py
+Index: Python-3.15.0a5/Lib/test/test_base64.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_base64.py 2026-02-03 16:13:29.357990779 +0100
-+++ Python-3.15.0a3/Lib/test/test_base64.py 2026-02-03 16:15:09.481134341 +0100
-@@ -265,6 +265,25 @@
+--- Python-3.15.0a5.orig/Lib/test/test_base64.py 2026-02-08 14:31:46.996351782 +0100
++++ Python-3.15.0a5/Lib/test/test_base64.py 2026-02-08 14:34:01.168029250 +0100
+@@ -292,6 +292,25 @@
eq(base64.b64decode(data, altchars=altchars_str), res)
eq(base64.b64decode(data_str, altchars=altchars_str), res)
@@ -172,7 +172,7 @@ Index: Python-3.15.0a3/Lib/test/test_base64.py
def test_b64decode_padding_error(self):
self.assertRaises(binascii.Error, base64.b64decode, b'abc')
self.assertRaises(binascii.Error, base64.b64decode, 'abc')
-@@ -296,13 +315,25 @@
+@@ -323,13 +342,25 @@
with self.assertRaises(binascii.Error):
base64.b64decode(bstr.decode('ascii'), validate=True)
@@ -205,10 +205,10 @@ Index: Python-3.15.0a3/Lib/test/test_base64.py
def _altchars_strategy():
"""Generate 'altchars' for base64 encoding."""
-Index: Python-3.15.0a3/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst
+Index: Python-3.15.0a5/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.15.0a3/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst 2026-02-03 16:15:09.481407075 +0100
++++ Python-3.15.0a5/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst 2026-02-08 14:34:01.168413634 +0100
@@ -0,0 +1,5 @@
+Accepting ``+`` and ``/`` characters with an alternative alphabet in
+:func:`base64.b64decode` and :func:`base64.urlsafe_b64decode` is now
diff --git a/CVE-2025-15282-urllib-ctrl-chars.patch b/CVE-2025-15282-urllib-ctrl-chars.patch
index c8c1e53..0c723c5 100644
--- a/CVE-2025-15282-urllib-ctrl-chars.patch
+++ b/CVE-2025-15282-urllib-ctrl-chars.patch
@@ -9,10 +9,10 @@ Subject: [PATCH 1/2] Add 'test.support' fixture for C0 control characters
Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst | 1 +
3 files changed, 14 insertions(+)
-Index: Python-3.15.0a3/Lib/test/test_urllib.py
+Index: Python-3.15.0a5/Lib/test/test_urllib.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_urllib.py 2026-02-04 16:57:42.070871001 +0100
-+++ Python-3.15.0a3/Lib/test/test_urllib.py 2026-02-04 16:57:49.106800440 +0100
+--- Python-3.15.0a5.orig/Lib/test/test_urllib.py 2026-02-08 14:31:49.004578010 +0100
++++ Python-3.15.0a5/Lib/test/test_urllib.py 2026-02-08 14:34:10.667653549 +0100
@@ -10,6 +10,7 @@
from test import support
from test.support import os_helper
@@ -35,11 +35,11 @@ Index: Python-3.15.0a3/Lib/test/test_urllib.py
class urlretrieve_FileTests(unittest.TestCase):
"""Test urllib.urlretrieve() on local files"""
-Index: Python-3.15.0a3/Lib/urllib/request.py
+Index: Python-3.15.0a5/Lib/urllib/request.py
===================================================================
---- Python-3.15.0a3.orig/Lib/urllib/request.py 2026-02-04 16:57:42.390604584 +0100
-+++ Python-3.15.0a3/Lib/urllib/request.py 2026-02-04 16:57:49.107133794 +0100
-@@ -1634,6 +1634,11 @@
+--- Python-3.15.0a5.orig/Lib/urllib/request.py 2026-02-08 14:31:49.344934070 +0100
++++ Python-3.15.0a5/Lib/urllib/request.py 2026-02-08 14:34:10.668244681 +0100
+@@ -1636,6 +1636,11 @@
scheme, data = url.split(":",1)
mediatype, data = data.split(",",1)
@@ -51,9 +51,9 @@ Index: Python-3.15.0a3/Lib/urllib/request.py
# even base64 encoded data URLs might be quoted so unquote in any case:
data = unquote_to_bytes(data)
if mediatype.endswith(";base64"):
-Index: Python-3.15.0a3/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst
+Index: Python-3.15.0a5/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.15.0a3/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst 2026-02-04 16:57:49.107422870 +0100
++++ Python-3.15.0a5/Misc/NEWS.d/next/Security/2026-01-16-11-51-19.gh-issue-143925.mrtcHW.rst 2026-02-08 14:34:10.668611672 +0100
@@ -0,0 +1 @@
+Reject control characters in ``data:`` URL media types.
diff --git a/CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch b/CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
index 6605b35..bdcd2a1 100644
--- a/CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
+++ b/CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
@@ -11,10 +11,10 @@ Subject: [PATCH 1/5] Add 'test.support' fixture for C0 control characters
Misc/NEWS.d/next/Security/2026-01-16-11-13-15.gh-issue-143919.kchwZV.rst | 1
5 files changed, 80 insertions(+), 9 deletions(-)
-Index: Python-3.15.0a3/Doc/library/http.cookies.rst
+Index: Python-3.15.0a5/Doc/library/http.cookies.rst
===================================================================
---- Python-3.15.0a3.orig/Doc/library/http.cookies.rst 2025-12-16 13:26:12.000000000 +0100
-+++ Python-3.15.0a3/Doc/library/http.cookies.rst 2026-02-03 16:13:34.510285255 +0100
+--- Python-3.15.0a5.orig/Doc/library/http.cookies.rst 2026-01-14 15:41:32.000000000 +0100
++++ Python-3.15.0a5/Doc/library/http.cookies.rst 2026-02-08 14:33:55.253456803 +0100
@@ -294,9 +294,9 @@
Set-Cookie: chips=ahoy
Set-Cookie: vienna=finger
@@ -27,10 +27,10 @@ Index: Python-3.15.0a3/Doc/library/http.cookies.rst
>>> C = cookies.SimpleCookie()
>>> C["oreo"] = "doublestuff"
>>> C["oreo"]["path"] = "/"
-Index: Python-3.15.0a3/Lib/http/cookies.py
+Index: Python-3.15.0a5/Lib/http/cookies.py
===================================================================
---- Python-3.15.0a3.orig/Lib/http/cookies.py 2026-02-03 16:13:28.474908366 +0100
-+++ Python-3.15.0a3/Lib/http/cookies.py 2026-02-03 16:13:34.510714274 +0100
+--- Python-3.15.0a5.orig/Lib/http/cookies.py 2026-02-08 14:31:45.957689947 +0100
++++ Python-3.15.0a5/Lib/http/cookies.py 2026-02-08 14:33:55.254433224 +0100
@@ -87,9 +87,9 @@
such trickeries do not confuse it.
@@ -98,11 +98,11 @@ Index: Python-3.15.0a3/Lib/http/cookies.py
return sep.join(result)
__str__ = output
-Index: Python-3.15.0a3/Lib/test/support/__init__.py
+Index: Python-3.15.0a5/Lib/test/support/__init__.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/support/__init__.py 2026-02-03 16:13:29.187789397 +0100
-+++ Python-3.15.0a3/Lib/test/support/__init__.py 2026-02-03 16:13:34.511147760 +0100
-@@ -3272,3 +3272,10 @@
+--- Python-3.15.0a5.orig/Lib/test/support/__init__.py 2026-02-08 14:31:46.798817229 +0100
++++ Python-3.15.0a5/Lib/test/support/__init__.py 2026-02-08 14:33:55.255194468 +0100
+@@ -3303,3 +3303,10 @@
return _linked_to_musl
_linked_to_musl = tuple(map(int, version.split('.')))
return _linked_to_musl
@@ -113,10 +113,10 @@ Index: Python-3.15.0a3/Lib/test/support/__init__.py
+ C0 control characters defined as the byte range 0x00-0x1F, and 0x7F.
+ """
+ return [chr(c) for c in range(0x00, 0x20)] + ["\x7F"]
-Index: Python-3.15.0a3/Lib/test/test_http_cookies.py
+Index: Python-3.15.0a5/Lib/test/test_http_cookies.py
===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_http_cookies.py 2026-02-03 16:13:29.999878162 +0100
-+++ Python-3.15.0a3/Lib/test/test_http_cookies.py 2026-02-03 16:13:34.511648955 +0100
+--- Python-3.15.0a5.orig/Lib/test/test_http_cookies.py 2026-02-08 14:31:47.771034298 +0100
++++ Python-3.15.0a5/Lib/test/test_http_cookies.py 2026-02-08 14:33:55.255867707 +0100
@@ -17,10 +17,10 @@
'repr': "",
'output': 'Set-Cookie: chips=ahoy\nSet-Cookie: vienna=finger'},
@@ -183,9 +183,9 @@ Index: Python-3.15.0a3/Lib/test/test_http_cookies.py
def load_tests(loader, tests, pattern):
tests.addTest(doctest.DocTestSuite(cookies))
-Index: Python-3.15.0a3/Misc/NEWS.d/next/Security/2026-01-16-11-13-15.gh-issue-143919.kchwZV.rst
+Index: Python-3.15.0a5/Misc/NEWS.d/next/Security/2026-01-16-11-13-15.gh-issue-143919.kchwZV.rst
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ Python-3.15.0a3/Misc/NEWS.d/next/Security/2026-01-16-11-13-15.gh-issue-143919.kchwZV.rst 2026-02-03 16:13:34.512041144 +0100
++++ Python-3.15.0a5/Misc/NEWS.d/next/Security/2026-01-16-11-13-15.gh-issue-143919.kchwZV.rst 2026-02-08 14:33:55.256114682 +0100
@@ -0,0 +1 @@
+Reject control characters in :class:`http.cookies.Morsel` fields and values.
diff --git a/Python-3.15.0a3.tar.xz b/Python-3.15.0a3.tar.xz
deleted file mode 100644
index 0653314..0000000
--- a/Python-3.15.0a3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6ab02cdac24505779877bb1d9189432d67e90ddf2a9b8b7b373ead54ac07b607
-size 34723712
diff --git a/Python-3.15.0a3.tar.xz.sigstore b/Python-3.15.0a3.tar.xz.sigstore
deleted file mode 100644
index cbe3fc3..0000000
--- a/Python-3.15.0a3.tar.xz.sigstore
+++ /dev/null
@@ -1 +0,0 @@
-{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlOgAwIBAgIUWGdIw6jkonGGlxTefVWR5dycYMUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMjE2MTQzNDE1WhcNMjUxMjE2MTQ0NDE1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMeXAUdFRAMUwkol7S3TfLRDGSmTBLxrIQ3KpDiKGHVX13ZTBQwnQnTwV+sIwP787IJZHObALFx34l925AS5oSKOCAXIwggFuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU1KEmc4ZWtSbp0HrR7xEl632FVQEwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBiQYKKwYBBAHWeQIEAgR7BHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABmyeVUi8AAAQDAEYwRAIgeNcEmGEuUlpapxVCjn9ssKb5U0FKgDx1cACe+m//GqwCIHaMa36eZ/5Ov9IQNyTUkm0bquaYWBvG5iGXMccaNkI+MAoGCCqGSM49BAMDA2kAMGYCMQDE+zTm1YaPVjKhhV7UrybXV88rHo7p1wedZglYz/WTQ6tdfXmeWXd4XcY8qvdMXxECMQCKipA6iUBoyWfYxM9wwNk1R0+YPpDvApKpuKcJssq7UBMH+qsVU2mYROAeVI/cTUc="}, "tlogEntries": [{"logIndex": "767379108", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1765895656", "inclusionPromise": {"signedEntryTimestamp": "MEYCIQC/gr68tewjyDayVY1YgkSx3wyJr1gDp9niugBN6CuI3QIhAI+AI17ZFMXpBHbN6nqzRRSF3gkcOFeiztd/ddPiR3Qr"}, "inclusionProof": {"logIndex": "645474846", "rootHash": "+7pvZSc1vkrbz1NYkRJTW6ebJVNEKnBbysMwrYfqBBw=", "treeSize": "645474850", "hashes": ["3IExMYCGoBe2wYmaUDFh/NwM9Yfz+YqErksZ9FiJMdU=", "5OlXK7CbwTpuOXJUjRBnsTRYTjVw1n5Yy8FU5TBL0XA=", "k7H5SO2fy1fisX7nQuhceTTJDt+OYrkbDLi4yA4s8x8=", "OUxbxHF4gP/nb0YaEJsiu5bD9WwjbSKIysm29uO2Wg8=", "xhz07XLYNXp0QZ6l+zMHq2ou8fUvEBzrXHj5p8bhW0w=", "TBrb22/2hnzqPGPgryvf9E/XySk6biXtuETjbuLr4iQ=", "XXiywYiYcfd6pMWvLjChESCzRvayGZ5Ga9vLoivArTc=", "6ymuOfiti8iWpSzihumjs587leNSK8iia3j2fQWYQvQ=", "x/rIPkrAoE9rz9kw44ofjWopN9MMV2UwNq4ZZxyk6gA=", "Jx3nGngq60bR51zwd8OmKd+Jv0wh/mwftjiOc6qQXgo=", "1Vd3rUmNolkFfJocF+ehhHicx+XZCI1oORVzpl1WD3k=", "STJBwmMYjQL7nNE7RtmufqTzKydDq3utsDtdFqjV83Q=", "volnUoGNFpLYblGf83KDzlbqdAQlS0WvwWzyZgIHQjo=", "1j4lDTV8P+GITn6Cn5v42uy3JK42BtPmPkJMt5IcMy0=", "X6vkxz0poxK2DIlRur/7LbEdz3iDXj5QY/gLk/ewXjA=", "ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n645474850\n+7pvZSc1vkrbz1NYkRJTW6ebJVNEKnBbysMwrYfqBBw=\n\n\u2014 rekor.sigstore.dev wNI9ajBDAh8xrHp05yLv6Q/03Lpwf+xo601cjQSlyFVx6fhX4g6QAiAHV2ukAWeKPX30txbAW2ymQCsMCjyaxXVyMi5ohj7Dvg==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI2YWIwMmNkYWMyNDUwNTc3OTg3N2JiMWQ5MTg5NDMyZDY3ZTkwZGRmMmE5YjhiN2IzNzNlYWQ1NGFjMDdiNjA3In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQ0hPTThHQjNyZFVTZTZzSFNMLzZWeDE3TkVabmlqRG1qZ2tVdXdDS0xuYkFpQU54VFdKRFk4dmhhVEF2NDVpWFlDM0dvTjl6RDVtYllpdUFkM3FockN2MGc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4UFowRjNTVUpCWjBsVlYwZGtTWGMyYW10dmJrZEhiSGhVWldaV1YxSTFaSGxqV1UxVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFxUlRKTlZGRjZUa1JGTVZkb1kwNU5hbFY0VFdwRk1rMVVVVEJPUkVVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZOWlZoQlZXUkdVa0ZOVlhkcmIydzNVek5VWmt4U1JFZFRiVlJDVEhoeVNWRXpTM0FLUkdsTFIwaFdXREV6V2xSQ1VYZHVVVzVVZDFZcmMwbDNVRGM0TjBsS1draFBZa0ZNUm5nek5HdzVNalZCVXpWdlUwdFBRMEZZU1hkblowWjFUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlV4UzBWdENtTTBXbGQwVTJKd01FaHlVamQ0Uld3Mk16SkdWbEZGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVZGWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWpjS1FraHJRV1IzUWpGQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnRlV1ZXVldrNFFRcEJRVkZFUVVWWmQxSkJTV2RsVG1ORmJVZEZkVlZzY0dGd2VGWkRhbTQ1YzNOTFlqVlZNRVpMWjBSNE1XTkJRMlVyYlM4dlIzRjNRMGxJWVUxaE16WmxDbG92TlU5Mk9VbFJUbmxVVld0dE1HSnhkV0ZaVjBKMlJ6VnBSMWhOWTJOaFRtdEpLMDFCYjBkRFEzRkhVMDAwT1VKQlRVUkJNbXRCVFVkWlEwMVJSRVVLSzNwVWJURlpZVkJXYWt0b2FGWTNWWEo1WWxoV09EaHlTRzgzY0RGM1pXUmFaMnhaZWk5WFZGRTJkR1JtV0cxbFYxaGtORmhqV1RoeGRtUk5XSGhGUXdwTlVVTkxhWEJCTm1sVlFtOTVWMlpaZUUwNWQzZE9hekZTTUN0WlVIQkVka0Z3UzNCMVMyTktjM054TjFWQ1RVZ3JjWE5XVlRKdFdWSlBRV1ZXU1M5akNsUlZZejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "arAs2sJFBXeYd7sdkYlDLWfpDd8qm4t7Nz6tVKwHtgc="}, "signature": "MEQCICHOM8GB3rdUSe6sHSL/6Vx17NEZnijDmjgkUuwCKLnbAiANxTWJDY8vhaTAv45iXYC3GoN9zD5mbYiuAd3qhrCv0g=="}}
diff --git a/Python-3.15.0a5.tar.xz b/Python-3.15.0a5.tar.xz
new file mode 100644
index 0000000..dec3912
--- /dev/null
+++ b/Python-3.15.0a5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fee40da6450b67547c079dcb2852e8a03db6d57e06415466b2d3294449db22ef
+size 34829268
diff --git a/Python-3.15.0a5.tar.xz.sigstore b/Python-3.15.0a5.tar.xz.sigstore
new file mode 100644
index 0000000..70d84d7
--- /dev/null
+++ b/Python-3.15.0a5.tar.xz.sigstore
@@ -0,0 +1 @@
+{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUNydHzA8NuStXPHYfFtZbUO/FE/wwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwMTE0MTczMTIzWhcNMjYwMTE0MTc0MTIzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtFxtwtbzhueHbwhLZa6tv+X63uNEvvbefKOCviZrgCW1m3h+8mkS1uh8ORC25lQgK73+P/VMr4k3he1AVFfzi6OCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU5T673oJkZCMB6O11SKvJ9RPbFLwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABm72P500AAAQDAEcwRQIhALw4Whh9h50mPAu48QCxBvQcqEB/b8G3vBE30hEjBKMfAiBYr9v+ajMTxRSpa3Xt6K8dmmLS5BcUzrPWOv9nONjPoTAKBggqhkjOPQQDAwNoADBlAjEA8Vig7Ev7um4rc1zUEwCsRvE/Li98T70rLMwxgZ4LUZ60yw9zRzOXaQ3HGAk+R5/3AjBq4Nl7Zz3HNdJuZZtPPjUpYan7jFBs4TvX6/1Eidl5P4JFvk95THfkWOhmlXuUqQY="}, "tlogEntries": [{"logIndex": "821799310", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1768411883", "inclusionPromise": {"signedEntryTimestamp": "MEYCIQDmSC4cCWW1mbjsg/BwMeTXrJ2dVR3Ur6EAM19DmOJbIAIhAIiYV024cQbxs58MjNVUt9Oxg/BiwkPccSZduuAOM0dN"}, "inclusionProof": {"logIndex": "699895048", "rootHash": "r0u4eImXX/q/6JGKmwD7yKfaj3MGgiQ4BQCtTc3iSbY=", "treeSize": "699895073", "hashes": ["d4QxwkQxm1ZuvCwbT6+m1xD9lPRM/qHH9jHRsxmtqzA=", "0qzZMMseSqLUaEhVwKJpPootPDog54psnSFu6dbXEZs=", "xN2ZJUm8O1loc0UQed+ADkAdcKmsox9APOMiBEfTGAM=", "I3HYsO47xZGMgQHeaFRUFwgJu70BtATO71B5wD7bbbI=", "WC2EQiEd27rwG/IoGRH/DYgKSBT7FN8S49aiBhFSpCU=", "9KduzXbjWNMO9DoybnjVj706C82sIlozxGxIILmSJF4=", "iuMU09Wl1Xs26PCP+3OerATC2/2dPZfLsTigUGR99K8=", "taftcJBIOZWhfeXDqEjXL8vBSY2OBYKB+KYBI7Z7z/U=", "tYVuNS2lJsS2mhGPLFZfkXSsayd+wARHACMvU9WwxJs=", "Rwdu5EmklN0Fe3v6L3jQCHCmFH/tiD9eg6Al/EcltSo=", "PXObE0woFoIqkyQKsgq1oHokE/hR4eDZmGPg16eAghA=", "CenHn7nf8L82Fm9P6PVG7lG5Y1+Wv8S/YBmQ7wDupYc=", "onJvFRaPQoYZ/9t6reYnUemdJzG6s8v1qMrxyVTYbQs=", "OF30SIPB0jF4SbsZGV5gH3NC9Br3sWvdaNlSjfHZq+c=", "uixTjY7pYOJF0tNUl1m1bWtkzaemNOzxQBsfI5xU8Aw=", "o8NA5tG30D0SaRZq1Bibcm3MllrwYNV8h6/lk4h6HLA=", "QNOCa/MdLF4/Y/DKU/ooSDjdTKqdDNpm5oSFffy3ExE=", "F9MSQ5SmoFr+hoADclpdFY52/TLfHDnNPYb9ZNYO5gI=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n699895073\nr0u4eImXX/q/6JGKmwD7yKfaj3MGgiQ4BQCtTc3iSbY=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiAucj7zBN+dhxi2/xL1+Sj5iK5FSfY/uO+kW+VQ2te65gIhAJBu6HxJBS3imKFNQjPUTxJjcoWWPsHuF1DouJJ/gtBN\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJmZWU0MGRhNjQ1MGI2NzU0N2MwNzlkY2IyODUyZThhMDNkYjZkNTdlMDY0MTU0NjZiMmQzMjk0NDQ5ZGIyMmVmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUN2M0hXVlhYZDNVSWxoLzhmUDRIeVZodW5DNkpVSHUxMTVwZndKQXAwOXh3SWhBSlFyYVdmNFN6eVFoVFl2RU94TFNVUzJiYTQ0Tkk3M0I1VW40SUR5cHo3LyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlRubGtTSHBCT0U1MVUzUllVRWhaWmtaMFdtSlZUeTlHUlM5M2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDFVUlRCTlZHTjZUVlJKZWxkb1kwNU5hbGwzVFZSRk1FMVVZekJOVkVsNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVYwUm5oMGQzUmllbWgxWlVoaWQyaE1XbUUyZEhZcldEWXpkVTVGZG5aaVpXWkxUME1LZG1sYWNtZERWekZ0TTJnck9HMXJVekYxYURoUFVrTXlOV3hSWjBzM015dFFMMVpOY2pSck0yaGxNVUZXUm1aNmFUWlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlUxVkRZM0NqTnZTbXRhUTAxQ05rOHhNVk5MZGtvNVVsQmlSa3gzZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVdkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWpnS1FraHZRV1ZCUWpKQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnROekpRTlRBd1FRcEJRVkZFUVVWamQxSlJTV2hCVEhjMFYyaG9PV2cxTUcxUVFYVTBPRkZEZUVKMlVXTnhSVUl2WWpoSE0zWkNSVE13YUVWcVFrdE5aa0ZwUWxseU9YWXJDbUZxVFZSNFVsTndZVE5ZZERaTE9HUnRiVXhUTlVKalZYcHlVRmRQZGpsdVQwNXFVRzlVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFSVUVLT0ZacFp6ZEZkamQxYlRSeVl6RjZWVVYzUTNOU2RrVXZUR2s1T0ZRM01ISk1UWGQ0WjFvMFRGVmFOakI1ZHpsNlVucFBXR0ZSTTBoSFFXc3JValV2TXdwQmFrSnhORTVzTjFwNk0waE9aRXAxV2xwMFVGQnFWWEJaWVc0M2FrWkNjelJVZGxnMkx6RkZhV1JzTlZBMFNrWjJhemsxVkVobWExZFBhRzFzV0hWVkNuRlJXVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "/uQNpkULZ1R8B53LKFLooD221X4GQVRmstMpREnbIu8="}, "signature": "MEYCIQCv3HWVXXd3UIlh/8fP4HyVhunC6JUHu115pfwJAp09xwIhAJQraWf4SzyQhTYvEOxLSUS2ba44NI73B5Un4IDypz7/"}}
diff --git a/longer-time-test_thread_time.patch b/longer-time-test_thread_time.patch
deleted file mode 100644
index 48025a2..0000000
--- a/longer-time-test_thread_time.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 6c6636477245f87b200f2f2c5a9043ee1d69842e Mon Sep 17 00:00:00 2001
-From: Victor Stinner
-Date: Thu, 8 Jan 2026 13:18:50 +0100
-Subject: [PATCH] gh-143528: Fix test_time.test_thread_time()
-
-Tolerate 100 ms instead of 20 ms to support slow CIs.
----
- Lib/test/test_time.py | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-Index: Python-3.15.0a3/Lib/test/test_time.py
-===================================================================
---- Python-3.15.0a3.orig/Lib/test/test_time.py 2026-01-09 11:44:20.543009433 +0100
-+++ Python-3.15.0a3/Lib/test/test_time.py 2026-01-09 11:44:27.380993477 +0100
-@@ -580,11 +580,10 @@
-
- # thread_time() should not include time spend during a sleep
- start = time.thread_time()
-- time.sleep(0.100)
-+ time.sleep(0.200)
- stop = time.thread_time()
-- # use 20 ms because thread_time() has usually a resolution of 15 ms
-- # on Windows
-- self.assertLess(stop - start, 0.020)
-+ # gh-143528: use 100 ms to support slow CI
-+ self.assertLess(stop - start, 0.100)
-
- info = time.get_clock_info('thread_time')
- self.assertTrue(info.monotonic)
diff --git a/python315.changes b/python315.changes
index 445897f..b088bc7 100644
--- a/python315.changes
+++ b/python315.changes
@@ -1,3 +1,366 @@
+-------------------------------------------------------------------
+Sun Feb 8 13:34:32 UTC 2026 - Matej Cepl
+
+- Update to 3.15.0a5:
+ - Tools/Demos
+ - gh-142095: Make gdb ‘py-bt’ command use frame from thread
+ local state when available. Patch by Sam Gross and Victor
+ Stinner.
+ - Tests
+ - gh-143460: Skip tests relying on infinite recusion if stack
+ size is unlimited.
+ - gh-143553: Add support for parametrized resources, such as
+ -u xpickle=2.7.
+ - bpo-31391: Forward-port test_xpickle from Python 2 to
+ Python 3 and add the resource back to test’s command line.
+ - Library
+ - gh-143706: Fix multiprocessing forkserver so that sys.argv
+ is correctly set before __main__ is preloaded. Previously,
+ sys.argv was empty during main module import in forkserver
+ child processes. This fixes a regression introduced in
+ 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test
+ provided by Thomas Watson, thanks!
+ - gh-143638: Forbid reentrant calls of the pickle.Pickler and
+ pickle.Unpickler methods for the C implementation.
+ Previously, this could cause crash or data corruption, now
+ concurrent calls of methods of the same object raise
+ RuntimeError.
+ - gh-143658: importlib.metadata: Use str.translate() to
+ improve performance of
+ importlib.metadata.Prepared.normalize(). Patch by Hugo van
+ Kemenade and Henry Schreiner.
+ - gh-78724: Raise RuntimeError’s when user attempts to call
+ methods on half-initialized Struct objects, For example,
+ created by Struct.__new__(Struct). Patch by Sergey
+ B Kirpichev.
+ - gh-143196: Fix crash when the internal encoder object
+ returned by undocumented function
+ json.encoder.c_make_encoder() was called with non-zero
+ second (_current_indent_level) argument.
+ - gh-143191: _thread.stack_size() now raises ValueError if
+ the stack size is too small. Patch by Victor Stinner.
+ - gh-143547: Fix sys.unraisablehook() when the hook raises an
+ exception and changes sys.unraisablehook(): hold a strong
+ reference to the old hook. Patch by Victor Stinner.
+ - gh-139686: Revert 0a97941245f1dda6d838f9aaf0512104e5253929
+ and 57db12514ac686f0a752ec8fe1c08b6daa0c6219 which made
+ importlib.reload a no-op for lazy modules; caused Buildbot
+ failures.
+ - gh-143517: annotationlib.get_annotations() no longer raises
+ a SyntaxError when evaluating a stringified starred
+ annotation that starts with one or more whitespace
+ characters followed by a *. Patch by Bartosz Sławecki.
+ - gh-143474: Add os.RWF_ATOMIC constant for Linux 6.11+.
+ - gh-143445: Speed up copy.deepcopy() by 1.04x.
+ - gh-143378: Fix use-after-free crashes when a BytesIO object
+ is concurrently mutated during write() or writelines().
+ - gh-143368: Fix endless retry loop in profiling.sampling
+ blocking mode when threads cannot be seized due to EPERM.
+ Such threads are now skipped instead of causing repeated
+ error messages. Patch by Pablo Galindo.
+ - gh-143346: Fix incorrect wrapping of the Base64 data in
+ plistlib._PlistWriter when the indent contains a mix of
+ tabs and spaces.
+ - gh-140025: queue: Fix SimpleQueue.__sizeof__() computation.
+ - gh-143310: tkinter: fix a crash when a Python list is
+ mutated during the conversion to a Tcl object (e.g., when
+ setting a Tcl variable). Patch by Bénédikt Tran.
+ - gh-143309: Fix a crash in os.execve() on non-Windows
+ platforms when given a custom environment mapping which is
+ then mutated during parsing. Patch by Bénédikt Tran.
+ - gh-143308: pickle: fix use-after-free crashes when
+ a PickleBuffer is concurrently mutated by a custom buffer
+ callback during pickling. Patch by Bénédikt Tran and Aaron
+ Wieczorek.
+ - gh-142939: Performance optimisations for
+ difflib.get_close_matches()
+ - gh-124951: The base64 implementation behind the binascii,
+ base64, and related codec has been optimized for modern
+ pipelined CPU architectures and now performs 2-3x faster
+ across all platforms.
+ - gh-143237: Fix support of named pipes in the rotating
+ logging handlers.
+ - gh-143249: Fix possible buffer leaks in Windows overlapped
+ I/O on error handling.
+ - gh-143241: zoneinfo: fix infinite loop in
+ ZoneInfo.from_file when parsing a malformed TZif file.
+ Patch by Fatih Celik.
+ - gh-142830: sqlite3: fix use-after-free crashes when the
+ connection’s callbacks are mutated during a callback
+ execution. Patch by Bénédikt Tran.
+ - gh-143200: xml.etree.ElementTree: fix use-after-free
+ crashes in __getitem__() and __setitem__() methods of
+ Element when the element is concurrently mutated. Patch by
+ Bénédikt Tran.
+ - gh-143214: Add the wrapcol parameter in
+ binascii.b2a_base64() and base64.b64encode().
+ - gh-142195: Updated timeout evaluation logic in subprocess
+ to be compatible with deterministic environments like
+ Shadow where time moves exactly as requested.
+ - gh-140739: Fix several crashes due to reading invalid
+ memory in the new Tachyon sampling profiler. Patch by Pablo
+ Galindo.
+ - gh-142164: Fix the ctypes bitfield overflow error message
+ to report the correct offset and size calculation.
+ - gh-143145: Fixed a possible reference leak in ctypes when
+ constructing results with multiple output parameters on
+ error.
+ - gh-143103: Add padding support to base64.z85encode() via
+ the pad parameter.
+ - gh-130796: Undeprecate the locale.getdefaultlocale()
+ function. Patch by Victor Stinner.
+ - gh-74902: Add the iter_graphemes() function in the
+ unicodedata module to iterate over grapheme clusters
+ according to rules defined in Unicode Standard Annex #29,
+ “Unicode Text Segmentation”. Add grapheme_cluster_break(),
+ indic_conjunct_break() and extended_pictographic()
+ functions to get the properties of the character which are
+ related to the above algorithm.
+ - gh-143004: Fix a potential use-after-free in
+ collections.Counter.update() when user code mutates the
+ Counter during an update.
+ - gh-140648: The asyncio REPL now respects the -I flag
+ (isolated mode). Previously, it would load and execute
+ PYTHONSTARTUP even if the flag was set. Contributed by
+ Bartosz Sławecki.
+ - gh-142991: Fixed socket operations such as recvfrom() and
+ sendto() for FreeBSD divert(4) socket.
+ - gh-116738: Make the attributes in lzma thread-safe on the
+ free threaded build.
+ - gh-142950: Fix regression in argparse where format
+ specifiers in help strings raised ValueError.
+ - gh-142881: Fix concurrent and reentrant call of
+ atexit.unregister().
+ - gh-142615: Fix possible crashes when initializing
+ asyncio.Task or asyncio.Future multiple times. These
+ classes can now be initialized only once and any subsequent
+ initialization attempt will raise a RuntimeError. Patch by
+ Kumar Aditya.
+ - gh-142517: The non-compat32 email policies now correctly
+ handle refolding encoded words that contain bytes that can
+ not be decoded in their specified character set. Previously
+ this resulted in an encoding exception during folding.
+ - gh-138122: The Tachyon profiler’s live TUI now integrates
+ with the experimental _colorize theming system. Users can
+ customize colors via _colorize.set_theme() (experimental
+ API, subject to change). A LiveProfilerLight theme is
+ provided for light terminal backgrounds. Patch by Pablo
+ Galindo.
+ - gh-142306: Improve errors for Element.remove.
+ - gh-63016: Add a flags parameter to mmap.mmap.flush() to
+ control synchronization behavior.
+ - gh-139262: Some keystrokes can be swallowed in the new
+ PyREPL on Windows, especially when used together with the
+ ALT key. Fix by Chris Eibl.
+ - gh-138897: Improved license/copyright/credits display in
+ the REPL: now uses a pager.
+ - gh-135852: Add _winapi.RegisterEventSource(),
+ _winapi.DeregisterEventSource() and _winapi.ReportEvent().
+ Using these functions in NTEventLogHandler to replace
+ pywin32.
+ - gh-109263: Starting a process from spawn context in
+ multiprocessing no longer sets the start method globally.
+ - gh-132715: Skip writing objects during marshalling once
+ a failure has occurred.
+ - Documentation
+ - gh-140806: Add documentation for enum.bin().
+ - Core and Builtins
+ - gh-134584: Eliminate redundant refcounting from
+ _CONTAINS_OP, _CONTAINS_OP_SET and _CONTAINS_OP_DICT.
+ - gh-143604: Fix a reference counting issue in the JIT tracer
+ where the current executor could be prematurely freed
+ during tracing.
+ - gh-143469: Enable LOAD_ATTR_MODULE specialization even if
+ __getattr__() is defined in module.
+ - gh-134584: Eliminate redundant refcounting from
+ TO_BOOL_STR.
+ - gh-143377: Fix a crash in _interpreters.capture_exception()
+ when the exception is incorrectly formatted. Patch by
+ Bénédikt Tran.
+ - gh-139757: Add BINARY_OP_SUBSCR_USTR_INT to specialize
+ reading an ASCII character from any string. Patch by Chris
+ Eibl.
+ - gh-141504: Factor out tracing and optimization heuristics
+ into a single object. Patch by Donghee Na.
+ - gh-142982: Specialize CALL_FUNCTION_EX for Python and
+ non-Python callables.
+ - gh-136924: The interactive help mode in the REPL no longer
+ incorrectly syntax highlights text input as Python code.
+ Contributed by Olga Matoula.
+ - gh-139757: Fix unintended bytecode specialization for
+ non-ascii string. Patch by Donghee Na, Ken Jin and Chris
+ Eibl.
+ - gh-143361: Add PY_VECTORCALL_ARGUMENTS_OFFSET to
+ _Py_CallBuiltinClass_StackRefSteal to avoid redundant
+ allocations
+ - gh-131798: The JIT optimizer now understands more generator
+ instructions.
+ - gh-134584: Eliminate redundant refcounting from
+ _LOAD_ATTR_SLOT.
+ - gh-143189: Fix crash when inserting a non-str key into
+ a split table dictionary when the key matches an existing
+ key in the split table but has no corresponding value in
+ the dict.
+ - gh-143228: Fix use-after-free in perf trampoline when
+ toggling profiling while threads are running or during
+ interpreter finalization with daemon threads active. The
+ fix uses reference counting to ensure trampolines are not
+ freed while any code object could still reference them.
+ Pach by Pablo Galindo
+ - gh-142664: Fix a use-after-free crash in
+ memoryview.__hash__ when the __hash__ method of the
+ referenced object mutates that object or the view. Patch by
+ Bénédikt Tran.
+ - gh-142557: Fix a use-after-free crash in bytearray.__mod__
+ when the bytearray is mutated while formatting the %-style
+ arguments. Patch by Bénédikt Tran.
+ - gh-143195: Fix use-after-free crashes in bytearray.hex()
+ and memoryview.hex() when the separator’s __len__() mutates
+ the original object. Patch by Bénédikt Tran.
+ - gh-143183: Fix a bug in the JIT when dealing with
+ unsupported control-flow or operations.
+ - gh-142975: Fix crash after unfreezing all objects tracked
+ by the garbage collector on the free threaded build.
+ - gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is
+ 0. Previously, it was set to 0 in this case.
+ - gh-143123: Protect the JIT against recursive tracing.
+ - gh-143092: Fix a crash in the JIT when dealing with
+ list.append(x) style code.
+ - gh-143003: Fix an overflow of the shared empty buffer in
+ bytearray.extend() when __length_hint__() returns 0 for
+ non-empty iterator.
+ - gh-143006: Fix a possible assertion error when comparing
+ negative non-integer float and int with the same number of
+ bits in the integer part.
+ - gh-116738: Fix thread safety of contextvars.Context.run().
+ - gh-142829: Fix a use-after-free crash in
+ contextvars.Context comparison when a custom __eq__ method
+ modifies the context via set().
+ - gh-142863: Generate optimized bytecode when calling list or
+ set with generator expression.
+ - gh-41779: Allowed defining any __slots__ for a class
+ derived from tuple (including classes created by
+ collections.namedtuple()).
+ - gh-69605: Fix edge-cases around already imported modules in
+ the REPL auto-completion of imports.
+ - gh-138568: Adjusted the built-in help() function so that
+ empty inputs are ignored in interactive mode.
+ - gh-131798: Remove bounds check when indexing into tuples
+ with a constant index.
+ - gh-134584: Eliminate redundant refcounting from
+ _CALL_TYPE_1. Patch by Tomas Roun
+ - gh-132108: Speed up int.from_bytes() when passed object
+ supports buffer protocol, like bytearray by ~1.2x.
+ - gh-128334: Make the slice class subscriptable at runtime to
+ be consistent with typing implementation.
+ - C API
+ - gh-141671: PyMODINIT_FUNC (and the new PyMODEXPORT_FUNC)
+ now adds a linkage declaration (__declspec(dllexport)) on
+ Windows.
+- Update to 3.15.0a4:
+ - Tests
+ - gh-142836: Accommodated Solaris in
+ test_pdb.test_script_target_anonymous_pipe.
+ - Library
+ - gh-122431: Corrected the error message in
+ readline.append_history_file() to state that nelements must
+ be non-negative instead of positive.
+ - gh-143046: The asyncio REPL no longer prints copyright and
+ version messages in the quiet mode (-q). Patch by Bartosz
+ Sławecki.
+ - gh-80744: Fix issue where pdb would read a .pdbrc twice if
+ launched from the home directory
+ - gh-138122: Add blocking mode to Tachyon for accurate stack
+ traces in applications with many generators or
+ fast-changing call stacks. Patch by Pablo Galindo.
+ - gh-143010: Fixed a bug in mailbox where the precise timing
+ of an external event could result in the library opening an
+ existing file instead of a file it expected to create.
+ - gh-112127: Fix possible use-after-free in
+ atexit.unregister() when the callback is unregistered
+ during comparison.
+ - gh-138122: Fix incomplete stack traces in the Tachyon
+ profiler’s frame cache when profiling code with deeply
+ nested generators. The frame cache now validates that stack
+ traces reach the base frame before caching, preventing
+ broken flamegraphs. Patch by Pablo Galindo.
+ - gh-142834: Change the pdb commands command to use the last
+ available breakpoint instead of failing when the most
+ recently created breakpoint was deleted.
+ - gh-142783: Fix zoneinfo use-after-free with descriptor
+ _weak_cache. a descriptor as _weak_cache could cause
+ crashes during object creation. The fix ensures proper
+ reference counting for descriptor-provided objects.
+ - gh-76007: Deprecate VERSION from xml.etree.ElementTree and
+ version from xml.sax.expatreader and xml.sax.handler. Patch
+ by Hugo van Kemenade.
+ - gh-142784: The asyncio REPL now properly closes the loop
+ upon the end of interactive session. Previously, it could
+ cause surprising warnings. Contributed by Bartosz Sławecki.
+ - gh-138122: Add binary output format to profiling.sampling
+ for compact storage of profiling data. The new --binary
+ option captures samples to a file that can be converted to
+ other formats using the replay command. Patch by Pablo
+ Galindo
+ - gh-142495: collections.defaultdict now prioritizes
+ __setitem__() when inserting default values from
+ default_factory. This prevents race conditions where
+ a default value would overwrite a value set before
+ default_factory returns.
+ - gh-142654: Show the clearer error message when using
+ profiling.sampling on an unknown PID.
+ - gh-142560: Fix use-after-free in bytearray search-like
+ methods (find(), count(), index(), rindex(), and rfind())
+ by marking the storage as exported which causes
+ reallocation attempts to raise BufferError. For contains(),
+ split(), and rsplit() the buffer protocol is used for this.
+ - gh-142419: mmap.mmap.set_name() method added to annotate an
+ anonymous memory map if Linux kernel supports
+ PR_SET_VMA_ANON_NAME (Linux 5.17 or newer). Patch by
+ Donghee Na.
+ - gh-139971: pydoc: Ensure that the link to the online
+ documentation of a stdlib module is correct.
+ - gh-124098: Fix issue where methods in handlers that lacked
+ the protocol name but matched a valid base handler method
+ (e.g., _open() or error()) were incorrectly added to
+ urllib.request.OpenerDirector’s handlers. Contributed by
+ Andrea Mattei.
+ - gh-136282: Add support for UNNAMED_SECTION when creating
+ a section via the mapping protocol access
+ - Core and Builtins
+ - gh-143057: Avoid locking in PyTraceMalloc_Track() and
+ PyTraceMalloc_Untrack() when tracemalloc is not enabled.
+ - gh-139109: Add missing terminator in certain cases when
+ tracing in the new JIT compiler.
+ - gh-142961: Fix a segfault in the JIT when constant folding
+ len(tuple).
+ - gh-142776: Fix a file descriptor leak in import.c
+ - gh-139757: Fix building JIT stencils on free-threaded
+ builds.
+ - gh-129068: Make concurrent iteration over the same range
+ iterator thread-safe in the free threading build.
+ - gh-142543: Fix a stack overflow on Clang JIT build
+ configurations with full LTO.
+ - gh-142448: Fix a bug when using monitoring with the JIT.
+ - gh-142766: Clear the frame of a generator when
+ generator.close() is called.
+ - gh-134584: Eliminate redundant refcounting from
+ _LOAD_ATTR_INSTANCE_VALUE.
+ - gh-134584: Eliminate redundant refcounting from
+ _STORE_ATTR_WITH_HINT.
+ - gh-142476: Fix a memory leak in the experimental Tier
+ 2 optimizer when creating executors. Patched by Shamil
+ Abdulaev.
+ - gh-100964: Fix reference cycle in exhausted generator
+ frames. Patch by Savannah Ostrowski.
+ - gh-139922: Allow building CPython with the tail calling
+ interpreter on Visual Studio 2026 MSVC. This provides
+ a performance gain over the prior interpreter for MSVC.
+ Patch by Ken Jin, Brandt Bucher, and Chris Eibl. With help
+ from the MSVC team including Hulon Jenkins.
+- Remove upstreamed patch:
+ - longer-time-test_thread_time.patch
+
-------------------------------------------------------------------
Wed Feb 4 00:53:37 UTC 2026 - Matej Cepl
diff --git a/python315.spec b/python315.spec
index 218184c..4bc44d7 100644
--- a/python315.spec
+++ b/python315.spec
@@ -162,8 +162,8 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
-Version: 3.15.0~a3
-%define tarversion 3.15.0a3
+Version: 3.15.0~a5
+%define tarversion 3.15.0a5
%define tarname Python-%{tarversion}
Release: 0
Summary: Python 3 Interpreter
@@ -225,9 +225,6 @@ Patch40: fix-test-recursion-limit-15.6.patch
Patch41: bsc1243155-sphinx-non-determinism.patch
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
Patch42: gh139257-Support-docutils-0.22.patch
-# PATCH-FIX-UPSTREAM longer-time-test_thread_time.patch gh#python/cpython!143558 mcepl@suse.com
-# tolerate 100 ms instead of 20 ms to support slow CIs.
-Patch43: longer-time-test_thread_time.patch
# PATCH-FIX-UPSTREAM CVE-2024-6923-follow-up-EOL-email-headers.patch bsc#1257181 mcepl@suse.com
# Encode newlines in headers when using ByteGenerator
# patch from gh#python/cpython#144125