Accepting request 1199398 from devel:languages:python:Factory

- Update to 3.13.0~rc2:
  - Tools/Demos
    - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15
      and multissltests to use 3.0.15, 3.1.7, and 3.2.3.
  - Tests
    - gh-119727: Add --single-process command line option to
      Python test runner (regrtest). Patch by Victor Stinner.
    - gh-101525: Skip test_gdb if the binary is relocated by
      BOLT. Patch by Donghee Na.
  - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121285: Remove backtracking from tarfile header parsing
      for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
      CVE-2024-6232).
  - Library
    - gh-123448: Fixed memory leak of typing.NoDefault by moving
      it to the static types array.
    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
    - gh-123270: Applied a more surgical fix for malformed
      payloads in zipfile.Path causing infinite loops (gh-122905)
      without breaking contents using legitimate characters
      (bsc#1229704, CVE-2024-8088).
    - gh-123228: Fix return type for
      _pyrepl.readline._ReadlineWrapper.get_line_buffer() to be
      str(). Patch by Sergey B Kirpichev.
    - gh-123240: Raise audit events for the input() in the new
      REPL.
    - gh-123243: Fix memory leak in _decimal.
    - gh-122546: Consistently use same file name for different

OBS-URL: https://build.opensuse.org/request/show/1199398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python313?expand=0&rev=7

CVE-2024-6923-email-hdr-inject.patch

@@ -1,361 +0,0 @@
-From a590277e980eaa8a08204b79ed6c62a763701c8b Mon Sep 17 00:00:00 2001
-From: Petr Viktorin <encukou@gmail.com>
-Date: Wed, 31 Jul 2024 00:19:48 +0200
-Subject: [PATCH] gh-121650: Encode newlines in headers, and verify headers are
- sound (GH-122233)
-
-GH-GH- Encode header parts that contain newlines
-
-Per RFC 2047:
-
-> [...] these encoding schemes allow the
-> encoding of arbitrary octet values, mail readers that implement this
-> decoding should also ensure that display of the decoded data on the
-> recipient's terminal will not cause unwanted side-effects
-
-It seems that the "quoted-word" scheme is a valid way to include
-a newline character in a header value, just like we already allow
-undecodable bytes or control characters.
-They do need to be properly quoted when serialized to text, though.
-
-GH-GH- Verify that email headers are well-formed
-
-This should fail for custom fold() implementations that aren't careful
-about newlines.
-
-(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)
-
-Co-authored-by: Petr Viktorin <encukou@gmail.com>
-Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
-Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
----
- Doc/library/email.errors.rst                  |  7 +++
- Doc/library/email.policy.rst                  | 18 ++++++
- Doc/whatsnew/3.13.rst                         |  9 +++
- Lib/email/_header_value_parser.py             | 12 +++-
- Lib/email/_policybase.py                      |  8 +++
- Lib/email/errors.py                           |  4 ++
- Lib/email/generator.py                        | 13 +++-
- Lib/test/test_email/test_generator.py         | 62 +++++++++++++++++++
- Lib/test/test_email/test_policy.py            | 26 ++++++++
- ...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst |  5 ++
- 10 files changed, 160 insertions(+), 4 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
-
-diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst
-index 33ab4265116178..f8f43d82a3df2e 100644
---- a/Doc/library/email.errors.rst
-+++ b/Doc/library/email.errors.rst
-@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module:
-    :class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g.
-    :class:`~email.mime.image.MIMEImage`).
- 
-+
-+.. exception:: HeaderWriteError()
-+
-+   Raised when an error occurs when the :mod:`~email.generator` outputs
-+   headers.
-+
-+
- .. exception:: MessageDefect()
- 
-    This is the base class for all defects found when parsing email messages.
-diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst
-index 83feedf728351e..314767d0802a08 100644
---- a/Doc/library/email.policy.rst
-+++ b/Doc/library/email.policy.rst
-@@ -229,6 +229,24 @@ added matters.  To illustrate::
- 
-       .. versionadded:: 3.6
- 
-+
-+   .. attribute:: verify_generated_headers
-+
-+      If ``True`` (the default), the generator will raise
-+      :exc:`~email.errors.HeaderWriteError` instead of writing a header
-+      that is improperly folded or delimited, such that it would
-+      be parsed as multiple headers or joined with adjacent data.
-+      Such headers can be generated by custom header classes or bugs
-+      in the ``email`` module.
-+
-+      As it's a security feature, this defaults to ``True`` even in the
-+      :class:`~email.policy.Compat32` policy.
-+      For backwards compatible, but unsafe, behavior, it must be set to
-+      ``False`` explicitly.
-+
-+      .. versionadded:: 3.13
-+
-+
-    The following :class:`Policy` method is intended to be called by code using
-    the email library to create policy instances with custom settings:
- 
-diff --git a/Doc/whatsnew/3.13.rst b/Doc/whatsnew/3.13.rst
-index b53f419a59f062..35b808a4dd00a4 100644
---- a/Doc/whatsnew/3.13.rst
-+++ b/Doc/whatsnew/3.13.rst
-@@ -724,6 +724,15 @@ doctest
- email
- -----
- 
-+* Headers with embedded newlines are now quoted on output.
-+
-+  The :mod:`~email.generator` will now refuse to serialize (write) headers
-+  that are improperly folded or delimited, such that they would be parsed as
-+  multiple headers or joined with adjacent data.
-+  If you need to turn this safety feature off,
-+  set :attr:`~email.policy.Policy.verify_generated_headers`.
-+  (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.)
-+
- * :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return
-   ``('', '')`` 2-tuples in more situations where invalid email addresses are
-   encountered instead of potentially inaccurate values. Add optional *strict*
-diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
-index 7da1bbaf8a80d7..ec2215a5e5f33c 100644
---- a/Lib/email/_header_value_parser.py
-+++ b/Lib/email/_header_value_parser.py
-@@ -92,6 +92,8 @@
- ASPECIALS = TSPECIALS | set("*'%")
- ATTRIBUTE_ENDS = ASPECIALS | WSP
- EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%')
-+NLSET = {'\n', '\r'}
-+SPECIALSNL = SPECIALS | NLSET
- 
- def quote_string(value):
-     return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"'
-@@ -2802,9 +2804,13 @@ def _refold_parse_tree(parse_tree, *, policy):
-             wrap_as_ew_blocked -= 1
-             continue
-         tstr = str(part)
--        if part.token_type == 'ptext' and set(tstr) & SPECIALS:
--            # Encode if tstr contains special characters.
--            want_encoding = True
-+        if not want_encoding:
-+            if part.token_type == 'ptext':
-+                # Encode if tstr contains special characters.
-+                want_encoding = not SPECIALSNL.isdisjoint(tstr)
-+            else:
-+                # Encode if tstr contains newlines.
-+                want_encoding = not NLSET.isdisjoint(tstr)
-         try:
-             tstr.encode(encoding)
-             charset = encoding
-diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py
-index 2ec54fbabae83c..5f9aa9fb091fa2 100644
---- a/Lib/email/_policybase.py
-+++ b/Lib/email/_policybase.py
-@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
-     message_factory     -- the class to use to create new message objects.
-                            If the value is None, the default is Message.
- 
-+    verify_generated_headers
-+                        -- if true, the generator verifies that each header
-+                           they are properly folded, so that a parser won't
-+                           treat it as multiple headers, start-of-body, or
-+                           part of another header.
-+                           This is a check against custom Header & fold()
-+                           implementations.
-     """
- 
-     raise_on_defect = False
-@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
-     max_line_length = 78
-     mangle_from_ = False
-     message_factory = None
-+    verify_generated_headers = True
- 
-     def handle_defect(self, obj, defect):
-         """Based on policy, either raise defect or call register_defect.
-diff --git a/Lib/email/errors.py b/Lib/email/errors.py
-index 3ad00565549968..02aa5eced6ae46 100644
---- a/Lib/email/errors.py
-+++ b/Lib/email/errors.py
-@@ -29,6 +29,10 @@ class CharsetError(MessageError):
-     """An illegal charset was given."""
- 
- 
-+class HeaderWriteError(MessageError):
-+    """Error while writing headers."""
-+
-+
- # These are parsing defects which the parser was able to work around.
- class MessageDefect(ValueError):
-     """Base class for a message defect."""
-diff --git a/Lib/email/generator.py b/Lib/email/generator.py
-index c8056ad47baa0f..47b9df8f4e6090 100644
---- a/Lib/email/generator.py
-+++ b/Lib/email/generator.py
-@@ -14,12 +14,14 @@
- from copy import deepcopy
- from io import StringIO, BytesIO
- from email.utils import _has_surrogates
-+from email.errors import HeaderWriteError
- 
- UNDERSCORE = '_'
- NL = '\n'  # XXX: no longer used by the code below.
- 
- NLCRE = re.compile(r'\r\n|\r|\n')
- fcre = re.compile(r'^From ', re.MULTILINE)
-+NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]')
- 
- 
- class Generator:
-@@ -222,7 +224,16 @@ def _dispatch(self, msg):
- 
-     def _write_headers(self, msg):
-         for h, v in msg.raw_items():
--            self.write(self.policy.fold(h, v))
-+            folded = self.policy.fold(h, v)
-+            if self.policy.verify_generated_headers:
-+                linesep = self.policy.linesep
-+                if not folded.endswith(self.policy.linesep):
-+                    raise HeaderWriteError(
-+                        f'folded header does not end with {linesep!r}: {folded!r}')
-+                if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)):
-+                    raise HeaderWriteError(
-+                        f'folded header contains newline: {folded!r}')
-+            self.write(folded)
-         # A blank line always separates headers from body
-         self.write(self._NL)
- 
-diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py
-index bc6f734d4fd0a9..c75a842c33578e 100644
---- a/Lib/test/test_email/test_generator.py
-+++ b/Lib/test/test_email/test_generator.py
-@@ -6,6 +6,7 @@
- from email.generator import Generator, BytesGenerator
- from email.headerregistry import Address
- from email import policy
-+import email.errors
- from test.test_email import TestEmailBase, parameterize
- 
- 
-@@ -249,6 +250,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self):
-         g.flatten(msg)
-         self.assertEqual(s.getvalue(), self.typ(expected))
- 
-+    def test_keep_encoded_newlines(self):
-+        msg = self.msgmaker(self.typ(textwrap.dedent("""\
-+            To: nobody
-+            Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
-+
-+            None
-+            """)))
-+        expected = textwrap.dedent("""\
-+            To: nobody
-+            Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
-+
-+            None
-+            """)
-+        s = self.ioclass()
-+        g = self.genclass(s, policy=self.policy.clone(max_line_length=80))
-+        g.flatten(msg)
-+        self.assertEqual(s.getvalue(), self.typ(expected))
-+
-+    def test_keep_long_encoded_newlines(self):
-+        msg = self.msgmaker(self.typ(textwrap.dedent("""\
-+            To: nobody
-+            Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
-+
-+            None
-+            """)))
-+        expected = textwrap.dedent("""\
-+            To: nobody
-+            Subject: Bad subject
-+             =?utf-8?q?=0A?=Bcc:
-+             injection@example.com
-+
-+            None
-+            """)
-+        s = self.ioclass()
-+        g = self.genclass(s, policy=self.policy.clone(max_line_length=30))
-+        g.flatten(msg)
-+        self.assertEqual(s.getvalue(), self.typ(expected))
-+
- 
- class TestGenerator(TestGeneratorBase, TestEmailBase):
- 
-@@ -273,6 +312,29 @@ def test_flatten_unicode_linesep(self):
-         g.flatten(msg)
-         self.assertEqual(s.getvalue(), self.typ(expected))
- 
-+    def test_verify_generated_headers(self):
-+        """gh-121650: by default the generator prevents header injection"""
-+        class LiteralHeader(str):
-+            name = 'Header'
-+            def fold(self, **kwargs):
-+                return self
-+
-+        for text in (
-+            'Value\r\nBad Injection\r\n',
-+            'NoNewLine'
-+        ):
-+            with self.subTest(text=text):
-+                message = message_from_string(
-+                    "Header: Value\r\n\r\nBody",
-+                    policy=self.policy,
-+                )
-+
-+                del message['Header']
-+                message['Header'] = LiteralHeader(text)
-+
-+                with self.assertRaises(email.errors.HeaderWriteError):
-+                    message.as_string()
-+
- 
- class TestBytesGenerator(TestGeneratorBase, TestEmailBase):
- 
-diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py
-index c6b9c80efe1b54..baa35fd68e49c5 100644
---- a/Lib/test/test_email/test_policy.py
-+++ b/Lib/test/test_email/test_policy.py
-@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase):
-         'raise_on_defect':          False,
-         'mangle_from_':             True,
-         'message_factory':          None,
-+        'verify_generated_headers': True,
-         }
-     # These default values are the ones set on email.policy.default.
-     # If any of these defaults change, the docs must be updated.
-@@ -294,6 +295,31 @@ def test_short_maxlen_error(self):
-                 with self.assertRaises(email.errors.HeaderParseError):
-                     policy.fold("Subject", subject)
- 
-+    def test_verify_generated_headers(self):
-+        """Turning protection off allows header injection"""
-+        policy = email.policy.default.clone(verify_generated_headers=False)
-+        for text in (
-+            'Header: Value\r\nBad: Injection\r\n',
-+            'Header: NoNewLine'
-+        ):
-+            with self.subTest(text=text):
-+                message = email.message_from_string(
-+                    "Header: Value\r\n\r\nBody",
-+                    policy=policy,
-+                )
-+                class LiteralHeader(str):
-+                    name = 'Header'
-+                    def fold(self, **kwargs):
-+                        return self
-+
-+                del message['Header']
-+                message['Header'] = LiteralHeader(text)
-+
-+                self.assertEqual(
-+                    message.as_string(),
-+                    f"{text}\nBody",
-+                )
-+
-     # XXX: Need subclassing tests.
-     # For adding subclassed objects, make sure the usual rules apply (subclass
-     # wins), but that the order still works (right overrides left).
-diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
-new file mode 100644
-index 00000000000000..83dd28d4ac575b
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
-@@ -0,0 +1,5 @@
-+:mod:`email` headers with embedded newlines are now quoted on output. The
-+:mod:`~email.generator` will now refuse to serialize (write) headers that
-+are unsafely folded or delimited; see
-+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
-+Bloemsaat and Petr Viktorin in :gh:`121650`.)

CVE-2024-8088-inf-loop-zipfile_Path.patch

@@ -1,148 +0,0 @@
----
- Lib/test/test_zipfile/_path/test_path.py                                |   78 ++++++++++
- Lib/zipfile/_path/__init__.py                                           |   18 ++
- Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst |    1 
- Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst |    3 
- 4 files changed, 98 insertions(+), 2 deletions(-)
-
---- a/Lib/test/test_zipfile/_path/test_path.py
-+++ b/Lib/test/test_zipfile/_path/test_path.py
-@@ -5,6 +5,7 @@ import pathlib
- import pickle
- import stat
- import sys
-+import time
- import unittest
- import zipfile
- import zipfile._path
-@@ -577,3 +578,80 @@ class TestPath(unittest.TestCase):
-         zipfile.Path(alpharep)
-         with self.assertRaises(KeyError):
-             alpharep.getinfo('does-not-exist')
-+
-+    def test_malformed_paths(self):
-+        """
-+        Path should handle malformed paths gracefully.
-+
-+        Paths with leading slashes are not visible.
-+
-+        Paths with dots are treated like regular files.
-+        """
-+        data = io.BytesIO()
-+        zf = zipfile.ZipFile(data, "w")
-+        zf.writestr("/one-slash.txt", b"content")
-+        zf.writestr("//two-slash.txt", b"content")
-+        zf.writestr("../parent.txt", b"content")
-+        zf.filename = ''
-+        root = zipfile.Path(zf)
-+        assert list(map(str, root.iterdir())) == ['../']
-+        assert root.joinpath('..').joinpath('parent.txt').read_bytes() == b'content'
-+
-+    def test_unsupported_names(self):
-+        """
-+        Path segments with special characters are readable.
-+
-+        On some platforms or file systems, characters like
-+        ``:`` and ``?`` are not allowed, but they are valid
-+        in the zip file.
-+        """
-+        data = io.BytesIO()
-+        zf = zipfile.ZipFile(data, "w")
-+        zf.writestr("path?", b"content")
-+        zf.writestr("V: NMS.flac", b"fLaC...")
-+        zf.filename = ''
-+        root = zipfile.Path(zf)
-+        contents = root.iterdir()
-+        assert next(contents).name == 'path?'
-+        assert next(contents).name == 'V: NMS.flac'
-+        assert root.joinpath('V: NMS.flac').read_bytes() == b"fLaC..."
-+
-+    def test_backslash_not_separator(self):
-+        """
-+        In a zip file, backslashes are not separators.
-+        """
-+        data = io.BytesIO()
-+        zf = zipfile.ZipFile(data, "w")
-+        zf.writestr(DirtyZipInfo.for_name("foo\\bar", zf), b"content")
-+        zf.filename = ''
-+        root = zipfile.Path(zf)
-+        (first,) = root.iterdir()
-+        assert not first.is_dir()
-+        assert first.name == 'foo\\bar'
-+
-+
-+class DirtyZipInfo(zipfile.ZipInfo):
-+    """
-+    Bypass name sanitization.
-+    """
-+
-+    def __init__(self, filename, *args, **kwargs):
-+        super().__init__(filename, *args, **kwargs)
-+        self.filename = filename
-+
-+    @classmethod
-+    def for_name(cls, name, archive):
-+        """
-+        Construct the same way that ZipFile.writestr does.
-+
-+        TODO: extract this functionality and re-use
-+        """
-+        self = cls(filename=name, date_time=time.localtime(time.time())[:6])
-+        self.compress_type = archive.compression
-+        self.compress_level = archive.compresslevel
-+        if self.filename.endswith('/'):  # pragma: no cover
-+            self.external_attr = 0o40775 << 16  # drwxrwxr-x
-+            self.external_attr |= 0x10  # MS-DOS directory flag
-+        else:
-+            self.external_attr = 0o600 << 16  # ?rw-------
-+        return self
---- a/Lib/zipfile/_path/__init__.py
-+++ b/Lib/zipfile/_path/__init__.py
-@@ -1,3 +1,12 @@
-+"""
-+A Path-like interface for zipfiles.
-+
-+This codebase is shared between zipfile.Path in the stdlib
-+and zipp in PyPI. See
-+https://github.com/python/importlib_metadata/wiki/Development-Methodology
-+for more detail.
-+"""
-+
- import io
- import posixpath
- import zipfile
-@@ -36,7 +45,7 @@ def _parents(path):
- def _ancestry(path):
-     """
-     Given a path with elements separated by
--    posixpath.sep, generate all elements of that path
-+    posixpath.sep, generate all elements of that path.
- 
-     >>> list(_ancestry('b/d'))
-     ['b/d', 'b']
-@@ -48,9 +57,14 @@ def _ancestry(path):
-     ['b']
-     >>> list(_ancestry(''))
-     []
-+
-+    Multiple separators are treated like a single.
-+
-+    >>> list(_ancestry('//b//d///f//'))
-+    ['//b//d///f', '//b//d', '//b']
-     """
-     path = path.rstrip(posixpath.sep)
--    while path and path != posixpath.sep:
-+    while path.rstrip(posixpath.sep):
-         yield path
-         path, tail = posixpath.split(path)
- 
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
-@@ -0,0 +1 @@
-+:class:`zipfile.Path` objects now sanitize names from the zipfile.
---- /dev/null
-+++ b/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst
-@@ -0,0 +1,3 @@
-+Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
-+causing infinite loops (gh-122905) without breaking contents using
-+legitimate characters.

Python-3.13.0rc1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:678b884775eec0224d5159fa900879020baca2a36ce942fd95febfa1adb4a6bd
-size 20881016

Python-3.13.0rc1.tar.xz.asc

@@ -1,18 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmaquNZfFIAAAAAALgAo
-aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
-Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
-YwUclA//Tg0ybBUO7yjNvM85wbZLxIvYujAbReBRARLUkZXFGVMBG9zi3Arf4EE6
-PKvGvy0vg/jeQPraLBe4KQnaQUTU8qmLsjd7lWWEjZc0E+3zZzAvZ9hXNtcrqY4x
-YdLaGT8762c4sFoNsp173MYrqdun/usraKK50V1m/BPAqHX1Pdy0yxykkfG4p7lC
-LEUrc+2KtLWI9+Z0imH2FhI0OdhlSZKgJfi82dbmRDeJwMmEoG9+F9qmanrtIEVu
-6Tpwv8RphXI1JV7mzr6EjZqW4oHRayHlA4qcS9mTYKBNAfveEODXgbvsGRenh1X1
-kJclnX/GBpcjP/+PZ9aheAxxrTEvg7kmjrcfZKfzxepJEvCaxlg9hTKAvmMcgKp0
-V8rhWxBBfy47q8pvezjI4ip2rcedtJ21e0M98PPQLpuUxeo1xldjPLeGh8hyC9Z4
-F8HAs+uv11FXV5zaJvUIMCPx125ceYhl/1Jh36bJFX9MvjFlKOtR9mnsu84D5piW
-8+yUy353864bv9rrww/dMWzrrp7nO+/3gZi/goNGfMvm5KVpuhTro6xoW5KQ5LS+
-ZQGbWXl08lJ9+k8pUuwxCFHQCKjgjmerjb8xL9claBlF8FtfrQjy33BpxqF5BLpW
-CUbabJ9bA9O7fPsPhbW0XQGdXIJJLjHTP39pxCPGoBqAyUVJOc8=
-=CSLe
------END PGP SIGNATURE-----

Python-3.13.0rc2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d60e8b7c10de4f71d2dffaf7c7be8efa54dc1e532fe931dbb84e5f625709e237
+size 21055084

Python-3.13.0rc2.tar.xz.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmbbgTdfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
+Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
+YwUUpBAAnxUxwaFw3/XLw+5v3k2cbtzPtRmLtg81LlJ2bD5VG+RlCjbwHK03FghH
+kr4YILbFXN51mT0p2XtrXnd1WRYOIWTxXQ7jji02KY6OBlIordpa0KL415R+Y0O6
+fvS4sn9r5Ww8TMGHthGeN1boMjtFUHHRZKNUmIzVWihjxQX6UiPVcb9ezM2WDbhI
+hmGtyEq7KLYwl9GTW/YlsAQXyVvveePgr6PrMjRRquOSVL2vD+ZA8qrQvzWYCza6
+jDa2+6jrFlE6PpbCUDoRMDagjU2gEG9DllSziayh3aqMHG2fVbEqzLtBHl9EJ7IL
+yOkhgVVmqus52O5P0YhDDp2fkSxs2JgrXiF2Dd2UTIKKrFQkxmknoj/ScyyeajAj
+ymqf1CZf3ydhpEng+HGpnU+vWBnQA+v7BZBQXaoPGvMzTeNy1cn5JPTFFkcKXKDE
+jX8AzV82+OHnZ/80tLNTNCyFQNStKF2CNrHR1gnMAcgQTaJOlp4NMD3nC88WQlpx
+M4HC/yXq4556AaAzv0CctfzMLejvwmszMxbADHI4FcS7BJO85WsSXH3pnAx3Gfgg
+5NSEMB1ZAsoS9WbkxTkgaJOT9fHmf86S/sdx4W1zBetmag11bTVWHJwbE9z5V0YQ
++fwQYVsi+ecgs3mL7vJzg8vEpJ33O2/y4vqySQYZRA4aIKn9Ks0=
+=dHr3
+-----END PGP SIGNATURE-----

_multibuild

@@ -1,4 +1,6 @@
 <multibuild>
   <package>base</package>
   <package>doc</package>
+  <package>nogil</package>
+  <package>nogil-base</package>
 </multibuild>

bso1227999-reproducible-builds.patch

@@ -1,24 +0,0 @@
-From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001
-From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
-Date: Tue, 16 Jul 2024 21:39:33 +0200
-Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH
-
-to make builds reproducible.
-See https://reproducible-builds.org/ for why this is good
-and https://reproducible-builds.org/specs/source-date-epoch/
-for the definition of this variable.
----
- Doc/library/functions.rst |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/Doc/library/functions.rst
-+++ b/Doc/library/functions.rst
-@@ -1502,7 +1502,7 @@ are always available.  They are listed h
-    (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`,
-    and :mod:`shutil`.
- 
--   .. audit-event:: open file,mode,flags open
-+   .. audit-event:: open path,mode,flags open
- 
-    The ``mode`` and ``flags`` arguments may have been modified or inferred from
-    the original call.

fix_configure_rst.patch

@@ -1,15 +0,0 @@
----
- Misc/NEWS |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/Misc/NEWS
-+++ b/Misc/NEWS
-@@ -17647,7 +17647,7 @@ C API
- - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- 
- - bpo-43795: The list in :ref:`limited-api-list` now shows the public name
--  :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry
-+  :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry
-   ``_node`` no longer appears in the list.
- 
- - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid

gh122136-test_asyncio-kernel-buffer-data.patch

@@ -1,48 +0,0 @@
-From 235fbc05dcbca5cb5f7f0cd836317b8426e33243 Mon Sep 17 00:00:00 2001
-From: Petr Viktorin <encukou@gmail.com>
-Date: Wed, 28 Aug 2024 22:36:42 +0200
-Subject: [PATCH] gh-122136: test_asyncio: Don't fail if the kernel buffers
- more data than advertised (GH-123423) (cherry picked from commit
- b379f1b26c1e89c8e9160b4dede61b980cc77be6)
-
-Co-authored-by: Petr Viktorin <encukou@gmail.com>
----
- Lib/test/test_asyncio/test_server.py | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/Lib/test/test_asyncio/test_server.py b/Lib/test/test_asyncio/test_server.py
-index 4ca8a166a0f1a1..60a40cc8349fed 100644
---- a/Lib/test/test_asyncio/test_server.py
-+++ b/Lib/test/test_asyncio/test_server.py
-@@ -227,7 +227,7 @@ async def serve(rd, wr):
- 
-         (s_rd, s_wr) = await fut
- 
--        # Limit the socket buffers so we can reliably overfill them
-+        # Limit the socket buffers so we can more reliably overfill them
-         s_sock = s_wr.get_extra_info('socket')
-         s_sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 65536)
-         c_sock = c_wr.get_extra_info('socket')
-@@ -242,10 +242,18 @@ async def serve(rd, wr):
-             await asyncio.sleep(0)
- 
-         # Get the writer in a waiting state by sending data until the
--        # socket buffers are full on both server and client sockets and
--        # the kernel stops accepting more data
--        s_wr.write(b'a' * c_sock.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF))
--        s_wr.write(b'a' * s_sock.getsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF))
-+        # kernel stops accepting more data in the send buffer.
-+        # gh-122136: getsockopt() does not reliably report the buffer size
-+        # available for message content.
-+        # We loop until we start filling up the asyncio buffer.
-+        # To avoid an infinite loop we cap at 10 times the expected value
-+        c_bufsize = c_sock.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF)
-+        s_bufsize = s_sock.getsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF)
-+        for i in range(10):
-+            s_wr.write(b'a' * c_bufsize)
-+            s_wr.write(b'a' * s_bufsize)
-+            if s_wr.transport.get_write_buffer_size() > 0:
-+                break
-         self.assertNotEqual(s_wr.transport.get_write_buffer_size(), 0)
- 
-         task = asyncio.create_task(srv.wait_closed())

python313.changes

@@ -1,3 +1,193 @@
+-------------------------------------------------------------------
+Sat Sep  7 15:36:03 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Update to 3.13.0~rc2:
+  - Tools/Demos
+    - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15
+      and multissltests to use 3.0.15, 3.1.7, and 3.2.3.
+  - Tests
+    - gh-119727: Add --single-process command line option to
+      Python test runner (regrtest). Patch by Victor Stinner.
+    - gh-101525: Skip test_gdb if the binary is relocated by
+      BOLT. Patch by Donghee Na.
+  - Security
+    - gh-123678: Upgrade libexpat to 2.6.3
+    - gh-121285: Remove backtracking from tarfile header parsing
+      for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
+      CVE-2024-6232).
+  - Library
+    - gh-123448: Fixed memory leak of typing.NoDefault by moving
+      it to the static types array.
+    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
+      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
+    - gh-123270: Applied a more surgical fix for malformed
+      payloads in zipfile.Path causing infinite loops (gh-122905)
+      without breaking contents using legitimate characters
+      (bsc#1229704, CVE-2024-8088).
+    - gh-123228: Fix return type for
+      _pyrepl.readline._ReadlineWrapper.get_line_buffer() to be
+      str(). Patch by Sergey B Kirpichev.
+    - gh-123240: Raise audit events for the input() in the new
+      REPL.
+    - gh-123243: Fix memory leak in _decimal.
+    - gh-122546: Consistently use same file name for different
+      exceptions in the new repl. Patch by Sergey B Kirpichev.
+    - gh-123213: xml.etree.ElementTree.Element.extend() and
+      Element assignment no longer hide the internal exception if
+      an erronous generator is passed. Patch by Bar Harel.
+    - gh-85110: Preserve relative path in URL without netloc in
+      urllib.parse.urlunsplit() and urllib.parse.urlunparse().
+    - gh-123067: Fix quadratic complexity in parsing "-quoted
+      cookie values with backslashes by http.cookies
+      (bsc#1229596, CVE-2024-7592)
+    - gh-122981: Fix inspect.getsource() for generated classes
+      with Python base classes (e.g. enums).
+    - gh-122903: zipfile.Path.glob now correctly matches
+      directories instead of silently omitting them.
+    - gh-122905: zipfile.Path objects now sanitize names from the
+      zipfile.
+    - gh-122695: Fixed double-free when using gc.get_referents()
+      with a freed asyncio.Future iterator.
+    - gh-116263: logging.handlers.RotatingFileHandler no longer
+      rolls over empty log files.
+    - gh-105376: Restore the deprecated logging warn() method. It
+      was removed in Python 3.13 alpha 1. Keep the deprecated
+      warn() method in Python 3.13. Patch by Victor Stinner.
+    - gh-122744: Bump the version of pip bundled in ensurepip to
+      version 24.2.
+    - gh-118814: Fix the typing.TypeVar constructor when name is
+      passed by keyword.
+    - gh-122478: Remove internal frames from tracebacks
+      shown in code.InteractiveInterpreter with non-default
+      sys.excepthook(). Save correct tracebacks in
+      sys.last_traceback and update __traceback__ attribute of
+      sys.last_value and sys.last_exc.
+    - gh-116622: On Android, the FICLONE and FICLONERANGE
+      constants are no longer exposed by fcntl, as these ioctls
+      are blocked by SELinux.
+    - gh-82378: Make sure that the new REPL interprets
+      sys.tracebacklimit in the same way that the classic REPL
+      did.
+    - gh-122334: Fix crash when importing ssl after the main
+      interpreter restarts.
+    - gh-87320: In code.InteractiveInterpreter, handle exceptions
+      caused by calling a non-default sys.excepthook(). Before,
+      the exception bubbled up to the caller, ending the REPL.
+    - gh-121650: email headers with embedded newlines
+      are now quoted on output. The generator will
+      now refuse to serialize (write) headers
+      that are unsafely folded or delimited; see
+      verify_generated_headers. (Contributed by Bas Bloemsaat and
+      Petr Viktorin in gh-121650.; CVE-2024-6923, bsc#1228780)
+    - gh-121723: Make logging.config.dictConfig() accept any
+      object implementing the Queue public API. See the queue
+      configuration section for details. Patch by Bénédikt Tran.
+    - gh-122081: Fix a crash in the decimal.IEEEContext()
+      optional function available via the EXTRA_FUNCTIONALITY
+      configuration flag.
+    - gh-121804: Correctly show error locations, when SyntaxError
+      raised in new repl. Patch by Sergey B Kirpichev.
+    - gh-121151: Fix wrapping of long usage text of arguments
+      inside a mutually exclusive group in argparse.
+    - gh-108172: webbrowser honors OS preferred browser on Linux
+      when its desktop entry name contains the text of a known
+      browser name.
+    - gh-109109: You can now get the raw TLS                    .
+    Cocertificate chains from TLS connections                   .
+    Covia ssl.SSLSocket.get_verified_chain() and                .
+    Cossl.SSLSocket.get_unverified_chain() methods ntributed by .
+    CoMateusz Nowak                                             .
+  - IDLE
+    - gh-120083: Add explicit black IDLE Hovertip foreground
+      color needed for recent macOS. Fixes Sonoma showing
+      unreadable white on pale yellow. Patch by John Riggles.
+  - Core and Builtins
+    - gh-123572: Fix key mappings for various F-keys in Windows
+      for the new REPL. Patch by devdanzin
+    - gh-123484: Fix _Py_DebugOffsets for long objects to be
+      relative to the start of the object rather than the start
+      of a subobject.
+    - gh-123344: Add AST optimizations for type parameter
+      defaults.
+    - gh-123321: Prevent Parser/myreadline race condition from
+      segfaulting on multi-threaded use. Patch by Bar Harel and
+      Amit Wienner.
+    - gh-123177: Fix a bug causing stray prompts to appear in the
+      middle of wrapped lines in the new REPL.
+    - gh-122982: Extend the deprecation period for bool inversion
+      (~) by two years.
+    - gh-123177: Deactivate line wrap in the Apple Terminal via a
+      ANSI escape code. Patch by Pablo Galindo
+    - gh-123229: Fix valgrind warning by initializing the
+      f-string buffers to 0 in the tokenizer. Patch by Pablo
+      Galindo
+    - gh-122298: Restore printout of GC stats when
+      gc.set_debug(gc.DEBUG_STATS) is called. This featue was
+      accidentally removed when implementing incremental GC.
+    - gh-121804: Correctly show error locations when a
+      SyntaxError is raised in the basic REPL. Patch by Sergey B
+      Kirpichev.
+    - gh-123142: Fix too-wide source location in exception
+      tracebacks coming from broken iterables in comprehensions.
+    - gh-123048: Fix a bug where pattern matching code could emit
+      a JUMP_FORWARD with no source location.
+    - gh-123123: Fix displaying SyntaxError exceptions covering
+      multiple lines. Patch by Pablo Galindo
+    - gh-123083: Fix a potential use-after-free in
+      STORE_ATTR_WITH_HINT.
+    - gh-123022: Fix crash in free-threaded build when calling
+      Py_Initialize() from a non-main thread.
+    - gh-122888: Fix crash on certain calls to str() with
+      positional arguments of the wrong type. Patch by Jelle
+      Zijlstra.
+    - gh-116622: Fix Android stdout and stderr messages being
+      truncated or lost.
+    - gh-122527: Fix a crash that occurred when a
+      PyStructSequence was deallocated after its type’s
+      dictionary was cleared by the GC. The type’s tp_basicsize
+      now accounts for non-sequence fields that aren’t included
+      in the Py_SIZE of the sequence.
+    - gh-122445: Add only fields which are modified via self.* to
+      __static_attributes__.
+    - gh-98442: Fix too wide source locations of the cleanup
+      instructions of a with statement.
+    - gh-93691: Fix source locations of instructions generated
+      for with statements.
+    - gh-120097: FrameLocalsProxy now subclasses
+      collections.abc.Mapping and can be matched as a mapping in
+      match statements
+  - C API
+    - gh-122728: Fix PyEval_GetLocals() to avoid SystemError
+      (“bad argument to internal function”). Patch by Victor
+      Stinner.
+  - Build
+    - gh-123297: Propagate the value of LDFLAGS to LDCXXSHARED in
+      sysconfig. Patch by Pablo Galindo
+    - gh-116622: Rename build variable MODULE_LDFLAGS back
+      to LIBPYTHON, as it’s used by package build systems
+      (e.g. Meson).
+    - gh-118943: Fix an issue where the experimental JIT could be
+      built several times by the make regen-all target, leading
+      to possible race conditions on heavily parallelized builds.
+    - gh-118943: Fix a possible race condition affecting parallel
+      builds configured with --enable-experimental-jit, in which
+      FileNotFoundError could be caused by another process
+      already moving jit_stencils.h.new to jit_stencils.h.
+- Remove upstreamed patches:
+  - bso1227999-reproducible-builds.patch
+  - CVE-2024-8088-inf-loop-zipfile_Path.patch
+  - gh120226-fix-sendfile-test-kernel-610.patch
+  - gh122136-test_asyncio-kernel-buffer-data.patch
+  - fix_configure_rst.patch
+  - CVE-2024-6923-email-hdr-inject.patch
+
+-------------------------------------------------------------------
+Mon Sep  2 09:44:26 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
+  failing test_sendfile_close_peer_in_the_middle_of_receiving
+  tests on Linux >= 6.10 (GH-120227).
+
 -------------------------------------------------------------------
 Thu Aug 29 14:46:39 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 
@@ -445,6 +635,12 @@ Fri Jun 28 06:12:20 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
   - python-3.3.0b1-fix_date_time_compiler.patch
   - subprocess-raise-timeout.patch
 
+-------------------------------------------------------------------
+Thu Jun  6 11:48:20 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Build experimental package python313-base-nogil with
+  --disable-gil option.
+
 -------------------------------------------------------------------
 Thu Jun  6 09:59:51 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 
@@ -1330,6 +1526,7 @@ Thu May  9 08:18:00 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
         ipaddress.IPv6Address.is_global
         - Also in the corresponding ipaddress.IPv4Network and
           ipaddress.IPv6Network attributes.
+        - Fixes bsc#1226448 (CVE-2024-4032).
     - gh-63283: In encodings.idna, any capitalization of the the ACE
       prefix (xn--) is now acceptable. Patch by Pepijn de Vos and
       Zackery Spytz.
@@ -2617,7 +2814,7 @@ Thu Feb  8 08:10:09 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
       behavior, accept malformed inputs. getattr(email.utils,
       'supports_strict_parsing', False) can be use to check if the
       strict paramater is available. Patch by Thomas Dwyer and Victor
-      Stinner to improve the CVE-2023-27043 fix.
+      Stinner to improve the CVE-2023-27043 fix (bsc#1210638).
     - gh-52161: cmd.Cmd.do_help() now cleans docstrings with
       inspect.cleandoc() before writing them. Patch by Filip
       Łapkiewicz.
@@ -6096,7 +6293,8 @@ Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
 
 - Spec file fixes
 - Re-added subprocess-raise-timeout.patch: now compatible
-- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream
+- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch:
+  contained in upstream
 
 -------------------------------------------------------------------
 Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>

python313.spec

@@ -22,18 +22,36 @@
 %bcond_without doc
 %bcond_with base
 %bcond_with general
+%bcond_without GIL
 %endif
 %if "%{flavor}" == "base"
 %define psuffix -core
 %bcond_with doc
 %bcond_without base
 %bcond_with general
+%bcond_without GIL
 %endif
 %if "%{flavor}" == ""
 %define psuffix %{nil}
 %bcond_with doc
 %bcond_with base
 %bcond_without general
+%bcond_without GIL
+%endif
+
+%if "%{flavor}" == "nogil"
+%define psuffix %{nil}
+%bcond_with doc
+%bcond_with base
+%bcond_without general
+%bcond_with GIL
+%endif
+%if "%{flavor}" == "nogil-base"
+%define psuffix -nogil-core
+%bcond_with doc
+%bcond_without base
+%bcond_with general
+%bcond_with GIL
 %endif
 
 %if 0%{?do_profiling}
@@ -51,6 +69,11 @@
 %endif
 
 %define         python_pkg_name python313
+%if %{without GIL}
+%define         python_pkg_name python313-nogil
+%define         base_pkg_name python313
+%endif
+
 %if "%{python_pkg_name}" == "%{primary_python}"
 %define primary_interpreter 1
 %else
@@ -87,6 +110,10 @@
 %define         sitedir         %{_libdir}/python%{python_version}
 # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
 %define         abi_kind   %{nil}
+%if %{without GIL}
+%define         abi_kind   t
+%define         sitedir %{_libdir}/python%{python_version}%{abi_kind}
+%endif
 # python ABI version - used in some file names
 %define         python_abi %{python_version}%{abi_kind}
 # soname ABI tag defined in PEP 3149
@@ -117,8 +144,8 @@
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.13.0~rc1
+Version:        3.13.0~rc2
-%define         tarversion 3.13.0rc1
+%define         tarversion 3.13.0rc2
 %define         tarname    Python-%{tarversion}
 Release:        0
 Summary:        Python 3 Interpreter
@@ -174,21 +201,6 @@ Patch08:        no-skipif-doctests.patch
 # PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com
 # skip a test failing on SLE-15
 Patch09:        skip-test_pyobject_freed_is_freed.patch
-# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com
-# remove duplicate link targets and make documentation with old Sphinx in SLE
-Patch10:        fix_configure_rst.patch
-# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com
-# prevent email header injection, patch from gh#python/cpython!122608
-Patch12:        CVE-2024-6923-email-hdr-inject.patch
-# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com
-# reproducibility patches
-Patch13:        bso1227999-reproducible-builds.patch
-# PATCH-FIX-UPSTREAM CVE-2024-8088-inf-loop-zipfile_Path.patch bsc#1229704 mcepl@suse.com
-# avoid denial of service in zipfile
-Patch14:        CVE-2024-8088-inf-loop-zipfile_Path.patch
-# PATCH-FIX-UPSTREAM gh122136-test_asyncio-kernel-buffer-data.patch gh#python/cpython#122136 mcepl@suse.com
-# test.test_asyncio.test_server.TestServer2.test_abort_clients fails because of changes in the kernel
-Patch15:        gh122136-test_asyncio-kernel-buffer-data.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -226,6 +238,10 @@ BuildRequires:  python3-python-docs-theme >= 2022.1
 BuildRequires:  clang => 18
 BuildRequires:  llvm => 18
 
+%if %{without GIL}
+ExcludeArch:    aarch64
+%endif
+
 %if %{with general}
 # required for idle3 (.desktop and .appdata.xml files)
 BuildRequires:  appstream-glib
@@ -444,7 +460,7 @@ This package contains libpython3.2 shared library for embedding in
 other applications.
 
 %prep
-%autosetup -p1 -N -n %{tarname}
+%setup -q -n %{tarname}
 %autopatch -p1 -M 07
 
 %if 0%{?suse_version} <= 1500
@@ -478,7 +494,7 @@ sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py
 %endif
 
 # Cannot remove it because of gh#python/cpython#92875
-# rm -r Modules/expat
+rm -r Modules/expat
 
 # drop duplicate README from site-packages
 rm Lib/site-packages/README.txt
@@ -536,6 +552,9 @@ export CFLAGS="%{optflags} -IVendor/"
 %endif
 %if %{with experimental_jit}
     --enable-experimental-jit=yes-off \
+%endif
+%if %{without GIL}
+    --disable-gil \
 %endif
     --enable-loadable-sqlite-extensions
 
@@ -680,12 +699,12 @@ done
 
 # Idle is not packaged in base due to the appstream-glib dependency
 # move idle config into /etc
-install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version}
+install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_abi}
 (
     cd %{buildroot}/%{sitedir}/idlelib/
     for file in *.def ; do
-        mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/
+        mv $file %{buildroot}%{_sysconfdir}/idle%{python_abi}/
-        ln -sf %{_sysconfdir}/idle%{python_version}/$file  %{buildroot}/%{sitedir}/idlelib/
+        ln -sf %{_sysconfdir}/idle%{python_abi}/$file  %{buildroot}/%{sitedir}/idlelib/
     done
 )
 
@@ -693,23 +712,28 @@ install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version}
 ls -l %{buildroot}%{_bindir}/
 rm %{buildroot}%{_bindir}/idle3
 
+# mve idle binary to idle3.13t to avoid conflict
+%if %{without GIL}
+mv %{buildroot}%{_bindir}/idle%{python_version} %{buildroot}%{_bindir}/idle%{python_abi}
+%endif
+
 # install idle icons
 for size in 16 32 48 ; do
     install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \
-    %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png
+    %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_abi}.png
 done
 
 # install idle desktop file
-cp %{SOURCE19} idle%{python_version}.desktop
+cp %{SOURCE19} idle%{python_abi}.desktop
-sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop
+sed -i -e 's:idle3:idle%{python_abi}:g' idle%{python_abi}.desktop
-install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop
+install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desktop
 
-cp %{SOURCE20} idle%{python_version}.appdata.xml
+cp %{SOURCE20} idle%{python_abi}.appdata.xml
-sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml
+sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml
-install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml
+install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml
-appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml
+appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
 
-%fdupes %{buildroot}/%{_libdir}/python%{python_version}
+%fdupes %{buildroot}/%{_libdir}/python%{python_abi}
 %endif
 %if %{with base}
 %make_install
@@ -721,7 +745,7 @@ find %{buildroot} -name "*.a" -delete
 install -d -m 755 %{buildroot}%{sitedir}/site-packages
 install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__
 # and their 32bit counterparts explicitly
-mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__
+mkdir -p %{buildroot}%{_prefix}/lib/python%{python_abi}/site-packages/__pycache__
 
 # cleanup parts that don't belong
 for dir in curses dbm sqlite3 tkinter idlelib; do
@@ -749,7 +773,7 @@ sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_
 %endif
 
 # link shared library instead of static library that tools expect
-ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so
+ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_abi}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so
 
 # delete idle3, which has to many packaging dependencies for base
 rm %{buildroot}%{_bindir}/idle3*
@@ -805,6 +829,17 @@ LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAIL
     done < %{SOURCE9}
 )
 echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth
+
+# not packaged without GIL
+%if %{without GIL}
+rm -rf %{buildroot}%{_libdir}/pkgconfig/python-%{python_version}.pc
+rm -rf %{buildroot}%{_libdir}/pkgconfig/python-%{python_version}-embed.pc
+rm %{buildroot}%{_bindir}/python%{python_version}
+rm %{buildroot}%{_bindir}/pydoc%{python_version}
+rm %{buildroot}%{_bindir}/python%{python_version}-config
+rm %{buildroot}%{_mandir}/man1/python%{python_version}.1*
+%endif
+
 %endif
 
 %if %{with general}
@@ -831,21 +866,22 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
 
 %files -n %{python_pkg_name}-idle
 %{sitedir}/idlelib
-%dir %{_sysconfdir}/idle%{python_version}
+%dir %{_sysconfdir}/idle%{python_abi}
-%config %{_sysconfdir}/idle%{python_version}/*
+%config %{_sysconfdir}/idle%{python_abi}/*
 %doc Lib/idlelib/README.txt
 %doc Lib/idlelib/TODO.txt
 %doc Lib/idlelib/extend.txt
 %doc Lib/idlelib/ChangeLog
-%{_bindir}/idle%{python_version}
+%{_bindir}/idle%{python_abi}
-%{_datadir}/applications/idle%{python_version}.desktop
+%{_datadir}/applications/idle%{python_abi}.desktop
-%{_datadir}/metainfo/idle%{python_version}.appdata.xml
+%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
-%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png
+%{_datadir}/icons/hicolor/*/apps/idle%{python_abi}.png
 %dir %{_datadir}/icons/hicolor
 %dir %{_datadir}/icons/hicolor/16x16
 %dir %{_datadir}/icons/hicolor/32x32
 %dir %{_datadir}/icons/hicolor/48x48
 %dir %{_datadir}/icons/hicolor/*/apps
+
 # endif for if general
 %endif
 
@@ -920,7 +956,11 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
 %if %{primary_interpreter}
 %{_mandir}/man1/python3.1%{?ext_man}
 %endif
+
+%if %{with GIL}
 %{_mandir}/man1/python%{python_version}.1%{?ext_man}
+%endif
+
 %if %{suse_version} > 1550
 # PEP-0668
 %{sitedir}/EXTERNALLY-MANAGED
@@ -931,8 +971,10 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
 %if %{primary_interpreter}
 %{_rpmconfigdir}/macros.d/macros.python3
 %endif
+
 # binary parts
 %dir %{sitedir}/lib-dynload
+
 %{dynlib array}
 %{dynlib _asyncio}
 %{dynlib binascii}
@@ -993,11 +1035,13 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
 %{dynlib _sha1}
 %{dynlib _sha2}
 %{dynlib _sha3}
-# python parts
+
-%dir %{_prefix}/lib/python%{python_version}
-%dir %{_prefix}/lib/python%{python_version}/site-packages
-%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__
 %dir %{sitedir}
+# python parts
+%dir %{_prefix}/lib/python%{python_abi}
+%dir %{_prefix}/lib/python%{python_abi}/site-packages
+%dir %{_prefix}/lib/python%{python_abi}/site-packages/__pycache__
+
 %dir %{sitedir}/site-packages
 %dir %{sitedir}/site-packages/__pycache__
 # %%exclude %%{sitedir}/*/test
@@ -1041,9 +1085,11 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
 %{_bindir}/pydoc3
 %endif
 # executables
+%if %{with GIL}
 %attr(755, root, root) %{_bindir}/pydoc%{python_version}
-# %%attr(755, root, root) %%{_bindir}/python%%{python_abi}
+%endif
-%attr(755, root, root) %{_bindir}/python%{python_version}
+%attr(755, root, root) %{_bindir}/python%{python_abi}
+
 # endif for if base
 %endif