Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python314 for openSUSE:Factory checked in at 2026-02-14 21:38:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python314 (Old) and /work/SRC/openSUSE:Factory/.python314.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python314" Sat Feb 14 21:38:06 2026 rev:32 rq:1332989 version:3.14.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python314/python314.changes 2026-01-29 18:59:28.121707869 +0100 +++ /work/SRC/openSUSE:Factory/.python314.new.1977/python314.changes 2026-02-14 21:39:35.842285263 +0100 @@ -1,0 +2,380 @@ +Thu Feb 5 17:26:23 UTC 2026 - Matej Cepl <[email protected]> + +- CVE-2025-12781: All `*b64decode` functions should not accept + non-altchars. (bsc#1257108, gh#python/cpython#125346) + CVE-2025-12781-b64decode-alt-chars.patch +- CVE-2025-15366: IMAP protocol should not accept non-altchars as + well. (bsc#1257044, gh-143921) + CVE-2025-15366-imap-ctrl-chars.patch +- CVE-2025-15367: basically the same as the previous patch but for + the poplib library. (bsc#1257041, gh#python/cpython#143923) + CVE-2025-15367-poplib-ctrl-chars.patch +- Remove upstreamed patches: + - CVE-2025-11468-email-hdr-fold-comment.patch + - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch +- Add configure-drop-autoconf-ver-req.patch to move some `sed` + modifications to patch. + +------------------------------------------------------------------- +Thu Feb 5 12:57:09 UTC 2026 - Matej Cepl <[email protected]> + +- Update to 3.14.3: + - Tools/Demos + - gh-142095: Make gdb ‘py-bt’ command use frame from thread + local state when available. Patch by Sam Gross and Victor + Stinner. + - Tests + - gh-144415: The Android testbed now distinguishes between + stdout/stderr messages which were triggered by a newline, + and those triggered by a manual call to flush. This fixes + logging of progress indicators and similar content. + - gh-143460: Skip tests relying on infinite recusion if stack + size is unlimited. + - gh-65784: Add support for parametrized resource wantobjects + in regrtests, which allows to run Tkinter tests with the + specified value of tkinter.wantobjects, for example -u + wantobjects=0. + - gh-143553: Add support for parametrized resources, such as + -u xpickle=2.7. + - gh-142836: Accommodated Solaris in + test_pdb.test_script_target_anonymous_pipe. + - bpo-31391: Forward-port test_xpickle from Python 2 to + Python 3 and add the resource back to test’s command line. + - Security + - gh-144125: BytesGenerator will now refuse to serialize + (write) headers that are unsafely folded or delimited; see + verify_generated_headers. (Contributed by Bas Bloemsaat and + Petr Viktorin in gh-121650). + - CVE-2025-11468: Fixed a bug in the folding of comments when + flattening an email message using a modern email policy. + Comments consisting of a very long sequence of non-foldable + characters could trigger a forced line wrap that omitted + the required leading space on the continuation line, + causing the remainder of the comment to be interpreted as + a new header field. This enabled header injection with + carefully crafted inputs (bsc#1257029, gh-143935). + - CVE-2025-15282: Reject control characters in data: URL + media types (bsc#1257046, gh-143925). + - CVE-2026-0672: Reject control characters in + http.cookies.Morsel fields and values (bsc#1257031, + gh-143919). + - CVE-2026-0865: Reject C0 control characters within + wsgiref.headers.Headers fields, values, and parameters + (bsc#1257042, gh-143916). + - Library + - gh-144380: Improve performance of io.BufferedReader line + iteration by ~49%. + - gh-144169: Fix three crashes when non-string keyword + arguments are supplied to objects in the ast module. + - gh-144100: Fixed a crash in ctypes when using a deprecated + POINTER(str) type in argtypes. Instead of aborting, ctypes + now raises a proper Python exception when the pointer + target type is unresolved. + - gh-144050: Fix stat.filemode() in the pure-Python + implementation to avoid misclassifying invalid mode values + as block devices. + - gh-144023: Fixed validation of file descriptor 0 in posix + functions when used with follow_symlinks parameter. + - gh-143999: Fix an issue where inspect.getgeneratorstate() + and inspect.getcoroutinestate() could fail for generators + wrapped by types.coroutine() in the suspended state. + - gh-143831: annotationlib.ForwardRef objects are now + hashable when created from annotation scopes with closures. + Previously, hashing such objects would throw an exception. + Patch by Bartosz Sławecki. + - gh-143874: Fixed a bug in pdb where expression results were + not sent back to remote client. + - gh-143880: Fix data race in functools.partial() in the free + threading build. + - gh-143706: Fix multiprocessing forkserver so that sys.argv + is correctly set before __main__ is preloaded. Previously, + sys.argv was empty during main module import in forkserver + child processes. This fixes a regression introduced in + 3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test + provided by Thomas Watson, thanks! + - gh-143638: Forbid reentrant calls of the pickle.Pickler and + pickle.Unpickler methods for the C implementation. + Previously, this could cause crash or data corruption, now + concurrent calls of methods of the same object raise + RuntimeError. + - gh-78724: Raise RuntimeError’s when user attempts to call + methods on half-initialized Struct objects, For example, + created by Struct.__new__(Struct). Patch by Sergey + B Kirpichev. + - gh-143196: Fix crash when the internal encoder object + returned by undocumented function + json.encoder.c_make_encoder() was called with non-zero + second (_current_indent_level) argument. + - gh-143191: _thread.stack_size() now raises ValueError if + the stack size is too small. Patch by Victor Stinner. + - gh-143602: Fix a inconsistency issue in write() that leads + to unexpected buffer overwrite by deduplicating the buffer + exports. + - gh-143547: Fix sys.unraisablehook() when the hook raises an + exception and changes sys.unraisablehook(): hold a strong + reference to the old hook. Patch by Victor Stinner. + - gh-143517: annotationlib.get_annotations() no longer raises + a SyntaxError when evaluating a stringified starred + annotation that starts with one or more whitespace + characters followed by a *. Patch by Bartosz Sławecki. + - gh-143378: Fix use-after-free crashes when a BytesIO object + is concurrently mutated during write() or writelines(). + - gh-143346: Fix incorrect wrapping of the Base64 data in + plistlib._PlistWriter when the indent contains a mix of + tabs and spaces. + - gh-143310: tkinter: fix a crash when a Python list is + mutated during the conversion to a Tcl object (e.g., when + setting a Tcl variable). Patch by Bénédikt Tran. + - gh-143309: Fix a crash in os.execve() on non-Windows + platforms when given a custom environment mapping which is + then mutated during parsing. Patch by Bénédikt Tran. + - gh-143308: pickle: fix use-after-free crashes when + a PickleBuffer is concurrently mutated by a custom buffer + callback during pickling. Patch by Bénédikt Tran and Aaron + Wieczorek. + - gh-143237: Fix support of named pipes in the rotating + logging handlers. + - gh-143249: Fix possible buffer leaks in Windows overlapped + I/O on error handling. + - gh-143241: zoneinfo: fix infinite loop in + ZoneInfo.from_file when parsing a malformed TZif file. + Patch by Fatih Celik. + - gh-142830: sqlite3: fix use-after-free crashes when the + connection’s callbacks are mutated during a callback + execution. Patch by Bénédikt Tran. + - gh-143200: xml.etree.ElementTree: fix use-after-free + crashes in __getitem__() and __setitem__() methods of + Element when the element is concurrently mutated. Patch by + Bénédikt Tran. + - gh-142195: Updated timeout evaluation logic in subprocess + to be compatible with deterministic environments like + Shadow where time moves exactly as requested. + - gh-142164: Fix the ctypes bitfield overflow error message + to report the correct offset and size calculation. + - gh-143145: Fixed a possible reference leak in ctypes when + constructing results with multiple output parameters on + error. + - gh-122431: Corrected the error message in + readline.append_history_file() to state that nelements must + be non-negative instead of positive. + - gh-143004: Fix a potential use-after-free in + collections.Counter.update() when user code mutates the + Counter during an update. + - gh-143046: The asyncio REPL no longer prints copyright and + version messages in the quiet mode (-q). Patch by Bartosz + Sławecki. + - gh-140648: The asyncio REPL now respects the -I flag + (isolated mode). Previously, it would load and execute + PYTHONSTARTUP even if the flag was set. Contributed by + Bartosz Sławecki. + - gh-142991: Fixed socket operations such as recvfrom() and + sendto() for FreeBSD divert(4) socket. + - gh-143010: Fixed a bug in mailbox where the precise timing + of an external event could result in the library opening an + existing file instead of a file it expected to create. + - gh-142881: Fix concurrent and reentrant call of + atexit.unregister(). + - gh-112127: Fix possible use-after-free in + atexit.unregister() when the callback is unregistered + during comparison. + - gh-142783: Fix zoneinfo use-after-free with descriptor + _weak_cache. a descriptor as _weak_cache could cause + crashes during object creation. The fix ensures proper + reference counting for descriptor-provided objects. + - gh-142754: Add the ownerDocument attribute to + xml.dom.minidom elements and attributes created by directly + instantiating the Element or Attr class. Note that this way + of creating nodes is not supported; creator functions like + xml.dom.Document.documentElement() should be used instead. + - gh-142784: The asyncio REPL now properly closes the loop + upon the end of interactive session. Previously, it could + cause surprising warnings. Contributed by Bartosz Sławecki. + - gh-142555: array: fix a crash in a[i] = v when converting + i to an index via i.__index__ or i.__float__ mutates the + array. + - gh-142594: Fix crash in TextIOWrapper.close() when the + underlying buffer’s closed property calls detach(). + - gh-142451: hmac: Ensure that the HMAC.block_size attribute + is correctly copied by HMAC.copy. Patch by Bénédikt Tran. + - gh-142495: collections.defaultdict now prioritizes + __setitem__() when inserting default values from + default_factory. This prevents race conditions where + a default value would overwrite a value set before + default_factory returns. + - gh-142651: unittest.mock: fix a thread safety issue where + Mock.call_count may return inaccurate values when the mock + is called concurrently from multiple threads. + - gh-142595: Added type check during initialization of the + decimal module to prevent a crash in case of broken stdlib. + Patch by Sergey B Kirpichev. + - gh-142556: Fix crash when a task gets re-registered during + finalization in asyncio. Patch by Kumar Aditya. + - gh-123241: Avoid reference count operations in garbage + collection of ctypes objects. + - gh-142517: The non-compat32 email policies now correctly + handle refolding encoded words that contain bytes that can + not be decoded in their specified character set. Previously + this resulted in an encoding exception during folding. + - gh-112527: The help text for required options in argparse + no longer extended with “ (default: None)”. + - gh-142346: Fix usage formatting for mutually exclusive + groups in argparse when they are preceded by positional + arguments or followed or intermixed with other optional + arguments. + - gh-142315: Pdb can now run scripts from anonymous pipes + used in process substitution. Patch by Bartosz Sławecki. + - gh-142332: Fix usage formatting for positional arguments in + mutually exclusive groups in argparse. in argparse. + - gh-142282: Fix winreg.QueryValueEx() to not accidentally + read garbage buffer under race condition. + - gh-75949: Fix argparse to preserve | separators in mutually + exclusive groups when the usage line wraps due to length. + - gh-142267: Improve argparse performance by caching the + formatter used for argument validation. + - gh-68552: MisplacedEnvelopeHeaderDefect and Missing header + name defects are now correctly passed to the handle_defect + method of policy in FeedParser. + - gh-142006: Fix a bug in the email.policy.default folding + algorithm which incorrectly resulted in a doubled newline + when a line ending at exactly max_line_length was followed + by an unfoldable token. + - gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving + underlying cancelled asyncio task running. + - gh-139971: pydoc: Ensure that the link to the online + documentation of a stdlib module is correct. + - gh-139262: Some keystrokes can be swallowed in the new + PyREPL on Windows, especially when used together with the + ALT key. Fix by Chris Eibl. + - gh-138897: Improved license/copyright/credits display in + the REPL: now uses a pager. + - gh-79986: Add parsing for References and In-Reply-To + headers to the email library that parses the header content + as lists of message id tokens. This prevents them from + being folded incorrectly. + - gh-136282: Add support for UNNAMED_SECTION when creating + a section via the mapping protocol access + - gh-109263: Starting a process from spawn context in + multiprocessing no longer sets the start method globally. + - gh-133253: Fix thread-safety issues in linecache. + - gh-132715: Skip writing objects during marshalling once + a failure has occurred. + - IDLE + - gh-143774: Better explain the operation of Format / Format + Paragraph. + - Documentation + - gh-140806: Add documentation for enum.bin(). + - Core and Builtins + - gh-144307: Prevent a reference leak in module teardown at + interpreter finalization. + - gh-144194: Fix error handling in perf jitdump + initialization on memory allocation failure. + - gh-144012: Check if the result is NULL in BINARY_OP_EXTENT + opcode. + - gh-141805: Fix crash in set when objects with the same hash + are concurrently added to the set after removing an element + with the same hash while the set still contains elements + with the same hash. + - gh-143670: Fixes a crash in ga_repr_items_list function. + - gh-143377: Fix a crash in _interpreters.capture_exception() + when the exception is incorrectly formatted. Patch by + Bénédikt Tran. + - gh-136924: The interactive help mode in the REPL no longer + incorrectly syntax highlights text input as Python code. + Contributed by Olga Matoula. + - gh-143189: Fix crash when inserting a non-str key into + a split table dictionary when the key matches an existing + key in the split table but has no corresponding value in + the dict. + - gh-143228: Fix use-after-free in perf trampoline when + toggling profiling while threads are running or during + interpreter finalization with daemon threads active. The + fix uses reference counting to ensure trampolines are not + freed while any code object could still reference them. + Pach by Pablo Galindo + - gh-142664: Fix a use-after-free crash in + memoryview.__hash__ when the __hash__ method of the + referenced object mutates that object or the view. Patch by + Bénédikt Tran. ++++ 94 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/python314/python314.changes ++++ and /work/SRC/openSUSE:Factory/.python314.new.1977/python314.changes Old: ---- CVE-2025-11468-email-hdr-fold-comment.patch Python-3.14.2.tar.xz Python-3.14.2.tar.xz.sigstore gh138131-exclude-pycache-from-digest.patch New: ---- CVE-2025-12781-b64decode-alt-chars.patch CVE-2025-15366-imap-ctrl-chars.patch CVE-2025-15367-poplib-ctrl-chars.patch Python-3.14.3.tar.xz Python-3.14.3.tar.xz.sigstore configure-drop-autoconf-ver-req.patch ----------(Old B)---------- Old:- Remove upstreamed patches: - CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch Old: - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - gh138131-exclude-pycache-from-digest.patch ----------(Old E)---------- ----------(New B)---------- New: non-altchars. (bsc#1257108, gh#python/cpython#125346) CVE-2025-12781-b64decode-alt-chars.patch - CVE-2025-15366: IMAP protocol should not accept non-altchars as New: well. (bsc#1257044, gh-143921) CVE-2025-15366-imap-ctrl-chars.patch - CVE-2025-15367: basically the same as the previous patch but for New: the poplib library. (bsc#1257041, gh#python/cpython#143923) CVE-2025-15367-poplib-ctrl-chars.patch - Remove upstreamed patches: New: - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - Add configure-drop-autoconf-ver-req.patch to move some `sed` modifications to patch. ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python314.spec ++++++ --- /var/tmp/diff_new_pack.PIJFQt/_old 2026-02-14 21:39:36.982332256 +0100 +++ /var/tmp/diff_new_pack.PIJFQt/_new 2026-02-14 21:39:36.986332421 +0100 @@ -124,7 +124,7 @@ # %%define tarversion %%{version} # %%endif # We don't process beta signs well -%define folderversion 3.14.2 +%define folderversion 3.14.3 %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 %define abi_kind %{nil} @@ -162,7 +162,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.14.2 +Version: 3.14.3 %define tarversion %{version} %define tarname Python-%{tarversion} Release: 0 @@ -203,6 +203,9 @@ Patch03: python-3.3.0b1-localpath.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds Patch04: python-3.3.0b1-fix_date_time_compiler.patch +# PATCH-FIX-OPENSUSE configure-drop-autoconf-ver-req.patch [email protected] +# don't require minimal version of Autoconf +Patch05: configure-drop-autoconf-ver-req.patch # PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 [email protected] # ensurepip should honour the value of $(prefix) Patch07: bpo-31046_ensurepip_honours_prefix.patch @@ -220,17 +223,21 @@ # PATCH-FIX-UPSTREAM bsc1243155-sphinx-non-determinism.patch bsc#1243155 [email protected] # Doc: Generate ids for audit_events using docname Patch41: bsc1243155-sphinx-non-determinism.patch -# PATCH-FIX-UPSTREAM gh138131-exclude-pycache-from-digest.patch bsc#1244680 [email protected] -Patch44: gh138131-exclude-pycache-from-digest.patch # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 [email protected] Patch45: gh139257-Support-docutils-0.22.patch # PATCH-FIX-UPSTREAM CVE-2024-6923-follow-up-EOL-email-headers.patch bsc#1257181 [email protected] # Encode newlines in headers when using ByteGenerator # patch from gh#python/cpython#144125 Patch46: CVE-2024-6923-follow-up-EOL-email-headers.patch -# PATCH-FIX-UPSTREAM CVE-2025-11468-email-hdr-fold-comment.patch bsc#1257029 [email protected] -# Email preserve parens when folding comments -Patch47: CVE-2025-11468-email-hdr-fold-comment.patch +# PATCH-FIX-UPSTREAM CVE-2025-12781-b64decode-alt-chars.patch bsc#1257108 [email protected] +# Fix decoding with non-standard Base64 alphabet gh#python/cpython#125346 +Patch49: CVE-2025-12781-b64decode-alt-chars.patch +# PATCH-FIX-UPSTREAM CVE-2025-15366-imap-ctrl-chars.patch bsc#1257044 [email protected] +# Reject control characters in wsgiref.headers.Headers +Patch50: CVE-2025-15366-imap-ctrl-chars.patch +# PATCH-FIX-UPSTREAM CVE-2025-15367-poplib-ctrl-chars.patch bsc#1257041 [email protected] +# Reject control characters in poplib +Patch51: CVE-2025-15367-poplib-ctrl-chars.patch #### Python 3.14 END OF PATCHES BuildRequires: autoconf-archive BuildRequires: automake @@ -516,12 +523,6 @@ %prep %autosetup -p1 -n %{tarname} -# Fix devhelp doc build gh#python/cpython#120150 -echo "master_doc = 'contents'" >> Doc/conf.py - -# drop Autoconf version requirement -sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac - %if %{primary_interpreter} # fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 for dir in Lib Tools; do @@ -541,7 +542,7 @@ sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py %endif -# Cannot remove it because of gh#python/cpython#92875 +# Removing vendored expat gh#python/cpython#92875 rm -r Modules/expat # drop duplicate README from site-packages @@ -550,9 +551,6 @@ # Add vendored bluez-devel files tar xvf %{SOURCE21} -# Don't fail on warnings when building documentation -sed -i -e '/^SPHINXERRORHANDLING/s/--fail-on-warning//' Doc/Makefile - %build export SUSE_VERSION="0%{?suse_version}" export SLE_VERSION="0%{?sle_version}" ++++++ CVE-2024-6923-follow-up-EOL-email-headers.patch ++++++ --- /var/tmp/diff_new_pack.PIJFQt/_old 2026-02-14 21:39:37.022333905 +0100 +++ /var/tmp/diff_new_pack.PIJFQt/_new 2026-02-14 21:39:37.026334069 +0100 @@ -10,81 +10,18 @@ Co-authored-by: Petr Viktorin <[email protected]> Co-authored-by: Bas Bloemsaat <[email protected]> --- - Lib/email/generator.py | 12 +++++++++- - Lib/test/test_email/test_generator.py | 4 ++- - Lib/test/test_email/test_policy.py | 6 ++++- - Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst | 4 +++ - 4 files changed, 23 insertions(+), 3 deletions(-) + Lib/test/test_email/test_policy.py | 4 ++++ + Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst | 4 ++++ + 2 files changed, 8 insertions(+) create mode 100644 Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst -Index: Python-3.14.2/Lib/email/generator.py +Index: Python-3.14.3/Lib/test/test_email/test_policy.py =================================================================== ---- Python-3.14.2.orig/Lib/email/generator.py 2026-01-28 22:15:51.075267925 +0100 -+++ Python-3.14.2/Lib/email/generator.py 2026-01-28 22:15:56.251194626 +0100 -@@ -22,6 +22,7 @@ - NLCRE = re.compile(r'\r\n|\r|\n') - fcre = re.compile(r'^From ', re.MULTILINE) - NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') -+NEWLINE_WITHOUT_FWSP_BYTES = re.compile(br'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') - - - class Generator: -@@ -429,7 +430,16 @@ - # This is almost the same as the string version, except for handling - # strings with 8bit bytes. - for h, v in msg.raw_items(): -- self._fp.write(self.policy.fold_binary(h, v)) -+ folded = self.policy.fold_binary(h, v) -+ if self.policy.verify_generated_headers: -+ linesep = self.policy.linesep.encode() -+ if not folded.endswith(linesep): -+ raise HeaderWriteError( -+ f'folded header does not end with {linesep!r}: {folded!r}') -+ if NEWLINE_WITHOUT_FWSP_BYTES.search(folded.removesuffix(linesep)): -+ raise HeaderWriteError( -+ f'folded header contains newline: {folded!r}') -+ self._fp.write(folded) - # A blank line always separates headers from body - self.write(self._NL) - -Index: Python-3.14.2/Lib/test/test_email/test_generator.py -=================================================================== ---- Python-3.14.2.orig/Lib/test/test_email/test_generator.py 2026-01-28 22:15:52.693627763 +0100 -+++ Python-3.14.2/Lib/test/test_email/test_generator.py 2026-01-28 22:15:56.251344799 +0100 -@@ -313,7 +313,7 @@ - self.assertEqual(s.getvalue(), self.typ(expected)) - - def test_verify_generated_headers(self): -- """gh-121650: by default the generator prevents header injection""" -+ # gh-121650: by default the generator prevents header injection - class LiteralHeader(str): - name = 'Header' - def fold(self, **kwargs): -@@ -334,6 +334,8 @@ - - with self.assertRaises(email.errors.HeaderWriteError): - message.as_string() -+ with self.assertRaises(email.errors.HeaderWriteError): -+ message.as_bytes() - - - class TestBytesGenerator(TestGeneratorBase, TestEmailBase): -Index: Python-3.14.2/Lib/test/test_email/test_policy.py -=================================================================== ---- Python-3.14.2.orig/Lib/test/test_email/test_policy.py 2026-01-28 22:15:52.703671956 +0100 -+++ Python-3.14.2/Lib/test/test_email/test_policy.py 2026-01-28 22:15:56.251499922 +0100 -@@ -296,7 +296,7 @@ - policy.fold("Subject", subject) - - def test_verify_generated_headers(self): -- """Turning protection off allows header injection""" -+ # Turning protection off allows header injection - policy = email.policy.default.clone(verify_generated_headers=False) - for text in ( - 'Header: Value\r\nBad: Injection\r\n', -@@ -319,6 +319,10 @@ - message.as_string(), - f"{text}\nBody", +--- Python-3.14.3.orig/Lib/test/test_email/test_policy.py 2026-02-03 16:32:20.000000000 +0100 ++++ Python-3.14.3/Lib/test/test_email/test_policy.py 2026-02-13 17:09:32.641745760 +0100 +@@ -323,6 +323,10 @@ + message.as_bytes(), + f"{text}\nBody".encode(), ) + self.assertEqual( + message.as_bytes(), @@ -93,10 +30,10 @@ # XXX: Need subclassing tests. # For adding subclassed objects, make sure the usual rules apply (subclass -Index: Python-3.14.2/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst +Index: Python-3.14.3/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.14.2/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst 2026-01-28 22:15:56.251667056 +0100 ++++ Python-3.14.3/Misc/NEWS.d/next/Security/2026-01-21-12-34-05.gh-issue-144125.TAz5uo.rst 2026-02-13 17:09:32.642152246 +0100 @@ -0,0 +1,4 @@ +:mod:`~email.generator.BytesGenerator` will now refuse to serialize (write) headers +that are unsafely folded or delimited; see ++++++ CVE-2025-12781-b64decode-alt-chars.patch ++++++ >From f922c02c529d25d61aa9c28a8192639c1fce8d4d Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka <[email protected]> Date: Wed, 5 Nov 2025 20:12:31 +0200 Subject: [PATCH] gh-125346: Add more base64 tests Add more tests for the altchars argument of b64decode() and for the map01 argument of b32decode(). --- Doc/library/base64.rst | 18 ++-- Lib/base64.py | 40 +++++++- Lib/test/test_base64.py | 45 ++++++++-- Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst | 5 + 4 files changed, 91 insertions(+), 17 deletions(-) Index: Python-3.14.3/Doc/library/base64.rst =================================================================== --- Python-3.14.3.orig/Doc/library/base64.rst 2026-02-03 16:32:20.000000000 +0100 +++ Python-3.14.3/Doc/library/base64.rst 2026-02-13 15:43:18.030360439 +0100 @@ -77,15 +77,20 @@ A :exc:`binascii.Error` exception is raised if *s* is incorrectly padded. - If *validate* is ``False`` (the default), characters that are neither + If *validate* is false (the default), characters that are neither in the normal base-64 alphabet nor the alternative alphabet are - discarded prior to the padding check. If *validate* is ``True``, - these non-alphabet characters in the input result in a - :exc:`binascii.Error`. + discarded prior to the padding check, but the ``+`` and ``/`` characters + keep their meaning if they are not in *altchars* (they will be discarded + in future Python versions). + If *validate* is true, these non-alphabet characters in the input + result in a :exc:`binascii.Error`. For more information about the strict base64 check, see :func:`binascii.a2b_base64` - May assert or raise a :exc:`ValueError` if the length of *altchars* is not 2. + .. deprecated:: next + Accepting the ``+`` and ``/`` characters with an alternative alphabet + is now deprecated. + .. function:: standard_b64encode(s) @@ -116,6 +121,9 @@ ``/`` in the standard Base64 alphabet, and return the decoded :class:`bytes`. + .. deprecated:: next + Accepting the ``+`` and ``/`` characters is now deprecated. + .. function:: b32encode(s) Index: Python-3.14.3/Lib/base64.py =================================================================== --- Python-3.14.3.orig/Lib/base64.py 2026-02-13 15:20:33.905228929 +0100 +++ Python-3.14.3/Lib/base64.py 2026-02-13 15:43:18.030771327 +0100 @@ -69,20 +69,39 @@ The result is returned as a bytes object. A binascii.Error is raised if s is incorrectly padded. - If validate is False (the default), characters that are neither in the + If validate is false (the default), characters that are neither in the normal base-64 alphabet nor the alternative alphabet are discarded prior - to the padding check. If validate is True, these non-alphabet characters + to the padding check. If validate is true, these non-alphabet characters in the input result in a binascii.Error. For more information about the strict base64 check, see: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64 """ s = _bytes_from_decode_data(s) + badchar = None if altchars is not None: altchars = _bytes_from_decode_data(altchars) - assert len(altchars) == 2, repr(altchars) + if len(altchars) != 2: + raise ValueError(f'invalid altchars: {altchars!r}') + for b in b'+/': + if b not in altchars and b in s: + badchar = b + break s = s.translate(bytes.maketrans(altchars, b'+/')) - return binascii.a2b_base64(s, strict_mode=validate) + result = binascii.a2b_base64(s, strict_mode=validate) + if badchar is not None: + import warnings + if validate: + warnings.warn(f'invalid character {chr(badchar)!a} in Base64 data ' + f'with altchars={altchars!r} and validate=True ' + f'will be an error in future Python versions', + DeprecationWarning, stacklevel=2) + else: + warnings.warn(f'invalid character {chr(badchar)!a} in Base64 data ' + f'with altchars={altchars!r} and validate=False ' + f'will be discarded in future Python versions', + FutureWarning, stacklevel=2) + return result def standard_b64encode(s): @@ -127,8 +146,19 @@ The alphabet uses '-' instead of '+' and '_' instead of '/'. """ s = _bytes_from_decode_data(s) + badchar = None + for b in b'+/': + if b in s: + badchar = b + break s = s.translate(_urlsafe_decode_translation) - return b64decode(s) + result = binascii.a2b_base64(s, strict_mode=False) + if badchar is not None: + import warnings + warnings.warn(f'invalid character {chr(badchar)!a} in URL-safe Base64 data ' + f'will be discarded in future Python versions', + FutureWarning, stacklevel=2) + return result Index: Python-3.14.3/Lib/test/test_base64.py =================================================================== --- Python-3.14.3.orig/Lib/test/test_base64.py 2026-02-13 15:20:35.393785541 +0100 +++ Python-3.14.3/Lib/test/test_base64.py 2026-02-13 15:43:18.031706655 +0100 @@ -242,6 +242,25 @@ eq(base64.b64decode(data, altchars=altchars_str), res) eq(base64.b64decode(data_str, altchars=altchars_str), res) + def test_b64decode_altchars(self): + # Test with arbitrary alternative characters + eq = self.assertEqual + res = b'\xd3V\xbeo\xf7\x1d' + for altchars in b'*$', b'+/', b'/+', b'+_', b'-+', b'-/', b'/_': + data = b'01a%cb%ccd' % tuple(altchars) + data_str = data.decode('ascii') + altchars_str = altchars.decode('ascii') + + eq(base64.b64decode(data, altchars=altchars), res) + eq(base64.b64decode(data_str, altchars=altchars), res) + eq(base64.b64decode(data, altchars=altchars_str), res) + eq(base64.b64decode(data_str, altchars=altchars_str), res) + + self.assertRaises(ValueError, base64.b64decode, b'', altchars=b'+') + self.assertRaises(ValueError, base64.b64decode, b'', altchars=b'+/-') + self.assertRaises(ValueError, base64.b64decode, '', altchars='+') + self.assertRaises(ValueError, base64.b64decode, '', altchars='+/-') + def test_b64decode_padding_error(self): self.assertRaises(binascii.Error, base64.b64decode, b'abc') self.assertRaises(binascii.Error, base64.b64decode, 'abc') @@ -273,13 +292,25 @@ with self.assertRaises(binascii.Error): base64.b64decode(bstr.decode('ascii'), validate=True) - # Normal alphabet characters not discarded when alternative given - res = b'\xfb\xef\xff' - self.assertEqual(base64.b64decode(b'++//', validate=True), res) - self.assertEqual(base64.b64decode(b'++//', '-_', validate=True), res) - self.assertEqual(base64.b64decode(b'--__', '-_', validate=True), res) - self.assertEqual(base64.urlsafe_b64decode(b'++//'), res) - self.assertEqual(base64.urlsafe_b64decode(b'--__'), res) + # Normal alphabet characters will be discarded when alternative given + with self.assertWarns(FutureWarning): + self.assertEqual(base64.b64decode(b'++++', altchars=b'-_'), + b'\xfb\xef\xbe') + with self.assertWarns(FutureWarning): + self.assertEqual(base64.b64decode(b'////', altchars=b'-_'), + b'\xff\xff\xff') + with self.assertWarns(DeprecationWarning): + self.assertEqual(base64.b64decode(b'++++', altchars=b'-_', validate=True), + b'\xfb\xef\xbe') + with self.assertWarns(DeprecationWarning): + self.assertEqual(base64.b64decode(b'////', altchars=b'-_', validate=True), + b'\xff\xff\xff') + with self.assertWarns(FutureWarning): + self.assertEqual(base64.urlsafe_b64decode(b'++++'), b'\xfb\xef\xbe') + with self.assertWarns(FutureWarning): + self.assertEqual(base64.urlsafe_b64decode(b'////'), b'\xff\xff\xff') + with self.assertRaises(binascii.Error): + base64.b64decode(b'+/!', altchars=b'-_') def test_b32encode(self): eq = self.assertEqual Index: Python-3.14.3/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ Python-3.14.3/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst 2026-02-13 15:43:18.032082102 +0100 @@ -0,0 +1,5 @@ +Accepting ``+`` and ``/`` characters with an alternative alphabet in +:func:`base64.b64decode` and :func:`base64.urlsafe_b64decode` is now +deprecated. +In future Python versions they will be errors in the strict mode and +discarded in the non-strict mode. ++++++ CVE-2025-15366-imap-ctrl-chars.patch ++++++ >From 7485ee5e2cf81d3e5ad0d9c3be73cecd2ab4eec7 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson <[email protected]> Date: Fri, 16 Jan 2026 10:54:09 -0600 Subject: [PATCH 1/2] Add 'test.support' fixture for C0 control characters --- Lib/imaplib.py | 4 +++- Lib/test/test_imaplib.py | 6 ++++++ Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) Index: Python-3.14.3/Lib/imaplib.py =================================================================== --- Python-3.14.3.orig/Lib/imaplib.py 2026-02-13 15:20:34.675850664 +0100 +++ Python-3.14.3/Lib/imaplib.py 2026-02-13 15:43:20.726880248 +0100 @@ -131,7 +131,7 @@ # We compile these in _mode_xxx. _Literal = br'.*{(?P<size>\d+)}$' _Untagged_status = br'\* (?P<data>\d+) (?P<type>[A-Z-]+)( (?P<data2>.*))?' - +_control_chars = re.compile(b'[\x00-\x1F\x7F]') class IMAP4: @@ -1108,6 +1108,8 @@ if arg is None: continue if isinstance(arg, str): arg = bytes(arg, self._encoding) + if _control_chars.search(arg): + raise ValueError("Control characters not allowed in commands") data = data + b' ' + arg literal = self.literal Index: Python-3.14.3/Lib/test/test_imaplib.py =================================================================== --- Python-3.14.3.orig/Lib/test/test_imaplib.py 2026-02-13 15:20:36.132236378 +0100 +++ Python-3.14.3/Lib/test/test_imaplib.py 2026-02-13 15:43:20.727593302 +0100 @@ -663,6 +663,12 @@ self.assertEqual(data[0], b'Returned to authenticated state. (Success)') self.assertEqual(client.state, 'AUTH') + def test_control_characters(self): + client, _ = self._setup(SimpleIMAPHandler) + for c0 in support.control_characters_c0(): + with self.assertRaises(ValueError): + client.login(f'user{c0}', 'pass') + # property tests def test_file_property_should_not_be_accessed(self): Index: Python-3.14.3/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ Python-3.14.3/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst 2026-02-13 15:43:20.727873249 +0100 @@ -0,0 +1 @@ +Reject control characters in IMAP commands. ++++++ CVE-2025-15367-poplib-ctrl-chars.patch ++++++ >From b6f733b285b1c4f27dacb5c2e1f292c914e8b933 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson <[email protected]> Date: Fri, 16 Jan 2026 10:54:09 -0600 Subject: [PATCH 1/2] Add 'test.support' fixture for C0 control characters --- Lib/poplib.py | 2 ++ Lib/test/test_poplib.py | 8 ++++++++ Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst | 1 + 3 files changed, 11 insertions(+) Index: Python-3.14.3/Lib/poplib.py =================================================================== --- Python-3.14.3.orig/Lib/poplib.py 2026-02-13 15:20:34.865869684 +0100 +++ Python-3.14.3/Lib/poplib.py 2026-02-13 15:43:22.865622881 +0100 @@ -122,6 +122,8 @@ def _putcmd(self, line): if self._debugging: print('*cmd*', repr(line)) line = bytes(line, self.encoding) + if re.search(b'[\x00-\x1F\x7F]', line): + raise ValueError('Control characters not allowed in commands') self._putline(line) Index: Python-3.14.3/Lib/test/test_poplib.py =================================================================== --- Python-3.14.3.orig/Lib/test/test_poplib.py 2026-02-13 15:20:36.695240465 +0100 +++ Python-3.14.3/Lib/test/test_poplib.py 2026-02-13 15:43:22.865782353 +0100 @@ -17,6 +17,7 @@ from test.support import threading_helper from test.support import asynchat from test.support import asyncore +from test.support import control_characters_c0 test_support.requires_working_socket(module=True) @@ -395,6 +396,13 @@ self.assertIsNone(self.client.sock) self.assertIsNone(self.client.file) + def test_control_characters(self): + for c0 in control_characters_c0(): + with self.assertRaises(ValueError): + self.client.user(f'user{c0}') + with self.assertRaises(ValueError): + self.client.pass_(f'{c0}pass') + @requires_ssl def test_stls_capa(self): capa = self.client.capa() Index: Python-3.14.3/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ Python-3.14.3/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst 2026-02-13 15:43:22.866393092 +0100 @@ -0,0 +1 @@ +Reject control characters in POP3 commands. ++++++ Python-3.14.2.tar.xz -> Python-3.14.3.tar.xz ++++++ /work/SRC/openSUSE:Factory/python314/Python-3.14.2.tar.xz /work/SRC/openSUSE:Factory/.python314.new.1977/Python-3.14.3.tar.xz differ: char 26, line 1 ++++++ Python-3.14.2.tar.xz.sigstore -> Python-3.14.3.tar.xz.sigstore ++++++ --- /work/SRC/openSUSE:Factory/python314/Python-3.14.2.tar.xz.sigstore 2026-01-06 17:46:24.902145444 +0100 +++ /work/SRC/openSUSE:Factory/.python314.new.1977/Python-3.14.3.tar.xz.sigstore 2026-02-14 21:39:34.718238930 +0100 @@ -1 +1 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUDsC7oWnW0l9pHr41nnkmS1oOYd4wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMjA1MjAwMTUzWhcNMjUxMjA1MjAxMTUzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZEAAJg3xeYECyl7becytac2kIE1oFgQuGjrjBzXQG27d8TeQqTZtRdL5oZOCZt1y/DDoBfdbWul1CPovG+7z2aOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUl4K9C9akjTSm/al0xnJmeooQq/kwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABmvAbUOYAAAQDAEcwRQIgRbXsQrWV8kdhD5tMMwX5Iy2LWWHxil6V5J/mXp+/9/gCIQCwBHKBpWN3SR6/TLPr7oZCZYQB+z5q8lVqybvZSaLS4TAKBggqhkjOPQQDAwNoADBlAjBL6XGjsOPP/N74Rcw3v7CCoe23bfyE18w/XdxmJAsj9Xr6pRdp cRuEytFeLdZWIqICMQDJL2czjBTiWUkqrLq31Cvp+fQhuGSp9IZsVbTo+j6tSzfa1dwu0sy2kjBtlcRbYVs="}, "tlogEntries": [{"logIndex": "743606302", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1764964913", "inclusionPromise": {"signedEntryTimestamp": "MEQCIFnGvsHdMeYy8nrwtVTdv/PaR1aTDwf9Yrv2GjdsNsw+AiAR2o0BrjcFe8TjxbWreTwZ/Kt3zeGSi15x+znz2Ocr9g=="}, "inclusionProof": {"logIndex": "621702040", "rootHash": "dVHtSx74n1EVKTr8ZkEoUDJHV2piMrM5Jyo3x2f8GEU=", "treeSize": "621702042", "hashes": ["Kn+73i6MNIgHE1cdeyArBBdDm+sBwxxKKBO/Y8hPFik=", "21huZMFAhYUSB3tH7/d0+H+OjdndnWoE53mHoRBShZo=", "t3/3NnomBwpQQ/dit38qL8n8ICrN1dqZtiqcYM17fxU=", "e5OOoHIJrUS+lsIZNNLgCqLnU7fsgOINTlSFPPMOK+4=", "ETAkx6N//tEwnhFB+hjwavO9F2M4JBBCbK+W/kZLg0Q=", "mamQezujujSnmKn/0+ueS2xlFZCYg0G6tTjNZ1ezFH0=", "KY+mZ6XMnzG1xo3I/kVu9Uw9DK3UKfa4PXt7i4ElYpQ=", "IaVIX1Ns+gb7uyNW1PFOI2Eko8sf6VyOvY+1txNb27I=", "NTzWPyfxc1IPzv49Nng3yy1Ri5Y94teOI4R QNzzPwik=", "NxaZXwQFBXq44JqVMKZx4KkC0y7CIoG4GsV3H+ntf6w=", "YYvp7Leoq6lF3zEs+Bux7BQt/UrxFbOOJAwVroBevek=", "pQtmpjszxrel2u+2I5HrLBwlwvhc19nfAUsa5EHZAe4=", "0jEq6eagxqoSOor9OR//fY6uOsPzLaE1q1n9tZRzfSc=", "ZmUkYkHBy1B723JrEgiKvepTdHYrP6y2a4oODYvi5VY=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n621702042\ndVHtSx74n1EVKTr8ZkEoUDJHV2piMrM5Jyo3x2f8GEU=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiBERVmx1IGpoQwrsH/RebrgT8NR5mfKLcAa+Mr2DM8VuwIgYHEm0SHrV47gTZwUWt6Ck5Tk3SR6JNQgUCbIntbUQyc=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjZTU0M2FiODU0YmMyNTZiNjFiNzFlOWIyN2Y4MzFmZmQxYmZkNjBhNDc5ZDYzOWY4YmU3Zjk3NTdjZjU3M2U5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNnZFNxNGV0K0J5OTRMS2o1Zyt6MHlTcnlwbW03KzliQlBsVS8vNlVlYmJBSWdZSWFTUG5NSGp2a2wvMFMyTGFJU0lFZmZueVVSKzJsYWRZT21ZdnhNNFVJPSIsInB1YmxpY0tleSI6eyJjb250ZW50 IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVlJITkROMjlYYmxjd2JEbHdTSEkwTVc1dWEyMVRNVzlQV1dRMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFxUVRGTmFrRjNUVlJWZWxkb1kwNU5hbFY0VFdwQk1VMXFRWGhOVkZWNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZhUlVGQlNtY3plR1ZaUlVONWJEZGlaV041ZEdGak1tdEpSVEZ2Um1kUmRVZHFjbW9LUW5wWVVVY3lOMlE0VkdWUmNWUmFkRkprVERWdldrOURXblF4ZVM5RVJHOUNabVJpVjNWc01VTlFiM1pIS3pkNk1tRlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZzTkVzNUNrTTVZV3RxVkZOdEwyRnNNSGh1U20xbGIyOVJjUzlyZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT 0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVdkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWpnS1FraHZRV1ZCUWpKQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnRka0ZpVlU5WlFRcEJRVkZFUVVWamQxSlJTV2RTWWxoelVYSlhWamhyWkdoRU5YUk5UWGRZTlVsNU1reFhWMGg0YVd3MlZqVktMMjFZY0Nzdk9TOW5RMGxSUTNkQ1NFdENDbkJYVGpOVFVqWXZWRXhRY2pkdldrTmFXVkZDSzNvMWNUaHNWbkY1WW5aYVUyRk1VelJVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFRa3dLTmxoSGFuTlBVRkF2VGpjMFVtTjNNM1kzUTBOdlpUSXpZbVo1UlRFNGR5OVlaSGh0U2tGemFqbFljalp3VW1Sd1kxSjFSWGwwUm1WTVpGcFhTWEZKUXdwTlVVUktUREpqZW1wQ1ZHbFhWV3R4Y2t4eE16RkRkbkFyWmxGb2RVZFRjRGxKV25OV1lsUnZLMm8yZEZONlptRXhaSGQxTUhONU1tdHFRblJzWTFKaUNsbFdjejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "zlQ6uFS8JWthtx6bJ/gx/9G/1gpH nWOfi+f5dXz1c+k="}, "signature": "MEUCIQCgdSq4et+By94LKj5g+z0ySrypmm7+9bBPlU//6UebbAIgYIaSPnMHjvkl/0S2LaISIEffnyUR+2ladYOmYvxM4UI="}} +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlSgAwIBAgIUBx87ORotwES9Tr9/5NZTngeQhtUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwMjAzMTgyOTIwWhcNMjYwMjAzMTgzOTIwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw1f5ikJaSUOwVvytG3fHa2lOz7WjZ19hYmJshJl5Ila9TjVqJCTCJF7KNYRkz9b9N6eZXeukwF8PKBZIS4TzoaOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU20u9xd3ZaH6WWnir8qLg+cbGJNowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABnCTEJRMAAAQDAEcwRQIhAJI6KotoJjZIkucqFuGRaEJTgXyeS2lhlXH0gpvbwnA8AiAL5zIOhGAfKfm81Qv7VX6sAILt+RaFQneJNxUYis/zwzAKBggqhkjOPQQDAwNpADBmAjEA1EiYSJkPzBo30auPquS4i4aS28iJQ5ZjMn0MYFswmwoC7Uo9 H3n/c1DcsEnzBzaKAjEA8ySQOh4FRmbxIWYWb5KLlJUplny3HyGYi1URxV7hsa+lNgEaO5o3LV/BbB5lnO4s"}, "tlogEntries": [{"logIndex": "908836744", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1770143360", "inclusionPromise": {"signedEntryTimestamp": "MEYCIQDvK2No1zzRFayBeyzvA42BK6xuXOlV6KMe66YHqPGpyQIhAIgzTnzAjblnl+WzNN7oH2DK/qj4pl9JaBLNHPQrOQrI"}, "inclusionProof": {"logIndex": "786932482", "rootHash": "dGVFvc1oLbLyJiHnFEycV208nQJKUBJwroHzkkEqIIo=", "treeSize": "786932485", "hashes": ["h2AO7cQ01eF2B8CkF2PIO4su+qg6eQB2J/Ig0br85HA=", "O3EIEcvyyn5ZYNiBc8YSrN/mREv4Poj9WCpv8jE/oyI=", "IpLe03oVtHPl1LgYBblTCahhLhs6wFvzdlGZgJzQ1uk=", "go/Nm4TUqqeO6DxsYqK/L32zREpElrXy7C2euZySNzg=", "L2xrC73coSdSyPb0X33W6SDKVMxsk74ZnFRJINpON8I=", "fRNx1tBqRqL5Yibyg7EjJbHuiShPUD+wS5BZPO9nBEM=", "QdVJN4pI2za6IrM4/I4o9aeZMiXnx7faJSZQMhMmtU8=", "sCWg+jViEKkz6QEEx56tYG4vykLu2WiALyfOcM96toQ=", "AAtQsmfrXzumS5rosvNxszWd2XG1lRck4Wt RuwVAiU8=", "bGXXJ36FovKuLHu/UAyDMaXYRCr5fKcrc9rlbjQ7HDs=", "iEKYdHrZdRVr6DbpjA8Lcwmot+QZOoeZ1BAEuu/Bvro=", "RBHg3kfW74vkatMSjoUEMZxs4pXkX6y3f906Fc2Yc0Y=", "YEPMagC4YFWQMmrwdZHLOWJudK6RRRuGHVQ8/uADabI=", "yeCWAa93hha1YBKuFn93zBzKbqQW3tYHrgkSp5U7ndU=", "4O6YxKguFZGEr7Xsa3hqNAN2Qq7uVVat/IV4masT570=", "F9MSQ5SmoFr+hoADclpdFY52/TLfHDnNPYb9ZNYO5gI=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n786932485\ndGVFvc1oLbLyJiHnFEycV208nQJKUBJwroHzkkEqIIo=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiAif/bJOkEHuQeaIivryOmrr7YAKYb3T2xrD88l009VuQIhANUlyrkF5XOL10+83p09JViRO8CzJmGsjKL6OMXbObWE\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhOTdkNTU0OWU5YWQ4MWZlMTcxNTllZDAyYzY4Nzc0YWQ1ZDI2NmM3MmY4ZDlhMGI1YTljMzcxZmU4NWQ5MDJiIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRkNjcW9UaGdhUnhWSGpqd3hsaHVxNWJOSTFicHJxRlhwSkM5dGVsNGNH OEFpQkhzQmUzeFhHU0hvbVFrc25FOWVVVSs5bHlQR3lhRUlqcGllaUxVSzVER2c9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4VFowRjNTVUpCWjBsVlFuZzROMDlTYjNSM1JWTTVWSEk1THpWT1dsUnVaMlZSYUhSVmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDFxUVhwTlZHZDVUMVJKZDFkb1kwNU5hbGwzVFdwQmVrMVVaM3BQVkVsM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVYzTVdZMWFXdEtZVk5WVDNkV2RubDBSek5tU0dFeWJFOTZOMWRxV2pFNWFGbHRTbk1LYUVwc05VbHNZVGxVYWxaeFNrTlVRMHBHTjB0T1dWSnJlamxpT1U0MlpWcFlaWFZyZDBZNFVFdENXa2xUTkZSNmIyRlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlV5TUhVNUNuaGtNMXBoU0RaWFYyNXBjamh4VEdjclkySkhTazV2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV 1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVdkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWpnS1FraHZRV1ZCUWpKQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnVRMVJGU2xKTlFRcEJRVkZFUVVWamQxSlJTV2hCU2trMlMyOTBiMHBxV2tscmRXTnhSblZIVW1GRlNsUm5XSGxsVXpKc2FHeFlTREJuY0haaWQyNUJPRUZwUVV3MWVrbFBDbWhIUVdaTFptMDRNVkYyTjFaWU5uTkJTVXgwSzFKaFJsRnVaVXBPZUZWWmFYTXZlbmQ2UVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV3UVVSQ2JVRnFSVUVLTVVWcFdWTkthMUI2UW04ek1HRjFVSEYxVXpScE5HRlRNamhwU2xFMVdtcE5iakJOV1VaemQyMTNiME0zVlc4NVNETnVMMk14UkdOelJXNTZRbnBoU3dwQmFrVkJPSGxUVVU5b05FWlNiV0o0U1ZkWlYySTFTMHhzU2xWd2JHNTVNMGg1UjFscE1WVlNlRlkzYUhOaEsyeE9aMFZoVHpWdk0weFdMMEppUWpWc0NtNVBOSE1LTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messag eSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "qX1VSemtgf4XFZ7QLGh3StXSZscvjZoLWpw3H+hdkCs="}, "signature": "MEQCIFCcqoThgaRxVHjjwxlhuq5bNI1bprqFXpJC9tel4cG8AiBHsBe3xXGSHomQksnE9eUU+9lyPGyaEIjpieiLUK5DGg=="}} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.PIJFQt/_old 2026-02-14 21:39:37.190340830 +0100 +++ /var/tmp/diff_new_pack.PIJFQt/_new 2026-02-14 21:39:37.194340995 +0100 @@ -1,6 +1,6 @@ -mtime: 1769691597 -commit: 3a0658eda43cd8c3eeac0838a1b2980fc4402a050f83f8c3a59b63bcc8e5a7f6 +mtime: 1771012381 +commit: a667dcdda9411dd3229f34372172827d7f1721d811713c99dd2c9f89129b0012 url: https://src.opensuse.org/python-interpreters/python314.git -revision: 3a0658eda43cd8c3eeac0838a1b2980fc4402a050f83f8c3a59b63bcc8e5a7f6 +revision: a667dcdda9411dd3229f34372172827d7f1721d811713c99dd2c9f89129b0012 projectscmsync: https://src.opensuse.org/python-interpreters/_ObsPrj ++++++ build.specials.obscpio ++++++ --- old/.gitignore 2026-01-29 14:00:23.000000000 +0100 +++ new/.gitignore 2026-02-13 21:02:28.000000000 +0100 @@ -2,4 +2,5 @@ *.obscpio _build.* .pbuild +*.orig python314-*-build/ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-02-13 21:02:28.000000000 +0100 @@ -0,0 +1,6 @@ +.osc +*.obscpio +_build.* +.pbuild +*.orig +python314-*-build/ ++++++ configure-drop-autoconf-ver-req.patch ++++++ --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: Python-3.14.3/configure.ac =================================================================== --- Python-3.14.3.orig/configure.ac 2026-02-03 16:32:20.000000000 +0100 +++ Python-3.14.3/configure.ac 2026-02-13 20:23:46.066774038 +0100 @@ -12,7 +12,7 @@ # Set VERSION so we only need to edit in one place (i.e., here) m4_define([PYTHON_VERSION], [3.14]) -AC_PREREQ([2.72]) +dnl AC_PREREQ([2.72]) AC_INIT([python],[PYTHON_VERSION],[https://github.com/python/cpython/issues/]) ++++++ gh139257-Support-docutils-0.22.patch ++++++ --- /var/tmp/diff_new_pack.PIJFQt/_old 2026-02-14 21:39:37.442351218 +0100 +++ /var/tmp/diff_new_pack.PIJFQt/_new 2026-02-14 21:39:37.442351218 +0100 @@ -4,13 +4,39 @@ Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22 --- + Doc/Makefile | 2 - + Doc/conf.py | 3 + Doc/tools/extensions/pyspecific.py | 68 +++++++++++++++++++++++++------------ - 1 file changed, 46 insertions(+), 22 deletions(-) + 3 files changed, 50 insertions(+), 23 deletions(-) -Index: Python-3.14.2/Doc/tools/extensions/pyspecific.py +Index: Python-3.14.3/Doc/Makefile =================================================================== ---- Python-3.14.2.orig/Doc/tools/extensions/pyspecific.py 2025-12-05 17:49:16.000000000 +0100 -+++ Python-3.14.2/Doc/tools/extensions/pyspecific.py 2025-12-11 18:15:44.936875242 +0100 +--- Python-3.14.3.orig/Doc/Makefile 2026-02-03 16:32:20.000000000 +0100 ++++ Python-3.14.3/Doc/Makefile 2026-02-13 20:28:48.460059340 +0100 +@@ -14,7 +14,7 @@ + SOURCES = + DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py) + REQUIREMENTS = requirements.txt +-SPHINXERRORHANDLING = --fail-on-warning ++SPHINXERRORHANDLING = + + # Internal variables. + PAPEROPT_a4 = --define latex_elements.papersize=a4paper +Index: Python-3.14.3/Doc/conf.py +=================================================================== +--- Python-3.14.3.orig/Doc/conf.py 2026-02-03 16:32:20.000000000 +0100 ++++ Python-3.14.3/Doc/conf.py 2026-02-13 20:21:11.034520886 +0100 +@@ -582,3 +582,6 @@ + '<meta property="og:image:width" content="200">', + '<meta property="og:image:height" content="200">', + ) ++ ++# Fix devhelp doc build gh#python/cpython#120150 ++master_doc = 'contents' +Index: Python-3.14.3/Doc/tools/extensions/pyspecific.py +=================================================================== +--- Python-3.14.3.orig/Doc/tools/extensions/pyspecific.py 2026-02-03 16:32:20.000000000 +0100 ++++ Python-3.14.3/Doc/tools/extensions/pyspecific.py 2026-02-13 17:09:31.987767795 +0100 @@ -1,12 +1,12 @@ # -*- coding: utf-8 -*- """
