Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python311 for openSUSE:Factory checked in at 2026-03-10 17:46:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python311 (Old) and /work/SRC/openSUSE:Factory/.python311.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python311" Tue Mar 10 17:46:47 2026 rev:64 rq:1337543 version:3.11.15 Changes: -------- --- /work/SRC/openSUSE:Factory/python311/python311.changes 2026-02-18 17:05:31.897977974 +0100 +++ /work/SRC/openSUSE:Factory/.python311.new.8177/python311.changes 2026-03-10 17:46:51.727569808 +0100 @@ -1,0 +2,90 @@ +Fri Mar 6 18:54:51 UTC 2026 - Matej Cepl <[email protected]> + +- Update to 3.11.15: + - Security + - gh-144125: BytesGenerator will now refuse to serialize + (write) headers that are unsafely folded or delimited; see + verify_generated_headers. (Contributed by Bas Bloemsaat and + Petr Viktorin in gh-121650). + - gh-143935: Fixed a bug in the folding of comments when + flattening an email message using a modern email policy. + Comments consisting of a very long sequence of non-foldable + characters could trigger a forced line wrap that omitted + the required leading space on the continuation line, + causing the remainder of the comment to be interpreted as + a new header field. This enabled header injection with + carefully crafted inputs (bsc#1257029 CVE-2025-11468). + - gh-143925: Reject control characters in data: URL media + types (bsc#1257046, CVE-2025-15282). + - gh-143919: Reject control characters in http.cookies.Morsel + fields and values (bsc#1257031, CVE-2026-0672). + - gh-143916: Reject C0 control characters within + wsgiref.headers.Headers fields, values, and parameters + (bsc#1257042, CVE-2026-0865). + - gh-142145: Remove quadratic behavior in xml.minidom node ID + cache clearing. In order to do this without breaking + existing users, we also add the ownerDocument attribute to + xml.dom.minidom elements and attributes created by directly + instantiating the Element or Attr class. Note that this way + of creating nodes is not supported; creator functions like + xml.dom.Document.documentElement() should be used instead + (bsc#1254997, CVE-2025-12084). + - gh-137836: Add support of the “plaintext” element, RAWTEXT + elements “xmp”, “iframe”, “noembed” and “noframes”, and + optionally RAWTEXT element “noscript” in + html.parser.HTMLParser. + - gh-136063: email.message: ensure linear complexity for + legacy HTTP parameters parsing. Patch by Bénédikt Tran. + - gh-136065: Fix quadratic complexity in + os.path.expandvars() (bsc#1252974, CVE-2025-6075). + - gh-119451: Fix a potential memory denial of service in the + http.client module. When connecting to a malicious server, + it could cause an arbitrary amount of memory to be + allocated. This could have led to symptoms including + a MemoryError, swapping, out of memory (OOM) killed + processes or containers, or even system crashes + (CVE-2025-13836, bsc#1254400). + - gh-119452: Fix a potential memory denial of service in the + http.server module. When a malicious user is connected to + the CGI server on Windows, it could cause an arbitrary + amount of memory to be allocated. This could have led to + symptoms including a MemoryError, swapping, out of memory + (OOM) killed processes or containers, or even system + crashes. + - gh-119342: Fix a potential memory denial of service in the + plistlib module. When reading a Plist file received from + untrusted source, it could cause an arbitrary amount of + memory to be allocated. This could have led to symptoms + including a MemoryError, swapping, out of memory (OOM) + killed processes or containers, or even system crashes + (bsc#1254401, CVE-2025-13837). + - Library + - gh-144833: Fixed a use-after-free in ssl when SSL_new() + returns NULL in newPySSLSocket(). The error was reported + via a dangling pointer after the object had already been + freed. + - gh-144363: Update bundled libexpat to 2.7.4 + - gh-90949: Add SetAllocTrackerActivationThreshold() and + SetAllocTrackerMaximumAmplification() to xmlparser objects + to prevent use of disproportional amounts of dynamic memory + from within an Expat parser. Patch by Bénédikt Tran. + - Core and Builtins + - gh-120384: Fix an array out of bounds crash in + list_ass_subscript, which could be invoked via some + specificly tailored input: including concurrent + modification of a list object, where one thread assigns + a slice and another clears it. + - gh-120298: Fix use-after free in list_richcompare_impl + which can be invoked via some specificly tailored evil + input. +Remove upstreamed patches: + - CVE-2025-11468-email-hdr-fold-comment.patch + - CVE-2025-12084-minidom-quad-search.patch + - CVE-2025-13836-http-resp-cont-len.patch + - CVE-2025-13837-plistlib-mailicious-length.patch + - CVE-2025-6075-expandvars-perf-degrad.patch + - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch + - CVE-2026-0865-wsgiref-ctrl-chars.patch + - CVE-2025-15282-urllib-ctrl-chars.patch + +------------------------------------------------------------------- Old: ---- CVE-2025-11468-email-hdr-fold-comment.patch CVE-2025-12084-minidom-quad-search.patch CVE-2025-13836-http-resp-cont-len.patch CVE-2025-13837-plistlib-mailicious-length.patch CVE-2025-15282-urllib-ctrl-chars.patch CVE-2025-6075-expandvars-perf-degrad.patch CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch CVE-2026-0865-wsgiref-ctrl-chars.patch Python-3.11.14.tar.xz Python-3.11.14.tar.xz.sigstore New: ---- Python-3.11.15.tar.xz Python-3.11.15.tar.xz.sigstore ----------(Old B)---------- Old:Remove upstreamed patches: - CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2025-12084-minidom-quad-search.patch Old: - CVE-2025-11468-email-hdr-fold-comment.patch - CVE-2025-12084-minidom-quad-search.patch - CVE-2025-13836-http-resp-cont-len.patch Old: - CVE-2025-12084-minidom-quad-search.patch - CVE-2025-13836-http-resp-cont-len.patch - CVE-2025-13837-plistlib-mailicious-length.patch Old: - CVE-2025-13836-http-resp-cont-len.patch - CVE-2025-13837-plistlib-mailicious-length.patch - CVE-2025-6075-expandvars-perf-degrad.patch Old: - CVE-2026-0865-wsgiref-ctrl-chars.patch - CVE-2025-15282-urllib-ctrl-chars.patch Old: - CVE-2025-13837-plistlib-mailicious-length.patch - CVE-2025-6075-expandvars-perf-degrad.patch - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch Old: - CVE-2025-6075-expandvars-perf-degrad.patch - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - CVE-2026-0865-wsgiref-ctrl-chars.patch Old: - CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch - CVE-2026-0865-wsgiref-ctrl-chars.patch - CVE-2025-15282-urllib-ctrl-chars.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python311.spec ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:53.991663268 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:53.995663433 +0100 @@ -107,7 +107,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.11.14 +Version: 3.11.15 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -188,33 +188,9 @@ Patch24: add-loongarch64-support.patch # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 [email protected] Patch25: gh139257-Support-docutils-0.22.patch -# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 [email protected] -# Avoid potential quadratic complexity vulnerabilities in path modules -Patch26: CVE-2025-6075-expandvars-perf-degrad.patch -# PATCH-FIX-UPSTREAM CVE-2025-13836-http-resp-cont-len.patch bsc#1254400 [email protected] -# Avoid loading possibly compromised length of HTTP response -Patch27: CVE-2025-13836-http-resp-cont-len.patch -# PATCH-FIX-UPSTREAM CVE-2025-12084-minidom-quad-search.patch bsc#1254997 [email protected] -# prevent quadratic behavior in node ID cache clearing -Patch28: CVE-2025-12084-minidom-quad-search.patch -# PATCH-FIX-UPSTREAM CVE-2025-13837-plistlib-mailicious-length.patch bsc#1254401 [email protected] -# protect against OOM when loading malicious content -Patch29: CVE-2025-13837-plistlib-mailicious-length.patch -# PATCH-FIX-UPSTREAM CVE-2025-11468-email-hdr-fold-comment.patch bsc#1257029 [email protected] -# this patch makes things totally awesome -Patch30: CVE-2025-11468-email-hdr-fold-comment.patch -# PATCH-FIX-UPSTREAM CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch bsc#1257031 [email protected] -# rejects control characters in http cookies. -Patch31: CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch -# PATCH-FIX-UPSTREAM CVE-2026-0865-wsgiref-ctrl-chars.patch bsc#1257042 [email protected] -# Reject control characters in wsgiref.headers.Headers -Patch32: CVE-2026-0865-wsgiref-ctrl-chars.patch # PATCH-FIX-UPSTREAM CVE-2025-15366-imap-ctrl-chars.patch bsc#1257044 [email protected] # Reject control characters in wsgiref.headers.Headers Patch33: CVE-2025-15366-imap-ctrl-chars.patch -# PATCH-FIX-UPSTREAM CVE-2025-15282-urllib-ctrl-chars.patch bsc#1257046 [email protected] -# Reject control characters in urllib -Patch34: CVE-2025-15282-urllib-ctrl-chars.patch # PATCH-FIX-UPSTREAM CVE-2025-15367-poplib-ctrl-chars.patch bsc#1257041 [email protected] # Reject control characters in poplib Patch35: CVE-2025-15367-poplib-ctrl-chars.patch ++++++ CVE-2023-52425-libexpat-2.6.0-backport.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.027664754 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.035665084 +0100 @@ -1,15 +1,15 @@ --- - Lib/test/support/__init__.py | 16 ++++++++++++++-- + Lib/test/support/__init__.py | 22 ++++++++++++++++------ Lib/test/test_minidom.py | 23 +++++++++-------------- Lib/test/test_pyexpat.py | 12 +++++------- Lib/test/test_sax.py | 18 +++++++++--------- Lib/test/test_xml_etree.py | 12 ------------ - 5 files changed, 37 insertions(+), 44 deletions(-) + 5 files changed, 39 insertions(+), 48 deletions(-) -Index: Python-3.11.14/Lib/test/support/__init__.py +Index: Python-3.11.15/Lib/test/support/__init__.py =================================================================== ---- Python-3.11.14.orig/Lib/test/support/__init__.py 2025-11-15 19:15:08.449938538 +0100 -+++ Python-3.11.14/Lib/test/support/__init__.py 2025-11-15 19:15:12.859120260 +0100 +--- Python-3.11.15.orig/Lib/test/support/__init__.py 2026-03-09 00:22:05.833623479 +0100 ++++ Python-3.11.15/Lib/test/support/__init__.py 2026-03-09 00:25:45.751482485 +0100 @@ -8,6 +8,7 @@ import functools import os @@ -18,7 +18,7 @@ import stat import sys import sysconfig -@@ -56,7 +57,7 @@ +@@ -56,10 +57,9 @@ "run_with_tz", "PGO", "missing_compiler_executable", "ALWAYS_EQ", "NEVER_EQ", "LARGEST", "SMALLEST", "LOOPBACK_TIMEOUT", "INTERNET_TIMEOUT", "SHORT_TIMEOUT", "LONG_TIMEOUT", @@ -26,39 +26,48 @@ + "skip_on_s390x", "fails_with_expat_2_6_0", "is_expat_2_6_0" ] - -@@ -2279,6 +2280,17 @@ +- + # Timeout in seconds for tests using a network server listening on the network + # local loopback interface like 127.0.0.1. + # +@@ -2279,10 +2279,20 @@ } return ignored -#Windows doesn't have os.uname() but it doesn't support s390x. -+ +-skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', +- 'skipped on s390x') +- +# Windows doesn't have os.uname() but it doesn't support s390x. - skip_on_s390x = unittest.skipIf(hasattr(os, 'uname') and os.uname().machine == 's390x', - 'skipped on s390x') -+ ++skip_on_s390x = unittest.skipIf( ++ hasattr(os, 'uname') and os.uname().machine == 's390x', ++ 'skipped on s390x') + [email protected]_cache +def _is_expat_2_6_0(): + return hasattr(pyexpat.ParserCreate(), 'SetReparseDeferralEnabled') ++ +is_expat_2_6_0 = _is_expat_2_6_0() + +fails_with_expat_2_6_0 = (unittest.expectedFailure + if is_expat_2_6_0 + else lambda test: test) -Index: Python-3.11.14/Lib/test/test_minidom.py + + def control_characters_c0() -> list[str]: + """Returns a list of C0 control characters as strings. +Index: Python-3.11.15/Lib/test/test_minidom.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_minidom.py 2025-11-15 19:14:53.915952608 +0100 -+++ Python-3.11.14/Lib/test/test_minidom.py 2025-11-15 19:15:12.859877278 +0100 -@@ -6,7 +6,6 @@ +--- Python-3.11.15.orig/Lib/test/test_minidom.py 2026-03-09 00:22:01.870138109 +0100 ++++ Python-3.11.15/Lib/test/test_minidom.py 2026-03-09 00:22:05.864561664 +0100 +@@ -7,7 +7,6 @@ from test import support import unittest -import pyexpat import xml.dom.minidom - from xml.dom.minidom import parse, Attr, Node, Document, parseString -@@ -1163,13 +1162,11 @@ + from xml.dom.minidom import parse, Attr, Node, Document, Element, parseString +@@ -1194,13 +1193,11 @@ # Verify that character decoding errors raise exceptions instead # of crashing @@ -77,7 +86,7 @@ b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>') doc.unlink() -@@ -1631,12 +1628,10 @@ +@@ -1662,12 +1659,10 @@ self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) def testExceptionOnSpacesInXMLNSValue(self): @@ -94,11 +103,11 @@ parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>') def testDocRemoveChild(self): -Index: Python-3.11.14/Lib/test/test_pyexpat.py +Index: Python-3.11.15/Lib/test/test_pyexpat.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_pyexpat.py 2025-11-15 19:14:53.915952608 +0100 -+++ Python-3.11.14/Lib/test/test_pyexpat.py 2025-11-15 19:15:12.860334045 +0100 -@@ -14,8 +14,7 @@ +--- Python-3.11.15.orig/Lib/test/test_pyexpat.py 2026-03-09 00:22:02.085337730 +0100 ++++ Python-3.11.15/Lib/test/test_pyexpat.py 2026-03-09 00:22:21.434819111 +0100 +@@ -18,8 +18,7 @@ from xml.parsers import expat from xml.parsers.expat import errors @@ -108,7 +117,7 @@ class SetAttributeTest(unittest.TestCase): def setUp(self): -@@ -806,9 +805,8 @@ +@@ -810,9 +809,8 @@ self.assertIs(parser.GetReparseDeferralEnabled(), enabled) def test_reparse_deferral_enabled(self): @@ -120,7 +129,7 @@ started = [] -@@ -837,9 +835,9 @@ +@@ -841,9 +839,9 @@ parser = expat.ParserCreate() parser.StartElementHandler = start_element @@ -132,10 +141,10 @@ for chunk in (b'<doc', b'/>'): parser.Parse(chunk, False) -Index: Python-3.11.14/Lib/test/test_sax.py +Index: Python-3.11.15/Lib/test/test_sax.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_sax.py 2025-11-15 19:14:53.915952608 +0100 -+++ Python-3.11.14/Lib/test/test_sax.py 2025-11-15 19:15:12.860746114 +0100 +--- Python-3.11.15.orig/Lib/test/test_sax.py 2026-03-09 00:22:02.128712585 +0100 ++++ Python-3.11.15/Lib/test/test_sax.py 2026-03-09 00:22:21.434819111 +0100 @@ -19,13 +19,11 @@ from io import BytesIO, StringIO import codecs @@ -187,10 +196,10 @@ self.assertFalse(parser._parser.GetReparseDeferralEnabled()) -Index: Python-3.11.14/Lib/test/test_xml_etree.py +Index: Python-3.11.15/Lib/test/test_xml_etree.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_xml_etree.py 2025-11-15 19:14:53.915952608 +0100 -+++ Python-3.11.14/Lib/test/test_xml_etree.py 2025-11-15 19:15:12.861491049 +0100 +--- Python-3.11.15.orig/Lib/test/test_xml_etree.py 2026-03-09 00:22:02.529714798 +0100 ++++ Python-3.11.15/Lib/test/test_xml_etree.py 2026-03-09 00:22:21.434819111 +0100 @@ -13,7 +13,6 @@ import operator import os ++++++ CVE-2023-52425-remove-reparse_deferral-tests.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.047665580 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.051665745 +0100 @@ -4,11 +4,11 @@ Lib/test/test_xml_etree.py | 2 ++ 3 files changed, 6 insertions(+) -Index: Python-3.11.14/Lib/test/test_pyexpat.py +Index: Python-3.11.15/Lib/test/test_pyexpat.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_pyexpat.py 2025-11-15 19:15:12.860334045 +0100 -+++ Python-3.11.14/Lib/test/test_pyexpat.py 2025-11-15 19:15:15.541090355 +0100 -@@ -804,6 +804,7 @@ +--- Python-3.11.15.orig/Lib/test/test_pyexpat.py 2026-03-06 16:07:07.713428031 +0100 ++++ Python-3.11.15/Lib/test/test_pyexpat.py 2026-03-06 18:23:34.307976750 +0100 +@@ -808,6 +808,7 @@ parser.SetReparseDeferralEnabled(True) self.assertIs(parser.GetReparseDeferralEnabled(), enabled) @@ -16,7 +16,7 @@ def test_reparse_deferral_enabled(self): if not is_expat_2_6_0: self.skipTest("Linked libexpat doesn't support reparse deferral") -@@ -827,6 +828,7 @@ +@@ -831,6 +832,7 @@ self.assertEqual(started, ['doc']) @@ -24,10 +24,10 @@ def test_reparse_deferral_disabled(self): started = [] -Index: Python-3.11.14/Lib/test/test_sax.py +Index: Python-3.11.15/Lib/test/test_sax.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_sax.py 2025-11-15 19:15:12.860746114 +0100 -+++ Python-3.11.14/Lib/test/test_sax.py 2025-11-15 19:15:15.541608234 +0100 +--- Python-3.11.15.orig/Lib/test/test_sax.py 2026-03-06 16:07:07.713855947 +0100 ++++ Python-3.11.15/Lib/test/test_sax.py 2026-03-06 18:23:34.309155833 +0100 @@ -1213,6 +1213,7 @@ self.assertEqual(result.getvalue(), start + b"<doc>text</doc>") @@ -44,10 +44,10 @@ def test_flush_reparse_deferral_disabled(self): if not is_expat_2_6_0: self.skipTest("Linked libexpat doesn't support reparse deferral") -Index: Python-3.11.14/Lib/test/test_xml_etree.py +Index: Python-3.11.15/Lib/test/test_xml_etree.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_xml_etree.py 2025-11-15 19:15:12.861491049 +0100 -+++ Python-3.11.14/Lib/test/test_xml_etree.py 2025-11-15 19:15:15.542327817 +0100 +--- Python-3.11.15.orig/Lib/test/test_xml_etree.py 2026-03-06 16:07:07.714503769 +0100 ++++ Python-3.11.15/Lib/test/test_xml_etree.py 2026-03-06 18:23:34.309977052 +0100 @@ -1620,6 +1620,7 @@ with self.assertRaises(ValueError): ET.XMLPullParser(events=('start', 'end', 'bogus')) ++++++ CVE-2025-12781-b64decode-alt-chars.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.067666405 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.079666901 +0100 @@ -12,10 +12,10 @@ Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst | 5 + 4 files changed, 91 insertions(+), 14 deletions(-) -Index: Python-3.11.14/Doc/library/base64.rst +Index: Python-3.11.15/Doc/library/base64.rst =================================================================== ---- Python-3.11.14.orig/Doc/library/base64.rst 2025-10-09 18:16:55.000000000 +0200 -+++ Python-3.11.14/Doc/library/base64.rst 2026-02-11 23:44:54.612595397 +0100 +--- Python-3.11.15.orig/Doc/library/base64.rst 2026-03-03 01:52:57.000000000 +0100 ++++ Python-3.11.15/Doc/library/base64.rst 2026-03-06 19:52:36.492967768 +0100 @@ -74,15 +74,20 @@ A :exc:`binascii.Error` exception is raised if *s* is incorrectly padded. @@ -52,10 +52,10 @@ .. function:: b32encode(s) -Index: Python-3.11.14/Lib/base64.py +Index: Python-3.11.15/Lib/base64.py =================================================================== ---- Python-3.11.14.orig/Lib/base64.py 2026-02-11 23:44:42.099270109 +0100 -+++ Python-3.11.14/Lib/base64.py 2026-02-11 23:44:54.613055284 +0100 +--- Python-3.11.15.orig/Lib/base64.py 2026-03-06 16:06:30.195774827 +0100 ++++ Python-3.11.15/Lib/base64.py 2026-03-06 19:52:36.493488040 +0100 @@ -71,20 +71,39 @@ The result is returned as a bytes object. A binascii.Error is raised if s is incorrectly padded. @@ -121,10 +121,10 @@ -Index: Python-3.11.14/Lib/test/test_base64.py +Index: Python-3.11.15/Lib/test/test_base64.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_base64.py 2026-02-11 23:44:44.270637438 +0100 -+++ Python-3.11.14/Lib/test/test_base64.py 2026-02-11 23:44:54.613405604 +0100 +--- Python-3.11.15.orig/Lib/test/test_base64.py 2026-03-06 16:06:32.552854037 +0100 ++++ Python-3.11.15/Lib/test/test_base64.py 2026-03-06 19:52:36.494050069 +0100 @@ -228,6 +228,25 @@ b'\xd3V\xbeo\xf7\x1d') self.check_decode_type_errors(base64.urlsafe_b64decode) @@ -181,10 +181,10 @@ def test_b32encode(self): eq = self.assertEqual -Index: Python-3.11.14/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst +Index: Python-3.11.15/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.14/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst 2026-02-11 23:44:54.613764682 +0100 ++++ Python-3.11.15/Misc/NEWS.d/next/Library/2025-11-06-12-03-29.gh-issue-125346.7Gfpgw.rst 2026-03-06 19:52:36.494404708 +0100 @@ -0,0 +1,5 @@ +Accepting ``+`` and ``/`` characters with an alternative alphabet in +:func:`base64.b64decode` and :func:`base64.urlsafe_b64decode` is now ++++++ CVE-2025-15366-imap-ctrl-chars.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.095667562 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.099667727 +0100 @@ -8,10 +8,10 @@ Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) -Index: Python-3.12.12/Lib/imaplib.py +Index: Python-3.11.15/Lib/imaplib.py =================================================================== ---- Python-3.12.12.orig/Lib/imaplib.py 2026-02-10 22:15:03.417592955 +0100 -+++ Python-3.12.12/Lib/imaplib.py 2026-02-10 22:18:02.094605035 +0100 +--- Python-3.11.15.orig/Lib/imaplib.py 2026-03-06 16:06:31.545110864 +0100 ++++ Python-3.11.15/Lib/imaplib.py 2026-03-06 19:51:51.838695961 +0100 @@ -132,7 +132,7 @@ # We compile these in _mode_xxx. _Literal = br'.*{(?P<size>\d+)}$' @@ -30,10 +30,10 @@ data = data + b' ' + arg literal = self.literal -Index: Python-3.12.12/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst +Index: Python-3.11.15/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.12.12/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst 2026-02-10 22:18:02.095167966 +0100 ++++ Python-3.11.15/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst 2026-03-06 19:51:51.839096617 +0100 @@ -0,0 +1 @@ +Reject control characters in IMAP commands. ++++++ CVE-2025-15367-poplib-ctrl-chars.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.115668387 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.119668552 +0100 @@ -9,10 +9,10 @@ Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst | 1 + 3 files changed, 11 insertions(+) -Index: Python-3.11.14/Lib/poplib.py +Index: Python-3.11.15/Lib/poplib.py =================================================================== ---- Python-3.11.14.orig/Lib/poplib.py 2025-10-09 18:16:55.000000000 +0200 -+++ Python-3.11.14/Lib/poplib.py 2026-02-11 23:38:35.281675745 +0100 +--- Python-3.11.15.orig/Lib/poplib.py 2026-03-06 16:06:32.025693538 +0100 ++++ Python-3.11.15/Lib/poplib.py 2026-03-06 19:52:31.051258464 +0100 @@ -122,6 +122,8 @@ def _putcmd(self, line): if self._debugging: print('*cmd*', repr(line)) @@ -22,10 +22,10 @@ self._putline(line) -Index: Python-3.11.14/Lib/test/test_poplib.py +Index: Python-3.11.15/Lib/test/test_poplib.py =================================================================== ---- Python-3.11.14.orig/Lib/test/test_poplib.py 2025-10-09 18:16:55.000000000 +0200 -+++ Python-3.11.14/Lib/test/test_poplib.py 2026-02-11 23:39:24.009682813 +0100 +--- Python-3.11.15.orig/Lib/test/test_poplib.py 2026-03-06 16:06:33.708669394 +0100 ++++ Python-3.11.15/Lib/test/test_poplib.py 2026-03-06 19:52:31.052258474 +0100 @@ -16,6 +16,7 @@ from test.support import socket_helper from test.support import threading_helper @@ -48,10 +48,10 @@ @requires_ssl def test_stls_capa(self): capa = self.client.capa() -Index: Python-3.11.14/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst +Index: Python-3.11.15/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ Python-3.11.14/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst 2026-02-11 23:38:35.282276228 +0100 ++++ Python-3.11.15/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst 2026-03-06 19:52:31.053950556 +0100 @@ -0,0 +1 @@ +Reject control characters in POP3 commands. ++++++ Python-3.11.14.tar.xz -> Python-3.11.15.tar.xz ++++++ /work/SRC/openSUSE:Factory/python311/Python-3.11.14.tar.xz /work/SRC/openSUSE:Factory/.python311.new.8177/Python-3.11.15.tar.xz differ: char 27, line 1 ++++++ Python-3.11.14.tar.xz.sigstore -> Python-3.11.15.tar.xz.sigstore ++++++ --- /work/SRC/openSUSE:Factory/python311/Python-3.11.14.tar.xz.sigstore 2025-10-17 17:25:30.849314400 +0200 +++ /work/SRC/openSUSE:Factory/.python311.new.8177/Python-3.11.15.tar.xz.sigstore 2026-03-10 17:46:51.303552304 +0100 @@ -1 +1 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzjCCAlSgAwIBAgIUa/Cqr03VT8ZG9vr8vnKbBg+smbAwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUxMDA5MTcwNjE1WhcNMjUxMDA5MTcxNjE1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEV8hmCidc4iLoE7KY0EoSx+WzOVw+SRGe3TqZASn60wUXvIAGEngDUM2GJGZ2zciFho4j5aL3QiN9iXRluy1KgqOCAXMwggFvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUTkropBHt0kanFqilhuJTKPsup4EwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGZyfAIbAAABAMASDBGAiEA4/DdAlVJKgAy0hm3sqtUk8eDDPrlFeYNhPJLNI6CgnECIQCxS/bIAbLLdlzAcy6oNNNiUOdVCU7a1Wf0qL8inGhBzTAKBggqhkjOPQQDAwNoADBlAjEAqwMoQEolvvwMVety1mnyufr6P+YikV6nd1aZZnGQAlbvwgv/ mac7l0DysGh40Gs6AjAZVV5V/fNk4RpyKJCRvWkYe9ciAu6QXHbj4dWXTsjxqkx42zgZ2SOEx4951KqOX/0="}, "tlogEntries": [{"logIndex": "597736248", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1760029575", "inclusionPromise": {"signedEntryTimestamp": "MEQCIGcnPF/TJIG89Te/QJ2plfcmZaFwWMS5gwUj/i4UD+lHAiA6U8MIzjmRCPkoV9GAiUhcS8Y+EfKoxjkhkuaRsZr+1A=="}, "inclusionProof": {"logIndex": "475831986", "rootHash": "2ivwpfqfDfFhP4xZsUzcUodxk2RqHL7UJtjrVnNC+aY=", "treeSize": "475831987", "hashes": ["EcNr6novO9JFYu0MhiZEkbLuFQ0Fu33e/EikpWhJfSc=", "JUI3wLXg1JVyXKG83MkLnF48cYp3AvZ5owiKHlrcNT0=", "2/6dc8665sZ7nRZxfMqTRpwkYyvJC3vhCTtENDZ/Xg0=", "N/EKp5CRZK9LCux3vDsddWopaheQu0XNoNsWQ0+QVp8=", "CY4WrDD4KG0hsBLDiG+NQtd+muyaPZ5U48/sqDhod7s=", "b8mEVvlpxhRNmn5Z2Sg5pTM4nTx+G0MIDaE/JGACftg=", "xVDKr3yUl/tQsbx7ocbC8nBJwKmRqVd7Hl4VohToH/Y=", "BQdEs/qH6M+bN2pXY4iylKeXMJIVCIts/G7pNbq0Pe4=", "qitr//U2XNNlKMCHm7tD8fHXneUmKumQFG9 lYb3sxMk=", "7hzNnRc2wXwu0fNMVF1BVE2rgN+7YiNho0SMqXqadcc=", "qXhJobQjWl6SO/pue3trUW2uL4jXx24Ip7lpd4hc5bU=", "56ObhlROm9L8Q4JyN+mxEQ5pZD5QdobB1xZFIeL0lVg=", "EGaD/cNavzxGYLx1Gl0uNNWBZvyXlSHSdlIeH7m+63A=", "2Wv4GiithwNukRKV06clevnQQYCzXmSS/+/OJtXgsXQ=", "1mfy94KpcItqshH9+gwqV6jccupcaMpVsF28New8zDY=", "vS7O4ozHIQZJWBiov+mkpI27GE8zAmVCEkRcP3NDyNE="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n475831987\n2ivwpfqfDfFhP4xZsUzcUodxk2RqHL7UJtjrVnNC+aY=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEAnD+Qljgsyi38h/qMtYdENwkJz0F/seAi4gExs1pm4bYCIFCTOElI5MtH4Lm61GXhPyTHiQ8T8TaLZnbx6D4I8G+H\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4ZDNlZDhlYzVjODhjMWM5NWY1ZTU1ODYxMmE3MjU0NTBkMjQ1MjgxM2RkYWQ1ZTU4ZmRiMWE1M2IxMjA5Yjc4In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRUwvOHkrREM3QkpPaUVuUGM5R2F6VGN3MTZYc2xNMlNEU2dYVlEyTVl2REFpQVBrbk1GcjNRMVZoenRnR3VtVjVDUHFvb2JQTzVSUVIz YU9SanVvSXgyN1E9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZha05EUVd4VFowRjNTVUpCWjBsVllTOURjWEl3TTFaVU9GcEhPWFp5T0hadVMySkNaeXR6YldKQmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZlRTFFUVRWTlZHTjNUbXBGTVZkb1kwNU5hbFY0VFVSQk5VMVVZM2hPYWtVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZXT0dodFEybGtZelJwVEc5Rk4wdFpNRVZ2VTNnclYzcFBWbmNyVTFKSFpUTlVjVm9LUVZOdU5qQjNWVmgyU1VGSFJXNW5SRlZOTWtkS1Ixb3llbU5wUm1odk5HbzFZVXd6VVdsT09XbFlVbXgxZVRGTFozRlBRMEZZVFhkblowWjJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZVYTNKdkNuQkNTSFF3YTJGdVJuRnBiR2gxU2xSTFVITjFjRFJGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyW TIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRNUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJTUVVS1pYZENOVUZJWTBFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIxcDVaa0ZKWWtGQlFRcENRVTFCVTBSQ1IwRnBSVUUwTDBSa1FXeFdTa3RuUVhrd2FHMHpjM0YwVldzNFpVUkVVSEpzUm1WWlRtaFFTa3hPU1RaRFoyNUZRMGxSUTNoVEwySkpDa0ZpVEV4a2JIcEJZM2syYjA1T1RtbFZUMlJXUTFVM1lURlhaakJ4VERocGJrZG9RbnBVUVV0Q1oyZHhhR3RxVDFCUlVVUkJkMDV2UVVSQ2JFRnFSVUVLY1hkTmIxRkZiMngyZG5kTlZtVjBlVEZ0Ym5sMVpuSTJVQ3RaYVd0V05tNWtNV0ZhV201SFVVRnNZblozWjNZdmJXRmpOMnd3UkhselIyZzBNRWR6TmdwQmFrRmFWbFkxVmk5bVRtczBVbkI1UzBwRFVuWlhhMWxsT1dOcFFYVTJVVmhJWW1vMFpGZFlWSE5xZUhGcmVEUXllbWRhTWxOUFJYZzBPVFV4UzNGUENsZ3ZNRDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SH A2_256", "digest": "jT7Y7FyIwclfXlWGEqclRQ0kUoE92tXlj9saU7Egm3g="}, "signature": "MEQCIEL/8y+DC7BJOiEnPc9GazTcw16XslM2SDSgXVQ2MYvDAiAPknMFr3Q1VhztgGumV5CPqoobPO5RQR3aORjuoIx27Q=="}} +{"mediaType":"application/vnd.dev.sigstore.bundle.v0.3+json","verificationMaterial":{"certificate":{"rawBytes":"MIICzTCCAlKgAwIBAgIUVyVRcqXdAMuxUSVZptJ+6eZKm0swCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwMzAzMDEwNDIyWhcNMjYwMzAzMDExNDIyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4bCrrwAl9ojG/jCXyN/sWSVcTvPDsHgafrczoZrmhM4YBXKoJwhhI8HHiNjKdjK/gcelYfNzm3kdGwZnEWhnHaOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU9I5aI9ujXF6sITbCk2vxbdoUoD4wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wIgYDVR0RAQH/BBgwFoEUcGFibG9nc2FsQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGcsTmFPQAABAMARjBEAiAfKV4932gZgbat/glNz5FraTeDrCcEq03ta3E3tF4NBQIgFYG9TJYERGOBzl1x+MOcd+zB47NNHlAoCmILfTSdiKgwCgYIKoZIzj0EAwMDaQAwZgIxAOSxxc6G21MJac3dkN55PLRH53dyjObpwTTykZFGpTpjuUo2O3ft9QEPZ itkA6Nm4wIxAPCQecOoqRnP6OEP51arhHdtMVknBJMaJ26wfyRSVsnKyi3DHF30nTOuVetJ2Fam4w=="},"tlogEntries":[{"logIndex":"1013496923","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1772499863","inclusionPromise":{"signedEntryTimestamp":"MEYCIQD9btJM4z88Jjs+dnFQPNitVE00joL/V0oaZYH6gxGMZgIhAKXx4hnuI60kDzRtvSOt1jZnggLTyiQF0LnSiqa4qk0D"},"inclusionProof":{"logIndex":"891592661","rootHash":"JK+1Umj5tvwdPhfBBbYD5UpiZA4fGUrt4GwehHKIcNI=","treeSize":"891592665","hashes":["s5AxwJ+t2gq0HIqW+ns8u59lldXwfv+yc2A3BGSrPis=","PAtZZmfHY9yavnppNM9Gmk+WqCJp68j2DVyB1/9QZ7w=","YpXdu4vbBuO+tHi1rd5gt5zbNu1csURZQROlGGw8StI=","oHenKqg2Pax643jd6J9plud+zRvWWr4XylTQ7ZuGesc=","2Fgbz1TsPBrhhyJNzNlf97xasPVWvjTRnxCIdVO85ZY=","BAVTdfJ//YgqqbF5CC5ly+o4KGLRQAapZTb7z0bEFFU=","vkI1W3s2WTouxaKvL+oEa85gPCaXFne20armi9bsfOw=","Kr1IZBtxX03UsOZdo6rsM2EPV0/q75toGqzT+3K/ri8=","Kjof0zMo+Hb6JNPs/Yoxt0ZOVOTDkBVzPDvA14+ONiM=","ZtgvM2m+592JolIGliHZ1mgjp h/xHOzG6lmyNtQuw8o=","yaLcjLp9ldnUTWyy/PouoOddMS22Et9RPJrGE7WCDYc=","50BdkX7nkRgG4UrWoLVyZogLPlcHZQP2khTmOteFbho=","UFjcw2ByTVPBmHuBXkpFOLynDtU0JPa0rs1lvSVm9ns=","UfqWnx1YuXWnR6tQB8LboYpg7AuaUmwROEn7wJBVDjM=","HU7296NTl8Wek0AyCPeTMXdik0fZbtCiBDPDqVeye0E=","Xo5tam8gxbsWohATkFEqn5hvHpPFwBJ0SDjNE5DiI2A=","ZleKYeRKwUF3HP3HO0kxHMVeJgY3N/euGinVhlVWaq0=","fLAvE46NqCVV86EpB2pKkwJlFjjFk7ntX3lC+PiZuIo=","T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="],"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\n891592665\nJK+1Umj5tvwdPhfBBbYD5UpiZA4fGUrt4GwehHKIcNI=\n\n— rekor.sigstore.dev wNI9ajBEAiAltxt+A0tLVa+o0H/ajiGUgmqyTo4EnQ61UY0mMB8GewIgaNKdAMRpHkk9y09X1pjyH++ayq8uM37PI8q8rJNEYYg=\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyNzIxNzlkZGQ5YTJlNDFhMGZjOGU0MmUzM2RmYmRjYTBiMzcxMWFhNWFiZjM3MmQzZjJkNTE1NDNkMDliNjI1In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURlTUZ3ZHVwZ0l KaWxJWHJ6SWtTS0dhcXV1dlRNS3BYZnJZZ25qbzNpbXl3SWhBTzVxdzRTMkI5WW9WbkpxOGhMTUdUakk0Uk1VL3hYdTlCZWxVenRXQlRiSiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZWRU5EUVd4TFowRjNTVUpCWjBsVlZubFdVbU54V0dSQlRYVjRWVk5XV25CMFNpczJaVnBMYlRCemQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDE2UVhwTlJFVjNUa1JKZVZkb1kwNU5hbGwzVFhwQmVrMUVSWGhPUkVsNVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVUwWWtOeWNuZEJiRGx2YWtjdmFrTlllVTR2YzFkVFZtTlVkbEJFYzBobllXWnlZM29LYjFweWJXaE5ORmxDV0V0dlNuZG9hRWs0U0VocFRtcExaR3BMTDJkalpXeFpaazU2YlROclpFZDNXbTVGVjJodVNHRlBRMEZZUlhkblowWjBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlU1U1RWaENrazVkV3BZUmpaelNWUmlRMnN5ZG5oaVpHOVZiMFEwZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5G a0tXa1E0ZDBsbldVUldVakJTUVZGSUwwSkNaM2RHYjBWVlkwZEdhV0pIT1c1ak1rWnpVVWhDTldSSGFIWmlhVFYyWTIxamQwdFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FWRlJZbUZJVWpCalNFMDJUSGs1YUZreVRuWmtWelV3WTNrMWJtSXlPVzVpUjFWMVdUSTVkRTFEYzBkRGFYTkhRVkZSUW1jM09IZEJVV2RGQ2toUmQySmhTRkl3WTBoTk5reDVPV2haTWs1MlpGYzFNR041Tlc1aU1qbHVZa2RWZFZreU9YUk5TVWRLUW1kdmNrSm5SVVZCWkZvMVFXZFJRMEpJYzBVS1pWRkNNMEZJVlVFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdOMjgwUVVGQlIyTnpWRzFHVUZGQlFRcENRVTFCVW1wQ1JVRnBRV1pMVmpRNU16Sm5XbWRpWVhRdloyeE9lalZHY21GVVpVUnlRMk5GY1RBemRHRXpSVE4wUmpST1FsRkpaMFpaUnpsVVNsbEZDbEpIVDBKNmJERjRLMDFQWTJRcmVrSTBOMDVPU0d4QmIwTnRTVXhtVkZOa2FVdG5kME5uV1VsTGIxcEplbW93UlVGM1RVUmhVVUYzV21kSmVFRlBVM2dLZUdNMlJ6SXhUVXBoWXpOa2EwNDFOVkJNVWtnMU0yUjVhazlpY0hkVVZIbHJXa1pIY0ZSd2FuVlZiekpQTTJaME9WRkZVRnBwZEd0Qk5rNXROSGRKZUFwQlVFTlJaV05QYjNGU2JsQTJUMFZRTlRGaGNtaElaSFJOVm10dVFrcE5ZVW95Tm5kbWVWSlRWbk51UzNscE0wUklSak13YmxSUGRWWmxkRW95Um1GdENqUjNQVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]," timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIIE6jADAgEAMIIE4QYJKoZIhvcNAQcCoIIE0jCCBM4CAQMxDTALBglghkgBZQMEAgEwgcIGCyqGSIb3DQEJEAEEoIGyBIGvMIGsAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgBlVGEfl0/jl+NOiYqgPhx9Y6GPmDU/KL9fvcf0aNr44CFQCQB7SaN05xLwMMLTF9PcntJo4EyRgPMjAyNjAzMDMwMTA0MjNaMAMCAQECCHfOPhf2vU81oDKkMDAuMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxFTATBgNVBAMTDHNpZ3N0b3JlLXRzYaCCAhQwggIQMIIBlqADAgECAhQ6E1QvDJBh7rzBQy/Lio6LKiOLDDAKBggqhkjOPQQDAzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkMB4XDTI1MDQwODA2NTk0M1oXDTM1MDQwNjA2NTk0M1owLjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MRUwEwYDVQQDEwxzaWdzdG9yZS10c2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATitrZnyEo2KDZP2QWMIBOgYbfSOTL5ZC/cHMv6Yq+HVIo1H9TC7Cx80KDiyvKhgB3wTqKyi9UDczhqg12b1AOLnRnydMTK+qB8M+1MjBci1+Jb8AV/VXu7CRuQCiPTHFyjajBoMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUif15Q4fP0GVGwwJGxyxzW3206wMwHwYDVR0jBBgwFoAUmOwB73+7Uf/UlR5vioiYUweJzr8wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwCgYIKoZIzj0EAwMDaAAwZQIwO2mxX/opo7SrIX9Q yxfZpJRcpAV2gZOm1AZzR+2rVyy6Uc8Ybp2ybIw13ckH4bcRAjEA5qO8FyOkmYpvg2/7ZNqiPxRzn5vqKHoVcIIqtpKq6l7TvOqzAxxclN7VwTG8e++XMYIB2zCCAdcCAQEwUTA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQ6E1QvDJBh7rzBQy/Lio6LKiOLDDALBglghkgBZQMEAgGggfwwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yNjAzMDMwMTA0MjNaMC8GCSqGSIb3DQEJBDEiBCD5NBdRMWFs/yHd18Ieiy21PmhCfG+jo/7KrvIcHwYoWzCBjgYLKoZIhvcNAQkQAi8xfzB9MHsweQQghfknvAerYsrDtENWwQ78gbLGiD/aernm2HDZ0TrNBbcwVTA9pDswOTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Etc2VsZnNpZ25lZAIUOhNULwyQYe68wUMvy4qOiyojiwwwCgYIKoZIzj0EAwIEZzBlAjEAxklFvFksLU54DXUFBzPyV5IkH+rmD2qd366o3p93HRUEGuCrd7vbH1NFjLm3TVh8AjAjU0CW80Ez9El7s3R06h1VqONDo8mmkV/j2Mo1D93iHMk7Sn2uaQhe5N6EK4diBII="}]}},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"JyF53dmi5BoPyOQuM9+9ygs3EapavzctPy1RVD0JtiU="},"signature":"MEYCIQDeMFwdupgIJilIXrzIkSKGaquuvTMKpXfrYgnjo3imywIhAO5qw4S2B9YoVnJq8hLMGTjI4RMU/xXu9BelUztWBTbJ"}} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.255674166 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.259674332 +0100 @@ -1,6 +1,6 @@ -mtime: 1770946267 -commit: b8edb6fb5d42a96986ca36054ac792e128b4b85434a3f294f3afd48007d3f262 +mtime: 1773012376 +commit: d7ebe637040a7e6c1bfcffabb6db9df0a7a1929436fd74800abe4cf637e26fb5 url: https://src.opensuse.org/python-interpreters/python311.git -revision: b8edb6fb5d42a96986ca36054ac792e128b4b85434a3f294f3afd48007d3f262 +revision: d7ebe637040a7e6c1bfcffabb6db9df0a7a1929436fd74800abe4cf637e26fb5 projectscmsync: https://src.opensuse.org/python-interpreters/_ObsPrj ++++++ bso1227999-reproducible-builds.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.303676148 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.315676643 +0100 @@ -12,9 +12,11 @@ Doc/library/functions.rst | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) ---- a/Doc/conf.py -+++ b/Doc/conf.py -@@ -316,7 +316,8 @@ html_context = { +Index: Python-3.11.15/Doc/conf.py +=================================================================== +--- Python-3.11.15.orig/Doc/conf.py 2026-03-03 01:52:57.000000000 +0100 ++++ Python-3.11.15/Doc/conf.py 2026-03-06 18:23:39.828089970 +0100 +@@ -316,7 +316,8 @@ } # This 'Last updated on:' timestamp is inserted at the bottom of every page. @@ -24,9 +26,11 @@ # Path to find HTML templates. templates_path = ['tools/templates'] ---- a/Doc/library/functions.rst -+++ b/Doc/library/functions.rst -@@ -1356,7 +1356,7 @@ are always available. They are listed h +Index: Python-3.11.15/Doc/library/functions.rst +=================================================================== +--- Python-3.11.15.orig/Doc/library/functions.rst 2026-03-03 01:52:57.000000000 +0100 ++++ Python-3.11.15/Doc/library/functions.rst 2026-03-06 18:23:39.829089979 +0100 +@@ -1356,7 +1356,7 @@ (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, and :mod:`shutil`. ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-03-09 00:26:32.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ fix_configure_rst.patch ++++++ --- /var/tmp/diff_new_pack.PSLomS/_old 2026-03-10 17:46:54.531685560 +0100 +++ /var/tmp/diff_new_pack.PSLomS/_new 2026-03-10 17:46:54.539685890 +0100 @@ -3,10 +3,10 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) -Index: Python-3.11.14/Doc/using/configure.rst +Index: Python-3.11.15/Doc/using/configure.rst =================================================================== ---- Python-3.11.14.orig/Doc/using/configure.rst 2025-11-15 19:14:54.096952433 +0100 -+++ Python-3.11.14/Doc/using/configure.rst 2025-11-15 19:15:04.439920979 +0100 +--- Python-3.11.15.orig/Doc/using/configure.rst 2026-03-06 16:06:43.304945441 +0100 ++++ Python-3.11.15/Doc/using/configure.rst 2026-03-06 16:06:55.576758292 +0100 @@ -43,7 +43,6 @@ See :data:`sys.int_info.bits_per_digit <sys.int_info>`. @@ -29,11 +29,11 @@ .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.11.14/Misc/NEWS +Index: Python-3.11.15/Misc/NEWS =================================================================== ---- Python-3.11.14.orig/Misc/NEWS 2025-11-15 19:14:54.096952433 +0100 -+++ Python-3.11.14/Misc/NEWS 2025-11-15 19:15:04.445942414 +0100 -@@ -9987,7 +9987,7 @@ +--- Python-3.11.15.orig/Misc/NEWS 2026-03-06 16:06:43.304945441 +0100 ++++ Python-3.11.15/Misc/NEWS 2026-03-06 16:06:55.580059032 +0100 +@@ -10081,7 +10081,7 @@ - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name
