Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python313 for openSUSE:Factory checked in at 2026-04-15 16:03:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python313 (Old) and /work/SRC/openSUSE:Factory/.python313.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python313" Wed Apr 15 16:03:01 2026 rev:40 rq:1345198 version:3.13.13 Changes: -------- --- /work/SRC/openSUSE:Factory/python313/python313.changes 2026-04-01 19:50:26.060629503 +0200 +++ /work/SRC/openSUSE:Factory/.python313.new.21863/python313.changes 2026-04-15 16:03:04.179296659 +0200 @@ -1,0 +2,287 @@ +Wed Apr 8 11:02:00 UTC 2026 - Matej Cepl <[email protected]> + +- Update to 3.13.13 + - Security + - gh-145986: xml.parsers.expat: Fixed a crash caused by + unbounded C recursion when converting deeply nested XML + content models with ElementDeclHandler(). This addresses + CVE 2026-4224 (bsc#1259735, CVE-2026-4224). + - gh-145599: Reject control characters in http.cookies.Morsel + update() and js_output(). This addresses CVE 2026-3644 + (bsc#1259734, CVE-2026-3644). + - gh-145506: Fixes CVE 2026-2297 by ensuring that + SourcelessFileLoader uses io.open_code() when opening .pyc + files (bsc#1259240, CVE-2026-2297). + - gh-144370: Disallow usage of control characters in status + in wsgiref.handlers to prevent HTTP header injections. + Patch by Benedikt Johannes. + - gh-143930: Reject leading dashes in URLs passed to + webbrowser.open() (bsc#1260026, CVE-2026-4519). + - Library + - gh-144503: Fix a regression introduced in 3.14.3 and + 3.13.12 where the multiprocessing forkserver start method + would fail with BrokenPipeError when the parent process had + a very large sys.argv. The argv is now passed to the + forkserver as separate command-line arguments rather than + being embedded in the -c command string, avoiding the + operating system’s per-argument length limit. + - gh-146613: itertools: Fix a crash in itertools.groupby() + when the grouper iterator is concurrently mutated. + - gh-146080: ssl: fix a crash when an SNI callback tries to + use an SSL object that has already been garbage-collected. + Patch by Bénédikt Tran. + - gh-146090: sqlite3: fix a crash when + sqlite3.Connection.create_collation() fails with + SQLITE_BUSY. Patch by Bénédikt Tran. + - gh-146090: sqlite3: properly raise MemoryError instead of + SystemError when a context callback fails to be allocated. + Patch by Bénédikt Tran. + - gh-145633: Fix struct.pack('f', float): use PyFloat_Pack4() + to raise OverflowError. Patch by Sergey B Kirpichev and + Victor Stinner. + - gh-146310: The ensurepip module no longer looks for + pip-*.whl wheel packages in the current directory. + - gh-146083: Update bundled libexpat to version 2.7.5. + - gh-146076: zoneinfo: fix crashes when deleting _weak_cache + from a zoneinfo.ZoneInfo subclass. + - gh-146054: Limit the size of encodings.search_function() + cache. Found by OSS Fuzz in #493449985. + - gh-145883: zoneinfo: Fix heap buffer overflow reads from + malformed TZif data. Found by OSS Fuzz, issues #492245058 + and #492230068. + - gh-145750: Avoid undefined behaviour from signed integer + overflow when parsing format strings in the struct module. + Found by OSS Fuzz in #488466741. + - gh-145492: Fix infinite recursion in + collections.defaultdict __repr__ when a defaultdict + contains itself. Based on analysis by KowalskiThomas in + gh-145492. + - gh-145623: Fix crash in struct when calling repr() or + __sizeof__() on an uninitialized struct.Struct object + created via Struct.__new__() without calling __init__(). + - gh-145616: Detect Android sysconfig ABI correctly on 32-bit + ARM Android on 64-bit ARM kernel + - gh-145376: Fix null pointer dereference in unusual error + scenario in hashlib. + - gh-145551: Fix InvalidStateError when cancelling process + created by asyncio.create_subprocess_exec() or + asyncio.create_subprocess_shell(). Patch by Daan De Meyer. + - gh-145417: venv: Prevent incorrect preservation of SELinux + context when copying the Activate.ps1 script. The script + inherited the SELinux security context of the system + template directory, rather than the destination project + directory. + - gh-145301: hashlib: fix a crash when the initialization of + the underlying C extension module fails. + - gh-145264: Base64 decoder (see binascii.a2b_base64(), + base64.b64decode(), etc) no longer ignores excess data + after the first padded quad in non-strict (default) mode. + Instead, in conformance with RFC 4648, section 3.3, it now + ignores the pad character, “=”, if it is present before the + end of the encoded data. + - gh-145158: Avoid undefined behaviour from signed integer + overflow when parsing format strings in the struct module. + - gh-144984: Fix crash in + xml.parsers.expat.xmlparser.ExternalEntityParserCreate() + when an allocation fails. The error paths could dereference + NULL handlers and double-decrement the parent parser’s + reference count. + - gh-88091: Fix unicodedata.decomposition() for Hangul + characters. + - gh-144835: Added missing explanations for some parameters + in glob.glob() and glob.iglob(). + - gh-144833: Fixed a use-after-free in ssl when SSL_new() + returns NULL in newPySSLSocket(). The error was reported + via a dangling pointer after the object had already been + freed. + - gh-144259: Fix inconsistent display of long multiline + pasted content in the REPL. + - gh-144156: Fix the folding of headers by the email library + when RFC 2047 encoded words are used. Now whitespace is + correctly preserved and also correctly added between + adjacent encoded words. The latter property was broken by + the fix for gh-92081, which mostly fixed previous failures + to preserve whitespace. + - gh-66305: Fixed a hang on Windows in the tempfile module + when trying to create a temporary file or subdirectory in + a non-writable directory. + - gh-140814: multiprocessing.freeze_support() no longer sets + the default start method as a side effect, which previously + caused a subsequent multiprocessing.set_start_method() call + to raise RuntimeError. + - gh-144475: Calling repr() on functools.partial() is now + safer when the partial object’s internal attributes are + replaced while the string representation is being + generated. + - gh-144538: Bump the version of pip bundled in ensurepip to + version 26.0.1 + - gh-144363: Update bundled libexpat to 2.7.4 + - gh-143637: Fixed a crash in socket.sendmsg() that could + occur if ancillary data is mutated re-entrantly during + argument parsing. + - gh-143880: Fix data race in functools.partial() in the free + threading build. + - gh-143543: Fix a crash in itertools.groupby that could + occur when a user-defined __eq__() method re-enters the + iterator during key comparison. + - gh-140652: Fix a crash in _interpchannels.list_all() after + closing a channel. + - gh-143698: Allow scheduler and setpgroup arguments to be + explicitly None when calling os.posix_spawn() or + os.posix_spawnp(). Patch by Bénédikt Tran. + - gh-143698: Raise TypeError instead of SystemError when the + scheduler in os.posix_spawn() or os.posix_spawnp() is not + a tuple. Patch by Bénédikt Tran. + - gh-143304: Fix ctypes.CDLL to honor the handle parameter on + POSIX systems. + - gh-142781: zoneinfo: fix a crash when instantiating + ZoneInfo objects for which the internal class-level cache + is inconsistent. + - gh-142763: Fix a race condition between zoneinfo.ZoneInfo + creation and zoneinfo.ZoneInfo.clear_cache() that could + raise KeyError. + - gh-142787: Fix assertion failure in sqlite3 blob subscript + when slicing with indices that result in an empty slice. + - gh-142352: Fix asyncio.StreamWriter.start_tls() to transfer + buffered data from StreamReader to the SSL layer, + preventing data loss when upgrading a connection to TLS + mid-stream (e.g., when implementing PROXY protocol + support). + - gh-141707: Don’t change tarfile.TarInfo type from AREGTYPE + to DIRTYPE when parsing GNU long name or link headers + (bsc#1259611, CVE-2025-13462). + - gh-139933: Improve AttributeError suggestions for classes + with a custom __dir__() method returning a list of + unsortable values. Patch by Bénédikt Tran. + - gh-138891: Fix SyntaxError when inspect.get_annotations(f, + eval_str=True) is called on a function annotated with a PEP + 646 star_expression + - gh-137335: Get rid of any possibility of a name conflict + for named pipes in multiprocessing and asyncio on Windows, + no matter how small. + - gh-80667: Support lookup for Tangut Ideographs in + unicodedata. + - bpo-40243: Fix unicodedata.ucd_3_2_0.numeric() for + non-decimal values. + - Documentation + - gh-126676: Expand argparse documentation for type=bool with + a demonstration of the surprising behavior and pointers to + common alternatives. + - gh-145450: Document missing public wave.Wave_write getter + methods. + - Core and Builtins + - gh-148157: Fix an unlikely crash when parsing an invalid + type comments for function parameters. Found by OSS Fuzz in + #492782951. + - gh-146615: Fix a crash in __get__() for METH_METHOD + descriptors when an invalid (non-type) object is passed as + the second argument. Patch by Steven Sun. + - gh-146128: Fix a bug which could cause constant values to + be partially corrupted in AArch64 JIT code. This issue is + theoretical, and hasn’t actually been observed in + unmodified Python interpreters. + - gh-146250: Fixed a memory leak in SyntaxError when + re-initializing it. + - gh-146245: Fixed reference leaks in socket when audit hooks + raise exceptions in socket.getaddrinfo() and + socket.sendto(). + - gh-146227: Fix wrong type in _Py_atomic_load_uint16 in the + C11 atomics backend (pyatomic_std.h), which used a 32-bit + atomic load instead of 16-bit. Found by Mohammed Zuhaib. + - gh-146056: Fix repr() for lists containing NULLs. + - gh-145990: python --help-env sections are now sorted by + environment variable name. + - gh-145376: Fix GC tracking in structseq.__replace__(). + - gh-142183: Avoid a pathological case where repeated calls + at a specific stack depth could be significantly slower. + - gh-145783: Fix an unlikely crash in the parser when certain + errors were erroneously not propagated. Found by OSS Fuzz + in #491369109. + - gh-145701: Fix SystemError when __classdict__ or + __conditional_annotations__ is in a class-scope inlined + comprehension. Found by OSS Fuzz in #491105000. + - gh-145335: Fix a crash in os.pathconf() when called with -1 + as the path argument. + - gh-145234: Fixed a SystemError in the parser when an + encoding cookie (for example, UTF-7) decodes to carriage + returns (\r). Newlines are now normalized after decoding in + the string tokenizer. + - Patch by Pablo Galindo. + - gh-130555: Fix use-after-free in dict.clear() when the + dictionary values are embedded in an object and + a destructor causes re-entrant mutation of the dictionary. + - gh-145008: Fix a bug when calling certain methods at the + recursion limit which manifested as a corruption of + Python’s operand stack. Patch by Ken Jin. + - gh-144872: Fix heap buffer overflow in the parser found by + OSS-Fuzz. + - gh-144766: Fix a crash in fork child process when perf + support is enabled. + - gh-144759: Fix undefined behavior in the lexer when start + and multi_line_start pointers are NULL in + _PyLexer_remember_fstring_buffers() and + _PyLexer_restore_fstring_buffers(). The NULL pointer + arithmetic (NULL - valid_pointer) is now guarded with + explicit NULL checks. + - gh-144601: Fix crash when importing a module whose PyInit + function raises an exception from a subinterpreter. + - gh-143636: Fix a crash when calling + SimpleNamespace.__replace__() on non-namespace instances. + Patch by Bénédikt Tran. + - gh-143650: Fix race condition in importlib where a thread + could receive a stale module reference when another + thread’s import fails. + - gh-140594: Fix an out of bounds read when a single NUL + character is read from the standard input. Patch by Shamil + Abdulaev. + - gh-91636: While performing garbage collection, clear + weakrefs to unreachable objects that are created during + running of finalizers. If those weakrefs were are not + cleared, they could reveal unreachable objects. + - gh-130327: Fix erroneous clearing of an object’s __dict__ + if overwritten at runtime. + - gh-80667: Literals using the \N{name} escape syntax can now + construct CJK ideographs and Hangul syllables using + case-insensitive names. + - Build + - gh-146541: The Android testbed can now be built for 32-bit + ARM and x86 targets. + - gh-146450: The Android build script was modified to improve + parity with other platform build scripts. + - gh-145801: When Python build is optimized with GCC using + PGO, use -fprofile-update=atomic option to use atomic + operations when updating profile information. This option + reduces the risk of gcov Data Files (.gcda) corruption + which can cause random GCC crashes. Patch by Victor + Stinner. + - gh-129259: Fix AIX build failures caused by incorrect + struct alignment in _Py_CODEUNIT and _Py_BackoffCounter by + adding AIX-specific #pragma pack directives. + - Tests + - gh-144418: The Android testbed’s emulator RAM has been + increased from 2 GB to 4 GB. + - gh-146202: Fix a race condition in regrtest: make sure that + the temporary directory is created in the worker process. + Previously, temp_cwd() could fail on Windows if the “build” + directory was not created. Patch by Victor Stinner. + - gh-144739: When Python was compiled with system expat older + then 2.7.2 but tests run with newer expat, still skip + test.test_pyexpat.MemoryProtectionTest. +- Removed upstreamed patches: + - CVE-2025-13462-tarinfo-header-parse.patch + - CVE-2026-2297-SourcelessFileLoader-io_open_code.patch + - CVE-2026-3479-pkgutil_get_data.patch + - CVE-2026-3644-cookies-Morsel-update-II.patch + - CVE-2026-4224-expat-unbound-C-recursion.patch + - CVE-2026-4519-webbrowser-open-dashes.patch + +------------------------------------------------------------------- +Thu Apr 2 13:55:57 UTC 2026 - Matej Cepl <[email protected]> + +- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has + the same security model as open(). The documented limitations + ensure compatibility with non-filesystem loaders; Python + doesn't check that. (bsc#1259989, CVE-2026-3479, + gh#python/cpython#146121). + +------------------------------------------------------------------- Old: ---- CVE-2025-13462-tarinfo-header-parse.patch CVE-2026-2297-SourcelessFileLoader-io_open_code.patch CVE-2026-3644-cookies-Morsel-update-II.patch CVE-2026-4224-expat-unbound-C-recursion.patch CVE-2026-4519-webbrowser-open-dashes.patch Python-3.13.12.tar.xz Python-3.13.12.tar.xz.sigstore New: ---- Python-3.13.13.tar.xz Python-3.13.13.tar.xz.sigstore ----------(Old B)---------- Old:- Removed upstreamed patches: - CVE-2025-13462-tarinfo-header-parse.patch - CVE-2026-2297-SourcelessFileLoader-io_open_code.patch Old: - CVE-2025-13462-tarinfo-header-parse.patch - CVE-2026-2297-SourcelessFileLoader-io_open_code.patch - CVE-2026-3479-pkgutil_get_data.patch Old: - CVE-2026-3479-pkgutil_get_data.patch - CVE-2026-3644-cookies-Morsel-update-II.patch - CVE-2026-4224-expat-unbound-C-recursion.patch Old: - CVE-2026-3644-cookies-Morsel-update-II.patch - CVE-2026-4224-expat-unbound-C-recursion.patch - CVE-2026-4519-webbrowser-open-dashes.patch Old: - CVE-2026-4224-expat-unbound-C-recursion.patch - CVE-2026-4519-webbrowser-open-dashes.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python313.spec ++++++ --- /var/tmp/diff_new_pack.kFYdIF/_old 2026-04-15 16:03:09.011495307 +0200 +++ /var/tmp/diff_new_pack.kFYdIF/_new 2026-04-15 16:03:09.027495964 +0200 @@ -167,7 +167,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.13.12 +Version: 3.13.13 %define tarversion %{version} %define tarname Python-%{tarversion} Release: 0 @@ -236,21 +236,6 @@ # PATCH-FIX-UPSTREAM pass-test_write_read_limited_history.patch bsc#[0-9]+ [email protected] # Fix readline history truncation when length is reduced Patch48: pass-test_write_read_limited_history.patch -# PATCH-FIX-UPSTREAM CVE-2026-2297-SourcelessFileLoader-io_open_code.patch bsc#1259240 [email protected] -# Ensure SourcelessFileLoader uses io.open_code -Patch49: CVE-2026-2297-SourcelessFileLoader-io_open_code.patch -# PATCH-FIX-UPSTREAM CVE-2026-3644-cookies-Morsel-update-II.patch bsc#1259734 [email protected] -# Reject control characters in http.cookies.Morsel.update() and http.cookies.BaseCookie.js_output -Patch50: CVE-2026-3644-cookies-Morsel-update-II.patch -# PATCH-FIX-UPSTREAM CVE-2026-4224-expat-unbound-C-recursion.patch bsc#1259735 [email protected] -# Avoid unbound C recursion in conv_content_model -Patch51: CVE-2026-4224-expat-unbound-C-recursion.patch -# PATCH-FIX-UPSTREAM CVE-2025-13462-tarinfo-header-parse.patch bsc#1259611 [email protected] -# Skip TarInfo DIRTYPE normalization during GNU long name handling -Patch52: CVE-2025-13462-tarinfo-header-parse.patch -# PATCH-FIX-UPSTREAM CVE-2026-4519-webbrowser-open-dashes.patch bsc#1260026 [email protected] -# reject leading dashes in webbrowser URLs -Patch53: CVE-2026-4519-webbrowser-open-dashes.patch #### END OF PATCHES BuildRequires: autoconf-archive BuildRequires: automake ++++++ Python-3.13.12.tar.xz -> Python-3.13.13.tar.xz ++++++ /work/SRC/openSUSE:Factory/python313/Python-3.13.12.tar.xz /work/SRC/openSUSE:Factory/.python313.new.21863/Python-3.13.13.tar.xz differ: char 26, line 1 ++++++ Python-3.13.12.tar.xz.sigstore -> Python-3.13.13.tar.xz.sigstore ++++++ --- /work/SRC/openSUSE:Factory/python313/Python-3.13.12.tar.xz.sigstore 2026-02-18 17:04:28.847353743 +0100 +++ /work/SRC/openSUSE:Factory/.python313.new.21863/Python-3.13.13.tar.xz.sigstore 2026-04-15 16:03:04.067292054 +0200 @@ -1 +1 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyjCCAlCgAwIBAgIUd3BGt1gyhZ7BYbeseXA8c2DdibQwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwMjAzMTg0NjE3WhcNMjYwMjAzMTg1NjE3WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhYYPicRn+qIiC5+ir76HQcoQUTnX3KLGAgxVNTF5qRezq3JVyV0AeF353c+3WeEFB7GhcjofduneHxMs2p21A6OCAW8wggFrMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUG3GWlZLEo5y8PJOC6U6XWWbXq8cwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGcJNOo+wAABAMARzBFAiEApD1YZUZXVCGknmq657Zse2+YPJ/iZc2Pph8/wslkS7QCIB5mRDcUKHCP4TLuyjgHeDVI+A3qPbVma4+hhb6mQjIsMAoGCCqGSM49BAMDA2gAMGUCMQClqgtzmDVKL5zwgGROBysRopsp0461OQHyxhASnDJQG/tY0PveEuPb btU+TQINZaICMFqsBkwPD1Tgi9j/0k13uWkwL0IzBlQYTE/uDGDgGNWuLMGCBrQxmCX0Xf3DcXiSjQ=="}, "tlogEntries": [{"logIndex": "908847189", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1770144377", "inclusionPromise": {"signedEntryTimestamp": "MEUCIGNrL5qqFLzEyrVZqoLqGeluJyDcBiUW+xH2EhahmcsTAiEAm4PesuuW6wzQPbJ9nA2D3mBWVrjAWHkMzCPt3835QRs="}, "inclusionProof": {"logIndex": "786942927", "rootHash": "EgpCmVjI8oTeCJcLVThE/0oBJ+O3miuDi5862MoSKg4=", "treeSize": "786942929", "hashes": ["vDGmESfo+3WREhBX+C0JPCLCXw3NB5qxd5BNDVzbsY8=", "gh3YBupXIi36VWGWTVXREyz/aHq+ahuNYDvqZC5wvEU=", "mv7ccIGFOs2AwaHEU4thGs4NKJLDldENwpQ/I3ti4OY=", "kJutZiX5uChzl1jeE/mTtjkUPgMp1oyjS7NGcv8xdYM=", "+rsRdjiDSje1c9hKWpmUkBTK/nm+MBvFrl5DYf4aU8Y=", "5LuuvmQFM1Ryxvv0Lh7dEFIzxoQoQRnH7N6lRjJcCN4=", "II44u3SxcMKISKszNmAuwI0KJZIa6Un71DErWqv92N8=", "vj08yXl/3gdj1DXG6BkZp92sZ/er/vWcoo0pzk1YCLs=", "jzkc9wE6zVpNiJNdF2fSmIBYCVZtZfNfFENtxUj ZK5Q=", "ViaaI9ll2bJAEESz+ovl9K0tZOH1M6bjnFvwAKo5wj8=", "C8IdXG4/BpM/0SMt4jgVtVXsHbREYrssK0MuEKWpuhg=", "QdVJN4pI2za6IrM4/I4o9aeZMiXnx7faJSZQMhMmtU8=", "sCWg+jViEKkz6QEEx56tYG4vykLu2WiALyfOcM96toQ=", "AAtQsmfrXzumS5rosvNxszWd2XG1lRck4WtRuwVAiU8=", "bGXXJ36FovKuLHu/UAyDMaXYRCr5fKcrc9rlbjQ7HDs=", "iEKYdHrZdRVr6DbpjA8Lcwmot+QZOoeZ1BAEuu/Bvro=", "RBHg3kfW74vkatMSjoUEMZxs4pXkX6y3f906Fc2Yc0Y=", "YEPMagC4YFWQMmrwdZHLOWJudK6RRRuGHVQ8/uADabI=", "yeCWAa93hha1YBKuFn93zBzKbqQW3tYHrgkSp5U7ndU=", "4O6YxKguFZGEr7Xsa3hqNAN2Qq7uVVat/IV4masT570=", "F9MSQ5SmoFr+hoADclpdFY52/TLfHDnNPYb9ZNYO5gI=", "T4DqWD42hAtN+vX8jKCWqoC4meE4JekI9LxYGCcPy1M="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n786942929\nEgpCmVjI8oTeCJcLVThE/0oBJ+O3miuDi5862MoSKg4=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEAinMhjfRYpijs93FgPot0PIVfGyDAV8ku7dd/XeHM9HQCIEuCtFplaxKCpc0DDbSve4E43M7ldHHk4Yo+Cp2rgcAe\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7 Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYTg0Y2QzMWRkOGQ4ZWE4YWFmZjc1ZGU2NmZjMWI0YjAxMjdkZDU3OTlhYTUwYTY0YWU5YTMxMzg4NWI0NTkzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNCM3U2MzF0Rk9vV1A5QzA3UEMyWG5HTEd2UllFSGJPZ1ZYVW5OUGxvYnV3SWdaVGxxR2dMYjJ0Wi9XSWp6bEE3RXFQR01LNE10Q3h4RFpvdnVYcUJLditvPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVha05EUVd4RFowRjNTVUpCWjBsVlpETkNSM1F4WjNsb1dqZENXV0psYzJWWVFUaGpNa1JrYVdKUmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDFxUVhwTlZHY3dUbXBGTTFkb1kwNU5hbGwzVFdwQmVrMVVaekZPYWtVelYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZvV1ZsUWFXTlNiaXR4U1dsRE5TdHBjamMyU0ZGamIxRlZWRzVZTTB0TVIwRm5lRllLVGxSR05YRlNaWHB4TTBwV2VWWXdRV1ZHTXpVell5c3pWMlZGUmtJM1IyaGphbTltWkhWdVpVaDRUWE15Y0RJeFFUWlBRMEZYT0hkblowWnlUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQ lZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZITTBkWENteGFURVZ2TlhrNFVFcFBRelpWTmxoWFYySlljVGhqZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpRS1FVaFpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWTBwT1QyOHJkMEZCUWtGTlFRcFNla0pHUVdsRlFYQkVNVmxhVlZwWVZrTkhhMjV0Y1RZMU4xcHpaVElyV1ZCS0wybGFZekpRY0dnNEwzZHpiR3RUTjFGRFNVSTFiVkpFWTFWTFNFTlFDalJVVEhWNWFtZElaVVJXU1N0Qk0zRlFZbFp0WVRRcmFHaGlObTFSYWtselRVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVowRk5SMVZEVFZGRGJIRm5kSG9LYlVSV1MwdzFlbmRuUjFKUFFubHpVbTl3YzNBd05EWXhUMUZJZVhob1FWTnVSRXBSUnk5MFdUQlFkbVZGZFZCaVluUlZLMVJSU1U1YVlVbE RUVVp4Y3dwQ2EzZFFSREZVWjJrNWFpOHdhekV6ZFZkcmQwd3dTWHBDYkZGWlZFVXZkVVJIUkdkSFRsZDFURTFIUTBKeVVYaHRRMWd3V0dZelJHTllhVk5xVVQwOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "KoTNMd2Njqiq/3XeZvwbSwEn3VeZqlCmSumjE4hbRZM="}, "signature": "MEUCIQCB3u631tFOoWP9C07PC2XnGLGvRYEHbOgVXUnNPlobuwIgZTlqGgLb2tZ/WIjzlA7EqPGMK4MtCxxDZovuXqBKv+o="}} +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyDCCAk+gAwIBAgIUGhTZElG4g14FGuz+6tP4CD0f480wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwNDA3MTgzODEwWhcNMjYwNDA3MTg0ODEwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/Qc+RtLG7yRaVOAhm1Wm+zXYpH9S/boHjV+yHTfk9C/UqWc4SDI9XJ3zA+CGKoy4XOw4d9u9j/YkjZJNKgfU1qOCAW4wggFqMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUNdSpYmLFcoz2dToGqp98EcVE1KYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGdaTzf4gAABAMARjBEAiBvhAoxdh0VK2ZCvGBwxjiXToc13f9+mc9ezYTrsSLoRQIgH9KkUMyL6TLjVzHnpgRyB0ACevhU5hkInN+DNYYIBVUwCgYIKoZIzj0EAwMDZwAwZAIwcllDR1P0VpUsPBs8W3wk6sAnCxYdP23AP/72rErpOtQd8j5gmpSiuRg1 +SrDLo+1AjAZlIoYqEqW8v5dDhH/Z3ZNLyG5lq0th5nu338m0KADcN8YBlURhFX0lQiem8Kkun0="}, "tlogEntries": [{"logIndex": "1247791401", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1775587090", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQCqavWbun8W6P1n/kFij+NitMv2m/yws9t9pAo1AkkBIgIgFFXufZCRLRGdoJ65fQrjtRBO3YpokREE2CtjPlsWuu0="}, "inclusionProof": {"logIndex": "1125887139", "rootHash": "0rm3uuqoyrYsi+AXbNGa5udAq46B8sgFRTKm/M6WMuw=", "treeSize": "1125887147", "hashes": ["R3OMmIUDtZDiSJm+g0yQ78hUtG47J8i+tbkzqVDMAxQ=", "Q3h1kJ+pgjJfPKLoB+TjxtFZ/8ov1JUyCh2AEn764tw=", "RbNsabll24/HhRa6zejvIRd9jIPagbhQoSmPvhyIYPQ=", "HF2NxpwJQw+AqIufAVE94No7LazP7Q83IXVVAhHkiY4=", "UO11qu4hqF3BqyYqme50iQFdLbchLCMe5iOm4bSxycA=", "O8ieEqc3YlOI5vJWPMtvBg6wA0uXLJmrHoLK+ii7pM8=", "S7wW23Hi2t7r3I+x+4OMUwjHxixQ2xaX7kgK53e6XdM=", "HVg57mecLqZ7Ec7g6NZhVBswvv/1UrmzPrC1Syh1heI=", "RKd9pRFYAbptJPgYSU7hcwgveHw813ekidCp/W8W NdQ=", "daNcvQEzsG0zqEioC6u2KwTJy4oa9qT0adsp7LEOhFw=", "ifjNYQZhuKjhQr9LSmMHyaX9NeFNIdXuPzIVP5/1eA8=", "D7z1tETX/WvHSmZKT4M7w2y8pJ1HI4XtSf6OiM+h6UA=", "2v7+H4Fejl7qkIhG2G79UQH+wJ0QpPreOZwulFGWzLI=", "vXMaHYsu3vXUFKr78h1vCtaZWhgh1OwZh5O05RGwxkw=", "WbswTMpSfvjDqroD6lDGb2VDeljBPlMsAchJ+0L+3U4=", "psQ1PrYXqFtm6T3uF1q91rl1dhNiykO58GpOdq1ZaKI=", "DOCeoSMovIvLExkhIvisow9AuNXgeWs4ECkyR6EcqYU="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n1125887147\n0rm3uuqoyrYsi+AXbNGa5udAq46B8sgFRTKm/M6WMuw=\n\n\u2014 rekor.sigstore.dev wNI9ajBEAiAZm2anwROK16iT7hjpwQok7s4uYW2HWTZWI1GbsDZrQgIgJMSOb98BfHfh3lubhDH7phUBLYD+b1lL6wXMih2SCKA=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyYWI5MWZmNDAxNzgzY2NjYTY0Zjc1ZDEwYzg4MmU5NTdiZGZkNjBlMmJmNWE3MmY4NDIxNzkzNzI5Yjc4YTcxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNPSC9ZVnBmamVrcm5sby9JeFZWamtQWU4wK3h4N3BFVGk2ODJKMlA0My9n SWdOdHZhWGx2UWdheUZpUkxFMk9GZmtZT0c1eDA4dEI1VFR6Z0t6ci9Xd1B3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzclowRjNTVUpCWjBsVlIyaFVXa1ZzUnpSbk1UUkdSM1Y2S3paMFVEUkRSREJtTkRnd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDVFUVROTlZHZDZUMFJGZDFkb1kwNU5hbGwzVGtSQk0wMVVaekJQUkVWM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVV2VVdNclVuUk1SemQ1VW1GV1QwRm9iVEZYYlN0NldGbHdTRGxUTDJKdlNHcFdLM2tLU0ZSbWF6bERMMVZ4VjJNMFUwUkpPVmhLTTNwQkswTkhTMjk1TkZoUGR6UmtPWFU1YWk5WmEycGFTazVMWjJaVk1YRlBRMEZYTkhkblowWnhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZPWkZOd0NsbHRURVpqYjNveVpGUnZSM0Z3T1RoRlkxWkZNVXRaZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU 1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpNS1FVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIWkdGVWVtWTBaMEZCUWtGTlFRcFNha0pGUVdsQ2RtaEJiM2hrYURCV1N6SmFRM1pIUW5kNGFtbFlWRzlqTVRObU9TdHRZemxsZWxsVWNuTlRURzlTVVVsblNEbExhMVZOZVV3MlZFeHFDbFo2U0c1d1oxSjVRakJCUTJWMmFGVTFhR3RKYms0clJFNVpXVWxDVmxWM1EyZFpTVXR2V2tsNmFqQkZRWGROUkZwM1FYZGFRVWwzWTJ4c1JGSXhVREFLVm5CVmMxQkNjemhYTTNkck5uTkJia040V1dSUU1qTkJVQzgzTW5KRmNuQlBkRkZrT0dvMVoyMXdVMmwxVW1jeEsxTnlSRXh2S3pGQmFrRmFiRWx2V1FweFJYRlhPSFkxWkVSb1NDOWFNMXBPVEhsSE5XeHhNSFJvTlc1MU16TTRiVEJMUVVSalRqaFpRbXhWVW1oR1dEQnNVV2xsYlRoTGEzVnVNRDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}], "timestampVerificationData": {}}, "messageSignature": {"messa geDigest": {"algorithm": "SHA2_256", "digest": "Krkf9AF4PMymT3XRDIgulXvf1g4r9acvhCF5Nym3inE="}, "signature": "MEUCIQCOH/YVpfjekrnlo/IxVVjkPYN0+xx7pETi682J2P43/gIgNtvaXlvQgayFiRLE2OFfkYOG5x08tB5TTzgKzr/WwPw="}} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.kFYdIF/_old 2026-04-15 16:03:09.535516849 +0200 +++ /var/tmp/diff_new_pack.kFYdIF/_new 2026-04-15 16:03:09.555517671 +0200 @@ -1,6 +1,6 @@ -mtime: 1774638418 -commit: 35eea28331c5655850bcdfdc09dfb0773648eb58882b50175fba39d9d9fbe5d4 +mtime: 1775646544 +commit: 056300b56b407fd0f090bee823c354046c804eece32e24408bdc221f94d225da url: https://src.opensuse.org/python-interpreters/python313.git -revision: 35eea28331c5655850bcdfdc09dfb0773648eb58882b50175fba39d9d9fbe5d4 +revision: 056300b56b407fd0f090bee823c354046c804eece32e24408bdc221f94d225da projectscmsync: https://src.opensuse.org/python-interpreters/_ObsPrj ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-04-08 13:09:46.000000000 +0200 @@ -0,0 +1,6 @@ +.osc +*.obscpio +*.osc +_build.* +.pbuild +python313-*-build/ ++++++ pass-test_write_read_limited_history.patch ++++++ --- /var/tmp/diff_new_pack.kFYdIF/_old 2026-04-15 16:03:10.675563716 +0200 +++ /var/tmp/diff_new_pack.kFYdIF/_new 2026-04-15 16:03:10.691564373 +0200 @@ -2,10 +2,10 @@ Modules/readline.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) -Index: Python-3.13.9/Modules/readline.c +Index: Python-3.13.13/Modules/readline.c =================================================================== ---- Python-3.13.9.orig/Modules/readline.c 2025-10-14 15:52:31.000000000 +0200 -+++ Python-3.13.9/Modules/readline.c 2025-11-20 00:46:45.594286346 +0100 +--- Python-3.13.13.orig/Modules/readline.c 2026-04-07 20:19:01.000000000 +0200 ++++ Python-3.13.13/Modules/readline.c 2026-04-08 12:15:38.216398555 +0200 @@ -175,6 +175,8 @@ return PyUnicode_DecodeLocale(s, "surrogateescape"); }
