Changelog¶

gh-139700: Check consistency of the zip64 end of central directory record. Support records with “zip64 extensible data” if there are no bytes prepended to the ZIP file.

gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created by ExternalEntityParserCreate(). Patch by Sebastian Pipping.

gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard.

• Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section.

• Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space.

• Null character (U+0000) no longer ends the tag name.

• Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>.

• Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>.

• Multiple = between attribute name and value are no longer collapsed. E.g. <a foo==bar> produces attribute “foo” with value “=bar”.

gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace.

gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->.

gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored.

gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser.

gh-86155: html.parser.HTMLParser.close() no longer loses data when the <script> tag is not closed. Patch by Waylan Limberg.

gh-139312: Upgrade bundled libexpat to 2.7.3

gh-138998: Update bundled libexpat to 2.7.2

gh-130577: tarfile now validates archives to ensure member offsets are non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577.)

gh-135374: Update the bundled copy of setuptools to 79.0.1.

gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address.

gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects.

gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran.

bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk.

gh-131809: Update bundled libexpat to 2.7.1

gh-131261: Upgrade to libexpat 2.7.0

gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2.

gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed.

gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed.

gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing.

gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS are now raised as OSError.

gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives.

gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation.

gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. Patch by Victor Stinner.

gh-126623: Upgrade libexpat to 2.6.4

gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.

gh-124651: Properly quote template strings in venv activation scripts.

gh-103848: Add checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

gh-119690: Fixes data type confusion in audit events raised by _winapi.CreateFile and _winapi.CreateNamedPipe.

gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still has pending operation at deallocation, the process may crash.

gh-112769: The tests now correctly compare zlib version when zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For example zlib-ng defines the version as 1.3.0.zlib-ng.

gh-117187: Fix XML tests for vanilla Expat <2.6.0.

gh-100454: Fix SSL tests CI for OpenSSL 3.1+

gh-112275: A deadlock involving pystate.c’s HEAD_LOCK in posixmodule.c at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner.

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

• xml.etree.ElementTree.XMLParser.flush()

• xml.etree.ElementTree.XMLPullParser.flush()

• xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()

• xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()

• xml.sax.expatreader.ExpatParser.flush()

gh-115399: Update bundled libexpat to 2.6.0

gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads.

gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows.

gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.

gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms.

gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory.

gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors.

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML vulnerabilities”.

gh-111239: Update Windows builds to use zlib v1.3.1.

gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its end of life and no future fixes will be made, and this version of Python is no longer receiving maintenance fixes and will not be updated to OpenSSL 3.0.

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3.

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError.

gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set.

gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.

gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.

gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.

gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.

gh-103935: Use io.open_code() for files to be executed instead of raw open()

gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details.

gh-89412: Add missing documentation for the end_lineno and end_offset attributes of the traceback.TracebackException class.

gh-103262: Fixes Windows installer build to work with latest compilers.

gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.

gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo.

gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías.

gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya.

gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya.

gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann.

gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created.

gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object.

gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood

gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim.

gh-102179: Fix os.dup2() error message for negative fds.

gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim.

gh-101936: The default value of fp becomes io.BytesIO if HTTPError is initialized without a designated fp parameter. Patch by Long Vo.

gh-101566: In zipfile, apply fix for extractall on the underlying zipfile after being wrapped in Path.

gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)

gh-101892: Callable iterators no longer raise SystemError when the callable object exhausts the iterator but forgets to either return a sentinel value or raise StopIteration.

gh-97786: Fix potential undefined behaviour in corner cases of floating-point-to-time conversions.

gh-101517: Fixed bug where bdb looks up the source line with linecache with a lineno=None, which causes it to fail with an unhandled exception.

gh-101673: Fix a pdb bug where ll clears the changes to local variables.

gh-96931: Fix incorrect results from ssl.SSLSocket.shared_ciphers()

gh-88233: Correctly preserve “extra” fields in zipfile regardless of their ordering relative to a zip64 “extra.”

gh-95495: When built against OpenSSL 3.0, the ssl module had a bug where it reported unauthenticated EOFs (i.e. without close_notify) as a clean TLS-level EOF. It now raises SSLEOFError, matching the behavior in previous versions of OpenSSL. The options attribute on SSLContext also no longer includes OP_IGNORE_UNEXPECTED_EOF by default. This option may be set to specify the previous OpenSSL 3.0 behavior.

gh-94440: Fix a concurrent.futures.process bug where ProcessPoolExecutor shutdown could hang after a future has been quickly submitted and canceled.

gh-103112: Add docstring to http.client.HTTPResponse.read() to fix pydoc output.

gh-85417: Update cmath documentation to clarify behaviour on branch cuts.

gh-97725: Fix asyncio.Task.print_stack() description for file=None. Patch by Oleg Iarygin.

gh-102980: Improve test coverage on pdb.

gh-102537: Adjust the error handling strategy in test_zoneinfo.TzPathTest.python_tzpath_context. Patch by Paul Ganssle.

gh-101377: Improved test_locale_calendar_formatweekday of calendar.

gh-102711: Fix -Wstrict-prototypes compiler warnings.

gh-101759: Update Windows installer to SQLite 3.40.1.

gh-101614: Correctly handle extensions built against debug binaries that reference python3_d.dll.

gh-103207: Add instructions to the macOS installer welcome display on how to workaround the macOS 13 Ventura “The installer encountered an error” failure.

gh-101759: Update macOS installer to SQLite 3.40.1.

gh-87235: On macOS python3 /dev/fd/9 9</path/to/script.py failed for any script longer than a couple of bytes.

gh-101400: Fix wrong lineno in exception message on continue or break which are not in a loop. Patch by Dong-hee Na.

gh-101372: Fix is_normalized() to properly handle the UCD 3.2.0 cases. Patch by Dong-hee Na.

gh-101046: Fix a possible memory leak in the parser when raising MemoryError. Patch by Pablo Galindo

gh-100942: Fixed segfault in property.getter/setter/deleter that occurred when a property subclass overrode the __new__ method to return a non-property instance.

gh-100892: Fix race while iterating over thread states in clearing threading.local. Patch by Kumar Aditya.

gh-100776: Fix misleading default value in input()’s __text_signature__.

gh-100374: Fix incorrect result and delay in socket.getfqdn(). Patch by Dominic Socular.

gh-100050: Honor existing errors obtained when searching for mismatching parentheses in the tokenizer. Patch by Pablo Galindo

bpo-32782: ctypes arrays of length 0 now report a correct itemsize when a memoryview is constructed from them, rather than always giving a value of 0.

gh-100795: Avoid potential unexpected freeaddrinfo call (double free) in socket when when a libc getaddrinfo() implementation leaves garbage in an output pointer when returning an error. Original patch by Sergey G. Brester.

gh-101143: Remove unused references to TimerHandle in asyncio.base_events.BaseEventLoop._add_callback.

gh-101144: Make zipfile.Path.open() and zipfile.Path.read_text() also accept encoding as a positional argument. This was the behavior in Python 3.9 and earlier. Earlier 3.10 versions had a regression where supplying it as a positional argument would lead to a TypeError.

gh-100573: Fix a Windows asyncio bug with named pipes where a client doing os.stat() on the pipe would cause an error in the server that disabled serving future requests.

gh-90104: Avoid RecursionError on repr if a dataclass field definition has a cyclic reference.

gh-100689: Fix crash in pyexpat by statically allocating PyExpat_CAPI capsule.

gh-100740: Fix unittest.mock.Mock not respecting the spec for attribute names prefixed with assert.

gh-86508: Fix asyncio.open_connection() to skip binding to local addresses of different family. Patch by Kumar Aditya.

gh-100287: Fix the interaction of unittest.mock.seal() with unittest.mock.AsyncMock.

gh-100474: http.server now checks that an index page is actually a regular file before trying to serve it. This avoids issues with directories named index.html.

gh-100160: Remove any deprecation warnings in asyncio.get_event_loop(). They are deferred to Python 3.12.

gh-99952: Fix a reference undercounting issue in ctypes.Structure with from_param() results larger than a C pointer.

gh-98778: Update HTTPError to be initialized properly, even if the fp is None. Patch by Dong-hee Na.

gh-83035: Fix inspect.getsource() handling of decorator calls with nested parentheses.

gh-99240: Fix double-free bug in Argument Clinic str_converter by extracting memory clean up to a new post_parsing section.

gh-85267: Several improvements to inspect.signature()’s handling of __text_signature. - Fixes a case where inspect.signature() dropped parameters - Fixes a case where inspect.signature() raised tokenize.TokenError - Allows inspect.signature() to understand defaults involving binary operations of constants - inspect.signature() is documented as only raising TypeError or ValueError, but sometimes raised RuntimeError. These cases now raise ValueError - Removed a dead code path

gh-96192: Fix handling of bytes path-like objects in os.ismount().

bpo-44817: Ignore WinError 53 (ERROR_BAD_NETPATH), 65 (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME) when using ntpath.realpath().

bpo-40447: Accept os.PathLike (such as pathlib.Path) in the stripdir arguments of compileall.compile_file() and compileall.compile_dir().

bpo-36880: Fix a reference counting issue when a ctypes callback with return type py_object returns None, which could cause crashes.

gh-100616: Document existing attr parameter to curses.window.vline() function in curses.

gh-100472: Remove claim in documentation that the stripdir, prependdir and limit_sl_dest parameters of compileall.compile_dir() and compileall.compile_file() could be bytes.

gh-101334: test_tarfile has been updated to pass when run as a high UID.

gh-96002: Add functional test for Argument Clinic.

gh-101522: Allow overriding Windows dependencies versions and paths using MSBuild properties.

gh-82052: Fixed an issue where writing more than 32K of Unicode output to the console screen in one go can result in mojibake.

gh-100180: Update Windows installer to OpenSSL 1.1.1s

bpo-43984: winreg.SetValueEx() now leaves the target value untouched in the case of conversion errors. Previously, -1 would be written in case of such errors.

gh-100180: Update macOS installer to OpenSSL 1.1.1s

gh-99240: In argument parsing, after deallocating newly allocated memory, reset its pointer to NULL.

gh-99578: Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner.

gh-99581: Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo

gh-96055: Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na.

gh-98852: Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable.

gh-98415: Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders

gh-92119: Print exception class name instead of its string representation when raising errors from ctypes calls.

gh-93696: Allow pdb to locate source for frozen modules in the standard library.

bpo-31718: Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman.

bpo-38031: Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor.

gh-100001: Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r”x” came through in the original request line.

gh-93453: asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set.

gh-51524: Fix bug when calling trace.CoverageResults with valid infile.

gh-99645: Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class.

gh-97001: Release the GIL when calling termios APIs to avoid blocking threads.

gh-99341: Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers.

gh-74044: Fixed bug where inspect.signature() reported incorrect arguments for decorated methods.

gh-99275: Fix SystemError in ctypes when exception was not set during __initsubclass__.

gh-99155: Fix statistics.NormalDist pickle with 0 and 1 protocols.

gh-99134: Update the bundled copy of pip to version 22.3.1.

gh-99130: Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden.

gh-83004: Clean up refleak on failed module initialisation in _zoneinfo

gh-83004: Clean up refleaks on failed module initialisation in in _pickle

gh-83004: Clean up refleak on failed module initialisation in _io.

gh-98897: Fix memory leak in math.dist() when both points don’t have the same dimension. Patch by Kumar Aditya.

gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions.

gh-98740: Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the “else” branch.

gh-98703: Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows.

gh-98624: Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes.

gh-89237: Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya.

gh-98458: Fix infinite loop in unittest when a self-referencing chained exception is raised

gh-97928: tkinter.Text.count() raises now an exception for options starting with “-” instead of silently ignoring them.

gh-97966: On uname_result, restored expectation that _fields and _asdict would include all six properties including processor.

gh-98331: Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively.

gh-96035: Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted.

gh-98251: Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution

gh-98178: On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner.

gh-96151: Allow BUILTINS to be a valid field name for frozen dataclasses.

gh-98086: Make sure patch.dict() can be applied on async functions.

gh-88863: To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang.

gh-93858: Prevent error when activating venv in nested fish instances.

bpo-46364: Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only.

bpo-38523: shutil.copytree() now applies the ignore_dangling_symlinks argument recursively.

bpo-36267: Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument.

gh-92892: Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms).

gh-99892: Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner.

bpo-34272: Some C API tests were moved into the new Lib/test/test_capi/ directory.

gh-99086: Fix -Wimplicit-int, -Wstrict-prototypes, and -Wimplicit-function-declaration compiler warnings in configure checks.

gh-99086: Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM.

gh-97731: Specify the full path to the source location for make docclean (needed for cross-builds).

gh-98671: Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed.

gh-99345: Use faster initialization functions to detect install location for Windows Store package

gh-98689: Update Windows builds to zlib v1.2.13. v1.2.12 has CVE-2022-37434, but the vulnerable inflateGetHeader API is not used by Python.

gh-94328: Update Windows installer to use SQLite 3.39.4.

bpo-40882: Fix a memory leak in multiprocessing.shared_memory.SharedMemory on Windows.

gh-94328: Update macOS installer to SQLite 3.39.4.

gh-97527: Fix a bug in the previous bugfix that caused IDLE to not start when run with 3.10.8, 3.12.0a1, and at least Microsoft Python 3.10.2288.0 installed without the Lib/test package. 3.11.0 was never affected.

gh-95731: Fix handling of module docstrings in Tools/i18n/pygettext.py.

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.

gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.

gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).

gh-96078: os.sched_yield() now release the GIL while calling sched_yield(2). Patch by Dong-hee Na.

gh-97943: Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference.

gh-97591: Fixed a missing incref/decref pair in Exception.__setstate__(). Patch by Ofey Chan.

gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. Patch by Victor Stinner.

gh-95921: Fix overly-broad source position information for chained comparisons used as branching conditions.

gh-96821: Fix undefined behaviour in _testcapimodule.c.

gh-95778: When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. Patch by Victor Stinner.

gh-96387: At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. Issue discovered and analyzed by Mingliang ZHAO. Patch by Victor Stinner.

gh-96864: Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled.

gh-96678: Fix undefined behaviour in C code of null pointer arithmetic.

gh-96641: Do not expose KeyWrapper in _functools.

gh-96611: When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted.

gh-95196: Disable incorrect pickling of the C implemented classmethod descriptors.

gh-96352: Fix AttributeError missing name and obj attributes in object.__getattribute__(). Patch by Philip Georgi.

bpo-42316: Document some places where an assignment expression needs parentheses.

gh-87730: Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable.

gh-97825: Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used.

gh-96827: Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt).

gh-97592: Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed.

gh-97639: Remove tokenize.NL check from tabnanny.

gh-97545: Make Semaphore run faster.

gh-73588: Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique.

gh-97005: Update bundled libexpat to 2.4.9

gh-85760: Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. Patch by Kumar Aditya.

gh-96819: Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF.

gh-96741: Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str.

gh-96652: Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. Patch by Victor Stinner.

gh-96073: In inspect, fix overeager replacement of “typing.” in formatting annotations.

gh-90467: Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected

gh-96052: Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings.

gh-91212: Fixed flickering of the turtle window when the tracer is turned off. Patch by Shin-myoung-serp.

gh-74116: Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. Patch by Kumar Aditya.

gh-90155: Fix broken asyncio.Semaphore when acquire is cancelled.

gh-92986: Fix ast.unparse() when ImportFrom.level is None

gh-91539: Improve performance of urllib.request.getproxies_environment when there are many environment variables

gh-97741: Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution.

gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.

gh-93031: Update tutorial introduction output to use 3.10+ SyntaxError invalid range.

gh-96729: Ensure that Windows releases built with Tools\msi\buildrelease.bat are upgradable to and from official Python releases.

gh-97728: Fix possible crashes caused by the use of uninitialized variables when pass invalid arguments in os.system() on Windows and in Windows-specific modules (like winreg).

gh-90989: Clarify some text in the Windows installer.

gh-96577: Fixes a potential buffer overrun in msilib.

gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could result in a segfault if cpython is built with the macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding runtime support for detection of these system calls (“weaklinking”) as is done for other newer syscalls on macOS.

gh-96187: Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. Patch by Pablo Galindo

gh-95876: Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments.

gh-95605: Fix misleading contents of error message when converting an all-whitespace string to float.

gh-93592: coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine.

gh-94996: ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). Patch by Shantanu Jain.

gh-68163: Correct conversion of numbers.Rational’s to float.

gh-96159: Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed.

gh-96175: Fix unused localName parameter in the Attr class in xml.dom.minidom.

gh-95609: Update bundled pip to 22.2.2.

gh-95231: Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled.

gh-96098: Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules.

gh-95789: Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org

gh-91207: Fix stylesheet not working in Windows CHM htmlhelp docs. Contributed by C.A.M. Gerlach.

bpo-47115: The documentation now lists which members of C structs are part of the Limited API/Stable ABI.

gh-95243: Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. Patch by Ross Burton.

gh-94682: Build and test with OpenSSL 1.1.1q

gh-65802: Document handling of extensions in Save As dialogs.

gh-95191: Include prompts when saving Shell (interactive input and output).

gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.

gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases.

gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu.

gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior.

gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain.

gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain.

gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo.

gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method.

gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly.

gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo

gh-94192: Fix error for dictionary literals with invalid expression as value.

gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files.

gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo

gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra.

gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id.

gh-92914: Always round the allocated size for lists up to the nearest even number.

gh-92858: Improve error message for some suites with syntax error before ‘:’

gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol.

gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit.

gh-61162: Clarify sqlite3 behavior when How to use the connection context manager.

gh-87260: Align sqlite3 argument specs with the actual implementation.

gh-86986: The minimum Sphinx version required to build the documentation is now 3.2.

gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to do this.

bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths.

gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers.

gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe.

gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields.

gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.

gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers.

gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip.

gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday().

gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py

bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.

gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932.

bpo-45816: Python now supports building with Visual Studio 2022 (MSVC v143, VS Version 17.0). Patch by Jeremiah Vivian.

gh-90844: Allow virtual environments to correctly launch when they have spaces in the path.

gh-92841: asyncio no longer throws RuntimeError: Event loop is closed on interpreter exit after asynchronous socket activity. Patch by Oleg Iarygin.

bpo-42658: Support native Windows case-insensitive path comparisons by using LCMapStringEx instead of str.lower() in ntpath.normcase(). Add LCMapStringEx to the _winapi module.

gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines.

gh-95471: In the Edit menu, move Select All and add a new separator.

gh-95411: Enable using IDLE’s module browser with .pyw files.

gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder.

gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland.

gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland

gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined.

gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions.

gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings.

gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10

gh-91888: Add a new gh role to the documentation to link to GitHub issues.

gh-91783: Document security issues concerning the use of the function shutil.unpack_archive()

gh-91547: Remove “Undocumented modules” page.

bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree().

bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529.

bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1.

bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin.

bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky.

bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None.

bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents.

bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed.

bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes.

bpo-38056: Overhaul the Error Handlers documentation in codecs.

bpo-13553: Document tkinter.Tk args.

gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py.

gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file.

gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale.

gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up.

bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD.

bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase.

bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom.

bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build.

gh-92984: Explicitly disable incremental linking for non-Debug builds

bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.

bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl.

bpo-40859: Update Windows build to use xz-5.2.5

gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter.

bpo-46968: Check for the existence of the “sys/auxv.h” header in faulthandler to avoid compilation problems in systems where this header doesn’t exist. Patch by Pablo Galindo

bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo.

bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner.

bpo-46794: Bump up the libexpat version into 2.4.6

bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by “not in” keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error.

bpo-46762: Fix an assert failure in debug builds when a ‘<’, ‘>’, or ‘=’ is the last character in an f-string that’s missing a closing right brace.

bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset.

bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra.

bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo.

bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.

bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated.

bpo-45773: Remove two invalid “peephole” optimizations from the bytecode compiler.

bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property.

bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings.

bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner.

bpo-46383: Fix invalid signature of _zoneinfo’s module_free function to resolve a crash on wasm32-emscripten platform.

bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner.

bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo

bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn’t reach the end of the source when the error is reported. Patch by Pablo Galindo

bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo

bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file

bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner.

bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution.

bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored.

bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion.

bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner.

bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner.

bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython.

bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner.

bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner.

bpo-47032: Ensure Windows install builds fail correctly with a non-zero exit code when part of the build fails.

bpo-47024: Update OpenSSL to 1.1.1n for macOS installers and all Windows builds.

bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale.

bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.

bpo-45925: Update Windows installer to use SQLite 3.37.2.

bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900

bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.

bpo-46638: Ensures registry virtualization is consistently disabled. For 3.10 and earlier, it remains enabled (some registry writes are protected), while for 3.11 and later it is disabled (registry modifications affect all applications).

bpo-45925: Update macOS installer to SQLite 3.37.2.

bpo-46630: Make query dialogs on Windows start with a cursor in the entry box.

bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there are no other windows, this also exits IDLE.

bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy.

bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types.

bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD.

bpo-46347: Fix memory leak in PyEval_EvalCodeEx.

bpo-46289: ASDL declaration of FormattedValue has changed to reflect conversion field is not optional.

bpo-46237: Fix the line number of tokenizer errors inside f-strings. Patch by Pablo Galindo.

bpo-46006: Fix a regression when a type method like __init__() is modified in a subinterpreter. Fix a regression in _PyUnicode_EqualToASCIIId() and type update_slot(). Revert the change which made the Unicode dictionary of interned strings compatible with subinterpreters: the internal interned dictionary is shared again by all interpreters. Patch by Victor Stinner.

bpo-46085: Fix iterator cache mechanism of OrderedDict.

bpo-46110: Add a maximum recursion check to the PEG parser to avoid stack overflow. Patch by Pablo Galindo

bpo-46054: Fix parser error when parsing non-utf8 characters in source files. Patch by Pablo Galindo.

bpo-46042: Improve the location of the caret in SyntaxError exceptions emitted by the symbol table. Patch by Pablo Galindo.

bpo-46025: Fix a crash in the atexit module involving functions that unregister themselves before raising exceptions. Patch by Pablo Galindo.

bpo-46009: Restore behavior from 3.9 and earlier when sending non-None to newly started generator. In 3.9 this did not affect the state of the generator. In 3.10.0 and 3.10.1 gen_func().send(0) is equivalent to gen_func().throw(TypeError(...) which exhausts the generator. In 3.10.2 onward, the behavior has been reverted to that of 3.9.

bpo-46000: Improve compatibility of the curses module with NetBSD curses.

bpo-46004: Fix the SyntaxError location for errors involving for loops with invalid targets. Patch by Pablo Galindo

bpo-42918: Fix bug where the built-in compile() function did not always raise a SyntaxError when passed multiple statements in ‘single’ mode. Patch by Weipeng Hong.

bpo-40479: Fix hashlib usedforsecurity option to work correctly with OpenSSL 3.0.0 in FIPS mode.

bpo-46070: Fix possible segfault when importing the asyncio module from different sub-interpreters in parallel. Patch by Erlend E. Aasland.

bpo-46278: Reflect context argument in AbstractEventLoop.call_*() methods. Loop implementations already support it.

bpo-46239: Improve error message when importing asyncio.windows_events on non-Windows.

bpo-20369: concurrent.futures.wait() no longer blocks forever when given duplicate Futures. Patch by Kumar Aditya.

bpo-46105: Honor spec when generating requirement specs with urls and extras (importlib_metadata 4.8.3).

bpo-26952: argparse raises ValueError with clear message when trying to render usage for an empty mutually-exclusive group. Previously it raised a cryptic IndexError.

bpo-27718: Fix help for the signal module. Some functions (e.g. signal() and getsignal()) were omitted.

bpo-46032: The registry() method of functools.singledispatch() functions checks now the first argument or the first parameter annotation and raises a TypeError if it is not supported. Previously unsupported “types” were ignored (e.g. typing.List[int]) or caused an error at calling time (e.g. list[int]).

bpo-46018: Ensure that math.expm1() does not raise on underflow.

bpo-45755: typing generic aliases now reveal the class attributes of the original generic class when passed to dir(). This was the behavior up to Python 3.6, but was changed in 3.7-3.9.

bpo-13236: unittest.TextTestResult and unittest.TextTestRunner flush now the output stream more often.

bpo-42378: Fixes the issue with log file being overwritten when logging.FileHandler is used in atexit with filemode set to 'w'. Note this will cause the message in atexit not being logged if the log stream is already closed due to shutdown of logging.

bpo-46120: State that | is preferred for readability over Union in the typing docs.

bpo-46040: Fix removal Python version for @asyncio.coroutine, the correct value is 3.11.

bpo-19737: Update the documentation for the globals() function.

bpo-45840: Improve cross-references in the documentation for the data model.

bpo-46205: Fix hang in runtest_mp due to race condition

bpo-46263: Fix test_capi on FreeBSD 14-dev: instruct jemalloc to not fill freed memory with junk byte.

bpo-46150: Now fakename in test_pathlib.PosixPathTest.test_expanduser is checked to be non-existent.

bpo-46129: Rewrite asyncio.locks tests with unittest.IsolatedAsyncioTestCase usage.

bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.

bpo-46263: configure no longer sets MULTIARCH on FreeBSD platforms.

bpo-46106: Updated OpenSSL to 1.1.1m in Windows builds, macOS installer builds, and CI. Patch by Kumar Aditya.

bpo-40477: The Python Launcher app for macOS now properly launches scripts and, if necessary, the Terminal app when running on recent macOS releases.

bpo-46236: Fix a bug in PyFunction_GetAnnotations() that caused it to return a tuple instead of a dict.

bpo-45640: Properly marked-up grammar tokens in the documentation are now clickable and take you to the definition of a given piece of grammar. Patch by Arthur Milchior.

bpo-45788: Link doc for sys.prefix to sysconfig doc on installation paths.

bpo-45772: socket.socket documentation is corrected to a class from a function.

bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor.

bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod.

bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood.

bpo-45655: Add a new “relevant PEPs” section to the top of the documentation for the typing module. Patch by Alex Waygood.

bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs.

bpo-45250: Update the documentation to note that CPython does not consistently require iterators to define __iter__.

bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility.

bpo-45449: Add note about PEP 585 in collections.abc.

bpo-45516: Add protocol description to the importlib.abc.Traversable documentation.

bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal.

bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places.

bpo-45024: collections.abc documentation has been expanded to explicitly cover how instance and subclass checks work, with additional doctest examples and an exhaustive list of ABCs which test membership purely by presence of the right special methods. Patch by Raymond Hettinger.

bpo-25381: In the extending chapter of the extending doc, update a paragraph about the global variables containing exception information.

bpo-43905: Expanded astuple() and asdict() docs, warning about deepcopy being applied and providing a workaround.

bpo-19460: Add new Test for email.mime.nonmultipart.MIMENonMultipart.

bpo-45835: Fix race condition in test_queue tests with multiple “feeder” threads.

bpo-45678: Add tests for scenarios in which functools.singledispatchmethod is stacked on top of a method that has already been wrapped by two other decorators. Patch by Alex Waygood.

bpo-45578: Add tests for dis.distb()

bpo-45678: Add tests to ensure that functools.singledispatchmethod correctly wraps the attributes of the target function.

bpo-45577: Add subtests for all pickle protocols in test_zoneinfo.

bpo-45566: Fix test_frozen_pickle in test_dataclasses to check all pickle versions.

bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS.

bpo-39679: Add more test cases for @functools.singledispatchmethod when combined with @classmethod or @staticmethod.

bpo-45400: Fix test_name_error_suggestions_do_not_trigger_for_too_many_locals() of test_exceptions if a directory name contains “a1” (like “Python-3.11.0a1”): use a stricter regular expression. Patch by Victor Stinner.

bpo-40173: Fix test.support.import_helper.import_fresh_module().

bpo-45280: Add a test case for empty typing.NamedTuple.

bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder.

bpo-45128: Fix test_multiprocessing_fork failure due to test_logging and sys.modules manipulation.

bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination

bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don’t expect it in the output. Patch by Victor Stinner.

bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec().

bpo-45125: Improves pickling tests and docs of SharedMemory and SharableList objects.

bpo-44860: Update test_sysconfig.test_user_similar() for the posix_user scheme: platlib doesn’t use sys.platlibdir. Patch by Victor Stinner.

bpo-25130: Add calls of gc.collect() in tests to support PyPy.

bpo-45901: When installed through the Microsoft Store and set as the default app for *.py files, command line arguments will now be passed to Python when invoking a script without explicitly launching Python (that is, script.py args rather than python script.py args).

bpo-45616: Fix Python Launcher’s ability to distinguish between versions 3.1 and 3.10 when either one is explicitly requested. Previously, 3.1 would be used if 3.10 was requested but not installed, and 3.10 would be used if 3.1 was requested but 3.10 was installed.

bpo-45732: Updates bundled Tcl/Tk to 8.6.12.

bpo-45720: Internal reference to shlwapi.dll was dropped to help improve startup time. This DLL will no longer be loaded at the start of every Python process.

bpo-43652: Update Tcl/Tk to 8.6.11, actually this time. The previous update incorrectly included 8.6.10.

bpo-45337: venv now warns when the created environment may need to be accessed at a different path, due to redirections, links or junctions. It also now correctly installs or upgrades components when the alternate path is required.

bpo-45732: Update python.org macOS installer to use Tcl/Tk 8.6.12.

bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the Tk project.

bpo-34602: When building CPython on macOS with ./configure --with-undefined-behavior-sanitizer --with-pydebug, the stack size is now quadrupled to allow for the entire test suite to pass.

bpo-45495: Add context keywords ‘case’ and ‘match’ to completions list.

bpo-45296: On Windows, change exit/quit message to suggest Ctrl-D, which works, instead of <Ctrl-Z Return>, which does not work in IDLE.

bpo-45193: Make completion boxes appear on Ubuntu again.

bpo-44786: Fix a warning in regular expression in the c-analyzer script.

bpo-39026: Fix Python.h to build C extensions with Xcode: remove a relative include from Include/cpython/pystate.h.

bpo-45307: Restore the private C API function _PyImport_FindExtensionObject(). It will be removed in Python 3.11.

bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered.

bpo-44751: Remove crypt.h include from the public Python.h header.

bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it’s called directly or via super(). Patch provided by Yurii Karabas.

bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError

bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places.

bpo-45024: collections.abc documentation has been expanded to explicitly cover how instance and subclass checks work, with additional doctest examples and an exhaustive list of ABCs which test membership purely by presence of the right special methods. Patch by Raymond Hettinger.

bpo-45128: Fix test_multiprocessing_fork failure due to test_logging and sys.modules manipulation.

bpo-44860: Update test_sysconfig.test_user_similar() for the posix_user scheme: platlib doesn’t use sys.platlibdir. Patch by Victor Stinner.

bpo-45193: Make completion boxes appear on Ubuntu again.

bpo-45307: Restore the private C API function _PyImport_FindExtensionObject(). It will be removed in Python 3.11.

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS.

bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.

bpo-45123: Fix PyAiter_Check to only check for the __anext__ presence (not for __aiter__). Rename PyAiter_Check to PyAIter_Check, PyObject_GetAiter -> PyObject_GetAIter.

bpo-45018: Fixed pickling of range iterators that iterated for over 2**32 times.

bpo-45000: A SyntaxError is now raised when trying to delete __debug__. Patch by Dong-hee Na.

bpo-44963: Implement send() and throw() methods for anext_awaitable objects. Patch by Pablo Galindo.

bpo-44962: Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run

bpo-44954: Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way.

bpo-44947: Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo.

bpo-44698: Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex.

bpo-44885: Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo

bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).

bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.

bpo-25782: Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain.

bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.

bpo-44838: Fixed a bug that was causing the parser to raise an incorrect custom SyntaxError for invalid ‘if’ expressions. Patch by Pablo Galindo.

bpo-44584: The threading debug (PYTHONTHREADDEBUG environment variable) is deprecated in Python 3.10 and will be removed in Python 3.12. This feature requires a debug build of Python. Patch by Victor Stinner.

bpo-39091: Fix crash when using passing a non-exception to a generator’s throw() method. Patch by Noah Oxer

bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas.

bpo-41620: run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator.

bpo-43913: Fix bugs in cleaning up classes and modules in unittest:

• Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module.

• Functions registered with addClassCleanup() were not called if tearDownClass is set to None.

• Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup().

• Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes.

• Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order.

• And several lesser bugs.

bpo-45030: Fix integer overflow in pickling and copying the range iterator.

bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.

bpo-44449: Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner.

bpo-44955: Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator.

bpo-44935: subprocess on Solaris now also uses os.posix_spawn() for better performance.

bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel.

bpo-44524: Make exception message more useful when subclass from typing special form alias. Patch provided by Yurii Karabas.

bpo-38956: argparse.BooleanOptionalAction’s default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter.

bpo-44860: Fix the posix_user scheme in sysconfig to not depend on sys.platlibdir.

bpo-44581: Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0

bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner.

bpo-44605: The @functools.total_ordering() decorator now works with metaclasses.

bpo-44524: Fixed an issue wherein the __name__ and __qualname__ attributes of subscribed specialforms could be None.

bpo-44822: sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland.

bpo-44801: Ensure that the ParamSpec variable in Callable can only be substituted with a parameters expression (a list of types, an ellipsis, ParamSpec or Concatenate).

bpo-27334: The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland.

bpo-41402: Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding.

bpo-32695: The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested.

bpo-34990: Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038.

bpo-38840: Fix test___all__ on platforms lacking a shared memory implementation.

bpo-26228: pty.spawn no longer hangs on FreeBSD, macOS, and Solaris.

bpo-33349: lib2to3 now recognizes async generators everywhere.

bpo-44957: Promote PEP 604 union syntax by using it where possible. Also, mention X | Y more prominently in section about Union and mention X | None at all in section about Optional.

bpo-44903: Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I’ve added links to the Python Wiki page on GUI frameworks.

bpo-33479: Tkinter documentation has been greatly expanded with new “Architecture” and “Threading model” sections.

bpo-36700: base64 RFC references were updated to point to RFC 4648; a section was added to point users to the new “security considerations” section of the RFC.

bpo-44756: Reverted automated virtual environment creation on make html when building documentation. It turned out to be disruptive for downstream distributors.

bpo-42958: Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg.

bpo-43066: Added a warning to zipfile docs: filename arg with a leading slash may cause archive to be un-openable on Windows systems.

bpo-39452: Rewrote Doc/library/__main__.rst. Broadened scope of the document to explicitly discuss and differentiate between __main__.py in packages versus the __name__ == '__main__' expression (and the idioms that surround it).

bpo-27752: Documentation of csv.Dialect is more descriptive.

bpo-41576: document BaseException in favor of bare except

bpo-39498: Add a “Security Considerations” index which links to standard library modules that have explicitly documented security considerations.

bpo-33479: Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c,

bpo-45007: Update to OpenSSL 1.1.1l in Windows build

bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.

bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.

bpo-44600: Fix incorrect line numbers while tracing some failed patterns in match statements. Patch by Charles Burkland.

bpo-44792: Improve syntax errors for if expressions. Patch by Miguel Brito

bpo-34013: Generalize the invalid legacy statement custom error message (like the one generated when “print” is called without parentheses) to include more generic expressions. Patch by Pablo Galindo

bpo-44732: Rename types.Union to types.UnionType.

bpo-44698: Fix undefined behaviour in complex object exponentiation.

bpo-44653: Support typing types in parameter substitution in the union type.

bpo-44676: Add ability to serialise types.Union objects. Patch provided by Yurii Karabas.

bpo-44633: Parameter substitution of the union type with wrong types now raises TypeError instead of returning NotImplemented.

bpo-44662: Add __module__ to types.Union. This also fixes types.Union issues with typing.Annotated. Patch provided by Yurii Karabas.

bpo-44655: Include the name of the type in unset __slots__ attribute errors. Patch by Pablo Galindo

bpo-44655: Don’t include a missing attribute with the same name as the failing one when offering suggestions for missing attributes. Patch by Pablo Galindo

bpo-44646: Fix the hash of the union type: it no longer depends on the order of arguments.

bpo-44636: Collapse union of equal types. E.g. the result of int | int is now int. Fix comparison of the union type with non-hashable objects. E.g. int | str == {} no longer raises a TypeError.

bpo-44635: Convert None to type(None) in the union type constructor.

bpo-44589: Mapping patterns in match statements with two or more equal literal keys will now raise a SyntaxError at compile-time.

bpo-44606: Fix __instancecheck__ and __subclasscheck__ for the union type.

bpo-42073: The @classmethod decorator can now wrap other classmethod-like descriptors.

bpo-44490: typing now searches for type parameters in types.Union objects. get_type_hints will also properly resolve annotations with nested types.Union objects. Patch provided by Yurii Karabas.

bpo-44490: Add __parameters__ attribute and __getitem__ operator to types.Union. Patch provided by Yurii Karabas.

bpo-44472: Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo

bpo-44806: Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes.

bpo-44793: Fix checking the number of arguments when subscribe a generic type with ParamSpec parameter.

bpo-44784: In importlib.metadata tests, override warnings behavior under expected DeprecationWarnings (importlib_metadata 4.6.3).

bpo-44667: The tokenize.tokenize() doesn’t incorrectly generate a NEWLINE token if the source doesn’t end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo

bpo-44752: rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method.

bpo-44720: weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing.

bpo-44704: The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__().

bpo-44666: Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan Hölzl.

bpo-42854: Fixed a bug in the _ssl module that was throwing OverflowError when using _ssl._SSLSocket.write() and _ssl._SSLSocket.read() for a big value of the len parameter. Patch by Pablo Galindo

bpo-44353: Refactor typing.NewType from function into callable class. Patch provided by Yurii Karabas.

bpo-44524: Add missing __name__ and __qualname__ attributes to typing module classes. Patch provided by Yurii Karabas.

bpo-40897: Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong.

bpo-44648: Fixed wrong error being thrown by inspect.getsource() when examining a class in the interactive session. Instead of TypeError, it should be OSError with appropriate error message.

bpo-44608: Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple.

bpo-44559: [Enum] module reverted to 3.9; 3.10 changes pushed until 3.11

bpo-41928: Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected.

bpo-44566: handle StopIteration subclass raised from @contextlib.contextmanager generator

bpo-41249: Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules.

bpo-44461: Fix bug with pdb’s handling of import error due to a package which does not have a __main__ module

bpo-43625: Fix a bug in the detection of CSV file headers by csv.Sniffer.has_header() and improve documentation of same.

bpo-42892: Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage.

bpo-27827: pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons.

bpo-38741: configparser: using ‘]’ inside a section header will no longer cut the section name short at the ‘]’

bpo-27513: email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz.

bpo-29298: Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile.

bpo-44740: Replaced occurences of uppercase “Web” and “Internet” with lowercase versions per the 2016 revised Associated Press Style Book.

bpo-44693: Update the definition of __future__ in the glossary by replacing the confusing word “pseudo-module” with a more accurate description.

bpo-35183: Add typical examples to os.path.splitext docs

bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.

bpo-44561: Update of three expired hyperlinks in Doc/distributing/index.rst: “Project structure”, “Building and packaging the project”, and “Uploading the project to the Python Packaging Index”.

bpo-44613: importlib.metadata is no longer provisional.

bpo-44544: List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation.

bpo-44453: Fix documentation for the return type of sysconfig.get_path().

bpo-44734: Fixed floating point precision issue in turtle tests.

bpo-44708: Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file.

bpo-44647: Added a permanent Unicode-valued environment variable to regression tests to ensure they handle this use case in the future. If your test environment breaks because of that, report a bug to us, and temporarily set PYTHONREGRTEST_UNICODE_GUARD=0 in your test environment.

bpo-44515: Adjust recently added contextlib tests to avoid assuming the use of a refcounted GC

bpo-44572: Avoid consuming standard input in the platform module

bpo-40263: This is a follow-on bug from https://bugs.python.org/issue26903. Once that is applied we run into an off-by-one assertion problem. The assert was not correct.

bpo-41972: The framework build’s user header path in sysconfig is changed to add a ‘pythonX.Y’ component to match distutils’s behavior.

bpo-34932: Add socket.TCP_KEEPALIVE support for macOS. Patch by Shane Harvey.

bpo-44756: In the Makefile for documentation (Doc/Makefile), the build rule is dependent on the venv rule. Therefore, html, latex, and other build-dependent rules are also now dependent on venv. The venv rule only performs an action if $(VENVDIR) does not exist. Doc/README.rst was updated; most users now only need to type make html.

bpo-41103: Reverts removal of the old buffer protocol because they are part of stable ABI.

bpo-42747: The Py_TPFLAGS_HAVE_VERSION_TAG type flag now does nothing. The Py_TPFLAGS_HAVE_AM_SEND flag (which was added in 3.10) is removed. Both were unnecessary because it is not possible to have type objects with the relevant fields missing.

bpo-41180: Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files.

bpo-44562: Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias.

bpo-41486: Fix a memory consumption and copying performance regression in earlier 3.10 beta releases if someone used an output buffer larger than 4GiB with zlib.decompress on input data that expands that large.

bpo-44553: Implement GC methods for types.Union to break reference cycles and prevent memory leaks.

bpo-44523: Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo.

bpo-44483: Fix a crash in types.Union objects when creating a union of an object with bad __module__ field.

bpo-44297: Make sure that the line number is set when entering a comprehension scope. Ensures that backtraces inclusing generator expressions show the correct line number.

bpo-44456: Improve the syntax error when mixing positional and keyword patterns. Patch by Pablo Galindo.

bpo-44368: Improve syntax errors for invalid “as” targets. Patch by Pablo Galindo

bpo-44317: Improve tokenizer error with improved locations. Patch by Pablo Galindo.

bpo-43667: Improve Unicode support in non-UTF locales on Oracle Solaris. This issue does not affect other Solaris systems.

bpo-44558: Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na.

bpo-34798: Break up paragraph about pprint.PrettyPrinter construction parameters to make it easier to read.

bpo-44516: Update vendored pip to 21.1.3

bpo-44468: typing.get_type_hints() now finds annotations in classes and base classes with unexpected __module__. Previously, it skipped those MRO elements.

bpo-43977: Set the proper Py_TPFLAGS_MAPPING and Py_TPFLAGS_SEQUENCE flags for subclasses created before a parent has been registered as a collections.abc.Mapping or collections.abc.Sequence.

bpo-44482: Fix very unlikely resource leak in glob in alternate Python implementations.

bpo-44466: The faulthandler module now detects if a fatal error occurs during a garbage collector collection. Patch by Victor Stinner.

bpo-44404: tkinter’s after() method now supports callables without the __name__ attribute.

bpo-44458: BUFFER_BLOCK_SIZE is now declared static, to avoid linking collisions when bz2, lmza or zlib are statically linked.

bpo-44464: Remove exception for flake8 in deprecated importlib.metadata interfaces. Sync with importlib_metadata 4.6.

bpo-44446: Take into account that lineno might be None in traceback.FrameSummary.

bpo-44439: Fix in bz2.BZ2File.write() / lzma.LZMAFile.write() methods, when the input data is an object that supports the buffer protocol, the file length may be wrong.

bpo-44434: _thread.start_new_thread() no longer calls PyThread_exit_thread() explicitly at the thread exit, the call was redundant. On Linux with the glibc, pthread_exit() aborts the whole process if dlopen() fails to open libgcc_s.so file (ex: EMFILE error). Patch by Victor Stinner.

bpo-44395: Fix as_string() to pass unixfrom properly. Patch by Dong-hee Na.

bpo-34266: Handle exceptions from parsing the arg of pdb’s run/restart command.

bpo-44077: It’s now possible to receive the type of service (ToS), a.k.a. differentiated services (DS), a.k.a. differenciated services code point (DSCP) and excplicit congestion notification (ECN) IP header fields with socket.IP_RECVTOS.

bpo-43024: Improve the help signature of traceback.print_exception(), traceback.format_exception() and traceback.format_exception_only().

bpo-30256: Pass multiprocessing BaseProxy argument manager_owned through AutoProxy.

bpo-44558: Match the docstring and python implementation of countOf() to the behavior of its c implementation.

bpo-38062: Clarify that atexit uses equality comparisons internally.

bpo-40620: Convert examples in tutorial controlflow.rst section 4.3 to be interpreter-demo style.

bpo-13814: In the Design FAQ, answer “Why don’t generators support the with statement?”

bpo-41621: Document that collections.defaultdict parameter default_factory defaults to None and is positional-only.

bpo-44287: Fix asyncio test_popen() of test_windows_utils by using a longer timeout. Use military grade battle-tested test.support.SHORT_TIMEOUT timeout rather than a hardcoded timeout of 10 seconds: it’s 30 seconds by default, but it is made longer on slow buildbots. Patch by Victor Stinner.

bpo-44451: Reset DeprecationWarning filters in test.test_importlib.test_metadata_api.APITests.test_entry_points_by_index to avoid StopIteration error if DeprecationWarnings are ignored.

bpo-30256: Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy

bpo-44535: Enable building using a Visual Studio 2022 install on Windows.

bpo-43298: Improved error message when building without a Windows SDK installed.

bpo-44582: Accelerate speed of mimetypes initialization using a native implementation of the registry scan.

bpo-41299: Fix 16ms jitter when using timeouts in threading, such as with threading.Lock.acquire() or threading.Condition.wait().

bpo-44441: Py_RunMain() now resets PyImport_Inittab to its initial value at exit. It must be possible to call PyImport_AppendInittab() or PyImport_ExtendInittab() at each Python initialization. Patch by Victor Stinner.

bpo-40939: Removed documentation for the removed PyParser_* C API.

bpo-44409: Fix error location information for tokenizer errors raised on initialization of the tokenizer. Patch by Pablo Galindo.

bpo-44396: Fix a possible crash in the tokenizer when raising syntax errors for unclosed strings. Patch by Pablo Galindo.

bpo-44349: Fix an edge case when displaying text from files with encoding in syntax errors. Patch by Pablo Galindo.

bpo-44335: Fix a regression when identifying incorrect characters in syntax errors. Patch by Pablo Galindo

bpo-44304: Fix a crash in the sqlite3 module that happened when the garbage collector clears sqlite.Statement objects. Patch by Pablo Galindo

bpo-44305: Improve error message for try blocks without except or finally blocks. Patch by Pablo Galindo.

bpo-43833: Emit a deprecation warning if the numeric literal is immediately followed by one of keywords: and, else, for, if, in, is, or. Raise a syntax error with more informative message if it is immediately followed by other keyword or identifier.

bpo-11105: When compiling ast.AST objects with recursive references through compile(), the interpreter doesn’t crash anymore instead it raises a RecursionError.

bpo-44392: Added a new section in the C API documentation for types used in type hinting. Documented Py_GenericAlias and Py_GenericAliasType.

bpo-38291: Mark typing.io and typing.re as deprecated since Python 3.8 in the documentation. They were never properly supported by type checkers.

bpo-44322: Document that SyntaxError args have a details tuple and that details are adjusted for errors in f-string field replacement expressions.

bpo-44363: Account for address sanitizer in test_capi. test_capi now passes when run GCC address sanitizer.

bpo-43921: Fix test_ssl.test_wrong_cert_tls13(): use suppress_ragged_eofs=False, since read() can raise ssl.SSLEOFError on Windows. Patch by Victor Stinner.

bpo-43921: Fix test_pha_required_nocert() of test_ssl: catch two more EOF cases (when the recv() method returns an empty string). Patch by Victor Stinner.

bpo-44381: The Windows build now accepts EnableControlFlowGuard set to guard to enable CFG.

bpo-40128: Mostly fix completions on macOS when not using tcl/tk 8.6.11 (as with 3.9). The added update_idletask call should be harmless and possibly helpful otherwise.

bpo-33962: Move the indent space setting from the Font tab to the new Windows tab. Patch by Mark Roseman and Terry Jan Reedy.

bpo-40468: Split the settings dialog General tab into Windows and Shell/ED tabs. Move help sources, which extend the Help menu, to the Extensions tab. Make space for new options and shorten the dialog. The latter makes the dialog better fit small screens.

bpo-43795: The list in Contents of Limited API now shows the public name PyFrameObject rather than _frame. The non-existing entry _node no longer appears in the list.

bpo-44378: Py_IS_TYPE() no longer uses Py_TYPE() to avoid a compiler warning: no longer cast const PyObject* to PyObject*. Patch by Victor Stinner.

bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.

bpo-43667: Improve Unicode support in non-UTF locales on Oracle Solaris. This issue does not affect other Solaris systems.

bpo-44232: Fix a regression in type() when a metaclass raises an exception. The C function type_new() must properly report the exception when a metaclass constructor raises an exception and the winner class is not the metaclass. Patch by Victor Stinner.

bpo-44201: Avoid side effects of checking for specialized syntax errors in the REPL that was causing it to ask for extra tokens after a syntax error had been detected. Patch by Pablo Galindo

bpo-44184: Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner.

bpo-44180: The parser doesn’t report generic syntax errors that happen in a position further away that the one it reached in the first pass. Patch by Pablo Galindo

bpo-44168: Fix error message in the parser involving keyword arguments with invalid expressions. Patch by Pablo Galindo

bpo-44143: Fixed a crash in the parser that manifest when raising tokenizer errors when an existing exception was present. Patch by Pablo Galindo.

bpo-44114: Fix incorrect dictkeys_reversed and dictitems_reversed function signatures in C code, which broke webassembly builds.

bpo-43149: Corrent the syntax error message regarding multiple exception types to not refer to “exception groups”. Patch by Pablo Galindo

bpo-44056: Syntax errors when default except is not the last except are reported with the correct location. Patch by Mark Shannon.

bpo-43822: The parser will prioritize tokenizer errors over custom syntax errors when raising exceptions. Patch by Pablo Galindo.

bpo-28146: Fix a confusing error message in str.format().

bpo-44254: On Mac, give turtledemo button text a color that works on both light or dark background. Programmers cannot control the latter.

bpo-38693: Prefer f-strings to .format in importlib.resources.

bpo-33693: Importlib.metadata now prefers f-strings to .format.

bpo-44241: Incorporate minor tweaks from importlib_metadata 4.1: SimplePath protocol, support for Metadata 2.2.

bpo-44210: Make importlib.metadata._meta.PackageMetadata public.

bpo-43643: Declare readers.MultiplexedPath.name as a property per the spec.

bpo-33433: For IPv4 mapped IPv6 addresses (RFC 4291 Section 2.5.5.2), the ipaddress.IPv6Address.is_private check is deferred to the mapped IPv4 address. This solves a bug where public mapped IPv4 addresses were considered private by the IPv6 check.

bpo-44145: hmac computations were not releasing the GIL while calling the OpenSSL HMAC_Update C API (a new feature in 3.9). This unintentionally prevented parallel computation as other hashlib algorithms support.

bpo-37788: Fix a reference leak when a Thread object is never joined.

bpo-38908: Subclasses of typing.Protocol which only have data variables declared will now raise a TypeError when checked with isinstance unless they are decorated with runtime_checkable(). Previously, these checks passed silently. Patch provided by Yurii Karabas.

bpo-44098: typing.ParamSpec will no longer be found in the __parameters__ of most typing generics except in valid use locations specified by PEP 612. This prevents incorrect usage like typing.List[P][int]. This change means incorrect usage which may have passed silently in 3.10 beta 1 and earlier will now error.

bpo-44089: Allow subclassing csv.Error in 3.10 (it was allowed in 3.9 and earlier but was disallowed in early versions of 3.10).

bpo-44059: Register the SerenityOS Browser in the webbrowser module.

bpo-36515: The hashlib module no longer does unaligned memory accesses when compiled for ARM platforms.

bpo-44018: random.seed() no longer mutates bytearray inputs.

bpo-38352: Add IO, BinaryIO, TextIO, Match, and Pattern to typing.__all__. Patch by Jelle Zijlstra.

bpo-43972: When http.server.SimpleHTTPRequestHandler sends a 301 (Moved Permanently) for a directory path not ending with /, add a Content-Length: 0 header. This improves the behavior for certain clients.

bpo-28528: Fix a bug in pdb where checkline() raises AttributeError if it is called after reset().

bpo-43650: Fix MemoryError in shutil.unpack_archive() which fails inside shutil._unpack_zipfile() on large files. Patch by Igor Bolshakov.

bpo-41730: DeprecationWarning is now raised when importing tkinter.tix, which has been deprecated in documentation since Python 3.6.

bpo-42392: Document the deprecation and removal of the loop parameter for many functions and classes in asyncio.

bpo-44195: Corrected references to TraversableResources in docs. There is no TraversableReader.

bpo-41963: Document that ConfigParser strips off comments when reading configuration files.

bpo-44072: Correct where in the numeric ABC hierarchy ** support is added, i.e., in numbers.Complex, not numbers.Integral.

bpo-43558: Add the remark to dataclasses documentation that the __init__() of any base class has to be called in __post_init__(), along with a code example.

bpo-44025: Clarify when ‘_’ in match statements is a keyword, and when not.

bpo-31904: Ignore error string case in test_py_compile test_file_not_exists().

bpo-42083: Add test to check that PyStructSequence_NewType accepts a PyStructSequence_Desc with doc field set to NULL.

bpo-35753: Fix crash in doctest when doctest parses modules that include unwrappable functions by skipping those functions.

bpo-41282: Fix broken make install that caused standard library extension modules to be unnecessarily and incorrectly rebuilt during the install phase of cpython.

bpo-42686: Build sqlite3 with math functions enabled. Patch by Erlend E. Aasland.

bpo-43109: Allow –with-lto configure option to work with Apple-supplied Xcode or Command Line Tools.

bpo-41611: Avoid uncaught exceptions in AutoCompleteWindow.winconfig_event().

bpo-41611: Fix IDLE sometimes freezing upon tab-completion on macOS.

bpo-44010: Highlight the new match statement’s soft keywords: match, case, and _. However, this highlighting is not perfect and will be incorrect in some rare cases, including some _-s in case patterns.

bpo-44026: Include interpreter’s typo fix suggestions in message line for NameErrors and AttributeErrors. Patch by E. Paine.

bpo-44074: Make patchcheck automatically detect the correct base branch name (previously it was hardcoded to ‘master’)

bpo-43795: The undocumented function Py_FrozenMain() is removed from the Limited API.

bpo-43795: PyCodec_Unregister() is now properly exported as a function in the Windows Stable ABI DLL.

bpo-43977: Prevent classes being both a sequence and a mapping when pattern matching.

bpo-43977: Use tp_flags on the class object to determine if the subject is a sequence or mapping when pattern matching. Avoids the need to import