head	1.21;
access;
symbols
	pkgsrc-2026Q2:1.21.0.4
	pkgsrc-2026Q2-base:1.21
	pkgsrc-2026Q1:1.21.0.2
	pkgsrc-2026Q1-base:1.21
	pkgsrc-2025Q4:1.20.0.2
	pkgsrc-2025Q4-base:1.20
	pkgsrc-2025Q3:1.19.0.4
	pkgsrc-2025Q3-base:1.19
	pkgsrc-2025Q2:1.19.0.2
	pkgsrc-2025Q2-base:1.19
	pkgsrc-2025Q1:1.17.0.4
	pkgsrc-2025Q1-base:1.17
	pkgsrc-2024Q4:1.17.0.2
	pkgsrc-2024Q4-base:1.17
	pkgsrc-2024Q3:1.16.0.2
	pkgsrc-2024Q3-base:1.16
	pkgsrc-2024Q2:1.15.0.4
	pkgsrc-2024Q2-base:1.15
	pkgsrc-2024Q1:1.15.0.2
	pkgsrc-2024Q1-base:1.15
	pkgsrc-2023Q4:1.14.0.4
	pkgsrc-2023Q4-base:1.14
	pkgsrc-2023Q3:1.14.0.2
	pkgsrc-2023Q3-base:1.14
	pkgsrc-2023Q2:1.13.0.2
	pkgsrc-2023Q2-base:1.13
	pkgsrc-2023Q1:1.11.0.2
	pkgsrc-2023Q1-base:1.11
	pkgsrc-2022Q4:1.10.0.2
	pkgsrc-2022Q4-base:1.10
	pkgsrc-2022Q3:1.8.0.2
	pkgsrc-2022Q3-base:1.8
	pkgsrc-2022Q2:1.6.0.2
	pkgsrc-2022Q2-base:1.6
	pkgsrc-2022Q1:1.5.0.2
	pkgsrc-2022Q1-base:1.5
	pkgsrc-2021Q4:1.2.0.2
	pkgsrc-2021Q4-base:1.2;
locks; strict;
comment	@# @;


1.21
date	2026.03.04.07.03.18;	author adam;	state Exp;
branches;
next	1.20;
commitid	VHvLGzMKUQjISCwG;

1.20
date	2025.10.10.13.01.00;	author adam;	state Exp;
branches;
next	1.19;
commitid	XVgIsFL5KKmow1eG;

1.19
date	2025.06.04.14.13.37;	author adam;	state Exp;
branches;
next	1.18;
commitid	Yb8fOGCqowAs2AXF;

1.18
date	2025.04.09.14.46.45;	author adam;	state Exp;
branches;
next	1.17;
commitid	EuXIVCuFAOio1oQF;

1.17
date	2024.12.05.07.50.40;	author adam;	state Exp;
branches;
next	1.16;
commitid	mYxQOyaQD3zLJhAF;

1.16
date	2024.09.09.15.49.35;	author adam;	state Exp;
branches;
next	1.15;
commitid	DYCbaJBjEVtpb9pF;

1.15
date	2024.03.20.15.42.25;	author adam;	state Exp;
branches;
next	1.14;
commitid	RjfWkU0vVGsJHU2F;

1.14
date	2023.08.25.08.26.49;	author adam;	state Exp;
branches;
next	1.13;
commitid	k5se6ocyESDRY8CE;

1.13
date	2023.06.07.13.26.54;	author adam;	state Exp;
branches;
next	1.12;
commitid	8jyfsdW98JSeb1sE;

1.12
date	2023.04.06.11.16.52;	author adam;	state Exp;
branches;
next	1.11;
commitid	XBWCVzwQiR9Zr2kE;

1.11
date	2023.02.09.10.47.08;	author adam;	state Exp;
branches;
next	1.10;
commitid	ewZZcqlBAHSr5QcE;

1.10
date	2022.12.07.11.53.57;	author adam;	state Exp;
branches;
next	1.9;
commitid	PRZiG1T4zWvQvC4E;

1.9
date	2022.10.12.08.02.25;	author adam;	state Exp;
branches;
next	1.8;
commitid	ChY6jIucvM892pXD;

1.8
date	2022.09.06.19.13.51;	author adam;	state Exp;
branches;
next	1.7;
commitid	EcLfYVdxl2VoUPSD;

1.7
date	2022.08.02.18.27.22;	author adam;	state Exp;
branches;
next	1.6;
commitid	ATp9J1y5Xlb1MkOD;

1.6
date	2022.06.08.17.56.46;	author adam;	state Exp;
branches;
next	1.5;
commitid	OR85YYK61sQ2ngHD;

1.5
date	2022.03.25.17.55.19;	author adam;	state Exp;
branches;
next	1.4;
commitid	25nYVu5IZlSdMCxD;

1.4
date	2022.03.19.18.59.40;	author adam;	state Exp;
branches;
next	1.3;
commitid	idSiMw6Jaa21kRwD;

1.3
date	2022.01.15.16.23.47;	author adam;	state Exp;
branches;
next	1.2;
commitid	w7ZdbCuWWZ94uKoD;

1.2
date	2021.12.07.09.31.31;	author adam;	state Exp;
branches;
next	1.1;
commitid	fwFtYCc2YFdKsHjD;

1.1
date	2021.10.05.19.07.13;	author adam;	state Exp;
branches;
next	;
commitid	jj3P8LbPoUKBFEbD;


desc
@@


1.21
log
@python310 py310-html-docs: updated to 3.10.20

Python 3.10.20

Security

gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.
gh-143925: Reject control characters in data: URL media types.
gh-143919: Reject control characters in http.cookies.Morsel fields and values.
gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters.
gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead.
gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser.
gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran.
gh-136065: Fix quadratic complexity in os.path.expandvars().
gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.

Library

gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed.
gh-144363: Update bundled libexpat to 2.7.4
gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bénédikt Tran.

Core and Builtins

gh-120384: Fix an array out of bounds crash in list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it.
gh-120298: Fix use-after free in list_richcompare_impl which can be invoked via some specificly tailored evil input.
@
text
@# $NetBSD: Makefile,v 1.20 2025/10/10 13:01:00 adam Exp $

VERS=		3.10.20
DISTNAME=	python-${VERS}-docs-html
PKGNAME=	py310-html-docs-${VERS}
CATEGORIES=	lang python
MASTER_SITES=	https://www.python.org/ftp/python/doc/${VERS}/
EXTRACT_SUFX=	.tar.bz2

MAINTAINER=	leot@@NetBSD.org
HOMEPAGE=	https://www.python.org/doc/
COMMENT=	HTML Documentation for Python 3.10
LICENSE=	python-software-foundation

USE_TOOLS+=	pax

NO_CONFIGURE=	yes
NO_BUILD=	yes

HTMLDIR=	share/doc/python3.10

INSTALLATION_DIRS=	${HTMLDIR}

do-install:
	cd ${WRKSRC} && ${PAX} -rw -pp . ${DESTDIR}${PREFIX}/${HTMLDIR}

.include "../../mk/bsd.pkg.mk"
@


1.20
log
@python310 py310-html-docs: updated to 3.10.19

Python 3.10.19

Security

gh-139700: Check consistency of the zip64 end of central directory record. Support records with “zip64 extensible data” if there are no bytes prepended to the ZIP file.
gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created by ExternalEntityParserCreate(). Patch by Sebastian Pipping.
gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard.
Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section.
Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space.
Null character (U+0000) no longer ends the tag name.
Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>.
Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>.
Multiple = between attribute name and value are no longer collapsed. E.g. <a foo==bar> produces attribute “foo” with value “=bar”.
gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace.
gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally ended empty comments <--> and <--->.
gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored.
gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser.
gh-86155: html.parser.HTMLParser.close() no longer loses data when the <script> tag is not closed. Patch by Waylan Limberg.

Library

gh-139312: Upgrade bundled libexpat to 2.7.3
gh-138998: Update bundled libexpat to 2.7.2
gh-130577: tarfile now validates archives to ensure member offsets are non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577.)
gh-135374: Update the bundled copy of setuptools to 79.0.1.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.19 2025/06/04 14:13:37 adam Exp $
d3 1
a3 1
VERS=		3.10.19
@


1.19
log
@python310 py310-html-docs: updated to 3.10.18

Python 3.10.18 final

Security

gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.

Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517.

gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler.

gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.

Library

gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address.
gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects.
gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran.
bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.18 2025/04/09 14:46:45 adam Exp $
d3 1
a3 1
VERS=		3.10.18
@


1.18
log
@python310 py310-html-docs: updated to 3.10.17

Python 3.10.17 final

Security

gh-131809: Update bundled libexpat to 2.7.1
gh-131261: Upgrade to libexpat 2.7.0
gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2.
gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed.
gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed.
gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing.

Library

gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS are now raised as OSError.

Documentation

gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.17 2024/12/05 07:50:40 adam Exp $
d3 1
a3 1
VERS=		3.10.17
@


1.17
log
@python310 py310-html-docs: updated to 3.10.16

Python 3.10.16

Tests

gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation.
gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. Patch by Victor Stinner.

Security

gh-126623: Upgrade libexpat to 2.6.4
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified.

Library

gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Add checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.16 2024/09/09 15:49:35 adam Exp $
d3 1
a3 1
VERS=		3.10.16
@


1.16
log
@python310 py310-html-docs: updated to 3.10.15

Python 3.10.15 final

Windows

gh-119690: Fixes data type confusion in audit events raised by _winapi.CreateFile and _winapi.CreateNamedPipe.
gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still has pending operation at deallocation, the process may crash.

Tests

gh-112769: The tests now correctly compare zlib version when zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For example zlib-ng defines the version as 1.3.0.zlib-ng.
gh-117187: Fix XML tests for vanilla Expat <2.6.0.
gh-100454: Fix SSL tests CI for OpenSSL 3.1+

Security

gh-123678: Upgrade libexpat to 2.6.3

gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin.

gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is not available like Windows.

Patch by Gregory P. Smith <greg@@krypto.org> and Seth Larson <seth@@python.org>. Reported by Ellie <el@@horse64.org>

gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers.

gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting tempfile.mkdtemp() in scenarios where the base temporary directory is more permissive than the default.

gh-116741: Update bundled libexpat to 2.6.2

Library

gh-123693: Use platform-agnostic behavior when computing zipfile.Path.name.

gh-123270: Applied a more surgical fix for malformed payloads in zipfile.Path causing infinite loops (gh-122905) without breaking contents using legitimate characters.

gh-123067: Fix quadratic complexity in parsing "-quoted cookie values with backslashes by http.cookies.

gh-122905: zipfile.Path objects now sanitize names from the zipfile.

gh-121650: email headers with embedded newlines are now quoted on output. The generator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650.)

gh-113171: Fixed various false positives and false negatives in

ipaddress.IPv4Address.is_private (see these docs for details)
ipaddress.IPv4Address.is_global
ipaddress.IPv6Address.is_private
ipaddress.IPv6Address.is_global
Also in the corresponding ipaddress.IPv4Network and ipaddress.IPv6Network attributes.

gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return ('', '') 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional strict parameter to these two functions: use strict=False to get the old behavior, accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can be use to check if the strict paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix.

gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with path starting with multiple slashes and no authority. Based on patch by Ashwin Ramaswami.

Core and Builtins

gh-112275: A deadlock involving pystate.c’s HEAD_LOCK in posixmodule.c at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.15 2024/03/20 15:42:25 adam Exp $
d3 1
a3 1
VERS=		3.10.15
@


1.15
log
@python310 py310-html-docs: updated to 3.10.14

Python 3.10.14

Security

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads.
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

Core and Builtins

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

Library

gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms.
gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory.
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors.

Documentation

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML vulnerabilities”.

Windows

gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its end of life and no future fixes will be made, and this version of Python is no longer receiving maintenance fixes and will not be updated to OpenSSL 3.0.

Tools/Demos

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.14 2023/08/25 08:26:49 adam Exp $
d3 1
a3 1
VERS=		3.10.14
@


1.14
log
@python310 py310-html-docs: updated to 3.10.13

Python 3.10.13

Security

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

Library

gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError.

Tools/Demos

gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

C API

gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.13 2023/06/07 13:26:54 adam Exp $
d3 1
a3 1
VERS=		3.10.13
@


1.13
log
@python310 py310-html-docs: updated to 3.10.12

Python 3.10.12

Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.

Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details.

Documentation
gh-89412: Add missing documentation for the end_lineno and end_offset attributes of the traceback.TracebackException class.

Build
gh-103262: Fixes Windows installer build to work with latest compilers.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.12 2023/04/06 11:16:52 adam Exp $
d3 1
a3 1
VERS=		3.10.12
@


1.12
log
@python310 py310-html-docs: updated to 3.10.11

Python 3.10.11

Security

gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

Core and Builtins

gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo.
gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías.
gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya.
gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya.
gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann.
gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created.
gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object.

Library

gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood
gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim.
gh-102179: Fix os.dup2() error message for negative fds.
gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim.
gh-101936: The default value of fp becomes io.BytesIO if HTTPError is initialized without a designated fp parameter. Patch by Long Vo.
gh-101566: In zipfile, apply fix for extractall on the underlying zipfile after being wrapped in Path.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
gh-101892: Callable iterators no longer raise SystemError when the callable object exhausts the iterator but forgets to either return a sentinel value or raise StopIteration.
gh-97786: Fix potential undefined behaviour in corner cases of floating-point-to-time conversions.
gh-101517: Fixed bug where bdb looks up the source line with linecache with a lineno=None, which causes it to fail with an unhandled exception.
gh-101673: Fix a pdb bug where ll clears the changes to local variables.
gh-96931: Fix incorrect results from ssl.SSLSocket.shared_ciphers()
gh-88233: Correctly preserve “extra” fields in zipfile regardless of their ordering relative to a zip64 “extra.”
gh-95495: When built against OpenSSL 3.0, the ssl module had a bug where it reported unauthenticated EOFs (i.e. without close_notify) as a clean TLS-level EOF. It now raises SSLEOFError, matching the behavior in previous versions of OpenSSL. The options attribute on SSLContext also no longer includes OP_IGNORE_UNEXPECTED_EOF by default. This option may be set to specify the previous OpenSSL 3.0 behavior.
gh-94440: Fix a concurrent.futures.process bug where ProcessPoolExecutor shutdown could hang after a future has been quickly submitted and canceled.

Documentation

gh-103112: Add docstring to http.client.HTTPResponse.read() to fix pydoc output.
gh-85417: Update cmath documentation to clarify behaviour on branch cuts.
gh-97725: Fix asyncio.Task.print_stack() description for file=None. Patch by Oleg Iarygin.

Tests

gh-102980: Improve test coverage on pdb.
gh-102537: Adjust the error handling strategy in test_zoneinfo.TzPathTest.python_tzpath_context. Patch by Paul Ganssle.
gh-101377: Improved test_locale_calendar_formatweekday of calendar.

Build

gh-102711: Fix -Wstrict-prototypes compiler warnings.

Windows

gh-101759: Update Windows installer to SQLite 3.40.1.
gh-101614: Correctly handle extensions built against debug binaries that reference python3_d.dll.

macOS

gh-103207: Add instructions to the macOS installer welcome display on how to workaround the macOS 13 Ventura “The installer encountered an error” failure.
gh-101759: Update macOS installer to SQLite 3.40.1.
gh-87235: On macOS python3 /dev/fd/9 9</path/to/script.py failed for any script longer than a couple of bytes.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.11 2023/02/09 10:47:08 adam Exp $
d3 1
a3 1
VERS=		3.10.11
@


1.11
log
@python310 py310-html-docs: updated to 3.10.10

Python 3.10.10

Core and Builtins

gh-101400: Fix wrong lineno in exception message on continue or break which are not in a loop. Patch by Dong-hee Na.
gh-101372: Fix is_normalized() to properly handle the UCD 3.2.0 cases. Patch by Dong-hee Na.
gh-101046: Fix a possible memory leak in the parser when raising MemoryError. Patch by Pablo Galindo
gh-100942: Fixed segfault in property.getter/setter/deleter that occurred when a property subclass overrode the __new__ method to return a non-property instance.
gh-100892: Fix race while iterating over thread states in clearing threading.local. Patch by Kumar Aditya.
gh-100776: Fix misleading default value in input()’s __text_signature__.
gh-100374: Fix incorrect result and delay in socket.getfqdn(). Patch by Dominic Socular.
gh-100050: Honor existing errors obtained when searching for mismatching parentheses in the tokenizer. Patch by Pablo Galindo
bpo-32782: ctypes arrays of length 0 now report a correct itemsize when a memoryview is constructed from them, rather than always giving a value of 0.

Library

gh-100795: Avoid potential unexpected freeaddrinfo call (double free) in socket when when a libc getaddrinfo() implementation leaves garbage in an output pointer when returning an error. Original patch by Sergey G. Brester.
gh-101143: Remove unused references to TimerHandle in asyncio.base_events.BaseEventLoop._add_callback.
gh-101144: Make zipfile.Path.open() and zipfile.Path.read_text() also accept encoding as a positional argument. This was the behavior in Python 3.9 and earlier. Earlier 3.10 versions had a regression where supplying it as a positional argument would lead to a TypeError.
gh-100573: Fix a Windows asyncio bug with named pipes where a client doing os.stat() on the pipe would cause an error in the server that disabled serving future requests.
gh-90104: Avoid RecursionError on repr if a dataclass field definition has a cyclic reference.
gh-100689: Fix crash in pyexpat by statically allocating PyExpat_CAPI capsule.
gh-100740: Fix unittest.mock.Mock not respecting the spec for attribute names prefixed with assert.
gh-86508: Fix asyncio.open_connection() to skip binding to local addresses of different family. Patch by Kumar Aditya.
gh-100287: Fix the interaction of unittest.mock.seal() with unittest.mock.AsyncMock.
gh-100474: http.server now checks that an index page is actually a regular file before trying to serve it. This avoids issues with directories named index.html.
gh-100160: Remove any deprecation warnings in asyncio.get_event_loop(). They are deferred to Python 3.12.
gh-99952: Fix a reference undercounting issue in ctypes.Structure with from_param() results larger than a C pointer.
gh-98778: Update HTTPError to be initialized properly, even if the fp is None. Patch by Dong-hee Na.
gh-83035: Fix inspect.getsource() handling of decorator calls with nested parentheses.
gh-99240: Fix double-free bug in Argument Clinic str_converter by extracting memory clean up to a new post_parsing section.
gh-85267: Several improvements to inspect.signature()’s handling of __text_signature. - Fixes a case where inspect.signature() dropped parameters - Fixes a case where inspect.signature() raised tokenize.TokenError - Allows inspect.signature() to understand defaults involving binary operations of constants - inspect.signature() is documented as only raising TypeError or ValueError, but sometimes raised RuntimeError. These cases now raise ValueError - Removed a dead code path
gh-96192: Fix handling of bytes path-like objects in os.ismount().
bpo-44817: Ignore WinError 53 (ERROR_BAD_NETPATH), 65 (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME) when using ntpath.realpath().
bpo-40447: Accept os.PathLike (such as pathlib.Path) in the stripdir arguments of compileall.compile_file() and compileall.compile_dir().
bpo-36880: Fix a reference counting issue when a ctypes callback with return type py_object returns None, which could cause crashes.

Documentation

gh-100616: Document existing attr parameter to curses.window.vline() function in curses.
gh-100472: Remove claim in documentation that the stripdir, prependdir and limit_sl_dest parameters of compileall.compile_dir() and compileall.compile_file() could be bytes.

Tests

gh-101334: test_tarfile has been updated to pass when run as a high UID.
gh-96002: Add functional test for Argument Clinic.
Build
gh-101522: Allow overriding Windows dependencies versions and paths using MSBuild properties.

Windows

gh-82052: Fixed an issue where writing more than 32K of Unicode output to the console screen in one go can result in mojibake.
gh-100180: Update Windows installer to OpenSSL 1.1.1s
bpo-43984: winreg.SetValueEx() now leaves the target value untouched in the case of conversion errors. Previously, -1 would be written in case of such errors.

macOS

gh-100180: Update macOS installer to OpenSSL 1.1.1s

C API

gh-99240: In argument parsing, after deallocating newly allocated memory, reset its pointer to NULL.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.10 2022/12/07 11:53:57 adam Exp $
d3 1
a3 1
VERS=		3.10.10
@


1.10
log
@python310 py310-html-docs: updated to 3.10.9

Python 3.10.9 final

Security

gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing.

gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module

gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.

gh-98739: Update bundled libexpat to 2.5.0

gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454).

gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected.

Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier.

This prevents Linux CVE-2022-42919.

Core and Builtins

gh-99578: Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner.
gh-99581: Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo
gh-96055: Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na.
gh-98852: Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable.
gh-98415: Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders
gh-92119: Print exception class name instead of its string representation when raising errors from ctypes calls.
gh-93696: Allow pdb to locate source for frozen modules in the standard library.
bpo-31718: Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman.
bpo-38031: Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor.

Library

gh-100001: Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r”x” came through in the original request line.
gh-93453: asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set.
gh-51524: Fix bug when calling trace.CoverageResults with valid infile.
gh-99645: Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class.
gh-97001: Release the GIL when calling termios APIs to avoid blocking threads.
gh-99341: Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers.
gh-74044: Fixed bug where inspect.signature() reported incorrect arguments for decorated methods.
gh-99275: Fix SystemError in ctypes when exception was not set during __initsubclass__.
gh-99155: Fix statistics.NormalDist pickle with 0 and 1 protocols.
gh-99134: Update the bundled copy of pip to version 22.3.1.
gh-99130: Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden.
gh-83004: Clean up refleak on failed module initialisation in _zoneinfo
gh-83004: Clean up refleaks on failed module initialisation in in _pickle
gh-83004: Clean up refleak on failed module initialisation in _io.
gh-98897: Fix memory leak in math.dist() when both points don’t have the same dimension. Patch by Kumar Aditya.
gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions.
gh-98740: Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the “else” branch.
gh-98703: Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows.
gh-98624: Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes.
gh-89237: Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya.
gh-98458: Fix infinite loop in unittest when a self-referencing chained exception is raised
gh-97928: tkinter.Text.count() raises now an exception for options starting with “-” instead of silently ignoring them.
gh-97966: On uname_result, restored expectation that _fields and _asdict would include all six properties including processor.
gh-98331: Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively.
gh-96035: Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted.
gh-98251: Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution
gh-98178: On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner.
gh-96151: Allow BUILTINS to be a valid field name for frozen dataclasses.
gh-98086: Make sure patch.dict() can be applied on async functions.
gh-88863: To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang.
gh-93858: Prevent error when activating venv in nested fish instances.
bpo-46364: Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only.
bpo-38523: shutil.copytree() now applies the ignore_dangling_symlinks argument recursively.
bpo-36267: Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument.

Documentation

gh-92892: Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms).

Tests

gh-99892: Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner.
bpo-34272: Some C API tests were moved into the new Lib/test/test_capi/ directory.

Build

gh-99086: Fix -Wimplicit-int, -Wstrict-prototypes, and -Wimplicit-function-declaration compiler warnings in configure checks.
gh-99086: Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM.
gh-97731: Specify the full path to the source location for make docclean (needed for cross-builds).
gh-98671: Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed.

Windows

gh-99345: Use faster initialization functions to detect install location for Windows Store package
gh-98689: Update Windows builds to zlib v1.2.13. v1.2.12 has CVE-2022-37434, but the vulnerable inflateGetHeader API is not used by Python.
gh-94328: Update Windows installer to use SQLite 3.39.4.
bpo-40882: Fix a memory leak in multiprocessing.shared_memory.SharedMemory on Windows.

macOS

gh-94328: Update macOS installer to SQLite 3.39.4.

IDLE

gh-97527: Fix a bug in the previous bugfix that caused IDLE to not start when run with 3.10.8, 3.12.0a1, and at least Microsoft Python 3.10.2288.0 installed without the Lib/test package. 3.11.0 was never affected.

Tools/Demos

gh-95731: Fix handling of module docstrings in Tools/i18n/pygettext.py.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.9 2022/10/12 08:02:25 adam Exp $
d3 1
a3 1
VERS=		3.10.9
@


1.9
log
@python310 py310-html-docs: updated to 3.10.8

Python 3.10.8

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).

Core and Builtins

gh-96078: os.sched_yield() now release the GIL while calling sched_yield(2). Patch by Dong-hee Na.
gh-97943: Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference.
gh-97591: Fixed a missing incref/decref pair in Exception.__setstate__(). Patch by Ofey Chan.
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. Patch by Victor Stinner.
gh-95921: Fix overly-broad source position information for chained comparisons used as branching conditions.
gh-96821: Fix undefined behaviour in _testcapimodule.c.
gh-95778: When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. Patch by Victor Stinner.
gh-96387: At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. Issue discovered and analyzed by Mingliang ZHAO. Patch by Victor Stinner.
gh-96864: Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled.
gh-96678: Fix undefined behaviour in C code of null pointer arithmetic.
gh-96641: Do not expose KeyWrapper in _functools.
gh-96611: When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted.
gh-95196: Disable incorrect pickling of the C implemented classmethod descriptors.
gh-96352: Fix AttributeError missing name and obj attributes in object.__getattribute__(). Patch by Philip Georgi.
bpo-42316: Document some places where an assignment expression needs parentheses.

Library

gh-87730: Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable.
gh-97825: Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used.
gh-96827: Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt).
gh-97592: Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed.
gh-97639: Remove tokenize.NL check from tabnanny.
gh-97545: Make Semaphore run faster.
gh-73588: Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique.
gh-97005: Update bundled libexpat to 2.4.9
gh-85760: Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. Patch by Kumar Aditya.
gh-96819: Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF.
gh-96741: Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str.
gh-96652: Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. Patch by Victor Stinner.
gh-96073: In inspect, fix overeager replacement of “typing.” in formatting annotations.
gh-90467: Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected
gh-96052: Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings.
gh-91212: Fixed flickering of the turtle window when the tracer is turned off. Patch by Shin-myoung-serp.
gh-74116: Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. Patch by Kumar Aditya.
gh-90155: Fix broken asyncio.Semaphore when acquire is cancelled.
gh-92986: Fix ast.unparse() when ImportFrom.level is None
gh-91539: Improve performance of urllib.request.getproxies_environment when there are many environment variables

Documentation

gh-97741: Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution.
gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.
gh-93031: Update tutorial introduction output to use 3.10+ SyntaxError invalid range.

Build

gh-96729: Ensure that Windows releases built with Tools\msi\buildrelease.bat are upgradable to and from official Python releases.

Windows

gh-97728: Fix possible crashes caused by the use of uninitialized variables when pass invalid arguments in os.system() on Windows and in Windows-specific modules (like winreg).
gh-90989: Clarify some text in the Windows installer.
gh-96577: Fixes a potential buffer overrun in msilib.

macOS

gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could result in a segfault if cpython is built with the macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding runtime support for detection of these system calls (“weaklinking”) as is done for other newer syscalls on macOS.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.8 2022/09/06 19:13:51 adam Exp $
d3 1
a3 1
VERS=		3.10.8
@


1.8
log
@py310-html-docs: updated to 3.10.7

Match python310 version.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.7 2022/08/02 18:27:22 adam Exp $
d3 1
a3 1
VERS=		3.10.7
@


1.7
log
@python310 py310-html-docs: updated to 3.10.6

Python 3.10.6 final
Release date: 2022-08-01

Security
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.
gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases.
Core and Builtins
gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu.
gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior.
gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain.
gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain.
gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo.
gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method.
gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly.
gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo
gh-94192: Fix error for dictionary literals with invalid expression as value.
gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files.
gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo
gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra.
gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id.
gh-92914: Always round the allocated size for lists up to the nearest even number.
gh-92858: Improve error message for some suites with syntax error before ‘:’
Library
gh-95339: Update bundled pip to 22.2.1.

gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it before calling any callbacks. Patch by Kumar Aditya.

gh-95087: Fix IndexError in parsing invalid date in the email module.

gh-95199: Upgrade bundled setuptools to 63.2.0.

gh-95194: Upgrade bundled pip to 22.2.

gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel versions where these flags are not present. Patch by Kumar Aditya.

gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting on future on an error - e.g. TimeoutError or KeyboardInterrupt.

gh-93157: Fix fileinput module didn’t support errors option when inplace is true.

gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”.

gh-94736: Fix crash when deallocating an instance of a subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.

gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU intensive work.

gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise RuntimeError. Patch by Pablo Galindo.

gh-92336: Fix bug where linecache.getline() fails on bad files with UnicodeDecodeError or SyntaxError. It now returns an empty string as per the documentation.

gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. Patch by Kumar Aditya.

gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya.

gh-94245: Fix pickling and copying of typing.Tuple[()].

gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the _struct module.

gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them.

gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and inspect.isasyncgenfunction() now properly return True for duck-typed function-like objects like instances of unittest.mock.AsyncMock.

This makes inspect.iscoroutinefunction() consistent with the behavior of asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK.

gh-83499: Fix double closing of file description in tempfile.

gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, ProxyType, CallableProxyType. It makes them pickleable.

gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if __reduce__() returns a tuple with length 6 instead of silently ignore the 6th item or produce incorrect result.

gh-90549: Fix a multiprocessing bug where a global named resource (such as a semaphore) could leak when a child process is spawned (as opposed to forked).

gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch by Erlend E. Aasland.

gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. Patch by Erlend E. Aasland.

gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None.

gh-93353: Fix the importlib.resources.as_file() context manager to remove the temporary file if destroyed late during Python finalization: keep a local reference to the os.remove() function. Patch by Victor Stinner.

gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int.

gh-74696: shutil.make_archive() no longer temporarily changes the current working directory during creation of standard .zip or tar archives.

gh-91577: Move imports in SharedMemory methods to module level so that they can be executed late in python finalization.

bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname directories.

bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack trace from being written twice.

bpo-46053: Fix OSS audio support on NetBSD.

bpo-46197: Fix ensurepip environment isolation for subprocess running pip.

bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised multiple times. Patch by Kumar Aditya.

bpo-34828: sqlite3.Connection.iterdump() now handles databases that use AUTOINCREMENT in one or more tables.
Documentation
gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol.
gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit.
gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager.
gh-87260: Align sqlite3 argument specs with the actual implementation.
gh-86986: The minimum Sphinx version required to build the documentation is now 3.2.
gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to to this.
bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths.
Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers.

gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe.

gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields.

# Write your Misc/NEWS entry below. It should be a simple ReST paragraph. # Don’t start with “- Issue #<n>: ” or “- gh-issue-<n>: ” or that sort of stuff. ###########################################################################

gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.

gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers.

gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip.

gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday().

gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py

bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
Build
gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932.
bpo-45816: Python now supports building with Visual Studio 2022 (MSVC v143, VS Version 17.0). Patch by Jeremiah Vivian.
Windows
gh-90844: Allow virtual environments to correctly launch when they have spaces in the path.
gh-92841: asyncio no longer throws RuntimeError: Event loop is closed on interpreter exit after asynchronous socket activity. Patch by Oleg Iarygin.
bpo-42658: Support native Windows case-insensitive path comparisons by using LCMapStringEx instead of str.lower() in ntpath.normcase(). Add LCMapStringEx to the _winapi module.
IDLE
gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines.
gh-95471: In the Edit menu, move Select All and add a new separator.
gh-95411: Enable using IDLE’s module browser with .pyw files.
gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder.
Tools/Demos
gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland.
gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland
C API
gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined.
gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.6 2022/06/08 17:56:46 adam Exp $
d3 1
a3 1
VERS=		3.10.6
@


1.6
log
@python310 py310-html-docs: updated to 3.10.5

Python 3.10.5 final

Core and Builtins

gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”.

gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner.

gh-93061: Backward jumps after async for loops are no longer given dubious line numbers.

gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.

gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash.

gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.

gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner.

gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.

bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh.

bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time.

bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na.

bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo.

bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual.

bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so.

The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias.

The functions affected are 24 methods in ctypes.

Patch by Oleg Iarygin.

bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters.

Library

gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results.

gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges.

gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect.

gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None.

gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle.

gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify().

gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled.

bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam.

gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11.

gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules.

gh-91810: ElementTree method write() and function tostring() now use the text file’s encoding (“UTF-8” if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified.

gh-91832: Add required attribute to argparse.Action repr output.

gh-91734: Fix OSS audio support on Solaris.

gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised.

gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test.

gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError.

gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.

gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running.

gh-91575: Update case-insensitive matching in the re module to the latest Unicode version.

gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle.

bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox.

bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative.

bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn’t allowed by the OS kernel.

bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX.

bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters.

bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context.

bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak

bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system.

bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter.

bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__.

bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland.

bpo-44493: Add missing terminated NUL in sockaddr_un’s length

This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language.

bpo-42627: Fix incorrect parsing of Windows registry proxy settings

bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation

gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings.
gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
gh-91783: Document security issues concerning the use of the function shutil.unpack_archive()
gh-91547: Remove “Undocumented modules” page.
bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree().
bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1.
bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin.
bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky.
bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None.
bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents.
bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed.
bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes.
bpo-38056: Overhaul the Error Handlers documentation in codecs.
bpo-13553: Document tkinter.Tk args.

Tests

gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py.
gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file.
gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale.
gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up.
bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD.
bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase.
bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom.

Build

bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build.

Windows

gh-92984: Explicitly disable incremental linking for non-Debug builds
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl.
bpo-40859: Update Windows build to use xz-5.2.5

Tools/Demos
gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.5 2022/03/25 17:55:19 adam Exp $
d3 1
a3 1
VERS=		3.10.5
@


1.5
log
@python310 py310-html-docs: updated to 3.10.4

Python 3.10.4 final

Core and Builtins

bpo-46968: Check for the existence of the “sys/auxv.h” header in faulthandler to avoid compilation problems in systems where this header doesn’t exist. Patch by Pablo Galindo

Library

bpo-23691: Protect the re.finditer() iterator from re-entering.

bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception when reading a ZipFile from multiple threads.

bpo-38256: Fix binascii.crc32() when it is compiled to use zlib’c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function.

bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag.

bpo-47061: Deprecate the various modules listed by PEP 594:

aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib

bpo-2604: Fix bug where doctests using globals would fail when run multiple times.

bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.

bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation and deprecation warnings and have now been updated to note they will removed in Python 3.12 (PEP 594).

bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned.

bpo-40296: Fix supporting generic aliases in pydoc.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.4 2022/03/19 18:59:40 adam Exp $
d3 1
a3 1
VERS=		3.10.4
@


1.4
log
@python310 py310-html-docs: updated to 3.10.3

Python 3.10.3 final

Core and Builtins

bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo.
bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner.
bpo-46794: Bump up the libexpat version into 2.4.6
bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by “not in” keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error.
bpo-46762: Fix an assert failure in debug builds when a ‘<’, ‘>’, or ‘=’ is the last character in an f-string that’s missing a closing right brace.
bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset.
bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra.
bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo.
bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated.
bpo-45773: Remove two invalid “peephole” optimizations from the bytecode compiler.
bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property.
bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings.
bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner.
bpo-46383: Fix invalid signature of _zoneinfo’s module_free function to resolve a crash on wasm32-emscripten platform.
bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner.
bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo
bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn’t reach the end of the source when the error is reported. Patch by Pablo Galindo
bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo

Library

bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop.

bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings.

bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)

bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension’s request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks.

bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka.

bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons.

bpo-46932: Update bundled libexpat to 2.4.7

bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls.

bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport.

bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger.

bpo-46811: Make test suite support Expat >=2.4.5

bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs.

bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.

bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system.

bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.

bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard.

bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header.

bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard.

bpo-46672: Fix NameError in asyncio.gather() when initial type check fails.

bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard.

bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does.

bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code.

bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others).

bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.

bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4

bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport.

bpo-45173: Note the configparser deprecations will be removed in Python 3.12.

bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard.

bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard.

bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam.

bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape.

bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.

bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class.

bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files.

bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated.

bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.

bpo-46266: Improve day constants in calendar.

Now all constants (MONDAY … SUNDAY) are documented, tested, and added to __all__.

bpo-46232: The ssl module now handles certificates with bit strings in DN correctly.

bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong.

bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya.

bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash.

bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya.

bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument’s default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein.

bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong.

bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed.

bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests.

bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments.

bpo-14156: argparse.FileType now supports an argument of ‘-’ in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. Patch contributed by Josh Rosenberg

Documentation

bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file

Tests

bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner.
bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution.
bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored.
bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion.
bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner.
bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner.
bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython.
bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner.
bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner.

Build

bpo-47032: Ensure Windows install builds fail correctly with a non-zero exit code when part of the build fails.
bpo-47024: Update OpenSSL to 1.1.1n for macOS installers and all Windows builds.
bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale.
bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
bpo-45925: Update Windows installer to use SQLite 3.37.2.

Windows

bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
bpo-46638: Ensures registry virtualization is consistently disabled. For 3.10 and earlier, it remains enabled (some registry writes are protected), while for 3.11 and later it is disabled (registry modifications affect all applications).

macOS

bpo-45925: Update macOS installer to SQLite 3.37.2.

IDLE

bpo-46630: Make query dialogs on Windows start with a cursor in the entry box.
bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there are no other windows, this also exits IDLE.
bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy.

C API

bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types.
bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.3 2022/01/15 16:23:47 adam Exp $
d3 1
a3 1
VERS=		3.10.3
@


1.3
log
@python310 py310-html-docs: updated to 3.10.2

Python 3.10.2 final

Core and Builtins

bpo-46347: Fix memory leak in PyEval_EvalCodeEx.
bpo-46289: ASDL declaration of FormattedValue has changed to reflect conversion field is not optional.
bpo-46237: Fix the line number of tokenizer errors inside f-strings. Patch by Pablo Galindo.
bpo-46006: Fix a regression when a type method like __init__() is modified in a subinterpreter. Fix a regression in _PyUnicode_EqualToASCIIId() and type update_slot(). Revert the change which made the Unicode dictionary of interned strings compatible with subinterpreters: the internal interned dictionary is shared again by all interpreters. Patch by Victor Stinner.
bpo-46085: Fix iterator cache mechanism of OrderedDict.
bpo-46110: Add a maximum recursion check to the PEG parser to avoid stack overflow. Patch by Pablo Galindo
bpo-46054: Fix parser error when parsing non-utf8 characters in source files. Patch by Pablo Galindo.
bpo-46042: Improve the location of the caret in SyntaxError exceptions emitted by the symbol table. Patch by Pablo Galindo.
bpo-46025: Fix a crash in the atexit module involving functions that unregister themselves before raising exceptions. Patch by Pablo Galindo.
bpo-46009: Restore behavior from 3.9 and earlier when sending non-None to newly started generator. In 3.9 this did not affect the state of the generator. In 3.10.0 and 3.10.1 gen_func().send(0) is equivalent to gen_func().throw(TypeError(...) which exhausts the generator. In 3.10.2 onward, the behavior has been reverted to that of 3.9.
bpo-46000: Improve compatibility of the curses module with NetBSD curses.
bpo-46004: Fix the SyntaxError location for errors involving for loops with invalid targets. Patch by Pablo Galindo
bpo-42918: Fix bug where the built-in compile() function did not always raise a SyntaxError when passed multiple statements in ‘single’ mode. Patch by Weipeng Hong.

Library

bpo-40479: Fix hashlib usedforsecurity option to work correctly with OpenSSL 3.0.0 in FIPS mode.
bpo-46070: Fix possible segfault when importing the asyncio module from different sub-interpreters in parallel. Patch by Erlend E. Aasland.
bpo-46278: Reflect context argument in AbstractEventLoop.call_*() methods. Loop implementations already support it.
bpo-46239: Improve error message when importing asyncio.windows_events on non-Windows.
bpo-20369: concurrent.futures.wait() no longer blocks forever when given duplicate Futures. Patch by Kumar Aditya.
bpo-46105: Honor spec when generating requirement specs with urls and extras (importlib_metadata 4.8.3).
bpo-26952: argparse raises ValueError with clear message when trying to render usage for an empty mutually-exclusive group. Previously it raised a cryptic IndexError.
bpo-27718: Fix help for the signal module. Some functions (e.g. signal() and getsignal()) were omitted.
bpo-46032: The registry() method of functools.singledispatch() functions checks now the first argument or the first parameter annotation and raises a TypeError if it is not supported. Previously unsupported “types” were ignored (e.g. typing.List[int]) or caused an error at calling time (e.g. list[int]).
bpo-46018: Ensure that math.expm1() does not raise on underflow.
bpo-45755: typing generic aliases now reveal the class attributes of the original generic class when passed to dir(). This was the behavior up to Python 3.6, but was changed in 3.7-3.9.
bpo-13236: unittest.TextTestResult and unittest.TextTestRunner flush now the output stream more often.
bpo-42378: Fixes the issue with log file being overwritten when logging.FileHandler is used in atexit with filemode set to 'w'. Note this will cause the message in atexit not being logged if the log stream is already closed due to shutdown of logging.

Documentation

bpo-46120: State that | is preferred for readability over Union in the typing docs.
bpo-46040: Fix removal Python version for @@asyncio.coroutine, the correct value is 3.11.
bpo-19737: Update the documentation for the globals() function.
bpo-45840: Improve cross-references in the documentation for the data model.

Tests

bpo-46205: Fix hang in runtest_mp due to race condition
bpo-46263: Fix test_capi on FreeBSD 14-dev: instruct jemalloc to not fill freed memory with junk byte.
bpo-46150: Now fakename in test_pathlib.PosixPathTest.test_expanduser is checked to be non-existent.
bpo-46129: Rewrite asyncio.locks tests with unittest.IsolatedAsyncioTestCase usage.
bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.

Build

bpo-46263: configure no longer sets MULTIARCH on FreeBSD platforms.
bpo-46106: Updated OpenSSL to 1.1.1m in Windows builds, macOS installer builds, and CI. Patch by Kumar Aditya.

macOS

bpo-40477: The Python Launcher app for macOS now properly launches scripts and, if necessary, the Terminal app when running on recent macOS releases.

C API

bpo-46236: Fix a bug in PyFunction_GetAnnotations() that caused it to return a tuple instead of a dict.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.2 2021/12/07 09:31:31 adam Exp $
d3 1
a3 1
VERS=		3.10.2
@


1.2
log
@py310-html-docs: updated to 3.10.1
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.1 2021/10/05 19:07:13 adam Exp $
d3 1
a3 1
VERS=		3.10.1
@


1.1
log
@python310 py310-html-docs: added version 3.10.0

Python 3.10

Summary – Release highlights

New syntax features:

PEP 634, Structural Pattern Matching: Specification
PEP 635, Structural Pattern Matching: Motivation and Rationale
PEP 636, Structural Pattern Matching: Tutorial
bpo-12782, Parenthesized context managers are now officially allowed.

New features in the standard library:

PEP 618, Add Optional Length-Checking To zip.

Interpreter improvements:

PEP 626, Precise line numbers for debugging and other tools.

New typing features:

PEP 604, Allow writing union types as X | Y
PEP 613, Explicit Type Aliases
PEP 612, Parameter Specification Variables

Important deprecations, removals or restrictions:

PEP 644, Require OpenSSL 1.1.1 or newer
PEP 632, Deprecate distutils module.
PEP 623, Deprecate and prepare for the removal of the wstr member in PyUnicodeObject.
PEP 624, Remove Py_UNICODE encoder APIs
PEP 597, Add optional EncodingWarning
@
text
@d1 1
a1 1
# $NetBSD$
d3 1
a3 1
VERS=		3.10.0
@