Python 3.10.13
Security
gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.
Library
gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError.
Tools/Demos
gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
C API
gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set.
Paves the way to cross-version-compiling (e.g., netbsd9 building
packages for netbsd10) and cross-OS-compilation (e.g., macOS building
packages for NetBSD).
For this purpose, factor the PY_PLATNAME definition out into a new
lang/pythonNN/platname.mk file. It's not the same for 2.x and 3.x;
perhaps we could factor it out further into a single 2.x vs 3.x
conditional but this is a more mechanical change that makes it easier
to audit for now.
Python 3.10.12
Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.
Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details.
Documentation
gh-89412: Add missing documentation for the end_lineno and end_offset attributes of the traceback.TracebackException class.
Build
gh-103262: Fixes Windows installer build to work with latest compilers.
Python 3.10.11
Security
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.
Core and Builtins
gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo.
gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías.
gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya.
gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya.
gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann.
gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created.
gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object.
Library
gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood
gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim.
gh-102179: Fix os.dup2() error message for negative fds.
gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim.
gh-101936: The default value of fp becomes io.BytesIO if HTTPError is initialized without a designated fp parameter. Patch by Long Vo.
gh-101566: In zipfile, apply fix for extractall on the underlying zipfile after being wrapped in Path.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
gh-101892: Callable iterators no longer raise SystemError when the callable object exhausts the iterator but forgets to either return a sentinel value or raise StopIteration.
gh-97786: Fix potential undefined behaviour in corner cases of floating-point-to-time conversions.
gh-101517: Fixed bug where bdb looks up the source line with linecache with a lineno=None, which causes it to fail with an unhandled exception.
gh-101673: Fix a pdb bug where ll clears the changes to local variables.
gh-96931: Fix incorrect results from ssl.SSLSocket.shared_ciphers()
gh-88233: Correctly preserve “extra” fields in zipfile regardless of their ordering relative to a zip64 “extra.”
gh-95495: When built against OpenSSL 3.0, the ssl module had a bug where it reported unauthenticated EOFs (i.e. without close_notify) as a clean TLS-level EOF. It now raises SSLEOFError, matching the behavior in previous versions of OpenSSL. The options attribute on SSLContext also no longer includes OP_IGNORE_UNEXPECTED_EOF by default. This option may be set to specify the previous OpenSSL 3.0 behavior.
gh-94440: Fix a concurrent.futures.process bug where ProcessPoolExecutor shutdown could hang after a future has been quickly submitted and canceled.
Documentation
gh-103112: Add docstring to http.client.HTTPResponse.read() to fix pydoc output.
gh-85417: Update cmath documentation to clarify behaviour on branch cuts.
gh-97725: Fix asyncio.Task.print_stack() description for file=None. Patch by Oleg Iarygin.
Tests
gh-102980: Improve test coverage on pdb.
gh-102537: Adjust the error handling strategy in test_zoneinfo.TzPathTest.python_tzpath_context. Patch by Paul Ganssle.
gh-101377: Improved test_locale_calendar_formatweekday of calendar.
Build
gh-102711: Fix -Wstrict-prototypes compiler warnings.
Windows
gh-101759: Update Windows installer to SQLite 3.40.1.
gh-101614: Correctly handle extensions built against debug binaries that reference python3_d.dll.
macOS
gh-103207: Add instructions to the macOS installer welcome display on how to workaround the macOS 13 Ventura “The installer encountered an error” failure.
gh-101759: Update macOS installer to SQLite 3.40.1.
gh-87235: On macOS python3 /dev/fd/9 9</path/to/script.py failed for any script longer than a couple of bytes.
Python 3.10.10
Core and Builtins
gh-101400: Fix wrong lineno in exception message on continue or break which are not in a loop. Patch by Dong-hee Na.
gh-101372: Fix is_normalized() to properly handle the UCD 3.2.0 cases. Patch by Dong-hee Na.
gh-101046: Fix a possible memory leak in the parser when raising MemoryError. Patch by Pablo Galindo
gh-100942: Fixed segfault in property.getter/setter/deleter that occurred when a property subclass overrode the __new__ method to return a non-property instance.
gh-100892: Fix race while iterating over thread states in clearing threading.local. Patch by Kumar Aditya.
gh-100776: Fix misleading default value in input()’s __text_signature__.
gh-100374: Fix incorrect result and delay in socket.getfqdn(). Patch by Dominic Socular.
gh-100050: Honor existing errors obtained when searching for mismatching parentheses in the tokenizer. Patch by Pablo Galindo
bpo-32782: ctypes arrays of length 0 now report a correct itemsize when a memoryview is constructed from them, rather than always giving a value of 0.
Library
gh-100795: Avoid potential unexpected freeaddrinfo call (double free) in socket when when a libc getaddrinfo() implementation leaves garbage in an output pointer when returning an error. Original patch by Sergey G. Brester.
gh-101143: Remove unused references to TimerHandle in asyncio.base_events.BaseEventLoop._add_callback.
gh-101144: Make zipfile.Path.open() and zipfile.Path.read_text() also accept encoding as a positional argument. This was the behavior in Python 3.9 and earlier. Earlier 3.10 versions had a regression where supplying it as a positional argument would lead to a TypeError.
gh-100573: Fix a Windows asyncio bug with named pipes where a client doing os.stat() on the pipe would cause an error in the server that disabled serving future requests.
gh-90104: Avoid RecursionError on repr if a dataclass field definition has a cyclic reference.
gh-100689: Fix crash in pyexpat by statically allocating PyExpat_CAPI capsule.
gh-100740: Fix unittest.mock.Mock not respecting the spec for attribute names prefixed with assert.
gh-86508: Fix asyncio.open_connection() to skip binding to local addresses of different family. Patch by Kumar Aditya.
gh-100287: Fix the interaction of unittest.mock.seal() with unittest.mock.AsyncMock.
gh-100474: http.server now checks that an index page is actually a regular file before trying to serve it. This avoids issues with directories named index.html.
gh-100160: Remove any deprecation warnings in asyncio.get_event_loop(). They are deferred to Python 3.12.
gh-99952: Fix a reference undercounting issue in ctypes.Structure with from_param() results larger than a C pointer.
gh-98778: Update HTTPError to be initialized properly, even if the fp is None. Patch by Dong-hee Na.
gh-83035: Fix inspect.getsource() handling of decorator calls with nested parentheses.
gh-99240: Fix double-free bug in Argument Clinic str_converter by extracting memory clean up to a new post_parsing section.
gh-85267: Several improvements to inspect.signature()’s handling of __text_signature. - Fixes a case where inspect.signature() dropped parameters - Fixes a case where inspect.signature() raised tokenize.TokenError - Allows inspect.signature() to understand defaults involving binary operations of constants - inspect.signature() is documented as only raising TypeError or ValueError, but sometimes raised RuntimeError. These cases now raise ValueError - Removed a dead code path
gh-96192: Fix handling of bytes path-like objects in os.ismount().
bpo-44817: Ignore WinError 53 (ERROR_BAD_NETPATH), 65 (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME) when using ntpath.realpath().
bpo-40447: Accept os.PathLike (such as pathlib.Path) in the stripdir arguments of compileall.compile_file() and compileall.compile_dir().
bpo-36880: Fix a reference counting issue when a ctypes callback with return type py_object returns None, which could cause crashes.
Documentation
gh-100616: Document existing attr parameter to curses.window.vline() function in curses.
gh-100472: Remove claim in documentation that the stripdir, prependdir and limit_sl_dest parameters of compileall.compile_dir() and compileall.compile_file() could be bytes.
Tests
gh-101334: test_tarfile has been updated to pass when run as a high UID.
gh-96002: Add functional test for Argument Clinic.
Build
gh-101522: Allow overriding Windows dependencies versions and paths using MSBuild properties.
Windows
gh-82052: Fixed an issue where writing more than 32K of Unicode output to the console screen in one go can result in mojibake.
gh-100180: Update Windows installer to OpenSSL 1.1.1s
bpo-43984: winreg.SetValueEx() now leaves the target value untouched in the case of conversion errors. Previously, -1 would be written in case of such errors.
macOS
gh-100180: Update macOS installer to OpenSSL 1.1.1s
C API
gh-99240: In argument parsing, after deallocating newly allocated memory, reset its pointer to NULL.
Python 3.10.9 final
Security
gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.
This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected.
Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier.
This prevents Linux CVE-2022-42919.
Core and Builtins
gh-99578: Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner.
gh-99581: Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo
gh-96055: Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na.
gh-98852: Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable.
gh-98415: Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders
gh-92119: Print exception class name instead of its string representation when raising errors from ctypes calls.
gh-93696: Allow pdb to locate source for frozen modules in the standard library.
bpo-31718: Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman.
bpo-38031: Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor.
Library
gh-100001: Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r”x” came through in the original request line.
gh-93453: asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set.
gh-51524: Fix bug when calling trace.CoverageResults with valid infile.
gh-99645: Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class.
gh-97001: Release the GIL when calling termios APIs to avoid blocking threads.
gh-99341: Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers.
gh-74044: Fixed bug where inspect.signature() reported incorrect arguments for decorated methods.
gh-99275: Fix SystemError in ctypes when exception was not set during __initsubclass__.
gh-99155: Fix statistics.NormalDist pickle with 0 and 1 protocols.
gh-99134: Update the bundled copy of pip to version 22.3.1.
gh-99130: Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden.
gh-83004: Clean up refleak on failed module initialisation in _zoneinfo
gh-83004: Clean up refleaks on failed module initialisation in in _pickle
gh-83004: Clean up refleak on failed module initialisation in _io.
gh-98897: Fix memory leak in math.dist() when both points don’t have the same dimension. Patch by Kumar Aditya.
gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions.
gh-98740: Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the “else” branch.
gh-98703: Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows.
gh-98624: Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes.
gh-89237: Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya.
gh-98458: Fix infinite loop in unittest when a self-referencing chained exception is raised
gh-97928: tkinter.Text.count() raises now an exception for options starting with “-” instead of silently ignoring them.
gh-97966: On uname_result, restored expectation that _fields and _asdict would include all six properties including processor.
gh-98331: Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively.
gh-96035: Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted.
gh-98251: Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution
gh-98178: On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner.
gh-96151: Allow BUILTINS to be a valid field name for frozen dataclasses.
gh-98086: Make sure patch.dict() can be applied on async functions.
gh-88863: To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang.
gh-93858: Prevent error when activating venv in nested fish instances.
bpo-46364: Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only.
bpo-38523: shutil.copytree() now applies the ignore_dangling_symlinks argument recursively.
bpo-36267: Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument.
Documentation
gh-92892: Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms).
Tests
gh-99892: Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner.
bpo-34272: Some C API tests were moved into the new Lib/test/test_capi/ directory.
Build
gh-99086: Fix -Wimplicit-int, -Wstrict-prototypes, and -Wimplicit-function-declaration compiler warnings in configure checks.
gh-99086: Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM.
gh-97731: Specify the full path to the source location for make docclean (needed for cross-builds).
gh-98671: Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed.
Windows
gh-99345: Use faster initialization functions to detect install location for Windows Store package
gh-98689: Update Windows builds to zlib v1.2.13. v1.2.12 has CVE-2022-37434, but the vulnerable inflateGetHeader API is not used by Python.
gh-94328: Update Windows installer to use SQLite 3.39.4.
bpo-40882: Fix a memory leak in multiprocessing.shared_memory.SharedMemory on Windows.
macOS
gh-94328: Update macOS installer to SQLite 3.39.4.
IDLE
gh-97527: Fix a bug in the previous bugfix that caused IDLE to not start when run with 3.10.8, 3.12.0a1, and at least Microsoft Python 3.10.2288.0 installed without the Lib/test package. 3.11.0 was never affected.
Tools/Demos
gh-95731: Fix handling of module docstrings in Tools/i18n/pygettext.py.
Python 3.10.8
Security
gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).
Core and Builtins
gh-96078: os.sched_yield() now release the GIL while calling sched_yield(2). Patch by Dong-hee Na.
gh-97943: Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference.
gh-97591: Fixed a missing incref/decref pair in Exception.__setstate__(). Patch by Ofey Chan.
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. Patch by Victor Stinner.
gh-95921: Fix overly-broad source position information for chained comparisons used as branching conditions.
gh-96821: Fix undefined behaviour in _testcapimodule.c.
gh-95778: When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. Patch by Victor Stinner.
gh-96387: At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. Issue discovered and analyzed by Mingliang ZHAO. Patch by Victor Stinner.
gh-96864: Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled.
gh-96678: Fix undefined behaviour in C code of null pointer arithmetic.
gh-96641: Do not expose KeyWrapper in _functools.
gh-96611: When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted.
gh-95196: Disable incorrect pickling of the C implemented classmethod descriptors.
gh-96352: Fix AttributeError missing name and obj attributes in object.__getattribute__(). Patch by Philip Georgi.
bpo-42316: Document some places where an assignment expression needs parentheses.
Library
gh-87730: Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable.
gh-97825: Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used.
gh-96827: Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt).
gh-97592: Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed.
gh-97639: Remove tokenize.NL check from tabnanny.
gh-97545: Make Semaphore run faster.
gh-73588: Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique.
gh-97005: Update bundled libexpat to 2.4.9
gh-85760: Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. Patch by Kumar Aditya.
gh-96819: Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF.
gh-96741: Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str.
gh-96652: Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. Patch by Victor Stinner.
gh-96073: In inspect, fix overeager replacement of “typing.” in formatting annotations.
gh-90467: Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected
gh-96052: Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings.
gh-91212: Fixed flickering of the turtle window when the tracer is turned off. Patch by Shin-myoung-serp.
gh-74116: Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. Patch by Kumar Aditya.
gh-90155: Fix broken asyncio.Semaphore when acquire is cancelled.
gh-92986: Fix ast.unparse() when ImportFrom.level is None
gh-91539: Improve performance of urllib.request.getproxies_environment when there are many environment variables
Documentation
gh-97741: Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution.
gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe.
gh-93031: Update tutorial introduction output to use 3.10+ SyntaxError invalid range.
Build
gh-96729: Ensure that Windows releases built with Tools\msi\buildrelease.bat are upgradable to and from official Python releases.
Windows
gh-97728: Fix possible crashes caused by the use of uninitialized variables when pass invalid arguments in os.system() on Windows and in Windows-specific modules (like winreg).
gh-90989: Clarify some text in the Windows installer.
gh-96577: Fixes a potential buffer overrun in msilib.
macOS
gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could result in a segfault if cpython is built with the macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding runtime support for detection of these system calls (“weaklinking”) as is done for other newer syscalls on macOS.
Python 3.10.7 final
Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
Core and Builtins
gh-96187: Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. Patch by Pablo Galindo
gh-95876: Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments.
gh-95605: Fix misleading contents of error message when converting an all-whitespace string to float.
gh-93592: coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine.
gh-94996: ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). Patch by Shantanu Jain.
Library
gh-68163: Correct conversion of numbers.Rational’s to float.
gh-96159: Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed.
gh-96175: Fix unused localName parameter in the Attr class in xml.dom.minidom.
gh-95609: Update bundled pip to 22.2.2.
gh-95231: Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled.
Documentation
gh-96098: Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules.
gh-95789: Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org
gh-91207: Fix stylesheet not working in Windows CHM htmlhelp docs. Contributed by C.A.M. Gerlach.
bpo-47115: The documentation now lists which members of C structs are part of the Limited API/Stable ABI.
Tests
gh-95243: Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. Patch by Ross Burton.
Build
gh-94682: Build and test with OpenSSL 1.1.1q
IDLE
gh-65802: Document handling of extensions in Save As dialogs.
gh-95191: Include prompts when saving Shell (interactive input and output).
Python 3.10.6 final
Release date: 2022-08-01
Security
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.
gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases.
Core and Builtins
gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu.
gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior.
gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain.
gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain.
gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo.
gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method.
gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly.
gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo
gh-94192: Fix error for dictionary literals with invalid expression as value.
gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files.
gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo
gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra.
gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id.
gh-92914: Always round the allocated size for lists up to the nearest even number.
gh-92858: Improve error message for some suites with syntax error before ‘:’
Library
gh-95339: Update bundled pip to 22.2.1.
gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it before calling any callbacks. Patch by Kumar Aditya.
gh-95087: Fix IndexError in parsing invalid date in the email module.
gh-95199: Upgrade bundled setuptools to 63.2.0.
gh-95194: Upgrade bundled pip to 22.2.
gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel versions where these flags are not present. Patch by Kumar Aditya.
gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting on future on an error - e.g. TimeoutError or KeyboardInterrupt.
gh-93157: Fix fileinput module didn’t support errors option when inplace is true.
gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”.
gh-94736: Fix crash when deallocating an instance of a subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU intensive work.
gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise RuntimeError. Patch by Pablo Galindo.
gh-92336: Fix bug where linecache.getline() fails on bad files with UnicodeDecodeError or SyntaxError. It now returns an empty string as per the documentation.
gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. Patch by Kumar Aditya.
gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya.
gh-94245: Fix pickling and copying of typing.Tuple[()].
gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the _struct module.
gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them.
gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and inspect.isasyncgenfunction() now properly return True for duck-typed function-like objects like instances of unittest.mock.AsyncMock.
This makes inspect.iscoroutinefunction() consistent with the behavior of asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK.
gh-83499: Fix double closing of file description in tempfile.
gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, ProxyType, CallableProxyType. It makes them pickleable.
gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if __reduce__() returns a tuple with length 6 instead of silently ignore the 6th item or produce incorrect result.
gh-90549: Fix a multiprocessing bug where a global named resource (such as a semaphore) could leak when a child process is spawned (as opposed to forked).
gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch by Erlend E. Aasland.
gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. Patch by Erlend E. Aasland.
gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None.
gh-93353: Fix the importlib.resources.as_file() context manager to remove the temporary file if destroyed late during Python finalization: keep a local reference to the os.remove() function. Patch by Victor Stinner.
gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int.
gh-74696: shutil.make_archive() no longer temporarily changes the current working directory during creation of standard .zip or tar archives.
gh-91577: Move imports in SharedMemory methods to module level so that they can be executed late in python finalization.
bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname directories.
bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack trace from being written twice.
bpo-46053: Fix OSS audio support on NetBSD.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.
bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised multiple times. Patch by Kumar Aditya.
bpo-34828: sqlite3.Connection.iterdump() now handles databases that use AUTOINCREMENT in one or more tables.
Documentation
gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol.
gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit.
gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager.
gh-87260: Align sqlite3 argument specs with the actual implementation.
gh-86986: The minimum Sphinx version required to build the documentation is now 3.2.
gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to to this.
bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths.
Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers.
gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe.
gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields.
# Write your Misc/NEWS entry below. It should be a simple ReST paragraph. # Don’t start with “- Issue #<n>: ” or “- gh-issue-<n>: ” or that sort of stuff. ###########################################################################
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers.
gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip.
gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday().
gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
Build
gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932.
bpo-45816: Python now supports building with Visual Studio 2022 (MSVC v143, VS Version 17.0). Patch by Jeremiah Vivian.
Windows
gh-90844: Allow virtual environments to correctly launch when they have spaces in the path.
gh-92841: asyncio no longer throws RuntimeError: Event loop is closed on interpreter exit after asynchronous socket activity. Patch by Oleg Iarygin.
bpo-42658: Support native Windows case-insensitive path comparisons by using LCMapStringEx instead of str.lower() in ntpath.normcase(). Add LCMapStringEx to the _winapi module.
IDLE
gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines.
gh-95471: In the Edit menu, move Select All and add a new separator.
gh-95411: Enable using IDLE’s module browser with .pyw files.
gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder.
Tools/Demos
gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland.
gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland
C API
gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined.
gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions.
As documented in pkg/56774, when WRKOBJDIR is in LOCALBASE (eg set to
${LOCALBASE}/work) then changes done to Python's setup.py made it
unable to locate its own built-in modules, then failing to bootstrap and
build.
As suggested by tnn@; tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
Python 3.10.5 final
Core and Builtins
gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”.
gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner.
gh-93061: Backward jumps after async for loops are no longer given dubious line numbers.
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.
The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.
gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash.
gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner.
gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh.
bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time.
bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na.
bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo.
bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual.
bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so.
The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias.
The functions affected are 24 methods in ctypes.
Patch by Oleg Iarygin.
bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters.
Library
gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results.
gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges.
gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect.
gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None.
gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle.
gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify().
gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled.
bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam.
gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11.
gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules.
gh-91810: ElementTree method write() and function tostring() now use the text file’s encoding (“UTF-8” if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified.
gh-91832: Add required attribute to argparse.Action repr output.
gh-91734: Fix OSS audio support on Solaris.
gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised.
gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test.
gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError.
gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running.
gh-91575: Update case-insensitive matching in the re module to the latest Unicode version.
gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle.
bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox.
bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative.
bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn’t allowed by the OS kernel.
bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX.
bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters.
bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context.
bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak
bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system.
bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter.
bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__.
bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland.
bpo-44493: Add missing terminated NUL in sockaddr_un’s length
This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language.
bpo-42627: Fix incorrect parsing of Windows registry proxy settings
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.
Documentation
gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings.
gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
gh-91783: Document security issues concerning the use of the function shutil.unpack_archive()
gh-91547: Remove “Undocumented modules” page.
bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree().
bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1.
bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin.
bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky.
bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None.
bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents.
bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed.
bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes.
bpo-38056: Overhaul the Error Handlers documentation in codecs.
bpo-13553: Document tkinter.Tk args.
Tests
gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py.
gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file.
gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale.
gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up.
bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD.
bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase.
bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom.
Build
bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build.
Windows
gh-92984: Explicitly disable incremental linking for non-Debug builds
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl.
bpo-40859: Update Windows build to use xz-5.2.5
Tools/Demos
gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter.
Python 3.10.4 final
Core and Builtins
bpo-46968: Check for the existence of the “sys/auxv.h” header in faulthandler to avoid compilation problems in systems where this header doesn’t exist. Patch by Pablo Galindo
Library
bpo-23691: Protect the re.finditer() iterator from re-entering.
bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception when reading a ZipFile from multiple threads.
bpo-38256: Fix binascii.crc32() when it is compiled to use zlib’c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function.
bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag.
bpo-47061: Deprecate the various modules listed by PEP 594:
aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib
bpo-2604: Fix bug where doctests using globals would fail when run multiple times.
bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation and deprecation warnings and have now been updated to note they will removed in Python 3.12 (PEP 594).
bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned.
bpo-40296: Fix supporting generic aliases in pydoc.
Python 3.10.3 final
Core and Builtins
bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo.
bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner.
bpo-46794: Bump up the libexpat version into 2.4.6
bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by “not in” keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error.
bpo-46762: Fix an assert failure in debug builds when a ‘<’, ‘>’, or ‘=’ is the last character in an f-string that’s missing a closing right brace.
bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset.
bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra.
bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo.
bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated.
bpo-45773: Remove two invalid “peephole” optimizations from the bytecode compiler.
bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property.
bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings.
bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner.
bpo-46383: Fix invalid signature of _zoneinfo’s module_free function to resolve a crash on wasm32-emscripten platform.
bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner.
bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo
bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn’t reach the end of the source when the error is reported. Patch by Pablo Galindo
bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo
Library
bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop.
bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings.
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension’s request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks.
bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka.
bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons.
bpo-46932: Update bundled libexpat to 2.4.7
bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls.
bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport.
bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger.
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs.
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard.
bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header.
bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard.
bpo-46672: Fix NameError in asyncio.gather() when initial type check fails.
bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard.
bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does.
bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code.
bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others).
bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport.
bpo-45173: Note the configparser deprecations will be removed in Python 3.12.
bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard.
bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard.
bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam.
bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape.
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.
bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class.
bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files.
bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated.
bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
bpo-46266: Improve day constants in calendar.
Now all constants (MONDAY … SUNDAY) are documented, tested, and added to __all__.
bpo-46232: The ssl module now handles certificates with bit strings in DN correctly.
bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong.
bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya.
bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash.
bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya.
bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument’s default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein.
bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong.
bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed.
bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests.
bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments.
bpo-14156: argparse.FileType now supports an argument of ‘-’ in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. Patch contributed by Josh Rosenberg
Documentation
bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file
Tests
bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner.
bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution.
bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored.
bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion.
bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner.
bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner.
bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython.
bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner.
bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner.
Build
bpo-47032: Ensure Windows install builds fail correctly with a non-zero exit code when part of the build fails.
bpo-47024: Update OpenSSL to 1.1.1n for macOS installers and all Windows builds.
bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale.
bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
bpo-45925: Update Windows installer to use SQLite 3.37.2.
Windows
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
bpo-46638: Ensures registry virtualization is consistently disabled. For 3.10 and earlier, it remains enabled (some registry writes are protected), while for 3.11 and later it is disabled (registry modifications affect all applications).
macOS
bpo-45925: Update macOS installer to SQLite 3.37.2.
IDLE
bpo-46630: Make query dialogs on Windows start with a cursor in the entry box.
bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there are no other windows, this also exits IDLE.
bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy.
C API
bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types.
bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD.
which means 11.x and 12.x according to mk/platform/Darwin.mk. On 10.x
(i386 Snow Leopard Server, at least), no problem with the system gcc.
Adjust the scope of the workaround to match.
Python 3.10.2 final
Core and Builtins
bpo-46347: Fix memory leak in PyEval_EvalCodeEx.
bpo-46289: ASDL declaration of FormattedValue has changed to reflect conversion field is not optional.
bpo-46237: Fix the line number of tokenizer errors inside f-strings. Patch by Pablo Galindo.
bpo-46006: Fix a regression when a type method like __init__() is modified in a subinterpreter. Fix a regression in _PyUnicode_EqualToASCIIId() and type update_slot(). Revert the change which made the Unicode dictionary of interned strings compatible with subinterpreters: the internal interned dictionary is shared again by all interpreters. Patch by Victor Stinner.
bpo-46085: Fix iterator cache mechanism of OrderedDict.
bpo-46110: Add a maximum recursion check to the PEG parser to avoid stack overflow. Patch by Pablo Galindo
bpo-46054: Fix parser error when parsing non-utf8 characters in source files. Patch by Pablo Galindo.
bpo-46042: Improve the location of the caret in SyntaxError exceptions emitted by the symbol table. Patch by Pablo Galindo.
bpo-46025: Fix a crash in the atexit module involving functions that unregister themselves before raising exceptions. Patch by Pablo Galindo.
bpo-46009: Restore behavior from 3.9 and earlier when sending non-None to newly started generator. In 3.9 this did not affect the state of the generator. In 3.10.0 and 3.10.1 gen_func().send(0) is equivalent to gen_func().throw(TypeError(...) which exhausts the generator. In 3.10.2 onward, the behavior has been reverted to that of 3.9.
bpo-46000: Improve compatibility of the curses module with NetBSD curses.
bpo-46004: Fix the SyntaxError location for errors involving for loops with invalid targets. Patch by Pablo Galindo
bpo-42918: Fix bug where the built-in compile() function did not always raise a SyntaxError when passed multiple statements in ‘single’ mode. Patch by Weipeng Hong.
Library
bpo-40479: Fix hashlib usedforsecurity option to work correctly with OpenSSL 3.0.0 in FIPS mode.
bpo-46070: Fix possible segfault when importing the asyncio module from different sub-interpreters in parallel. Patch by Erlend E. Aasland.
bpo-46278: Reflect context argument in AbstractEventLoop.call_*() methods. Loop implementations already support it.
bpo-46239: Improve error message when importing asyncio.windows_events on non-Windows.
bpo-20369: concurrent.futures.wait() no longer blocks forever when given duplicate Futures. Patch by Kumar Aditya.
bpo-46105: Honor spec when generating requirement specs with urls and extras (importlib_metadata 4.8.3).
bpo-26952: argparse raises ValueError with clear message when trying to render usage for an empty mutually-exclusive group. Previously it raised a cryptic IndexError.
bpo-27718: Fix help for the signal module. Some functions (e.g. signal() and getsignal()) were omitted.
bpo-46032: The registry() method of functools.singledispatch() functions checks now the first argument or the first parameter annotation and raises a TypeError if it is not supported. Previously unsupported “types” were ignored (e.g. typing.List[int]) or caused an error at calling time (e.g. list[int]).
bpo-46018: Ensure that math.expm1() does not raise on underflow.
bpo-45755: typing generic aliases now reveal the class attributes of the original generic class when passed to dir(). This was the behavior up to Python 3.6, but was changed in 3.7-3.9.
bpo-13236: unittest.TextTestResult and unittest.TextTestRunner flush now the output stream more often.
bpo-42378: Fixes the issue with log file being overwritten when logging.FileHandler is used in atexit with filemode set to 'w'. Note this will cause the message in atexit not being logged if the log stream is already closed due to shutdown of logging.
Documentation
bpo-46120: State that | is preferred for readability over Union in the typing docs.
bpo-46040: Fix removal Python version for @asyncio.coroutine, the correct value is 3.11.
bpo-19737: Update the documentation for the globals() function.
bpo-45840: Improve cross-references in the documentation for the data model.
Tests
bpo-46205: Fix hang in runtest_mp due to race condition
bpo-46263: Fix test_capi on FreeBSD 14-dev: instruct jemalloc to not fill freed memory with junk byte.
bpo-46150: Now fakename in test_pathlib.PosixPathTest.test_expanduser is checked to be non-existent.
bpo-46129: Rewrite asyncio.locks tests with unittest.IsolatedAsyncioTestCase usage.
bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.
Build
bpo-46263: configure no longer sets MULTIARCH on FreeBSD platforms.
bpo-46106: Updated OpenSSL to 1.1.1m in Windows builds, macOS installer builds, and CI. Patch by Kumar Aditya.
macOS
bpo-40477: The Python Launcher app for macOS now properly launches scripts and, if necessary, the Terminal app when running on recent macOS releases.
C API
bpo-46236: Fix a bug in PyFunction_GetAnnotations() that caused it to return a tuple instead of a dict.
My previous patch intended to remove prefix /usr/pkg from sys.path during
build, but the regex ^/usr/pkg matches /usr/pkgsrc/lang/python39/work so
it ended unintentionally removing also the work directory in some cases.
Match instead on ^/usr/pkg/
upstream says it should not be needed, and I don't see a difference
in building python310 and running its tests either.
Let me know if you do.
Bump PKGREVISION to be on the safe side.
Python 3.10.1 final
Release date: 2021-12-06
Core and Builtins
bpo-42268: Fail the configure step if the selected compiler doesn’t support memory sanitizer. Patch by Pablo Galindo
bpo-45727: Refine the custom syntax error that suggests that a comma may be missing to trigger only when the expressions are detected between parentheses or brackets. Patch by Pablo Galindo
bpo-45614: Fix traceback display for exceptions with invalid module name.
bpo-45848: Allow the parser to obtain error lines directly from encoded files. Patch by Pablo Galindo
bpo-45826: Fixed a crash when calling .with_traceback(None) on NameError. This occurs internally in unittest.TestCase.assertRaises().
bpo-45822: Fixed a bug in the parser that was causing it to not respect PEP 263 coding cookies when no flags are provided. Patch by Pablo Galindo
bpo-45820: Fix a segfault when the parser fails without reading any input. Patch by Pablo Galindo
bpo-42540: Fix crash when os.fork() is called with an active non-default memory allocator.
bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo.
bpo-45773: Fix a compiler hang when attempting to optimize certain jump patterns.
bpo-45716: Improve the SyntaxError message when using True, None or False as keywords in a function call. Patch by Pablo Galindo.
bpo-45688: sys.stdlib_module_names now contains the macOS-specific module _scproxy.
bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples.
bpo-45521: Fix a bug in the obmalloc radix tree code. On 64-bit machines, the bug causes the tree to hold 46-bits of virtual addresses, rather than the intended 48-bits.
bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo.
bpo-45408: Fix a crash in the parser when reporting tokenizer errors that occur at the same time unclosed parentheses are detected. Patch by Pablo Galindo.
bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na.
bpo-45167: Fix deepcopying of types.GenericAlias objects.
bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219.
bpo-44959: Added fallback to extension modules with ‘.sl’ suffix on HP-UX
bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8.
bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it’s called directly or via super(). Patch provided by Yurii Karabas.
bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed.
(This issue impacted only the C code exception rendering, the traceback module was using qualname already).
bpo-45056: Compiler now removes trailing unused constants from co_consts.
Library
bpo-27946: Fix possible crash when getting an attribute of class:xml.etree.ElementTree.Element simultaneously with replacing the attrib dict.
bpo-37658: Fix issue when on certain conditions asyncio.wait_for() may allow a coroutine to complete successfully, but fail to return the result, potentially causing memory leaks or other issues.
bpo-44649: Handle dataclass(slots=True) with a field that has default a default value, but for which init=False.
bpo-45803: Added missing kw_only parameter to dataclasses.make_dataclass().
bpo-45831: faulthandler can now write ASCII-only strings (like filenames and function names) with a single write() syscall when dumping a traceback. It reduces the risk of getting an unreadable dump when two threads or two processes dump a traceback to the same file (like stderr) at the same time. Patch by Victor Stinner.
bpo-41735: Fix thread lock in zlib.Decompress.flush() method before PyObject_GetBuffer.
bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments.
bpo-45765: In importlib.metadata, fix distribution discovery for an empty path.
bpo-45757: Fix bug where dis produced an incorrect oparg when EXTENDED_ARG is followed by an opcode that does not use its argument.
bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling.
bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2].
bpo-45664: Fix types.resolve_bases() and types.new_class() for types.GenericAlias instance as a base.
bpo-45663: Fix dataclasses.is_dataclass() for dataclasses which are subclasses of types.GenericAlias.
bpo-45662: Fix the repr of dataclasses.InitVar with a type alias to the built-in class, e.g. InitVar[list[int]].
bpo-45438: Fix typing.Signature string representation for generic builtin types.
bpo-45574: Fix warning about print_escape being unused.
bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland.
bpo-45557: pprint.pprint() now handles underscore_numbers correctly. Previously it was always setting it to False.
bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle.
bpo-45475: Reverted optimization of iterating gzip.GzipFile, bz2.BZ2File, and lzma.LZMAFile (see bpo-43787) because it caused regression when user iterate them without having reference of them. Patch by Inada Naoki.
bpo-45428: Fix a regression in py_compile when reading filenames from standard input.
bpo-45467: Fix incremental decoder and stream reader in the “raw-unicode-escape” codec. Previously they failed if the escape sequence was split.
bpo-45461: Fix incremental decoder and stream reader in the “unicode-escape” codec. Previously they failed if the escape sequence was split.
bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt.
bpo-45249: Fix the behaviour of traceback.print_exc() when displaying the caret when the end_offset in the exception is set to 0. Patch by Pablo Galindo
bpo-45416: Fix use of asyncio.Condition with explicit asyncio.Lock objects, which was a regression due to removal of explicit loop arguments. Patch by Joongi Kim.
bpo-45419: Correct interfaces on DegenerateFiles.Path.
bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood.
bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :’func:inspect.getabsfile, and return None to indicate that the module could not be determined.
bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop
bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options.
bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library.
bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na.
bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0
bpo-45329: Fix freed memory access in pyexpat.xmlparser when building it with an installed expat library <= 2.2.0.
bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner.
bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don’t support the TCP_NODELAY socket option.
bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit.
bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner.
bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks.
bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator.
bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults.
bpo-45183: Have zipimport.zipimporter.find_spec() not raise an exception when the underlying zip file has been deleted and the internal cache has been reset via invalidate_cache().
bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError
bpo-45228: Fix stack buffer overflow in parsing J1939 network address.
bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol.
Patch by Kyungmin Lee.
bpo-42135: Fix typo: importlib.find_loader is really slated for removal in Python 3.12 not 3.10, like the others in GH-25169.
Patch by Hugo van Kemenade.
bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice.
bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state.
bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef.
bpo-20499: Improve the speed and accuracy of statistics.pvariance().
bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container.
bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module
bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction.
bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight.
bpo-44295: Ensure deprecation warning from assertDictContainsSubset() points at calling code - by Anthony Sottile.
bpo-43498: Avoid a possible “RuntimeError: dictionary changed size during iteration” when adjusting the process count of ProcessPoolExecutor.
Documentation
bpo-45640: Properly marked-up grammar tokens in the documentation are now clickable and take you to the definition of a given piece of grammar. Patch by Arthur Milchior.
bpo-45788: Link doc for sys.prefix to sysconfig doc on installation paths.
bpo-45772: socket.socket documentation is corrected to a class from a function.
bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor.
bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod.
bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood.
bpo-45655: Add a new “relevant PEPs” section to the top of the documentation for the typing module. Patch by Alex Waygood.
bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs.
bpo-45250: Update the documentation to note that CPython does not consistently require iterators to define __iter__.
bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility.
bpo-45449: Add note about PEP 585 in collections.abc.
bpo-45516: Add protocol description to the importlib.abc.Traversable documentation.
bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal.
bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places.
bpo-45024: collections.abc documentation has been expanded to explicitly cover how instance and subclass checks work, with additional doctest examples and an exhaustive list of ABCs which test membership purely by presence of the right special methods. Patch by Raymond Hettinger.
bpo-25381: In the extending chapter of the extending doc, update a paragraph about the global variables containing exception information.
bpo-43905: Expanded astuple() and asdict() docs, warning about deepcopy being applied and providing a workaround.
Tests
bpo-19460: Add new Test for email.mime.nonmultipart.MIMENonMultipart.
bpo-45835: Fix race condition in test_queue tests with multiple “feeder” threads.
bpo-45678: Add tests for scenarios in which functools.singledispatchmethod is stacked on top of a method that has already been wrapped by two other decorators. Patch by Alex Waygood.
bpo-45578: Add tests for dis.distb()
bpo-45678: Add tests to ensure that functools.singledispatchmethod correctly wraps the attributes of the target function.
bpo-45577: Add subtests for all pickle protocols in test_zoneinfo.
bpo-45566: Fix test_frozen_pickle in test_dataclasses to check all pickle versions.
bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS.
bpo-39679: Add more test cases for @functools.singledispatchmethod when combined with @classmethod or @staticmethod.
bpo-45400: Fix test_name_error_suggestions_do_not_trigger_for_too_many_locals() of test_exceptions if a directory name contains “a1” (like “Python-3.11.0a1”): use a stricter regular expression. Patch by Victor Stinner.
bpo-40173: Fix test.support.import_helper.import_fresh_module().
bpo-45280: Add a test case for empty typing.NamedTuple.
bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder.
bpo-45128: Fix test_multiprocessing_fork failure due to test_logging and sys.modules manipulation.
bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination
bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don’t expect it in the output. Patch by Victor Stinner.
bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec().
bpo-45125: Improves pickling tests and docs of SharedMemory and SharableList objects.
bpo-44860: Update test_sysconfig.test_user_similar() for the posix_user scheme: platlib doesn’t use sys.platlibdir. Patch by Victor Stinner.
bpo-25130: Add calls of gc.collect() in tests to support PyPy.
Build
bpo-44035: CI now verifies that autoconf files have been regenerated with a current and unpatched autoconf package.
bpo-33393: Update config.guess to 2021-06-03 and config.sub to 2021-08-14. Makefile now has an update-config target to make updating more convenient.
bpo-45866: make regen-all now produces the same output when run from a directory other than the source tree: when building Python out of the source tree. pegen now strips directory of the “generated by pygen from <FILENAME>” header Patch by Victor Stinner.
bpo-41498: Python now compiles on platforms without sigset_t. Several functions in signal are not available when sigset_t is missing.
Based on patch by Roman Yurchak for pyodide.
bpo-45881: setup.py now uses CC from environment first to discover multiarch and cross compile paths.
bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux’s libuuid, too.
bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules.
bpo-45561: Run smelly.py tool from $(srcdir).
bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon.
bpo-45536: The configure script now checks whether OpenSSL headers and libraries provide required APIs. Most common APIs are verified. The check detects outdated or missing OpenSSL. Failures do not stop configure.
bpo-45221: Fixed regression in handling of LDFLAGS and CPPFLAGS options where argparse.parse_known_args() could interpret an option as one of the built-in command line argument, for example -h for help.
bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman.
bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building.
bpo-45067: The ncurses function extended_color_content was introduced in 2017
(https://invisible-island.net/ncurses/NEWS.html#index-t20170401). The
ncurses-devel package in CentOS 7 had a older version ncurses resulted in compilation error. For compiling ncurses with extended color support, we verify the version of the ncurses library >= 20170401.
Windows
bpo-45901: When installed through the Microsoft Store and set as the default app for *.py files, command line arguments will now be passed to Python when invoking a script without explicitly launching Python (that is, script.py args rather than python script.py args).
bpo-45616: Fix Python Launcher’s ability to distinguish between versions 3.1 and 3.10 when either one is explicitly requested. Previously, 3.1 would be used if 3.10 was requested but not installed, and 3.10 would be used if 3.1 was requested but 3.10 was installed.
bpo-45732: Updates bundled Tcl/Tk to 8.6.12.
bpo-45720: Internal reference to shlwapi.dll was dropped to help improve startup time. This DLL will no longer be loaded at the start of every Python process.
bpo-43652: Update Tcl/Tk to 8.6.11, actually this time. The previous update incorrectly included 8.6.10.
bpo-45337: venv now warns when the created environment may need to be accessed at a different path, due to redirections, links or junctions. It also now correctly installs or upgrades components when the alternate path is required.
macOS
bpo-45732: Update python.org macOS installer to use Tcl/Tk 8.6.12.
bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the Tk project.
bpo-34602: When building CPython on macOS with ./configure --with-undefined-behavior-sanitizer --with-pydebug, the stack size is now quadrupled to allow for the entire test suite to pass.
IDLE
bpo-45495: Add context keywords ‘case’ and ‘match’ to completions list.
bpo-45296: On Windows, change exit/quit message to suggest Ctrl-D, which works, instead of <Ctrl-Z Return>, which does not work in IDLE.
bpo-45193: Make completion boxes appear on Ubuntu again.
Tools/Demos
bpo-44786: Fix a warning in regular expression in the c-analyzer script.
C API
bpo-39026: Fix Python.h to build C extensions with Xcode: remove a relative include from Include/cpython/pystate.h.
bpo-45307: Restore the private C API function _PyImport_FindExtensionObject(). It will be removed in Python 3.11.
bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered.
bpo-44751: Remove crypt.h include from the public Python.h header.
Python 3.10
Summary – Release highlights
New syntax features:
PEP 634, Structural Pattern Matching: Specification
PEP 635, Structural Pattern Matching: Motivation and Rationale
PEP 636, Structural Pattern Matching: Tutorial
bpo-12782, Parenthesized context managers are now officially allowed.
New features in the standard library:
PEP 618, Add Optional Length-Checking To zip.
Interpreter improvements:
PEP 626, Precise line numbers for debugging and other tools.
New typing features:
PEP 604, Allow writing union types as X | Y
PEP 613, Explicit Type Aliases
PEP 612, Parameter Specification Variables
Important deprecations, removals or restrictions:
PEP 644, Require OpenSSL 1.1.1 or newer
PEP 632, Deprecate distutils module.
PEP 623, Deprecate and prepare for the removal of the wstr member in PyUnicodeObject.
PEP 624, Remove Py_UNICODE encoder APIs
PEP 597, Add optional EncodingWarning
wiz
adam
schmonz
riastradh
khorben
nia
jperkin
tnn