python3-3.12.3

[Bruce Dubbs]

New point version.

[Bruce Dubbs]

What's New in Python 3.12.3 final?

*Release date: 2024-04-09

Security

• gh-issue-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

• :meth:xml.etree.ElementTree.XMLParser.flush
• :meth:xml.etree.ElementTree.XMLPullParser.flush
• :meth:xml.parsers.expat.xmlparser.GetReparseDeferralEnabled
• :meth:xml.parsers.expat.xmlparser.SetReparseDeferralEnabled
• :meth:xml.sax.expatreader.ExpatParser.flush

• gh-issue-115399: Update bundled libexpat to 2.6.0

• gh-issue-115243: Fix possible crashes in :meth:collections.deque.index when the deque is concurrently modified.

• gh-issue-114572: :meth:ssl.SSLContext.cert_store_stats and :meth:ssl.SSLContext.get_ca_certs now correctly lock access to the certificate store, when the :class:ssl.SSLContext is shared across multiple threads.

Core and Builtins

• gh-issue-109120: Added handle of incorrect star expressions, e.g f(3, *). Patch by Grigoryev Semyon

• gh-issue-99108: Updated the :mod:hashlib built-in HACL\* project_ C code from upstream that we use for many implementations when they are not present via OpenSSL in a given build. This also avoids the rare potential for a C symbol name one definition rule linking issue.

.. _HACL\* project: ​https://github.com/hacl-star/hacl-star

• gh-issue-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to sys.monitoring.MISSING instead of None for :monitoring-event:CALL event.

• gh-issue-113964: Starting new threads and process creation through :func:os.fork are now only prevented once all non-daemon threads exit.

• gh-issue-116604: Respect the status of the garbage collector when indirect calls are made via :c:func:`PyErr_CheckSignals` and the evaluation breaker. Patch by Pablo Galindo

• gh-issue-116626: Ensure INSTRUMENTED_CALL_FUNCTION_EX always emits :monitoring-event:CALL

• gh-issue-116296: Fix possible refleak in :meth:!object.__reduce__ internal error handling.

• gh-issue-116034: Fix location of the error on a failed assertion.

• gh-issue-115823: Properly calculate error ranges in the parser when raising :exc:SyntaxError exceptions caused by invalid byte sequences. Patch by Pablo Galindo

• gh-issue-112087: For an empty reverse iterator for list will be reduced to :func:reversed. Patch by Donghee Na.

• gh-issue-115154: Fix a bug that was causing the :func:tokenize.untokenize function to handle unicode named literals incorrectly. Patch by Pablo Galindo

• gh-issue-114828: Fix compilation crashes in uncommon code examples using :func:super inside a comprehension in a class body.

• gh-issue-115011: Setters for members with an unsigned integer type now support the same range of valid values for objects that has a :meth:~object.__index__ method as for :class:int.

• gh-issue-112215: Change the C recursion limits to more closely reflect the underlying platform limits.

• gh-issue-96497: Fix incorrect resolution of mangled class variables used in assignment expressions in comprehensions.

Library

• gh-issue-117467: Preserve mailbox ownership when rewriting in :func:mailbox.mbox.flush. Patch by Tony Mountifield.

• gh-issue-117310: Fixed an unlikely early & extra Py_DECREF triggered crash in :mod:ssl when creating a new _ssl._SSLContext if CPython was built implausibly such that the default cipher list is empty or the SSL library it was linked against reports a failure from its C SSL_CTX_set_cipher_list() API.

• gh-issue-117178: Fix regression in lazy loading of self-referential modules, introduced in gh-114781.

• gh-issue-117084: Fix :mod:zipfile extraction for directory entries with the name containing backslashes on Windows.

• gh-issue-117110: Fix a bug that prevents subclasses of :class:typing.Any to be instantiated with arguments.

• gh-issue-90872: On Windows, :meth:subprocess.Popen.wait no longer calls WaitForSingleObject() with a negative timeout: pass 0 ms if the timeout is negative. Patch by Victor Stinner.

• gh-issue-116957: configparser: Don't leave ConfigParser values in an invalid state (stored as a list instead of a str) after an earlier read raised DuplicateSectionError or DuplicateOptionError.

• gh-issue-90095: Ignore empty lines and comments in .pdbrc

• gh-issue-116764: Restore support of None and other false values in :mod:urllib.parse functions :func:~urllib.parse.parse_qs and :func:~urllib.parse.parse_qsl. Also, they now raise a TypeError for non-zero integers and non-empty sequences.

• gh-issue-116811: In PathFinder.invalidate_caches, delegate to MetadataPathFinder.invalidate_caches.

• gh-issue-116600: Fix :func:repr for global :class:~enum.Flag members.

• gh-issue-116484: Change automatically generated :class:tkinter.Checkbutton widget names to avoid collisions with automatically generated :class:tkinter.ttk.Checkbutton widget names within the same parent widget.

• gh-issue-116401: Fix blocking :func:os.fwalk and :func:shutil.rmtree on opening named pipe.

• gh-issue-116143: Fix a race in pydoc _start_server, eliminating a window in which _start_server can return a thread that is "serving" but without a docserver set.

• gh-issue-116325: :mod:typing: raise :exc:SyntaxError instead of :exc:AttributeError on forward references as empty strings.

• gh-issue-90535: Fix support of *interval* values > 1 in :class:logging.TimedRotatingFileHandler for when='MIDNIGHT' and when='Wx'.

• gh-issue-115978: Disable preadv(), readv(), pwritev(), and writev() on WASI.

Under wasmtime for WASI 0.2, these functions don't pass test_posix

• gh-issue-88352: Fix the computation of the next rollover time in the :class:logging.TimedRotatingFileHandler handler. :meth:!computeRollover now always returns a timestamp larger than the specified time and works correctly during the DST change. :meth:!doRollover no longer overwrite the already rolled over file, saving from data loss when run at midnight or during repeated time at the DST change.

• gh-issue-87115: Set main.spec to None when running a script with :mod:pdb

• gh-issue-76511: Fix UnicodeEncodeError in :meth:email.Message.as_string that results when a message that claims to be in the ascii character set actually has non-ascii characters. Non-ascii characters are now replaced with the U+FFFD replacement character, like in the replace error handler.

• gh-issue-116040: [Enum] fix by-value calls when second value is falsey; e.g. Cardinal(1, 0)

• gh-issue-75988: Fixed :func:unittest.mock.create_autospec to pass the call through to the wrapped object to return the real result.

• gh-issue-115881: Fix issue where :func:ast.parse would incorrectly flag conditional context managers (such as with (x() if y else z()): ...) as invalid syntax if feature_version=(3, 8) was passed. This reverts changes to the grammar made as part of gh-94949.

• gh-issue-115886: Fix silent truncation of the name with an embedded null character in :class:multiprocessing.shared_memory.SharedMemory.

• gh-issue-115809: Improve algorithm for computing which rolled-over log files to delete in :class:logging.TimedRotatingFileHandler. It is now reliable for handlers without namer and with arbitrary deterministic namer that leaves the datetime part in the file name unmodified.

• gh-issue-74668: :mod:urllib.parse functions :func:~urllib.parse.parse_qs and :func:~urllib.parse.parse_qsl now support bytes arguments containing raw and percent-encoded non-ASCII data.

• gh-issue-67044: :func:csv.writer now always quotes or escapes '\r' and '\n', regardless of *lineterminator* value.

• gh-issue-115712: :func:csv.writer() now quotes empty fields if delimiter is a space and skipinitialspace is true and raises exception if quoting is not possible.

• gh-issue-112364: Fixed :func:ast.unparse to handle format_spec with ", ' or
  .

• gh-issue-111358: Fix a bug in :meth:asyncio.BaseEventLoop.shutdown_default_executor to ensure the timeout passed to the coroutine behaves as expected.

• gh-issue-115618: Fix improper decreasing the reference count for None argument in :class:property methods :meth:~property.getter, :meth:~property.setter and :meth:~property.deleter.

• gh-issue-115570: A :exc:DeprecationWarning is no longer omitted on access to the doc attributes of the deprecated typing.io and typing.re pseudo-modules.

• gh-issue-112006: Fix :func:inspect.unwrap for types with the wrapper data descriptor.

• gh-issue-101293: Support callables with the call() method and types with new() and init() methods set to class methods, static methods, bound methods, partial functions, and other types of methods and descriptors in :meth:inspect.Signature.from_callable.

• gh-issue-115392: Fix a bug in :mod:doctest where incorrect line numbers would be reported for decorated functions.

• gh-issue-114563: Fix several :func:format() bugs when using the C implementation of :class:~decimal.Decimal: * memory leak in some rare cases when using the z format option (coerce negative 0) * incorrect output when applying the z format option to type F (fixed-point with capital NAN / INF) * incorrect output when applying the # format option (alternate form)

• gh-issue-115197: urllib.request no longer resolves the hostname before checking it against the system's proxy bypass list on macOS and Windows.

• gh-issue-115165: Most exceptions are now ignored when attempting to set the orig_class attribute on objects returned when calling :mod:typing generic aliases (including generic aliases created using :data:typing.Annotated). Previously only :exc:AttributeError was ignored.

• gh-issue-115133: Fix tests for :class:~xml.etree.ElementTree.XMLPullParser with Expat 2.6.0.

• gh-issue-115059: :meth:io.BufferedRandom.read1 now flushes the underlying write buffer.

• gh-issue-79382: Trailing no longer allows to match files and non-existing paths in recursive :func:~glob.glob.

• gh-issue-114071: Support tuple subclasses using auto() for enum member value.

• gh-issue-114763: Protect modules loaded with :class:importlib.util.LazyLoader from race conditions when multiple threads try to access attributes before the loading is complete.

• gh-issue-97959: Fix rendering class methods, bound methods, method and function aliases in :mod:pydoc. Class methods no longer have "method of builtins.type instance" note. Corresponding notes are now added for class and unbound methods. Method and function aliases now have references to the module or the class where the origin was defined if it differs from the current. Bound methods are now listed in the static methods section. Methods of builtin classes are now supported as well as methods of Python classes.

• gh-issue-112281: Allow creating :ref:union of types<types-union> for :class:typing.Annotated with unhashable metadata.

• gh-issue-111775: Fix :meth:importlib.resources.simple.ResourceHandle.open for text mode, added missed stream argument.

• gh-issue-90095: Make .pdbrc and -c work with any valid pdb commands.

• gh-issue-107155: Fix incorrect output of help(x) where x is a :keyword:lambda function, which has an annotations dictionary attribute with a "return" key.

• gh-issue-105866: Fixed _get_slots bug which caused error when defining dataclasses with slots and a weakref_slot.

• gh-issue-60346: Fix ArgumentParser inconsistent with parse_known_args.

• gh-issue-100985: Update HTTPSConnection to consistently wrap IPv6 Addresses when using a proxy.

• gh-issue-100884: email: fix misfolding of comma in address-lists over multiple lines in combination with unicode encoding.
• gh-issue-95782: Fix :func:io.BufferedReader.tell, :func:io.BufferedReader.seek, :func:_pyio.BufferedReader.tell, :func:io.BufferedRandom.tell, :func:io.BufferedRandom.seek and :func:_pyio.BufferedRandom.tell being able to return negative offsets.

• gh-issue-96310: Fix a traceback in :mod:argparse when all options in a mutually exclusive group are suppressed.

• gh-issue-93205: Fixed a bug in :class:logging.handlers.TimedRotatingFileHandler where multiple rotating handler instances pointing to files with the same name but different extensions would conflict and not delete the correct files.

• bpo-44865: Add missing call to localization function in :mod:argparse.

• bpo-43952: Fix :meth:multiprocessing.connection.Listener.accept() to accept empty bytes as authkey. Not accepting empty bytes as key causes it to hang indefinitely.

• bpo-42125: linecache: get module name from spec if available. This allows getting source code for the main module when a custom loader is used.

• gh-issue-66543: Make :func:mimetypes.guess_type properly parsing of URLs with only a host name, URLs containing fragment or query, and filenames with only a UNC sharepoint on Windows. Based on patch by Dong-hee Na.

• bpo-33775: Add 'default' and 'version' help text for localization in argparse.

Documentation

• gh-issue-115399: Document CVE-2023-52425 of Expat <2.6.0 under "XML vulnerabilities".

• gh-issue-115233: Fix an example for :class:~logging.LoggerAdapter in the Logging Cookbook.

Tests

• gh-issue-83434: Disable JUnit XML output (--junit-xml=FILE command line option) in regrtest when hunting for reference leaks (-R option). Patch by Victor Stinner.

• gh-issue-117187: Fix XML tests for vanilla Expat <2.6.0.

• gh-issue-116333: Tests of TLS related things (error codes, etc) were updated to be more lenient about specific error message strings and behaviors as seen in the BoringSSL and AWS-LC forks of OpenSSL.

• gh-issue-115979: Update test_importlib so that it passes under WASI SDK 21.

• gh-issue-112536: Add --tsan to test.regrtest for running TSAN tests in reasonable execution times. Patch by Donghee Na.

• gh-issue-116307: Added import helper isolated_modules as CleanImport does not remove modules imported during the context. Use it in importlib.resources tests to avoid leaving mod around to impede importlib.metadata tests.

• gh-issue-115720: Leak tests (-R, --huntrleaks) now show a summary of the number of leaks found in each iteration.

• gh-issue-115122: Add --bisect option to regrtest test runner: run failed tests with test.bisect_cmd to identify failing tests. Patch by Victor Stinner.

• gh-issue-115596: Fix ProgramPriorityTests in test_os permanently changing the process priority.

Build

• gh-issue-116313: Get WASI builds to work under wasmtime 18 w/ WASI 0.2/preview2 primitives.

• gh-issue-116117: Backport libb2's PR #42 to fix compiling CPython on 32-bit Windows with clang-cl.

• gh-issue-115167: Avoid vendoring vcruntime140_threads.dll when building with Visual Studio 2022 version 17.8.

• gh-issue-112536: Add support for thread sanitizer (TSAN)

IDLE

• gh-issue-88516: On macOS show a proxy icon in the title bar of editor windows to match platform behaviour.

Tools/Demos

• gh-issue-113516: Don't set LDSHARED when building for WASI.

C API

• gh-issue-117021: Fix integer overflow in :c:func:`PyLong_AsPid` on non-Windows 64-bit platforms.

• gh-issue-116869: Make the C API compatible with -Werror=declaration-after-statement compiler flag again.

[Bruce Dubbs]

Fixed at commit 185b763812:

Update to setuptools-69.5.1.
Update to python3-3.12.3.
Update to openssl-3.3.0.
Update to ninja-1.12.0.
Update to man-db-2.12.1.
Update to linux-6.8.6.
Update to iana-etc-20240412.
Update to vim-9.1.0330.