1.. date: 2023-02-17-10-42-48 2.. gh-issue: 99108 3.. nonce: MKA8-f 4.. release date: 2023-03-07 5.. section: Security 6 7Replace builtin hashlib implementations of MD5 and SHA1 with verified ones 8from the HACL* project. 9 10.. 11 12.. date: 2023-02-08-22-03-04 13.. gh-issue: 101727 14.. nonce: 9P5eZz 15.. section: Security 16 17Updated the OpenSSL version used in Windows and macOS binary release builds 18to 1.1.1t to address :cve:`2023-0286`, :cve:`2022-4303`, and :cve:`2022-4303` per 19`the OpenSSL 2023-02-07 security advisory 20<https://openssl-library.org/news/secadv/20230207.txt>`_. 21 22.. 23 24.. date: 2023-02-08-12-57-35 25.. gh-issue: 99108 26.. nonce: 6tnmhA 27.. section: Security 28 29Replace the builtin :mod:`hashlib` implementations of SHA2-384 and SHA2-512 30originally from LibTomCrypt with formally verified, side-channel resistant 31code from the `HACL* <https://github.com/hacl-star/hacl-star/>`_ project. 32The builtins remain a fallback only used when OpenSSL does not provide them. 33 34.. 35 36.. date: 2023-01-24-16-12-00 37.. gh-issue: 101283 38.. nonce: 9tqu39 39.. section: Security 40 41:class:`subprocess.Popen` now uses a safer approach to find ``cmd.exe`` when 42launching with ``shell=True``. Patch by Eryk Sun, based on a patch by Oleg 43Iarygin. 44 45.. 46 47.. date: 2023-03-07-16-56-28 48.. gh-issue: 102493 49.. nonce: gTXrcD 50.. section: Core and Builtins 51 52Fix regression in semantics of normalisation in ``PyErr_SetObject``. 53 54.. 55 56.. date: 2023-03-06-13-05-33 57.. gh-issue: 102416 58.. nonce: dz6K5f 59.. section: Core and Builtins 60 61Do not memoize incorrectly automatically generated loop rules in the parser. 62Patch by Pablo Galindo. 63 64.. 65 66.. date: 2023-03-04-20-56-12 67.. gh-issue: 102356 68.. nonce: 07KvUd 69.. section: Core and Builtins 70 71Fix a bug that caused a crash when deallocating deeply nested filter 72objects. Patch by Marta Gómez Macías. 73 74.. 75 76.. date: 2023-02-28-21-17-03 77.. gh-issue: 102336 78.. nonce: -wL3Tm 79.. section: Core and Builtins 80 81Cleanup Windows 7 specific special handling. Patch by Max Bachmann. 82 83.. 84 85.. date: 2023-02-26-23-10-32 86.. gh-issue: 102250 87.. nonce: 7MUKoC 88.. section: Core and Builtins 89 90Fixed a segfault occurring when the interpreter calls a ``__bool__`` method 91that raises. 92 93.. 94 95.. date: 2023-02-24-17-59-39 96.. gh-issue: 102126 97.. nonce: HTT8Vc 98.. section: Core and Builtins 99 100Fix deadlock at shutdown when clearing thread states if any finalizer tries 101to acquire the runtime head lock. Patch by Kumar Aditya. 102 103.. 104 105.. date: 2023-02-22-15-15-32 106.. gh-issue: 102027 107.. nonce: Km4G-d 108.. section: Core and Builtins 109 110Use ``GetCurrentProcessId`` on Windows when ``getpid`` is unavailable. Patch 111by Max Bachmann. 112 113.. 114 115.. date: 2023-02-20-15-18-33 116.. gh-issue: 102056 117.. nonce: uHKuwH 118.. section: Core and Builtins 119 120Fix error handling bugs in interpreter's exception printing code, which 121could cause a crash on infinite recursion. 122 123.. 124 125.. date: 2023-02-17-10-12-13 126.. gh-issue: 100982 127.. nonce: mJGJQw 128.. section: Core and Builtins 129 130Restrict the scope of the :opcode:`FOR_ITER_RANGE` instruction to the scope 131of the original :opcode:`FOR_ITER` instruction, to allow instrumentation. 132 133.. 134 135.. date: 2023-02-16-23-19-01 136.. gh-issue: 101967 137.. nonce: Kqr1dz 138.. section: Core and Builtins 139 140Fix possible segfault in ``positional_only_passed_as_keyword`` function, 141when new list created. 142 143.. 144 145.. date: 2023-02-16-16-57-23 146.. gh-issue: 101952 147.. nonce: Zo1dlq 148.. section: Core and Builtins 149 150Fix possible segfault in ``BUILD_SET`` opcode, when new set created. 151 152.. 153 154.. date: 2023-02-13-22-21-58 155.. gh-issue: 74895 156.. nonce: esMNtq 157.. section: Core and Builtins 158 159:mod:`socket.getaddrinfo` no longer raises :class:`OverflowError` for 160:class:`int` **port** values outside of the C long range. Out of range 161values are left up to the underlying string based C library API to report. A 162:class:`socket.gaierror` ``SAI_SERVICE`` may occur instead, or no error at 163all as not all platform C libraries generate an error. 164 165.. 166 167.. date: 2023-02-13-18-21-14 168.. gh-issue: 101799 169.. nonce: wpHbCn 170.. section: Core and Builtins 171 172Add :opcode:`CALL_INTRINSIC_2` and use it instead of 173:opcode:`!PREP_RERAISE_STAR`. 174 175.. 176 177.. date: 2023-02-12-22-40-22 178.. gh-issue: 101857 179.. nonce: _bribG 180.. section: Core and Builtins 181 182Fix xattr support detection on Linux systems by widening the check to linux, 183not just glibc. This fixes support for musl. 184 185.. 186 187.. date: 2023-02-11-23-14-06 188.. gh-issue: 84783 189.. nonce: _P5sMa 190.. section: Core and Builtins 191 192Make the slice object hashable. Patch by Will Bradshaw and Furkan Onder. 193 194.. 195 196.. date: 2023-02-10-15-54-57 197.. gh-issue: 87849 198.. nonce: IUVvPz 199.. section: Core and Builtins 200 201Change the ``SEND`` instruction to leave the receiver on the stack. This 202allows the specialized form of ``SEND`` to skip the chain of C calls and 203jump directly to the ``RESUME`` in the generator or coroutine. 204 205.. 206 207.. date: 2023-02-10-07-21-47 208.. gh-issue: 101765 209.. nonce: MO5LlC 210.. section: Core and Builtins 211 212Fix SystemError / segmentation fault in iter ``__reduce__`` when internal 213access of ``builtins.__dict__`` keys mutates the iter object. 214 215.. 216 217.. date: 2023-02-10-01-15-57 218.. gh-issue: 101430 219.. nonce: T3Gegb 220.. section: Core and Builtins 221 222Update :mod:`tracemalloc` to handle presize of object properly. Patch by 223Donghee Na. 224 225.. 226 227.. date: 2023-02-08-17-13-31 228.. gh-issue: 101696 229.. nonce: seJhTt 230.. section: Core and Builtins 231 232Invalidate type version tag in ``_PyStaticType_Dealloc`` for static types, 233avoiding bug where a false cache hit could crash the interpreter. Patch by 234Kumar Aditya. 235 236.. 237 238.. date: 2023-02-07-14-56-43 239.. gh-issue: 101632 240.. nonce: Fd1yxk 241.. section: Core and Builtins 242 243Adds a new :opcode:`RETURN_CONST` instruction. 244 245.. 246 247.. date: 2023-01-04-12-49-33 248.. gh-issue: 100719 249.. nonce: uRPccL 250.. section: Core and Builtins 251 252Remove gi_code field from generator (and coroutine and async generator) 253objects as it is redundant. The frame already includes a reference to the 254code object. 255 256.. 257 258.. date: 2022-11-02-20-23-47 259.. gh-issue: 98627 260.. nonce: VJkdRM 261.. section: Core and Builtins 262 263When an interpreter is configured to check (and only then), importing an 264extension module will now fail when the extension does not support multiple 265interpreters (i.e. doesn't implement PEP 489 multi-phase init). This does 266not apply to the main interpreter, nor to subinterpreters created with 267``Py_NewInterpreter()``. 268 269.. 270 271.. date: 2023-03-04-14-46-47 272.. gh-issue: 102302 273.. nonce: -b_s6Z 274.. section: Library 275 276Micro-optimise hashing of :class:`inspect.Parameter`, reducing the time it 277takes to hash an instance by around 40%. 278 279.. 280 281.. date: 2023-02-28-09-52-25 282.. gh-issue: 101979 283.. nonce: or3hXV 284.. section: Library 285 286Fix a bug where parentheses in the ``metavar`` argument to 287:meth:`argparse.ArgumentParser.add_argument` were dropped. Patch by Yeojin 288Kim. 289 290.. 291 292.. date: 2023-02-26-12-37-17 293.. gh-issue: 91038 294.. nonce: S4rFH_ 295.. section: Library 296 297:meth:`platform.platform` now has boolean default arguments. 298 299.. 300 301.. date: 2023-02-23-20-39-52 302.. gh-issue: 81652 303.. nonce: Vxz0Mr 304.. section: Library 305 306Add :const:`mmap.MAP_ALIGNED_SUPER` FreeBSD and :const:`mmap.MAP_CONCEAL` 307OpenBSD constants to :mod:`mmap`. Patch by Yeojin Kim. 308 309.. 310 311.. date: 2023-02-23-15-06-01 312.. gh-issue: 102179 313.. nonce: P6KQ4c 314.. section: Library 315 316Fix :func:`os.dup2` error message for negative fds. 317 318.. 319 320.. date: 2023-02-21-10-05-33 321.. gh-issue: 101961 322.. nonce: 7e56jh 323.. section: Library 324 325For the binary mode, :func:`fileinput.hookcompressed` doesn't set the 326``encoding`` value even if the value is ``None``. Patch by Gihwan Kim. 327 328.. 329 330.. date: 2023-02-21-07-15-41 331.. gh-issue: 101936 332.. nonce: QVOxHH 333.. section: Library 334 335The default value of ``fp`` becomes :class:`io.BytesIO` if 336:exc:`~urllib.error.HTTPError` is initialized without a designated ``fp`` 337parameter. Patch by Long Vo. 338 339.. 340 341.. date: 2023-02-17-20-24-15 342.. gh-issue: 101566 343.. nonce: FjgWBt 344.. section: Library 345 346In zipfile, sync Path with `zipp 3.14 347<https://zipp.readthedocs.io/en/latest/history.html#v3-14-0>`_, including 348fix for extractall on the underlying zipfile after being wrapped in 349``Path``. 350 351.. 352 353.. date: 2023-02-17-19-00-58 354.. gh-issue: 97930 355.. nonce: C_nQjb 356.. section: Library 357 358Apply changes from `importlib_resources 5.12 359<https://importlib-resources.readthedocs.io/en/latest/history.html#v5-12-0>`_, 360including fix for ``MultiplexedPath`` to support directories in multiple 361namespaces (python/importlib_resources#265). 362 363.. 364 365.. date: 2023-02-17-18-44-27 366.. gh-issue: 101997 367.. nonce: A6_blD 368.. section: Library 369 370Upgrade pip wheel bundled with ensurepip (pip 23.0.1) 371 372.. 373 374.. date: 2023-02-15-01-54-06 375.. gh-issue: 99108 376.. nonce: rjTSic 377.. section: Library 378 379The built-in extension modules for :mod:`hashlib` SHA2 algorithms, used when 380OpenSSL does not provide them, now live in a single internal ``_sha2`` 381module instead of separate ``_sha256`` and ``_sha512`` modules. 382 383.. 384 385.. date: 2023-02-14-09-08-48 386.. gh-issue: 101892 387.. nonce: FMos8l 388.. section: Library 389 390Callable iterators no longer raise :class:`SystemError` when the callable 391object exhausts the iterator but forgets to either return a sentinel value 392or raise :class:`StopIteration`. 393 394.. 395 396.. date: 2023-02-13-12-55-48 397.. gh-issue: 87634 398.. nonce: q-SBhJ 399.. section: Library 400 401Remove locking behavior from :func:`functools.cached_property`. 402 403.. 404 405.. date: 2023-02-11-13-23-29 406.. gh-issue: 97786 407.. nonce: QjvQ1B 408.. section: Library 409 410Fix potential undefined behaviour in corner cases of floating-point-to-time 411conversions. 412 413.. 414 415.. date: 2023-02-10-16-02-29 416.. gh-issue: 101517 417.. nonce: r7S2u8 418.. section: Library 419 420Fixed bug where :mod:`bdb` looks up the source line with :mod:`linecache` 421with a ``lineno=None``, which causes it to fail with an unhandled exception. 422 423.. 424 425.. date: 2023-02-10-11-59-13 426.. gh-issue: 101773 427.. nonce: J_kI7y 428.. section: Library 429 430Optimize :class:`fractions.Fraction` for small components. The private 431argument ``_normalize`` of the :class:`fractions.Fraction` constructor has 432been removed. 433 434.. 435 436.. date: 2023-02-08-18-20-58 437.. gh-issue: 101693 438.. nonce: 4_LPXj 439.. section: Library 440 441In :meth:`sqlite3.Cursor.execute`, :exc:`DeprecationWarning` is now emitted 442when :ref:`named placeholders <sqlite3-placeholders>` are used together with 443parameters supplied as a :term:`sequence` instead of as a :class:`dict`. 444Starting from Python 3.14, using named placeholders with parameters supplied 445as a sequence will raise a :exc:`~sqlite3.ProgrammingError`. Patch by Erlend 446E. Aasland. 447 448.. 449 450.. date: 2023-02-07-22-21-46 451.. gh-issue: 101446 452.. nonce: -c0FdK 453.. section: Library 454 455Change repr of :class:`collections.OrderedDict` to use regular dictionary 456formatting instead of pairs of keys and values. 457 458.. 459 460.. date: 2023-02-07-22-20-32 461.. gh-issue: 101362 462.. nonce: Jlk6mt 463.. section: Library 464 465Speed up :class:`pathlib.PurePath` construction by handling arguments more 466uniformly. When a :class:`pathlib.Path` argument is supplied, we use its 467string representation rather than joining its parts with 468:func:`os.path.join`. 469 470.. 471 472.. date: 2023-02-07-21-16-41 473.. gh-issue: 101362 474.. nonce: KMQllM 475.. section: Library 476 477Speed up :class:`pathlib.PurePath` construction by calling 478:func:`os.path.join` only when two or more arguments are given. 479 480.. 481 482.. date: 2023-02-07-20-46-08 483.. gh-issue: 101362 484.. nonce: 2ckZ6R 485.. section: Library 486 487Speed up :class:`pathlib.Path` construction by running the path flavour 488compatibility check only when pathlib is imported. 489 490.. 491 492.. date: 2023-02-05-21-40-15 493.. gh-issue: 85984 494.. nonce: Kfzbb2 495.. section: Library 496 497Refactored the implementation of :func:`pty.fork` to use 498:func:`os.login_tty`. 499 500A :exc:`DeprecationWarning` is now raised by ``pty.master_open()`` and 501``pty.slave_open()``. They were undocumented and deprecated long long ago in 502the docstring in favor of :func:`pty.openpty`. 503 504.. 505 506.. date: 2023-02-04-16-35-46 507.. gh-issue: 101561 508.. nonce: Xo6pIZ 509.. section: Library 510 511Add a new decorator :func:`typing.override`. See :pep:`698` for details. 512Patch by Steven Troxler. 513 514.. 515 516.. date: 2023-02-01-10-42-16 517.. gh-issue: 63301 518.. nonce: XNxSFh 519.. section: Library 520 521Set exit code when :mod:`tabnanny` CLI exits on error. 522 523.. 524 525.. date: 2023-01-27-02-53-50 526.. gh-issue: 101360 527.. nonce: bPB7SL 528.. section: Library 529 530Fix anchor matching in :meth:`pathlib.PureWindowsPath.match`. Path and 531pattern anchors are now matched with :mod:`fnmatch`, just like other path 532parts. This allows patterns such as ``"*:/Users/*"`` to be matched. 533 534.. 535 536.. date: 2023-01-25-00-14-52 537.. gh-issue: 101277 538.. nonce: FceHX7 539.. section: Library 540 541Remove global state from :mod:`itertools` module (:pep:`687`). Patches by 542Erlend E. Aasland. 543 544.. 545 546.. date: 2023-01-06-21-14-41 547.. gh-issue: 100809 548.. nonce: I697UT 549.. section: Library 550 551Fix handling of drive-relative paths (like 'C:' and 'C:foo') in 552:meth:`pathlib.Path.absolute`. This method now uses the OS API to retrieve 553the correct current working directory for the drive. 554 555.. 556 557.. date: 2023-01-02-22-41-44 558.. gh-issue: 99138 559.. nonce: 17hp9U 560.. section: Library 561 562Apply :pep:`687` to :mod:`zoneinfo`. Patch by Erlend E. Aasland. 563 564.. 565 566.. date: 2022-10-22-09-26-43 567.. gh-issue: 96764 568.. nonce: Dh9Y5L 569.. section: Library 570 571:func:`asyncio.wait_for` now uses :func:`asyncio.timeout` as its underlying 572implementation. Patch by Kumar Aditya. 573 574.. 575 576.. date: 2022-09-05-12-17-34 577.. gh-issue: 88233 578.. nonce: gff9qJ 579.. section: Library 580 581Correctly preserve "extra" fields in ``zipfile`` regardless of their 582ordering relative to a zip64 "extra." 583 584.. 585 586.. bpo: 23224 587.. date: 2018-06-20-09-12-21 588.. nonce: zxCQ13 589.. section: Library 590 591Fix segfaults when creating :class:`lzma.LZMADecompressor` and 592:class:`bz2.BZ2Decompressor` objects without calling ``__init__()``, and fix 593leakage of locks and internal buffers when calling the ``__init__()`` 594methods of :class:`lzma.LZMADecompressor`, :class:`lzma.LZMACompressor`, 595:class:`bz2.BZ2Compressor`, and :class:`bz2.BZ2Decompressor` objects 596multiple times. 597 598.. 599 600.. date: 2023-02-19-10-33-01 601.. gh-issue: 85417 602.. nonce: kYO8u3 603.. section: Documentation 604 605Update :mod:`cmath` documentation to clarify behaviour on branch cuts. 606 607.. 608 609.. date: 2023-02-07-21-43-24 610.. gh-issue: 97725 611.. nonce: cuY7Cd 612.. section: Documentation 613 614Fix :meth:`asyncio.Task.print_stack` description for ``file=None``. Patch by 615Oleg Iarygin. 616 617.. 618 619.. date: 2023-02-18-10-51-02 620.. gh-issue: 102019 621.. nonce: 0797SJ 622.. section: Tests 623 624Fix deadlock on shutdown if ``test_current_{exception,frames}`` fails. Patch 625by Jacob Bower. 626 627.. 628 629.. date: 2023-02-11-22-36-10 630.. gh-issue: 85984 631.. nonce: EVXjT9 632.. section: Tests 633 634Utilize new "winsize" functions from termios in pty tests. 635 636.. 637 638.. date: 2023-02-11-20-28-08 639.. gh-issue: 89792 640.. nonce: S-Y5BZ 641.. section: Tests 642 643``test_tools`` now copies up to 10x less source data to a temporary 644directory during the ``freeze`` test by ignoring git metadata and other 645artifacts. It also limits its python build parallelism based on 646os.cpu_count instead of hard coding it as 8 cores. 647 648.. 649 650.. date: 2023-01-12-00-49-16 651.. gh-issue: 99942 652.. nonce: DUR8b4 653.. section: Build 654 655On Android, in a static build, python-config in embed mode no longer 656incorrectly reports a library to link to. 657 658.. 659 660.. date: 2022-12-20-01-06-17 661.. gh-issue: 99942 662.. nonce: lbmzYj 663.. section: Build 664 665On Android, python.pc now correctly reports the library to link to, the same 666as python-config.sh. 667 668.. 669 670.. date: 2022-12-18-08-33-28 671.. gh-issue: 100221 672.. nonce: K94Ct3 673.. section: Build 674 675Fix creating install directories in ``make sharedinstall`` if they exist 676outside ``DESTDIR`` already. 677 678.. 679 680.. date: 2022-09-14-10-38-15 681.. gh-issue: 96821 682.. nonce: Zk2a9c 683.. section: Build 684 685Explicitly mark C extension modules that need defined signed integer 686overflow, and add a configure option :option:`--with-strict-overflow`. Patch 687by Matthias Görgens and Shantanu Jain. 688 689.. 690 691.. date: 2023-03-01-01-36-39 692.. gh-issue: 102344 693.. nonce: Dgfux4 694.. section: Windows 695 696Implement ``winreg.QueryValue`` using ``QueryValueEx`` and 697``winreg.SetValue`` using ``SetValueEx``. Patch by Max Bachmann. 698 699.. 700 701.. date: 2023-02-15-11-08-10 702.. gh-issue: 101881 703.. nonce: fScr3m 704.. section: Windows 705 706Handle read and write operations on non-blocking pipes properly on Windows. 707 708.. 709 710.. date: 2023-02-13-18-05-49 711.. gh-issue: 101881 712.. nonce: _TnHzN 713.. section: Windows 714 715Add support for the os.get_blocking() and os.set_blocking() functions on 716Windows. 717 718.. 719 720.. date: 2023-02-13-16-32-50 721.. gh-issue: 101849 722.. nonce: 7lm_53 723.. section: Windows 724 725Ensures installer will correctly upgrade existing ``py.exe`` launcher 726installs. 727 728.. 729 730.. date: 2023-02-10-14-26-05 731.. gh-issue: 101763 732.. nonce: RPaj7r 733.. section: Windows 734 735Updates copy of libffi bundled with Windows installs to 3.4.4. 736 737.. 738 739.. date: 2023-02-09-22-09-27 740.. gh-issue: 101759 741.. nonce: zFlqSH 742.. section: Windows 743 744Update Windows installer to SQLite 3.40.1. 745 746.. 747 748.. date: 2023-02-07-18-22-54 749.. gh-issue: 101614 750.. nonce: NjVP0n 751.. section: Windows 752 753Correctly handle extensions built against debug binaries that reference 754``python3_d.dll``. 755 756.. 757 758.. date: 2023-01-25-11-33-54 759.. gh-issue: 101196 760.. nonce: wAX_2g 761.. section: Windows 762 763The functions ``os.path.isdir``, ``os.path.isfile``, ``os.path.islink`` and 764``os.path.exists`` are now 13% to 28% faster on Windows, by making fewer 765Win32 API calls. 766 767.. 768 769.. date: 2023-02-09-22-07-17 770.. gh-issue: 101759 771.. nonce: B0JP2H 772.. section: macOS 773 774Update macOS installer to SQLite 3.40.1. 775 776.. 777 778.. date: 2023-02-14-15-53-01 779.. gh-issue: 101907 780.. nonce: HgF1N2 781.. section: C API 782 783Removes use of non-standard C++ extension in public header files. 784 785.. 786 787.. date: 2023-02-09-10-38-20 788.. gh-issue: 99293 789.. nonce: mFqfpp 790.. section: C API 791 792Document that the Py_TPFLAGS_VALID_VERSION_TAG is an internal feature, 793should not be used, and will be removed. 794 795.. 796 797.. date: 2023-02-06-16-14-30 798.. gh-issue: 101578 799.. nonce: PW5fA9 800.. section: C API 801 802Add :c:func:`PyErr_GetRaisedException` and 803:c:func:`PyErr_SetRaisedException` for saving and restoring the current 804exception. These functions return and accept a single exception object, 805rather than the triple arguments of the now-deprecated :c:func:`PyErr_Fetch` 806and :c:func:`PyErr_Restore`. This is less error prone and a bit more 807efficient. 808 809Add :c:func:`PyException_GetArgs` and :c:func:`PyException_SetArgs` as 810convenience functions for retrieving and modifying the 811:attr:`~BaseException.args` passed to the exception's constructor. 812 813.. 814 815.. date: 2022-04-21-17-25-22 816.. gh-issue: 91744 817.. nonce: FgvaMi 818.. section: C API 819 820Introduced the *Unstable C API tier*, marking APi that is allowed to change 821in minor releases without a deprecation period. See :pep:`689` for details. 822