Log message:
python39 py39-html-docs: updated to 3.9.19

Python 3.9.19

Security

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) \ 
by adding five new methods:

xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

Core and Builtins

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

Library

gh-115197: urllib.request no longer resolves the hostname before checking it \ 
against the system’s proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). \ 
Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows \ 
platforms.
gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises \ 
BadZipFile when try to read an entry that overlaps with other entry or central \ 
directory.
gh-107077: Seems that in some conditions, OpenSSL will return SSL_ERROR_SYSCALL \ 
instead of SSL_ERROR_SSL when a certification verification has failed, but the \ 
error parameters will still contain ERR_LIB_SSL and \ 
SSL_R_CERTIFICATE_VERIFY_FAILED. We are now detecting this situation and raising \ 
the appropiate ssl.SSLCertVerificationError. Patch by Pablo Galindo
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer \ 
dereferences symlinks when working around file system permission errors.

Documentation

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML \ 
vulnerabilities”.

Windows

gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has \ 
reached its end of life and no future fixes will be made, and this version of \ 
Python is no longer receiving maintenance fixes and will not be updated to \ 
OpenSSL 3.0.

Tools/Demos

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to \ 
use 1.1.1w and 3.0.11.

Log message:
python39 py39-html-docs: updated to 3.9.18

Python 3.9.18

Security

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a \ 
bypass of the TLS handshake and included protections (like certificate \ 
verification) and treating sent unencrypted data as if it were post-handshake \ 
TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. \ 
Patch by Gregory P. Smith.

Library

gh-107845: tarfile.data_filter() now takes the location of symlinks into account \ 
when determining their target, so it will no longer reject some valid tarballs \ 
with LinkOutsideDestinationError.

Tools/Demos

gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, \ 
3.0.10, and 3.1.2.

C API

gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was \ 
not set.

Log message:
python39 py39-html-docs: updated to 3.9.17

Python 3.9.17

Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to \ 
1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory \ 
traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes \ 
produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space \ 
characters following the specification for URLs defined by WHATWG in response to \ 
CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release \ 
builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per \ 
the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when \ 
launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

Core and Builtins
gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer \ 
tries to acquire the runtime head lock. Patch by Kumar Aditya.
gh-100892: Fix race while iterating over thread states in clearing \ 
threading.local. Patch by Kumar Aditya.

Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have \ 
a new a filter argument that allows limiting tar features than may be surprising \ 
or dangerous, such as creating files outside the destination directory. See \ 
Extraction filters for details.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)

Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s

macOS
gh-103142: Update macOS installer to use OpenSSL 1.1.1u.

Log message:
python39 py39-html-docs: updated to 3.9.16

Python 3.9.16 final

Security
gh-100001: python -m http.server no longer allows terminal control characters \ 
sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message \ 
method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc \ 
module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio \ 
related name resolution functions no longer involves a quadratic algorithm. This \ 
prevents a potential CPU denial of service if an out-of-spec excessive length \ 
hostname involving bidirectional characters were decoded. Some protocols such as \ 
urllib http 3xx redirects potentially allow for an attacker to supply such a \ 
name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-97514: On Linux the multiprocessing module returns to using filesystem backed \ 
unix domain sockets for communication with the forkserver process instead of the \ 
Linux abstract socket namespace. Only code that chooses to use the \ 
“forkserver” start method is affected.

Abstract sockets have no permissions and could allow any user on the system in \ 
the same network namespace (often the whole system) to inject code into the \ 
multiprocessing forkserver process. This was a potential privilege escalation. \ 
Filesystem based socket permissions restrict this to the forkserver process user \ 
as was the default in Python 3.8 and earlier.

This prevents Linux CVE-2022-42919.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text \ 
(filenames, MIME types, parameters) into shell commands. Instead of using such \ 
text, it will warn and act as if a match was not found (or for test commands, as \ 
if the test failed).

Log message:
python39 py39-html-docs: updated to 3.9.15

Python 3.9.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer \ 
overflow when the new allocated length is close to the maximum size. Issue \ 
reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the \ 
get-remote-certificate.py example script. The script no longer uses a shell to \ 
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \ 
Victor Stinner.
Core and Builtins
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no \ 
value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a \ 
valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, \ 
mention the sys.set_int_max_str_digits() function in the error message. Patch by \ 
Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.

macOS

gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system \ 
calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could \ 
result in a segfault if cpython is built with the macOS 13 SDK but run on an \ 
earlier version of macOS. Prevent this by adding runtime support for detection \ 
of these system calls (“weaklinking”) as is done for other newer syscalls on \ 
macOS.

Log message:
python39 py39-html-docs: updated to 3.9.14

Python 3.9.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 \ 
(octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a \ 
ValueError if the number of digits in string form is above a limit to avoid \ 
potential denial of service attacks due to the algorithmic complexity. This is a \ 
mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command \ 
line flag, or sys APIs. See the integer string conversion length limitation \ 
documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback \ 
from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server \ 
when an URI path starts with //. Vulnerability discovered, and initial fix \ 
proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for \ 
more details.

Library
gh-94821: Fix binding of unix socket to empty address on Linux to use an \ 
available address from the abstract namespace, instead of “0”.
gh-91810: Suppress writing an XML declaration in open files in \ 
ElementTree.write() with encoding='unicode' and xml_declaration=None.
bpo-45393: Fix the formatting for await x and not x in the operator precedence \ 
table when using the help() system.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.

Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require \ 
perfect forward secrecy (PFS) ciphers.
gh-94208: test_ssl is now checking for supported TLS version and protocols in \ 
more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and \ 
setuptools. Patch by Illia Volochii and Adam Turner.

Log message:
python39 py39-html-docs: updated to 3.9.13

Python 3.9.13

Core and Builtins

gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list \ 
comprehension could misbehave or crash.
gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
gh-92036: Fix a crash in subinterpreters related to the garbage collector. When \ 
a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a \ 
crash in deallocator functions expecting objects to be tracked by the GC, leak a \ 
strong reference to these objects on purpose, so they are never deleted and \ 
their deallocator functions are not called. Patch by Victor Stinner.
gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the \ 
correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na.
bpo-46962: Classes and functions that unconditionally declared their docstrings \ 
ignoring the --without-doc-strings compilation flag no longer do so.

The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, \ 
and types.GenericAlias.

The functions affected are 24 methods in ctypes.

Patch by Oleg Iarygin.
bpo-36819: Fix crashes in built-in encoders with error handlers that return \ 
position less or equal than the starting position of non-encodable characters.

Library

gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure \ 
Python implementation, since the fold is never 1 in UTC. In addition to being \ 
slightly faster in the common case, this also prevents some errors when the \ 
timestamp is close to datetime.min. Patch by Paul Ganssle.
gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify().
gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, \ 
pickling did not fail, but the result could not be unpickled.
bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue \ 
after the last write of buffered data to the write end of the pipe to avoid \ 
BrokenPipeError at garbage collection and at multiprocessing.Queue.close() \ 
calls. Patch by Géry Ogam.
gh-91910: Add missing f prefix to f-strings in error messages from the \ 
multiprocessing and asyncio modules.
gh-91810: ElementTree method write() and function tostring() now use the text \ 
file’s encoding (“UTF-8” if not available) instead of locale encoding in \ 
XML declaration when encoding="unicode" is specified.
gh-91832: Add required attribute to argparse.Action repr output.
gh-91734: Fix OSS audio support on Solaris.
gh-91700: Compilation of regular expression containing a conditional expression \ 
(?(group)...) now raises an appropriate re.error if the group number refers to \ 
not defined group. Previously an internal RuntimeError was raised.
gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event \ 
loop executor before returning from its run method so that a not yet stopped or \ 
garbage collected executor state does not persist beyond the test.
gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular \ 
expression raises now re.error instead of TypeError.
gh-91595: Fix the comparison of character and integer inside \ 
Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no \ 
longer spawned on demand (a feature added in 3.9) when the multiprocessing \ 
context start method is "fork" as that can lead to deadlocks in the \ 
child processes due to a fork happening while threads are running.
gh-91575: Update case-insensitive matching in the re module to the latest \ 
Unicode version.
gh-91581: Remove an unhandled error case in the C implementation of calls to \ 
datetime.fromtimestamp with no time zone (i.e. getting a local time from an \ 
epoch timestamp). This should have no user-facing effect other than giving a \ 
possibly more accurate error message when called with timestamps that fall on \ 
10000-01-01 in the local time. Patch by Paul Ganssle.
bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an \ 
invalid keyword was found in marked section. Patch by Marek Suscak.
bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for \ 
socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for \ 
other families, like socket.AF_BLUETOOTH and socket.AF_UNIX.
bpo-43323: Fix errors in the email module if the charset itself contains \ 
undecodable/unencodable characters.
bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak
bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError \ 
instead of ValueError if given invalid tuple as address parameter.
bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while \ 
cancelling leaked tasks. Patch by Bar Harel.
bpo-44493: Add missing terminated NUL in sockaddr_un’s length

This was potentially observable when using non-abstract AF_UNIX datagram sockets \ 
to processes written in another programming language.
bpo-42627: Fix incorrect parsing of Windows registry proxy settings
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of \ 
cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation

gh-91888: Add a new gh role to the documentation to link to GitHub issues.
gh-91783: Document security issues concerning the use of the function \ 
shutil.unpack_archive()
gh-91547: Remove “Undocumented modules” page.
bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree().
bpo-38668: Update the introduction to documentation for os.path to remove \ 
warnings that became irrelevant after the implementations of PEP 383 and PEP \ 
529.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4.
bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to \ 
follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg \ 
Iarygin.
bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). \ 
Original patch by Andrew Brezovsky.
bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial \ 
about the ob_base field and the macros used to access its contents.
bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the \ 
code to enter an inconsistent state. Provided a sample workaround to avoid it if \ 
needed.
bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their \ 
respective section in Doc/library/errno.rst, and vice versa. Previously this was \ 
only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes.
bpo-38056: Overhaul the Error Handlers documentation in codecs.
bpo-13553: Document tkinter.Tk args.

Tests

gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start \ 
method context in several cases where the test logic mixed this up.
bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case \ 
on FreeBSD.
bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface \ 
construction with tuple arguments. Original patch and tests by louisom.

Build

bpo-47103: Windows PGInstrument builds now copy a required DLL into the output \ 
directory, making it easier to run the profile stage of a PGO build.

Windows

bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, \ 
by using errors codes returned by FindFirstFileW() when appropriate in \ 
win32_xstat_impl.
bpo-40859: Update Windows build to use xz-5.2.5

Tools/Demos

gh-91583: Fix regression in the code generated by Argument Clinic for functions \ 
with the defining_class parameter.

Log message:
python39 py39-html-docs: updated to 3.9.12

Python 3.9.12 final

Core and Builtins

bpo-46968: Check for the existence of the “sys/auxv.h” header in \ 
faulthandler to avoid compilation problems in systems where this header \ 
doesn’t exist. Patch by Pablo Galindo

Library

bpo-47101: hashlib.algorithms_available now lists only algorithms that are \ 
provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not \ 
listed unless the legacy provider has been loaded into the default OSSL context.
bpo-23691: Protect the re.finditer() iterator from re-entering.
bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a \ 
“zipfile.BadZipFile: Bad CRC-32 for file” exception when reading a ZipFile \ 
from multiple threads.
bpo-38256: Fix binascii.crc32() when it is compiled to use zlib’c crc32 to \ 
work properly on inputs 4+GiB in length instead of returning the wrong result. \ 
The workaround prior to this was to always feed the function data in increments \ 
smaller than 4GiB or to just call the zlib module function.
bpo-39394: A warning about inline flags not at the start of the regular \ 
expression now contains the position of the flag.
bpo-47061: Deprecate the various modules listed by PEP 594:
aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, \ 
nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, \ 
xdrlib
bpo-2604: Fix bug where doctests using globals would fail when run multiple times.
bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since \ 
at least Python 3.6. Their documentation has now been updated to note they will \ 
removed in Python 3.12 (PEP 594).
bpo-46421: Fix a unittest issue where if the command was invoked as python -m \ 
unittest and the filename(s) began with a dot (.), a ValueError is returned.
bpo-40296: Fix supporting generic aliases in pydoc.
bpo-14156: argparse.FileType now supports an argument of ‘-’ in binary mode, \ 
returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes \ 
including ‘x’ and ‘a’ are treated equivalently to ‘w’ when argument \ 
is ‘-’. Patch contributed by Josh Rosenberg