Log Message:
python39: updated to 3.9.5

Python 3.9.5 final

Security
bpo-43434: Creating a sqlite3.Connection object now also produces a \ 
sqlite3.connect auditing event. Previously this event was only produced by \ 
sqlite3.connect() calls. Patch by Erlend E. Aasland.
bpo-43882: The presence of newline or tab characters in parts of a URL could \ 
allow some forms of attacks.

Following the controlling specification for URLs defined by WHATWG \ 
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such \ 
attacks.
bpo-43472: Ensures interpreter-level audit hooks receive the \ 
cpython.PyInterpreterState_New event when called through the _xxsubinterpreters \ 
module.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address \ 
strings. Leading zeros are ambiguous and interpreted as octal notation by some \ 
libraries. For example the legacy function socket.inet_aton() treats leading \ 
zeros as octal notatation. glibc implementation of modern inet_pton() does not \ 
accept any leading zeros. For a while the ipaddress module used to accept \ 
ambiguous leading zeros.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in \ 
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has \ 
quadratic worst-case complexity and it allows cause a denial of service when \ 
identifying crafted invalid RFCs. This ReDoS issue is on the client side and \ 
needs remote attackers to control the HTTP server.
bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and \ 
generator code/frame attribute access.

Core and Builtins
bpo-43105: Importlib now resolves relative paths when creating module spec \ 
objects from file locations.
bpo-42924: Fix bytearray repetition incorrectly copying data from the start of \ 
the buffer, even if the data is offset within the buffer (e.g. after reassigning \ 
a slice at the start of the bytearray to a shorter byte string).

Library
bpo-43993: Update bundled pip to 21.1.1.
bpo-43937: Fixed the turtle module working with non-default root window.
bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error \ 
message when cadata contains no valid certificate.
bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.
bpo-43284: platform.win32_ver derives the windows version from \ 
sys.getwindowsversion().platform_version which in turn derives the version from \ 
kernel32.dll (which can be of a different version than Windows itself). \ 
Therefore change the platform.win32_ver to determine the version using the \ 
platform module’s _syscmd_ver private function to return an accurate version.
bpo-42248: [Enum] ensure exceptions raised in _missing__ are released
bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress \ 
deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)
bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second \ 
time when first call has signaled an error condition.
bpo-43788: The header files for ssl error codes are now OpenSSL \ 
version-specific. Exceptions will now show correct reason and library codes. The \ 
make_ssl_data.py script has been rewritten to use OpenSSL’s text file with \ 
error codes.
bpo-43655: tkinter dialog windows are now recognized as dialogs by window \ 
managers on macOS and X Window.
bpo-43534: turtle.textinput() and turtle.numinput() create now a transient \ 
window working on behalf of the canvas window.
bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy \ 
hostflags from struct SSL_CTX to struct SSL.
bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and \ 
urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a \ 
TypeError.
bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass \ 
with no fields. It is now correctly detected as an error.
bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by \ 
Ma Lin.
bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.
bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: \ 
embedded null characters would cause a ValueError to be raised. Patch by Zackery \ 
Spytz.

Documentation
bpo-43959: The documentation on the PyContextVar C-API was clarified.
bpo-43938: Update dataclasses documentation to express that FrozenInstanceError \ 
is derived from AttributeError.
bpo-43755: Update documentation to reflect that unparenthesized lambda \ 
expressions can no longer be the expression part in an if clause in \ 
comprehensions and generator expressions since Python 3.9.
bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and \ 
initialize the pmodule variable to be of the right type.

Tests
bpo-43961: Fix test_logging.test_namer_rotator_inheritance() on Windows: use \ 
os.replace() rather than os.rename(). Patch by Victor Stinner.
bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close \ 
a file descriptor (socket) from a different thread while asyncore.loop() is \ 
polling the file descriptor. Patch by Victor Stinner.
bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to \ 
speed up testing.
bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. \ 
Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.

Windows
bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an \ 
invalid filename.
bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing \ 
slash, rather than falling back to the parent directory’s metadata. This \ 
implicitly affected os.path.exists() and os.path.isdir().
bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and \ 
socket.gethostbyname_ex().
bpo-40432: Updated pegen regeneration script on Windows to find and use Python \ 
3.8 or higher. Prior to this, pegen regeneration already required 3.8 or higher, \ 
but the script may have used lower versions of Python.
bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases \ 
were mislabelled and actually included 1.1.1i again.
bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.

macOS
bpo-42119: Fix check for macOS SDK paths when building Python. Narrow search to \ 
match contents of SDKs, namely only files in /System/Library, \ 
/System/IOSSupport, and /usr other than /usr/local. Previously, anything under \ 
/System was assumed to be in an SDK which causes problems with the new file \ 
system layout in 10.15+ where user file systems may appear to be mounted under \ 
/System. Paths in /Library were also incorrectly treated as SDK locations.
bpo-44009: Provide “python3.x-intel64” executable to allow reliably forcing \ 
macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on \ 
Apple Silicon Macs. This can be useful for testing or when universal2 wheels are \ 
not yet available.
bpo-43492: Update macOS installer to use SQLite 3.35.4.

IDLE
bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers \ 
on macOS and X Window.