Log Message:
python310 py310-html-docs: updated to 3.10.8

Python 3.10.8

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer \ 
overflow when the new allocated length is close to the maximum size. Issue \ 
reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the \ 
get-remote-certificate.py example script. The script no longer uses a shell to \ 
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \ 
Victor Stinner.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text \ 
(filenames, MIME types, parameters) into shell commands. Instead of using such \ 
text, it will warn and act as if a match was not found (or for test commands, as \ 
if the test failed).

Core and Builtins

gh-96078: os.sched_yield() now release the GIL while calling sched_yield(2). \ 
Patch by Dong-hee Na.
gh-97943: Bugfix: PyFunction_GetAnnotations() should return a borrowed \ 
reference. It was returning a new reference.
gh-97591: Fixed a missing incref/decref pair in Exception.__setstate__(). Patch \ 
by Ofey Chan.
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no \ 
value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a \ 
valid limit. Patch by Victor Stinner.
gh-95921: Fix overly-broad source position information for chained comparisons \ 
used as branching conditions.
gh-96821: Fix undefined behaviour in _testcapimodule.c.
gh-95778: When ValueError is raised if an integer is larger than the limit, \ 
mention the sys.set_int_max_str_digits() function in the error message. Patch by \ 
Victor Stinner.
gh-96387: At Python exit, sometimes a thread holding the GIL can wait forever \ 
for a thread (usually a daemon thread) which requested to drop the GIL, whereas \ 
the thread already exited. To fix the race condition, the thread which requested \ 
the GIL drop now resets its request before exiting. Issue discovered and \ 
analyzed by Mingliang ZHAO. Patch by Victor Stinner.
gh-96864: Fix a possible assertion failure, fatal error, or SystemError if a \ 
line tracing event raises an exception while opcode tracing is enabled.
gh-96678: Fix undefined behaviour in C code of null pointer arithmetic.
gh-96641: Do not expose KeyWrapper in _functools.
gh-96611: When loading a file with invalid UTF-8 inside a multi-line string, a \ 
correct SyntaxError is emitted.
gh-95196: Disable incorrect pickling of the C implemented classmethod descriptors.
gh-96352: Fix AttributeError missing name and obj attributes in \ 
object.__getattribute__(). Patch by Philip Georgi.
bpo-42316: Document some places where an assignment expression needs parentheses.

Library

gh-87730: Wrap network errors consistently in urllib FTP support, so the test \ 
suite doesn’t fail when a network is available but the public internet is not \ 
reachable.
gh-97825: Fixes AttributeError when subprocess.check_output() is used with \ 
argument input=None and either of the arguments encoding or errors are used.
gh-96827: Avoid spurious tracebacks from asyncio when default executor cleanup \ 
is delayed until after the event loop is closed (e.g. as the result of a \ 
keyboard interrupt).
gh-97592: Avoid a crash in the C version of \ 
asyncio.Future.remove_done_callback() when an evil argument is passed.
gh-97639: Remove tokenize.NL check from tabnanny.
gh-97545: Make Semaphore run faster.
gh-73588: Fix generation of the default name of tkinter.Checkbutton. Previously, \ 
checkbuttons in different parent widgets could have the same short name and \ 
share the same state if arguments “name” and “variable” are not \ 
specified. Now they are globally unique.
gh-97005: Update bundled libexpat to 2.4.9
gh-85760: Fix race condition in asyncio where process_exited() called before the \ 
pipe_data_received() leading to inconsistent output. Patch by Kumar Aditya.
gh-96819: Fixed check in multiprocessing.resource_tracker that guarantees that \ 
the length of a write to a pipe is not greater than PIPE_BUF.
gh-96741: Corrected type annotation for dataclass attribute \ 
pstats.FunctionProfile.ncalls to be str.
gh-96652: Fix the faulthandler implementation of faulthandler.register(signal, \ 
chain=True) if the sigaction() function is not available: don’t call the \ 
previous signal handler if it’s NULL. Patch by Victor Stinner.
gh-96073: In inspect, fix overeager replacement of “typing.” in formatting \ 
annotations.
gh-90467: Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to \ 
the created task, so that it’s not garbage collected
gh-96052: Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) \ 
in codeop.compile_command() when checking for incomplete input. Previously it \ 
emitted warnings and raised a SyntaxError. Now it always returns None for \ 
incomplete input without emitting any warnings.
gh-91212: Fixed flickering of the turtle window when the tracer is turned off. \ 
Patch by Shin-myoung-serp.
gh-74116: Allow asyncio.StreamWriter.drain() to be awaited concurrently by \ 
multiple tasks. Patch by Kumar Aditya.
gh-90155: Fix broken asyncio.Semaphore when acquire is cancelled.
gh-92986: Fix ast.unparse() when ImportFrom.level is None
gh-91539: Improve performance of urllib.request.getproxies_environment when \ 
there are many environment variables

Documentation

gh-97741: Fix ! in c domain ref target syntax via a conf.py patch, so it works \ 
as intended to disable ref target resolution.
gh-95588: Clarified the conflicting advice given in the ast documentation about \ 
ast.literal_eval() being “safe” for use on untrusted input while at the same \ 
time warning that it can crash the process. The latter statement is true and is \ 
deemed unfixable without a large amount of work unsuitable for a bugfix. So we \ 
keep the warning and no longer claim that literal_eval is safe.
gh-93031: Update tutorial introduction output to use 3.10+ SyntaxError invalid range.

Build

gh-96729: Ensure that Windows releases built with Tools\msi\buildrelease.bat are \ 
upgradable to and from official Python releases.

Windows

gh-97728: Fix possible crashes caused by the use of uninitialized variables when \ 
pass invalid arguments in os.system() on Windows and in Windows-specific modules \ 
(like winreg).
gh-90989: Clarify some text in the Windows installer.
gh-96577: Fixes a potential buffer overrun in msilib.

macOS

gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system \ 
calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could \ 
result in a segfault if cpython is built with the macOS 13 SDK but run on an \ 
earlier version of macOS. Prevent this by adding runtime support for detection \ 
of these system calls (“weaklinking”) as is done for other newer syscalls on \ 
macOS.