Log Message:
python311 py311-html-docs: updated to 3.11.1

Python 3.11.1 final

Security

gh-100001: python -m http.server no longer allows terminal control characters \ 
sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message \ 
method to replace control characters with a \xHH hex escape before printing.

gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc \ 
module

gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio \ 
related name resolution functions no longer involves a quadratic algorithm. This \ 
prevents a potential CPU denial of service if an out-of-spec excessive length \ 
hostname involving bidirectional characters were decoded. Some protocols such as \ 
urllib http 3xx redirects potentially allow for an attacker to supply such a \ 
name.

gh-98739: Update bundled libexpat to 2.5.0

gh-97612: Fix a shell code injection vulnerability in the \ 
get-remote-certificate.py example script. The script no longer uses a shell to \ 
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \ 
Victor Stinner.
Core and Builtins
gh-99886: Fix a crash when an object which does not have a dictionary frees its \ 
instance values.
gh-99891: Fix a bug in the tokenizer that could cause infinite recursion when \ 
showing syntax warnings that happen in the first line of the source. Patch by \ 
Pablo Galindo
gh-99729: Fix an issue that could cause frames to be visible to Python code as \ 
they are being torn down, possibly leading to memory corruption or hard crashes \ 
of the interpreter.
gh-99578: Fix a reference bug in _imp.create_builtin() after the creation of the \ 
first sub-interpreter for modules builtins and sys. Patch by Victor Stinner.
gh-99581: Fixed a bug that was causing a buffer overflow if the tokenizer copies \ 
a line missing the newline caracter from a file that is as long as the available \ 
tokenizer buffer. Patch by Pablo galindo
gh-99553: Fix bug where an ExceptionGroup subclass can wrap a BaseException.
gh-99370: Fix zip path for venv created from a non-installed python on POSIX \ 
platforms.
gh-99298: Fix an issue that could potentially cause incorrect error handling for \ 
some bytecode instructions.
gh-99205: Fix an issue that prevented PyThreadState and PyInterpreterState \ 
memory from being freed properly.
gh-99181: Fix failure in except* with unhashable exceptions.
gh-99204: Fix calculation of sys._base_executable when inside a POSIX virtual \ 
environment using copies of the python binary when the base installation does \ 
not provide the executable name used by the venv. Calculation will fall back to \ 
alternative names (“python<MAJOR>”, \ 
“python<MAJOR>.<MINOR>”).
gh-96055: Update faulthandler to emit an error message with the proper \ 
unexpected signal number. Patch by Dong-hee Na.
gh-99153: Fix location of SyntaxError for a try block with both except and except*.
gh-99103: Fix the error reporting positions of specialized traceback anchors \ 
when the source line contains Unicode characters.
gh-98852: Fix subscription of type aliases containing bare generic types or \ 
types like TypeVar: for example tuple[A, T][int] and tuple[TypeVar, T][int], \ 
where A is a generic type, and T is a type variable.
gh-98925: Lower the recursion depth for marshal on WASI to support wasmtime 2.0/main.
gh-98783: Fix multiple crashes in debug mode when str subclasses are used \ 
instead of str itself.
gh-99257: Fix an issue where member descriptors (such as those for __slots__) \ 
could behave incorrectly or crash instead of raising a TypeError when accessed \ 
via an instance of an invalid type.
gh-98374: Suppress ImportError for invalid query for help() command. Patch by \ 
Dong-hee Na.
gh-98415: Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim \ 
Sanders
gh-92119: Print exception class name instead of its string representation when \ 
raising errors from ctypes calls.
gh-96078: os.sched_yield() now release the GIL while calling sched_yield(2). \ 
Patch by Dong-hee Na.
gh-93354: Fix an issue that could delay the specialization of PRECALL instructions.
gh-97943: Bugfix: PyFunction_GetAnnotations() should return a borrowed \ 
reference. It was returning a new reference.
gh-97779: Ensure that all Python frame objects are backed by “complete” frames.
gh-97591: Fixed a missing incref/decref pair in Exception.__setstate__(). Patch \ 
by Ofey Chan.
gh-94526: Fix the Python path configuration used to initialized sys.path at \ 
Python startup. Paths are no longer encoded to UTF-8/strict to avoid encoding \ 
errors if it contains surrogate characters (bytes paths are decoded with the \ 
surrogateescape error handler). Patch by Victor Stinner.
gh-95921: Fix overly-broad source position information for chained comparisons \ 
used as branching conditions.
gh-96387: At Python exit, sometimes a thread holding the GIL can wait forever \ 
for a thread (usually a daemon thread) which requested to drop the GIL, whereas \ 
the thread already exited. To fix the race condition, the thread which requested \ 
the GIL drop now resets its request before exiting. Issue discovered and \ 
analyzed by Mingliang ZHAO. Patch by Victor Stinner.
gh-96864: Fix a possible assertion failure, fatal error, or SystemError if a \ 
line tracing event raises an exception while opcode tracing is enabled.
gh-96678: Fix undefined behaviour in C code of null pointer arithmetic.
gh-96754: Make sure that all frame objects created are created from valid \ 
interpreter frames. Prevents the possibility of invalid frames in backtraces and \ 
signal handlers.
gh-95196: Disable incorrect pickling of the C implemented classmethod descriptors.
gh-96005: On WASI ENOTCAPABLE is now mapped to PermissionError. The errno \ 
modules exposes the new error number. getpath.py now ignores PermissionError \ 
when it cannot open landmark files pybuilddir.txt and pyenv.cfg.
gh-93696: Allow pdb to locate source for frozen modules in the standard library.
bpo-31718: Raise ValueError instead of SystemError when methods of uninitialized \ 
io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman.
bpo-38031: Fix a possible assertion failure in io.FileIO when the opener returns \ 
an invalid file descriptor.
Library
gh-100001: Also escape s in the http.server BaseHTTPRequestHandler.log_message \ 
so that it is technically possible to parse the line and reconstruct what the \ 
original data was. Without this a xHH is ambiguious as to if it is a hex \ 
replacement we put in or the characters r”x” came through in the original \ 
request line.

gh-93453: asyncio.get_event_loop() now only emits a deprecation warning when a \ 
new event loop was created implicitly. It no longer emits a deprecation warning \ 
if the current event loop was set.

gh-51524: Fix bug when calling trace.CoverageResults with valid infile.

gh-99645: Fix a bug in handling class cleanups in unittest.TestCase. Now \ 
addClassCleanup() uses separate lists for different TestCase subclasses, and \ 
doClassCleanups() only cleans up the particular class.

gh-97001: Release the GIL when calling termios APIs to avoid blocking threads.

gh-99341: Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing \ 
line numbers.

gh-99418: Fix bug in urllib.parse.urlparse() that causes URL schemes that begin \ 
with a digit, a plus sign, or a minus sign to be parsed incorrectly.

gh-99382: Check the number of arguments in substitution in user generics \ 
containing a TypeVarTuple and one or more TypeVar.

gh-99379: Fix substitution of ParamSpec followed by TypeVarTuple in generic aliases.

gh-99344: Fix substitution of TypeVarTuple and ParamSpec together in user generics.

gh-74044: Fixed bug where inspect.signature() reported incorrect arguments for \ 
decorated methods.

gh-99275: Fix SystemError in ctypes when exception was not set during \ 
__initsubclass__.

gh-99277: Remove older version of _SSLProtocolTransport.get_write_buffer_limits \ 
in asyncio.sslproto

gh-99248: fix negative numbers failing in verify()

gh-99155: Fix statistics.NormalDist pickle with 0 and 1 protocols.

gh-93464: enum.auto() is now correctly activated when combined with other \ 
assignment values. E.g. ONE = auto(), 'some text' will now evaluate as (1, 'some \ 
text').

gh-99134: Update the bundled copy of pip to version 22.3.1.

gh-83004: Clean up refleak on failed module initialisation in _zoneinfo

gh-83004: Clean up refleaks on failed module initialisation in in _pickle

gh-83004: Clean up refleak on failed module initialisation in _io.

gh-98897: Fix memory leak in math.dist() when both points don’t have the same \ 
dimension. Patch by Kumar Aditya.

gh-98706: [3.11] Applied changes from importlib_metadata 4.11.4 through 4.13, \ 
including compatibility and robustness fixes for Distribution objects without \ 
_normalized_name, disallowing invalid inputs to Distribution.from_name, and \ 
refined behaviors in PathDistribution._name_from_stem and \ 
PathDistribution._normalized_name.

gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and \ 
_overlapped.Overlapped.WSASendTo() functions.

gh-98744: Prevent crashing in traceback when retrieving the byte-offset for some \ 
source files that contain certain unicode characters.

gh-98740: Fix internal error in the re module which in very rare circumstances \ 
prevented compilation of a regular expression containing a conditional \ 
expression without the “else” branch.

gh-98703: Fix asyncio.StreamWriter.drain() to call protocol.connection_lost \ 
callback only once on Windows.

gh-98624: Add a mutex to unittest.mock.NonCallableMock to protect concurrent \ 
access to mock attributes.

gh-89237: Fix hang on Windows in subprocess.wait_closed() in asyncio with \ 
ProactorEventLoop. Patch by Kumar Aditya.

gh-98458: Fix infinite loop in unittest when a self-referencing chained \ 
exception is raised

gh-97928: tkinter.Text.count() raises now an exception for options starting with \ 
“-” instead of silently ignoring them.

gh-97966: On uname_result, restored expectation that _fields and _asdict would \ 
include all six properties including processor.

gh-98307: A createSocket() method was added to SysLogHandler.

gh-96035: Fix bug in urllib.parse.urlparse() that causes certain port numbers \ 
containing whitespace, underscores, plus and minus signs, or non-ASCII digits to \ 
be incorrectly accepted.

gh-98251: Allow venv to pass along PYTHON* variables to ensurepip and pip when \ 
they do not impact path resolution

gh-98178: On macOS, fix a crash in syslog.syslog() in multi-threaded \ 
applications. On macOS, the libc syslog() function is not thread-safe, so \ 
syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner.

gh-96151: Allow BUILTINS to be a valid field name for frozen dataclasses.

gh-87730: Wrap network errors consistently in urllib FTP support, so the test \ 
suite doesn’t fail when a network is available but the public internet is not \ 
reachable.

gh-98086: Make sure patch.dict() can be applied on async functions.

gh-90985: Earlier in 3.11 we deprecated \ 
asyncio.Task.cancel("message"). We realized we were too harsh, and \ 
have undeprecated it.

gh-97837: Change deprecate warning message in unittest from

It is deprecated to return a value!=None

to

It is deprecated to return a value that is not None from a test case

gh-97825: Fixes AttributeError when subprocess.check_output() is used with \ 
argument input=None and either of the arguments encoding or errors are used.

gh-82836: Fix is_private properties in the ipaddress module. Previously \ 
non-private networks (0.0.0.0/0) would return True from this method; now they \ 
correctly return False.

gh-96827: Avoid spurious tracebacks from asyncio when default executor cleanup \ 
is delayed until after the event loop is closed (e.g. as the result of a \ 
keyboard interrupt).

gh-97592: Avoid a crash in the C version of \ 
asyncio.Future.remove_done_callback() when an evil argument is passed.

gh-97639: Remove tokenize.NL check from tabnanny.

gh-73588: Fix generation of the default name of tkinter.Checkbutton. Previously, \ 
checkbuttons in different parent widgets could have the same short name and \ 
share the same state if arguments “name” and “variable” are not \ 
specified. Now they are globally unique.

gh-97005: Update bundled libexpat to 2.4.9

gh-85760: Fix race condition in asyncio where process_exited() called before the \ 
pipe_data_received() leading to inconsistent output. Patch by Kumar Aditya.

gh-96819: Fixed check in multiprocessing.resource_tracker that guarantees that \ 
the length of a write to a pipe is not greater than PIPE_BUF.

gh-96741: Corrected type annotation for dataclass attribute \ 
pstats.FunctionProfile.ncalls to be str.

gh-95987: Fix repr of Any subclasses.

gh-96388: Work around missing socket functions in socket’s __repr__.

gh-96073: In inspect, fix overeager replacement of “typing.” in formatting \ 
annotations.

gh-96192: Fix handling of bytes path-like objects in os.ismount().

gh-96052: Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) \ 
in codeop.compile_command() when checking for incomplete input. Previously it \ 
emitted warnings and raised a SyntaxError. Now it always returns None for \ 
incomplete input without emitting any warnings.

gh-88863: To avoid apparent memory leaks when asyncio.open_connection() raises, \ 
break reference cycles generated by local exception and future instances (which \ 
has exception instance as its member var). Patch by Dong Uk, Kang.

gh-91212: Fixed flickering of the turtle window when the tracer is turned off. \ 
Patch by Shin-myoung-serp.

gh-88050: Fix asyncio subprocess transport to kill process cleanly when process \ 
is blocked and avoid RuntimeError when loop is closed. Patch by Kumar Aditya.

gh-93858: Prevent error when activating venv in nested fish instances.

gh-91078: TarFile.next() now returns None when called on an empty tarfile.

bpo-47220: Document the optional callback parameter of WeakMethod. Patch by \ 
Géry Ogam.

bpo-46364: Restrict use of sockets instead of pipes for stdin of subprocesses \ 
created by asyncio to AIX platform only.

bpo-38523: shutil.copytree() now applies the ignore_dangling_symlinks argument \ 
recursively.

bpo-36267: Fix IndexError in argparse.ArgumentParser when a store_true action is \ 
given an explicit argument.

Documentation

gh-92892: Document that calling variadic functions with ctypes requires special \ 
care on macOS/arm64 (and possibly other platforms).
gh-85525: Remove extra row
gh-95588: Clarified the conflicting advice given in the ast documentation about \ 
ast.literal_eval() being “safe” for use on untrusted input while at the same \ 
time warning that it can crash the process. The latter statement is true and is \ 
deemed unfixable without a large amount of work unsuitable for a bugfix. So we \ 
keep the warning and no longer claim that literal_eval is safe.
bpo-41825: Restructured the documentation for the os.wait* family of functions, \ 
and improved the docs for os.waitid() with more explanation of the possible \ 
argument constants.

Tests

gh-99892: Skip test_normalization() of test_unicodedata if it fails to download \ 
NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner.
gh-99934: Correct test_marsh on (32 bit) x86: test_deterministic sets was failing.
gh-99659: Optional big memory tests in test_sqlite3 now catch the correct \ 
sqlite.DataError exception type in case of too large strings and/or blobs \ 
passed.
gh-98713: Fix a bug in the typing tests where a test relying on CPython-specific \ 
implementation details was not decorated with @cpython_only and was not skipped \ 
on other implementations.
gh-87390: Add tests for star-unpacking with PEP 646, and some other \ 
miscellaneous PEP 646 tests.
gh-96853: Added explicit coverage of Py_Initialize (and hence Py_InitializeEx) \ 
back to the embedding tests (all other embedding tests migrated to \ 
Py_InitializeFromConfig in Python 3.11)
bpo-34272: Some C API tests were moved into the new Lib/test/test_capi/ directory.

Build

gh-99086: Fix -Wimplicit-int, -Wstrict-prototypes, and \ 
-Wimplicit-function-declaration compiler warnings in configure checks.
gh-99337: Fix a compilation issue with GCC 12 on macOS.
gh-99086: Fix -Wimplicit-int compiler warning in configure check for \ 
PTHREAD_SCOPE_SYSTEM.
gh-98872: Fix a possible fd leak in Programs/_freeze_module.c introduced in \ 
Python 3.11.
gh-99016: Fix build with PYTHON_FOR_REGEN=python3.8.
gh-97731: Specify the full path to the source location for make docclean (needed \ 
for cross-builds).
gh-98707: Don’t use vendored libmpdec headers if --with-system-libmpdec is \ 
passed to configure. Don’t use vendored libexpat headers if \ 
--with-system-expat is passed to !configure.
gh-96761: Fix the build process of clang compiler for _bootstrap_python if LTO \ 
optimization is applied. Patch by Matthias Görgens and Dong-hee Na.
gh-96883: wasm32-emscripten builds for browsers now include concurrent.futures \ 
for asyncio and unittest.mock.
gh-84461: wasm32-emscripten platform no longer builds resource module, \ 
getresuid(), getresgid(), and their setters. The APIs are stubs and not \ 
functional.
gh-94280: Updated pegen regeneration script on Windows to find and use Python \ 
3.9 or higher. Prior to this, pegen regeneration already required 3.9 or higher, \ 
but the script may have used lower versions of Python.

Windows

gh-99345: Use faster initialization functions to detect install location for \ 
Windows Store package
gh-98629: Fix initialization of sys.version and sys._git on Windows
gh-99442: Fix handling in Python Launcher for Windows when argv[0] does not \ 
include a file extension.
gh-98689: Update Windows builds to zlib v1.2.13. v1.2.12 has CVE-2022-37434, but \ 
the vulnerable inflateGetHeader API is not used by Python.
gh-98790: Assumes that a missing DLLs directory means that standard extension \ 
modules are in the executable’s directory.
gh-98745: Update py.exe launcher to install 3.11 by default and 3.12 on request.
gh-98692: Fix the Python Launcher for Windows ignoring unrecognized shebang \ 
lines instead of treating them as local paths
gh-94328: Update Windows installer to use SQLite 3.39.4.
gh-97728: Fix possible crashes caused by the use of uninitialized variables when \ 
pass invalid arguments in os.system() on Windows and in Windows-specific modules \ 
(like winreg).
gh-96965: Update libffi to 3.4.3
gh-94781: Fix pcbuild.proj to clean previous instances of ouput files in \ 
Python\deepfreeze and Python\frozen_modules directories on Windows. Patch by \ 
Charlie Zhao.
bpo-40882: Fix a memory leak in multiprocessing.shared_memory.SharedMemory on \ 
Windows.

macOS

gh-87235: On macOS python3 /dev/fd/9 9</path/to/script.py failed for any \ 
script longer than a couple of bytes.
gh-98940: Fix Mac/Extras.install.py file filter bug.
gh-94328: Update macOS installer to SQLite 3.39.4.

IDLE

gh-97527: Fix a bug in the previous bugfix that caused IDLE to not start when \ 
run with 3.10.8, 3.12.0a1, and at least Microsoft Python 3.10.2288.0 installed \ 
without the Lib/test package. 3.11.0 was never affected.

Tools/Demos

gh-95853: The wasm_build.py script now pre-builds Emscripten ports, checks for \ 
broken EMSDK versions, and warns about pkg-config env vars.
gh-95853: The new tool Tools/wasm/wasm_builder.py automates configure, compile, \ 
and test steps for building CPython on WebAssembly platforms.
gh-95731: Fix handling of module docstrings in Tools/i18n/pygettext.py.

C API

gh-98680: PyBUF_* constants were marked as part of Limited API of Python 3.11+. \ 
These were available in 3.11.0 with Py_LIMITED_API defined for 3.11, and are \ 
necessary to use the buffer API.
gh-98978: Fix use-after-free in Py_SetPythonHome(NULL), Py_SetProgramName(NULL) \ 
and _Py_SetProgramFullPath(NULL) function calls. Issue reported by Benedikt \ 
Reinartz. Patch by Victor Stinner.
gh-96853: Py_InitializeEx now correctly calls PyConfig_Clear after initializing \ 
the interpreter (the omission didn’t cause a memory leak only because none of \ 
the dynamically allocated config fields are populated by the wrapper function)