Python 3.11.10

Include/patchlevel.h

@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        11
-#define PY_MICRO_VERSION        9
+#define PY_MICRO_VERSION        10
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.11.9+"
+#define PY_VERSION              "3.11.10"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Lib/pydoc_data/topics.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Tue Apr  2 09:24:48 2024
+# Autogenerated by Sphinx on Sat Sep  7 02:03:11 2024
 # as part of the release process.
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
@@ -13958,10 +13958,10 @@ topics = {'assert': 'The "assert" statement\n'
           '   The iterator returns "tuple"s containing the "(start_line,\n'
           '   end_line, start_column, end_column)". The *i-th* tuple '
           'corresponds\n'
-          '   to the position of the source code that compiled to the *i-th*\n'
-          '   instruction. Column information is 0-indexed utf-8 byte offsets '
-          'on\n'
-          '   the given source line.\n'
+          '   to the position of the source code that compiled to the *i-th* '
+          'code\n'
+          '   unit. Column information is 0-indexed utf-8 byte offsets on the\n'
+          '   given source line.\n'
           '\n'
           '   This positional information can be missing. A non-exhaustive '
           'lists\n'

Misc/NEWS.d/3.11.10.rst

@@ -0,0 +1,210 @@
+.. date: 2024-09-04-09-59-18
+.. gh-issue: 123418
+.. nonce: QaMC12
+.. release date: 2024-09-07
+.. section: Windows
+
+Updated Windows build to use OpenSSL 3.0.15.
+
+..
+
+.. date: 2024-05-29-17-00-27
+.. gh-issue: 119690
+.. nonce: tv6Zgs
+.. section: Windows
+
+Fixes data type confusion in audit event raised by
+``_winapi.CreateNamedPipe``.
+
+..
+
+.. date: 2024-09-04-12-41-35
+.. gh-issue: 123678
+.. nonce: N41y9n
+.. section: Security
+
+Upgrade libexpat to 2.6.3
+
+..
+
+.. date: 2024-07-22-13-14-38
+.. gh-issue: 121957
+.. nonce: FYkcOt
+.. section: Security
+
+Fixed missing audit events around interactive use of Python, now also
+properly firing for ``python -i``, as well as for ``python -m asyncio``. The
+event in question is ``cpython.run_stdin``.
+
+..
+
+.. date: 2024-07-22-13-11-28
+.. gh-issue: 122133
+.. nonce: 0mPeta
+.. section: Security
+
+Authenticate the socket connection for the ``socket.socketpair()`` fallback
+on platforms where ``AF_UNIX`` is not available like Windows.
+
+Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
+<seth@python.org>. Reported by Ellie <el@horse64.org>
+
+..
+
+.. date: 2024-07-02-13-39-20
+.. gh-issue: 121285
+.. nonce: hrl-yI
+.. section: Security
+
+Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and
+GNU sparse headers.
+
+..
+
+.. date: 2024-05-01-20-57-09
+.. gh-issue: 118486
+.. nonce: K44KJG
+.. section: Security
+
+:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict the
+new directory to the current user. This fixes CVE-2024-4030 affecting
+:func:`tempfile.mkdtemp` in scenarios where the base temporary directory is
+more permissive than the default.
+
+..
+
+.. date: 2024-03-27-13-50-02
+.. gh-issue: 116741
+.. nonce: ZoGryG
+.. section: Security
+
+Update bundled libexpat to 2.6.2
+
+..
+
+.. date: 2024-08-26-13-45-20
+.. gh-issue: 123270
+.. nonce: gXHvNJ
+.. section: Library
+
+Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
+causing infinite loops (gh-122905) without breaking contents using
+legitimate characters.
+
+..
+
+.. date: 2024-08-16-19-13-21
+.. gh-issue: 123067
+.. nonce: Nx9O4R
+.. section: Library
+
+Fix quadratic complexity in parsing ``"``-quoted cookie values with
+backslashes by :mod:`http.cookies`.
+
+..
+
+.. date: 2024-08-11-14-08-04
+.. gh-issue: 122905
+.. nonce: 7tDsxA
+.. section: Library
+
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
+
+..
+
+.. date: 2024-07-27-16-10-41
+.. gh-issue: 121650
+.. nonce: nf6oc9
+.. section: Library
+
+:mod:`email` headers with embedded newlines are now quoted on output. The
+:mod:`~email.generator` will now refuse to serialize (write) headers that
+are unsafely folded or delimited; see
+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
+Bloemsaat and Petr Viktorin in :gh:`121650`.)
+
+..
+
+.. date: 2024-05-24-14-32-24
+.. gh-issue: 119506
+.. nonce: -nMNqq
+.. section: Library
+
+Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the
+method is called again during flushing internal buffer.
+
+..
+
+.. date: 2024-05-16-17-31-46
+.. gh-issue: 118643
+.. nonce: hAWH4C
+.. section: Library
+
+Fix an AttributeError in the :mod:`email` module when re-fold a long address
+list. Also fix more cases of incorrect encoding of the address separator in
+the address list.
+
+..
+
+.. date: 2024-03-14-01-38-44
+.. gh-issue: 113171
+.. nonce: VFnObz
+.. section: Library
+
+Fixed various false positives and false negatives in
+
+* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
+* :attr:`ipaddress.IPv4Address.is_global`
+* :attr:`ipaddress.IPv6Address.is_private`
+* :attr:`ipaddress.IPv6Address.is_global`
+
+Also in the corresponding :class:`ipaddress.IPv4Network` and
+:class:`ipaddress.IPv6Network` attributes.
+
+..
+
+.. date: 2023-10-20-15-28-08
+.. gh-issue: 102988
+.. nonce: dStNO7
+.. section: Library
+
+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
+return ``('', '')`` 2-tuples in more situations where invalid email
+addresses are encountered instead of potentially inaccurate values. Add
+optional *strict* parameter to these two functions: use ``strict=False`` to
+get the old behavior, accept malformed inputs. ``getattr(email.utils,
+'supports_strict_parsing', False)`` can be use to check if the *strict*
+paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve
+the CVE-2023-27043 fix.
+
+..
+
+.. date: 2019-08-27-01-16-50
+.. gh-issue: 67693
+.. nonce: 4NIAiy
+.. section: Library
+
+Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for
+URIs with path starting with multiple slashes and no authority. Based on
+patch by Ashwin Ramaswami.
+
+..
+
+.. date: 2024-09-04-18-20-11
+.. gh-issue: 112275
+.. nonce: W_iMiB
+.. section: Core and Builtins
+
+A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at
+fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by
+Victor Stinner.
+
+..
+
+.. date: 2024-04-02-06-16-49
+.. gh-issue: 109120
+.. nonce: X485oN
+.. section: Core and Builtins
+
+Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by
+Grigoryev Semyon

Misc/NEWS.d/next/Core and Builtins/2024-04-02-06-16-49.gh-issue-109120.X485oN.rst

@@ -1,2 +0,0 @@
-Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by
-Grigoryev Semyon

Misc/NEWS.d/next/Core_and_Builtins/2024-09-04-18-20-11.gh-issue-112275.W_iMiB.rst

@@ -1,3 +0,0 @@
-A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c``
-at fork is now fixed. Patch by ChuBoning based on previous Python 3.12
-fix by Victor Stinner.

Misc/NEWS.d/next/Library/2019-08-27-01-16-50.gh-issue-67693.4NIAiy.rst

@@ -1,2 +0,0 @@
-Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority.
-Based on patch by Ashwin Ramaswami.

Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst

@@ -1,8 +0,0 @@
-:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
-return ``('', '')`` 2-tuples in more situations where invalid email
-addresses are encountered instead of potentially inaccurate values. Add
-optional *strict* parameter to these two functions: use ``strict=False`` to
-get the old behavior, accept malformed inputs.
-``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check
-if the *strict* paramater is available. Patch by Thomas Dwyer and Victor
-Stinner to improve the CVE-2023-27043 fix.

Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst

@@ -1,9 +0,0 @@
-Fixed various false positives and false negatives in
-
-* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
-* :attr:`ipaddress.IPv4Address.is_global`
-* :attr:`ipaddress.IPv6Address.is_private`
-* :attr:`ipaddress.IPv6Address.is_global`
-
-Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network`
-attributes.

Misc/NEWS.d/next/Library/2024-05-16-17-31-46.gh-issue-118643.hAWH4C.rst

@@ -1,2 +0,0 @@
-Fix an AttributeError in the :mod:`email` module when re-fold a long address
-list. Also fix more cases of incorrect encoding of the address separator in the address list.

Misc/NEWS.d/next/Library/2024-05-24-14-32-24.gh-issue-119506.-nMNqq.rst

@@ -1 +0,0 @@
-Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the method is called again during flushing internal buffer.

Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst

@@ -1,5 +0,0 @@
-:mod:`email` headers with embedded newlines are now quoted on output. The
-:mod:`~email.generator` will now refuse to serialize (write) headers that
-are unsafely folded or delimited; see
-:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
-Bloemsaat and Petr Viktorin in :gh:`121650`.)

Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst

@@ -1 +0,0 @@
-:class:`zipfile.Path` objects now sanitize names from the zipfile.

Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst

@@ -1 +0,0 @@
-Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies`.

Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst

@@ -1,3 +0,0 @@
-Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
-causing infinite loops (gh-122905) without breaking contents using
-legitimate characters.

Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst

@@ -1 +0,0 @@
-Update bundled libexpat to 2.6.2

Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst

@@ -1,4 +0,0 @@
-:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict
-the new directory to the current user. This fixes CVE-2024-4030
-affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
-directory is more permissive than the default.

Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst

@@ -1,2 +0,0 @@
-Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and
-GNU sparse headers.

Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst

@@ -1,5 +0,0 @@
-Authenticate the socket connection for the ``socket.socketpair()`` fallback
-on platforms where ``AF_UNIX`` is not available like Windows.
-
-Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie
-<el@horse64.org>

Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst

@@ -1,3 +0,0 @@
-Fixed missing audit events around interactive use of Python, now also
-properly firing for ``python -i``, as well as for ``python -m asyncio``. The
-event in question is ``cpython.run_stdin``.

Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst

@@ -1 +0,0 @@
-Upgrade libexpat to 2.6.3

Misc/NEWS.d/next/Windows/2024-05-29-17-00-27.gh-issue-119690.tv6Zgs.rst

@@ -1,2 +0,0 @@
-Fixes data type confusion in audit event raised by
-``_winapi.CreateNamedPipe``.

Misc/NEWS.d/next/Windows/2024-09-04-09-59-18.gh-issue-123418.QaMC12.rst

@@ -1 +0,0 @@
-Updated Windows build to use OpenSSL 3.0.15.

README.rst

@@ -1,5 +1,5 @@
-This is Python version 3.11.9
-=============================
+This is Python version 3.11.10
+==============================
 
 .. image:: https://github.com/python/cpython/workflows/Tests/badge.svg
    :alt: CPython build status on GitHub Actions