* Wed Apr 08 2026 mcepl@cepl.eu
- Update to 3.13.13
- Security
- gh-145986: xml.parsers.expat: Fixed a crash caused by
unbounded C recursion when converting deeply nested XML
content models with ElementDeclHandler(). This addresses
CVE 2026-4224 (bsc#1259735, CVE-2026-4224).
- gh-145599: Reject control characters in http.cookies.Morsel
update() and js_output(). This addresses CVE 2026-3644
(bsc#1259734, CVE-2026-3644).
- gh-145506: Fixes CVE 2026-2297 by ensuring that
SourcelessFileLoader uses io.open_code() when opening .pyc
files (bsc#1259240, CVE-2026-2297).
- gh-144370: Disallow usage of control characters in status
in wsgiref.handlers to prevent HTTP header injections.
Patch by Benedikt Johannes.
- gh-143930: Reject leading dashes in URLs passed to
webbrowser.open() (bsc#1260026, CVE-2026-4519).
- Library
- gh-144503: Fix a regression introduced in 3.14.3 and
3.13.12 where the multiprocessing forkserver start method
would fail with BrokenPipeError when the parent process had
a very large sys.argv. The argv is now passed to the
forkserver as separate command-line arguments rather than
being embedded in the -c command string, avoiding the
operating system’s per-argument length limit.
- gh-146613: itertools: Fix a crash in itertools.groupby()
when the grouper iterator is concurrently mutated.
- gh-146080: ssl: fix a crash when an SNI callback tries to
use an SSL object that has already been garbage-collected.
Patch by Bénédikt Tran.
- gh-146090: sqlite3: fix a crash when
sqlite3.Connection.create_collation() fails with
SQLITE_BUSY. Patch by Bénédikt Tran.
- gh-146090: sqlite3: properly raise MemoryError instead of
SystemError when a context callback fails to be allocated.
Patch by Bénédikt Tran.
- gh-145633: Fix struct.pack('f', float): use PyFloat_Pack4()
to raise OverflowError. Patch by Sergey B Kirpichev and
Victor Stinner.
- gh-146310: The ensurepip module no longer looks for
pip-*.whl wheel packages in the current directory.
- gh-146083: Update bundled libexpat to version 2.7.5.
- gh-146076: zoneinfo: fix crashes when deleting _weak_cache
from a zoneinfo.ZoneInfo subclass.
- gh-146054: Limit the size of encodings.search_function()
cache. Found by OSS Fuzz in #493449985.
- gh-145883: zoneinfo: Fix heap buffer overflow reads from
malformed TZif data. Found by OSS Fuzz, issues #492245058
and #492230068.
- gh-145750: Avoid undefined behaviour from signed integer
overflow when parsing format strings in the struct module.
Found by OSS Fuzz in #488466741.
- gh-145492: Fix infinite recursion in
collections.defaultdict __repr__ when a defaultdict
contains itself. Based on analysis by KowalskiThomas in
gh-145492.
- gh-145623: Fix crash in struct when calling repr() or
__sizeof__() on an uninitialized struct.Struct object
created via Struct.__new__() without calling __init__().
- gh-145616: Detect Android sysconfig ABI correctly on 32-bit
ARM Android on 64-bit ARM kernel
- gh-145376: Fix null pointer dereference in unusual error
scenario in hashlib.
- gh-145551: Fix InvalidStateError when cancelling process
created by asyncio.create_subprocess_exec() or
asyncio.create_subprocess_shell(). Patch by Daan De Meyer.
- gh-145417: venv: Prevent incorrect preservation of SELinux
context when copying the Activate.ps1 script. The script
inherited the SELinux security context of the system
template directory, rather than the destination project
directory.
- gh-145301: hashlib: fix a crash when the initialization of
the underlying C extension module fails.
- gh-145264: Base64 decoder (see binascii.a2b_base64(),
base64.b64decode(), etc) no longer ignores excess data
after the first padded quad in non-strict (default) mode.
Instead, in conformance with RFC 4648, section 3.3, it now
ignores the pad character, “=”, if it is present before the
end of the encoded data.
- gh-145158: Avoid undefined behaviour from signed integer
overflow when parsing format strings in the struct module.
- gh-144984: Fix crash in
xml.parsers.expat.xmlparser.ExternalEntityParserCreate()
when an allocation fails. The error paths could dereference
NULL handlers and double-decrement the parent parser’s
reference count.
- gh-88091: Fix unicodedata.decomposition() for Hangul
characters.
- gh-144835: Added missing explanations for some parameters
in glob.glob() and glob.iglob().
- gh-144833: Fixed a use-after-free in ssl when SSL_new()
returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been
freed.
- gh-144259: Fix inconsistent display of long multiline
pasted content in the REPL.
- gh-144156: Fix the folding of headers by the email library
when RFC 2047 encoded words are used. Now whitespace is
correctly preserved and also correctly added between
adjacent encoded words. The latter property was broken by
the fix for gh-92081, which mostly fixed previous failures
to preserve whitespace.
- gh-66305: Fixed a hang on Windows in the tempfile module
when trying to create a temporary file or subdirectory in
a non-writable directory.
- gh-140814: multiprocessing.freeze_support() no longer sets
the default start method as a side effect, which previously
caused a subsequent multiprocessing.set_start_method() call
to raise RuntimeError.
- gh-144475: Calling repr() on functools.partial() is now
safer when the partial object’s internal attributes are
replaced while the string representation is being
generated.
- gh-144538: Bump the version of pip bundled in ensurepip to
version 26.0.1
- gh-144363: Update bundled libexpat to 2.7.4
- gh-143637: Fixed a crash in socket.sendmsg() that could
occur if ancillary data is mutated re-entrantly during
argument parsing.
- gh-143880: Fix data race in functools.partial() in the free
threading build.
- gh-143543: Fix a crash in itertools.groupby that could
occur when a user-defined __eq__() method re-enters the
iterator during key comparison.
- gh-140652: Fix a crash in _interpchannels.list_all() after
closing a channel.
- gh-143698: Allow scheduler and setpgroup arguments to be
explicitly None when calling os.posix_spawn() or
os.posix_spawnp(). Patch by Bénédikt Tran.
- gh-143698: Raise TypeError instead of SystemError when the
scheduler in os.posix_spawn() or os.posix_spawnp() is not
a tuple. Patch by Bénédikt Tran.
- gh-143304: Fix ctypes.CDLL to honor the handle parameter on
POSIX systems.
- gh-142781: zoneinfo: fix a crash when instantiating
ZoneInfo objects for which the internal class-level cache
is inconsistent.
- gh-142763: Fix a race condition between zoneinfo.ZoneInfo
creation and zoneinfo.ZoneInfo.clear_cache() that could
raise KeyError.
- gh-142787: Fix assertion failure in sqlite3 blob subscript
when slicing with indices that result in an empty slice.
- gh-142352: Fix asyncio.StreamWriter.start_tls() to transfer
buffered data from StreamReader to the SSL layer,
preventing data loss when upgrading a connection to TLS
mid-stream (e.g., when implementing PROXY protocol
support).
- gh-141707: Don’t change tarfile.TarInfo type from AREGTYPE
to DIRTYPE when parsing GNU long name or link headers
(bsc#1259611, CVE-2025-13462).
- gh-139933: Improve AttributeError suggestions for classes
with a custom __dir__() method returning a list of
unsortable values. Patch by Bénédikt Tran.
- gh-138891: Fix SyntaxError when inspect.get_annotations(f,
eval_str=True) is called on a function annotated with a PEP
646 star_expression
- gh-137335: Get rid of any possibility of a name conflict
for named pipes in multiprocessing and asyncio on Windows,
no matter how small.
- gh-80667: Support lookup for Tangut Ideographs in
unicodedata.
- bpo-40243: Fix unicodedata.ucd_3_2_0.numeric() for
non-decimal values.
- Documentation
- gh-126676: Expand argparse documentation for type=bool with
a demonstration of the surprising behavior and pointers to
common alternatives.
- gh-145450: Document missing public wave.Wave_write getter
methods.
- Core and Builtins
- gh-148157: Fix an unlikely crash when parsing an invalid
type comments for function parameters. Found by OSS Fuzz in
[#492782951].
- gh-146615: Fix a crash in __get__() for METH_METHOD
descriptors when an invalid (non-type) object is passed as
the second argument. Patch by Steven Sun.
- gh-146128: Fix a bug which could cause constant values to
be partially corrupted in AArch64 JIT code. This issue is
theoretical, and hasn’t actually been observed in
unmodified Python interpreters.
- gh-146250: Fixed a memory leak in SyntaxError when
re-initializing it.
- gh-146245: Fixed reference leaks in socket when audit hooks
raise exceptions in socket.getaddrinfo() and
socket.sendto().
- gh-146227: Fix wrong type in _Py_atomic_load_uint16 in the
C11 atomics backend (pyatomic_std.h), which used a 32-bit
atomic load instead of 16-bit. Found by Mohammed Zuhaib.
- gh-146056: Fix repr() for lists containing NULLs.
- gh-145990: python --help-env sections are now sorted by
environment variable name.
- gh-145376: Fix GC tracking in structseq.__replace__().
- gh-142183: Avoid a pathological case where repeated calls
at a specific stack depth could be significantly slower.
- gh-145783: Fix an unlikely crash in the parser when certain
errors were erroneously not propagated. Found by OSS Fuzz
in #491369109.
- gh-145701: Fix SystemError when __classdict__ or
__conditional_annotations__ is in a class-scope inlined
comprehension. Found by OSS Fuzz in #491105000.
- gh-145335: Fix a crash in os.pathconf() when called with -1
as the path argument.
- gh-145234: Fixed a SystemError in the parser when an
encoding cookie (for example, UTF-7) decodes to carriage
returns (\r). Newlines are now normalized after decoding in
the string tokenizer.
- Patch by Pablo Galindo.
- gh-130555: Fix use-after-free in dict.clear() when the
dictionary values are embedded in an object and
a destructor causes re-entrant mutation of the dictionary.
- gh-145008: Fix a bug when calling certain methods at the
recursion limit which manifested as a corruption of
Python’s operand stack. Patch by Ken Jin.
- gh-144872: Fix heap buffer overflow in the parser found by
OSS-Fuzz.
- gh-144766: Fix a crash in fork child process when perf
support is enabled.
- gh-144759: Fix undefined behavior in the lexer when start
and multi_line_start pointers are NULL in
_PyLexer_remember_fstring_buffers() and
_PyLexer_restore_fstring_buffers(). The NULL pointer
arithmetic (NULL - valid_pointer) is now guarded with
explicit NULL checks.
- gh-144601: Fix crash when importing a module whose PyInit
function raises an exception from a subinterpreter.
- gh-143636: Fix a crash when calling
SimpleNamespace.__replace__() on non-namespace instances.
Patch by Bénédikt Tran.
- gh-143650: Fix race condition in importlib where a thread
could receive a stale module reference when another
thread’s import fails.
- gh-140594: Fix an out of bounds read when a single NUL
character is read from the standard input. Patch by Shamil
Abdulaev.
- gh-91636: While performing garbage collection, clear
weakrefs to unreachable objects that are created during
running of finalizers. If those weakrefs were are not
cleared, they could reveal unreachable objects.
- gh-130327: Fix erroneous clearing of an object’s __dict__
if overwritten at runtime.
- gh-80667: Literals using the \N{name} escape syntax can now
construct CJK ideographs and Hangul syllables using
case-insensitive names.
- Build
- gh-146541: The Android testbed can now be built for 32-bit
ARM and x86 targets.
- gh-146450: The Android build script was modified to improve
parity with other platform build scripts.
- gh-145801: When Python build is optimized with GCC using
PGO, use -fprofile-update=atomic option to use atomic
operations when updating profile information. This option
reduces the risk of gcov Data Files (.gcda) corruption
which can cause random GCC crashes. Patch by Victor
Stinner.
- gh-129259: Fix AIX build failures caused by incorrect
struct alignment in _Py_CODEUNIT and _Py_BackoffCounter by
adding AIX-specific #pragma pack directives.
- Tests
- gh-144418: The Android testbed’s emulator RAM has been
increased from 2 GB to 4 GB.
- gh-146202: Fix a race condition in regrtest: make sure that
the temporary directory is created in the worker process.
Previously, temp_cwd() could fail on Windows if the “build”
directory was not created. Patch by Victor Stinner.
- gh-144739: When Python was compiled with system expat older
then 2.7.2 but tests run with newer expat, still skip
test.test_pyexpat.MemoryProtectionTest.
- Removed upstreamed patches:
- CVE-2025-13462-tarinfo-header-parse.patch
- CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
- CVE-2026-3479-pkgutil_get_data.patch
- CVE-2026-3644-cookies-Morsel-update-II.patch
- CVE-2026-4224-expat-unbound-C-recursion.patch
- CVE-2026-4519-webbrowser-open-dashes.patch
* Thu Apr 02 2026 mcepl@cepl.eu
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
* Fri Mar 27 2026 mcepl@cepl.eu
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
* Wed Mar 25 2026 mcepl@cepl.eu
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
* Mon Mar 23 2026 mcepl@cepl.eu
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
* Mon Mar 23 2026 mcepl@cepl.eu
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
* Wed Mar 18 2026 mcepl@cepl.eu
- Fix changelog
* Tue Mar 17 2026 mmachova@suse.com
- Adapt %suse_version checks to support new %suse_version design for
16.1 and following (jsc#PED-15850)
* Fri Mar 13 2026 mcepl@cepl.eu
- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
ensuring that `SourcelessFileLoader` uses `io.open_code` when
opening `.pyc` files (bsc#1259240, CVE-2026-2297).
* Fri Feb 06 2026 mcepl@cepl.eu
- Update to 3.13.12: Python 3.13.12 final Release date:
2026-02-03
- Tools/Demos
- gh-142095: Make gdb ‘py-bt’ command use frame from thread
local state when available. Patch by Sam Gross and Victor
Stinner.
- Tests
- gh-144415: The Android testbed now distinguishes between
stdout/stderr messages which were triggered by a newline,
and those triggered by a manual call to flush. This fixes
logging of progress indicators and similar content.
- gh-65784: Add support for parametrized resource wantobjects
in regrtests, which allows to run Tkinter tests with the
specified value of tkinter.wantobjects, for example -u
wantobjects=0.
- gh-143553: Add support for parametrized resources, such as
- u xpickle=2.7.
- gh-142836: Accommodated Solaris in
test_pdb.test_script_target_anonymous_pipe.
- gh-129401: Fix a flaky test in test_repr_rlock that checks
the representation of multiprocessing.RLock.
- bpo-31391: Forward-port test_xpickle from Python 2 to
Python 3 and add the resource back to test’s command line.
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs (bsc#1257029, CVE-2025-11468).
- gh-143925: Reject control characters in data: URL media
types (bsc#1257046, CVE-2025-15282).
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672).
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865).
- Library
- gh-144380: Improve performance of io.BufferedReader line
iteration by ~49%.
- gh-144169: Fix three crashes when non-string keyword
arguments are supplied to objects in the ast module.
- gh-144100: Fixed a crash in ctypes when using a deprecated
POINTER(str) type in argtypes. Instead of aborting, ctypes
now raises a proper Python exception when the pointer
target type is unresolved.
- gh-144050: Fix stat.filemode() in the pure-Python
implementation to avoid misclassifying invalid mode values
as block devices.
- gh-144023: Fixed validation of file descriptor 0 in posix
functions when used with follow_symlinks parameter.
- gh-143999: Fix an issue where inspect.getgeneratorstate()
and inspect.getcoroutinestate() could fail for generators
wrapped by types.coroutine() in the suspended state.
- gh-143706: Fix multiprocessing forkserver so that sys.argv
is correctly set before __main__ is preloaded. Previously,
sys.argv was empty during main module import in forkserver
child processes. This fixes a regression introduced in
3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test
provided by Thomas Watson, thanks!
- gh-143638: Forbid reentrant calls of the pickle.Pickler and
pickle.Unpickler methods for the C implementation.
Previously, this could cause crash or data corruption, now
concurrent calls of methods of the same object raise
RuntimeError.
- gh-78724: Raise RuntimeError’s when user attempts to call
methods on half-initialized Struct objects, For example,
created by Struct.__new__(Struct). Patch by Sergey
B Kirpichev.
- gh-143602: Fix a inconsistency issue in write() that leads
to unexpected buffer overwrite by deduplicating the buffer
exports.
- gh-143547: Fix sys.unraisablehook() when the hook raises an
exception and changes sys.unraisablehook(): hold a strong
reference to the old hook. Patch by Victor Stinner.
- gh-143378: Fix use-after-free crashes when a BytesIO object
is concurrently mutated during write() or writelines().
- gh-143346: Fix incorrect wrapping of the Base64 data in
plistlib._PlistWriter when the indent contains a mix of
tabs and spaces.
- gh-143310: tkinter: fix a crash when a Python list is
mutated during the conversion to a Tcl object (e.g., when
setting a Tcl variable). Patch by Bénédikt Tran.
- gh-143309: Fix a crash in os.execve() on non-Windows
platforms when given a custom environment mapping which is
then mutated during parsing. Patch by Bénédikt Tran.
- gh-143308: pickle: fix use-after-free crashes when
a PickleBuffer is concurrently mutated by a custom buffer
callback during pickling. Patch by Bénédikt Tran and Aaron
Wieczorek.
- gh-143237: Fix support of named pipes in the rotating
logging handlers.
- gh-143249: Fix possible buffer leaks in Windows overlapped
I/O on error handling.
- gh-143241: zoneinfo: fix infinite loop in
ZoneInfo.from_file when parsing a malformed TZif file.
Patch by Fatih Celik.
- gh-142830: sqlite3: fix use-after-free crashes when the
connection’s callbacks are mutated during a callback
execution. Patch by Bénédikt Tran.
- gh-143200: xml.etree.ElementTree: fix use-after-free
crashes in __getitem__() and __setitem__() methods of
Element when the element is concurrently mutated. Patch by
Bénédikt Tran.
- gh-142195: Updated timeout evaluation logic in subprocess
to be compatible with deterministic environments like
Shadow where time moves exactly as requested.
- gh-143145: Fixed a possible reference leak in ctypes when
constructing results with multiple output parameters on
error.
- gh-122431: Corrected the error message in
readline.append_history_file() to state that nelements must
be non-negative instead of positive.
- gh-143004: Fix a potential use-after-free in
collections.Counter.update() when user code mutates the
Counter during an update.
- gh-143046: The asyncio REPL no longer prints copyright and
version messages in the quiet mode (-q). Patch by Bartosz
Sławecki.
- gh-140648: The asyncio REPL now respects the -I flag
(isolated mode). Previously, it would load and execute
PYTHONSTARTUP even if the flag was set. Contributed by
Bartosz Sławecki.
- gh-142991: Fixed socket operations such as recvfrom() and
sendto() for FreeBSD divert(4) socket.
- gh-143010: Fixed a bug in mailbox where the precise timing
of an external event could result in the library opening an
existing file instead of a file it expected to create.
- gh-142881: Fix concurrent and reentrant call of
atexit.unregister().
- gh-112127: Fix possible use-after-free in
atexit.unregister() when the callback is unregistered
during comparison.
- gh-142783: Fix zoneinfo use-after-free with descriptor
_weak_cache. a descriptor as _weak_cache could cause
crashes during object creation. The fix ensures proper
reference counting for descriptor-provided objects.
- gh-142754: Add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead.
- gh-142784: The asyncio REPL now properly closes the loop
upon the end of interactive session. Previously, it could
cause surprising warnings. Contributed by Bartosz Sławecki.
- gh-142555: array: fix a crash in a[i] = v when converting
i to an index via i.__index__ or i.__float__ mutates the
array.
- gh-142594: Fix crash in TextIOWrapper.close() when the
underlying buffer’s closed property calls detach().
- gh-142451: hmac: Ensure that the HMAC.block_size attribute
is correctly copied by HMAC.copy. Patch by Bénédikt Tran.
- gh-142495: collections.defaultdict now prioritizes
__setitem__() when inserting default values from
default_factory. This prevents race conditions where
a default value would overwrite a value set before
default_factory returns.
- gh-142651: unittest.mock: fix a thread safety issue where
Mock.call_count may return inaccurate values when the mock
is called concurrently from multiple threads.
- gh-142595: Added type check during initialization of the
decimal module to prevent a crash in case of broken stdlib.
Patch by Sergey B Kirpichev.
- gh-142517: The non-compat32 email policies now correctly
handle refolding encoded words that contain bytes that can
not be decoded in their specified character set. Previously
this resulted in an encoding exception during folding.
- gh-112527: The help text for required options in argparse
no longer extended with “ (default: None)”.
- gh-142315: Pdb can now run scripts from anonymous pipes
used in process substitution. Patch by Bartosz Sławecki.
- gh-142282: Fix winreg.QueryValueEx() to not accidentally
read garbage buffer under race condition.
- gh-75949: Fix argparse to preserve | separators in mutually
exclusive groups when the usage line wraps due to length.
- gh-68552: MisplacedEnvelopeHeaderDefect and Missing header
name defects are now correctly passed to the handle_defect
method of policy in FeedParser.
- gh-142006: Fix a bug in the email.policy.default folding
algorithm which incorrectly resulted in a doubled newline
when a line ending at exactly max_line_length was followed
by an unfoldable token.
- gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving
underlying cancelled asyncio task running.
- gh-139971: pydoc: Ensure that the link to the online
documentation of a stdlib module is correct.
- gh-139262: Some keystrokes can be swallowed in the new
PyREPL on Windows, especially when used together with the
ALT key. Fix by Chris Eibl.
- gh-138897: Improved license/copyright/credits display in
the REPL: now uses a pager.
- gh-79986: Add parsing for References and In-Reply-To
headers to the email library that parses the header content
as lists of message id tokens. This prevents them from
being folded incorrectly.
- gh-109263: Starting a process from spawn context in
multiprocessing no longer sets the start method globally.
- gh-90871: Fixed an off by one error concerning the backlog
parameter in create_unix_server(). Contributed by Christian
Harries.
- gh-133253: Fix thread-safety issues in linecache.
- gh-132715: Skip writing objects during marshalling once
a failure has occurred.
- gh-127529: Correct behavior of
asyncio.selector_events.BaseSelectorEventLoop._accept_connection()
in handling ConnectionAbortedError in a loop. This improves
performance on OpenBSD.
- IDLE
- gh-143774: Better explain the operation of Format / Format
Paragraph.
- Documentation
- gh-140806: Add documentation for enum.bin().
- Core and Builtins
- gh-144307: Prevent a reference leak in module teardown at
interpreter finalization.
- gh-144194: Fix error handling in perf jitdump
initialization on memory allocation failure.
- gh-141805: Fix crash in set when objects with the same hash
are concurrently added to the set after removing an element
with the same hash while the set still contains elements
with the same hash.
- gh-143670: Fixes a crash in ga_repr_items_list function.
- gh-143377: Fix a crash in _interpreters.capture_exception()
when the exception is incorrectly formatted. Patch by
Bénédikt Tran.
- gh-143189: Fix crash when inserting a non-str key into
a split table dictionary when the key matches an existing
key in the split table but has no corresponding value in
the dict.
- gh-143228: Fix use-after-free in perf trampoline when
toggling profiling while threads are running or during
interpreter finalization with daemon threads active. The
fix uses reference counting to ensure trampolines are not
freed while any code object could still reference them.
Pach by Pablo Galindo
- gh-142664: Fix a use-after-free crash in
memoryview.__hash__ when the __hash__ method of the
referenced object mutates that object or the view. Patch by
Bénédikt Tran.
- gh-142557: Fix a use-after-free crash in bytearray.__mod__
when the bytearray is mutated while formatting the %-style
arguments. Patch by Bénédikt Tran.
- gh-143195: Fix use-after-free crashes in bytearray.hex()
and memoryview.hex() when the separator’s __len__() mutates
the original object. Patch by Bénédikt Tran.
- gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is
0. Previously, it was set to 0 in this case.
- gh-143003: Fix an overflow of the shared empty buffer in
bytearray.extend() when __length_hint__() returns 0 for
non-empty iterator.
- gh-143006: Fix a possible assertion error when comparing
negative non-integer float and int with the same number of
bits in the integer part.
- gh-142776: Fix a file descriptor leak in import.c
- gh-142829: Fix a use-after-free crash in
contextvars.Context comparison when a custom __eq__ method
modifies the context via set().
- gh-142766: Clear the frame of a generator when
generator.close() is called.
- gh-142737: Tracebacks will be displayed in fallback mode
even if io.open() is lost. Previously, this would crash the
interpreter. Patch by Bartosz Sławecki.
- gh-142554: Fix a crash in divmod() when
_pylong.int_divmod() does not return a tuple of length two
exactly. Patch by Bénédikt Tran.
- gh-142560: Fix use-after-free in bytearray search-like
methods (find(), count(), index(), rindex(), and rfind())
by marking the storage as exported which causes
reallocation attempts to raise BufferError. For contains(),
split(), and rsplit() the buffer protocol is used for this.
- gh-142343: Fix SIGILL crash on m68k due to incorrect
assembly constraint.
- gh-141732: Ensure the __repr__() for ExceptionGroup and
BaseExceptionGroup does not change when the exception
sequence that was original passed in to its constructor is
subsequently mutated.
- gh-100964: Fix reference cycle in exhausted generator
frames. Patch by Savannah Ostrowski.
- gh-140373: Correctly emit PY_UNWIND event when generator
object is closed. Patch by Mikhail Efimov.
- gh-138568: Adjusted the built-in help() function so that
empty inputs are ignored in interactive mode.
- gh-127773: Do not use the type attribute cache for types
with incompatible MRO.
- C API
- gh-142571: PyUnstable_CopyPerfMapFile() now checks that
opening the file succeeded before flushing.
- Build
- gh-142454: When calculating the digest of the JIT stencils
input, sort the hashed files by filenames before adding
their content to the hasher. This ensures deterministic
hash input and hence deterministic hash, independent on
filesystem order.
- gh-141808: When running make clean-retain-profile, keep the
generated JIT stencils. That way, the stencils are not
generated twice when Profile-guided optimization (PGO) is
used. It also allows distributors to supply their own
pre-built JIT stencils.
- gh-138061: Ensure reproducible builds by making JIT stencil
header generation deterministic.
- Remove upstreamed patches:
- CVE-2024-6923-follow-up-EOL-email-headers.patch
- gh138131-exclude-pycache-from-digest.patch