Python 3.11.10v3.11.10

20 files changed, 210 insertions, 56 deletions

diff --git a/Misc/NEWS.d/3.11.10.rst b/Misc/NEWS.d/3.11.10.rst
new file mode 100644
index 0000000..8725389
--- /dev/null
+++ b/Misc/NEWS.d/3.11.10.rst
@@ -0,0 +1,210 @@
+.. date: 2024-09-04-09-59-18
+.. gh-issue: 123418
+.. nonce: QaMC12
+.. release date: 2024-09-07
+.. section: Windows
+
+Updated Windows build to use OpenSSL 3.0.15.
+
+..
+
+.. date: 2024-05-29-17-00-27
+.. gh-issue: 119690
+.. nonce: tv6Zgs
+.. section: Windows
+
+Fixes data type confusion in audit event raised by
+``_winapi.CreateNamedPipe``.
+
+..
+
+.. date: 2024-09-04-12-41-35
+.. gh-issue: 123678
+.. nonce: N41y9n
+.. section: Security
+
+Upgrade libexpat to 2.6.3
+
+..
+
+.. date: 2024-07-22-13-14-38
+.. gh-issue: 121957
+.. nonce: FYkcOt
+.. section: Security
+
+Fixed missing audit events around interactive use of Python, now also
+properly firing for ``python -i``, as well as for ``python -m asyncio``. The
+event in question is ``cpython.run_stdin``.
+
+..
+
+.. date: 2024-07-22-13-11-28
+.. gh-issue: 122133
+.. nonce: 0mPeta
+.. section: Security
+
+Authenticate the socket connection for the ``socket.socketpair()`` fallback
+on platforms where ``AF_UNIX`` is not available like Windows.
+
+Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
+<seth@python.org>. Reported by Ellie <el@horse64.org>
+
+..
+
+.. date: 2024-07-02-13-39-20
+.. gh-issue: 121285
+.. nonce: hrl-yI
+.. section: Security
+
+Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and
+GNU sparse headers.
+
+..
+
+.. date: 2024-05-01-20-57-09
+.. gh-issue: 118486
+.. nonce: K44KJG
+.. section: Security
+
+:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict the
+new directory to the current user. This fixes CVE-2024-4030 affecting
+:func:`tempfile.mkdtemp` in scenarios where the base temporary directory is
+more permissive than the default.
+
+..
+
+.. date: 2024-03-27-13-50-02
+.. gh-issue: 116741
+.. nonce: ZoGryG
+.. section: Security
+
+Update bundled libexpat to 2.6.2
+
+..
+
+.. date: 2024-08-26-13-45-20
+.. gh-issue: 123270
+.. nonce: gXHvNJ
+.. section: Library
+
+Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
+causing infinite loops (gh-122905) without breaking contents using
+legitimate characters.
+
+..
+
+.. date: 2024-08-16-19-13-21
+.. gh-issue: 123067
+.. nonce: Nx9O4R
+.. section: Library
+
+Fix quadratic complexity in parsing ``"``-quoted cookie values with
+backslashes by :mod:`http.cookies`.
+
+..
+
+.. date: 2024-08-11-14-08-04
+.. gh-issue: 122905
+.. nonce: 7tDsxA
+.. section: Library
+
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
+
+..
+
+.. date: 2024-07-27-16-10-41
+.. gh-issue: 121650
+.. nonce: nf6oc9
+.. section: Library
+
+:mod:`email` headers with embedded newlines are now quoted on output. The
+:mod:`~email.generator` will now refuse to serialize (write) headers that
+are unsafely folded or delimited; see
+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
+Bloemsaat and Petr Viktorin in :gh:`121650`.)
+
+..
+
+.. date: 2024-05-24-14-32-24
+.. gh-issue: 119506
+.. nonce: -nMNqq
+.. section: Library
+
+Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the
+method is called again during flushing internal buffer.
+
+..
+
+.. date: 2024-05-16-17-31-46
+.. gh-issue: 118643
+.. nonce: hAWH4C
+.. section: Library
+
+Fix an AttributeError in the :mod:`email` module when re-fold a long address
+list. Also fix more cases of incorrect encoding of the address separator in
+the address list.
+
+..
+
+.. date: 2024-03-14-01-38-44
+.. gh-issue: 113171
+.. nonce: VFnObz
+.. section: Library
+
+Fixed various false positives and false negatives in
+
+* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
+* :attr:`ipaddress.IPv4Address.is_global`
+* :attr:`ipaddress.IPv6Address.is_private`
+* :attr:`ipaddress.IPv6Address.is_global`
+
+Also in the corresponding :class:`ipaddress.IPv4Network` and
+:class:`ipaddress.IPv6Network` attributes.
+
+..
+
+.. date: 2023-10-20-15-28-08
+.. gh-issue: 102988
+.. nonce: dStNO7
+.. section: Library
+
+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
+return ``('', '')`` 2-tuples in more situations where invalid email
+addresses are encountered instead of potentially inaccurate values. Add
+optional *strict* parameter to these two functions: use ``strict=False`` to
+get the old behavior, accept malformed inputs. ``getattr(email.utils,
+'supports_strict_parsing', False)`` can be use to check if the *strict*
+paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve
+the CVE-2023-27043 fix.
+
+..
+
+.. date: 2019-08-27-01-16-50
+.. gh-issue: 67693
+.. nonce: 4NIAiy
+.. section: Library
+
+Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for
+URIs with path starting with multiple slashes and no authority. Based on
+patch by Ashwin Ramaswami.
+
+..
+
+.. date: 2024-09-04-18-20-11
+.. gh-issue: 112275
+.. nonce: W_iMiB
+.. section: Core and Builtins
+
+A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at
+fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by
+Victor Stinner.
+
+..
+
+.. date: 2024-04-02-06-16-49
+.. gh-issue: 109120
+.. nonce: X485oN
+.. section: Core and Builtins
+
+Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by
+Grigoryev Semyon
diff --git a/Misc/NEWS.d/next/Core and Builtins/2024-04-02-06-16-49.gh-issue-109120.X485oN.rst b/Misc/NEWS.d/next/Core and Builtins/2024-04-02-06-16-49.gh-issue-109120.X485oN.rst
deleted file mode 100644
index 32e70b2..0000000
--- a/Misc/NEWS.d/next/Core and Builtins/2024-04-02-06-16-49.gh-issue-109120.X485oN.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by
-Grigoryev Semyon
diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2024-09-04-18-20-11.gh-issue-112275.W_iMiB.rst b/Misc/NEWS.d/next/Core_and_Builtins/2024-09-04-18-20-11.gh-issue-112275.W_iMiB.rst
deleted file mode 100644
index d663be1..0000000
--- a/Misc/NEWS.d/next/Core_and_Builtins/2024-09-04-18-20-11.gh-issue-112275.W_iMiB.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c``
-at fork is now fixed. Patch by ChuBoning based on previous Python 3.12
-fix by Victor Stinner.
diff --git a/Misc/NEWS.d/next/Library/2019-08-27-01-16-50.gh-issue-67693.4NIAiy.rst b/Misc/NEWS.d/next/Library/2019-08-27-01-16-50.gh-issue-67693.4NIAiy.rst
deleted file mode 100644
index 22457df..0000000
--- a/Misc/NEWS.d/next/Library/2019-08-27-01-16-50.gh-issue-67693.4NIAiy.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority.
-Based on patch by Ashwin Ramaswami.
diff --git a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
deleted file mode 100644
index 3d0e9e4..0000000
--- a/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
+++ /dev/null
@@ -1,8 +0,0 @@
-:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
-return ``('', '')`` 2-tuples in more situations where invalid email
-addresses are encountered instead of potentially inaccurate values. Add
-optional *strict* parameter to these two functions: use ``strict=False`` to
-get the old behavior, accept malformed inputs.
-``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check
-if the *strict* paramater is available. Patch by Thomas Dwyer and Victor
-Stinner to improve the CVE-2023-27043 fix.
diff --git a/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst b/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst
deleted file mode 100644
index f9a7247..0000000
--- a/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst
+++ /dev/null
@@ -1,9 +0,0 @@
-Fixed various false positives and false negatives in
-
-* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
-* :attr:`ipaddress.IPv4Address.is_global`
-* :attr:`ipaddress.IPv6Address.is_private`
-* :attr:`ipaddress.IPv6Address.is_global`
-
-Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network`
-attributes.
diff --git a/Misc/NEWS.d/next/Library/2024-05-16-17-31-46.gh-issue-118643.hAWH4C.rst b/Misc/NEWS.d/next/Library/2024-05-16-17-31-46.gh-issue-118643.hAWH4C.rst
deleted file mode 100644
index e86a49a..0000000
--- a/Misc/NEWS.d/next/Library/2024-05-16-17-31-46.gh-issue-118643.hAWH4C.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fix an AttributeError in the :mod:`email` module when re-fold a long address
-list. Also fix more cases of incorrect encoding of the address separator in the address list.
diff --git a/Misc/NEWS.d/next/Library/2024-05-24-14-32-24.gh-issue-119506.-nMNqq.rst b/Misc/NEWS.d/next/Library/2024-05-24-14-32-24.gh-issue-119506.-nMNqq.rst
deleted file mode 100644
index f9b764a..0000000
--- a/Misc/NEWS.d/next/Library/2024-05-24-14-32-24.gh-issue-119506.-nMNqq.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the method is called again during flushing internal buffer.
diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
deleted file mode 100644
index 83dd28d..0000000
--- a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
+++ /dev/null
@@ -1,5 +0,0 @@
-:mod:`email` headers with embedded newlines are now quoted on output. The
-:mod:`~email.generator` will now refuse to serialize (write) headers that
-are unsafely folded or delimited; see
-:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
-Bloemsaat and Petr Viktorin in :gh:`121650`.)
diff --git a/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
deleted file mode 100644
index 1be44c9..0000000
--- a/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
+++ /dev/null
@@ -1 +0,0 @@
-:class:`zipfile.Path` objects now sanitize names from the zipfile.
diff --git a/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst b/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst
deleted file mode 100644
index 6a23456..0000000
--- a/Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies`.
diff --git a/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst b/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst
deleted file mode 100644
index ee9fde6..0000000
--- a/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
-causing infinite loops (gh-122905) without breaking contents using
-legitimate characters.
diff --git a/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst b/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst
deleted file mode 100644
index 12a4194..0000000
--- a/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update bundled libexpat to 2.6.2
diff --git a/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst b/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst
deleted file mode 100644
index a28a4e5..0000000
--- a/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict
-the new directory to the current user. This fixes CVE-2024-4030
-affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
-directory is more permissive than the default.
diff --git a/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst b/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst
deleted file mode 100644
index 81f918b..0000000
--- a/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and
-GNU sparse headers.
diff --git a/Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst b/Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst
deleted file mode 100644
index 3544eb3..0000000
--- a/Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst
+++ /dev/null
@@ -1,5 +0,0 @@
-Authenticate the socket connection for the ``socket.socketpair()`` fallback
-on platforms where ``AF_UNIX`` is not available like Windows.
-
-Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie
-<el@horse64.org>
diff --git a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
deleted file mode 100644
index ff4614b..0000000
--- a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fixed missing audit events around interactive use of Python, now also
-properly firing for ``python -i``, as well as for ``python -m asyncio``. The
-event in question is ``cpython.run_stdin``.
diff --git a/Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst b/Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst
deleted file mode 100644
index b70f578..0000000
--- a/Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade libexpat to 2.6.3
diff --git a/Misc/NEWS.d/next/Windows/2024-05-29-17-00-27.gh-issue-119690.tv6Zgs.rst b/Misc/NEWS.d/next/Windows/2024-05-29-17-00-27.gh-issue-119690.tv6Zgs.rst
deleted file mode 100644
index 45e644c..0000000
--- a/Misc/NEWS.d/next/Windows/2024-05-29-17-00-27.gh-issue-119690.tv6Zgs.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fixes data type confusion in audit event raised by
-``_winapi.CreateNamedPipe``.
diff --git a/Misc/NEWS.d/next/Windows/2024-09-04-09-59-18.gh-issue-123418.QaMC12.rst b/Misc/NEWS.d/next/Windows/2024-09-04-09-59-18.gh-issue-123418.QaMC12.rst
deleted file mode 100644
index c2b47dc..0000000
--- a/Misc/NEWS.d/next/Windows/2024-09-04-09-59-18.gh-issue-123418.QaMC12.rst
+++ /dev/null
@@ -1 +0,0 @@
-Updated Windows build to use OpenSSL 3.0.15.