Python 3.9.22v3.9.22

7 files changed, 70 insertions, 22 deletions

diff --git a/Misc/NEWS.d/3.9.22.rst b/Misc/NEWS.d/3.9.22.rst
new file mode 100644
index 0000000..5a2a026
--- /dev/null
+++ b/Misc/NEWS.d/3.9.22.rst
@@ -0,0 +1,70 @@
+.. date: 2025-04-07-04-11-08
+.. gh-issue: 131809
+.. nonce: 4MBDuy
+.. release date: 2025-04-08
+.. section: Security
+
+Update bundled libexpat to 2.7.1
+
+..
+
+.. date: 2025-03-14-23-28-39
+.. gh-issue: 131261
+.. nonce: 0aB6nM
+.. section: Security
+
+Upgrade to libexpat 2.7.0
+
+..
+
+.. date: 2025-01-28-14-08-03
+.. gh-issue: 105704
+.. nonce: EnhHxu
+.. section: Security
+
+When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse`
+host parsing would not reject domain names containing square brackets (``[``
+and ``]``). Square brackets are only valid for IPv6 and IPvFuture hosts
+according to `RFC 3986 Section 3.2.2
+<https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.
+
+..
+
+.. date: 2024-08-06-12-27-34
+.. gh-issue: 121284
+.. nonce: 8rwPxe
+.. section: Security
+
+Fix bug in the folding of rfc2047 encoded-words when flattening an email
+message using a modern email policy. Previously when an encoded-word was too
+long for a line, it would be decoded, split across lines, and re-encoded.
+But commas and other special characters in the original text could be left
+unencoded and unquoted. This could theoretically be used to spoof header
+lines using a carefully constructed encoded-word if the resulting rendered
+email was transmitted or re-parsed.
+
+..
+
+.. date: 2024-05-24-21-00-52
+.. gh-issue: 119511
+.. nonce: jKrXQ8
+.. section: Security
+
+Fix a potential denial of service in the :mod:`imaplib` module. When
+connecting to a malicious server, it could cause an arbitrary amount of
+memory to be allocated. On many systems this is harmless as unused virtual
+memory is only a mapping, but if this hit a virtual address size limit it
+could lead to a :exc:`MemoryError` or other process crash. On unusual
+systems or builds where all allocated memory is touched and backed by actual
+ram or storage it could've consumed resources doing so until similarly
+crashing.
+
+..
+
+.. date: 2024-07-19-12-22-48
+.. gh-issue: 121277
+.. nonce: wF_zKd
+.. section: Documentation
+
+Writers of CPython's documentation can now use ``next`` as the version for
+the ``versionchanged``, ``versionadded``, ``deprecated`` directives.
diff --git a/Misc/NEWS.d/next/Documentation/2024-07-19-12-22-48.gh-issue-121277.wF_zKd.rst b/Misc/NEWS.d/next/Documentation/2024-07-19-12-22-48.gh-issue-121277.wF_zKd.rst
deleted file mode 100644
index 60f75ae..0000000
--- a/Misc/NEWS.d/next/Documentation/2024-07-19-12-22-48.gh-issue-121277.wF_zKd.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Writers of CPython's documentation can now use ``next`` as the version for
-the ``versionchanged``, ``versionadded``, ``deprecated`` directives.
diff --git a/Misc/NEWS.d/next/Security/2024-05-24-21-00-52.gh-issue-119511.jKrXQ8.rst b/Misc/NEWS.d/next/Security/2024-05-24-21-00-52.gh-issue-119511.jKrXQ8.rst
deleted file mode 100644
index f7b4031..0000000
--- a/Misc/NEWS.d/next/Security/2024-05-24-21-00-52.gh-issue-119511.jKrXQ8.rst
+++ /dev/null
@@ -1,7 +0,0 @@
-Fix a potential denial of service in the :mod:`imaplib` module. When connecting
-to a malicious server, it could cause an arbitrary amount of memory to be
-allocated. On many systems this is harmless as unused virtual memory is only a
-mapping, but if this hit a virtual address size limit it could lead to a
-:exc:`MemoryError` or other process crash. On unusual systems or builds where
-all allocated memory is touched and backed by actual ram or storage it could've
-consumed resources doing so until similarly crashing.
diff --git a/Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst b/Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst
deleted file mode 100644
index 923e911..0000000
--- a/Misc/NEWS.d/next/Security/2024-08-06-12-27-34.gh-issue-121284.8rwPxe.rst
+++ /dev/null
@@ -1,7 +0,0 @@
-Fix bug in the folding of rfc2047 encoded-words when flattening an email message
-using a modern email policy. Previously when an encoded-word was too long
-for a line, it would be decoded, split across lines, and re-encoded. But commas
-and other special characters in the original text could be left unencoded and
-unquoted. This could theoretically be used to spoof header lines using
-a carefully constructed encoded-word if the resulting rendered email was
-transmitted or re-parsed.
diff --git a/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
deleted file mode 100644
index bff1bc6..0000000
--- a/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host
-parsing would not reject domain names containing square brackets (``[`` and
-``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to
-`RFC 3986 Section 3.2.2 <https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.
diff --git a/Misc/NEWS.d/next/Security/2025-03-14-23-28-39.gh-issue-131261.0aB6nM.rst b/Misc/NEWS.d/next/Security/2025-03-14-23-28-39.gh-issue-131261.0aB6nM.rst
deleted file mode 100644
index fa56e7a..0000000
--- a/Misc/NEWS.d/next/Security/2025-03-14-23-28-39.gh-issue-131261.0aB6nM.rst
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade to libexpat 2.7.0
diff --git a/Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst b/Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst
deleted file mode 100644
index 1421b4d..0000000
--- a/Misc/NEWS.d/next/Security/2025-04-07-04-11-08.gh-issue-131809.4MBDuy.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update bundled libexpat to 2.7.1