- Tools/Demos
- gh-142095: Make gdb ‘py-bt’ command use frame from thread
local state when available. Patch by Sam Gross and Victor
Stinner.
- Tests
- gh-144415: The Android testbed now distinguishes between
stdout/stderr messages which were triggered by a newline,
and those triggered by a manual call to flush. This fixes
logging of progress indicators and similar content.
- gh-65784: Add support for parametrized resource wantobjects
in regrtests, which allows to run Tkinter tests with the
specified value of tkinter.wantobjects, for example -u
wantobjects=0.
- gh-143553: Add support for parametrized resources, such as
-u xpickle=2.7.
- gh-142836: Accommodated Solaris in
test_pdb.test_script_target_anonymous_pipe.
- gh-129401: Fix a flaky test in test_repr_rlock that checks
the representation of multiprocessing.RLock.
- bpo-31391: Forward-port test_xpickle from Python 2 to
Python 3 and add the resource back to test’s command line.
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs.
- gh-143925: Reject control characters in data: URL media
types.
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values.
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters.
- Library
- gh-144380: Improve performance of io.BufferedReader line
iteration by ~49%.
- gh-144169: Fix three crashes when non-string keyword
arguments are supplied to objects in the ast module.
- gh-144100: Fixed a crash in ctypes when using a deprecated
POINTER(str) type in argtypes. Instead of aborting, ctypes
now raises a proper Python exception when the pointer
target type is unresolved.
- gh-144050: Fix stat.filemode() in the pure-Python
implementation to avoid misclassifying invalid mode values
as block devices.
- gh-144023: Fixed validation of file descriptor 0 in posix
functions when used with follow_symlinks parameter.
- gh-143999: Fix an issue where inspect.getgeneratorstate()
and inspect.getcoroutinestate() could fail for generators
wrapped by types.coroutine() in the suspended state.
- gh-143706: Fix multiprocessing forkserver so that sys.argv
is correctly set before __main__ is preloaded. Previously,
sys.argv was empty during main module import in forkserver
child processes. This fixes a regression introduced in
3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test
provided by Thomas Watson, thanks!
- gh-143638: Forbid reentrant calls of the pickle.Pickler and
pickle.Unpickler methods for the C implementation.
Previously, this could cause crash or data corruption, now
concurrent calls of methods of the same object raise
RuntimeError.
- gh-78724: Raise RuntimeError’s when user attempts to call
methods on half-initialized Struct objects, For example,
created by Struct.__new__(Struct). Patch by Sergey
B Kirpichev.
- gh-143602: Fix a inconsistency issue in write() that leads
to unexpected buffer overwrite by deduplicating the buffer
exports.
- gh-143547: Fix sys.unraisablehook() when the hook raises an
exception and changes sys.unraisablehook(): hold a strong
reference to the old hook. Patch by Victor Stinner.
- gh-143378: Fix use-after-free crashes when a BytesIO object
is concurrently mutated during write() or writelines().
- gh-143346: Fix incorrect wrapping of the Base64 data in
plistlib._PlistWriter when the indent contains a mix of
tabs and spaces.
- gh-143310: tkinter: fix a crash when a Python list is
mutated during the conversion to a Tcl object (e.g., when
setting a Tcl variable). Patch by Bénédikt Tran.
- gh-143309: Fix a crash in os.execve() on non-Windows
platforms when given a custom environment mapping which is
then mutated during parsing. Patch by Bénédikt Tran.
- gh-143308: pickle: fix use-after-free crashes when
a PickleBuffer is concurrently mutated by a custom buffer
callback during pickling. Patch by Bénédikt Tran and Aaron
Wieczorek.
- gh-143237: Fix support of named pipes in the rotating
logging handlers.
- gh-143249: Fix possible buffer leaks in Windows overlapped
I/O on error handling.
- gh-143241: zoneinfo: fix infinite loop in
ZoneInfo.from_file when parsing a malformed TZif file.
Patch by Fatih Celik.
- gh-142830: sqlite3: fix use-after-free crashes when the
connection’s callbacks are mutated during a callback
execution. Patch by Bénédikt Tran.
- gh-143200: xml.etree.ElementTree: fix use-after-free
crashes in __getitem__() and __setitem__() methods of
Element when the element is concurrently mutated. Patch by
Bénédikt Tran.
- gh-142195: Updated timeout evaluation logic in subprocess
to be compatible with deterministic environments like
Shadow where time moves exactly as requested.
- gh-143145: Fixed a possible reference leak in ctypes when
constructing results with multiple output parameters on
error.
- gh-122431: Corrected the error message in
readline.append_history_file() to state that nelements must
be non-negative instead of positive.
- gh-143004: Fix a potential use-after-free in
collections.Counter.update() when user code mutates the
Counter during an update.
- gh-143046: The asyncio REPL no longer prints copyright and
version messages in the quiet mode (-q). Patch by Bartosz
Sławecki.
- gh-140648: The asyncio REPL now respects the -I flag
(isolated mode). Previously, it would load and execute
PYTHONSTARTUP even if the flag was set. Contributed by
Bartosz Sławecki.
- gh-142991: Fixed socket operations such as recvfrom() and
sendto() for FreeBSD divert(4) socket.
- gh-143010: Fixed a bug in mailbox where the precise timing
of an external event could result in the library opening an
existing file instead of a file it expected to create.
- gh-142881: Fix concurrent and reentrant call of
atexit.unregister().
- gh-112127: Fix possible use-after-free in
atexit.unregister() when the callback is unregistered
during comparison.
- gh-142783: Fix zoneinfo use-after-free with descriptor
_weak_cache. a descriptor as _weak_cache could cause
crashes during object creation. The fix ensures proper
reference counting for descriptor-provided objects.
- gh-142754: Add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead.
- gh-142784: The asyncio REPL now properly closes the loop
upon the end of interactive session. Previously, it could
cause surprising warnings. Contributed by Bartosz Sławecki.
- gh-142555: array: fix a crash in a[i] = v when converting
i to an index via i.__index__ or i.__float__ mutates the
array.
- gh-142594: Fix crash in TextIOWrapper.close() when the
underlying buffer’s closed property calls detach().
- gh-142451: hmac: Ensure that the HMAC.block_size attribute
is correctly copied by HMAC.copy. Patch by Bénédikt Tran.
- gh-142495: collections.defaultdict now prioritizes
__setitem__() when inserting default values from
default_factory. This prevents race conditions where
a default value would overwrite a value set before
default_factory returns.
- gh-142651: unittest.mock: fix a thread safety issue where
Mock.call_count may return inaccurate values when the mock
is called concurrently from multiple threads.
- gh-142595: Added type check during initialization of the
decimal module to prevent a crash in case of broken stdlib.
Patch by Sergey B Kirpichev.
- gh-142517: The non-compat32 email policies now correctly
handle refolding encoded words that contain bytes that can
not be decoded in their specified character set. Previously
this resulted in an encoding exception during folding.
- gh-112527: The help text for required options in argparse
no longer extended with “ (default: None)”.
- gh-142315: Pdb can now run scripts from anonymous pipes
used in process substitution. Patch by Bartosz Sławecki.
- gh-142282: Fix winreg.QueryValueEx() to not accidentally
read garbage buffer under race condition.
- gh-75949: Fix argparse to preserve | separators in mutually
exclusive groups when the usage line wraps due to length.
- gh-68552: MisplacedEnvelopeHeaderDefect and Missing header
name defects are now correctly passed to the handle_defect
method of policy in FeedParser.
- gh-142006: Fix a bug in the email.policy.default folding
algorithm which incorrectly resulted in a doubled newline
when a line ending at exactly max_line_length was followed
by an unfoldable token.
- gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving
underlying cancelled asyncio task running.
- gh-139971: pydoc: Ensure that the link to the online
documentation of a stdlib module is correct.
- gh-139262: Some keystrokes can be swallowed in the new
PyREPL on Windows, especially when used together with the
ALT key. Fix by Chris Eibl.
- gh-138897: Improved license/copyright/credits display in
the REPL: now uses a pager.
- gh-79986: Add parsing for References and In-Reply-To
headers to the email library that parses the header content
as lists of message id tokens. This prevents them from
being folded incorrectly.
- gh-109263: Starting a process from spawn context in
multiprocessing no longer sets the start method globally.
- gh-90871: Fixed an off by one error concerning the backlog
parameter in create_unix_server(). Contributed by Christian
Harries.
- gh-133253: Fix thread-safety issues in linecache.
- gh-132715: Skip writing objects during marshalling once
a failure has occurred.
- gh-127529: Correct behavior of
asyncio.selector_events.BaseSelectorEventLoop._accept_connection()
in handling ConnectionAbortedError in a loop. This improves
performance on OpenBSD.
- IDLE
- gh-143774: Better explain the operation of Format / Format
Paragraph.
- Documentation
- gh-140806: Add documentation for enum.bin().
- Core and Builtins
- gh-144307: Prevent a reference leak in module teardown at
interpreter finalization.
- gh-144194: Fix error handling in perf jitdump
initialization on memory allocation failure.
- gh-141805: Fix crash in set when objects with the same hash
are concurrently added to the set after removing an element
with the same hash while the set still contains elements
with the same hash.
- gh-143670: Fixes a crash in ga_repr_items_list function.
- gh-143377: Fix a crash in _interpreters.capture_exception()
when the exception is incorrectly formatted. Patch by
Bénédikt Tran.
- gh-143189: Fix crash when inserting a non-str key into
a split table dictionary when the key matches an existing
key in the split table but has no corresponding value in
the dict.
- gh-143228: Fix use-after-free in perf trampoline when
toggling profiling while threads are running or during
interpreter finalization with daemon threads active. The
fix uses reference counting to ensure trampolines are not
freed while any code object could still reference them.
Pach by Pablo Galindo
- gh-142664: Fix a use-after-free crash in
memoryview.__hash__ when the __hash__ method of the
referenced object mutates that object or the view. Patch by
Bénédikt Tran.
- gh-142557: Fix a use-after-free crash in bytearray.__mod__
when the bytearray is mutated while formatting the %-style
arguments. Patch by Bénédikt Tran.
- gh-143195: Fix use-after-free crashes in bytearray.hex()
and memoryview.hex() when the separator’s __len__() mutates
the original object. Patch by Bénédikt Tran.
- gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is
0. Previously, it was set to 0 in this case.
- gh-143003: Fix an overflow of the shared empty buffer in
bytearray.extend() when __length_hint__() returns 0 for
non-empty iterator.
- gh-143006: Fix a possible assertion error when comparing
negative non-integer float and int with the same number of
bits in the integer part.
- gh-142776: Fix a file descriptor leak in import.c
- gh-142829: Fix a use-after-free crash in
contextvars.Context comparison when a custom __eq__ method
modifies the context via set().
- gh-142766: Clear the frame of a generator when
generator.close() is called.
- gh-142737: Tracebacks will be displayed in fallback mode
even if io.open() is lost. Previously, this would crash the
interpreter. Patch by Bartosz Sławecki.
- gh-142554: Fix a crash in divmod() when
_pylong.int_divmod() does not return a tuple of length two
exactly. Patch by Bénédikt Tran.
- gh-142560: Fix use-after-free in bytearray search-like
methods (find(), count(), index(), rindex(), and rfind())
by marking the storage as exported which causes
reallocation attempts to raise BufferError. For contains(),
split(), and rsplit() the buffer protocol is used for this.
- gh-142343: Fix SIGILL crash on m68k due to incorrect
assembly constraint.
- gh-141732: Ensure the __repr__() for ExceptionGroup and
BaseExceptionGroup does not change when the exception
sequence that was original passed in to its constructor is
subsequently mutated.
- gh-100964: Fix reference cycle in exhausted generator
frames. Patch by Savannah Ostrowski.
- gh-140373: Correctly emit PY_UNWIND event when generator
object is closed. Patch by Mikhail Efimov.
- gh-138568: Adjusted the built-in help() function so that
empty inputs are ignored in interactive mode.
- gh-127773: Do not use the type attribute cache for types
with incompatible MRO.
- C API
- gh-142571: PyUnstable_CopyPerfMapFile() now checks that
opening the file succeeded before flushing.
- Build
- gh-142454: When calculating the digest of the JIT stencils
input, sort the hashed files by filenames before adding
their content to the hasher. This ensures deterministic
hash input and hence deterministic hash, independent on
filesystem order.
- gh-141808: When running make clean-retain-profile, keep the
generated JIT stencils. That way, the stencils are not
generated twice when Profile-guided optimization (PGO) is
used. It also allows distributors to supply their own
pre-built JIT stencils.
- gh-138061: Ensure reproducible builds by making JIT stencil
header generation deterministic.
Remove upstreamed patches:
- CVE-2024-6923-follow-up-EOL-email-headers.patch
- gh138131-exclude-pycache-from-digest.patch
Fix readline history truncation when length is reduced
The `readline.set_history_length()` function did not previously
truncate the in-memory history when the new length was set to
a value smaller than the current number of history items. This
could lead to unexpected behavior where `get_history_length()`
would still report the old length and writing the history to a
file would write more entries than the new limit.
This patch modifies `set_history_length()` to explicitly
remove the oldest history entries using `remove_history()`
when the length is decreased, ensuring the in-memory history
is correctly truncated to the new limit. This brings the
function's behavior in line with expectations and fixes
failures in `test_write_read_limited_history`.
Checks consistency of the zip64 end of central directory record,
and preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say a
Rust one) then unpack it in production with another (e.g., the
Python one) and get malicious content that the other parser did
not see (CVE-2025-8291, bsc#1251305)
Readjust patches while synchronizing between openSUSE and SLE trees:
- F00251-change-user-install-location.patch
- doc-py38-to-py36.patch
- gh126985-mv-pyvenv.cfg2getpath.patch
- Update to 3.13.9:
- Library
- gh-139783: Fix inspect.getsourcelines() for the case when a
decorator is followed by a comment or an empty line.
- Update to 3.13.8:
- macOS
- gh-124111: Update macOS installer to use Tcl/Tk 8.6.17.
- gh-139573: Updated bundled version of OpenSSL to 3.0.18.
- Windows
- gh-139573: Updated bundled version of OpenSSL to 3.0.18.
- gh-138896: Fix error installing C runtime on non-updated Windows
machines
- Tools/Demos
- gh-139330: SBOM generation tool didn’t cross-check the version
and checksum values against the Modules/expat/refresh.sh script,
leading to the values becoming out-of-date during routine
updates.
- gh-137873: The iOS test runner has been simplified, resolving
some issues that have been observed using the runner in GitHub
Actions and Azure Pipelines test environments.
- Tests
- gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
--verbose option anymore. Patch by Victor Stinner.
- Security
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-139283: sqlite3: correctly handle maximum number of rows to
fetch in Cursor.fetchmany and reject negative values for
OBS-URL: https://build.opensuse.org/request/show/1311480
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=128
- Update to 3.13.7:
- gh-137583: Fix a deadlock introduced in 3.13.6 when a call
to ssl.SSLSocket.recv was blocked in one thread, and then
another method on the object (such as ssl.SSLSocket.send) was
subsequently called in another thread.
- gh-137044: Return large limit values as positive integers
instead of negative integers in resource.getrlimit().
Accept large values and reject negative values (except
RLIM_INFINITY) for limits in resource.setrlimit().
- gh-136914: Fix retrieval of doctest.DocTest.lineno
for objects decorated with functools.cache() or
functools.cached_property.
- gh-131788: Make ResourceTracker.send from multiprocessing
re-entrant safe
- gh-136155: We are now checking for fatal errors in EPUB
builds in CI.
- gh-137400: Fix a crash in the free threading build when
disabling profiling or tracing across all threads with
PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
or their Python equivalents threading.settrace_all_threads()
and threading.setprofile_all_threads().
- Remove upstreamed patch:
- gh137583-only-lock-SSL-context.patch
- Add gh137583-only-lock-SSL-context.patch fixing the
regression in 3.13.6 by breaking non-blocking TLS connections
(gh#python/cpython#137583).
- Update to 3.13.6:
- Security
OBS-URL: https://build.opensuse.org/request/show/1299833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python313?expand=0&rev=29
- gh-137583: Fix a deadlock introduced in 3.13.6 when a call
to ssl.SSLSocket.recv was blocked in one thread, and then
another method on the object (such as ssl.SSLSocket.send) was
subsequently called in another thread.
- gh-137044: Return large limit values as positive integers
instead of negative integers in resource.getrlimit().
Accept large values and reject negative values (except
RLIM_INFINITY) for limits in resource.setrlimit().
- gh-136914: Fix retrieval of doctest.DocTest.lineno
for objects decorated with functools.cache() or
functools.cached_property.
- gh-131788: Make ResourceTracker.send from multiprocessing
re-entrant safe
- gh-136155: We are now checking for fatal errors in EPUB
builds in CI.
- gh-137400: Fix a crash in the free threading build when
disabling profiling or tracing across all threads with
PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
or their Python equivalents threading.settrace_all_threads()
and threading.setprofile_all_threads().
- Remove upstreamed patch:
- gh137583-only-lock-SSL-context.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=119
Python 3.13.6 final
Release date: 2025-08-06
- Tools/Demos
- gh-135968: Stubs for strip are now provided as part of an
iOS install.
- Tests
- gh-135966: The iOS testbed now handles the app_packages
folder as a site directory.
- gh-135494: Fix regrtest to support excluding tests from
--pgo tests. Patch by Victor Stinner.
- gh-135489: Show verbose output for failing tests during PGO
profiling step with –enable-optimizations.
- Security
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
- Whitespaces no longer accepted between </ and the tag
name. E.g. </ script> does not end the script section.
- Vertical tabulation (\v) and non-ASCII whitespaces no
longer recognized as whitespaces. The only whitespaces
are \t\n\r\f and space.
- Null character (U+0000) no longer ends the tag name.
- Attributes and slashes after the tag name in end tags
are now ignored, instead of terminating after the first
> in quoted attribute value. E.g. </script/foo=">"/>.
- Multiple slashes and whitespaces between the last
attribute and closing > are now ignored in both start
and end tags. E.g. <a foo=bar/ //>.
- Multiple = between attribute name and value are no
longer collapsed. E.g. <a foo==bar> produces attribute
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=115
SHOULD GO BACK TO openSUSE:Factory:Staging:O
- adjusted sofilename for "nogil" build correctly.
- Update to 3.13.5:
- Tests
- gh-135120: Add test.support.subTests().
- Library
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135326: Restore support of integer-like objects with
__index__() in random.getrandbits().
- gh-135321: Raise a correct exception for values greater
than 0x7fffffff for the BINSTRING opcode in the C
implementation of pickle.
- gh-135276: Backported bugfixes in zipfile.Path from
zipp 3.23. Fixed .name, .stem and other basename-based
properties on Windows when working with a zipfile on disk.
- gh-134151: email: Fix TypeError in
email.utils.decode_params() when sorting RFC 2231
continuations that contain an unnumbered section.
- gh-134152: email: Fix parsing of email message ID with
invalid domain.
- gh-127081: Fix libc thread safety issues with os by
replacing getlogin with getlogin_r re-entrant version.
- gh-131884: Fix formatting issues in json.dump() when both
indent and skipkeys are used.
- Core and Builtins
- gh-135171: Roll back changes to generator and list
comprehensions that went into 3.13.4 to fix gh-127682,
but which involved semantic and bytecode changes not
appropriate for a bugfix release.
- C API
- gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and
Py_RETURN_FALSE macros in the limited C API 3.11 and
older: don’t treat Py_None, Py_True and Py_False as
immortal. Patch by Victor Stinner.
- gh-134989: Implement PyObject_DelAttr() and
PyObject_DelAttrString() as macros in the limited C API
3.12 and older. Patch by Victor Stinner.
- Substantially rewritten doc-py38-to-py36.patch patch to be more
flexible and covering even unexpected changes.
- Update to 3.13.4:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-134718: ast.dump() now only omits None and [] values if
they are default values.
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134696: Built-in HACL* and OpenSSL implementations of
hash function constructors now correctly accept the same
documented named arguments. For instance, md5() could be
previously invoked as md5(data=data) or md5(string=string)
depending on the underlying implementation but these calls
were not compatible. Patch by Bénédikt Tran.
- gh-134210: curses.window.getch() now correctly handles
signals. Patch by Bénédikt Tran.
- gh-80334: multiprocessing.freeze_support() now checks for
work on any “spawn” start method platform rather than only
on Windows.
- gh-114177: Fix asyncio to not close subprocess pipes which
would otherwise error out when the event loop is already
closed.
- gh-134152: Fixed UnboundLocalError that could occur during
email header parsing if an expected trailing delimiter is
missing in some contexts.
- gh-62184: Remove import of C implementation of io.FileIO
from Python implementation which has its own implementation
- gh-133982: Emit RuntimeWarning in the Python implementation
of io when the file-like object is not closed explicitly in
the presence of multiple I/O layers.
- gh-133890: The tarfile module now handles
UnicodeEncodeError in the same way as OSError when cannot
extract a member.
- gh-134097: Fix interaction of the new REPL and -X
showrefcount command line option.
- gh-133889: The generated directory listing page in
http.server.SimpleHTTPRequestHandler now only shows the
decoded path component of the requested URL, and not the
query and fragment.
- gh-134098: Fix handling paths that end with
a percent-encoded slash (%2f or %2F) in
http.server.SimpleHTTPRequestHandler.
- gh-134062: ipaddress: fix collisions in __hash__() for
IPv4Network and IPv6Network objects.
- gh-133745: In 3.13.3 we accidentally changed the signature
of the asyncio create_task() family of methods and how it
calls a custom task factory in a backwards incompatible
way. Since some 3rd party libraries have already made
changes to work around the issue that might break if
we simply reverted the changes, we’re instead changing
things to be backwards compatible with 3.13.2 while still
supporting those workarounds for 3.13.3. In particular, the
special-casing of name and context is back (until 3.14) and
consequently eager tasks may still find that their name
hasn’t been set before they execute their first yielding
await.
- gh-71253: Raise ValueError in open() if opener returns a
negative file-descriptor in the Python implementation of io
to match the C implementation.
- gh-77057: Fix handling of invalid markup declarations in
html.parser.HTMLParser.
- gh-133489: random.getrandbits() can now generate more that
231 bits. random.randbytes() can now generate more that 256
MiB.
- gh-133290: Fix attribute caching issue when setting
ctypes._Pointer._type_ in the undocumented and deprecated
ctypes.SetPointerType() function and the undocumented
set_type() method.
- gh-132876: ldexp() on Windows doesn’t round subnormal
results before Windows 11, but should. Python’s
math.ldexp() wrapper now does round them, so results may
change slightly, in rare cases of very small results, on
Windows versions before 11.
- gh-133089: Use original timeout value for
subprocess.TimeoutExpired when the func subprocess.run()
is called with a timeout instead of sometimes a confusing
partial remaining time out value used internally on the
final wait().
- gh-133009: xml.etree.ElementTree: Fix a crash in
Element.__deepcopy__ when the element is concurrently
mutated. Patch by Bénédikt Tran.
- gh-132995: Bump the version of pip bundled in ensurepip to
version 25.1.1
- gh-132017: Fix error when pyrepl is suspended, then resumed
and terminated.
- gh-132673: Fix a crash when using _align_ = 0 and _fields_
= [] in a ctypes.Structure.
- gh-132527: Include the valid typecode ‘w’ in the error
message when an invalid typecode is passed to array.array.
- gh-132439: Fix PyREPL on Windows: characters entered via
AltGr are swallowed. Patch by Chris Eibl.
- gh-132429: Fix support of Bluetooth sockets on NetBSD and
DragonFly BSD.
- gh-132106: QueueListener.start now raises a RuntimeError if
the listener is already started.
- gh-132417: Fix a NULL pointer dereference when a C function
called using ctypes with restype py_object returns NULL.
- gh-132385: Fix instance error suggestions trigger potential
exceptions in object.__getattr__() in traceback.
- gh-132308: A traceback.TracebackException now correctly
renders the __context__ and __cause__ attributes from
falsey Exception, and the exceptions attribute from falsey
ExceptionGroup.
- gh-132250: Fixed the SystemError in cProfile when locating
the actual C function of a method raises an exception.
- gh-132063: Prevent exceptions that evaluate as
falsey (namely, when their __bool__ method returns
False or their __len__ method returns 0) from being
ignored by concurrent.futures.ProcessPoolExecutor and
concurrent.futures.ThreadPoolExecutor.
- gh-119605: Respect follow_wrapped for __init__() and
__new__() methods when getting the class signature for a
class with inspect.signature(). Preserve class signature
after wrapping with warnings.deprecated(). Patch by Xuehai
Pan.
- gh-91555: Ignore log messages generated during handling of
log messages, to avoid deadlock or infinite recursion.
- gh-131434: Improve error reporting for incorrect format in
time.strptime().
- gh-131127: Systems using LibreSSL now successfully build.
- gh-130999: Avoid exiting the new REPL and offer suggestions
even if there are non-string candidates when errors occur.
- gh-130941: Fix configparser.ConfigParser parsing empty
interpolation with allow_no_value set to True.
- gh-129098: Fix REPL traceback reporting when using
compile() with an inexisting file. Patch by Bénédikt Tran.
- gh-130631: http.cookiejar.join_header_words() is now more
similar to the original Perl version. It now quotes the
same set of characters and always quote values that end
with "\n".
- gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant
in the socket module on Linux systems. It was missing since
Python 3.11.
- gh-124096: Turn on virtual terminal mode and enable
bracketed paste in REPL on Windows console. (If the
terminal does not support bracketed paste, enabling it does
nothing.)
- gh-122559: Remove __reduce__() and __reduce_ex__() methods
that always raise TypeError in the C implementation
of io.FileIO, io.BufferedReader, io.BufferedWriter
and io.BufferedRandom and replace them with default
__getstate__() methods that raise TypeError. This restores
fine details of behavior of Python 3.11 and older versions.
- gh-122179: hashlib.file_digest() now raises BlockingIOError
when no data is available during non-blocking I/O. Before,
it added spurious null bytes to the digest.
- gh-86155: html.parser.HTMLParser.close() no longer loses
data when the <script> tag is not closed. Patch by Waylan
Limberg.
- gh-69426: Fix html.parser.HTMLParser to not unescape
character entities in attribute values if they are followed
by an ASCII alphanumeric or an equals sign.
- bpo-44172: Keep a reference to original curses windows in
subwindows so that the original window does not get deleted
before subwindows.
- Tests
- gh-133744: Fix multiprocessing interrupt test. Add an event
to synchronize the parent process with the child process:
wait until the child process starts sleeping. Patch by
Victor Stinner.
- gh-133639: Fix
TestPyReplAutoindent.test_auto_indent_default() doesn’t run
input_code.
- gh-133131: The iOS testbed will now select the most
recently released “SE-class” device for testing if a device
isn’t explicitly specified.
- gh-109981: The test helper that counts the list of open
file descriptors now uses the optimised /dev/fd approach on
all Apple platforms, not just macOS. This avoids crashes
caused by guarded file descriptors.
- IDLE
- gh-112936: fix IDLE: no Shell menu item in single-process
mode.
- Documentation
- gh-107006: Move documentation and example code for
threading.local from its docstring to the official docs.
- Core and Builtins
- gh-134908: Fix crash when iterating over lines in a text
file on the free threaded build.
- gh-127682: No longer call __iter__ twice in list
comprehensions. This brings the behavior of list
comprehensions in line with other forms of iteration
- gh-134381: Fix RuntimeError when using a not-started
threading.Thread after calling os.fork()
- gh-128066: Fixes an edge case where PyREPL improperly threw
an error when Python is invoked on a read only filesystem
while trying to write history file entries.
- gh-134100: Fix a use-after-free bug that occurs when an
imported module isn’t in sys.modules after its initial
import. Patch by Nico-Posada.
- gh-133703: Fix hashtable in dict can be bigger than
intended in some situations.
- gh-132869: Fix crash in the free threading build when
accessing an object attribute that may be concurrently
inserted or deleted.
- gh-132762: fromkeys() no longer loops forever when adding
a small set of keys to a large base dict. Patch by Angela
Liss.
- gh-133543: Fix a possible memory leak that could occur when
directly accessing instance dictionaries (__dict__) that
later become part of a reference cycle.
- gh-133516: Raise ValueError when constants True, False or
None are used as an identifier after NFKC normalization.
- gh-133441: Fix crash upon setting an attribute with a dict
subclass. Patch by Victor Stinner.
- gh-132942: Fix two races in the type lookup cache. This
affected the free-threaded build and could cause crashes
(apparently quite difficult to trigger).
- gh-132713: Fix repr(list) race condition: hold a strong
reference to the item while calling repr(item). Patch by
Victor Stinner.
- gh-132747: Fix a crash when calling __get__() of a method
with a None second argument.
- gh-132542: Update Thread.native_id after fork(2) to ensure
accuracy. Patch by Noam Cohen.
- gh-124476: Fix decoding from the locale encoding in the
C.UTF-8 locale.
- gh-131927: Compiler warnings originating from the same
module and line number are now only emitted once, matching
the behaviour of warnings emitted from user code. This can
also be configured with warnings filters.
- gh-127682: No longer call __iter__ twice when creating and
executing a generator expression. Creating a generator
expression from a non-interable will raise only when the
generator expression is executed. This brings the behavior
of generator expressions in line with other generators.
- gh-131878: Handle uncaught exceptions in the main input
loop for the new REPL.
- gh-131878: Fix support of unicode characters with two or
more codepoints on Windows in the new REPL.
- gh-130804: Fix support of unicode characters on Windows in
the new REPL.
- gh-130070: Fixed an assertion error for exec() passed a
string source and a non-None closure. Patch by Bartosz
Sławecki.
- gh-129958: Fix a bug that was allowing newlines
inconsitently in format specifiers for single-quoted
f-strings. Patch by Pablo Galindo.
- C API
- gh-132909: Fix an overflow when handling the K format in
Py_BuildValue(). Patch by Bénédikt Tran.
- Remove upstreamed patches:
- CVE-2025-4516-DecodeError-handler.patch
- gh-132535-rsrc-warn-test_timeout.patch
OBS-URL: https://build.opensuse.org/request/show/1287762
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python313?expand=0&rev=25
- Tests
- gh-135120: Add test.support.subTests().
- Library
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135326: Restore support of integer-like objects with
__index__() in random.getrandbits().
- gh-135321: Raise a correct exception for values greater
than 0x7fffffff for the BINSTRING opcode in the C
implementation of pickle.
- gh-135276: Backported bugfixes in zipfile.Path from
zipp 3.23. Fixed .name, .stem and other basename-based
properties on Windows when working with a zipfile on disk.
- gh-134151: email: Fix TypeError in
email.utils.decode_params() when sorting RFC 2231
continuations that contain an unnumbered section.
- gh-134152: email: Fix parsing of email message ID with
invalid domain.
- gh-127081: Fix libc thread safety issues with os by
replacing getlogin with getlogin_r re-entrant version.
- gh-131884: Fix formatting issues in json.dump() when both
indent and skipkeys are used.
- Core and Builtins
- gh-135171: Roll back changes to generator and list
comprehensions that went into 3.13.4 to fix gh-127682,
but which involved semantic and bytecode changes not
appropriate for a bugfix release.
- C API
- gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=102
- Tests
- gh-135120: Add test.support.subTests().
- Library
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135326: Restore support of integer-like objects with
__index__() in random.getrandbits().
- gh-135321: Raise a correct exception for values greater
than 0x7fffffff for the BINSTRING opcode in the C
implementation of pickle.
- gh-135276: Backported bugfixes in zipfile.Path from
zipp 3.23. Fixed .name, .stem and other basename-based
properties on Windows when working with a zipfile on disk.
- gh-134151: email: Fix TypeError in
email.utils.decode_params() when sorting RFC 2231
continuations that contain an unnumbered section.
- gh-134152: email: Fix parsing of email message ID with
invalid domain.
- gh-127081: Fix libc thread safety issues with os by
replacing getlogin with getlogin_r re-entrant version.
- gh-131884: Fix formatting issues in json.dump() when both
indent and skipkeys are used.
- Core and Builtins
- gh-135171: Roll back changes to generator and list
comprehensions that went into 3.13.4 to fix gh-127682,
but which involved semantic and bytecode changes not
appropriate for a bugfix release.
- C API
- gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=102
