Log message:
*: recursive bump for icu 78.1

Log message:
lang/python312: remove unknown configure option

Log message:
python312 py312-html-docs: updated to 3.12.12

Python 3.12.12

Tools/Demos

gh-139330: SBOM generation tool didn’t cross-check the version and checksum \ 
values against the Modules/expat/refresh.sh script, leading to the values \ 
becoming out-of-date during routine updates.

Security

gh-139700: Check consistency of the zip64 end of central directory record. \ 
Support records with “zip64 extensible data” if there are no bytes prepended \ 
to the ZIP file.
gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only \ 
garbage-collected once they are no longer referenced by subparsers created by \ 
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to \ 
the HTML5 standard.
Whitespaces no longer accepted between </ and the tag name. E.g. </ \ 
script> does not end the script section.
Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as \ 
whitespaces. The only whitespaces are \t\n\r\f and space.
Null character (U+0000) no longer ends the tag name.
Attributes and slashes after the tag name in end tags are now ignored, instead \ 
of terminating after the first > in quoted attribute value. E.g. \ 
</script/foo=">"/>.
Multiple slashes and whitespaces between the last attribute and closing > are \ 
now ignored in both start and end tags. E.g. <a foo=bar/ //>.
Multiple = between attribute name and value are no longer collapsed. E.g. <a \ 
foo==bar> produces attribute “foo” with value “=bar”.
gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the \ 
HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private \ 
method _set_support_cdata() which can be used to specify how to parse \ 
<[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a \ 
bogus comment in the HTML namespace.
gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 \ 
standard. --!> now ends the comment. -- > no longer ends the comment. \ 
Support abnormally ended empty comments <--> and <--->.
gh-135462: Fix quadratic complexity in processing specially crafted input in \ 
html.parser.HTMLParser. End-of-file errors are now handled according to the \ 
HTML5 specs – comments and declarations are automatically closed, tags are \ 
ignored.
gh-118350: Fix support of escapable raw text mode (elements “textarea” and \ 
“title”) in html.parser.HTMLParser.
gh-86155: html.parser.HTMLParser.close() no longer loses data when the \ 
<script> tag is not closed. Patch by Waylan Limberg.

Library

gh-139312: Upgrade bundled libexpat to 2.7.3
gh-138998: Update bundled libexpat to 2.7.2
gh-130577: tarfile now validates archives to ensure member offsets are \ 
non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577.)

Core and Builtins

gh-130077: Properly raise custom syntax errors when incorrect syntax containing \ 
names that are prefixes of soft keywords is encountered. Patch by Pablo Galindo.

Log message:
python312 py312-html-docs: updated to 3.12.11

Python 3.12.11 final

Security
gh-135034: Fixes multiple issues that allowed tarfile extraction filters \ 
(filter="data" and filter="tar") to be bypassed using \ 
crafted symlinks and hard links.

Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517.

gh-133767: Fix use-after-free in the “unicode-escape” decoder with a \ 
non-“strict” error handler.

gh-128840: Short-circuit the processing of long IPv6 addresses early in \ 
ipaddress to prevent excessive memory consumption and a minor denial-of-service.

Library

gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address.
gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and \ 
IPv6Network objects.
gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC \ 
3596, §2.5. Patch by Bénédikt Tran.
bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC \ 
4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk.

Log message:
*: recursive bump for icu 77 and libxml2 2.14

Log message:
python312 py312-html-docs: updated to 3.12.10

Python 3.12.10 final

macOS

gh-124111: Update macOS installer to use Tcl/Tk 8.6.16.
gh-131423: Update macOS installer to use OpenSSL 3.0.16. Patch by Bénédikt Tran.
gh-131025: Update macOS installer to ship with SQLite 3.49.1.
gh-91132: Update macOS installer to use ncurses 6.5.

Windows

gh-131423: Update bundled version of OpenSSL to 3.0.16. The new build also \ 
disables uplink support, which may be relevant to embedders but has no impact on \ 
normal use.
gh-131025: Update Windows installer to ship with SQLite 3.49.1.
gh-131020: pylauncher correctly detects a BOM when searching for the shebang. \ 
Fix by Chris Eibl.

Tools/Demos

gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files \ 
for consistency with GNU msgfmt.
gh-85012: Correctly reset msgctxt when compiling messages in msgfmt.

Tests

gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does \ 
not support finite-field ephemeral Diffie-Hellman.
gh-119727: Add --single-process command line option to Python test runner \ 
(regrtest). Patch by Victor Stinner.

Security

gh-131809: Update bundled libexpat to 2.7.1
gh-131261: Upgrade to libexpat 2.7.0
gh-127371: Avoid unbounded buffering for \ 
tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only \ 
checked after the lines iterator had been exhausted. This is now done after each \ 
line is written.
gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an \ 
email message using a modern email policy. Previously when an encoded-word was \ 
too long for a line, it would be decoded, split across lines, and re-encoded. \ 
But commas and other special characters in the original text could be left \ 
unencoded and unquoted. This could theoretically be used to spoof header lines \ 
using a carefully constructed encoded-word if the resulting rendered email was \ 
transmitted or re-parsed.

Library

gh-116608: undeprecate functional API for importlib.resources

gh-132075: Fix possible use of socket address structures with uninitialized \ 
members. Now all structure members are initialized with zeroes by default.

gh-132002: Fix crash when deallocating contextvars.ContextVar with weird \ 
unahashable string names.

gh-131668: socket: Fix code parsing AF_BLUETOOTH socket addresses.

gh-131492: Fix a resource leak when constructing a gzip.GzipFile with a filename \ 
fails, for example when passing an invalid compresslevel.

gh-131325: Fix sendfile fallback implementation to drain data after writing to \ 
transport in asyncio.

gh-129843: Fix incorrect argument passing in warnings.warn_explicit().

gh-131204: Use monospace font from System Font Stack for cross-platform support \ 
in difflib.HtmlDiff.

gh-131045: Fix issue with __contains__, values, and pseudo-members for enum.Flag.

gh-130959: Fix pure-Python implementation of datetime.time.fromisoformat() to \ 
reject times with spaces in fractional part (for example, 12:34:56.400 +02:00), \ 
matching the C implementation. Patch by Michał Gorny.

gh-130637: Add validation for numeric response data in poplib.POP3.stat() method

gh-130461: Remove .. index:: directives from the uuid module documentation. \ 
These directives previously created entries in the general index for getnode() \ 
as well as the uuid1(), uuid3(), uuid4(), and uuid5() constructor functions.

gh-130285: Fix corner case for random.sample() allowing the counts parameter to \ 
specify an empty population. So now, sample([], 0, counts=[]) and sample('abc', \ 
k=0, counts=[0, 0, 0]) both give the same result as sample([], 0).

gh-130250: Fix regression in traceback.print_last().

gh-118761: Reverts a change in the previous release attempting to make some \ 
stdlib imports used within the subprocess module lazy as this was causing errors \ 
during __del__ finalizers calling methods such as terminate, or kill, or \ 
send_signal.

gh-130164: Fixed failure to raise TypeError in inspect.Signature.bind() for \ 
positional-only arguments provided by keyword when a variadic keyword argument \ 
(e.g. **kwargs) is present.

gh-130151: Fix reference leaks in _hashlib.hmac_new() and \ 
_hashlib.hmac_digest(). Patch by Bénédikt Tran.

gh-129726: Fix gzip.GzipFile raising an unraisable exception during garbage \ 
collection when referring to a temporary object by breaking the reference loop \ 
with weakref.

gh-129583: Update bundled pip to 25.0.1

gh-97850: Update the deprecation warning of importlib.abc.Loader.load_module().

gh-129603: Fix bugs where sqlite3.Row objects could segfault if their inherited \ 
description was set to None. Patch by Erlend Aasland.

gh-117779: Fix reading duplicated entries in zipfile by name. Reading duplicated \ 
entries (except the last one) by ZipInfo now emits a warning instead of raising \ 
an exception.

gh-128772: Fix pydoc for methods with the __module__ attribute equal to None.

gh-92897: Scheduled the deprecation of the check_home argument of \ 
sysconfig.is_python_build() to Python 3.15.

gh-128703: Fix mimetypes.guess_type() to use default mapping for empty \ 
Content-Type in registry.

gh-126037: xml.etree.ElementTree: Fix a crash in Element.find, Element.findtext \ 
and Element.findall when the tag to find implements an __eq__() method mutating \ 
the element being queried. Patch by Bénédikt Tran.

gh-127712: Fix handling of the secure argument of logging.handlers.SMTPHandler.

gh-126033: xml.etree.ElementTree: Fix a crash in Element.remove when the element \ 
is concurrently mutated. Patch by Bénédikt Tran.

gh-125553: Fix round-trip invariance for backslash continuations in \ 
tokenize.untokenize().

gh-101137: Mime type text/x-rst is now supported by mimetypes.

gh-113238: Add Anchor to importlib.resources (in order for the code to comply \ 
with the documentation)

gh-89039: When replace() method is called on a subclass of datetime, date or \ 
time, properly call derived constructor. Previously, only the base class’s \ 
constructor was called.

Also, make sure to pass non-zero fold values when creating subclasses in various \ 
methods. Previously, fold was silently ignored.

IDLE

gh-129873: Simplify displaying the IDLE doc by only copying the text section of \ 
idle.html to idlelib/help.html. Patch by Stan Ulbrych.

Documentation

gh-131417: Mention asyncio.Future and asyncio.Task in generic classes list.
gh-125722: Require Sphinx 8.2.0 or later to build the Python documentation. \ 
Patch by Adam Turner.
gh-129712: The wheel tags supported by each macOS universal SDK option are now \ 
documented.
gh-46236: C API: Document PyUnicode_RSplit(), PyUnicode_Partition() and \ 
PyUnicode_RPartition().

Core and Builtins

gh-131670: Fix anext() failing on sync __anext__() raising an exception.
gh-130809: Fixed an issue where _PyFrame_LocalsToFast tries to write module \ 
level values to hidden fasts.
gh-130775: Do not crash on negative column and end_column in ast locations.
gh-130618: Fix a bug that was causing UnicodeDecodeError or SystemError to be \ 
raised when using f-strings with lambda expressions with non-ASCII characters. \ 
Patch by Pablo Galindo
gh-130163: Fix possible crashes related to concurrent change and use of the sys \ 
module attributes.
gh-88887: Fixing multiprocessing Resource Tracker process leaking, usually \ 
observed when running Python as PID 1.
gh-116042: Fix location for SyntaxErrors of invalid escapes in the tokenizer. \ 
Patch by Pablo Galindo
gh-128632: Disallow __classdict__ as the name of a type parameter. Using this \ 
name would previously crash the interpreter in some circumstances.
gh-125331: from __future__ import barry_as_FLUFL now works in more contexts, \ 
including when it is used in files, with the -c flag, and in the REPL when there \ 
are multiple statements on the same line. Previously, it worked only on \ 
subsequent lines in the REPL, and when the appropriate flags were passed \ 
directly to compile(). Patch by Pablo Galindo.
gh-107526: Revert converting vars, dir, next, getattr, and iter to argument clinic.
gh-107674: Fixed performance regression in sys.settrace.

C API

gh-131740: Update PyUnstable_GC_VisitObjects to traverse perm gen.

Build

gh-131865: The DTrace build now properly passes the CC and CFLAGS variables to \ 
the dtrace command when utilizing SystemTap on Linux.
gh-130740: Ensure that Python.h is included before stdbool.h unless pyconfig.h \ 
is included before or in some platform-specific contexts.
gh-129838: Don’t redefine _Py_NO_SANITIZE_UNDEFINED when compiling with a \ 
recent GCC version and undefined sanitizer enabled.
gh-129660: Drop test_embed from PGO training, whose contribution in recent \ 
versions is considered to be ignorable.

Log message:
restore gettext-lib buildlink3.mk from previous python versions

needed to successfully build embedded python for tevent package

Log message:
python312 py312-html-docs: updated to 3.12.9

Python 3.12.9

Tests

gh-127906: Test the limited C API in test_cppext. Patch by Victor Stinner.
gh-127906: Backport test_cext from the main branch. Patch by Victor Stinner.
gh-127637: Add tests for the dis command-line interface. Patch by Bénédikt Tran.
Security
gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host \ 
parsing would not reject domain names containing square brackets ([ and ]). \ 
Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC \ 
3986 Section 3.2.2.
gh-127655: Fixed the asyncio.selector_events._SelectorSocketTransport transport \ 
not pausing writes for the protocol when the buffer reaches the high water mark \ 
when using asyncio.WriteTransport.writelines().
gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode().
gh-80222: Fix bug in the folding of quoted strings when flattening an email \ 
message using a modern email policy. Previously when a quoted string was folded \ 
so that it spanned more than one line, the surrounding quotes and internal \ 
escapes would be omitted. This could theoretically be used to spoof header lines \ 
using a carefully constructed quoted string if the resulting rendered email was \ 
transmitted or re-parsed.
gh-119511: Fix a potential denial of service in the imaplib module. When \ 
connecting to a malicious server, it could cause an arbitrary amount of memory \ 
to be allocated. On many systems this is harmless as unused virtual memory is \ 
only a mapping, but if this hit a virtual address size limit it could lead to a \ 
MemoryError or other process crash. On unusual systems or builds where all \ 
allocated memory is touched and backed by actual ram or storage it could’ve \ 
consumed resources doing so until similarly crashing.

Library

gh-129502: Unlikely errors in preparing arguments for ctypes callback are now \ 
handled in the same way as errors raised in the callback of in converting the \ 
result of the callback – using sys.unraisablehook() instead of \ 
sys.excepthook() and not setting sys.last_exc and other variables.
gh-129403: Corrected ValueError message for asyncio.Barrier and threading.Barrier.
gh-129409: Fix an integer overflow in the csv module when writing a data field \ 
larger than 2GB.
gh-118761: Improve import time of subprocess by lazy importing locale and \ 
signal. Patch by Taneli Hukkinen.
gh-129346: In sqlite3, handle out-of-memory when creating user-defined SQL functions.
gh-128550: Removed an incorrect optimization relating to eager tasks in \ 
asyncio.TaskGroup that resulted in cancellations being missed.
gh-128991: Release the enter frame reference within bdb callback
gh-128961: Fix a crash when setting state on an exhausted array.array iterator.
gh-128916: Do not attempt to set SO_REUSEPORT on sockets of address families \ 
other than AF_INET and AF_INET6, as it is meaningless with these address \ 
families, and the call with fail with Linux kernel 6.12.9 and newer.
gh-128679: Fix tracemalloc.stop() race condition. Fix tracemalloc to support \ 
calling tracemalloc.stop() in one thread, while another thread is tracing memory \ 
allocations. Patch by Victor Stinner.
gh-128562: Fix possible conflicts in generated tkinter widget names if the \ 
widget class name ends with a digit.
gh-128552: Fix cyclic garbage introduced by asyncio.loop.create_task() and \ 
asyncio.TaskGroup.create_task() holding a reference to the created task if it is \ 
eager.
gh-128479: Fix asyncio.staggered.staggered_race() leaking tasks and issuing an \ 
unhandled exception.
gh-88834: Unify the instance check for typing.Union and types.UnionType: Union \ 
now uses the instance checks against its parameters instead of the subclass \ 
checks.
gh-128302: Fix xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which was \ 
broken by the Python 3.0 transition.
gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse() to correctly handle \ 
xml.dom.xmlbuilder.DOMInputSource instances that only have a systemId attribute \ 
set.
gh-112064: Fix incorrect handling of negative read sizes in HTTPResponse.read. \ 
Patch by Yury Manushkin.
gh-58956: Fixed a frame reference leak in bdb.
gh-128131: Completely support random access of uncompressed unencrypted \ 
read-only zip files obtained by ZipFile.open.
gh-127975: Avoid reusing quote types in ast.unparse() if not needed.
gh-128014: Fix resetting the default window icon by passing default='' to the \ 
tkinter method wm_iconbitmap().
gh-115514: Fix exceptions and incomplete writes after asyncio._SelectorTransport \ 
is closed before writes are completed.
gh-41872: Fix quick extraction of module docstrings from a file in pydoc. It now \ 
supports docstrings with single quotes, escape sequences, raw string literals, \ 
and other Python syntax.
gh-126742: Fix support of localized error messages reported by dlerror(3) and \ 
gdbm_strerror in ctypes and dbm.gnu functions respectively. Patch by Bénédikt \ 
Tran.
gh-127870: Detect recursive calls in ctypes _as_parameter_ handling. Patch by \ 
Victor Stinner.
gh-127847: Fix the position when doing interleaved seeks and reads in \ 
uncompressed, unencrypted zip files returned by zipfile.ZipFile.open().
gh-127732: The platform module now correctly detects Windows Server 2025.
gh-93312: Include <sys/pidfd.h> to get os.PIDFD_NONBLOCK constant. Patch \ 
by Victor Stinner.
gh-83662: Add missing __class_getitem__ method to the Python implementation of \ 
functools.partial(), to make it compatible with the C version. This is mainly \ 
relevant for alternative Python implementations like PyPy and GraalPy, because \ 
CPython will usually use the C-implementation of that function.
gh-127586: multiprocessing.pool.Pool now properly restores blocked signal \ 
handlers of the parent thread when creating processes via either spawn or \ 
forkserver.
gh-98188: Fix an issue in email.message.Message.get_payload() where data cannot \ 
be decoded if the Content Transfer Encoding mechanism contains trailing \ 
whitespaces or additional junk text. Patch by Hui Liu.
gh-127257: In ssl, system call failures that OpenSSL reports using ERR_LIB_SYS \ 
are now raised as OSError.
gh-126775: Make linecache.checkcache() thread safe and GC re-entrancy safe.
gh-58956: Fixed a bug in pdb where sometimes the breakpoint won’t trigger if \ 
it was set on a function which is already in the call stack.
gh-123401: The http.cookies module now supports parsing obsolete RFC 850 date \ 
formats, in accordance with RFC 9110 requirements. Patch by Nano Zheng.
gh-123085: In a bare call to importlib.resources.files(), ensure the caller’s \ 
frame is properly detected when importlib.resources is itself available as a \ 
compiled module only (no source).
gh-122431: readline.append_history_file() now raises a ValueError when given a \ 
negative value.

Documentation

gh-125722: Require Sphinx 8.1.3 or later to build the Python documentation. \ 
Patch by Adam Turner.
gh-67206: Document that string.printable is not printable in the POSIX sense. In \ 
particular, string.printable.isprintable() returns False. Patch by Bénédikt \ 
Tran.

Core and Builtins

gh-129345: Fix null pointer dereference in syslog.openlog() when an audit hook \ 
raises an exception.
gh-129093: Fix f-strings such as f'{expr=}' sometimes not displaying the full \ 
expression when the expression contains !=.
gh-124363: Treat debug expressions in f-string as raw strings. Patch by Pablo Galindo
gh-128799: Add frame of except* to traceback when it wraps a naked exception.
gh-128078: Fix a SystemError when using anext() with a default tuple value. \ 
Patch by Bénédikt Tran.
gh-128079: Fix a bug where except* does not properly check the return value of \ 
an ExceptionGroup’s split() function, leading to a crash in some cases. Now \ 
when split() returns an invalid object, except* raises a TypeError with the \ 
original raised ExceptionGroup object chained to it.
gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG builds in \ 
_copy_characters when there is nothing to copy.
gh-127599: Fix statistics for increments of object reference counts (in \ 
particular, when a reference count was increased by more than 1 in a single \ 
operation).
gh-111609: Respect end_offset in SyntaxError subclasses.
gh-126862: Fix a possible overflow when a class inherits from an absurd number \ 
of super-classes. Reported by Valery Fedorenko. Patch by Bénédikt Tran.
gh-117195: Avoid assertion failure for debug builds when calling object.__sizeof__(1)

C API

gh-126554: Fix error handling in ctypes.CDLL objects which could result in a \ 
crash in rare situations.
gh-107249: Implement the Py_UNUSED macro for Windows MSVC compiler. Patch by \ 
Victor Stinner.

Build

gh-129539: Don’t redefine EX_OK when the system has the sysexits.h header.
gh-128472: Skip BOLT optimization of functions using computed gotos, fixing \ 
errors on build with LLVM 19.
gh-123925: Fix building the curses module on platforms with libncurses but \ 
without libncursesw.
gh-128321: Set LIBS instead of LDFLAGS when checking if sqlite3 library \ 
functions are available. This fixes the ordering of linked libraries during \ 
checks, which was incorrect when using a statically linked libsqlite3.