Python 3.9.3

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmBm6VQACgkQsmmV4xAl
 BWiEWg/6A9IMEpPRP1GbCuyCjLQksZ2E/dNCvO+80z+DiVsyKVkH40JGisSmuYlo
 JAmU8I316iDhkNbKZ7df7hqP3VRbkR4Sf23pmd3j75sN3jsAkEhqOrAVwZWPN2wi
 ipGwntIzuQ9xjCLcHbn0JP7jJhbcHX/R+QFmDHWx0UCgeML4jIggY2k36+DuWUnL
 dJAMJnmhK+GL5twTo4aWpXx2p7t82aHWZina1F3Zxsdm/oi9Kdng5yr65Plw0h27
 AdV6JpJhzSGZE/g0EKBMRx1oEbFYrub0Ki4vtwWnICLOimIR6pxFO+ntJnIz4I0F
 ESdojHPhTeZPWbLSTW1RMpJzsjjSX/rS0aJ2aGjVQFHEbIKpTPS6PbRddZitzQD9
 Fk+3ZpJBBiTf5tHv1YrxZJgEfGQ7qX58oGyR+ukO+VKvdOPYh3rWO1RP0Jt/b39g
 4wWbJ/KJfiylmr7Q1toYrCYuGhyrYQQdRh1rc6aHF2gFkzdoygMEFQs118Zh6qGC
 /XdQvpPNvoLkQGAk0dm4MfmuTU+5nIkrf1ptleEXd4kjvxaAExyXKHCvA+55hIJt
 0bEVb0jBqzUDQ8oR9sCqH00av31h0A5XmuMvZ9VjzVtwmunJjzs3wk30P9vgT5Fw
 sgWV8bpyr8NH9O6Dx0QgT6KrKXN7jWOhh0gAXPlG2GZqKPUUzpM=
 =fyCu
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmBnVrMQHGx1a2FzekBs
 YW5nYS5wbAAKCRCyaZXjECUFaBXrD/4xutr97e/fp8LAdR2FvFDHK5+yOwTNFbPA
 Zqn/U5Sq0wAZvpEyCPcF0wV++Pt+yzEsY1OYQOynW504QdicUIflrSR3nx+8W7Wc
 FCEOtIIZ0nICteMVgx7HuxuVmojrCAvBXzsf68vy0hZY96WBL+VkiZAK13JQIeHh
 c+HqoAh3Z5NB5SXBk4GgKBxG91bJsj0zbsUIlKeeFV0dz3M+LJvRWZO0IgwDL8bU
 3QTZ6cfzqRIBfkx2FROC9bYoOZQ2yrdtvZGURKYDTjbDSXSWfnEu97Jox5wScYCO
 h3qbemgeyRZueBEFANK/A1BbkLyf3gpJQYQ1FnFD0Z9EkveCP/gcVx7QzyeUUt4l
 WAWxS4O7Li59Bn8BcFczt53/ks4ZtIdRgWEdIeMI7NREQgM/3139XTlgEZ04OUKi
 ch+1f+81khgWSc1GLPR9wbnU7YdvGEEk9j1h5PiOhZ/+JWsgQil1FLKb67fU1zDI
 mNdGdF3dzkM6THc7yOaAr5IcUZ5JCCEAX3TkZBRDAg31IhZrnZtGKw04kX5R9JBY
 R5ZIqNddBT9/RQFLCGtKVP+8QxTiWwZP2wP1ygXiJFS0UAtnMIdBR79FvSSgxsNK
 DLAkCkX0u1WYH6oU2h5L/tPQrYYf6h8nXrA+zURl/0Q3MZRcxx0B1IG9FtLl0zvt
 M7Tl8eRobg==
 =t2Mf
 -----END PGP SIGNATURE-----

Merge tag 'v3.9.3' into 3.9

Python 3.9.3

Include/patchlevel.h

@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        9
-#define PY_MICRO_VERSION        2
+#define PY_MICRO_VERSION        3
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.9.2+"
+#define PY_VERSION              "3.9.3"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Lib/pydoc_data/topics.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Fri Feb 19 13:29:38 2021
+# Autogenerated by Sphinx on Fri Apr  2 11:48:03 2021
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'
@@ -5019,9 +5019,11 @@ topics = {'assert': 'The "assert" statement\n'
                   '"Formatter",\n'
                   'subclasses can define their own format string syntax).  The '
                   'syntax is\n'
-                  'related to that of formatted string literals, but there '
-                  'are\n'
-                  'differences.\n'
+                  'related to that of formatted string literals, but it is '
+                  'less\n'
+                  'sophisticated and, in particular, does not support '
+                  'arbitrary\n'
+                  'expressions.\n'
                   '\n'
                   'Format strings contain “replacement fields” surrounded by '
                   'curly braces\n'

Misc/NEWS.d/3.9.3.rst

@@ -0,0 +1,346 @@
+.. bpo: 42988
+.. date: 2021-03-24-14-16-56
+.. nonce: P2aNco
+.. release date: 2021-04-02
+.. section: Security
+
+CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module
+which could be abused to read arbitrary files on the disk (directory
+traversal vulnerability). Moreover, even source code of Python modules can
+contain sensitive data like passwords. Vulnerability reported by David
+Schwörer.
+
+..
+
+.. bpo: 43285
+.. date: 2021-03-13-03-48-14
+.. nonce: g-Hah3
+.. section: Security
+
+:mod:`ftplib` no longer trusts the IP address value returned from the server
+in response to the PASV command by default.  This prevents a malicious FTP
+server from using the response to probe IPv4 address and port combinations
+on the client network.
+
+Code that requires the former vulnerable behavior may set a
+``trust_server_pasv_ipv4_address`` attribute on their :class:`ftplib.FTP`
+instances to ``True`` to re-enable it.
+
+..
+
+.. bpo: 43439
+.. date: 2021-03-08-23-06-07
+.. nonce: 5U3lXm
+.. section: Security
+
+Add audit hooks for :func:`gc.get_objects`, :func:`gc.get_referrers` and
+:func:`gc.get_referents`. Patch by Pablo Galindo.
+
+..
+
+.. bpo: 43660
+.. date: 2021-03-29-19-50-34
+.. nonce: scTgag
+.. section: Core and Builtins
+
+Fix crash that happens when replacing ``sys.stderr`` with a callable that
+can remove the object while an exception is being printed. Patch by Pablo
+Galindo.
+
+..
+
+.. bpo: 43555
+.. date: 2021-03-19-22-49-40
+.. nonce: ZmhYSA
+.. section: Core and Builtins
+
+Report the column offset for :exc:`SyntaxError` for invalid line
+continuation characters. Patch by Pablo Galindo.
+
+..
+
+.. bpo: 43517
+.. date: 2021-03-16-17-12-54
+.. nonce: zAo6Ws
+.. section: Core and Builtins
+
+Fix misdetection of circular imports when using ``from pkg.mod import
+attr``, which caused false positives in non-trivial multi-threaded code.
+
+..
+
+.. bpo: 35883
+.. date: 2021-03-13-13-57-21
+.. nonce: UyGpdG
+.. section: Core and Builtins
+
+Python no longer fails at startup with a fatal error if a command line
+argument contains an invalid Unicode character. The
+:c:func:`Py_DecodeLocale` function now escapes byte sequences which would be
+decoded as Unicode characters outside the [U+0000; U+10ffff] range.
+
+..
+
+.. bpo: 43406
+.. date: 2021-03-04-22-53-10
+.. nonce: Na_VpA
+.. section: Core and Builtins
+
+Fix a possible race condition where ``PyErr_CheckSignals`` tries to execute
+a non-Python signal handler.
+
+..
+
+.. bpo: 42500
+.. date: 2020-11-30-14-27-29
+.. nonce: excVKU
+.. section: Core and Builtins
+
+Improve handling of exceptions near recursion limit. Converts a number of
+Fatal Errors in RecursionErrors.
+
+..
+
+.. bpo: 43433
+.. date: 2021-03-28-23-50-20
+.. nonce: so9j5G
+.. section: Library
+
+:class:`xmlrpc.client.ServerProxy` no longer ignores query and fragment in
+the URL of the server.
+
+..
+
+.. bpo: 35930
+.. date: 2021-03-23-17-18-56
+.. nonce: RZ51pM
+.. section: Library
+
+Raising an exception raised in a "future" instance will create reference
+cycles.
+
+..
+
+.. bpo: 43577
+.. date: 2021-03-21-10-13-17
+.. nonce: m7JnAV
+.. section: Library
+
+Fix deadlock when using :class:`ssl.SSLContext` debug callback with
+:meth:`ssl.SSLContext.sni_callback`.
+
+..
+
+.. bpo: 43521
+.. date: 2021-03-16-16-05-02
+.. nonce: mRT6fh
+.. section: Library
+
+``ast.unparse`` can now render NaNs and empty sets.
+
+..
+
+.. bpo: 43423
+.. date: 2021-03-11-15-44-18
+.. nonce: rRomRD
+.. section: Library
+
+:func:`subprocess.communicate` no longer raises an IndexError when there is
+an empty stdout or stderr IO buffer during a timeout on Windows.
+
+..
+
+.. bpo: 27820
+.. date: 2021-03-10-14-07-44
+.. nonce: Wwdy-r
+.. section: Library
+
+Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with
+initial_response_ok=False will fail.
+
+The cause is that SMTP.auth_login _always_ returns a password if provided
+with a challenge string, thus non-compliant with the standard for AUTH
+LOGIN.
+
+Also fixes bug with the test for smtpd.
+
+..
+
+.. bpo: 43332
+.. date: 2021-03-07-11-23-20
+.. nonce: weatsh
+.. section: Library
+
+Improves the networking efficiency of :mod:`http.client` when using a proxy
+via :meth:`~HTTPConnection.set_tunnel`.  Fewer small send calls are made
+during connection setup.
+
+..
+
+.. bpo: 43399
+.. date: 2021-03-04-17-53-46
+.. nonce: Wn95u-
+.. section: Library
+
+Fix ``ElementTree.extend`` not working on iterators when using the Python
+implementation
+
+..
+
+.. bpo: 43316
+.. date: 2021-02-25-09-44-36
+.. nonce: k9Gyqn
+.. section: Library
+
+The ``python -m gzip`` command line application now properly fails when
+detecting an unsupported extension. It exits with a non-zero exit code and
+prints an error message to stderr.
+
+..
+
+.. bpo: 43260
+.. date: 2021-02-20-12-15-29
+.. nonce: 6znAas
+.. section: Library
+
+Fix TextIOWrapper can not flush internal buffer forever after very large
+text is written.
+
+..
+
+.. bpo: 42782
+.. date: 2020-12-29-13-46-57
+.. nonce: 3r0HFY
+.. section: Library
+
+Fail fast in :func:`shutil.move()` to avoid creating destination directories
+on failure.
+
+..
+
+.. bpo: 37193
+.. date: 2020-06-12-21-23-20
+.. nonce: wJximU
+.. section: Library
+
+Fixed memory leak in ``socketserver.ThreadingMixIn`` introduced in Python
+3.7.
+
+..
+
+.. bpo: 43199
+.. date: 2021-03-13-18-43-54
+.. nonce: ZWA6KX
+.. section: Documentation
+
+Answer "Why is there no goto?" in the Design and History FAQ.
+
+..
+
+.. bpo: 43407
+.. date: 2021-03-04-22-53-03
+.. nonce: x570l5
+.. section: Documentation
+
+Clarified that a result from :func:`time.monotonic`,
+:func:`time.perf_counter`, :func:`time.process_time`, or
+:func:`time.thread_time` can be compared with the result from any following
+call to the same function - not just the next immediate call.
+
+..
+
+.. bpo: 27646
+.. date: 2021-02-20-00-09-13
+.. nonce: HRsmo-
+.. section: Documentation
+
+Clarify that 'yield from <expr>' works with any iterable, not just
+iterators.
+
+..
+
+.. bpo: 36346
+.. date: 2020-06-15-10-45-45
+.. nonce: H0sS_i
+.. section: Documentation
+
+Update some deprecated unicode APIs which are documented as "will be removed
+in 4.0" to "3.12". See :pep:`623` for detail.
+
+..
+
+.. bpo: 37945
+.. date: 2021-03-31-11-38-42
+.. nonce: HTUYhv
+.. section: Tests
+
+Fix test_getsetlocale_issue1813() of test_locale: skip the test if
+``setlocale()`` fails. Patch by Victor Stinner.
+
+..
+
+.. bpo: 41561
+.. date: 2021-03-18-10-34-42
+.. nonce: pDg4w-
+.. section: Tests
+
+Add workaround for Ubuntu's custom OpenSSL security level policy.
+
+..
+
+.. bpo: 43288
+.. date: 2021-02-21-11-11-53
+.. nonce: LfTvL-
+.. section: Tests
+
+Fix test_importlib to correctly skip Unicode file tests if the fileystem
+does not support them.
+
+..
+
+.. bpo: 43631
+.. date: 2021-03-26-09-16-34
+.. nonce: msJyPi
+.. section: Build
+
+Update macOS, Windows, and CI to OpenSSL 1.1.1k.
+
+..
+
+.. bpo: 43617
+.. date: 2021-03-24-16-55-55
+.. nonce: d69KAv
+.. section: Build
+
+Improve configure.ac: Check for presence of autoconf-archive package and
+remove our copies of M4 macros.
+
+..
+
+.. bpo: 41837
+.. date: 2021-02-28-22-49-46
+.. nonce: 9fqyXC
+.. section: macOS
+
+Update macOS installer build to use OpenSSL 1.1.1j.
+
+..
+
+.. bpo: 42225
+.. date: 2021-03-29-16-22-27
+.. nonce: iIeiLg
+.. section: IDLE
+
+Document that IDLE can fail on Unix either from misconfigured IP masquerage
+rules or failure displaying complex colored (non-ascii) characters.
+
+..
+
+.. bpo: 43283
+.. date: 2021-02-21-16-30-10
+.. nonce: DLBwYn
+.. section: IDLE
+
+Document why printing to IDLE's Shell is often slower than printing to a
+system terminal and that it can be made faster by pre-formatting a single
+string before printing.

Misc/NEWS.d/next/Build/2021-03-24-16-55-55.bpo-43617.d69KAv.rst

@@ -1,2 +0,0 @@
-Improve configure.ac: Check for presence of autoconf-archive package and
-remove our copies of M4 macros.

Misc/NEWS.d/next/Build/2021-03-26-09-16-34.bpo-43631.msJyPi.rst

@@ -1 +0,0 @@
-Update macOS, Windows, and CI to OpenSSL 1.1.1k.

Misc/NEWS.d/next/Core and Builtins/2020-11-30-14-27-29.bpo-42500.excVKU.rst

@@ -1,2 +0,0 @@
-Improve handling of exceptions near recursion limit. Converts a number of
-Fatal Errors in RecursionErrors.

Misc/NEWS.d/next/Core and Builtins/2021-03-04-22-53-10.bpo-43406.Na_VpA.rst

@@ -1,2 +0,0 @@
-Fix a possible race condition where ``PyErr_CheckSignals`` tries to execute a
-non-Python signal handler.

Misc/NEWS.d/next/Core and Builtins/2021-03-13-13-57-21.bpo-35883.UyGpdG.rst

@@ -1,4 +0,0 @@
-Python no longer fails at startup with a fatal error if a command line
-argument contains an invalid Unicode character. The
-:c:func:`Py_DecodeLocale` function now escapes byte sequences which would be
-decoded as Unicode characters outside the [U+0000; U+10ffff] range.

Misc/NEWS.d/next/Core and Builtins/2021-03-16-17-12-54.bpo-43517.zAo6Ws.rst

@@ -1,2 +0,0 @@
-Fix misdetection of circular imports when using ``from pkg.mod import
-attr``, which caused false positives in non-trivial multi-threaded code.

Misc/NEWS.d/next/Core and Builtins/2021-03-19-22-49-40.bpo-43555.ZmhYSA.rst

@@ -1,2 +0,0 @@
-Report the column offset for :exc:`SyntaxError` for invalid line
-continuation characters. Patch by Pablo Galindo.

Misc/NEWS.d/next/Core and Builtins/2021-03-29-19-50-34.bpo-43660.scTgag.rst

@@ -1,3 +0,0 @@
-Fix crash that happens when replacing ``sys.stderr`` with a callable that
-can remove the object while an exception is being printed. Patch by Pablo
-Galindo.

Misc/NEWS.d/next/Documentation/2020-06-15-10-45-45.bpo-36346.H0sS_i.rst

@@ -1,2 +0,0 @@
-Update some deprecated unicode APIs which are documented as "will be removed
-in 4.0" to "3.12". See :pep:`623` for detail.

Misc/NEWS.d/next/Documentation/2021-02-20-00-09-13.bpo-27646.HRsmo-.rst

@@ -1,2 +0,0 @@
-Clarify that 'yield from <expr>' works with any iterable, not just
-iterators.

Misc/NEWS.d/next/Documentation/2021-03-04-22-53-03.bpo-43407.x570l5.rst

@@ -1,4 +0,0 @@
-Clarified that a result from :func:`time.monotonic`,
-:func:`time.perf_counter`, :func:`time.process_time`, or
-:func:`time.thread_time` can be compared with the result from any following
-call to the same function - not just the next immediate call.

Misc/NEWS.d/next/Documentation/2021-03-13-18-43-54.bpo-43199.ZWA6KX.rst

@@ -1 +0,0 @@
-Answer "Why is there no goto?" in the Design and History FAQ.

Misc/NEWS.d/next/IDLE/2021-02-21-16-30-10.bpo-43283.DLBwYn.rst

@@ -1,3 +0,0 @@
-Document why printing to IDLE's Shell is often slower than printing to a
-system terminal and that it can be made faster by pre-formatting a single
-string before printing.

Misc/NEWS.d/next/IDLE/2021-03-29-16-22-27.bpo-42225.iIeiLg.rst

@@ -1,2 +0,0 @@
-Document that IDLE can fail on Unix either from misconfigured IP masquerage
-rules or failure displaying complex colored (non-ascii) characters.

Misc/NEWS.d/next/Library/2020-06-12-21-23-20.bpo-37193.wJximU.rst

@@ -1,2 +0,0 @@
-Fixed memory leak in ``socketserver.ThreadingMixIn`` introduced in Python
-3.7.

Misc/NEWS.d/next/Library/2020-12-29-13-46-57.bpo-42782.3r0HFY.rst

@@ -1,2 +0,0 @@
-Fail fast in :func:`shutil.move()` to avoid creating destination directories on
-failure.

Misc/NEWS.d/next/Library/2021-02-20-12-15-29.bpo-43260.6znAas.rst

@@ -1,2 +0,0 @@
-Fix TextIOWrapper can not flush internal buffer forever after very large
-text is written.

Misc/NEWS.d/next/Library/2021-02-25-09-44-36.bpo-43316.k9Gyqn.rst

@@ -1,3 +0,0 @@
-The ``python -m gzip`` command line application now properly fails when
-detecting an unsupported extension. It exits with a non-zero exit code and
-prints an error message to stderr.

Misc/NEWS.d/next/Library/2021-03-04-17-53-46.bpo-43399.Wn95u-.rst

@@ -1,2 +0,0 @@
-Fix ``ElementTree.extend`` not working on iterators when using the
-Python implementation

Misc/NEWS.d/next/Library/2021-03-07-11-23-20.bpo-43332.weatsh.rst

@@ -1,3 +0,0 @@
-Improves the networking efficiency of :mod:`http.client` when using a proxy
-via :meth:`~HTTPConnection.set_tunnel`.  Fewer small send calls are made
-during connection setup.

Misc/NEWS.d/next/Library/2021-03-10-14-07-44.bpo-27820.Wwdy-r.rst

@@ -1,8 +0,0 @@
-Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with
-initial_response_ok=False will fail.
-
-The cause is that SMTP.auth_login _always_ returns a password if provided
-with a challenge string, thus non-compliant with the standard for AUTH
-LOGIN.
-
-Also fixes bug with the test for smtpd.

Misc/NEWS.d/next/Library/2021-03-11-15-44-18.bpo-43423.rRomRD.rst

@@ -1,2 +0,0 @@
-:func:`subprocess.communicate` no longer raises an IndexError when there is an
-empty stdout or stderr IO buffer during a timeout on Windows.

Misc/NEWS.d/next/Library/2021-03-16-16-05-02.bpo-43521.mRT6fh.rst

@@ -1 +0,0 @@
-``ast.unparse`` can now render NaNs and empty sets.

Misc/NEWS.d/next/Library/2021-03-21-10-13-17.bpo-43577.m7JnAV.rst

@@ -1 +0,0 @@
-Fix deadlock when using :class:`ssl.SSLContext` debug callback with :meth:`ssl.SSLContext.sni_callback`.

Misc/NEWS.d/next/Library/2021-03-23-17-18-56.bpo-35930.RZ51pM.rst

@@ -1,2 +0,0 @@
-Raising an exception raised in a "future" instance will create reference
-cycles.

Misc/NEWS.d/next/Library/2021-03-28-23-50-20.bpo-43433.so9j5G.rst

@@ -1,2 +0,0 @@
-:class:`xmlrpc.client.ServerProxy` no longer ignores query and fragment in
-the URL of the server.

Misc/NEWS.d/next/Security/2021-03-08-23-06-07.bpo-43439.5U3lXm.rst

@@ -1,2 +0,0 @@
-Add audit hooks for :func:`gc.get_objects`, :func:`gc.get_referrers` and
-:func:`gc.get_referents`. Patch by Pablo Galindo.

Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst

@@ -1,8 +0,0 @@
-:mod:`ftplib` no longer trusts the IP address value returned from the server
-in response to the PASV command by default.  This prevents a malicious FTP
-server from using the response to probe IPv4 address and port combinations
-on the client network.
-
-Code that requires the former vulnerable behavior may set a
-``trust_server_pasv_ipv4_address`` attribute on their
-:class:`ftplib.FTP` instances to ``True`` to re-enable it.

Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst

@@ -1,4 +0,0 @@
-CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module which
-could be abused to read arbitrary files on the disk (directory traversal
-vulnerability). Moreover, even source code of Python modules can contain
-sensitive data like passwords. Vulnerability reported by David Schwörer.

Misc/NEWS.d/next/Tests/2021-02-21-11-11-53.bpo-43288.LfTvL-.rst

@@ -1,2 +0,0 @@
-Fix test_importlib to correctly skip Unicode file tests if the fileystem
-does not support them.

Misc/NEWS.d/next/Tests/2021-03-18-10-34-42.bpo-41561.pDg4w-.rst

@@ -1 +0,0 @@
-Add workaround for Ubuntu's custom OpenSSL security level policy.

Misc/NEWS.d/next/Tests/2021-03-31-11-38-42.bpo-37945.HTUYhv.rst

@@ -1,2 +0,0 @@
-Fix test_getsetlocale_issue1813() of test_locale: skip the test if
-``setlocale()`` fails. Patch by Victor Stinner.

Misc/NEWS.d/next/macOS/2021-02-28-22-49-46.bpo-41837.9fqyXC.rst

@@ -1 +0,0 @@
-Update macOS installer build to use OpenSSL 1.1.1j.

README.rst

@@ -1,4 +1,4 @@
-This is Python version 3.9.2
+This is Python version 3.9.3
 ============================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.9