Merge branch 'main' into gh-151179-pidfd-leak

Author: kumaraditya303

.github/CODEOWNERS

@@ -63,7 +63,7 @@
 .azure-pipelines/             @AA-Turner
 
 # GitHub & related scripts
-.github/                                    @ezio-melotti @hugovk @AA-Turner @webknjaz
+.github/                                    @ezio-melotti @hugovk @AA-Turner @webknjaz @itamaro
 Tools/build/compute-changes.py              @AA-Turner @hugovk @webknjaz
 Lib/test/test_tools/test_compute_changes.py @AA-Turner @hugovk @webknjaz
 Tools/build/verify_ensurepip_wheels.py      @AA-Turner @pfmoore @pradyunsg
@@ -73,19 +73,19 @@ Tools/build/verify_ensurepip_wheels.py      @AA-Turner @pfmoore @pradyunsg
 .ruff.toml                    @hugovk @AlexWaygood @AA-Turner
 
 # Patchcheck
-Tools/patchcheck/             @AA-Turner
+Tools/patchcheck/             @AA-Turner @itamaro
 
 
 # ----------------------------------------------------------------------------
 # Build System
 # ----------------------------------------------------------------------------
 
 # Autotools
-configure*                       @erlend-aasland @corona10 @AA-Turner @emmatyping
-Makefile.pre.in                  @erlend-aasland @AA-Turner @emmatyping
-Modules/makesetup                @erlend-aasland @AA-Turner @emmatyping
-Modules/Setup*                   @erlend-aasland @AA-Turner @emmatyping
-Tools/build/regen-configure.sh   @AA-Turner
+configure*                       @erlend-aasland @corona10 @AA-Turner @emmatyping @itamaro
+Makefile.pre.in                  @erlend-aasland @AA-Turner @emmatyping @itamaro
+Modules/makesetup                @erlend-aasland @AA-Turner @emmatyping @itamaro
+Modules/Setup*                   @erlend-aasland @AA-Turner @emmatyping @itamaro
+Tools/build/regen-configure.sh   @AA-Turner @itamaro
 
 # generate-build-details
 Tools/build/generate-build-details.py   @FFY00

.github/SECURITY.md

@@ -1,17 +1,24 @@
 # Security Policy
 
-## Supported Versions
+Python [provides a security policy and threat model](https://devguide.python.org/security/policy/)
+in the Python Developer's Guide documenting what bugs are vulnerabilities,
+how to structure reports, and what versions of Python accept reports.
 
-The Python team applies security fixes according to the table
-in [the devguide](
-https://devguide.python.org/versions/#supported-versions
-).
+Python Security Response Team (PSRT) members
+balance security work against many other responsibilities. Please be thoughtful
+about the time and attention your report requires. Repeated failure to respect
+the security policy will result in future reports being rejected, or the
+reporter being banned from the ``python`` GitHub organization, regardless of
+technical merit.
 
 ## Reporting a Vulnerability
 
-Please read the guidelines on reporting security issues [on the
-official website](https://www.python.org/dev/security/) for
-instructions on how to report a security-related problem to
-the Python team responsibly.
+The [Python security policy](https://devguide.python.org/security/policy/)
+documents [how to submit a vulnerability report](https://devguide.python.org/security/policy/#how-to-submit-a-vulnerability-report)
+using GitHub Security Advisories. Please read the security policy
+prior to filing a vulnerability report, especially the section on [what information to
+include and exclude](https://devguide.python.org/security/policy/#what-to-include-and-how-to-structure-a-vulnerability-report)
+in vulnerability reports. Following the security policy means the PSRT can
+quickly and efficiently triage your report, not following the security policy
+will only delay triaging your report.
 
-To reach the response team, email `security at python dot org`.

.github/workflows/build.yml

@@ -278,14 +278,13 @@ jobs:
           # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
           # supported by important vendors such as AWS-LC.
           - { name: openssl, version: 1.1.1w }
-          - { name: openssl, version: 3.0.20 }
-          - { name: openssl, version: 3.3.7 }
-          - { name: openssl, version: 3.4.5 }
-          - { name: openssl, version: 3.5.6 }
-          - { name: openssl, version: 3.6.2 }
-          - { name: openssl, version: 4.0.0 }
+          - { name: openssl, version: 3.0.21 }
+          - { name: openssl, version: 3.4.6 }
+          - { name: openssl, version: 3.5.7 }
+          - { name: openssl, version: 3.6.3 }
+          - { name: openssl, version: 4.0.1 }
           ## AWS-LC
-          - { name: aws-lc, version: 1.72.1 }
+          - { name: aws-lc, version: 5.0.0 }
     env:
       SSLLIB_VER: ${{ matrix.ssllib.version }}
       MULTISSL_DIR: ${{ github.workspace }}/multissl
@@ -399,7 +398,7 @@ jobs:
     needs: build-context
     if: needs.build-context.outputs.run-ubuntu == 'true'
     env:
-      OPENSSL_VER: 3.5.6
+      OPENSSL_VER: 3.5.7
       PYTHONSTRICTEXTENSIONBUILD: 1
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -507,7 +506,7 @@ jobs:
       matrix:
         os: [ubuntu-24.04]
     env:
-      OPENSSL_VER: 3.5.6
+      OPENSSL_VER: 3.5.7
       PYTHONSTRICTEXTENSIONBUILD: 1
       ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
     steps:

.github/workflows/reusable-san.yml

@@ -82,19 +82,19 @@ jobs:
       run: make -j4
     - name: Display build info
       run: make pythoninfo
-    # test_{capi,faulthandler} are skipped under UBSan because
+    # test_capi is skipped under UBSan because
     # they raise signals that UBSan with halt_on_error=1 intercepts.
     - name: Tests
       run: >-
         ./python -m test
         ${{ inputs.sanitizer == 'TSan' && '--tsan' || '' }}
-        ${{ inputs.sanitizer == 'UBSan' && '-x test_capi -x test_faulthandler' || '' }}
-        -j4
+        ${{ inputs.sanitizer == 'UBSan' && '-x test_capi' || '' }}
+        -j4 -W
     - name: Parallel tests
       if: >-
         inputs.sanitizer == 'TSan'
         && fromJSON(inputs.free-threading)
-      run: ./python -m test --tsan-parallel --parallel-threads=4 -j4
+      run: ./python -m test --tsan-parallel --parallel-threads=4 -j4 -W
     - name: Display logs
       if: always()
       run: find "${GITHUB_WORKSPACE}" -name 'san_log.*' | xargs head -n 1000

.github/workflows/reusable-ubuntu.yml

@@ -35,7 +35,7 @@ jobs:
     runs-on: ${{ inputs.os }}
     timeout-minutes: 60
     env:
-      OPENSSL_VER: 3.5.6
+      OPENSSL_VER: 3.5.7
       PYTHONSTRICTEXTENSIONBUILD: 1
       TERM: linux
     steps:

Doc/bugs.rst

@@ -12,6 +12,9 @@ It can be sometimes faster to fix bugs yourself and contribute patches to
 Python as it streamlines the process and involves fewer people. Learn how to
 :ref:`contribute <contributing-to-python>`.
 
+
+.. _reporting-documentation-bugs:
+
 Documentation bugs
 ==================
 

Doc/c-api/complex.rst

@@ -130,7 +130,7 @@ rather than dereferencing them through pointers.
 
 Please note, that these functions are :term:`soft deprecated` since Python
 3.15.  Avoid using this API in a new code to do complex arithmetic: either use
-the `Number Protocol <number>`_ API or use native complex types, like
+the :ref:`Number Protocol <number>` API or use native complex types, like
 :c:expr:`double complex`.
 
 

Doc/c-api/coro.rst

@@ -33,3 +33,9 @@ return.
    with ``__name__`` and ``__qualname__`` set to *name* and *qualname*.
    A reference to *frame* is stolen by this function.  The *frame* argument
    must not be ``NULL``.
+
+   .. deprecated-removed:: 3.16 3.18
+
+      This function has not been used since 3.10.
+      It is also impossible to construct a proper *frame*
+      object to call this function.

Doc/c-api/exceptions.rst

@@ -412,7 +412,7 @@ an error value).
 
 .. c:function:: int PyErr_WarnFormat(PyObject *category, Py_ssize_t stack_level, const char *format, ...)
 
-   Function similar to :c:func:`PyErr_WarnEx`, but use
+   Function similar to :c:func:`PyErr_WarnEx`, but uses
    :c:func:`PyUnicode_FromFormat` to format the warning message.  *format* is
    an ASCII-encoded string.
 
@@ -1038,7 +1038,7 @@ Properly implementing :c:member:`~PyTypeObject.tp_repr` for container types requ
 special recursion handling.  In addition to protecting the stack,
 :c:member:`~PyTypeObject.tp_repr` also needs to track objects to prevent cycles.  The
 following two functions facilitate this functionality.  Effectively,
-these are the C equivalent to :func:`reprlib.recursive_repr`.
+these are the C equivalent to :deco:`reprlib.recursive_repr`.
 
 .. c:function:: int Py_ReprEnter(PyObject *object)
 
@@ -1392,7 +1392,7 @@ Tracebacks
 
    This function will return ``NULL`` on success, or an error message on error.
 
-   This function is meant to debug debug situations such as segfaults, fatal
+   This function is meant to debug situations such as segfaults, fatal
    errors, and similar. It calls :c:func:`PyUnstable_DumpTraceback` for each
    thread. It only writes the tracebacks of the first *max_threads* threads,
    further output is truncated with the line ``...``. If *max_threads* is 0, the

Doc/c-api/gen.rst

@@ -38,13 +38,25 @@ than explicitly calling :c:func:`PyGen_New` or :c:func:`PyGen_NewWithQualName`.
    A reference to *frame* is stolen by this function. The argument must not be
    ``NULL``.
 
+   .. deprecated-removed:: 3.16 3.18
+
+      This function has not been used since 3.10.
+      It is also impossible to construct a proper *frame*
+      object to call this function.
+
 .. c:function:: PyObject* PyGen_NewWithQualName(PyFrameObject *frame, PyObject *name, PyObject *qualname)
 
    Create and return a new generator object based on the *frame* object,
    with ``__name__`` and ``__qualname__`` set to *name* and *qualname*.
    A reference to *frame* is stolen by this function.  The *frame* argument
    must not be ``NULL``.
 
+   .. deprecated-removed:: 3.16 3.18
+
+      This function has not been used since 3.10.
+      It is also impossible to construct a proper *frame*
+      object to call this function.
+
 
 .. c:function:: PyCodeObject* PyGen_GetCode(PyGenObject *gen)
 
@@ -77,6 +89,12 @@ Asynchronous Generator Objects
 
    .. versionadded:: 3.6
 
+   .. deprecated-removed:: 3.16 3.18
+
+      This function has not been used since 3.10.
+      It is also impossible to construct a proper *frame*
+      object to call this function.
+
 .. c:function:: int PyAsyncGen_CheckExact(PyObject *op)
 
    Return true if *op* is an asynchronous generator object, false otherwise.