This option changes the behavior of --enable-shared to continue to build
the libpython3.x.so shared library, but not use it for linking the
python3 interpreter executable. Instead, the executable is linked
directly against the libpython .o files as it would be with
--disable-shared.
There are two benefits of this change. First, libpython uses
thread-local storage, which is noticeably slower when used in a loaded
module instead of in the main program, because the main program can take
advantage of constant offsets from the thread state pointer but loaded
modules have to dynamically call a function __tls_get_addr() to
potentially allocate their thread-local storage area. (There is another
thread-local storage model for dynamic libraries which mitigates most of
this performance hit, but it comes at the cost of preventing
dlopen("libpython3.x.so"), which is a use case we want to preserve.)
Second, this improves the user experience around relocatable Python a
little bit, in that we don't need to use an $ORIGIN-relative path to
locate libpython3.x.so, which has some mild benefits around musl (which
does not support $ORIGIN-relative DT_NEEDED, only $ORIGIN-relative
DT_RPATH/DT_RUNPATH), users who want to make the interpreter setuid or
setcap (which prevents processing $ORIGIN), etc.
Henry Jones [Tue, 14 Apr 2026 13:10:08 +0000 (01:10 +1200)]
gh-148192: Fix Generator._make_boundary behavior with CRLF line endings. (#148193)
The Generator._make_boundary regex did not match on boundary phrases correctly when using CRLF line endings due to re.MULTILINE not considering \r\n as a line ending.
Loïc Simon [Tue, 14 Apr 2026 11:37:41 +0000 (13:37 +0200)]
gh-134551: Add t-strings support to pprint (#134577)
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-148252: Fix stack depth calculation in binary reader on 32-bit platforms (#148253)
Compute ``final_depth`` in ``decode_stack_pop_push()`` and
``decode_stack_suffix()`` using ``uint64_t`` before validating it.
On 32-bit builds, using ``size_t`` arithmetic for ``keep + push`` can wrap
for large input values, causing the later bounds check to validate the wrong
final depth. Using a widened type keeps the validation aligned with the
actual result.
gh-148178: Validate remote debug offset tables on load (#148187)
Treat the debug offset tables read from a target process as untrusted input
and validate them before the unwinder uses any reported sizes or offsets.
Add a shared validator in debug_offsets_validation.h and run it once when
_Py_DebugOffsets is loaded and once when AsyncioDebug is loaded. The checks
cover section sizes used for fixed local buffers and every offset that is
later dereferenced against a local buffer or local object view. This keeps
the bounds checks out of the sampling hot path while rejecting malformed
tables up front.
gh-144881: Add retry logic to asyncio debugging tools (#148530)
Transient errors can occur when attaching to a process that is actively
using thread delegation (e.g. asyncio.to_thread). Add a retry loop to
_get_awaited_by_tasks for RuntimeError, OSError, UnicodeDecodeError, and
MemoryError, and expose --retries CLI flag on both `ps` and `pstree`
subcommands (default: 3).
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com> Co-authored-by: Stan Ulbrych <stan@python.org>
Joel Dice [Mon, 13 Apr 2026 21:06:36 +0000 (15:06 -0600)]
gh-146139: Disable `socketpair` authentication on WASI (#146140)
Calling `connect(2)` on a non-blocking socket on WASI may leave the socket in a
"connecting" but not yet "connected" state. In the former case, calling
`getpeername(2)` on it will fail, leading to an unhandled exception in Python.
Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Brett Cannon <brett@python.org>
Sam Gross [Mon, 13 Apr 2026 18:11:28 +0000 (14:11 -0400)]
gh-148393: Use acquire load for _ma_watcher_tag in dict notify event (gh-148509)
The watcher-bits read in _PyDict_NotifyEvent needs to use acquire to
synchronize with the release from PyDict_Watch so that the callback
publication is visible before the callback is invoked.
gh-146450: Ensure Android gradle build uses custom cross-build dir (#148319)
Ensures that the testbed's Gradle configuration uses the cross-build environment
variable, and that variable is passed to Gradle by the cross-build script.
Gregory P. Smith [Sun, 12 Apr 2026 06:06:19 +0000 (23:06 -0700)]
gh-146313: Fix multiprocessing ResourceTracker deadlock after os.fork() (GH-146316)
`ResourceTracker.__del__` (added in gh-88887 circa Python 3.12) calls
os.waitpid(pid, 0) which blocks indefinitely if a process created via os.fork()
still holds the tracker pipe's write end. The tracker never sees EOF, never
exits, and the parent hangs at interpreter shutdown.
Fix with two layers:
- **At-fork handler.** An os.register_at_fork(after_in_child=...)
handler closes the inherited pipe fd in the child unless a preserve
flag is set. popen_fork.Popen._launch() sets the flag before its
fork so mp.Process(fork) children keep the fd and reuse the parent's
tracker (preserving gh-80849). Raw os.fork() children close the fd,
letting the parent reap promptly.
- **Timeout safety-net.** _stop_locked() gains a wait_timeout
parameter. When called from `__del__`, it polls with WNOHANG using
exponential backoff for up to 1 second instead of blocking
indefinitely. The at-fork handler makes this unreachable in
well-behaved paths; it remains for abnormal shutdowns.
Chris Eibl [Sun, 12 Apr 2026 05:49:18 +0000 (07:49 +0200)]
GH-148047: Check early whether tail-calling is possible for MSVC builds on Windows (#148036)
Rather than failing late when compiling e.g. a debug configuration
```
build.bat -c debug --tail-call-interp
```
with hundreds of
```
error C4737: Unable to perform required tail call. Performance may be degraded.
```
-- fail early with an explicit error message for configurations that are not supported by MSVC.
This is a follow-up on https://github.com/python/cpython/issues/140513 / https://github.com/python/cpython/pull/140548
gh-89520: Load extension settings and keybindings from user config (GH-28713)
Extension keybindings defined in ~/.idlerc/config-extensions.cfg were silently ignored because GetExtensionKeys, __GetRawExtensionKeys, and GetExtensionBindings only checked default config. Fix these to check user config as well, and update the extensions config dialog to handle user-only extensions correctly.
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com> Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-147965: Add shutdown() to multiprocessing.Queue excluded methods (GH-147970)
The multiprocessing.Queue documentation states it implements all
methods of queue.Queue except task_done() and join(). Since
queue.Queue.shutdown() was added in Python 3.13,
multiprocessing.Queue also does not implement it. Update the docs
to include shutdown() in the list of excluded methods.
gh-142831: Fix use-after-free in json encoder during re-entrant mutation (gh-142851)
Hold strong references to borrowed items unconditionally (not only in
free-threading builds) in _encoder_iterate_mapping_lock_held and
_encoder_iterate_fast_seq_lock_held. User callbacks invoked during
encoding can mutate or clear the underlying container, invalidating
borrowed references.
The dict iteration path was already fixed by gh-145244.
Co-authored-by: Kumar Aditya <kumaraditya@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
Gregory P. Smith [Sun, 12 Apr 2026 00:02:56 +0000 (17:02 -0700)]
gh-146287: Fix signed/unsigned mismatch in _hashlib_hmac_digest_size (GH-148407)
* gh-146287: use signed type for HMAC digest size to prevent unsigned wrapping
Change _hashlib_hmac_digest_size() return type from unsigned int to int
so that a hypothetical negative return from EVP_MD_size() is not
silently wrapped to a large positive value. Add an explicit check for
negative digest_size in the legacy OpenSSL path, and use SystemError
(not ValueError) since these conditions indicate internal invariant
violations. Also add debug-build asserts to EVP_get_block_size and
EVP_get_digest_size documenting that the hash context is always
initialized.
gh-145244: Fix use-after-free on borrowed dict key in json encoder (GH-145245)
In encoder_encode_key_value(), key is a borrowed reference from
PyDict_Next(). If the default callback mutates or clears the dict,
key becomes a dangling pointer. The error path then calls
_PyErr_FormatNote("%R", key) on freed memory.
Fix by holding strong references to key and value unconditionally
during encoding, not just in the free-threading build.
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
gh-145105: Fix crash in csv.reader with re-entrant iterator (GH-145106)
When a custom iterator calls next() on the same csv.reader from
within __next__, the inner iteration sets self->fields to NULL.
The outer iteration then crashes in parse_save_field() by passing
NULL to PyList_Append.
Add a guard after PyIter_Next() to detect that fields was set to
NULL by a re-entrant call, and raise csv.Error instead of crashing.
Gregory P. Smith [Sat, 11 Apr 2026 21:54:23 +0000 (14:54 -0700)]
gh-146302: make Py_IsInitialized() thread-safe and reflect true init completion (GH-146303)
## Summary
- Move the `runtime->initialized = 1` store from before `site.py` import to the end of `init_interp_main()`, so `Py_IsInitialized()` only returns true after initialization has fully completed
- Access `initialized` and `core_initialized` through new inline accessors using acquire/release atomics, to also protect from data race undefined behavior
- `PySys_AddAuditHook()` now uses the accessor, so with the flag move it correctly skips audit hook invocation during all init phases (matching the documented "after runtime initialization" behavior) ... We could argue that running these earlier would be good even if the intent was never explicitly expressed, but that'd be its own issue.
## Motivation
`Py_IsInitialized()` returned 1 while `Py_InitializeEx()` was still running — specifically, before `site.py` had been imported. See https://github.com/PyO3/pyo3/issues/5900 where a second thread could acquire the GIL and start executing Python with an incomplete `sys.path` because `site.py` hadn't finished.
The flag was also a plain `int` with no atomic operations, making concurrent reads a C-standard data race, though unlikely to manifest.
## Regression test:
The added test properly fails on `main` with `ERROR: Py_IsInitialized() was true during site import`.
---
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
projects / thirdparty / Python / cpython.git / log
