Merge branch 'main' into fix-issue-129069

Author: tom-pytel

.pre-commit-config.yaml

@@ -14,6 +14,10 @@ repos:
         name: Run Ruff (lint) on Tools/build/
         args: [--exit-non-zero-on-fix, --config=Tools/build/.ruff.toml]
         files: ^Tools/build/
+      - id: ruff
+        name: Run Ruff (lint) on Tools/i18n/
+        args: [--exit-non-zero-on-fix, --config=Tools/i18n/.ruff.toml]
+        files: ^Tools/i18n/
       - id: ruff
         name: Run Ruff (lint) on Argument Clinic
         args: [--exit-non-zero-on-fix, --config=Tools/clinic/.ruff.toml]

Doc/deprecations/pending-removal-in-3.15.rst

@@ -107,6 +107,6 @@ Pending removal in Python 3.15
 
 * :mod:`zipimport`:
 
-  * :meth:`~zipimport.zipimporter.load_module` has been deprecated since
+  * :meth:`!zipimport.zipimporter.load_module` has been deprecated since
     Python 3.10. Use :meth:`~zipimport.zipimporter.exec_module` instead.
-    (Contributed by Jiahao Li in :gh:`125746`.)
+    (:gh:`125746`.)

Doc/howto/descriptor.rst

@@ -420,7 +420,7 @@ Here are three practical data validation utilities:
 
         def validate(self, value):
             if not isinstance(value, str):
-                raise TypeError(f'Expected {value!r} to be an str')
+                raise TypeError(f'Expected {value!r} to be a str')
             if self.minsize is not None and len(value) < self.minsize:
                 raise ValueError(
                     f'Expected {value!r} to be no smaller than {self.minsize!r}'

Doc/library/ssl.rst

@@ -1684,19 +1684,33 @@ to speed up repeated connections from the same clients.
 
 .. method:: SSLContext.set_ciphers(ciphers)
 
-   Set the available ciphers for sockets created with this context.
-   It should be a string in the `OpenSSL cipher list format
+   Set the allowed ciphers for sockets created with this context when
+   connecting using TLS 1.2 and earlier.  The *ciphers* argument should
+   be a string in the `OpenSSL cipher list format
    <https://docs.openssl.org/master/man1/ciphers/>`_.
+   To set allowed TLS 1.3 ciphers, use :meth:`SSLContext.set_ciphersuites`.
+
    If no cipher can be selected (because compile-time options or other
    configuration forbids use of all the specified ciphers), an
    :class:`SSLError` will be raised.
 
    .. note::
-      when connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
-      give the currently selected cipher.
+      When connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
+      return details about the negotiated cipher.
+
+.. method:: SSLContext.set_ciphersuites(ciphersuites)
+
+   Set the allowed ciphers for sockets created with this context when
+   connecting using TLS 1.3.  The *ciphersuites* argument should be a
+   colon-separate string of TLS 1.3 cipher names.  If no cipher can be
+   selected (because compile-time options or other configuration forbids
+   use of all the specified ciphers), an :class:`SSLError` will be raised.
+
+   .. note::
+      When connected, the :meth:`SSLSocket.cipher` method of SSL sockets will
+      return details about the negotiated cipher.
 
-      TLS 1.3 cipher suites cannot be disabled with
-      :meth:`~SSLContext.set_ciphers`.
+   .. versionadded:: next
 
 .. method:: SSLContext.set_groups(groups)
 
@@ -2845,10 +2859,15 @@ TLS 1.3
 The TLS 1.3 protocol behaves slightly differently than previous version
 of TLS/SSL. Some new TLS 1.3 features are not yet available.
 
-- TLS 1.3 uses a disjunct set of cipher suites. All AES-GCM and
-  ChaCha20 cipher suites are enabled by default.  The method
-  :meth:`SSLContext.set_ciphers` cannot enable or disable any TLS 1.3
-  ciphers yet, but :meth:`SSLContext.get_ciphers` returns them.
+- TLS 1.3 uses a disjunct set of cipher suites.  All AES-GCM and ChaCha20
+  cipher suites are enabled by default.  To restrict which TLS 1.3 ciphers
+  are allowed, the :meth:`SSLContext.set_ciphersuites` method should be
+  called instead of :meth:`SSLContext.set_ciphers`, which only affects
+  ciphers in older TLS versions.  The :meth:`SSLContext.get_ciphers` method
+  returns information about ciphers for both TLS 1.3 and earlier versions
+  and the method :meth:`SSLSocket.cipher` returns information about the
+  negotiated cipher for both TLS 1.3 and earlier versions once a connection
+  is established.
 - Session tickets are no longer sent as part of the initial handshake and
   are handled differently.  :attr:`SSLSocket.session` and :class:`SSLSession`
   are not compatible with TLS 1.3.

Doc/library/zipimport.rst

@@ -142,17 +142,6 @@ zipimporter Objects
       :exc:`ZipImportError` if the module couldn't be found.
 
 
-   .. method:: load_module(fullname)
-
-      Load the module specified by *fullname*. *fullname* must be the fully
-      qualified (dotted) module name. Returns the imported module on success,
-      raises :exc:`ZipImportError` on failure.
-
-      .. deprecated-removed:: 3.10 3.15
-
-         Use :meth:`exec_module` instead.
-
-
    .. method:: invalidate_caches()
 
       Clear out the internal cache of information about files found within
@@ -188,17 +177,20 @@ Here is an example that imports a module from a ZIP archive - note that the
 
 .. code-block:: shell-session
 
-   $ unzip -l example.zip
-   Archive:  example.zip
+   $ unzip -l example_archive.zip
+   Archive:  example_archive.zip
      Length     Date   Time    Name
     --------    ----   ----    ----
-        8467  11-26-02 22:30   jwzthreading.py
+        8467  01-01-00 12:30   example.py
     --------                   -------
         8467                   1 file
-   $ ./python
-   Python 2.3 (#1, Aug 1 2003, 19:54:32)
+
+.. code-block:: pycon
+
    >>> import sys
-   >>> sys.path.insert(0, 'example.zip')  # Add .zip file to front of path
-   >>> import jwzthreading
-   >>> jwzthreading.__file__
-   'example.zip/jwzthreading.py'
+   >>> # Add the archive to the front of the module search path
+   >>> sys.path.insert(0, 'example_archive.zip')
+   >>> import example
+   >>> example.__file__
+   'example_archive.zip/example.py'
+

Doc/whatsnew/3.15.rst

@@ -426,6 +426,13 @@ ssl
 
    (Contributed by Ron Frederick in :gh:`136306`)
 
+* Added a new method :meth:`ssl.SSLContext.set_ciphersuites` for setting TLS 1.3
+  ciphers. For TLS 1.2 or earlier, :meth:`ssl.SSLContext.set_ciphers` should
+  continue to be used. Both calls can be made on the same context and the
+  selected cipher suite will depend on the TLS version negotiated when a
+  connection is made.
+  (Contributed by Ron Frederick in :gh:`137197`.)
+
 
 tarfile
 -------
@@ -611,6 +618,14 @@ wave
   (Contributed by Bénédikt Tran in :gh:`133873`.)
 
 
+zipimport
+---------
+
+* Remove deprecated :meth:`!zipimport.zipimporter.load_module`.
+  Use :meth:`zipimport.zipimporter.exec_module` instead.
+  (Contributed by Jiahao Li in :gh:`133656`.)
+
+
 Porting to Python 3.15
 ======================
 

Lib/test/test_free_threading/test_json.py

@@ -0,0 +1,79 @@
+from threading import Barrier, Thread
+from test.test_json import CTest
+from test.support import threading_helper
+
+
+def encode_json_helper(
+    json, worker, data, number_of_threads=12, number_of_json_encodings=100
+):
+    worker_threads = []
+    barrier = Barrier(number_of_threads)
+    for index in range(number_of_threads):
+        worker_threads.append(
+            Thread(target=worker, args=[barrier, data, index])
+        )
+    for t in worker_threads:
+        t.start()
+    for ii in range(number_of_json_encodings):
+        json.dumps(data)
+    data.clear()
+    for t in worker_threads:
+        t.join()
+
+
+class MyMapping(dict):
+    def __init__(self):
+        self.mapping = []
+
+    def items(self):
+        return self.mapping
+
+
+@threading_helper.reap_threads
+@threading_helper.requires_working_threading()
+class TestJsonEncoding(CTest):
+    # Test encoding json with concurrent threads modifying the data cannot
+    # corrupt the interpreter
+
+    def test_json_mutating_list(self):
+        def worker(barrier, data, index):
+            barrier.wait()
+            while data:
+                for d in data:
+                    if len(d) > 5:
+                        d.clear()
+                    else:
+                        d.append(index)
+
+        data = [[], []]
+        encode_json_helper(self.json, worker, data)
+
+    def test_json_mutating_exact_dict(self):
+        def worker(barrier, data, index):
+            barrier.wait()
+            while data:
+                for d in data:
+                    if len(d) > 5:
+                        try:
+                            key = list(d)[0]
+                            d.pop()
+                        except (KeyError, IndexError):
+                            pass
+                    else:
+                        d[index] = index
+
+        data = [{}, {}]
+        encode_json_helper(self.json, worker, data)
+
+    def test_json_mutating_mapping(self):
+        def worker(barrier, data, index):
+            barrier.wait()
+            while data:
+                for d in data:
+                    if len(d.mapping) > 3:
+                        d.mapping.clear()
+                    else:
+                        d.mapping.append((index, index))
+
+        data = [MyMapping(), MyMapping()]
+        encode_json_helper(self.json, worker, data)

Lib/test/test_io/__init__.py

@@ -0,0 +1,5 @@
+import os
+from test.support import load_package_tests
+
+def load_tests(*args):
+    return load_package_tests(os.path.dirname(__file__), *args)

Lib/test/test_io/__main__.py

@@ -0,0 +1,4 @@
+from . import load_tests
+import unittest
+
+unittest.main()

Lib/test/test_io.py renamed to Lib/test/test_io/test_general.py

@@ -5,7 +5,7 @@
 # * test_memoryio - tests BytesIO and StringIO
 # * test_fileio - tests FileIO
 # * test_file - tests the file interface
-# * test_io - tests everything else in the io module
+# * test_io.test_general - tests everything else in the io module
 # * test_univnewlines - tests universal newline support
 # * test_largefile - tests operations on a file greater than 2**32 bytes
 #     (only enabled with -ulargefile)