setup.py | 13 5 + 8 - 0 !
1 file changed, 5 insertions(+), 8 deletions(-)

 c compiler flags:
 1. Don't duplicate /usr/local in gcc search paths.
    FIXME: Not sure why.
 2. Respect CPPFLAGS

Lib/pydoc.py | 4 4 + 0 - 0 !
Misc/python.man | 2 1 + 1 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

 debian: adjust locations of directories to debian policy

Lib/_distutils_system_mod.py | 180 180 + 0 - 0 !
Lib/distutils/command/install.py | 52 50 + 2 - 0 !
Lib/distutils/command/install_egg_info.py | 30 25 + 5 - 0 !
Lib/distutils/sysconfig.py | 7 7 + 0 - 0 !
Lib/distutils/tests/test_bdist_dumb.py | 2 1 + 1 - 0 !
Lib/distutils/tests/test_install.py | 4 2 + 2 - 0 !
Lib/pydoc.py | 1 1 + 0 - 0 !
Lib/site.py | 23 21 + 2 - 0 !
Lib/test/test_site.py | 10 5 + 5 - 0 !
9 files changed, 292 insertions(+), 17 deletions(-)

 debian: add a distutils option --install-layout=deb
 This option:
  - installs into $prefix/dist-packages instead of $prefix/site-packages.
  - doesn't encode the python version into the egg name.
 .
 We install modules into dist-packages so that a local admin can build their
 own cpython from source, and they won't see each others' installed modules.
 This keeps Debian packaged applications working correctly, isolated from the
 local cpython.
 .
 Customize site.py to import from Debian's dist-packages layout.

Lib/locale.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use glibc's name for the utf-8 locale
 FIXME: back story?

Lib/distutils/unixccompiler.py | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 distutils: don't add standard library dirs to library_dirs and runtime_library_dirs.
 On amd64, runtime paths pointing to /usr/lib64 aren't recognized by
 dpkg-shlibdeps, and the packages containing these libraries aren't added to
 ${shlibs:Depends}.

Lib/distutils/sysconfig.py | 17 14 + 3 - 0 !
Lib/distutils/tests/test_sysconfig.py | 16 8 + 8 - 0 !
2 files changed, 22 insertions(+), 11 deletions(-)

 distutils: use python's compiler arguments by default
 Get CONFIGURE_CFLAGS, CONFIGURE_CPPFLAGS, CONFIGURE_LDFLAGS from
 the python build, when CFLAGS, CPPFLAGS, LDSHARED) are not set
 in the environment.

Lib/sysconfig.py | 42 39 + 3 - 0 !
Lib/test/test_sysconfig.py | 2 1 + 1 - 0 !
2 files changed, 40 insertions(+), 4 deletions(-)

---

Lib/tkinter/__init__.py | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 suggest installation of python3-tk package
 We split Tk out into a separate binary package. Help users who try to import
 it, without it installed.

Lib/dbm/gnu.py | 5 4 + 1 - 0 !
Lib/dbm/ndbm.py | 5 4 + 1 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

 debian: suggest installation of python3-gdbm package
 We split gdbm out into a separate binary package. Help users who try to import
 it, without it installed.

configure.ac | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 call the linker with -o1 -bsymbolic-functions
 FIXME: Why? Why -O1?

Modules/Setup | 16 5 + 11 - 0 !
1 file changed, 5 insertions(+), 11 deletions(-)

 configure linking for c-library wrapping modules
 Use the system C libraries, rather than sources bundled with cPython, or
 anything from /usr/local.

Makefile.pre.in | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 ignore errors in the profile task.
 FIXME: Back story?

Lib/gettext.py | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 ubuntu: support separate langpack packages
 Support alternative gettext tree in /usr/share/locale-langpack; if a file is
 present in both trees, prefer the newer one.
 Ubuntu collates gettext from packages on the DVD into language packs, to
 reduce disk-space on the image.
 This is Ubuntu-Specific.

configure.ac | 13 9 + 4 - 0 !
1 file changed, 9 insertions(+), 4 deletions(-)

 debian: don't autodetect whether semephores are present
 Assume working semaphores, don't rely on running kernel for the check.
 Build machine != Target machine.

Lib/argparse.py | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

 debian: degrade argparse gracefully without gettext
 python3.X-minimal includes argparse but not gettext. Use a fallback noop
 gettext, if it can't be imported.

Lib/ctypes/util.py | 15 13 + 2 - 0 !
1 file changed, 13 insertions(+), 2 deletions(-)

 arch: workaround the presence of hard-float in ldconfig -p output.
 Also, handle the wide variety of ARM unames.

Lib/distutils/sysconfig.py | 3 3 + 0 - 0 !
Lib/sysconfig.py | 6 6 + 0 - 0 !
Makefile.pre.in | 1 1 + 0 - 0 !
3 files changed, 10 insertions(+)

 debian: configure multiarch tuple.
 1. Expose multiarchsubdir in sysconfig.
 2. Return the multiarch include dir in distutils.
 3. Install the .pc file into the multiarch path.

Lib/lib2to3/pgen2/driver.py | 5 4 + 1 - 0 !
Lib/lib2to3/tests/test_parser.py | 82 0 + 82 - 0 !
2 files changed, 4 insertions(+), 83 deletions(-)

 arch: ignore grammer pickle mis-matches in lib2to3.
 Pickle files encode the endian of the arch that built them.  They are
 architecture-independent, but there isn't a canonical endianness, both are
 handled on load.

Lib/distutils/command/build_ext.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 don't link extensions with the shared libpython library
 FIXME: Still needed since 3.8?

Bug-cpython: https://bugs.python.org/issue21536

Tools/scripts/run_tests.py | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 don't run the test suite in random order.

Lib/distutils/command/install.py | 3 3 + 0 - 0 !
Lib/distutils/command/install_lib.py | 4 4 + 0 - 0 !
Lib/distutils/dir_util.py | 13 13 + 0 - 0 !
3 files changed, 20 insertions(+)

 debian: make sure to rename extensions to a tag including the multiarch name
 this patch can be dropped for python3.5 final, if the upstream chage is kept.
 FIXME: so, can we drop it?

Lib/tempfile.py | 143 141 + 2 - 0 !
1 file changed, 141 insertions(+), 2 deletions(-)

 debian: degrade tempfile gracefully without shutil
 python3.X-minimal includes tempfile but not shutil. Use a fallback racy
 rmtree, if shutil can't be imported.

Lib/distutils/tests/test_build_ext.py | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 arch: disable some failing tests we are not interested in

Lib/ensurepip/__init__.py | 33 33 + 0 - 0 !
Lib/venv/__init__.py | 22 20 + 2 - 0 !
2 files changed, 53 insertions(+), 2 deletions(-)

 disable ensurepip for the system installation
 We have a python3-pip package, for users who want pip.
 We just need ensurepip to seed pip in virtual environments.

Lib/distutils/sysconfig.py | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 support gcc < 4.9
 When using GCC versions older than 4.9, automagically mangle
 -fstack-protector-strong to -fstack-protector
 FIXME: Still needed?

Makefile.pre.in | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 build reproduceable date and time into build info
 Build information is encoded into getbuildinfo.o at build time.
 Use the date and time from the debian changelog, to make this reproduceable.

Lib/pydoc.py | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 pydoc: use the pager command if available
 Debian file pagers register the "pager" alternative, so if any pager is
 available, /usr/bin/pager will exist, and point to the best pager available.

Doc/tools/templates/layout.html | 2 1 + 1 - 0 !
Lib/idlelib/help.html | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 debian: reference the local path to the documentation

Doc/Makefile | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add the option to build texinfo-format documentation.

Lib/argparse.py | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 debian: degrade argparse gracefully without shutil
 python3.X-minimal includes argparse but not shutil. Use a fixed terminal
 width, if shutil can't be imported.

Lib/sysconfig.py | 2 1 + 1 - 0 !
Makefile.pre.in | 7 5 + 2 - 0 !
configure.ac | 2 1 + 1 - 0 !
3 files changed, 7 insertions(+), 4 deletions(-)

 don't encode the machdep into the _sysconfigdata file name.
 Unfortunately on KFreeBSD MACHDEP includes the kernel version, so you end up
 with a changing MACHDEP.

Bug-cpython: https://bugs.python.org/issue37561

Include/pythread.h | 2 1 + 1 - 0 !
Python/thread_pthread.h | 12 12 + 0 - 0 !
2 files changed, 13 insertions(+), 1 deletion(-)

 implement the native thread ids for the hurd and kfreebsd

Doc/Makefile | 2 1 + 1 - 0 !
Doc/conf.py | 4 4 + 0 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

 allow building with sphinx >= 3.2
 Additionally: Disable sphinx warnings

Bug-cython: https://bugs.python.org/issue40204

Makefile.pre.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 keep the lib-dynload dir in the same place when configuring with
 --libdir=/usr/bin/$(DEB_HOST_MULTIARCH)
 FIXME: Expand?

Lib/py_compile.py | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix regression byte-compiling filenames from stdin
Bug-upstream: https://bugs.python.org/issue45428

Lib/pathlib.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---

Python/pystate.c | 12 10 + 2 - 0 !
1 file changed, 10 insertions(+), 2 deletions(-)

 [3.11] gh-102126: fix deadlock at shutdown when clearing thread states (gh-102222)
 (cherry picked from commit 5f11478ce7fda826d399530af4c5ca96c592f144)

Misc/NEWS.d/next/Core and Builtins/2023-07-18-16-13-51.gh-issue-106092.bObgRM.rst | 2 2 + 0 - 0 !
Objects/frameobject.c | 13 7 + 6 - 0 !
2 files changed, 9 insertions(+), 6 deletions(-)

 fix use-after-free crash in frame_dealloc
 It was possible for the trashcan to delay the deallocation of a
 PyFrameObject until after its corresponding _PyInterpreterFrame has
 already been freed.  So frame_dealloc needs to avoid dereferencing the
 f_frame pointer unless it first checks that the pointer still points
 to the interpreter frame within the frame object.

Lib/test/test_zipfile.py | 60 60 + 0 - 0 !
Lib/zipfile.py | 12 12 + 0 - 0 !
Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst | 3 3 + 0 - 0 !
3 files changed, 75 insertions(+)

---

Lib/tempfile.py | 27 18 + 9 - 0 !
Lib/test/test_tempfile.py | 117 116 + 1 - 0 !
Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2 2 + 0 - 0 !
3 files changed, 136 insertions(+), 10 deletions(-)

---

Modules/getpath.c | 5 4 + 1 - 0 !
Python/fileutils.c | 6 5 + 1 - 0 !
2 files changed, 9 insertions(+), 2 deletions(-)

 [patch] =?utf-8?q?[3.11]=20gh-102281:=20fix=20potential=20nullptr?=
 =?UTF-8?q?=20dereference=20+=20use=20of=20uninitia=E2=80=A6=20(#103040)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[3.11] gh-102281: Fix potential nullptr dereference + use of uninitialized memory (gh-102282)
(cherry picked from commit afa6092ee4260bacf7bc11905466e4c3f8556cbb)

Include/internal/pycore_fileutils.h | 3 2 + 1 - 0 !
Lib/test/test_genericpath.py | 4 4 + 0 - 0 !
Misc/NEWS.d/next/Library/2023-08-14-23-11-11.gh-issue-106242.71HMym.rst | 1 1 + 0 - 0 !
Modules/posixmodule.c | 4 3 + 1 - 0 !
Python/fileutils.c | 29 21 + 8 - 0 !
5 files changed, 31 insertions(+), 10 deletions(-)

 [patch] [3.11] gh-106242: fix path truncation in os.path.normpath
 (GH-106816) (#107982)

Co-authored-by: Finn Womack <flan313@gmail.com>

Lib/ssl.py | 31 30 + 1 - 0 !
Lib/test/test_ssl.py | 211 211 + 0 - 0 !
Misc/NEWS.d/next/Security/2023-08-22-17-39-12.gh-issue-108310.fVM3sg.rst | 7 7 + 0 - 0 !
3 files changed, 248 insertions(+), 1 deletion(-)

 [patch] [3.11] gh-108310: fix cve-2023-40217: check for & avoid the
 ssl pre-close flaw (#108317)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw

Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>

Lib/ssl.py | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch] [3.11] gh-108342: break ref cycle in sslsocket._create() exc
 (GH-108344) (#108349)

Explicitly break a reference cycle when SSLSocket._create() raises an
exception. Clear the variable storing the exception, since the
exception traceback contains the variables and so creates a reference
cycle.

This test leak was introduced by the test added for the fix of GH-108310.
(cherry picked from commit 64f99350351bc46e016b2286f36ba7cd669b79e3)

Co-authored-by: Victor Stinner <vstinner@python.org>

Lib/test/test_ssl.py | 102 71 + 31 - 0 !
1 file changed, 71 insertions(+), 31 deletions(-)

 [patch] [3.11] gh-108342: make ssl testprehandshakeclose more
 reliable (GH-108370) (#108405)

* In preauth tests of test_ssl, explicitly break reference cycles
  invoving SingleConnectionTestServerThread to make sure that the
  thread is deleted. Otherwise, the test marks the environment as
  altered because the threading module sees a "dangling thread"
  (SingleConnectionTestServerThread). This test leak was introduced
  by the test added for the fix of issue gh-108310.
* Use support.SHORT_TIMEOUT instead of hardcoded 1.0 or 2.0 seconds
  timeout.
* SingleConnectionTestServerThread.run() catchs TimeoutError
* Fix a race condition (missing synchronization) in
  test_preauth_data_to_tls_client(): the server now waits until the
  client connect() completed in call_after_accept().
* test_https_client_non_tls_response_ignored() calls server.join()
  explicitly.
* Replace "localhost" with server.listener.getsockname()[0].
(cherry picked from commit 592bacb6fc0833336c0453e818e9b95016e9fd47)

Co-authored-by: Victor Stinner <vstinner@python.org>

Doc/library/urllib.parse.rst | 46 44 + 2 - 0 !
Lib/test/test_urlparse.py | 61 60 + 1 - 0 !
Lib/urllib/parse.py | 12 12 + 0 - 0 !
Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst | 3 3 + 0 - 0 !
4 files changed, 119 insertions(+), 3 deletions(-)

 [patch] [3.11] gh-102153: start stripping c0 control and space chars
 in `urlsplit` (GH-102508) (#104575)

* gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508)

`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595.

This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329).

Modules/_ssl.c | 65 60 + 5 - 0 !
1 file changed, 60 insertions(+), 5 deletions(-)

 [patch] [3.11] gh-114572: fix locking in cert_store_stats and
 get_ca_certs (GH-114573) (#115549)

gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573)

* gh-114572: Fix locking in cert_store_stats and get_ca_certs

cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with
X509_STORE_get0_objects, but reading the result requires a lock. See
https://github.com/openssl/openssl/pull/23224 for details.

Instead, use X509_STORE_get1_objects, newly added in that PR.
X509_STORE_get1_objects does not exist in current OpenSSLs, but we can
polyfill it with X509_STORE_lock and X509_STORE_unlock.

* Work around const-correctness problem

* Add missing X509_STORE_get1_objects failure check

* Add blurb
(cherry picked from commit bce693111bff906ccf9281c22371331aaff766ab)

Co-authored-by: David Benjamin <davidben@google.com>

Doc/library/ipaddress.rst | 43 39 + 4 - 0 !
Lib/ipaddress.py | 105 83 + 22 - 0 !
Lib/test/test_ipaddress.py | 21 20 + 1 - 0 !
3 files changed, 142 insertions(+), 27 deletions(-)

 [patch] [3.11] gh-113171: gh-65056: fix "private" (non-global) ip
 address ranges (GH-113179) (GH-113186) (GH-118177) (#118227)
 

Lib/test/test_zipfile.py | 17 17 + 0 - 0 !
Lib/zipfile.py | 61 60 + 1 - 0 !
2 files changed, 77 insertions(+), 1 deletion(-)

 [patch] [3.11] gh-122905: sanitize names in zipfile.path. (gh-122906)
 (#122925)

* gh-122905: Sanitize names in zipfile.Path. (#122906)

Ported from zipp 3.19.1; ref jaraco/zipp#119.

(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

* [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906)

Ported from zipp 3.19.1; ref jaraco/zippGH-119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>

Lib/test/test_zipfile.py | 72 66 + 6 - 0 !
Lib/zipfile.py | 69 8 + 61 - 0 !
Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst | 3 3 + 0 - 0 !
3 files changed, 77 insertions(+), 67 deletions(-)

 [patch] [3.11] gh-123270: replaced sanitizednames with a more
 surgical fix. (GH-123354) (#123425)

Applies changes from zipp 3.20.1 and jaraco/zippGH-124
(cherry picked from commit 2231286d78d328c2f575e0b05b16fe447d1656d6)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>

* Restore the slash-prefixed paths in the malformed_paths test.

Lib/tarfile.py | 106 68 + 38 - 0 !
Lib/test/test_tarfile.py | 42 42 + 0 - 0 !
Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst | 2 2 + 0 - 0 !
3 files changed, 112 insertions(+), 38 deletions(-)

 [patch] [3.11] gh-121285: remove backtracking when parsing tarfile
 headers (GH-121286) (#123639)

* Remove backtracking when parsing tarfile headers
* Rewrite PAX header parsing to be stricter
* Optimize parsing of GNU extended sparse headers v0.0

(cherry picked from commit 34ddb64d088dd7ccc321f6103d23153256caa5d4)

Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru>
Co-authored-by: Gregory P. Smith <greg@krypto.org>

Doc/library/email.utils.rst | 19 15 + 4 - 0 !
Lib/email/utils.py | 150 141 + 9 - 0 !
Lib/test/test_email/test_email.py | 204 196 + 8 - 0 !
3 files changed, 352 insertions(+), 21 deletions(-)

 [3.11] [cve-2023-27043] gh-102988: reject malformed addresses in
 email.parseaddr() (GH-111116) (#123767)

Detect email address parsing errors and return empty tuple to
indicate the parsing error (old API). Add an optional 'strict'
parameter to getaddresses() and parseaddr() functions. Patch by
Thomas Dwyer.

(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19)

Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Thomas Dwyer <github@tomd.tel>

Doc/library/email.errors.rst | 5 5 + 0 - 0 !
Doc/library/email.policy.rst | 18 18 + 0 - 0 !
Lib/email/_header_value_parser.py | 12 9 + 3 - 0 !
Lib/email/_policybase.py | 8 8 + 0 - 0 !
Lib/email/errors.py | 4 4 + 0 - 0 !
Lib/email/generator.py | 13 12 + 1 - 0 !
Lib/test/test_email/test_generator.py | 62 62 + 0 - 0 !
Lib/test/test_email/test_policy.py | 26 26 + 0 - 0 !
8 files changed, 144 insertions(+), 4 deletions(-)

 [3.11] gh-121650: encode newlines in headers, and verify headers are
 sound (GH-122233) (#122608)

Per RFC 2047:

> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects

It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.

Verify that email headers are well-formed.

This should fail for custom fold() implementations that aren't careful
about newlines.

(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)

Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Lib/http/cookies.py | 34 8 + 26 - 0 !
Lib/test/test_http_cookies.py | 38 38 + 0 - 0 !
2 files changed, 46 insertions(+), 26 deletions(-)

 [3.11] gh-123067: fix quadratic complexity in parsing "-quoted cookie
 values with backslashes (GH-123075) (#123105)

This fixes CVE-2024-7592.
(cherry picked from commit 44e458357fca05ca0ae2658d62c8c595b048b5ef)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Lib/test/test_venv.py | 83 82 + 1 - 0 !
Lib/venv/__init__.py | 42 37 + 5 - 0 !
Lib/venv/scripts/common/activate | 8 4 + 4 - 0 !
Lib/venv/scripts/posix/activate.csh | 8 4 + 4 - 0 !
Lib/venv/scripts/posix/activate.fish | 8 4 + 4 - 0 !
5 files changed, 131 insertions(+), 18 deletions(-)

 [3.11] gh-124651: quote template strings in `venv` activation scripts
 (GH-124712) (GH-126185) (#126269)

Lib/test/test_urlparse.py | 26 26 + 0 - 0 !
Lib/urllib/parse.py | 16 15 + 1 - 0 !
2 files changed, 41 insertions(+), 1 deletion(-)

 [3.11] gh-103848: adds checks to ensure that bracketed hosts found by
 urlsplit are of IPv6 or IPvFuture format (GH-103849) (#104349)

gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (GH-103849)

* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format