diff --git a/Lib/test/test_sqlite3/test_hooks.py b/Lib/test/test_sqlite3/test_hooks.py
index 495ef97fa3c61c..7e5117771b379f 100644
--- a/Lib/test/test_sqlite3/test_hooks.py
+++ b/Lib/test/test_sqlite3/test_hooks.py
@@ -120,6 +120,21 @@ def test_collation_register_twice(self):
self.assertEqual(result[0][0], 'b')
self.assertEqual(result[1][0], 'a')
+ def test_collation_register_when_busy(self):
+ # See https://github.com/python/cpython/issues/146090.
+ con = self.con
+ con.create_collation("mycoll", lambda x, y: (x > y) - (x < y))
+ con.execute("CREATE TABLE t(x TEXT)")
+ con.execute("INSERT INTO t VALUES (?)", ("a",))
+ con.execute("INSERT INTO t VALUES (?)", ("b",))
+ con.commit()
+
+ cursor = self.con.execute("SELECT x FROM t ORDER BY x COLLATE mycoll")
+ next(cursor)
+ # Replace the collation while the statement is active -> SQLITE_BUSY.
+ with self.assertRaises(sqlite.OperationalError) as cm:
+ self.con.create_collation("mycoll", lambda a, b: 0)
+
def test_deregister_collation(self):
"""
Register a collation, then deregister it. Make sure an error is raised if we try
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 61355927296474..cd90e332443800 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1,5 +1,6 @@
# Test the support for SSL and sockets
+import contextlib
import sys
import unittest
import unittest.mock
@@ -47,12 +48,13 @@
PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
HOST = socket_helper.HOST
+IS_AWS_LC = "AWS-LC" in ssl.OPENSSL_VERSION
IS_OPENSSL_3_0_0 = ssl.OPENSSL_VERSION_INFO >= (3, 0, 0)
CAN_GET_SELECTED_OPENSSL_GROUP = ssl.OPENSSL_VERSION_INFO >= (3, 2)
CAN_IGNORE_UNKNOWN_OPENSSL_GROUPS = ssl.OPENSSL_VERSION_INFO >= (3, 3)
CAN_GET_AVAILABLE_OPENSSL_GROUPS = ssl.OPENSSL_VERSION_INFO >= (3, 5)
CAN_GET_AVAILABLE_OPENSSL_SIGALGS = ssl.OPENSSL_VERSION_INFO >= (3, 4)
-CAN_SET_CLIENT_SIGALGS = "AWS-LC" not in ssl.OPENSSL_VERSION
+CAN_SET_CLIENT_SIGALGS = not IS_AWS_LC
CAN_IGNORE_UNKNOWN_OPENSSL_SIGALGS = ssl.OPENSSL_VERSION_INFO >= (3, 3)
CAN_GET_SELECTED_OPENSSL_SIGALG = ssl.OPENSSL_VERSION_INFO >= (3, 5)
PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS')
@@ -383,6 +385,20 @@ def testing_context(server_cert=SIGNED_CERTFILE, *, server_chain=True,
return client_context, server_context, hostname
+def do_ssl_object_handshake(sslobject, outgoing, max_retry=25):
+ """Call do_handshake() on the sslobject and return the sent data.
+
+ If do_handshake() fails more than *max_retry* times, return None.
+ """
+ data, attempt = None, 0
+ while not data and attempt < max_retry:
+ with contextlib.suppress(ssl.SSLWantReadError):
+ sslobject.do_handshake()
+ data = outgoing.read()
+ attempt += 1
+ return data
+
+
class BasicSocketTests(unittest.TestCase):
def test_constants(self):
@@ -1535,6 +1551,49 @@ def dummycallback(sock, servername, ctx):
ctx.set_servername_callback(None)
ctx.set_servername_callback(dummycallback)
+ def test_sni_callback_on_dead_references(self):
+ # See https://github.com/python/cpython/issues/146080.
+ c_ctx = make_test_context()
+ c_inc, c_out = ssl.MemoryBIO(), ssl.MemoryBIO()
+ client = c_ctx.wrap_bio(c_inc, c_out, server_hostname=SIGNED_CERTFILE_HOSTNAME)
+
+ def sni_callback(sock, servername, ctx): pass
+ sni_callback = unittest.mock.Mock(wraps=sni_callback)
+ s_ctx = make_test_context(server_side=True, certfile=SIGNED_CERTFILE)
+ s_ctx.set_servername_callback(sni_callback)
+
+ s_inc, s_out = ssl.MemoryBIO(), ssl.MemoryBIO()
+ server = s_ctx.wrap_bio(s_inc, s_out, server_side=True)
+ server_impl = server._sslobj
+
+ # Perform the handshake on the client side first.
+ data = do_ssl_object_handshake(client, c_out)
+ sni_callback.assert_not_called()
+ if data is None:
+ self.skipTest("cannot establish a handshake from the client")
+ s_inc.write(data)
+ sni_callback.assert_not_called()
+ # Delete the server object before it starts doing its handshake
+ # and ensure that we did not call the SNI callback yet.
+ del server
+ gc.collect()
+ # Try to continue the server's handshake by directly using
+ # the internal SSL object. The latter is a weak reference
+ # stored in the server context and has now a dead owner.
+ with self.assertRaises(ssl.SSLError) as cm:
+ server_impl.do_handshake()
+ # The SNI C callback raised an exception before calling our callback.
+ sni_callback.assert_not_called()
+
+ # In AWS-LC, any handshake failures reports SSL_R_PARSE_TLSEXT,
+ # while OpenSSL uses SSL_R_CALLBACK_FAILED on SNI callback failures.
+ if IS_AWS_LC:
+ libssl_error_reason = "PARSE_TLSEXT"
+ else:
+ libssl_error_reason = "callback failed"
+ self.assertIn(libssl_error_reason, str(cm.exception))
+ self.assertEqual(cm.exception.errno, ssl.SSL_ERROR_SSL)
+
def test_sni_callback_refcycle(self):
# Reference cycles through the servername callback are detected
# and cleared.
diff --git a/Misc/NEWS.d/next/Library/2026-03-17-20-52-24.gh-issue-146083.NxZa_c.rst b/Misc/NEWS.d/next/Library/2026-03-17-20-52-24.gh-issue-146083.NxZa_c.rst
new file mode 100644
index 00000000000000..6805a40a03e734
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-03-17-20-52-24.gh-issue-146083.NxZa_c.rst
@@ -0,0 +1 @@
+Update bundled `libexpat `_ to version 2.7.5.
diff --git a/Misc/NEWS.d/next/Library/2026-03-28-12-01-48.gh-issue-146090.wh1qJR.rst b/Misc/NEWS.d/next/Library/2026-03-28-12-01-48.gh-issue-146090.wh1qJR.rst
new file mode 100644
index 00000000000000..a6d60d2c929304
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-03-28-12-01-48.gh-issue-146090.wh1qJR.rst
@@ -0,0 +1,2 @@
+:mod:`sqlite3`: properly raise :exc:`MemoryError` instead of :exc:`SystemError`
+when a context callback fails to be allocated. Patch by Bénédikt Tran.
diff --git a/Misc/NEWS.d/next/Library/2026-03-28-12-05-34.gh-issue-146090.wf9_ef.rst b/Misc/NEWS.d/next/Library/2026-03-28-12-05-34.gh-issue-146090.wf9_ef.rst
new file mode 100644
index 00000000000000..5b835b0271a604
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-03-28-12-05-34.gh-issue-146090.wf9_ef.rst
@@ -0,0 +1,3 @@
+:mod:`sqlite3`: fix a crash when :meth:`sqlite3.Connection.create_collation`
+fails with `SQLITE_BUSY `__. Patch by
+Bénédikt Tran.
diff --git a/Misc/NEWS.d/next/Library/2026-03-28-13-19-20.gh-issue-146080.srN12a.rst b/Misc/NEWS.d/next/Library/2026-03-28-13-19-20.gh-issue-146080.srN12a.rst
new file mode 100644
index 00000000000000..c80e8e05d480e5
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-03-28-13-19-20.gh-issue-146080.srN12a.rst
@@ -0,0 +1,2 @@
+:mod:`ssl`: fix a crash when an SNI callback tries to use an SSL object that
+has already been garbage-collected. Patch by Bénédikt Tran.
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
index c79bbd2878271e..ed9c08016808bb 100644
--- a/Misc/sbom.spdx.json
+++ b/Misc/sbom.spdx.json
@@ -48,11 +48,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "9bd33bd279c0d7ea37b0f2d7e07c7c53b7053507"
+ "checksumValue": "9dfd09a3be37618cbcea380c2374b2b8f0288f57"
},
{
"algorithm": "SHA256",
- "checksumValue": "d20997001462356b5ce3810ebf5256c8205f58462c64f21eb9bf80f8d1822b08"
+ "checksumValue": "26805a0d1a7a6a5cd8ead9cf7f4da29f63f0547a9ad41e80dba4ed9fe1943140"
}
],
"fileName": "Modules/expat/expat.h"
@@ -62,11 +62,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "e658ee5d638ab326109282ff09f1541e27fff8c2"
+ "checksumValue": "da0328279276800cc747ea7da23886a3f402ccb3"
},
{
"algorithm": "SHA256",
- "checksumValue": "dbe0582b8f8a8140aca97009e8760105ceed9e7df01ea9d8b3fe47cebf2e5b2d"
+ "checksumValue": "15a80e414e9e7c43edba64b1608a77c724387070138693f9e9bcca49c78a2df7"
}
],
"fileName": "Modules/expat/expat_external.h"
@@ -174,11 +174,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "7d3d7d72aa56c53fb5b9e10c0e74e161381f0255"
+ "checksumValue": "0c74fbd48dd515c58eeb65b7e71b29da94be4694"
},
{
"algorithm": "SHA256",
- "checksumValue": "f4f87aa0268d92f2b8f5e663788bfadd2e926477d0b061ed4463c02ad29a3e25"
+ "checksumValue": "861e7a50ce81f9f16b42d32a9caa4f817d962b274b2929b579511c6f76d348d4"
}
],
"fileName": "Modules/expat/xmlparse.c"
@@ -188,11 +188,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "c8769fcb93f00272a6e6ca560be633649c817ff7"
+ "checksumValue": "7cff4d7210f046144f5fa635113f9c26f30fe3d3"
},
{
"algorithm": "SHA256",
- "checksumValue": "5b81f0eb0e144b611dbd1bc9e6037075a16bff94f823d57a81eb2a3e4999e91a"
+ "checksumValue": "eaa6c327f9db4a5cec768d0c01927fea212d3ef4d4f970ebc0a98b9f3602784c"
}
],
"fileName": "Modules/expat/xmlrole.c"
@@ -216,11 +216,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "63e4766a09e63760c6518670509198f8d638f4ad"
+ "checksumValue": "48b7aa6503302d4157c61a8763629f3236c23502"
},
{
"algorithm": "SHA256",
- "checksumValue": "0ad3f915f2748dc91bf4e4b4a50cf40bf2c95769d0eca7e3b293a230d82bb779"
+ "checksumValue": "75da65603e99837fd3116f1453372efd556f9f97d8de73364594dd78b3c8ec54"
}
],
"fileName": "Modules/expat/xmltok.c"
@@ -272,11 +272,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "41b8c8fc275882c76d4210b7d40a18e506b07147"
+ "checksumValue": "705842f8a09b09cc021d82a71ab03344bfd07b0a"
},
{
"algorithm": "SHA256",
- "checksumValue": "b2188c7e5fa5b33e355cf6cf342dfb8f6e23859f2a6b1ddf79841d7f84f7b196"
+ "checksumValue": "f95a2b4b7efda40f5faf366537cb20a57dddbad9655859d2e304f5e75f6907cc"
}
],
"fileName": "Modules/expat/xmltok_ns.c"
@@ -1730,14 +1730,14 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue": "461ecc8aa98ab1a68c2db788175665d1a4db640dc05bf0e289b6ea17122144ec"
+ "checksumValue": "9931f9860d18e6cf72d183eb8f309bfb96196c00e1d40caa978e95bc9aa978b6"
}
],
- "downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_7_4/expat-2.7.4.tar.gz",
+ "downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_7_5/expat-2.7.5.tar.gz",
"externalRefs": [
{
"referenceCategory": "SECURITY",
- "referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.7.4:*:*:*:*:*:*:*",
+ "referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.7.5:*:*:*:*:*:*:*",
"referenceType": "cpe23Type"
}
],
@@ -1745,7 +1745,7 @@
"name": "expat",
"originator": "Organization: Expat development team",
"primaryPackagePurpose": "SOURCE",
- "versionInfo": "2.7.4"
+ "versionInfo": "2.7.5"
},
{
"SPDXID": "SPDXRef-PACKAGE-hacl-star",
diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index af63271b9fd971..bd44ff31b87c67 100644
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1059,13 +1059,16 @@ static callback_context *
create_callback_context(PyTypeObject *cls, PyObject *callable)
{
callback_context *ctx = PyMem_Malloc(sizeof(callback_context));
- if (ctx != NULL) {
- PyObject *module = PyType_GetModule(cls);
- ctx->refcount = 1;
- ctx->callable = Py_NewRef(callable);
- ctx->module = Py_NewRef(module);
- ctx->state = pysqlite_get_state(module);
+ if (ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
}
+
+ PyObject *module = PyType_GetModule(cls);
+ ctx->refcount = 1;
+ ctx->callable = Py_NewRef(callable);
+ ctx->module = Py_NewRef(module);
+ ctx->state = pysqlite_get_state(module);
return ctx;
}
@@ -2198,7 +2201,7 @@ pysqlite_connection_create_collation_impl(pysqlite_Connection *self,
* the context before returning.
*/
if (callable != Py_None) {
- free_callback_context(ctx);
+ decref_callback_context(ctx);
}
set_error_from_db(self->state, self->db);
return NULL;
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 6f75af861135d6..d42a4e7f7078e6 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -5205,7 +5205,7 @@ _servername_callback(SSL *s, int *al, void *args)
return ret;
error:
- Py_DECREF(ssl_socket);
+ Py_XDECREF(ssl_socket);
*al = SSL_AD_INTERNAL_ERROR;
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
PyGILState_Release(gstate);
diff --git a/Modules/expat/expat.h b/Modules/expat/expat.h
index 6c7c4186927725..18dbaebde293bc 100644
--- a/Modules/expat/expat.h
+++ b/Modules/expat/expat.h
@@ -1082,7 +1082,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
*/
# define XML_MAJOR_VERSION 2
# define XML_MINOR_VERSION 7
-# define XML_MICRO_VERSION 4
+# define XML_MICRO_VERSION 5
# ifdef __cplusplus
}
diff --git a/Modules/expat/expat_external.h b/Modules/expat/expat_external.h
index 6f3f3c48ce9cff..cf4d445e68b00c 100644
--- a/Modules/expat/expat_external.h
+++ b/Modules/expat/expat_external.h
@@ -12,7 +12,7 @@
Copyright (c) 2001-2002 Greg Stein
Copyright (c) 2002-2006 Karl Waclawek
Copyright (c) 2016 Cristian Rodríguez
- Copyright (c) 2016-2025 Sebastian Pipping
+ Copyright (c) 2016-2026 Sebastian Pipping
Copyright (c) 2017 Rhodri James
Copyright (c) 2018 Yury Gribov
Licensed under the MIT license:
diff --git a/Modules/expat/refresh.sh b/Modules/expat/refresh.sh
index 0e0bc0652c5539..779929fc6ed33c 100755
--- a/Modules/expat/refresh.sh
+++ b/Modules/expat/refresh.sh
@@ -12,9 +12,9 @@ fi
# Update this when updating to a new version after verifying that the changes
# the update brings in are good. These values are used for verifying the SBOM, too.
-expected_libexpat_tag="R_2_7_4"
-expected_libexpat_version="2.7.4"
-expected_libexpat_sha256="461ecc8aa98ab1a68c2db788175665d1a4db640dc05bf0e289b6ea17122144ec"
+expected_libexpat_tag="R_2_7_5"
+expected_libexpat_version="2.7.5"
+expected_libexpat_sha256="9931f9860d18e6cf72d183eb8f309bfb96196c00e1d40caa978e95bc9aa978b6"
expat_dir="$(realpath "$(dirname -- "${BASH_SOURCE[0]}")")"
cd ${expat_dir}
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index 086fca59112ee1..0248b6651ffbff 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -1,4 +1,4 @@
-/* fab937ab8b186d7d296013669c332e6dfce2f99567882cff1f8eb24223c524a7 (2.7.4+)
+/* 93c1caa66e2b0310459482516af05505b57c5cb7b96df777105308fc585c85d1 (2.7.5+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -590,6 +590,8 @@ static XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc,
static XML_Bool FASTCALL poolGrow(STRING_POOL *pool);
static const XML_Char *FASTCALL poolCopyString(STRING_POOL *pool,
const XML_Char *s);
+static const XML_Char *FASTCALL poolCopyStringNoFinish(STRING_POOL *pool,
+ const XML_Char *s);
static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s,
int n);
static const XML_Char *FASTCALL poolAppendString(STRING_POOL *pool,
@@ -5086,7 +5088,7 @@ entityValueInitProcessor(XML_Parser parser, const char *s, const char *end,
}
/* If we get this token, we have the start of what might be a
normal tag, but not a declaration (i.e. it doesn't begin with
- "= entityTextEnd) {
+ result = XML_ERROR_NONE;
+ goto endEntityValue;
+ }
+
for (;;) {
next
= entityTextPtr; /* XmlEntityValueTok doesn't always set the last arg */
@@ -7439,16 +7457,24 @@ setContext(XML_Parser parser, const XML_Char *context) {
else {
if (! poolAppendChar(&parser->m_tempPool, XML_T('\0')))
return XML_FALSE;
- prefix
- = (PREFIX *)lookup(parser, &dtd->prefixes,
- poolStart(&parser->m_tempPool), sizeof(PREFIX));
- if (! prefix)
+ const XML_Char *const prefixName = poolCopyStringNoFinish(
+ &dtd->pool, poolStart(&parser->m_tempPool));
+ if (! prefixName) {
return XML_FALSE;
- if (prefix->name == poolStart(&parser->m_tempPool)) {
- prefix->name = poolCopyString(&dtd->pool, prefix->name);
- if (! prefix->name)
- return XML_FALSE;
}
+
+ prefix = (PREFIX *)lookup(parser, &dtd->prefixes, prefixName,
+ sizeof(PREFIX));
+
+ const bool prefixNameUsed = prefix && prefix->name == prefixName;
+ if (prefixNameUsed)
+ poolFinish(&dtd->pool);
+ else
+ poolDiscard(&dtd->pool);
+
+ if (! prefix)
+ return XML_FALSE;
+
poolDiscard(&parser->m_tempPool);
}
for (context = s + 1; *context != CONTEXT_SEP && *context != XML_T('\0');
@@ -8036,6 +8062,23 @@ poolCopyString(STRING_POOL *pool, const XML_Char *s) {
return s;
}
+// A version of `poolCopyString` that does not call `poolFinish`
+// and reverts any partial advancement upon failure.
+static const XML_Char *FASTCALL
+poolCopyStringNoFinish(STRING_POOL *pool, const XML_Char *s) {
+ const XML_Char *const original = s;
+ do {
+ if (! poolAppendChar(pool, *s)) {
+ // Revert any previously successful advancement
+ const ptrdiff_t advancedBy = s - original;
+ if (advancedBy > 0)
+ pool->ptr -= advancedBy;
+ return NULL;
+ }
+ } while (*s++);
+ return pool->start;
+}
+
static const XML_Char *
poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n) {
if (! pool->ptr && ! poolGrow(pool)) {
diff --git a/Modules/expat/xmlrole.c b/Modules/expat/xmlrole.c
index d56bee82dd2d13..b1dfb456e5df87 100644
--- a/Modules/expat/xmlrole.c
+++ b/Modules/expat/xmlrole.c
@@ -12,7 +12,7 @@
Copyright (c) 2002-2006 Karl Waclawek
Copyright (c) 2002-2003 Fred L. Drake, Jr.
Copyright (c) 2005-2009 Steven Solie
- Copyright (c) 2016-2023 Sebastian Pipping
+ Copyright (c) 2016-2026 Sebastian Pipping
Copyright (c) 2017 Rhodri James
Copyright (c) 2019 David Loffredo
Copyright (c) 2021 Donghee Na
diff --git a/Modules/expat/xmltok.c b/Modules/expat/xmltok.c
index 32cd5f147e9322..f6e5f742c928c8 100644
--- a/Modules/expat/xmltok.c
+++ b/Modules/expat/xmltok.c
@@ -12,7 +12,7 @@
Copyright (c) 2002 Greg Stein
Copyright (c) 2002-2016 Karl Waclawek
Copyright (c) 2005-2009 Steven Solie
- Copyright (c) 2016-2024 Sebastian Pipping
+ Copyright (c) 2016-2026 Sebastian Pipping
Copyright (c) 2016 Pascal Cuoq
Copyright (c) 2016 Don Lewis
Copyright (c) 2017 Rhodri James
diff --git a/Modules/expat/xmltok_ns.c b/Modules/expat/xmltok_ns.c
index 810ca2c6d0485e..1cd60de1e4fe51 100644
--- a/Modules/expat/xmltok_ns.c
+++ b/Modules/expat/xmltok_ns.c
@@ -11,7 +11,7 @@
Copyright (c) 2002 Greg Stein
Copyright (c) 2002 Fred L. Drake, Jr.
Copyright (c) 2002-2006 Karl Waclawek
- Copyright (c) 2017-2021 Sebastian Pipping
+ Copyright (c) 2017-2026 Sebastian Pipping
Copyright (c) 2025 Alfonso Gregory
Licensed under the MIT license: