| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Python 3.8.10 final
Security
bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.
bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
Core and Builtins
bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations.
bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string).
Library
bpo-43993: Update bundled pip to 21.1.1.
bpo-43937: Fixed the turtle module working with non-default root window.
bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate.
bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.
bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module’s _syscmd_ver private function to return an accurate version.
bpo-42248: [Enum] ensure exceptions raised in _missing__ are released
bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)
bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second time when first call has signaled an error condition.
bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL’s text file with error codes.
bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window.
bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window.
bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL.
bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError.
bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error.
bpo-34463: Fixed discrepancy between traceback and the interpreter in formatting of SyntaxError with lineno not set (traceback was changed to match interpreter).
bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin.
bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.
bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.
bpo-28577: The hosts method on 32-bit prefix length IPv4Networks and 128-bit prefix IPv6Networks now returns a list containing the single Address instead of an empty list.
bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz.
Documentation
bpo-43959: The documentation on the PyContextVar C-API was clarified.
bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError.
bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type.
Tests
bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner.
bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing.
bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.
Windows
bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an invalid filename.
bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing slash, rather than falling back to the parent directory’s metadata. This implicitly affected os.path.exists() and os.path.isdir().
bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and socket.gethostbyname_ex().
bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases were mislabelled and actually included 1.1.1i again.
bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.
macOS
bpo-44009: Provide “python3.x-intel64” executable to allow reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs. This can be useful for testing or when universal2 wheels are not yet available.
bpo-41100: As of 3.8.10, Python now supports building and running on macOS 11 (Big Sur) and on Apple Silicon Macs (based on the ARM64 architecture). A new universal build variant, universal2, is also available to natively support both ARM64 and Intel 64 in one set of executables. This backport from Python 3.9 does not include support for “weaklinking”; to support a range of macOS versions, continue to target for and build on the oldest version in the range; for 3.8.x, the universal2 variant is only useful on macOS 11 or later.
bpo-43492: Update macOS installer to use SQLite 3.35.4.
IDLE
bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window.
C API
bpo-43962: _PyInterpreterState_IDIncref() now calls _PyInterpreterState_IDInitref() and always increments id_refcount. Previously, calling _xxsubinterpreters.get_current() could create an id_refcount inconsistency when a _xxsubinterpreters.InterpreterID object was deallocated. Patch by Victor Stinner.
|
|
I happen to have include/gts.h installed, which includes an accented
ISO-8859-1 character in its copyright message. This trips up the configuration
of Python in pkgsrc.
Ignore files with invalid unicode characters.
Also regenerate one other patch. No revision bump since the result is the same.
|
|
(Apple Silicon being their aarch64 platform.)
This is backport of the same in lang/python39. Only minor changes were
needed.
Patches consist of:
- Upstream work: https://github.com/python/cpython/pull/22855
- Fix for setup.py to find libbz2.tbd and libz.tbd now that with the
shared library cache there's nothing in /usr/lib.
See: https://bugs.python.org/issue41116
- Addition of __arch64__ case to fix _decimal module. A very similar fix
has since been committed upstream.
|
|
Python 3.8.4 final
Security
bpo-41162: Audit hooks are now cleared later during finalization to avoid missing events.
bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).
Core and Builtins
bpo-41247: Always cache the running loop holder when running asyncio.set_running_loop.
bpo-41252: Fix incorrect refcounting in _ssl.c’s _servername_callback().
bpo-41218: Python 3.8.3 had a regression where compiling with ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would aggressively mark list comprehension with CO_COROUTINE. Now only list comprehension making use of async/await will tagged as so.
bpo-41175: Guard against a NULL pointer dereference within bytearrayobject triggered by the bytearray() + bytearray() operation.
bpo-39960: The “hackcheck” that prevents sneaking around a type’s __setattr__() by calling the superclass method was rewritten to allow C implemented heap types.
Library
bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().
bpo-41193: The write_history() atexit function of the readline completer now ignores any OSError to ignore error if the filesystem is read-only, instead of only ignoring FileNotFoundError and PermissionError.
bpo-41043: Fixed the use of glob() in the stdlib: literal part of the path is now always correctly escaped.
bpo-39384: Fixed email.contentmanager to allow set_content() to set a null string.
IDLE
bpo-37765: Add keywords to module name completion list. Rewrite Completions section of IDLE doc.
bpo-41152: The encoding of stdin, stdout and stderr in IDLE is now always UTF-8.
Python 3.8.4 release candidate 1
Security
bpo-41004: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
Core and Builtins
bpo-41094: Fix decoding errors with audit when open files with non-ASCII names on non-UTF-8 locale.
bpo-41056: Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c. (discovered via Coverity)
bpo-35975: Stefan Behnel reported that cf_feature_version is used even when PyCF_ONLY_AST is not set. This is against the intention and against the documented behavior, so it’s been fixed.
bpo-40957: Fix refleak in _Py_fopen_obj() when PySys_Audit() fails
bpo-40870: Raise ValueError when validating custom AST’s where the constants True, False and None are used within a ast.Name node.
bpo-40826: Fix GIL usage in PyOS_Readline(): lock the GIL to set an exception and pass the Python thread state when checking if there is a pending signal.
bpo-40824: Unexpected errors in calling the __iter__ method are no longer masked by TypeError in the in operator and functions contains(), indexOf() and countOf() of the operator module.
bpo-40663: Correctly generate annotations where parentheses are omitted but required (e.g: Type[(str, int, *other))].
Library
bpo-41138: Fixed the trace module CLI for Python source files with non-UTF-8 encoding.
bpo-31938: Fix default-value signatures of several functions in the select module - by Anthony Sottile.
bpo-41068: Fixed reading files with non-ASCII names from ZIP archive directly after writing them.
bpo-41058: pdb.find_function() now correctly determines the source file encoding.
bpo-41056: Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)
bpo-41048: mimetypes.read_mime_types() function reads the rule file using UTF-8 encoding, not the locale encoding. Patch by Srinivas Reddy Thatiparthy.
bpo-40448: ensurepip now disables the use of pip cache when installing the bundled versions of pip and setuptools. Patch by Krzysztof Konopko.
bpo-40855: The standard deviation and variance functions in the statistics module were ignoring their mu and xbar arguments.
bpo-40807: Stop codeop._maybe_compile, used by code.InteractiveInterpreter (and IDLE). from from emitting each warning three times.
bpo-40834: Fix truncate when sending str object with_xxsubinterpreters.channel_send.
bpo-38488: Update ensurepip to install pip 20.1.1 and setuptools 47.1.0.
bpo-40767: webbrowser now properly finds the default browser in pure Wayland systems by checking the WAYLAND_DISPLAY environment variable. Patch contributed by Jérémy Attali.
bpo-40795: ctypes module: If ctypes fails to convert the result of a callback or if a ctypes callback function raises an exception, sys.unraisablehook is now called with an exception set. Previously, the error was logged into stderr by PyErr_Print().
bpo-30008: Fix ssl code to be compatible with OpenSSL 1.1.x builds that use no-deprecated and --api=1.1.0.
bpo-40614: ast.parse() will not parse self documenting expressions in f-strings when passed feature_version is less than (3, 8).
bpo-40626: Add h5 file extension as MIME Type application/x-hdf5, as per HDF Group recommendation for HDF5 formatted data files. Patch contributed by Mark Schwab.
bpo-25872: linecache could crash with a KeyError when accessed from multiple threads. Fix by Michael Graczyk.
bpo-40597: If text content lines are longer than policy.max_line_length, always use a content-encoding to make sure they are wrapped.
bpo-40515: The ssl and hashlib modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds.
bpo-13097: ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments.
bpo-40457: The ssl module now support OpenSSL builds without TLS 1.0 and 1.1 methods.
bpo-39830: Add zipfile.Path to __all__ in the zipfile module.
bpo-40025: Raise TypeError when _generate_next_value_ is defined after members. Patch by Ethan Onstott.
bpo-39244: Fixed multiprocessing.context.get_all_start_methods to properly return the default method first on macOS.
bpo-39040: Fix parsing of invalid mime headers parameters by collapsing whitespace between encoded words in a bare-quote-string.
bpo-35714: struct.error is now raised if there is a null character in a struct format string.
bpo-36290: AST nodes are now raising TypeError on conflicting keyword arguments. Patch contributed by Rémi Lapeyre.
bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a module’s __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.
bpo-34226: Fix cgi.parse_multipart without content_length. Patch by Roger Duran
Tests
bpo-41085: Fix integer overflow in the array.array.index() method on 64-bit Windows for index larger than 2**31.
bpo-38377: On Linux, skip tests using multiprocessing if the current user cannot create a file in /dev/shm/ directory. Add the skip_if_broken_multiprocessing_synchronize() function to the test.support module.
bpo-41009: Fix use of support.require_{linux|mac|freebsd}_version() decorators as class decorator.
bpo-41003: Fix test_copyreg when numpy is installed: test.pickletester now saves/restores warnings filters when importing numpy, to ignore filters installed by numpy.
bpo-40964: Disable remote imaplib tests, host cyrus.andrew.cmu.edu is blocking incoming connections.
bpo-40055: distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter.
bpo-34401: Make test_gdb properly run on HP-UX. Patch by Michael Osipov.
Build
bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile.
bpo-40653: Move _dirnameW out of HAVE_SYMLINK to fix a potential compiling issue.
Windows
bpo-41074: Fixed support of non-ASCII names in functions msilib.OpenDatabase() and msilib.init_database() and non-ASCII SQL in method msilib.Database.OpenView().
bpo-40164: Updates Windows OpenSSL to 1.1.1g
bpo-39631: Changes the registered MIME type for .py files on Windows to text/x-python instead of text/plain.
bpo-40677: Manually define IO_REPARSE_TAG_APPEXECLINK in case some old Windows SDK doesn’t have it.
bpo-40650: Include winsock2.h in pytime.c for timeval.
bpo-39148: Add IPv6 support to asyncio datagram endpoints in ProactorEventLoop. Change the raised exception for unknown address families to ValueError as it’s not coming from Windows API.
macOS
bpo-39580: Avoid opening Finder window if running installer from the command line. Patch contributed by Rick Heil.
bpo-41100: Fix configure error when building on macOS 11. Note that the current Python release was released shortly after the first developer preview of macOS 11 (Big Sur); there are other known issues with building and running on the developer preview. Big Sur is expected to be fully supported in a future bugfix release of Python 3.8.x and with 3.9.0.
bpo-41005: fixed an XDG settings issue not allowing macos to open browser in webbrowser.py
bpo-40741: Update macOS installer to use SQLite 3.32.2.
IDLE
bpo-41144: Make Open Module open a special module such as os.path.
bpo-39885: Make context menu Cut and Copy work again when right-clicking within a selection.
bpo-40723: Make test_idle pass when run after import.
Tools/Demos
bpo-40479: Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0-alpha.
bpo-40163: Fix multissltest tool. OpenSSL has changed download URL for old releases. The multissltest tool now tries to download from current and old download URLs.
|
|
|
|
Major new features of the 3.8 series, compared to 3.7
PEP 572, Assignment expressions
PEP 570, Positional-only arguments
PEP 587, Python Initialization Configuration (improved embedding)
PEP 590, Vectorcall: a fast calling protocol for CPython
PEP 578, Runtime audit hooks
PEP 574, Pickle protocol 5 with out-of-band data
Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal types), and PEP 589 (TypedDict)
Parallel filesystem cache for compiled bytecode
Debug builds share ABI as release builds
f-strings support a handy = specifier for debugging
continue is now legal in finally: blocks
on Windows, the default asyncio event loop is now ProactorEventLoop
on macOS, the spawn start method is now used by default in multiprocessing
multiprocessing can now use shared memory segments to avoid pickling costs between processes
typed_ast is merged back to CPython
LOAD_GLOBAL is now 40% faster
pickle now uses Protocol 4 by default, improving performance
|
