• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.. bpo: 40121
2.. date: 2020-03-30-23-16-25
3.. nonce: p2LIio
4.. release date: 2020-04-29
5.. section: Security
6
7Fixes audit events raised on creating a new socket.
8
9..
10
11.. bpo: 38576
12.. date: 2020-03-14-14-57-44
13.. nonce: OowwQn
14.. section: Security
15
16Disallow control characters in hostnames in http.client, addressing
17CVE-2019-18348. Such potentially malicious header injection URLs now cause a
18InvalidURL to be raised.
19
20..
21
22.. bpo: 39503
23.. date: 2020-01-30-16-15-29
24.. nonce: B299Yq
25.. section: Security
26
27CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class
28of the :mod:`urllib.request` module uses an inefficient regular expression
29which can be exploited by an attacker to cause a denial of service. Fix the
30regex to prevent the catastrophic backtracking. Vulnerability reported by
31Ben Caller and Matt Schwager.
32
33..
34
35.. bpo: 20526
36.. date: 2020-03-23-18-08-34
37.. nonce: NHNZIv
38.. section: Core and Builtins
39
40Fix :c:func:`PyThreadState_Clear()`. ``PyThreadState.frame`` is a borrowed
41reference, not a strong reference: ``PyThreadState_Clear()`` must not call
42``Py_CLEAR(tstate->frame)``.
43
44..
45
46.. bpo: 39965
47.. date: 2020-03-15-03-52-01
48.. nonce: Od3ZdP
49.. section: Core and Builtins
50
51Correctly raise ``SyntaxError`` if *await* is used inside non-async
52functions and ``PyCF_ALLOW_TOP_LEVEL_AWAIT`` is set (like in the asyncio
53REPL). Patch by Pablo Galindo.
54
55..
56
57.. bpo: 39562
58.. date: 2020-03-12-22-13-50
59.. nonce: E2u273
60.. section: Core and Builtins
61
62Allow executing asynchronous comprehensions on the top level when the
63``PyCF_ALLOW_TOP_LEVEL_AWAIT`` flag is given. Patch by Batuhan Taskaya.
64
65..
66
67.. bpo: 38894
68.. date: 2020-03-06-21-04-39
69.. nonce: nfcGKv
70.. section: Core and Builtins
71
72Fix a bug that was causing incomplete results when calling
73``pathlib.Path.glob`` in the presence of symlinks that point to files where
74the user does not have read access. Patch by Pablo Galindo and Matt
75Wozniski.
76
77..
78
79.. bpo: 39871
80.. date: 2020-03-06-06-12-37
81.. nonce: dCAj_2
82.. section: Core and Builtins
83
84Fix a possible :exc:`SystemError` in ``math.{atan2,copysign,remainder}()``
85when the first argument cannot be converted to a :class:`float`. Patch by
86Zachary Spytz.
87
88..
89
90.. bpo: 39776
91.. date: 2020-03-02-20-12-33
92.. nonce: fNaxi_
93.. section: Core and Builtins
94
95Fix race condition where threads created by PyGILState_Ensure() could get a
96duplicate id.
97
98This affects consumers of tstate->id like the contextvar caching machinery,
99which could return invalid cached objects under heavy thread load (observed
100in embedded scenarios).
101
102..
103
104.. bpo: 39778
105.. date: 2020-03-02-19-21-21
106.. nonce: _YGLEc
107.. section: Core and Builtins
108
109Fixed a crash due to incorrect handling of weak references in
110``collections.OrderedDict`` classes. Patch by Pablo Galindo.
111
112..
113
114.. bpo: 39520
115.. date: 2020-02-02-00-12-07
116.. nonce: uicBq6
117.. section: Core and Builtins
118
119Fix unparsing of ext slices with no items (``foo[:,]``). Patch by Batuhan
120Taskaya.
121
122..
123
124.. bpo: 22490
125.. date: 2018-09-23-16-32-58
126.. nonce: 8e0YDf
127.. section: Core and Builtins
128
129Don't leak environment variable ``__PYVENV_LAUNCHER__`` into the interpreter
130session on macOS.
131
132..
133
134.. bpo: 40138
135.. date: 2020-04-22-00-05-10
136.. nonce: i_oGqa
137.. section: Library
138
139Fix the Windows implementation of :func:`os.waitpid` for exit code larger
140than ``INT_MAX >> 8``. The exit status is now interpreted as an unsigned
141number.
142
143..
144
145.. bpo: 39942
146.. date: 2020-04-20-20-16-02
147.. nonce: NvGnTc
148.. section: Library
149
150Set "__main__" as the default module name when "__name__" is missing in
151:class:`typing.TypeVar`. Patch by Weipeng Hong.
152
153..
154
155.. bpo: 40330
156.. date: 2020-04-19-17-31-29
157.. nonce: DGjoIS
158.. section: Library
159
160In :meth:`ShareableList.__setitem__`, check the size of a new string item
161after encoding it to utf-8, not before.
162
163..
164
165.. bpo: 40287
166.. date: 2020-04-15-17-21-48
167.. nonce: -mkEJH
168.. section: Library
169
170Fixed ``SpooledTemporaryFile.seek()`` to return the position.
171
172..
173
174.. bpo: 40260
175.. date: 2020-04-12-21-18-56
176.. nonce: F6VWaE
177.. section: Library
178
179Ensure :mod:`modulefinder` uses :func:`io.open_code` and respects coding
180comments.
181
182..
183
184.. bpo: 40196
185.. date: 2020-04-06-11-05-13
186.. nonce: Jqowse
187.. section: Library
188
189Fix a bug in the :mod:`symtable` module that was causing incorrectly report
190global variables as local. Patch by Pablo Galindo.
191
192..
193
194.. bpo: 40126
195.. date: 2020-04-04-00-47-40
196.. nonce: Y-bTNP
197.. section: Library
198
199Fixed reverting multiple patches in unittest.mock. Patcher's ``__exit__()``
200is now never called if its ``__enter__()`` is failed. Returning true from
201``__exit__()`` silences now the exception.
202
203..
204
205.. bpo: 40089
206.. date: 2020-03-27-17-22-34
207.. nonce: -lFsD0
208.. section: Library
209
210Fix threading._after_fork(): if fork was not called by a thread spawned by
211threading.Thread, threading._after_fork() now creates a _MainThread instance
212for _main_thread, instead of a _DummyThread instance.
213
214..
215
216.. bpo: 39503
217.. date: 2020-03-25-16-02-16
218.. nonce: YmMbYn
219.. section: Library
220
221:class:`~urllib.request.AbstractBasicAuthHandler` of :mod:`urllib.request`
222now parses all WWW-Authenticate HTTP headers and accepts multiple challenges
223per header: use the realm of the first Basic challenge.
224
225..
226
227.. bpo: 40014
228.. date: 2020-03-23-17-52-00
229.. nonce: Ya70VG
230.. section: Library
231
232Fix ``os.getgrouplist()``: if ``getgrouplist()`` function fails because the
233group list is too small, retry with a larger group list. On failure, the
234glibc implementation of ``getgrouplist()`` sets ``ngroups`` to the total
235number of groups. For other implementations, double the group list size.
236
237..
238
239.. bpo: 40016
240.. date: 2020-03-19-19-40-27
241.. nonce: JWtxqJ
242.. section: Library
243
244In re docstring, clarify the relationship between inline and argument
245compile flags.
246
247..
248
249.. bpo: 39953
250.. date: 2020-03-19-16-33-03
251.. nonce: yy5lC_
252.. section: Library
253
254Update internal table of OpenSSL error codes in the ``ssl`` module.
255
256..
257
258.. bpo: 39360
259.. date: 2020-03-15-05-41-05
260.. nonce: cmcU5p
261.. section: Library
262
263Ensure all workers exit when finalizing a :class:`multiprocessing.Pool`
264implicitly via the module finalization handlers of multiprocessing. This
265fixes a deadlock situation that can be experienced when the Pool is not
266properly finalized via the context manager or a call to
267``multiprocessing.Pool.terminate``. Patch by Batuhan Taskaya and Pablo
268Galindo.
269
270..
271
272.. bpo: 39652
273.. date: 2020-03-11-23-08-25
274.. nonce: gbasrk
275.. section: Library
276
277The column name found in ``sqlite3.Cursor.description`` is now truncated on
278the first '[' only if the PARSE_COLNAMES option is set.
279
280..
281
282.. bpo: 39915
283.. date: 2020-03-10-19-38-47
284.. nonce: CjPeiY
285.. section: Library
286
287Ensure :attr:`unittest.mock.AsyncMock.await_args_list` has call objects in
288the order of awaited arguments instead of using
289:attr:`unittest.mock.Mock.call_args` which has the last value of the call.
290Patch by Karthikeyan Singaravelan.
291
292..
293
294.. bpo: 38662
295.. date: 2020-03-10-15-32-31
296.. nonce: o1DMXj
297.. section: Library
298
299The ``ensurepip`` module now invokes ``pip`` via the ``runpy`` module. Hence
300it is no longer tightly coupled with the internal API of the bundled ``pip``
301version, allowing easier updates to a newer ``pip`` version both internally
302and for distributors.
303
304..
305
306.. bpo: 39916
307.. date: 2020-03-09-18-56-27
308.. nonce: BHHyp3
309.. section: Library
310
311More reliable use of ``os.scandir()`` in ``Path.glob()``. It no longer emits
312a ResourceWarning when interrupted.
313
314..
315
316.. bpo: 39850
317.. date: 2020-03-09-01-45-06
318.. nonce: eaJNIE
319.. section: Library
320
321:mod:`multiprocessing` now supports abstract socket addresses (if abstract
322sockets are supported in the running platform). Patch by Pablo Galindo.
323
324..
325
326.. bpo: 39828
327.. date: 2020-03-05-00-57-49
328.. nonce: yWq9NJ
329.. section: Library
330
331Fix :mod:`json.tool` to catch :exc:`BrokenPipeError`. Patch by Dong-hee Na.
332
333..
334
335.. bpo: 13487
336.. date: 2020-03-04-16-10-59
337.. nonce: gqe4Fb
338.. section: Library
339
340Avoid a possible *"RuntimeError: dictionary changed size during iteration"*
341from :func:`inspect.getmodule` when it tried to loop through
342:attr:`sys.modules`.
343
344..
345
346.. bpo: 39794
347.. date: 2020-02-29-19-17-39
348.. nonce: 7VjatS
349.. section: Library
350
351Add --without-decimal-contextvar build option.  This enables a thread-local
352rather than a coroutine local context.
353
354..
355
356.. bpo: 39769
357.. date: 2020-02-29-13-20-33
358.. nonce: hJmxu4
359.. section: Library
360
361The :func:`compileall.compile_dir` function's *ddir* parameter and the
362compileall command line flag `-d` no longer write the wrong pathname to the
363generated pyc file for submodules beneath the root of the directory tree
364being compiled.  This fixes a regression introduced with Python 3.5.
365
366..
367
368.. bpo: 39517
369.. date: 2020-02-29-11-20-50
370.. nonce: voQZb8
371.. section: Library
372
373Fix runpy.run_path() when using pathlike objects
374
375..
376
377.. bpo: 39764
378.. date: 2020-02-27-18-21-07
379.. nonce: wqPk68
380.. section: Library
381
382Fix AttributeError when calling get_stack on a PyAsyncGenObject Task
383
384..
385
386.. bpo: 30566
387.. date: 2020-02-24-03-45-28
388.. nonce: qROxty
389.. section: Library
390
391Fix :exc:`IndexError` when trying to decode an invalid string with punycode
392codec.
393
394..
395
396.. bpo: 39667
397.. date: 2020-02-17-22-38-15
398.. nonce: QuzEHH
399.. section: Library
400
401Correct performance degradation in ``zipfile.Path`` as found in zipp 3.0.
402While retaining compatibility, this change discourages the use of
403``zipfile.Path.open`` due to the signature change in Python 3.9. For
404compatibility across Python 3.8 and later versions, consider using
405``zipp.Path`` on Python 3.8.x and earlier.
406
407..
408
409.. bpo: 39548
410.. date: 2020-02-06-05-33-52
411.. nonce: DF4FFe
412.. section: Library
413
414Fix handling of header in :class:`urllib.request.AbstractDigestAuthHandler`
415when the optional ``qop`` parameter is not present.
416
417..
418
419.. bpo: 38971
420.. date: 2019-12-20-16-06-28
421.. nonce: fKRYlF
422.. section: Library
423
424Open issue in the BPO indicated a desire to make the implementation of
425codecs.open() at parity with io.open(), which implements a try/except to
426assure file stream gets closed before an exception is raised.
427
428..
429
430.. bpo: 38410
431.. date: 2019-10-09-08-14-25
432.. nonce: _YyoMV
433.. section: Library
434
435Properly handle :func:`sys.audit` failures in
436:func:`sys.set_asyncgen_hooks`. Based on patch by Zackery Spytz.
437
438..
439
440.. bpo: 36541
441.. date: 2019-06-18-19-38-27
442.. nonce: XI8mi1
443.. section: Library
444
445lib2to3 now recognizes named assignment expressions (the walrus operator,
446``:=``)
447
448..
449
450.. bpo: 31758
451.. date: 2017-10-14-21-02-40
452.. nonce: 563ZZb
453.. section: Library
454
455Prevent crashes when using an uninitialized ``_elementtree.XMLParser``
456object. Patch by Oren Milman.
457
458..
459
460.. bpo: 27635
461.. date: 2020-04-01-00-27-03
462.. nonce: VwxUty
463.. section: Documentation
464
465The pickle documentation incorrectly claimed that ``__new__`` isn't called
466by default when unpickling.
467
468..
469
470.. bpo: 39879
471.. date: 2020-03-16-18-12-02
472.. nonce: CnQ7Cv
473.. section: Documentation
474
475Updated :ref:`datamodel` docs to include :func:`dict` insertion order
476preservation. Patch by Furkan Onder and Samy Lahfa.
477
478..
479
480.. bpo: 39868
481.. date: 2020-03-05-16-29-03
482.. nonce: JQoHhO
483.. section: Documentation
484
485Updated the Language Reference for :pep:`572`.
486
487..
488
489.. bpo: 13790
490.. date: 2020-02-28-14-39-25
491.. nonce: hvLaRI
492.. section: Documentation
493
494Change 'string' to 'specification' in format doc.
495
496..
497
498.. bpo: 17422
499.. date: 2020-02-27-17-35-27
500.. nonce: eS1hVh
501.. section: Documentation
502
503The language reference no longer restricts default class namespaces to dicts
504only.
505
506..
507
508.. bpo: 39530
509.. date: 2020-02-23-13-26-40
510.. nonce: _bCvzQ
511.. section: Documentation
512
513Fix misleading documentation about mixed-type numeric comparisons.
514
515..
516
517.. bpo: 39718
518.. date: 2020-02-21-22-05-20
519.. nonce: xtBoSi
520.. section: Documentation
521
522Update :mod:`token` documentation to reflect additions in Python 3.8
523
524..
525
526.. bpo: 39677
527.. date: 2020-02-18-14-28-31
528.. nonce: vNHqoX
529.. section: Documentation
530
531Changed operand name of **MAKE_FUNCTION** from *argc* to *flags* for module
532:mod:`dis`
533
534..
535
536.. bpo: 38387
537.. date: 2019-10-06-23-44-15
538.. nonce: fZoq0S
539.. section: Documentation
540
541Document :c:macro:`PyDoc_STRVAR` macro in the C-API reference.
542
543..
544
545.. bpo: 40436
546.. date: 2020-04-29-16-08-24
547.. nonce: gDMnYl
548.. section: Tests
549
550test_gdb and test.pythoninfo now check gdb command exit code.
551
552..
553
554.. bpo: 40162
555.. date: 2020-04-03-02-40-16
556.. nonce: v3pQW_
557.. section: Tests
558
559Update Travis CI configuration to OpenSSL 1.1.1f.
560
561..
562
563.. bpo: 40146
564.. date: 2020-04-02-02-14-37
565.. nonce: J-Yo9G
566.. section: Tests
567
568Update OpenSSL to 1.1.1f in Azure Pipelines.
569
570..
571
572.. bpo: 40019
573.. date: 2020-03-20-00-30-36
574.. nonce: zOqHpQ
575.. section: Tests
576
577test_gdb now skips tests if it detects that gdb failed to read debug
578information because the Python binary is optimized.
579
580..
581
582.. bpo: 27807
583.. date: 2020-03-18-16-04-33
584.. nonce: 9gKjET
585.. section: Tests
586
587``test_site.test_startup_imports()`` is now skipped if a path of
588:data:`sys.path` contains a ``.pth`` file.
589
590..
591
592.. bpo: 39793
593.. date: 2020-02-29-12-58-17
594.. nonce: Og2SUN
595.. section: Tests
596
597Use the same domain when testing ``make_msgid``. Patch by Batuhan Taskaya.
598
599..
600
601.. bpo: 1812
602.. date: 2019-11-25-21-46-47
603.. nonce: sAbTbY
604.. section: Tests
605
606Fix newline handling in doctest.testfile when loading from a package whose
607loader has a get_data method. Patch by Peter Donis.
608
609..
610
611.. bpo: 37957
612.. date: 2019-10-30-00-01-43
613.. nonce: X1r78F
614.. section: Tests
615
616test.regrtest now can receive a list of test patterns to ignore (using the
617-i/--ignore argument) or a file with a list of patterns to ignore (using the
618--ignore-file argument). Patch by Pablo Galindo.
619
620..
621
622.. bpo: 38502
623.. date: 2019-10-17-00-49-38
624.. nonce: vUEic7
625.. section: Tests
626
627test.regrtest now uses process groups in the multiprocessing mode (-jN
628command line option) if process groups are available: if :func:`os.setsid`
629and :func:`os.killpg` functions are available.
630
631..
632
633.. bpo: 38360
634.. date: 2020-04-22-02-33-54
635.. nonce: 74C68u
636.. section: Build
637
638Support single-argument form of macOS -isysroot flag.
639
640..
641
642.. bpo: 40204
643.. date: 2020-04-09-00-19-10
644.. nonce: K-S6RZ
645.. section: Build
646
647Pin Sphinx version to 1.8.2 in ``Doc/Makefile``.
648
649..
650
651.. bpo: 40158
652.. date: 2020-04-03-17-54-33
653.. nonce: MWUTs4
654.. section: Build
655
656Fix CPython MSBuild Properties in NuGet Package (build/native/python.props)
657
658..
659
660.. bpo: 38527
661.. date: 2020-03-28-10-43-09
662.. nonce: fqCRgD
663.. section: Build
664
665Fix configure check on Solaris for "float word ordering": sometimes, the
666correct "grep" command was not being used. Patch by Arnon Yaari.
667
668..
669
670.. bpo: 40164
671.. date: 2020-04-04-13-13-44
672.. nonce: SPrSn5
673.. section: Windows
674
675Updates Windows to OpenSSL 1.1.1f
676
677..
678
679.. bpo: 39930
680.. date: 2020-03-11-10-15-56
681.. nonce: LGHw1j
682.. section: Windows
683
684Ensures the required :file:`vcruntime140.dll` is included in install
685packages.
686
687..
688
689.. bpo: 39847
690.. date: 2020-03-04-17-05-11
691.. nonce: C3N2m3
692.. section: Windows
693
694Avoid hang when computer is hibernated whilst waiting for a mutex (for
695lock-related objects from :mod:`threading`) around 49-day uptime.
696
697..
698
699.. bpo: 38597
700.. date: 2020-03-01-15-04-54
701.. nonce: MnHdYl
702.. section: Windows
703
704:mod:`distutils` will no longer statically link :file:`vcruntime140.dll`
705when a redistributable version is unavailable. All future releases of
706CPython will include a copy of this DLL to ensure distributed extensions can
707continue to load.
708
709..
710
711.. bpo: 38380
712.. date: 2020-02-28-23-51-27
713.. nonce: TpOBCj
714.. section: Windows
715
716Update Windows builds to use SQLite 3.31.1
717
718..
719
720.. bpo: 39789
721.. date: 2020-02-28-22-46-09
722.. nonce: 67XRoP
723.. section: Windows
724
725Update Windows release build machines to Visual Studio 2019 (MSVC 14.2).
726
727..
728
729.. bpo: 34803
730.. date: 2020-02-25-18-43-34
731.. nonce: S3VcS0
732.. section: Windows
733
734Package for nuget.org now includes repository reference and bundled icon
735image.
736
737..
738
739.. bpo: 40164
740.. date: 2020-04-21-19-46-35
741.. nonce: 6HA6IC
742.. section: macOS
743
744Update macOS installer builds to use OpenSSL 1.1.1g.
745
746..
747
748.. bpo: 38380
749.. date: 2020-02-28-23-51-47
750.. nonce: u-ySyA
751.. section: macOS
752
753Update macOS builds to use SQLite 3.31.1
754
755..
756
757.. bpo: 27115
758.. date: 2020-03-09-02-45-12
759.. nonce: 8hSHMo
760.. section: IDLE
761
762For 'Go to Line', use a Query box subclass with IDLE standard behavior and
763improved error checking.
764
765..
766
767.. bpo: 39885
768.. date: 2020-03-08-14-27-36
769.. nonce: 29ERiR
770.. section: IDLE
771
772Since clicking to get an IDLE context menu moves the cursor, any text
773selection should be and now is cleared.
774
775..
776
777.. bpo: 39852
778.. date: 2020-03-06-01-55-14
779.. nonce: QjA1qF
780.. section: IDLE
781
782Edit "Go to line" now clears any selection, preventing accidental deletion.
783It also updates Ln and Col on the status bar.
784
785..
786
787.. bpo: 39781
788.. date: 2020-02-27-22-17-09
789.. nonce: bbYBeL
790.. section: IDLE
791
792Selecting code context lines no longer causes a jump.
793
794..
795
796.. bpo: 38439
797.. date: 2019-12-05-14-20-53
798.. nonce: j_L2PI
799.. section: IDLE
800
801Add a 256×256 pixel IDLE icon to support more modern environments. Created
802by Andrew Clover. Delete the unused macOS idle.icns icon file.
803
804..
805
806.. bpo: 38689
807.. date: 2019-11-14-12-59-19
808.. nonce: Lgfxva
809.. section: IDLE
810
811IDLE will no longer freeze when inspect.signature fails when fetching a
812calltip.
813
814..
815
816.. bpo: 40179
817.. date: 2020-04-04-19-35-22
818.. nonce: u9FH10
819.. section: Tools/Demos
820
821Fixed translation of ``#elif`` in Argument Clinic.
822
823..
824
825.. bpo: 36184
826.. date: 2020-03-09-13-28-13
827.. nonce: BMPJ0D
828.. section: Tools/Demos
829
830Port python-gdb.py to FreeBSD. python-gdb.py now checks for "take_gil"
831function name to check if a frame tries to acquire the GIL, instead of
832checking for "pthread_cond_timedwait" which is specific to Linux and can be
833a different condition than the GIL.
834
835..
836
837.. bpo: 39889
838.. date: 2020-03-07-18-01-30
839.. nonce: l1czT6
840.. section: Tools/Demos
841
842Fixed ``unparse.py`` for extended slices containing a single element (e.g.
843``a[i:j,]``). Remove redundant tuples when index with a tuple (e.g. ``a[i,
844j]``).
845
846..
847
848.. bpo: 35370
849.. date: 2020-03-13-16-44-23
850.. nonce: sXRA-r
851.. section: C API
852
853If :c:func:`PySys_Audit` fails in :c:func:`PyEval_SetProfile` or
854:c:func:`PyEval_SetTrace`, log the error as an unraisable exception.
855
856..
857
858.. bpo: 39884
859.. date: 2020-03-12-00-27-26
860.. nonce: CGOJBO
861.. section: C API
862
863:c:func:`PyDescr_NewMethod` and :c:func:`PyCFunction_NewEx` now include the
864method name in the SystemError "bad call flags" error message to ease debug.
865
866..
867
868.. bpo: 38643
869.. date: 2020-03-08-22-56-22
870.. nonce: k2ixx6
871.. section: C API
872
873:c:func:`PyNumber_ToBase` now raises a :exc:`SystemError` instead of
874crashing when called with invalid base.
875
876..
877
878.. bpo: 38913
879.. date: 2020-02-25-20-10-34
880.. nonce: siF1lS
881.. section: C API
882
883Fixed segfault in ``Py_BuildValue()`` called with a format containing "#"
884and undefined PY_SSIZE_T_CLEAN whwn an exception is set.
885