Log Message:
python38: updated to 3.8.9

Python 3.8.9 final

Security

bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which \ 
could be abused to read arbitrary files on the disk (directory traversal \ 
vulnerability). Moreover, even source code of Python modules can contain \ 
sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server \ 
in response to the PASV command by default. This prevents a malicious FTP server \ 
from using the response to probe IPv4 address and port combinations on the \ 
client network.

Code that requires the former vulnerable behavior may set a \ 
trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True \ 
to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and \ 
gc.get_referents(). Patch by Pablo Galindo.

Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that \ 
can remove the object while an exception is being printed. Patch by Pablo \ 
Galindo.
bpo-35883: Python no longer fails at startup with a fatal error if a command \ 
line argument contains an invalid Unicode character. The Py_DecodeLocale() \ 
function now escapes byte sequences which would be decoded as Unicode characters \ 
outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to \ 
execute a non-Python signal handler.

Library
bpo-35930: Raising an exception raised in a “future” instance will create \ 
reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with \ 
ssl.SSLContext.sni_callback().
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is \ 
an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with \ 
initial_response_ok=False will fail.

The cause is that SMTP.auth_login _always_ returns a password if provided with a \ 
challenge string, thus non-compliant with the standard for AUTH LOGIN.

Also fixes bug with the test for smtpd.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python \ 
implementation
bpo-43316: The python -m gzip command line application now properly fails when \ 
detecting an unsupported extension. It exits with a non-zero exit code and \ 
prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very \ 
large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories \ 
on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.

Documentation
bpo-43199: Answer “Why is there no goto?” in the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), \ 
time.process_time(), or time.thread_time() can be compared with the result from \ 
any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ‘yield from <expr>’ works with any iterable, \ 
not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as “will \ 
be removed in 4.0” to “3.12”. See PEP 623 for detail.

Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if \ 
setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.

Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package \ 
and remove our copies of M4 macros.

macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.

IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP \ 
masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLE’s Shell is often slower than printing \ 
to a system terminal and that it can be made faster by pre-formatting a single \ 
string before printing.