very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
types, constants, functions and modules. Finally, the
of the core language in (perhaps too) much detail.
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.
2023-06-07 15:26:54 by Adam Ciarcinski | Files touched by this commit (5) |  |
Log message:
python310 py310-html-docs: updated to 3.10.12
Python 3.10.12
Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to \
1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory \
traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes \
produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space \
characters following the specification for URLs defined by WHATWG in response to \
CVE-2023-24329. Patch by Illia Volochii.
Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have \
a new a filter argument that allows limiting tar features than may be surprising \
or dangerous, such as creating files outside the destination directory. See \
Extraction filters for details.
Documentation
gh-89412: Add missing documentation for the end_lineno and end_offset attributes \
of the traceback.TracebackException class.
Build
gh-103262: Fixes Windows installer build to work with latest compilers.
|
2023-04-06 13:16:52 by Adam Ciarcinski | Files touched by this commit (5) |  |
Log message:
python310 py310-html-docs: updated to 3.10.11
Python 3.10.11
Security
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release \
builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per \
the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when \
launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.
Core and Builtins
gh-102416: Do not memoize incorrectly automatically generated loop rules in the \
parser. Patch by Pablo Galindo.
gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter \
objects. Patch by Marta Gómez Macías.
gh-102397: Fix segfault from race condition in signal handling during garbage \
collection. Patch by Kumar Aditya.
gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer \
tries to acquire the runtime head lock. Patch by Kumar Aditya.
gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max \
Bachmann.
gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, \
when new list created.
gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal \
access of builtins.__dict__ keys mutates the iter object.
Library
gh-102947: Improve traceback when dataclasses.fields() is called on a \
non-dataclass. Patch by Alex Waygood
gh-101979: Fix a bug where parentheses in the metavar argument to \
argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim.
gh-102179: Fix os.dup2() error message for negative fds.
gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the \
encoding value even if the value is None. Patch by Gihwan Kim.
gh-101936: The default value of fp becomes io.BytesIO if HTTPError is \
initialized without a designated fp parameter. Patch by Long Vo.
gh-101566: In zipfile, apply fix for extractall on the underlying zipfile after \
being wrapped in Path.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
gh-101892: Callable iterators no longer raise SystemError when the callable \
object exhausts the iterator but forgets to either return a sentinel value or \
raise StopIteration.
gh-97786: Fix potential undefined behaviour in corner cases of \
floating-point-to-time conversions.
gh-101517: Fixed bug where bdb looks up the source line with linecache with a \
lineno=None, which causes it to fail with an unhandled exception.
gh-101673: Fix a pdb bug where ll clears the changes to local variables.
gh-96931: Fix incorrect results from ssl.SSLSocket.shared_ciphers()
gh-88233: Correctly preserve “extra” fields in zipfile regardless of their \
ordering relative to a zip64 “extra.”
gh-95495: When built against OpenSSL 3.0, the ssl module had a bug where it \
reported unauthenticated EOFs (i.e. without close_notify) as a clean TLS-level \
EOF. It now raises SSLEOFError, matching the behavior in previous versions of \
OpenSSL. The options attribute on SSLContext also no longer includes \
OP_IGNORE_UNEXPECTED_EOF by default. This option may be set to specify the \
previous OpenSSL 3.0 behavior.
gh-94440: Fix a concurrent.futures.process bug where ProcessPoolExecutor \
shutdown could hang after a future has been quickly submitted and canceled.
Documentation
gh-103112: Add docstring to http.client.HTTPResponse.read() to fix pydoc output.
gh-85417: Update cmath documentation to clarify behaviour on branch cuts.
gh-97725: Fix asyncio.Task.print_stack() description for file=None. Patch by \
Oleg Iarygin.
Tests
gh-102980: Improve test coverage on pdb.
gh-102537: Adjust the error handling strategy in \
test_zoneinfo.TzPathTest.python_tzpath_context. Patch by Paul Ganssle.
gh-101377: Improved test_locale_calendar_formatweekday of calendar.
Build
gh-102711: Fix -Wstrict-prototypes compiler warnings.
Windows
gh-101759: Update Windows installer to SQLite 3.40.1.
gh-101614: Correctly handle extensions built against debug binaries that \
reference python3_d.dll.
macOS
gh-103207: Add instructions to the macOS installer welcome display on how to \
workaround the macOS 13 Ventura “The installer encountered an error” \
failure.
gh-101759: Update macOS installer to SQLite 3.40.1.
gh-87235: On macOS python3 /dev/fd/9 9</path/to/script.py failed for any \
script longer than a couple of bytes.
|
2022-12-07 12:53:58 by Adam Ciarcinski | Files touched by this commit (5) |  |
Log message:
python310 py310-html-docs: updated to 3.10.9
Python 3.10.9 final
Security
gh-100001: python -m http.server no longer allows terminal control characters \
sent within a garbage request to be printed to the stderr server log.
This is done by changing the http.server BaseHTTPRequestHandler .log_message \
method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc \
module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio \
related name resolution functions no longer involves a quadratic algorithm. This \
prevents a potential CPU denial of service if an out-of-spec excessive length \
hostname involving bidirectional characters were decoded. Some protocols such as \
urllib http 3xx redirects potentially allow for an attacker to supply such a \
name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-97514: On Linux the multiprocessing module returns to using filesystem backed \
unix domain sockets for communication with the forkserver process instead of the \
Linux abstract socket namespace. Only code that chooses to use the \
“forkserver” start method is affected.
Abstract sockets have no permissions and could allow any user on the system in \
the same network namespace (often the whole system) to inject code into the \
multiprocessing forkserver process. This was a potential privilege escalation. \
Filesystem based socket permissions restrict this to the forkserver process user \
as was the default in Python 3.8 and earlier.
This prevents Linux CVE-2022-42919.
Core and Builtins
gh-99578: Fix a reference bug in _imp.create_builtin() after the creation of the \
first sub-interpreter for modules builtins and sys. Patch by Victor Stinner.
gh-99581: Fixed a bug that was causing a buffer overflow if the tokenizer copies \
a line missing the newline caracter from a file that is as long as the available \
tokenizer buffer. Patch by Pablo galindo
gh-96055: Update faulthandler to emit an error message with the proper \
unexpected signal number. Patch by Dong-hee Na.
gh-98852: Fix subscription of types.GenericAlias instances containing bare \
generic types: for example tuple[A, T][int], where A is a generic type, and T is \
a type variable.
gh-98415: Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim \
Sanders
gh-92119: Print exception class name instead of its string representation when \
raising errors from ctypes calls.
gh-93696: Allow pdb to locate source for frozen modules in the standard library.
bpo-31718: Raise ValueError instead of SystemError when methods of uninitialized \
io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman.
bpo-38031: Fix a possible assertion failure in io.FileIO when the opener returns \
an invalid file descriptor.
Library
gh-100001: Also escape s in the http.server BaseHTTPRequestHandler.log_message \
so that it is technically possible to parse the line and reconstruct what the \
original data was. Without this a xHH is ambiguious as to if it is a hex \
replacement we put in or the characters r”x” came through in the original \
request line.
gh-93453: asyncio.get_event_loop() now only emits a deprecation warning when a \
new event loop was created implicitly. It no longer emits a deprecation warning \
if the current event loop was set.
gh-51524: Fix bug when calling trace.CoverageResults with valid infile.
gh-99645: Fix a bug in handling class cleanups in unittest.TestCase. Now \
addClassCleanup() uses separate lists for different TestCase subclasses, and \
doClassCleanups() only cleans up the particular class.
gh-97001: Release the GIL when calling termios APIs to avoid blocking threads.
gh-99341: Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing \
line numbers.
gh-74044: Fixed bug where inspect.signature() reported incorrect arguments for \
decorated methods.
gh-99275: Fix SystemError in ctypes when exception was not set during \
__initsubclass__.
gh-99155: Fix statistics.NormalDist pickle with 0 and 1 protocols.
gh-99134: Update the bundled copy of pip to version 22.3.1.
gh-99130: Apply bugfixes from importlib_metadata 4.11.4, namely: In \
PathDistribution._name_from_stem, avoid including parts of the extension in the \
result. In PathDistribution._normalized_name, ensure names loaded from the stem \
of the filename are also normalized, ensuring duplicate entry points by packages \
varying only by non-normalized name are hidden.
gh-83004: Clean up refleak on failed module initialisation in _zoneinfo
gh-83004: Clean up refleaks on failed module initialisation in in _pickle
gh-83004: Clean up refleak on failed module initialisation in _io.
gh-98897: Fix memory leak in math.dist() when both points don’t have the same \
dimension. Patch by Kumar Aditya.
gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and \
_overlapped.Overlapped.WSASendTo() functions.
gh-98740: Fix internal error in the re module which in very rare circumstances \
prevented compilation of a regular expression containing a conditional \
expression without the “else” branch.
gh-98703: Fix asyncio.StreamWriter.drain() to call protocol.connection_lost \
callback only once on Windows.
gh-98624: Add a mutex to unittest.mock.NonCallableMock to protect concurrent \
access to mock attributes.
gh-89237: Fix hang on Windows in subprocess.wait_closed() in asyncio with \
ProactorEventLoop. Patch by Kumar Aditya.
gh-98458: Fix infinite loop in unittest when a self-referencing chained \
exception is raised
gh-97928: tkinter.Text.count() raises now an exception for options starting with \
“-” instead of silently ignoring them.
gh-97966: On uname_result, restored expectation that _fields and _asdict would \
include all six properties including processor.
gh-98331: Update the bundled copies of pip and setuptools to versions 22.3 and \
65.5.0 respectively.
gh-96035: Fix bug in urllib.parse.urlparse() that causes certain port numbers \
containing whitespace, underscores, plus and minus signs, or non-ASCII digits to \
be incorrectly accepted.
gh-98251: Allow venv to pass along PYTHON* variables to ensurepip and pip when \
they do not impact path resolution
gh-98178: On macOS, fix a crash in syslog.syslog() in multi-threaded \
applications. On macOS, the libc syslog() function is not thread-safe, so \
syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner.
gh-96151: Allow BUILTINS to be a valid field name for frozen dataclasses.
gh-98086: Make sure patch.dict() can be applied on async functions.
gh-88863: To avoid apparent memory leaks when asyncio.open_connection() raises, \
break reference cycles generated by local exception and future instances (which \
has exception instance as its member var). Patch by Dong Uk, Kang.
gh-93858: Prevent error when activating venv in nested fish instances.
bpo-46364: Restrict use of sockets instead of pipes for stdin of subprocesses \
created by asyncio to AIX platform only.
bpo-38523: shutil.copytree() now applies the ignore_dangling_symlinks argument \
recursively.
bpo-36267: Fix IndexError in argparse.ArgumentParser when a store_true action is \
given an explicit argument.
Documentation
gh-92892: Document that calling variadic functions with ctypes requires special \
care on macOS/arm64 (and possibly other platforms).
Tests
gh-99892: Skip test_normalization() of test_unicodedata if it fails to download \
NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner.
bpo-34272: Some C API tests were moved into the new Lib/test/test_capi/ directory.
Build
gh-99086: Fix -Wimplicit-int, -Wstrict-prototypes, and \
-Wimplicit-function-declaration compiler warnings in configure checks.
gh-99086: Fix -Wimplicit-int compiler warning in configure check for \
PTHREAD_SCOPE_SYSTEM.
gh-97731: Specify the full path to the source location for make docclean (needed \
for cross-builds).
gh-98671: Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension \
when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned \
memory accesses are not allowed.
Windows
gh-99345: Use faster initialization functions to detect install location for \
Windows Store package
gh-98689: Update Windows builds to zlib v1.2.13. v1.2.12 has CVE-2022-37434, but \
the vulnerable inflateGetHeader API is not used by Python.
gh-94328: Update Windows installer to use SQLite 3.39.4.
bpo-40882: Fix a memory leak in multiprocessing.shared_memory.SharedMemory on \
Windows.
macOS
gh-94328: Update macOS installer to SQLite 3.39.4.
IDLE
gh-97527: Fix a bug in the previous bugfix that caused IDLE to not start when \
run with 3.10.8, 3.12.0a1, and at least Microsoft Python 3.10.2288.0 installed \
without the Lib/test package. 3.11.0 was never affected.
Tools/Demos
gh-95731: Fix handling of module docstrings in Tools/i18n/pygettext.py.
|
2022-10-12 10:02:25 by Adam Ciarcinski | Files touched by this commit (5) |  |
Log message:
python310 py310-html-docs: updated to 3.10.8
Python 3.10.8
Security
gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer \
overflow when the new allocated length is close to the maximum size. Issue \
reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the \
get-remote-certificate.py example script. The script no longer uses a shell to \
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \
Victor Stinner.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text \
(filenames, MIME types, parameters) into shell commands. Instead of using such \
text, it will warn and act as if a match was not found (or for test commands, as \
if the test failed).
Core and Builtins
gh-96078: os.sched_yield() now release the GIL while calling sched_yield(2). \
Patch by Dong-hee Na.
gh-97943: Bugfix: PyFunction_GetAnnotations() should return a borrowed \
reference. It was returning a new reference.
gh-97591: Fixed a missing incref/decref pair in Exception.__setstate__(). Patch \
by Ofey Chan.
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no \
value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a \
valid limit. Patch by Victor Stinner.
gh-95921: Fix overly-broad source position information for chained comparisons \
used as branching conditions.
gh-96821: Fix undefined behaviour in _testcapimodule.c.
gh-95778: When ValueError is raised if an integer is larger than the limit, \
mention the sys.set_int_max_str_digits() function in the error message. Patch by \
Victor Stinner.
gh-96387: At Python exit, sometimes a thread holding the GIL can wait forever \
for a thread (usually a daemon thread) which requested to drop the GIL, whereas \
the thread already exited. To fix the race condition, the thread which requested \
the GIL drop now resets its request before exiting. Issue discovered and \
analyzed by Mingliang ZHAO. Patch by Victor Stinner.
gh-96864: Fix a possible assertion failure, fatal error, or SystemError if a \
line tracing event raises an exception while opcode tracing is enabled.
gh-96678: Fix undefined behaviour in C code of null pointer arithmetic.
gh-96641: Do not expose KeyWrapper in _functools.
gh-96611: When loading a file with invalid UTF-8 inside a multi-line string, a \
correct SyntaxError is emitted.
gh-95196: Disable incorrect pickling of the C implemented classmethod descriptors.
gh-96352: Fix AttributeError missing name and obj attributes in \
object.__getattribute__(). Patch by Philip Georgi.
bpo-42316: Document some places where an assignment expression needs parentheses.
Library
gh-87730: Wrap network errors consistently in urllib FTP support, so the test \
suite doesn’t fail when a network is available but the public internet is not \
reachable.
gh-97825: Fixes AttributeError when subprocess.check_output() is used with \
argument input=None and either of the arguments encoding or errors are used.
gh-96827: Avoid spurious tracebacks from asyncio when default executor cleanup \
is delayed until after the event loop is closed (e.g. as the result of a \
keyboard interrupt).
gh-97592: Avoid a crash in the C version of \
asyncio.Future.remove_done_callback() when an evil argument is passed.
gh-97639: Remove tokenize.NL check from tabnanny.
gh-97545: Make Semaphore run faster.
gh-73588: Fix generation of the default name of tkinter.Checkbutton. Previously, \
checkbuttons in different parent widgets could have the same short name and \
share the same state if arguments “name” and “variable” are not \
specified. Now they are globally unique.
gh-97005: Update bundled libexpat to 2.4.9
gh-85760: Fix race condition in asyncio where process_exited() called before the \
pipe_data_received() leading to inconsistent output. Patch by Kumar Aditya.
gh-96819: Fixed check in multiprocessing.resource_tracker that guarantees that \
the length of a write to a pipe is not greater than PIPE_BUF.
gh-96741: Corrected type annotation for dataclass attribute \
pstats.FunctionProfile.ncalls to be str.
gh-96652: Fix the faulthandler implementation of faulthandler.register(signal, \
chain=True) if the sigaction() function is not available: don’t call the \
previous signal handler if it’s NULL. Patch by Victor Stinner.
gh-96073: In inspect, fix overeager replacement of “typing.” in formatting \
annotations.
gh-90467: Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to \
the created task, so that it’s not garbage collected
gh-96052: Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) \
in codeop.compile_command() when checking for incomplete input. Previously it \
emitted warnings and raised a SyntaxError. Now it always returns None for \
incomplete input without emitting any warnings.
gh-91212: Fixed flickering of the turtle window when the tracer is turned off. \
Patch by Shin-myoung-serp.
gh-74116: Allow asyncio.StreamWriter.drain() to be awaited concurrently by \
multiple tasks. Patch by Kumar Aditya.
gh-90155: Fix broken asyncio.Semaphore when acquire is cancelled.
gh-92986: Fix ast.unparse() when ImportFrom.level is None
gh-91539: Improve performance of urllib.request.getproxies_environment when \
there are many environment variables
Documentation
gh-97741: Fix ! in c domain ref target syntax via a conf.py patch, so it works \
as intended to disable ref target resolution.
gh-95588: Clarified the conflicting advice given in the ast documentation about \
ast.literal_eval() being “safe” for use on untrusted input while at the same \
time warning that it can crash the process. The latter statement is true and is \
deemed unfixable without a large amount of work unsuitable for a bugfix. So we \
keep the warning and no longer claim that literal_eval is safe.
gh-93031: Update tutorial introduction output to use 3.10+ SyntaxError invalid range.
Build
gh-96729: Ensure that Windows releases built with Tools\msi\buildrelease.bat are \
upgradable to and from official Python releases.
Windows
gh-97728: Fix possible crashes caused by the use of uninitialized variables when \
pass invalid arguments in os.system() on Windows and in Windows-specific modules \
(like winreg).
gh-90989: Clarify some text in the Windows installer.
gh-96577: Fixes a potential buffer overrun in msilib.
macOS
gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system \
calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could \
result in a segfault if cpython is built with the macOS 13 SDK but run on an \
earlier version of macOS. Prevent this by adding runtime support for detection \
of these system calls (“weaklinking”) as is done for other newer syscalls on \
macOS.
|
2022-09-06 21:13:24 by Adam Ciarcinski | Files touched by this commit (4) |  |
Log message:
python310: updated to 3.10.7
Python 3.10.7 final
Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 \
(octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a \
ValueError if the number of digits in string form is above a limit to avoid \
potential denial of service attacks due to the algorithmic complexity. This is a \
mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable, command \
line flag, or sys APIs. See the integer string conversion length limitation \
documentation. The default limit is 4300 digits in string form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback \
from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
Core and Builtins
gh-96187: Fixed a bug that caused _PyCode_GetExtra to return garbage for \
negative indexes. Patch by Pablo Galindo
gh-95876: Fix format string in _PyPegen_raise_error_known_location that can lead \
to memory corruption on some 64bit systems. The function was building a tuple \
with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments.
gh-95605: Fix misleading contents of error message when converting an \
all-whitespace string to float.
gh-93592: coroutine.throw() now properly initializes the frame.f_back when \
resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work \
correctly when an exception (such as CancelledError) is thrown into a coroutine.
gh-94996: ast.parse() will no longer parse function definitions with \
positional-only params when passed feature_version less than (3, 8). Patch by \
Shantanu Jain.
Library
gh-68163: Correct conversion of numbers.Rational’s to float.
gh-96159: Fix a performance regression in logging TimedRotatingFileHandler. Only \
check for special files when the rollover time has passed.
gh-96175: Fix unused localName parameter in the Attr class in xml.dom.minidom.
gh-95609: Update bundled pip to 22.2.2.
gh-95231: Fail gracefully if EPERM or ENOSYS is raised when loading crypt \
methods. This may happen when trying to load MD5 on a Linux kernel with FIPS \
enabled.
Documentation
gh-96098: Improve discoverability of the higher level concurrent.futures module \
by providing clearer links from the lower level threading and multiprocessing \
modules.
gh-95789: Update the default RFC base URL from deprecated tools.ietf.org to \
datatracker.ietf.org
gh-91207: Fix stylesheet not working in Windows CHM htmlhelp docs. Contributed \
by C.A.M. Gerlach.
bpo-47115: The documentation now lists which members of C structs are part of \
the Limited API/Stable ABI.
Tests
gh-95243: Mitigate the inherent race condition from using find_unused_port() in \
testSockName() by trying to find an unused port a few times before failing. \
Patch by Ross Burton.
Build
gh-94682: Build and test with OpenSSL 1.1.1q
IDLE
gh-65802: Document handling of extensions in Save As dialogs.
gh-95191: Include prompts when saving Shell (interactive input and output).
|
2022-08-03 10:16:17 by Thomas Klausner | Files touched by this commit (1) |
Log message:
python310: fix PLIST on NetBSD
3.10 has fixed ossaudio support, enabling that module by default.
|
2022-08-02 20:27:22 by Adam Ciarcinski | Files touched by this commit (6) |  |
Log message:
python310 py310-html-docs: updated to 3.10.6
Python 3.10.6 final
Release date: 2022-08-01
Security
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server \
when an URI path starts with //. Vulnerability discovered, and initial fix \
proposed, by Hamza Avvan.
gh-92888: Fix memoryview use after free when accessing the backing buffer in \
certain cases.
Core and Builtins
gh-95355: _PyPegen_Parser_New now properly detects token memory allocation \
errors. Patch by Honglin Zhu.
gh-94938: Fix error detection in some builtin functions when keyword argument \
name is an instance of a str subclass with overloaded __eq__ and __hash__. \
Previously it could cause SystemError or other undesired behavior.
gh-94949: ast.parse() will no longer parse parenthesized context managers when \
passed feature_version less than (3, 9). Patch by Shantanu Jain.
gh-94947: ast.parse() will no longer parse assignment expressions when passed \
feature_version less than (3, 8). Patch by Shantanu Jain.
gh-94869: Fix the column offsets for some expressions in multi-line f-strings \
ast nodes. Patch by Pablo Galindo.
gh-91153: Fix an issue where a bytearray item assignment could crash if it’s \
resized by the new value’s __index__() method.
gh-94329: Compile and run code with unpacking of extremely large sequences \
(1000s of elements). Such code failed to compile. It now compiles and runs \
correctly.
gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors \
from stdin with non utf-8 encoded text. Patch by Pablo Galindo
gh-94192: Fix error for dictionary literals with invalid expression as value.
gh-93964: Strengthened compiler overflow checks to prevent crashes when \
compiling very large source files.
gh-93671: Fix some exponential backtrace case happening with deeply nested \
sequence patterns in match statements. Patch by Pablo Galindo
gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. \
Patch by Jelle Zijlstra.
gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ \
or persistent_id.
gh-92914: Always round the allocated size for lists up to the nearest even number.
gh-92858: Improve error message for some suites with syntax error before ‘:’
Library
gh-95339: Update bundled pip to 22.2.1.
gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it \
before calling any callbacks. Patch by Kumar Aditya.
gh-95087: Fix IndexError in parsing invalid date in the email module.
gh-95199: Upgrade bundled setuptools to 63.2.0.
gh-95194: Upgrade bundled pip to 22.2.
gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and \
os.EFD_SEMAPHORE flags on older kernel versions where these flags are not \
present. Patch by Kumar Aditya.
gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting \
on future on an error - e.g. TimeoutError or KeyboardInterrupt.
gh-93157: Fix fileinput module didn’t support errors option when inplace is true.
gh-94821: Fix binding of unix socket to empty address on Linux to use an \
available address from the abstract namespace, instead of “0”.
gh-94736: Fix crash when deallocating an instance of a subclass of \
_multiprocessing.SemLock. Patch by Kumar Aditya.
gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around \
SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU \
intensive work.
gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise \
RuntimeError. Patch by Pablo Galindo.
gh-92336: Fix bug where linecache.getline() fails on bad files with \
UnicodeDecodeError or SyntaxError. It now returns an empty string as per the \
documentation.
gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. \
Patch by Kumar Aditya.
gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya.
gh-94245: Fix pickling and copying of typing.Tuple[()].
gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the \
_struct module.
gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as \
it lead to misconfigured instances that crashed the interpreter when attributes \
where accessed on them.
gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and \
inspect.isasyncgenfunction() now properly return True for duck-typed \
function-like objects like instances of unittest.mock.AsyncMock.
This makes inspect.iscoroutinefunction() consistent with the behavior of \
asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK.
gh-83499: Fix double closing of file description in tempfile.
gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, \
ProxyType, CallableProxyType. It makes them pickleable.
gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if \
__reduce__() returns a tuple with length 6 instead of silently ignore the 6th \
item or produce incorrect result.
gh-90549: Fix a multiprocessing bug where a global named resource (such as a \
semaphore) could leak when a child process is spawned (as opposed to forked).
gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch \
by Erlend E. Aasland.
gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to \
completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. \
Patch by Erlend E. Aasland.
gh-91810: Suppress writing an XML declaration in open files in \
ElementTree.write() with encoding='unicode' and xml_declaration=None.
gh-93353: Fix the importlib.resources.as_file() context manager to remove the \
temporary file if destroyed late during Python finalization: keep a local \
reference to the os.remove() function. Patch by Victor Stinner.
gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is \
not None or a positive int.
gh-74696: shutil.make_archive() no longer temporarily changes the current \
working directory during creation of standard .zip or tar archives.
gh-91577: Move imports in SharedMemory methods to module level so that they can \
be executed late in python finalization.
bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname \
directories.
bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack \
trace from being written twice.
bpo-46053: Fix OSS audio support on NetBSD.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.
bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised \
multiple times. Patch by Kumar Aditya.
bpo-34828: sqlite3.Connection.iterdump() now handles databases that use \
AUTOINCREMENT in one or more tables.
Documentation
gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol.
gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is \
executed before any handlers in atexit.
gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager.
gh-87260: Align sqlite3 argument specs with the actual implementation.
gh-86986: The minimum Sphinx version required to build the documentation is now 3.2.
gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need \
to keep strong references to tasks and added a code snippet detailing how to to \
this.
bpo-47161: Document that pathlib.PurePath does not collapse initial double \
slashes because they denote UNC paths.
Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require \
perfect forward secrecy (PFS) ciphers.
gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe.
gh-91330: Added more tests for dataclasses to cover behavior with data \
descriptor-based fields.
# Write your Misc/NEWS entry below. It should be a simple ReST paragraph. # \
Don’t start with “- Issue #<n>: ” or “- gh-issue-<n>: ” or \
that sort of stuff. \
###########################################################################
gh-94208: test_ssl is now checking for supported TLS version and protocols in \
more tests.
gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers.
gh-93957: Provide nicer error reporting from subprocesses in \
test_venv.EnsurePipTest.test_with_pip.
gh-57539: Increase calendar test coverage for \
calendar.LocaleTextCalendar.formatweekday().
gh-92886: Fixing tests that fail when running with optimizations (-O) in \
test_zipimport.py
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and \
setuptools. Patch by Illia Volochii and Adam Turner.
Build
gh-94841: Fix the possible performance regression of PyObject_Free() compiled \
with MSVC version 1932.
bpo-45816: Python now supports building with Visual Studio 2022 (MSVC v143, VS \
Version 17.0). Patch by Jeremiah Vivian.
Windows
gh-90844: Allow virtual environments to correctly launch when they have spaces \
in the path.
gh-92841: asyncio no longer throws RuntimeError: Event loop is closed on \
interpreter exit after asynchronous socket activity. Patch by Oleg Iarygin.
bpo-42658: Support native Windows case-insensitive path comparisons by using \
LCMapStringEx instead of str.lower() in ntpath.normcase(). Add LCMapStringEx to \
the _winapi module.
IDLE
gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra \
line when one selects whole lines.
gh-95471: In the Edit menu, move Select All and add a new separator.
gh-95411: Enable using IDLE’s module browser with .pyw files.
gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows \
opening stub files by double clicking on them in the Finder.
Tools/Demos
gh-94538: Fix Argument Clinic output to custom file destinations. Patch by \
Erlend E. Aasland.
gh-94430: Allow parameters named module and self with custom C names in Argument \
Clinic. Patch by Erlend E. Aasland
C API
gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with \
# in (...) but without PY_SSIZE_T_CLEAN defined.
gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It \
returned 1 (success) when warnings are turned into exceptions.
|
2022-07-07 17:26:43 by Pierre Pronchery | Files touched by this commit (4) |
Log message:
python{39,310}: fix the build when the work directory is in $PREFIX
As documented in pkg/56774, when WRKOBJDIR is in LOCALBASE (eg set to
${LOCALBASE}/work) then changes done to Python's setup.py made it
unable to locate its own built-in modules, then failing to bootstrap and
build.
As suggested by tnn@; tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
|