bpo-40527: Fix command line argument parsing: no longer write errors
multiple times into stderr.
bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule
is called. Patch by Robert Rouhani.
bpo-39562: The constant values of future flags in the :mod:__future__
module are updated in order to prevent collision with compiler flags.
Previously PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing with
CO_FUTURE_DIVISION.
Library
bpo-40559: Fix possible memory leak in the C implementation of
:class:asyncio.Task.
bpo-40355: Improve error reporting in :func:ast.literal_eval in the
presence of malformed :class:ast.Dict nodes instead of silently ignoring
any non-conforming elements. Patch by Curtis Bucher.
bpo-40459: :func:platform.win32_ver now produces correct *ptype* strings
instead of empty strings.
bpo-40398: :func:typing.get_args now always returns an empty tuple for
special generic aliases.
Documentation
bpo-40561: Provide docstrings for webbrowser open functions.
bpo-39435: Fix an incorrect signature for :func:pickle.loads in the docs
Windows
bpo-40458: Increase reserved stack space to prevent overflow crash on Windows.
C API
bpo-40412: Nullify inittab_copy during finalization, preventing future
interpreter initializations in an embedded situation from crashing. Patch
by Gregory Szorc.
What's New in Python 3.8.3 release candidate 1?
Security
bpo-40121: Fixes audit events raised on creating a new socket.
bpo-38576: Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header injection
URLs now cause a InvalidURL to be raised.
bpo-39503: CVE-2020-8492: The
:class:~urllib.request.AbstractBasicAuthHandler class of the
:mod:urllib.request module uses an inefficient regular expression which
can be exploited by an attacker to cause a denial of service. Fix the
regex to prevent the catastrophic backtracking. Vulnerability reported by
Ben Caller and Matt Schwager.
Core and Builtins
bpo-20526: Fix :c:func:`PyThreadState_Clear(). PyThreadState.frame` is
a borrowed reference, not a strong reference: PyThreadState_Clear()
must not call Py_CLEAR(tstate->frame).
bpo-39965: Correctly raise SyntaxError if *await* is used inside
non-async functions and PyCF_ALLOW_TOP_LEVEL_AWAIT is set (like in the
asyncio REPL).
bpo-39562: Allow executing asynchronous comprehensions on the top level
when the PyCF_ALLOW_TOP_LEVEL_AWAIT flag is given.
bpo-38894: Fix a bug that was causing incomplete results when calling
pathlib.Path.glob in the presence of symlinks that point to files
where the user does not have read access.
bpo-39871: Fix a possible :exc:SystemError in
math.{atan2,copysign,remainder}() when the first argument cannot be
converted to a :class:float.
bpo-39776: Fix race condition where threads created by PyGILState_Ensure()
could get a duplicate id.
This affects consumers of tstate->id like the contextvar caching
machinery, which could return invalid cached objects under heavy thread
load (observed in embedded scenarios).
bpo-39778: Fixed a crash due to incorrect handling of weak references in
collections.OrderedDict classes. Patch by Pablo Galindo.
bpo-39520: Fix unparsing of ext slices with no items (foo[:,]). Patch
by Batuhan Taskaya.
bpo-22490: Don't leak environment variable PYVENV_LAUNCHER into
the interpreter session on macOS.
Library
bpo-40138: Fix the Windows implementation of :func:os.waitpid for exit
code larger than INT_MAX >> 8. The exit status is now interpreted as
an unsigned number.
bpo-39942: Set "main" as the default module name when "name" is
missing in :class:typing.TypeVar. Patch by Weipeng Hong.
bpo-40330: In :meth:ShareableList.__setitem__, check the size of a new
string item after encoding it to utf-8, not before.
bpo-40287: Fixed SpooledTemporaryFile.seek() to return the position.
bpo-40260: Ensure :mod:modulefinder uses :func:io.open_code and
respects coding comments.
bpo-40196: Fix a bug in the :mod:symtable module that was causing
incorrectly report global variables as local. Patch by Pablo Galindo.
bpo-40126: Fixed reverting multiple patches in unittest.mock. Patcher's
exit() is now never called if its enter() is failed.
Returning true from exit() silences now the exception.
bpo-40089: Fix threading._after_fork(): if fork was not called by a thread
spawned by threading.Thread, threading._after_fork() now creates a
_MainThread instance for _main_thread, instead of a _DummyThread instance.
bpo-39503: :class:~urllib.request.AbstractBasicAuthHandler of
:mod:urllib.request now parses all WWW-Authenticate HTTP headers and
accepts multiple challenges per header: use the realm of the first Basic
challenge.
bpo-40014: Fix os.getgrouplist(): if getgrouplist() function fails
because the group list is too small, retry with a larger group list. On
failure, the glibc implementation of getgrouplist() sets ngroups
to the total number of groups. For other implementations, double the group
list size.
bpo-40016: In re docstring, clarify the relationship between inline and
argument compile flags.
bpo-39953: Update internal table of OpenSSL error codes in the ssl
module.
bpo-39360: Ensure all workers exit when finalizing a
:class:multiprocessing.Pool implicitly via the module finalization
handlers of multiprocessing. This fixes a deadlock situation that can be
experienced when the Pool is not properly finalized via the context
manager or a call to multiprocessing.Pool.terminate.
bpo-39652: The column name found in sqlite3.Cursor.description is now
truncated on the first '[' only if the PARSE_COLNAMES option is set.
bpo-39915: Ensure :attr:unittest.mock.AsyncMock.await_args_list has call
objects in the order of awaited arguments instead of using
:attr:unittest.mock.Mock.call_args which has the last value of the call.
Patch by Karthikeyan Singaravelan.
bpo-38662: The ensurepip module now invokes pip via the runpy
module. Hence it is no longer tightly coupled with the internal API of the
bundled pip version, allowing easier updates to a newer pip
version both internally and for distributors.
bpo-39916: More reliable use of os.scandir() in Path.glob(). It no
longer emits a ResourceWarning when interrupted.
bpo-39850: :mod:multiprocessing now supports abstract socket addresses
(if abstract sockets are supported in the running platform). Patch by
Pablo Galindo.
bpo-39828: Fix :mod:json.tool to catch :exc:BrokenPipeError. Patch by
Dong-hee Na.
bpo-13487: Avoid a possible *"RuntimeError: dictionary changed size during
iteration"* from :func:inspect.getmodule when it tried to loop through
:attr:sys.modules.
bpo-39794: Add --without-decimal-contextvar build option. This enables a
thread-local rather than a coroutine local context.
bpo-39769: The :func:compileall.compile_dir function's *ddir* parameter
and the compileall command line flag -d no longer write the wrong
pathname to the generated pyc file for submodules beneath the root of the
directory tree being compiled. This fixes a regression introduced with
Python 3.5.
bpo-39517: Fix runpy.run_path() when using pathlike objects
bpo-39764: Fix AttributeError when calling get_stack on a PyAsyncGenObject
Task
bpo-30566: Fix :exc:IndexError when trying to decode an invalid string
with punycode codec.
bpo-39667: Correct performance degradation in zipfile.Path as found in
zipp 3.0. While retaining compatibility, this change discourages the use
of zipfile.Path.open due to the signature change in Python 3.9. For
compatibility across Python 3.8 and later versions, consider using
zipp.Path on Python 3.8.x and earlier.
bpo-39548: Fix handling of header in
:class:urllib.request.AbstractDigestAuthHandler when the optional
qop parameter is not present.
bpo-38971: Open issue in the BPO indicated a desire to make the
implementation of codecs.open() at parity with io.open(), which implements
a try/except to assure file stream gets closed before an exception is
raised.
bpo-38410: Properly handle :func:sys.audit failures in
:func:sys.set_asyncgen_hooks.
bpo-36541: lib2to3 now recognizes named assignment expressions (the walrus
operator, :=)
bpo-31758: Prevent crashes when using an uninitialized
_elementtree.XMLParser object.
Build
bpo-38360: Support single-argument form of macOS -isysroot flag.
bpo-40204: Pin Sphinx version to 1.8.2 in Doc/Makefile.
bpo-40158: Fix CPython MSBuild Properties in NuGet Package
(build/native/python.props)
bpo-38527: Fix configure check on Solaris for "float word ordering":
sometimes, the correct "grep" command was not being used.
What's New in Python 3.8.3 final?
Release date: 2020-05-13
Core and Builtins
__future__module are updated in order to prevent collision with compiler flags. PreviouslyPyCF_ALLOW_TOP_LEVEL_AWAITwas clashing withCO_FUTURE_DIVISION.Library
asyncio.Task.ast.literal_evalin the presence of malformed :class:ast.Dictnodes instead of silently ignoring any non-conforming elements. Patch by Curtis Bucher.platform.win32_vernow produces correct *ptype* strings instead of empty strings.typing.get_argsnow always returns an empty tuple for special generic aliases.Documentation
pickle.loadsin the docsWindows
C API
What's New in Python 3.8.3 release candidate 1?
Security
~urllib.request.AbstractBasicAuthHandlerclass of the :mod:urllib.requestmodule uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.Core and Builtins
.PyThreadState.frame` is a borrowed reference, not a strong reference:PyThreadState_Clear()must not callPy_CLEAR(tstate->frame).SyntaxErrorif *await* is used inside non-async functions andPyCF_ALLOW_TOP_LEVEL_AWAITis set (like in the asyncio REPL).PyCF_ALLOW_TOP_LEVEL_AWAITflag is given.pathlib.Path.globin the presence of symlinks that point to files where the user does not have read access.SystemErrorinmath.{atan2,copysign,remainder}()when the first argument cannot be converted to a :class:float.collections.OrderedDictclasses. Patch by Pablo Galindo.foo[:,]). Patch by Batuhan Taskaya.PYVENV_LAUNCHERinto the interpreter session on macOS.Library
os.waitpidfor exit code larger thanINT_MAX >> 8. The exit status is now interpreted as an unsigned number.typing.TypeVar. Patch by Weipeng Hong.ShareableList.__setitem__, check the size of a new string item after encoding it to utf-8, not before.SpooledTemporaryFile.seek()to return the position.modulefinderuses :func:io.open_codeand respects coding comments.symtablemodule that was causing incorrectly report global variables as local. Patch by Pablo Galindo.exit()is now never called if itsenter()is failed. Returning true fromexit()silences now the exception.~urllib.request.AbstractBasicAuthHandlerof :mod:urllib.requestnow parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge.os.getgrouplist(): ifgetgrouplist()function fails because the group list is too small, retry with a larger group list. On failure, the glibc implementation ofgetgrouplist()setsngroupsto the total number of groups. For other implementations, double the group list size.sslmodule.multiprocessing.Poolimplicitly via the module finalization handlers of multiprocessing. This fixes a deadlock situation that can be experienced when the Pool is not properly finalized via the context manager or a call tomultiprocessing.Pool.terminate.sqlite3.Cursor.descriptionis now truncated on the first '[' only if the PARSE_COLNAMES option is set.unittest.mock.AsyncMock.await_args_listhas call objects in the order of awaited arguments instead of using :attr:unittest.mock.Mock.call_argswhich has the last value of the call. Patch by Karthikeyan Singaravelan.ensurepipmodule now invokespipvia therunpymodule. Hence it is no longer tightly coupled with the internal API of the bundledpipversion, allowing easier updates to a newerpipversion both internally and for distributors.os.scandir()inPath.glob(). It no longer emits a ResourceWarning when interrupted.multiprocessingnow supports abstract socket addresses (if abstract sockets are supported in the running platform). Patch by Pablo Galindo.json.toolto catch :exc:BrokenPipeError. Patch by Dong-hee Na.inspect.getmodulewhen it tried to loop through :attr:sys.modules.compileall.compile_dirfunction's *ddir* parameter and the compileall command line flag-dno longer write the wrong pathname to the generated pyc file for submodules beneath the root of the directory tree being compiled. This fixes a regression introduced with Python 3.5.IndexErrorwhen trying to decode an invalid string with punycode codec.zipfile.Pathas found in zipp 3.0. While retaining compatibility, this change discourages the use ofzipfile.Path.opendue to the signature change in Python 3.9. For compatibility across Python 3.8 and later versions, consider usingzipp.Pathon Python 3.8.x and earlier.urllib.request.AbstractDigestAuthHandlerwhen the optionalqopparameter is not present.sys.auditfailures in :func:sys.set_asyncgen_hooks.:=)_elementtree.XMLParserobject.Build
Doc/Makefile.