Opened 15 months ago

Closed 15 months ago

Last modified 13 months ago

#4655 closed task (fixed)

Python-3.8.3

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 10.0
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 15 months ago

What's New in Python 3.8.3 final?

Release date: 2020-05-13

Core and Builtins

  • bpo-40527: Fix command line argument parsing: no longer write errors multiple times into stderr.
  • bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule is called. Patch by Robert Rouhani.
  • bpo-39562: The constant values of future flags in the :mod:__future__ module are updated in order to prevent collision with compiler flags. Previously PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing with CO_FUTURE_DIVISION.

Library

  • bpo-40559: Fix possible memory leak in the C implementation of :class:asyncio.Task.
  • bpo-40355: Improve error reporting in :func:ast.literal_eval in the presence of malformed :class:ast.Dict nodes instead of silently ignoring any non-conforming elements. Patch by Curtis Bucher.
  • bpo-40459: :func:platform.win32_ver now produces correct *ptype* strings instead of empty strings.
  • bpo-40398: :func:typing.get_args now always returns an empty tuple for special generic aliases.

Documentation

  • bpo-40561: Provide docstrings for webbrowser open functions.
  • bpo-39435: Fix an incorrect signature for :func:pickle.loads in the docs

Windows

  • bpo-40458: Increase reserved stack space to prevent overflow crash on Windows.

C API

  • bpo-40412: Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing. Patch by Gregory Szorc.

What's New in Python 3.8.3 release candidate 1?

Security

  • bpo-40121: Fixes audit events raised on creating a new socket.
  • bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
  • bpo-39503: CVE-2020-8492: The :class:~urllib.request.AbstractBasicAuthHandler class of the :mod:urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Core and Builtins

  • bpo-20526: Fix :c:func:`PyThreadState_Clear(). PyThreadState.frame` is a borrowed reference, not a strong reference: PyThreadState_Clear() must not call Py_CLEAR(tstate->frame).
  • bpo-39965: Correctly raise SyntaxError if *await* is used inside non-async functions and PyCF_ALLOW_TOP_LEVEL_AWAIT is set (like in the asyncio REPL).
  • bpo-39562: Allow executing asynchronous comprehensions on the top level when the PyCF_ALLOW_TOP_LEVEL_AWAIT flag is given.
  • bpo-38894: Fix a bug that was causing incomplete results when calling pathlib.Path.glob in the presence of symlinks that point to files where the user does not have read access.
  • bpo-39871: Fix a possible :exc:SystemError in math.{atan2,copysign,remainder}() when the first argument cannot be converted to a :class:float.
  • bpo-39776: Fix race condition where threads created by PyGILState_Ensure() could get a duplicate id.

This affects consumers of tstate->id like the contextvar caching machinery, which could return invalid cached objects under heavy thread load (observed in embedded scenarios).

  • bpo-39778: Fixed a crash due to incorrect handling of weak references in collections.OrderedDict classes. Patch by Pablo Galindo.
  • bpo-39520: Fix unparsing of ext slices with no items (foo[:,]). Patch by Batuhan Taskaya.
  • bpo-22490: Don't leak environment variable PYVENV_LAUNCHER into the interpreter session on macOS.

Library

  • bpo-40138: Fix the Windows implementation of :func:os.waitpid for exit code larger than INT_MAX >> 8. The exit status is now interpreted as an unsigned number.
  • bpo-39942: Set "main" as the default module name when "name" is missing in :class:typing.TypeVar. Patch by Weipeng Hong.
  • bpo-40330: In :meth:ShareableList.__setitem__, check the size of a new string item after encoding it to utf-8, not before.
  • bpo-40287: Fixed SpooledTemporaryFile.seek() to return the position.
  • bpo-40260: Ensure :mod:modulefinder uses :func:io.open_code and respects coding comments.
  • bpo-40196: Fix a bug in the :mod:symtable module that was causing incorrectly report global variables as local. Patch by Pablo Galindo.
  • bpo-40126: Fixed reverting multiple patches in unittest.mock. Patcher's exit() is now never called if its enter() is failed. Returning true from exit() silences now the exception.
  • bpo-40089: Fix threading._after_fork(): if fork was not called by a thread spawned by threading.Thread, threading._after_fork() now creates a _MainThread instance for _main_thread, instead of a _DummyThread instance.
  • bpo-39503: :class:~urllib.request.AbstractBasicAuthHandler of :mod:urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge.
  • bpo-40014: Fix os.getgrouplist(): if getgrouplist() function fails because the group list is too small, retry with a larger group list. On failure, the glibc implementation of getgrouplist() sets ngroups to the total number of groups. For other implementations, double the group list size.
  • bpo-40016: In re docstring, clarify the relationship between inline and argument compile flags.
  • bpo-39953: Update internal table of OpenSSL error codes in the ssl module.
  • bpo-39360: Ensure all workers exit when finalizing a :class:multiprocessing.Pool implicitly via the module finalization handlers of multiprocessing. This fixes a deadlock situation that can be experienced when the Pool is not properly finalized via the context manager or a call to multiprocessing.Pool.terminate.
  • bpo-39652: The column name found in sqlite3.Cursor.description is now truncated on the first '[' only if the PARSE_COLNAMES option is set.
  • bpo-39915: Ensure :attr:unittest.mock.AsyncMock.await_args_list has call objects in the order of awaited arguments instead of using :attr:unittest.mock.Mock.call_args which has the last value of the call. Patch by Karthikeyan Singaravelan.
  • bpo-38662: The ensurepip module now invokes pip via the runpy module. Hence it is no longer tightly coupled with the internal API of the bundled pip version, allowing easier updates to a newer pip version both internally and for distributors.
  • bpo-39916: More reliable use of os.scandir() in Path.glob(). It no longer emits a ResourceWarning when interrupted.
  • bpo-39850: :mod:multiprocessing now supports abstract socket addresses (if abstract sockets are supported in the running platform). Patch by Pablo Galindo.
  • bpo-39828: Fix :mod:json.tool to catch :exc:BrokenPipeError. Patch by Dong-hee Na.
  • bpo-13487: Avoid a possible *"RuntimeError: dictionary changed size during iteration"* from :func:inspect.getmodule when it tried to loop through :attr:sys.modules.
  • bpo-39794: Add --without-decimal-contextvar build option. This enables a thread-local rather than a coroutine local context.
  • bpo-39769: The :func:compileall.compile_dir function's *ddir* parameter and the compileall command line flag -d no longer write the wrong pathname to the generated pyc file for submodules beneath the root of the directory tree being compiled. This fixes a regression introduced with Python 3.5.
  • bpo-39517: Fix runpy.run_path() when using pathlike objects
  • bpo-39764: Fix AttributeError when calling get_stack on a PyAsyncGenObject Task
  • bpo-30566: Fix :exc:IndexError when trying to decode an invalid string with punycode codec.
  • bpo-39667: Correct performance degradation in zipfile.Path as found in zipp 3.0. While retaining compatibility, this change discourages the use of zipfile.Path.open due to the signature change in Python 3.9. For compatibility across Python 3.8 and later versions, consider using zipp.Path on Python 3.8.x and earlier.
  • bpo-39548: Fix handling of header in :class:urllib.request.AbstractDigestAuthHandler when the optional qop parameter is not present.
  • bpo-38971: Open issue in the BPO indicated a desire to make the implementation of codecs.open() at parity with io.open(), which implements a try/except to assure file stream gets closed before an exception is raised.
  • bpo-38410: Properly handle :func:sys.audit failures in :func:sys.set_asyncgen_hooks.
  • bpo-36541: lib2to3 now recognizes named assignment expressions (the walrus operator, :=)
  • bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object.

Build

  • bpo-38360: Support single-argument form of macOS -isysroot flag.
  • bpo-40204: Pin Sphinx version to 1.8.2 in Doc/Makefile.
  • bpo-40158: Fix CPython MSBuild Properties in NuGet Package (build/native/python.props)
  • bpo-38527: Fix configure check on Solaris for "float word ordering": sometimes, the correct "grep" command was not being used.

comment:2 by Bruce Dubbs, 15 months ago

Resolution: fixed
Status: newclosed

Fixed at revision 11850.

comment:3 by Douglas R. Reno, 15 months ago

Priority: normalhigh

comment:4 by Bruce Dubbs, 13 months ago

Milestone: 9.210.0

Milestone renamed

Note: See TracTickets for help on using tickets.