Thema: Python ...

[SiLæncer]

Changelog

    Some of the new major new features and changes in Python 3.9 are:

    PEP 573, Module State Access from C Extension Methods
    PEP 584, Union Operators in dict
    PEP 585, Type Hinting Generics In Standard Collections
    PEP 593, Flexible function and variable annotations
    PEP 602, Python adopts a stable annual release cadence
    PEP 614, Relaxing Grammar Restrictions On Decorators
    PEP 615, Support for the IANA Time Zone Database in the Standard Library
    PEP 616, String methods to remove prefixes and suffixes
    PEP 617, New PEG parser for CPython
    BPO 38379, garbage collection does not block on resurrected objects;
    BPO 38692, os.pidfd_open added that allows process management without races and signals;
    BPO 39926, Unicode support updated to version 13.0.0;
    BPO 1635741, when Python is initialized multiple times in the same process, it does not leak memory anymore;
    A number of Python builtins (range, tuple, set, frozenset, list, dict) are now sped up using PEP 590 vectorcall;
    A number of Python modules (_abc, audioop, _bz2, _codecs, _contextvars, _crypt, _functools, _json, _locale, operator, resource, time, _weakref) now use multiphase initialization as defined by PEP 489;
    A number of standard library modules (audioop, ast, grp, _hashlib, pwd, _posixsubprocess, random, select, struct, termios, zlib) are now using the stable ABI defined by PEP 384.

[close]

https://www.python.org/

[SiLæncer]

Changelog

    Security:

    bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
    bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.
    Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
    bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.

    Core and Builtins:

    bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
    bpo-43555: Report the column offset for SyntaxError for invalid line continuation characters. Patch by Pablo Galindo.
    bpo-43517: Fix misdetection of circular imports when using from pkg.mod import attr, which caused false positives in non-trivial multi-threaded code.
    bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
    bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
    bpo-42500: Improve handling of exceptions near recursion limit. Converts a number of Fatal Errors in RecursionErrors.

    Library:

    bpo-43433: xmlrpc.client.ServerProxy no longer ignores query and fragment in the URL of the server.
    bpo-35930: Raising an exception raised in a “future” instance will create reference cycles.
    bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
    bpo-43521: ast.unparse can now render NaNs and empty sets.
    bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
    bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.
    The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.
    Also fixes bug with the test for smtpd.
    bpo-43332: Improves the networking efficiency of http.client when using a proxy via set_tunnel(). Fewer small send calls are made during connection setup.
    bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
    bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
    bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
    bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
    bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.

    Documentation:

    bpo-43199: Answer “Why is there no goto?” in the Design and History FAQ.
    bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
    bpo-27646: Clarify that ‘yield from <expr>’ works with any iterable, not just iterators.
    bpo-36346: Update some deprecated unicode APIs which are documented as “will be removed in 4.0” to “3.12”. See PEP 623 for detail.

    Tests:

    bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
    bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.
    bpo-43288: Fix test_importlib to correctly skip Unicode file tests if the fileystem does not support them.

    Build:

    bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
    bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.

    macOS:

    bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.

    IDLE:

    bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
    bpo-43283: Document why printing to IDLE’s Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.

[close]

https://www.python.org/

[SiLæncer]

Changelog

    Core and Builtins:

    bpo-43710: Reverted the fix for https://bugs.python.org/issue42500 as it changed the PyThreadState struct size and broke the 3.9.x ABI in the 3.9.3 release (visible on 32-bit platforms using binaries compiled using an earlier version of Python 3.9.x headers).

    Library:

    bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.

[close]

https://www.python.org/

[SiLæncer]

Changelog

Security

    bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.

    bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.

    Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.

    bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module.

    bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notatation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros.

    bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.

    bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access.

Core and Builtins

    bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations.

    bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string).

Library

    bpo-43993: Update bundled pip to 21.1.1.

    bpo-43937: Fixed the turtle module working with non-default root window.

    bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0

    bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate.

    bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.

    bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module’s _syscmd_ver private function to return an accurate version.

    bpo-42248: [Enum] ensure exceptions raised in _missing__ are released

    bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs.

    bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)

    bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second time when first call has signaled an error condition.

    bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL’s text file with error codes.

    bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window.

    bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window.

    bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL.

    bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError.

    bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error.

    bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin.

    bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.

    bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz.

Documentation

    bpo-43959: The documentation on the PyContextVar C-API was clarified.

    bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError.

    bpo-43755: Update documentation to reflect that unparenthesized lambda expressions can no longer be the expression part in an if clause in comprehensions and generator expressions since Python 3.9.

    bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type.

Tests

    bpo-43961: Fix test_logging.test_namer_rotator_inheritance() on Windows: use os.replace() rather than os.rename(). Patch by Victor Stinner.

    bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner.

    bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing.

    bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.

Windows

    bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an invalid filename.

    bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing slash, rather than falling back to the parent directory’s metadata. This implicitly affected os.path.exists() and os.path.isdir().

    bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and socket.gethostbyname_ex().

    bpo-40432: Updated pegen regeneration script on Windows to find and use Python 3.8 or higher. Prior to this, pegen regeneration already required 3.8 or higher, but the script may have used lower versions of Python.

    bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases were mislabelled and actually included 1.1.1i again.

    bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.

macOS

    bpo-42119: Fix check for macOS SDK paths when building Python. Narrow search to match contents of SDKs, namely only files in /System/Library, /System/IOSSupport, and /usr other than /usr/local. Previously, anything under /System was assumed to be in an SDK which causes problems with the new file system layout in 10.15+ where user file systems may appear to be mounted under /System. Paths in /Library were also incorrectly treated as SDK locations.

    bpo-44009: Provide “python3.x-intel64” executable to allow reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs. This can be useful for testing or when universal2 wheels are not yet available.

    bpo-43492: Update macOS installer to use SQLite 3.35.4.

IDLE

    bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window.

[close]

https://www.python.org/