Changelog

Python next

Release date: XXXX-XX-XX

Library

Windows

  • bpo-40741: Update Windows release to include SQLite 3.32.3.

Python 3.8.5 final

Release date: 2020-07-20

Security

  • bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801).

  • bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).

Core and Builtins

  • bpo-41295: Resolve a regression in CPython 3.8.4 where defining “setattr” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types.

Library

  • bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.

  • bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

Documentation

  • bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel()

Build

  • bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.

macOS

  • bpo-40741: Update macOS installer to use SQLite 3.32.3.

IDLE

  • bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4.

Python 3.8.4 final

Release date: 2020-07-13

Security

  • bpo-41162: Audit hooks are now cleared later during finalization to avoid missing events.

  • bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).

Core and Builtins

  • bpo-41247: Always cache the running loop holder when running asyncio.set_running_loop .

  • bpo-41252: Fix incorrect refcounting in _ssl.c’s _servername_callback() .

  • bpo-41218: Python 3.8.3 had a regression where compiling with ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would aggressively mark list comprehension with CO_COROUTINE. Now only list comprehension making use of async/await will tagged as so.

  • bpo-41175: Guard against a NULL pointer dereference within bytearrayobject triggered by the bytearray() + bytearray() operation.

  • bpo-39960: The “hackcheck” that prevents sneaking around a type’s setattr() by calling the superclass method was rewritten to allow C implemented heap types.

Library

IDLE

  • bpo-37765: Add keywords to module name completion list. Rewrite Completions section of IDLE doc.

  • bpo-41152: The encoding of stdin , stdout and stderr in IDLE is now always UTF-8.

Python 3.8.4 release candidate 1

Release date: 2020-06-29

Security

  • bpo-41004: The hash() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

  • bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.

Core and Builtins

  • bpo-41094: Fix decoding errors with audit when open files with non-ASCII names on non-UTF-8 locale.

  • bpo-41056: Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c. (discovered via Coverity)

  • bpo-35975: Stefan Behnel reported that cf_feature_version is used even when PyCF_ONLY_AST is not set. This is against the intention and against the documented behavior, so it’s been fixed.

  • bpo-40957: Fix refleak in _Py_fopen_obj() when PySys_Audit() fails

  • bpo-40870: Raise ValueError when validating custom AST’s where the constants True , False and None are used within a ast.Name node.

  • bpo-40826: Fix GIL usage in PyOS_Readline() : lock the GIL to set an exception and pass the Python thread state when checking if there is a pending signal.

  • bpo-40824: Unexpected errors in calling the __iter__ method are no longer masked by TypeError in the in operator and functions contains(), indexOf() and countOf() of the operator module.

  • bpo-40663: Correctly generate annotations where parentheses are omitted but required (e.g: Type[(str, int, *other))] .

Library

  • bpo-41138: Fixed the trace module CLI for Python source files with non-UTF-8 encoding.

  • bpo-31938: Fix default-value signatures of several functions in the select module - by Anthony Sottile.

  • bpo-41068: Fixed reading files with non-ASCII names from ZIP archive directly after writing them.

  • bpo-41058: pdb.find_function() now correctly determines the source file encoding.

  • bpo-41056: Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)

  • bpo-41048: mimetypes.read_mime_types() function reads the rule file using UTF-8 encoding, not the locale encoding. Patch by Srinivas Reddy Thatiparthy.

  • bpo-40448: ensurepip now disables the use of pip cache when installing the bundled versions of pip and setuptools . Patch by Krzysztof Konopko.

  • bpo-40855: The standard deviation and variance functions in the statistics module were ignoring their mu and xbar arguments.

  • bpo-40807: Stop codeop._maybe_compile, used by code.InteractiveInterpreter (and IDLE). from from emitting each warning three times.

  • bpo-40834: Fix truncate when sending str object with_xxsubinterpreters.channel_send.

  • bpo-38488: Update ensurepip to install pip 20.1.1 and setuptools 47.1.0.

  • bpo-40767: webbrowser now properly finds the default browser in pure Wayland systems by checking the WAYLAND_DISPLAY environment variable. Patch contributed by Jérémy Attali.

  • bpo-40795: ctypes module: If ctypes fails to convert the result of a callback or if a ctypes callback function raises an exception, sys.unraisablehook is now called with an exception set. Previously, the error was logged into stderr by PyErr_Print().

  • bpo-30008: Fix ssl code to be compatible with OpenSSL 1.1.x builds that use no-deprecated and --api=1.1.0 .

  • bpo-40614: ast.parse() will not parse self documenting expressions in f-strings when passed feature_version is less than (3, 8) .

  • bpo-40626: Add h5 file extension as MIME Type application/x-hdf5, as per HDF Group recommendation for HDF5 formatted data files. Patch contributed by Mark Schwab.

  • bpo-25872: linecache could crash with a KeyError when accessed from multiple threads. Fix by Michael Graczyk.

  • bpo-40597: If text content lines are longer than policy.max_line_length, always use a content-encoding to make sure they are wrapped.

  • bpo-40515: The ssl and hashlib modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds.

  • bpo-13097: ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments.

  • bpo-40457: The ssl module now support OpenSSL builds without TLS 1.0 and 1.1 methods.

  • bpo-39830: Add zipfile.Path to __all__ in the zipfile module.

  • bpo-40025: Raise TypeError when generate_next_value is defined after members. Patch by Ethan Onstott.

  • bpo-39244: Fixed multiprocessing.context.get_all_start_methods to properly return the default method first on macOS.

  • bpo-39040: Fix parsing of invalid mime headers parameters by collapsing whitespace between encoded words in a bare-quote-string.

  • bpo-35714: struct.error is now raised if there is a null character in a struct format string.

  • bpo-36290: AST nodes are now raising TypeError on conflicting keyword arguments. Patch contributed by Rémi Lapeyre.

  • bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a module’s __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.

  • bpo-34226: Fix cgi.parse_multipart without content_length. Patch by Roger Duran

Tests

  • bpo-41085: Fix integer overflow in the array.array.index() method on 64-bit Windows for index larger than 2**31 .

  • bpo-38377: On Linux, skip tests using multiprocessing if the current user cannot create a file in /dev/shm/ directory. Add the skip_if_broken_multiprocessing_synchronize() function to the test.support module.

  • bpo-41009: Fix use of support.require_{linux|mac|freebsd}_version() decorators as class decorator.

  • bpo-41003: Fix test_copyreg when numpy is installed: test.pickletester now saves/restores warnings filters when importing numpy , to ignore filters installed by numpy .

  • bpo-40964: Disable remote imaplib tests, host cyrus.andrew.cmu.edu is blocking incoming connections.

  • bpo-40055: distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter.

  • bpo-34401: Make test_gdb properly run on HP-UX. Patch by Michael Osipov.

Build

  • bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile .

  • bpo-40653: Move _dirnameW out of HAVE_SYMLINK to fix a potential compiling issue.

Windows

  • bpo-41074: Fixed support of non-ASCII names in functions msilib.OpenDatabase() and msilib.init_database() and non-ASCII SQL in method msilib.Database.OpenView().

  • bpo-40164: Updates Windows OpenSSL to 1.1.1g

  • bpo-39631: Changes the registered MIME type for .py files on Windows to text/x-python instead of text/plain .

  • bpo-40677: Manually define IO_REPARSE_TAG_APPEXECLINK in case some old Windows SDK doesn’t have it.

  • bpo-40650: Include winsock2.h in pytime.c for timeval.

  • bpo-39148: Add IPv6 support to asyncio datagram endpoints in ProactorEventLoop. Change the raised exception for unknown address families to ValueError as it’s not coming from Windows API.

macOS

  • bpo-39580: Avoid opening Finder window if running installer from the command line. Patch contributed by Rick Heil.

  • bpo-41100: Fix configure error when building on macOS 11. Note that the current Python release was released shortly after the first developer preview of macOS 11 (Big Sur); there are other known issues with building and running on the developer preview. Big Sur is expected to be fully supported in a future bugfix release of Python 3.8.x and with 3.9.0.

  • bpo-41005: fixed an XDG settings issue not allowing macos to open browser in webbrowser.py

  • bpo-40741: Update macOS installer to use SQLite 3.32.2.

IDLE

  • bpo-41144: Make Open Module open a special module such as os.path.

  • bpo-39885: Make context menu Cut and Copy work again when right-clicking within a selection.

  • bpo-40723: Make test_idle pass when run after import.

Tools/Demos

  • bpo-40479: Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0-alpha.

  • bpo-40163: Fix multissltest tool. OpenSSL has changed download URL for old releases. The multissltest tool now tries to download from current and old download URLs.

Python 3.8.3 final

Release date: 2020-05-13

Core and Builtins

  • bpo-40527: Fix command line argument parsing: no longer write errors multiple times into stderr.

  • bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule is called. Patch by Robert Rouhani.

  • bpo-39562: The constant values of future flags in the future module are updated in order to prevent collision with compiler flags. Previously PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing with CO_FUTURE_DIVISION .

Library

Documentation

Windows

  • bpo-40458: Increase reserved stack space to prevent overflow crash on Windows.

C API

  • bpo-40412: Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing. Patch by Gregory Szorc.

Python 3.8.3 release candidate 1

Release date: 2020-04-29

Security

  • bpo-40121: Fixes audit events raised on creating a new socket.

  • bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.

  • bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Core and Builtins

  • bpo-20526: Fix PyThreadState_Clear(). PyThreadState.frame is a borrowed reference, not a strong reference: PyThreadState_Clear() must not call Py_CLEAR(tstate->frame) .

  • bpo-39965: Correctly raise SyntaxError if await is used inside non-async functions and PyCF_ALLOW_TOP_LEVEL_AWAIT is set (like in the asyncio REPL). Patch by Pablo Galindo.

  • bpo-39562: Allow executing asynchronous comprehensions on the top level when the PyCF_ALLOW_TOP_LEVEL_AWAIT flag is given. Patch by Batuhan Taskaya.

  • bpo-38894: Fix a bug that was causing incomplete results when calling pathlib.Path.glob in the presence of symlinks that point to files where the user does not have read access. Patch by Pablo Galindo and Matt Wozniski.

  • bpo-39871: Fix a possible SystemError in math.{atan2,copysign,remainder}() when the first argument cannot be converted to a float. Patch by Zachary Spytz.

  • bpo-39776: Fix race condition where threads created by PyGILState_Ensure() could get a duplicate id.

This affects consumers of tstate->id like the contextvar caching machinery, which could return invalid cached objects under heavy thread load (observed in embedded scenarios).

  • bpo-39778: Fixed a crash due to incorrect handling of weak references in collections.OrderedDict classes. Patch by Pablo Galindo.

  • bpo-39520: Fix unparsing of ext slices with no items ( foo[:,] ). Patch by Batuhan Taskaya.

  • bpo-22490: Don’t leak environment variable __PYVENV_LAUNCHER__ into the interpreter session on macOS.

Library

  • bpo-40138: Fix the Windows implementation of os.waitpid() for exit code larger than INT_MAX >> 8 . The exit status is now interpreted as an unsigned number.

  • bpo-39942: Set “main” as the default module name when “name” is missing in typing.TypeVar. Patch by Weipeng Hong.

  • bpo-40330: In ShareableList.__setitem__() , check the size of a new string item after encoding it to utf-8, not before.

  • bpo-40287: Fixed SpooledTemporaryFile.seek() to return the position.

  • bpo-40260: Ensure modulefinder uses io.open_code() and respects coding comments.

  • bpo-40196: Fix a bug in the symtable module that was causing incorrectly report global variables as local. Patch by Pablo Galindo.

  • bpo-40126: Fixed reverting multiple patches in unittest.mock. Patcher’s __exit__() is now never called if its __enter__() is failed. Returning true from __exit__() silences now the exception.

  • bpo-40089: Fix threading._after_fork(): if fork was not called by a thread spawned by threading.Thread, threading._after_fork() now creates a _MainThread instance for _main_thread, instead of a _DummyThread instance.

  • bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge.

  • bpo-40014: Fix os.getgrouplist() : if getgrouplist() function fails because the group list is too small, retry with a larger group list. On failure, the glibc implementation of getgrouplist() sets ngroups to the total number of groups. For other implementations, double the group list size.

  • bpo-40016: In re docstring, clarify the relationship between inline and argument compile flags.

  • bpo-39953: Update internal table of OpenSSL error codes in the ssl module.

  • bpo-39360: Ensure all workers exit when finalizing a multiprocessing.Pool implicitly via the module finalization handlers of multiprocessing. This fixes a deadlock situation that can be experienced when the Pool is not properly finalized via the context manager or a call to multiprocessing.Pool.terminate . Patch by Batuhan Taskaya and Pablo Galindo.

  • bpo-39652: The column name found in sqlite3.Cursor.description is now truncated on the first ‘[‘ only if the PARSE_COLNAMES option is set.

  • bpo-39915: Ensure unittest.mock.AsyncMock.await_args_list has call objects in the order of awaited arguments instead of using unittest.mock.Mock.call_args which has the last value of the call. Patch by Karthikeyan Singaravelan.

  • bpo-38662: The ensurepip module now invokes pip via the runpy module. Hence it is no longer tightly coupled with the internal API of the bundled pip version, allowing easier updates to a newer pip version both internally and for distributors.

  • bpo-39916: More reliable use of os.scandir() in Path.glob() . It no longer emits a ResourceWarning when interrupted.

  • bpo-39850: multiprocessing now supports abstract socket addresses (if abstract sockets are supported in the running platform). Patch by Pablo Galindo.

  • bpo-39828: Fix json.tool to catch BrokenPipeError. Patch by Dong-hee Na.

  • bpo-13487: Avoid a possible “RuntimeError: dictionary changed size during iteration” from inspect.getmodule() when it tried to loop through sys.modules.

  • bpo-39794: Add –without-decimal-contextvar build option. This enables a thread-local rather than a coroutine local context.

  • bpo-39769: The compileall.compile_dir() function’s ddir parameter and the compileall command line flag -d no longer write the wrong pathname to the generated pyc file for submodules beneath the root of the directory tree being compiled. This fixes a regression introduced with Python 3.5.

  • bpo-39517: Fix runpy.run_path() when using pathlike objects

  • bpo-39764: Fix AttributeError when calling get_stack on a PyAsyncGenObject Task

  • bpo-30566: Fix IndexError when trying to decode an invalid string with punycode codec.

  • bpo-39667: Correct performance degradation in zipfile.Path as found in zipp 3.0. While retaining compatibility, this change discourages the use of zipfile.Path.open due to the signature change in Python 3.9. For compatibility across Python 3.8 and later versions, consider using zipp.Path on Python 3.8.x and earlier.

  • bpo-39548: Fix handling of header in urllib.request.AbstractDigestAuthHandler when the optional qop parameter is not present.

  • bpo-38971: Open issue in the BPO indicated a desire to make the implementation of codecs.open() at parity with io.open(), which implements a try/except to assure file stream gets closed before an exception is raised.

  • bpo-38410: Properly handle sys.audit() failures in sys.set_asyncgen_hooks(). Based on patch by Zackery Spytz.

  • bpo-36541: lib2to3 now recognizes named assignment expressions (the walrus operator, := )

  • bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object. Patch by Oren Milman.

Documentation

  • bpo-27635: The pickle documentation incorrectly claimed that __new__ isn’t called by default when unpickling.

  • bpo-39879: Updated Data model docs to include dict() insertion order preservation. Patch by Furkan Onder and Samy Lahfa.

  • bpo-39868: Updated the Language Reference for PEP 572.

  • bpo-13790: Change ‘string’ to ‘specification’ in format doc.

  • bpo-17422: The language reference no longer restricts default class namespaces to dicts only.

  • bpo-39530: Fix misleading documentation about mixed-type numeric comparisons.

  • bpo-39718: Update token documentation to reflect additions in Python 3.8

  • bpo-39677: Changed operand name of MAKE_FUNCTION from argc to flags for module dis

  • bpo-38387: Document PyDoc_STRVAR macro in the C-API reference.

Tests

  • bpo-40436: test_gdb and test.pythoninfo now check gdb command exit code.

  • bpo-40162: Update Travis CI configuration to OpenSSL 1.1.1f.

  • bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines.

  • bpo-40019: test_gdb now skips tests if it detects that gdb failed to read debug information because the Python binary is optimized.

  • bpo-27807: test_site.test_startup_imports() is now skipped if a path of sys.path contains a .pth file.

  • bpo-39793: Use the same domain when testing make_msgid . Patch by Batuhan Taskaya.

  • bpo-1812: Fix newline handling in doctest.testfile when loading from a package whose loader has a get_data method. Patch by Peter Donis.

  • bpo-37957: test.regrtest now can receive a list of test patterns to ignore (using the -i/–ignore argument) or a file with a list of patterns to ignore (using the –ignore-file argument). Patch by Pablo Galindo.

  • bpo-38502: test.regrtest now uses process groups in the multiprocessing mode (-jN command line option) if process groups are available: if os.setsid() and os.killpg() functions are available.

Build

  • bpo-38360: Support single-argument form of macOS -isysroot flag.

  • bpo-40204: Pin Sphinx version to 1.8.2 in Doc/Makefile .

  • bpo-40158: Fix CPython MSBuild Properties in NuGet Package (build/native/python.props)

  • bpo-38527: Fix configure check on Solaris for “float word ordering”: sometimes, the correct “grep” command was not being used. Patch by Arnon Yaari.

Windows

  • bpo-40164: Updates Windows to OpenSSL 1.1.1f

  • bpo-39930: Ensures the required vcruntime140.dll is included in install packages.

  • bpo-39847: Avoid hang when computer is hibernated whilst waiting for a mutex (for lock-related objects from threading) around 49-day uptime.

  • bpo-38597: distutils will no longer statically link vcruntime140.dll when a redistributable version is unavailable. All future releases of CPython will include a copy of this DLL to ensure distributed extensions can continue to load.

  • bpo-38380: Update Windows builds to use SQLite 3.31.1

  • bpo-39789: Update Windows release build machines to Visual Studio 2019 (MSVC 14.2).

  • bpo-34803: Package for nuget.org now includes repository reference and bundled icon image.

macOS

  • bpo-40164: Update macOS installer builds to use OpenSSL 1.1.1g.

  • bpo-38380: Update macOS builds to use SQLite 3.31.1

IDLE

  • bpo-27115: For ‘Go to Line’, use a Query box subclass with IDLE standard behavior and improved error checking.

  • bpo-39885: Since clicking to get an IDLE context menu moves the cursor, any text selection should be and now is cleared.

  • bpo-39852: Edit “Go to line” now clears any selection, preventing accidental deletion. It also updates Ln and Col on the status bar.

  • bpo-39781: Selecting code context lines no longer causes a jump.

  • bpo-38439: Add a 256×256 pixel IDLE icon to support more modern environments. Created by Andrew Clover. Delete the unused macOS idle.icns icon file.

  • bpo-38689: IDLE will no longer freeze when inspect.signature fails when fetching a calltip.

Tools/Demos

  • bpo-40179: Fixed translation of #elif in Argument Clinic.

  • bpo-36184: Port python-gdb.py to FreeBSD. python-gdb.py now checks for “take_gil” function name to check if a frame tries to acquire the GIL, instead of checking for “pthread_cond_timedwait” which is specific to Linux and can be a different condition than the GIL.

  • bpo-39889: Fixed unparse.py for extended slices containing a single element (e.g. a[i:j,] ). Remove redundant tuples when index with a tuple (e.g. a[i, j] ).

C API

Python 3.8.2 final

Release date: 2020-02-24

Core and Builtins

  • bpo-39382: Fix a use-after-free in the single inheritance path of issubclass() , when the __bases__ of an object has a single reference, and so does its first item. Patch by Yonatan Goldschmidt.

  • bpo-39427: Document all possibilities for the -X options in the command line help section. Patch by Pablo Galindo.

Library

  • bpo-39649: Remove obsolete check for __args__ in bdb.Bdb.format_stack_entry.

  • bpo-39681: Fix a regression where the C pickle module wouldn’t allow unpickling from a file-like object that doesn’t expose a readinto() method.

  • bpo-39546: Fix a regression in ArgumentParser where allow_abbrev=False was ignored for long options that used a prefix character other than “-“.

  • bpo-39432: Implement PEP-489 algorithm for non-ascii “PyInit_…” symbol names in distutils to make it export the correct init symbol also on Windows.

Documentation

  • bpo-17422: The language reference now specifies restrictions on class namespaces. Adapted from a patch by Ethan Furman.

  • bpo-39572: Updated documentation of total flag of TypeDict.

  • bpo-39654: In pyclbr doc, update ‘class’ to ‘module’ where appropriate and add readmodule comment. Patch by Hakan Çelik.

IDLE

  • bpo-39663: Add tests for pyparse find_good_parse_start().

Python 3.8.2 release candidate 2

Release date: 2020-02-17

Security

Core and Builtins

  • bpo-39619: Enable use of os.chroot() on HP-UX systems.

  • bpo-39606: Fix regression caused by fix for bpo-39386, that prevented calling aclose on an async generator that had already been closed or exhausted.

  • bpo-39453: Fixed a possible crash in list.__contains__() when a list is changed during comparing items. Patch by Dong-hee Na.

  • bpo-39219: Syntax errors raised in the tokenizer now always set correct “text” and “offset” attributes.

Library

  • bpo-27657: The original fix for bpo-27657, “Fix urlparse() with numeric paths” (GH-16839) included in 3.8.1, inadvertently introduced a behavior change that broke several third-party packages relying on the original undefined parsing behavior. The change is reverted in 3.8.2, restoring the behavior of 3.8.0 and earlier releases.

  • bpo-39474: Fixed starting position of AST for expressions like (a)(b) , (a)[b] and (a).b .

  • bpo-21016: The pydoc and trace modules now use the sysconfig module to get the path to the Python standard library, to support uncommon installation path like /usr/lib64/python3.9/ on Fedora. Patch by Jan Matějek.

  • bpo-39595: Improved performance of zipfile.Path for files with a large number of entries. Also improved performance and fixed minor issue as published with importlib_metadata 1.5.

IDLE

  • bpo-39600: In the font configuration window, remove duplicated font names.

Python 3.8.2 release candidate 1

Release date: 2020-02-10

Security

  • bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7.

  • bpo-39184: Add audit events to command execution functions in os and pty modules.

Core and Builtins

  • bpo-39579: Change the ending column offset of Attribute nodes constructed in ast_for_dotted_name to point at the end of the current node and not at the end of the last NAME node.

  • bpo-39510: Fix segfault in readinto() method on closed BufferedReader.

  • bpo-39492: Fix a reference cycle in the C Pickler that was preventing the garbage collection of deleted, pickled objects.

  • bpo-39421: Fix possible crashes when operating with the functions in the heapq module and custom comparison operators.

  • bpo-39386: Prevent double awaiting of async iterator.

  • bpo-39235: Fix AST end location for lone generator expression in function call, e.g. f(i for i in a).

  • bpo-39209: Correctly handle multi-line tokens in interactive mode. Patch by Pablo Galindo.

  • bpo-39216: Fix constant folding optimization for positional only arguments - by Anthony Sottile.

  • bpo-39215: Fix SystemError when nested function has annotation on positional-only argument - by Anthony Sottile.

  • bpo-38588: Fix possible crashes in dict and list when calling PyObject_RichCompareBool().

  • bpo-38610: Fix possible crashes in several list methods by holding strong references to list elements when calling PyObject_RichCompareBool().

Library

  • bpo-39590: Collections.deque now holds strong references during deque.contains and deque.count, fixing crashes.

  • bpo-38149: sys.audit() is now called only once per call of glob.glob() and glob.iglob().

  • bpo-39450: Striped whitespace from docstring before returning it from unittest.case.shortDescription() .

  • bpo-39493: Mark typing.IO.closed as a property

  • bpo-39485: Fix a bug in unittest.mock.create_autospec() that would complain about the wrong number of arguments for custom descriptors defined in an extension module returning functions.

  • bpo-39082: Allow AsyncMock to correctly patch static/class methods

  • bpo-39430: Fixed race condition in lazy imports in tarfile.

  • bpo-39390: Fixed a regression with the ignore callback of shutil.copytree(). The argument types are now str and List[str] again.

  • bpo-39389: Write accurate compression level metadata in gzip archives, rather than always signaling maximum compression.

  • bpo-39274: bool(fraction.Fraction) now returns a boolean even if (numerator != 0) does not return a boolean (ex: numpy number).

  • bpo-39297: Improved performance of importlib.metadata distribution discovery and resilients to inaccessible sys.path entries (importlib_metadata v1.4.0).

  • bpo-39242: Updated the Gmane domain from news.gmane.org to news.gmane.io which is used for examples of NNTP news reader server and nntplib tests.

  • bpo-38907: In http.server script, restore binding to IPv4 on Windows.

  • bpo-39152: Fix ttk.Scale.configure([name]) to return configuration tuple for name or all options. Giovanni Lombardo contributed part of the patch.

  • bpo-39198: If an exception were to be thrown in Logger.isEnabledFor (say, by asyncio timeouts or stopit) , the logging global lock may not be released appropriately, resulting in deadlock. This change wraps that block of code with try...finally to ensure the lock is released.

  • bpo-39191: Perform a check for running loop before starting a new task in loop.run_until_complete() to fail fast; it prevents the side effect of new task spawning before exception raising.

  • bpo-38871: Correctly parenthesize filter-based statements that contain lambda expressions in mod:lib2to3. Patch by Dong-hee Na.

  • bpo-39142: A change was made to logging.config.dictConfig to avoid converting instances of named tuples to ConvertingTuple. It’s assumed that named tuples are too specialised to be treated like ordinary tuples; if a user of named tuples requires ConvertingTuple functionality, they will have to implement that themselves in their named tuple class.

  • bpo-39129: Fix import path for asyncio.TimeoutError

  • bpo-39057: urllib.request.proxy_bypass_environment() now ignores leading dots and no longer ignores a trailing newline.

  • bpo-39056: Fixed handling invalid warning category in the -W option. No longer import the re module if it is not needed.

  • bpo-39055: base64.b64decode() with validate=True raises now a binascii.Error if the input ends with a single \n .

  • bpo-39033: Fix NameError in zipimport. Patch by Karthikeyan Singaravelan.

  • bpo-38878: Fixed subclasshook of os.PathLike to return a correct result upon inheritence. Patch by Bar Harel.

  • bpo-35182: Fixed Popen.communicate() subsequent call crash when the child process has already closed any piped standard stream, but still continues to be running. Patch by Andriy Maletsky.

  • bpo-38473: Use signature from inner mock for autospecced methods attached with unittest.mock.attach_mock() . Patch by Karthikeyan Singaravelan.

  • bpo-38293: Add copy.copy() and copy.deepcopy() support to property() objects.

Documentation

  • bpo-39153: Clarify refcounting semantics for the following functions: - PyObject_SetItem - PyMapping_SetItemString - PyDict_SetItem - PyDict_SetItemString

  • bpo-39392: Explain that when filling with turtle, overlap regions may be left unfilled.

  • bpo-39381: Mention in docs that asyncio.get_event_loop() implicitly creates new event loop only if called from the main thread.

  • bpo-38918: Add an entry for __module__ in the “function” & “method” sections of the inspect docs types and members table

  • bpo-3530: In the ast module documentation, fix a misleading NodeTransformer example and add advice on when to use the fix_missing_locations function.

Tests

  • bpo-39502: Skip test_zipfile.test_add_file_after_2107() if time.localtime() fails with OverflowError. It is the case on AIX 6.1 for example.

  • bpo-38546: Fix test_ressources_gced_in_workers() of test_concurrent_futures: explicitly stop the manager to prevent leaking a child process running in the background after the test completes.

Build

  • bpo-39144: The ctags and etags build targets both include Modules/_ctypes and Python standard library source files.

Windows

  • bpo-39439: Honor the Python path when a virtualenv is active on Windows.

  • bpo-39393: Improve the error message when attempting to load a DLL with unresolved dependencies.

  • bpo-38883: home() and expanduser() on Windows now prefer USERPROFILE and no longer use HOME , which is not normally set for regular user accounts. This makes them again behave like os.path.expanduser(), which was changed to ignore HOME in 3.8, see bpo-36264.

  • bpo-39185: The build.bat script has additional options for very-quiet output (-q) and very-verbose output (-vv)

IDLE

  • bpo-30780: Add remaining configdialog tests for buttons and highlights and keys tabs.

  • bpo-39388: IDLE Settings Cancel button now cancels pending changes

  • bpo-39050: Make IDLE Settings dialog Help button work again.

  • bpo-34118: Tag memoryview, range, and tuple as classes, the same as list, etcetera, in the library manual built-in functions list.

  • bpo-38792: Close an IDLE shell calltip if a KeyboardInterrupt or shell restart occurs. Patch by Zackery Spytz.

  • bpo-32989: Add tests for editor newline_and_indent_event method. Remove dead code from pyparse find_good_parse_start method.

Python 3.8.1 final

Release date: 2019-12-18

Core and Builtins

  • bpo-39080: Fix the value of end_col_offset for Starred Expression AST nodes when they are among the elements in the args attribute of Call AST nodes.

  • bpo-39031: When parsing an “elif” node, lineno and col_offset of the node now point to the “elif” keyword and not to its condition, making it consistent with the “if” node. Patch by Lysandros Nikolaou.

  • bpo-39008: PySys_Audit() now requires Py_ssize_t to be used for size arguments in the format string, regardless of whether PY_SSIZE_T_CLEAN was defined at include time.

Library

  • bpo-39022: Update importlib.metadata to include improvements from importlib_metadata 1.3 including better serialization of EntryPoints and improved documentation for custom finders.

  • bpo-38811: Fix an unhandled exception in pathlib when os.link() is missing. Patch by Toke Høiland-Jørgensen.

  • bpo-36406: Handle namespace packages in doctest. Patch by Karthikeyan Singaravelan.

Tests

  • bpo-38546: Multiprocessing and concurrent.futures tests now stop the resource tracker process when tests complete.

Windows

macOS

  • bpo-38295: Prevent failure of test_relative_path in test_py_compile on macOS Catalina.

IDLE

  • bpo-38944: Escape key now closes IDLE completion windows. Patch by Johnny Najera.

  • bpo-38943: Fix IDLE autocomplete windows not always appearing on some systems. Patch by Johnny Najera.

Python 3.8.1 release candidate 1

Release date: 2019-12-09

Security

  • bpo-38945: Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.

  • bpo-37228: Due to significant security concerns, the reuse_address parameter of asyncio.loop.create_datagram_endpoint() is no longer supported. This is because of the behavior of SO_REUSEADDR in UDP. For more details, see the documentation for loop.create_datagram_endpoint() . (Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov in bpo-37228.)

  • bpo-38722: runpy now uses io.open_code() to open code files. Patch by Jason Killen.

  • bpo-38804: Fixes a ReDoS vulnerability in http.cookiejar. Patch by Ben Caller.

  • bpo-38622: Add additional audit events for the ctypes module.

  • bpo-38418: Fixes audit event for os.system() to be named os.system .

Core and Builtins

  • bpo-38673: In REPL mode, don’t switch to PS2 if the line starts with comment or whitespace. Based on work by Batuhan Taşkaya.

  • bpo-38922: Calling replace on a code object now raises the code.__new__ audit event.

  • bpo-38920: Add audit hooks for when sys.excepthook() and sys.unraisablehook() are invoked

  • bpo-38892: Improve documentation for audit events table and functions.

  • bpo-38707: MainThread.native_id is now correctly reset in child processes spawned using multiprocessing.Process, instead of retaining the parent’s value.

  • bpo-38640: Fixed a bug in the compiler that was causing to raise in the presence of break statements and continue statements inside always false while loops. Patch by Pablo Galindo.

  • bpo-38535: Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators.

  • bpo-38525: Fix a segmentation fault when using reverse iterators of empty dict objects. Patch by Dong-hee Na and Inada Naoki.

  • bpo-35409: Ignore GeneratorExit exceptions when throwing an exception into the aclose coroutine of an asynchronous generator.

Library

  • bpo-39006: Fix asyncio when the ssl module is missing: only check for ssl.SSLSocket instance if the ssl module is available.

  • bpo-38708: Fix a potential IndexError in email parser when parsing an empty msg-id.

  • bpo-38698: Add a new InvalidMessageID token to email parser to represent invalid Message-ID headers. Also, add defects when there is remaining value after parsing the header.

  • bpo-38979: Return class from ContextVar.__class_getitem__ to simplify subclassing.

  • bpo-38986: Make repr of C accelerated TaskWakeupMethWrapper the same as of pure Python version.

  • bpo-38529: Drop too noisy asyncio warning about deletion of a stream without explicit .close() call.

  • bpo-38634: The readline module now detects if Python is linked to libedit at runtime on all platforms. Previously, the check was only done on macOS.

  • bpo-33684: Fix json.tool failed to read a JSON file with non-ASCII characters when locale encoding is not UTF-8.

  • bpo-38698: Prevent UnboundLocalError to pop up in parse_message_id

parse_message_id() was improperly using a token defined inside an exception handler, which was raising UnboundLocalError on parsing an invalid value. Patch by Claudiu Popa.

  • bpo-26730: Fix SpooledTemporaryFile.rollover() might corrupt the file when it is in text mode. Patch by Serhiy Storchaka.

  • bpo-38668: Calling func:shutil.copytree to copy a directory tree from one directory to another subdirectory resulted in an endless loop and a RecursionError. A fix was added to consume an iterator and create the list of the entries to be copied, avoiding the recursion for newly created directories. Patch by Bruno P. Kinoshita.

  • bpo-37838: typing.get_type_hints() properly handles functions decorated with functools.wraps().

  • bpo-38859: AsyncMock now returns StopAsyncIteration on the exaustion of a side_effects iterable. Since PEP-479 its Impossible to raise a StopIteration exception from a coroutine.

  • bpo-38857: AsyncMock fix for return values that are awaitable types. This also covers side_effect iterable values that happend to be awaitable, and wraps callables that return an awaitable type. Before these awaitables were being awaited instead of being returned as is.

  • bpo-38821: Fix unhandled exceptions in argparse when internationalizing error messages for arguments with nargs set to special (non-integer) values. Patch by Federico Bond.

  • bpo-38820: Make Python compatible with OpenSSL 3.0.0. ssl.SSLSocket.getpeercert() no longer returns IPv6 addresses with a trailing new line.

  • bpo-38807: Update TypeError messages for os.path.join() to include os.PathLike objects as acceptable input types.

  • bpo-38785: Prevent asyncio from crashing if parent __init__ is not called from a constructor of object derived from asyncio.Future .

  • bpo-38723: pdb now uses io.open_code() to trigger auditing events.

  • bpo-27805: Allow opening pipes and other non-seekable files in append mode with open().

  • bpo-38686: Added support for multiple qop values in urllib.request.AbstractDigestAuthHandler.

  • bpo-38334: Fixed seeking backward on an encrypted zipfile.ZipExtFile .

  • bpo-34679: asynci.ProactorEventLoop.close() now only calls signal.set_wakeup_fd() in the main thread.

  • bpo-31202: The case the result of pathlib.WindowsPath.glob() matches now the case of the pattern for literal parts.

  • bpo-38521: Fixed erroneous equality comparison in statistics.NormalDist().

  • bpo-38478: Fixed a bug in inspect.signature.bind() that was causing it to fail when handling a keyword argument with same name as positional-only parameter. Patch by Pablo Galindo.

  • bpo-33604: Fixed hmac.new and hmac.HMAC to raise TypeError instead of ValueError when the digestmod parameter, now required in 3.8, is omitted. Also clarified the hmac module documentation and docstrings.

  • bpo-38422: Clarify docstrings of pathlib suffix(es)

  • bpo-36993: Improve error reporting for corrupt zip files with bad zip64 extra data. Patch by Daniel Hillier.

  • bpo-36820: Break cycle generated when saving an exception in socket.py, codeop.py and dyld.py as they keep alive not only the exception but user objects through the __traceback__ attribute. Patch by Mario Corchero.

  • bpo-34776: Fix dataclasses to support forward references in type annotations

  • bpo-33348: lib2to3 now recognizes expressions after * and ** like in f(*[] or []) .

  • bpo-27657: Fix urllib.parse.urlparse() with numeric paths. A string like “path:80” is no longer parsed as a path but as a scheme (“path”) and a path (“80”).

Documentation

  • bpo-38816: Provides more details about the interaction between fork() and CPython’s runtime, focusing just on the C-API. This includes cautions about where fork() should and shouldn’t be called.

  • bpo-38351: Modernize email examples from %-formatting to f-strings.

  • bpo-38778: Document the fact that RuntimeError is raised if os.fork() is called in a subinterpreter.

  • bpo-38592: Add Brazilian Portuguese to the language switcher at Python Documentation website.

Tests

  • bpo-38547: Fix test_pty: if the process is the session leader, closing the master file descriptor raises a SIGHUP signal: simply ignore SIGHUP when running the tests.

  • bpo-38992: Fix a test for math.fsum() that was failing due to constant folding.

  • bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma.

  • bpo-38875: test_capi: trashcan tests now require the test “cpu” resource.

  • bpo-38841: Skip asyncio test_create_datagram_endpoint_existing_sock_unix on platforms lacking a functional bind() for named unix domain sockets.

  • bpo-38669: Raise TypeError when passing target as a string with unittest.mock.patch.object().

  • bpo-35998: Fix a race condition in test_asyncio.test_start_tls_server_1(). Previously, there was a race condition between the test main() function which replaces the protocol and the test ServerProto protocol which sends ANSWER once it gets HELLO. Now, only the test main() function is responsible to send data, ServerProto no longer sends data.

Build

  • bpo-37404: asyncio now raises TyperError when calling incompatible methods with an ssl.SSLSocket socket. Patch by Ido Michael.

  • bpo-38809: On Windows, build scripts will now recognize and use python.exe from an active virtual env.

  • bpo-38684: Fix _hashlib build when Blake2 is disabled, but OpenSSL supports it.

  • bpo-37415: Fix stdatomic.h header check for ICC compiler: the ICC implementation lacks atomic_uintptr_t type which is needed by Python.

Windows

  • bpo-33125: Add support for building and releasing Windows ARM64 packages.

  • bpo-38589: Fixes HTML Help shortcut when Windows is not installed to C drive

  • bpo-38453: Ensure ntpath.realpath() correctly resolves relative paths.

  • bpo-38519: Restores the internal C headers that were missing from the nuget.org and Microsoft Store packages.

  • bpo-38492: Remove pythonw.exe dependency on the Microsoft C++ runtime.

macOS

  • bpo-37931: Fixed a crash on OSX dynamic builds that occurred when re-initializing the posix module after a Py_Finalize if the environment had changed since the previous import posix . Patch by Benoît Hudson.

IDLE

  • bpo-38862: ‘Strip Trailing Whitespace’ on the Format menu removes extra newlines at the end of non-shell files.

  • bpo-26353: Stop adding newline when saving an IDLE shell window.

  • bpo-38636: Fix IDLE Format menu tab toggle and file indent width. These functions (default shortcuts Alt-T and Alt-U) were mistakenly disabled in 3.7.5 and 3.8.0.

  • bpo-4630: Add an option to toggle IDLE’s cursor blink for shell, editor, and output windows. See Settings, General, Window Preferences, Cursor Blink. Patch by Zackery Spytz.

  • bpo-38598: Do not try to compile IDLE shell or output windows

C API

  • bpo-37633: Re-export some function compatibility wrappers for macros in pythonrun.h .

  • bpo-38540: Fixed possible leak in PyArg_Parse() and similar functions for format units "es#" and "et#" when the macro PY_SSIZE_T_CLEAN is not defined.

  • bpo-36389: The _PyObject_CheckConsistency() function is now also available in release mode. For example, it can be used to debug a crash in the visit_decref() function of the GC.

Python 3.8.0 final

Release date: 2019-10-14

Core and Builtins

  • bpo-38469: Fixed a bug where the scope of named expressions was not being resolved correctly in the presence of the global keyword. Patch by Pablo Galindo.

  • bpo-38379: When cyclic garbage collection (gc) runs finalizers that resurrect unreachable objects, the current gc run ends, without collecting any cyclic trash. However, the statistics reported by collect() and get_stats() claimed that all cyclic trash found was collected, and that the resurrected objects were collected. Changed the stats to report that none were collected.

Library

Documentation

  • bpo-38294: Add list of no-longer-escaped chars to re.escape documentation.

Tests

  • bpo-37531: On timeout, regrtest no longer attempts to call popen.communicate() again: it can hang until all child processes using stdout and stderr pipes completes. Kill the worker process and ignores its output. Change also the faulthandler timeout of the main process from 1 minute to 5 minutes, for Python slowest buildbots.

Windows

  • bpo-38344: Fix error message in activate.bat.

  • bpo-38359: Ensures pyw.exe launcher reads correct registry key.

  • bpo-38355: Fixes ntpath.realpath failing on sys.executable .

IDLE

  • bpo-36698: IDLE no longer fails when write non-encodable characters to stderr. It now escapes them with a backslash, as the regular Python interpreter. Added the errors field to the standard streams.

Tools/Demos

  • bpo-38118: Update Valgrind suppression file to ignore a false alarm in PyUnicode_Decode() when using GCC builtin strcmp().

  • bpo-38347: pathfix.py: Assume all files that end on ‘.py’ are Python scripts when working recursively.

C API

  • bpo-38395: Fix a crash in weakref.proxy objects due to incorrect lifetime management when calling some associated methods that may delete the last reference to object being referenced by the proxy. Patch by Pablo Galindo.

Python 3.8.0 release candidate 1

Release date: 2019-10-01

Security

  • bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. (Contributed by Dong-hee Na in bpo-38243.)

  • bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903.

  • bpo-37764: Fixes email._header_value_parser.get_unstructured going into an infinite loop for a specific case in which the email header does not have trailing whitespace, and the case in which it contains an invalid encoded word. Patch by Ashwin Ramaswami.

Core and Builtins

  • bpo-38006: Fix a bug due to the interaction of weakrefs and the cyclic garbage collector. We must clear any weakrefs in garbage in order to prevent their callbacks from executing and causing a crash.

  • bpo-38317: Fix warnings options priority: PyConfig.warnoptions has the highest priority, as stated in the PEP 587.

  • bpo-36871: Improve error handling for the assert_has_calls and assert_has_awaits methods of mocks. Fixed a bug where any errors encountered while binding the expected calls to the mock’s spec were silently swallowed, leading to misleading error output.

  • bpo-38236: Python now dumps path configuration if it fails to import the Python codecs of the filesystem and stdio encodings.

  • bpo-38013: Allow to call async_generator_athrow().throw(...) even for non-started async generator helper. It fixes annoying warning at the end of asyncio.run() call.

  • bpo-38124: Fix an off-by-one error in PyState_AddModule that could cause out-of-bounds memory access.

  • bpo-38005: Fixed comparing and creating of InterpreterID and ChannelID.

  • bpo-37994: Fixed silencing arbitrary errors if an attribute lookup fails in several sites. Only AttributeError should be silenced.

  • bpo-37990: Fix elapsed time in gc stats was not printed correctly. This bug was a regression in 3.8b4.

  • bpo-37966: The implementation of is_normalized() has been greatly sped up on strings that aren’t normalized, by implementing the full normalization-quick-check algorithm from the Unicode standard.

  • bpo-20490: Improve import error message for partially initialized module on circular from imports - by Anthony Sottile.

  • bpo-37409: Ensure explicit relative imports from interactive sessions and scripts (having no parent package) always raise ImportError, rather than treating the current module as the package. Patch by Ben Lewis.

  • bpo-37619: When adding a wrapper descriptor from one class to a different class (for example, setting __add__ = str.__add__ on an int subclass), an exception is correctly raised when the operator is called.

  • bpo-30773: Prohibit parallel running of aclose() / asend() / athrow(). Fix ag_running to reflect the actual running status of the AG.

Library

  • bpo-38319: sendfile() used in socket and shutil modules was raising OverflowError for files >= 2GiB on 32-bit architectures. (patch by Giampaolo Rodola)

  • bpo-38242: Revert the new asyncio Streams API

  • bpo-38019: Correctly handle pause/resume reading of closed asyncio unix pipe.

  • bpo-38163: Child mocks will now detect their type as either synchronous or asynchronous, asynchronous child mocks will be AsyncMocks and synchronous child mocks will be either MagicMock or Mock (depending on their parent type).

  • bpo-38161: Removes _AwaitEvent from AsyncMock.

  • bpo-38216: Allow the rare code that wants to send invalid http requests from the http.client library a way to do so. The fixes for bpo-30458 led to breakage for some projects that were relying on this ability to test their own behavior in the face of bad requests.

  • bpo-38108: Any synchronous magic methods on an AsyncMock now return a MagicMock. Any asynchronous magic methods on a MagicMock now return an AsyncMock.

  • bpo-38248: asyncio: Fix inconsistent immediate Task cancellation

  • bpo-38237: The arguments for the builtin pow function are more descriptive. They can now also be passed in as keywords.

  • bpo-38191: Constructors of NamedTuple and TypedDict types now accept arbitrary keyword argument names, including “cls”, “self”, “typename”, “_typename”, “fields” and “_fields”. Passing positional arguments by keyword is deprecated.

  • bpo-38185: Fixed case-insensitive string comparison in sqlite3.Row indexing.

  • bpo-38136: Changes AsyncMock call count and await count to be two different counters. Now await count only counts when a coroutine has been awaited, not when it has been called, and vice-versa. Update the documentation around this.

  • bpo-37828: Fix default mock name in unittest.mock.Mock.assert_called() exceptions. Patch by Abraham Toriz Cruz.

  • bpo-38175: Fix a memory leak in comparison of sqlite3.Row objects.

  • bpo-33936: _hashlib no longer calls obsolete OpenSSL initialization function with OpenSSL 1.1.0+.

  • bpo-34706: Preserve subclassing in inspect.Signature.from_callable.

  • bpo-38153: Names of hashing algorithms frome OpenSSL are now normalized to follow Python’s naming conventions. For example OpenSSL uses sha3-512 instead of sha3_512 or blake2b512 instead of blake2b.

  • bpo-38115: Fix a bug in dis.findlinestarts() where it would return invalid bytecode offsets. Document that a code object’s co_lnotab can contain invalid bytecode offsets.

  • bpo-38148: Add slots to asyncio transport classes, which can reduce memory usage.

  • bpo-36991: Fixes a potential incorrect AttributeError exception escaping ZipFile.extract() in some unsupported input error situations.

  • bpo-38134: Remove obsolete copy of PBKDF2_HMAC_fast. All supported OpenSSL versions contain a fast implementation.

  • bpo-38132: The OpenSSL hashlib wrapper uses a simpler implementation. Several Macros and pointless caches are gone. The hash name now comes from OpenSSL’s EVP. The algorithm name stays the same, except it is now always lower case.

  • bpo-38008: Fix parent class check in protocols to correctly identify the module that provides a builtin protocol, instead of assuming they all come from the collections.abc module

  • bpo-37405: Fixed regression bug for socket.getsockname() for non-CAN_ISOTP AF_CAN address family sockets by returning a 1-tuple instead of string.

  • bpo-38121: Update parameter names on functions in importlib.metadata matching the changes in the 0.22 release of importlib_metadata.

  • bpo-38110: The os.closewalk() implementation now uses the libc fdwalk() API on platforms where it is available.

  • bpo-38093: Fixes AsyncMock so it doesn’t crash when used with AsyncContextManagers or AsyncIterators.

  • bpo-37488: Add warning to datetime.utctimetuple() , datetime.utcnow() and datetime.utcfromtimestamp() .

  • bpo-38086: Update importlib.metadata with changes from importlib_metadata 0.21.

  • bpo-37251: Remove __code__ check in AsyncMock that incorrectly evaluated function specs as async objects but failed to evaluate classes with __await__ but no __code__ attribute defined as async objects.

  • bpo-38037: Fix reference counters in the signal module.

  • bpo-38066: Hide internal asyncio.Stream methods: feed_eof(), feed_data(), set_exception() and set_transport().

  • bpo-38059: inspect.py now uses sys.exit() instead of exit()

  • bpo-37953: In typing, improved the __hash__ and __eq__ methods for ForwardReferences .

  • bpo-38026: Fixed inspect.getattr_static() used isinstance while it should avoid dynamic lookup.

  • bpo-38010: In importlib.metadata sync with importlib_metadata 0.20, clarifying behavior of files() and fixing issue where only one requirement was returned for requires() on dist-info packages.

  • bpo-38006: weakref.WeakValueDictionary defines a local remove() function used as callback for weak references. This function was created with a closure. Modify the implementation to avoid the closure.

  • bpo-34410: Fixed a crash in the tee() iterator when re-enter it. RuntimeError is now raised in this case.

  • bpo-37140: Fix a ctypes regression of Python 3.8. When a ctypes.Structure is passed by copy to a function, ctypes internals created a temporary object which had the side effect of calling the structure finalizer (del) twice. The Python semantics requires a finalizer to be called exactly once. Fix ctypes internals to no longer call the finalizer twice.

  • bpo-37972: Subscripts to the unittest.mock.call objects now receive the same chaining mechanism as any other custom attributes, so that the following usage no longer raises a TypeError:

call().foo().getitem(‘bar’)

Patch by blhsing

  • bpo-22347: Update mimetypes.guess_type to allow proper parsing of URLs with only a host name. Patch by Dong-hee Na.

  • bpo-37885: venv: Don’t generate unset variable warning on deactivate.

  • bpo-37785: Fix xgettext warnings in argparse.

  • bpo-11953: Completing WSA* error codes in socket.

  • bpo-37424: Fixes a possible hang when using a timeout on subprocess.run() while capturing output. If the child process spawned its own children or otherwise connected its stdout or stderr handles with another process, we could hang after the timeout was reached and our child was killed when attempting to read final output from the pipes.

  • bpo-37212: unittest.mock.call() now preserves the order of keyword arguments in repr output. Patch by Karthikeyan Singaravelan.

  • bpo-37305: Add .webmanifest -> application/manifest+json to list of recognized file types and content type headers

  • bpo-21872: Fix lzma: module decompresses data incompletely. When decompressing a FORMAT_ALONE format file, and it doesn’t have the end marker, sometimes the last one to dozens bytes can’t be output. Patch by Ma Lin.

  • bpo-37206: Default values which cannot be represented as Python objects no longer improperly represented as None in function signatures.

  • bpo-12144: Ensure cookies with expires attribute are handled in CookieJar.make_cookies() .

  • bpo-31163: pathlib.Path instance’s rename and replace methods now return the new Path instance.

  • bpo-25068: urllib.request.ProxyHandler now lowercases the keys of the passed dictionary.

  • bpo-21315: Email headers containing RFC2047 encoded words are parsed despite the missing whitespace, and a defect registered. Also missing trailing whitespace after encoded words is now registered as a defect.

  • bpo-36250: Ignore ValueError from signal with interaction in non-main thread.

  • bpo-35168: shlex.shlex.punctuation_chars is now a read-only property.

  • bpo-20504: Fixes a bug in cgi module when a multipart/form-data request has no Content-Length header.

  • bpo-34519: Add additional aliases for HP Roman 8. Patch by Michael Osipov.

Documentation

  • bpo-26868: Fix example usage of PyModule_AddObject() to properly handle errors.

  • bpo-36797: Fix a dead link in the distutils API Reference.

  • bpo-37977: Warn more strongly and clearly about pickle insecurity

  • bpo-37937: Mention frame.f_trace in sys.settrace() docs.

  • bpo-36260: Add decompression pitfalls to zipfile module documentation.

  • bpo-36960: Restructured the datetime docs in the interest of making them more user-friendly and improving readability. Patch by Brad Solomon.

  • bpo-23460: The documentation for decimal string formatting using the :g specifier has been updated to reflect the correct exponential notation cutoff point. Original patch contributed by Tuomas Suutari.

  • bpo-35803: Document and test that tempfile functions may accept a path-like object for the dir argument. Patch by Anthony Sottile.

  • bpo-33944: Added a note about the intended use of code in .pth files.

  • bpo-34293: Fix the Doc/Makefile regarding PAPER environment variable and PDF builds

Tests

  • bpo-38239: Fix test_gdb for Link Time Optimization (LTO) builds.

  • bpo-38275: test_ssl now handles disabled TLS/SSL versions better. OpenSSL’s crypto policy and run-time settings are recognized and tests for disabled versions are skipped. Tests also accept more TLS minimum_versions for platforms that override OpenSSL’s default with strict settings.

  • bpo-38271: The private keys for test_ssl were encrypted with 3DES in traditional PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by some strict crypto policies. Use PKCS#8 format with AES256 encryption instead.

  • bpo-38270: test.support now has a helper function to check for availibility of a hash digest function. Several tests are refactored avoid MD5 and use SHA256 instead. Other tests are marked to use MD5 and skipped when MD5 is disabled.

  • bpo-37123: Multiprocessing test test_mymanager() now also expects -SIGTERM, not only exitcode 0. BaseManager._finalize_manager() sends SIGTERM to the manager process if it takes longer than 1 second to stop, which happens on slow buildbots.

  • bpo-38212: Multiprocessing tests: increase test_queue_feeder_donot_stop_onexc() timeout from 1 to 60 seconds.

  • bpo-38117: Test with OpenSSL 1.1.1d

  • bpo-37531: Enhance regrtest multiprocess timeout: write a message when killing a worker process, catch popen.kill() and popen.wait() exceptions, put a timeout on the second call to popen.communicate().

  • bpo-37876: Add tests for ROT-13 codec.

  • bpo-37252: Fix assertions in test_close and test_events_mask_overflow devpoll tests.

  • bpo-34001: Make test_ssl pass with LibreSSL. LibreSSL handles minimum and maximum TLS version differently than OpenSSL.

  • bpo-36919: Make test_source_encoding.test_issue2301 implementation independent. The test will work now for both CPython and IronPython.

  • bpo-34596: Fallback to a default reason when unittest.skip() is uncalled. Patch by Naitree Zhu.

Build

  • bpo-38301: In Solaris family, we must be sure to use -D_REENTRANT . Patch by Jesús Cea Avión.

  • bpo-36210: Update optional extension module detection for AIX. ossaudiodev and spwd are not applicable for AIX, and are no longer reported as missing. 3rd-party packaging of ncurses (with ASIS support) conflicts with officially supported AIX curses library, so configure AIX to use libcurses.a. However, skip trying to build _curses_panel.

patch by M Felt

  • bpo-36002: Locate llvm-profdata and llvm-ar binaries using AC_PATH_TOOL rather than AC_PATH_TARGET_TOOL .

  • bpo-37936: The .gitignore file systematically keeps “rooted”, with a non-trailing slash, all the rules that are meant to apply to files in a specific place in the repo. Previously, when the intended file to ignore happened to be at the root of the repo, we’d most often accidentally also ignore files and directories with the same name anywhere in the tree.

  • bpo-37936: The .gitignore file no longer applies to any files that are in fact tracked in the Git repository. Patch by Greg Price.

Windows

  • bpo-38117: Update bundled OpenSSL to 1.1.1d

  • bpo-38092: Reduce overhead when using multiprocessing in a Windows virtual environment.

  • bpo-38133: Allow py.exe launcher to locate installations from the Microsoft Store and improve display of active virtual environments.

  • bpo-38114: The pip.ini is no longer included in the Nuget package.

  • bpo-36634: os.cpu_count() now returns active processors rather than maximum processors.

  • bpo-36634: venv activate.bat now works when the existing variables contain double quote characters.

  • bpo-38081: Prevent error calling os.path.realpath() on 'NUL' .

  • bpo-38087: Fix case sensitivity in test_pathlib and test_ntpath.

  • bpo-38088: Fixes distutils not finding vcruntime140.dll with only the v142 toolset installed.

  • bpo-37283: Ensure command-line and unattend.xml setting override previously detected states in Windows installer.

  • bpo-38030: Fixes os.stat() failing for block devices on Windows

  • bpo-38020: Fixes potential crash when calling os.readlink() (or indirectly through realpath()) on a file that is not a supported link.

  • bpo-37705: Improve the implementation of winerror_to_errno() .

  • bpo-37702: Fix memory leak on Windows in creating an SSLContext object or running urllib.request.urlopen(‘https://…’).

  • bpo-37445: Include the FORMAT_MESSAGE_IGNORE_INSERTS flag in FormatMessageW() calls.

  • bpo-37380: Don’t collect unfinished processes with subprocess._active on Windows to cleanup later. Patch by Ruslan Kuprieiev.

  • bpo-32587: Make winreg.REG_MULTI_SZ support zero-length strings.

macOS

  • bpo-38117: Updated OpenSSL to 1.1.1d in macOS installer.

  • bpo-38089: Move Azure Pipelines to latest VM versions and make macOS tests optional

IDLE

  • bpo-35379: When exiting IDLE, catch any AttributeError. One happens when EditorWindow.close is called twice. Printing a traceback, when IDLE is run from a terminal, is useless and annoying.

  • bpo-38183: To avoid problems, test_idle ignores the user config directory. It no longer tries to create or access .idlerc or any files within. Users must run IDLE to discover problems with saving settings.

  • bpo-38077: IDLE no longer adds ‘argv’ to the user namespace when initializing it. This bug only affected 3.7.4 and 3.8.0b2 to 3.8.0b4.

  • bpo-38041: Shell restart lines now fill the window width, always start with ‘=’, and avoid wrapping unnecessarily. The line will still wrap if the included file name is long relative to the width.

  • bpo-35771: To avoid occasional spurious test_idle failures on slower machines, increase the hover_delay in test_tooltip.

  • bpo-37902: Add mousewheel scrolling for IDLE module, path, and stack browsers. Patch by George Zhang.

Tools/Demos

  • bpo-37803: pdb’s --help and --version long options now work.

  • bpo-37064: Add option -k to pathscript.py script: preserve shebang flags. Add option -a to pathscript.py script: add flags.

C API

Python 3.8.0 beta 4

Release date: 2019-08-29

Security

  • bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address. Patch by maxking & jpic.

Core and Builtins

The TargetScopeError subclass originally proposed by the PEP has been removed in favour of just raising regular syntax errors for the disallowed cases.

  • bpo-36311: Decoding bytes objects larger than 2GiB is faster and no longer fails when a multibyte characters spans a chunk boundary.

  • bpo-37433: Fix SyntaxError indicator printing too many spaces for multi-line strings - by Anthony Sottile.

  • bpo-20523: pdb.Pdb supports ~/.pdbrc in Windows 7. Patch by Tim Hopper and Dan Lidral-Porter.

Library

  • bpo-37834: Prevent shutil.rmtree exception when built on non-Windows system without fd system call support, like older versions of macOS.

  • bpo-37965: Fix C compiler warning caused by distutils.ccompiler.CCompiler.has_function.

  • bpo-37960: repr() of buffered and text streams now silences only expected exceptions when get the value of “name” and “mode” attributes.

  • bpo-37951: Most features of the subprocess module now work again in subinterpreters. Only preexec_fn is restricted in subinterpreters.

  • bpo-36205: Fix the rusage implementation of time.process_time() to correctly report the sum of the system and user CPU time.

  • bpo-37950: Fix ast.dump() when call with incompletely initialized node.

  • bpo-34679: Restores instantiation of Windows IOCP event loops from the non-main thread.

  • bpo-36917: Add default implementation of the ast.NodeVisitor.visit_Constant() method which emits a deprecation warning and calls corresponding methody visit_Num() , visit_Str() , etc.

  • bpo-37798: Update test_statistics.py to verify that the statistics module works well for both C and Python implementations. Patch by Dong-hee Na

  • bpo-26589: Added a new status code to the http module: 451 UNAVAILABLE_FOR_LEGAL_REASONS

  • bpo-37915: Fix a segmentation fault that appeared when comparing instances of datetime.timezone and datetime.tzinfo objects. Patch by Pablo Galindo.

  • bpo-37868: Fix dataclasses.is_dataclass when given an instance that never raises AttributeError in getattr. That is, an object that returns something for dataclass_fields even if it’s not a dataclass.

  • bpo-37811: Fix socket module’s socket.connect(address) function being unable to establish connection in case of interrupted system call. The problem was observed on all OSes which poll(2) system call can take only non-negative integers and -1 as a timeout value.

  • bpo-21131: Fix faulthandler.register(chain=True) stack. faulthandler now allocates a dedicated stack of SIGSTKSZ*2 bytes, instead of just SIGSTKSZ bytes. Calling the previous signal handler in faulthandler signal handler uses more than SIGSTKSZ bytes of stack memory on some platforms.

  • bpo-37798: Add C fastpath for statistics.NormalDist.inv_cdf() Patch by Dong-hee Na

  • bpo-37819: Add Fraction.as_integer_ratio() to match the corresponding methods in bool, int, float, and decimal.

  • bpo-37810: Fix difflib ? hint in diff output when dealing with tabs. Patch by Anthony Sottile.

  • bpo-37772: In zipfile.Path , when adding implicit dirs, ensure that ancestral directories are added and that duplicates are excluded.

  • bpo-28292: Mark calendar.py helper functions as being private. The follows PEP 8 guidance to maintain the style conventions in the module and it addresses a known case of user confusion.

  • bpo-18049: Add definition of THREAD_STACK_SIZE for AIX in Python/thread_pthread.h The default thread stacksize caused crashes with the default recursion limit Patch by M Felt

  • bpo-37738: Fix the implementation of curses addch(str, color_pair) : pass the color pair to setcchar() , instead of always passing 0 as the color pair.

  • bpo-37723: Fix performance regression on regular expression parsing with huge character sets. Patch by Yann Vaginay.

  • bpo-32178: Fix IndexError in email package when trying to parse invalid address fields starting with : .

  • bpo-37685: Fixed comparisons of datetime.timedelta and datetime.timezone.

  • bpo-37695: Correct curses.unget_wch() error message. Patch by Anthony Sottile.

  • bpo-37354: Make Activate.ps1 Powershell script static to allow for signing it.

  • bpo-37664: Update wheels bundled with ensurepip (pip 19.2.3 and setuptools 41.2.0)

  • bpo-37642: Allowed the pure Python implementation of datetime.timezone to represent sub-minute offsets close to minimum and maximum boundaries, specifically in the ranges (23:59, 24:00) and (-23:59, 24:00). Patch by Ngalim Siregar

  • bpo-16970: Adding a value error when an invalid value in passed to nargs Patch by Robert Leenders

  • bpo-37587: Make json.loads faster for long strings. (Patch by Marco Paolini)

  • bpo-18378: Recognize “UTF-8” as a valid value for LC_CTYPE in locale._parse_localename.

  • bpo-37531: “python3 -m test -jN –timeout=TIMEOUT” now kills a worker process if it runs longer than TIMEOUT seconds.

  • bpo-37482: Fix serialization of display name in originator or destination address fields with both encoded words and special chars.

  • bpo-37372: Fix error unpickling datetime.time objects from Python 2 with seconds>=24. Patch by Justin Blanchard.

  • bpo-37085: Add the optional Linux SocketCAN Broadcast Manager constants, used as flags to configure the BCM behaviour, in the socket module. Patch by Karl Ding.

  • bpo-36871: Ensure method signature is used instead of constructor signature of a class while asserting mock object against method calls. Patch by Karthikeyan Singaravelan.

  • bpo-36582: Fix UserString.encode() to correctly return bytes rather than a UserString instance.

  • bpo-34775: Division handling of PurePath now returns NotImplemented instead of raising a TypeError when passed something other than an instance of str or PurePath. Patch by Roger Aiudi.

Documentation

  • bpo-37979: Added a link to dateutil.parser.isoparse in the datetime.fromisoformat documentation. Patch by Paul Ganssle

  • bpo-37759: Beginning edits to Whatsnew 3.8

  • bpo-37726: Stop recommending getopt in the tutorial for command line argument parsing and promote argparse.

  • bpo-37256: Fix wording of arguments for Request in urllib.request

  • bpo-37004: In the documentation for difflib, a note was added explicitly warning that the results of SequenceMatcher’s ratio method may depend on the order of the input strings.

  • bpo-36487: Make C-API docs clear about what the “main” interpreter is.

Tests

  • bpo-37805: Add tests for json.dump(…, skipkeys=True). Patch by Dong-hee Na.

Build

  • bpo-37707: Mark some individual tests to skip when –pgo is used. The tests marked increase the PGO task time significantly and likely don’t help improve optimization of the final executable.

Windows

  • bpo-37549: os.dup() no longer fails for standard streams on Windows 7.

  • bpo-1311: The nul file on Windows now returns True from exists() and a valid result from os.stat() with S_IFCHR set.

  • bpo-9949: Enable support for following symlinks in os.realpath() .

  • bpo-37834: Treat all name surrogate reparse points on Windows in os.lstat() and other reparse points as regular files in os.stat().

  • bpo-36266: Add the module name in the formatted error message when DLL load fail happens during module import in _PyImport_FindSharedFuncptrWindows() . Patch by Srinivas Nyayapati.

  • bpo-25172: Trying to import the crypt module on Windows will result in an ImportError with a message explaining that the module isn’t supported on Windows. On other platforms, if the underlying _crypt module is not available, the ImportError will include a message explaining the problem.

  • bpo-37778: Fixes the icons used for file associations to the Microsoft Store package.

  • bpo-37734: Fix use of registry values to launch Python from Microsoft Store app.

  • bpo-28269: Replace use of strcasecmp() for the system function _stricmp() . Patch by Minmin Gong.

macOS

  • bpo-18049: Increase the default stack size of threads from 5MB to 16MB on macOS, to match the stack size of the main thread. This avoids crashes on deep recursion in threads.

IDLE

  • bpo-37824: Properly handle user input warnings in IDLE shell. Cease turning SyntaxWarnings into SyntaxErrors.

  • bpo-37929: IDLE Settings dialog now closes properly when there is no shell window.

  • bpo-37849: Fixed completions list appearing too high or low when shown above the current line.

  • bpo-36419: Refactor IDLE autocomplete and improve testing.

  • bpo-37748: Reorder the Run menu. Put the most common choice, Run Module, at the top.

Tools/Demos

  • bpo-37942: Improve ArgumentClinic converter for floats.

  • bpo-37034: Argument Clinic now uses the argument name on errors with keyword-only argument instead of their position. Patch contributed by Rémi Lapeyre.

C API

  • bpo-36763: Options added by PySys_AddXOption() are now handled the same way than PyConfig.xoptions and command line -X options.

  • bpo-37926: Fix a crash in PySys_SetArgvEx(0, NULL, 0) .

Python 3.8.0 beta 3

Release date: 2019-07-29

Security

  • bpo-37461: Fix an infinite loop when parsing specially crafted email headers. Patch by Abhilash Raj.

Core and Builtins

  • bpo-37593: Swap the positions of the posonlyargs and args parameters in the constructor of ast.parameters nodes.

  • bpo-36974: Implemented separate vectorcall functions for every calling convention of builtin functions and methods. This improves performance for calls.

Library

  • bpo-37697: Syncronize importlib.metadata with importlib_metadata 0.19, improving handling of EGG-INFO files and fixing a crash when entry point names contained colons.

  • bpo-37691: Let math.dist() accept coordinates as sequences (or iterables) rather than just tuples.

  • bpo-37664: Update wheels bundled with ensurepip (pip 19.2.1 and setuptools 41.0.1)