The NetBSD Project

CVS log for pkgsrc/lang/python39/dist.mk

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / python39

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.20 / (download) - annotate - [select for diffs], Wed Mar 20 15:41:01 2024 UTC (8 days, 6 hours ago) by adam
Branch: MAIN
CVS Tags: HEAD
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.19

Python 3.9.19

Security

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

Core and Builtins

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

Library

gh-115197: urllib.request no longer resolves the hostname before checking it against the systemãàÑÔ proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms.
gh-109858: Protect zipfile from ãà×Òuoted-overlapãàzipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory.
gh-107077: Seems that in some conditions, OpenSSL will return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification verification has failed, but the error parameters will still contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now detecting this situation and raising the appropiate ssl.SSLCertVerificationError. Patch by Pablo Galindo
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors.

Documentation

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under ãà×¹ML vulnerabilitiesãà

Windows

gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its end of life and no future fixes will be made, and this version of Python is no longer receiving maintenance fixes and will not be updated to OpenSSL 3.0.

Tools/Demos

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11.

Revision 1.19 / (download) - annotate - [select for diffs], Fri Aug 25 08:26:13 2023 UTC (7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.18

Python 3.9.18

Security

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

Library

gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError.

Tools/Demos

gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

C API

gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data: *consumed was not set.

Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 7 13:25:52 2023 UTC (9 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.17

Python 3.9.17

Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

Core and Builtins
gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya.
gh-100892: Fix race while iterating over thread states in clearing threading.local. Patch by Kumar Aditya.

Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)

Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s

macOS
gh-103142: Update macOS installer to use OpenSSL 1.1.1u.

Revision 1.17 / (download) - annotate - [select for diffs], Wed Dec 7 11:52:43 2022 UTC (15 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.16

Python 3.9.16 final

Security
gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCPãàÑÔ fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the ãà×Çorkserverãàstart method is affected.

Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier.

This prevents Linux CVE-2022-42919.
gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).

Revision 1.16 / (download) - annotate - [select for diffs], Wed Oct 12 08:37:13 2022 UTC (17 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.15

Python 3.9.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.
Core and Builtins
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. Patch by Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.

macOS

gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could result in a segfault if cpython is built with the macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding runtime support for detection of these system calls (ãà×Øeaklinkingãà as is done for other newer syscalls on macOS.

Revision 1.15 / (download) - annotate - [select for diffs], Wed Sep 7 15:33:19 2022 UTC (18 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.14

Python 3.9.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.

Library
gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of ãàãà
gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None.
bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.

Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers.
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.

Revision 1.14 / (download) - annotate - [select for diffs], Wed May 18 08:07:32 2022 UTC (22 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.13

Python 3.9.13

Core and Builtins

gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash.
gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner.
gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na.
bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so.

The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias.

The functions affected are 24 methods in ctypes.

Patch by Oleg Iarygin.
bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters.

Library

gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle.
gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify().
gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled.
bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam.
gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules.
gh-91810: ElementTree method write() and function tostring() now use the text fileÑÔ encoding (ãà׶TF-8ãàif not available) instead of locale encoding in XML declaration when encoding="unicode" is specified.
gh-91832: Add required attribute to argparse.Action repr output.
gh-91734: Fix OSS audio support on Solaris.
gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised.
gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test.
gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError.
gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running.
gh-91575: Update case-insensitive matching in the re module to the latest Unicode version.
gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle.
bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an invalid keyword was found in marked section. Patch by Marek Suscak.
bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX.
bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters.
bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak
bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter.
bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel.
bpo-44493: Add missing terminated NUL in sockaddr_unãàÑÔ length

This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language.
bpo-42627: Fix incorrect parsing of Windows registry proxy settings
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation

gh-91888: Add a new gh role to the documentation to link to GitHub issues.
gh-91783: Document security issues concerning the use of the function shutil.unpack_archive()
gh-91547: Remove ãà׶ndocumented modulesãàpage.
bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree().
bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4.
bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7ãàÑÔ Documentation Strings paragraph. Patch by Oleg Iarygin.
bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky.
bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents.
bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed.
bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan ãà×ÚyyyyyyanãàOrestes.
bpo-38056: Overhaul the Error Handlers documentation in codecs.
bpo-13553: Document tkinter.Tk args.

Tests

gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up.
bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD.
bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom.

Build

bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build.

Windows

bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl.
bpo-40859: Update Windows build to use xz-5.2.5

Tools/Demos

gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter.

Revision 1.13 / (download) - annotate - [select for diffs], Fri Mar 25 17:54:37 2022 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.12

Python 3.9.12 final

Core and Builtins

bpo-46968: Check for the existence of the ãà×Ôys/auxv.hãàheader in faulthandler to avoid compilation problems in systems where this header doesnãàÑÕ exist. Patch by Pablo Galindo

Library

bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context.
bpo-23691: Protect the re.finditer() iterator from re-entering.
bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a ãà×Ûipfile.BadZipFile: Bad CRC-32 for fileãàexception when reading a ZipFile from multiple threads.
bpo-38256: Fix binascii.crc32() when it is compiled to use zlibãàÑÄ crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function.
bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag.
bpo-47061: Deprecate the various modules listed by PEP 594:
aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib
bpo-2604: Fix bug where doctests using globals would fail when run multiple times.
bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation has now been updated to note they will removed in Python 3.12 (PEP 594).
bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned.
bpo-40296: Fix supporting generic aliases in pydoc.
bpo-14156: argparse.FileType now supports an argument of ãàãàin binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including ãàÏÙãàand ãàÏÂãàare treated equivalently to ãàÏØãàwhen argument is ãàãà Patch contributed by Josh Rosenberg

Revision 1.12 / (download) - annotate - [select for diffs], Sat Mar 19 18:58:24 2022 UTC (2 years ago) by adam
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.11

Python 3.9.11 final

Core and Builtins

bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner.
bpo-46794: Bump up the libexpat version into 2.4.6
bpo-46762: Fix an assert failure in debug builds when a ãàãà ãàãà or ãàãàis the last character in an f-string thatãàÑÔ missing a closing right brace.
bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra.
bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated.
bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property.
bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings.
bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner.
bpo-46383: Fix invalid signature of _zoneinfoãàÑÔ module_free function to resolve a crash on wasm32-emscripten platform.

Library

bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop.
bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings.
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extensionãàÑÔ request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks.
bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka.
bpo-46932: Update bundled libexpat to 2.4.7
bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls.
bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport.
bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger.
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs.
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header.
bpo-46672: Fix NameError in asyncio.gather() when initial type check fails.
bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does.
bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport.
bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard.
bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard.
bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam.
bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape.
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.
bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class.
bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files.
bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated.
bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong.
bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash.
bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya.
bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argumentÑÔ default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein.
bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong.
bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed.
bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests.

Documentation

bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file

Tests

bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner.
bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution.
bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion.
bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner.
bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner.
bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython.
bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner.
bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner.

Build

bpo-47024: Update OpenSSL to 1.1.1n for macOS installers and all Windows builds.
bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale.
bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
bpo-45925: Update Windows installer to use SQLite 3.37.2.
bpo-47032: Ensure Windows install builds fail correctly with a non-zero exit code when part of the build fails.

Windows

bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
bpo-46638: Ensures registry virtualization is consistently disabled. For 3.10 and earlier, it remains enabled (some registry writes are protected), while for 3.11 and later it is disabled (registry modifications affect all applications).
macOS
bpo-45925: Update macOS installer to SQLite 3.37.2.

IDLE

bpo-46630: Make query dialogs on Windows start with a cursor in the entry box.
bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, ãàϤloseãàand ãàϦxitãàare now ãàϤlose Windowãà(the current one) and ãàϦxitãàis now ãàϦxit IDLEãà(by closing all windows). In Shell, ãàÏÒuit()ãàand ãàÏÆxit()ãàmean ãàÏÄlose Shellãà If there are no other windows, this also exits IDLE.
bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy.

Revision 1.11 / (download) - annotate - [select for diffs], Sat Jan 15 16:21:26 2022 UTC (2 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.10

Python 3.9.10 final

Core and Builtins

bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner.
bpo-46085: Fix iterator cache mechanism of OrderedDict.
bpo-46110: Add a maximum recursion check to the PEG parser to avoid stack overflow. Patch by Pablo Galindo
bpo-46000: Improve compatibility of the curses module with NetBSD curses.
bpo-45614: Fix traceback display for exceptions with invalid module name.
bpo-45806: Re-introduced fix that allows recovery from stack overflow without crashing the interpreter. The original fix as part of bpo-42500 was reverted (see release notes for Python 3.9.4) since it introduced an ABI change in a bugfix release which is not allowed. The new fix doesnãàÑÕ introduce any ABI changes. Patch by Mark Shannon.
bpo-45822: Fixed a bug in the parser that was causing it to not respect PEP 263 coding cookies when no flags are provided. Patch by Pablo Galindo
bpo-45820: Fix a segfault when the parser fails without reading any input. Patch by Pablo Galindo
bpo-42540: Fix crash when os.fork() is called with an active non-default memory allocator.

Library

bpo-40479: Fix hashlib usedforsecurity option to work correctly with OpenSSL 3.0.0 in FIPS mode.
bpo-46070: Fix possible segfault when importing the asyncio module from different sub-interpreters in parallel. Patch by Erlend E. Aasland.
bpo-46278: Reflect context argument in AbstractEventLoop.call_*() methods. Loop implementations already support it.
bpo-46239: Improve error message when importing asyncio.windows_events on non-Windows.
bpo-20369: concurrent.futures.wait() no longer blocks forever when given duplicate Futures. Patch by Kumar Aditya.
bpo-46105: Honor spec when generating requirement specs with urls and extras (importlib_metadata 4.8.3).
bpo-26952: argparse raises ValueError with clear message when trying to render usage for an empty mutually-exclusive group. Previously it raised a cryptic IndexError.
bpo-27718: Fix help for the signal module. Some functions (e.g. signal() and getsignal()) were omitted.
bpo-46032: The registry() method of functools.singledispatch() functions checks now the first argument or the first parameter annotation and raises a TypeError if it is not supported. Previously unsupported ãà×Õypesãàwere ignored (e.g. typing.List[int]) or caused an error at calling time (e.g. list[int]).
bpo-46018: Ensure that math.expm1() does not raise on underflow.
bpo-27946: Fix possible crash when getting an attribute of class:xml.etree.ElementTree.Element simultaneously with replacing the attrib dict.
bpo-13236: unittest.TextTestResult and unittest.TextTestRunner flush now the output stream more often.
bpo-37658: Fix issue when on certain conditions asyncio.wait_for() may allow a coroutine to complete successfully, but fail to return the result, potentially causing memory leaks or other issues.
bpo-45831: faulthandler can now write ASCII-only strings (like filenames and function names) with a single write() syscall when dumping a traceback. It reduces the risk of getting an unreadable dump when two threads or two processes dump a traceback to the same file (like stderr) at the same time. Patch by Victor Stinner.
bpo-41735: Fix thread lock in zlib.Decompress.flush() method before PyObject_GetBuffer.
bpo-45664: Fix types.resolve_bases() and types.new_class() for types.GenericAlias instance as a base.
bpo-45663: Fix dataclasses.is_dataclass() for dataclasses which are subclasses of types.GenericAlias.
bpo-45662: Fix the repr of dataclasses.InitVar with a type alias to the built-in class, e.g. InitVar[list[int]].
bpo-43498: Avoid a possible ãà׳untimeError: dictionary changed size during iterationãàwhen adjusting the process count of ProcessPoolExecutor.
bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a moduleãàÑÔ __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.

Documentation

bpo-19737: Update the documentation for the globals() function.
bpo-45840: Improve cross-references in the documentation for the data model.
bpo-45788: Link doc for sys.prefix to sysconfig doc on installation paths.
bpo-25381: In the extending chapter of the extending doc, update a paragraph about the global variables containing exception information.
bpo-43905: Expanded astuple() and asdict() docs, warning about deepcopy being applied and providing a workaround.
bpo-41028: Language and version switchers, previously maintained in every cpython branches, are now handled by docsbuild-script.

Tests

bpo-46205: Fix hang in runtest_mp due to race condition
bpo-46263: Fix test_capi on FreeBSD 14-dev: instruct jemalloc to not fill freed memory with junk byte.
bpo-46150: Now fakename in test_pathlib.PosixPathTest.test_expanduser is checked to be non-existent.
bpo-46129: Rewrite asyncio.locks tests with unittest.IsolatedAsyncioTestCase usage.
bpo-23819: Fixed asyncio tests in python optimized mode. Patch by Kumar Aditya.
bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.
bpo-19460: Add new Test for email.mime.nonmultipart.MIMENonMultipart.
bpo-45835: Fix race condition in test_queue tests with multiple ãà×Çeederãàthreads.

Build

bpo-46263: configure no longer sets MULTIARCH on FreeBSD platforms.
bpo-46106: Updated OpenSSL to 1.1.1m in Windows builds, macOS installer builds, and CI. Patch by Kumar Aditya.
bpo-44035: CI now verifies that autoconf files have been regenerated with a current and unpatched autoconf package.
bpo-33393: Update config.guess to 2021-06-03 and config.sub to 2021-08-14. Makefile now has an update-config target to make updating more convenient.
bpo-45866: make regen-all now produces the same output when run from a directory other than the source tree: when building Python out of the source tree. pegen now strips directory of the ãà×Èenerated by pygen from <FILENAME>ãàheader Patch by Victor Stinner.
bpo-41498: Python now compiles on platforms without sigset_t. Several functions in signal are not available when sigset_t is missing.
bpo-45881: setup.py now uses CC from environment first to discover multiarch and cross compile paths.

Windows

bpo-45901: When installed through the Microsoft Store and set as the default app for *.py files, command line arguments will now be passed to Python when invoking a script without explicitly launching Python (that is, script.py args rather than python script.py args).

macOS

bpo-40477: The Python Launcher app for macOS now properly launches scripts and, if necessary, the Terminal app when running on recent macOS releases.
bpo-45732: Update python.org macOS installer to use Tcl/Tk 8.6.12.

Tools/Demos

bpo-45838: Fix line number calculation when debugging Python with GDB.

C API

bpo-39026: Fix Python.h to build C extensions with Xcode: remove a relative include from Include/cpython/pystate.h.

Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 16 14:23:50 2021 UTC (2 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.9

Python 3.9.9 final

Core and Builtins
bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo.

Library
bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments.
bpo-45765: In importlib.metadata, fix distribution discovery for an empty path.
bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling.

Documentation
bpo-45772: socket.socket documentation is corrected to a class from a function.
bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor.

Windows
bpo-45732: Updates bundled Tcl/Tk to 8.6.12.
bpo-45720: Internal reference to shlwapi.dll was dropped to help improve startup time. This DLL will no longer be loaded at the start of every Python process.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Nov 6 12:24:34 2021 UTC (2 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.8

Python 3.9.8

Core and Builtins
bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples.
bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo.
bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na.
bpo-45167: Fix deepcopying of types.GenericAlias objects.
bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219.
bpo-44959: Added fallback to extension modules with ãàslãàsuffix on HP-UX
bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8.
bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when itãàÑÔ called directly or via super(). Patch provided by Yurii Karabas.
bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed.

(This issue impacted only the C code exception rendering, the traceback module was using qualname already).
Library
bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood.
bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2].
bpo-45438: Fix typing.Signature string representation for generic builtin types.
bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland.
bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood.
bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle.
bpo-45467: Fix incremental decoder and stream reader in the ãà×Óaw-unicode-escapeãàcodec. Previously they failed if the escape sequence was split.
bpo-45461: Fix incremental decoder and stream reader in the ãà×Önicode-escapeãàcodec. Previously they failed if the escape sequence was split.
bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt.
bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood.
bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :ãàÑÇunc:inspect.getabsfile, and return None to indicate that the module could not be determined.
bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop
bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options.
bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library.
bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na.
bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0
bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner.
bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that donãàÑÕ support the TCP_NODELAY socket option.
bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit.
bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner.
bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks.
bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator.
bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults.
bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError
bpo-45228: Fix stack buffer overflow in parsing J1939 network address.
bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol.

Patch by Kyungmin Lee.
bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice.
bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state.
bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef.
bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument.
bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas.
bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container.
bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module
bpo-45030: Fix integer overflow in pickling and copying the range iterator.
bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction.
bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight.
Documentation
bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod.
bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood.
bpo-45655: Add a new ãà×Óelevant PEPsãàsection to the top of the documentation for the typing module. Patch by Alex Waygood.
bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs.
bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility.
bpo-45449: Add note about PEP 585 in collections.abc.
bpo-45516: Add protocol description to the importlib.abc.Traversable documentation.
bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal.
bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places.
Tests
bpo-45578: Add tests for dis.distb()
bpo-45577: Add subtests for all pickle protocols in test_zoneinfo.
bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS.
bpo-40173: Fix test.support.import_helper.import_fresh_module().
bpo-45280: Add a test case for empty typing.NamedTuple.
bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder.
bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination
bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so donãàÑÕ expect it in the output. Patch by Victor Stinner.
bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec().
bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time.
Build
bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linuxãàÑÔ libuuid, too.
bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules.
bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon.
bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman.
bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building.
Windows
bpo-45337: venv now warns when the created environment may need to be accessed at a different path, due to redirections, links or junctions. It also now correctly installs or upgrades components when the alternate path is required.
macOS
bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the Tk project.
IDLE
bpo-45296: On Windows, change exit/quit message to suggest Ctrl-D, which works, instead of <Ctrl-Z Return>, which does not work in IDLE.
C API
bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered.
bpo-44751: Remove crypt.h include from the public Python.h header.

Revision 1.8 / (download) - annotate - [select for diffs], Wed Sep 1 13:53:58 2021 UTC (2 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

python39: updated to 3.9.7

Python 3.9.7 final

Security

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.
bpo-41180: Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ãà×£illion Laughsãàvulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
Core and Builtins
bpo-45018: Fixed pickling of range iterators that iterated for over 2**32 times.
bpo-44962: Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run
bpo-44954: Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way.
bpo-44947: Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo.
bpo-44698: Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex.
bpo-44885: Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo
bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).
bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.
bpo-25782: Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain.
bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.
bpo-44698: Fix undefined behaviour in complex object exponentiation.
bpo-44562: Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias.
bpo-44523: Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo.
bpo-44472: Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo
bpo-44184: Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner.
bpo-39091: Fix crash when using passing a non-exception to a generatorãàÑÔ throw() method. Patch by Noah Oxer

Library

bpo-41620: run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator.
bpo-43913: Fix bugs in cleaning up classes and modules in unittest:

Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module.
Functions registered with addClassCleanup() were not called if tearDownClass is set to None.
Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup().
Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes.
Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order.
And several lesser bugs.
bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.
bpo-44449: Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner.
bpo-44955: Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator.
bpo-38956: argparse.BooleanOptionalActionãàÑÔ default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter.
bpo-44581: Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0
bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner.
bpo-44605: The @functools.total_ordering() decorator now works with metaclasses.
bpo-44822: sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland.
bpo-44815: Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep()
bpo-44806: Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes.
bpo-44667: The tokenize.tokenize() doesnãàÑÕ incorrectly generate a NEWLINE token if the source doesnãàÑÕ end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo
bpo-42853: Fix http.client.HTTPSConnection fails to download >2GiB data.
bpo-44752: rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method.
bpo-44720: weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing.
bpo-44704: The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__().
bpo-44666: Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan Hölzl.
bpo-40897: Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong.
bpo-44608: Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple.
bpo-41928: Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected.
bpo-44566: handle StopIteration subclass raised from @contextlib.contextmanager generator
bpo-44558: Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na.
bpo-41249: Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules.
bpo-44461: Fix bug with pdbÑÔ handling of import error due to a package which does not have a __main__ module
bpo-42892: Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage.
bpo-27827: pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons.
bpo-34266: Handle exceptions from parsing the arg of pdbãàÑÔ run/restart command.
bpo-27334: The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland.
bpo-43853: Improved string handling for sqlite3 user-defined functions and aggregates:

It is now possible to pass strings with embedded null characters to UDFs
Conversion failures now correctly raise MemoryError
Patch by Erlend E. Aasland.
bpo-43048: Handle RecursionError in TracebackExceptionãàÑÔ constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail.
bpo-41402: Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding.
bpo-32695: The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested.
bpo-34990: Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038.
bpo-38840: Fix test___all__ on platforms lacking a shared memory implementation.
bpo-30256: Pass multiprocessing BaseProxy argument manager_owned through AutoProxy.
bpo-27513: email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz.
bpo-33349: lib2to3 now recognizes async generators everywhere.
bpo-29298: Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile.

Documentation

bpo-44903: Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place IãàÑ×e added links to the Python Wiki page on GUI frameworks.
bpo-44756: Reverted automated virtual environment creation on make html when building documentation. It turned out to be disruptive for downstream distributors.
bpo-44693: Update the definition of __future__ in the glossary by replacing the confusing word ãà×Ñseudo-moduleãàwith a more accurate description.
bpo-35183: Add typical examples to os.path.splitext docs
bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.
bpo-44561: Update of three expired hyperlinks in Doc/distributing/index.rst: ãà×±roject structureãà ãà×£uilding and packaging the projectãà and ãà׶ploading the project to the Python Packaging Indexãà
bpo-42958: Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg.
bpo-44558: Match the docstring and python implementation of countOf() to the behavior of its c implementation.
bpo-44544: List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation.
bpo-38062: Clarify that atexit uses equality comparisons internally.
bpo-43066: Added a warning to zipfile docs: filename arg with a leading slash may cause archive to be un-openable on Windows systems.
bpo-27752: Documentation of csv.Dialect is more descriptive.
bpo-44453: Fix documentation for the return type of sysconfig.get_path().
bpo-39498: Add a ãà×´ecurity Considerationsãàindex which links to standard library modules that have explicitly documented security considerations.
bpo-33479: Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c,

Tests

bpo-25130: Add calls of gc.collect() in tests to support PyPy.
bpo-45011: Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka.
bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so donãàÑÕ expect it in the output.
bpo-44852: Add ability to wholesale silence DeprecationWarnings while running the regression test suite.
bpo-40928: Notify users running test_decimal regression tests on macOS of potential harmless ãà×Îalloc canãàÑÕ allocate regionãàmessages spewed by test_decimal.
bpo-44734: Fixed floating point precision issue in turtle tests.
bpo-44708: Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file.
bpo-30256: Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy

Build

bpo-44535: Enable building using a Visual Studio 2022 install on Windows.
bpo-43298: Improved error message when building without a Windows SDK installed.

Windows

bpo-45007: Update to OpenSSL 1.1.1l in Windows build
bpo-44572: Avoid consuming standard input in the platform module
bpo-40263: This is a follow-on bug from https://bugs.python.org/issue26903. Once that is applied we run into an off-by-one assertion problem. The assert was not correct.

macOS

bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.
bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.

Tools/Demos

bpo-44756: In the Makefile for documentation (Doc/Makefile), the build rule is dependent on the venv rule. Therefore, html, latex, and other build-dependent rules are also now dependent on venv. The venv rule only performs an action if $(VENVDIR) does not exist. Doc/README.rst was updated; most users now only need to type make html.

Revision 1.7 / (download) - annotate - [selected], Tue Jun 29 12:43:42 2021 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

python39: updated to 3.9.6

Python 3.9.6 final

Security

bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.
Core and Builtins
bpo-44409: Fix error location information for tokenizer errors raised on initialization of the tokenizer. Patch by Pablo Galindo.
bpo-43667: Improve Unicode support in non-UTF locales on Oracle Solaris. This issue does not affect other Solaris systems.
bpo-44168: Fix error message in the parser involving keyword arguments with invalid expressions. Patch by Pablo Galindo
bpo-44114: Fix incorrect dictkeys_reversed and dictitems_reversed function signatures in C code, which broke webassembly builds.
bpo-44070: No longer eagerly makes import filenames absolute, except for extension modules, which was introduced in 3.9.5.
bpo-28146: Fix a confusing error message in str.format().
bpo-11105: When compiling ast.AST objects with recursive references through compile(), the interpreter doesnãàÑÕ crash anymore instead it raises a RecursionError.

Library

bpo-44516: Update vendored pip to 21.1.3
bpo-44482: Fix very unlikely resource leak in glob in alternate Python implementations.
bpo-44439: Fix in bz2.BZ2File.write() / lzma.LZMAFile.write() methods, when the input data is an object that supports the buffer protocol, the file length may be wrong.
bpo-44434: _thread.start_new_thread() no longer calls PyThread_exit_thread() explicitly at the thread exit, the call was redundant. On Linux with the glibc, pthread_exit() aborts the whole process if dlopen() fails to open libgcc_s.so file (ex: EMFILE error). Patch by Victor Stinner.
bpo-44422: The threading.enumerate() function now uses a reentrant lock to prevent a hang on reentrant call. Patch by Victor Stinner.
bpo-44395: Fix as_string() to pass unixfrom properly. Patch by Dong-hee Na.
bpo-44342: [Enum] Be more robust in searching for pickle support before making an enum class unpicklable.
bpo-44356: [Enum] Allow multiple data-type mixins if they are all the same.
bpo-44254: On Mac, give turtledemo button text a color that works on both light or dark background. Programmers cannot control the latter.
bpo-44145: hmac computations were not releasing the GIL while calling the OpenSSL HMAC_Update C API (a new feature in 3.9). This unintentionally prevented parallel computation as other hashlib algorithms support.
bpo-37788: Fix a reference leak when a Thread object is never joined.
bpo-44061: Fix regression in previous release when calling pkgutil.iter_modules() with a list of pathlib.Path objects
bpo-36515: The hashlib module no longer does unaligned memory accesses when compiled for ARM platforms.
bpo-44018: random.seed() no longer mutates bytearray inputs.
bpo-38352: Add IO, BinaryIO, TextIO, Match, and Pattern to typing.__all__. Patch by Jelle Zijlstra.
bpo-43972: When http.server.SimpleHTTPRequestHandler sends a 301 (Moved Permanently) for a directory path not ending with /, add a Content-Length: 0 header. This improves the behavior for certain clients.
bpo-28528: Fix a bug in pdb where checkline() raises AttributeError if it is called after reset().
bpo-43776: When subprocess.Popen args are provided as a string or as pathlib.Path, the Popen instance repr now shows the right thing.
bpo-43666: AIX: Lib/_aix_support.get_platform() may fail in an AIX WPAR. The fileset bos.rte appears to have a builddate in both LPAR and WPAR so this fileset is queried rather than bos.mp64. To prevent a similiar situation (no builddate in ODM) a value (9988) sufficient for completing a build is provided. Patch by M Felt.
bpo-43650: Fix MemoryError in shutil.unpack_archive() which fails inside shutil._unpack_zipfile() on large files. Patch by Igor Bolshakov.
bpo-43318: Fix a bug where pdb does not always echo cleared breakpoints.
bpo-43295: datetime.datetime.strptime() now raises ValueError instead of IndexError when matching 'z' with the %z format specifier.
bpo-37022: pdb now displays exceptions from repr() with its p and pp commands.
Documentation
bpo-40620: Convert examples in tutorial controlflow.rst section 4.3 to be interpreter-demo style.
bpo-13814: In the Design FAQ, answer ãà׸hy donãàÑÕ generators support the with statement?ãàbpo-44392: Added a new section in the C API documentation for types used in type hinting. Documented Py_GenericAlias and Py_GenericAliasType.
bpo-38291: Mark typing.io and typing.re as deprecated since Python 3.8 in the documentation. They were never properly supported by type checkers.
bpo-44322: Document that SyntaxError args have a details tuple and that details are adjusted for errors in f-string field replacement expressions.
bpo-44195: Corrected references to TraversableResources in docs. There is no TraversableReader.
bpo-41963: Document that ConfigParser strips off comments when reading configuration files.
bpo-44072: Correct where in the numeric ABC hierarchy ** support is added, i.e., in numbers.Complex, not numbers.Integral.
bpo-43558: Add the remark to dataclasses documentation that the __init__() of any base class has to be called in __post_init__(), along with a code example.
bpo-41621: Document that collections.defaultdict parameter default_factory defaults to None and is positional-only.

Tests

bpo-44287: Fix asyncio test_popen() of test_windows_utils by using a longer timeout. Use military grade battle-tested test.support.SHORT_TIMEOUT timeout rather than a hardcoded timeout of 10 seconds: itãàÑÔ 30 seconds by default, but it is made longer on slow buildbots. Patch by Victor Stinner.
bpo-44363: Account for address sanitizer in test_capi. test_capi now passes when run GCC address sanitizer.

Build

bpo-44381: The Windows build now accepts EnableControlFlowGuard set to guard to enable CFG.
Windows
bpo-41299: Fix 16ms jitter when using timeouts in threading, such as with threading.Lock.acquire() or threading.Condition.wait().

macOS

bpo-43568: Relax unnecessarily restrictive MACOSX_DEPLOYMENT_TARGET check when building extension modules for macOS. Patch by Joshua Root.
bpo-43109: Allow ãàÅØith-lto configure option to work with Apple-supplied Xcode or Command Line Tools.

IDLE

bpo-40128: Mostly fix completions on macOS when not using tcl/tk 8.6.11 (as with 3.9). The added update_idletask call should be harmless and possibly helpful otherwise.
bpo-33962: Move the indent space setting from the Font tab to the new Windows tab. Patch by Mark Roseman and Terry Jan Reedy.
bpo-40468: Split the settings dialog General tab into Windows and Shell/ED tabs. Move help sources, which extend the Help menu, to the Extensions tab. Make space for new options and shorten the dialog. The latter makes the dialog better fit small screens.
bpo-41611: Avoid uncaught exceptions in AutoCompleteWindow.winconfig_event().
bpo-41611: Fix IDLE sometimes freezing upon tab-completion on macOS.

Tools/Demos

bpo-44074: Make patchcheck automatically detect the correct base branch name (previously it was hardcoded to ãàÏÎasterãà

C API

bpo-44441: Py_RunMain() now resets PyImport_Inittab to its initial value at exit. It must be possible to call PyImport_AppendInittab() or PyImport_ExtendInittab() at each Python initialization. Patch by Victor Stinner.
bpo-42083: Fix crash in PyStructSequence_NewType() when passed NULL in the documentation string slot.

Revision 1.6 / (download) - annotate - [select for diffs], Tue May 4 05:17:29 2021 UTC (2 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) to selected 1.7 (colored)

python39: updated to 3.9.5

Python 3.9.5 final

Security
bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.
bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.

Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.
bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notatation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access.

Core and Builtins
bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations.
bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string).

Library
bpo-43993: Update bundled pip to 21.1.1.
bpo-43937: Fixed the turtle module working with non-default root window.
bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate.
bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.
bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform moduleãàÑÔ _syscmd_ver private function to return an accurate version.
bpo-42248: [Enum] ensure exceptions raised in _missing__ are released
bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)
bpo-43789: OpenSSL 3.0.0: DonãàÑÕ call the password callback function a second time when first call has signaled an error condition.
bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSLãàÑÔ text file with error codes.
bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window.
bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window.
bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL.
bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError.
bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error.
bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin.
bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.
bpo-32745: Fix a regression in the handling of ctypesãàctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz.

Documentation
bpo-43959: The documentation on the PyContextVar C-API was clarified.
bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError.
bpo-43755: Update documentation to reflect that unparenthesized lambda expressions can no longer be the expression part in an if clause in comprehensions and generator expressions since Python 3.9.
bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type.

Tests
bpo-43961: Fix test_logging.test_namer_rotator_inheritance() on Windows: use os.replace() rather than os.rename(). Patch by Victor Stinner.
bpo-43842: Fix a race condition in the SMTP test of test_logging. DonãàÑÕ close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner.
bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing.
bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.

Windows
bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an invalid filename.
bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing slash, rather than falling back to the parent directoryãàÑÔ metadata. This implicitly affected os.path.exists() and os.path.isdir().
bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and socket.gethostbyname_ex().
bpo-40432: Updated pegen regeneration script on Windows to find and use Python 3.8 or higher. Prior to this, pegen regeneration already required 3.8 or higher, but the script may have used lower versions of Python.
bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases were mislabelled and actually included 1.1.1i again.
bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.

macOS
bpo-42119: Fix check for macOS SDK paths when building Python. Narrow search to match contents of SDKs, namely only files in /System/Library, /System/IOSSupport, and /usr other than /usr/local. Previously, anything under /System was assumed to be in an SDK which causes problems with the new file system layout in 10.15+ where user file systems may appear to be mounted under /System. Paths in /Library were also incorrectly treated as SDK locations.
bpo-44009: Provide ãà×Ñython3.x-intel64ãàexecutable to allow reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs. This can be useful for testing or when universal2 wheels are not yet available.
bpo-43492: Update macOS installer to use SQLite 3.35.4.

IDLE
bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window.

Revision 1.5 / (download) - annotate - [select for diffs], Mon Apr 5 07:40:10 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored) to selected 1.7 (colored)

python39: updated to 3.9.4

Python 3.9.4

Core and Builtins
bpo-43710: Reverted the fix for https://bugs.python.org/issue42500 as it changed the PyThreadState struct size and broke the 3.9.x ABI in the 3.9.3 release (visible on 32-bit platforms using binaries compiled using an earlier version of Python 3.9.x headers).

Library
bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.

Revision 1.4 / (download) - annotate - [select for diffs], Sat Apr 3 06:23:13 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored) to selected 1.7 (colored)

python39: updated to 3.9.3

Python 3.9.3 final

Security
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.

Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.

Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
bpo-43555: Report the column offset for SyntaxError for invalid line continuation characters. Patch by Pablo Galindo.
bpo-43517: Fix misdetection of circular imports when using from pkg.mod import attr, which caused false positives in non-trivial multi-threaded code.
bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
bpo-42500: Improve handling of exceptions near recursion limit. Converts a number of Fatal Errors in RecursionErrors.

Library
bpo-43433: xmlrpc.client.ServerProxy no longer ignores query and fragment in the URL of the server.
bpo-35930: Raising an exception raised in a ×Çutureãàinstance will create reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
bpo-43521: ast.unparse can now render NaNs and empty sets.
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.

The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.

Also fixes bug with the test for smtpd.
bpo-43332: Improves the networking efficiency of http.client when using a proxy via set_tunnel(). Fewer small send calls are made during connection setup.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.

Documentation
bpo-43199: Answer ãà׸hy is there no goto?ãàin the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ãàÏÚield from <expr>ãàworks with any iterable, not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as ãà×Øill be removed in 4.0ãàto ãà.12ãà See PEP 623 for detail.

Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for UbuntuãàÑÔ custom OpenSSL security level policy.
bpo-43288: Fix test_importlib to correctly skip Unicode file tests if the fileystem does not support them.

Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.

macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.

IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLEãàÑÔ Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Feb 20 19:30:37 2021 UTC (3 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored) to selected 1.7 (colored)

python39 py39-html-docs: updated to 3.9.2

Python 3.9.2 final
Release date: 2021-02-19

Windows
bpo-43155: PyCMethod_New() is now present in python3.lib.
Python 3.9.2 release candidate 1
Release date: 2021-02-16

Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.

Core and Builtins
bpo-42819: readline: Explicitly disable bracketed paste in the interactive interpreter, even if itãàÑÔ set in the inputrc, is enabled by default (eg GNU Readline 8.1), or a user calls readline.read_init_file(). The Python REPL has not implemented bracketed paste support. Also, bracketed mode writes the "\x1b[?2004h" escape sequence into stdout which causes test failures in applications that donãàÑÕ support it. It can still be explicitly enabled by calling readline.parse_and_bind("set enable-bracketed-paste on"). Patch by Dustin Rodrigues.
bpo-42806: Fix the column offsets for f-strings ast nodes surrounded by parentheses and for nodes that spawn multiple lines. Patch by Pablo Galindo.
bpo-40631: Fix regression where a single parenthesized starred expression was a valid assignment target.
bpo-32381: Fix encoding name when running a .pyc file on Windows: PyRun_SimpleFileExFlags() now uses the correct encoding to decode the filename.
bpo-42536: Several built-in and standard library types now ensure that their internal result tuples are always tracked by the garbage collector:

collections.OrderedDict.items()
dict.items()
enumerate()
functools.reduce()
itertools.combinations()
itertools.combinations_with_replacement()
itertools.permutations()
itertools.product()
itertools.zip_longest()
zip()
Previously, they could have become untracked by a prior garbage collection. Patch by Brandt Bucher.
bpo-42195: The __args__ of the parameterized generics for typing.Callable and collections.abc.Callable are now consistent. The __args__ for collections.abc.Callable are now flattened while typing.CallableãàÑÔ have not changed. To allow this change, types.GenericAlias can now be subclassed and collections.abc.CallableãàÑÔ __class_getitem__ will now return a subclass of types.GenericAlias. Tests for typing were also updated to not subclass things like Callable[..., T] as that is not a valid base class. Finally, both types no longer validate their argtypes, in Callable[[argtypes], resulttype] to prepare for PEP 612. Patch by Ken Jin.

Library
bpo-43102: The namedtuple __new__ method had its __builtins__ set to None instead of an actual dictionary. This created problems for introspection tools.
bpo-43108: Fixed a reference leak in the curses module. Patch by Pablo Galindo
bpo-42944: Fix random.Random.sample when counts argument is not None.
bpo-42931: Add randbytes() to random.__all__.
bpo-42780: Fix os.set_inheritable() for O_PATH file descriptors on Linux.
bpo-42851: remove __init_subclass__ support for Enum members
bpo-41748: Fix HTMLParser parsing rules for element attributes containing commas with spaces. Patch by Karl Dubost.
bpo-42759: Fixed equality comparison of tkinter.Variable and tkinter.font.Font. Objects which belong to different Tcl interpreters are now always different, even if they have the same name.
bpo-42756: Configure LMTP Unix-domain socket to use socket global default timeout when a timeout is not explicitly provided.
bpo-23328: Allow / character in username, password fields on _PROXY envars.
bpo-42655: subprocess extra_groups is now correctly passed into setgroups() system call.
bpo-42727: EnumMeta.__prepare__ now accepts **kwds to properly support __init_subclass__
bpo-42681: Fixed range checks for color and pair numbers in curses.
bpo-37961: Fix crash in tracemalloc.Traceback.__repr__() (regressed in Python 3.9).
bpo-42630: tkinter functions and constructors which need a default root window raise now RuntimeError with descriptive message instead of obscure AttributeError or NameError if it is not created yet or cannot be created automatically.
bpo-42644: logging.disable will now validate the types and value of its parameter. It also now accepts strings representing the levels (as does loging.setLevel) instead of only the numerical values.
bpo-36541: Fixed lib2to3.pgen2 to be able to parse PEP-570 positional only argument syntax.
bpo-42517: Enum: private names will raise a DeprecationWarning; in 3.10 they will become normal attributes
bpo-42678: Enum: call __init_subclass__ after members have been added
bpo-42532: Remove unexpected call of __bool__ when passing a spec_arg argument to a Mock.
bpo-42388: Fix subprocess.check_output(ãà input=None) behavior when text=True to be consistent with that of the documentation and universal_newlines=True.
bpo-34463: Fixed discrepancy between traceback and the interpreter in formatting of SyntaxError with lineno not set (traceback was changed to match interpreter).
bpo-42375: subprocess module update for DragonFlyBSD support.
bpo-42384: Make pdb populate sys.path[0] exactly the same as regular python execution.
bpo-42383: Fix pdb: previously pdb would fail to restart the debugging target if it was specified using a relative path and the current directory changed.
bpo-42318: Fixed support of non-BMP characters in tkinter on macOS.
bpo-42163: Restore compatibility for uname_result around deepcopy and _replace.
bpo-39825: Windows: Change sysconfig.get_config_var('EXT_SUFFIX') to the expected full platform_tag.extension format. Previously it was hard-coded to .pyd, now it is compatible with distutils.sysconfig and will result in something like .cp38-win_amd64.pyd. This brings windows into conformance with the other platforms.
bpo-42059: typing.TypedDict types created using the alternative call-style syntax now correctly respect the total keyword argument when setting their __required_keys__ and __optional_keys__ class attributes.
bpo-39101: Fixed tests using IsolatedAsyncioTestCase from hanging on BaseExceptions.
bpo-42005: Fix CLI of cProfile and profile to catch BrokenPipeError.
bpo-41907: fix format() behavior for IntFlag
bpo-41889: Enum: fix regression involving inheriting a multiply-inherited enum
bpo-41891: Ensure asyncio.wait_for waits for task completion
bpo-41604: DonÑÕ decrement the reference count of the previous user_ptr when set_panel_userptr fails.
bpo-40219: Lowered tkinter.ttk.LabeledScale dummy widget to prevent hiding part of the content label.
bpo-40084: Fix Enum.__dir__: dir(Enum.member) now includes attributes as well as methods.
bpo-39068: Fix initialization race condition in a85encode() and b85encode() in base64. Patch by Brandon Stansbury.
bpo-33289: Correct call to tkinter.colorchooser to return RGB triplet of ints instead of floats. Patch by Cheryl Sabella.

Documentation
bpo-40304: Fix doc for type(name, bases, dict). Patch by Boris Verkhovskiy and ric Araujo.
bpo-42811: Updated importlib.utils.resolve_name() doc to use __spec__.parent instead of __package__. (Thanks Yair Frid.)
bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.

Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-40810: In sqlite3, fix CheckTraceCallbackContent for SQLite pre 3.7.15.

Build
bpo-43174: Windows build now uses /utf-8 compiler option.
bpo-42692: Fix __builtin_available check on older compilers. Patch by Joshua Root.
bpo-42604: Now all platforms use a value for the ãàצXT_SUFFIXãàbuild variable derived from SOABI (for instance in freeBSD, ãàצXT_SUFFIXãàis now ãàcpython-310d.soãàinstead of ãàsoãà. Previosuly only Linux, Mac and VxWorks were using a value for ãàצXT_SUFFIXãàthat included ãà×´OABIãà
bpo-42598: Fix implicit function declarations in configure which could have resulted in incorrect configuration checks. Patch contributed by Joshua Root.
bpo-29076: Add fish shell support to macOS installer.

Windows
bpo-41837: Updated Windows installer to include OpenSSL 1.1.1i
bpo-42584: Upgrade Windows installer to use SQLite 3.34.0.

macOS
bpo-42504: Ensure that the value of sysconfig.get_config_var(ãàÏ®ACOSX_DEPLOYMENT_TARGETãà is always a string, even in when the value is parsable as an integer.
bpo-42361: Update macOS installer build to use Tcl/Tk 8.6.11 (rc2, expected to be final release).
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1i.
bpo-42584: Update macOS installer to use SQLite 3.34.0.

IDLE
bpo-43008: Make IDLE invoke sys.excepthook() in normal, 2-process mode. Patch by Ken Hilton.
bpo-33065: Fix problem debugging user classes with __repr__ method.
bpo-23544: Disable Debug=>Stack Viewer when user code is running or Debugger is active, to prevent hang or crash. Patch by Zackery Spytz.
bpo-32631: Finish zzdummy example extension module: make menu entries work; add docstrings and tests with 100% coverage.

Tools/Demos
bpo-42726: Fixed Python 3 compatibility issue with gdb/libpython.py handling of attribute dictionaries.
bpo-42613: Fix freeze.py tool to use the prope config and library directories. Patch by Victor Stinner.

C API
bpo-43030: Fixed a compiler warning in Py_UNICODE_ISSPACE() on platforms with signed wchar_t.
bpo-42591: Export the Py_FrozenMain() function: fix a Python 3.9.0 regression. Python 3.9 uses -fvisibility=hidden and the function was not exported explicitly and so not exported.
bpo-40052: Fix an alignment build warning/error in function PyVectorcall_Function(). Patch by Andreas Schneider, Antoine Pitrou and Petr Viktorin.

Revision 1.2 / (download) - annotate - [select for diffs], Tue Dec 8 14:30:40 2020 UTC (3 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored) to selected 1.7 (colored)

python39: updated to 3.9.1

Python 3.9.1 final

Core and Builtins

bpo-42576: types.GenericAlias will now raise a TypeError when attempting to initialize with a keyword argument. Previously, this would cause the interpreter to crash if the interpreter was compiled with debug symbols. This does not affect interpreters compiled for release. Patch by Ken Jin.

Library

bpo-5054: CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly parsed. Replace the special purpose getallmatchingheaders with generic get_all method and add relevant tests.
bpo-17735: inspect.findsource() now raises OSError instead of IndexError when co_lineno of a code object is greater than the file length. This can happen, for example, when a file is edited after it was imported.
bpo-42116: Fix handling of trailing comments by inspect.getsource().
bpo-42487: ChainMap.__iter__ no longer calls __getitem__ on underlying maps
bpo-42482: TracebackException no longer holds a reference to the exceptionãàÑÔ traceback object. Consequently, instances of TracebackException for equivalent but non-equal exceptions now compare as equal.
bpo-42406: We fixed an issue in pickle.whichmodule in which importing multiprocessing could change the how pickle identifies which module an object belongs to, potentially breaking the unpickling of those objects.
bpo-34215: Clarify the error message for asyncio.IncompleteReadError when expected is None.
bpo-12800: Extracting a symlink from a tarball should succeed and overwrite the symlink if it already exists. The fix is to remove the existing file or symlink before extraction. Based on patch by Chris AtLee, Jeffrey Kintscher, and Senthil Kumaran.

Tests

bpo-41473: Reenable test_gdb on gdb 9.2 and newer: https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is fixed in gdb 10.1.
bpo-42553: Fix test_asyncio.test_call_later() race condition: donãàÑÕ measure asyncio performance in the call_later() unit test. The test failed randomly on the CI.

macOS

bpo-41116: If no explicit macOS SDK was specified, setup.py should check for Tcl and TK frameworks in /Library/Frameworks; the previous commit inadvertently broke that test.
bpo-42504: Fix build on macOS Big Sur when MACOSX_DEPLOYMENT_TARGET=11

IDLE

bpo-42508: Keep IDLE running on macOS. Remove obsolete workaround that prevented running files with shortcuts when using new universal2 installers built on macOS 11.

Revision 1.1 / (download) - annotate - [select for diffs], Sat Oct 10 20:19:47 2020 UTC (3 years, 5 months ago) by adam
Branch: MAIN
Diff to selected 1.7 (colored)

python39: added version 3.9.0

3.9.0 Release highlights

New syntax features:

PEP 584, union operators added to dict;
PEP 585, type hinting generics in standard collections;
PEP 614, relaxed grammar restrictions on decorators.

New built-in features:

PEP 616, string methods to remove prefixes and suffixes.

New features in the standard library:

PEP 593, flexible function and variable annotations;
os.pidfd_open() added that allows process management without races and signals.

Interpreter improvements:

PEP 573, fast access to module state from methods of C extension types;
PEP 617, CPython now uses a new parser based on PEG;
a number of Python builtins (range, tuple, set, frozenset, list, dict) are now sped up using PEP 590 vectorcall;
garbage collection does not block on resurrected objects;
a number of Python modules (_abc, audioop, _bz2, _codecs, _contextvars, _crypt, _functools, _json, _locale, math, operator, resource, time, _weakref) now use multiphase initialization as defined by PEP 489;
a number of standard library modules (audioop, ast, grp, _hashlib, pwd, _posixsubprocess, random, select, struct, termios, zlib) are now using the stable ABI defined by PEP 384.

New library modules:

PEP 615, the IANA Time Zone Database is now present in the standard library in the zoneinfo module;
an implementation of a topological sort of a graph is now provided in the new graphlib module.

Release process changes:

PEP 602, CPython adopts an annual release cycle.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>