ActivePython Changelog

What's new in ActivePython 3.8.2.000

• Security:
• bpo-40121: Fixes audit events raised on creating a new socket
• bpo-38576: Disallow control characters in hostnames in httpclient, addressing CVE-2019-18348 Such potentially malicious header injection URLs now cause a InvalidURL to be raised
• bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllibrequest module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service Fix the regex to prevent the catastrophic backtracking Vulnerability reported by Ben Caller and Matt Schwager
• Core and Builtins:
• bpo-20526: Fix PyThreadState_Clear() PyThreadStateframe is a borrowed reference, not a strong reference: PyThreadState_Clear() must not call Py_CLEAR(tstate->frame)
• bpo-39965: Correctly raise SyntaxError if await is used inside non-async functions and PyCF_ALLOW_TOP_LEVEL_AWAIT is set (like in the asyncio REPL) Patch by Pablo Galindo
• bpo-39562: Allow executing asynchronous comprehensions on the top level when the PyCF_ALLOW_TOP_LEVEL_AWAIT flag is given Patch by Batuhan Taskaya
• bpo-38894: Fix a bug that was causing incomplete results when calling pathlibPathglob in the presence of symlinks that point to files where the user does not have read access Patch by Pablo Galindo and Matt Wozniski
• bpo-39871: Fix a possible SystemError in math{atan2,copysign,remainder}() when the first argument cannot be converted to a float Patch by Zachary Spytz
• bpo-39776: Fix race condition where threads created by PyGILState_Ensure() could get a duplicate id
• This affects consumers of tstate->id like the contextvar caching machinery, which could return invalid cached objects under heavy thread load (observed in embedded scenarios)
• bpo-39778: Fixed a crash due to incorrect handling of weak references in collectionsOrderedDict classes Patch by Pablo Galindo
• bpo-39520: Fix unparsing of ext slices with no items (foo[:,]) Patch by Batuhan Taskaya
• bpo-22490: Don’t leak environment variable __PYVENV_LAUNCHER__ into the interpreter session on macOS
• Library:
• bpo-40138: Fix the Windows implementation of oswaitpid() for exit code larger than INT_MAX >> 8 The exit status is now interpreted as an unsigned number
• bpo-39942: Set “__main__” as the default module name when “__name__” is missing in typingTypeVar Patch by Weipeng Hong
• bpo-40330: In ShareableList__setitem__(), check the size of a new string item after encoding it to utf-8, not before
• bpo-40287: Fixed SpooledTemporaryFileseek() to return the position
• bpo-40260: Ensure modulefinder uses ioopen_code() and respects coding comments
• bpo-40196: Fix a bug in the symtable module that was causing incorrectly report global variables as local Patch by Pablo Galindo
• bpo-40126: Fixed reverting multiple patches in unittestmock Patcher’s __exit__() is now never called if its __enter__() is failed Returning true from __exit__() silences now the exception
• bpo-40089: Fix threading_after_fork(): if fork was not called by a thread spawned by threadingThread, threading_after_fork() now creates a _MainThread instance for _main_thread, instead of a _DummyThread instance
• bpo-39503: AbstractBasicAuthHandler of urllibrequest now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge
• bpo-40014: Fix osgetgrouplist(): if getgrouplist() function fails because the group list is too small, retry with a larger group list On failure, the glibc implementation of getgrouplist() sets ngroups to the total number of groups For other implementations, double the group list size
• bpo-40016: In re docstring, clarify the relationship between inline and argument compile flags
• bpo-39953: Update internal table of OpenSSL error codes in the ssl module
• bpo-39360: Ensure all workers exit when finalizing a multiprocessingPool implicitly via the module finalization handlers of multiprocessing This fixes a deadlock situation that can be experienced when the Pool is not properly finalized via the context manager or a call to multiprocessingPoolterminate Patch by Batuhan Taskaya and Pablo Galindo
• bpo-39652: The column name found in sqlite3Cursordescription is now truncated on the first ‘[‘ only if the PARSE_COLNAMES option is set
• bpo-39915: Ensure unittestmockAsyncMockawait_args_list has call objects in the order of awaited arguments instead of using unittestmockMockcall_args which has the last value of the call Patch by Karthikeyan Singaravelan
• bpo-38662: The ensurepip module now invokes pip via the runpy module Hence it is no longer tightly coupled with the internal API of the bundled pip version, allowing easier updates to a newer pip version both internally and for distributors
• bpo-39916: More reliable use of osscandir() in Pathglob() It no longer emits a ResourceWarning when interrupted
• bpo-39850: multiprocessing now supports abstract socket addresses (if abstract sockets are supported in the running platform) Patch by Pablo Galindo
• bpo-39828: Fix jsontool to catch BrokenPipeError Patch by Dong-hee Na
• bpo-13487: Avoid a possible “RuntimeError: dictionary changed size during iteration” from inspectgetmodule() when it tried to loop through sysmodules
• bpo-39794: Add –without-decimal-contextvar build option This enables a thread-local rather than a coroutine local context
• bpo-39769: The compileallcompile_dir() function’s ddir parameter and the compileall command line flag -d no longer write the wrong pathname to the generated pyc file for submodules beneath the root of the directory tree being compiled This fixes a regression introduced with Python 35
• bpo-39517: Fix runpyrun_path() when using pathlike objects
• bpo-39764: Fix AttributeError when calling get_stack on a PyAsyncGenObject Task
• bpo-30566: Fix IndexError when trying to decode an invalid string with punycode codec
• bpo-39667: Correct performance degradation in zipfilePath as found in zipp 30 While retaining compatibility, this change discourages the use of zipfilePathopen due to the signature change in Python 39 For compatibility across Python 38 and later versions, consider using zippPath on Python 38x and earlier
• bpo-39548: Fix handling of header in urllibrequestAbstractDigestAuthHandler when the optional qop parameter is not present
• bpo-38971: Open issue in the BPO indicated a desire to make the implementation of codecsopen() at parity with ioopen(), which implements a try/except to assure file stream gets closed before an exception is raised
• bpo-38410: Properly handle sysaudit() failures in sysset_asyncgen_hooks() Based on patch by Zackery Spytz
• bpo-36541: lib2to3 now recognizes named assignment expressions (the walrus operator, :=)
• bpo-31758: Prevent crashes when using an uninitialized _elementtreeXMLParser object Patch by Oren Milman
• Documentation:
• bpo-27635: The pickle documentation incorrectly claimed that __new__ isn’t called by default when unpickling
• bpo-39879: Updated Data model docs to include dict() insertion order preservation Patch by Furkan Onder and Samy Lahfa
• bpo-39868: Updated the Language Reference for PEP 572
• bpo-13790: Change ‘string’ to ‘specification’ in format doc
• bpo-17422: The language reference no longer restricts default class namespaces to dicts only
• bpo-39530: Fix misleading documentation about mixed-type numeric comparisons
• bpo-39718: Update token documentation to reflect additions in Python 38
• bpo-39677: Changed operand name of MAKE_FUNCTION from argc to flags for module dis
• bpo-38387: Document PyDoc_STRVAR macro in the C-API reference
• Tests:
• bpo-40162: Update Travis CI configuration to OpenSSL 111f
• bpo-40146: Update OpenSSL to 111f in Azure Pipelines
• bpo-40019: test_gdb now skips tests if it detects that gdb failed to read debug information because the Python binary is optimized
• bpo-27807: test_sitetest_startup_imports() is now skipped if a path of syspath contains a pth file
• bpo-39793: Use the same domain when testing make_msgid Patch by Batuhan Taskaya
• bpo-1812: Fix newline handling in doctesttestfile when loading from a package whose loader has a get_data method Patch by Peter Donis
• bpo-37957: testregrtest now can receive a list of test patterns to ignore (using the -i/–ignore argument) or a file with a list of patterns to ignore (using the –ignore-file argument) Patch by Pablo Galindo
• bpo-38502: testregrtest now uses process groups in the multiprocessing mode (-jN command line option) if process groups are available: if ossetsid() and oskillpg() functions are available
• Build:
• bpo-38360: Support single-argument form of macOS -isysroot flag
• bpo-40204: Pin Sphinx version to 182 in Doc/Makefile
• bpo-40158: Fix CPython MSBuild Properties in NuGet Package (build/native/pythonprops)
• bpo-38527: Fix configure check on Solaris for “float word ordering”: sometimes, the correct “grep” command was not being used Patch by Arnon Yaari
• Windows:
• bpo-40164: Updates Windows to OpenSSL 111f
• bpo-39930: Ensures the required vcruntime140dll is included in install packages
• bpo-39847: Avoid hang when computer is hibernated whilst waiting for a mutex (for lock-related objects from threading) around 49-day uptime
• bpo-38597: distutils will no longer statically link vcruntime140dll when a redistributable version is unavailable All future releases of CPython will include a copy of this DLL to ensure distributed extensions can continue to load
• bpo-38380: Update Windows builds to use SQLite 3311
• bpo-39789: Update Windows release build machines to Visual Studio 2019 (MSVC 142)
• bpo-34803: Package for nugetorg now includes repository reference and bundled icon image