Python 3.9.8
Core and Builtins
bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples.
bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo.
bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na.
bpo-45167: Fix deepcopying of types.GenericAlias objects.
bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219.
bpo-44959: Added fallback to extension modules with ‘.sl’ suffix on HP-UX
bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8.
bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it’s called directly or via super(). Patch provided by Yurii Karabas.
bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed.
(This issue impacted only the C code exception rendering, the traceback module was using qualname already).
Library
bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood.
bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2].
bpo-45438: Fix typing.Signature string representation for generic builtin types.
bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland.
bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood.
bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle.
bpo-45467: Fix incremental decoder and stream reader in the “raw-unicode-escape” codec. Previously they failed if the escape sequence was split.
bpo-45461: Fix incremental decoder and stream reader in the “unicode-escape” codec. Previously they failed if the escape sequence was split.
bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt.
bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood.
bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :’func:inspect.getabsfile, and return None to indicate that the module could not be determined.
bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop
bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options.
bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library.
bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na.
bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0
bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner.
bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don’t support the TCP_NODELAY socket option.
bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit.
bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner.
bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks.
bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator.
bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults.
bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError
bpo-45228: Fix stack buffer overflow in parsing J1939 network address.
bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol.
Patch by Kyungmin Lee.
bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice.
bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state.
bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef.
bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument.
bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas.
bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container.
bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module
bpo-45030: Fix integer overflow in pickling and copying the range iterator.
bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction.
bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight.
Documentation
bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod.
bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood.
bpo-45655: Add a new “relevant PEPs” section to the top of the documentation for the typing module. Patch by Alex Waygood.
bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs.
bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility.
bpo-45449: Add note about PEP 585 in collections.abc.
bpo-45516: Add protocol description to the importlib.abc.Traversable documentation.
bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal.
bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places.
Tests
bpo-45578: Add tests for dis.distb()
bpo-45577: Add subtests for all pickle protocols in test_zoneinfo.
bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS.
bpo-40173: Fix test.support.import_helper.import_fresh_module().
bpo-45280: Add a test case for empty typing.NamedTuple.
bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder.
bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination
bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don’t expect it in the output. Patch by Victor Stinner.
bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec().
bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time.
Build
bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux’s libuuid, too.
bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules.
bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon.
bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman.
bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building.
Windows
bpo-45337: venv now warns when the created environment may need to be accessed at a different path, due to redirections, links or junctions. It also now correctly installs or upgrades components when the alternate path is required.
macOS
bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the Tk project.
IDLE
bpo-45296: On Windows, change exit/quit message to suggest Ctrl-D, which works, instead of <Ctrl-Z Return>, which does not work in IDLE.
C API
bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered.
bpo-44751: Remove crypt.h include from the public Python.h header.
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime,
the go command, the misc/wasm directory, and to the net/http and syscall
packages. See the Go 1.17.3 milestone on our issue tracker for details.
A Python 3.6+ implementation of the Language Server Protocol.
This is a fork of the python-language-server project, maintained
by the Spyder IDE team and the community.
0.36.2
Flatten folding regions
Enable code folding results aggregation
0.36.1
Add code in front of the diagnostic message for flake8.
Pass document path to jedi_names when a file is not placed in a module.
0.36.0
Allow passing explicit environment variables to Jedi environment
Add document path to Jedi's sys_path
Resolve flake8_executable allowing ~/${HOME} paths
Pass server settings to new workspaces
Synchronize document text updates
Correct method and attribute detection on document/symbols call
Specify relevant document path when retrieving some plugin settings
0.35.1
Fix ujson dependency for Python 2.
0.35.0
Allow usage of Pylint via stdin.
Require python-jsonrpc-server >= 0.4.0
Update ujson dependency to work with its latest release.
Move CI to Github Actions.
0.34.1
Make flake8 plugin use stdin.
Fix error when formatting if continuation lines are incorrectly indented when using autopep8.
0.34.0
Add option to configure flake8 executable.
Read pycodestyle and flake8 configurations per workspace.
Parse ignore arguments in flake8 to avoid issues with Atom.
0.33.3
Do not start shutdown sequence on TCP when not checking parent process
0.33.2
Do not create documents from a textDocument/rename
Fix some code quality and bug-risk issues
0.33.1
Add support for autopep8 aggressive option from config file
0.33.0
Add optional class objects to completion list.
Fix completions with one arg.
Remove pycodestyle plugin's dependency on autopep8.
go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime,
the misc/wasm directory, and to the net/http package. See the Go 1.16.10
milestone on our issue tracker for details.
## 1.18.1 - 2021-10-16
- Fix some documentation typos
- Fix - Set pipes passed to subprocess to blocking mode.
- Fix `-r` switch in repl.
## 1.18.0 - 2021-10-10
- Allow `ev/cancel` to work on already scheduled fibers.
- Fix bugs with ev/ module.
- Add optional `base` argument to scan-number
- Add `-i` flag to janet binary to make it easier to run image files from the command line
- Remove `thread/` module.
- Add `(number ...)` pattern to peg for more efficient number parsing using Janet's
scan-number function without immediate string creation.
## 1.17.2 - 2021-09-18
- Remove include of windows.h from janet.h. This caused issues on certain projects.
- Fix formatting in doc-format to better handle special characters in signatures.
- Fix some marshalling bugs.
- Add optional Makefile target to install jpm as well.
- Supervisor channels in threads will no longer include a wasteful copy of the fiber in every
message across a thread.
- Allow passing a closure to `ev/thread` as well as a whole fiber.
- Allow passing a closure directly to `ev/go` to spawn fibers on the event loop.
## 1.17.1 - 2021-08-29
- Fix docstring typos
- Add `make install-jpm-git` to make jpm co-install simpler if using the Makefile.
- Fix bugs with starting ev/threads and fiber marshaling.
## 1.17.0 - 2021-08-21
- Add the `-E` flag for one-liners with the `short-fn` syntax for argument passing.
- Add support for threaded abstract types. Threaded abstract types can easily be shared between threads.
- Deprecate the `thread` library. Use threaded channels and ev instead.
- Channels can now be marshalled.
- Add the ability to close channels with `ev/chan-close` (or `:close`).
- Add threaded channels with `ev/thread-chan`.
- Add `JANET_FN` and `JANET_REG` macros to more easily define C functions that export their source mapping information.
- Add `janet_interpreter_interupt` and `janet_loop1_interrupt` to interrupt the interpreter while running.
- Add `table/clear`
- Add build option to disable the threading library without disabling all threads.
- Remove JPM from the main Janet distribution. Instead, JPM must be installed
separately like any other package.
- Fix issue with `ev/go` when called with an initial value and supervisor.
- Add the C API functions `janet_vm_save` and `janet_vm_load` to allow
saving and restoring the entire VM state.
Vala 0.54.2
===========
* Various improvements and bug fixes:
- vala:
+ Multi-dimensional params-array not allowed [#1230]
+ Accept NullType as generic type argument
+ Set source references of created DataType instances in OCE
* Bindings:
- gio-2.0: Update to 2.71.0~a0d2efdc
- glib-2.0: Update 2.70 symbols
- gtk4: Update to 4.5.0~da5efea6
Changes from 5.1.0 to 5.1.1
---------------------------
1. Infrastructure upgrades: Bison 3.8, Gettext 0.20.2, Automake 1.16.4,
and (will wonders never cease) Autoconf 2.71.
2. asort and asorti now allow FUNCTAB and SYMTAB as the first argument if a
second destination array is supplied. Similarly, using either array as
the second argument is now a fatal error. Additionally, using either
array as the destination for split(), match(), etc. also causes a
fatal error.
3. The new -I/--trace option prints a trace of the byte codes as they
are executed.
4. A number of subtle bugs relating to MPFR mode that caused differences
between regular operation and MPFR mode have been fixed.
5. The API now handles MPFR/GMP values slightly differently, requiring
different memory management for those values. See the manual for the
details if you have an extension using those values. As a result,
the minor version was incremented.
6. $0 and the fields are now cleared before starting a BEGINFILE rule.
7. The duplication of m4 and build-aux directories between the main
directory and the extension directory has been removed. This
simplifies the distribution.
8. The test suite has been improved, making it easier to run the entire
suite with -M. Use `GAWK_TEST_ARGS=-M make check' to do so.
9. Profiling and pretty-printing output has been modified slightly so
that functions are presented in a reasonable order with respect
to the namespaces that contain them.
10. Several example programs in the manual have been updated to their
modern POSIX equivalents.
11. A number of examples in doc/gawkinet.texi have been updated for
current times. Thanks to Juergen Kahrs for the work.
12. Handling of Infinity and NaN values has been improved.
13. There has been a general tightening up of the use of const and
of types.
14. The "no effect" lint warnings have been fixed up and now behave
more sanely.
15. The manual has been updated with much more information about what is
and is not a bug, and the changes in the gawk mailing lists.
16. The behavior of strongly-typed regexp constants when passed as the
third argument to sub() or gsub() has been clarified in the code and
in the manual.
17. Similar to item #4 above, division by zero is now fatal in MPFR
mode, as it is in regular mode.
18. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
3.8.0: 2020-10-29
=================
* Better handling of invalid bytecode magic
* Support running from 3.9 and 3.10 although we do not support those bytecodes
* Redo version comparisons using tuples instead of floats. This is needed for Python 3.10
* Split out into 3 branches so that the master branch can assume Python 3.6+ conventions, especially type annotations
* Source Fragment fixes
* Lambda-bug fixes 360
* Bug fixes
This is a security fix release.
28 Oct 2021, PHP 7.3.32
- FPM:
. Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
escalation). (CVE-2021-21703) (Jakub Zelenka)
Correct a merge botch introduced in a previous commit. It was intended
that a variable be redefined, but it was committed in an incomplete
testing state.
Version 12.22.7 'Erbium' (LTS)
This is a security release.
Notable changes
CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
Version 14.18.1 'Fermium' (LTS)
This is a security release.
Notable changes
CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
This relates to the case when GCC is built using clang host CC. In that
case the runtime libraries are not built with RELRO for some reason.
for the gcc*-libs/ packages, mark them as RELRO_SUPPORTED=no unconditionally.
RELRO status depends on how the parent gcc package was built so we don't
need nor care about the RELRO status here.
Vala 0.54.1
===========
* Regression and bug fixes:
- codegen:
+ Add type declaration for implicit temporary local variable
+ Sealed class in external package is not special [#1229]
* Bindings:
- gstreamer: Update from 1.19.0+ git master
- gtk4: Update to 4.5.0~3e20ecd6
This minor release includes a security fix according to the new security policy.
When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
passing very large arguments can cause portions of the module to be overwritten
with data from the arguments.
If using wasm_exec.js to execute WASM modules, users will need to replace their
copy (as described in https://golang.org/wiki/WebAssembly#getting-started)
after rebuilding any modules.
This is issue 48797 and CVE-2021-38297. Thanks to Ben Lubar for reporting this
issue.
This minor release includes a security fix according to the new security policy.
When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js,
passing very large arguments can cause portions of the module to be overwritten
with data from the arguments.
If using wasm_exec.js to execute WASM modules, users will need to replace their
copy (as described in https://golang.org/wiki/WebAssembly#getting-started)
after rebuilding any modules.
This is issue 48797 and CVE-2021-38297. Thanks to Ben Lubar for reporting this
issue.
This defaults to WRKSRC and allows packages that aren't primarily
written in rust, but have a rust component that needs to be built, to
support the correct operation of cargo within their source tree.
It's already added to bootstrap tools by mk, and adding it here actually
has the opposite effect of what's intended. It seems to confuse the
tools infrastructure and defer its dependency, i.e. until it's too late,
causing "digest: not found" errors if it's not already installed.
Python 3.10
Summary – Release highlights
New syntax features:
PEP 634, Structural Pattern Matching: Specification
PEP 635, Structural Pattern Matching: Motivation and Rationale
PEP 636, Structural Pattern Matching: Tutorial
bpo-12782, Parenthesized context managers are now officially allowed.
New features in the standard library:
PEP 618, Add Optional Length-Checking To zip.
Interpreter improvements:
PEP 626, Precise line numbers for debugging and other tools.
New typing features:
PEP 604, Allow writing union types as X | Y
PEP 613, Explicit Type Aliases
PEP 612, Parameter Specification Variables
Important deprecations, removals or restrictions:
PEP 644, Require OpenSSL 1.1.1 or newer
PEP 632, Deprecate distutils module.
PEP 623, Deprecate and prepare for the removal of the wstr member in PyUnicodeObject.
PEP 624, Remove Py_UNICODE encoder APIs
PEP 597, Add optional EncodingWarning
