Harden ssl module against LibreSSL :cve:`2018-8970`. X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test ensures that NULL bytes are not allowed.
Minimal fix to prevent buffer overrun in os.symlink on Windows
Regexes in difflib and poplib were vulnerable to catastrophic backtracking. These regexes formed potential DOS vectors (REDOS). They have been refactored. This resolves :cve:`2018-1060` and :cve:`2018-1061`. Patch by Jamie Davis.
When using the -m switch, sys.path[0] is now explicitly expanded as the starting working directory, rather than being left as the empty path (which allows imports from the current working directory at the time of the import)
Improve consistency of errors raised by issubclass() when called with a
non-class and an abstract base class as the first and second arguments,
respectively. Patch by Josh Bronson.
Fixed jumping when the function contains an async for loop.
Fixed jumping out of "with" block by setting f_lineno.
Fix a crash on fork when using a custom memory allocator (ex: using PYTHONMALLOC env var). _PyGILState_Reinit() and _PyInterpreterState_Enable() now use the default RAW memory allocator to allocate a new interpreters mutex on fork.
Prevent jumps from 'return' and 'exception' trace events.
Don't use temporary variables in cases of list/dict/set comprehensions
Have Field objects pass through __set_name__ to their default values, if they have their own __set_name__.
Allow ttk.Treeview.insert to insert iid that has a false boolean value. Note iid=0 and iid=False would be same. Patch by Garvit Khatri.
Treat type variables and special typing forms as immutable by copy and pickle. This fixes several minor issues and inconsistencies, and improves backwards compatibility with Python 3.6.
When computing dataclass's __hash__, use the lookup table to contain the function which returns the __hash__ value. This is an improvement over looking up a string, and then testing that string to see what to do.
The ssl module now compiles with LibreSSL 2.7.1.
Raise TypeError if a member variable of a dataclass is of type Field, but doesn't have a type annotation.
Fix the failure on OSX caused by the tests relying on sem_getvalue
Add 'Field' to dataclasses.__all__.
Fix an error where subclassing a dataclass with a field that uses a default_factory would generate an incorrect class.
Dataclasses: If a field has a default value that's a MemberDescriptorType, then it's from that field being in __slots__, not an actual default value.
If a non-dataclass inherits from a frozen dataclass, allow attributes to be added to the derived class. Only attributes from the frozen dataclass cannot be assigned to. Require all dataclasses in a hierarchy to be either all frozen or all non-frozen.
Add missing NoReturn to __all__ in typing.py
Fix the size handling in multiprocessing.Queue when a pickling error occurs.
lib2to3 now properly supports trailing commas after *args and
**kwargs in function signatures.
FIX properly close leaking fds in concurrent.futures.ProcessPoolExecutor.
Release the GIL during fstat() calls, avoiding hang of all threads when calling mmap.mmap(), os.urandom(), and random.seed(). Patch by Nir Soffer.
Avoid failing in multiprocessing.Process if the standard streams are closed or None at exit.
Skip sending/receiving data after SSL transport closing.
Fix a regression in :mod:`ipaddress` that result of :meth:`hosts` is empty when the network is constructed by a tuple containing an integer mask and only 1 bit left for addresses.
Fix C implementation of ABC.__subclasscheck__(cls, subclass) crashed when
subclass is not a type object.
Fix inspect.signature() for single-parameter partialmethods.
Expose several missing constants in zlib and fix corresponding documentation.
Improved exceptions raised for invalid number of channels and sample width when read an audio file in modules :mod:`!aifc`, :mod:`wave` and :mod:`!sunau`.
Fix wrong redirection of a low descriptor (0 or 1) to stderr in subprocess if another low descriptor is closed.
In :mod:`tkinter`, after_cancel(None) now raises a :exc:`ValueError`
instead of canceling the first scheduled function. Patch by Cheryl Sabella.
http.server now exposes a ThreadedHTTPServer class and uses it when the
module is run with -m to cope with web browsers pre-opening sockets.
:class:`sqlite3.Connection` now exposes a :class:`~sqlite3.Connection.backup` method, if the underlying SQLite library is at version 3.6.11 or higher. Patch by Lele Gaifax.
Document PyBuffer_ToContiguous().
Modify documentation for the :func:`islice` recipe to consume initial values up to the start index.
Update :mod:`zipapp` documentation to describe how to make standalone applications.
Documentation changes for ipaddress. Patch by Jon Foster and Berker Peksag.
Update documentation to clarify that WindowsRegistryFinder implements
MetaPathFinder. (Patch by Himanshu Lakhara)
Avoid regrtest compatibility issue with namespace packages.
Fix failing test_asyncio on macOS 10.12.2+ due to transport of
KqueueSelector loop was not being closed.
Add test_bdb.py.
Upgrade pip to 9.0.3 and setuptools to v39.0.1.
Fix potential use of uninitialized memory in nt._getfinalpathname
Fix a memory leak in os.chdir() on Windows if the current directory is set to a UNC path.
Build and link with private copy of Tcl/Tk 8.6 for the macOS 10.6+ installer. The 10.9+ installer variant already does this. This means that the Python 3.7 provided by the python.org macOS installers no longer need or use any external versions of Tcl/Tk, either system-provided or user-installed, such as ActiveTcl.
Set __file__ while running a startup file. Like Python, IDLE optionally
runs one startup file in the Shell window before presenting the first
interactive input prompt. For IDLE, -s runs a file named in
environmental variable :envvar:`IDLESTARTUP` or :envvar:`PYTHONSTARTUP`;
-r file runs file. Python sets __file__ to the startup file
name before running the file and unsets it before the first prompt. IDLE
now does the same when run normally, without the -n option.
Simplify and rename StringTranslatePseudoMapping in pyparse.
Add an -n flag for Tools/scripts/pathfix.py to disable automatic
backup creation (files with ~ suffix).
Embedding applications may once again call PySys_ResetWarnOptions, PySys_AddWarnOption, and PySys_AddXOption prior to calling Py_Initialize.
Document that m_traverse for multi-phase initialized modules can be called with m_state=NULL, and add a sanity check