Changelog

Python 3.7.11 final

Release date: 2021-06-28

Security

• bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.

• bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.

  Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.

• bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.

• bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.

  Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.

• bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.

Core and Builtins

• bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.

Tests

• bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.

Python 3.7.10 final

Release date: 2021-02-15

Security

• bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.

• bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.

• bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

• bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.

• bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.

Library

• bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).

• bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return None when triying to locate a library in an environment when gcc>=9 is available and ldconfig is not. Patch by Pablo Galindo

Documentation

• bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.

Tests

• bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.

• bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.

Python 3.7.9 final

Release date: 2020-08-15

Security

• bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801).

• bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).

• bpo-41004: CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

• bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).

Core and Builtins

• bpo-33786: Fix asynchronous generators to handle GeneratorExit in athrow() correctly

Library

• bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.

• bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

• bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().

macOS

• bpo-41100: Additional fixes for testing on macOS 11 Big Sur Intel. Note: macOS 11 is not yet released, this release of Python is not fully supported on 11.0, and not all tests pass.

Python 3.7.8 final

Release date: 2020-06-27

Tests

• bpo-41009: Fix use of support.require_{linux|mac|freebsd}_version() decorators as class decorator.

macOS

• bpo-41100: Fix configure error when building on macOS 11. Note that 3.7.8 was released shortly after the first developer preview of macOS 11 (Big Sur); there are other known issues with building and running on the developer preview. Big Sur is expected to be fully supported in a future bugfix release of Python 3.8.x and with 3.9.0.

Python 3.7.8 release candidate 1

Release date: 2020-06-17

Security

• bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.

• bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.

• bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Core and Builtins

• bpo-40663: Correctly generate annotations where parentheses are omitted but required (e.g: Type[(str, int, *other))].

• bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule is called. Patch by Robert Rouhani.

• bpo-20526: Fix PyThreadState_Clear(). PyThreadState.frame is a borrowed reference, not a strong reference: PyThreadState_Clear() must not call Py_CLEAR(tstate->frame).

• bpo-38894: Fix a bug that was causing incomplete results when calling pathlib.Path.glob in the presence of symlinks that point to files where the user does not have read access. Patch by Pablo Galindo and Matt Wozniski.

• bpo-39871: Fix a possible SystemError in math.{atan2,copysign,remainder}() when the first argument cannot be converted to a float. Patch by Zachary Spytz.

• bpo-39520: Fix unparsing of ext slices with no items (foo[:,]). Patch by Batuhan Taskaya.

• bpo-24048: Save the live exception during import.c’s remove_module().

• bpo-22490: Don’t leak environment variable __PYVENV_LAUNCHER__ into the interpreter session on macOS.

Library

• bpo-40448: ensurepip now disables the use of pip cache when installing the bundled versions of pip and setuptools. Patch by Krzysztof Konopko.

• bpo-40807: Stop codeop._maybe_compile, used by code.InteractiveInterpreter (and IDLE). from from emitting each warning three times.

• bpo-38488: Update ensurepip to install pip 20.1.1 and setuptools 47.1.0.

• bpo-40767: webbrowser now properly finds the default browser in pure Wayland systems by checking the WAYLAND_DISPLAY environment variable. Patch contributed by Jérémy Attali.

• bpo-30008: Fix ssl code to be compatible with OpenSSL 1.1.x builds that use no-deprecated and --api=1.1.0.

• bpo-25872: linecache could crash with a KeyError when accessed from multiple threads. Fix by Michael Graczyk.

• bpo-40515: The ssl and hashlib modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds.

• bpo-13097: ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments.

• bpo-40559: Fix possible memory leak in the C implementation of asyncio.Task.

• bpo-40457: The ssl module now support OpenSSL builds without TLS 1.0 and 1.1 methods.

• bpo-40459: platform.win32_ver() now produces correct ptype strings instead of empty strings.

• bpo-40138: Fix the Windows implementation of os.waitpid() for exit code larger than INT_MAX >> 8. The exit status is now interpreted as an unsigned number.

• bpo-39942: Set “__main__” as the default module name when “__name__” is missing in typing.TypeVar. Patch by Weipeng Hong.

• bpo-40287: Fixed SpooledTemporaryFile.seek() to return the position.

• bpo-40196: Fix a bug in the symtable module that was causing incorrectly report global variables as local. Patch by Pablo Galindo.

• bpo-40126: Fixed reverting multiple patches in unittest.mock. Patcher’s __exit__() is now never called if its __enter__() is failed. Returning true from __exit__() silences now the exception.

• bpo-40089: Fix threading._after_fork(): if fork was not called by a thread spawned by threading.Thread, threading._after_fork() now creates a _MainThread instance for _main_thread, instead of a _DummyThread instance.

• bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge.

• bpo-40014: Fix os.getgrouplist(): if getgrouplist() function fails because the group list is too small, retry with a larger group list. On failure, the glibc implementation of getgrouplist() sets ngroups to the total number of groups. For other implementations, double the group list size.

• bpo-40025: Raise TypeError when _generate_next_value_ is defined after members. Patch by Ethan Onstott.

• bpo-40016: In re docstring, clarify the relationship between inline and argument compile flags.

• bpo-39652: The column name found in sqlite3.Cursor.description is now truncated on the first ‘[’ only if the PARSE_COLNAMES option is set.

• bpo-38662: The ensurepip module now invokes pip via the runpy module. Hence it is no longer tightly coupled with the internal API of the bundled pip version, allowing easier updates to a newer pip version both internally and for distributors.

• bpo-39916: More reliable use of os.scandir() in Path.glob(). It no longer emits a ResourceWarning when interrupted.

• bpo-39850: multiprocessing now supports abstract socket addresses (if abstract sockets are supported in the running platform). Patch by Pablo Galindo.

• bpo-39828: Fix json.tool to catch BrokenPipeError. Patch by Dong-hee Na.

• bpo-39040: Fix parsing of invalid mime headers parameters by collapsing whitespace between encoded words in a bare-quote-string.

• bpo-35714: struct.error is now raised if there is a null character in a struct format string.

• bpo-36541: lib2to3 now recognizes named assignment expressions (the walrus operator, :=)

• bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a module’s __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.

• bpo-34226: Fix cgi.parse_multipart without content_length. Patch by Roger Duran

• bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object. Patch by Oren Milman.

Documentation

• bpo-40561: Provide docstrings for webbrowser open functions.

• bpo-27635: The pickle documentation incorrectly claimed that __new__ isn’t called by default when unpickling.

• bpo-39879: Updated Data model docs to include dict() insertion order preservation. Patch by Furkan Onder and Samy Lahfa.

• bpo-39677: Changed operand name of MAKE_FUNCTION from argc to flags for module dis

• bpo-39435: Fix an incorrect signature for pickle.loads() in the docs

• bpo-38387: Document PyDoc_STRVAR macro in the C-API reference.

Tests

• bpo-40964: Disable remote imaplib tests, host cyrus.andrew.cmu.edu is blocking incoming connections.

• bpo-40055: distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter.

• bpo-40436: test_gdb and test.pythoninfo now check gdb command exit code.

• bpo-39932: Fix multiprocessing test_heap(): a new Heap object is now created for each test run.

• bpo-40162: Update Travis CI configuration to OpenSSL 1.1.1f.

• bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines.

• bpo-40019: test_gdb now skips tests if it detects that gdb failed to read debug information because the Python binary is optimized.

• bpo-27807: test_site.test_startup_imports() is now skipped if a path of sys.path contains a .pth file.

• bpo-39793: Use the same domain when testing make_msgid. Patch by Batuhan Taskaya.

• bpo-1812: Fix newline handling in doctest.testfile when loading from a package whose loader has a get_data method. Patch by Peter Donis.

• bpo-37957: test.regrtest now can receive a list of test patterns to ignore (using the -i/–ignore argument) or a file with a list of patterns to ignore (using the –ignore-file argument). Patch by Pablo Galindo.

• bpo-38502: test.regrtest now uses process groups in the multiprocessing mode (-jN command line option) if process groups are available: if os.setsid() and os.killpg() functions are available.

• bpo-37421: multiprocessing tests now stop the ForkServer instance if it’s running: close the “alive” file descriptor to ask the server to stop and then remove its UNIX address.

• bpo-37421: multiprocessing tests now explicitly call _run_finalizers() to immediately remove temporary directories created by tests.

Build

• bpo-40653: Move _dirnameW out of HAVE_SYMLINK to fix a potential compiling issue.

• bpo-38360: Support single-argument form of macOS -isysroot flag.

• bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile.

• bpo-40158: Fix CPython MSBuild Properties in NuGet Package (build/native/python.props)

Windows

• bpo-40164: Updates Windows OpenSSL to 1.1.1g

• bpo-39631: Changes the registered MIME type for .py files on Windows to text/x-python instead of text/plain.

• bpo-40650: Include winsock2.h in pytime.c for timeval.

• bpo-39930: Ensures the required vcruntime140.dll is included in install packages.

• bpo-39847: Avoid hang when computer is hibernated whilst waiting for a mutex (for lock-related objects from threading) around 49-day uptime.

• bpo-38492: Remove pythonw.exe dependency on the Microsoft C++ runtime.

macOS

• bpo-39580: Avoid opening Finder window if running installer from the command line.

• bpo-40400: Update the macOS installer build scripts to build with Python 3.x and to build correctly on newer macOS systems with SIP.

• bpo-40741: Update macOS installer to use SQLite 3.32.2.

• bpo-38329: python.org macOS installers now update the Current version symlink of /Library/Frameworks/Python.framework/Versions for 3.9 installs. Previously, Current was only updated for Python 2.x installs. This should make it easier to embed Python 3 into other macOS applications.

• bpo-40164: Update macOS installer builds to use OpenSSL 1.1.1g.

IDLE

• bpo-39885: Make context menu Cut and Copy work again when right-clicking within a selection.

• bpo-40723: Make test_idle pass when run after import.

• bpo-27115: For ‘Go to Line’, use a Query box subclass with IDLE standard behavior and improved error checking.

• bpo-39885: Since clicking to get an IDLE context menu moves the cursor, any text selection should be and now is cleared.

• bpo-39852: Edit “Go to line” now clears any selection, preventing accidental deletion. It also updates Ln and Col on the status bar.

• bpo-38439: Add a 256×256 pixel IDLE icon to support more modern environments. Created by Andrew Clover. Delete the unused macOS idle.icns icon file.

• bpo-38689: IDLE will no longer freeze when inspect.signature fails when fetching a calltip.

Tools/Demos

• bpo-40479: Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0-alpha.

• bpo-40179: Fixed translation of #elif in Argument Clinic.

• bpo-40163: Fix multissltest tool. OpenSSL has changed download URL for old releases. The multissltest tool now tries to download from current and old download URLs.

• bpo-36184: Port python-gdb.py to FreeBSD. python-gdb.py now checks for “take_gil” function name to check if a frame tries to acquire the GIL, instead of checking for “pthread_cond_timedwait” which is specific to Linux and can be a different condition than the GIL.

• bpo-39889: Fixed unparse.py for extended slices containing a single element (e.g. a[i:j,]). Remove redundant tuples when index with a tuple (e.g. a[i, j]).

C API

• bpo-39884: _PyMethodDef_RawFastCallDict() and _PyMethodDef_RawFastCallKeywords() now include the method name in the SystemError “bad call flags” error message to ease debug.

• bpo-38643: PyNumber_ToBase() now raises a SystemError instead of crashing when called with invalid base.

Python 3.7.7 final

Release date: 2020-03-10

Library

• bpo-13487: Avoid a possible “RuntimeError: dictionary changed size during iteration” from inspect.getmodule() when it tried to loop through sys.modules.

Documentation

• bpo-17422: The language reference no longer restricts default class namespaces to dicts only.

Python 3.7.7 release candidate 1

Release date: 2020-03-04

Security

• bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7.

Core and Builtins

• bpo-39776: Fix race condition where threads created by PyGILState_Ensure() could get a duplicate id.

  This affects consumers of tstate->id like the contextvar caching machinery, which could return invalid cached objects under heavy thread load (observed in embedded scenarios).

• bpo-39778: Fixed a crash due to incorrect handling of weak references in collections.OrderedDict classes. Patch by Pablo Galindo.

• bpo-39382: Fix a use-after-free in the single inheritance path of issubclass(), when the __bases__ of an object has a single reference, and so does its first item. Patch by Yonatan Goldschmidt.

• bpo-39606: Fix regression caused by fix for bpo-39386, that prevented calling aclose on an async generator that had already been closed or exhausted.

• bpo-39510: Fix segfault in readinto() method on closed BufferedReader.

• bpo-39453: Fixed a possible crash in list.__contains__() when a list is changed during comparing items. Patch by Dong-hee Na.

• bpo-39427: Document all possibilities for the -X options in the command line help section. Patch by Pablo Galindo.

• bpo-39421: Fix possible crashes when operating with the functions in the heapq module and custom comparison operators.

• bpo-39386: Prevent double awaiting of async iterator.

• bpo-38588: Fix possible crashes in dict and list when calling PyObject_RichCompareBool().

• bpo-39031: When parsing an “elif” node, lineno and col_offset of the node now point to the “elif” keyword and not to its condition, making it consistent with the “if” node. Patch by Lysandros Nikolaou.

• bpo-38610: Fix possible crashes in several list methods by holding strong references to list elements when calling PyObject_RichCompareBool().

Library

• bpo-39794: Add –without-decimal-contextvar build option. This enables a thread-local rather than a coroutine local context.

• bpo-39769: The compileall.compile_dir() function’s ddir parameter and the compileall command line flag -d no longer write the wrong pathname to the generated pyc file for submodules beneath the root of the directory tree being compiled. This fixes a regression introduced with Python 3.5.

• bpo-30566: Fix IndexError when trying to decode an invalid string with punycode codec.

• bpo-39649: Remove obsolete check for __args__ in bdb.Bdb.format_stack_entry.

• bpo-27657: The original fix for bpo-27657, “Fix urlparse() with numeric paths” (GH-16839) included in 3.7.6, inadvertently introduced a behavior change that broke several third-party packages relying on the original undefined parsing behavior. The change is reverted in 3.7.7, restoring the behavior of 3.7.5 and earlier releases.

• bpo-21016: The pydoc and trace modules now use the sysconfig module to get the path to the Python standard library, to support uncommon installation path like /usr/lib64/python3.9/ on Fedora. Patch by Jan Matějek.

• bpo-39548: Fix handling of header in urllib.request.AbstractDigestAuthHandler when the optional qop parameter is not present.

• bpo-39450: Striped whitespace from docstring before returning it from unittest.case.shortDescription().

• bpo-39493: Mark typing.IO.closed as a property

• bpo-39485: Fix a bug in unittest.mock.create_autospec() that would complain about the wrong number of arguments for custom descriptors defined in an extension module returning functions.

• bpo-39430: Fixed race condition in lazy imports in tarfile.

• bpo-39389: Write accurate compression level metadata in gzip archives, rather than always signaling maximum compression.

• bpo-39274: bool(fraction.Fraction) now returns a boolean even if (numerator != 0) does not return a boolean (ex: numpy number).

• bpo-39242: Updated the Gmane domain from news.gmane.org to news.gmane.io which is used for examples of NNTP news reader server and nntplib tests.

• bpo-39152: Fix ttk.Scale.configure([name]) to return configuration tuple for name or all options. Giovanni Lombardo contributed part of the patch.

• bpo-39198: If an exception were to be thrown in Logger.isEnabledFor (say, by asyncio timeouts or stopit) , the logging global lock may not be released appropriately, resulting in deadlock. This change wraps that block of code with try...finally to ensure the lock is released.

• bpo-39191: Perform a check for running loop before starting a new task in loop.run_until_complete() to fail fast; it prevents the side effect of new task spawning before exception raising.

• bpo-38871: Correctly parenthesize filter-based statements that contain lambda expressions in mod:lib2to3. Patch by Dong-hee Na.

• bpo-39142: A change was made to logging.config.dictConfig to avoid converting instances of named tuples to ConvertingTuple. It’s assumed that named tuples are too specialised to be treated like ordinary tuples; if a user of named tuples requires ConvertingTuple functionality, they will have to implement that themselves in their named tuple class.

• bpo-38971: Open issue in the BPO indicated a desire to make the implementation of codecs.open() at parity with io.open(), which implements a try/except to assure file stream gets closed before an exception is raised.

• bpo-39057: urllib.request.proxy_bypass_environment() now ignores leading dots and no longer ignores a trailing newline.

• bpo-39056: Fixed handling invalid warning category in the -W option. No longer import the re module if it is not needed.

• bpo-39055: base64.b64decode() with validate=True raises now a binascii.Error if the input ends with a single \n.

• bpo-38878: Fixed __subclasshook__ of os.PathLike to return a correct result upon inheritence. Patch by Bar Harel.

• bpo-35182: Fixed Popen.communicate() subsequent call crash when the child process has already closed any piped standard stream, but still continues to be running. Patch by Andriy Maletsky.

• bpo-38473: Use signature from inner mock for autospecced methods attached with unittest.mock.attach_mock(). Patch by Karthikeyan Singaravelan.

• bpo-38293: Add copy.copy() and copy.deepcopy() support to property() objects.

• bpo-37953: In typing, improved the __hash__ and __eq__ methods for ForwardReferences.

• bpo-36406: Handle namespace packages in doctest. Patch by Karthikeyan Singaravelan.

Documentation

• bpo-13790: Change ‘string’ to ‘specification’ in format doc.

• bpo-39530: Fix misleading documentation about mixed-type numeric comparisons.

• bpo-17422: The language reference now specifies restrictions on class namespaces. Adapted from a patch by Ethan Furman.

• bpo-39654: In pyclbr doc, update ‘class’ to ‘module’ where appropriate and add readmodule comment. Patch by Hakan Çelik.

• bpo-39392: Explain that when filling with turtle, overlap regions may be left unfilled.

• bpo-39381: Mention in docs that asyncio.get_event_loop() implicitly creates new event loop only if called from the main thread.

• bpo-38918: Add an entry for __module__ in the “function” & “method” sections of the inspect docs types and members table

• bpo-3530: In the ast module documentation, fix a misleading NodeTransformer example and add advice on when to use the fix_missing_locations function.

Tests

• bpo-38546: Fix test_ressources_gced_in_workers() of test_concurrent_futures: explicitly stop the manager to prevent leaking a child process running in the background after the test completes.

Build

• bpo-39144: The ctags and etags build targets both include Modules/_ctypes and Python standard library source files.

Windows

• bpo-38597: distutils will no longer statically link vcruntime140.dll when a redistributable version is unavailable. All future releases of CPython will include a copy of this DLL to ensure distributed extensions can continue to load.

• bpo-38380: Update Windows builds to use SQLite 3.31.1

• bpo-39439: Reduce overhead when using multiprocessing in a Windows virtual environment

• bpo-39185: The build.bat script has additional options for very-quiet output (-q) and very-verbose output (-vv)

macOS

• bpo-38380: Update macOS builds to use SQLite 3.31.1

IDLE

• bpo-39781: Selecting code context lines no longer causes a jump.

• bpo-39663: Add tests for pyparse find_good_parse_start().

• bpo-39600: In the font configuration window, remove duplicated font names.

• bpo-30780: Add remaining configdialog tests for buttons and highlights and keys tabs.

• bpo-39388: IDLE Settings Cancel button now cancels pending changes

• bpo-39050: Make IDLE Settings dialog Help button work again.

• bpo-34118: Tag memoryview, range, and tuple as classes, the same as list, etcetera, in the library manual built-in functions list.

• bpo-38792: Close an IDLE shell calltip if a KeyboardInterrupt or shell restart occurs. Patch by Zackery Spytz.

• bpo-32989: Add tests for editor newline_and_indent_event method. Remove dead code from pyparse find_good_parse_start method.

Python 3.7.6 final

Release date: 2019-12-18

macOS

• bpo-38295: Prevent failure of test_relative_path in test_py_compile on macOS Catalina.

Python 3.7.6 release candidate 1

Release date: 2019-12-11

Security

• bpo-38945: Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.

• bpo-37228: Due to significant security concerns, the reuse_address parameter of asyncio.loop.create_datagram_endpoint() is no longer supported. This is because of the behavior of SO_REUSEADDR in UDP. For more details, see the documentation for loop.create_datagram_endpoint(). (Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov in bpo-37228.)

• bpo-38804: Fixes a ReDoS vulnerability in http.cookiejar. Patch by Ben Caller.

Core and Builtins

• bpo-38673: In REPL mode, don’t switch to PS2 if the line starts with comment or whitespace. Based on work by Batuhan Taşkaya.

• bpo-38535: Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators.

• bpo-38379: When cyclic garbage collection (gc) runs finalizers that resurrect unreachable objects, the current gc run ends, without collecting any cyclic trash. However, the statistics reported by collect() and get_stats() claimed that all cyclic trash found was collected, and that the resurrected objects were collected. Changed the stats to report that none were collected.

• bpo-35409: Ignore GeneratorExit exceptions when throwing an exception into the aclose coroutine of an asynchronous generator.

Library

• bpo-39006: Fix asyncio when the ssl module is missing: only check for ssl.SSLSocket instance if the ssl module is available.

• bpo-38979: Return class from ContextVar.__class_getitem__ to simplify subclassing.

• bpo-38986: Make repr of C accelerated TaskWakeupMethWrapper the same as of pure Python version.

• bpo-33684: Fix json.tool failed to read a JSON file with non-ASCII characters when locale encoding is not UTF-8.

• bpo-26730: Fix SpooledTemporaryFile.rollover() might corrupt the file when it is in text mode. Patch by Serhiy Storchaka.

• bpo-37838: typing.get_type_hints() properly handles functions decorated with functools.wraps().

• bpo-38821: Fix unhandled exceptions in argparse when internationalizing error messages for arguments with nargs set to special (non-integer) values. Patch by Federico Bond.

• bpo-38820: Make Python compatible with OpenSSL 3.0.0. ssl.SSLSocket.getpeercert() no longer returns IPv6 addresses with a trailing new line.

• bpo-38785: Prevent asyncio from crashing if parent __init__ is not called from a constructor of object derived from asyncio.Future.

• bpo-27805: Allow opening pipes and other non-seekable files in append mode with open().

• bpo-38686: Added support for multiple qop values in urllib.request.AbstractDigestAuthHandler.

• bpo-38334: Fixed seeking backward on an encrypted zipfile.ZipExtFile.

• bpo-31202: The case the result of pathlib.WindowsPath.glob() matches now the case of the pattern for literal parts.

• bpo-38109: Add missing stat.S_IFDOOR, stat.S_IFPORT, stat.S_IFWHT, stat.S_ISDOOR(), stat.S_ISPORT(), and stat.S_ISWHT() values to the Python implementation of stat.

• bpo-38422: Clarify docstrings of pathlib suffix(es)

• bpo-38405: Nested subclasses of typing.NamedTuple are now pickleable.

• bpo-38332: Prevent KeyError thrown by _encoded_words.decode() when given an encoded-word with invalid content-type encoding from propagating all the way to email.message.get().

• bpo-38341: Add smtplib.SMTPNotSupportedError to the smtplib exported names.

• bpo-13153: OS native encoding is now used for converting between Python strings and Tcl objects. This allows to display, copy and paste to clipboard emoji and other non-BMP characters. Converting strings from Tcl to Python and back now never fails (except MemoryError).

• bpo-36993: Improve error reporting for corrupt zip files with bad zip64 extra data. Patch by Daniel Hillier.

• bpo-36952: Starting with Python 3.3, importing ABCs from collections is deprecated, and import should be done from collections.abc. Still being able to import from collections was marked for removal in 3.8, but has been delayed to 3.9; documentation and DeprecationWarning clarified.

• bpo-36820: Break cycle generated when saving an exception in socket.py, codeop.py and dyld.py as they keep alive not only the exception but user objects through the __traceback__ attribute. Patch by Mario Corchero.

• bpo-34776: Fix dataclasses to support forward references in type annotations

• bpo-33348: lib2to3 now recognizes expressions after * and ** like in f(*[] or []).

• bpo-27657: Fix urllib.parse.urlparse() with numeric paths. A string like “path:80” is no longer parsed as a path but as a scheme (“path”) and a path (“80”).

Documentation

• bpo-38351: Modernize email examples from %-formatting to f-strings.

• bpo-38592: Add Brazilian Portuguese to the language switcher at Python Documentation website.

• bpo-38294: Add list of no-longer-escaped chars to re.escape documentation

Tests

• bpo-38547: Fix test_pty: if the process is the session leader, closing the master file descriptor raises a SIGHUP signal: simply ignore SIGHUP when running the tests.

• bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma.

• bpo-38669: Raise TypeError when passing target as a string with unittest.mock.patch.object().

• bpo-35998: Fix a race condition in test_asyncio.test_start_tls_server_1(). Previously, there was a race condition between the test main() function which replaces the protocol and the test ServerProto protocol which sends ANSWER once it gets HELLO. Now, only the test main() function is responsible to send data, ServerProto no longer sends data.

• bpo-37531: On timeout, regrtest no longer attempts to call popen.communicate() again: it can hang until all child processes using stdout and stderr pipes completes. Kill the worker process and ignores its output. Change also the faulthandler timeout of the main process from 1 minute to 5 minutes, for Python slowest buildbots.

Build

• bpo-37404: asyncio now raises TyperError when calling incompatible methods with an ssl.SSLSocket socket. Patch by Ido Michael.

• bpo-38809: On Windows, build scripts will now recognize and use python.exe from an active virtual env.

• bpo-37415: Fix stdatomic.h header check for ICC compiler: the ICC implementation lacks atomic_uintptr_t type which is needed by Python.

Windows

• bpo-38589: Fixes HTML Help shortcut when Windows is not installed to C drive

IDLE

• bpo-38944: Excape key now closes IDLE completion windows. Patch by Johnny Najera.

• bpo-38943: Fix IDLE autocomplete windows not always appearing on some systems. Patch by Johnny Najera.

• bpo-38862: ‘Strip Trailing Whitespace’ on the Format menu removes extra newlines at the end of non-shell files.

• bpo-26353: Stop adding newline when saving an IDLE shell window.

• bpo-38636: Fix IDLE Format menu tab toggle and file indent width. These functions (default shortcuts Alt-T and Alt-U) were mistakenly disabled in 3.7.5 and 3.8.0.

• bpo-4630: Add an option to toggle IDLE’s cursor blink for shell, editor, and output windows. See Settings, General, Window Preferences, Cursor Blink. Patch by Zachary Spytz.

• bpo-38598: Do not try to compile IDLE shell or output windows

• bpo-36698: IDLE no longer fails when write non-encodable characters to stderr. It now escapes them with a backslash, as the regular Python interpreter. Added the errors field to the standard streams.

Tools/Demos

• bpo-38118: Update Valgrind suppression file to ignore a false alarm in PyUnicode_Decode() when using GCC builtin strcmp().

• bpo-38347: pathfix.py: Assume all files that end on ‘.py’ are Python scripts when working recursively.

C API

• bpo-38540: Fixed possible leak in PyArg_Parse() and similar functions for format units "es#" and "et#" when the macro PY_SSIZE_T_CLEAN is not defined.

• bpo-38395: Fix a crash in weakref.proxy objects due to incorrect lifetime management when calling some associated methods that may delete the last reference to object being referenced by the proxy. Patch by Pablo Galindo.

Python 3.7.5 final

Release date: 2019-10-14

Library

• bpo-38368: Prevent ctypes crash when handling arrays in structs/unions.

• bpo-38449: Revert GH-15522, which introduces a regression in mimetypes.guess_type() due to improper handling of filenames as urls.

Windows

• bpo-38344: Fix syntax in activate.bat.

Python 3.7.5 release candidate 1

Release date: 2019-10-01

Security

• bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. (Contributed by Dong-hee Na in bpo-38243.)

• bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903.

• bpo-37764: Fixes email._header_value_parser.get_unstructured going into an infinite loop for a specific case in which the email header does not have trailing whitespace, and the case in which it contains an invalid encoded word. Patch by Ashwin Ramaswami.

• bpo-37461: Fix an infinite loop when parsing specially crafted email headers. Patch by Abhilash Raj.

• bpo-34155: Fix parsing of invalid email addresses with more than one @ (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email address. Patch by maxking & jpic.

Core and Builtins

• bpo-36871: Improve error handling for the assert_has_calls method of mocks. Fixed a bug where any errors encountered while binding the expected calls to the mock’s spec were silently swallowed, leading to misleading error output.

• bpo-38013: Allow to call async_generator_athrow().throw(...) even for non-started async generator helper. It fixes annoying warning at the end of asyncio.run() call.

• bpo-38124: Fix an off-by-one error in PyState_AddModule that could cause out-of-bounds memory access.

• bpo-36946: Fix possible signed integer overflow when handling slices. Patch by hongweipeng.

• bpo-37409: Ensure explicit relative imports from interactive sessions and scripts (having no parent package) always raise ImportError, rather than treating the current module as the package. Patch by Ben Lewis.

• bpo-36311: Decoding bytes objects larger than 2GiB is faster and no longer fails when a multibyte characters spans a chunk boundary.

• bpo-37467: Fix sys.excepthook() and PyErr_Display() if a filename is a bytes string. For example, for a SyntaxError exception where the filename attribute is a bytes string.

• bpo-37417: bytearray.extend() now correctly handles errors that arise during iteration. Patch by Brandt Bucher.

• bpo-20523: pdb.Pdb supports ~/.pdbrc in Windows 7. Patch by Tim Hopper and Dan Lidral-Porter.

Library

• bpo-38019: Correctly handle pause/resume reading of closed asyncio unix pipe.

• bpo-38216: Allow the rare code that wants to send invalid http requests from the http.client library a way to do so. The fixes for bpo-30458 led to breakage for some projects that were relying on this ability to test their own behavior in the face of bad requests.

• bpo-38191: Constructor of NamedTuple type now accepts arbitrary keyword argument names, including “cls”, “self”, “typename” and “fields”.

• bpo-38185: Fixed case-insensitive string comparison in sqlite3.Row indexing.

• bpo-38175: Fix a memory leak in comparison of sqlite3.Row objects.

• bpo-33936: _hashlib no longer calls obsolete OpenSSL initialization function with OpenSSL 1.1.0+.

• bpo-34706: Preserve subclassing in inspect.Signature.from_callable.

• bpo-38059: inspect.py now uses sys.exit() instead of exit()

• bpo-38006: weakref.WeakValueDictionary defines a local remove() function used as callback for weak references. This function was created with a closure. Modify the implementation to avoid the closure.

• bpo-34410: Fixed a crash in the tee() iterator when re-enter it. RuntimeError is now raised in this case.

• bpo-37965: Fix C compiler warning caused by distutils.ccompiler.CCompiler.has_function.

• bpo-36205: Fix the rusage implementation of time.process_time() to correctly report the sum of the system and user CPU time.

• bpo-22347: Update mimetypes.guess_type to allow proper parsing of URLs with only a host name. Patch by Dong-hee Na.

• bpo-37950: Fix ast.dump() when call with incompletely initialized node.

• bpo-37915: Fix a segmentation fault that appeared when comparing instances of datetime.timezone and datetime.tzinfo objects. Patch by Pablo Galindo.

• bpo-37885: venv: Don’t generate unset variable warning on deactivate.

• bpo-37868: Fix dataclasses.is_dataclass when given an instance that never raises AttributeError in __getattr__. That is, an object that returns something for __dataclass_fields__ even if it’s not a dataclass.

• bpo-37811: Fix socket module’s socket.connect(address) function being unable to establish connection in case of interrupted system call. The problem was observed on all OSes which poll(2) system call can take only non-negative integers and -1 as a timeout value.

• bpo-21131: Fix faulthandler.register(chain=True) stack. faulthandler now allocates a dedicated stack of SIGSTKSZ*2 bytes, instead of just SIGSTKSZ bytes. Calling the previous signal handler in faulthandler signal handler uses more than SIGSTKSZ bytes of stack memory on some platforms.

• bpo-34621: Fixed unpickle-ability in older Python versions (<3.7) of UUID objects with is_safe set to SafeUUID.unknown.

• bpo-37738: Fix the implementation of curses addch(str, color_pair): pass the color pair to setcchar(), instead of always passing 0 as the color pair.

• bpo-37723: Fix performance regression on regular expression parsing with huge character sets. Patch by Yann Vaginay.

• bpo-32178: Fix IndexError in email package when trying to parse invalid address fields starting with :.

• bpo-37685: Fixed comparisons of datetime.timedelta and datetime.timezone.

• bpo-37695: Correct curses.unget_wch() error message. Patch by Anthony Sottile.

• bpo-29553: Fixed argparse.ArgumentParser.format_usage() for mutually exclusive groups. Patch by Andrew Nester.

• bpo-37664: Update wheels bundled with ensurepip (pip 19.2.3 and setuptools 41.2.0)

• bpo-37642: Allowed the pure Python implementation of datetime.timezone to represent sub-minute offsets close to minimum and maximum boundaries, specifically in the ranges (23:59, 24:00) and (-23:59, 24:00). Patch by Ngalim Siregar

• bpo-37491: Fix IndexError when parsing email headers with unexpectedly ending bare-quoted string value. Patch by Abhilash Raj.

• bpo-18378: Recognize “UTF-8” as a valid value for LC_CTYPE in locale._parse_localename.

• bpo-37579: Return NotImplemented in Python implementation of __eq__ for timedelta and time when the other object being compared is not of the same type to match C implementation. Patch by Karthikeyan Singaravelan.

• bpo-21478: Record calls to parent when autospecced object is attached to a mock using unittest.mock.attach_mock(). Patch by Karthikeyan Singaravelan.

• bpo-37531: “python3 -m test -jN –timeout=TIMEOUT” now kills a worker process if it runs longer than TIMEOUT seconds.

• bpo-37482: Fix serialization of display name in originator or destination address fields with both encoded words and special chars.

• bpo-37424: Fixes a possible hang when using a timeout on subprocess.run() while capturing output. If the child process spawned its own children or otherwise connected its stdout or stderr handles with another process, we could hang after the timeout was reached and our child was killed when attempting to read final output from the pipes.

• bpo-37421: Fix multiprocessing.util.get_temp_dir() finalizer: clear also the ‘tempdir’ configuration of the current process, so next call to get_temp_dir() will create a new temporary directory, rather than reusing the removed temporary directory.

• bpo-37420: os.sched_setaffinity() now correctly handles errors that arise during iteration over its mask argument. Patch by Brandt Bucher.

• bpo-29412: Fix IndexError in parsing a header value ending unexpectedly. Patch by Abhilash Raj.

• bpo-37372: Fix error unpickling datetime.time objects from Python 2 with seconds>=24. Patch by Justin Blanchard.

• bpo-27860: Fix IPv4Interface and IPv6Interface didn’t accept string mask when the argument is tuple.

• bpo-33972: Email with single part but content-type set to multipart/* doesn’t raise AttributeError anymore.

• bpo-21872: Fix lzma: module decompresses data incompletely. When decompressing a FORMAT_ALONE format file, and it doesn’t have the end marker, sometimes the last one to dozens bytes can’t be output. Patch by Ma Lin.

• bpo-12144: Ensure cookies with expires attribute are handled in CookieJar.make_cookies().

• bpo-37163: dataclasses.replace() now supports the field named “obj”.

• bpo-36871: Ensure method signature is used instead of constructor signature of a class while asserting mock object against method calls. Patch by Karthikeyan Singaravelan.

• bpo-36564: Fix infinite loop in email header folding logic that would be triggered when an email policy’s max_line_length is not long enough to include the required markup and any values in the message. Patch by Paul Ganssle

• bpo-35168: shlex.shlex.punctuation_chars is now a read-only property.

• bpo-20504: Fixes a bug in cgi module when a multipart/form-data request has no Content-Length header.

• bpo-4963: Fixed non-deterministic behavior related to mimetypes extension mapping and module reinitialization.

Documentation

• bpo-26868: Fix example usage of PyModule_AddObject() to properly handle errors.

• bpo-37979: Added a link to dateutil.parser.isoparse in the datetime.fromisoformat documentation. Patch by Paul Ganssle

• bpo-37937: Mention frame.f_trace in sys.settrace() docs.

• bpo-37726: Stop recommending getopt in the tutorial for command line argument parsing and promote argparse.

• bpo-32910: Remove implementation-specific behaviour of how venv’s Deactivate works.

• bpo-37256: Fix wording of arguments for Request in urllib.request

• bpo-37284: Add a brief note to indicate that any new sys.implementation required attributes must go through the PEP process.

• bpo-30088: Documented that mailbox.Maildir constructor doesn’t attempt to verify the maildir folder layout correctness. Patch by Sviatoslav Sydorenko.

• bpo-37487: Fix PyList_GetItem index description to include 0.

• bpo-37478: Added possible exceptions to the description of os.chdir().

• bpo-37004: In the documentation for difflib, a note was added explicitly warning that the results of SequenceMatcher’s ratio method may depend on the order of the input strings.

• bpo-35803: Document and test that tempfile functions may accept a path-like object for the dir argument. Patch by Anthony Sottile.

• bpo-34293: Fix the Doc/Makefile regarding PAPER environment variable and PDF builds

Tests

• bpo-38239: Fix test_gdb for Link Time Optimization (LTO) builds.

• bpo-38275: test_ssl now handles disabled TLS/SSL versions better. OpenSSL’s crypto policy and run-time settings are recognized and tests for disabled versions are skipped. Tests also accept more TLS minimum_versions for platforms that override OpenSSL’s default with strict settings.

• bpo-38271: The private keys for test_ssl were encrypted with 3DES in traditional PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by some strict crypto policies. Use PKCS#8 format with AES256 encryption instead.

• bpo-37123: Multiprocessing test test_mymanager() now also expects -SIGTERM, not only exitcode 0. BaseManager._finalize_manager() sends SIGTERM to the manager process if it takes longer than 1 second to stop, which happens on slow buildbots.

• bpo-38212: Multiprocessing tests: increase test_queue_feeder_donot_stop_onexc() timeout from 1 to 60 seconds.

• bpo-38117: Test with OpenSSL 1.1.1d

• bpo-37805: Add tests for json.dump(…, skipkeys=True). Patch by Dong-hee Na.

• bpo-37531: Enhance regrtest multiprocess timeout: write a message when killing a worker process, catch popen.kill() and popen.wait() exceptions, put a timeout on the second call to popen.communicate().

• bpo-37335: Improve locale coercion tests by using codec lookup instead of more fragile replace().

• bpo-37411: Fix test_wsgiref.testEnviron() to no longer depend on the environment variables (don’t fail if “X” variable is set).

• bpo-37400: Fix test_os.test_chown(): use os.getgroups() rather than grp.getgrall() to get groups. Rename also the test to test_chown_gid().

• bpo-37359: Add –cleanup option to python3 -m test to remove test_python_* directories of previous failed jobs. Add “make cleantest” to run python3 -m test --cleanup.

• bpo-37362: test_gdb no longer fails if it gets an “unexpected” message on stderr: it now ignores stderr. The purpose of test_gdb is to test that python-gdb.py commands work as expected, not to test gdb.

• bpo-36919: Make test_source_encoding.test_issue2301 implementation independent. The test will work now for both CPython and IronPython.

• bpo-34720: Assert m_state != NULL to mimic GC traversal functions that do not correctly handle module creation when the module state has not been created.

• bpo-34347: Fix test_utf8_mode.test_cmd_line for AIX. Patch by M. Felt

Build

• bpo-38301: In Solaris family, we must be sure to use -D_REENTRANT. Patch by Jesús Cea Avión.

• bpo-36002: Locate llvm-profdata and llvm-ar binaries using AC_PATH_TOOL rather than AC_PATH_TARGET_TOOL.

• bpo-37936: The .gitignore file no longer applies to any files that are in fact tracked in the Git repository. Patch by Greg Price.

Windows

• bpo-38117: Update bundled OpenSSL to 1.1.1d

• bpo-36634: venv activate.bat now works when the existing variables contain double quote characters.

• bpo-38087: Fix case sensitivity in test_pathlib and test_ntpath.

• bpo-38088: Fixes distutils not finding vcruntime140.dll with only the v142 toolset installed.

• bpo-37283: Ensure command-line and unattend.xml setting override previously detected states in Windows installer.

• bpo-37705: Improve the implementation of winerror_to_errno().

• bpo-37549: os.dup() no longer fails for standard streams on Windows 7.

• bpo-37702: Fix memory leak on Windows in creating an SSLContext object or running urllib.request.urlopen(’https://…’).

• bpo-10945: Officially drop support for creating bdist_wininst installers on non-Windows systems.

• bpo-37445: Include the FORMAT_MESSAGE_IGNORE_INSERTS flag in FormatMessageW() calls.

• bpo-37380: Don’t collect unfinished processes with subprocess._active on Windows to cleanup later. Patch by Ruslan Kuprieiev.

• bpo-32587: Make winreg.REG_MULTI_SZ support zero-length strings.

macOS

• bpo-38117: Updated OpenSSL to 1.1.1d in macOS installer.

• bpo-38089: Move Azure Pipelines to latest VM versions and make macOS tests optional

IDLE

• bpo-35379: When exiting IDLE, catch any AttributeError. One happens when EditorWindow.close is called twice. Printing a traceback, when IDLE is run from a terminal, is useless and annoying.

• bpo-38183: To avoid problems, test_idle ignores the user config directory. It no longer tries to create or access .idlerc or any files within. Users must run IDLE to discover problems with saving settings.

• bpo-38077: IDLE no longer adds ‘argv’ to the user namespace when initializing it. This bug only affected 3.7.4 and 3.8.0b2 to 3.8.0b4.

• bpo-38041: Shell restart lines now fill the window width, always start with ‘=’, and avoid wrapping unnecessarily. The line will still wrap if the included file name is long relative to the width.

• bpo-35771: To avoid occasional spurious test_idle failures on slower machines, increase the hover_delay in test_tooltip.

• bpo-37824: Properly handle user input warnings in IDLE shell. Cease turning SyntaxWarnings into SyntaxErrors.

• bpo-37929: IDLE Settings dialog now closes properly when there is no shell window.

• bpo-37902: Add mousewheel scrolling for IDLE module, path, and stack browsers. Patch by George Zhang.

• bpo-37849: Fixed completions list appearing too high or low when shown above the current line.

• bpo-36419: Refactor IDLE autocomplete and improve testing.

• bpo-37748: Reorder the Run menu. Put the most common choice, Run Module, at the top.

• bpo-37692: Improve highlight config sample with example shell interaction and better labels for shell elements.

• bpo-37628: Settings dialog no longer expands with font size.

• bpo-37627: Initialize the Customize Run dialog with the command line arguments most recently entered before. The user can optionally edit before submitting them.

• bpo-33610: Fix code context not showing the correct context when first toggled on.

• bpo-37530: Optimize code context to reduce unneeded background activity. Font and highlight changes now occur along with text changes instead of after a random delay.

• bpo-27452: Cleanup config.py by inlining RemoveFile and simplifying the handling of file in CreateConfigHandlers.

• bpo-37325: Fix tab focus traversal order for help source and custom run dialogs.

• bpo-17535: Add optional line numbers for IDLE editor windows. Windows open without line numbers unless set otherwise in the General tab of the configuration dialog.

• bpo-26806: To compensate for stack frames added by IDLE and avoid possible problems with low recursion limits, add 30 to limits in the user code execution process. Subtract 30 when reporting recursion limits to make this addition mostly transparent.

• bpo-36390: Gather Format menu functions into format.py. Combine paragraph.py, rstrip.py, and format methods from editor.py.

Tools/Demos

• bpo-37803: pdb’s --help and --version long options now work.

• bpo-37675: 2to3 now works when run from a zipped standard library.

Python 3.7.4 final

Release date: 2019-07-08

Core and Builtins

• bpo-37500: Due to unintended side effects, revert the change introduced by bpo-1875 in 3.7.4rc1 to check for syntax errors in dead conditional code blocks.

Documentation

• bpo-37149: Replace the dead link to the Tkinter 8.5 reference by John Shipman, New Mexico Tech, with a link to the archive.org copy.

Python 3.7.4 release candidate 2

Release date: 2019-07-02

Security

• bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. ‘127.0.0.1 whatever’.

Core and Builtins

• bpo-24214: Improved support of the surrogatepass error handler in the UTF-8 and UTF-16 incremental decoders.

Library

• bpo-37440: http.client now enables TLS 1.3 post-handshake authentication for default context or if a cert_file is passed to HTTPSConnection.

• bpo-37437: Update vendorized expat version to 2.2.7.

• bpo-37428: SSLContext.post_handshake_auth = True no longer sets SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the option is documented as ignored for clients, OpenSSL implicitly enables cert chain validation when the flag is set.

• bpo-32627: Fix compile error when _uuid headers conflicting included.

Windows

• bpo-37369: Fixes path for sys.executable when running from the Microsoft Store.

• bpo-35360: Update Windows builds to use SQLite 3.28.0.

macOS

• bpo-34602: Avoid test suite failures on macOS by no longer calling resource.setrlimit to increase the process stack size limit at runtime. The runtime change is no longer needed since the interpreter is being built with a larger default stack size.

Python 3.7.4 release candidate 1

Release date: 2019-06-18

Security

• bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request.

• bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit().

• bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised.

• bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header.

• bpo-35755: shutil.which() now uses os.confstr("CS_PATH") if available and if the PATH environment variable is not set. Remove also the current directory from posixpath.defpath. On Unix, shutil.which() and the subprocess module no longer search the executable in the current directory if the PATH environment variable is not set.

Core and Builtins

• bpo-37269: Fix a bug in the peephole optimizer that was not treating correctly constant conditions with binary operators. Patch by Pablo Galindo.

• bpo-37219: Remove errorneous optimization for empty set differences.

• bpo-26423: Fix possible overflow in wrap_lenfunc() when sizeof(long) < sizeof(Py_ssize_t) (e.g., 64-bit Windows).

• bpo-36829: PyErr_WriteUnraisable() now displays the exception even if displaying the traceback failed. Moreover, hold a strong reference to sys.stderr while using it. Document that an exception must be set when calling PyErr_WriteUnraisable().

• bpo-36907: Fix a crash when calling a C function with a keyword dict (f(**kwargs)) and changing the dict kwargs while that function is running.

• bpo-36946: Fix possible signed integer overflow when handling slices.

• bpo-27987: PyGC_Head structure is aligned to long double. This is needed to ensure GC-ed objects are aligned properly. Patch by Inada Naoki.

• bpo-1875: A SyntaxError is now raised if a code blocks that will be optimized away (e.g. if conditions that are always false) contains syntax errors. Patch by Pablo Galindo. (Reverted in 3.7.4 final by bpo-37500.)

• bpo-28866: Avoid caching attributes of classes which type defines mro() to avoid a hard cache invalidation problem.

• bpo-27639: Correct return type for UserList slicing operations. Patch by Michael Blahay, Erick Cervantes, and vaultah

• bpo-32849: Fix Python Initialization code on FreeBSD to detect properly when stdin file descriptor (fd 0) is invalid.

• bpo-27987: pymalloc returns memory blocks aligned by 16 bytes, instead of 8 bytes, on 64-bit platforms to conform x86-64 ABI. Recent compilers assume this alignment more often. Patch by Inada Naoki.

• bpo-36504: Fix signed integer overflow in _ctypes.c’s PyCArrayType_new().

• bpo-20844: Fix running script with encoding cookie and LF line ending may fail on Windows.

• bpo-24214: Fixed support of the surrogatepass error handler in the UTF-8 incremental decoder.

• bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c’s tok_nextc().

• bpo-36433: Fixed TypeError message in classmethoddescr_call.

• bpo-36430: Fix a possible reference leak in itertools.count().

• bpo-36440: Include node names in ParserError messages, instead of numeric IDs. Patch by A. Skrobov.

• bpo-36421: Fix a possible double decref in _ctypes.c’s PyCArrayType_new().

• bpo-36256: Fix bug in parsermodule when parsing a state in a DFA that has two or more arcs with labels of the same type. Patch by Pablo Galindo.

• bpo-36236: At Python initialization, the current directory is no longer prepended to sys.path if it has been removed.

• bpo-36262: Fix an unlikely memory leak on conversion from string to float in the function _Py_dg_strtod() used by float(str), complex(str), pickle.load(), marshal.load(), etc.

• bpo-36218: Fix a segfault occuring when sorting a list of heterogeneous values. Patch contributed by Rémi Lapeyre and Elliot Gorokhovsky.

• bpo-36035: Added fix for broken symlinks in combination with pathlib

• bpo-18372: Add missing PyObject_GC_Track() calls in the pickle module. Patch by Zackery Spytz.

• bpo-34408: Prevent a null pointer dereference and resource leakage in PyInterpreterState_New().

Library

• bpo-37280: Use threadpool for reading from file for sendfile fallback mode.

• bpo-37279: Fix asyncio sendfile support when sendfile sends extra data in fallback mode.

• bpo-19865: ctypes.create_unicode_buffer() now also supports non-BMP characters on platforms with 16-bit wchar_t (for example, Windows and AIX).

• bpo-35922: Fix RobotFileParser.crawl_delay() and RobotFileParser.request_rate() to return None rather than raise AttributeError when no relevant rule is defined in the robots.txt file. Patch by Rémi Lapeyre.

• bpo-36607: Eliminate RuntimeError raised by asyncio.all_tasks() if internal tasks weak set is changed by another thread during iteration.

• bpo-36402: Fix a race condition at Python shutdown when waiting for threads. Wait until the Python thread state of all non-daemon threads get deleted (join all non-daemon threads), rather than just wait until non-daemon Python threads complete.

• bpo-34886: Fix an unintended ValueError from subprocess.run() when checking for conflicting input and stdin or capture_output and stdout or stderr args when they were explicitly provided but with None values within a passed in **kwargs dict rather than as passed directly by name. Patch contributed by Rémi Lapeyre.

• bpo-37173: The exception message for inspect.getfile() now correctly reports the passed class rather than the builtins module.

• bpo-12639: msilib.Directory.start_component() no longer fails if keyfile is not None.

• bpo-36520: Lengthy email headers with UTF-8 characters are now properly encoded when they are folded. Patch by Jeffrey Kintscher.

• bpo-37054: Fix destructor _pyio.BytesIO and _pyio.TextIOWrapper: initialize their _buffer attribute as soon as possible (in the class body), because it’s used by __del__() which calls close().

• bpo-30835: Fixed a bug in email parsing where a message with invalid bytes in content-transfer-encoding of a multipart message can cause an AttributeError. Patch by Andrew Donnellan.

• bpo-37035: Don’t log OSError based exceptions if a fatal error has occurred in asyncio transport. Peer can generate almost any OSError, user cannot avoid these exceptions by fixing own code. Errors are still propagated to user code, it’s just logging them is pointless and pollute asyncio logs.

• bpo-37008: Add support for calling next() with the mock resulting from unittest.mock.mock_open()

• bpo-27737: Allow whitespace only header encoding in email.header - by Batuhan Taskaya

• bpo-36969: PDB command args now display keyword only arguments. Patch contributed by Rémi Lapeyre.

• bpo-36983: Add missing names to typing.__all__: ChainMap, ForwardRef, OrderedDict - by Anthony Sottile.

• bpo-21315: Email headers containing RFC2047 encoded words are parsed despite the missing whitespace, and a defect registered. Also missing trailing whitespace after encoded words is now registered as a defect.

• bpo-33524: Fix the folding of email header when the max_line_length is 0 or None and the header contains non-ascii characters. Contributed by Licht Takeuchi (@Licht-T).

• bpo-24564: shutil.copystat() now ignores errno.EINVAL on os.setxattr() which may occur when copying files on filesystems without extended attributes support.

  Original patch by Giampaolo Rodola, updated by Ying Wang.

• bpo-36845: Added validation of integer prefixes to the construction of IP networks and interfaces in the ipaddress module.

• bpo-35545: Fix asyncio discarding IPv6 scopes when ensuring hostname resolutions internally

• bpo-35070: posix.getgrouplist() now works correctly when the user belongs to NGROUPS_MAX supplemental groups. Patch by Jeffrey Kintscher.

• bpo-24538: In shutil.copystat(), first copy extended file attributes and then file permissions, since extended attributes can only be set on the destination while it is still writeable.

• bpo-33110: Handle exceptions raised by functions added by concurrent.futures add_done_callback correctly when the Future has already completed.

• bpo-26903: Limit max_workers in ProcessPoolExecutor to 61 to work around a WaitForMultipleObjects limitation.

• bpo-36813: Fix QueueListener to call queue.task_done() upon stopping. Patch by Bar Harel.

• bpo-36734: Fix compilation of faulthandler.c on HP-UX. Initialize stack_t current_stack to zero using memset().

• bpo-29183: Fix double exceptions in wsgiref.handlers.BaseHandler by calling its close() method only when no exception is raised.

• bpo-36650: The C version of functools.lru_cache() was treating calls with an empty **kwargs dictionary as being distinct from calls with no keywords at all. This did not result in an incorrect answer, but it did trigger an unexpected cache miss.

• bpo-28552: Fix distutils.sysconfig if sys.executable is None or an empty string: use os.getcwd() to initialize project_base. Fix also the distutils build command: don’t use sys.executable if it is None or an empty string.

• bpo-35755: shutil.which() and distutils.spawn.find_executable() now use os.confstr("CS_PATH") if available instead of os.defpath, if the PATH environment variable is not set. Moreover, don’t use os.confstr("CS_PATH") nor os.defpath if the PATH environment variable is set to an empty string.

• bpo-36613: Fix asyncio wait() not removing callback if exception

• bpo-36598: Fix isinstance check for Mock objects with spec when the code is executed under tracing. Patch by Karthikeyan Singaravelan.

• bpo-36533: Reinitialize logging.Handler locks in forked child processes instead of attempting to acquire them all in the parent before forking only to be released in the child process. The acquire/release pattern was leading to deadlocks in code that has implemented any form of chained logging handlers that depend upon one another as the lock acquision order cannot be guaranteed.

• bpo-36522: If debuglevel is set to >0 in http.client, print all values for headers with multiple values for the same header name. Patch by Matt Houglum.

• bpo-36492: Arbitrary keyword arguments (even with names “self” and “func”) can now be passed to some functions which should accept arbitrary keyword arguments and pass them to other function (for example partialmethod(), TestCase.addCleanup() and Profile.runcall()) if the required arguments are passed as positional arguments.

• bpo-36434: Errors during writing to a ZIP file no longer prevent to properly close it.

• bpo-34745: Fix asyncio ssl memory issues caused by circular references

• bpo-36321: collections.namedtuple() misspelled the name of an attribute. To be consistent with typing.NamedTuple, the attribute name should have been “_field_defaults” instead of “_fields_defaults”. For backwards compatibility, both spellings are now created. The misspelled version may be removed in the future.

• bpo-36272: logging does not silently ignore RecursionError anymore. Patch contributed by Rémi Lapeyre.

• bpo-36235: Fix CFLAGS in customize_compiler() of distutils.sysconfig: when the CFLAGS environment variable is defined, don’t override CFLAGS variable with the OPT variable anymore. Initial patch written by David Malcolm.

• bpo-35125: Asyncio: Remove inner callback on outer cancellation in shield

• bpo-35802: Clean up code which checked presence of os.stat / os.lstat / os.chmod which are always present. Patch by Anthony Sottile.

• bpo-23078: Add support for classmethod() and staticmethod() to unittest.mock.create_autospec(). Initial patch by Felipe Ochoa.

• bpo-35721: Fix asyncio.SelectorEventLoop.subprocess_exec() leaks file descriptors if Popen fails and called with stdin=subprocess.PIPE. Patch by Niklas Fiekas.

• bpo-35726: QueueHandler.prepare() now makes a copy of the record before modifying and enqueueing it, to avoid affecting other handlers in the chain.

• bpo-31855: unittest.mock.mock_open() results now respects the argument of read([size]). Patch contributed by Rémi Lapeyre.

• bpo-35082: Don’t return deleted attributes when calling dir on a unittest.mock.Mock.

• bpo-34547: wsgiref.handlers.BaseHandler now handles abrupt client connection terminations gracefully. Patch by Petter Strandmark.

• bpo-34424: Fix serialization of messages containing encoded strings when the policy.linesep is set to a multi-character string. Patch by Jens Troeger.

• bpo-33361: Fix a bug in codecs.StreamRecoder where seeking might leave old data in a buffer and break subsequent read calls. Patch by Ammar Askar.

• bpo-31922: asyncio.AbstractEventLoop.create_datagram_endpoint(): Do not connect UDP socket when broadcast is allowed. This allows to receive replies after a UDP broadcast.

• bpo-22102: Added support for ZIP files with disks set to 0. Such files are commonly created by builtin tools on Windows when use ZIP64 extension. Patch by Francisco Facioni.

• bpo-27141: Added a __copy__() to collections.UserList and collections.UserDict in order to correctly implement shallow copying of the objects. Patch by Bar Harel.

• bpo-31829: \r, \0 and \x1a (end-of-file on Windows) are now escaped in protocol 0 pickles of Unicode strings. This allows to load them without loss from files open in text mode in Python 2.

• bpo-31292: Fix setup.py check --restructuredtext for files containing include directives.

• bpo-23395: _thread.interrupt_main() now avoids setting the Python error status if the SIGINT signal is ignored or not handled by Python.

Documentation

• bpo-34903: Documented that in datetime.datetime.strptime(), the leading zero in some two-digit formats is optional. Patch by Mike Gleen.

• bpo-36984: Improve version added references in typing module - by Anthony Sottile.

• bpo-36868: What’s new now mentions SSLContext.hostname_checks_common_name instead of SSLContext.host_flags.

• bpo-36783: Added C API Documentation for Time_FromTimeAndFold and PyDateTime_FromDateAndTimeAndFold as per PEP 495. Patch by Edison Abahurire.

• bpo-30840: Document relative imports

• bpo-36523: Add docstring for io.IOBase.writelines().

• bpo-36425: New documentation translation: Simplified Chinese.

• bpo-36157: Added Documention for PyInterpreterState_Main().

• bpo-36138: Improve documentation about converting datetime.timedelta to scalars.

• bpo-22865: Add detail to the documentation on the pty.spawn function.

• bpo-35581: @typing.type_check_only now allows type stubs to mark functions and classes not available during runtime.

• bpo-35564: Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0

• bpo-10536: Enhance the gettext docs. Patch by Éric Araujo

• bpo-32995: Added the context variable in glossary.

• bpo-33832: Add glossary entry for ‘magic method’.

• bpo-33482: Make codecs.StreamRecoder.writelines take a list of bytes.

• bpo-25735: Added documentation for func factorial to indicate that returns integer values

Tests

• bpo-35998: Avoid TimeoutError in test_asyncio: test_start_tls_server_1()

• bpo-37153: test_venv.test_mutiprocessing() now explicitly calls pool.terminate() to wait until the pool completes.

• bpo-37081: Test with OpenSSL 1.1.1c

• bpo-36915: The main regrtest process now always removes all temporary directories of worker processes even if they crash or if they are killed on KeyboardInterrupt (CTRL+c).

• bpo-36719: “python3 -m test -jN …” now continues the execution of next tests when a worker process crash (CHILD_ERROR state). Previously, the test suite stopped immediately. Use –failfast to stop at the first error.

• bpo-36816: Update Lib/test/selfsigned_pythontestdotnet.pem to match self-signed.pythontest.net’s new TLS certificate.

• bpo-35925: Skip httplib and nntplib networking tests when they would otherwise fail due to a modern OS or distro with a default OpenSSL policy of rejecting connections to servers with weak certificates.

• bpo-36719: regrtest now always detects uncollectable objects. Previously, the check was only enabled by --findleaks. The check now also works with -jN/--multiprocess N. --findleaks becomes a deprecated alias to --fail-env-changed.

• bpo-36725: When using mulitprocessing mode (-jN), regrtest now better reports errors if a worker process fails, and it exits immediately on a worker thread failure or when interrupted.

• bpo-36454: Change test_time.test_monotonic() to test only the lower bound of elapsed time after a sleep command rather than the upper bound. This prevents unnecessary test failures on slow buildbots. Patch by Victor Stinner.

• bpo-36629: Fix test_imap4_host_default_value() of test_imaplib: catch also errno.ENETUNREACH error.

• bpo-36611: Fix test_sys.test_getallocatedblocks() when tracemalloc is enabled.

• bpo-36560: Fix reference leak hunting in regrtest: compute also deltas (of reference count, allocated memory blocks, file descriptor count) during warmup, to ensure that everything is initialized before starting to hunt reference leaks.

• bpo-36565: Fix reference hunting (python3 -m test -R 3:3) when Python has no built-in abc module.

• bpo-36436: Fix _testcapi.pymem_buffer_overflow(): handle memory allocation failure.

Build

• bpo-36605: make tags and make TAGS now also parse Modules/_io/*.c and Modules/_io/*.h.

• bpo-36508: python-config --ldflags no longer includes flags of the LINKFORSHARED variable. The LINKFORSHARED variable must only be used to build executables.

Windows

• bpo-34631: Updated OpenSSL to 1.1.1c in Windows installer

• bpo-37267: On Windows, os.dup() no longer creates an inheritable fd when handling a character file.

• bpo-36779: Ensure time.tzname is correct on Windows when the active code page is set to CP_UTF7 or CP_UTF8.

• bpo-36965: include of STATUS_CONTROL_C_EXIT without depending on MSC compiler

• bpo-36649: Remove trailing spaces for registry keys when installed via the Store.

• bpo-34144: Fixed activate.bat to correctly update codepage when chcp.com returns dots in output. Patch by Lorenz Mende.

• bpo-35941: enum_certificates function of the ssl module now returns certificates from all available certificate stores inside windows in a query instead of returning only certificates from the system wide certificate store. This includes certificates from these certificate stores: local machine, local machine enterprise, local machine group policy, current user, current user group policy, services, users. ssl.enum_crls() function is changed in the same way to return all certificate revocation lists inside the windows certificate revocation list stores.

• bpo-36441: Fixes creating a venv when debug binaries are installed.

• bpo-36312: Fixed decoders for the following code pages: 50220, 50221, 50222, 50225, 50227, 50229, 57002 through 57011, 65000 and 42.

• bpo-36010: Add the venv standard library module to the nuget distribution for Windows.

• bpo-34060: Report system load when running test suite on Windows. Patch by Ammar Askar. Based on prior work by Jeremy Kloth.

macOS

• bpo-35360: Update macOS installer to use SQLite 3.28.0.

• bpo-34631: Updated OpenSSL to 1.1.1c in macOS installer.

• bpo-36231: Support building Python on macOS without /usr/include installed. As of macOS 10.14, system header files are only available within an SDK provided by either the Command Line Tools or the Xcode app.

• bpo-34602: Avoid failures setting macOS stack resource limit with resource.setrlimit. This reverts an earlier fix for bpo-18075 which forced a non-default stack size when building the interpreter executable on macOS.

IDLE

• bpo-37321: Both subprocess connection error messages now refer to the ‘Startup failure’ section of the IDLE doc.

• bpo-37177: Properly ‘attach’ search dialogs to their main window so that they behave like other dialogs and do not get hidden behind their main window.

• bpo-37039: Adjust “Zoom Height” to individual screens by momemtarily maximizing the window on first use with a particular screen. Changing screen settings may invalidate the saved height. While a window is maximized, “Zoom Height” has no effect.

• bpo-35763: Make calltip reminder about ‘/’ meaning positional-only less obtrusive by only adding it when there is room on the first line.

• bpo-5680: Add ‘Run… Customized’ to the Run menu to run a module with customized settings. Any ‘command line arguments’ entered are added to sys.argv. One can suppress the normal Shell main module restart.

• bpo-35610: Replace now redundant .context_use_ps1 with .prompt_last_line. This finishes change started in bpo-31858.

• bpo-37038: Make idlelib.run runnable; add test clause.

• bpo-36958: Print any argument other than None or int passed to SystemExit or sys.exit().

• bpo-13102: When saving a file, call os.fsync() so bits are flushed to e.g. USB drive.

• bpo-36429: Fix starting IDLE with pyshell. Add idlelib.pyshell alias at top; remove pyshell alias at bottom. Remove obsolete __name__==’__main__’ command.

• bpo-36405: Use dict unpacking in idlelib.

• bpo-36396: Remove fgBg param of idlelib.config.GetHighlight(). This param was only used twice and changed the return type.

• bpo-23205: For the grep module, add tests for findfiles, refactor findfiles to be a module-level function, and refactor findfiles to use os.walk.

• bpo-23216: Add docstrings to IDLE search modules.

• bpo-30348: Increase test coverage of idlelib.autocomplete by 30%.

• bpo-32411: In browser.py, remove extraneous sorting by line number since dictionary was created in line number order.

Tools/Demos

• bpo-14546: Fix the argument handling in Tools/scripts/lll.py.

• bpo-32217: Fix freeze script on Windows.

C API

• bpo-28805: The METH_FASTCALL calling convention has been documented.

• bpo-37170: Fix the cast on error in PyLong_AsUnsignedLongLongMask().

• bpo-36389: Change the value of CLEANBYTE, DEADDYTE and FORBIDDENBYTE internal constants used by debug hooks on Python memory allocators (PyMem_SetupDebugHooks() function). Byte patterns 0xCB, 0xDB and 0xFB have been replaced with 0xCD, 0xDD and 0xFD to use the same values than Windows CRT debug malloc() and free().

Python 3.7.3 final

Release date: 2019-03-25

There were no new changes in version 3.7.3.

Python 3.7.3 release candidate 1

Release date: 2019-03-12

Security

• bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.

• bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.

• bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by Karthikeyan Singaravelan.

Core and Builtins

• bpo-35942: The error message emitted when returning invalid types from __fspath__ in interfaces that allow passing PathLike objects has been improved and now it does explain the origin of the error.

• bpo-35992: Fix __class_getitem__() not being called on a class with a custom non-subscriptable metaclass.

• bpo-35991: Fix a potential double free in Modules/_randommodule.c.

• bpo-35961: Fix a crash in slice_richcompare(): use strong references rather than stolen references for the two temporary internal tuples.

• bpo-31506: Clarify the errors reported when object.__new__ and object.__init__ receive more than one argument. Contributed by Sanyam Khurana.

• bpo-35720: Fixed a minor memory leak in pymain_parse_cmdline_impl function in Modules/main.c

• bpo-35623: Fix a crash when sorting very long lists. Patch by Stephan Hohe.

• bpo-35214: clang Memory Sanitizer build instrumentation was added to work around false positives from posix, socket, time, test_io, and test_faulthandler.

• bpo-35560: Fix an assertion error in format() in debug build for floating point formatting with “n” format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan.

• bpo-35552: Format characters %s and %V in PyUnicode_FromFormat() and %s in PyBytes_FromFormat() no longer read memory past the limit if precision is specified.

• bpo-35504: Fix segfaults and SystemErrors when deleting certain attributes. Patch by Zackery Spytz.

• bpo-33989: Fix a possible crash in list.sort() when sorting objects with ob_type->tp_richcompare == NULL. Patch by Zackery Spytz.

Library

• bpo-35931: The pdb debug command now gracefully handles all exceptions.

• bpo-36251: Fix format strings used for stderrprinter and re.Match reprs. Patch by Stephan Hohe.

• bpo-35807: Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.

• bpo-36179: Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in out-of-memory cases.

• bpo-35178: Ensure custom warnings.formatwarning() function can receive line as positional argument. Based on patch by Tashrif Billah.

• bpo-36106: Resolve potential name clash with libm’s sinpi(). Patch by Dmitrii Pasechnik.

• bpo-35512: unittest.mock.patch.dict() used as a decorator with string target resolves the target during function call instead of during decorator construction. Patch by Karthikeyan Singaravelan.

• bpo-36091: Clean up reference to async generator in Lib/types. Patch by Henry Chen.

• bpo-35899: Enum has been fixed to correctly handle empty strings and strings with non-Latin characters (ie. ‘α’, ‘א’) without crashing. Original patch contributed by Maxwell. Assisted by Stéphane Wirtel.

• bpo-35918: Removed broken has_key method from multiprocessing.managers.SyncManager.dict. Contributed by Rémi Lapeyre.

• bpo-35960: Fix dataclasses.field() throwing away empty mapping objects passed as metadata.

• bpo-35847: RISC-V needed the CTYPES_PASS_BY_REF_HACK. Fixes ctypes Structure test_pass_by_value.

• bpo-35780: Fix lru_cache() errors arising in recursive, reentrant, or multi-threaded code. These errors could result in orphan links and in the cache being trapped in a state with fewer than the specified maximum number of links. Fix handling of negative maxsize which should have been treated as zero. Fix errors in toggling the “full” status flag. Fix misordering of links when errors are encountered. Sync-up the C code and pure Python code for the space saving path in functions with a single positional argument. In this common case, the space overhead of an lru cache entry is reduced by almost half. Fix counting of cache misses. In error cases, the miss count was out of sync with the actual number of times the underlying user function was called.

• bpo-23846: asyncio.ProactorEventLoop now catches and logs send errors when the self-pipe is full.

• bpo-34323: asyncio: Enhance IocpProactor.close() log: wait 1 second before the first log, then log every second. Log also the number of seconds since close() was called.

• bpo-34294: re module, fix wrong capturing groups in rare cases. re.search(), re.findall(), re.sub() and other functions that scan through string looking for a match, should reset capturing groups between two match attempts. Patch by Ma Lin.

• bpo-35717: Fix KeyError exception raised when using enums and compile. Patch contributed by Rémi Lapeyre.

• bpo-35699: Fixed detection of Visual Studio Build Tools 2017 in distutils

• bpo-32710: Fix memory leaks in asyncio ProactorEventLoop on overlapped operation failure.

• bpo-32710: Fix a memory leak in asyncio in the ProactorEventLoop when ReadFile() or WSASend() overlapped operation fail immediately: release the internal buffer.

• bpo-35682: Fix asyncio.ProactorEventLoop.sendfile(): don’t attempt to set the result of an internal future if it’s already done.

• bpo-35283: Add a pending deprecated warning for the threading.Thread.isAlive() method. Patch by Dong-hee Na.

• bpo-35643: Fixed a SyntaxWarning: invalid escape sequence in Modules/_sha3/cleanup.py. Patch by Mickaël Schoentgen.

• bpo-35615: weakref: Fix a RuntimeError when copying a WeakKeyDictionary or a WeakValueDictionary, due to some keys or values disappearing while iterating.

• bpo-28503: The crypt module now internally uses the crypt_r() library function instead of crypt() when available.

• bpo-35121: Don’t set cookie for a request when the request path is a prefix match of the cookie’s path attribute but doesn’t end with “/”. Patch by Karthikeyan Singaravelan.

• bpo-35585: Speed-up building enums by value, e.g. http.HTTPStatus(200).

• bpo-21478: Calls to a child function created with unittest.mock.create_autospec() should propagate to the parent. Patch by Karthikeyan Singaravelan.

• bpo-35513: TextTestRunner of unittest.runner now uses time.perf_counter() rather than time.time() to measure the execution time of a test: time.time() can go backwards, whereas time.perf_counter() is monotonic.

• bpo-35502: Fixed reference leaks in xml.etree.ElementTree.TreeBuilder in case of unfinished building of the tree (in particular when an error was raised during parsing XML).

• bpo-31446: Copy command line that was passed to CreateProcessW since this function can change the content of the input buffer.

• bpo-20239: Allow repeated assignment deletion of unittest.mock.Mock attributes. Patch by Pablo Galindo.

• bpo-17185: Set __signature__ on mock for inspect to get signature. Patch by Karthikeyan Singaravelan.

• bpo-10496: check_environ() of distutils.utils now catches KeyError on calling pwd.getpwuid(): don’t create the HOME environment variable in this case.

• bpo-35066: Previously, calling the strftime() method on a datetime object with a trailing ‘%’ in the format string would result in an exception. However, this only occured when the datetime C module was being used; the python implementation did not match this behavior. Datetime is now PEP-399 compliant, and will not throw an exception on a trailing ‘%’.

• bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff. Orignial patch by R. David Murray & Jairo Trad. Enhanced by Sanyam Khurana.

• bpo-35198: Fix C++ extension compilation on AIX

• bpo-28441: On Cygwin and MinGW, ensure that sys.executable always includes the full filename in the path, including the .exe suffix (unless it is a symbolic link).

• bpo-34572: Fix C implementation of pickle.loads to use importlib’s locking mechanisms, and thereby avoid using partially-loaded modules. Patch by Tim Burgess.

• bpo-33687: Fix the call to os.chmod() for uu.decode() if a mode is given or decoded. Patch by Timo Furrer.

• bpo-32146: Document the interaction between frozen executables and the spawn and forkserver start methods in multiprocessing.

Documentation

• bpo-36083: Fix formatting of –check-hash-based-pycs options in the manpage Synopsis.

• bpo-34764: Improve example of iter() with 2nd sentinel argument.

• bpo-21314: A new entry was added to the Core Language Section of the Programming FAQ, which explaines the usage of slash(/) in the signature of a function. Patch by Lysandros Nikolaou

• bpo-22062: Update documentation and docstrings for pathlib. Original patch by Mike Short.

Tests

• bpo-36234: test_posix.PosixUidGidTests: add tests for invalid uid/gid type (str). Initial patch written by David Malcolm.

• bpo-29571: Fix test_re.test_locale_flag(): use locale.getpreferredencoding() rather than locale.getlocale() to get the locale encoding. With some locales, locale.getlocale() returns the wrong encoding. On Windows, set temporarily the LC_CTYPE locale to the user preferred encoding to ensure that it uses the ANSI code page, to be consistent with locale.getpreferredencoding().

• bpo-36123: Fix race condition in test_socket.

• bpo-27313: Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.

• bpo-36019: Add test.support.TEST_HTTP_URL and replace references of http://www.example.com by this new constant. Contributed by Stéphane Wirtel.

• bpo-36037: Fix test_ssl for strict OpenSSL configuration like RHEL8 strict crypto policy. Use older TLS version for minimum TLS version of the server SSL context if needed, to test TLS version older than default minimum TLS version.

• bpo-35505: Make test_imap4_host_default_value independent on whether the local IMAP server is running.

• bpo-35917: multiprocessing: provide unit tests for SyncManager and SharedMemoryManager classes + all the shareable types which are supposed to be supported by them. (patch by Giampaolo Rodola)

• bpo-35772: Fix sparse file tests of test_tarfile on ppc64 with the tmpfs filesystem. Fix the function testing if the filesystem supports sparse files: create a file which contains data and “holes”, instead of creating a file which contains no data. tmpfs effective block size is a page size (tmpfs lives in the page cache). RHEL uses 64 KiB pages on aarch64, ppc64, ppc64le, only s390x and x86_64 use 4 KiB pages, whereas the test punch holes of 4 KiB.

• bpo-35045: Make ssl tests less strict and also accept TLSv1 as system default. The changes unbreaks test_min_max_version on Fedora 29.

• bpo-31731: Fix a race condition in check_interrupted_write() of test_io: create directly the thread with SIGALRM signal blocked, rather than blocking the signal later from the thread. Previously, it was possible that the thread gets the signal before the signal is blocked.

• bpo-35424: Fix test_multiprocessing_main_handling: use multiprocessing.Pool with a context manager and then explicitly join the pool.

• bpo-35519: Rename test.bisect module to test.bisect_cmd to avoid conflict with bisect module when running directly a test like ./python Lib/test/test_xmlrpc.py.

• bpo-35513: Replace time.time() with time.monotonic() in tests to measure time delta.

• bpo-34279: test.support.run_unittest() no longer raise TestDidNotRun if the test result contains skipped tests. The exception is now only raised if no test have been run and no test have been skipped.

• bpo-35412: Add testcase to test_future4: check unicode literal.

• bpo-26704: Added test demonstrating double-patching of an instance method. Patch by Anthony Sottile.

Build

• bpo-34691: The _contextvars module is now built into the core Python library on Windows.

• bpo-35683: Improved Azure Pipelines build steps and now verifying layouts correctly

• bpo-35642: Remove asynciomodule.c from pythoncore.vcxproj

• bpo-35550: Fix incorrect Solaris #ifdef checks to look for __sun && __SVR4 instead of sun when compiling.

Windows

• bpo-24643: Fix name collisions due to #define timezone _timezone in PC/pyconfig.h.

• bpo-35692: pathlib no longer raises when checking file and directory existence on drives that are not ready

• bpo-35872: Uses the base Python executable when invoking venv in a virtual environment

• bpo-35873: Prevents venv paths being inherited by child processes

• bpo-35299: Fix sysconfig detection of the source directory and distutils handling of pyconfig.h during PGO profiling

• bpo-32560: The py launcher now forwards its STARTUPINFO structure to child processes.

• bpo-35854: Fix EnvBuilder and –symlinks in venv on Windows

• bpo-35811: Avoid propagating venv settings when launching via py.exe

• bpo-35797: Fix default executable used by the multiprocessing module

• bpo-29734: Fix handle leaks in os.stat on Windows.

• bpo-35596: Use unchecked PYCs for the embeddable distro to avoid zipimport restrictions.

• bpo-35596: Fix vcruntime140.dll being added to embeddable distro multiple times.

• bpo-35402: Update Windows build to use Tcl and Tk 8.6.9

• bpo-33316: PyThread_release_lock always fails

• bpo-1104: Correctly handle string length in msilib.SummaryInfo.GetProperty() to prevent it from truncating the last character.

IDLE

• bpo-36176: Fix IDLE autocomplete & calltip popup colors. Prevent conflicts with Linux dark themes (and slightly darken calltip background).

• bpo-36152: Remove colorizer.ColorDelegator.close_when_done and the corresponding argument of .close(). In IDLE, both have always been None or False since 2007.

• bpo-32129: Avoid blurry IDLE application icon on macOS with Tk 8.6. Patch by Kevin Walzer.

• bpo-24310: IDLE – Document settings dialog font tab sample.

• bpo-36096: Refactor class variables to instance variables in colorizer.

• bpo-35833: Revise IDLE doc for control codes sent to Shell. Add a code example block.

• bpo-35770: IDLE macosx deletes Options => Configure IDLE. It previously deleted Window => Zoom Height by mistake. (Zoom Height is now on the Options menu). On Mac, the settings dialog is accessed via Preferences on the IDLE menu.

• bpo-35769: Change IDLE’s new file name from ‘Untitled’ to ‘untitled’

• bpo-35689: Add docstrings and unittests for colorizer.py.

• bpo-35660: Fix imports in idlelib.window.

• bpo-35641: Proper format calltip when the function has no docstring.

• bpo-33987: Use ttk Frame for ttk widgets.

• bpo-34055: Fix erroneous ‘smart’ indents and newlines in IDLE Shell.

• bpo-35591: Find Selection now works when selection not found.

• bpo-35196: Speed up squeezer line counting.

• bpo-35598: Update config_key: use PEP 8 names and ttk widgets, make some objects global, and add tests.

• bpo-28097: Add Previous/Next History entries to Shell menu.

• bpo-35208: Squeezer now properly counts wrapped lines before newlines.

• bpo-35555: Gray out Code Context menu entry when it’s not applicable.

• bpo-35521: Document the IDLE editor code context feature. Add some internal references within the IDLE doc.

• bpo-22703: The Code Context menu label now toggles between Show/Hide Code Context. The Zoom Height menu now toggles between Zoom/Restore Height. Zoom Height has moved from the Window menu to the Options menu.

Tools/Demos

• bpo-35132: Fix py-list and py-bt commands of python-gdb.py on gdb7.

C API

• bpo-33817: Fixed _PyBytes_Resize() for empty bytes objects.

Python 3.7.2 final

Release date: 2018-12-23

Library

• bpo-31715: Associate .mjs file extension with application/javascript MIME Type.

Build

• bpo-35499: make profile-opt no longer replaces CFLAGS_NODIST with CFLAGS. It now adds profile-guided optimization (PGO) flags to CFLAGS_NODIST: existing CFLAGS_NODIST flags are kept.

• bpo-35257: Avoid leaking the linker flags from Link Time Optimizations (LTO) into distutils when compiling C extensions.

C API

• bpo-35259: Conditionally declare Py_FinalizeEx() (new in 3.6) based on Py_LIMITED_API. Patch by Arthur Neufeld.

Python 3.7.2 release candidate 1

Release date: 2018-12-11

Security

• bpo-34812: The -I command line option (run Python in isolated mode) is now also copied by the multiprocessing and distutils modules when spawning child processes. Previously, only -E and -s options (enabled by -I) were copied.

• bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.

Core and Builtins

• bpo-35444: Fixed error handling in pickling methods when fail to look up builtin “getattr”.

• bpo-35436: Fix various issues with memory allocation error handling. Patch by Zackery Spytz.

• bpo-35357: Internal attributes’ names of unittest.mock._Call and unittest.mock.MagicProxy (name, parent & from_kall) are now prefixed with _mock_ in order to prevent clashes with widely used object attributes. Fixed minor typo in test function name.

• bpo-35372: Fixed the code page decoder for input longer than 2 GiB containing undecodable bytes.

• bpo-35336: Fix PYTHONCOERCECLOCALE=1 environment variable: only coerce the C locale if the LC_CTYPE locale is “C”.

• bpo-33954: For str.format(), float.__format__() and complex.__format__() methods for non-ASCII decimal point when using the “n” formatter.

• bpo-35269: Fix a possible segfault involving a newly-created coroutine. Patch by Zackery Spytz.

• bpo-35214: Fixed an out of bounds memory access when parsing a truncated unicode escape sequence at the end of a string such as '\N'. It would read one byte beyond the end of the memory allocation.

• bpo-35214: The interpreter and extension modules have had annotations added so that they work properly under clang’s Memory Sanitizer. A new configure flag –with-memory-sanitizer has been added to make test builds of this nature easier to perform.

• bpo-35193: Fix an off by one error in the bytecode peephole optimizer where it could read bytes beyond the end of bounds of an array when removing unreachable code. This bug was present in every release of Python 3.6 and 3.7 until now.

• bpo-29341: Clarify in the docstrings of os methods that path-like objects are also accepted as input parameters.

• bpo-35050: socket: Fix off-by-one bug in length check for AF_ALG name and type.

• bpo-34974: bytes and bytearray constructors no longer convert unexpected exceptions (e.g. MemoryError and KeyboardInterrupt) to TypeError.

• bpo-34973: Fixed crash in bytes() when the list argument is mutated while it is iterated.

• bpo-34824: Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery Spytz.

• bpo-1621: Do not assume signed integer overflow behavior (C undefined behavior) when performing set hash table resizing.

Library

• bpo-35052: Fix xml.dom.minidom cloneNode() on a document with an entity: pass the correct arguments to the user data handler of an entity.

• bpo-35330: When a Mock instance was used to wrap an object, if side_effect is used in one of the mocks of it methods, don’t call the original implementation and return the result of using the side effect the same way that it is done with return_value.

• bpo-34172: Revert the fix for this issue previously released in 3.7.1 pending further investigation: Fix a reference issue inside multiprocessing.Pool that caused the pool to remain alive if it was deleted without being closed or terminated explicitly.

• bpo-10496: posixpath.expanduser() now returns the input path unchanged if the HOME environment variable is not set and the current user has no home directory (if the current user identifier doesn’t exist in the password database). This change fix the site module if the current user doesn’t exist in the password database (if the user has no home directory).

• bpo-35310: Fix a bug in select.select() where, in some cases, the file descriptor sequences were returned unmodified after a signal interruption, even though the file descriptors might not be ready yet. select.select() will now always return empty lists if a timeout has occurred. Patch by Oran Avraham.

• bpo-35380: Enable TCP_NODELAY on Windows for proactor asyncio event loop.

• bpo-35341: Add generic version of collections.OrderedDict to the typing module. Patch by Ismo Toijala.

• bpo-35371: Fixed possible crash in os.utime() on Windows when pass incorrect arguments.

• bpo-27903: Fix ResourceWarning in platform.dist() on SuSE and Caldera OpenLinux. Patch by Ville Skyttä.

• bpo-35308: Fix regression in webbrowser where default browsers may be preferred over browsers in the BROWSER environment variable.

• bpo-28604: locale.localeconv() now sets temporarily the LC_CTYPE locale to the LC_MONETARY locale if the two locales are different and monetary strings are non-ASCII. This temporary change affects other threads.

• bpo-35277: Update ensurepip to install pip 18.1 and setuptools 40.6.2.

• bpo-35226: Recursively check arguments when testing for equality of unittest.mock.call objects and add note that tracking of parameters used to create ancestors of mocks in mock_calls is not possible.

• bpo-29564: The warnings module now suggests to enable tracemalloc if the source is specified, the tracemalloc module is available, but tracemalloc is not tracing memory allocations.

• bpo-35189: Modify the following fnctl function to retry if interrupted by a signal (EINTR): flock, lockf, fnctl

• bpo-35062: Fix incorrect parsing of _io.IncrementalNewlineDecoder’s translate argument.

• bpo-35079: Improve difflib.SequenceManager.get_matching_blocks doc by adding ‘non-overlapping’ and changing ‘!=’ to ‘<’.

• bpo-35017: socketserver.BaseServer.serve_forever() now exits immediately if it’s shutdown() method is called while it is polling for new events.

• bpo-31047: Fix ntpath.abspath regression where it didn’t remove a trailing separator on Windows. Patch by Tim Graham.

• bpo-34794: Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to Tcl/Tk.

• bpo-35008: Fixed references leaks when call the __setstate__() method of xml.etree.ElementTree.Element in the C implementation for already initialized element.

• bpo-23420: Verify the value for the parameter ‘-s’ of the cProfile CLI. Patch by Robert Kuska

• bpo-33947: dataclasses now handle recursive reprs without raising RecursionError.

• bpo-16965: The 2to3 execfile fixer now opens the file with mode 'rb'. Patch by Zackery Spytz.

• bpo-34966: pydoc now supports aliases not only to methods defined in the end class, but also to inherited methods. The docstring is not duplicated for aliases.

• bpo-34941: Methods find(), findtext() and findall() of the Element class in the xml.etree.ElementTree module are now able to find children which are instances of Element subclasses.

• bpo-34936: Fix TclError in tkinter.Spinbox.selection_element(). Patch by Juliette Monsel.

• bpo-34866: Adding max_num_fields to cgi.FieldStorage to make DOS attacks harder by limiting the number of MiniFieldStorage objects created by FieldStorage.

• bpo-34022: The SOURCE_DATE_EPOCH environment variable no longer overrides the value of the invalidation_mode argument to py_compile.compile(), and determines its default value instead.

• bpo-34738: ZIP files created by distutils will now include entries for directories.

• bpo-31177: Fix bug that prevented using reset_mock on mock instances with deleted attributes

• bpo-34536: Enum._missing_: raise ValueError if None returned and TypeError if non-member is returned.

• bpo-34604: Fix possible mojibake in the error message of pwd.getpwnam and grp.getgrnam using string representation because of invisible characters or trailing whitespaces. Patch by William Grzybowski.

• bpo-34574: OrderedDict iterators are not exhausted during pickling anymore. Patch by Sergey Fedoseev.

• bpo-34052: sqlite3.Connection.create_aggregate(), sqlite3.Connection.create_function(), sqlite3.Connection.set_authorizer(), sqlite3.Connection.set_progress_handler() methods raises TypeError when unhashable objects are passed as callable. These methods now don’t pass such objects to SQLite API. Previous behavior could lead to segfaults. Patch by Sergey Fedoseev.

• bpo-29877: compileall: import ProcessPoolExecutor only when needed, preventing hangs on low resource platforms

• bpo-22005: Implemented unpickling instances of datetime, date and time pickled by Python 2. encoding='latin1' should be used for successful decoding.

Documentation

• bpo-35089: Remove mention of typing.io and typing.re. Their types should be imported from typing directly.

• bpo-35038: Fix the documentation about an unexisting f_restricted attribute in the frame object. Patch by Stéphane Wirtel

• bpo-35044: Fix the documentation with the role exc for the appropriated exception. Patch by Stéphane Wirtel

• bpo-35035: Rename documentation for email.utils to email.utils.rst.

• bpo-34967: Use app.add_object_type() instead of the deprecated Sphinx function app.description_unit()

• bpo-11233: Create availability directive for documentation. Original patch by Georg Brandl.

• bpo-33594: Document getargspec, from_function and from_builtin as deprecated in their respective docstring, and include version since deprecation in DeprecationWarning message.

• bpo-32613: Update the faq/windows.html to use the py command from PEP 397 instead of python.

Tests

• bpo-33725: test_multiprocessing_fork may crash on recent versions of macOS. Until the issue is resolved, skip the test on macOS.

• bpo-35352: Modify test_asyncio to use the certificate set from the test directory.

• bpo-35317: Fix mktime() overflow error in test_email: run test_localtime_daylight_true_dst_true() and test_localtime_daylight_false_dst_true() with a specific timezone.

• bpo-21263: After several reports that test_gdb does not work properly on macOS and since gdb is not shipped by default anymore, test_gdb is now skipped on macOS when LLVM Clang has been used to compile Python. Patch by Lysandros Nikolaou

• bpo-34279: regrtest issue a warning when no tests have been executed in a particular test file. Also, a new final result state is issued if no test have been executed across all test files. Patch by Pablo Galindo.

Build

• bpo-35296: The Windows installer (MSI) now also install internal header files (Include/internal/ subdirectory).

• bpo-35351: When building Python with clang and LTO, LTO flags are no longer passed into CFLAGS to build third-party C extensions through distutils.

• bpo-35139: Fix a compiler error when statically linking pyexpat in Modules/Setup.

• bpo-35011: Restores the use of pyexpatns.h to isolate our embedded copy of the expat C library so that its symbols do not conflict at link or dynamic loading time with an embedding application or other extension modules with their own version of libexpat.

• bpo-28015: Have –with-lto works correctly with clang.

• bpo-33015: Fix an undefined behaviour in the pthread implementation of PyThread_start_new_thread(): add a function wrapper to always return NULL.

Windows

• bpo-35401: Updates Windows build to OpenSSL 1.1.0j

• bpo-34977: venv on Windows will now use a python.exe redirector rather than copying the actual binaries from the base environment.

• bpo-34977: Adds support for building a Windows App Store package

• bpo-35067: Remove _distutils_findvs module and use vswhere.exe instead.

• bpo-34532: Fixes exit code of list version arguments for py.exe.

• bpo-32890: Fix usage of GetLastError() instead of errno in os.execve() and os.truncate().

macOS

• bpo-35402: Update macOS installer to use Tcl/Tk 8.6.9.1. [NOTE: This change was reverted for the released python.org 3.7.2 macOS installers due to regressions found in Tk 8.6.9.1. For now, the installers provide Tcl/Tk 8.6.8.]

• bpo-35401: Update macOS installer to use OpenSSL 1.1.0j.

• bpo-35025: Properly guard the use of the CLOCK_GETTIME et al. macros in timemodule on macOS.

• bpo-24658: On macOS, fix reading from and writing into a file with a size larger than 2 GiB.

IDLE

• bpo-35213: Where appropriate, use ‘macOS’ in idlelib.

• bpo-34864: On macOS, warn if the system preference “Prefer tabs when opening documents” is set to “Always”.

• bpo-34864: Document two IDLE on MacOS issues. The System Preferences Dock “prefer tabs always” setting disables some IDLE features. Menus are a bit different than as described for Windows and Linux.

• bpo-35202: Remove unused imports from lib/idlelib

• bpo-33000: Document that IDLE’s shell has no line limit. A program that runs indefinitely can overfill memory.

• bpo-23220: Explain how IDLE’s Shell displays output.

• bpo-35099: Improve the doc about IDLE running user code. The section is renamed from “IDLE – console differences” is renamed “Running user code”. It mostly covers the implications of using custom sys.stdxxx objects.

• bpo-35097: Add IDLE doc subsection explaining editor windows. Topics include opening, title and status bar, .py* extension, and running.

• bpo-35093: Document the IDLE document viewer in the IDLE doc. Add a paragraph in “Help and preferences”, “Help sources” subsection.

• bpo-35088: Update idlelib.help.copy_string docstring. We now use git and backporting instead of hg and forward merging.

• bpo-35087: Update idlelib help files for the current doc build. The main change is the elimination of chapter-section numbers.

Tools/Demos

• bpo-34989: python-gdb.py now handles errors on computing the line number of a Python frame.

C API

• bpo-35322: Fix memory leak in PyUnicode_EncodeLocale() and PyUnicode_EncodeFSDefault() on error handling.

• bpo-35296: make install now also installs the internal API: Include/internal/*.h header files.

• bpo-34725: Adds _Py_SetProgramFullPath so embedders may override sys.executable

Python 3.7.1 final

Release date: 2018-10-20

Library

• bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks()

Python 3.7.1 release candidate 2

Release date: 2018-10-13

Core and Builtins

• bpo-34879: Fix a possible null pointer dereference in bytesobject.c. Patch by Zackery Spytz.

• bpo-34854: Fixed a crash in compiling string annotations containing a lambda with a keyword-only argument that doesn’t have a default value.

• bpo-34320: Fix dict(od) didn’t copy iteration order of OrderedDict.

Library

• bpo-34769: Fix for async generators not finalizing when event loop is in debug mode and garbage collector runs in another thread.

• bpo-34922: Fixed integer overflow in the digest() and hexdigest() methods for the SHAKE algorithm in the hashlib module.

• bpo-34909: Enum: fix grandchildren subclassing when parent mixed with concrete data types.

• bpo-34900: Fixed unittest.TestCase.debug() when used to call test methods with subtests. Patch by Bruno Oliveira.

• bpo-34871: Fix inspect module polluted sys.modules when parsing __text_signature__ of callable.

• bpo-34872: Fix self-cancellation in C implementation of asyncio.Task

• bpo-34819: Use a monotonic clock to compute timeouts in Executor.map() and as_completed(), in order to prevent timeouts from deviating when the system clock is adjusted.

• bpo-34521: Use socket.CMSG_SPACE() to calculate ancillary data size instead of socket.CMSG_LEN() in multiprocessing.reduction.recvfds() as RFC 3542 requires the use of the former for portable applications.

• bpo-34334: In QueueHandler, clear exc_text from LogRecord to prevent traceback from being written twice.

• bpo-6721: Acquire the logging module’s commonly used internal locks while fork()ing to avoid deadlocks in the child process.

• bpo-34172: Fix a reference issue inside multiprocessing.Pool that caused the pool to remain alive if it was deleted without being closed or terminated explicitly.

Documentation

• bpo-32174: chm document displays non-ASCII charaters properly on some MBCS Windows systems.

Tests

• bpo-32962: Fixed test_gdb when Python is compiled with flags -mcet -fcf-protection -O0.

macOS

• bpo-34370: Revert to using the released Tk 8.6.8 with macOS installers instead of the Tk 8.6.x development snapshot used with 3.7.1rc1 and 3.6.7rc1. The snapshot introduced at least one significant regression (bpo-34927).

C API

• bpo-34910: Ensure that PyObject_Print() always returns -1 on error. Patch by Zackery Spytz.

Python 3.7.1 release candidate 1

Release date: 2018-09-26

Security

• bpo-17239: The xml.sax and xml.dom.minidom parsers no longer processes external entities by default. External DTD and ENTITY declarations no longer load files or create network connections.

• bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat’s default CSPRNG.

• bpo-34405: Updated to OpenSSL 1.1.0i for Windows builds.

• bpo-33871: Fixed sending the part of the file in os.sendfile() on macOS. Using the trailers argument could cause sending more bytes from the input file than was specified.

• bpo-32533: Fixed thread-safety of error handling in _ssl.

Core and Builtins

• bpo-34783: Fix a crash with musl libc (on Alpine Linux) when the script filename specified on the command line doesn’t exist.

• bpo-34762: Fix contextvars C API to use PyObject* pointer types.

• bpo-34735: Fix a memory leak in Modules/timemodule.c. Patch by Zackery Spytz.

• bpo-34588: Fix an off-by-one in the recursive call pruning feature of traceback formatting.

• bpo-34485: Standard streams like sys.stdout now use the “surrogateescape” error handler, instead of “strict”, on the POSIX locale (when the C locale is not coerced and the UTF-8 Mode is disabled).

• bpo-34485: Fix the error handler of standard streams like sys.stdout: PYTHONIOENCODING=”:” is now ignored instead of setting the error handler to “strict”.

• bpo-34527: On FreeBSD, Py_DecodeLocale() and Py_EncodeLocale() now also forces the ASCII encoding if the LC_CTYPE locale is “POSIX”, not only if the LC_CTYPE locale is “C”.

• bpo-34527: The UTF-8 Mode is now also enabled by the “POSIX” locale, not only by the “C” locale.

• bpo-34400: Fix undefined behavior in parsetok.c. Patch by Zackery Spytz.

• bpo-34377: Update valgrind suppression list to use _PyObject_Free/_PyObject_Realloc instead of PyObject_Free/PyObject_Realloc.

• bpo-34170: -X dev: it is now possible to override the memory allocator using PYTHONMALLOC even if the developer mode is enabled.

• bpo-34126: Fix crashes when profiling certain invalid calls of unbound methods. Patch by Jeroen Demeyer.

• bpo-24618: Fixed reading invalid memory when create the code object with too small varnames tuple or too large argument counts.

• bpo-34068: In io.IOBase.close(), ensure that the closed attribute is not set with a live exception. Patch by Zackery Spytz and Serhiy Storchaka.

• bpo-34087: Fix buffer overflow while converting unicode to numeric values.

• bpo-34080: Fixed a memory leak in the compiler when it raised some uncommon errors during tokenizing.

• bpo-34066: Disabled interruption by Ctrl-C between calling open() and entering a with block in with open().

• bpo-34042: Fix dict.copy() to maintain correct total refcount (as reported by sys.gettotalrefcount()).

• bpo-33985: Implement contextvars.ContextVar.name attribute.

• bpo-33956: Update vendored Expat library copy to version 2.2.5.

• bpo-24596: Decref the module object in PyRun_SimpleFileExFlags() before calling PyErr_Print(). Patch by Zackery Spytz.

• bpo-33451: Close directly executed pyc files before calling PyEval_EvalCode().

• bpo-33824: Fix “LC_ALL=C python3.7 -V”: reset properly the command line parser when the encoding changes after reading the Python configuration.

• bpo-25750: Fix rare Python crash due to bad refcounting in type_getattro() if a descriptor deletes itself from the class. Patch by Jeroen Demeyer.

• bpo-31902: Fix the col_offset attribute for ast nodes ast.AsyncFor, ast.AsyncFunctionDef, and ast.AsyncWith. Previously, col_offset pointed to the keyword after async.

• bpo-25862: Fix assertion failures in the tell() method of io.TextIOWrapper. Patch by Zackery Spytz.

• bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. Patch by Oren Milman.

Library

• bpo-29577: Support multiple mixin classes when creating Enums.

• bpo-34670: Add SSLContext.post_handshake_auth and SSLSocket.verify_client_post_handshake for TLS 1.3’s post handshake authentication feature.

• bpo-34658: Fix a rare interpreter unhandled exception state SystemError only seen when using subprocess with a preexec_fn while an after_parent handler has been registered with os.register_at_fork and the fork system call fails.

• bpo-34652: Ensure os.lchmod() is never defined on Linux.

• bpo-34363: dataclasses.asdict() and .astuple() now handle namedtuples correctly.

• bpo-34625: Update vendorized expat library version to 2.2.6.

• bpo-34621: Fix un/pickling compatbility of uuid.UUID objects with older versions of Python (<3.7).

• bpo-32270: The subprocess module no longer mistakenly closes redirected fds even when they were in pass_fds when outside of the default {0, 1, 2} set.

• bpo-34610: Fixed iterator of multiprocessing.managers.DictProxy.

• bpo-34421: Fix distutils logging for non-ASCII strings. This caused installation issues on Windows.

• bpo-34604: Fix possible mojibake in the error message of pwd.getpwnam and grp.getgrnam. Patch by William Grzybowski.

• bpo-34530: distutils.spawn.find_executable() now falls back on os.defpath if the PATH environment variable is not set.

• bpo-34282: Fix enum members getting shadowed by parent attributes.

• bpo-34563: On Windows, fix multiprocessing.Connection for very large read: fix _winapi.PeekNamedPipe() and _winapi.ReadFile() for read larger than INT_MAX (usually 2^31-1).

• bpo-34558: Correct typo in Lib/ctypes/_aix.py

• bpo-34515: Fix parsing non-ASCII identifiers in lib2to3.pgen2.tokenize (PEP 3131).

• bpo-13312: Avoids a possible integer underflow (undefined behavior) in the time module’s year handling code when passed a very low negative year value.

• bpo-34472: Improved compatibility for streamed files in zipfile. Previously an optional signature was not being written and certain ZIP applications were not supported. Patch by Silas Sewell.

• bpo-34454: Fix the .fromisoformat() methods of datetime types crashing when given unicode with non-UTF-8-encodable code points. Specifically, datetime.fromisoformat() now accepts surrogate unicode code points used as the separator. Report and tests by Alexey Izbyshev, patch by Paul Ganssle.

• bpo-6700: Fix inspect.getsourcelines for module level frames/tracebacks. Patch by Vladimir Matveev.

• bpo-34171: Running the trace module no longer creates the trace.cover file.

• bpo-34441: Fix crash when an ABC-derived class with invalid __subclasses__ is passed as the second argument to issubclass(). Patch by Alexey Izbyshev.

• bpo-34341: Appending to the ZIP archive with the ZIP64 extension no longer grows the size of extra fields of existing entries.

• bpo-34333: Fix %-formatting in pathlib.PurePath.with_suffix() when formatting an error message.

• bpo-18540: The imaplib.IMAP4 and imaplib.IMAP4_SSL classes now resolve to the local host IP correctly when the default value of host parameter ('') is used.

• bpo-34246: smtplib.SMTP.send_message() no longer modifies the content of the mail_options argument. Patch by Pablo S. Blum de Aguiar.

• bpo-31047: Fix ntpath.abspath for invalid paths on windows. Patch by Franz Woellert.

• bpo-34263: asyncio’s event loop will not pass timeouts longer than one day to epoll/select etc.

• bpo-34035: Fix several AttributeError in zipfile seek() methods. Patch by Mickaël Schoentgen.

• bpo-32215: Fix performance regression in sqlite3 when a DML statement appeared in a different line than the rest of the SQL query.

• bpo-34251: Restore msilib.Win64 to preserve backwards compatibility since it’s already used by distutils’ bdist_msi command.

• bpo-19891: Ignore errors caused by missing / non-writable homedir while writing history during exit of an interactive session. Patch by Anthony Sottile.

• bpo-34213: Allow frozen dataclasses to have a field named “object”. Previously this conflicted with an internal use of “object”.

• bpo-21446: The reload fixer now uses importlib.reload() instead of deprecated imp.reload().

• bpo-940286: pydoc’s Helper.showtopic() method now prints the cross references of a topic correctly.

• bpo-34164: base64.b32decode() could raise UnboundLocalError or OverflowError for incorrect padding. Now it always raises base64.Error in these cases.

• bpo-33729: Fixed issues with arguments parsing in hashlib.

• bpo-34108: Remove extraneous CR in 2to3 refactor.

• bpo-27494: Reverted bpo-27494. 2to3 rejects now a trailing comma in generator expressions.

• bpo-33967: functools.singledispatch now raises TypeError instead of IndexError when no positional arguments are passed.

• bpo-34056: Ensure the loader shim created by imp.load_module always returns bytes from its get_data() function. This fixes using imp.load_module with PEP 552 hash-based pycs.

• bpo-34054: The multiprocessing module now uses the monotonic clock time.monotonic() instead of the system clock time.time() to implement timeout.

• bpo-34044: subprocess.Popen now copies the startupinfo argument to leave it unchanged: it will modify the copy, so that the same STARTUPINFO object can be used multiple times.

• bpo-34010: Fixed a performance regression for reading streams with tarfile. The buffered read should use a list, instead of appending to a bytes object.

• bpo-34019: webbrowser: Correct the arguments passed to Opera Browser when opening a new URL using the webbrowser module. Patch by Bumsik Kim.

• bpo-33978: Closed existing logging handlers before reconfiguration via fileConfig and dictConfig. Patch by Karthikeyan Singaravelan.

• bpo-14117: Make minor tweaks to turtledemo. The ‘wikipedia’ example is now ‘rosette’, decribing what it draws. The ‘penrose’ print output is reduced. The’1024’ output of ‘tree’ is eliminated.

• bpo-33974: Fixed passing lists and tuples of strings containing special characters ", \, {, } and \n as options to ttk widgets.

• bpo-27500: Fix getaddrinfo to resolve IPv6 addresses correctly.

• bpo-24567: Improve random.choices() to handle subnormal input weights that could occasionally trigger an IndexError.

• bpo-33871: Fixed integer overflow in os.readv(), os.writev(), os.preadv() and os.pwritev() and in os.sendfile() with headers or trailers arguments (on BSD-based OSes and macOS).

• bpo-33899: Tokenize module now implicitly emits a NEWLINE when provided with input that does not have a trailing new line. This behavior now matches what the C tokenizer does internally. Contributed by Ammar Askar.

• bpo-33916: bz2 and lzma: When Decompressor.__init__() is called twice, free the old lock to not leak memory.

• bpo-32568: Make select.epoll() and its documentation consistent regarding sizehint and flags.

• bpo-33833: Fixed bug in asyncio where ProactorSocketTransport logs AssertionError if force closed during write.

• bpo-33663: Convert content length to string before putting to header.

• bpo-26544: Fixed implementation of platform.libc_ver(). It almost always returned version ‘2.9’ for glibc.

• bpo-33805: Improve error message of dataclasses.replace() when an InitVar is not specified

• bpo-27397: Make email module properly handle invalid-length base64 strings.

• bpo-33476: Fix _header_value_parser.py when address group is missing final ‘;’. Contributed by Enrique Perez-Terron

• bpo-31014: Fixed creating a controller for webbrowser when a user specifies a path to an entry in the BROWSER environment variable. Based on patch by John Still.

• bpo-33365: Print the header values besides the header keys instead just the header keys if debuglevel is set to >0 in http.client. Patch by Marco Strigl.

• bpo-32933: unittest.mock.mock_open() now supports iteration over the file contents. Patch by Tony Flury.

• bpo-33336: imaplib now allows MOVE command in IMAP4.uid() (RFC 6851: IMAP MOVE Extension) and potentially as a name of supported method of IMAP4 object.

• bpo-31608: Raise a TypeError instead of crashing if a collections.deque subclass returns a non-deque from __new__. Patch by Oren Milman.

• bpo-29456: Fix bugs in hangul normalization: u1176, u11a7 and u11c3

Documentation

• bpo-34790: Document how passing coroutines to asyncio.wait() can be confusing.

• bpo-28617: Fixed info in the stdtypes docs concerning the types that support membership tests.

• bpo-34065: Fix wrongly written basicConfig documentation markup syntax

• bpo-33460: replaced ellipsis with correct error codes in tutorial chapter 3.

• bpo-33847: Add ‘@’ operator entry to index.

• bpo-25041: Document AF_PACKET in the socket module.

Tests

• bpo-34537: Fix test_gdb.test_strings() when LC_ALL=C and GDB was compiled with Python 3.6 or earlier.

• bpo-34587: test_socket: Remove RDSTest.testCongestion(). The test tries to fill the receiver’s socket buffer and expects an error. But the RDS protocol doesn’t require that. Moreover, the Linux implementation of RDS expects that the producer of the messages reduces its rate, it’s not the role of the receiver to trigger an error. The test fails on Fedora 28 by design, so just remove it.

• bpo-34661: Fix test_shutil if unzip doesn’t support -t.

• bpo-34200: Fixed non-deterministic flakiness of test_pkg by not using the scary test.support.module_cleanup() logic to save and restore sys.modules contents between test cases.

• bpo-34594: Fix usage of hardcoded errno values in the tests.

• bpo-34542: Use 3072 RSA keys and SHA-256 signature for test certs and keys.

• bpo-11193: Remove special condition for AIX in test_subprocess.test_undecodable_env

• bpo-34490: On AIX with AF_UNIX family sockets getsockname() does not provide ‘sockname’, so skip calls to transport.get_extra_info(‘sockname’)

• bpo-34391: Fix ftplib test for TLS 1.3 by reading from data socket.

• bpo-34399: Update all RSA keys and DH params to use at least 2048 bits.

• bpo-33746: Fix test_unittest when run in verbose mode.

• bpo-33901: Fix test_dbm_gnu on macOS with gdbm 1.15: add a larger value to make sure that the file size changes.

• bpo-33873: Fix a bug in regrtest that caused an extra test to run if –huntrleaks/-R was used. Exit with error in case that invalid parameters are specified to –huntrleaks/-R (at least one warmup run and one repetition must be used).

• bpo-32663: Making sure the SMTPUTF8SimTests class of tests gets run in test_smtplib.py.

Build

• bpo-34710: Fixed SSL module build with OpenSSL & pedantic CFLAGS.

• bpo-34582: Add JUnit XML output for regression tests and update Azure DevOps builds.

• bpo-34555: Fix for case where it was not possible to have both HAVE_LINUX_VM_SOCKETS_H and HAVE_SOCKADDR_ALG be undefined.

• bpo-34121: Fix detection of C11 atomic support on clang.

• bpo-30345: Add -g to LDFLAGS when compiling with LTO to get debug symbols.

• bpo-33648: The –with-c-locale-warning configuration flag has been removed. It has had no effect for about a year.

Windows

• bpo-34770: Fix a possible null pointer dereference in pyshellext.cpp.

• bpo-34603: Fix returning structs from functions produced by MSVC

• bpo-34581: Guard MSVC-specific code in socketmodule.c with #ifdef _MSC_VER.

• bpo-34062: Fixed the ‘–list’ and ‘–list-paths’ arguments for the py.exe launcher

• bpo-34225: Ensure INCLUDE and LIB directories do not end with a backslash.

• bpo-34006: Revert line length limit for Windows help docs. The line-length limit is not needed because the pages appear in a separate app rather than on a browser tab. It can also interact badly with the DPI setting.

• bpo-31546: Restore running PyOS_InputHook while waiting for user input at the prompt. The restores integration of interactive GUI windows (such as Matplotlib figures) with the prompt on Windows.

• bpo-30237: Output error when ReadConsole is canceled by CancelSynchronousIo instead of crashing.

• bpo-29097: Fix bug where datetime.fromtimestamp() erronously throws an OSError on Windows for values between 0 and 86400. Patch by Ammar Askar.

macOS

• bpo-34370: Have macOS 10.9+ installer builds for 3.7.1rc and 3.6.7rc use a development snapshot of Tk 8.6 (post-8.6.8) to mitigate certain scroller issues seen with IDLE and tkinter apps.

• bpo-34405: Update to OpenSSL 1.1.0i for macOS installer builds.

• bpo-33635: In macOS stat on some file descriptors (/dev/fd/3 f.e) will result in bad file descriptor OSError. Guard against this exception was added in is_dir, is_file and similar methods. DirEntry.is_dir can also throw this exception so _RecursiveWildcardSelector._iterate_directories was also extended with the same error ignoring pattern.

• bpo-31903: In _scproxy, drop the GIL when calling into SystemConfiguration to avoid deadlocks.

IDLE

• bpo-34548: Use configured color theme for read-only text views.

• bpo-1529353: Enable “squeezing” of long outputs in the shell, to avoid performance degradation and to clean up the history without losing it. Squeezed outputs may be copied, viewed in a separate window, and “unsqueezed”.

• bpo-34047: Fixed mousewheel scrolling direction on macOS.

• bpo-34275: Make IDLE calltips always visible on Mac. Some MacOS-tk combinations need .update_idletasks(). Patch by Kevin Walzer.

• bpo-34120: Fix unresponsiveness after closing certain windows and dialogs.

• bpo-33975: Avoid small type when running htests. Since part of the purpose of human-viewed tests is to determine that widgets look right, it is important that they look the same for testing as when running IDLE.

• bpo-33905: Add test for idlelib.stackview.StackBrowser.

• bpo-33924: Change mainmenu.menudefs key ‘windows’ to ‘window’. Every other menudef key is lowercase version of main menu entry.

• bpo-33906: Rename idlelib.windows as window Match Window on the main menu and remove last plural module name.

• bpo-33917: Fix and document idlelib/idle_test/template.py. The revised file compiles, runs, and tests OK. idle_test/README.txt explains how to use it to create new IDLE test files.

• bpo-33904: IDLE: In rstrip, rename class RstripExtension as Rstrip

• bpo-33907: For consistency and clarity, rename an IDLE module and classes. Module calltips and its class CallTips are now calltip and Calltip. In module calltip_w, class CallTip is now CalltipWindow.

• bpo-33856: Add “help” in the welcome message of IDLE

• bpo-33839: IDLE: refactor ToolTip and CallTip and add documentation and tests

• bpo-33855: Minimally test all IDLE modules. Add missing files, import module, instantiate classes, and check coverage. Check existing files.

Tools/Demos

• bpo-32962: python-gdb now catches UnicodeDecodeError exceptions when calling string().

• bpo-32962: python-gdb now catches ValueError on read_var(): when Python has no debug symbols for example.

C API

• bpo-34247: Fix Py_Initialize() regression introduced in 3.7.0: read environment variables like PYTHONOPTIMIZE.

• bpo-23927: Fixed SystemError in PyArg_ParseTupleAndKeywords() when the w* format unit is used for optional parameter.

• bpo-34008: Py_Main() can again be called after Py_Initialize(), as in Python 3.6.

Python 3.7.0 final

Release date: 2018-06-27

Library

• bpo-33851: Fix ast.get_docstring() for a node that lacks a docstring.

C API

• bpo-33932: Calling Py_Initialize() twice does nothing, instead of failing with a fatal error: restore the Python 3.6 behaviour.

Python 3.7.0 release candidate 1

Release date: 2018-06-12

Core and Builtins

• bpo-33803: Fix a crash in hamt.c caused by enabling GC tracking for an object that hadn’t all of its fields set to NULL.

• bpo-33706: Fix a crash in Python initialization when parsing the command line options. Thanks Christoph Gohlke for the bug report and the fix!

• bpo-30654: Fixed reset of the SIGINT handler to SIG_DFL on interpreter shutdown even when there was a custom handler set previously. Patch by Philipp Kerling.

• bpo-31849: Fix signed/unsigned comparison warning in pyhash.c.

Library

• bpo-30167: Prevent site.main() exception if PYTHONSTARTUP is set. Patch by Steve Weber.

• bpo-33812: Datetime instance d with non-None tzinfo, but with d.tzinfo.utcoffset(d) returning None is now treated as naive by the astimezone() method.

• bpo-30805: Avoid race condition with debug logging

• bpo-33694: asyncio: Fix a race condition causing data loss on pause_reading()/resume_reading() when using the ProactorEventLoop.

• bpo-32493: Correct test for uuid_enc_be availability in configure.ac. Patch by Michael Felt.

• bpo-33792: Add asyncio.WindowsSelectorEventLoopPolicy and asyncio.WindowsProactorEventLoopPolicy.

• bpo-33778: Update unicodedata’s database to Unicode version 11.0.0.

• bpo-33770: improve base64 exception message for encoded inputs of invalid length

• bpo-33769: asyncio/start_tls: Fix error message; cancel callbacks in case of an unhandled error; mark SSLTransport as closed if it is aborted.

• bpo-33767: The concatenation (+) and repetition (*) sequence operations now raise TypeError instead of SystemError when performed on mmap.mmap objects. Patch by Zackery Spytz.

• bpo-33734: asyncio/ssl: Fix AttributeError, increase default handshake timeout

• bpo-11874: Use a better regex when breaking usage into wrappable parts. Avoids bogus assertion errors from custom metavar strings.

• bpo-33582: Emit a deprecation warning for inspect.formatargspec

Documentation

• bpo-33409: Clarified the relationship between PEP 538’s PYTHONCOERCECLOCALE and PEP 540’s PYTHONUTF8 mode.

• bpo-33736: Improve the documentation of asyncio.open_connection(), asyncio.start_server() and their UNIX socket counterparts.

• bpo-31432: Clarify meaning of CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED flags for ssl.SSLContext.verify_mode.

Build

• bpo-5755: Move -Wstrict-prototypes option to CFLAGS_NODIST from OPT. This option emitted annoying warnings when building extension modules written in C++.

Windows

• bpo-33720: Reduces maximum marshal recursion depth on release builds.

IDLE

• bpo-33656: On Windows, add API call saying that tk scales for DPI. On Windows 8.1+ or 10, with DPI compatibility properties of the Python binary unchanged, and a monitor resolution greater than 96 DPI, this should make text and lines sharper. It should otherwise have no effect.

• bpo-33768: Clicking on a context line moves that line to the top of the editor window.

• bpo-33763: IDLE: Use read-only text widget for code context instead of label widget.

• bpo-33664: Scroll IDLE editor text by lines. Previously, the mouse wheel and scrollbar slider moved text by a fixed number of pixels, resulting in partial lines at the top of the editor box. The change also applies to the shell and grep output windows, but not to read-only text views.

• bpo-33679: Enable theme-specific color configuration for Code Context. Use the Highlights tab to see the setting for built-in themes or add settings to custom themes.

• bpo-33642: Display up to maxlines non-blank lines for Code Context. If there is no current context, show a single blank line.

Python 3.7.0 beta 5

Release date: 2018-05-30

Core and Builtins

• bpo-33622: Fixed a leak when the garbage collector fails to add an object with the __del__ method or referenced by it into the gc.garbage list. PyGC_Collect() can now be called when an exception is set and preserves it.

• bpo-33509: Fix module_globals parameter of warnings.warn_explicit(): don’t crash if module_globals is not a dict.

• bpo-20104: The new os.posix_spawn added in 3.7.0b1 was removed as we are still working on what the API should look like. Expect this in 3.8 instead.

• bpo-33475: Fixed miscellaneous bugs in converting annotations to strings and optimized parentheses in the string representation.

• bpo-33391: Fix a leak in set_symmetric_difference().

• bpo-28055: Fix unaligned accesses in siphash24(). Patch by Rolf Eike Beer.

• bpo-32911: Due to unexpected compatibility issues discovered during downstream beta testing, reverted bpo-29463. docstring field is removed from Module, ClassDef, FunctionDef, and AsyncFunctionDef ast nodes which was added in 3.7a1. Docstring expression is restored as a first statement in their body. Based on patch by Inada Naoki.

• bpo-21983: Fix a crash in ctypes.cast() in case the type argument is a ctypes structured data type. Patch by Eryk Sun and Oren Milman.

Library

• bpo-32751: When cancelling the task due to a timeout, asyncio.wait_for() will now wait until the cancellation is complete.

• bpo-32684: Fix gather to propagate cancellation of itself even with return_exceptions.

• bpo-33654: Support protocol type switching in SSLTransport.set_protocol().

• bpo-33674: Pause the transport as early as possible to further reduce the risk of data_received() being called before connection_made().

• bpo-33674: Fix a race condition in SSLProtocol.connection_made() of asyncio.sslproto: start immediately the handshake instead of using call_soon(). Previously, data_received() could be called before the handshake started, causing the handshake to hang or fail.

• bpo-31647: Fixed bug where calling write_eof() on a _SelectorSocketTransport after it’s already closed raises AttributeError.

• bpo-32610: Make asyncio.all_tasks() return only pending tasks.

• bpo-32410: Avoid blocking on file IO in sendfile fallback code

• bpo-33469: Fix RuntimeError after closing loop that used run_in_executor

• bpo-33672: Fix Task.__repr__ crash with Cython’s bogus coroutines

• bpo-33654: Fix transport.set_protocol() to support switching between asyncio.Protocol and asyncio.BufferedProtocol. Fix loop.start_tls() to work with asyncio.BufferedProtocols.

• bpo-33652: Pickles of type variables and subscripted generics are now future-proof and compatible with older Python versions.

• bpo-32493: Fixed uuid.uuid1() on FreeBSD.

• bpo-33618: Finalize and document preliminary and experimental TLS 1.3 support with OpenSSL 1.1.1

• bpo-33623: Fix possible SIGSGV when asyncio.Future is created in __del__

• bpo-30877: Fixed a bug in the Python implementation of the JSON decoder that prevented the cache of parsed strings from clearing after finishing the decoding. Based on patch by c-fos.

• bpo-33570: Change TLS 1.3 cipher suite settings for compatibility with OpenSSL 1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 ciphers enabled by default.

• bpo-28556: Do not simplify arguments to typing.Union. Now Union[Manager, Employee] is not simplified to Employee at runtime. Such simplification previously caused several bugs and limited possibilities for introspection.

• bpo-33540: Add a new block_on_close class attribute to ForkingMixIn and ThreadingMixIn classes of socketserver.

• bpo-33548: tempfile._candidate_tempdir_list should consider common TEMP locations

• bpo-33109: argparse subparsers are once again not required by default, reverting the change in behavior introduced by bpo-26510 in 3.7.0a2.