Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Software-update: Python 3.5.4 / 3.4.7

Door , 5 reacties, bron: Python Insider

16-08-2017 • 17:23

5 Linkedin Google+

Bron: Python Insider

Python logo (60 pix)Python is een objectgeoriënteerde programmeertaal die kan worden gebruikt om eenvoudige tot complexe, platformonafhankelijke applicaties te ontwikkelen. Het is in de jaren negentig ontworpen door Guido van Rossum, die destijds in Amsterdam voor het CWI werkte. Guido, die tegenwoordig voor Dropbox werkt, is nog steeds betrokken bij de ontwikkeling van Python. Het ontwikkelteam heeft de versies 3.5.4 en 3.4.7 uitgegeven. De veranderingen van deze uitgaves zien er als volgt uit:

Python 3.5.4 final

Library
  • bpo-30119: ftplib.FTP.putline() now throws ValueError on commands that contains CR or LF. Patch by Dong-hee Na.
Python 3.5.4 release candidate 1

Security
  • bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
  • bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
  • bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
  • bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
Core and Builtins
  • bpo-30876: Relative import from unloaded package now reimports the package instead of failing with SystemError. Relative import from non-package now fails with ImportError rather than SystemError.
  • bpo-30765: Avoid blocking in pthread_mutex_lock() when PyThread_acquire_lock() is asked not to block.
  • bpo-27945: Fixed various segfaults with dict when input collections are mutated during searching, inserting or comparing. Based on patches by Duane Griffin and Tim Mitchell.
  • bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non- interned attribute names. Based on patch by Eryk Sun.
  • bpo-29935: Fixed error messages in the index() method of tuple, list and deque when pass indices of wrong type.
  • bpo-28876: bool(range) works even if len(range) raises OverflowError.
  • bpo-29600: Fix wrapping coroutine return values in StopIteration.
  • bpo-29537: Restore runtime compatibility with bytecode files generated by CPython 3.5.0 to 3.5.2, and adjust the eval loop to avoid the problems that could be caused by the malformed variant of the BUILD_MAP_UNPACK_WITH_CALL opcode that they may contain. Patch by Petr Viktorin, Serhiy Storchaka, and Nick Coghlan.
  • bpo-28598: Support __rmod__ for subclasses of str being called before str.__mod__. Patch by Martijn Pieters.
  • bpo-29602: Fix incorrect handling of signed zeros in complex constructor for complex subclasses and for inputs having a __complex__ method. Patch by Serhiy Storchaka.
  • bpo-29347: Fixed possibly dereferencing undefined pointers when creating weakref objects.
  • bpo-29438: Fixed use-after-free problem in key sharing dict.
  • bpo-29319: Prevent RunMainFromImporter overwriting sys.path[0].
  • bpo-29337: Fixed possible BytesWarning when compare the code objects. Warnings could be emitted at compile time.
  • bpo-29478: If max_line_length=None is specified while using the Compat32 policy, it is no longer ignored. Patch by Mircea Cosbuc.
Library
  • bpo-29403: Fix unittest.mock’s autospec to not fail on method-bound builtin functions. Patch by Aaron Gallagher.
  • bpo-30961: Fix decrementing a borrowed reference in tracemalloc.
  • bpo-30886: Fix multiprocessing.Queue.join_thread(): it now waits until the thread completes, even if the thread was started by the same process which created the queue.
  • bpo-29854: Fix segfault in readline when using readline’s history-size option. Patch by Nir Soffer.
  • bpo-30807: signal.setitimer() may disable the timer when passed a tiny value. Tiny values (such as 1e-6) are valid non-zero values for setitimer(), which is specified as taking microsecond-resolution intervals. However, on some platform, our conversion routine could convert 1e-6 into a zero interval, therefore disabling the timer instead of (re-)scheduling it.
  • bpo-30441: Fix bug when modifying os.environ while iterating over it
  • bpo-30532: Fix email header value parser dropping folding white space in certain cases.
  • bpo-29169: Update zlib to 1.2.11.
  • bpo-30879: os.listdir() and os.scandir() now emit bytes names when called with bytes- like argument.
  • bpo-30746: Prohibited the ‘=’ character in environment variable names in os.putenv() and os.spawn*().
  • bpo-29755: Fixed the lgettext() family of functions in the gettext module. They now always return bytes.
  • bpo-30645: Fix path calculation in imp.load_package(), fixing it for cases when a package is only shipped with bytecodes. Patch by Alexandru Ardelean.
  • bpo-23890: unittest.TestCase.assertRaises() now manually breaks a reference cycle to not keep objects alive longer than expected.
  • bpo-30149: inspect.signature() now supports callables with variable- argument parameters wrapped with partialmethod. Patch by Dong-hee Na.
  • bpo-29931: Fixed comparison check for ipaddress.ip_interface objects. Patch by Sanjay Sundaresan.
  • bpo-24484: Avoid race condition in multiprocessing cleanup.
  • bpo-28994: The traceback no longer displayed for SystemExit raised in a callback registered by atexit.
  • bpo-30508: Don’t log exceptions if Task/Future “cancel()” method was called.
  • bpo-28556: Updates to typing module: Add generic AsyncContextManager, add support for ContextManager on all versions. Original PRs by Jelle Zijlstra and Ivan Levkivskyi
  • bpo-29870: Fix ssl sockets leaks when connection is aborted in asyncio/ssl implementation. Patch by Michaël Sghaïer.
  • bpo-29743: Closing transport during handshake process leaks open socket. Patch by Nikolay Kim
  • bpo-27585: Fix waiter cancellation in asyncio.Lock. Patch by Mathieu Sornay.
  • bpo-30418: On Windows, subprocess.Popen.communicate() now also ignore EINVAL on stdin.write() if the child process is still running but closed the pipe.
  • bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot handle IPv6 addresses.
  • bpo-29960: Preserve generator state when _random.Random.setstate() raises an exception. Patch by Bryan Olson.
  • bpo-30414: multiprocessing.Queue._feed background running thread do not break from main loop on exception.
  • bpo-30003: Fix handling escape characters in HZ codec. Based on patch by Ma Lin.
  • bpo-30301: Fix AttributeError when using SimpleQueue.empty() under spawn and forkserver start methods.
  • bpo-30329: imaplib and poplib now catch the Windows socket WSAEINVAL error (code 10022) on shutdown(SHUT_RDWR): An invalid operation was attempted. This error occurs sometimes on SSL connections.
  • bpo-30375: Warnings emitted when compile a regular expression now always point to the line in the user code. Previously they could point into inners of the re module if emitted from inside of groups or conditionals.
  • bpo-30048: Fixed Task.cancel() can be ignored when the task is running coroutine and the coroutine returned without any more await.
  • bpo-29990: Fix range checking in GB18030 decoder. Original patch by Ma Lin.
  • bpo-26293: Change resulted because of zipfile breakage. (See also: bpo-29094)
  • bpo-30243: Removed the __init__ methods of _json’s scanner and encoder. Misusing them could cause memory leaks or crashes. Now scanner and encoder objects are completely initialized in the __new__ methods.
  • bpo-30185: Avoid KeyboardInterrupt tracebacks in forkserver helper process when Ctrl-C is received.
  • bpo-28556: Various updates to typing module: add typing.NoReturn type, use WrapperDescriptorType, minor bug-fixes. Original PRs by Jim Fasarakis- Hilliard and Ivan Levkivskyi.
  • bpo-30205: Fix getsockname() for unbound AF_UNIX sockets on Linux.
  • bpo-30070: Fixed leaks and crashes in errors handling in the parser module.
  • bpo-30061: Fixed crashes in IOBase methods __next__() and readlines() when readline() or __next__() respectively return non-sizeable object. Fixed possible other errors caused by not checking results of PyObject_Size(), PySequence_Size(), or PyMapping_Size().
  • bpo-30068: _io._IOBase.readlines will check if it’s closed first when hint is present.
  • bpo-29694: Fixed race condition in pathlib mkdir with flags parents=True. Patch by Armin Rigo.
  • bpo-29692: Fixed arbitrary unchaining of RuntimeError exceptions in contextlib.contextmanager. Patch by Siddharth Velankar.
  • bpo-29998: Pickling and copying ImportError now preserves name and path attributes.
  • bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering long runs of empty iterables.
  • bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions and wrong types.
  • bpo-28699: Fixed a bug in pools in multiprocessing.pool that raising an exception at the very first of an iterable may swallow the exception or make the program hang. Patch by Davin Potts and Xiang Zhang.
  • bpo-25803: Avoid incorrect errors raised by Path.mkdir(exist_ok=True) when the OS gives priority to errors such as EACCES over EEXIST.
  • bpo-29861: Release references to tasks, their arguments and their results as soon as they are finished in multiprocessing.Pool.
  • bpo-29884: faulthandler: Restore the old sigaltstack during teardown. Patch by Christophe Zeitouny.
  • bpo-25455: Fixed crashes in repr of recursive buffered file-like objects.
  • bpo-29800: Fix crashes in partial.__repr__ if the keys of partial.keywords are not strings. Patch by Michael Seifert.
  • bpo-29742: get_extra_info() raises exception if get called on closed ssl transport. Patch by Nikolay Kim.
  • bpo-8256: Fixed possible failing or crashing input() if attributes “encoding” or “errors” of sys.stdin or sys.stdout are not set or are not strings.
  • bpo-28298: Fix a bug that prevented array ‘Q’, ‘L’ and ‘I’ from accepting big intables (objects that have __int__) as elements. Patch by Oren Milman.
  • bpo-29615: SimpleXMLRPCDispatcher no longer chains KeyError (or any other exception) to exception(s) raised in the dispatched methods. Patch by Petr Motejlek.
  • bpo-29704: asyncio.subprocess.SubprocessStreamProtocol no longer closes before all pipes are closed.
  • bpo-29703: Fix asyncio to support instantiation of new event loops in child processes.
  • bpo-29376: Fix assertion error in threading._DummyThread.is_alive().
  • bpo-29110: Fix file object leak in aifc.open() when file is given as a filesystem path and is not in valid AIFF format. Patch by Anthony Zhang.
  • bpo-28961: Fix unittest.mock._Call helper: don’t ignore the name parameter anymore. Patch written by Jiajun Huang.
  • bpo-29532: Altering a kwarg dictionary passed to functools.partial() no longer affects a partial object after creation.
  • bpo-28556: Various updates to typing module: typing.Counter, typing.ChainMap, improved ABC caching, etc. Original PRs by Jelle Zijlstra, Ivan Levkivskyi, Manuel Krebber, and Łukasz Langa.
  • bpo-29100: Fix datetime.fromtimestamp() regression introduced in Python 3.6.0: check minimum and maximum years.
  • bpo-29519: Fix weakref spewing exceptions during interpreter shutdown when used with a rare combination of multiprocessing and custom codecs.
  • bpo-29416: Prevent infinite loop in pathlib.Path.mkdir
  • bpo-29444: Fixed out-of-bounds buffer access in the group() method of the match object. Based on patch by WGH.
  • bpo-29335: Fix subprocess.Popen.wait() when the child process has exited to a stopped instead of terminated state (ex: when under ptrace).
  • bpo-29290: Fix a regression in argparse that help messages would wrap at non-breaking spaces.
  • bpo-28735: Fixed the comparison of mock.MagickMock with mock.ANY.
  • bpo-29011: Fix an important omission by adding Deque to the typing module.
  • bpo-29219: Fixed infinite recursion in the repr of uninitialized ctypes.CDLL instances.
  • bpo-28969: Fixed race condition in C implementation of functools.lru_cache. KeyError could be raised when cached function with full cache was simultaneously called from differen threads with the same uncached arguments.
  • bpo-29142: In urllib.request, suffixes in no_proxy environment variable with leading dots could match related hostnames again (e.g. .b.c matches a.b.c). Patch by Milan Oberkirch.
Documentation
  • bpo-30176: Add missing attribute related constants in curses documentation.
  • bpo-26985: Add missing info of code object in inspect documentation.
  • bpo-28929: Link the documentation to its source file on GitHub.
  • bpo-25008: Document smtpd.py as effectively deprecated and add a pointer to aiosmtpd, a third-party asyncio-based replacement.
  • bpo-26355: Add canonical header link on each page to corresponding major version of the documentation. Patch by Matthias Bussonnier.
  • bpo-29349: Fix Python 2 syntax in code for building the documentation.
Tests
  • bpo-30822: Fix regrtest command line parser to allow passing -u extralargefile to run test_zipfile64.
  • bpo-30383: regrtest: Enhance regrtest and backport features from the master branch.
    • Add options: –coverage, –testdir, –list-tests (list test files, don’t run them), –list-cases (list test identifiers, don’t run them, bpo-30523), –matchfile (load a list of test filters from a text file, bpo-30540), –slowest (alias to –slow).
    • Enhance output: add timestamp, test result, currently running tests, “Tests result: xxx” summary with total duration, etc.
    • Fix reference leak hunting in regrtest, –huntrleaks: regrtest now warms up caches, create explicitly all internal singletons which are created on demand to prevent false positives when checking for reference leaks. (bpo-30675).
  • bpo-30357: test_thread: setUp() now uses support.threading_setup() and support.threading_cleanup() to wait until threads complete to avoid random side effects on following tests. Initial patch written by Grzegorz Grzywacz.
  • bpo-28087: Skip test_asyncore and test_eintr poll failures on macOS. Skip some tests of select.poll when running on macOS due to unresolved issues with the underlying system poll function on some macOS versions.
  • bpo-30197: Enhanced functions swap_attr() and swap_item() in the test.support module. They now work when delete replaced attribute or item inside the with statement. The old value of the attribute or item (or None if it doesn’t exist) now will be assigned to the target of the “as” clause, if there is one.
  • bpo-29571: to match the behaviour of the re.LOCALE flag, test_re.test_locale_flag now uses locale.getpreferredencoding(False) to determine the candidate encoding for the test regex (allowing it to correctly skip the test when the default locale encoding is a multi-byte encoding)
Build
  • bpo-29243: Prevent unnecessary rebuilding of Python during make test, make install and some other make targets when configured with --enable- optimizations.
  • bpo-23404: Don’t regenerate generated files based on file modification time anymore: the action is now explicit. Replace make touch with make regen-all.
  • bpo-29643: Fix --enable-optimization didn’t work.
Windows
  • bpo-30687: Locate msbuild.exe on Windows when building rather than vcvarsall.bat
  • bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
C API
  • bpo-27867: Function PySlice_GetIndicesEx() is replaced with a macro if Py_LIMITED_API is set to the value between 0x03050400 and 0x03060000 (not including) or 0x03060100 or higher.
  • bpo-29083: Fixed the declaration of some public API functions. PyArg_VaParse() and PyArg_VaParseTupleAndKeywords() were not available in limited API. PyArg_ValidateKeywordArguments(), PyArg_UnpackTuple() and Py_BuildValue() were not available in limited API of version < 3.3 when PY_SSIZE_T_CLEAN is defined.
Python 3.4.7 release candidate 1

Security
  • bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
  • bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
  • bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
  • bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
  • bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.
Core and Builtins
  • bpo-26617: Fix crash when GC runs during weakref callbacks.
  • bpo-27945: Fixed various segfaults with dict when input collections are mutated during searching, inserting or comparing. Based on patches by Duane Griffin and Tim Mitchell.
Library
  • bpo-27850: Remove 3DES from ssl module’s default cipher list to counter measure sweet32 attack (CVE-2016-2183).
Documentation
  • bpo-25008: Document smtpd.py as effectively deprecated and add a pointer to aiosmtpd, a third-party asyncio-based replacement.
Versienummer 3.5.4 / 3.4.7
Releasestatus Final
Besturingssystemen Windows 7, Linux, BSD, macOS, Solaris, UNIX, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10
Website Python Insider
Download https://www.python.org/downloads/
Licentietype Voorwaarden (GNU/BSD/etc.)

Update-historie

Reacties (5)

Wijzig sortering
Ik weet weinig van Python maar kan iemand me uitleggen hoe er tegenlijk 2 versies kunnen uitkomen met verschillende versienummers?
Goede vraag, en matty geeft ook een goede logische verklaring.

Het werkt hetzelfde als bij de ontwikkeling van de Linux kernel.

De 3.x reeks heeft diverse stable trees. De minor (dus 3.x.y) is een doorontwikkeling op die tree. Dat doet ter zake omdat sommige distributies of software gemaakt is voor die major (dus 3.x.*, bijv 3.6.2), en die minors zijn naar ik aanneem ook binary compatible met elkaar. Veel (maar niet alle) bugfixes zullen gebackport worden.

Dus [fictief voorbeeld] stel je zit op 3.8.4 en 3.7.9 dan zullen allerlei bugfixes er voor zorgen dat het 3.8.5 wordt, en de backported bugfixes zorgen er voor dat je dan 3.7.10 krijgt. De reden dat je 3.8.4 en 3.7.9 had was dat 3.7 reeks eerder gestart is, voor de 3.8 reeks bestond. En dat is dan ook het antwoord op jouw vraag.

Het is veel werk, maar uiteindelijk wel nuttig werk dat tijd bespaard en de stabiliteit van systemen ten goede komt.

[Reactie gewijzigd door Jerie op 17 augustus 2017 00:17]

Bedankt voor de duidelijke uitleg. Maar betekent dit dan automatisch dat er een kans is dat code geschreven in 3.4.7 noet werkt in 3.5.4 aangezien het verschillende trees zijn?
Code geschreven in 3.4.7 is inderdaad mogelijk niet compatible met 3.5.x.

Hoe waarschijnlijk dat is, weet ik niet.

Ik zou zeggen dat het onwaarschijnlijker is dan incompatibilities tussen 2.* en 3.*

Het zal ook sneller gebeuren tussen bijv:

3.4.x <-> 3.6.x

dan

3.4.x. <-> 3.5.x of 3.5.x <-> 3.6.x

Omdat de verschillen tussen de majors groter zijn.

Het enige dat je eigenlijk moet onthouden is dat bij x.y.z x en y de features aangeven, en z bug en reliability fixes.

Heeft tot gevolg dat bijv 3.4.7 qua features niet dichter bij 3.5.0 zit dan 3.4.0. Qua bugfixes is het zelfs mogelijk dat 3.4.7 dichter bij bijv 3.5.2 zit dan bij 3.5.0.

[Reactie gewijzigd door Jerie op 17 augustus 2017 23:00]

Misschien bugfixes zonder breaking api changes.

Op dit item kan niet meer gereageerd worden.


Apple iPhone X Google Pixel 2 XL LG W7 Samsung Galaxy S8 Google Pixel 2 Sony Bravia A1 OLED Microsoft Xbox One X Apple iPhone 8

© 1998 - 2017 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Hardware.Info de Persgroep Online Services B.V. Hosting door True

*