Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1658271 - Update Python 3 to 3.6.8
Summary: Update Python 3 to 3.6.8
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: python3
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Charalampos Stratakis
QA Contact: Jan Kepler
URL:
Whiteboard:
Depends On:
Blocks: 1602668 1634784 1639501 1641686
TreeView+ depends on / blocked
 
Reported: 2018-12-11 16:33 UTC by Charalampos Stratakis
Modified: 2019-06-14 02:04 UTC (History)
8 users (show)

Fixed In Version: python3-3.6.8-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-14 02:04:51 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
Notes on changes between Python 3.6.7 and 3.6.8 (21.91 KB, text/plain)
2019-01-02 15:20 UTC, Petr Viktorin
no flags Details

Description Charalampos Stratakis 2018-12-11 16:33:21 UTC
Python 3.6.8 will be the last bugfix release of the python 3.6 series.

We should update to it, as it will fix numerous issues without breaking backwards compatibility.

The final release is expected by the end of January.

Comment 11 Petr Viktorin 2019-01-02 15:17:14 UTC
The upstream policy regarding what goes into 3.6 is very, very close to RHEL8. (They do fix more bugs, because they get more bug reports.)
Taking advantage of that, and aligning RHEL8's Python with upstream 3.6, would make our work easier in the future.

I went through all the commits between 3.6.7 and 3.6.8, and skimmed the changed code. I was less thorough on patches by Red Hatters (Victor Stinner, Christian Heimes, Charris Stratakis) -- I trust they are bugfixes only, and I'll verify with them directly when they get back from (sometimes extended) end-of-year PTO.

There are many doc- and test-only changes. There are also many correctness fixes, often found by static analyzers like Coverity & clang memory sanitizer. (Of course, many of those don't have known reproducers.)

Three can be considered new features -- CPython upstream does have exceptions to the "no fixes rule".
Should we open BZs for them and hunt for exception flags?
These are:

* https://bugs.python.org/issue34866 CGI DOS vulnerability via long post list
Security related -- an extra argument is added to cgi.FieldStorage, which can be used to mitigate DOS attacks in popular Web frameworks (pyramid, pylons, webapp2, and flask)

* https://bugs.python.org/issue31715 Add mimetype for extension .mjs
Possibly the most controversial – worth reading the upstream discussion to see upstream views on their "bug fixes only" policy. It got in as a special exception.

* https://bugs.python.org/issue34966 Pydoc: better support of method aliases
Changes behavior of pydoc, the tool for viewing built-in help. Extremely unlikely to affect production code.


Other changes worth noting:

* https://bugs.python.org/issue35226 mock.call equality surprisingly broken
This might be considered borderline between bugfix and new feature, and includes more refactoring than I'd like in a bugfix release.

* https://bugs.python.org/issue34574 OrderedDict iterators are exhausted during pickling
Changes behavior of pickling OrderedDict iterators, but is definitely a fix of incorrect behavior. The old behavior made the affected iterator objects useless, which makes it very unlikely that code relied on it.

* https://bugs.python.org/issue35214 Get the test suite passing with clang Memory Sanitizer enabled
Many changes fixing issues found by a static analyzer (clang MS). Includes some refactoring. Patch comes from Google.

* https://bugs.python.org/issue33029 Invalid function cast warnings with gcc 8 for getter and setter functions
* https://bugs.python.org/issue33012 Invalid function cast warnings with gcc 8 for METH_NOARGS
Many changes fixing issues found by a static analyzer (new GCC warning). The changes themselves are trivial, but there's a lot of them.

* https://bugs.python.org/issue34864 In Idle, Mac tabs make editor status line disappear.
Should be a macOS-only fix, but I couldn't verify that from a quick glance. Still, it's in IDLE, the basic code editor/graphical REPL. Extremely unlikely to affect production code.

* https://bugs.python.org/issue22005 datetime.__setstate__ fails decoding python2 pickle
The fix is longer than I'd like in a maintenance release, given that the bug it fixes is not that severe. OTOH, our customers will be happy for every python2/python3 compatibility wrinkle we can iron out.

Comment 12 Petr Viktorin 2019-01-02 15:20:06 UTC
Created attachment 1517968 [details]
Notes on changes between Python 3.6.7 and 3.6.8

Here are my notes, for reference.


Note You need to log in before you can comment on or make changes to this bug.