xref: /external/python/cpython2/Misc/NEWS.d/2.7.15rc1.rst

.. bpo: 32997
.. date: 2018-03-05-10-14-42
.. nonce: hp2s8n
.. release date: 2018-04-14
.. section: Security

A regex in fpformat was vulnerable to catastrophic backtracking. This regex
was a potential DOS vector (REDOS). Based on typical uses of fpformat the
risk seems low. The regex has been refactored and is now safe. Patch by
Jamie Davis.

..

.. bpo: 32981
.. date: 2018-03-02-10-24-52
.. nonce: O_qDyj
.. section: Security

Regexes in difflib and poplib were vulnerable to catastrophic backtracking.
These regexes formed potential DOS vectors (REDOS). They have been
refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch by Jamie
Davis.

..

.. bpo: 31339
.. date: 2017-09-04-21-24-51
.. nonce: YSczZN
.. section: Security

Rewrite time.asctime() and time.ctime(). Backport and adapt the _asctime()
function from the master branch to not depend on the implementation of
asctime() and ctime() from the external C library. This change fixes a bug
when Python is run using the musl C library.

..

.. bpo: 30730
.. date: 060
.. nonce: rJsyTH
.. original section: Library
.. section: Security

Prevent environment variables injection in subprocess on Windows.  Prevent
passing other environment variables and command arguments.

..

.. bpo: 30694
.. date: 059
.. nonce: WkMWM_
.. original section: Library
.. section: Security

Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security
vulnerabilities including: CVE-2017-9233 (External entity infinite loop
DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix
regression bugs from 2.2.0's fix to CVE-2016-0718) and CVE-2012-0876
(Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use
os-specific entropy sources like getrandom) doesn't impact Python, since Python
already gets entropy from the OS to set the expat secret using
``XML_SetHashSalt()``.

..

.. bpo: 30500
.. date: 058
.. nonce: j5KrEp
.. original section: Library
.. section: Security

Fix urllib.splithost() to correctly parse fragments. For example,
``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the
``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an
authentification (``login@host``).

..

.. bpo: 29591
.. date: 057
.. nonce: ExKblw
.. original section: Library
.. section: Security

Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and
CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more
information.

..

.. bpo: 33026
.. date: 2018-03-08-09-48-38
.. nonce: QZA3Ba
.. section: Core and Builtins

Fixed jumping out of "with" block by setting f_lineno.

..

.. bpo: 17288
.. date: 2018-02-27-13-36-21
.. nonce: Gdj24S
.. section: Core and Builtins

Prevent jumps from 'return' and 'exception' trace events.

..

.. bpo: 18533
.. date: 2017-12-13-16-46-23
.. nonce: Dlk8d7
.. section: Core and Builtins

``repr()`` on a dict containing its own ``viewvalues()`` or ``viewitems()``
no longer raises ``RuntimeError``.  Instead, use ``...``, as for other
recursive structures.  Patch by Ben North.

..

.. bpo: 10544
.. date: 2017-11-27-08-37-34
.. nonce: 07nioT
.. section: Core and Builtins

Yield expressions are now deprecated in comprehensions and generator
expressions when checking Python 3 compatibility. They are still permitted
in the definition of the outermost iterable, as that is evaluated directly
in the enclosing scope.

..

.. bpo: 32137
.. date: 2017-11-26-14-36-30
.. nonce: Stj5nL
.. section: Core and Builtins

The repr of deeply nested dict now raises a RecursionError instead of
crashing due to a stack overflow.

..

.. bpo: 20047
.. date: 2017-10-28-19-11-05
.. nonce: GuNAto
.. section: Core and Builtins

Bytearray methods partition() and rpartition() now accept only bytes-like
objects as separator, as documented.  In particular they now raise TypeError
rather of returning a bogus result when an integer is passed as a separator.

..

.. bpo: 31733
.. date: 2017-10-09-15-46-37
.. nonce: pIf17N
.. section: Core and Builtins

Add a new PYTHONSHOWREFCOUNT environment variable. In debug mode, Python now
only print the total reference count if PYTHONSHOWREFCOUNT is set.

..

.. bpo: 31692
.. date: 2017-10-09-11-03-13
.. nonce: 5-bpdk
.. section: Core and Builtins

Add a new PYTHONSHOWALLOCCOUNT environment variable. When Python is compiled
with COUNT_ALLOCS, PYTHONSHOWALLOCCOUNT now has to be set to dump allocation
counts into stderr on shutdown. Moreover, allocations statistics are now
dumped into stderr rather than stdout.

..

.. bpo: 31478
.. date: 2017-10-01-18-59-40
.. nonce: owtqoO
.. section: Core and Builtins

Prevent unwanted behavior in `_random.Random.seed()` in case the argument
has a bad ``__abs__()`` method. Patch by Oren Milman.

..

.. bpo: 31530
.. date: 2017-09-20-18-28-09
.. nonce: CdLOM7
.. section: Core and Builtins

Fixed crashes when iterating over a file on multiple threads.

..

.. bpo: 31490
.. date: 2017-09-16-13-32-35
.. nonce: r7m2sj
.. section: Core and Builtins

Fix an assertion failure in `ctypes` class definition, in case the class has
an attribute whose name is specified in ``_anonymous_`` but not in
``_fields_``. Patch by Oren Milman.

..

.. bpo: 31411
.. date: 2017-09-11-08-50-41
.. nonce: HZz82I
.. section: Core and Builtins

Raise a TypeError instead of SystemError in case warnings.onceregistry is
not a dictionary. Patch by Oren Milman.

..

.. bpo: 31343
.. date: 2017-09-04-14-57-27
.. nonce: Kl_fS5
.. section: Core and Builtins

Include sys/sysmacros.h for major(), minor(), and makedev(). GNU C libray
plans to remove the functions from sys/types.h.

..

.. bpo: 31311
.. date: 2017-08-31-17-52-56
.. nonce: bNE2l-
.. section: Core and Builtins

Fix a crash in the ``__setstate__()`` method of `ctypes._CData`, in case of
a bad ``__dict__``. Patch by Oren Milman.

..

.. bpo: 31243
.. date: 2017-08-29-14-24-34
.. nonce: tr0E4V
.. section: Core and Builtins

Fix a crash in some methods of `io.TextIOWrapper`, when the decoder's state
is invalid. Patch by Oren Milman.

..

.. bpo: 31095
.. date: 2017-08-01-18-48-30
.. nonce: bXWZDb
.. section: Core and Builtins

Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call
``PyObject_GC_UnTrack()``.

..

.. bpo: 30657
.. date: 073
.. nonce: Q_r7JJ
.. section: Core and Builtins

Fixed possible integer overflow in PyString_DecodeEscape. Patch by Jay
Bosamiya.

..

.. bpo: 27945
.. date: 072
.. nonce: p29r3O
.. section: Core and Builtins

Fixed various segfaults with dict when input collections are mutated during
searching, inserting or comparing.  Based on patches by Duane Griffin and
Tim Mitchell.

..

.. bpo: 25794
.. date: 071
.. nonce: j0nJ5x
.. section: Core and Builtins

Fixed type.__setattr__() and type.__delattr__() for non-interned or unicode
attribute names.  Based on patch by Eryk Sun.

..

.. bpo: 29935
.. date: 070
.. nonce: 2ZTSxR
.. section: Core and Builtins

Fixed error messages in the index() method of tuple and list when pass
indices of wrong type.

..

.. bpo: 28598
.. date: 069
.. nonce: QxbzQn
.. section: Core and Builtins

Support __rmod__ for subclasses of str being called before str.__mod__.
Patch by Martijn Pieters.

..

.. bpo: 29602
.. date: 068
.. nonce: qyyskC
.. section: Core and Builtins

Fix incorrect handling of signed zeros in complex constructor for complex
subclasses and for inputs having a __complex__ method. Patch by Serhiy
Storchaka.

..

.. bpo: 29347
.. date: 067
.. nonce: 1RPPGN
.. section: Core and Builtins

Fixed possibly dereferencing undefined pointers when creating weakref
objects.

..

.. bpo: 14376
.. date: 066
.. nonce: xrKNqX
.. section: Core and Builtins

Allow sys.exit to accept longs as well as ints. Patch by Gareth Rees.

..

.. bpo: 29028
.. date: 065
.. nonce: BxGcd9
.. section: Core and Builtins

Fixed possible use-after-free bugs in the subscription of the buffer object
with custom index object.

..

.. bpo: 29145
.. date: 064
.. nonce: 2x5NOb
.. section: Core and Builtins

Fix overflow checks in string, bytearray and unicode. Patch by jan matejek
and Xiang Zhang.

..

.. bpo: 28932
.. date: 063
.. nonce: QnLx8A
.. section: Core and Builtins

Do not include <sys/random.h> if it does not exist.

..

.. bpo: 33096
.. date: 2018-03-25-13-18-16
.. nonce: ofdbe7
.. section: Library

Allow ttk.Treeview.insert to insert iid that has a false boolean value. Note
iid=0 and iid=False would be same. Patch by Garvit Khatri.

..

.. bpo: 33127
.. date: 2018-03-24-15-08-24
.. nonce: olJmHv
.. section: Library

The ssl module now compiles with LibreSSL 2.7.1.

..

.. bpo: 30622
.. date: 2018-02-24-21-40-42
.. nonce: dQjxSe
.. section: Library

The ssl module now detects missing NPN support in LibreSSL.

..

.. bpo: 21060
.. date: 2018-02-17-19-20-19
.. nonce: S1Z-x6
.. section: Library

Rewrite confusing message from setup.py upload from "No dist file created in
earlier command" to the more helpful "Must create and upload files in one
command".

..

.. bpo: 30157
.. date: 2018-02-09-14-44-43
.. nonce: lEiiAK
.. section: Library

Fixed guessing quote and delimiter in csv.Sniffer.sniff() when only the last
field is quoted.  Patch by Jake Davis.

..

.. bpo: 32647
.. date: 2018-02-05-13-31-42
.. nonce: ktmfR_
.. section: Library

The ctypes module used to depend on indirect linking for dlopen. The shared
extension is now explicitly linked against libdl on platforms with dl.

..

.. bpo: 32304
.. date: 2018-01-21-16-33-53
.. nonce: TItrNv
.. section: Library

distutils' upload command no longer corrupts tar files ending with a CR
byte, and no longer tries to convert CR to CRLF in any of the upload text
fields.

..

.. bpo: 31848
.. date: 2018-01-18-23-34-17
.. nonce: M2cldy
.. section: Library

Fix the error handling in Aifc_read.initfp() when the SSND chunk is not
found. Patch by Zackery Spytz.

..

.. bpo: 32521
.. date: 2018-01-15-12-53-13
.. nonce: IxX4Ba
.. section: Library

The nis module is now compatible with new libnsl and headers location.

..

.. bpo: 32539
.. date: 2018-01-12-09-20-22
.. nonce: D7AbdE
.. section: Library

Fix ``OSError`` for ``os.listdir`` with deep paths (starting with ``\\?\``)
on windows.  Patch by Anthony Sottile.

..

.. bpo: 32521
.. date: 2018-01-08-18-02-33
.. nonce: Kh-KoN
.. section: Library

glibc has removed Sun RPC. Use replacement libtirpc headers and library in
nis module.

..

.. bpo: 18035
.. date: 2017-12-29-15-16-56
.. nonce: c6rdCt
.. section: Library

``telnetlib``: ``select.error`` doesn't have an ``errno`` attribute. Patch
by Segev Finer.

..

.. bpo: 32185
.. date: 2017-12-20-09-25-10
.. nonce: IL0cMt
.. section: Library

The SSL module no longer sends IP addresses in SNI TLS extension on
platforms with OpenSSL 1.0.2+ or inet_pton.

..

.. bpo: 32186
.. date: 2017-11-30-20-33-22
.. nonce: O42bVe
.. section: Library

Creating io.FileIO() and builtin file() objects now release the GIL when
checking the file descriptor. io.FileIO.readall(), io.FileIO.read(), and
file.read() now release the GIL when getting the file size.  Fixed hang of
all threads with inaccessible NFS server.  Patch by Nir Soffer.

..

.. bpo: 32110
.. date: 2017-11-22-09-44-15
.. nonce: VJa9bo
.. section: Library

``codecs.StreamReader.read(n)`` now returns not more than *n*
characters/bytes for non-negative *n*. This makes it compatible with
``read()`` methods of other file-like objects.

..

.. bpo: 21149
.. date: 2017-11-10-17-19-24
.. nonce: 8UVfeT
.. section: Library

Silence a `'NoneType' object is not callable` in `_removeHandlerRef` error
that could happen when a logging Handler is destroyed as part of cyclic
garbage collection during process shutdown.

..

.. bpo: 31764
.. date: 2017-11-08-11-02-01
.. nonce: gtlhKj
.. section: Library

Prevent a crash in ``sqlite3.Cursor.close()`` in case the ``Cursor`` object
is uninitialized. Patch by Oren Milman.

..

.. bpo: 31955
.. date: 2017-11-07-19-12-25
.. nonce: 1DWu-S
.. section: Library

Fix CCompiler.set_executable() of distutils to handle properly Unicode
strings.

..

.. bpo: 9678
.. date: 2017-11-03-22-05-47
.. nonce: oD51q6
.. section: Library

Fixed determining the MAC address in the uuid module:

* Using ifconfig on NetBSD and OpenBSD.
* Using arp on Linux, FreeBSD, NetBSD and OpenBSD.

Based on patch by Takayuki Shimizukawa.

..

.. bpo: 30057
.. date: 2017-11-03-19-11-43
.. nonce: NCaijI
.. section: Library

Fix potential missed signal in signal.signal().

..

.. bpo: 31927
.. date: 2017-11-02-18-26-40
.. nonce: 40K6kp
.. section: Library

Fixed reading arbitrary data when parse a AF_BLUETOOTH address on NetBSD and
DragonFly BSD.

..

.. bpo: 27666
.. date: 2017-11-01-18-13-42
.. nonce: j2zRnF
.. section: Library

Fixed stack corruption in curses.box() and curses.ungetmouse() when the size
of types chtype or mmask_t is less than the size of C long.  curses.box()
now accepts characters as arguments.  Based on patch by Steve Fink.

..

.. bpo: 25720
.. date: 2017-10-29-17-52-40
.. nonce: vSvb5h
.. section: Library

Fix the method for checking pad state of curses WINDOW. Patch by Masayuki
Yamamoto.

..

.. bpo: 31893
.. date: 2017-10-29-13-51-01
.. nonce: 8LZKEz
.. section: Library

Fixed the layout of the kqueue_event structure on OpenBSD and NetBSD. Fixed
the comparison of the kqueue_event objects.

..

.. bpo: 31891
.. date: 2017-10-29-11-23-24
.. nonce: 9kAPha
.. section: Library

Fixed building the curses module on NetBSD.

..

.. bpo: 30058
.. date: 2017-10-12-19-00-53
.. nonce: cENtry
.. section: Library

Fixed buffer overflow in select.kqueue.control().

..

.. bpo: 31770
.. date: 2017-10-12-18-45-38
.. nonce: GV3MPx
.. section: Library

Prevent a crash when calling the ``__init__()`` method of a
``sqlite3.Cursor`` object more than once. Patch by Oren Milman.

..

.. bpo: 31728
.. date: 2017-10-11-13-05-19
.. nonce: XrVMME
.. section: Library

Prevent crashes in `_elementtree` due to unsafe cleanup of `Element.text`
and `Element.tail`. Patch by Oren Milman.

..

.. bpo: 31752
.. date: 2017-10-11-00-45-01
.. nonce: DhWevN
.. section: Library

Fix possible crash in timedelta constructor called with custom integers.

..

.. bpo: 31681
.. date: 2017-10-03-15-41-08
.. nonce: sOJMKV
.. section: Library

Fix pkgutil.get_data to avoid leaking open files.

..

.. bpo: 31675
.. date: 2017-10-03-15-06-24
.. nonce: Nh7jJ3
.. section: Library

Fixed memory leaks in Tkinter's methods splitlist() and split() when pass a
string larger than 2 GiB.

..

.. bpo: 30806
.. date: 2017-09-29
.. nonce: lP5GrH
.. section: Library

Fix the string representation of a netrc object.

..

.. bpo: 30347
.. date: 2017-09-25-14-04-30
.. nonce: B4--_D
.. section: Library

Stop crashes when concurrently iterate over itertools.groupby() iterators.

..

.. bpo: 25732
.. date: 2017-09-25-13-10-08
.. nonce: RWWgzg
.. section: Library

`functools.total_ordering()` now implements the `__ne__` method.

..

.. bpo: 31351
.. date: 2017-09-17-15-24-25
.. nonce: yQdKv-
.. section: Library

python -m ensurepip now exits with non-zero exit code if pip bootstrapping
has failed.

..

.. bpo: 31544
.. date: 2017-09-13-19-55-35
.. nonce: beTh6t
.. section: Library

The C accelerator module of ElementTree ignored exceptions raised when
looking up TreeBuilder target methods in XMLParser().

..

.. bpo: 31455
.. date: 2017-09-13-19-55-35
.. nonce: beTh6t
.. section: Library

The C accelerator module of ElementTree ignored exceptions raised when
looking up TreeBuilder target methods in XMLParser().

..

.. bpo: 25404
.. date: 2017-09-08-11-04-10
.. nonce: pXetCl
.. section: Library

SSLContext.load_dh_params() now supports non-ASCII path.

..

.. bpo: 28958
.. date: 2017-09-06-19-41-01
.. nonce: x4-K5F
.. section: Library

ssl.SSLContext() now uses OpenSSL error information when a context cannot be
instantiated.

..

.. bpo: 27448
.. date: 2017-09-05-10-55-50
.. nonce: QdAqzZ
.. section: Library

Work around a `gc.disable()` race condition in the `subprocess` module that
could leave garbage collection disabled when multiple threads are spawning
subprocesses at once.  Users are *strongly encouraged* to use the
`subprocess32` module from PyPI on Python 2.7 instead, it is much more
reliable.

..

.. bpo: 31170
.. date: 2017-09-04-23-41-35
.. nonce: QGmJ1t
.. section: Library

expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
characters for UTF-8 input (libexpat bug 115):
https://github.com/libexpat/libexpat/issues/115

..

.. bpo: 29136
.. date: 2017-09-04-16-39-49
.. nonce: vSn1oR
.. section: Library

Add TLS 1.3 cipher suites and OP_NO_TLSv1_3.

..

.. bpo: 31334
.. date: 2017-09-04-00-22-31
.. nonce: 9WYRfi
.. section: Library

Fix ``poll.poll([timeout])`` in the ``select`` module for arbitrary negative
timeouts on all OSes where it can only be a non-negative integer or -1.
Patch by Riccardo Coccioli.

..

.. bpo: 10746
.. date: 2017-08-28-13-01-05
.. nonce: nmAvfu
.. section: Library

Fix ctypes producing wrong PEP 3118 type codes for integer types.

..

.. bpo: 30102
.. date: 2017-08-16-21-14-31
.. nonce: 1sPqmc
.. section: Library

The ssl and hashlib modules now call OPENSSL_add_all_algorithms_noconf() on
OpenSSL < 1.1.0. The function detects CPU features and enables optimizations
on some CPU architectures such as POWER8. Patch is based on research from
Gustavo Serra Scalet.

..

.. bpo: 30502
.. date: 2017-07-27-11-33-58
.. nonce: GJlfU8
.. section: Library

Fix handling of long oids in ssl.  Based on patch by Christian Heimes.

..

.. bpo: 25684
.. date: 2017-07-17-11-35-00
.. nonce: usELVx
.. section: Library

Change ``ttk.OptionMenu`` radiobuttons to be unique across instances of
``OptionMenu``.

..

.. bpo: 29169
.. date: 062
.. nonce: 8ypApm
.. section: Library

Update zlib to 1.2.11.

..

.. bpo: 30746
.. date: 061
.. nonce: 7drQI0
.. section: Library

Prohibited the '=' character in environment variable names in
``os.putenv()`` and ``os.spawn*()``.

..

.. bpo: 30418
.. date: 055
.. nonce: EwISQm
.. section: Library

On Windows, subprocess.Popen.communicate() now also ignore EINVAL on
stdin.write() if the child process is still running but closed the pipe.

..

.. bpo: 30378
.. date: 054
.. nonce: R_19_5
.. section: Library

Fix the problem that logging.handlers.SysLogHandler cannot handle IPv6
addresses.

..

.. bpo: 29960
.. date: 053
.. nonce: g0wr3r
.. section: Library

Preserve generator state when _random.Random.setstate() raises an exception.
Patch by Bryan Olson.

..

.. bpo: 30310
.. date: 052
.. nonce: SAkE6e
.. section: Library

tkFont now supports unicode options (e.g. font family).

..

.. bpo: 30414
.. date: 051
.. nonce: jGl1Lb
.. section: Library

multiprocessing.Queue._feed background running thread do not break from main
loop on exception.

..

.. bpo: 30003
.. date: 050
.. nonce: BOl9HE
.. section: Library

Fix handling escape characters in HZ codec.  Based on patch by Ma Lin.

..

.. bpo: 30375
.. date: 049
.. nonce: 9c8qM7
.. section: Library

Warnings emitted when compile a regular expression now always point to the
line in the user code.  Previously they could point into inners of the re
module if emitted from inside of groups or conditionals.

..

.. bpo: 30363
.. date: 048
.. nonce: l6J41Y
.. section: Library

Running Python with the -3 option now warns about regular expression syntax
that is invalid or has different semantic in Python 3 or will change the
behavior in future Python versions.

..

.. bpo: 30365
.. date: 047
.. nonce: eDwdmC
.. section: Library

Running Python with the -3 option now emits deprecation warnings for
getchildren() and getiterator() methods of the Element class in the
xml.etree.cElementTree module and when pass the html argument to
xml.etree.ElementTree.XMLParser().

..

.. bpo: 30365
.. date: 046
.. nonce: XVP7_M
.. section: Library

Fixed a deprecation warning about the doctype() method of the
xml.etree.ElementTree.XMLParser class.  Now it is emitted only when define
the doctype() method in the subclass of XMLParser.

..

.. bpo: 30329
.. date: 045
.. nonce: Yb1MTr
.. section: Library

imaplib now catchs the Windows socket WSAEINVAL error (code 10022) on
shutdown(SHUT_RDWR): An invalid operation was attempted. This error occurs
sometimes on SSL connections.

..

.. bpo: 30342
.. date: 044
.. nonce: 87Qgur
.. section: Library

Fix sysconfig.is_python_build() if Python is built with Visual Studio 2008
(VS 9.0).

..

.. bpo: 29990
.. date: 043
.. nonce: HWV6KE
.. section: Library

Fix range checking in GB18030 decoder.  Original patch by Ma Lin.

..

.. bpo: 30243
.. date: 042
.. nonce: RHQt0v
.. section: Library

Removed the __init__ methods of _json's scanner and encoder. Misusing them
could cause memory leaks or crashes.  Now scanner and encoder objects are
completely initialized in the __new__ methods.

..

.. bpo: 26293
.. date: 041
.. nonce: wig0YG
.. section: Library

Change resulted because of zipfile breakage. (See also: bpo-29094)

..

.. bpo: 30070
.. date: 040
.. nonce: XM_B41
.. section: Library

Fixed leaks and crashes in errors handling in the parser module.

..

.. bpo: 30061
.. date: 039
.. nonce: ilxNPt
.. section: Library

Fixed crashes in IOBase methods next() and readlines() when readline() or
next() respectively return non-sizeable object. Fixed possible other errors
caused by not checking results of PyObject_Size(), PySequence_Size(), or
PyMapping_Size().

..

.. bpo: 30011
.. date: 038
.. nonce: 2MLfQj
.. section: Library

Fixed race condition in HTMLParser.unescape().

..

.. bpo: 30068
.. date: 037
.. nonce: n4q47r
.. section: Library

_io._IOBase.readlines will check if it's closed first when hint is present.

..

.. bpo: 27863
.. date: 036
.. nonce: pPYHHI
.. section: Library

Fixed multiple crashes in ElementTree caused by race conditions and wrong
types.

..

.. bpo: 29942
.. date: 035
.. nonce: CsGNuT
.. section: Library

Fix a crash in itertools.chain.from_iterable when encountering long runs of
empty iterables.

..

.. bpo: 29861
.. date: 034
.. nonce: t2ZoRK
.. section: Library

Release references to tasks, their arguments and their results as soon as
they are finished in multiprocessing.Pool.

..

.. bpo: 27880
.. date: 033
.. nonce: elFFAF
.. section: Library

Fixed integer overflow in cPickle when pickle large strings or too many
objects.

..

.. bpo: 29110
.. date: 032
.. nonce: IBWuZ2
.. section: Library

Fix file object leak in aifc.open() when file is given as a filesystem path
and is not in valid AIFF format. Original patch by Anthony Zhang.

..

.. bpo: 29354
.. date: 031
.. nonce: TH2vMX
.. section: Library

Fixed inspect.getargs() for parameters which are cell variables.

..

.. bpo: 29335
.. date: 030
.. nonce: _KC7IK
.. section: Library

Fix subprocess.Popen.wait() when the child process has exited to a stopped
instead of terminated state (ex: when under ptrace).

..

.. bpo: 29219
.. date: 029
.. nonce: kxui7t
.. section: Library

Fixed infinite recursion in the repr of uninitialized ctypes.CDLL instances.

..

.. bpo: 29082
.. date: 028
.. nonce: D5Xs7F
.. section: Library

Fixed loading libraries in ctypes by unicode names on Windows. Original
patch by Chi Hsuan Yen.

..

.. bpo: 29188
.. date: 027
.. nonce: RI3v1Q
.. section: Library

Support glibc 2.24 on Linux: don't use getentropy() function but read from
/dev/urandom to get random bytes, for example in os.urandom(). On Linux,
getentropy() is implemented which getrandom() is blocking mode, whereas
os.urandom() should not block.

..

.. bpo: 29142
.. date: 026
.. nonce: _FTyvm
.. section: Library

In urllib, suffixes in no_proxy environment variable with leading dots could
match related hostnames again (e.g. .b.c matches a.b.c). Patch by Milan
Oberkirch.

..

.. bpo: 13051
.. date: 025
.. nonce: YzC1Te
.. section: Library

Fixed recursion errors in large or resized curses.textpad.Textbox.  Based on
patch by Tycho Andersen.

..

.. bpo: 9770
.. date: 024
.. nonce: WJJnwP
.. section: Library

curses.ascii predicates now work correctly with negative integers.

..

.. bpo: 28427
.. date: 023
.. nonce: vUd-va
.. section: Library

old keys should not remove new values from WeakValueDictionary when
collecting from another thread.

..

.. bpo: 28998
.. date: 022
.. nonce: NfBgmb
.. section: Library

More APIs now support longs as well as ints.

..

.. bpo: 28923
.. date: 021
.. nonce: _hrXiL
.. section: Library

Remove editor artifacts from Tix.py, including encoding not recognized by
codecs.lookup.

..

.. bpo: 29019
.. date: 020
.. nonce: MO2AeR
.. section: Library

Fix dict.fromkeys(x) overallocates when x is sparce dict. Original patch by
Rasmus Villemoes.

..

.. bpo: 19542
.. date: 019
.. nonce: 5tCkaK
.. section: Library

Fix bugs in WeakValueDictionary.setdefault() and WeakValueDictionary.pop()
when a GC collection happens in another thread.

..

.. bpo: 28925
.. date: 018
.. nonce: 9zLygi
.. section: Library

cPickle now correctly propagates errors when unpickle instances of old-style
classes.

..

.. bpo: 27212
.. date: 2018-03-22-19-23-04
.. nonce: wrE5KR
.. section: Documentation

Modify documentation for the :func:`islice` recipe to consume initial values
up to the start index.

..

.. bpo: 32800
.. date: 2018-02-10-15-16-04
.. nonce: FyrqCk
.. section: Documentation

Update link to w3c doc for xml default namespaces.

..

.. bpo: 17799
.. date: 2018-01-22-21-13-46
.. nonce: rdZ-Vk
.. section: Documentation

Explain real behaviour of sys.settrace and sys.setprofile and their C-API
counterparts regarding which type of events are received in each function.
Patch by Pablo Galindo Salgado.

..

.. bpo: 8243
.. date: 2018-01-13-20-30-53
.. nonce: s98r28
.. section: Documentation

Add a note about curses.addch and curses.addstr exception behavior when
writing outside a window, or pad.

..

.. bpo: 21649
.. date: 2017-09-06-10-11-57
.. nonce: EUvqA9
.. section: Documentation

Add RFC 7525 and Mozilla server side TLS links to SSL documentation.

..

.. bpo: 30176
.. date: 017
.. nonce: VivmCg
.. section: Documentation

Add missing attribute related constants in curses documentation.

..

.. bpo: 28929
.. date: 016
.. nonce: Md7kb0
.. section: Documentation

Link the documentation to its source file on GitHub.

..

.. bpo: 26355
.. date: 015
.. nonce: SDq_8Y
.. section: Documentation

Add canonical header link on each page to corresponding major version of the
documentation. Patch by Matthias Bussonnier.

..

.. bpo: 12067
.. date: 014
.. nonce: 8RbyOz
.. section: Documentation

Rewrite Comparisons section in the Expressions chapter of the language
reference. Some of the details of comparing mixed types were incorrect or
ambiguous. Added default behaviour and consistency suggestions for
user-defined classes. Based on patch from Andy Maier.

..

.. bpo: 31719
.. date: 2017-10-06-22-37-38
.. nonce: gHyrV3
.. section: Tests

Fix test_regrtest.test_crashed() on s390x. Add a new _testcapi._read_null()
function to crash Python in a reliable way on s390x. On s390x,
ctypes.string_at(0) returns an empty string rather than crashing.

..

.. bpo: 31518
.. date: 2017-09-19-20-48-50
.. nonce: KwTMMz
.. section: Tests

Debian Unstable has disabled TLS 1.0 and 1.1 for SSLv23_METHOD(). Change
TLS/SSL protocol of some tests to PROTOCOL_TLS or PROTOCOL_TLSv1_2 to make
them pass on Debian.

..

.. bpo: 25674
.. date: 2017-09-04-13-03-55
.. nonce: whVTXh
.. section: Tests

Remove sha256.tbs-internet.com ssl test

..

.. bpo: 11790
.. date: 007
.. nonce: 0actZf
.. section: Tests

Fix sporadic failures in test_multiprocessing.WithProcessesTestCondition.

..

.. bpo: 30236
.. date: 006
.. nonce: vOYTDq
.. section: Tests

Backported test.regrtest options -m/--match and -G/--failfast from Python 3.

..

.. bpo: 30223
.. date: 005
.. nonce: TYC9rA
.. section: Tests

To unify running tests in Python 2.7 and Python 3, the test package can be
run as a script.  This is equivalent to running the test.regrtest module as
a script.

..

.. bpo: 30207
.. date: 004
.. nonce: EiRhGi
.. section: Tests

To simplify backports from Python 3, the test.test_support module was
converted into a package and renamed to test.support.  The
test.script_helper module was moved into the test.support package. Names
test.test_support and test.script_helper are left as aliases to test.support
and test.support.script_helper.

..

.. bpo: 30197
.. date: 003
.. nonce: hajYvd
.. section: Tests

Enhanced function swap_attr() in the test.test_support module. It now works
when delete replaced attribute inside the with statement.  The old value of
the attribute (or None if it doesn't exist) now will be assigned to the
target of the "as" clause, if there is one. Also backported function
swap_item().

..

.. bpo: 28087
.. date: 002
.. nonce: m8dc4R
.. section: Tests

Skip test_asyncore and test_eintr poll failures on macOS. Skip some tests of
select.poll when running on macOS due to unresolved issues with the
underlying system poll function on some macOS versions.

..

.. bpo: 15083
.. date: 001
.. nonce: Tz3ZZm
.. section: Tests

Convert ElementTree doctests to unittests.

..

.. bpo: 33163
.. date: 2018-03-28-04-15-03
.. nonce: hfpWuU
.. section: Build

Upgrade pip to 9.0.3 and setuptools to v39.0.1.

..

.. bpo: 32616
.. date: 2018-02-07-11-24-38
.. nonce: o7mFJ3
.. section: Build

Disable computed gotos by default for clang < 5.0. It caused significant
performance regression.

..

.. bpo: 32635
.. date: 2018-01-23-15-33-40
.. nonce: qHwIZy
.. section: Build

Fix segfault of the crypt module when libxcrypt is provided instead of
libcrypt at the system.

..

.. bpo: 31934
.. date: 2017-11-03-15-17-50
.. nonce: 8bUlpv
.. section: Build

Abort the build when building out of a not clean source tree.

..

.. bpo: 31474
.. date: 2017-09-14-19-38-19
.. nonce: 0s_mpD
.. section: Build

Fix -Wint-in-bool-context warnings in PyMem_MALLOC and PyMem_REALLOC macros

..

.. bpo: 29243
.. date: 013
.. nonce: WDK4hT
.. section: Build

Prevent unnecessary rebuilding of Python during ``make test``, ``make
install`` and some other make targets when configured with
``--enable-optimizations``.

..

.. bpo: 23404
.. date: 012
.. nonce: PdYVWg
.. section: Build

Don't regenerate generated files based on file modification time anymore:
the action is now explicit. Replace ``make touch`` with ``make regen-all``.

..

.. bpo: 27593
.. date: 011
.. nonce: v87xEr
.. section: Build

sys.version and the platform module python_build(), python_branch(), and
python_revision() functions now use git information rather than hg when
building from a repo.

..

.. bpo: 29643
.. date: 010
.. nonce: 4DrjEB
.. section: Build

Fix ``--enable-optimization`` configure option didn't work.

..

.. bpo: 29572
.. date: 009
.. nonce: iZ1XKK
.. section: Build

Update Windows build and OS X installers to use OpenSSL 1.0.2k.

..

.. bpo: 28768
.. date: 008
.. nonce: b9_a6E
.. section: Build

Fix implicit declaration of function _setmode. Patch by Masayuki Yamamoto

..

.. bpo: 33184
.. date: 2018-04-14-14-50-01
.. nonce: to0tIj
.. section: Windows

Update Windows build to use OpenSSL 1.0.2o.

..

.. bpo: 32903
.. date: 2018-02-28-11-03-24
.. nonce: 1SXY4t
.. section: Windows

Fix a memory leak in os.chdir() on Windows if the current directory is set
to a UNC path.

..

.. bpo: 30855
.. date: 2017-11-24-18-18-31
.. nonce: Sowf7j
.. section: Windows

Bump Tcl/Tk to 8.5.19.

..

.. bpo: 30450
.. date: 2017-09-04-14-00-37
.. nonce: YwitaJ
.. section: Windows

Pull build dependencies from GitHub rather than svn.python.org.

..

.. bpo: 32726
.. date: 2018-04-14-08-56-20
.. nonce: Mticyn
.. section: macOS

Provide an additional, more modern macOS installer variant that supports
macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied third-party
libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+ installer now
supplies its own private copy of Tcl/Tk 8.6.8.

..

.. bpo: 24414
.. date: 2018-04-14-08-55-36
.. nonce: Z5A1cS
.. section: macOS

Default macOS deployment target is now set by ``configure`` to the build
system's OS version (as is done by Python 3), not ``10.4``; override with,
for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``.

..

.. bpo: 17128
.. date: 2018-04-14-08-54-31
.. nonce: mRkb0w
.. section: macOS

All 2.7 macOS installer variants now supply their own version of ``OpenSSL
1.0.2``; the Apple-supplied SSL libraries and root certificates are not
longer used.  The ``Installer Certificate`` command in
``/Applications/Python 2.7`` may be used to download and install a default
set of root certificates from the third-party ``certifi`` package.

..

.. bpo: 11485
.. date: 2018-04-14-08-49-40
.. nonce: oALntE
.. section: macOS

python.org macOS Pythons no longer supply a default SDK value (e.g.
``-isysroot /``) or specific compiler version default (e.g. ``gcc-4.2``)
when building extension modules.  Use ``CC``, ``SDKROOT``, and
``DEVELOPER_DIR`` environment variables to override compilers or to use an
SDK.  See Apple's ``xcrun`` man page for more info.

..

.. bpo: 33184
.. date: 2018-04-07-00-58-50
.. nonce: rMTiqu
.. section: macOS

Update macOS installer build to use OpenSSL 1.0.2o.

..

.. bpo: 31920
.. date: 2018-03-26-18-54-24
.. nonce: u_WKsT
.. section: Tools/Demos

Fixed handling directories as arguments in the ``pygettext`` script. Based
on patch by Oleg Krasnikov.

..

.. bpo: 30109
.. date: 2018-02-12-14-27-01
.. nonce: lIYlaf
.. section: Tools/Demos

Fixed Tools/scripts/reindent.py for non-ASCII files. It now processes files
as binary streams. This also fixes "make reindent".

..

.. bpo: 24960
.. date: 2017-12-22-09-25-51
.. nonce: TGdAgO
.. section: Tools/Demos

2to3 and lib2to3 can now read pickled grammar files using pkgutil.get_data()
rather than probing the filesystem. This lets 2to3 and lib2to3 work when run
from a zipfile.

..

.. bpo: 20891
.. date: 2017-11-30-18-13-45
.. nonce: wBnMdF
.. section: C API

Fix PyGILState_Ensure(). When PyGILState_Ensure() is called in a non-Python
thread before PyEval_InitThreads(), only call PyEval_InitThreads() after
calling PyThreadState_New() to fix a crash.

..

.. bpo: 31626
.. date: 2017-11-07-11-59-44
.. nonce: LP-CoD
.. section: C API

When Python is built in debug mode, the memory debug hooks now fail with a
fatal error if realloc() fails to shrink a memory block, because the debug
hook just erased freed bytes without keeping a copy of them.