Library
-------
-- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
- will return. This resolves CVE-2013-1753.
++- Issue #23366: Fixed possible integer overflow in itertools.combinations.
+
-- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
- weakrefs.
+- Issue #23369: Fixed possible integer overflow in
+ _json.encode_basestring_ascii.
-- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
- 65536 bytes and send a 414 error code for higher lengths. Patch contributed
- by Devin Cook.
+- Issue #23353: Fix the exception handling of generators in
+ PyEval_EvalFrameEx(). At entry, save or swap the exception state even if
+ PyEval_EvalFrameEx() is called with throwflag=0. At exit, the exception state
+ is now always restored or swapped, not only if why is WHY_YIELD or
+ WHY_RETURN. Patch co-written with Antoine Pitrou.
-- Lax cookie parsing in http.cookies could be a security issue when combined
- with non-standard cookie handling in some Web browsers. Reported by
- Sergey Bobrov.
+- Issue #18518: timeit now rejects statements which can't be compiled outside
+ a function or a loop (e.g. "return" or "break").
-- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
- before checking for a CGI script at that path.
+- Issue #23094: Fixed readline with frames in Python implementation of pickle.
-- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second
- parameter. Bug reported by Guido Vranken.
+- Issue #23268: Fixed bugs in the comparison of ipaddress classes.
-- Issue #20633: Replace relative import by absolute import.
+- Issue #21408: Removed incorrect implementations of __ne__() which didn't
+ returned NotImplemented if __eq__() returned NotImplemented. The default
+ __ne__() now works correctly.
-- Issue #21082: In os.makedirs, do not set the process-wide umask. Note this
- changes behavior of makedirs when exist_ok=True.
+- Issue #19996: :class:`email.feedparser.FeedParser` now handles (malformed)
+ headers with no key rather than amusing the body has started.
-- Issue #20875: Prevent possible gzip "'read' is not defined" NameError.
- Patch by Claudiu Popa.
+- Issue #23248: Update ssl error codes from latest OpenSSL git master.
-- Issue #11599: When an external command (e.g. compiler) fails, distutils now
- prints out the whole command line (instead of just the command name) if the
- environment variable DISTUTILS_DEBUG is set.
+- Issue #23098: 64-bit dev_t is now supported in the os module.
-- Issue #4931: distutils should not produce unhelpful "error: None" messages
- anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
+- Issue #23250: In the http.cookies module, capitalize "HttpOnly" and "Secure"
+ as they are written in the standard.
-- Issue #20283: RE pattern methods now accept the string keyword parameters
- as documented. The pattern and source keyword parameters are left as
- deprecated aliases.
+- Issue #23063: In the disutils' check command, fix parsing of reST with code or
+ code-block directives.
-- Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
- broken by the fix for security issue #19435. Patch by Zach Byrne.
+- Issue #23209, #23225: selectors.BaseSelector.close() now clears its internal
+ reference to the selector mapping to break a reference cycle. Initial patch
+ written by Martin Richard.
-Tests
------
+- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
+ availability of the function is checked during the compilation. Patch written
+ by Bernard Spil.
-- Issue #17752: Fix distutils tests when run from the installed location.
+- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
+ uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
+ :data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
+ where :data:`~ssl.PROTOCOL_SSLv3` support is disabled.
-- Issue #20946: Correct alignment assumptions of some ctypes tests.
+- Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol
+ version.
-- Issue #20939: Fix test_geturl failure in test_urllibnet due to
- new redirect of http://www.python.org/ to https://www.python.org.
+- Issue #23132: Mitigate regression in speed and clarity in functools.total_ordering.
+- Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
+ instead of reading /dev/urandom, to get pseudo-random bytes.
-What's New in Python 3.3.5?
-===========================
+- Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and
+ fragment when it redirects to add a trailing slash.
-*Release date: 09-Mar-2014*
+- Issue #23093: In the io, module allow more operations to work on detached
+ streams.
-No changes from release candidate 2.
+- Issue #19104: pprint now produces evaluable output for wrapped strings.
+- Issue #23071: Added missing names to codecs.__all__. Patch by Martin Panter.
-What's New in Python 3.3.5 release candidate 2?
-===============================================
+- Issue #15513: Added a __sizeof__ implementation for pickle classes.
-*Release date: 02-Mar-2014*
+- Issue #19858: pickletools.optimize() now aware of the MEMOIZE opcode, can
+ produce more compact result and no longer produces invalid output if input
+ data contains MEMOIZE opcodes together with PUT or BINPUT opcodes.
-Core and Builtins
------------------
+- Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port
+ value in the host header was set to "None". Patch by Demian Brecht.
-- Issue #20731: Properly position in source code files even if they
- are opened in text mode. Patch by Serhiy Storchaka.
+- Issue #23016: A warning no longer produces an AttributeError when the program
+ is run with pythonw.exe.
-- Issue #19619: str.encode, bytes.decode and bytearray.decode now use an
- internal API to throw LookupError for known non-text encodings, rather
- than attempting the encoding or decoding operation and then throwing a
- TypeError for an unexpected output type. (The latter mechanism remains
- in place for third party non-text encodings)
+- Issue #21775: shutil.copytree(): fix crash when copying to VFAT. An exception
+ handler assumed that that OSError objects always have a 'winerror' attribute.
+ That is not the case, so the exception handler itself raised AttributeError
+ when run on Linux (and, presumably, any other non-Windows OS).
+ Patch by Greg Ward.
-Library
--------
+- Issue #1218234: Fix inspect.getsource() to load updated source of
+ reloaded module. Initial patch by Berker Peksag.
-- Issue #20778: Fix modulefinder to work with bytecode-only modules.
+- Issue #22959: In the constructor of http.client.HTTPSConnection, prefer the
+ context's check_hostname attribute over the *check_hostname* parameter.
-- Issue #20791: copy.copy() now doesn't make a copy when the input is
- a bytes object. Initial patch by Peter Otten.
+- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
+ will return. This resolves CVE-2013-1753.
-- Issue #20621: Fixes a zipimport bug introduced in 3.3.4 that could cause
- spurious crashes or SystemErrors when importing modules or packages from a
- zip file. The change causing the problem was reverted.
+- Issue #22966: Fix __pycache__ pyc file name clobber when pyc_compile is
+ asked to compile a source file containing multiple dots in the source file
+ name.
-- Issue #20404: io.TextIOWrapper (and hence the open() builtin) now uses the
- internal codec marking system added for issue #19619 to throw LookupError
- for known non-text encodings at stream construction time. The existing
- output type checks remain in place to deal with unmarked third party
- codecs.
+- Issue #21971: Update turtledemo doc and add module to the index.
-Tests
------
+- Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails.
+ Original patch by Martin Panter.
-- Issue #20743: Fix a reference leak in test_tcl.
+- Issue #22960: Add a context argument to xmlrpclib.ServerProxy constructor.
-Tools/Demos
------------
+- Issue #22915: SAX parser now supports files opened with file descriptor or
+ bytes path.
-- Issue #20535: PYTHONWARNING no longer affects the run_tests.py script.
- Patch by Arfrever Frehtes Taifersar Arahesis.
+- Issue #22609: Constructors and update methods of mapping classes in the
+ collections module now accept the self keyword argument.
+- Issue #22788: Add *context* parameter to logging.handlers.HTTPHandler.
-What's New in Python 3.3.5 release candidate 1?
-===============================================
+- Issue #22921: Allow SSLContext to take the *hostname* parameter even if
+ OpenSSL doesn't support SNI.
-*Release date: 23-Feb-2014*
+- Issue #22894: TestCase.subTest() would cause the test suite to be stopped
+ when in failfast mode, even in the absence of failures.
-Core and Builtins
------------------
+- Issue #22638: SSLv3 is now disabled throughout the standard library.
+ It can still be enabled by instantiating a SSLContext manually.
-- Issue #20588: Make Python-ast.c C89 compliant.
+- Issue #22370: Windows detection in pathlib is now more robust.
-- Issue #20437: Fixed 21 potential bugs when deleting objects references.
+- Issue #22841: Reject coroutines in asyncio add_signal_handler().
+ Patch by Ludovic.Gasc.
-- Issue #20538: UTF-7 incremental decoder produced inconsistant string when
- input was truncated in BASE64 section.
+- Issue #22849: Fix possible double free in the io.TextIOWrapper constructor.
-Library
--------
+- Issue #12728: Different Unicode characters having the same uppercase but
+ different lowercase are now matched in case-insensitive regular expressions.
-- Issue #20635: Fixed grid_columnconfigure() and grid_rowconfigure() methods of
- Tkinter widgets to work in wantobjects=True mode.
+- Issue #22821: Fixed fcntl() with integer argument on 64-bit big-endian
+ platforms.
-- Issue #19612: On Windows, subprocess.Popen.communicate() now ignores
- OSError(22, 'Invalid argument') when writing input data into stdin, whereas
- the process already exited.
+- Issue #22406: Fixed the uu_codec codec incorrectly ported to 3.x.
+ Based on patch by Martin Panter.
-- Issue #6815: os.path.expandvars() now supports non-ASCII environment
- variables names and values.
+- Issue #17293: uuid.getnode() now determines MAC address on AIX using netstat.
+ Based on patch by Aivars Kalvāns.
-- Issue #17671: Fixed a crash when use non-initialized io.BufferedRWPair.
- Based on patch by Stephen Tu.
+- Issue #22769: Fixed ttk.Treeview.tag_has() when called without arguments.
-- Issue #8478: Untokenizer.compat processes first token from iterator input.
- Patch based on lines from Georg Brandl, Eric Snow, and Gareth Rees.
+- Issue #22417: Verify certificates by default in httplib (PEP 476).
-- Issue #20594: Avoid name clash with the libc function posix_close.
+- Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2
+ and above. Patch by Tim Graham.
-- Issue #19856: shutil.move() failed to move a directory to other directory
- on Windows if source name ends with os.altsep.
+- Issue #22366: urllib.request.urlopen will accept a context object
+ (SSLContext) as an argument which will then used be for HTTPS connection.
+ Patch by Alex Gaynor.
-- Issue #14983: email.generator now always adds a line end after each MIME
- boundary marker, instead of doing so only when there is an epilogue. This
- fixes an RFC compliance bug and solves an issue with signed MIME parts.
+- Issue #22776: Brought excluded code into the scope of a try block in
+ SysLogHandler.emit().
-- Issue #20540: Fix a performance regression (vs. Python 3.2) when layering
- a multiprocessing Connection over a TCP socket. For small payloads, Nagle's
- algorithm would introduce idle delays before the entire transmission of a
- message.
+- Issue #22665: Add missing get_terminal_size and SameFileError to
+ shutil.__all__.
-- Issue #16983: the new email header parsing code will now decode encoded words
- that are (incorrectly) surrounded by quotes, and register a defect.
+- Issue #17381: Fixed handling of case-insensitive ranges in regular
+ expressions.
-- Issue #19772: email.generator no longer mutates the message object when
- doing a down-transform from 8bit to 7bit CTEs.
+- Issue #22410: Module level functions in the re module now cache compiled
+ locale-dependent regular expressions taking into account the locale.
-- Issue #18805: the netmask/hostmask parsing in ipaddress now more reliably
- filters out illegal values and correctly allows any valid prefix length.
+- Issue #22759: Query methods on pathlib.Path() (exists(), is_dir(), etc.)
+ now return False when the underlying stat call raises NotADirectoryError.
-- Issue #17369: get_filename was raising an exception if the filename
- parameter's RFC2231 encoding was broken in certain ways. This was
- a regression relative to python2.
+- Issue #8876: distutils now falls back to copying files when hard linking
+ doesn't work. This allows use with special filesystems such as VirtualBox
+ shared folders.
-- Issue #20013: Some imap servers disconnect if the current mailbox is
- deleted, and imaplib did not handle that case gracefully. Now it
- handles the 'bye' correctly.
+- Issue #18853: Fixed ResourceWarning in shlex.__nain__.
-- Issue #19920: TarFile.list() no longer fails when outputs a listing
- containing non-encodable characters. Based on patch by Vajrasky Kok.
+- Issue #9351: Defaults set with set_defaults on an argparse subparser
+ are no longer ignored when also set on the parent parser.
-- Issue #20515: Fix NULL pointer dereference introduced by issue #20368.
+- Issue #21991: Make email.headerregistry's header 'params' attributes
+ be read-only (MappingProxyType). Previously the dictionary was modifiable
+ but a new one was created on each access of the attribute.
-- Issue #19186: Restore namespacing of expat symbols inside the pyexpat module.
+- Issue #22641: In asyncio, the default SSL context for client connections
+ is now created using ssl.create_default_context(), for stronger security.
-- Issue #20426: When passing the re.DEBUG flag, re.compile() displays the
- debug output every time it is called, regardless of the compilation cache.
+- Issue #22435: Fix a file descriptor leak when SocketServer bind fails.
-- Issue #20368: The null character now correctly passed from Tcl to Python.
- Improved error handling in variables-related commands.
+- Issue #13096: Fixed segfault in CTypes POINTER handling of large
+ values.
-- Issue #20435: Fix _pyio.StringIO.getvalue() to take into account newline
- translation settings.
+- Issue #11694: Raise ConversionError in xdrlib as documented. Patch
+ by Filip Gruszczyński and Claudiu Popa.
-- Issue #20288: fix handling of invalid numeric charrefs in HTMLParser.
+- Issue #22462: Fix pyexpat's creation of a dummy frame to make it
+ appear in exception tracebacks.
-- Issue #20424: Python implementation of io.StringIO now supports lone surrogates.
+- Issue #21173: Fix len() on a WeakKeyDictionary when .clear() was called
+ with an iterator alive.
-- Issue #19456: ntpath.join() now joins relative paths correctly when a drive
- is present.
+- Issue #11866: Eliminated race condition in the computation of names
+ for new threads.
-- Issue #19077: tempfile.TemporaryDirectory cleanup is now most likely
- successful when called during nulling out of modules during shutdown.
- Misleading exception no longer raised when resource warning is emitted
- during shutdown.
+- Issue #21905: Avoid RuntimeError in pickle.whichmodule() when sys.modules
+ is mutated while iterating. Patch by Olivier Grisel.
-- Issue #20367: Fix behavior of concurrent.futures.as_completed() for
- duplicate arguments. Patch by Glenn Langford.
+- Issue #22219: The zipfile module CLI now adds entries for directories
+ (including empty directories) in ZIP file.
-- Issue #8260: The read(), readline() and readlines() methods of
- codecs.StreamReader returned incomplete data when were called after
- readline() or read(size). Based on patch by Amaury Forgeot d'Arc.
+- Issue #22449: In the ssl.SSLContext.load_default_certs, consult the
+ enviromental variables SSL_CERT_DIR and SSL_CERT_FILE on Windows.
+
+- Issue #20076: Added non derived UTF-8 aliases to locale aliases table.
+
+- Issue #20079: Added locales supported in glibc 2.18 to locale alias table.
+
+- Issue #22396: On 32-bit AIX platform, don't expose os.posix_fadvise() nor
+ os.posix_fallocate() because their prototypes in system headers are wrong.
+
+- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
+ weakrefs.
+
+- Issue #22448: Improve canceled timer handles cleanup to prevent
+ unbound memory usage. Patch by Joshua Moore-Oliva.
+
+- Issue #23009: Make sure selectors.EpollSelecrtor.select() works when no
+ FD is registered.
IDLE
----
projects / python / commitdiff