From: Serhiy Storchaka Date: Tue, 25 Oct 2016 07:13:43 +0000 (+0300) Subject: Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug build. X-Git-Tag: v3.6.0b3~61^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=839023f12cd589a25e7e9e2ee1ed64485ab45fd9;p=python Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug build. --- 839023f12cd589a25e7e9e2ee1ed64485ab45fd9 diff --cc Misc/NEWS index 8b99882436,513989afee..ff6025c479 --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -10,1375 -10,1328 +10,1378 @@@ Release date: TB Core and Builtins ----------------- + - Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug + build. + -Library -------- +- Issue #23782: Fixed possible memory leak in _PyTraceback_Add() and exception + loss in PyTraceBack_Here(). -- In the curses module, raise an error if window.getstr() or window.instr() is - passed a negative value. +- Issue #28379: Added sanity checks and tests for PyUnicode_CopyCharacters(). + Patch by Xiang Zhang. -- Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller. +- Issue #28376: The type of long range iterator is now registered as Iterator. + Patch by Oren Milman. -- Issue #27774: Fix possible Py_DECREF on unowned object in _sre. +- Issue #28376: The constructor of range_iterator now checks that step is not 0. + Patch by Oren Milman. -- Issue #27760: Fix possible integer overflow in binascii.b2a_qp. +- Issue #26906: Resolving special methods of uninitialized type now causes + implicit initialization of the type instead of a fail. -- Issue #27758: Fix possible integer overflow in the _csv module for large record - lengths. +- Issue #18287: PyType_Ready() now checks that tp_name is not NULL. + Original patch by Niklas Koep. -- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the - HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates - that the script is in CGI mode. +- Issue #24098: Fixed possible crash when AST is changed in process of + compiling it. -- Issue #27759: Fix selectors incorrectly retain invalid file descriptors. - Patch by Mark Williams. +- Issue #28350: String constants with null character no longer interned. -Build ------ +- Issue #26617: Fix crash when GC runs during weakref callbacks. -- Issue #28248: Update Windows build to use OpenSSL 1.0.2j. +- Issue #27942: String constants now interned recursively in tuples and frozensets. -Tests ------ +- Issue #21578: Fixed misleading error message when ImportError called with + invalid keyword args. -- Issue #27369: In test_pyexpat, avoid testing an error message detail that - changed in Expat 2.2.0. +- Issue #28203: Fix incorrect type in error message from + ``complex(1.0, {2:3})``. Patch by Soumya Sharma. +- Issue #27955: Fallback on reading /dev/urandom device when the getrandom() + syscall fails with EPERM, for example when blocked by SECCOMP. -What's New in Python 3.4.5? -=========================== +- Issue #28131: Fix a regression in zipimport's compile_source(). zipimport + should use the same optimization level as the interpreter. -Release date: 2016-06-26 +- Issue #25221: Fix corrupted result from PyLong_FromLong(0) when + Python is compiled with NSMALLPOSINTS = 0. -Tests ------ +- Issue #25758: Prevents zipimport from unnecessarily encoding a filename + (patch by Eryk Sun) -- Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test. +- Issue #28189: dictitems_contains no longer swallows compare errors. + (Patch by Xiang Zhang) +- Issue #27812: Properly clear out a generator's frame's backreference to the + generator to prevent crashes in frame.clear(). -What's New in Python 3.4.5rc1? -============================== +- Issue #27811: Fix a crash when a coroutine that has not been awaited is + finalized with warnings-as-errors enabled. -Release date: 2016-06-11 +- Issue #27587: Fix another issue found by PVS-Studio: Null pointer check + after use of 'def' in _PyState_AddModule(). + Initial patch by Christian Heimes. -Core and Builtins ------------------ +- Issue #26020: set literal evaluation order did not match documented behaviour. -- Issue #26478: Fix semantic bugs when using binary operators with dictionary - views and tuples. +- Issue #27782: Multi-phase extension module import now correctly allows the + ``m_methods`` field to be used to add module level functions to instances + of non-module types returned from ``Py_create_mod``. Patch by Xiang Zhang. -- Issue #26171: Fix possible integer overflow and heap corruption in - zipimporter.get_data(). +- Issue #27936: The round() function accepted a second None argument + for some types but not for others. Fixed the inconsistency by + accepting None for all numeric types. -Library -------- +- Issue #27487: Warn if a submodule argument to "python -m" or + runpy.run_module() is found in sys.modules after parent packages are + imported, but before the submodule is executed. -- Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283. +- Issue #27558: Fix a SystemError in the implementation of "raise" statement. + In a brand new thread, raise a RuntimeError since there is no active + exception to reraise. Patch written by Xiang Zhang. -- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team - Oststrom +- Issue #27419: Standard __import__() no longer look up "__import__" in globals + or builtins for importing submodules or "from import". Fixed handling an + error of non-string package name. -- Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates. +- Issue #27083: Respect the PYTHONCASEOK environment variable under Windows. -- Issue #26012: Don't traverse into symlinks for ** pattern in - pathlib.Path.[r]glob(). +- Issue #27514: Make having too many statically nested blocks a SyntaxError + instead of SystemError. -- Issue #24120: Ignore PermissionError when traversing a tree with - pathlib.Path.[r]glob(). Patch by Ulrich Petri. +- Issue #27473: Fixed possible integer overflow in bytes and bytearray + concatenations. Patch by Xiang Zhang. -- Skip getaddrinfo if host is already resolved. - Patch by A. Jesse Jiryu Davis. +- Issue #27507: Add integer overflow check in bytearray.extend(). Patch by + Xiang Zhang. -- Add asyncio.timeout() context manager. +- Issue #27581: Don't rely on wrapping for overflow check in + PySequence_Tuple(). Patch by Xiang Zhang. -- Issue #26050: Add asyncio.StreamReader.readuntil() method. - Patch by Марк Коренберг. +- Issue #27443: __length_hint__() of bytearray iterators no longer return a + negative integer for a resized bytearray. -Tests ------ +Library +------- -- Issue #25940: Changed test_ssl to use self-signed.pythontest.net. This - avoids relying on svn.python.org, which recently changed root certificate. +- Issue #25464: Fixed HList.header_exists() in tkinter.tix module by addin + a workaround to Tix library bug. +- Issue #28488: shutil.make_archive() no longer add entry "./" to ZIP archive. -What's New in Python 3.4.4? -=========================== +- Issue #24452: Make webbrowser support Chrome on Mac OS X. -Release date: 2015/12/20 +- Issue #20766: Fix references leaked by pdb in the handling of SIGINT + handlers. -Windows -------- +- Issue #26293: Fixed writing ZIP files that starts not from the start of the + file. Offsets in ZIP file now are relative to the start of the archive in + conforming to the specification. -- Issue #25844: Corrected =/== typo potentially leading to crash in launcher. +- Issue #28321: Fixed writing non-BMP characters with binary format in plistlib. +- Issue #28322: Fixed possible crashes when unpickle itertools objects from + incorrect pickle data. Based on patch by John Leitch. -What's New in Python 3.4.4rc1? -============================== +- Fix possible integer overflows and crashes in the mmap module with unusual + usage patterns. -Release date: 2015/12/06 +- Issue #1703178: Fix the ability to pass the --link-objects option to the + distutils build_ext command. -Core and Builtins ------------------ +- Issue #28253: Fixed calendar functions for extreme months: 0001-01 + and 9999-12. -- Issue #25709: Fixed problem with in-place string concatenation and utf-8 - cache. + Methods itermonthdays() and itermonthdays2() are reimplemented so + that they don't call itermonthdates() which can cause datetime.date + under/overflow. -- Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside - __getattr__. +- Issue #28275: Fixed possible use after free in the decompress() + methods of the LZMADecompressor and BZ2Decompressor classes. + Original patch by John Leitch. -- Issue #24731: Fixed crash on converting objects with special methods - __bytes__, __trunc__, and __float__ returning instances of subclasses of - bytes, int, and float to subclasses of bytes, int, and float correspondingly. +- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() + if pass invalid string-like object as a name. Patch by Xiang Zhang. -- Issue #25388: Fixed tokenizer crash when processing undecodable source code - with a null byte. +- Issue #18893: Fix invalid exception handling in Lib/ctypes/macholib/dyld.py. + Patch by Madison May. -- Issue #22995: Default implementation of __reduce__ and __reduce_ex__ now - rejects builtin types with not defined __new__. +- Issue #27611: Fixed support of default root window in the tkinter.tix module. -- Issue #24802: Avoid buffer overreads when int(), float(), compile(), exec() - and eval() are passed bytes-like objects. These objects are not - necessarily terminated by a null byte, but the functions assumed they were. +- Issue #27348: In the traceback module, restore the formatting of exception + messages like "Exception: None". This fixes a regression introduced in + 3.5a2. -- Issue #24402: Fix input() to prompt to the redirected stdout when - sys.stdout.fileno() fails. +- Issue #25651: Allow falsy values to be used for msg parameter of subTest(). -- Issue #24806: Prevent builtin types that are not allowed to be subclassed from - being subclassed through multiple inheritance. +- Issue #27932: Prevent memory leak in win32_ver(). -- Issue #24848: Fixed a number of bugs in UTF-7 decoding of misformed data. +- Fix UnboundLocalError in socket._sendfile_use_sendfile. -- Issue #25280: Import trace messages emitted in verbose (-v) mode are no - longer formatted twice. +- Issue #28075: Check for ERROR_ACCESS_DENIED in Windows implementation of + os.stat(). Patch by Eryk Sun. -- Issue #25003: os.urandom() doesn't use getentropy() on Solaris because - getentropy() is blocking, whereas os.urandom() should not block. getentropy() - is supported since Solaris 11.3. +- Issue #25270: Prevent codecs.escape_encode() from raising SystemError when + an empty bytestring is passed. -- Issue #25182: The stdprinter (used as sys.stderr before the io module is - imported at startup) now uses the backslashreplace error handler. +- Issue #28181: Get antigravity over HTTPS. Patch by Kaartic Sivaraam. -- Issue #24891: Fix a race condition at Python startup if the file descriptor - of stdin (0), stdout (1) or stderr (2) is closed while Python is creating - sys.stdin, sys.stdout and sys.stderr objects. These attributes are now set - to None if the creation of the object failed, instead of raising an OSError - exception. Initial patch written by Marco Paolini. +- Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoin. + Patch by Gergely Imreh and Markus Holtermann. -- Issue #21167: NAN operations are now handled correctly when python is - compiled with ICC even if -fp-model strict is not specified. +- Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). -- Issue #4395: Better testing and documentation of binary operators. - Patch by Martin Panter. +- Issue #19003:m email.generator now replaces only \r and/or \n line + endings, per the RFC, instead of all unicode line endings. -- Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray - object now always allocates place for trailing null byte and it's buffer now - is always null-terminated. +- Issue #28019: itertools.count() no longer rounds non-integer step in range + between 1.0 and 2.0 to 1. -- Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(), - PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains() - to check for and handle errors correctly. +- Issue #25969: Update the lib2to3 grammar to handle the unpacking + generalizations added in 3.5. -- Issue #24257: Fixed system error in the comparison of faked - types.SimpleNamespace. +- Issue #14977: mailcap now respects the order of the lines in the mailcap + files ("first match"), as required by RFC 1542. Patch by Michael Lazar. -- Issue #22939: Fixed integer overflow in iterator object. Patch by - Clement Rouault. +- Issue #24594: Validates persist parameter when opening MSI database -- Issue #23985: Fix a possible buffer overrun when deleting a slice from - the front of a bytearray and then appending some other bytes data. +- Issue #17582: xml.etree.ElementTree nows preserves whitespaces in attributes + (Patch by Duane Griffin. Reviewed and approved by Stefan Behnel.) -- Issue #24102: Fixed exception type checking in standard error handlers. +- Issue #28047: Fixed calculation of line length used for the base64 CTE + in the new email policies. -- Issue #23757: PySequence_Tuple() incorrectly called the concrete list API - when the data was a list subclass. +- Issue #27445: Don't pass str(_charset) to MIMEText.set_payload(). + Patch by Claude Paroz. -- Issue #24407: Fix crash when dict is mutated while being updated. +- Issue #22450: urllib now includes an "Accept: */*" header among the + default headers. This makes the results of REST API requests more + consistent and predictable especially when proxy servers are involved. -- Issue #24096: Make warnings.warn_explicit more robust against mutation of the - warnings.filters list. +- lib2to3.pgen3.driver.load_grammar() now creates a stable cache file + between runs given the same Grammar.txt input regardless of the hash + randomization setting. -- Issue #23996: Avoid a crash when a delegated generator raises an - unnormalized StopIteration exception. Patch by Stefan Behnel. +- Issue #27570: Avoid zero-length memcpy() etc calls with null source + pointers in the "ctypes" and "array" modules. -- Issue #24022: Fix tokenizer crash when processing undecodable source code. +- Issue #22233: Break email header lines *only* on the RFC specified CR and LF + characters, not on arbitrary unicode line breaks. This also fixes a bug in + HTTP header parsing. -- Issue #23309: Avoid a deadlock at shutdown if a daemon thread is aborted - while it is holding a lock to a buffered I/O object, and the main thread - tries to use the same I/O object (typically stdout or stderr). A fatal - error is emitted instead. +- Issue 27988: Fix email iter_attachments incorrect mutation of payload list. -- Issue #22977: Fixed formatting Windows error messages on Wine. - Patch by Martin Panter. +- Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name + fields in X.509 certs. -- Issue #23803: Fixed str.partition() and str.rpartition() when a separator - is wider then partitioned string. +- Issue #27850: Remove 3DES from ssl module's default cipher list to counter + measure sweet32 attack (CVE-2016-2183). -- Issue #23192: Fixed generator lambdas. Patch by Bruno Cauet. +- Issue #27766: Add ChaCha20 Poly1305 to ssl module's default ciper list. + (Required OpenSSL 1.1.0 or LibreSSL). -- Issue #23629: Fix the default __sizeof__ implementation for variable-sized - objects. +- Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. -- Issue #24044: Fix possible null pointer dereference in list.sort in out of - memory conditions. +- Remove support for passing a file descriptor to os.access. It never worked but + previously didn't raise. -- Issue #21354: PyCFunction_New function is exposed by python DLL again. +- Issue #12885: Fix error when distutils encounters symlink. -Library -------- +- Issue #27881: Fixed possible bugs when setting sqlite3.Connection.isolation_level. + Based on patch by Xiang Zhang. -- Issue #24903: Fix regression in number of arguments compileall accepts when - '-d' is specified. The check on the number of arguments has been dropped - completely as it never worked correctly anyway. +- Issue #27861: Fixed a crash in sqlite3.Connection.cursor() when a factory + creates not a cursor. Patch by Xiang Zhang. -- Issue #25764: In the subprocess module, preserve any exception caused by - fork() failure when preexec_fn is used. +- Issue #19884: Avoid spurious output on OS X with Gnu Readline. -- Issue #6478: _strptime's regexp cache now is reset after changing timezone - with time.tzset(). +- Issue #27706: Restore deterministic behavior of random.Random().seed() + for string seeds using seeding version 1. Allows sequences of calls + to random() to exactly match those obtained in Python 2. + Patch by Nofar Schnider. -- Issue #25177: Fixed problem with the mean of very small and very large - numbers. As a side effect, statistics.mean and statistics.variance should - be significantly faster. +- Issue #10513: Fix a regression in Connection.commit(). Statements should + not be reset after a commit. -- Issue #25718: Fixed copying object with state with boolean value is false. +- A new version of typing.py from https://github.com/python/typing: + - Collection (only for 3.6) (Issue #27598) + - Add FrozenSet to __all__ (upstream #261) + - fix crash in _get_type_vars() (upstream #259) + - Remove the dict constraint in ForwardRef._eval_type (upstream #252) -- Issue #10131: Fixed deep copying of minidom documents. Based on patch - by Marian Ganisin. +- Issue #27539: Fix unnormalised ``Fraction.__pow__`` result in the case + of negative exponent and negative base. -- Issue #25725: Fixed a reference leak in pickle.loads() when unpickling - invalid data including tuple instructions. +- Issue #21718: cursor.description is now available for queries using CTEs. -- Issue #25663: In the Readline completer, avoid listing duplicate global - names, and search the global namespace before searching builtins. +- Issue #2466: posixpath.ismount now correctly recognizes mount points which + the user does not have permission to access. -- Issue #25688: Fixed file leak in ElementTree.iterparse() raising an error. +- Issue #27773: Correct some memory management errors server_hostname in + _ssl.wrap_socket(). -- Issue #23914: Fixed SystemError raised by unpickler on broken pickle data. +- Issue #26750: unittest.mock.create_autospec() now works properly for + subclasses of property() and other data descriptors. -- Issue #25691: Fixed crash on deleting ElementTree.Element attributes. +- In the curses module, raise an error if window.getstr() or window.instr() is + passed a negative value. -- Issue #25624: ZipFile now always writes a ZIP_STORED header for directory - entries. Patch by Dingyuan Wang. +- Issue #27783: Fix possible usage of uninitialized memory in + operator.methodcaller. -- Issue #25583: Avoid incorrect errors raised by os.makedirs(exist_ok=True) - when the OS gives priority to errors such as EACCES over EEXIST. +- Issue #27774: Fix possible Py_DECREF on unowned object in _sre. -- Issue #25593: Change semantics of EventLoop.stop() in asyncio. +- Issue #27760: Fix possible integer overflow in binascii.b2a_qp. -- Issue #6973: When we know a subprocess.Popen process has died, do - not allow the send_signal(), terminate(), or kill() methods to do - anything as they could potentially signal a different process. +- Issue #27758: Fix possible integer overflow in the _csv module for large + record lengths. -- Issue #25578: Fix (another) memory leak in SSLSocket.getpeercer(). +- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the + HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates + that the script is in CGI mode. -- Issue #25590: In the Readline completer, only call getattr() once per - attribute. +- Issue #27656: Do not assume sched.h defines any SCHED_* constants. -- Issue #25498: Fix a crash when garbage-collecting ctypes objects created - by wrapping a memoryview. This was a regression made in 3.4.3. Based - on patch by Eryksun. +- Issue #27130: In the "zlib" module, fix handling of large buffers + (typically 4 GiB) when compressing and decompressing. Previously, inputs + were limited to 4 GiB, and compression and decompression operations did not + properly handle results of 4 GiB. -- Issue #18010: Fix the pydoc web server's module search function to handle - exceptions from importing packages. +- Issue #27533: Release GIL in nt._isdir -- Issue #25510: fileinput.FileInput.readline() now returns b'' instead of '' - at the end if the FileInput was opened with binary mode. - Patch by Ryosuke Ito. +- Issue #17711: Fixed unpickling by the persistent ID with protocol 0. + Original patch by Alexandre Vassalotti. -- Issue #25530: Disable the vulnerable SSLv3 protocol by default when creating - ssl.SSLContext. +- Issue #27522: Avoid an unintentional reference cycle in email.feedparser. -- Issue #25569: Fix memory leak in SSLSocket.getpeercert(). +- Issue #26844: Fix error message for imp.find_module() to refer to 'path' + instead of 'name'. Patch by Lev Maximov. -- Issue #21827: Fixed textwrap.dedent() for the case when largest common - whitespace is a substring of smallest leading whitespace. - Based on patch by Robert Li. +- Issue #23804: Fix SSL zero-length recv() calls to not block and not raise + an error about unclean EOF. -- Issue #25471: Sockets returned from accept() shouldn't appear to be - nonblocking. +- Issue #27466: Change time format returned by http.cookie.time2netscape, + confirming the netscape cookie format and making it consistent with + documentation. -- Issue #25441: asyncio: Raise error from drain() when socket is closed. +- Issue #26664: Fix activate.fish by removing mis-use of ``$``. -- Issue #25411: Improved Unicode support in SMTPHandler through better use of - the email package. Thanks to user simon04 for the patch. +- Issue #22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong + mode no longer break tracing, trace_vinfo() now always returns a list of + pairs of strings, tracing in the "u" mode now works. -- Issue #25380: Fixed protocol for the STACK_GLOBAL opcode in - pickletools.opcodes. +- Fix a scoping issue in importlib.util.LazyLoader which triggered an + UnboundLocalError when lazy-loading a module that was already put into + sys.modules. -- Issue #23972: Updates asyncio datagram create method allowing reuseport - and reuseaddr socket options to be set prior to binding the socket. - Mirroring the existing asyncio create_server method the reuseaddr option - for datagram sockets defaults to True if the O/S is 'posix' (except if the - platform is Cygwin). Patch by Chris Laws. +- Issue #27079: Fixed curses.ascii functions isblank(), iscntrl() and ispunct(). -- Issue #25304: Add asyncio.run_coroutine_threadsafe(). This lets you - submit a coroutine to a loop from another thread, returning a - concurrent.futures.Future. By Vincent Michel. +- Issue #26754: Some functions (compile() etc) accepted a filename argument + encoded as an iterable of integers. Now only strings and byte-like objects + are accepted. -- Issue #25319: When threading.Event is reinitialized, the underlying condition - should use a regular lock rather than a recursive lock. +- Issue #27048: Prevents distutils failing on Windows when environment + variables contain non-ASCII characters -- Issue #25232: Fix CGIRequestHandler to split the query from the URL at the - first question mark (?) rather than the last. Patch from Xiang Zhang. +- Issue #27330: Fixed possible leaks in the ctypes module. -- Issue #24657: Prevent CGIRequestHandler from collapsing slashes in the - query part of the URL as if it were a path. Patch from Xiang Zhang. +- Issue #27238: Got rid of bare excepts in the turtle module. Original patch + by Jelle Zijlstra. -- Issue #22958: Constructor and update method of weakref.WeakValueDictionary - now accept the self and the dict keyword arguments. +- Issue #27122: When an exception is raised within the context being managed + by a contextlib.ExitStack() and one of the exit stack generators + catches and raises it in a chain, do not re-raise the original exception + when exiting, let the new chained one through. This avoids the PEP 479 + bug described in issue25782. -- Issue #22609: Constructor of collections.UserDict now accepts the self keyword - argument. +- [Security] Issue #27278: Fix os.urandom() implementation using getrandom() on + Linux. Truncate size to INT_MAX and loop until we collected enough random + bytes, instead of casting a directly Py_ssize_t to int. -- Issue #25262. Added support for BINBYTES8 opcode in Python implementation of - unpickler. Highest 32 bits of 64-bit size for BINUNICODE8 and BINBYTES8 - opcodes no longer silently ignored on 32-bit platforms in C implementation. +- Issue #26386: Fixed ttk.TreeView selection operations with item id's + containing spaces. -- Issue #25034: Fix string.Formatter problem with auto-numbering and - nested format_specs. Patch by Anthon van der Neut. +- [Security] Issue #22636: Avoid shell injection problems with + ctypes.util.find_library(). -- Issue #25233: Rewrite the guts of asyncio.Queue and - asyncio.Semaphore to be more understandable and correct. +- Issue #16182: Fix various functions in the "readline" module to use the + locale encoding, and fix get_begidx() and get_endidx() to return code point + indexes. -- Issue #23600: Default implementation of tzinfo.fromutc() was returning - wrong results in some cases. +- Issue #26930: Update Windows builds to use OpenSSL 1.0.2h. -- Issue #25203: Failed readline.set_completer_delims() no longer left the - module in inconsistent state. +- Issue #27392: Add loop.connect_accepted_socket(). + Patch by Jim Fulton. -- Prevent overflow in _Unpickler_Read. +- Issue #27930: Improved behaviour of logging.handlers.QueueListener. + Thanks to Paulo Andrade and Petr Viktorin for the analysis and patch. -- Issue #25047: The XML encoding declaration written by Element Tree now - respects the letter case given by the user. This restores the ability to - write encoding names in uppercase like "UTF-8", which worked in Python 2. +- Issue #21201: Improves readability of multiprocessing error message. Thanks + to Wojciech Walczak for patch. -- Issue #19143: platform module now reads Windows version from kernel32.dll to - avoid compatibility shims. +- Issue #27456: asyncio: Set TCP_NODELAY by default. -- Issue #23517: Fix rounding in fromtimestamp() and utcfromtimestamp() methods - of datetime.datetime: microseconds are now rounded to nearest with ties - going to nearest even integer (ROUND_HALF_EVEN), instead of being rounding - towards zero (ROUND_DOWN). It's important that these methods use the same - rounding mode than datetime.timedelta to keep the property: - (datetime(1970,1,1) + timedelta(seconds=t)) == datetime.utcfromtimestamp(t). - It also the rounding mode used by round(float) for example. +- Issue #27906: Fix socket accept exhaustion during high TCP traffic. + Patch by Kevin Conway. -- Issue #24684: socket.socket.getaddrinfo() now calls - PyUnicode_AsEncodedString() instead of calling the encode() method of the - host, to handle correctly custom string with an encode() method which doesn't - return a byte string. The encoder of the IDNA codec is now called directly - instead of calling the encode() method of the string. +- Issue #28174: Handle when SO_REUSEPORT isn't properly supported. + Patch by Seth Michael Larson. -- Issue #24982: shutil.make_archive() with the "zip" format now adds entries - for directories (including empty directories) in ZIP file. +- Issue #26654: Inspect functools.partial in asyncio.Handle.__repr__. + Patch by iceboy. -- Issue #24857: Comparing call_args to a long sequence now correctly returns a - boolean result instead of raising an exception. Patch by A Kaptur. +- Issue #26909: Fix slow pipes IO in asyncio. + Patch by INADA Naoki. -- Issue #25019: Fixed a crash caused by setting non-string key of expat parser. - Based on patch by John Leitch. +- Issue #28176: Fix callbacks race in asyncio.SelectorLoop.sock_connect. -- Issue #24917: time_strftime() buffer over-read. +- Issue #27759: Fix selectors incorrectly retain invalid file descriptors. + Patch by Mark Williams. -- Issue #23144: Make sure that HTMLParser.feed() returns all the data, even - when convert_charrefs is True. +- Issue #28368: Refuse monitoring processes if the child watcher has + no loop attached. + Patch by Vincent Michel. -- Issue #16180: Exit pdb if file has syntax error, instead of trapping user - in an infinite loop. Patch by Xavier de Gaye. +- Issue #28369: Raise RuntimeError when transport's FD is used with + add_reader, add_writer, etc. -- Issue #21112: Fix regression in unittest.expectedFailure on subclasses. - Patch from Berker Peksag. +- Issue #28370: Speedup asyncio.StreamReader.readexactly. + Patch by Коренберг Марк. -- Issue #24931: Instances of subclasses of namedtuples have their own __dict__ - which breaks the inherited __dict__ property and breaks the _asdict() method. - Removed the __dict__ property to prevent the conflict and fixed _asdict(). +- Issue #28371: Deprecate passing asyncio.Handles to run_in_executor. -- Issue #24764: cgi.FieldStorage.read_multi() now ignores the Content-Length - header in part headers. Patch written by Peter Landry and reviewed by Pierre - Quentel. +- Issue #28372: Fix asyncio to support formatting of non-python coroutines. -- Issue #24774: Fix docstring in http.server.test. Patch from Chiu-Hsiang Hsu. +- Issue #28399: Remove UNIX socket from FS before binding. + Patch by Коренберг Марк. -- Issue #21159: Improve message in configparser.InterpolationMissingOptionError. - Patch from Łukasz Langa. +- Issue #27972: Prohibit Tasks to await on themselves. -- Issue #23888: Handle fractional time in cookie expiry. Patch by ssh. +- Issue #26923: Fix asyncio.Gather to refuse being cancelled once all + children are done. + Patch by Johannes Ebke. -- Issue #23004: mock_open() now reads binary data correctly when the type of - read_data is bytes. Initial patch by Aaron Hill. +- Issue #26796: Don't configure the number of workers for default + threadpool executor. + Initial patch by Hans Lawrenz. -- Issue #23652: Make it possible to compile the select module against the - libc headers from the Linux Standard Base, which do not include some - EPOLL macros. Patch by Matt Frank. +IDLE +---- -- Issue #22932: Fix timezones in email.utils.formatdate. - Patch from Dmitry Shachnev. +- Issue #15308: Add 'interrupt execution' (^C) to Shell menu. + Patch by Roger Serwy, updated by Bayard Randel. -- Issue #23779: imaplib raises TypeError if authenticator tries to abort. - Patch from Craig Holmquist. +- Issue #27922: Stop IDLE tests from 'flashing' gui widgets on the screen. -- Issue #23319: Fix ctypes.BigEndianStructure, swap correctly bytes. Patch - written by Matthieu Gautier. +- Add version to title of IDLE help window. -- Issue #23254: Document how to close the TCPServer listening socket. - Patch from Martin Panter. +- Issue #25564: In section on IDLE -- console differences, mention that + using exec means that __builtins__ is defined for each statement. -- Issue #19450: Update Windows and OS X installer builds to use SQLite 3.8.11. +- Issue #27714: text_textview and test_autocomplete now pass when re-run + in the same process. This occurs when test_idle fails when run with the + -w option but without -jn. Fix warning from test_config. -- Issue #23441: rcompleter now prints a tab character instead of displaying - possible completions for an empty word. Initial patch by Martin Sekera. +- Issue #25507: IDLE no longer runs buggy code because of its tkinter imports. + Users must include the same imports required to run directly in Python. -- Issue #24735: Fix invalid memory access in - itertools.combinations_with_replacement(). +- Issue #27452: add line counter and crc to IDLE configHandler test dump. -- Issue #17527: Add PATCH to wsgiref.validator. Patch from Luca Sbardella. +- Issue #27365: Allow non-ascii chars in IDLE NEWS.txt, for contributor names. -- Issue #24683: Fixed crashes in _json functions called with arguments of - inappropriate type. +- Issue #27245: IDLE: Cleanly delete custom themes and key bindings. + Previously, when IDLE was started from a console or by import, a cascade + of warnings was emitted. Patch by Serhiy Storchaka. -- Issue #21697: shutil.copytree() now correctly handles symbolic links that - point to directories. Patch by Eduardo Seabra and Thomas Kluyver. +C API +----- -- Issue #24620: Random.setstate() now validates the value of state last element. +- Issue #26754: PyUnicode_FSDecoder() accepted a filename argument encoded as + an iterable of integers. Now only strings and bytes-like objects are accepted. -- Issue #22153: Improve unittest docs. Patch from Martin Panter and evilzero. +Tests +----- -- Issue #24206: Fixed __eq__ and __ne__ methods of inspect classes. +- Issue #28409: regrtest: fix the parser of command line arguments. -- Issue #21750: mock_open.read_data can now be read from each instance, as it - could in Python 3.3. +- Issue #27787: Call gc.collect() before checking each test for "dangling + threads", since the dangling threads are weak references. -- Issue #23247: Fix a crash in the StreamWriter.reset() of CJK codecs. +- Issue #27369: In test_pyexpat, avoid testing an error message detail that + changed in Expat 2.2.0. -- Issue #18622: unittest.mock.mock_open().reset_mock would recurse infinitely. - Patch from Nicola Palumbo and Laurent De Buyst. +Tools/Demos +----------- -- Issue #24608: chunk.Chunk.read() now always returns bytes, not str. +- Issue #27952: Get Tools/scripts/fixcid.py working with Python 3 and the + current "re" module, avoid invalid Python backslash escapes, and fix a bug + parsing escaped C quote signs. -- Issue #18684: Fixed reading out of the buffer in the re module. +- Issue #27332: Fixed the type of the first argument of module-level functions + generated by Argument Clinic. Patch by Petr Viktorin. -- Issue #24259: tarfile now raises a ReadError if an archive is truncated - inside a data segment. +- Issue #27418: Fixed Tools/importbench/importbench.py. -- Issue #24552: Fix use after free in an error case of the _pickle module. +Windows +------- -- Issue #24514: tarfile now tolerates number fields consisting of only - whitespace. +- Issue #28251: Improvements to help manuals on Windows. -- Issue #19176: Fixed doctype() related bugs in C implementation of ElementTree. - A deprecation warning no longer issued by XMLParser subclass with default - doctype() method. Direct call of doctype() now issues a warning. Parser's - doctype() now is not called if target's doctype() is called. Based on patch - by Martin Panter. +- Issue #28110: launcher.msi has different product codes between 32-bit and + 64-bit -- Issue #20387: Restore semantic round-trip correctness in tokenize/untokenize - for tab-indented blocks. +- Issue #25144: Ensures TargetDir is set before continuing with custom + install. -- Issue #24456: Fixed possible buffer over-read in adpcm2lin() and lin2adpcm() - functions of the audioop module. +- Issue #27469: Adds a shell extension to the launcher so that drag and drop + works correctly. -- Issue #24336: The contextmanager decorator now works with functions with - keyword arguments called "func" and "self". Patch by Martin Panter. +- Issue #27309: Enabled proper Windows styles in python[w].exe manifest. -- Issue #24489: ensure a previously set C errno doesn't disturb cmath.polar(). +Build +----- -- Issue #5633: Fixed timeit when the statement is a string and the setup is not. +- Issue #28248: Update Windows build to use OpenSSL 1.0.2j. -- Issue #24326: Fixed audioop.ratecv() with non-default weightB argument. - Original patch by David Moore. +- Issue #28258: Fixed build with Estonian locale (python-config and distclean + targets in Makefile). Patch by Arfrever Frehtes Taifersar Arahesis. -- Issue #23840: tokenize.open() now closes the temporary binary file on error - to fix a resource warning. +- Issue #26661: setup.py now detects system libffi with multiarch wrapper. -- Issue #24257: Fixed segmentation fault in sqlite3.Row constructor with faked - cursor type. +- Issue #28066: Fix the logic that searches build directories for generated + include files when building outside the source tree. -- Issue #22107: tempfile.gettempdir() and tempfile.mkdtemp() now try again - when a directory with the chosen name already exists on Windows as well as - on Unix. tempfile.mkstemp() now fails early if parent directory is not - valid (not exists or is a file) on Windows. +- Issue #15819: Remove redundant include search directory option for building + outside the source tree. -- Issue #6598: Increased time precision and random number range in - email.utils.make_msgid() to strengthen the uniqueness of the message ID. +- Issue #27566: Fix clean target in freeze makefile (patch by Lisa Roach) -- Issue #24091: Fixed various crashes in corner cases in C implementation of - ElementTree. +- Issue #27705: Update message in validate_ucrtbase.py -- Issue #21931: msilib.FCICreate() now raises TypeError in the case of a bad - argument instead of a ValueError with a bogus FCI error number. - Patch by Jeffrey Armstrong. +- Issue #27983: Cause lack of llvm-profdata tool when using clang as + required for PGO linking to be a configure time error rather than + make time when --with-optimizations is enabled. Also improve our + ability to find the llvm-profdata tool on MacOS and some Linuxes. -- Issue #23796: peek and read1 methods of BufferedReader now raise ValueError - if they called on a closed object. Patch by John Hergenroeder. +- Issue #26307: The profile-opt build now applies PGO to the built-in modules. -- Issue #24521: Fix possible integer overflows in the pickle module. +- Issue #26359: Add the --with-optimizations configure flag. -- Issue #22931: Allow '[' and ']' in cookie values. +- Issue #27713: Suppress spurious build warnings when updating importlib's + bootstrap files. Patch by Xiang Zhang -- Issue #20274: Remove ignored and erroneous "kwargs" parameters from three - METH_VARARGS methods on _sqlite.Connection. +- Issue #25825: Correct the references to Modules/python.exp and ld_so_aix, + which are required on AIX. This updates references to an installation path + that was changed in 3.2a4, and undoes changed references to the build tree + that were made in 3.5.0a1. -- Issue #24094: Fix possible crash in json.encode with poorly behaved dict - subclasses. +- Issue #27453: CPP invocation in configure must use CPPFLAGS. Patch by + Chi Hsuan Yen. -- Asyncio issue 222 / PR 231 (Victor Stinner) -- fix @coroutine - functions without __name__. +- Issue #27641: The configure script now inserts comments into the makefile + to prevent the pgen and _freeze_importlib executables from being cross- + compiled. -- Issue #9246: On POSIX, os.getcwd() now supports paths longer than 1025 bytes. - Patch written by William Orr. +- Issue #26662: Set PYTHON_FOR_GEN in configure as the Python program to be + used for file generation during the build. -- The keywords attribute of functools.partial is now always a dictionary. +- Issue #10910: Avoid C++ compilation errors on FreeBSD and OS X. + Also update FreedBSD version checks for the original ctype UTF-8 workaround. -- Issues #24099, #24100, and #24101: Fix free-after-use bug in heapq's siftup - and siftdown functions. -- Backport collections.deque fixes from Python 3.5. Prevents reentrant badness - during deletion by deferring the decref until the container has been restored - to a consistent state. +What's New in Python 3.5.2? +=========================== -- Issue #23008: Fixed resolving attributes with boolean value is False in pydoc. +Release date: 2016-06-26 -- Fix asyncio issue 235: LifoQueue and PriorityQueue's put didn't - increment unfinished tasks (this bug was introduced in 3.4.3 when - JoinableQueue was merged with Queue). +Core and Builtins +----------------- -- Issue #23908: os functions now reject paths with embedded null character - on Windows instead of silently truncate them. +- Issue #26930: Update Windows builds to use OpenSSL 1.0.2h. -- Issue #23728: binascii.crc_hqx() could return an integer outside of the range - 0-0xffff for empty data. +Tests +----- -- Issue #23811: Add missing newline to the PyCompileError error message. - Patch by Alex Shkop. +- Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test. -- Issue #17898: Fix exception in gettext.py when parsing certain plural forms. +IDLE +---- -- Issue #22982: Improve BOM handling when seeking to multiple positions of - a writable text file. +- Issue #27365: Allow non-ascii in idlelib/NEWS.txt - minimal part for 3.5.2. -- Issue #23865: close() methods in multiple modules now are idempotent and more - robust at shutdown. If they need to release multiple resources, all are - released even if errors occur. -- Issue #23881: urllib.request.ftpwrapper constructor now closes the socket if - the FTP connection failed to fix a ResourceWarning. +What's New in Python 3.5.2 release candidate 1? +=============================================== -- Issue #23400: Raise same exception on both Python 2 and 3 if sem_open is not - available. Patch by Davin Potts. +Release date: 2016-06-12 -- Issue #15133: _tkinter.tkapp.getboolean() now supports Tcl_Obj and always - returns bool. tkinter.BooleanVar now validates input values (accepted bool, - int, str, and Tcl_Obj). tkinter.BooleanVar.get() now always returns bool. +Core and Builtins +----------------- -- Issue #23338: Fixed formatting ctypes error messages on Cygwin. - Patch by Makoto Kato. +- Issue #27066: Fixed SystemError if a custom opener (for open()) returns a + negative number without setting an exception. -- Issue #16840: Tkinter now supports 64-bit integers added in Tcl 8.4 and - arbitrary precision integers added in Tcl 8.5. +- Issue #20041: Fixed TypeError when frame.f_trace is set to None. + Patch by Xavier de Gaye. -- Issue #23834: Fix socket.sendto(), use the C Py_ssize_t type to store the - result of sendto() instead of the C int type. +- Issue #26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" + format unit. -- Issue #21526: Tkinter now supports new boolean type in Tcl 8.5. +- Issue #26991: Fix possible refleak when creating a function with annotations. -- Issue #23838: linecache now clears the cache and returns an empty result on - MemoryError. +- Issue #27039: Fixed bytearray.remove() for values greater than 127. Patch by + Joe Jevnik. -- Issue #18473: Fixed 2to3 and 3to2 compatible pickle mappings. Fixed - ambigious reverse mappings. Added many new mappings. Import mapping is no - longer applied to modules already mapped with full name mapping. +- Issue #23640: int.from_bytes() no longer bypasses constructors for subclasses. -- Issue #23745: The new email header parser now handles duplicate MIME - parameter names without error, similar to how get_param behaves. +- Issue #26811: gc.get_objects() no longer contains a broken tuple with NULL + pointer. -- Issue #23792: Ignore KeyboardInterrupt when the pydoc pager is active. - This mimics the behavior of the standard unix pagers, and prevents - pipepager from shutting down while the pager itself is still running. +- Issue #20120: Use RawConfigParser for .pypirc parsing, + removing support for interpolation unintentionally added + with move to Python 3. Behavior no longer does any + interpolation in .pypirc files, matching behavior in Python + 2.7 and Setuptools 19.0. -- Issue #23742: ntpath.expandvars() no longer loses unbalanced single quotes. +- Issue #26659: Make the builtin slice type support cycle collection. -- Issue #21802: The reader in BufferedRWPair now is closed even when closing - writer failed in BufferedRWPair.close(). +- Issue #26718: super.__init__ no longer leaks memory if called multiple times. + NOTE: A direct call of super.__init__ is not endorsed! -- Issue #23671: string.Template now allows to specify the "self" parameter as - keyword argument. string.Formatter now allows to specify the "self" and - the "format_string" parameters as keyword arguments. +- Issue #25339: PYTHONIOENCODING now has priority over locale in setting the + error handler for stdin and stdout. -- Issue #21560: An attempt to write a data of wrong type no longer cause - GzipFile corruption. Original patch by Wolfgang Maier. +- Issue #26494: Fixed crash on iterating exhausting iterators. + Affected classes are generic sequence iterators, iterators of str, bytes, + bytearray, list, tuple, set, frozenset, dict, OrderedDict, corresponding + views and os.scandir() iterator. -- Issue #23647: Increase impalib's MAXLINE to accommodate modern mailbox sizes. +- Issue #26581: If coding cookie is specified multiple times on a line in + Python source code file, only the first one is taken to account. -- Issue #23539: If body is None, http.client.HTTPConnection.request now sets - Content-Length to 0 for PUT, POST, and PATCH headers to avoid 411 errors from - some web servers. +- Issue #26464: Fix str.translate() when string is ASCII and first replacements + removes character, but next replacement uses a non-ASCII character or a + string longer than 1 character. Regression introduced in Python 3.5.0. -- Issue #22351: The nntplib.NNTP constructor no longer leaves the connection - and socket open until the garbage collector cleans them up. Patch by - Martin Panter. +- Issue #22836: Ensure exception reports from PyErr_Display() and + PyErr_WriteUnraisable() are sensible even when formatting them produces + secondary errors. This affects the reports produced by + sys.__excepthook__() and when __del__() raises an exception. -- Issue #23136: _strptime now uniformly handles all days in week 0, including - Dec 30 of previous year. Based on patch by Jim Carroll. +- Issue #26302: Correct behavior to reject comma as a legal character for + cookie names. -- Issue #23700: Iterator of NamedTemporaryFile now keeps a reference to - NamedTemporaryFile instance. Patch by Bohuslav Kabrda. +- Issue #4806: Avoid masking the original TypeError exception when using star + (*) unpacking in function calls. Based on patch by Hagen Fürstenau and + Daniel Urban. -- Issue #22903: The fake test case created by unittest.loader when it fails - importing a test module is now picklable. +- Issue #27138: Fix the doc comment for FileFinder.find_spec(). -- Issue #23568: Add rdivmod support to MagicMock() objects. - Patch by Håkan Lövdahl. +- Issue #26154: Add a new private _PyThreadState_UncheckedGet() function to get + the current Python thread state, but don't issue a fatal error if it is NULL. + This new function must be used instead of accessing directly the + _PyThreadState_Current variable. The variable is no more exposed since + Python 3.5.1 to hide the exact implementation of atomic C types, to avoid + compiler issues. -- Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar. - Patch by Demian Brecht. +- Issue #26194: Deque.insert() gave odd results for bounded deques that had + reached their maximum size. Now an IndexError will be raised when attempting + to insert into a full deque. -- Issue #23051: multiprocessing.Pool methods imap() and imap_unordered() now - handle exceptions raised by an iterator. Patch by Alon Diamant and Davin - Potts. +- Issue #25843: When compiling code, don't merge constants if they are equal + but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0`` + is now correctly compiled to two different functions: ``f1()`` returns ``1`` + (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0`` + are equal. -- Issue #22928: Disabled HTTP header injections in http.client. - Original patch by Demian Brecht. +- Issue #22995: [UPDATE] Comment out the one of the pickleability tests in + _PyObject_GetState() due to regressions observed in Cython-based projects. -- Issue #23615: Modules bz2, tarfile and tokenize now can be reloaded with - imp.reload(). Patch by Thomas Kluyver. +- Issue #25961: Disallowed null characters in the type name. -- Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST - flag on certificate stores when it is available. +- Issue #25973: Fix segfault when an invalid nonlocal statement binds a name + starting with two underscores. -- Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the - SSL layer but the underlying connection hasn't been closed. +- Issue #22995: Instances of extension types with a state that aren't + subclasses of list or dict and haven't implemented any pickle-related + methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, + or __getstate__), can no longer be pickled. Including memoryview. -- Issue #23504: Added an __all__ to the types module. +- Issue #20440: Massive replacing unsafe attribute setting code with special + macro Py_SETREF. -- Issue #20204: Added the __module__ attribute to _tkinter classes. +- Issue #25766: Special method __bytes__() now works in str subclasses. -- Issue #23521: Corrected pure python implementation of timedelta division. +- Issue #25421: __sizeof__ methods of builtin types now use dynamic basic size. + This allows sys.getsize() to work correctly with their subclasses with + __slots__ defined. - * Eliminated OverflowError from timedelta * float for some floats; - * Corrected rounding in timedlta true division. +- Issue #25709: Fixed problem with in-place string concatenation and utf-8 + cache. -- Issue #21619: Popen objects no longer leave a zombie after exit in the with - statement if the pipe was broken. Patch by Martin Panter. +- Issue #27147: Mention PEP 420 in the importlib docs. -- Issue #6639: Module-level turtle functions no longer raise TclError after - closing the window. +- Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside + __getattr__. -- Issues #814253, #9179: Warnings now are raised when group references and - conditional group references are used in lookbehind assertions in regular - expressions. +- Issue #24731: Fixed crash on converting objects with special methods + __bytes__, __trunc__, and __float__ returning instances of subclasses of + bytes, int, and float to subclasses of bytes, int, and float correspondingly. -- Issue #23215: Multibyte codecs with custom error handlers that ignores errors - consumed too much memory and raised SystemError or MemoryError. - Original patch by Aleksi Torhamo. +- Issue #26478: Fix semantic bugs when using binary operators with dictionary + views and tuples. -- Issue #5700: io.FileIO() called flush() after closing the file. - flush() was not called in close() if closefd=False. +- Issue #26171: Fix possible integer overflow and heap corruption in + zipimporter.get_data(). -- Issue #23374: Fixed pydoc failure with non-ASCII files when stdout encoding - differs from file system encoding (e.g. on Mac OS). +- Issue #25660: Fix TAB key behaviour in REPL with readline. -- Issue #23481: Remove RC4 from the SSL module's default cipher list. +- Issue #25887: Raise a RuntimeError when a coroutine object is awaited + more than once. -- Issue #21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty - docstrings. +- Issue #27243: Update the __aiter__ protocol: instead of returning + an awaitable that resolves to an asynchronous iterator, the asynchronous + iterator should be returned directly. Doing the former will trigger a + PendingDeprecationWarning. -- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb - module. Original patch by Claudiu Popa. -- Issue #23146: Fix mishandling of absolute Windows paths with forward - slashes in pathlib. +Library +------- -- Issue #23421: Fixed compression in tarfile CLI. Patch by wdv4758h. +- [Security] Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283. -- Issue #23367: Fix possible overflows in the unicodedata module. +- [Security] Fix TLS stripping vulnerability in smtplib, CVE-2016-0772. + Reported by Team Oststrom -- Issue #23361: Fix possible overflow in Windows subprocess creation code. +- Issue #21386: Implement missing IPv4Address.is_global property. It was + documented since 07a5610bae9d. Initial patch by Roger Luethi. -- Issue #23801: Fix issue where cgi.FieldStorage did not always ignore the - entire preamble to a multipart body. +- Issue #20900: distutils register command now decodes HTTP responses + correctly. Initial patch by ingrid. -- Issue #23310: Fix MagicMock's initializer to work with __methods__, just - like configure_mock(). Patch by Kasia Jachim. +- A new version of typing.py provides several new classes and + features: @overload outside stubs, Reversible, DefaultDict, Text, + ContextManager, Type[], NewType(), TYPE_CHECKING, and numerous bug + fixes (note that some of the new features are not yet implemented in + mypy or other static analyzers). Also classes for PEP 492 + (Awaitable, AsyncIterable, AsyncIterator) have been added (in fact + they made it into 3.5.1 but were never mentioned). -- asyncio: New event loop APIs: set_task_factory() and get_task_factory(). +- Issue #25738: Stop http.server.BaseHTTPRequestHandler.send_error() from + sending a message body for 205 Reset Content. Also, don't send Content + header fields in responses that don't have a body. Patch by Susumu + Koshiba. -- asyncio: async() function is deprecated in favour of ensure_future(). +- Issue #21313: Fix the "platform" module to tolerate when sys.version + contains truncated build information. -- Issue #23898: Fix inspect.classify_class_attrs() to support attributes - with overloaded __eq__ and __bool__. Patch by Mike Bayer. +- [Security] Issue #26839: On Linux, :func:`os.urandom` now calls + ``getrandom()`` with ``GRND_NONBLOCK`` to fall back on reading + ``/dev/urandom`` if the urandom entropy pool is not initialized yet. Patch + written by Colm Buckley. -- Issue #24298: Fix inspect.signature() to correctly unwrap wrappers - around bound methods. +- Issue #27164: In the zlib module, allow decompressing raw Deflate streams + with a predefined zdict. Based on patch by Xiang Zhang. -- Issue #23572: Fixed functools.singledispatch on classes with falsy - metaclasses. Patch by Ethan Furman. +- Issue #24291: Fix wsgiref.simple_server.WSGIRequestHandler to completely + write data to the client. Previously it could do partial writes and + truncate data. Also, wsgiref.handler.ServerHandler can now handle stdout + doing partial writes, but this is deprecated. -IDLE ----- +- Issue #26809: Add ``__all__`` to :mod:`string`. Patch by Emanuel Barry. -- Issue 15348: Stop the debugger engine (normally in a user process) - before closing the debugger window (running in the IDLE process). - This prevents the RuntimeErrors that were being caught and ignored. +- Issue #26373: subprocess.Popen.communicate now correctly ignores + BrokenPipeError when the child process dies before .communicate() + is called in more/all circumstances. -- Issue #24455: Prevent IDLE from hanging when a) closing the shell while the - debugger is active (15347); b) closing the debugger with the [X] button - (15348); and c) activating the debugger when already active (24455). - The patch by Mark Roseman does this by making two changes. - 1. Suspend and resume the gui.interaction method with the tcl vwait - mechanism intended for this purpose (instead of root.mainloop & .quit). - 2. In gui.run, allow any existing interaction to terminate first. +- Issue #21776: distutils.upload now correctly handles HTTPError. + Initial patch by Claudiu Popa. -- Change 'The program' to 'Your program' in an IDLE 'kill program?' message - to make it clearer that the program referred to is the currently running - user program, not IDLE itself. +- Issue #27114: Fix SSLContext._load_windows_store_certs fails with + PermissionError -- Issue #24750: Improve the appearance of the IDLE editor window status bar. - Patch by Mark Roseman. +- Issue #18383: Avoid creating duplicate filters when using filterwarnings + and simplefilter. Based on patch by Alex Shkop. -- Issue #25313: Change the handling of new built-in text color themes to better - address the compatibility problem introduced by the addition of IDLE Dark. - Consistently use the revised idleConf.CurrentTheme everywhere in idlelib. +- Issue #27057: Fix os.set_inheritable() on Android, ioctl() is blocked by + SELinux and fails with EACCESS. The function now falls back to fcntl(). + Patch written by Michał Bednarski. -- Issue #24782: Extension configuration is now a tab in the IDLE Preferences - dialog rather than a separate dialog. The former tabs are now a sorted - list. Patch by Mark Roseman. +- Issue #27014: Fix infinite recursion using typing.py. Thanks to Kalle Tuure! -- Issue #22726: Re-activate the config dialog help button with some content - about the other buttons and the new IDLE Dark theme. +- Issue #14132: Fix urllib.request redirect handling when the target only has + a query string. Original fix by Ján Janech. -- Issue #24820: IDLE now has an 'IDLE Dark' built-in text color theme. - It is more or less IDLE Classic inverted, with a cobalt blue background. - Strings, comments, keywords, ... are still green, red, orange, ... . - To use it with IDLEs released before November 2015, hit the - 'Save as New Custom Theme' button and enter a new name, - such as 'Custom Dark'. The custom theme will work with any IDLE - release, and can be modified. +- Issue #17214: The "urllib.request" module now percent-encodes non-ASCII + bytes found in redirect target URLs. Some servers send Location header + fields with non-ASCII bytes, but "http.client" requires the request target + to be ASCII-encodable, otherwise a UnicodeEncodeError is raised. Based on + patch by Christian Heimes. -- Issue #25224: README.txt is now an idlelib index for IDLE developers and - curious users. The previous user content is now in the IDLE doc chapter. - 'IDLE' now means 'Integrated Development and Learning Environment'. +- Issue #26892: Honor debuglevel flag in urllib.request.HTTPHandler. Patch + contributed by Chi Hsuan Yen. -- Issue #24820: Users can now set breakpoint colors in - Settings -> Custom Highlighting. Original patch by Mark Roseman. +- Issue #22274: In the subprocess module, allow stderr to be redirected to + stdout even when stdout is not redirected. Patch by Akira Li. -- Issue #24972: Inactive selection background now matches active selection - background, as configured by users, on all systems. Found items are now - always highlighted on Windows. Initial patch by Mark Roseman. +- Issue #26807: mock_open 'files' no longer error on readline at end of file. + Patch from Yolanda Robla. -- Issue #24570: Idle: make calltip and completion boxes appear on Macs - affected by a tk regression. Initial patch by Mark Roseman. +- Issue #25745: Fixed leaking a userptr in curses panel destructor. -- Issue #24988: Idle ScrolledList context menus (used in debugger) - now work on Mac Aqua. Patch by Mark Roseman. +- Issue #26977: Removed unnecessary, and ignored, call to sum of squares helper + in statistics.pvariance. -- Issue #24801: Make right-click for context menu work on Mac Aqua. - Patch by Mark Roseman. +- Issue #26881: The modulefinder module now supports extended opcode arguments. -- Issue #25173: Associate tkinter messageboxes with a specific widget. - For Mac OSX, make them a 'sheet'. Patch by Mark Roseman. +- Issue #23815: Fixed crashes related to directly created instances of types in + _tkinter and curses.panel modules. -- Issue #25198: Enhance the initial html viewer now used for Idle Help. - * Properly indent fixed-pitch text (patch by Mark Roseman). - * Give code snippet a very Sphinx-like light blueish-gray background. - * Re-use initial width and height set by users for shell and editor. - * When the Table of Contents (TOC) menu is used, put the section header - at the top of the screen. +- Issue #17765: weakref.ref() no longer silently ignores keyword arguments. + Patch by Georg Brandl. -- Issue #25225: Condense and rewrite Idle doc section on text colors. +- Issue #26873: xmlrpc now raises ResponseError on unsupported type tags + instead of silently return incorrect result. -- Issue #21995: Explain some differences between IDLE and console Python. +- Issue #26711: Fixed the comparison of plistlib.Data with other types. -- Issue #22820: Explain need for *print* when running file from Idle editor. +- Issue #24114: Fix an uninitialized variable in `ctypes.util`. -- Issue #25224: Doc: augment Idle feature list and no-subprocess section. + The bug only occurs on SunOS when the ctypes implementation searches + for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by + Kees Bos. -- Issue #25219: Update doc for Idle command line options. - Some were missing and notes were not correct. +- Issue #26864: In urllib.request, change the proxy bypass host checking + against no_proxy to be case-insensitive, and to not match unrelated host + names that happen to have a bypassed hostname as a suffix. Patch by Xiang + Zhang. -- Issue #24861: Most of idlelib is private and subject to change. - Use idleib.idle.* to start Idle. See idlelib.__init__.__doc__. +- Issue #26634: recursive_repr() now sets __qualname__ of wrapper. Patch by + Xiang Zhang. -- Issue #25199: Idle: add synchronization comments for future maintainers. +- Issue #26804: urllib.request will prefer lower_case proxy environment + variables over UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter + Jansen. -- Issue #16893: Replace help.txt with help.html for Idle doc display. - The new idlelib/help.html is rstripped Doc/build/html/library/idle.html. - It looks better than help.txt and will better document Idle as released. - The tkinter html viewer that works for this file was written by Mark Roseman. - The now unused EditorWindow.HelpDialog class and helt.txt file are deprecated. +- Issue #26837: assertSequenceEqual() now correctly outputs non-stringified + differing items (like bytes in the -b mode). This affects assertListEqual() + and assertTupleEqual(). -- Issue #24199: Deprecate unused idlelib.idlever with possible removal in 3.6. +- Issue #26041: Remove "will be removed in Python 3.7" from deprecation + messages of platform.dist() and platform.linux_distribution(). + Patch by Kumaripaba Miyurusara Athukorala. -- Issue #24790: Remove extraneous code (which also create 2 & 3 conflicts). +- Issue #26822: itemgetter, attrgetter and methodcaller objects no longer + silently ignore keyword arguments. -- Issue #23672: Allow Idle to edit and run files with astral chars in name. - Patch by Mohd Sanad Zaki Rizvi. +- Issue #26733: Disassembling a class now disassembles class and static methods. + Patch by Xiang Zhang. -- Issue 24745: Idle editor default font. Switch from Courier to - platform-sensitive TkFixedFont. This should not affect current customized - font selections. If there is a problem, edit $HOME/.idlerc/config-main.cfg - and remove 'fontxxx' entries from [Editor Window]. Patch by Mark Roseman. +- Issue #26801: Fix error handling in :func:`shutil.get_terminal_size`, catch + :exc:`AttributeError` instead of :exc:`NameError`. Patch written by Emanuel + Barry. -- Issue #21192: Idle editor. When a file is run, put its name in the restart bar. - Do not print false prompts. Original patch by Adnan Umer. +- Issue #24838: tarfile's ustar and gnu formats now correctly calculate name + and link field limits for multibyte character encodings like utf-8. -- Issue #13884: Idle menus. Remove tearoff lines. Patch by Roger Serwy. +- [Security] Issue #26657: Fix directory traversal vulnerability with + http.server on Windows. This fixes a regression that was introduced in + 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister. -- Issue #23184: remove unused names and imports in idlelib. - Initial patch by Al Sweigart. +- Issue #26717: Stop encoding Latin-1-ized WSGI paths with UTF-8. Patch by + Anthony Sottile. -Tests ------ +- Issue #26735: Fix :func:`os.urandom` on Solaris 11.3 and newer when reading + more than 1,024 bytes: call ``getrandom()`` multiple times with a limit of + 1024 bytes per call. -- Issue #25616: Tests for OrderedDict are extracted from test_collections - into separate file test_ordered_dict. +- Issue #16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'. -- Issue #25099: Make test_compileall not fail when an entry on sys.path cannot - be written to (commonly seen in administrative installs on Windows). +- Issue #13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson. -- Issue #24751: When running regrtest with the ``-w`` command line option, - a test run is no longer marked as a failure if all tests succeed when - re-run. +- Issue #26709: Fixed Y2038 problem in loading binary PLists. -- Issue #21520: test_zipfile no longer fails if the word 'bad' appears - anywhere in the name of the current directory. +- Issue #23735: Handle terminal resizing with Readline 6.3+ by installing our + own SIGWINCH handler. Patch by Eric Price. -- Issue #23799: Added test.support.start_threads() for running and - cleaning up multiple threads. +- Issue #26586: In http.server, respond with "413 Request header fields too + large" if there are too many header fields to parse, rather than killing + the connection and raising an unhandled exception. Patch by Xiang Zhang. -- Issue #22390: test.regrtest now emits a warning if temporary files or - directories are left after running a test. +- Issue #22854: Change BufferedReader.writable() and + BufferedWriter.readable() to always return False. -- Issue #23583: Added tests for standard IO streams in IDLE. +- Issue #25195: Fix a regression in mock.MagicMock. _Call is a subclass of + tuple (changeset 3603bae63c13 only works for classes) so we need to + implement __ne__ ourselves. Patch by Andrew Plummer. -Build ------ +- Issue #26644: Raise ValueError rather than SystemError when a negative + length is passed to SSLSocket.recv() or read(). -- Issue #23445: pydebug builds now use "gcc -Og" where possible, to make - the resulting executable faster. +- Issue #23804: Fix SSL recv(0) and read(0) methods to return zero bytes + instead of up to 1024. -- Issue #24603: Update Windows builds to use OpenSSL1.0.2d - and OS X 10.5 installer to use OpenSSL 1.0.2e. +- Issue #26616: Fixed a bug in datetime.astimezone() method. -C API ------ +- Issue #21925: :func:`warnings.formatwarning` now catches exceptions on + ``linecache.getline(...)`` to be able to log :exc:`ResourceWarning` emitted + late during the Python shutdown process. -- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error +- Issue #24266: Ctrl+C during Readline history search now cancels the search + mode when compiled with Readline 7. -Documentation -------------- +- Issue #26560: Avoid potential ValueError in BaseHandler.start_response. + Initial patch by Peter Inglesby. -- Issue #12067: Rewrite Comparisons section in the Expressions chapter of the - language reference. Some of the details of comparing mixed types were - incorrect or ambiguous. NotImplemented is only relevant at a lower level - than the Expressions chapter. Added details of comparing range() objects, - and default behaviour and consistency suggestions for user-defined classes. - Patch from Andy Maier. +- [Security] Issue #26313: ssl.py _load_windows_store_certs fails if windows + cert store is empty. Patch by Baji. -- Issue #24952: Clarify the default size argument of stack_size() in - the "threading" and "_thread" modules. Patch from Mattip. +- Issue #26569: Fix :func:`pyclbr.readmodule` and :func:`pyclbr.readmodule_ex` + to support importing packages. -- Issue #24808: Update the types of some PyTypeObject fields. Patch by - Joseph Weston. +- Issue #26499: Account for remaining Content-Length in + HTTPResponse.readline() and read1(). Based on patch by Silent Ghost. + Also document that HTTPResponse now supports these methods. -- Issue #22812: Fix unittest discovery examples. - Patch from Pam McA'Nulty. +- Issue #25320: Handle sockets in directories unittest discovery is scanning. + Patch from Victor van den Elzen. -- Issue #24129: Clarify the reference documentation for name resolution. - This includes removing the assumption that readers will be familiar with the - name resolution scheme Python used prior to the introduction of lexical - scoping for function namespaces. Patch by Ivan Levkivskyi. +- Issue #16181: cookiejar.http2time() now returns None if year is higher than + datetime.MAXYEAR. -- Issue #20769: Improve reload() docs. Patch by Dorian Pula. +- Issue #26513: Fixes platform module detection of Windows Server -- Issue #23589: Remove duplicate sentence from the FAQ. Patch by Yongzhi Pan. +- Issue #23718: Fixed parsing time in week 0 before Jan 1. Original patch by + Tamás Bence Gedai. -- Issue #24729: Correct IO tutorial to match implementation regarding - encoding parameter to open function. +- Issue #20589: Invoking Path.owner() and Path.group() on Windows now raise + NotImplementedError instead of ImportError. -- Issue #24351: Clarify what is meant by "identifier" in the context of - string.Template instances. +- Issue #26177: Fixed the keys() method for Canvas and Scrollbar widgets. -- Issue #22155: Add File Handlers subsection with createfilehandler to tkinter - doc. Remove obsolete example from FAQ. Patch by Martin Panter. +- Issue #15068: Got rid of excessive buffering in the fileinput module. + The bufsize parameter is no longer used. -- Issue #24029: Document the name binding behavior for submodule imports. +- Issue #2202: Fix UnboundLocalError in + AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu + Dupuy. -- Issue #24077: Fix typo in man page for -I command option: -s, not -S. +- Issue #25718: Fixed pickling and copying the accumulate() iterator with + total is None. -Tools/Demos ------------ +- Issue #26475: Fixed debugging output for regular expressions with the (?x) + flag. -- Issue #25440: Fix output of python-config --extension-suffix. +- Issue #26457: Fixed the subnets() methods in IP network classes for the case + when resulting prefix length is equal to maximal prefix length. + Based on patch by Xiang Zhang. -- Issue #23330: h2py now supports arbitrary filenames in #include. +- Issue #26385: Remove the file if the internal open() call in + NamedTemporaryFile() fails. Patch by Silent Ghost. -- Issue #24031: make patchcheck now supports git checkouts, too. +- Issue #26402: Fix XML-RPC client to retry when the server shuts down a + persistent connection. This was a regression related to the new + http.client.RemoteDisconnected exception in 3.5.0a4. -Windows -------- +- Issue #25913: Leading ``<~`` is optional now in base64.a85decode() with + adobe=True. Patch by Swati Jaiswal. -- Issue #24306: Sets component ID for launcher to match 3.5 and later - to avoid downgrading. +- Issue #26186: Remove an invalid type check in importlib.util.LazyLoader. -- Issue #25022: Removed very outdated PC/example_nt/ directory. +- Issue #26367: importlib.__import__() raises SystemError like + builtins.__import__() when ``level`` is specified but without an accompanying + package specified. +- Issue #26309: In the "socketserver" module, shut down the request (closing + the connected socket) when verify_request() returns false. Patch by Aviv + Palivoda. -What's New in Python 3.4.3? -=========================== +- [Security] Issue #25939: On Windows open the cert store readonly in + ssl.enum_certificates. -Release date: 2015-02-23 +- Issue #25995: os.walk() no longer uses FDs proportional to the tree depth. -Core and Builtins ------------------ +- Issue #26117: The os.scandir() iterator now closes file descriptor not only + when the iteration is finished, but when it was failed with error. -- Issue #22735: Fix many edge cases (including crashes) involving custom mro() - implementations. +- Issue #25911: Restored support of bytes paths in os.walk() on Windows. -- Issue #22896: Avoid using PyObject_AsCharBuffer(), PyObject_AsReadBuffer() - and PyObject_AsWriteBuffer(). +- Issue #26045: Add UTF-8 suggestion to error message when posting a + non-Latin-1 string with http.client. -- Issue #21295: Revert some changes (issue #16795) to AST line numbers and - column offsets that constituted a regression. +- Issue #12923: Reset FancyURLopener's redirect counter even if there is an + exception. Based on patches by Brian Brazil and Daniel Rocco. -- Issue #21408: The default __ne__() now returns NotImplemented if __eq__() - returned NotImplemented. Original patch by Martin Panter. +- Issue #25945: Fixed a crash when unpickle the functools.partial object with + wrong state. Fixed a leak in failed functools.partial constructor. + "args" and "keywords" attributes of functools.partial have now always types + tuple and dict correspondingly. -- Issue #23321: Fixed a crash in str.decode() when error handler returned - replacment string longer than mailformed input data. +- Issue #26202: copy.deepcopy() now correctly copies range() objects with + non-atomic attributes. -- Issue #23048: Fix jumping out of an infinite while loop in the pdb. +- Issue #23076: Path.glob() now raises a ValueError if it's called with an + invalid pattern. Patch by Thomas Nyberg. -- Issue #20335: bytes constructor now raises TypeError when encoding or errors - is specified with non-string argument. Based on patch by Renaud Blanch. +- Issue #19883: Fixed possible integer overflows in zipimport. -- Issue #22335: Fix crash when trying to enlarge a bytearray to 0x7fffffff - bytes on a 32-bit platform. +- Issue #26227: On Windows, getnameinfo(), gethostbyaddr() and + gethostbyname_ex() functions of the socket module now decode the hostname + from the ANSI code page rather than UTF-8. -- Issue #22653: Fix an assertion failure in debug mode when doing a reentrant - dict insertion in debug mode. +- Issue #26147: xmlrpc now works with strings not encodable with used + non-UTF-8 encoding. -- Issue #22643: Fix integer overflow in Unicode case operations (upper, lower, - title, swapcase, casefold). +- Issue #25935: Garbage collector now breaks reference loops with OrderedDict. -- Issue #22604: Fix assertion error in debug mode when dividing a complex - number by (nan+0j). +- Issue #16620: Fixed AttributeError in msilib.Directory.glob(). -- Issue #22470: Fixed integer overflow issues in "backslashreplace", - "xmlcharrefreplace", and "surrogatepass" error handlers. +- Issue #26013: Added compatibility with broken protocol 2 pickles created + in old Python 3 versions (3.4.3 and lower). -- Issue #22520: Fix overflow checking when generating the repr of a unicode - object. +- Issue #25850: Use cross-compilation by default for 64-bit Windows. -- Issue #22519: Fix overflow checking in PyBytes_Repr. +- Issue #17633: Improve zipimport's support for namespace packages. -- Issue #22518: Fix integer overflow issues in latin-1 encoding. +- Issue #24705: Fix sysconfig._parse_makefile not expanding ${} vars + appearing before $() vars. -- Issue #23165: Perform overflow checks before allocating memory in the - _Py_char2wchar function. +- Issue #22138: Fix mock.patch behavior when patching descriptors. Restore + original values after patching. Patch contributed by Sean McCully. -Library -------- +- Issue #25672: In the ssl module, enable the SSL_MODE_RELEASE_BUFFERS mode + option if it is safe to do so. -- Issue #23399: pyvenv creates relative symlinks where possible. +- Issue #26012: Don't traverse into symlinks for ** pattern in + pathlib.Path.[r]glob(). -- Issue #23099: Closing io.BytesIO with exported buffer is rejected now to - prevent corrupting exported buffer. +- Issue #24120: Ignore PermissionError when traversing a tree with + pathlib.Path.[r]glob(). Patch by Ulrich Petri. -- Issue #23363: Fix possible overflow in itertools.permutations. +- Issue #25447: fileinput now uses sys.stdin as-is if it does not have a + buffer attribute (restores backward compatibility). -- Issue #23364: Fix possible overflow in itertools.product. +- Issue #25447: Copying the lru_cache() wrapper object now always works, + independedly from the type of the wrapped object (by returning the original + object unchanged). -- Issue #23366: Fixed possible integer overflow in itertools.combinations. +- Issue #24103: Fixed possible use after free in ElementTree.XMLPullParser. -- Issue #23369: Fixed possible integer overflow in - _json.encode_basestring_ascii. +- Issue #25860: os.fwalk() no longer skips remaining directories when error + occurs. Original patch by Samson Lee. -- Issue #23353: Fix the exception handling of generators in - PyEval_EvalFrameEx(). At entry, save or swap the exception state even if - PyEval_EvalFrameEx() is called with throwflag=0. At exit, the exception state - is now always restored or swapped, not only if why is WHY_YIELD or - WHY_RETURN. Patch co-written with Antoine Pitrou. +- Issue #25914: Fixed and simplified OrderedDict.__sizeof__. -- Issue #18518: timeit now rejects statements which can't be compiled outside - a function or a loop (e.g. "return" or "break"). +- Issue #25902: Fixed various refcount issues in ElementTree iteration. -- Issue #23094: Fixed readline with frames in Python implementation of pickle. +- Issue #25717: Restore the previous behaviour of tolerating most fstat() + errors when opening files. This was a regression in 3.5a1, and stopped + anonymous temporary files from working in special cases. -- Issue #23268: Fixed bugs in the comparison of ipaddress classes. +- Issue #24903: Fix regression in number of arguments compileall accepts when + '-d' is specified. The check on the number of arguments has been dropped + completely as it never worked correctly anyway. -- Issue #21408: Removed incorrect implementations of __ne__() which didn't - returned NotImplemented if __eq__() returned NotImplemented. The default - __ne__() now works correctly. +- Issue #25764: In the subprocess module, preserve any exception caused by + fork() failure when preexec_fn is used. -- Issue #19996: :class:`email.feedparser.FeedParser` now handles (malformed) - headers with no key rather than assuming the body has started. +- Issue #6478: _strptime's regexp cache now is reset after changing timezone + with time.tzset(). -- Issue #23248: Update ssl error codes from latest OpenSSL git master. +- Issue #14285: When executing a package with the "python -m package" option, + and package initialization fails, a proper traceback is now reported. The + "runpy" module now lets exceptions from package initialization pass back to + the caller, rather than raising ImportError. -- Issue #23098: 64-bit dev_t is now supported in the os module. +- Issue #19771: Also in runpy and the "-m" option, omit the irrelevant + message ". . . is a package and cannot be directly executed" if the package + could not even be initialized (e.g. due to a bad ``*.pyc`` file). -- Issue #23250: In the http.cookies module, capitalize "HttpOnly" and "Secure" - as they are written in the standard. +- Issue #25177: Fixed problem with the mean of very small and very large + numbers. As a side effect, statistics.mean and statistics.variance should + be significantly faster. -- Issue #23063: In the disutils' check command, fix parsing of reST with code or - code-block directives. +- Issue #25718: Fixed copying object with state with boolean value is false. -- Issue #23209, #23225: selectors.BaseSelector.close() now clears its internal - reference to the selector mapping to break a reference cycle. Initial patch - written by Martin Richard. +- Issue #10131: Fixed deep copying of minidom documents. Based on patch + by Marian Ganisin. -- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The - availability of the function is checked during the compilation. Patch written - by Bernard Spil. +- Issue #25725: Fixed a reference leak in pickle.loads() when unpickling + invalid data including tuple instructions. -- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now - uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not - :data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms - where :data:`~ssl.PROTOCOL_SSLv3` support is disabled. +- Issue #25663: In the Readline completer, avoid listing duplicate global + names, and search the global namespace before searching builtins. -- Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol - version. +- Issue #25688: Fixed file leak in ElementTree.iterparse() raising an error. -- Issue #23132: Mitigate regression in speed and clarity in functools.total_ordering. +- Issue #23914: Fixed SystemError raised by unpickler on broken pickle data. -- Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(), - instead of reading /dev/urandom, to get pseudo-random bytes. +- Issue #25691: Fixed crash on deleting ElementTree.Element attributes. -- Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and - fragment when it redirects to add a trailing slash. +- Issue #25624: ZipFile now always writes a ZIP_STORED header for directory + entries. Patch by Dingyuan Wang. -- Issue #23093: In the io, module allow more operations to work on detached - streams. +- Skip getaddrinfo if host is already resolved. + Patch by A. Jesse Jiryu Davis. -- Issue #19104: pprint now produces evaluable output for wrapped strings. +- Issue #26050: Add asyncio.StreamReader.readuntil() method. + Patch by Марк Коренберг. -- Issue #23071: Added missing names to codecs.__all__. Patch by Martin Panter. +- Issue #25924: Avoid unnecessary serialization of getaddrinfo(3) calls on + OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis. -- Issue #15513: Added a __sizeof__ implementation for pickle classes. +- Issue #26406: Avoid unnecessary serialization of getaddrinfo(3) calls on + current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis. -- Issue #19858: pickletools.optimize() now aware of the MEMOIZE opcode, can - produce more compact result and no longer produces invalid output if input - data contains MEMOIZE opcodes together with PUT or BINPUT opcodes. +- Issue #26848: Fix asyncio/subprocess.communicate() to handle empty input. + Patch by Jack O'Connor. -- Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port - value in the host header was set to "None". Patch by Demian Brecht. +- Issue #27040: Add loop.get_exception_handler method -- Issue #23016: A warning no longer produces an AttributeError when the program - is run with pythonw.exe. +- Issue #27041: asyncio: Add loop.create_future method -- Issue #21775: shutil.copytree(): fix crash when copying to VFAT. An exception - handler assumed that that OSError objects always have a 'winerror' attribute. - That is not the case, so the exception handler itself raised AttributeError - when run on Linux (and, presumably, any other non-Windows OS). - Patch by Greg Ward. +- Issue #27223: asyncio: Fix _read_ready and _write_ready to respect + _conn_lost. + Patch by Łukasz Langa. -- Issue #1218234: Fix inspect.getsource() to load updated source of - reloaded module. Initial patch by Berker Peksag. +- Issue #22970: asyncio: Fix inconsistency cancelling Condition.wait. + Patch by David Coles. -- Issue #22959: In the constructor of http.client.HTTPSConnection, prefer the - context's check_hostname attribute over the *check_hostname* parameter. +IDLE +---- -- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode - will return. This resolves CVE-2013-1753. +- Issue #5124: Paste with text selected now replaces the selection on X11. + This matches how paste works on Windows, Mac, most modern Linux apps, + and ttk widgets. Original patch by Serhiy Storchaka. -- Issue #22966: Fix __pycache__ pyc file name clobber when pyc_compile is - asked to compile a source file containing multiple dots in the source file - name. +- Issue #24759: Make clear in idlelib.idle_test.__init__ that the directory + is a private implementation of test.test_idle and tool for maintainers. -- Issue #21971: Update turtledemo doc and add module to the index. +- Issue #27196: Stop 'ThemeChanged' warnings when running IDLE tests. + These persisted after other warnings were suppressed in #20567. + Apply Serhiy Storchaka's update_idletasks solution to four test files. + Record this additional advice in idle_test/README.txt -- Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails. - Original patch by Martin Panter. +- Issue #20567: Revise idle_test/README.txt with advice about avoiding + tk warning messages from tests. Apply advice to several IDLE tests. -- Issue #22960: Add a context argument to xmlrpclib.ServerProxy constructor. +- Issue #27117: Make colorizer htest and turtledemo work with dark themes. + Move code for configuring text widget colors to a new function. -- Issue #22915: SAX parser now supports files opened with file descriptor or - bytes path. +- Issue #26673: When tk reports font size as 0, change to size 10. + Such fonts on Linux prevented the configuration dialog from opening. -- Issue #22609: Constructors and update methods of mapping classes in the - collections module now accept the self keyword argument. +- Issue #21939: Add test for IDLE's percolator. + Original patch by Saimadhav Heblikar. -- Issue #22788: Add *context* parameter to logging.handlers.HTTPHandler. +- Issue #21676: Add test for IDLE's replace dialog. + Original patch by Saimadhav Heblikar. -- Issue #22921: Allow SSLContext to take the *hostname* parameter even if - OpenSSL doesn't support SNI. +- Issue #18410: Add test for IDLE's search dialog. + Original patch by Westley Martínez. -- Issue #22894: TestCase.subTest() would cause the test suite to be stopped - when in failfast mode, even in the absence of failures. +- Issue #21703: Add test for IDLE's undo delegator. + Original patch by Saimadhav Heblikar . -- Issue #22638: SSLv3 is now disabled throughout the standard library. - It can still be enabled by instantiating a SSLContext manually. +- Issue #27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. -- Issue #22370: Windows detection in pathlib is now more robust. +- Issue #23977: Add more asserts to test_delegator. -- Issue #22841: Reject coroutines in asyncio add_signal_handler(). - Patch by Ludovic.Gasc. +- Issue #20640: Add tests for idlelib.configHelpSourceEdit. + Patch by Saimadhav Heblikar. -- Issue #22849: Fix possible double free in the io.TextIOWrapper constructor. +- In the 'IDLE-console differences' section of the IDLE doc, clarify + how running with IDLE affects sys.modules and the standard streams. -- Issue #12728: Different Unicode characters having the same uppercase but - different lowercase are now matched in case-insensitive regular expressions. +- Issue #25507: fix incorrect change in IOBinding that prevented printing. + Augment IOBinding htest to include all major IOBinding functions. -- Issue #22821: Fixed fcntl() with integer argument on 64-bit big-endian - platforms. +- Issue #25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION + MARK in README.txt and open this and NEWS.txt with 'ascii'. + Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. -- Issue #22406: Fixed the uu_codec codec incorrectly ported to 3.x. - Based on patch by Martin Panter. +Documentation +------------- -- Issue #17293: uuid.getnode() now determines MAC address on AIX using netstat. - Based on patch by Aivars Kalvāns. +- Issue #19489: Moved the search box from the sidebar to the header and footer + of each page. Patch by Ammar Askar. -- Issue #22769: Fixed ttk.Treeview.tag_has() when called without arguments. +- Issue #24136: Document the new PEP 448 unpacking syntax of 3.5. -- Issue #22417: Verify certificates by default in httplib (PEP 476). +- Issue #26736: Used HTTPS for external links in the documentation if possible. -- Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2 - and above. Patch by Tim Graham. +- Issue #6953: Rework the Readline module documentation to group related + functions together, and add more details such as what underlying Readline + functions and variables are accessed. -- Issue #22366: urllib.request.urlopen will accept a context object - (SSLContext) as an argument which will then used be for HTTPS connection. - Patch by Alex Gaynor. +- Issue #23606: Adds note to ctypes documentation regarding cdll.msvcrt. -- Issue #22776: Brought excluded code into the scope of a try block in - SysLogHandler.emit(). +- Issue #25500: Fix documentation to not claim that __import__ is searched for + in the global scope. -- Issue #22665: Add missing get_terminal_size and SameFileError to - shutil.__all__. +- Issue #26014: Update 3.x packaging documentation: + * "See also" links to the new docs are now provided in the legacy pages + * links to setuptools documentation have been updated -- Issue #17381: Fixed handling of case-insensitive ranges in regular - expressions. +Tests +----- -- Issue #22410: Module level functions in the re module now cache compiled - locale-dependent regular expressions taking into account the locale. +- Issue #21916: Added tests for the turtle module. Patch by ingrid, + Gregory Loyse and Jelle Zijlstra. -- Issue #22759: Query methods on pathlib.Path() (exists(), is_dir(), etc.) - now return False when the underlying stat call raises NotADirectoryError. +- Issue #26523: The multiprocessing thread pool (multiprocessing.dummy.Pool) + was untested. -- Issue #8876: distutils now falls back to copying files when hard linking - doesn't work. This allows use with special filesystems such as VirtualBox - shared folders. +- Issue #26015: Added new tests for pickling iterators of mutable sequences. -- Issue #18853: Fixed ResourceWarning in shlex.__nain__. +- Issue #26325: Added test.support.check_no_resource_warning() to check that + no ResourceWarning is emitted. -- Issue #9351: Defaults set with set_defaults on an argparse subparser - are no longer ignored when also set on the parent parser. +- Issue #25940: Changed test_ssl to use self-signed.pythontest.net. This + avoids relying on svn.python.org, which recently changed root certificate. -- Issue #21991: Make email.headerregistry's header 'params' attributes - be read-only (MappingProxyType). Previously the dictionary was modifiable - but a new one was created on each access of the attribute. +- Issue #25616: Tests for OrderedDict are extracted from test_collections + into separate file test_ordered_dict. -- Issue #22641: In asyncio, the default SSL context for client connections - is now created using ssl.create_default_context(), for stronger security. +- Issue #26583: Skip test_timestamp_overflow in test_import if bytecode + files cannot be written. -- Issue #22435: Fix a file descriptor leak when SocketServer bind fails. +Build +----- -- Issue #13096: Fixed segfault in CTypes POINTER handling of large - values. +- Issue #26884: Fix linking extension modules for cross builds. + Patch by Xavier de Gaye. -- Issue #11694: Raise ConversionError in xdrlib as documented. Patch - by Filip Gruszczyński and Claudiu Popa. +- Issue #22359: Disable the rules for running _freeze_importlib and pgen when + cross-compiling. The output of these programs is normally saved with the + source code anyway, and is still regenerated when doing a native build. + Patch by Xavier de Gaye. -- Issue #22462: Fix pyexpat's creation of a dummy frame to make it - appear in exception tracebacks. +- Issue #27229: Fix the cross-compiling pgen rule for in-tree builds. Patch + by Xavier de Gaye. -- Issue #21173: Fix len() on a WeakKeyDictionary when .clear() was called - with an iterator alive. +- Issue #21668: Link audioop, _datetime, _ctypes_test modules to libm, + except on Mac OS X. Patch written by Xavier de Gaye. -- Issue #11866: Eliminated race condition in the computation of names - for new threads. +- Issue #25702: A --with-lto configure option has been added that will + enable link time optimizations at build time during a make profile-opt. + Some compilers and toolchains are known to not produce stable code when + using LTO, be sure to test things thoroughly before relying on it. + It can provide a few % speed up over profile-opt alone. -- Issue #21905: Avoid RuntimeError in pickle.whichmodule() when sys.modules - is mutated while iterating. Patch by Olivier Grisel. +- Issue #26624: Adds validation of ucrtbase[d].dll version with warning + for old versions. -- Issue #22219: The zipfile module CLI now adds entries for directories - (including empty directories) in ZIP file. +- Issue #17603: Avoid error about nonexistant fileblocks.o file by using a + lower-level check for st_blocks in struct stat. -- Issue #22449: In the ssl.SSLContext.load_default_certs, consult the - environmental variables SSL_CERT_DIR and SSL_CERT_FILE on Windows. +- Issue #26079: Fixing the build output folder for tix-8.4.3.6. Patch by + Bjoern Thiel. -- Issue #20076: Added non derived UTF-8 aliases to locale aliases table. +- Issue #26465: Update Windows builds to use OpenSSL 1.0.2g. -- Issue #20079: Added locales supported in glibc 2.18 to locale alias table. +- Issue #24421: Compile Modules/_math.c once, before building extensions. + Previously it could fail to compile properly if the math and cmath builds + were concurrent. -- Issue #22396: On 32-bit AIX platform, don't expose os.posix_fadvise() nor - os.posix_fallocate() because their prototypes in system headers are wrong. +- Issue #25348: Added ``--pgo`` and ``--pgo-job`` arguments to + ``PCbuild\build.bat`` for building with Profile-Guided Optimization. The + old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls + ``PCbuild\build.bat --pgo %*``. -- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its - weakrefs. +- Issue #25827: Add support for building with ICC to ``configure``, including + a new ``--with-icc`` flag. -- Issue #22448: Improve canceled timer handles cleanup to prevent - unbound memory usage. Patch by Joshua Moore-Oliva. +- Issue #25696: Fix installation of Python on UNIX with make -j9. -- Issue #23009: Make sure selectors.EpollSelecrtor.select() works when no - FD is registered. +- Issue #26930: Update OS X 10.5+ 32-bit-only installer to build + and link with OpenSSL 1.0.2h. -IDLE ----- +- Issue #26268: Update Windows builds to use OpenSSL 1.0.2f. -- Issue #20577: Configuration of the max line length for the FormatParagraph - extension has been moved from the General tab of the Idle preferences dialog - to the FormatParagraph tab of the Config Extensions dialog. - Patch by Tal Einat. +- Issue #25136: Support Apple Xcode 7's new textual SDK stub libraries. -- Issue #16893: Update Idle doc chapter to match current Idle and add new - information. +- Issue #24324: Do not enable unreachable code warnings when using + gcc as the option does not work correctly in older versions of gcc + and has been silently removed as of gcc-4.5. -- Issue #3068: Add Idle extension configuration dialog to Options menu. - Changes are written to HOME/.idlerc/config-extensions.cfg. - Original patch by Tal Einat. +Windows +------- -- Issue #16233: A module browser (File : Class Browser, Alt+C) requires an - editor window with a filename. When Class Browser is requested otherwise, - from a shell, output window, or 'Untitled' editor, Idle no longer displays - an error box. It now pops up an Open Module box (Alt+M). If a valid name - is entered and a module is opened, a corresponding browser is also opened. +- Issue #27053: Updates make_zip.py to correctly generate library ZIP file. -- Issue #4832: Save As to type Python files automatically adds .py to the - name you enter (even if your system does not display it). Some systems - automatically add .txt when type is Text files. +- Issue #26268: Update the prepare_ssl.py script to handle OpenSSL releases + that don't include the contents of the include directory (that is, 1.0.2e + and later). -- Issue #21986: Code objects are not normally pickled by the pickle module. - To match this, they are no longer pickled when running under Idle. +- Issue #26071: bdist_wininst created binaries fail to start and find + 32bit Python -- Issue #23180: Rename IDLE "Windows" menu item to "Window". - Patch by Al Sweigart. +- Issue #26073: Update the list of magic numbers in launcher -Tests ------ +- Issue #26065: Excludes venv from library when generating embeddable + distro. -- Issue #23392: Added tests for marshal C API that works with FILE*. +Tools/Demos +----------- -- Issue #18982: Add tests for CLI of the calendar module. +- Issue #26799: Fix python-gdb.py: don't get C types once when the Python code + is loaded, but get C types on demand. The C types can change if + python-gdb.py is loaded before the Python executable. Patch written by Thomas + Ilsche. -- Issue #19548: Added some additional checks to test_codecs to ensure that - statements in the updated documentation remain accurate. Patch by Martin - Panter. +- Issue #26271: Fix the Freeze tool to properly use flags passed through + configure. Patch by Daniel Shaulov. -- Issue #22838: All test_re tests now work with unittest test discovery. +- Issue #26489: Add dictionary unpacking support to Tools/parser/unparse.py. + Patch by Guo Ci Teo. -- Issue #22173: Update lib2to3 tests to use unittest test discovery. +- Issue #26316: Fix variable name typo in Argument Clinic. -- Issue #16000: Convert test_curses to use unittest. +Misc +---- -- Issue #21456: Skip two tests in test_urllib2net.py if _ssl module not - present. Patch by Remi Pointel. +- Issue #17500, and https://github.com/python/pythondotorg/issues/945: Remove + unused and outdated icons. -- Issue #22770: Prevent some Tk segfaults on OS X when running gui tests. -- Issue #23211: Workaround test_logging failure on some OS X 10.6 systems. +What's New in Python 3.5.1 final? +================================= -- Issue #23345: Prevent test_ssl failures with large OpenSSL patch level - values (like 0.9.8zc). +Release date: 2015-12-06 -- Issue #22289: Prevent test_urllib2net failures due to ftp connection timeout. +Core and Builtins +----------------- -Build ------ +- Issue #25709: Fixed problem with in-place string concatenation and + utf-8 cache. -- Issue #15506: Use standard PKG_PROG_PKG_CONFIG autoconf macro in the configure - script. +Windows +------- -- Issue #22935: Allow the ssl module to be compiled if openssl doesn't support - SSL 3. +- Issue #25715: Python 3.5.1 installer shows wrong upgrade path and incorrect + logic for launcher detection. -- Issue #16537: Check whether self.extensions is empty in setup.py. Patch by - Jonathan Hosmer. -- Issue #18096: Fix library order returned by python-config. +What's New in Python 3.5.1 release candidate 1? +=============================================== -- Issue #17219: Add library build dir for Python extension cross-builds. +Release date: 2015-11-22 -- Issue #17128: Use private version of OpenSSL for 3.4.3 OS X 10.5+ installer. +Core and Builtins +----------------- -C API ------ +- Issue #25630: Fix a possible segfault during argument parsing in functions + that accept filesystem paths. -- Issue #22079: PyType_Ready() now checks that statically allocated type has - no dynamically allocated bases. +- Issue #23564: Fixed a partially broken sanity check in the _posixsubprocess + internals regarding how fds_to_pass were passed to the child. The bug had + no actual impact as subprocess.py already avoided it. -Documentation -------------- +- Issue #25388: Fixed tokenizer crash when processing undecodable source code + with a null byte. -- Issue #19548: Update the codecs module documentation to better cover the - distinction between text encodings and other codecs, together with other - clarifications. Patch by Martin Panter. +- Issue #25462: The hash of the key now is calculated only once in most + operations in C implementation of OrderedDict. -- Issue #22914: Update the Python 2/3 porting HOWTO to describe a more automated - approach. +- Issue #22995: Default implementation of __reduce__ and __reduce_ex__ now + rejects builtin types with not defined __new__. -- Issue #21514: The documentation of the json module now refers to new JSON RFC - 7159 instead of obsoleted RFC 4627. +- Issue #25555: Fix parser and AST: fill lineno and col_offset of "arg" node + when compiling AST from Python objects. -Tools/Demos ------------ +- Issue #24802: Avoid buffer overreads when int(), float(), compile(), exec() + and eval() are passed bytes-like objects. These objects are not + necessarily terminated by a null byte, but the functions assumed they were. -- Issue #22314: pydoc now works when the LINES environment variable is set. +- Issue #24726: Fixed a crash and leaking NULL in repr() of OrderedDict that + was mutated by direct calls of dict methods. -Windows -------- +- Issue #25449: Iterating OrderedDict with keys with unstable hash now raises + KeyError in C implementations as well as in Python implementation. -- Issue #17896: The Windows build scripts now expect external library sources - to be in ``PCbuild\..\externals`` rather than ``PCbuild\..\..``. +- Issue #25395: Fixed crash when highly nested OrderedDict structures were + garbage collected. -- Issue #17717: The Windows build scripts now use a copy of NASM pulled from - svn.python.org to build OpenSSL. +- Issue #25274: sys.setrecursionlimit() now raises a RecursionError if the new + recursion limit is too low depending at the current recursion depth. Modify + also the "lower-water mark" formula to make it monotonic. This mark is used + to decide when the overflowed flag of the thread state is reset. -- Issue #22644: The bundled version of OpenSSL has been updated to 1.0.1j. +- Issue #24402: Fix input() to prompt to the redirected stdout when + sys.stdout.fileno() fails. +- Issue #24806: Prevent builtin types that are not allowed to be subclassed from + being subclassed through multiple inheritance. -What's New in Python 3.4.2? -=========================== +- Issue #24848: Fixed a number of bugs in UTF-7 decoding of misformed data. + +- Issue #25280: Import trace messages emitted in verbose (-v) mode are no + longer formatted twice. + +- Issue #25003: On Solaris 11.3 or newer, os.urandom() now uses the + getrandom() function instead of the getentropy() function. The getentropy() + function is blocking to generate very good quality entropy, os.urandom() + doesn't need such high-quality entropy. -Release date: 2014-10-06 +- Issue #25182: The stdprinter (used as sys.stderr before the io module is + imported at startup) now uses the backslashreplace error handler. + +- Issue #25131: Make the line number and column offset of set/dict literals and + comprehensions correspond to the opening brace. + +- Issue #25150: Hide the private _Py_atomic_xxx symbols from the public + Python.h header to fix a compilation error with OpenMP. PyThreadState_GET() + becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies. Library -------