1.. bpo: 33001 2.. date: 2018-03-05-10-09-51 3.. nonce: elj4Aa 4.. release date: 2018-03-13 5.. section: Security 6 7Minimal fix to prevent buffer overrun in os.symlink on Windows 8 9.. 10 11.. bpo: 32981 12.. date: 2018-03-02-10-24-52 13.. nonce: O_qDyj 14.. section: Security 15 16Regexes in difflib and poplib were vulnerable to catastrophic backtracking. 17These regexes formed potential DOS vectors (REDOS). They have been 18refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch by Jamie 19Davis. 20 21.. 22 23.. bpo: 33026 24.. date: 2018-03-08-09-48-38 25.. nonce: QZA3Ba 26.. section: Core and Builtins 27 28Fixed jumping out of "with" block by setting f_lineno. 29 30.. 31 32.. bpo: 17288 33.. date: 2018-02-27-13-36-21 34.. nonce: Gdj24S 35.. section: Core and Builtins 36 37Prevent jumps from 'return' and 'exception' trace events. 38 39.. 40 41.. bpo: 32889 42.. date: 2018-02-20-21-53-48 43.. nonce: J6eWy5 44.. section: Core and Builtins 45 46Update Valgrind suppression list to account for the rename of 47``Py_ADDRESS_IN_RANG`` to ``address_in_range``. 48 49.. 50 51.. bpo: 32650 52.. date: 2018-01-28-23-01-39 53.. nonce: Bbi7ek 54.. section: Core and Builtins 55 56Pdb and other debuggers dependent on bdb.py will correctly step over (next 57command) native coroutines. Patch by Pablo Galindo. 58 59.. 60 61.. bpo: 32685 62.. date: 2018-01-28-12-25-06 63.. nonce: nGctze 64.. section: Core and Builtins 65 66Improve suggestion when the Python 2 form of print statement is either 67present on the same line as the header of a compound statement or else 68terminated by a semi-colon instead of a newline. Patch by Nitish Chandra. 69 70.. 71 72.. bpo: 32583 73.. date: 2018-01-26-21-20-21 74.. nonce: Fh3fau 75.. section: Core and Builtins 76 77Fix possible crashing in builtin Unicode decoders caused by write 78out-of-bound errors when using customized decode error handlers. 79 80.. 81 82.. bpo: 26163 83.. date: 2018-01-14-20-32-47 84.. nonce: xv9Iuv 85.. section: Core and Builtins 86 87Improved frozenset() hash to create more distinct hash values when faced 88with datasets containing many similar values. 89 90.. 91 92.. bpo: 27169 93.. date: 2017-12-15-11-50-06 94.. nonce: VO84fQ 95.. section: Core and Builtins 96 97The ``__debug__`` constant is now optimized out at compile time. This fixes 98also bpo-22091. 99 100.. 101 102.. bpo: 32329 103.. date: 2017-12-15-00-55-35 104.. nonce: XL1O99 105.. section: Core and Builtins 106 107``sys.flags.hash_randomization`` is now properly set to 0 when hash 108randomization is turned off by ``PYTHONHASHSEED=0``. 109 110.. 111 112.. bpo: 30416 113.. date: 2017-12-14-11-48-19 114.. nonce: hlHo_9 115.. section: Core and Builtins 116 117The optimizer is now protected from spending much time doing complex 118calculations and consuming much memory for creating large constants in 119constant folding. 120 121.. 122 123.. bpo: 18533 124.. date: 2017-12-13-16-46-23 125.. nonce: Dlk8d7 126.. section: Core and Builtins 127 128``repr()`` on a dict containing its own ``values()`` or ``items()`` no 129longer raises ``RecursionError``; OrderedDict similarly. Instead, use 130``...``, as for other recursive structures. Patch by Ben North. 131 132.. 133 134.. bpo: 32028 135.. date: 2017-12-03-22-29-13 136.. nonce: KC2w4Q 137.. section: Core and Builtins 138 139Leading whitespace is now correctly ignored when generating suggestions for 140converting Py2 print statements to Py3 builtin print function calls. Patch 141by Sanyam Khurana. 142 143.. 144 145.. bpo: 32137 146.. date: 2017-11-26-14-36-30 147.. nonce: Stj5nL 148.. section: Core and Builtins 149 150The repr of deeply nested dict now raises a RecursionError instead of 151crashing due to a stack overflow. 152 153.. 154 155.. bpo: 33064 156.. date: 2018-03-12-19-58-25 157.. nonce: LO2KIY 158.. section: Library 159 160lib2to3 now properly supports trailing commas after ``*args`` and 161``**kwargs`` in function signatures. 162 163.. 164 165.. bpo: 31804 166.. date: 2018-03-11-19-03-52 167.. nonce: i8KUMp 168.. section: Library 169 170Avoid failing in multiprocessing.Process if the standard streams are closed 171or None at exit. 172 173.. 174 175.. bpo: 33037 176.. date: 2018-03-09-23-07-07 177.. nonce: nAJ3at 178.. section: Library 179 180Skip sending/receiving data after SSL transport closing. 181 182.. 183 184.. bpo: 30353 185.. date: 2018-03-08-09-54-01 186.. nonce: XdE5aM 187.. section: Library 188 189Fix ctypes pass-by-value for structs on 64-bit Cygwin/MinGW. 190 191.. 192 193.. bpo: 33009 194.. date: 2018-03-06-11-54-59 195.. nonce: -Ekysb 196.. section: Library 197 198Fix inspect.signature() for single-parameter partialmethods. 199 200.. 201 202.. bpo: 32969 203.. date: 2018-03-06-00-19-41 204.. nonce: rGTKa0 205.. section: Library 206 207Expose several missing constants in zlib and fix corresponding 208documentation. 209 210.. 211 212.. bpo: 32713 213.. date: 2018-02-26-13-16-36 214.. nonce: 55yegW 215.. section: Library 216 217Fixed tarfile.itn handling of out-of-bounds float values. Patch by Joffrey 218Fuhrer. 219 220.. 221 222.. bpo: 30622 223.. date: 2018-02-24-21-40-42 224.. nonce: dQjxSe 225.. section: Library 226 227The ssl module now detects missing NPN support in LibreSSL. 228 229.. 230 231.. bpo: 32922 232.. date: 2018-02-23-19-12-04 233.. nonce: u-xe0B 234.. section: Library 235 236dbm.open() now encodes filename with the filesystem encoding rather than 237default encoding. 238 239.. 240 241.. bpo: 32859 242.. date: 2018-02-19-17-46-31 243.. nonce: kAT-Xp 244.. section: Library 245 246In ``os.dup2``, don't check every call whether the ``dup3`` syscall exists 247or not. 248 249.. 250 251.. bpo: 21060 252.. date: 2018-02-17-19-20-19 253.. nonce: S1Z-x6 254.. section: Library 255 256Rewrite confusing message from setup.py upload from "No dist file created in 257earlier command" to the more helpful "Must create and upload files in one 258command". 259 260.. 261 262.. bpo: 32857 263.. date: 2018-02-16-14-37-14 264.. nonce: -XljAx 265.. section: Library 266 267In :mod:`tkinter`, ``after_cancel(None)`` now raises a :exc:`ValueError` 268instead of canceling the first scheduled function. Patch by Cheryl Sabella. 269 270.. 271 272.. bpo: 32852 273.. date: 2018-02-15-12-04-29 274.. nonce: HDqIxM 275.. section: Library 276 277Make sure sys.argv remains as a list when running trace. 278 279.. 280 281.. bpo: 32841 282.. date: 2018-02-14-00-21-24 283.. nonce: bvHDOc 284.. section: Library 285 286Fixed `asyncio.Condition` issue which silently ignored cancellation after 287notifying and cancelling a conditional lock. Patch by Bar Harel. 288 289.. 290 291.. bpo: 31787 292.. date: 2018-02-09-21-41-56 293.. nonce: owSZ2t 294.. section: Library 295 296Fixed refleaks of ``__init__()`` methods in various modules. (Contributed by 297Oren Milman) 298 299.. 300 301.. bpo: 30157 302.. date: 2018-02-09-14-44-43 303.. nonce: lEiiAK 304.. section: Library 305 306Fixed guessing quote and delimiter in csv.Sniffer.sniff() when only the last 307field is quoted. Patch by Jake Davis. 308 309.. 310 311.. bpo: 32394 312.. date: 2018-02-08-08-18-26 313.. nonce: 6E_7X7 314.. section: Library 315 316socket: Remove TCP_FASTOPEN, TCP_KEEPCNT flags on older version Windows 317during run-time. 318 319.. 320 321.. bpo: 32777 322.. date: 2018-02-05-21-28-28 323.. nonce: C-wIXF 324.. section: Library 325 326Fix a rare but potential pre-exec child process deadlock in subprocess on 327POSIX systems when marking file descriptors inheritable on exec in the child 328process. This bug appears to have been introduced in 3.4. 329 330.. 331 332.. bpo: 32647 333.. date: 2018-02-05-13-31-42 334.. nonce: ktmfR_ 335.. section: Library 336 337The ctypes module used to depend on indirect linking for dlopen. The shared 338extension is now explicitly linked against libdl on platforms with dl. 339 340.. 341 342.. bpo: 32734 343.. date: 2018-02-01-01-34-47 344.. nonce: gCV9AD 345.. section: Library 346 347Fixed ``asyncio.Lock()`` safety issue which allowed acquiring and locking 348the same lock multiple times, without it being free. Patch by Bar Harel. 349 350.. 351 352.. bpo: 32727 353.. date: 2018-01-30-17-46-18 354.. nonce: aHVsRC 355.. section: Library 356 357Do not include name field in SMTP envelope from address. Patch by Stéphane 358Wirtel 359 360.. 361 362.. bpo: 27931 363.. date: 2018-01-25-21-04-11 364.. nonce: e4r52t 365.. section: Library 366 367Fix email address header parsing error when the username is an empty quoted 368string. Patch by Xiang Zhang. 369 370.. 371 372.. bpo: 32304 373.. date: 2018-01-21-16-33-53 374.. nonce: TItrNv 375.. section: Library 376 377distutils' upload command no longer corrupts tar files ending with a CR 378byte, and no longer tries to convert CR to CRLF in any of the upload text 379fields. 380 381.. 382 383.. bpo: 32502 384.. date: 2018-01-20-17-15-34 385.. nonce: OXJfn7 386.. section: Library 387 388uuid.uuid1 no longer raises an exception if a 64-bit hardware address is 389encountered. 390 391.. 392 393.. bpo: 31848 394.. date: 2018-01-18-23-34-17 395.. nonce: M2cldy 396.. section: Library 397 398Fix the error handling in Aifc_read.initfp() when the SSND chunk is not 399found. Patch by Zackery Spytz. 400 401.. 402 403.. bpo: 32555 404.. date: 2018-01-15-17-52-47 405.. nonce: CMq2zF 406.. section: Library 407 408On FreeBSD and Solaris, os.strerror() now always decode the byte string from 409the current locale encoding, rather than using ASCII/surrogateescape in some 410cases. 411 412.. 413 414.. bpo: 32521 415.. date: 2018-01-15-12-53-13 416.. nonce: IxX4Ba 417.. section: Library 418 419The nis module is now compatible with new libnsl and headers location. 420 421.. 422 423.. bpo: 32473 424.. date: 2018-01-10-20-37-59 425.. nonce: mP_yJG 426.. section: Library 427 428Improve ABCMeta._dump_registry() output readability 429 430.. 431 432.. bpo: 32521 433.. date: 2018-01-08-18-02-33 434.. nonce: Kh-KoN 435.. section: Library 436 437glibc has removed Sun RPC. Use replacement libtirpc headers and library in 438nis module. 439 440.. 441 442.. bpo: 32228 443.. date: 2017-12-22-16-47-41 444.. nonce: waPx3q 445.. section: Library 446 447Ensure that ``truncate()`` preserves the file position (as reported by 448``tell()``) after writes longer than the buffer size. 449 450.. 451 452.. bpo: 26133 453.. date: 2017-12-21-11-08-42 454.. nonce: mt81QV 455.. section: Library 456 457Don't unsubscribe signals in asyncio UNIX event loop on interpreter 458shutdown. 459 460.. 461 462.. bpo: 32185 463.. date: 2017-12-20-09-25-10 464.. nonce: IL0cMt 465.. section: Library 466 467The SSL module no longer sends IP addresses in SNI TLS extension on 468platforms with OpenSSL 1.0.2+ or inet_pton. 469 470.. 471 472.. bpo: 32323 473.. date: 2017-12-14-10-10-10 474.. nonce: ideco 475.. section: Library 476 477:func:`urllib.parse.urlsplit()` does not convert zone-id (scope) to lower 478case for scoped IPv6 addresses in hostnames now. 479 480.. 481 482.. bpo: 32302 483.. date: 2017-12-13-22-38-08 484.. nonce: othtTr 485.. section: Library 486 487Fix bdist_wininst of distutils for CRT v142: it binary compatible with CRT 488v140. 489 490.. 491 492.. bpo: 32255 493.. date: 2017-12-12-07-29-06 494.. nonce: 2bfNmM 495.. section: Library 496 497A single empty field is now always quoted when written into a CSV file. This 498allows to distinguish an empty row from a row consisting of a single empty 499field. Patch by Licht Takeuchi. 500 501.. 502 503.. bpo: 32277 504.. date: 2017-12-11-09-53-14 505.. nonce: jkKiVC 506.. section: Library 507 508Raise ``NotImplementedError`` instead of ``SystemError`` on platforms where 509``chmod(..., follow_symlinks=False)`` is not supported. Patch by Anthony 510Sottile. 511 512.. 513 514.. bpo: 32199 515.. date: 2017-12-04-12-23-26 516.. nonce: nGof4v 517.. section: Library 518 519The getnode() ip getter now uses 'ip link' instead of 'ip link list'. 520 521.. 522 523.. bpo: 27456 524.. date: 2017-11-02-11-57-41 525.. nonce: snzyTC 526.. section: Library 527 528Ensure TCP_NODELAY is set on Linux. Tests by Victor Stinner. 529 530.. 531 532.. bpo: 31900 533.. date: 2017-10-30-15-55-32 534.. nonce: -S9xc4 535.. section: Library 536 537The :func:`locale.localeconv` function now sets temporarily the ``LC_CTYPE`` 538locale to the ``LC_NUMERIC`` locale to decode ``decimal_point`` and 539``thousands_sep`` byte strings if they are non-ASCII or longer than 1 byte, 540and the ``LC_NUMERIC`` locale is different than the ``LC_CTYPE`` locale. 541This temporary change affects other threads. 542Same change for the :meth:`str.format` method when formatting a number 543(:class:`int`, :class:`float`, :class:`float` and subclasses) with the ``n`` 544type (ex: ``'{:n}'.format(1234)``). 545 546.. 547 548.. bpo: 31802 549.. date: 2017-10-17-14-52-14 550.. nonce: sYj2Zv 551.. section: Library 552 553Importing native path module (``posixpath``, ``ntpath``) now works even if 554the ``os`` module still is not imported. 555 556.. 557 558.. bpo: 17232 559.. date: 2018-02-23-12-48-03 560.. nonce: tmuTKL 561.. section: Documentation 562 563Clarify docs for -O and -OO. Patch by Terry Reedy. 564 565.. 566 567.. bpo: 32800 568.. date: 2018-02-10-15-16-04 569.. nonce: FyrqCk 570.. section: Documentation 571 572Update link to w3c doc for xml default namespaces. 573 574.. 575 576.. bpo: 8722 577.. date: 2018-02-03-06-11-37 578.. nonce: MPyVyj 579.. section: Documentation 580 581Document :meth:`__getattr__` behavior when property :meth:`get` method 582raises :exc:`AttributeError`. 583 584.. 585 586.. bpo: 32614 587.. date: 2018-02-02-07-41-57 588.. nonce: LSqzGw 589.. section: Documentation 590 591Modify RE examples in documentation to use raw strings to prevent 592:exc:`DeprecationWarning` and add text to REGEX HOWTO to highlight the 593deprecation. 594 595.. 596 597.. bpo: 31972 598.. date: 2018-01-25-14-23-12 599.. nonce: w1m_8r 600.. section: Documentation 601 602Improve docstrings for `pathlib.PurePath` subclasses. 603 604.. 605 606.. bpo: 17799 607.. date: 2018-01-22-21-13-46 608.. nonce: rdZ-Vk 609.. section: Documentation 610 611Explain real behaviour of sys.settrace and sys.setprofile and their C-API 612counterparts regarding which type of events are received in each function. 613Patch by Pablo Galindo Salgado. 614 615.. 616 617.. bpo: 32517 618.. date: 2018-03-09-07-05-12 619.. nonce: ugc1iW 620.. section: Tests 621 622Fix failing ``test_asyncio`` on macOS 10.12.2+ due to transport of 623``KqueueSelector`` loop was not being closed. 624 625.. 626 627.. bpo: 32721 628.. date: 2018-01-29-21-30-44 629.. nonce: 2Bebm1 630.. section: Tests 631 632Fix test_hashlib to not fail if the _md5 module is not built. 633 634.. 635 636.. bpo: 32252 637.. date: 2017-12-11-13-31-33 638.. nonce: YnFw7J 639.. section: Tests 640 641Fix faulthandler_suppress_crash_report() used to prevent core dump files 642when testing crashes. getrlimit() returns zero on success. 643 644.. 645 646.. bpo: 31518 647.. date: 2017-09-19-20-48-50 648.. nonce: KwTMMz 649.. section: Tests 650 651Debian Unstable has disabled TLS 1.0 and 1.1 for SSLv23_METHOD(). Change 652TLS/SSL protocol of some tests to PROTOCOL_TLS or PROTOCOL_TLSv1_2 to make 653them pass on Debian. 654 655.. 656 657.. bpo: 32635 658.. date: 2018-01-23-15-33-40 659.. nonce: qHwIZy 660.. section: Build 661 662Fix segfault of the crypt module when libxcrypt is provided instead of 663libcrypt at the system. 664 665.. 666 667.. bpo: 33016 668.. date: 2018-03-07-01-33-33 669.. nonce: Z_Med0 670.. section: Windows 671 672Fix potential use of uninitialized memory in nt._getfinalpathname 673 674.. 675 676.. bpo: 32903 677.. date: 2018-02-28-11-03-24 678.. nonce: 1SXY4t 679.. section: Windows 680 681Fix a memory leak in os.chdir() on Windows if the current directory is set 682to a UNC path. 683 684.. 685 686.. bpo: 31966 687.. date: 2018-02-19-13-54-42 688.. nonce: _Q3HPb 689.. section: Windows 690 691Fixed WindowsConsoleIO.write() for writing empty data. 692 693.. 694 695.. bpo: 32409 696.. date: 2018-02-19-10-00-57 697.. nonce: nocuDg 698.. section: Windows 699 700Ensures activate.bat can handle Unicode contents. 701 702.. 703 704.. bpo: 32457 705.. date: 2018-02-19-08-54-06 706.. nonce: vVP0Iz 707.. section: Windows 708 709Improves handling of denormalized executable path when launching Python. 710 711.. 712 713.. bpo: 32370 714.. date: 2018-02-10-15-38-19 715.. nonce: kcKuct 716.. section: Windows 717 718Use the correct encoding for ipconfig output in the uuid module. Patch by 719Segev Finer. 720 721.. 722 723.. bpo: 29248 724.. date: 2018-02-07-17-50-48 725.. nonce: Xzwj-6 726.. section: Windows 727 728Fix :func:`os.readlink` on Windows, which was mistakenly treating the 729``PrintNameOffset`` field of the reparse data buffer as a number of 730characters instead of bytes. Patch by Craig Holmquist and SSE4. 731 732.. 733 734.. bpo: 32588 735.. date: 2018-01-18-14-56-45 736.. nonce: vHww6F 737.. section: Windows 738 739Create standalone _distutils_findvs module. 740 741.. 742 743.. bpo: 32726 744.. date: 2018-03-13-21-00-20 745.. nonce: Mticyn 746.. section: macOS 747 748Provide an additional, more modern macOS installer variant that supports 749macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied third-party 750libraries to OpenSSL 1.0.2n, XZ 5.2.3, and SQLite 3.22.0. The 10.9+ 751installer now links with and supplies its own copy of Tcl/Tk 8.6.8. 752 753.. 754 755.. bpo: 32984 756.. date: 2018-03-05-01-29-05 757.. nonce: NGjgT4 758.. section: IDLE 759 760Set ``__file__`` while running a startup file. Like Python, IDLE optionally 761runs one startup file in the Shell window before presenting the first 762interactive input prompt. For IDLE, ``-s`` runs a file named in 763environmental variable :envvar:`IDLESTARTUP` or :envvar:`PYTHONSTARTUP`; 764``-r file`` runs ``file``. Python sets ``__file__`` to the startup file 765name before running the file and unsets it before the first prompt. IDLE 766now does the same when run normally, without the ``-n`` option. 767 768.. 769 770.. bpo: 32940 771.. date: 2018-02-24-18-20-50 772.. nonce: ZaJ1Rf 773.. section: IDLE 774 775Simplify and rename StringTranslatePseudoMapping in pyparse. 776 777.. 778 779.. bpo: 32916 780.. date: 2018-02-23-07-32-36 781.. nonce: 4MsQ5F 782.. section: IDLE 783 784Change ``str`` to ``code`` in pyparse. 785 786.. 787 788.. bpo: 32905 789.. date: 2018-02-22-00-09-27 790.. nonce: VlXj0x 791.. section: IDLE 792 793Remove unused code in pyparse module. 794 795.. 796 797.. bpo: 32874 798.. date: 2018-02-19-10-56-41 799.. nonce: 6pZ9Gv 800.. section: IDLE 801 802Add tests for pyparse. 803 804.. 805 806.. bpo: 32837 807.. date: 2018-02-12-17-22-48 808.. nonce: -33QPl 809.. section: IDLE 810 811Using the system and place-dependent default encoding for open() is a bad 812idea for IDLE's system and location-independent files. 813 814.. 815 816.. bpo: 32826 817.. date: 2018-02-12-11-05-22 818.. nonce: IxNZrk 819.. section: IDLE 820 821Add "encoding=utf-8" to open() in IDLE's test_help_about. GUI test 822test_file_buttons() only looks at initial ascii-only lines, but failed on 823systems where open() defaults to 'ascii' because readline() internally reads 824and decodes far enough ahead to encounter a non-ascii character in 825CREDITS.txt. 826 827.. 828 829.. bpo: 32765 830.. date: 2018-02-04-17-52-54 831.. nonce: qm0eCu 832.. section: IDLE 833 834Update configdialog General tab docstring to add new widgets to the widget 835list. 836 837.. 838 839.. bpo: 24960 840.. date: 2017-12-22-09-25-51 841.. nonce: TGdAgO 842.. section: Tools/Demos 843 8442to3 and lib2to3 can now read pickled grammar files using pkgutil.get_data() 845rather than probing the filesystem. This lets 2to3 and lib2to3 work when run 846from a zipfile. 847 848.. 849 850.. bpo: 32222 851.. date: 2017-12-07-20-51-20 852.. nonce: hPBcGT 853.. section: Tools/Demos 854 855Fix pygettext not extracting docstrings for functions with type annotated 856arguments. Patch by Toby Harradine. 857 858.. 859 860.. bpo: 29084 861.. date: 2017-12-16-09-59-35 862.. nonce: ZGJ-LJ 863.. section: C API 864 865Undocumented C API for OrderedDict has been excluded from the limited C API. 866It was added by mistake and actually never worked in the limited C API. 867