1.. bpo: 5322 2.. date: 9925 3.. nonce: 8Fq059 4.. release date: 2016-12-03 5.. section: Core and Builtins 6 7Fixed setting __new__ to a PyCFunction inside Python code. Original patch by 8Andreas Stührk. 9 10.. 11 12.. bpo: 28847 13.. date: 9924 14.. nonce: iG6VRD 15.. section: Core and Builtins 16 17dumbdbm no longer writes the index file in when it is not changed and 18supports reading read-only files. 19 20.. 21 22.. bpo: 11145 23.. date: 9923 24.. nonce: 3BeZaz 25.. section: Core and Builtins 26 27Fixed miscellaneous issues with C-style formatting of types with custom 28__oct__ and __hex__. 29 30.. 31 32.. bpo: 24469 33.. date: 9922 34.. nonce: dl8lJ4 35.. section: Core and Builtins 36 37Fixed memory leak caused by int subclasses without overridden tp_free (e.g. 38C-inherited Cython classes). 39 40.. 41 42.. bpo: 19398 43.. date: 9921 44.. nonce: RYbEGH 45.. section: Core and Builtins 46 47Extra slash no longer added to sys.path components in case of empty 48compile-time PYTHONPATH components. 49 50.. 51 52.. bpo: 21720 53.. date: 9920 54.. nonce: XSd6LI 55.. section: Core and Builtins 56 57Improve exception message when the type of fromlist is unicode. fromlist 58parameter of __import__() only accepts str in Python 2 and this will help to 59identify the problem especially when the unicode_literals future import is 60used. 61 62.. 63 64.. bpo: 26906 65.. date: 9919 66.. nonce: YBjcwI 67.. section: Core and Builtins 68 69Resolving special methods of uninitialized type now causes implicit 70initialization of the type instead of a fail. 71 72.. 73 74.. bpo: 18287 75.. date: 9918 76.. nonce: k6jffS 77.. section: Core and Builtins 78 79PyType_Ready() now checks that tp_name is not NULL. Original patch by Niklas 80Koep. 81 82.. 83 84.. bpo: 24098 85.. date: 9917 86.. nonce: XqlP_1 87.. section: Core and Builtins 88 89Fixed possible crash when AST is changed in process of compiling it. 90 91.. 92 93.. bpo: 28350 94.. date: 9916 95.. nonce: 8M5Eg9 96.. section: Core and Builtins 97 98String constants with null character no longer interned. 99 100.. 101 102.. bpo: 27942 103.. date: 9915 104.. nonce: ZGuhns 105.. section: Core and Builtins 106 107String constants now interned recursively in tuples and frozensets. 108 109.. 110 111.. bpo: 15578 112.. date: 9914 113.. nonce: xSQWiu 114.. section: Core and Builtins 115 116Correctly incref the parent module while importing. 117 118.. 119 120.. bpo: 26307 121.. date: 9913 122.. nonce: Puk2rd 123.. section: Core and Builtins 124 125The profile-opt build now applies PGO to the built-in modules. 126 127.. 128 129.. bpo: 26020 130.. date: 9912 131.. nonce: niLbLa 132.. section: Core and Builtins 133 134set literal evaluation order did not match documented behaviour. 135 136.. 137 138.. bpo: 27870 139.. date: 9911 140.. nonce: Y0u34u 141.. section: Core and Builtins 142 143A left shift of zero by a large integer no longer attempts to allocate large 144amounts of memory. 145 146.. 147 148.. bpo: 25604 149.. date: 9910 150.. nonce: UkeHGy 151.. section: Core and Builtins 152 153Fix a minor bug in integer true division; this bug could potentially have 154caused off-by-one-ulp results on platforms with unreliable ldexp 155implementations. 156 157.. 158 159.. bpo: 27473 160.. date: 9909 161.. nonce: d8HWze 162.. section: Core and Builtins 163 164Fixed possible integer overflow in str, unicode and bytearray concatenations 165and repetitions. Based on patch by Xiang Zhang. 166 167.. 168 169.. bpo: 27507 170.. date: 9908 171.. nonce: 3pX0Be 172.. section: Core and Builtins 173 174Add integer overflow check in bytearray.extend(). Patch by Xiang Zhang. 175 176.. 177 178.. bpo: 27581 179.. date: 9907 180.. nonce: KezjNt 181.. section: Core and Builtins 182 183Don't rely on wrapping for overflow check in PySequence_Tuple(). Patch by 184Xiang Zhang. 185 186.. 187 188.. bpo: 23908 189.. date: 9906 190.. nonce: xXL6_c 191.. section: Core and Builtins 192 193os functions, open() and the io.FileIO constructor now reject unicode paths 194with embedded null character on Windows instead of silently truncating them. 195 196.. 197 198.. bpo: 27514 199.. date: 9905 200.. nonce: NLbwPG 201.. section: Core and Builtins 202 203Make having too many statically nested blocks a SyntaxError instead of 204SystemError. 205 206.. 207 208.. bpo: 25659 209.. date: 9904 210.. nonce: lE2IlT 211.. section: Library 212 213In ctypes, prevent a crash calling the from_buffer() and from_buffer_copy() 214methods on abstract classes like Array. 215 216.. 217 218.. bpo: 28563 219.. date: 9903 220.. nonce: iweEiw 221.. section: Library 222 223Fixed possible DoS and arbitrary code execution when handle plural form 224selections in the gettext module. The expression parser now supports exact 225syntax supported by GNU gettext. 226 227.. 228 229.. bpo: 28387 230.. date: 9902 231.. nonce: 1clJu7 232.. section: Library 233 234Fixed possible crash in _io.TextIOWrapper deallocator when the garbage 235collector is invoked in other thread. Based on patch by Sebastian Cufre. 236 237.. 238 239.. bpo: 28449 240.. date: 9901 241.. nonce: 5JK6ES 242.. section: Library 243 244tarfile.open() with mode "r" or "r:" now tries to open a tar file with 245compression before trying to open it without compression. Otherwise it had 24650% chance failed with ignore_zeros=True. 247 248.. 249 250.. bpo: 25464 251.. date: 9900 252.. nonce: DTGbbr 253.. section: Library 254 255Fixed HList.header_exists() in Tix module by adding a workaround to Tix 256library bug. 257 258.. 259 260.. bpo: 28488 261.. date: 9899 262.. nonce: TgO112 263.. section: Library 264 265shutil.make_archive() no longer adds entry "./" to ZIP archive. 266 267.. 268 269.. bpo: 28480 270.. date: 9898 271.. nonce: Qh4Xeq 272.. section: Library 273 274Fix error building _sqlite3 module when multithreading is disabled. 275 276.. 277 278.. bpo: 24452 279.. date: 9897 280.. nonce: m9Kyg3 281.. section: Library 282 283Make webbrowser support Chrome on Mac OS X. 284 285.. 286 287.. bpo: 26293 288.. date: 9896 289.. nonce: 2mjvwX 290.. section: Library 291 292Fixed writing ZIP files that starts not from the start of the file. Offsets 293in ZIP file now are relative to the start of the archive in conforming to 294the specification. 295 296.. 297 298.. bpo: 0 299.. date: 9895 300.. nonce: 81jNns 301.. section: Library 302 303Fix possible integer overflows and crashes in the mmap module with unusual 304usage patterns. 305 306.. 307 308.. bpo: 27897 309.. date: 9894 310.. nonce: wfWe9B 311.. section: Library 312 313Fixed possible crash in sqlite3.Connection.create_collation() if pass 314invalid string-like object as a name. Original patch by Xiang Zhang. 315 316.. 317 318.. bpo: 1703178 319.. date: 9893 320.. nonce: meb49K 321.. section: Library 322 323Fix the ability to pass the --link-objects option to the distutils build_ext 324command. 325 326.. 327 328.. bpo: 28253 329.. date: 9892 330.. nonce: aLfmhe 331.. section: Library 332 333Fixed calendar functions for extreme months: 0001-01 and 9999-12. 334 335Methods itermonthdays() and itermonthdays2() are reimplemented so that they 336don't call itermonthdates() which can cause datetime.date under/overflow. 337 338.. 339 340.. bpo: 27963 341.. date: 9891 342.. nonce: XDgr3L 343.. section: Library 344 345Fixed possible null pointer dereference in ctypes.set_conversion_mode(). 346Patch by Xiang Zhang. 347 348.. 349 350.. bpo: 28284 351.. date: 9890 352.. nonce: kHbh7e 353.. section: Library 354 355Strengthen resistance of ``_json.encode_basestring_ascii()`` to integer 356overflow. 357 358.. 359 360.. bpo: 27611 361.. date: 9889 362.. nonce: yfOkD6 363.. section: Library 364 365Fixed support of default root window in the Tix module. 366 367.. 368 369.. bpo: 24363 370.. date: 9888 371.. nonce: PVQg7r 372.. section: Library 373 374When parsing HTTP header fields, if an invalid line is encountered, skip it 375and continue parsing. Previously, no more header fields were parsed, which 376could lead to fields for HTTP framing like Content-Length and 377Transfer-Encoding being overlooked. 378 379.. 380 381.. bpo: 27599 382.. date: 9887 383.. nonce: itvm8T 384.. section: Library 385 386Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). 387 388.. 389 390.. bpo: 25969 391.. date: 9886 392.. nonce: qSPkl- 393.. section: Library 394 395Update the lib2to3 grammar to handle the unpacking generalizations added in 3963.5. 397 398.. 399 400.. bpo: 24594 401.. date: 9885 402.. nonce: 9CnFVS 403.. section: Library 404 405Validates persist parameter when opening MSI database 406 407.. 408 409.. bpo: 27570 410.. date: 9884 411.. nonce: pU0Zie 412.. section: Library 413 414Avoid zero-length memcpy() etc calls with null source pointers in the 415"ctypes" and "array" modules. 416 417.. 418 419.. bpo: 22450 420.. date: 9883 421.. nonce: aWpdde 422.. section: Library 423 424urllib now includes an "Accept: */*" header among the default headers. This 425makes the results of REST API requests more consistent and predictable 426especially when proxy servers are involved. 427 428.. 429 430.. bpo: 0 431.. date: 9882 432.. nonce: PVZStR 433.. section: Library 434 435lib2to3.pgen3.driver.load_grammar() now creates a stable cache file between 436runs given the same Grammar.txt input regardless of the hash randomization 437setting. 438 439.. 440 441.. bpo: 27691 442.. date: 9881 443.. nonce: TMYF5_ 444.. section: Library 445 446Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 447certs. 448 449.. 450 451.. bpo: 27850 452.. date: 9880 453.. nonce: kIVQ0m 454.. section: Library 455 456Remove 3DES from ssl module's default cipher list to counter measure sweet32 457attack (CVE-2016-2183). 458 459.. 460 461.. bpo: 27766 462.. date: 9879 463.. nonce: WI70Tc 464.. section: Library 465 466Add ChaCha20 Poly1305 to ssl module's default ciper list. (Required OpenSSL 4671.1.0 or LibreSSL). 468 469.. 470 471.. bpo: 26470 472.. date: 9878 473.. nonce: QGu_wo 474.. section: Library 475 476Port ssl and hashlib module to OpenSSL 1.1.0. 477 478.. 479 480.. bpo: 27944 481.. date: 9877 482.. nonce: EVXdfk 483.. section: Library 484 485Fix some memory-corruption bugs in the log reading code of the _hotshot 486module. 487 488.. 489 490.. bpo: 27934 491.. date: 9876 492.. nonce: ucQE3p 493.. section: Library 494 495Use ``float.__repr__`` instead of plain ``repr`` when JSON- encoding an 496instance of a float subclass. Thanks Eddie James. 497 498.. 499 500.. bpo: 27861 501.. date: 9875 502.. nonce: DBYuo9 503.. section: Library 504 505Fixed a crash in sqlite3.Connection.cursor() when a factory creates not a 506cursor. Patch by Xiang Zhang. 507 508.. 509 510.. bpo: 19884 511.. date: 9874 512.. nonce: MO8AWH 513.. section: Library 514 515Avoid spurious output on OS X with Gnu Readline. 516 517.. 518 519.. bpo: 10513 520.. date: 9873 521.. nonce: tQIQD_ 522.. section: Library 523 524Fix a regression in Connection.commit(). Statements should not be reset 525after a commit. 526 527.. 528 529.. bpo: 2466 530.. date: 9872 531.. nonce: VRNlkg 532.. section: Library 533 534posixpath.ismount now correctly recognizes mount points which the user does 535not have permission to access. 536 537.. 538 539.. bpo: 27783 540.. date: 9871 541.. nonce: 6fCCY9 542.. section: Library 543 544Fix possible usage of uninitialized memory in operator.methodcaller. 545 546.. 547 548.. bpo: 27774 549.. date: 9870 550.. nonce: FDcik1 551.. section: Library 552 553Fix possible Py_DECREF on unowned object in _sre. 554 555.. 556 557.. bpo: 27760 558.. date: 9869 559.. nonce: gxMjp4 560.. section: Library 561 562Fix possible integer overflow in binascii.b2a_qp. 563 564.. 565 566.. bpo: 0 567.. date: 9868 568.. nonce: Ny9oPv 569.. section: Library 570 571In the curses module, raise an error if window.getstr() or window.instr() is 572passed a negative value. 573 574.. 575 576.. bpo: 27758 577.. date: 9867 578.. nonce: x9DC4R 579.. section: Library 580 581Fix possible integer overflow in the _csv module for large record lengths. 582 583.. 584 585.. bpo: 23369 586.. date: 9866 587.. nonce: nqChyE 588.. section: Library 589 590Fixed possible integer overflow in _json.encode_basestring_ascii. 591 592.. 593 594.. bpo: 27568 595.. date: 9865 596.. nonce: OnuO9s 597.. section: Library 598 599Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable 600when REQUEST_METHOD environment is set, which indicates that the script is 601in CGI mode. 602 603.. 604 605.. bpo: 27130 606.. date: 9864 607.. nonce: zVvNDt 608.. section: Library 609 610In the "zlib" module, fix handling of large buffers (typically 2 or 4 GiB). 611Previously, inputs were limited to 2 GiB, and compression and decompression 612operations did not properly handle results of 2 or 4 GiB. 613 614.. 615 616.. bpo: 23804 617.. date: 9863 618.. nonce: ipFvxc 619.. section: Library 620 621Fix SSL zero-length recv() calls to not block and not raise an error about 622unclean EOF. 623 624.. 625 626.. bpo: 27466 627.. date: 9862 628.. nonce: C_3a8E 629.. section: Library 630 631Change time format returned by http.cookie.time2netscape, confirming the 632netscape cookie format and making it consistent with documentation. 633 634.. 635 636.. bpo: 22115 637.. date: 9861 638.. nonce: Vpj2aH 639.. section: Library 640 641Fixed tracing Tkinter variables: trace_vdelete() with wrong mode no longer 642break tracing, trace_vinfo() now always returns a list of pairs of strings. 643 644.. 645 646.. bpo: 27079 647.. date: 9860 648.. nonce: c7d0Ym 649.. section: Library 650 651Fixed curses.ascii functions isblank(), iscntrl() and ispunct(). 652 653.. 654 655.. bpo: 22636 656.. date: 9859 657.. nonce: 3fQW_g 658.. section: Library 659 660Avoid shell injection problems with ctypes.util.find_library(). 661 662.. 663 664.. bpo: 27330 665.. date: 9858 666.. nonce: GJaFCV 667.. section: Library 668 669Fixed possible leaks in the ctypes module. 670 671.. 672 673.. bpo: 27238 674.. date: 9857 675.. nonce: Q6v6Qv 676.. section: Library 677 678Got rid of bare excepts in the turtle module. Original patch by Jelle 679Zijlstra. 680 681.. 682 683.. bpo: 26386 684.. date: 9856 685.. nonce: 9L3Ut4 686.. section: Library 687 688Fixed ttk.TreeView selection operations with item id's containing spaces. 689 690.. 691 692.. bpo: 25455 693.. date: 9855 694.. nonce: tj_49f 695.. section: Library 696 697Fixed a crash in repr of cElementTree.Element with recursive tag. 698 699.. 700 701.. bpo: 21201 702.. date: 9854 703.. nonce: wLCKiA 704.. section: Library 705 706Improves readability of multiprocessing error message. Thanks to Wojciech 707Walczak for patch. 708 709.. 710 711.. bpo: 27854 712.. date: 9853 713.. nonce: 8L_TJb 714.. section: IDLE 715 716Make Help => IDLE Help work again on Windows. Include idlelib/help.html in 7172.7 Windows installer. 718 719.. 720 721.. bpo: 25507 722.. date: 9852 723.. nonce: bQVsMZ 724.. section: IDLE 725 726Add back import needed for 2.x encoding warning box. Add pointer to 727'Encoding declaration' in Language Reference. 728 729.. 730 731.. bpo: 15308 732.. date: 9851 733.. nonce: zZxn8m 734.. section: IDLE 735 736Add 'interrupt execution' (^C) to Shell menu. Patch by Roger Serwy, updated 737by Bayard Randel. 738 739.. 740 741.. bpo: 27922 742.. date: 9850 743.. nonce: UEtEv9 744.. section: IDLE 745 746Stop IDLE tests from 'flashing' gui widgets on the screen. 747 748.. 749 750.. bpo: 17642 751.. date: 9849 752.. nonce: B0BNOB 753.. section: IDLE 754 755add larger font sizes for classroom projection. 756 757.. 758 759.. bpo: 0 760.. date: 9848 761.. nonce: zWZs6o 762.. section: IDLE 763 764Add version to title of IDLE help window. 765 766.. 767 768.. bpo: 25564 769.. date: 9847 770.. nonce: GN0p14 771.. section: IDLE 772 773In section on IDLE -- console differences, mention that using exec means 774that __builtins__ is defined for each statement. 775 776.. 777 778.. bpo: 27714 779.. date: 9846 780.. nonce: bUEDsI 781.. section: IDLE 782 783text_textview and test_autocomplete now pass when re-run in the same 784process. This occurs when test_idle fails when run with the -w option but 785without -jn. Fix warning from test_config. 786 787.. 788 789.. bpo: 27452 790.. date: 9845 791.. nonce: RtWnyR 792.. section: IDLE 793 794add line counter and crc to IDLE configHandler test dump. 795 796.. 797 798.. bpo: 27365 799.. date: 9844 800.. nonce: y7ys_A 801.. section: IDLE 802 803Allow non-ascii chars in IDLE NEWS.txt, for contributor names. 804 805.. 806 807.. bpo: 27245 808.. date: 9843 809.. nonce: u9aKO1 810.. section: IDLE 811 812IDLE: Cleanly delete custom themes and key bindings. Previously, when IDLE 813was started from a console or by import, a cascade of warnings was emitted. 814Patch by Serhiy Storchaka. 815 816.. 817 818.. bpo: 28513 819.. date: 9842 820.. nonce: L3joAz 821.. section: Documentation 822 823Documented command-line interface of zipfile. 824 825.. 826 827.. bpo: 16484 828.. date: 9841 829.. nonce: ITzcGg 830.. section: Documentation 831 832Change the default PYTHONDOCS URL to "https:", and fix the resulting links 833to use lowercase. Patch by Sean Rodman, test by Kaushik Nadikuditi. 834 835.. 836 837.. bpo: 28666 838.. date: 9840 839.. nonce: sbGV2K 840.. section: Tests 841 842Now test.test_support.rmtree is able to remove unwritable or unreadable 843directories. 844 845.. 846 847.. bpo: 23839 848.. date: 9839 849.. nonce: zsT_L9 850.. section: Tests 851 852Various caches now are cleared before running every test file. 853 854.. 855 856.. bpo: 27369 857.. date: 9838 858.. nonce: LG7U2D 859.. section: Tests 860 861In test_pyexpat, avoid testing an error message detail that changed in Expat 8622.2.0. 863 864.. 865 866.. bpo: 10656 867.. date: 9837 868.. nonce: pR8FFU 869.. section: Build 870 871Fix out-of-tree building on AIX. Patch by Tristan Carel and Michael 872Haubenwallner. 873 874.. 875 876.. bpo: 26359 877.. date: 9836 878.. nonce: CLz6qy 879.. section: Build 880 881Rename --with-optimiations to --enable-optimizations. 882 883.. 884 885.. bpo: 28248 886.. date: 9835 887.. nonce: KY_-en 888.. section: Build 889 890Update Windows build and OS X installers to use OpenSSL 1.0.2j. 891 892.. 893 894.. bpo: 28258 895.. date: 9834 896.. nonce: pQNUId 897.. section: Build 898 899Fixed build with Estonian locale (distclean target in Makefile). Patch by 900Arfrever Frehtes Taifersar Arahesis. 901 902.. 903 904.. bpo: 26661 905.. date: 9833 906.. nonce: Z_HNbs 907.. section: Build 908 909setup.py now detects system libffi with multiarch wrapper. 910 911.. 912 913.. bpo: 15819 914.. date: 9832 915.. nonce: Wi3naX 916.. section: Build 917 918The Include directory in the build tree is already searched; drop unused 919code trying to add it again. 920 921.. 922 923.. bpo: 27566 924.. date: 9831 925.. nonce: xDWjEb 926.. section: Build 927 928Fix clean target in freeze makefile (patch by Lisa Roach) 929 930.. 931 932.. bpo: 27983 933.. date: 9830 934.. nonce: jL_1n8 935.. section: Build 936 937Cause lack of llvm-profdata tool when using clang as required for PGO 938linking to be a configure time error rather than make time when 939``--with-optimizations`` is enabled. Also improve our ability to find the 940llvm-profdata tool on MacOS and some Linuxes. 941 942.. 943 944.. bpo: 26359 945.. date: 9829 946.. nonce: WXBL-Y 947.. section: Build 948 949Add the --with-optimizations configure flag. 950 951.. 952 953.. bpo: 10910 954.. date: 9828 955.. nonce: ZdRayb 956.. section: Build 957 958Avoid C++ compilation errors on FreeBSD and OS X. Also update FreedBSD 959version checks for the original ctype UTF-8 workaround. 960 961.. 962 963.. bpo: 27806 964.. date: 9827 965.. nonce: DEhPsm 966.. section: Build 967 968Fix 32-bit builds on macOS Sierra 10.12 broken by removal of deprecated 969QuickTime/QuickTime.h header file. Patch by Aleks Bunin. 970 971.. 972 973.. bpo: 28676 974.. date: 9826 975.. nonce: 41PL3Q 976.. section: Build 977 978Prevent missing 'getentropy' declaration warning on macOS. Initial patch by 979Gareth Rees. 980 981.. 982 983.. bpo: 27952 984.. date: 9825 985.. nonce: OO-hBo 986.. section: Tools/Demos 987 988Get Tools/scripts/fixcid.py working with the current "re" module, avoid 989invalid Python backslash escapes, and fix a bug parsing escaped C quote 990signs. 991 992.. 993 994.. bpo: 27932 995.. date: 9824 996.. nonce: mtgl-6 997.. section: Windows 998 999Prevent memory leak in win32_ver(). 1000 1001.. 1002 1003.. bpo: 27888 1004.. date: 9823 1005.. nonce: xClILd 1006.. section: Windows 1007 1008Prevent Windows installer from displaying console windows and failing when 1009pip cannot be installed/uninstalled. 1010 1011.. 1012 1013.. bpo: 28440 1014.. date: 9822 1015.. nonce: KBMmDg 1016.. section: macOS 1017 1018No longer add /Library/Python/site-packages, the Apple-supplied system 1019Python site-packages directory, to sys.path for macOS framework builds. The 1020coupling between the two Python instances often caused confusion and, as of 1021macOS 10.12, changes to the site-packages layout can cause pip component 1022installations to fail. This change reverts the effects introduced in 2.7.0 1023by Issue #4865. If you are using a package with both the Apple system 1024Python 2.7 and a user-installed Python 2.7, you will need to ensure that 1025copies of the package are installed with both Python instances. 1026