.. bpo: 5322 .. date: 9925 .. nonce: 8Fq059 .. release date: 2016-12-03 .. section: Core and Builtins Fixed setting __new__ to a PyCFunction inside Python code. Original patch by Andreas Stührk. .. .. bpo: 28847 .. date: 9924 .. nonce: iG6VRD .. section: Core and Builtins dumbdbm no longer writes the index file in when it is not changed and supports reading read-only files. .. .. bpo: 11145 .. date: 9923 .. nonce: 3BeZaz .. section: Core and Builtins Fixed miscellaneous issues with C-style formatting of types with custom __oct__ and __hex__. .. .. bpo: 24469 .. date: 9922 .. nonce: dl8lJ4 .. section: Core and Builtins Fixed memory leak caused by int subclasses without overridden tp_free (e.g. C-inherited Cython classes). .. .. bpo: 19398 .. date: 9921 .. nonce: RYbEGH .. section: Core and Builtins Extra slash no longer added to sys.path components in case of empty compile-time PYTHONPATH components. .. .. bpo: 21720 .. date: 9920 .. nonce: XSd6LI .. section: Core and Builtins Improve exception message when the type of fromlist is unicode. fromlist parameter of __import__() only accepts str in Python 2 and this will help to identify the problem especially when the unicode_literals future import is used. .. .. bpo: 26906 .. date: 9919 .. nonce: YBjcwI .. section: Core and Builtins Resolving special methods of uninitialized type now causes implicit initialization of the type instead of a fail. .. .. bpo: 18287 .. date: 9918 .. nonce: k6jffS .. section: Core and Builtins PyType_Ready() now checks that tp_name is not NULL. Original patch by Niklas Koep. .. .. bpo: 24098 .. date: 9917 .. nonce: XqlP_1 .. section: Core and Builtins Fixed possible crash when AST is changed in process of compiling it. .. .. bpo: 28350 .. date: 9916 .. nonce: 8M5Eg9 .. section: Core and Builtins String constants with null character no longer interned. .. .. bpo: 27942 .. date: 9915 .. nonce: ZGuhns .. section: Core and Builtins String constants now interned recursively in tuples and frozensets. .. .. bpo: 15578 .. date: 9914 .. nonce: xSQWiu .. section: Core and Builtins Correctly incref the parent module while importing. .. .. bpo: 26307 .. date: 9913 .. nonce: Puk2rd .. section: Core and Builtins The profile-opt build now applies PGO to the built-in modules. .. .. bpo: 26020 .. date: 9912 .. nonce: niLbLa .. section: Core and Builtins set literal evaluation order did not match documented behaviour. .. .. bpo: 27870 .. date: 9911 .. nonce: Y0u34u .. section: Core and Builtins A left shift of zero by a large integer no longer attempts to allocate large amounts of memory. .. .. bpo: 25604 .. date: 9910 .. nonce: UkeHGy .. section: Core and Builtins Fix a minor bug in integer true division; this bug could potentially have caused off-by-one-ulp results on platforms with unreliable ldexp implementations. .. .. bpo: 27473 .. date: 9909 .. nonce: d8HWze .. section: Core and Builtins Fixed possible integer overflow in str, unicode and bytearray concatenations and repetitions. Based on patch by Xiang Zhang. .. .. bpo: 27507 .. date: 9908 .. nonce: 3pX0Be .. section: Core and Builtins Add integer overflow check in bytearray.extend(). Patch by Xiang Zhang. .. .. bpo: 27581 .. date: 9907 .. nonce: KezjNt .. section: Core and Builtins Don't rely on wrapping for overflow check in PySequence_Tuple(). Patch by Xiang Zhang. .. .. bpo: 23908 .. date: 9906 .. nonce: xXL6_c .. section: Core and Builtins os functions, open() and the io.FileIO constructor now reject unicode paths with embedded null character on Windows instead of silently truncating them. .. .. bpo: 27514 .. date: 9905 .. nonce: NLbwPG .. section: Core and Builtins Make having too many statically nested blocks a SyntaxError instead of SystemError. .. .. bpo: 25659 .. date: 9904 .. nonce: lE2IlT .. section: Library In ctypes, prevent a crash calling the from_buffer() and from_buffer_copy() methods on abstract classes like Array. .. .. bpo: 28563 .. date: 9903 .. nonce: iweEiw .. section: Library Fixed possible DoS and arbitrary code execution when handle plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext. .. .. bpo: 28387 .. date: 9902 .. nonce: 1clJu7 .. section: Library Fixed possible crash in _io.TextIOWrapper deallocator when the garbage collector is invoked in other thread. Based on patch by Sebastian Cufre. .. .. bpo: 28449 .. date: 9901 .. nonce: 5JK6ES .. section: Library tarfile.open() with mode "r" or "r:" now tries to open a tar file with compression before trying to open it without compression. Otherwise it had 50% chance failed with ignore_zeros=True. .. .. bpo: 25464 .. date: 9900 .. nonce: DTGbbr .. section: Library Fixed HList.header_exists() in Tix module by adding a workaround to Tix library bug. .. .. bpo: 28488 .. date: 9899 .. nonce: TgO112 .. section: Library shutil.make_archive() no longer adds entry "./" to ZIP archive. .. .. bpo: 28480 .. date: 9898 .. nonce: Qh4Xeq .. section: Library Fix error building _sqlite3 module when multithreading is disabled. .. .. bpo: 24452 .. date: 9897 .. nonce: m9Kyg3 .. section: Library Make webbrowser support Chrome on Mac OS X. .. .. bpo: 26293 .. date: 9896 .. nonce: 2mjvwX .. section: Library Fixed writing ZIP files that starts not from the start of the file. Offsets in ZIP file now are relative to the start of the archive in conforming to the specification. .. .. bpo: 0 .. date: 9895 .. nonce: 81jNns .. section: Library Fix possible integer overflows and crashes in the mmap module with unusual usage patterns. .. .. bpo: 27897 .. date: 9894 .. nonce: wfWe9B .. section: Library Fixed possible crash in sqlite3.Connection.create_collation() if pass invalid string-like object as a name. Original patch by Xiang Zhang. .. .. bpo: 1703178 .. date: 9893 .. nonce: meb49K .. section: Library Fix the ability to pass the --link-objects option to the distutils build_ext command. .. .. bpo: 28253 .. date: 9892 .. nonce: aLfmhe .. section: Library Fixed calendar functions for extreme months: 0001-01 and 9999-12. Methods itermonthdays() and itermonthdays2() are reimplemented so that they don't call itermonthdates() which can cause datetime.date under/overflow. .. .. bpo: 27963 .. date: 9891 .. nonce: XDgr3L .. section: Library Fixed possible null pointer dereference in ctypes.set_conversion_mode(). Patch by Xiang Zhang. .. .. bpo: 28284 .. date: 9890 .. nonce: kHbh7e .. section: Library Strengthen resistance of ``_json.encode_basestring_ascii()`` to integer overflow. .. .. bpo: 27611 .. date: 9889 .. nonce: yfOkD6 .. section: Library Fixed support of default root window in the Tix module. .. .. bpo: 24363 .. date: 9888 .. nonce: PVQg7r .. section: Library When parsing HTTP header fields, if an invalid line is encountered, skip it and continue parsing. Previously, no more header fields were parsed, which could lead to fields for HTTP framing like Content-Length and Transfer-Encoding being overlooked. .. .. bpo: 27599 .. date: 9887 .. nonce: itvm8T .. section: Library Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). .. .. bpo: 25969 .. date: 9886 .. nonce: qSPkl- .. section: Library Update the lib2to3 grammar to handle the unpacking generalizations added in 3.5. .. .. bpo: 24594 .. date: 9885 .. nonce: 9CnFVS .. section: Library Validates persist parameter when opening MSI database .. .. bpo: 27570 .. date: 9884 .. nonce: pU0Zie .. section: Library Avoid zero-length memcpy() etc calls with null source pointers in the "ctypes" and "array" modules. .. .. bpo: 22450 .. date: 9883 .. nonce: aWpdde .. section: Library urllib now includes an "Accept: */*" header among the default headers. This makes the results of REST API requests more consistent and predictable especially when proxy servers are involved. .. .. bpo: 0 .. date: 9882 .. nonce: PVZStR .. section: Library lib2to3.pgen3.driver.load_grammar() now creates a stable cache file between runs given the same Grammar.txt input regardless of the hash randomization setting. .. .. bpo: 27691 .. date: 9881 .. nonce: TMYF5_ .. section: Library Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. .. .. bpo: 27850 .. date: 9880 .. nonce: kIVQ0m .. section: Library Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack (CVE-2016-2183). .. .. bpo: 27766 .. date: 9879 .. nonce: WI70Tc .. section: Library Add ChaCha20 Poly1305 to ssl module's default ciper list. (Required OpenSSL 1.1.0 or LibreSSL). .. .. bpo: 26470 .. date: 9878 .. nonce: QGu_wo .. section: Library Port ssl and hashlib module to OpenSSL 1.1.0. .. .. bpo: 27944 .. date: 9877 .. nonce: EVXdfk .. section: Library Fix some memory-corruption bugs in the log reading code of the _hotshot module. .. .. bpo: 27934 .. date: 9876 .. nonce: ucQE3p .. section: Library Use ``float.__repr__`` instead of plain ``repr`` when JSON- encoding an instance of a float subclass. Thanks Eddie James. .. .. bpo: 27861 .. date: 9875 .. nonce: DBYuo9 .. section: Library Fixed a crash in sqlite3.Connection.cursor() when a factory creates not a cursor. Patch by Xiang Zhang. .. .. bpo: 19884 .. date: 9874 .. nonce: MO8AWH .. section: Library Avoid spurious output on OS X with Gnu Readline. .. .. bpo: 10513 .. date: 9873 .. nonce: tQIQD_ .. section: Library Fix a regression in Connection.commit(). Statements should not be reset after a commit. .. .. bpo: 2466 .. date: 9872 .. nonce: VRNlkg .. section: Library posixpath.ismount now correctly recognizes mount points which the user does not have permission to access. .. .. bpo: 27783 .. date: 9871 .. nonce: 6fCCY9 .. section: Library Fix possible usage of uninitialized memory in operator.methodcaller. .. .. bpo: 27774 .. date: 9870 .. nonce: FDcik1 .. section: Library Fix possible Py_DECREF on unowned object in _sre. .. .. bpo: 27760 .. date: 9869 .. nonce: gxMjp4 .. section: Library Fix possible integer overflow in binascii.b2a_qp. .. .. bpo: 0 .. date: 9868 .. nonce: Ny9oPv .. section: Library In the curses module, raise an error if window.getstr() or window.instr() is passed a negative value. .. .. bpo: 27758 .. date: 9867 .. nonce: x9DC4R .. section: Library Fix possible integer overflow in the _csv module for large record lengths. .. .. bpo: 23369 .. date: 9866 .. nonce: nqChyE .. section: Library Fixed possible integer overflow in _json.encode_basestring_ascii. .. .. bpo: 27568 .. date: 9865 .. nonce: OnuO9s .. section: Library Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. .. .. bpo: 27130 .. date: 9864 .. nonce: zVvNDt .. section: Library In the "zlib" module, fix handling of large buffers (typically 2 or 4 GiB). Previously, inputs were limited to 2 GiB, and compression and decompression operations did not properly handle results of 2 or 4 GiB. .. .. bpo: 23804 .. date: 9863 .. nonce: ipFvxc .. section: Library Fix SSL zero-length recv() calls to not block and not raise an error about unclean EOF. .. .. bpo: 27466 .. date: 9862 .. nonce: C_3a8E .. section: Library Change time format returned by http.cookie.time2netscape, confirming the netscape cookie format and making it consistent with documentation. .. .. bpo: 22115 .. date: 9861 .. nonce: Vpj2aH .. section: Library Fixed tracing Tkinter variables: trace_vdelete() with wrong mode no longer break tracing, trace_vinfo() now always returns a list of pairs of strings. .. .. bpo: 27079 .. date: 9860 .. nonce: c7d0Ym .. section: Library Fixed curses.ascii functions isblank(), iscntrl() and ispunct(). .. .. bpo: 22636 .. date: 9859 .. nonce: 3fQW_g .. section: Library Avoid shell injection problems with ctypes.util.find_library(). .. .. bpo: 27330 .. date: 9858 .. nonce: GJaFCV .. section: Library Fixed possible leaks in the ctypes module. .. .. bpo: 27238 .. date: 9857 .. nonce: Q6v6Qv .. section: Library Got rid of bare excepts in the turtle module. Original patch by Jelle Zijlstra. .. .. bpo: 26386 .. date: 9856 .. nonce: 9L3Ut4 .. section: Library Fixed ttk.TreeView selection operations with item id's containing spaces. .. .. bpo: 25455 .. date: 9855 .. nonce: tj_49f .. section: Library Fixed a crash in repr of cElementTree.Element with recursive tag. .. .. bpo: 21201 .. date: 9854 .. nonce: wLCKiA .. section: Library Improves readability of multiprocessing error message. Thanks to Wojciech Walczak for patch. .. .. bpo: 27854 .. date: 9853 .. nonce: 8L_TJb .. section: IDLE Make Help => IDLE Help work again on Windows. Include idlelib/help.html in 2.7 Windows installer. .. .. bpo: 25507 .. date: 9852 .. nonce: bQVsMZ .. section: IDLE Add back import needed for 2.x encoding warning box. Add pointer to 'Encoding declaration' in Language Reference. .. .. bpo: 15308 .. date: 9851 .. nonce: zZxn8m .. section: IDLE Add 'interrupt execution' (^C) to Shell menu. Patch by Roger Serwy, updated by Bayard Randel. .. .. bpo: 27922 .. date: 9850 .. nonce: UEtEv9 .. section: IDLE Stop IDLE tests from 'flashing' gui widgets on the screen. .. .. bpo: 17642 .. date: 9849 .. nonce: B0BNOB .. section: IDLE add larger font sizes for classroom projection. .. .. bpo: 0 .. date: 9848 .. nonce: zWZs6o .. section: IDLE Add version to title of IDLE help window. .. .. bpo: 25564 .. date: 9847 .. nonce: GN0p14 .. section: IDLE In section on IDLE -- console differences, mention that using exec means that __builtins__ is defined for each statement. .. .. bpo: 27714 .. date: 9846 .. nonce: bUEDsI .. section: IDLE text_textview and test_autocomplete now pass when re-run in the same process. This occurs when test_idle fails when run with the -w option but without -jn. Fix warning from test_config. .. .. bpo: 27452 .. date: 9845 .. nonce: RtWnyR .. section: IDLE add line counter and crc to IDLE configHandler test dump. .. .. bpo: 27365 .. date: 9844 .. nonce: y7ys_A .. section: IDLE Allow non-ascii chars in IDLE NEWS.txt, for contributor names. .. .. bpo: 27245 .. date: 9843 .. nonce: u9aKO1 .. section: IDLE IDLE: Cleanly delete custom themes and key bindings. Previously, when IDLE was started from a console or by import, a cascade of warnings was emitted. Patch by Serhiy Storchaka. .. .. bpo: 28513 .. date: 9842 .. nonce: L3joAz .. section: Documentation Documented command-line interface of zipfile. .. .. bpo: 16484 .. date: 9841 .. nonce: ITzcGg .. section: Documentation Change the default PYTHONDOCS URL to "https:", and fix the resulting links to use lowercase. Patch by Sean Rodman, test by Kaushik Nadikuditi. .. .. bpo: 28666 .. date: 9840 .. nonce: sbGV2K .. section: Tests Now test.test_support.rmtree is able to remove unwritable or unreadable directories. .. .. bpo: 23839 .. date: 9839 .. nonce: zsT_L9 .. section: Tests Various caches now are cleared before running every test file. .. .. bpo: 27369 .. date: 9838 .. nonce: LG7U2D .. section: Tests In test_pyexpat, avoid testing an error message detail that changed in Expat 2.2.0. .. .. bpo: 10656 .. date: 9837 .. nonce: pR8FFU .. section: Build Fix out-of-tree building on AIX. Patch by Tristan Carel and Michael Haubenwallner. .. .. bpo: 26359 .. date: 9836 .. nonce: CLz6qy .. section: Build Rename --with-optimiations to --enable-optimizations. .. .. bpo: 28248 .. date: 9835 .. nonce: KY_-en .. section: Build Update Windows build and OS X installers to use OpenSSL 1.0.2j. .. .. bpo: 28258 .. date: 9834 .. nonce: pQNUId .. section: Build Fixed build with Estonian locale (distclean target in Makefile). Patch by Arfrever Frehtes Taifersar Arahesis. .. .. bpo: 26661 .. date: 9833 .. nonce: Z_HNbs .. section: Build setup.py now detects system libffi with multiarch wrapper. .. .. bpo: 15819 .. date: 9832 .. nonce: Wi3naX .. section: Build The Include directory in the build tree is already searched; drop unused code trying to add it again. .. .. bpo: 27566 .. date: 9831 .. nonce: xDWjEb .. section: Build Fix clean target in freeze makefile (patch by Lisa Roach) .. .. bpo: 27983 .. date: 9830 .. nonce: jL_1n8 .. section: Build Cause lack of llvm-profdata tool when using clang as required for PGO linking to be a configure time error rather than make time when ``--with-optimizations`` is enabled. Also improve our ability to find the llvm-profdata tool on MacOS and some Linuxes. .. .. bpo: 26359 .. date: 9829 .. nonce: WXBL-Y .. section: Build Add the --with-optimizations configure flag. .. .. bpo: 10910 .. date: 9828 .. nonce: ZdRayb .. section: Build Avoid C++ compilation errors on FreeBSD and OS X. Also update FreedBSD version checks for the original ctype UTF-8 workaround. .. .. bpo: 27806 .. date: 9827 .. nonce: DEhPsm .. section: Build Fix 32-bit builds on macOS Sierra 10.12 broken by removal of deprecated QuickTime/QuickTime.h header file. Patch by Aleks Bunin. .. .. bpo: 28676 .. date: 9826 .. nonce: 41PL3Q .. section: Build Prevent missing 'getentropy' declaration warning on macOS. Initial patch by Gareth Rees. .. .. bpo: 27952 .. date: 9825 .. nonce: OO-hBo .. section: Tools/Demos Get Tools/scripts/fixcid.py working with the current "re" module, avoid invalid Python backslash escapes, and fix a bug parsing escaped C quote signs. .. .. bpo: 27932 .. date: 9824 .. nonce: mtgl-6 .. section: Windows Prevent memory leak in win32_ver(). .. .. bpo: 27888 .. date: 9823 .. nonce: xClILd .. section: Windows Prevent Windows installer from displaying console windows and failing when pip cannot be installed/uninstalled. .. .. bpo: 28440 .. date: 9822 .. nonce: KBMmDg .. section: macOS No longer add /Library/Python/site-packages, the Apple-supplied system Python site-packages directory, to sys.path for macOS framework builds. The coupling between the two Python instances often caused confusion and, as of macOS 10.12, changes to the site-packages layout can cause pip component installations to fail. This change reverts the effects introduced in 2.7.0 by Issue #4865. If you are using a package with both the Apple system Python 2.7 and a user-installed Python 2.7, you will need to ensure that copies of the package are installed with both Python instances.