Update expat to 2.1.1, fixes :cve:`2015-1283`.
Fix TLS stripping vulnerability in smtplib, :cve:`2016-0772`. Reported by Team Oststrom.
On Linux, :func:`os.urandom` now calls getrandom() with
GRND_NONBLOCK to fall back on reading /dev/urandom if the urandom
entropy pool is not initialized yet. Patch written by Colm Buckley.
Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji.
On Windows open the cert store readonly in ssl.enum_certificates.
Fixed SystemError if a custom opener (for open()) returns a negative number without setting an exception.
Fixed TypeError when frame.f_trace is set to None. Patch by Xavier de Gaye.
Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit.
Fix possible refleak when creating a function with annotations.
Fixed bytearray.remove() for values greater than 127. Patch by Joe Jevnik.
int.from_bytes() no longer bypasses constructors for subclasses.
gc.get_objects() no longer contains a broken tuple with NULL pointer.
Use RawConfigParser for .pypirc parsing, removing support for interpolation unintentionally added with move to Python 3. Behavior no longer does any interpolation in .pypirc files, matching behavior in Python 2.7 and Setuptools 19.0.
Make the builtin slice type support cycle collection.
super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed!
PYTHONIOENCODING now has priority over locale in setting the error handler for stdin and stdout.
Fixed crash on iterating exhausting iterators. Affected classes are generic sequence iterators, iterators of str, bytes, bytearray, list, tuple, set, frozenset, dict, OrderedDict, corresponding views and os.scandir() iterator.
If coding cookie is specified multiple times on a line in Python source code file, only the first one is taken to account.
Fix str.translate() when string is ASCII and first replacements removes character, but next replacement uses a non-ASCII character or a string longer than 1 character. Regression introduced in Python 3.5.0.
Ensure exception reports from PyErr_Display() and PyErr_WriteUnraisable() are sensible even when formatting them produces secondary errors. This affects the reports produced by sys.__excepthook__() and when __del__() raises an exception.
Correct behavior to reject comma as a legal character for cookie names.
Avoid masking the original TypeError exception when using star (*)
unpacking in function calls. Based on patch by Hagen Fürstenau and Daniel
Urban.
Fix the doc comment for FileFinder.find_spec().
Add a new private _PyThreadState_UncheckedGet() function to get the current Python thread state, but don't issue a fatal error if it is NULL. This new function must be used instead of accessing directly the _PyThreadState_Current variable. The variable is no more exposed since Python 3.5.1 to hide the exact implementation of atomic C types, to avoid compiler issues.
Deque.insert() gave odd results for bounded deques that had reached their maximum size. Now an IndexError will be raised when attempting to insert into a full deque.
When compiling code, don't merge constants if they are equal but have a
different types. For example, f1, f2 = lambda: 1, lambda: 1.0 is now
correctly compiled to two different functions: f1() returns 1
(int) and f2() returns 1.0 (int), even if 1 and 1.0
are equal.
[UPDATE] Comment out the one of the pickleability tests in _PyObject_GetState() due to regressions observed in Cython-based projects.
Disallowed null characters in the type name.
Fix segfault when an invalid nonlocal statement binds a name starting with two underscores.
Instances of extension types with a state that aren't subclasses of list or dict and haven't implemented any pickle-related methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or __getstate__), can no longer be pickled. Including memoryview.
Massive replacing unsafe attribute setting code with special macro Py_SETREF.
Special method __bytes__() now works in str subclasses.
__sizeof__ methods of builtin types now use dynamic basic size. This allows sys.getsize() to work correctly with their subclasses with __slots__ defined.
Fixed problem with in-place string concatenation and utf-8 cache.
Mention PEP 420 in the importlib docs.
Fixed crash in object.__reduce__() if slot name is freed inside __getattr__.
Fixed crash on converting objects with special methods __bytes__, __trunc__, and __float__ returning instances of subclasses of bytes, int, and float to subclasses of bytes, int, and float correspondingly.
Fix semantic bugs when using binary operators with dictionary views and tuples.
Fix possible integer overflow and heap corruption in zipimporter.get_data().
Fix TAB key behaviour in REPL with readline.
Raise a RuntimeError when a coroutine object is awaited more than once.
Update the __aiter__ protocol: instead of returning an awaitable that resolves to an asynchronous iterator, the asynchronous iterator should be returned directly. Doing the former will trigger a PendingDeprecationWarning.
Implement missing IPv4Address.is_global property. It was documented since 07a5610bae9d. Initial patch by Roger Luethi.
distutils register command now decodes HTTP responses correctly. Initial patch by ingrid.
A new version of typing.py provides several new classes and features: @overload outside stubs, Reversible, DefaultDict, Text, ContextManager, Type[], NewType(), TYPE_CHECKING, and numerous bug fixes (note that some of the new features are not yet implemented in mypy or other static analyzers). Also classes for PEP 492 (Awaitable, AsyncIterable, AsyncIterator) have been added (in fact they made it into 3.5.1 but were never mentioned).
Stop http.server.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send Content header fields in responses that don't have a body. Patch by Susumu Koshiba.
Fix the "platform" module to tolerate when sys.version contains truncated build information.
In the zlib module, allow decompressing raw Deflate streams with a predefined zdict. Based on patch by Xiang Zhang.
Fix wsgiref.simple_server.WSGIRequestHandler to completely write data to the client. Previously it could do partial writes and truncate data. Also, wsgiref.handler.ServerHandler can now handle stdout doing partial writes, but this is deprecated.
Add __all__ to :mod:`string`. Patch by Emanuel Barry.
subprocess.Popen.communicate now correctly ignores BrokenPipeError when the child process dies before .communicate() is called in more/all circumstances.
distutils.upload now correctly handles HTTPError. Initial patch by Claudiu Popa.
Fix SSLContext._load_windows_store_certs fails with PermissionError
Avoid creating duplicate filters when using filterwarnings and simplefilter. Based on patch by Alex Shkop.
Fix os.set_inheritable() on Android, ioctl() is blocked by SELinux and fails with EACCESS. The function now falls back to fcntl(). Patch written by Michał Bednarski.
Fix infinite recursion using typing.py. Thanks to Kalle Tuure!
Fix urllib.request redirect handling when the target only has a query string. Original fix by Ján Janech.
The "urllib.request" module now percent-encodes non-ASCII bytes found in redirect target URLs. Some servers send Location header fields with non-ASCII bytes, but "http.client" requires the request target to be ASCII-encodable, otherwise a UnicodeEncodeError is raised. Based on patch by Christian Heimes.
Honor debuglevel flag in urllib.request.HTTPHandler. Patch contributed by Chi Hsuan Yen.
In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. Patch by Akira Li.
mock_open 'files' no longer error on readline at end of file. Patch from Yolanda Robla.
Fixed leaking a userptr in curses panel destructor.
Removed unnecessary, and ignored, call to sum of squares helper in statistics.pvariance.
The modulefinder module now supports extended opcode arguments.
Fixed crashes related to directly created instances of types in _tkinter and curses.panel modules.
weakref.ref() no longer silently ignores keyword arguments. Patch by Georg Brandl.
xmlrpc now raises ResponseError on unsupported type tags instead of silently return incorrect result.
Fixed the comparison of plistlib.Data with other types.
Fix an uninitialized variable in ctypes.util.
The bug only occurs on SunOS when the ctypes implementation searches for the
crle program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos.
In urllib.request, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang.
recursive_repr() now sets __qualname__ of wrapper. Patch by Xiang Zhang.
urllib.request will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen.
assertSequenceEqual() now correctly outputs non-stringified differing items (like bytes in the -b mode). This affects assertListEqual() and assertTupleEqual().
Remove "will be removed in Python 3.7" from deprecation messages of platform.dist() and platform.linux_distribution(). Patch by Kumaripaba Miyurusara Athukorala.
itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments.
Disassembling a class now disassembles class and static methods. Patch by Xiang Zhang.
Fix error handling in :func:`shutil.get_terminal_size`, catch :exc:`AttributeError` instead of :exc:`NameError`. Patch written by Emanuel Barry.
tarfile's ustar and gnu formats now correctly calculate name and link field limits for multibyte character encodings like utf-8.
Stop encoding Latin-1-ized WSGI paths with UTF-8. Patch by Anthony Sottile.
Fix :func:`os.urandom` on Solaris 11.3 and newer when reading more than
1,024 bytes: call getrandom() multiple times with a limit of 1024 bytes
per call.
Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'.
Add .csv to mimetypes.types_map. Patch by Geoff Wilson.
Fixed Y2038 problem in loading binary PLists.
Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. Patch by Eric Price.
In http.server, respond with "413 Request header fields too large" if there are too many header fields to parse, rather than killing the connection and raising an unhandled exception. Patch by Xiang Zhang.
Change BufferedReader.writable() and BufferedWriter.readable() to always return False.
Fix a regression in mock.MagicMock. _Call is a subclass of tuple (changeset 3603bae63c13 only works for classes) so we need to implement __ne__ ourselves. Patch by Andrew Plummer.
Raise ValueError rather than SystemError when a negative length is passed to SSLSocket.recv() or read().
Fix SSL recv(0) and read(0) methods to return zero bytes instead of up to 1024.
Fixed a bug in datetime.astimezone() method.
:func:`warnings.formatwarning` now catches exceptions on
linecache.getline(...) to be able to log :exc:`ResourceWarning` emitted
late during the Python shutdown process.
Ctrl+C during Readline history search now cancels the search mode when compiled with Readline 7.
Avoid potential ValueError in BaseHandler.start_response. Initial patch by Peter Inglesby.
Fix :func:`pyclbr.readmodule` and :func:`pyclbr.readmodule_ex` to support importing packages.
Account for remaining Content-Length in HTTPResponse.readline() and read1(). Based on patch by Silent Ghost. Also document that HTTPResponse now supports these methods.
Handle sockets in directories unittest discovery is scanning. Patch from Victor van den Elzen.
cookiejar.http2time() now returns None if year is higher than datetime.MAXYEAR.
Fixes platform module detection of Windows Server
Fixed parsing time in week 0 before Jan 1. Original patch by Tamás Bence Gedai.
Invoking Path.owner() and Path.group() on Windows now raise NotImplementedError instead of ImportError.
Fixed the keys() method for Canvas and Scrollbar widgets.
Got rid of excessive buffering in the fileinput module. The bufsize parameter is no longer used.
Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy.
Fixed pickling and copying the accumulate() iterator with total is None.
Fixed debugging output for regular expressions with the (?x) flag.
Fixed the subnets() methods in IP network classes for the case when resulting prefix length is equal to maximal prefix length. Based on patch by Xiang Zhang.
Remove the file if the internal open() call in NamedTemporaryFile() fails. Patch by Silent Ghost.
Fix XML-RPC client to retry when the server shuts down a persistent connection. This was a regression related to the new http.client.RemoteDisconnected exception in 3.5.0a4.
Leading <~ is optional now in base64.a85decode() with adobe=True. Patch
by Swati Jaiswal.
Remove an invalid type check in importlib.util.LazyLoader.
importlib.__import__() raises SystemError like builtins.__import__() when
level is specified but without an accompanying package specified.
In the "socketserver" module, shut down the request (closing the connected socket) when verify_request() returns false. Patch by Aviv Palivoda.
os.walk() no longer uses FDs proportional to the tree depth.
The os.scandir() iterator now closes file descriptor not only when the iteration is finished, but when it was failed with error.
Restored support of bytes paths in os.walk() on Windows.
Add UTF-8 suggestion to error message when posting a non-Latin-1 string with http.client.
Reset FancyURLopener's redirect counter even if there is an exception. Based on patches by Brian Brazil and Daniel Rocco.
Fixed a crash when unpickle the functools.partial object with wrong state. Fixed a leak in failed functools.partial constructor. "args" and "keywords" attributes of functools.partial have now always types tuple and dict correspondingly.
copy.deepcopy() now correctly copies range() objects with non-atomic attributes.
Path.glob() now raises a ValueError if it's called with an invalid pattern. Patch by Thomas Nyberg.
Fixed possible integer overflows in zipimport.
On Windows, getnameinfo(), gethostbyaddr() and gethostbyname_ex() functions of the socket module now decode the hostname from the ANSI code page rather than UTF-8.
xmlrpc now works with strings not encodable with used non-UTF-8 encoding.
Garbage collector now breaks reference loops with OrderedDict.
Fixed AttributeError in msilib.Directory.glob().
Added compatibility with broken protocol 2 pickles created in old Python 3 versions (3.4.3 and lower).
Use cross-compilation by default for 64-bit Windows.
Improve zipimport's support for namespace packages.
Fix sysconfig._parse_makefile not expanding
Fix mock.patch behavior when patching descriptors. Restore original values after patching. Patch contributed by Sean McCully.
In the ssl module, enable the SSL_MODE_RELEASE_BUFFERS mode option if it is safe to do so.
Don't traverse into symlinks for ** pattern in pathlib.Path.[r]glob().
Ignore PermissionError when traversing a tree with pathlib.Path.[r]glob(). Patch by Ulrich Petri.
fileinput now uses sys.stdin as-is if it does not have a buffer attribute (restores backward compatibility).
Copying the lru_cache() wrapper object now always works, independently from the type of the wrapped object (by returning the original object unchanged).
Fixed possible use after free in ElementTree.XMLPullParser.
os.fwalk() no longer skips remaining directories when error occurs. Original patch by Samson Lee.
Fixed and simplified OrderedDict.__sizeof__.
Fixed various refcount issues in ElementTree iteration.
Restore the previous behaviour of tolerating most fstat() errors when opening files. This was a regression in 3.5a1, and stopped anonymous temporary files from working in special cases.
Fix regression in number of arguments compileall accepts when '-d' is specified. The check on the number of arguments has been dropped completely as it never worked correctly anyway.
In the subprocess module, preserve any exception caused by fork() failure when preexec_fn is used.
_strptime's regexp cache now is reset after changing timezone with time.tzset().
When executing a package with the "python -m package" option, and package initialization fails, a proper traceback is now reported. The "runpy" module now lets exceptions from package initialization pass back to the caller, rather than raising ImportError.
Also in runpy and the "-m" option, omit the irrelevant message ". . . is a
package and cannot be directly executed" if the package could not even be
initialized (e.g. due to a bad *.pyc file).
Fixed problem with the mean of very small and very large numbers. As a side effect, statistics.mean and statistics.variance should be significantly faster.
Fixed copying object with state with boolean value is false.
Fixed deep copying of minidom documents. Based on patch by Marian Ganisin.
Fixed a reference leak in pickle.loads() when unpickling invalid data including tuple instructions.
In the Readline completer, avoid listing duplicate global names, and search the global namespace before searching builtins.
Fixed file leak in ElementTree.iterparse() raising an error.
Fixed SystemError raised by unpickler on broken pickle data.
Fixed crash on deleting ElementTree.Element attributes.
ZipFile now always writes a ZIP_STORED header for directory entries. Patch by Dingyuan Wang.
Skip getaddrinfo if host is already resolved. Patch by A. Jesse Jiryu Davis.
Add asyncio.StreamReader.readuntil() method. Patch by Марк Коренберг.
Avoid unnecessary serialization of getaddrinfo(3) calls on OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis.
Avoid unnecessary serialization of getaddrinfo(3) calls on current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis.
Fix asyncio/subprocess.communicate() to handle empty input. Patch by Jack O'Connor.
Add loop.get_exception_handler method
asyncio: Add loop.create_future method
asyncio: Fix _read_ready and _write_ready to respect _conn_lost. Patch by Łukasz Langa.
asyncio: Fix inconsistency cancelling Condition.wait. Patch by David Coles.
Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. Original patch by Serhiy Storchaka.
Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers.
Stop 'ThemeChanged' warnings when running IDLE tests. These persisted after other warnings were suppressed in #20567. Apply Serhiy Storchaka's update_idletasks solution to four test files. Record this additional advice in idle_test/README.txt
Revise idle_test/README.txt with advice about avoiding tk warning messages from tests. Apply advice to several IDLE tests.
Make colorizer htest and turtledemo work with dark themes. Move code for configuring text widget colors to a new function.
When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening.
Add test for IDLE's percolator. Original patch by Saimadhav Heblikar.
Add test for IDLE's replace dialog. Original patch by Saimadhav Heblikar.
Add test for IDLE's search dialog. Original patch by Westley Martínez.
Add test for IDLE's undo delegator. Original patch by Saimadhav Heblikar .
Add ConfigDialog.remove_var_callbacks to stop memory leaks.
Add more asserts to test_delegator.
Add tests for idlelib.configHelpSourceEdit. Patch by Saimadhav Heblikar.
In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams.
fix incorrect change in IOBinding that prevented printing. Augment IOBinding htest to include all major IOBinding functions.
Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'.
Moved the search box from the sidebar to the header and footer of each page. Patch by Ammar Askar.
Document the new PEP 448 unpacking syntax of 3.5.
Used HTTPS for external links in the documentation if possible.
Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed.
Adds note to ctypes documentation regarding cdll.msvcrt.
Fix documentation to not claim that __import__ is searched for in the global scope.
Update 3.x packaging documentation: * "See also" links to the new docs are now provided in the legacy pages * links to setuptools documentation have been updated
Added tests for the turtle module. Patch by ingrid, Gregory Loyse and Jelle Zijlstra.
The multiprocessing thread pool (multiprocessing.dummy.Pool) was untested.
Added new tests for pickling iterators of mutable sequences.
Added test.support.check_no_resource_warning() to check that no ResourceWarning is emitted.
Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate.
Tests for OrderedDict are extracted from test_collections into separate file test_ordered_dict.
Skip test_timestamp_overflow in test_import if bytecode files cannot be written.
Fix linking extension modules for cross builds. Patch by Xavier de Gaye.
Disable the rules for running _freeze_importlib and pgen when cross-compiling. The output of these programs is normally saved with the source code anyway, and is still regenerated when doing a native build. Patch by Xavier de Gaye.
Fix the cross-compiling pgen rule for in-tree builds. Patch by Xavier de Gaye.
Link audioop, _datetime, _ctypes_test modules to libm, except on Mac OS X. Patch written by Xavier de Gaye.
A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone.
Adds validation of ucrtbase[d].dll version with warning for old versions.
Avoid error about nonexistent fileblocks.o file by using a lower-level check for st_blocks in struct stat.
Fixing the build output folder for tix-8.4.3.6. Patch by Bjoern Thiel.
Update Windows builds to use OpenSSL 1.0.2g.
Compile Modules/_math.c once, before building extensions. Previously it could fail to compile properly if the math and cmath builds were concurrent.
Added --pgo and --pgo-job arguments to PCbuild\build.bat for
building with Profile-Guided Optimization. The old
PCbuild\build_pgo.bat script is now deprecated, and simply calls
PCbuild\build.bat --pgo %*.
Add support for building with ICC to configure, including a new
--with-icc flag.
Fix installation of Python on UNIX with make -j9.
Update OS X 10.5+ 32-bit-only installer to build and link with OpenSSL 1.0.2h.
Update Windows builds to use OpenSSL 1.0.2f.
Support Apple Xcode 7's new textual SDK stub libraries.
Do not enable unreachable code warnings when using gcc as the option does not work correctly in older versions of gcc and has been silently removed as of gcc-4.5.
Updates make_zip.py to correctly generate library ZIP file.
Update the prepare_ssl.py script to handle OpenSSL releases that don't include the contents of the include directory (that is, 1.0.2e and later).
bdist_wininst created binaries fail to start and find 32bit Python
Update the list of magic numbers in launcher
Excludes venv from library when generating embeddable distro.
Remove unused and outdated icons. (See also: python/pythondotorg#945)
Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. Patch written by Thomas Ilsche.
Fix the Freeze tool to properly use flags passed through configure. Patch by Daniel Shaulov.
Add dictionary unpacking support to Tools/parser/unparse.py. Patch by Guo Ci Teo.
Fix variable name typo in Argument Clinic.