cpython: dd0f1fa809c5 (original) (raw)

--- a/Misc/NEWS +++ b/Misc/NEWS @@ -17,6 +17,9 @@ Core and Builtins Library ------- +- Issue #2466: posixpath.ismount now correctly recognizes mount points which

• the user does not have permission to access. +

• Issue #9998: On Linux, ctypes.util.find_library now looks in LD_LIBRARY_PATH for shared libraries. @@ -43,7 +46,8 @@ Core and Builtins
• Issue #27574: Decreased an overhead of parsing keyword arguments in functions implemented with using Argument Clinic. -- Issue #22557: Now importing already imported modules is up to 2.5 times faster. +- Issue #22557: Now importing already imported modules is up to 2.5 times

• faster.

• Issue #17596: Include <wincrypt.h> to help with Min GW building. @@ -76,9 +80,6 @@ Core and Builtins Library ------- -- Issue #2466: posixpath.ismount now correctly recognizes mount points which
• the user does not have permission to access. -
• Issue #25958: Support "anti-registration" of special methods from various ABCs, like hash, iter or len. All these (and several more) can be set to None in an implementation class and the @@ -94,8 +95,8 @@ Library to ref count problem introduced in code for Issue #27038 in 3.6.0a3. Patch by Xiang Zhang. -- Issue #25628: The verbose and rename parameters for collections.namedtuple
• are now keyword-only. +- Issue #25628: The verbose and rename parameters for

• collections.namedtuple are now keyword-only.

• Issue #12345: Add mathemathical constant tau to math and cmath. See also PEP 628. @@ -114,7 +115,8 @@ Library
• Issue #6422: Add autorange method to timeit.Timer objects. -- Issue #27773: Correct some memory management errors server_hostname in _ssl.wrap_socket(). +- Issue #27773: Correct some memory management errors server_hostname in

• _ssl.wrap_socket().

• Issue #26750: unittest.mock.create_autospec() now works properly for subclasses of property() and other data descriptors. Removes the never @@ -131,14 +133,15 @@ Library
• In the curses module, raise an error if window.getstr() or window.instr() is passed a negative value. -- Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller. +- Issue #27783: Fix possible usage of uninitialized memory in

• operator.methodcaller.

• Issue #27774: Fix possible Py_DECREF on unowned object in _sre.
• Issue #27760: Fix possible integer overflow in binascii.b2a_qp. -- Issue #27758: Fix possible integer overflow in the _csv module for large record
• lengths. +- Issue #27758: Fix possible integer overflow in the _csv module for large

• record lengths.

• Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates @@ -319,9 +322,9 @@ Library when exiting, let the new chained one through. This avoids the PEP 479 bug described in issue25782. -- [Security] Issue #27278: Fix os.urandom() implementation using getrandom() on Linux.
• Truncate size to INT_MAX and loop until we collected enough random bytes,
• instead of casting a directly Py_ssize_t to int. +- [Security] Issue #27278: Fix os.urandom() implementation using getrandom() on

• Linux. Truncate size to INT_MAX and loop until we collected enough random
• bytes, instead of casting a directly Py_ssize_t to int.

• Issue #16864: sqlite3.Cursor.lastrowid now supports REPLACE statement. Initial patch by Alex LordThorsen. @@ -371,9 +374,9 @@ IDLE Previously, when IDLE was started from a console or by import, a cascade of warnings was emitted. Patch by Serhiy Storchaka. -- Issue #24137: Run IDLE, test_idle, and htest with tkinter default root disabled.
• Fix code and tests that fail with this restriction.
• Fix htests to not create a second and redundant root and mainloop. +- Issue #24137: Run IDLE, test_idle, and htest with tkinter default root

• disabled. Fix code and tests that fail with this restriction. Fix htests to
• not create a second and redundant root and mainloop.

• Issue #27310: Fix IDLE.app failure to launch on OS X due to vestigial import. @@ -486,8 +489,8 @@ Library
• [Security] Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283. -- [Security] Fix TLS stripping vulnerability in smtplib, CVE-2016-0772. Reported by Team
• Oststrom +- [Security] Fix TLS stripping vulnerability in smtplib, CVE-2016-0772.

• Reported by Team Oststrom.

• Issue #21386: Implement missing IPv4Address.is_global property. It was documented since 07a5610bae9d. Initial patch by Roger Luethi. @@ -529,9 +532,10 @@ Library
• Issue #21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. -- [Security] Issue #26839: On Linux, :func:os.urandom now calls getrandom() with
• GRND_NONBLOCK to fall back on reading /dev/urandom if the urandom
• entropy pool is not initialized yet. Patch written by Colm Buckley. +- [Security] Issue #26839: On Linux, :func:os.urandom now calls

• getrandom() with GRND_NONBLOCK to fall back on reading
• /dev/urandom if the urandom entropy pool is not initialized yet. Patch
• written by Colm Buckley.

• Issue #23883: Added missing APIs to all to match the documented APIs for the following modules: cgi, mailbox, mimetypes, plistlib and smtpd. @@ -893,7 +897,8 @@ Core and Builtins This allows sys.getsize() to work correctly with their subclasses with slots defined. -- Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache. +- Issue #25709: Fixed problem with in-place string concatenation and utf-8

• cache.

• Issue #5319: New Py_FinalizeEx() API allowing Python to set an exit status of 120 on failure to flush buffered streams. @@ -1124,9 +1129,9 @@ Library
• Issue #24838: tarfile's ustar and gnu formats now correctly calculate name and link field limits for multibyte character encodings like utf-8. -- [Security] Issue #26657: Fix directory traversal vulnerability with http.server on
• Windows. This fixes a regression that was introduced in 3.3.4rc1 and
• 3.4.0rc1. Based on patch by Philipp Hagemeister. +- [Security] Issue #26657: Fix directory traversal vulnerability with

• http.server on Windows. This fixes a regression that was introduced in
• 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.

• Issue #26717: Stop encoding Latin-1-ized WSGI paths with UTF-8. Patch by Anthony Sottile. @@ -1230,8 +1235,8 @@ Library :class:warnings.WarningMessage. Add warnings._showwarnmsg() which uses tracemalloc to get the traceback where source object was allocated. -- [Security] Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store
• is empty. Patch by Baji. +- [Security] Issue #26313: ssl.py _load_windows_store_certs fails if windows

• cert store is empty. Patch by Baji.

• Issue #26569: Fix :func:pyclbr.readmodule and :func:pyclbr.readmodule_ex to support importing packages. @@ -1266,7 +1271,8 @@ Library isoformat() method to choose the precision of the time component.
• Issue #2202: Fix UnboundLocalError in
• AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy.

• AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu
• Dupuy.

• Issue #26167: Minimized overhead in copy.copy() and copy.deepcopy(). Optimized copying and deepcopying bytearrays, NotImplemented, slices, @@ -1313,7 +1319,8 @@ Library trigger the handle_error() method, and will now to stop a single-threaded server. -- [Security] Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates. +- [Security] Issue #25939: On Windows open the cert store readonly in

• ssl.enum_certificates.

• Issue #25995: os.walk() no longer uses FDs proportional to the tree depth. @@ -1629,7 +1636,8 @@ Library
• Issue #25011: rlcompleter now omits private and special attribute names unless the prefix starts with underscores. -- Issue #25209: rlcompleter now can add a space or a colon after completed keyword. +- Issue #25209: rlcompleter now can add a space or a colon after completed

• keyword.

• Issue #22241: timezone.utc name is now plain 'UTC', not 'UTC-00:00'.