Commit 44039c2c authored by Benjamin Peterson's avatar Benjamin Peterson

Collect 2.7.16rc1 release notes.

parent b27e3055
This diff is collapsed.
Add -g to LDFLAGS when compiling with LTO to get debug symbols.
Fix an undefined behaviour in the pthread implementation of
:c:func:`PyThread_start_new_thread`: add a function wrapper to always return
``NULL``.
Fixed SSL module build with OpenSSL & pedantic CFLAGS.
Fix a compiler error when statically linking `pyexpat` in `Modules/Setup`.
Fixed :exc:`SystemError` in :c:func:`PyArg_ParseTupleAndKeywords` when the
``w*`` format unit is used for optional parameter.
Check start and stop of slice object to be long when they are not int in
:c:func:`PySlice_GetIndices`.
Fixed :c:func:`_PyString_Resize` and :c:func:`_PyUnicode_Resize` for empty
strings. This fixed also :c:func:`PyString_FromFormat` and
:c:func:`PyUnicode_FromFormat` when they return an empty string (e.g.
``PyString_FromFormat("%s", "")``).
Fix assertion failures in the ``tell()`` method of ``io.TextIOWrapper``.
Patch by Zackery Spytz.
Fix rare Python crash due to bad refcounting in ``type_getattro()`` if a
descriptor deletes itself from the class. Patch by Jeroen Demeyer.
Fixed a leak when the garbage collector fails to add an object with the
``__del__`` method or referenced by it into the :data:`gc.garbage` list.
:c:func:`PyGC_Collect` can now be called when an exception is set and
preserves it.
Fixed an "unknown parsing error" on parsing the "<>" operator when run
Python with both options ``-3`` and ``-We``.
Fixed reset of the SIGINT handler to SIG_DFL on interpreter shutdown even
when there was a custom handler set previously. Patch by Philipp Kerling.
Fixed a memory leak in the compiler when it raised some uncommon errors
during tokenizing.
In :meth:`io.IOBase.close`, ensure that the :attr:`~io.IOBase.closed`
attribute is not set with a live exception. Patch by Zackery Spytz and Serhiy
Storchaka.
Fix potential heap corruption in the :mod:`bsddb` module. Patch by Zackery
Spytz.
Adding I/O error checking when reading .py files and aborting importing on
error.
Fix undefined behavior in parsetok.c. Patch by Zackery Spytz.
Fix a segfault when accessing ``generator.gi_frame.f_restricted`` when the
generator is exhausted. Patch by Zackery Spytz.
The :class:`bytearray` constructor no longer convert
unexpected exceptions (e.g. :exc:`MemoryError` and :exc:`KeyboardInterrupt`)
to :exc:`TypeError`.
Fixed an out of bounds memory access when parsing a truncated unicode escape
sequence at the end of a string such as ``u'\N'``. It would read one byte
beyond the end of the memory allocation.
:c:func:`PyMem_Malloc` is now also thread-safe in debug mode.
Fix segfaults and :exc:`SystemError`\ s when deleting certain attributes.
Patch by Zackery Spytz.
Format character ``%s`` in :c:func:`PyString_FromFormat` no longer read
memory past the limit if *precision* is specified.
Add a note to :mod:`bz2` and :mod:`tarfile` stating that handling of
multi-stream bzip2 files is not supported.
Use app.add_object_type() instead of the deprecated Sphinx function
app.description_unit()
Rename documentation for :mod:`email.utils` to ``email.utils.rst``.
Fix unresponsiveness after closing certain windows and dialogs.
\ No newline at end of file
Make IDLE calltips always visible on Mac. Some MacOS-tk combinations need
.update_idletasks(). Patch by Kevin Walzer.
Fix bugs in hangul normalization: u1176, u11a7 and u11c3
Support arrays >=2GiB in :mod:`ctypes`. Patch by Segev Finer.
Raise a ``TypeError`` instead of crashing if a ``collections.deque`` subclass
returns a non-deque from ``__new__``. Patch by Oren Milman.
uuid.uuid1 no longer raises an exception if a 64-bit hardware address is
encountered.
In :mod:`tkinter`, ``after_cancel(None)`` now raises a :exc:`ValueError` instead of canceling the first scheduled function. Patch by Cheryl Sabella.
gzip.GzipFile no longer produces an AttributeError exception when used with
a file object with a non-string name attribute. Patch by Bo Bayles.
The urllib.robotparser's ``__str__`` representation now includes wildcard
entries and the "Crawl-delay" and "Request-rate" fields. Patch by
Michael Lazar.
Fix display of ``<module>`` call in the html produced by ``cgitb.html()``. Patch by Stéphane Blondon.
Fixed a crash in the :mod:`parser` module when converting an ST object to a
tree of tuples or lists with ``line_info=False`` and ``col_info=True``.
``imaplib`` now allows ``MOVE`` command in ``IMAP4.uid()`` (RFC
6851: IMAP MOVE Extension) and potentially as a name of supported
method of ``IMAP4`` object.
Fix trailing quotation marks getting deleted when looking up byte/string
literals on pydoc. Patch by Andrés Delfino.
Updated alias mapping with glibc 2.27 supported locales.
Removed unintentionally backported from Python 3 Tkinter files.
Prevent ``uuid.get_node`` from using a DUID instead of a MAC on Windows.
Patch by Zvi Effron
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.
Use a better regex when breaking usage into wrappable parts. Avoids bogus
assertion errors from custom metavar strings.
The concatenation (``+``) and repetition (``*``) sequence operations now
raise :exc:`TypeError` instead of :exc:`SystemError` when performed on
:class:`mmap.mmap` objects. Patch by Zackery Spytz.
Fixed implementation of :func:`platform.libc_ver`. It almost always returned
version '2.9' for glibc.
Fixed passing lists and tuples of strings containing special characters
``"``, ``\``, ``{``, ``}`` and ``\n`` as options to :mod:`~tkinter.ttk`
widgets.
webbrowser: Correct the arguments passed to Opera Browser when opening a new URL
using the ``webbrowser`` module. Patch by Bumsik Kim.
:meth:`sqlite3.Connection.create_aggregate`,
:meth:`sqlite3.Connection.create_function`,
:meth:`sqlite3.Connection.set_authorizer`,
:meth:`sqlite3.Connection.set_progress_handler` methods raises TypeError
when unhashable objects are passed as callable. These methods now don't pass
such objects to SQLite API. Previous behavior could lead to segfaults. Patch
by Sergey Fedoseev.
Appending to the ZIP archive with the ZIP64 extension no longer grows the
size of extra fields of existing entries.
Add OP_ENABLE_MIDDLEBOX_COMPAT and test workaround for TLSv1.3 for future
compatibility with OpenSSL 1.1.1.
Associate ``.mjs`` file extension with ``application/javascript`` MIME Type.
Fix inspect.getsourcelines for module level frames/tracebacks.
Patch by Vladimir Matveev.
Improved compatibility for streamed files in :mod:`zipfile`. Previously an
optional signature was not being written and certain ZIP applications were
not supported. Patch by Silas Sewell.
``distutils.spawn.find_executable()`` now falls back on :data:`os.defpath`
if the ``PATH`` environment variable is not set.
Fixed iterator of :class:`multiprocessing.managers.DictProxy`.
Ensure :func:`os.lchmod` is never defined on Linux.
ZIP files created by :mod:`distutils` will now include entries for
directories.
Adding ``max_num_fields`` to ``cgi.FieldStorage`` to make DOS attacks harder by
limiting the number of ``MiniFieldStorage`` objects created by ``FieldStorage``.
Fix ``TclError`` in ``tkinter.Spinbox.selection_element()``. Patch by
Juliette Monsel.
The :term:`2to3` :2to3fixer:`execfile` fixer now opens the file with mode
``'rb'``. Patch by Zackery Spytz.
Verify the value for the parameter '-s' of the cProfile CLI. Patch by Robert
Kuska
Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to
Tcl/Tk.
:meth:`socketserver.BaseServer.serve_forever` now exits immediately if it's
:meth:`~socketserver.BaseServer.shutdown` method is called while it is
polling for new events.
Improve difflib.SequenceManager.get_matching_blocks doc by adding 'non-
overlapping' and changing '!=' to '<'.
Fix incorrect parsing of :class:`_io.IncrementalNewlineDecoder`'s
*translate* argument.
Update ensurepip to install pip 18.1 and setuptools 40.6.2.
Avoid stripping trailing whitespace in doctest fancy diff. Orignial patch by
R. David Murray & Jairo Trad. Enhanced by Sanyam Khurana.
:func:`posixpath.expanduser` now returns the input *path* unchanged if the
``HOME`` environment variable is not set and the current user has no home
directory (if the current user identifier doesn't exist in the password
database). This change fix the :mod:`site` module if the current user doesn't
exist in the password database (if the user has no home directory).
:func:`~distutils.utils.check_environ` of :mod:`distutils.utils` now catchs
:exc:`KeyError` on calling :func:`pwd.getpwuid`: don't create the ``HOME``
environment variable in this case.
Fix xml.dom.minidom cloneNode() on a document with an entity: pass the
correct arguments to the user data handler of an entity.
The write() method of buffered and unbuffered binary streams in the io
module emits now a DeprecationWarning in Py3k mode for unicode argument.
Updated to OpenSSL 1.0.2p for Windows builds.
\ No newline at end of file
When ``shutil.make_archive`` falls back to the external ``zip`` problem, it
uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This
closes a possible shell injection vector.
CVE-2018-14647: The C accelerated _elementtree module now initializes hash
randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.
The xml.sax and xml.dom.domreg no longer use environment variables to
override parser implementations when sys.flags.ignore_environment is set by
-E or -I arguments.
SSLContext has improved default settings: OP_NO_SSLv2, OP_NO_SSLv3,
OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE,
OP_SINGLE_ECDH_USE and HIGH ciphers without MD5.
CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to
limit line length.
[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
not handle CRL distribution points with empty DP or URI correctly. A
malicious or buggy certificate can result into segfault. Vulnerability
(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
Skip ``test_ssl.test_load_dh_params`` when Python filesystem encoding cannot encode the
provided path.
Fixed test_gdb when Python is compiled with flags -mcet -fcf-protection -O0.
Rename Lib/test/bisect.py to Lib/test/bisect_cmd.py. The old name was in
conflict with Lib/bisect.py, causing test failures, depending how tests
were run.
Fix a bug in ``regrtest`` that caused an extra test to run if
--huntrleaks/-R was used. Exit with error in case that invalid
parameters are specified to --huntrleaks/-R (at least one warmup
run and one repetition must be used).
Fix test_gdbm on macOS with gdbm 1.15: add a larger value to make sure that
the file size changes.
Update all RSA keys and DH params to use at least 2048 bits.
Fix ftplib test for TLS 1.3 by reading from data socket.
Use 3072 RSA keys and SHA-256 signature for test certs and keys.
regrtest issue a warning when no tests have been executed in a particular
test file. Also, a new final result state is issued if no test have been
executed across all test files. Patch by Pablo Galindo.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment