Collect 2.7.16rc1 release notes.

Misc/NEWS.d/2.7.16rc1.rst

+.. bpo: 35746
+.. date: 2019-01-15-18-16-05
+.. nonce: nMSd0j
+.. release date: 2019-02-16
+.. section: Security
+
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
+not handle CRL distribution points with empty DP or URI correctly. A
+malicious or buggy certificate can result into segfault. Vulnerability
+(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
+
+..
+
+.. bpo: 16039
+.. date: 2018-12-11-16-00-57
+.. nonce: PCj2n4
+.. section: Security
+
+CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to
+limit line length.
+
+..
+
+.. bpo: 28043
+.. date: 2018-11-20-16-50-03
+.. nonce: qOoOqW
+.. section: Security
+
+SSLContext has improved default settings: OP_NO_SSLv2, OP_NO_SSLv3,
+OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE,
+OP_SINGLE_ECDH_USE and HIGH ciphers without MD5.
+
+..
+
+.. bpo: 34791
+.. date: 2018-09-24-18-49-25
+.. nonce: 78GmIG
+.. section: Security
+
+The xml.sax and xml.dom.domreg no longer use environment variables to
+override parser implementations when sys.flags.ignore_environment is set by
+-E or -I arguments.
+
+..
+
+.. bpo: 34623
+.. date: 2018-09-10-16-05-39
+.. nonce: Ua9jMv
+.. section: Security
+
+CVE-2018-14647: The C accelerated _elementtree module now initializes hash
+randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.
+
+..
+
+.. bpo: 34540
+.. date: 2018-08-28-22-11-54
+.. nonce: gfQ0TM
+.. section: Security
+
+When ``shutil.make_archive`` falls back to the external ``zip`` problem, it
+uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This
+closes a possible shell injection vector.
+
+..
+
+.. bpo: 34405
+.. date: 2018-08-15-12-14-03
+.. nonce: R4IZGw
+.. section: Security
+
+Updated to OpenSSL 1.0.2p for Windows builds.
+
+..
+
+.. bpo: 35552
+.. date: 2018-12-21-13-29-30
+.. nonce: 1DzQQc
+.. section: Core and Builtins
+
+Format character ``%s`` in :c:func:`PyString_FromFormat` no longer read
+memory past the limit if *precision* is specified.
+
+..
+
+.. bpo: 35504
+.. date: 2018-12-15-14-01-45
+.. nonce: JtKczP
+.. section: Core and Builtins
+
+Fix segfaults and :exc:`SystemError`\ s when deleting certain attributes.
+Patch by Zackery Spytz.
+
+..
+
+.. bpo: 35368
+.. date: 2018-11-30-17-50-28
+.. nonce: DNaDao
+.. section: Core and Builtins
+
+:c:func:`PyMem_Malloc` is now also thread-safe in debug mode.
+
+..
+
+.. bpo: 35214
+.. date: 2018-11-13-17-20-18
+.. nonce: AH2F87
+.. section: Core and Builtins
+
+Fixed an out of bounds memory access when parsing a truncated unicode escape
+sequence at the end of a string such as ``u'\N'``.  It would read one byte
+beyond the end of the memory allocation.
+
+..
+
+.. bpo: 34974
+.. date: 2018-10-13-22-24-19
+.. nonce: 7LgTc2
+.. section: Core and Builtins
+
+The :class:`bytearray` constructor no longer convert unexpected exceptions
+(e.g. :exc:`MemoryError` and :exc:`KeyboardInterrupt`) to :exc:`TypeError`.
+
+..
+
+.. bpo: 22851
+.. date: 2018-09-17-04-41-42
+.. nonce: 0hsJPh
+.. section: Core and Builtins
+
+Fix a segfault when accessing ``generator.gi_frame.f_restricted`` when the
+generator is exhausted.  Patch by Zackery Spytz.
+
+..
+
+.. bpo: 18560
+.. date: 2018-08-23-21-32-27
+.. nonce: 5q_c1C
+.. section: Core and Builtins
+
+Fix potential NULL pointer dereference in sum().
+
+..
+
+.. bpo: 34400
+.. date: 2018-08-14-03-52-43
+.. nonce: AJD0bz
+.. section: Core and Builtins
+
+Fix undefined behavior in parsetok.c.  Patch by Zackery Spytz.
+
+..
+
+.. bpo: 25083
+.. date: 2018-07-25-22-47-19
+.. nonce: HT_hXh
+.. section: Core and Builtins
+
+Adding I/O error checking when reading .py files and aborting importing on
+error.
+
+..
+
+.. bpo: 25943
+.. date: 2018-07-18-23-40-32
+.. nonce: Zgf99y
+.. section: Core and Builtins
+
+Fix potential heap corruption in the :mod:`bsddb` module.  Patch by Zackery
+Spytz.
+
+..
+
+.. bpo: 34068
+.. date: 2018-07-14-08-58-46
+.. nonce: 9xfM55
+.. section: Core and Builtins
+
+In :meth:`io.IOBase.close`, ensure that the :attr:`~io.IOBase.closed`
+attribute is not set with a live exception.  Patch by Zackery Spytz and
+Serhiy Storchaka.
+
+..
+
+.. bpo: 34080
+.. date: 2018-07-10-11-24-16
+.. nonce: 8t7PtO
+.. section: Core and Builtins
+
+Fixed a memory leak in the compiler when it raised some uncommon errors
+during tokenizing.
+
+..
+
+.. bpo: 33956
+.. date: 2018-06-25-20-42-44
+.. nonce: 1qoTwD
+.. section: Core and Builtins
+
+Update vendored Expat library copy to version 2.2.5.
+
+..
+
+.. bpo: 30654
+.. date: 2018-05-28-12-28-53
+.. nonce: 9fDJye
+.. section: Core and Builtins
+
+Fixed reset of the SIGINT handler to SIG_DFL on interpreter shutdown even
+when there was a custom handler set previously. Patch by Philipp Kerling.
+
+..
+
+.. bpo: 33645
+.. date: 2018-05-25-18-20-04
+.. nonce: GYGIPH
+.. section: Core and Builtins
+
+Fixed an "unknown parsing error" on parsing the "<>" operator when run
+Python with both options ``-3`` and ``-We``.
+
+..
+
+.. bpo: 33622
+.. date: 2018-05-23-20-46-14
+.. nonce: xPucO9
+.. section: Core and Builtins
+
+Fixed a leak when the garbage collector fails to add an object with the
+``__del__`` method or referenced by it into the :data:`gc.garbage` list.
+:c:func:`PyGC_Collect` can now be called when an exception is set and
+preserves it.
+
+..
+
+.. bpo: 33391
+.. date: 2018-05-02-08-36-03
+.. nonce: z4a7rb
+.. section: Core and Builtins
+
+Fix a leak in set_symmetric_difference().
+
+..
+
+.. bpo: 25750
+.. date: 2018-03-14-21-42-17
+.. nonce: lxgkQz
+.. section: Core and Builtins
+
+Fix rare Python crash due to bad refcounting in ``type_getattro()`` if a
+descriptor deletes itself from the class. Patch by Jeroen Demeyer.
+
+..
+
+.. bpo: 25862
+.. date: 2017-10-07-10-13-15
+.. nonce: FPYBA5
+.. section: Core and Builtins
+
+Fix assertion failures in the ``tell()`` method of ``io.TextIOWrapper``.
+Patch by Zackery Spytz.
+
+..
+
+.. bpo: 8765
+.. date: 2018-12-12-09-59-41
+.. nonce: IFupT2
+.. section: Library
+
+The write() method of buffered and unbuffered binary streams in the io
+module emits now a DeprecationWarning in Py3k mode for unicode argument.
+
+..
+
+.. bpo: 35052
+.. date: 2018-12-10-09-48-27
+.. nonce: xE1ymg
+.. section: Library
+
+Fix xml.dom.minidom cloneNode() on a document with an entity: pass the
+correct arguments to the user data handler of an entity.
+
+..
+
+.. bpo: 10496
+.. date: 2018-12-05-17-42-49
+.. nonce: laV_IE
+.. section: Library
+
+:func:`~distutils.utils.check_environ` of :mod:`distutils.utils` now catchs
+:exc:`KeyError` on calling :func:`pwd.getpwuid`: don't create the ``HOME``
+environment variable in this case.
+
+..
+
+.. bpo: 10496
+.. date: 2018-12-05-13-37-39
+.. nonce: VH-1Lp
+.. section: Library
+
+:func:`posixpath.expanduser` now returns the input *path* unchanged if the
+``HOME`` environment variable is not set and the current user has no home
+directory (if the current user identifier doesn't exist in the password
+database). This change fix the :mod:`site` module if the current user
+doesn't exist in the password database (if the user has no home directory).
+
+..
+
+.. bpo: 24746
+.. date: 2018-11-22-15-22-56
+.. nonce: eSLKBE
+.. section: Library
+
+Avoid stripping trailing whitespace in doctest fancy diff. Orignial patch by
+R. David Murray & Jairo Trad. Enhanced by Sanyam Khurana.
+
+..
+
+.. bpo: 35277
+.. date: 2018-11-19-07-22-04
+.. nonce: dsD-2E
+.. section: Library
+
+Update ensurepip to install pip 18.1 and setuptools 40.6.2.
+
+..
+
+.. bpo: 35062
+.. date: 2018-10-29-23-09-24
+.. nonce: dQS1ng
+.. section: Library
+
+Fix incorrect parsing of :class:`_io.IncrementalNewlineDecoder`'s
+*translate* argument.
+
+..
+
+.. bpo: 35079
+.. date: 2018-10-26-22-53-16
+.. nonce: Tm5jvF
+.. section: Library
+
+Improve difflib.SequenceManager.get_matching_blocks doc by adding 'non-
+overlapping' and changing '!=' to '<'.
+
+..
+
+.. bpo: 35017
+.. date: 2018-10-26-00-11-21
+.. nonce: 6Ez4Cv
+.. section: Library
+
+:meth:`socketserver.BaseServer.serve_forever` now exits immediately if it's
+:meth:`~socketserver.BaseServer.shutdown` method is called while it is
+polling for new events.
+
+..
+
+.. bpo: 34794
+.. date: 2018-10-21-14-53-19
+.. nonce: yt3R4-
+.. section: Library
+
+Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to
+Tcl/Tk.
+
+..
+
+.. bpo: 23420
+.. date: 2018-10-17-11-00-00
+.. nonce: Lq74Uu
+.. section: Library
+
+Verify the value for the parameter '-s' of the cProfile CLI. Patch by Robert
+Kuska
+
+..
+
+.. bpo: 16965
+.. date: 2018-10-12-20-30-42
+.. nonce: xo5LAr
+.. section: Library
+
+The :term:`2to3` :2to3fixer:`execfile` fixer now opens the file with mode
+``'rb'``.  Patch by Zackery Spytz.
+
+..
+
+.. bpo: 34936
+.. date: 2018-10-08-21-05-11
+.. nonce: 3tRqdq
+.. section: Library
+
+Fix ``TclError`` in ``tkinter.Spinbox.selection_element()``. Patch by
+Juliette Monsel.
+
+..
+
+.. bpo: 34866
+.. date: 2018-10-03-11-07-28
+.. nonce: ML6KpJ
+.. section: Library
+
+Adding ``max_num_fields`` to ``cgi.FieldStorage`` to make DOS attacks harder
+by limiting the number of ``MiniFieldStorage`` objects created by
+``FieldStorage``.
+
+..
+
+.. bpo: 34738
+.. date: 2018-09-19-16-51-04
+.. nonce: Pr3-iG
+.. section: Library
+
+ZIP files created by :mod:`distutils` will now include entries for
+directories.
+
+..
+
+.. bpo: 34652
+.. date: 2018-09-12-14-46-51
+.. nonce: Rt1m1b
+.. section: Library
+
+Ensure :func:`os.lchmod` is never defined on Linux.
+
+..
+
+.. bpo: 34625
+.. date: 2018-09-10-17-46-51
+.. nonce: D2YfDz
+.. section: Library
+
+Update vendorized expat library version to 2.2.6.
+
+..
+
+.. bpo: 34610
+.. date: 2018-09-08-12-57-07
+.. nonce: wmoP5j
+.. section: Library
+
+Fixed iterator of :class:`multiprocessing.managers.DictProxy`.
+
+..
+
+.. bpo: 34530
+.. date: 2018-09-03-23-23-32
+.. nonce: h_Xsu7
+.. section: Library
+
+``distutils.spawn.find_executable()`` now falls back on :data:`os.defpath`
+if the ``PATH`` environment variable is not set.
+
+..
+
+.. bpo: 34472
+.. date: 2018-08-23-09-25-08
+.. nonce: cGyYrO
+.. section: Library
+
+Improved compatibility for streamed files in :mod:`zipfile`. Previously an
+optional signature was not being written and certain ZIP applications were
+not supported. Patch by Silas Sewell.
+
+..
+
+.. bpo: 6700
+.. date: 2018-08-22-17-43-52
+.. nonce: hp7C4B
+.. section: Library
+
+Fix inspect.getsourcelines for module level frames/tracebacks. Patch by
+Vladimir Matveev.
+
+..
+
+.. bpo: 31715
+.. date: 2018-08-15-16-22-30
+.. nonce: Iw8jS8
+.. section: Library
+
+Associate ``.mjs`` file extension with ``application/javascript`` MIME Type.
+
+..
+
+.. bpo: 32947
+.. date: 2018-08-14-08-57-01
+.. nonce: mqStVW
+.. section: Library
+
+Add OP_ENABLE_MIDDLEBOX_COMPAT and test workaround for TLSv1.3 for future
+compatibility with OpenSSL 1.1.1.
+
+..
+
+.. bpo: 34341
+.. date: 2018-08-06-11-01-18
+.. nonce: E0b9p2
+.. section: Library
+
+Appending to the ZIP archive with the ZIP64 extension no longer grows the
+size of extra fields of existing entries.
+
+..
+
+.. bpo: 34052
+.. date: 2018-07-24-16-37-40
+.. nonce: VbbFAE
+.. section: Library
+
+:meth:`sqlite3.Connection.create_aggregate`,
+:meth:`sqlite3.Connection.create_function`,
+:meth:`sqlite3.Connection.set_authorizer`,
+:meth:`sqlite3.Connection.set_progress_handler` methods raises TypeError
+when unhashable objects are passed as callable. These methods now don't pass
+such objects to SQLite API. Previous behavior could lead to segfaults. Patch
+by Sergey Fedoseev.
+
+..
+
+.. bpo: 34019
+.. date: 2018-07-02-05-59-11
+.. nonce: ZXJIife
+.. section: Library
+
+webbrowser: Correct the arguments passed to Opera Browser when opening a new
+URL using the ``webbrowser`` module. Patch by Bumsik Kim.
+
+..
+
+.. bpo: 33974
+.. date: 2018-06-28-14-56-44
+.. nonce: SA8nNP
+.. section: Library
+
+Fixed passing lists and tuples of strings containing special characters
+``"``, ``\``, ``{``, ``}`` and ``\n`` as options to :mod:`~tkinter.ttk`
+widgets.
+
+..
+
+.. bpo: 26544
+.. date: 2018-06-13-20-33-29
+.. nonce: hQ1oMt
+.. section: Library
+
+Fixed implementation of :func:`platform.libc_ver`. It almost always returned
+version '2.9' for glibc.
+
+..
+
+.. bpo: 33767
+.. date: 2018-06-03-22-41-59
+.. nonce: 2e82g3
+.. section: Library
+
+The concatenation (``+``) and repetition (``*``) sequence operations now
+raise :exc:`TypeError` instead of :exc:`SystemError` when performed on
+:class:`mmap.mmap` objects.  Patch by Zackery Spytz.
+
+..
+
+.. bpo: 11874
+.. date: 2018-05-23-00-26-27
+.. nonce: glK5iP
+.. section: Library
+
+Use a better regex when breaking usage into wrappable parts. Avoids bogus
+assertion errors from custom metavar strings.
+
+..
+
+.. bpo: 33570
+.. date: 2018-05-18-21-50-47
+.. nonce: 7CZy4t
+.. section: Library
+
+Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
+1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
+default.
+
+..
+
+.. bpo: 33542
+.. date: 2018-05-16-09-30-27
+.. nonce: idNAcs
+.. section: Library
+
+Prevent ``uuid.get_node`` from using a DUID instead of a MAC on Windows.
+Patch by Zvi Effron
+
+..
+
+.. bpo: 33096
+.. date: 2018-05-08-08-03-34
+.. nonce: 0hsFhL
+.. section: Library
+
+Removed unintentionally backported from Python 3 Tkinter files.
+
+..
+
+.. bpo: 20087
+.. date: 2018-05-05-18-02-24
+.. nonce: lJrvXL
+.. section: Library
+
+Updated alias mapping with glibc 2.27 supported locales.
+
+..
+
+.. bpo: 33422
+.. date: 2018-05-05-09-53-05
+.. nonce: 4FtQ0q
+.. section: Library
+
+Fix trailing quotation marks getting deleted when looking up byte/string
+literals on pydoc. Patch by Andrés Delfino.
+
+..
+
+.. bpo: 33336
+.. date: 2018-04-27-22-18-38
+.. nonce: T8rxn0
+.. section: Library
+
+``imaplib`` now allows ``MOVE`` command in ``IMAP4.uid()`` (RFC 6851: IMAP
+MOVE Extension) and potentially as a name of supported method of ``IMAP4``
+object.
+
+..
+
+.. bpo: 33359
+.. date: 2018-04-25-22-41-04
+.. nonce: Nr4CzK
+.. section: Library
+
+Fix running ``python -m curses.has_key``.
+
+..
+
+.. bpo: 33131
+.. date: 2018-04-20-10-43-17
+.. nonce: L2E977
+.. section: Library
+
+Upgrade bundled version of pip to 10.0.1.
+
+..
+
+.. bpo: 33308
+.. date: 2018-04-18-19-12-25
+.. nonce: fW75xi
+.. section: Library
+
+Fixed a crash in the :mod:`parser` module when converting an ST object to a
+tree of tuples or lists with ``line_info=False`` and ``col_info=True``.
+
+..
+
+.. bpo: 33256
+.. date: 2018-04-10-20-57-14
+.. nonce: ndHkqu
+.. section: Library
+
+Fix display of ``<module>`` call in the html produced by ``cgitb.html()``.
+Patch by Stéphane Blondon.
+
+..
+
+.. bpo: 32861
+.. date: 2018-04-02-20-44-54
+.. nonce: HeBjzN
+.. section: Library
+
+The urllib.robotparser's ``__str__`` representation now includes wildcard
+entries and the "Crawl-delay" and "Request-rate" fields. Patch by Michael
+Lazar.
+
+..
+
+.. bpo: 33038
+.. date: 2018-03-10-20-14-36
+.. nonce: yA6CP5
+.. section: Library
+
+gzip.GzipFile no longer produces an AttributeError exception when used with
+a file object with a non-string name attribute. Patch by Bo Bayles.
+
+..
+
+.. bpo: 32857
+.. date: 2018-02-16-14-37-14
+.. nonce: -XljAx
+.. section: Library
+
+In :mod:`tkinter`, ``after_cancel(None)`` now raises a :exc:`ValueError`
+instead of canceling the first scheduled function.  Patch by Cheryl Sabella.
+
+..
+
+.. bpo: 32502
+.. date: 2018-01-20-17-15-34
+.. nonce: OXJfn7
+.. section: Library
+
+uuid.uuid1 no longer raises an exception if a 64-bit hardware address is
+encountered.
+
+..
+
+.. bpo: 31608
+.. date: 2017-10-29-10-37-55
+.. nonce: wkp8Nw
+.. section: Library
+
+Raise a ``TypeError`` instead of crashing if a ``collections.deque``
+subclass returns a non-deque from ``__new__``. Patch by Oren Milman.
+
+..
+
+.. bpo: 16865
+.. date: 2017-09-29-16-40-38
+.. nonce: l-f6I_
+.. section: Library
+
+Support arrays >=2GiB in :mod:`ctypes`.  Patch by Segev Finer.
+
+..
+
+.. bpo: 29456
+.. date: 2017-08-24-17-55-39
+.. nonce: XaB3MP
+.. section: Library
+
+Fix bugs in hangul normalization: u1176, u11a7 and u11c3
+
+..
+
+.. bpo: 35035
+.. date: 2018-10-21-02-20-36
+.. nonce: 4zBObK
+.. section: Documentation
+
+Rename documentation for :mod:`email.utils` to ``email.utils.rst``.
+
+..
+
+.. bpo: 34967
+.. date: 2018-10-13-07-39-57
+.. nonce: E40tFP
+.. section: Documentation
+
+Use app.add_object_type() instead of the deprecated Sphinx function
+app.description_unit()
+
+..
+
+.. bpo: 13407
+.. date: 2018-09-29-13-40-06
+.. nonce: BRI-_D
+.. section: Documentation
+
+Add a note to :mod:`bz2` and :mod:`tarfile` stating that handling of
+multi-stream bzip2 files is not supported.
+
+..
+
+.. bpo: 33503
+.. date: 2018-05-14-20-08-58
+.. nonce: Wvt0qg
+.. section: Documentation
+
+Fix broken pypi link
+
+..
+
+.. bpo: 34279
+.. date: 2018-12-12-18-20-18
+.. nonce: DhKcuP
+.. section: Tests
+
+:func:`test.support.run_unittest` no longer raise :exc:`TestDidNotRun` if
+the test result contains skipped tests. The exception is now only raised if
+no test have been run and no test have been skipped.
+
+..
+
+.. bpo: 34279
+.. date: 2018-10-27-13-41-55
+.. nonce: v0Xqxe
+.. section: Tests
+
+regrtest issue a warning when no tests have been executed in a particular
+test file. Also, a new final result state is issued if no test have been
+executed across all test files. Patch by Pablo Galindo.
+
+..
+
+.. bpo: 34661
+.. date: 2018-09-13-09-53-15
+.. nonce: bdTamP
+.. section: Tests
+
+Fix test_shutil if unzip doesn't support -t.
+
+..
+
+.. bpo: 34542
+.. date: 2018-08-29-16-30-52
+.. nonce: 9stVAW
+.. section: Tests
+
+Use 3072 RSA keys and SHA-256 signature for test certs and keys.
+
+..
+
+.. bpo: 34391
+.. date: 2018-08-16-18-48-47
+.. nonce: ouNfxC
+.. section: Tests
+
+Fix ftplib test for TLS 1.3 by reading from data socket.
+
+..
+
+.. bpo: 34399
+.. date: 2018-08-14-10-47-44
+.. nonce: D_jd1G
+.. section: Tests
+
+Update all RSA keys and DH params to use at least 2048 bits.
+
+..
+
+.. bpo: 33901
+.. date: 2018-06-19-14-04-21
+.. nonce: OFW1Sr
+.. section: Tests
+
+Fix test_gdbm on macOS with gdbm 1.15: add a larger value to make sure that
+the file size changes.
+
+..
+
+.. bpo: 33873
+.. date: 2018-06-16-01-37-31
+.. nonce: d86vab
+.. section: Tests
+
+Fix a bug in ``regrtest`` that caused an extra test to run if
+--huntrleaks/-R was used. Exit with error in case that invalid parameters
+are specified to --huntrleaks/-R (at least one warmup run and one repetition
+must be used).
+
+..
+
+.. bpo: 29512
+.. date: 2018-05-30-00-39-57
+.. nonce: EHrDzs
+.. section: Tests
+
+Rename Lib/test/bisect.py to Lib/test/bisect_cmd.py. The old name was in
+conflict with Lib/bisect.py, causing test failures, depending how tests were
+run.
+
+..
+
+.. bpo: 32962
+.. date: 2018-05-10-16-59-15
+.. nonce: S-rcIN
+.. section: Tests
+
+Fixed test_gdb when Python is compiled with flags -mcet -fcf-protection -O0.
+
+..
+
+.. bpo: 33354
+.. date: 2018-04-26-22-39-17
+.. nonce: g35-44
+.. section: Tests
+
+Skip ``test_ssl.test_load_dh_params`` when Python filesystem encoding cannot
+encode the provided path.
+
+..
+
+.. bpo: 19417
+.. date: 2018-01-08-13-33-47
+.. nonce: 2asoXy
+.. section: Tests
+
+Add test_bdb.py.
+
+..
+
+.. bpo: 35139
+.. date: 2018-11-01-15-01-23
+.. nonce: XZTttb
+.. section: Build
+
+Fix a compiler error when statically linking `pyexpat` in `Modules/Setup`.
+
+..
+
+.. bpo: 34710
+.. date: 2018-09-17-13-56-12
+.. nonce: ARqIAK
+.. section: Build
+
+Fixed SSL module build with OpenSSL & pedantic CFLAGS.
+
+..
+
+.. bpo: 33015
+.. date: 2018-08-24-09-48-25
+.. nonce: s21y74
+.. section: Build
+
+Fix an undefined behaviour in the pthread implementation of
+:c:func:`PyThread_start_new_thread`: add a function wrapper to always return
+``NULL``.
+
+..
+
+.. bpo: 30345
+.. date: 2018-06-15-18-18-16
+.. nonce: j-xRE1
+.. section: Build
+
+Add -g to LDFLAGS when compiling with LTO to get debug symbols.
+
+..
+
+.. bpo: 35401
+.. date: 2018-12-10-15-01-13
+.. nonce: 9L1onG
+.. section: Windows
+
+Updates Windows build to OpenSSL 1.0.2q
+
+..
+
+.. bpo: 34603
+.. date: 2018-09-13-08-29-04
+.. nonce: 2AB7sc
+.. section: Windows
+
+Fix returning structs from functions produced by MSVC
+
+..
+
+.. bpo: 33711
+.. date: 2018-06-24-12-09-23
+.. nonce: LpO0s1
+.. section: Windows
+
+Fixed licence generation error when building the installer.
+
+..
+
+.. bpo: 15663
+.. date: 2018-12-11-02-50-35
+.. nonce: 6tnyd2
+.. section: macOS
+
+The macOS 10.6+ installer now provides a private copy of Tcl/Tk 8.6, like
+the 10.9+ installer does.
+
+..
+
+.. bpo: 35401
+.. date: 2018-12-10-02-37-11
+.. nonce: sFhD5z
+.. section: macOS
+
+Update macOS installer to use OpenSSL 1.0.2q.
+
+..
+
+.. bpo: 34405
+.. date: 2018-09-11-08-47-50
+.. nonce: f1-fT5
+.. section: macOS
+
+Update to OpenSSL 1.0.2p for macOS installer builds.
+
+..
+
+.. bpo: 34275
+.. date: 2018-08-02-22-16-42
+.. nonce: Iu0d7t
+.. section: IDLE
+
+Make IDLE calltips always visible on Mac. Some MacOS-tk combinations need
+.update_idletasks(). Patch by Kevin Walzer.
+
+..
+
+.. bpo: 34120
+.. date: 2018-08-01-23-25-38
+.. nonce: HgsIz-
+.. section: IDLE
+
+Fix unresponsiveness after closing certain windows and dialogs.
+
+..
+
+.. bpo: 33856
+.. date: 2018-06-16-21-54-45
+.. nonce: TH8WHU
+.. section: IDLE
+
+Add "help" in the welcome message of IDLE
+
+..
+
+.. bpo: 31500
+.. date: 2017-09-18-10-43-03
+.. nonce: Y_YDxA
+.. section: IDLE
+
+Default fonts now are scaled on HiDPI displays.
+
+..
+
+.. bpo: 34989
+.. date: 2018-10-15-13-22-28
+.. nonce: hU4fra
+.. section: Tools/Demos
+
+python-gdb.py now handles errors on computing the line number of a Python
+frame.
+
+..
+
+.. bpo: 34500
+.. date: 2018-08-25-17-13-24
+.. nonce: Edz41x
+.. section: Tools/Demos
+
+Fix 2 ResourceWarning in difflib.py. Patch by Mickaël Schoentgen.
+
+..
+
+.. bpo: 29367
+.. date: 2018-06-15-23-07-50
+.. nonce: 52w9Uq
+.. section: Tools/Demos
+
+python-gdb.py now supports also method-wrapper (wrapperobject) objects.
+
+..
+
+.. bpo: 32962
+.. date: 2018-06-14-16-23-07
+.. nonce: Q3Dwns
+.. section: Tools/Demos
+
+python-gdb now catchs ``UnicodeDecodeError`` exceptions when calling
+``string()``.
+
+..
+
+.. bpo: 32962
+.. date: 2018-06-14-16-16-53
+.. nonce: 2YfdwI
+.. section: Tools/Demos
+
+python-gdb now catchs ValueError on read_var(): when Python has no debug
+symbols for example.
+
+..
+
+.. bpo: 33817
+.. date: 2019-01-11-11-16-36
+.. nonce: qyYxjw
+.. section: C API
+
+Fixed :c:func:`_PyString_Resize` and :c:func:`_PyUnicode_Resize` for empty
+strings. This fixed also :c:func:`PyString_FromFormat` and
+:c:func:`PyUnicode_FromFormat` when they return an empty string (e.g.
+``PyString_FromFormat("%s", "")``).
+
+..
+
+.. bpo: 34229
+.. date: 2018-07-26-12-24-29
+.. nonce: SupCZK
+.. section: C API
+
+Check start and stop of slice object to be long when they are not int in
+:c:func:`PySlice_GetIndices`.
+
+..
+
+.. bpo: 23927
+.. date: 2018-07-09-11-39-54
+.. nonce: pDFkxb
+.. section: C API
+
+Fixed :exc:`SystemError` in :c:func:`PyArg_ParseTupleAndKeywords` when the
+``w*`` format unit is used for optional parameter.

Misc/NEWS.d/next/Build/2018-06-15-18-18-16.bpo-30345.j-xRE1.rst

-Add -g to LDFLAGS when compiling with LTO to get debug symbols.

Misc/NEWS.d/next/Build/2018-08-24-09-48-25.bpo-33015.s21y74.rst

-Fix an undefined behaviour in the pthread implementation of
-:c:func:`PyThread_start_new_thread`: add a function wrapper to always return
-``NULL``.

Misc/NEWS.d/next/Build/2018-09-17-13-56-12.bpo-34710.ARqIAK.rst

-Fixed SSL module build with OpenSSL & pedantic CFLAGS.

Misc/NEWS.d/next/Build/2018-11-01-15-01-23.bpo-35139.XZTttb.rst

-Fix a compiler error when statically linking `pyexpat` in `Modules/Setup`.

Misc/NEWS.d/next/C API/2018-07-09-11-39-54.bpo-23927.pDFkxb.rst

-Fixed :exc:`SystemError` in :c:func:`PyArg_ParseTupleAndKeywords` when the
-``w*`` format unit is used for optional parameter.

Misc/NEWS.d/next/C API/2018-07-26-12-24-29.bpo-34229.SupCZK.rst

-Check start and stop of slice object to be long when they are not int in
-:c:func:`PySlice_GetIndices`.

Misc/NEWS.d/next/C API/2019-01-11-11-16-36.bpo-33817.qyYxjw.rst

-Fixed :c:func:`_PyString_Resize` and :c:func:`_PyUnicode_Resize` for empty
-strings. This fixed also :c:func:`PyString_FromFormat` and
-:c:func:`PyUnicode_FromFormat` when they return an empty string (e.g.
-``PyString_FromFormat("%s", "")``).

Misc/NEWS.d/next/Core and Builtins/2017-10-07-10-13-15.bpo-25862.FPYBA5.rst

-Fix assertion failures in the ``tell()`` method of ``io.TextIOWrapper``.
-Patch by Zackery Spytz.

Misc/NEWS.d/next/Core and Builtins/2018-03-14-21-42-17.bpo-25750.lxgkQz.rst

-Fix rare Python crash due to bad refcounting in ``type_getattro()`` if a
-descriptor deletes itself from the class. Patch by Jeroen Demeyer.

Misc/NEWS.d/next/Core and Builtins/2018-05-02-08-36-03.bpo-33391.z4a7rb.rst

-Fix a leak in set_symmetric_difference().

Misc/NEWS.d/next/Core and Builtins/2018-05-23-20-46-14.bpo-33622.xPucO9.rst

-Fixed a leak when the garbage collector fails to add an object with the
-``__del__`` method or referenced by it into the :data:`gc.garbage` list.
-:c:func:`PyGC_Collect` can now be called when an exception is set and
-preserves it.

Misc/NEWS.d/next/Core and Builtins/2018-05-25-18-20-04.bpo-33645.GYGIPH.rst

-Fixed an "unknown parsing error" on parsing the "<>" operator when run
-Python with both options ``-3`` and ``-We``.

Misc/NEWS.d/next/Core and Builtins/2018-05-28-12-28-53.bpo-30654.9fDJye.rst

-Fixed reset of the SIGINT handler to SIG_DFL on interpreter shutdown even
-when there was a custom handler set previously. Patch by Philipp Kerling.

Misc/NEWS.d/next/Core and Builtins/2018-06-25-20-42-44.bpo-33956.1qoTwD.rst

-Update vendored Expat library copy to version 2.2.5.

Misc/NEWS.d/next/Core and Builtins/2018-07-10-11-24-16.bpo-34080.8t7PtO.rst

-Fixed a memory leak in the compiler when it raised some uncommon errors
-during tokenizing.

Misc/NEWS.d/next/Core and Builtins/2018-07-14-08-58-46.bpo-34068.9xfM55.rst

-In :meth:`io.IOBase.close`, ensure that the :attr:`~io.IOBase.closed`
-attribute is not set with a live exception.  Patch by Zackery Spytz and Serhiy
-Storchaka.

Misc/NEWS.d/next/Core and Builtins/2018-07-18-23-40-32.bpo-25943.Zgf99y.rst

-Fix potential heap corruption in the :mod:`bsddb` module.  Patch by Zackery
-Spytz.

Misc/NEWS.d/next/Core and Builtins/2018-07-25-22-47-19.bpo-25083.HT_hXh.rst

-Adding I/O error checking when reading .py files and aborting importing on
-error.

Misc/NEWS.d/next/Core and Builtins/2018-08-14-03-52-43.bpo-34400.AJD0bz.rst

-Fix undefined behavior in parsetok.c.  Patch by Zackery Spytz.

Misc/NEWS.d/next/Core and Builtins/2018-08-23-21-32-27.bpo-18560.5q_c1C.rst

-Fix potential NULL pointer dereference in sum().

Misc/NEWS.d/next/Core and Builtins/2018-09-17-04-41-42.bpo-22851.0hsJPh.rst

-Fix a segfault when accessing ``generator.gi_frame.f_restricted`` when the
-generator is exhausted.  Patch by Zackery Spytz.

Misc/NEWS.d/next/Core and Builtins/2018-10-13-22-24-19.bpo-34974.7LgTc2.rst

-The :class:`bytearray` constructor no longer convert
-unexpected exceptions (e.g. :exc:`MemoryError` and :exc:`KeyboardInterrupt`)
-to :exc:`TypeError`.

Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst

-Fixed an out of bounds memory access when parsing a truncated unicode escape
-sequence at the end of a string such as ``u'\N'``.  It would read one byte
-beyond the end of the memory allocation.

Misc/NEWS.d/next/Core and Builtins/2018-11-30-17-50-28.bpo-35368.DNaDao.rst

-:c:func:`PyMem_Malloc` is now also thread-safe in debug mode.

Misc/NEWS.d/next/Core and Builtins/2018-12-15-14-01-45.bpo-35504.JtKczP.rst

-Fix segfaults and :exc:`SystemError`\ s when deleting certain attributes.
-Patch by Zackery Spytz.

Misc/NEWS.d/next/Core and Builtins/2018-12-21-13-29-30.bpo-35552.1DzQQc.rst

-Format character ``%s`` in :c:func:`PyString_FromFormat` no longer read
-memory past the limit if *precision* is specified.

Misc/NEWS.d/next/Documentation/2018-05-14-20-08-58.bpo-33503.Wvt0qg.rst

-Fix broken pypi link

Misc/NEWS.d/next/Documentation/2018-09-29-13-40-06.bpo-13407.BRI-_D.rst

-Add a note to :mod:`bz2` and :mod:`tarfile` stating that handling of
-multi-stream bzip2 files is not supported.

Misc/NEWS.d/next/Documentation/2018-10-13-07-39-57.bpo-34967.E40tFP.rst

-Use app.add_object_type() instead of the deprecated Sphinx function
-app.description_unit()

Misc/NEWS.d/next/Documentation/2018-10-21-02-20-36.bpo-35035.4zBObK.rst

-Rename documentation for :mod:`email.utils` to ``email.utils.rst``.

Misc/NEWS.d/next/IDLE/2017-09-18-10-43-03.bpo-31500.Y_YDxA.rst

-Default fonts now are scaled on HiDPI displays.

Misc/NEWS.d/next/IDLE/2018-06-16-21-54-45.bpo-33856.TH8WHU.rst

-Add "help" in the welcome message of IDLE

Misc/NEWS.d/next/IDLE/2018-08-01-23-25-38.bpo-34120.HgsIz-.rst

-Fix unresponsiveness after closing certain windows and dialogs.
\ No newline at end of file

Misc/NEWS.d/next/IDLE/2018-08-02-22-16-42.bpo-34275.Iu0d7t.rst

-Make IDLE calltips always visible on Mac. Some MacOS-tk combinations need
-.update_idletasks(). Patch by Kevin Walzer.

Misc/NEWS.d/next/Library/2017-08-24-17-55-39.bpo-29456.XaB3MP.rst

-Fix bugs in hangul normalization: u1176, u11a7 and u11c3

Misc/NEWS.d/next/Library/2017-09-29-16-40-38.bpo-16865.l-f6I_.rst

-Support arrays >=2GiB in :mod:`ctypes`.  Patch by Segev Finer.

Misc/NEWS.d/next/Library/2017-10-29-10-37-55.bpo-31608.wkp8Nw.rst

-Raise a ``TypeError`` instead of crashing if a ``collections.deque`` subclass
-returns a non-deque from ``__new__``. Patch by Oren Milman.

Misc/NEWS.d/next/Library/2018-01-20-17-15-34.bpo-32502.OXJfn7.rst

-uuid.uuid1 no longer raises an exception if a 64-bit hardware address is
-encountered.

Misc/NEWS.d/next/Library/2018-02-16-14-37-14.bpo-32857.-XljAx.rst

-In :mod:`tkinter`, ``after_cancel(None)`` now raises a :exc:`ValueError` instead of canceling the first scheduled function.  Patch by Cheryl Sabella.

Misc/NEWS.d/next/Library/2018-03-10-20-14-36.bpo-33038.yA6CP5.rst

-gzip.GzipFile no longer produces an AttributeError exception when used with
-a file object with a non-string name attribute. Patch by Bo Bayles.

Misc/NEWS.d/next/Library/2018-04-02-20-44-54.bpo-32861.HeBjzN.rst

-The urllib.robotparser's ``__str__`` representation now includes wildcard
-entries and the "Crawl-delay" and "Request-rate" fields. Patch by
-Michael Lazar.

Misc/NEWS.d/next/Library/2018-04-10-20-57-14.bpo-33256.ndHkqu.rst

-Fix display of ``<module>`` call in the html produced by ``cgitb.html()``. Patch by Stéphane Blondon.

Misc/NEWS.d/next/Library/2018-04-18-19-12-25.bpo-33308.fW75xi.rst

-Fixed a crash in the :mod:`parser` module when converting an ST object to a
-tree of tuples or lists with ``line_info=False`` and ``col_info=True``.

Misc/NEWS.d/next/Library/2018-04-20-10-43-17.bpo-33131.L2E977.rst

-Upgrade bundled version of pip to 10.0.1.

Misc/NEWS.d/next/Library/2018-04-25-22-41-04.bpo-33359.Nr4CzK.rst

-Fix running ``python -m curses.has_key``.

Misc/NEWS.d/next/Library/2018-04-27-22-18-38.bpo-33336.T8rxn0.rst

-``imaplib`` now allows ``MOVE`` command in ``IMAP4.uid()`` (RFC 
-6851: IMAP MOVE Extension) and potentially as a name of supported 
-method of ``IMAP4`` object.

Misc/NEWS.d/next/Library/2018-05-05-09-53-05.bpo-33422.4FtQ0q.rst

-Fix trailing quotation marks getting deleted when looking up byte/string
-literals on pydoc. Patch by Andrés Delfino.

Misc/NEWS.d/next/Library/2018-05-05-18-02-24.bpo-20087.lJrvXL.rst

-Updated alias mapping with glibc 2.27 supported locales.

Misc/NEWS.d/next/Library/2018-05-08-08-03-34.bpo-33096.0hsFhL.rst

-Removed unintentionally backported from Python 3 Tkinter files.

Misc/NEWS.d/next/Library/2018-05-16-09-30-27.bpo-33542.idNAcs.rst

-Prevent ``uuid.get_node`` from using a DUID instead of a MAC on Windows.
-Patch by Zvi Effron

Misc/NEWS.d/next/Library/2018-05-18-21-50-47.bpo-33570.7CZy4t.rst

-Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
-1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
-default.

Misc/NEWS.d/next/Library/2018-05-23-00-26-27.bpo-11874.glK5iP.rst

-Use a better regex when breaking usage into wrappable parts. Avoids bogus
-assertion errors from custom metavar strings.

Misc/NEWS.d/next/Library/2018-06-03-22-41-59.bpo-33767.2e82g3.rst

-The concatenation (``+``) and repetition (``*``) sequence operations now
-raise :exc:`TypeError` instead of :exc:`SystemError` when performed on
-:class:`mmap.mmap` objects.  Patch by Zackery Spytz.

Misc/NEWS.d/next/Library/2018-06-13-20-33-29.bpo-26544.hQ1oMt.rst

-Fixed implementation of :func:`platform.libc_ver`. It almost always returned
-version '2.9' for glibc.

Misc/NEWS.d/next/Library/2018-06-28-14-56-44.bpo-33974.SA8nNP.rst

-Fixed passing lists and tuples of strings containing special characters
-``"``, ``\``, ``{``, ``}`` and ``\n`` as options to :mod:`~tkinter.ttk`
-widgets.

Misc/NEWS.d/next/Library/2018-07-02-05-59-11.bpo-34019.ZXJIife.rst

-webbrowser: Correct the arguments passed to Opera Browser when opening a new URL
-using the ``webbrowser`` module. Patch by Bumsik Kim.

Misc/NEWS.d/next/Library/2018-07-24-16-37-40.bpo-34052.VbbFAE.rst

-:meth:`sqlite3.Connection.create_aggregate`,
-:meth:`sqlite3.Connection.create_function`,
-:meth:`sqlite3.Connection.set_authorizer`,
-:meth:`sqlite3.Connection.set_progress_handler` methods raises TypeError
-when unhashable objects are passed as callable. These methods now don't pass
-such objects to SQLite API. Previous behavior could lead to segfaults. Patch
-by Sergey Fedoseev.

Misc/NEWS.d/next/Library/2018-08-06-11-01-18.bpo-34341.E0b9p2.rst

-Appending to the ZIP archive with the ZIP64 extension no longer grows the
-size of extra fields of existing entries.

Misc/NEWS.d/next/Library/2018-08-14-08-57-01.bpo-32947.mqStVW.rst

-Add OP_ENABLE_MIDDLEBOX_COMPAT and test workaround for TLSv1.3 for future
-compatibility with OpenSSL 1.1.1.

Misc/NEWS.d/next/Library/2018-08-15-16-22-30.bpo-31715.Iw8jS8.rst

-Associate ``.mjs`` file extension with ``application/javascript`` MIME Type.

Misc/NEWS.d/next/Library/2018-08-22-17-43-52.bpo-6700.hp7C4B.rst

-Fix inspect.getsourcelines for module level frames/tracebacks.
-Patch by Vladimir Matveev.

Misc/NEWS.d/next/Library/2018-08-23-09-25-08.bpo-34472.cGyYrO.rst

-Improved compatibility for streamed files in :mod:`zipfile`. Previously an
-optional signature was not being written and certain ZIP applications were
-not supported. Patch by Silas Sewell.

Misc/NEWS.d/next/Library/2018-09-03-23-23-32.bpo-34530.h_Xsu7.rst

-``distutils.spawn.find_executable()`` now falls back on :data:`os.defpath`
-if the ``PATH`` environment variable is not set.

Misc/NEWS.d/next/Library/2018-09-08-12-57-07.bpo-34610.wmoP5j.rst

-Fixed iterator of :class:`multiprocessing.managers.DictProxy`.

Misc/NEWS.d/next/Library/2018-09-10-17-46-51.bpo-34625.D2YfDz.rst

-Update vendorized expat library version to 2.2.6.

Misc/NEWS.d/next/Library/2018-09-12-14-46-51.bpo-34652.Rt1m1b.rst

-Ensure :func:`os.lchmod` is never defined on Linux.

Misc/NEWS.d/next/Library/2018-09-19-16-51-04.bpo-34738.Pr3-iG.rst

-ZIP files created by :mod:`distutils` will now include entries for
-directories.

Misc/NEWS.d/next/Library/2018-10-03-11-07-28.bpo-34866.ML6KpJ.rst

-Adding ``max_num_fields`` to ``cgi.FieldStorage`` to make DOS attacks harder by
-limiting the number of ``MiniFieldStorage`` objects created by ``FieldStorage``.

Misc/NEWS.d/next/Library/2018-10-08-21-05-11.bpo-34936.3tRqdq.rst

-Fix ``TclError`` in ``tkinter.Spinbox.selection_element()``. Patch by
-Juliette Monsel.

Misc/NEWS.d/next/Library/2018-10-12-20-30-42.bpo-16965.xo5LAr.rst

-The :term:`2to3` :2to3fixer:`execfile` fixer now opens the file with mode
-``'rb'``.  Patch by Zackery Spytz.

Misc/NEWS.d/next/Library/2018-10-17-11-00-00.bpo-23420.Lq74Uu.rst

-Verify the value for the parameter '-s' of the cProfile CLI. Patch by Robert
-Kuska

Misc/NEWS.d/next/Library/2018-10-21-14-53-19.bpo-34794.yt3R4-.rst

-Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to
-Tcl/Tk.

Misc/NEWS.d/next/Library/2018-10-26-00-11-21.bpo-35017.6Ez4Cv.rst

-:meth:`socketserver.BaseServer.serve_forever` now exits immediately if it's
-:meth:`~socketserver.BaseServer.shutdown` method is called while it is
-polling for new events.

Misc/NEWS.d/next/Library/2018-10-26-22-53-16.bpo-35079.Tm5jvF.rst

-Improve difflib.SequenceManager.get_matching_blocks doc by adding 'non-
-overlapping' and changing '!=' to '<'.

Misc/NEWS.d/next/Library/2018-10-29-23-09-24.bpo-35062.dQS1ng.rst

-Fix incorrect parsing of :class:`_io.IncrementalNewlineDecoder`'s
-*translate* argument.

Misc/NEWS.d/next/Library/2018-11-19-07-22-04.bpo-35277.dsD-2E.rst

-Update ensurepip to install pip 18.1 and setuptools 40.6.2.

Misc/NEWS.d/next/Library/2018-11-22-15-22-56.bpo-24746.eSLKBE.rst

-Avoid stripping trailing whitespace in doctest fancy diff. Orignial patch by
-R. David Murray & Jairo Trad. Enhanced by Sanyam Khurana.

Misc/NEWS.d/next/Library/2018-12-05-13-37-39.bpo-10496.VH-1Lp.rst

-:func:`posixpath.expanduser` now returns the input *path* unchanged if the
-``HOME`` environment variable is not set and the current user has no home
-directory (if the current user identifier doesn't exist in the password
-database). This change fix the :mod:`site` module if the current user doesn't
-exist in the password database (if the user has no home directory).

Misc/NEWS.d/next/Library/2018-12-05-17-42-49.bpo-10496.laV_IE.rst

-:func:`~distutils.utils.check_environ` of :mod:`distutils.utils` now catchs
-:exc:`KeyError` on calling :func:`pwd.getpwuid`: don't create the ``HOME``
-environment variable in this case.

Misc/NEWS.d/next/Library/2018-12-10-09-48-27.bpo-35052.xE1ymg.rst

-Fix xml.dom.minidom cloneNode() on a document with an entity: pass the
-correct arguments to the user data handler of an entity.

Misc/NEWS.d/next/Library/2018-12-12-09-59-41.bpo-8765.IFupT2.rst

-The write() method of buffered and unbuffered binary streams in the io
-module emits now a DeprecationWarning in Py3k mode for unicode argument.

Misc/NEWS.d/next/Security/2018-08-15-12-14-03.bpo-34405.R4IZGw.rst

-Updated to OpenSSL 1.0.2p for Windows builds.
\ No newline at end of file

Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst

-When ``shutil.make_archive`` falls back to the external ``zip`` problem, it
-uses :mod:`subprocess` to invoke it rather than :mod:`distutils.spawn`. This
-closes a possible shell injection vector.

Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst

-CVE-2018-14647: The C accelerated _elementtree module now initializes hash
-randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.

Misc/NEWS.d/next/Security/2018-09-24-18-49-25.bpo-34791.78GmIG.rst

-The xml.sax and xml.dom.domreg no longer use environment variables to
-override parser implementations when sys.flags.ignore_environment is set by
--E or -I arguments.

Misc/NEWS.d/next/Security/2018-11-20-16-50-03.bpo-28043.qOoOqW.rst

-SSLContext has improved default settings: OP_NO_SSLv2, OP_NO_SSLv3,
-OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE,
-OP_SINGLE_ECDH_USE and HIGH ciphers without MD5.

Misc/NEWS.d/next/Security/2018-12-11-16-00-57.bpo-16039.PCj2n4.rst

-CVE-2013-1752: Change use of ``readline()`` in :class:`imaplib.IMAP4_SSL` to
-limit line length.

Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst

-[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
-not handle CRL distribution points with empty DP or URI correctly. A
-malicious or buggy certificate can result into segfault. Vulnerability
-(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.

Misc/NEWS.d/next/Tests/2018-01-08-13-33-47.bpo-19417.2asoXy.rst

-Add test_bdb.py.

Misc/NEWS.d/next/Tests/2018-04-26-22-39-17.bpo-33354.g35-44.rst

-Skip ``test_ssl.test_load_dh_params`` when Python filesystem encoding cannot encode the
-provided path.

Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst

-Fixed test_gdb when Python is compiled with flags -mcet -fcf-protection -O0.

Misc/NEWS.d/next/Tests/2018-05-30-00-39-57.bpo-29512.EHrDzs.rst

-Rename Lib/test/bisect.py to Lib/test/bisect_cmd.py. The old name was in
-conflict with Lib/bisect.py, causing test failures, depending how tests
-were run.

Misc/NEWS.d/next/Tests/2018-06-16-01-37-31.bpo-33873.d86vab.rst

-Fix a bug in ``regrtest`` that caused an extra test to run if
---huntrleaks/-R was used. Exit with error in case that invalid
-parameters are specified to --huntrleaks/-R (at least one warmup
-run and one repetition must be used).

Misc/NEWS.d/next/Tests/2018-06-19-14-04-21.bpo-33901.OFW1Sr.rst

-Fix test_gdbm on macOS with gdbm 1.15: add a larger value to make sure that
-the file size changes.

Misc/NEWS.d/next/Tests/2018-08-14-10-47-44.bpo-34399.D_jd1G.rst

-Update all RSA keys and DH params to use at least 2048 bits.

Misc/NEWS.d/next/Tests/2018-08-16-18-48-47.bpo-34391.ouNfxC.rst

-Fix ftplib test for TLS 1.3 by reading from data socket.

Misc/NEWS.d/next/Tests/2018-08-29-16-30-52.bpo-34542.9stVAW.rst

-Use 3072 RSA keys and SHA-256 signature for test certs and keys.

Misc/NEWS.d/next/Tests/2018-09-13-09-53-15.bpo-34661.bdTamP.rst

-Fix test_shutil if unzip doesn't support -t.

Misc/NEWS.d/next/Tests/2018-10-27-13-41-55.bpo-34279.v0Xqxe.rst

-regrtest issue a warning when no tests have been executed in a particular
-test file. Also, a new final result state is issued if no test have been
-executed across all test files. Patch by Pablo Galindo.

Misc/NEWS.d/next/Tests/2018-12-12-18-20-18.bpo-34279.DhKcuP.rst

-:func:`test.support.run_unittest` no longer raise :exc:`TestDidNotRun` if
-the test result contains skipped tests. The exception is now only raised if
-no test have been run and no test have been skipped.

Misc/NEWS.d/next/Tools-Demos/2018-06-14-16-16-53.bpo-32962.2YfdwI.rst

-python-gdb now catchs ValueError on read_var(): when Python has no debug
-symbols for example.

Misc/NEWS.d/next/Tools-Demos/2018-06-14-16-23-07.bpo-32962.Q3Dwns.rst

-python-gdb now catchs ``UnicodeDecodeError`` exceptions when calling
-``string()``.

Misc/NEWS.d/next/Tools-Demos/2018-06-15-23-07-50.bpo-29367.52w9Uq.rst

-python-gdb.py now supports also method-wrapper (wrapperobject) objects.

Misc/NEWS.d/next/Tools-Demos/2018-08-25-17-13-24.bpo-34500.Edz41x.rst

-Fix 2 ResourceWarning in difflib.py. Patch by Mickaël Schoentgen.

Misc/NEWS.d/next/Tools-Demos/2018-10-15-13-22-28.bpo-34989.hU4fra.rst

-python-gdb.py now handles errors on computing the line number of a Python
-frame.

Misc/NEWS.d/next/Windows/2018-06-24-12-09-23.bpo-33711.LpO0s1.rst

-Fixed licence generation error when building the installer.

Misc/NEWS.d/next/Windows/2018-09-13-08-29-04.bpo-34603.2AB7sc.rst

-Fix returning structs from functions produced by MSVC

Misc/NEWS.d/next/Windows/2018-12-10-15-01-13.bpo-35401.9L1onG.rst

-Updates Windows build to OpenSSL 1.0.2q

Misc/NEWS.d/next/macOS/2018-09-11-08-47-50.bpo-34405.f1-fT5.rst

-Update to OpenSSL 1.0.2p for macOS installer builds.

Misc/NEWS.d/next/macOS/2018-12-10-02-37-11.bpo-35401.sFhD5z.rst

-Update macOS installer to use OpenSSL 1.0.2q.

Misc/NEWS.d/next/macOS/2018-12-11-02-50-35.bpo-15663.6tnyd2.rst

-The macOS 10.6+ installer now provides a private copy of Tcl/Tk 8.6, like
-the 10.9+ installer does.