he didn't know this), so merged in some changes I made during
review.  Nothing material apart from changing a new `mask` local
from int to Py_ssize_t.  Mostly this is repairing comments that
were made incorrect, and adding new comments.  Also a few
minor code rewrites for clarity or helpful succinctness.

but disabled then because str and unicode strings gave different
results.  The implementations were repaired later during the
sprint, but the new test remained disabled.

[ 1456209 ] dictresize() vulnerability ( <- backport candidate ).

about extra semi-colons.  It may have been the HP C compiler.
This file will trigger a bunch of those warnings now.

loops here).  Assert that size_t is actually big enough, and
that f->size is at least one.  Wrap a long line.

SimpleXMLRPCServer and DocXMLRPCServer don't look at
the path of the HTTP request at all; you can POST or
GET from / or /RPC2 or /blahblahblah with the same results.
Security scanners that look for /cgi-bin/phf will therefore report
lots of vulnerabilities.

Fix: add a .rpc_paths attribute to the SimpleXMLRPCServer class,
and report a 404 error if the path isn't on the allowed list.

Possibly-controversial aspect of this change: the default makes only
'/' and '/RPC2' legal.  Maybe this will break people's applications
(though I doubt it).  We could just set the default to an empty tuple,
which would exactly match the current behaviour.

Fixup the PCBuild8 project directory.  exceptions.c have moved to Objects, and the functionalmodule.c has been replaced with _functoolsmodule.c.  Other minor changes to .vcproj files and .sln to fix compilation

compatible with that.

since the deprecation warning wouldn't be raised.

values cannot be inferred.

Closes bug #1496315.

a new comment) suggests there are almost certainly large input
integers in all non-binary input bases for which one Python digit
too few is initally allocated to hold the final result.  Instead
of assert-failing when that happens, allocate more space.  Alas,
I estimate it would take a few days to find a specific such case,
so this isn't backed up by a new test (not to mention that such
a case may take hours to run, since conversion time is quadratic
in the number of digits, and preliminary attempts suggested that
the smallest such inputs contain at least a million digits).

subclasses of Exception can be supplied keyword args

I'm not sure this is the best approach, but I can't think of anything better.
If this creates problems, feel free to revert, but I think it's safe and
should make things a little better.

our lives taking turns rewriting code that works ;-),
get rid of casting illusions by declaring a new variable
with the obvious type.

from a (possibly) wider variable.