.. bpo: 30730 .. date: 084 .. nonce: rJsyTH .. original section: Library .. release date: 2017-07-23 .. section: Security Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments. .. .. bpo: 30694 .. date: 083 .. nonce: WkMWM_ .. original section: Library .. section: Security Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: :cve:`2017-9233` (External entity infinite loop DoS), :cve:`2016-9063` (Integer overflow, re-fix), :cve:`2016-0718` (Fix regression bugs from 2.2.0's fix to :cve:`2016-0718`) and :cve:`2012-0876` (Counter hash flooding with SipHash). Note: the :cve:`2016-5300` (Use os-specific entropy sources like getrandom) doesn't impact Python, since Python already gets entropy from the OS to set the expat secret using ``XML_SetHashSalt()``. .. .. bpo: 30500 .. date: 081 .. nonce: 1VG7R- .. original section: Library .. section: Security Fix urllib.parse.splithost() to correctly parse fragments. For example, ``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the ``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an authentication (``login@host``). .. .. bpo: 29591 .. date: 076 .. nonce: ExKblw .. original section: Library .. section: Security Update expat copy from 2.1.1 to 2.2.0 to get fixes of :cve:`2016-0718` and :cve:`2016-4472`. See https://sourceforge.net/p/expat/bugs/537/ for more information. .. .. bpo: 30876 .. date: 2017-07-11-06-31-32 .. nonce: x35jZX .. section: Core and Builtins Relative import from unloaded package now reimports the package instead of failing with SystemError. Relative import from non-package now fails with ImportError rather than SystemError. .. .. bpo: 30765 .. date: 2017-06-26-14-29-50 .. nonce: Q5iBmf .. section: Core and Builtins Avoid blocking in pthread_mutex_lock() when PyThread_acquire_lock() is asked not to block. .. .. bpo: 27945 .. date: 100 .. nonce: p29r3O .. section: Core and Builtins Fixed various segfaults with dict when input collections are mutated during searching, inserting or comparing. Based on patches by Duane Griffin and Tim Mitchell. .. .. bpo: 25794 .. date: 099 .. nonce: xfPwqm .. section: Core and Builtins Fixed type.__setattr__() and type.__delattr__() for non-interned attribute names. Based on patch by Eryk Sun. .. .. bpo: 29935 .. date: 098 .. nonce: vgjdJo .. section: Core and Builtins Fixed error messages in the index() method of tuple, list and deque when pass indices of wrong type. .. .. bpo: 28876 .. date: 097 .. nonce: cU-sGT .. section: Core and Builtins ``bool(range)`` works even if ``len(range)`` raises :exc:`OverflowError`. .. .. bpo: 29600 .. date: 096 .. nonce: 77wQ6C .. section: Core and Builtins Fix wrapping coroutine return values in StopIteration. .. .. bpo: 29537 .. date: 095 .. nonce: lu1ysY .. section: Core and Builtins Restore runtime compatibility with bytecode files generated by CPython 3.5.0 to 3.5.2, and adjust the eval loop to avoid the problems that could be caused by the malformed variant of the BUILD_MAP_UNPACK_WITH_CALL opcode that they may contain. Patch by Petr Viktorin, Serhiy Storchaka, and Nick Coghlan. .. .. bpo: 28598 .. date: 094 .. nonce: QxbzQn .. section: Core and Builtins Support __rmod__ for subclasses of str being called before str.__mod__. Patch by Martijn Pieters. .. .. bpo: 29602 .. date: 093 .. nonce: qyyskC .. section: Core and Builtins Fix incorrect handling of signed zeros in complex constructor for complex subclasses and for inputs having a __complex__ method. Patch by Serhiy Storchaka. .. .. bpo: 29347 .. date: 092 .. nonce: 1RPPGN .. section: Core and Builtins Fixed possibly dereferencing undefined pointers when creating weakref objects. .. .. bpo: 29438 .. date: 091 .. nonce: IKxD6I .. section: Core and Builtins Fixed use-after-free problem in key sharing dict. .. .. bpo: 29319 .. date: 090 .. nonce: KLDUZf .. section: Core and Builtins Prevent RunMainFromImporter overwriting sys.path[0]. .. .. bpo: 29337 .. date: 089 .. nonce: bjX8AE .. section: Core and Builtins Fixed possible BytesWarning when compare the code objects. Warnings could be emitted at compile time. .. .. bpo: 29478 .. date: 088 .. nonce: rTQ-qy .. section: Core and Builtins If max_line_length=None is specified while using the Compat32 policy, it is no longer ignored. Patch by Mircea Cosbuc. .. .. bpo: 29403 .. date: 2017-07-20-02-29-49 .. nonce: 3RinCV .. section: Library Fix ``unittest.mock``'s autospec to not fail on method-bound builtin functions. Patch by Aaron Gallagher. .. .. bpo: 30961 .. date: 2017-07-18-23-47-51 .. nonce: 064jz0 .. section: Library Fix decrementing a borrowed reference in tracemalloc. .. .. bpo: 30886 .. date: 2017-07-10-12-14-22 .. nonce: nqQj34 .. section: Library Fix multiprocessing.Queue.join_thread(): it now waits until the thread completes, even if the thread was started by the same process which created the queue. .. .. bpo: 29854 .. date: 2017-07-07-02-18-57 .. nonce: J8wKb_ .. section: Library Fix segfault in readline when using readline's history-size option. Patch by Nir Soffer. .. .. bpo: 30807 .. date: 2017-06-29-22-04-44 .. nonce: sLtjY- .. section: Library signal.setitimer() may disable the timer when passed a tiny value. Tiny values (such as 1e-6) are valid non-zero values for setitimer(), which is specified as taking microsecond-resolution intervals. However, on some platform, our conversion routine could convert 1e-6 into a zero interval, therefore disabling the timer instead of (re-)scheduling it. .. .. bpo: 30441 .. date: 2017-06-29-14-25-14 .. nonce: 3Wh9kc .. section: Library Fix bug when modifying os.environ while iterating over it .. .. bpo: 30532 .. date: 2017-06-26-11-01-59 .. nonce: qTeL1o .. section: Library Fix email header value parser dropping folding white space in certain cases. .. .. bpo: 29169 .. date: 087 .. nonce: 8ypApm .. section: Library Update zlib to 1.2.11. .. .. bpo: 30879 .. date: 086 .. nonce: N3KI-o .. section: Library os.listdir() and os.scandir() now emit bytes names when called with bytes-like argument. .. .. bpo: 30746 .. date: 085 .. nonce: 7drQI0 .. section: Library Prohibited the '=' character in environment variable names in ``os.putenv()`` and ``os.spawn*()``. .. .. bpo: 29755 .. date: 082 .. nonce: diQcY_ .. section: Library Fixed the lgettext() family of functions in the gettext module. They now always return bytes. .. .. bpo: 30645 .. date: 080 .. nonce: oYzbbW .. section: Library Fix path calculation in imp.load_package(), fixing it for cases when a package is only shipped with bytecodes. Patch by Alexandru Ardelean. .. .. bpo: 23890 .. date: 079 .. nonce: GCFAAZ .. section: Library unittest.TestCase.assertRaises() now manually breaks a reference cycle to not keep objects alive longer than expected. .. .. bpo: 30149 .. date: 078 .. nonce: hE649r .. section: Library inspect.signature() now supports callables with variable-argument parameters wrapped with partialmethod. Patch by Donghee Na. .. .. bpo: 29931 .. date: 077 .. nonce: tfcTwK .. section: Library Fixed comparison check for ipaddress.ip_interface objects. Patch by Sanjay Sundaresan. .. .. bpo: 24484 .. date: 075 .. nonce: vFem8K .. section: Library Avoid race condition in multiprocessing cleanup. .. .. bpo: 28994 .. date: 074 .. nonce: 9vzun1 .. section: Library The traceback no longer displayed for SystemExit raised in a callback registered by atexit. .. .. bpo: 30508 .. date: 073 .. nonce: wNWRS2 .. section: Library Don't log exceptions if Task/Future "cancel()" method was called. .. .. bpo: 28556 .. date: 072 .. nonce: mESP7G .. section: Library Updates to typing module: Add generic AsyncContextManager, add support for ContextManager on all versions. Original PRs by Jelle Zijlstra and Ivan Levkivskyi .. .. bpo: 29870 .. date: 071 .. nonce: p960Ih .. section: Library Fix ssl sockets leaks when connection is aborted in asyncio/ssl implementation. Patch by Michaël Sghaïer. .. .. bpo: 29743 .. date: 070 .. nonce: en2P4s .. section: Library Closing transport during handshake process leaks open socket. Patch by Nikolay Kim .. .. bpo: 27585 .. date: 069 .. nonce: 0Ugqqu .. section: Library Fix waiter cancellation in asyncio.Lock. Patch by Mathieu Sornay. .. .. bpo: 30418 .. date: 068 .. nonce: EwISQm .. section: Library On Windows, subprocess.Popen.communicate() now also ignore EINVAL on stdin.write() if the child process is still running but closed the pipe. .. .. bpo: 30378 .. date: 067 .. nonce: R_19_5 .. section: Library Fix the problem that logging.handlers.SysLogHandler cannot handle IPv6 addresses. .. .. bpo: 29960 .. date: 066 .. nonce: g0wr3r .. section: Library Preserve generator state when _random.Random.setstate() raises an exception. Patch by Bryan Olson. .. .. bpo: 30414 .. date: 065 .. nonce: jGl1Lb .. section: Library multiprocessing.Queue._feed background running thread do not break from main loop on exception. .. .. bpo: 30003 .. date: 064 .. nonce: BOl9HE .. section: Library Fix handling escape characters in HZ codec. Based on patch by Ma Lin. .. .. bpo: 30301 .. date: 063 .. nonce: ywOkjN .. section: Library Fix AttributeError when using SimpleQueue.empty() under *spawn* and *forkserver* start methods. .. .. bpo: 30329 .. date: 062 .. nonce: EuT36N .. section: Library imaplib and poplib now catch the Windows socket WSAEINVAL error (code 10022) on shutdown(SHUT_RDWR): An invalid operation was attempted. This error occurs sometimes on SSL connections. .. .. bpo: 30375 .. date: 061 .. nonce: 9c8qM7 .. section: Library Warnings emitted when compile a regular expression now always point to the line in the user code. Previously they could point into inners of the re module if emitted from inside of groups or conditionals. .. .. bpo: 30048 .. date: 060 .. nonce: ELRx8R .. section: Library Fixed ``Task.cancel()`` can be ignored when the task is running coroutine and the coroutine returned without any more ``await``. .. .. bpo: 29990 .. date: 059 .. nonce: HWV6KE .. section: Library Fix range checking in GB18030 decoder. Original patch by Ma Lin. .. .. bpo: 26293 .. date: 058 .. nonce: wig0YG .. section: Library Change resulted because of zipfile breakage. (See also: bpo-29094) .. .. bpo: 30243 .. date: 057 .. nonce: RHQt0v .. section: Library Removed the __init__ methods of _json's scanner and encoder. Misusing them could cause memory leaks or crashes. Now scanner and encoder objects are completely initialized in the __new__ methods. .. .. bpo: 30185 .. date: 056 .. nonce: Tiu1n8 .. section: Library Avoid KeyboardInterrupt tracebacks in forkserver helper process when Ctrl-C is received. .. .. bpo: 28556 .. date: 055 .. nonce: 51gjbP .. section: Library Various updates to typing module: add typing.NoReturn type, use WrapperDescriptorType, minor bug-fixes. Original PRs by Jim Fasarakis-Hilliard and Ivan Levkivskyi. .. .. bpo: 30205 .. date: 054 .. nonce: BsxO34 .. section: Library Fix getsockname() for unbound AF_UNIX sockets on Linux. .. .. bpo: 30070 .. date: 053 .. nonce: XM_B41 .. section: Library Fixed leaks and crashes in errors handling in the parser module. .. .. bpo: 30061 .. date: 052 .. nonce: 2w_dX9 .. section: Library Fixed crashes in IOBase methods __next__() and readlines() when readline() or __next__() respectively return non-sizeable object. Fixed possible other errors caused by not checking results of PyObject_Size(), PySequence_Size(), or PyMapping_Size(). .. .. bpo: 30068 .. date: 051 .. nonce: n4q47r .. section: Library _io._IOBase.readlines will check if it's closed first when hint is present. .. .. bpo: 29694 .. date: 050 .. nonce: LWKxb1 .. section: Library Fixed race condition in pathlib mkdir with flags parents=True. Patch by Armin Rigo. .. .. bpo: 29692 .. date: 049 .. nonce: oyWrAE .. section: Library Fixed arbitrary unchaining of RuntimeError exceptions in contextlib.contextmanager. Patch by Siddharth Velankar. .. .. bpo: 29998 .. date: 048 .. nonce: poeIKD .. section: Library Pickling and copying ImportError now preserves name and path attributes. .. .. bpo: 29942 .. date: 047 .. nonce: CsGNuT .. section: Library Fix a crash in itertools.chain.from_iterable when encountering long runs of empty iterables. .. .. bpo: 27863 .. date: 046 .. nonce: pPYHHI .. section: Library Fixed multiple crashes in ElementTree caused by race conditions and wrong types. .. .. bpo: 28699 .. date: 045 .. nonce: wZztZP .. section: Library Fixed a bug in pools in multiprocessing.pool that raising an exception at the very first of an iterable may swallow the exception or make the program hang. Patch by Davin Potts and Xiang Zhang. .. .. bpo: 25803 .. date: 044 .. nonce: CPDR0W .. section: Library Avoid incorrect errors raised by Path.mkdir(exist_ok=True) when the OS gives priority to errors such as EACCES over EEXIST. .. .. bpo: 29861 .. date: 043 .. nonce: t2ZoRK .. section: Library Release references to tasks, their arguments and their results as soon as they are finished in multiprocessing.Pool. .. .. bpo: 29884 .. date: 042 .. nonce: kWXR8W .. section: Library faulthandler: Restore the old sigaltstack during teardown. Patch by Christophe Zeitouny. .. .. bpo: 25455 .. date: 041 .. nonce: ZsahHN .. section: Library Fixed crashes in repr of recursive buffered file-like objects. .. .. bpo: 29800 .. date: 040 .. nonce: d2xASa .. section: Library Fix crashes in partial.__repr__ if the keys of partial.keywords are not strings. Patch by Michael Seifert. .. .. bpo: 29742 .. date: 039 .. nonce: 8hqfEO .. section: Library get_extra_info() raises exception if get called on closed ssl transport. Patch by Nikolay Kim. .. .. bpo: 8256 .. date: 038 .. nonce: jAwGQH .. section: Library Fixed possible failing or crashing input() if attributes "encoding" or "errors" of sys.stdin or sys.stdout are not set or are not strings. .. .. bpo: 28298 .. date: 037 .. nonce: xfm84U .. section: Library Fix a bug that prevented array 'Q', 'L' and 'I' from accepting big intables (objects that have __int__) as elements. Patch by Oren Milman. .. .. bpo: 29615 .. date: 036 .. nonce: OpFKzg .. section: Library SimpleXMLRPCDispatcher no longer chains KeyError (or any other exception) to exception(s) raised in the dispatched methods. Patch by Petr Motejlek. .. .. bpo: 29704 .. date: 035 .. nonce: WHbx27 .. section: Library asyncio.subprocess.SubprocessStreamProtocol no longer closes before all pipes are closed. .. .. bpo: 29703 .. date: 034 .. nonce: ZdsPCR .. section: Library Fix asyncio to support instantiation of new event loops in child processes. .. .. bpo: 29376 .. date: 033 .. nonce: rrJhJy .. section: Library Fix assertion error in threading._DummyThread.is_alive(). .. .. bpo: 29110 .. date: 032 .. nonce: wmE-_T .. section: Library Fix file object leak in aifc.open() when file is given as a filesystem path and is not in valid AIFF format. Patch by Anthony Zhang. .. .. bpo: 28961 .. date: 031 .. nonce: Rt93vg .. section: Library Fix unittest.mock._Call helper: don't ignore the name parameter anymore. Patch written by Jiajun Huang. .. .. bpo: 29532 .. date: 030 .. nonce: YCwVQn .. section: Library Altering a kwarg dictionary passed to functools.partial() no longer affects a partial object after creation. .. .. bpo: 28556 .. date: 029 .. nonce: p6967e .. section: Library Various updates to typing module: typing.Counter, typing.ChainMap, improved ABC caching, etc. Original PRs by Jelle Zijlstra, Ivan Levkivskyi, Manuel Krebber, and Łukasz Langa. .. .. bpo: 29100 .. date: 028 .. nonce: LAAERS .. section: Library Fix datetime.fromtimestamp() regression introduced in Python 3.6.0: check minimum and maximum years. .. .. bpo: 29519 .. date: 027 .. nonce: oGGgZ4 .. section: Library Fix weakref spewing exceptions during interpreter shutdown when used with a rare combination of multiprocessing and custom codecs. .. .. bpo: 29416 .. date: 026 .. nonce: KJGyI_ .. section: Library Prevent infinite loop in pathlib.Path.mkdir .. .. bpo: 29444 .. date: 025 .. nonce: cEwgmk .. section: Library Fixed out-of-bounds buffer access in the group() method of the match object. Based on patch by WGH. .. .. bpo: 29335 .. date: 024 .. nonce: _KC7IK .. section: Library Fix subprocess.Popen.wait() when the child process has exited to a stopped instead of terminated state (ex: when under ptrace). .. .. bpo: 29290 .. date: 023 .. nonce: XBqptF .. section: Library Fix a regression in argparse that help messages would wrap at non-breaking spaces. .. .. bpo: 28735 .. date: 022 .. nonce: admHLO .. section: Library Fixed the comparison of mock.MagickMock with mock.ANY. .. .. bpo: 29011 .. date: 021 .. nonce: MI5f2R .. section: Library Fix an important omission by adding Deque to the typing module. .. .. bpo: 29219 .. date: 020 .. nonce: kxui7t .. section: Library Fixed infinite recursion in the repr of uninitialized ctypes.CDLL instances. .. .. bpo: 28969 .. date: 019 .. nonce: j3HJYO .. section: Library Fixed race condition in C implementation of functools.lru_cache. KeyError could be raised when cached function with full cache was simultaneously called from different threads with the same uncached arguments. .. .. bpo: 29142 .. date: 018 .. nonce: xo6kAv .. section: Library In urllib.request, suffixes in no_proxy environment variable with leading dots could match related hostnames again (e.g. .b.c matches a.b.c). Patch by Milan Oberkirch. .. .. bpo: 30176 .. date: 013 .. nonce: VivmCg .. section: Documentation Add missing attribute related constants in curses documentation. .. .. bpo: 26985 .. date: 012 .. nonce: NB5_9S .. section: Documentation Add missing info of code object in inspect documentation. .. .. bpo: 28929 .. date: 011 .. nonce: Md7kb0 .. section: Documentation Link the documentation to its source file on GitHub. .. .. bpo: 25008 .. date: 010 .. nonce: CeIzyU .. section: Documentation Document smtpd.py as effectively deprecated and add a pointer to aiosmtpd, a third-party asyncio-based replacement. .. .. bpo: 26355 .. date: 009 .. nonce: SDq_8Y .. section: Documentation Add canonical header link on each page to corresponding major version of the documentation. Patch by Matthias Bussonnier. .. .. bpo: 29349 .. date: 008 .. nonce: PjSo-t .. section: Documentation Fix Python 2 syntax in code for building the documentation. .. .. bpo: 30822 .. date: 2017-07-20-14-29-54 .. nonce: X0wREo .. section: Tests Fix regrtest command line parser to allow passing -u extralargefile to run test_zipfile64. .. .. bpo: 30383 .. date: 2017-06-27-13-52-43 .. nonce: rCmrv7 .. section: Tests regrtest: Enhance regrtest and backport features from the master branch. Add options: --coverage, --testdir, --list-tests (list test files, don't run them), --list-cases (list test identifiers, don't run them, :issue:`30523`), --matchfile (load a list of test filters from a text file, :issue:`30540`), --slowest (alias to --slow). Enhance output: add timestamp, test result, currently running tests, "Tests result: xxx" summary with total duration, etc. Fix reference leak hunting in regrtest, --huntrleaks: regrtest now warms up caches, create explicitly all internal singletons which are created on demand to prevent false positives when checking for reference leaks. (:issue:`30675`). .. .. bpo: 30357 .. date: 004 .. nonce: n4CPEa .. section: Tests test_thread: setUp() now uses support.threading_setup() and support.threading_cleanup() to wait until threads complete to avoid random side effects on following tests. Initial patch written by Grzegorz Grzywacz. .. .. bpo: 28087 .. date: 003 .. nonce: m8dc4R .. section: Tests Skip test_asyncore and test_eintr poll failures on macOS. Skip some tests of select.poll when running on macOS due to unresolved issues with the underlying system poll function on some macOS versions. .. .. bpo: 30197 .. date: 002 .. nonce: c5wRfu .. section: Tests Enhanced functions swap_attr() and swap_item() in the test.support module. They now work when delete replaced attribute or item inside the with statement. The old value of the attribute or item (or None if it doesn't exist) now will be assigned to the target of the "as" clause, if there is one. .. .. bpo: 29571 .. date: 001 .. nonce: r6Dixr .. section: Tests to match the behaviour of the ``re.LOCALE`` flag, test_re.test_locale_flag now uses ``locale.getpreferredencoding(False)`` to determine the candidate encoding for the test regex (allowing it to correctly skip the test when the default locale encoding is a multi-byte encoding) .. .. bpo: 29243 .. date: 007 .. nonce: WDK4hT .. section: Build Prevent unnecessary rebuilding of Python during ``make test``, ``make install`` and some other make targets when configured with ``--enable-optimizations``. .. .. bpo: 23404 .. date: 006 .. nonce: PdYVWg .. section: Build Don't regenerate generated files based on file modification time anymore: the action is now explicit. Replace ``make touch`` with ``make regen-all``. .. .. bpo: 29643 .. date: 005 .. nonce: 4WLIJQ .. section: Build Fix ``--enable-optimization`` didn't work. .. .. bpo: 30687 .. date: 017 .. nonce: 8mqHnu .. section: Windows Locate msbuild.exe on Windows when building rather than vcvarsall.bat .. .. bpo: 29392 .. date: 016 .. nonce: OtqS5t .. section: Windows Prevent crash when passing invalid arguments into msvcrt module. .. .. bpo: 27867 .. date: 015 .. nonce: VMCoJU .. section: C API Function PySlice_GetIndicesEx() is replaced with a macro if Py_LIMITED_API is set to the value between 0x03050400 and 0x03060000 (not including) or 0x03060100 or higher. .. .. bpo: 29083 .. date: 014 .. nonce: tGTjr_ .. section: C API Fixed the declaration of some public API functions. PyArg_VaParse() and PyArg_VaParseTupleAndKeywords() were not available in limited API. PyArg_ValidateKeywordArguments(), PyArg_UnpackTuple() and Py_BuildValue() were not available in limited API of version < 3.3 when PY_SSIZE_T_CLEAN is defined.