--- /dev/null
+.. bpo: 38243
+.. date: 2019-09-25-13-21-09
+.. nonce: 1pfz24
+.. release date: 2019-10-07
+.. section: Security
+
+Escape the server title of :class:`DocXMLRPCServer.DocXMLRPCServer` when
+rendering the document page as HTML. (Contributed by Dong-hee Na in
+:issue:`38243`.)
+
+..
+
+.. bpo: 38174
+.. date: 2019-09-23-21-02-46
+.. nonce: MeWuJd
+.. section: Security
+
+Update vendorized expat library version to 2.2.8, which resolves
+CVE-2019-15903.
+
+..
+
+.. bpo: 34631
+.. date: 2019-06-17-08-43-19
+.. nonce: pJ8CGR
+.. section: Security
+
+Updated OpenSSL to 1.0.2s in Windows installer
+
+..
+
+.. bpo: 35647
+.. date: 2019-05-20-00-49-29
+.. nonce: oWmiGU
+.. section: Security
+
+Don't set cookie for a request when the request path is a prefix match of
+the cookie's path attribute but doesn't end with "/". Patch by Karthikeyan
+Singaravelan.
+
+..
+
+.. bpo: 35121
+.. date: 2019-05-20-00-35-12
+.. nonce: RRi-HU
+.. section: Security
+
+Don't send cookies of domain A without Domain attribute to domain B when
+domain A is a suffix match of domain B while using a cookiejar with
+:class:`cookielib.DefaultCookiePolicy` policy. Patch by Karthikeyan
+Singaravelan.
+
+..
+
+.. bpo: 34155
+.. date: 2019-05-04-13-33-37
+.. nonce: MJll68
+.. section: Security
+
+Fix parsing of invalid email addresses with more than one ``@`` (e.g.
+a@b@c.com.) to not return the part before 2nd ``@`` as valid email address.
+Patch by maxking & jpic.
+
+..
+
+.. bpo: 36742
+.. date: 2019-04-29-15-34-59
+.. nonce: QCUY0i
+.. section: Security
+
+Fixes mishandling of pre-normalization characters in urlsplit().
+
+..
+
+.. bpo: 30458
+.. date: 2019-04-10-08-53-30
+.. nonce: 51E-DA
+.. section: Security
+
+Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
+control characters through into the underlying http client request. Such
+potentially malicious header injection URLs now cause an httplib.InvalidURL
+exception to be raised.
+
+..
+
+.. bpo: 36216
+.. date: 2019-03-06-09-38-40
+.. nonce: 6q1m4a
+.. section: Security
+
+Changes urlsplit() to raise ValueError when the URL contains characters that
+decompose under IDNA encoding (NFKC-normalization) into characters that
+affect how the URL is parsed.
+
+..
+
+.. bpo: 35907
+.. date: 2019-02-13-17-21-10
+.. nonce: ckk2zg
+.. section: Security
+
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in :func:`urllib.urlopen`,
+:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.
+
+..
+
+.. bpo: 38106
+.. date: 2019-09-12-16-36-16
+.. nonce: 4pApn7
+.. section: Core and Builtins
+
+Fix race in PyThread_release_lock that was leading to memory corruption and
+deadlocks. The fix applies to POSIX systems where Python locks are
+implemented with mutex and condition variable because POSIX semaphores are
+either not provided, or are known to be broken. One particular example of
+such system is macOS.
+
+..
+
+.. bpo: 37329
+.. date: 2019-06-18-15-08-32
+.. nonce: 7XVDRv
+.. section: Core and Builtins
+
+valgrind: suppress a false alarm in memory leak checks. _PyWarnings_Init()
+only allocates memory once at startup but it is not released at exit. Ignore
+this issue to be able to catch other bugs more easily.
+
+..
+
+.. bpo: 26423
+.. date: 2019-05-27-18-00-19
+.. nonce: RgUOE8
+.. section: Core and Builtins
+
+Fix possible overflow in ``wrap_lenfunc()`` when ``sizeof(long) <
+sizeof(Py_ssize_t)`` (e.g., 64-bit Windows).
+
+..
+
+.. bpo: 27987
+.. date: 2019-04-16-11-52-21
+.. nonce: n2_DcQ
+.. section: Core and Builtins
+
+pymalloc returns memory blocks aligned by 16 bytes, instead of 8 bytes, on
+64-bit platforms to conform x86-64 ABI. Recent compilers assume this
+alignment more often. Patch by Inada Naoki.
+
+..
+
+.. bpo: 36504
+.. date: 2019-04-02-04-10-32
+.. nonce: k_V8Bm
+.. section: Core and Builtins
+
+Fix signed integer overflow in _ctypes.c's ``PyCArrayType_new()``.
+
+..
+
+.. bpo: 36459
+.. date: 2019-03-27-22-35-16
+.. nonce: UAvkKp
+.. section: Core and Builtins
+
+Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's ``tok_nextc()``.
+
+..
+
+.. bpo: 36430
+.. date: 2019-03-25-23-37-26
+.. nonce: sd9xxQ
+.. section: Core and Builtins
+
+Fix a possible reference leak in :func:`itertools.count`.
+
+..
+
+.. bpo: 18368
+.. date: 2019-03-14-17-30-46
+.. nonce: WXaHAo
+.. section: Core and Builtins
+
+PyOS_StdioReadline() no longer leaks memory when realloc() fails.
+
+..
+
+.. bpo: 36262
+.. date: 2019-03-11-15-37-33
+.. nonce: v3N6Fz
+.. section: Core and Builtins
+
+Fix an unlikely memory leak on conversion from string to float in the
+function ``_Py_dg_strtod()`` used by ``float(str)``, ``complex(str)``,
+:func:`pickle.load`, :func:`marshal.load`, etc.
+
+..
+
+.. bpo: 36149
+.. date: 2019-02-28-13-52-18
+.. nonce: GJdnh4
+.. section: Core and Builtins
+
+Fix use of uninitialized memory in cPickle when reading a truncated pickle
+from a file object.
+
+..
+
+.. bpo: 33006
+.. date: 2018-03-07-09-10-42
+.. nonce: Bzx3LA
+.. section: Core and Builtins
+
+Clarified Doc string for builtin filter function. 2nd Argument can be any
+iterable. Patch by Tony Flury
+
+..
+
+.. bpo: 38216
+.. date: 2019-09-27-15-24-45
+.. nonce: -7yvZR
+.. section: Library
+
+Allow the rare code that wants to send invalid http requests from the
+`http.client` library a way to do so. The fixes for bpo-30458 led to
+breakage for some projects that were relying on this ability to test their
+own behavior in the face of bad requests.
+
+..
+
+.. bpo: 38175
+.. date: 2019-09-15-10-30-33
+.. nonce: 61XlUv
+.. section: Library
+
+Fix a memory leak in comparison of :class:`sqlite3.Row` objects.
+
+..
+
+.. bpo: 33936
+.. date: 2019-09-14-10-34-00
+.. nonce: 8wCI_n
+.. section: Library
+
+_hashlib no longer calls obsolete OpenSSL initialization function with
+OpenSSL 1.1.0+.
+
+..
+
+.. bpo: 34410
+.. date: 2019-08-31-01-52-59
+.. nonce: 7KbWZQ
+.. section: Library
+
+Fixed a crash in the :func:`tee` iterator when re-enter it. RuntimeError is
+now raised in this case.
+
+..
+
+.. bpo: 37965
+.. date: 2019-08-28-14-04-18
+.. nonce: 7xGE-C
+.. section: Library
+
+Fix C compiler warning caused by distutils.ccompiler.CCompiler.has_function.
+
+..
+
+.. bpo: 34521
+.. date: 2019-08-23-14-47-09
+.. nonce: Y2BYu5
+.. section: Library
+
+Fix file descriptors transfer in multiprocessing on FreeBSD: use
+``CMSG_SPACE()`` rather than ``CMSG_LEN()``; see :rfc:`3542`.
+
+..
+
+.. bpo: 37664
+.. date: 2019-07-24-18-27-44
+.. nonce: o-GYZC
+.. section: Library
+
+Update wheels bundled with ensurepip (pip 19.2.3 and setuptools 41.2.0)
+
+..
+
+.. bpo: 37437
+.. date: 2019-06-27-20-33-50
+.. nonce: du39_A
+.. section: Library
+
+Update vendorized expat version to 2.2.7.
+
+..
+
+.. bpo: 36742
+.. date: 2019-06-10-12-02-45
+.. nonce: UEdHXJ
+.. section: Library
+
+:func:`urlparse.urlsplit` error message for invalid ``netloc`` according to
+NFKC normalization is now a :class:`str` string, rather than a
+:class:`unicode` string, to prevent error when displaying the error.
+
+..
+
+.. bpo: 12639
+.. date: 2019-05-30-16-16-47
+.. nonce: TQFOR4
+.. section: Library
+
+:meth:`msilib.Directory.start_component()` no longer fails if *keyfile* is
+not ``None``.
+
+..
+
+.. bpo: 36713
+.. date: 2019-05-23-15-57-36
+.. nonce: sjPhnf
+.. section: Library
+
+Rename the :meth:`test_ascii_replace` to :meth:`test_ascii_strict`.
+
+..
+
+.. bpo: 28552
+.. date: 2019-04-18-16-10-29
+.. nonce: MW1TLt
+.. section: Library
+
+Fix :mod:`distutils.sysconfig` if :data:`sys.executable` is ``None`` or an
+empty string: use :func:`os.getcwd` to initialize ``project_base``. Fix
+also the distutils build command: don't use :data:`sys.executable` if it is
+``None`` or an empty string.
+
+..
+
+.. bpo: 36337
+.. date: 2019-03-18-10-08-30
+.. nonce: QhJnXy
+.. section: Library
+
+Fix buffer overflow in :meth:`~socket.socket.send` and
+:meth:`~socket.socket.sendall` methods of :func:`socket.socket` for data
+larger than 2 GiB.
+
+..
+
+.. bpo: 36291
+.. date: 2019-03-14-15-54-46
+.. nonce: UalHXP
+.. section: Library
+
+Fix a possible reference leak in the json module.
+
+..
+
+.. bpo: 36289
+.. date: 2019-03-14-15-42-48
+.. nonce: wYKS47
+.. section: Library
+
+Fix a possible reference leak in the io module.
+
+..
+
+.. bpo: 36212
+.. date: 2019-03-14-14-40-22
+.. nonce: IEgRI8
+.. section: Library
+
+Fix two possible reference leaks in the hotshot module.
+
+..
+
+.. bpo: 36235
+.. date: 2019-03-08-13-32-21
+.. nonce: _M72wU
+.. section: Library
+
+Fix ``CFLAGS`` in ``customize_compiler()`` of ``distutils.sysconfig``: when
+the ``CFLAGS`` environment variable is defined, don't override ``CFLAGS``
+variable with the ``OPT`` variable anymore. Initial patch written by David
+Malcolm.
+
+..
+
+.. bpo: 35807
+.. date: 2019-03-06-13-21-33
+.. nonce: W7mmu3
+.. section: Library
+
+Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.
+
+..
+
+.. bpo: 36186
+.. date: 2019-03-04-16-39-16
+.. nonce: Hqw1A_
+.. section: Library
+
+Fix linuxaudiodev.linux_audio_device() error handling: close the internal
+file descriptor if it fails to open the device.
+
+..
+
+.. bpo: 13096
+.. date: 2019-03-04-16-13-01
+.. nonce: SGPt_n
+.. section: Library
+
+Fix memory leak in ctypes POINTER handling of large values.
+
+..
+
+.. bpo: 36179
+.. date: 2019-03-04-10-42-46
+.. nonce: jEyuI-
+.. section: Library
+
+Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in
+out-of-memory cases.
+
+..
+
+.. bpo: 36106
+.. date: 2019-02-25-13-21-43
+.. nonce: VuhEiQ
+.. section: Library
+
+Resolve potential name clash with libm's sinpi(). Patch by Dmitrii
+Pasechnik.
+
+..
+
+.. bpo: 31292
+.. date: 2017-08-30-20-27-00
+.. nonce: dKIaZb
+.. section: Library
+
+Fix ``setup.py check --restructuredtext`` for files containing ``include``
+directives.
+
+..
+
+.. bpo: 37487
+.. date: 2019-07-06-17-19-26
+.. nonce: QagfZ5
+.. section: Documentation
+
+Fix PyList_GetItem index description to include 0.
+
+..
+
+.. bpo: 37149
+.. date: 2019-07-06-02-19-02
+.. nonce: NumHn3
+.. section: Documentation
+
+Replace the dead link to the Tkinter 8.5 reference by John Shipman, New
+Mexico Tech, with a link to the archive.org copy.
+
+..
+
+.. bpo: 35126
+.. date: 2019-02-18-10-01-07
+.. nonce: LWwl8X
+.. section: Documentation
+
+Improve the examples in the "How do I convert a number to string?" question
+of the "Programming" section of the FAQ. Contributed by Stéphane Wirtel.
+
+..
+
+.. bpo: 35605
+.. date: 2018-12-30-09-56-13
+.. nonce: gAWt32
+.. section: Documentation
+
+Fix documentation build for sphinx<1.6. Patch by Anthony Sottile.
+
+..
+
+.. bpo: 35564
+.. date: 2018-12-22-22-52-05
+.. nonce: TuEU_D
+.. section: Documentation
+
+Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0
+
+..
+
+.. bpo: 33832
+.. date: 2018-06-15-15-57-37
+.. nonce: xBFhKw
+.. section: Documentation
+
+Add glossary entry for 'magic method'.
+
+..
+
+.. bpo: 37411
+.. date: 2019-06-26-15-28-45
+.. nonce: 5lGNhM
+.. section: Tests
+
+Fix test_wsgiref.testEnviron() to no longer depend on the environment
+variables (don't fail if "X" variable is set).
+
+..
+
+.. bpo: 37359
+.. date: 2019-06-24-10-47-07
+.. nonce: CkdtyO
+.. section: Tests
+
+Add --cleanup option to python3 -m test to remove ``test_python_*``
+directories of previous failed jobs. Add "make cleantest" to run ``python3
+-m test --cleanup``.
+
+..
+
+.. bpo: 37362
+.. date: 2019-06-21-15-47-33
+.. nonce: D3xppx
+.. section: Tests
+
+test_gdb no longer fails if it gets an "unexpected" message on stderr: it
+now ignores stderr. The purpose of test_gdb is to test that python-gdb.py
+commands work as expected, not to test gdb.
+
+..
+
+.. bpo: 36816
+.. date: 2019-05-08-15-55-46
+.. nonce: WBKRGZ
+.. section: Tests
+
+Update Lib/test/selfsigned_pythontestdotnet.pem to match
+self-signed.pythontest.net's new TLS certificate.
+
+..
+
+.. bpo: 35925
+.. date: 2019-05-06-18-29-54
+.. nonce: gwQPuC
+.. section: Tests
+
+Skip specific nntplib and ssl networking tests when they would otherwise
+fail due to a modern OS or distro with a default OpenSSL policy of rejecting
+connections to servers with weak certificates or disabling TLS below
+TLSv1.2.
+
+..
+
+.. bpo: 36560
+.. date: 2019-04-09-14-08-02
+.. nonce: _ejeOr
+.. section: Tests
+
+Fix reference leak hunting in regrtest: compute also deltas (of reference
+count and file descriptor count) during warmup, to ensure that everything is
+initialized before starting to hunt reference leaks.
+
+..
+
+.. bpo: 36234
+.. date: 2019-03-08-12-53-37
+.. nonce: NRVK6W
+.. section: Tests
+
+test_posix.PosixUidGidTests: add tests for invalid uid/gid type (str). Patch
+written by David Malcolm.
+
+..
+
+.. bpo: 36019
+.. date: 2019-03-05-13-27-36
+.. nonce: ebUjCm
+.. section: Tests
+
+Add test.support.TEST_HTTP_URL and replace references of
+http://www.example.com by this new constant. Contributed by Stéphane Wirtel.
+
+..
+
+.. bpo: 27313
+.. date: 2019-02-24-03-19-43
+.. nonce: Sj9veH
+.. section: Tests
+
+Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.
+
+..
+
+.. bpo: 26386
+.. date: 2019-02-24-02-44-52
+.. nonce: YZylPP
+.. section: Tests
+
+Re-enable missing widget testcases in test_ttk_guionly.
+
+..
+
+.. bpo: 34836
+.. date: 2019-01-11-14-01-19
+.. nonce: 7fat9-
+.. section: Tests
+
+Fix ``test_default_ecdh_curve`` when TLSv1.3 is enabled by default.
+
+..
+
+.. bpo: 38301
+.. date: 2019-09-28-02-37-11
+.. nonce: 123456
+.. section: Build
+
+In Solaris family, we must be sure to use ``-D_REENTRANT``. Patch by Jesús
+Cea Avión.
+
+..
+
+.. bpo: 14353
+.. date: 2019-05-12-10-52-37
+.. nonce: LK1qWM
+.. section: Build
+
+Fix detection of the bind_textdomain_codeset function for building gettext
+support into the locale module.
+
+..
+
+.. bpo: 36605
+.. date: 2019-04-11-18-50-58
+.. nonce: gk5czf
+.. section: Build
+
+``make tags`` and ``make TAGS`` now also parse ``Modules/_io/*.c`` and
+``Modules/_io/*.h``.
+
+..
+
+.. bpo: 35264
+.. date: 2018-11-16-15-19-09
+.. nonce: h5GxH3
+.. section: Build
+
+Fix SSL module build with OpenSSL 1.1.0
+
+..
+
+.. bpo: 38117
+.. date: 2019-09-16-12-47-12
+.. nonce: JaiB0X
+.. section: Windows
+
+Updates bundled OpenSSL to 1.0.2t
+
+..
+
+.. bpo: 37445
+.. date: 2019-06-28-18-10-29
+.. nonce: LsdYO6
+.. section: Windows
+
+Include the ``FORMAT_MESSAGE_IGNORE_INSERTS`` flag in ``FormatMessageW()``
+calls.
+
+..
+
+.. bpo: 35360
+.. date: 2019-06-18-09-53-15
+.. nonce: tdqSmo
+.. section: Windows
+
+Update Windows builds to use SQLite 3.28.0.
+
+..
+
+.. bpo: 1104
+.. date: 2017-11-24-12-53-54
+.. nonce: 1CWSZp
+.. section: Windows
+
+Correctly handle string length in ``msilib.SummaryInfo.GetProperty()`` to
+prevent it from truncating the last character.
+
+..
+
+.. bpo: 38117
+.. date: 2019-09-15-21-45-15
+.. nonce: _U9F2r
+.. section: macOS
+
+Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x.
+
+..
+
+.. bpo: 19960
+.. date: 2019-06-20-01-16-16
+.. nonce: LpLUPF
+.. section: macOS
+
+When building 2.7 on macOS without system header files installed in
+``/usr/include``, a few extension modules dependent on system-supplied
+third-party libraries were not being built, most notably zlib.
+
+..
+
+.. bpo: 35360
+.. date: 2019-06-18-10-02-11
+.. nonce: -CWbfy
+.. section: macOS
+
+Update macOS installer to use SQLite 3.28.0.
+
+..
+
+.. bpo: 34631
+.. date: 2019-06-18-05-39-01
+.. nonce: StdZhE
+.. section: macOS
+
+Updated OpenSSL to 1.0.2s in macOS installer.
+
+..
+
+.. bpo: 36231
+.. date: 2019-06-03-05-49-49
+.. nonce: RfmW_p
+.. section: macOS
+
+Support building Python on macOS without /usr/include installed. As of macOS
+10.14, system header files are only available within an SDK provided by
+either the Command Line Tools or the Xcode app.
+
+..
+
+.. bpo: 37177
+.. date: 2019-06-07-00-17-41
+.. nonce: voU6pQ
+.. section: IDLE
+
+Properly 'attach' search dialogs to their main window so that they behave
+like other dialogs and do not get hidden behind their main window.
+
+..
+
+.. bpo: 13102
+.. date: 2019-05-05-16-27-53
+.. nonce: AGNWYJ
+.. section: IDLE
+
+When saving a file, call os.fsync() so bits are flushed to e.g. USB drive.
+
+..
+
+.. bpo: 37675
+.. date: 2019-07-24-16-20-54
+.. nonce: 951Cvf
+.. section: Tools/Demos
+
+2to3 now works when run from a zipped standard library.
+
+..
+
+.. bpo: 14546
+.. date: 2019-04-30-14-30-29
+.. nonce: r38Y-6
+.. section: Tools/Demos
+
+Fix the argument handling in Tools/scripts/lll.py.
+
+..
+
+.. bpo: 37170
+.. date: 2019-06-06-08-47-04
+.. nonce: hO_fpM
+.. section: C API
+
+Fix the cast on error in :c:func:`PyLong_AsUnsignedLongLongMask()`.
projects / thirdparty / Python / cpython.git / commitdiff
