From: Benjamin Peterson Date: Sun, 3 May 2015 02:36:26 +0000 (-0400) Subject: merge 3.3 (#24094) X-Git-Tag: v3.5.0b1~259^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=122f4b1bda8262ace6aa021935e8c605a17c3748;p=thirdparty%2FPython%2Fcpython.git merge 3.3 (#24094) --- 122f4b1bda8262ace6aa021935e8c605a17c3748 diff --cc Misc/NEWS index 24fc1507e0a6,ca923fb18e3d..b0a87a797e57 --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -39,182 -19,153 +39,185 @@@ Core and Builtin Library ------- + - Issue #24094: Fix possible crash in json.encode with poorly behaved dict + subclasses. + -- Issue #23367: Fix possible overflows in the unicodedata module. +- Asyncio issue 222 / PR 231 (Victor Stinner) -- fix @coroutine + functions without __name__. -- Issue #23361: Fix possible overflow in Windows subprocess creation code. +- Issue #9246: On POSIX, os.getcwd() now supports paths longer than 1025 bytes. + Patch written by William Orr. -- Issue #23363: Fix possible overflow in itertools.permutations. +- Issues #24099, #24100, and #24101: Fix free-after-use bug in heapq's siftup + and siftdown functions. -- Issue #23364: Fix possible overflow in itertools.product. +- Backport collections.deque fixes from Python 3.5. Prevents reentrant badness + during deletion by deferring the decref until the container has been restored + to a consistent state. -- Issue #23369: Fixed possible integer overflow in - _json.encode_basestring_ascii. +- Issue #23008: Fixed resolving attributes with boolean value is False in pydoc. -- Issue #23366: Fixed possible integer overflow in itertools.combinations. +- Fix asyncio issue 235: LifoQueue and PriorityQueue's put didn't + increment unfinished tasks (this bug was introduced in 3.4.3 when + JoinableQueue was merged with Queue). -- Issue #23365: Fixed possible integer overflow in - itertools.combinations_with_replacement. +- Issue #23908: os functions now reject paths with embedded null character + on Windows instead of silently truncate them. -C API ------ +- Issue #23728: binascii.crc_hqx() could return an integer outside of the range + 0-0xffff for empty data. -- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error +- Issue #23811: Add missing newline to the PyCompileError error message. + Patch by Alex Shkop. +- Issue #17898: Fix exception in gettext.py when parsing certain plural forms. -What's New in Python 3.3.6? -=========================== +- Issue #22982: Improve BOM handling when seeking to multiple positions of + a writable text file. -*Release date: 11-Oct-2014* +- Issue #23865: close() methods in multiple modules now are idempotent and more + robust at shutdown. If they need to release multiple resources, all are + released even if errors occur. -Core and Builtins ------------------ +- Issue #23881: urllib.request.ftpwrapper constructor now closes the socket if + the FTP connection failed to fix a ResourceWarning. -- Issue #22643: Fix integer overflow in Unicode case operations (upper, lower, - title, swapcase, casefold). +- Issue #23400: Raise same exception on both Python 2 and 3 if sem_open is not + available. Patch by Davin Potts. -- Issue #22518: Fixed integer overflow issues in "backslashreplace", - "xmlcharrefreplace", and "surrogatepass" error handlers. +- Issue #15133: _tkinter.tkapp.getboolean() now supports Tcl_Obj and always + returns bool. tkinter.BooleanVar now validates input values (accepted bool, + int, str, and Tcl_Obj). tkinter.BooleanVar.get() now always returns bool. -- Issue #22520: Fix overflow checking when generating the repr of a unicode - object. +- Issue #23338: Fixed formatting ctypes error messages on Cygwin. + Patch by Makoto Kato. -- Issue #22519: Fix overflow checking in PyBytes_Repr. +- Issue #16840: Tkinter now supports 64-bit integers added in Tcl 8.4 and + arbitrary precision integers added in Tcl 8.5. -- Issue #22518: Fix integer overflow issues in latin-1 encoding. +- Issue #23834: Fix socket.sendto(), use the C Py_ssize_t type to store the + result of sendto() instead of the C int type. -- Issue #23165: Perform overflow checks before allocating memory in the - _Py_char2wchar function. +- Issue #21526: Tkinter now supports new boolean type in Tcl 8.5. -Library -------- +- Issue #23838: linecache now clears the cache and returns an empty result on + MemoryError. -- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode - will return. This resolves CVE-2013-1753. +- Issue #18473: Fixed 2to3 and 3to2 compatible pickle mappings. Fixed + ambigious reverse mappings. Added many new mappings. Import mapping is no + longer applied to modules already mapped with full name mapping. -- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its - weakrefs. +- Issue #23745: The new email header parser now handles duplicate MIME + parameter names without error, similar to how get_param behaves. -- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to - 65536 bytes and send a 414 error code for higher lengths. Patch contributed - by Devin Cook. +- Issue #23792: Ignore KeyboardInterrupt when the pydoc pager is active. + This mimics the behavior of the standard unix pagers, and prevents + pipepager from shutting down while the pager itself is still running. -- Lax cookie parsing in http.cookies could be a security issue when combined - with non-standard cookie handling in some Web browsers. Reported by - Sergey Bobrov. +- Issue #23742: ntpath.expandvars() no longer loses unbalanced single quotes. -- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths - before checking for a CGI script at that path. +- Issue #21802: The reader in BufferedRWPair now is closed even when closing + writer failed in BufferedRWPair.close(). -- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second - parameter. Bug reported by Guido Vranken. +- Issue #23671: string.Template now allows to specify the "self" parameter as + keyword argument. string.Formatter now allows to specify the "self" and + the "format_string" parameters as keyword arguments. -- Issue #20633: Replace relative import by absolute import. +- Issue #21560: An attempt to write a data of wrong type no longer cause + GzipFile corruption. Original patch by Wolfgang Maier. -- Issue #21082: In os.makedirs, do not set the process-wide umask. Note this - changes behavior of makedirs when exist_ok=True. +- Issue #23647: Increase impalib's MAXLINE to accommodate modern mailbox sizes. -- Issue #20875: Prevent possible gzip "'read' is not defined" NameError. - Patch by Claudiu Popa. +- Issue #23539: If body is None, http.client.HTTPConnection.request now sets + Content-Length to 0 for PUT, POST, and PATCH headers to avoid 411 errors from + some web servers. -- Issue #11599: When an external command (e.g. compiler) fails, distutils now - prints out the whole command line (instead of just the command name) if the - environment variable DISTUTILS_DEBUG is set. +- Issue #22351: The nntplib.NNTP constructor no longer leaves the connection + and socket open until the garbage collector cleans them up. Patch by + Martin Panter. -- Issue #4931: distutils should not produce unhelpful "error: None" messages - anymore. distutils.util.grok_environment_error is kept but doc-deprecated. +- Issue #23136: _strptime now uniformly handles all days in week 0, including + Dec 30 of previous year. Based on patch by Jim Carroll. -- Issue #20283: RE pattern methods now accept the string keyword parameters - as documented. The pattern and source keyword parameters are left as - deprecated aliases. +- Issue #23700: Iterator of NamedTemporaryFile now keeps a reference to + NamedTemporaryFile instance. Patch by Bohuslav Kabrda. -- Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, - broken by the fix for security issue #19435. Patch by Zach Byrne. +- Issue #22903: The fake test case created by unittest.loader when it fails + importing a test module is now picklable. -Tests ------ +- Issue #23568: Add rdivmod support to MagicMock() objects. + Patch by Håkan Lövdahl. -- Issue #17752: Fix distutils tests when run from the installed location. +- Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar. + Patch by Demian Brecht. -- Issue #20946: Correct alignment assumptions of some ctypes tests. +- Issue #23051: multiprocessing.Pool methods imap() and imap_unordered() now + handle exceptions raised by an iterator. Patch by Alon Diamant and Davin + Potts. -- Issue #20939: Fix test_geturl failure in test_urllibnet due to - new redirect of http://www.python.org/ to https://www.python.org. +- Issue #22928: Disabled HTTP header injections in http.client. + Original patch by Demian Brecht. +- Issue #23615: Modules bz2, tarfile and tokenize now can be reloaded with + imp.reload(). Patch by Thomas Kluyver. -What's New in Python 3.3.5? -=========================== +- Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST + flag on certificate stores when it is available. -*Release date: 09-Mar-2014* +- Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the + SSL layer but the underlying connection hasn't been closed. -No changes from release candidate 2. +- Issue #23504: Added an __all__ to the types module. +- Issue #20204: Added the __module__ attribute to _tkinter classes. -What's New in Python 3.3.5 release candidate 2? -=============================================== +- Issue #23521: Corrected pure python implementation of timedelta division. -*Release date: 02-Mar-2014* + * Eliminated OverflowError from timedelta * float for some floats; + * Corrected rounding in timedlta true division. -Core and Builtins ------------------ +- Issue #21619: Popen objects no longer leave a zombie after exit in the with + statement if the pipe was broken. Patch by Martin Panter. -- Issue #20731: Properly position in source code files even if they - are opened in text mode. Patch by Serhiy Storchaka. +- Issue #6639: Module-level turtle functions no longer raise TclError after + closing the window. -- Issue #19619: str.encode, bytes.decode and bytearray.decode now use an - internal API to throw LookupError for known non-text encodings, rather - than attempting the encoding or decoding operation and then throwing a - TypeError for an unexpected output type. (The latter mechanism remains - in place for third party non-text encodings) +- Issues #814253, #9179: Warnings now are raised when group references and + conditional group references are used in lookbehind assertions in regular + expressions. -Library -------- +- Issue #23215: Multibyte codecs with custom error handlers that ignores errors + consumed too much memory and raised SystemError or MemoryError. + Original patch by Aleksi Torhamo. -- Issue #20778: Fix modulefinder to work with bytecode-only modules. +- Issue #5700: io.FileIO() called flush() after closing the file. + flush() was not called in close() if closefd=False. -- Issue #20791: copy.copy() now doesn't make a copy when the input is - a bytes object. Initial patch by Peter Otten. +- Issue #23374: Fixed pydoc failure with non-ASCII files when stdout encoding + differs from file system encoding (e.g. on Mac OS). -- Issue #20621: Fixes a zipimport bug introduced in 3.3.4 that could cause - spurious crashes or SystemErrors when importing modules or packages from a - zip file. The change causing the problem was reverted. +- Issue #23481: Remove RC4 from the SSL module's default cipher list. -- Issue #20404: io.TextIOWrapper (and hence the open() builtin) now uses the - internal codec marking system added for issue #19619 to throw LookupError - for known non-text encodings at stream construction time. The existing - output type checks remain in place to deal with unmarked third party - codecs. +- Issue #21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty + docstrings. + +- Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb + module. Original patch by Claudiu Popa. + +- Issue #23146: Fix mishandling of absolute Windows paths with forward + slashes in pathlib. + +- Issue #23421: Fixed compression in tarfile CLI. Patch by wdv4758h. + +- Issue #23367: Fix possible overflows in the unicodedata module. + +- Issue #23361: Fix possible overflow in Windows subprocess creation code. + +- Issue #23801: Fix issue where cgi.FieldStorage did not always ignore the + entire preamble to a multipart body. + +- Issue #23310: Fix MagicMock's initializer to work with __methods__, just + like configure_mock(). Patch by Kasia Jachim. Tests -----