NEWS

+++++++++++
Python News
+++++++++++
What's New in Python 2.7.17 final?

==================================
*Release date: 2019-10-19*
There were no new changes in version 2.7.17.
What's New in Python 2.7.17 release candidate 1?

================================================
Security
--------
- bpo-38243: Escape the server title of

:class:`DocXMLRPCServer.DocXMLRPCServer` when rendering the document page
as HTML. (Contributed by Dong-hee Na in :issue:`38243`.)
- bpo-38174: Update vendorized expat library version to 2.2.8, which

resolves CVE-2019-15903.
- bpo-34631: Updated OpenSSL to 1.0.2s in Windows installer
- bpo-35647: Don't set cookie for a request when the request path is a
prefix match of the cookie's path attribute but doesn't end with "/".
Patch by Karthikeyan Singaravelan.
- bpo-35121: Don't send cookies of domain A without Domain attribute to

domain B when domain A is a suffix match of domain B while using a
cookiejar with :class:`cookielib.DefaultCookiePolicy` policy. Patch by
Karthikeyan Singaravelan.
- bpo-34155: Fix parsing of invalid email addresses with more than one ``@``
(e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email
address. Patch by maxking & jpic.
- bpo-36742: Fixes mishandling of pre-normalization characters in

urlsplit().
- bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded

whitespace or control characters through into the underlying http client
request. Such potentially malicious header injection URLs now cause an
httplib.InvalidURL exception to be raised.
- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains

characters that decompose under IDNA encoding (NFKC-normalization) into
characters that affect how the URL is parsed.
- bpo-35907: CVE-2019-9948: Avoid file reading by disallowing ``local-

file://`` and ``local_file://`` URL schemes in :func:ùrllib.urlopen`,
:meth:ùrllib.URLopener.open` and :meth:ùrllib.URLopener.retrieve`.
Core and Builtins
-----------------
- bpo-38106: Fix race in PyThread_release_lock that was leading to memory

corruption and deadlocks. The fix applies to POSIX systems where Python
locks are implemented with mutex and condition variable because POSIX
semaphores are either not provided, or are known to be broken. One
particular example of such system is macOS.
- bpo-37329: valgrind: suppress a false alarm in memory leak checks.

_PyWarnings_Init() only allocates memory once at startup but it is not
released at exit. Ignore this issue to be able to catch other bugs more
easily.
- bpo-26423: Fix possible overflow in ``wrap_lenfunc()`` when ``sizeof(long)

< sizeof(Py_ssize_t)`` (e.g., 64-bit Windows).
- bpo-27987: pymalloc returns memory blocks aligned by 16 bytes, instead of

8 bytes, on 64-bit platforms to conform x86-64 ABI. Recent compilers
assume this alignment more often. Patch by Inada Naoki.
- bpo-36504: Fix signed integer overflow in _ctypes.c's

``PyCArrayType_new()``.
- bpo-36459: Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's

``tok_nextc()``.
- bpo-36430: Fix a possible reference leak in :func:ìtertools.count`.
- bpo-18368: PyOS_StdioReadline() no longer leaks memory when realloc()

fails.
- bpo-36262: Fix an unlikely memory leak on conversion from string to float

in the function ``_Py_dg_strtod()`` used by ``float(str)``,
``complex(str)``, :func:`pickle.load`, :func:`marshal.load`, etc.
- bpo-36149: Fix use of uninitialized memory in cPickle when reading a

truncated pickle from a file object.
- bpo-33006: Clarified Doc string for builtin filter function. 2nd Argument
can be any iterable. Patch by Tony Flury
Library
-------
- bpo-38216: Allow the rare code that wants to send invalid http requests
from the `http.client` library a way to do so. The fixes for bpo-30458
led to breakage for some projects that were relying on this ability to
test their own behavior in the face of bad requests.
- bpo-38175: Fix a memory leak in comparison of :class:`sqlite3.Row`

objects.
- bpo-33936: _hashlib no longer calls obsolete OpenSSL initialization

function with OpenSSL 1.1.0+.
- bpo-34410: Fixed a crash in the :func:`tee` iterator when re-enter it.

RuntimeError is now raised in this case.
- bpo-37965: Fix C compiler warning caused by
distutils.ccompiler.CCompiler.has_function.
- bpo-34521: Fix file descriptors transfer in multiprocessing on FreeBSD:

use ``CMSG_SPACE()`` rather than ``CMSG_LEN()``; see :rfc:`3542`.
- bpo-37664: Update wheels bundled with ensurepip (pip 19.2.3 and setuptools
41.2.0)
- bpo-37437: Update vendorized expat version to 2.2.7.
- bpo-36742: :func:ùrlparse.urlsplit` error message for invalid ``netloc``

according to NFKC normalization is now a :class:`str` string, rather than
a :class:ùnicode` string, to prevent error when displaying the error.
- bpo-12639: :meth:`msilib.Directory.start_component()` no longer fails if

*keyfile* is not ``None``.
- bpo-36713: Rename the :meth:`test_ascii_replace` to

:meth:`test_ascii_strict`.
- bpo-28552: Fix :mod:`distutils.sysconfig` if :data:`sys.executable` is

``None`` or an empty string: use :func:òs.getcwd` to initialize
``project_base``. Fix also the distutils build command: don't use
:data:`sys.executable` if it is ``None`` or an empty string.
- bpo-36337: Fix buffer overflow in :meth:`~socket.socket.send` and

:meth:`~socket.socket.sendall` methods of :func:`socket.socket` for data
larger than 2 GiB.
- bpo-36291: Fix a possible reference leak in the json module.
- bpo-36289: Fix a possible reference leak in the io module.
- bpo-36212: Fix two possible reference leaks in the hotshot module.
- bpo-36235: Fix ``CFLAGS`` in ``customize_compiler()`` of

``distutils.sysconfig``: when the ``CFLAGS`` environment variable is
defined, don't override ``CFLAGS`` variable with the `ÒPT`` variable
anymore. Initial patch written by David Malcolm.
- bpo-35807: Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.
- bpo-36186: Fix linuxaudiodev.linux_audio_device() error handling: close

the internal file descriptor if it fails to open the device.
- bpo-13096: Fix memory leak in ctypes POINTER handling of large values.
- bpo-36179: Fix two unlikely reference leaks in _hashopenssl. The leaks

only occur in out-of-memory cases.
- bpo-36106: Resolve potential name clash with libm's sinpi(). Patch by

Dmitrii Pasechnik.
- bpo-31292: Fix ``setup.py check --restructuredtext`` for files containing

`ìnclude`` directives.
Documentation
-------------
- bpo-37487: Fix PyList_GetItem index description to include 0.
- bpo-37149: Replace the dead link to the Tkinter 8.5 reference by John
Shipman, New Mexico Tech, with a link to the archive.org copy.
- bpo-35126: Improve the examples in the "How do I convert a number to

string?" question of the "Programming" section of the FAQ. Contributed by
Stéphane Wirtel.
- bpo-35605: Fix documentation build for sphinx<1.6. Patch by Anthony

Sottile.
- bpo-35564: Explicitly set master_doc variable in conf.py for compliance

with Sphinx 2.0
- bpo-33832: Add glossary entry for 'magic method'.
Tests
-----
- bpo-37411: Fix test_wsgiref.testEnviron() to no longer depend on the

environment variables (don't fail if "X" variable is set).
- bpo-37359: Add --cleanup option to python3 -m test to remove

``test_python_*`` directories of previous failed jobs. Add "make
cleantest" to run ``python3 -m test --cleanup``.
- bpo-37362: test_gdb no longer fails if it gets an "unexpected" message on

stderr: it now ignores stderr. The purpose of test_gdb is to test that
python-gdb.py commands work as expected, not to test gdb.
- bpo-36816: Update Lib/test/selfsigned_pythontestdotnet.pem to match self-

signed.pythontest.net's new TLS certificate.
- bpo-35925: Skip specific nntplib and ssl networking tests when they would
otherwise fail due to a modern OS or distro with a default OpenSSL policy
of rejecting connections to servers with weak certificates or disabling
TLS below TLSv1.2.
- bpo-36560: Fix reference leak hunting in regrtest: compute also deltas (of
reference count and file descriptor count) during warmup, to ensure that
everything is initialized before starting to hunt reference leaks.
- bpo-36234: test_posix.PosixUidGidTests: add tests for invalid uid/gid type

(str). Patch written by David Malcolm.
- bpo-36019: Add test.support.TEST_HTTP_URL and replace references of

http://www.example.com by this new constant. Contributed by Stéphane
Wirtel.
- bpo-27313: Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa

Tk.
- bpo-26386: Re-enable missing widget testcases in test_ttk_guionly.
- bpo-34836: Fix ``test_default_ecdh_curve`` when TLSv1.3 is enabled by

default.
Build
-----
- bpo-38301: In Solaris family, we must be sure to use ``-D_REENTRANT``.

Patch by Jesús Cea Avión.
- bpo-14353: Fix detection of the bind_textdomain_codeset function for

building gettext support into the locale module.
- bpo-36605: ``make tags`` and ``make TAGS`` now also parse

``Modules/_io/*.c`` and ``Modules/_io/*.h``.
- bpo-35264: Fix SSL module build with OpenSSL 1.1.0
Windows
-------
- bpo-38117: Updates bundled OpenSSL to 1.0.2t
- bpo-37445: Include the ``FORMAT_MESSAGE_IGNORE_INSERTS`` flag in

``FormatMessageW()`` calls.
- bpo-35360: Update Windows builds to use SQLite 3.28.0.
- bpo-1104: Correctly handle string length in

``msilib.SummaryInfo.GetProperty()`` to prevent it from truncating the
last character.
macOS
-----
- bpo-38117: Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x.
- bpo-19960: When building 2.7 on macOS without system header files

installed in ``/usr/include``, a few extension modules dependent on
system-supplied third-party libraries were not being built, most notably
zlib.
- bpo-35360: Update macOS installer to use SQLite 3.28.0.
- bpo-34631: Updated OpenSSL to 1.0.2s in macOS installer.
- bpo-36231: Support building Python on macOS without /usr/include

installed. As of macOS 10.14, system header files are only available
within an SDK provided by either the Command Line Tools or the Xcode app.
IDLE
----
- bpo-37177: Properly 'attach' search dialogs to their main window so that

they behave like other dialogs and do not get hidden behind their main
window.
- bpo-13102: When saving a file, call os.fsync() so bits are flushed to e.g.
USB drive.
Tools/Demos
-----------
- bpo-37675: 2to3 now works when run from a zipped standard library.
- bpo-14546: Fix the argument handling in Tools/scripts/lll.py.
C API
-----
- bpo-37170: Fix the cast on error in

:c:func:`PyLong_AsUnsignedLongLongMask()`.

==================================
IDLE
----
- bpo-32129: Avoid blurry IDLE application icon on macOS with Tk 8.6. Patch
by Kevin Walzer.

================================================
Security
--------
- bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The

cert parser did not handle CRL distribution points with empty DP or URI
correctly. A malicious or buggy certificate can result into segfault.
Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of
Cisco.
- bpo-16039: CVE-2013-1752: Change use of ``readline()`` in

:class:ìmaplib.IMAP4_SSL` to limit line length.
- bpo-28043: SSLContext has improved default settings: OP_NO_SSLv2,

OP_NO_SSLv3, OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE and HIGH ciphers without MD5.
- bpo-34791: The xml.sax and xml.dom.domreg no longer use environment

variables to override parser implementations when
sys.flags.ignore_environment is set by -E or -I arguments.
- bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now

initializes hash randomization salt from _Py_HashSecret instead of
libexpat's default CSPRNG.
- bpo-34540: When ``shutil.make_archive`` falls back to the external ``zip``

problem, it uses :mod:`subprocess` to invoke it rather than
:mod:`distutils.spawn`. This closes a possible shell injection vector.
- bpo-34405: Updated to OpenSSL 1.0.2p for Windows builds.
Core and Builtins

-----------------
- bpo-35552: Format character ``%s`` in :c:func:`PyString_FromFormat` no

longer read memory past the limit if *precision* is specified.
- bpo-35504: Fix segfaults and :exc:`SystemError`\ s when deleting certain

attributes. Patch by Zackery Spytz.
- bpo-35368: :c:func:`PyMem_Malloc` is now also thread-safe in debug mode.
- bpo-35214: Fixed an out of bounds memory access when parsing a truncated

unicode escape sequence at the end of a string such as `ù'\N'``. It
would read one byte beyond the end of the memory allocation.
- bpo-34974: The :class:`bytearray` constructor no longer convert unexpected

exceptions (e.g. :exc:`MemoryError` and :exc:`KeyboardInterrupt`) to
:exc:`TypeError`.
- bpo-22851: Fix a segfault when accessing

``generator.gi_frame.f_restricted`` when the generator is exhausted.
Patch by Zackery Spytz.
- bpo-18560: Fix potential NULL pointer dereference in sum().
- bpo-34400: Fix undefined behavior in parsetok.c. Patch by Zackery Spytz.
- bpo-25083: Adding I/O error checking when reading .py files and aborting
importing on error.
- bpo-25943: Fix potential heap corruption in the :mod:`bsddb` module.

Patch by Zackery Spytz.
- bpo-34068: In :meth:ìo.IOBase.close`, ensure that the

:attr:`~io.IOBase.closed` attribute is not set with a live exception.
Patch by Zackery Spytz and Serhiy Storchaka.
- bpo-34080: Fixed a memory leak in the compiler when it raised some

uncommon errors during tokenizing.
- bpo-33956: Update vendored Expat library copy to version 2.2.5.
- bpo-30654: Fixed reset of the SIGINT handler to SIG_DFL on interpreter

shutdown even when there was a custom handler set previously. Patch by
Philipp Kerling.
- bpo-33645: Fixed an "unknown parsing error" on parsing the "<>" operator

when run Python with both options ``-3`` and ``-We``.
- bpo-33622: Fixed a leak when the garbage collector fails to add an object
with the ``__del__`` method or referenced by it into the
:data:`gc.garbage` list. :c:func:`PyGC_Collect` can now be called when an
exception is set and preserves it.
- bpo-33391: Fix a leak in set_symmetric_difference().
- bpo-25750: Fix rare Python crash due to bad refcounting in

``type_getattro()`` if a descriptor deletes itself from the class. Patch
by Jeroen Demeyer.
- bpo-25862: Fix assertion failures in the ``tell()`` method of
`ìo.TextIOWrapper``. Patch by Zackery Spytz.
Library
-------
- bpo-8765: The write() method of buffered and unbuffered binary streams in

the io module emits now a DeprecationWarning in Py3k mode for unicode
argument.
- bpo-35052: Fix xml.dom.minidom cloneNode() on a document with an entity:

pass the correct arguments to the user data handler of an entity.
- bpo-10496: :func:`~distutils.utils.check_environ` of
:mod:`distutils.utils` now catchs :exc:`KeyError` on calling
:func:`pwd.getpwuid`: don't create the ``HOME`` environment variable in
this case.
- bpo-10496: :func:`posixpath.expanduser` now returns the input *path*

unchanged if the ``HOME`` environment variable is not set and the current
user has no home directory (if the current user identifier doesn't exist
in the password database). This change fix the :mod:`site` module if the
current user doesn't exist in the password database (if the user has no
home directory).
- bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff.

Orignial patch by R. David Murray & Jairo Trad. Enhanced by Sanyam
Khurana.
- bpo-35277: Update ensurepip to install pip 18.1 and setuptools 40.6.2.
- bpo-35062: Fix incorrect parsing of

:class:`_io.IncrementalNewlineDecoder`'s *translate* argument.
- bpo-35079: Improve difflib.SequenceManager.get_matching_blocks doc by

adding 'non- overlapping' and changing '!=' to '<'.
- bpo-35017: :meth:`socketserver.BaseServer.serve_forever` now exits

immediately if it's :meth:`~socketserver.BaseServer.shutdown` method is
called while it is polling for new events.
- bpo-34794: Fixed a leak in Tkinter when pass the Python wrapper around
Tcl_Obj back to Tcl/Tk.
- bpo-23420: Verify the value for the parameter '-s' of the cProfile CLI.
Patch by Robert Kuska
- bpo-16965: The :term:`2to3` :2to3fixer:èxecfile` fixer now opens the file

with mode ``'rb'``. Patch by Zackery Spytz.
- bpo-34936: Fix ``TclError`` in ``tkinter.Spinbox.selection_element()``.

Patch by Juliette Monsel.
- bpo-34866: Adding ``max_num_fields`` to ``cgi.FieldStorage`` to make DOS

attacks harder by limiting the number of ``MiniFieldStorage`` objects
created by ``FieldStorage``.
- bpo-34738: ZIP files created by :mod:`distutils` will now include entries

for directories.
- bpo-34652: Ensure :func:òs.lchmod` is never defined on Linux.
- bpo-34625: Update vendorized expat library version to 2.2.6.
- bpo-34610: Fixed iterator of :class:`multiprocessing.managers.DictProxy`.
- bpo-34530: ``distutils.spawn.find_executable()`` now falls back on

:data:òs.defpath` if the ``PATH`` environment variable is not set.
- bpo-34472: Improved compatibility for streamed files in :mod:`zipfile`.

Previously an optional signature was not being written and certain ZIP
applications were not supported. Patch by Silas Sewell.
- bpo-6700: Fix inspect.getsourcelines for module level frames/tracebacks.

Patch by Vladimir Matveev.
- bpo-31715: Associate ``.mjs`` file extension with

`àpplication/javascript`` MIME Type.
- bpo-32947: Add OP_ENABLE_MIDDLEBOX_COMPAT and test workaround for TLSv1.3

for future compatibility with OpenSSL 1.1.1.
- bpo-34341: Appending to the ZIP archive with the ZIP64 extension no longer
grows the size of extra fields of existing entries.
- bpo-34052: :meth:`sqlite3.Connection.create_aggregate`,
:meth:`sqlite3.Connection.create_function`,
:meth:`sqlite3.Connection.set_authorizer`,
:meth:`sqlite3.Connection.set_progress_handler` methods raises TypeError
when unhashable objects are passed as callable. These methods now don't
pass such objects to SQLite API. Previous behavior could lead to
segfaults. Patch by Sergey Fedoseev.
- bpo-34019: webbrowser: Correct the arguments passed to Opera Browser when

opening a new URL using the ``webbrowser`` module. Patch by Bumsik Kim.
- bpo-33974: Fixed passing lists and tuples of strings containing special

characters ``"``, ``\``, ``{``, ``}`` and ``\n`` as options to
:mod:`~tkinter.ttk` widgets.
- bpo-26544: Fixed implementation of :func:`platform.libc_ver`. It almost

always returned version '2.9' for glibc.
- bpo-33767: The concatenation (``+``) and repetition (``*``) sequence

operations now raise :exc:`TypeError` instead of :exc:`SystemError` when
performed on :class:`mmap.mmap` objects. Patch by Zackery Spytz.
- bpo-11874: Use a better regex when breaking usage into wrappable parts.
Avoids bogus assertion errors from custom metavar strings.
- bpo-33570: Change TLS 1.3 cipher suite settings for compatibility with
OpenSSL 1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers
enabled by default.
- bpo-33542: Prevent `ùuid.get_node`` from using a DUID instead of a MAC on

Windows. Patch by Zvi Effron
- bpo-33096: Removed unintentionally backported from Python 3 Tkinter files.

- bpo-20087: Updated alias mapping with glibc 2.27 supported locales.
- bpo-33422: Fix trailing quotation marks getting deleted when looking up

byte/string literals on pydoc. Patch by Andrés Delfino.
- bpo-33336: `ìmaplib`` now allows ``MOVE`` command in `ÌMAP4.uid()`` (RFC

6851: IMAP MOVE Extension) and potentially as a name of supported method
of `ÌMAP4`` object.
- bpo-33359: Fix running ``python -m curses.has_key``.
- bpo-33131: Upgrade bundled version of pip to 10.0.1.
- bpo-33308: Fixed a crash in the :mod:`parser` module when converting an ST

object to a tree of tuples or lists with ``line_info=False`` and
``col_info=True``.
- bpo-33256: Fix display of ``<module>`` call in the html produced by

``cgitb.html()``. Patch by Stéphane Blondon.
- bpo-32861: The urllib.robotparser's ``__str__`` representation now

includes wildcard entries and the "Crawl-delay" and "Request-rate" fields.
Patch by Michael Lazar.
- bpo-33038: gzip.GzipFile no longer produces an AttributeError exception

when used with a file object with a non-string name attribute. Patch by Bo
Bayles.
- bpo-32857: In :mod:`tkinter`, `àfter_cancel(None)`` now raises a

:exc:`ValueError` instead of canceling the first scheduled function.
Patch by Cheryl Sabella.
- bpo-32502: uuid.uuid1 no longer raises an exception if a 64-bit hardware

address is encountered.
- bpo-31608: Raise a ``TypeError`` instead of crashing if a

``collections.deque`` subclass returns a non-deque from ``__new__``. Patch
by Oren Milman.
- bpo-16865: Support arrays >=2GiB in :mod:`ctypes`. Patch by Segev Finer.
- bpo-29456: Fix bugs in hangul normalization: u1176, u11a7 and u11c3
Documentation
-------------
- bpo-35035: Rename documentation for :mod:èmail.utils` to

`èmail.utils.rst``.
- bpo-34967: Use app.add_object_type() instead of the deprecated Sphinx

function app.description_unit()
- bpo-13407: Add a note to :mod:`bz2` and :mod:`tarfile` stating that

handling of multi- stream bzip2 files is not supported.
- bpo-33503: Fix broken pypi link
Tests
-----
- bpo-34279: :func:`test.support.run_unittest` no longer raise

:exc:`TestDidNotRun` if the test result contains skipped tests. The
exception is now only raised if no test have been run and no test have
been skipped.
- bpo-34279: regrtest issue a warning when no tests have been executed in a

particular test file. Also, a new final result state is issued if no test
have been executed across all test files. Patch by Pablo Galindo.
- bpo-34661: Fix test_shutil if unzip doesn't support -t.
- bpo-34542: Use 3072 RSA keys and SHA-256 signature for test certs and
keys.
- bpo-34391: Fix ftplib test for TLS 1.3 by reading from data socket.
- bpo-34399: Update all RSA keys and DH params to use at least 2048 bits.
- bpo-33901: Fix test_gdbm on macOS with gdbm 1.15: add a larger value to
make sure that the file size changes.
- bpo-33873: Fix a bug in ``regrtest`` that caused an extra test to run if

--huntrleaks/-R was used. Exit with error in case that invalid parameters
are specified to --huntrleaks/-R (at least one warmup run and one
repetition must be used).
- bpo-29512: Rename Lib/test/bisect.py to Lib/test/bisect_cmd.py. The old

name was in conflict with Lib/bisect.py, causing test failures, depending
how tests were run.
- bpo-32962: Fixed test_gdb when Python is compiled with flags -mcet -fcf-
protection -O0.
- bpo-33354: Skip ``test_ssl.test_load_dh_params`` when Python filesystem

encoding cannot encode the provided path.
- bpo-19417: Add test_bdb.py.
Build
-----
- bpo-35139: Fix a compiler error when statically linking `pyexpat` in

`Modules/Setup`.
- bpo-34710: Fixed SSL module build with OpenSSL & pedantic CFLAGS.
- bpo-33015: Fix an undefined behaviour in the pthread implementation of

:c:func:`PyThread_start_new_thread`: add a function wrapper to always
return ``NULL``.
- bpo-30345: Add -g to LDFLAGS when compiling with LTO to get debug symbols.
Windows
-------
- bpo-35401: Updates Windows build to OpenSSL 1.0.2q

- bpo-34603: Fix returning structs from functions produced by MSVC
- bpo-33711: Fixed licence generation error when building the installer.
macOS
-----
- bpo-15663: The macOS 10.6+ installer now provides a private copy of Tcl/Tk
8.6, like the 10.9+ installer does.
- bpo-35401: Update macOS installer to use OpenSSL 1.0.2q.
- bpo-34405: Update to OpenSSL 1.0.2p for macOS installer builds.
IDLE
----
- bpo-34275: Make IDLE calltips always visible on Mac. Some MacOS-tk

combinations need .update_idletasks(). Patch by Kevin Walzer.
- bpo-34120: Fix unresponsiveness after closing certain windows and dialogs.
- bpo-33856: Add "help" in the welcome message of IDLE
- bpo-31500: Default fonts now are scaled on HiDPI displays.
Tools/Demos
-----------
- bpo-34989: python-gdb.py now handles errors on computing the line number

of a Python frame.
- bpo-34500: Fix 2 ResourceWarning in difflib.py. Patch by Mickaël

Schoentgen.
- bpo-29367: python-gdb.py now supports also method-wrapper (wrapperobject)

objects.
- bpo-32962: python-gdb now catchs `ÙnicodeDecodeError`` exceptions when

calling ``string()``.
- bpo-32962: python-gdb now catchs ValueError on read_var(): when Python has

no debug symbols for example.
C API
-----
- bpo-33817: Fixed :c:func:`_PyString_Resize` and

:c:func:`_PyUnicode_Resize` for empty strings. This fixed also
:c:func:`PyString_FromFormat` and :c:func:`PyUnicode_FromFormat` when they
return an empty string (e.g. ``PyString_FromFormat("%s", "")``).
- bpo-34229: Check start and stop of slice object to be long when they are
not int in :c:func:`PySlice_GetIndices`.
- bpo-23927: Fixed :exc:`SystemError` in

:c:func:`PyArg_ParseTupleAndKeywords` when the ``w*`` format unit is used
for optional parameter.
==================================
Core and Builtins

-----------------
- bpo-33374: Tweak the definition of PyGC_Head, so compilers do not believe

it is always 16-byte aligned on x86. This prevents crashes with more
aggressive optimizations present in GCC 8.

================================================
Security
--------
- bpo-32997: A regex in fpformat was vulnerable to catastrophic

backtracking. This regex was a potential DOS vector (REDOS). Based on
typical uses of fpformat the risk seems low. The regex has been refactored
and is now safe. Patch by Jamie Davis.
- bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic

backtracking. These regexes formed potential DOS vectors (REDOS). They
have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch
by Jamie Davis.
- bpo-31339: Rewrite time.asctime() and time.ctime(). Backport and adapt the

_asctime() function from the master branch to not depend on the
implementation of asctime() and ctime() from the external C library. This
change fixes a bug when Python is run using the musl C library.
- bpo-30730: Prevent environment variables injection in subprocess on

Windows. Prevent passing other environment variables and command
arguments.
- bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple
security vulnerabilities including: CVE-2017-9233 (External entity
infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
CVE-2016-0718 (Fix regression bugs from 2.2.0's fix to CVE-2016-0718) and
CVE-2012-0876 (Counter hash flooding with SipHash). Note: the
CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn't
impact Python, since Python already gets entropy from the OS to set the
expat secret using ``XML_SetHashSalt()``.
- bpo-30500: Fix urllib.splithost() to correctly parse fragments. For

example, ``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the
``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an
authentification (``login@host``).
- bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of

CVE-2016-0718 and CVE-2016-4472. See
https://sourceforge.net/p/expat/bugs/537/ for more information.
Core and Builtins
-----------------
- bpo-33026: Fixed jumping out of "with" block by setting f_lineno.
- bpo-17288: Prevent jumps from 'return' and 'exception' trace events.
- bpo-18533: ``repr()`` on a dict containing its own ``viewvalues()`` or

``viewitems()`` no longer raises ``RuntimeError``. Instead, use ``...``,
as for other recursive structures. Patch by Ben North.
- bpo-10544: Yield expressions are now deprecated in comprehensions and

generator expressions when checking Python 3 compatibility. They are still
permitted in the definition of the outermost iterable, as that is
evaluated directly in the enclosing scope.
- bpo-32137: The repr of deeply nested dict now raises a RecursionError

instead of crashing due to a stack overflow.
- bpo-20047: Bytearray methods partition() and rpartition() now accept only

bytes-like objects as separator, as documented. In particular they now
raise TypeError rather of returning a bogus result when an integer is
passed as a separator.
- bpo-31733: Add a new PYTHONSHOWREFCOUNT environment variable. In debug

mode, Python now only print the total reference count if
PYTHONSHOWREFCOUNT is set.
- bpo-31692: Add a new PYTHONSHOWALLOCCOUNT environment variable. When

Python is compiled with COUNT_ALLOCS, PYTHONSHOWALLOCCOUNT now has to be
set to dump allocation counts into stderr on shutdown. Moreover,
allocations statistics are now dumped into stderr rather than stdout.
- bpo-31478: Prevent unwanted behavior in `_random.Random.seed()` in case

the argument has a bad ``__abs__()`` method. Patch by Oren Milman.
- bpo-31530: Fixed crashes when iterating over a file on multiple threads.
- bpo-31490: Fix an assertion failure in `ctypes` class definition, in case

the class has an attribute whose name is specified in ``_anonymous_`` but
not in ``_fields_``. Patch by Oren Milman.
- bpo-31411: Raise a TypeError instead of SystemError in case

warnings.onceregistry is not a dictionary. Patch by Oren Milman.
- bpo-31343: Include sys/sysmacros.h for major(), minor(), and makedev().

GNU C libray plans to remove the functions from sys/types.h.
- bpo-31311: Fix a crash in the ``__setstate__()`` method of

`ctypes._CData`, in case of a bad ``__dict__``. Patch by Oren Milman.
- bpo-31243: Fix a crash in some methods of ìo.TextIOWrapper`, when the

decoder's state is invalid. Patch by Oren Milman.
- bpo-31095: Fix potential crash during GC caused by ``tp_dealloc`` which

doesn't call ``PyObject_GC_UnTrack()``.
- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape. Patch

by Jay Bosamiya.
- bpo-27945: Fixed various segfaults with dict when input collections are
mutated during searching, inserting or comparing. Based on patches by
Duane Griffin and Tim Mitchell.
- bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non-

interned or unicode attribute names. Based on patch by Eryk Sun.
- bpo-29935: Fixed error messages in the index() method of tuple and list
when pass indices of wrong type.
- bpo-28598: Support __rmod__ for subclasses of str being called before

str.__mod__. Patch by Martijn Pieters.
- bpo-29602: Fix incorrect handling of signed zeros in complex constructor

for complex subclasses and for inputs having a __complex__ method. Patch
by Serhiy Storchaka.
- bpo-29347: Fixed possibly dereferencing undefined pointers when creating

weakref objects.
- bpo-14376: Allow sys.exit to accept longs as well as ints. Patch by Gareth

Rees.
- bpo-29028: Fixed possible use-after-free bugs in the subscription of the

buffer object with custom index object.
- bpo-29145: Fix overflow checks in string, bytearray and unicode. Patch by

jan matejek and Xiang Zhang.
- bpo-28932: Do not include <sys/random.h> if it does not exist.
Library
-------
- bpo-33096: Allow ttk.Treeview.insert to insert iid that has a false

boolean value. Note iid=0 and iid=False would be same. Patch by Garvit
Khatri.
- bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.
- bpo-30622: The ssl module now detects missing NPN support in LibreSSL.
- bpo-21060: Rewrite confusing message from setup.py upload from "No dist
file created in earlier command" to the more helpful "Must create and
upload files in one command".
- bpo-30157: Fixed guessing quote and delimiter in csv.Sniffer.sniff() when

only the last field is quoted. Patch by Jake Davis.
- bpo-32647: The ctypes module used to depend on indirect linking for

dlopen. The shared extension is now explicitly linked against libdl on
platforms with dl.
- bpo-32304: distutils' upload command no longer corrupts tar files ending

with a CR byte, and no longer tries to convert CR to CRLF in any of the
upload text fields.
- bpo-31848: Fix the error handling in Aifc_read.initfp() when the SSND

chunk is not found. Patch by Zackery Spytz.
- bpo-32521: The nis module is now compatible with new libnsl and headers
location.
- bpo-32539: Fix `ÒSError`` for `òs.listdir`` with deep paths (starting

with ``\\?\``) on windows. Patch by Anthony Sottile.
- bpo-32521: glibc has removed Sun RPC. Use replacement libtirpc headers and
library in nis module.
- bpo-18035: ``telnetlib``: ``select.error`` doesn't have an `èrrno``

attribute. Patch by Segev Finer.
- bpo-32185: The SSL module no longer sends IP addresses in SNI TLS

extension on platforms with OpenSSL 1.0.2+ or inet_pton.
- bpo-32186: Creating io.FileIO() and builtin file() objects now release the
GIL when checking the file descriptor. io.FileIO.readall(),
io.FileIO.read(), and file.read() now release the GIL when getting the
file size. Fixed hang of all threads with inaccessible NFS server. Patch
by Nir Soffer.
- bpo-32110: ``codecs.StreamReader.read(n)`` now returns not more than *n*

characters/bytes for non-negative *n*. This makes it compatible with
``read()`` methods of other file-like objects.
- bpo-21149: Silence a `'NoneType' object is not callable` in

`_removeHandlerRef` error that could happen when a logging Handler is
destroyed as part of cyclic garbage collection during process shutdown.
- bpo-31764: Prevent a crash in ``sqlite3.Cursor.close()`` in case the

``Cursor`` object is uninitialized. Patch by Oren Milman.
- bpo-31955: Fix CCompiler.set_executable() of distutils to handle properly

Unicode strings.
- bpo-9678: Fixed determining the MAC address in the uuid module:
* Using ifconfig on NetBSD and OpenBSD.

* Using arp on Linux, FreeBSD, NetBSD and OpenBSD.
Based on patch by Takayuki Shimizukawa.
- bpo-30057: Fix potential missed signal in signal.signal().
- bpo-31927: Fixed reading arbitrary data when parse a AF_BLUETOOTH address

on NetBSD and DragonFly BSD.
- bpo-27666: Fixed stack corruption in curses.box() and curses.ungetmouse()

when the size of types chtype or mmask_t is less than the size of C long.
curses.box() now accepts characters as arguments. Based on patch by Steve
Fink.
- bpo-25720: Fix the method for checking pad state of curses WINDOW. Patch
by Masayuki Yamamoto.
- bpo-31893: Fixed the layout of the kqueue_event structure on OpenBSD and

NetBSD. Fixed the comparison of the kqueue_event objects.
- bpo-31891: Fixed building the curses module on NetBSD.
- bpo-30058: Fixed buffer overflow in select.kqueue.control().
- bpo-31770: Prevent a crash when calling the ``__init__()`` method of a

``sqlite3.Cursor`` object more than once. Patch by Oren Milman.
- bpo-31728: Prevent crashes in `_elementtree` due to unsafe cleanup of

Èlement.text` and Èlement.tail`. Patch by Oren Milman.
- bpo-31752: Fix possible crash in timedelta constructor called with custom

integers.
- bpo-31681: Fix pkgutil.get_data to avoid leaking open files.
- bpo-31675: Fixed memory leaks in Tkinter's methods splitlist() and split()

when pass a string larger than 2 GiB.
- bpo-30806: Fix the string representation of a netrc object.
- bpo-30347: Stop crashes when concurrently iterate over itertools.groupby()

iterators.
- bpo-25732: `functools.total_ordering()` now implements the `__ne__`

method.
- bpo-31351: python -m ensurepip now exits with non-zero exit code if pip
bootstrapping has failed.
- bpo-31544: The C accelerator module of ElementTree ignored exceptions

raised when looking up TreeBuilder target methods in XMLParser().
- bpo-31455: The C accelerator module of ElementTree ignored exceptions

raised when looking up TreeBuilder target methods in XMLParser().
- bpo-25404: SSLContext.load_dh_params() now supports non-ASCII path.
- bpo-28958: ssl.SSLContext() now uses OpenSSL error information when a

context cannot be instantiated.
- bpo-27448: Work around a `gc.disable()` race condition in the `subprocess`

module that could leave garbage collection disabled when multiple threads
are spawning subprocesses at once. Users are *strongly encouraged* to use
the `subprocess32` module from PyPI on Python 2.7 instead, it is much more
reliable.
- bpo-31170: expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of

partial characters for UTF-8 input (libexpat bug 115):
https://github.com/libexpat/libexpat/issues/115
- bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3.
- bpo-31334: Fix ``poll.poll([timeout])`` in the ``select`` module for

arbitrary negative timeouts on all OSes where it can only be a non-
negative integer or -1. Patch by Riccardo Coccioli.
- bpo-10746: Fix ctypes producing wrong PEP 3118 type codes for integer
types.
- bpo-30102: The ssl and hashlib modules now call
OPENSSL_add_all_algorithms_noconf() on OpenSSL < 1.1.0. The function
detects CPU features and enables optimizations on some CPU architectures
such as POWER8. Patch is based on research from Gustavo Serra Scalet.
- bpo-30502: Fix handling of long oids in ssl. Based on patch by Christian

Heimes.
- bpo-25684: Change ``ttk.OptionMenu`` radiobuttons to be unique across

instances of `ÒptionMenu``.
- bpo-29169: Update zlib to 1.2.11.
- bpo-30746: Prohibited the '=' character in environment variable names in

`òs.putenv()`` and `òs.spawn*()``.
- bpo-30418: On Windows, subprocess.Popen.communicate() now also ignore

EINVAL on stdin.write() if the child process is still running but closed
the pipe.
- bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot

handle IPv6 addresses.
- bpo-29960: Preserve generator state when _random.Random.setstate() raises

an exception. Patch by Bryan Olson.
- bpo-30310: tkFont now supports unicode options (e.g. font family).
- bpo-30414: multiprocessing.Queue._feed background running thread do not

break from main loop on exception.
- bpo-30003: Fix handling escape characters in HZ codec. Based on patch by

Ma Lin.
- bpo-30375: Warnings emitted when compile a regular expression now always

point to the line in the user code. Previously they could point into
inners of the re module if emitted from inside of groups or conditionals.
- bpo-30363: Running Python with the -3 option now warns about regular
expression syntax that is invalid or has different semantic in Python 3 or
will change the behavior in future Python versions.
- bpo-30365: Running Python with the -3 option now emits deprecation

warnings for getchildren() and getiterator() methods of the Element class
in the xml.etree.cElementTree module and when pass the html argument to
xml.etree.ElementTree.XMLParser().
- bpo-30365: Fixed a deprecation warning about the doctype() method of the

xml.etree.ElementTree.XMLParser class. Now it is emitted only when define
the doctype() method in the subclass of XMLParser.
- bpo-30329: imaplib now catchs the Windows socket WSAEINVAL error (code
10022) on shutdown(SHUT_RDWR): An invalid operation was attempted. This
error occurs sometimes on SSL connections.
- bpo-30342: Fix sysconfig.is_python_build() if Python is built with Visual

Studio 2008 (VS 9.0).
- bpo-29990: Fix range checking in GB18030 decoder. Original patch by Ma
Lin.
- bpo-30243: Removed the __init__ methods of _json's scanner and encoder.

Misusing them could cause memory leaks or crashes. Now scanner and
encoder objects are completely initialized in the __new__ methods.
- bpo-26293: Change resulted because of zipfile breakage. (See also:

bpo-29094)
- bpo-30070: Fixed leaks and crashes in errors handling in the parser

module.
- bpo-30061: Fixed crashes in IOBase methods next() and readlines() when

readline() or next() respectively return non-sizeable object. Fixed
possible other errors caused by not checking results of PyObject_Size(),
PySequence_Size(), or PyMapping_Size().
- bpo-30011: Fixed race condition in HTMLParser.unescape().
- bpo-30068: _io._IOBase.readlines will check if it's closed first when hint

is present.
- bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions

and wrong types.
- bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering

long runs of empty iterables.
- bpo-29861: Release references to tasks, their arguments and their results

as soon as they are finished in multiprocessing.Pool.
- bpo-27880: Fixed integer overflow in cPickle when pickle large strings or

too many objects.
- bpo-29110: Fix file object leak in aifc.open() when file is given as a

filesystem path and is not in valid AIFF format. Original patch by Anthony
Zhang.
- bpo-29354: Fixed inspect.getargs() for parameters which are cell

variables.
- bpo-29335: Fix subprocess.Popen.wait() when the child process has exited

to a stopped instead of terminated state (ex: when under ptrace).
- bpo-29219: Fixed infinite recursion in the repr of uninitialized

ctypes.CDLL instances.
- bpo-29082: Fixed loading libraries in ctypes by unicode names on Windows.

Original patch by Chi Hsuan Yen.
- bpo-29188: Support glibc 2.24 on Linux: don't use getentropy() function

but read from /dev/urandom to get random bytes, for example in
os.urandom(). On Linux, getentropy() is implemented which getrandom() is
blocking mode, whereas os.urandom() should not block.
- bpo-29142: In urllib, suffixes in no_proxy environment variable with

leading dots could match related hostnames again (e.g. .b.c matches
a.b.c). Patch by Milan Oberkirch.
- bpo-13051: Fixed recursion errors in large or resized
curses.textpad.Textbox. Based on patch by Tycho Andersen.
- bpo-9770: curses.ascii predicates now work correctly with negative

integers.
- bpo-28427: old keys should not remove new values from WeakValueDictionary
when collecting from another thread.
- bpo-28998: More APIs now support longs as well as ints.
- bpo-28923: Remove editor artifacts from Tix.py, including encoding not

recognized by codecs.lookup.
- bpo-29019: Fix dict.fromkeys(x) overallocates when x is sparce dict.

Original patch by Rasmus Villemoes.
- bpo-19542: Fix bugs in WeakValueDictionary.setdefault() and

WeakValueDictionary.pop() when a GC collection happens in another thread.
- bpo-28925: cPickle now correctly propagates errors when unpickle instances

of old-style classes.
Documentation
-------------
- bpo-27212: Modify documentation for the :func:ìslice` recipe to consume

initial values up to the start index.
- bpo-32800: Update link to w3c doc for xml default namespaces.
- bpo-17799: Explain real behaviour of sys.settrace and sys.setprofile and

their C-API counterparts regarding which type of events are received in
each function. Patch by Pablo Galindo Salgado.
- bpo-8243: Add a note about curses.addch and curses.addstr exception

behavior when writing outside a window, or pad.
- bpo-21649: Add RFC 7525 and Mozilla server side TLS links to SSL
documentation.
- bpo-30176: Add missing attribute related constants in curses

documentation.
- bpo-28929: Link the documentation to its source file on GitHub.
- bpo-26355: Add canonical header link on each page to corresponding major

version of the documentation. Patch by Matthias Bussonnier.
- bpo-12067: Rewrite Comparisons section in the Expressions chapter of the

language reference. Some of the details of comparing mixed types were
incorrect or ambiguous. Added default behaviour and consistency
suggestions for user- defined classes. Based on patch from Andy Maier.
Tests
-----
- bpo-31719: Fix test_regrtest.test_crashed() on s390x. Add a new

_testcapi._read_null() function to crash Python in a reliable way on
s390x. On s390x, ctypes.string_at(0) returns an empty string rather than
crashing.
- bpo-31518: Debian Unstable has disabled TLS 1.0 and 1.1 for
SSLv23_METHOD(). Change TLS/SSL protocol of some tests to PROTOCOL_TLS or
PROTOCOL_TLSv1_2 to make them pass on Debian.
- bpo-25674: Remove sha256.tbs-internet.com ssl test
- bpo-11790: Fix sporadic failures in

test_multiprocessing.WithProcessesTestCondition.
- bpo-30236: Backported test.regrtest options -m/--match and -G/--failfast

from Python 3.
- bpo-30223: To unify running tests in Python 2.7 and Python 3, the test
package can be run as a script. This is equivalent to running the
test.regrtest module as a script.
- bpo-30207: To simplify backports from Python 3, the test.test_support

module was converted into a package and renamed to test.support. The
test.script_helper module was moved into the test.support package. Names
test.test_support and test.script_helper are left as aliases to
test.support and test.support.script_helper.
- bpo-30197: Enhanced function swap_attr() in the test.test_support module.

It now works when delete replaced attribute inside the with statement.
The old value of the attribute (or None if it doesn't exist) now will be
assigned to the target of the "as" clause, if there is one. Also
backported function swap_item().
- bpo-28087: Skip test_asyncore and test_eintr poll failures on macOS. Skip

some tests of select.poll when running on macOS due to unresolved issues
with the underlying system poll function on some macOS versions.
- bpo-15083: Convert ElementTree doctests to unittests.
Build
-----
- bpo-33163: Upgrade pip to 9.0.3 and setuptools to v39.0.1.
- bpo-32616: Disable computed gotos by default for clang < 5.0. It caused
significant performance regression.
- bpo-32635: Fix segfault of the crypt module when libxcrypt is provided

instead of libcrypt at the system.
- bpo-31934: Abort the build when building out of a not clean source tree.
- bpo-31474: Fix -Wint-in-bool-context warnings in PyMem_MALLOC and

PyMem_REALLOC macros
- bpo-29243: Prevent unnecessary rebuilding of Python during ``make test``,

``make install`` and some other make targets when configured with
``--enable- optimizations``.
- bpo-23404: Don't regenerate generated files based on file modification

time anymore: the action is now explicit. Replace ``make touch`` with
``make regen-all``.
- bpo-27593: sys.version and the platform module python_build(),

python_branch(), and python_revision() functions now use git information
rather than hg when building from a repo.
- bpo-29643: Fix ``--enable-optimization`` configure option didn't work.
- bpo-29572: Update Windows build and OS X installers to use OpenSSL 1.0.2k.
- bpo-28768: Fix implicit declaration of function _setmode. Patch by

Masayuki Yamamoto
Windows
-------
- bpo-33184: Update Windows build to use OpenSSL 1.0.2o.
- bpo-32903: Fix a memory leak in os.chdir() on Windows if the current

directory is set to a UNC path.
- bpo-30855: Bump Tcl/Tk to 8.5.19.
- bpo-30450: Pull build dependencies from GitHub rather than svn.python.org.
macOS
-----
- bpo-32726: Provide an additional, more modern macOS installer variant that

supports macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied
third-party libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+
installer now supplies its own private copy of Tcl/Tk 8.6.8.
- bpo-24414: Default macOS deployment target is now set by ``configure`` to

the build system's OS version (as is done by Python 3), not ``10.4``;
override with, for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``.
- bpo-17128: All 2.7 macOS installer variants now supply their own version
of `ÒpenSSL 1.0.2``; the Apple-supplied SSL libraries and root
certificates are not longer used. The `Ìnstaller Certificate`` command
in ``/Applications/Python 2.7`` may be used to download and install a
default set of root certificates from the third-party ``certifi`` package.
- bpo-11485: python.org macOS Pythons no longer supply a default SDK value

(e.g. ``-isysroot /``) or specific compiler version default (e.g.
``gcc-4.2``) when building extension modules. Use ``CC``, ``SDKROOT``,
and ``DEVELOPER_DIR`` environment variables to override compilers or to
use an SDK. See Apple's ``xcrun`` man page for more info.
- bpo-33184: Update macOS installer build to use OpenSSL 1.0.2o.
Tools/Demos
-----------
- bpo-31920: Fixed handling directories as arguments in the ``pygettext``

script. Based on patch by Oleg Krasnikov.
- bpo-30109: Fixed Tools/scripts/reindent.py for non-ASCII files. It now

processes files as binary streams. This also fixes "make reindent".
- bpo-24960: 2to3 and lib2to3 can now read pickled grammar files using
pkgutil.get_data() rather than probing the filesystem. This lets 2to3 and
lib2to3 work when run from a zipfile.
C API
-----
- bpo-20891: Fix PyGILState_Ensure(). When PyGILState_Ensure() is called in

a non-Python thread before PyEval_InitThreads(), only call
PyEval_InitThreads() after calling PyThreadState_New() to fix a crash.
- bpo-31626: When Python is built in debug mode, the memory debug hooks now
fail with a fatal error if realloc() fails to shrink a memory block,
because the debug hook just erased freed bytes without keeping a copy of
them.

================================================
Security
--------
- bpo-30947: Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to

get security fixes.
Core and Builtins

-----------------
- bpo-30765: Avoid blocking in pthread_mutex_lock() when

PyThread_acquire_lock() is asked not to block.
Library
-------
- bpo-31135: ttk: Fix LabeledScale and OptionMenu destroy() method. Call the
parent destroy() method even if the used attribute doesn't exist. The
LabeledScale.destroy() method now also explicitly clears label and scale
attributes to help the garbage collector to destroy all widgets.
- bpo-31107: Fix `copy_reg._slotnames()` mangled attribute calculation for

classes whose name begins with an underscore. Patch by Shane Harvey.
- bpo-29519: Fix weakref spewing exceptions during interpreter shutdown when

used with a rare combination of multiprocessing and custom codecs.
- bpo-30119: ftplib.FTP.putline() now throws ValueError on commands that

contains CR or LF. Patch by Dong-hee Na.
- bpo-30595: multiprocessing.Queue.get() with a timeout now polls its reader

in non- blocking mode if it succeeded to aquire the lock but the acquire
took longer than the timeout.
- bpo-29902: Py3k deprecation warning now is emitted when pickling or

copying some builtin and extension objects that don't support pickling
explicitly and are pickled incorrectly by default (like memoryview or
staticmethod). This is a TypeError in Python 3.6.
- bpo-29854: Fix segfault in readline when using readline's history-size

option. Patch by Nir Soffer.
- bpo-30807: signal.setitimer() may disable the timer when passed a tiny

value.
Tiny values (such as 1e-6) are valid non-zero values for setitimer(),
which is specified as taking microsecond-resolution intervals. However, on
some platform, our conversion routine could convert 1e-6 into a zero
interval, therefore disabling the timer instead of (re-)scheduling it.
Tests
-----
- bpo-30715: Address ALPN callback changes for OpenSSL 1.1.0f. The latest
version behaves like OpenSSL 1.0.2 and no longer aborts handshake.
- bpo-30822: Fix regrtest command line parser to allow passing -u

extralargefile to run test_zipfile64.
- bpo-30283: regrtest: Enhance regrtest and backport features from the

master branch.
Add options: --coverage, --testdir, --list-tests (list test files, don't

run them), --list-cases (list test identifiers, don't run them,
:issue:`30523`), --matchfile (load a list of test filters from a text
file, :issue:`30540`), --slowest (alias to --slow).
Enhance output: add timestamp, test result, currently running tests,

"Tests result: xxx" summary with total duration, etc.
Fix reference leak hunting in regrtest, --huntrleaks: regrtest now warms

up caches, create explicitly all internal singletons which are created on
demand to prevent false positives when checking for reference leaks.
(:issue:`30675`).

==================================
Core and Builtins

-----------------
- bpo-5322: Revert a37cc3d926ec.

================================================
Core and Builtins

-----------------
- bpo-5322: Fixed setting __new__ to a PyCFunction inside Python code.
Original patch by Andreas Stührk.
- bpo-28847: dumbdbm no longer writes the index file in when it is not

changed and supports reading read-only files.
- bpo-11145: Fixed miscellaneous issues with C-style formatting of types

with custom __oct__ and __hex__.
- bpo-24469: Fixed memory leak caused by int subclasses without overridden

tp_free (e.g. C-inherited Cython classes).
- bpo-19398: Extra slash no longer added to sys.path components in case of

empty compile- time PYTHONPATH components.
- bpo-21720: Improve exception message when the type of fromlist is unicode.

fromlist parameter of __import__() only accepts str in Python 2 and this
will help to identify the problem especially when the unicode_literals
future import is used.
- bpo-26906: Resolving special methods of uninitialized type now causes

implicit initialization of the type instead of a fail.
- bpo-18287: PyType_Ready() now checks that tp_name is not NULL. Original

patch by Niklas Koep.
- bpo-24098: Fixed possible crash when AST is changed in process of

compiling it.
- bpo-28350: String constants with null character no longer interned.
- bpo-27942: String constants now interned recursively in tuples and

frozensets.
- bpo-15578: Correctly incref the parent module while importing.
- bpo-26307: The profile-opt build now applies PGO to the built-in modules.
- bpo-26020: set literal evaluation order did not match documented

behaviour.
- bpo-27870: A left shift of zero by a large integer no longer attempts to

allocate large amounts of memory.
- bpo-25604: Fix a minor bug in integer true division; this bug could
potentially have caused off-by-one-ulp results on platforms with
unreliable ldexp implementations.
- bpo-27473: Fixed possible integer overflow in str, unicode and bytearray

concatenations and repetitions. Based on patch by Xiang Zhang.
- bpo-27507: Add integer overflow check in bytearray.extend(). Patch by

Xiang Zhang.
- bpo-27581: Don't rely on wrapping for overflow check in

PySequence_Tuple(). Patch by Xiang Zhang.
- bpo-23908: os functions, open() and the io.FileIO constructor now reject

unicode paths with embedded null character on Windows instead of silently
truncating them.
- bpo-27514: Make having too many statically nested blocks a SyntaxError

instead of SystemError.
Library
-------
- bpo-25659: In ctypes, prevent a crash calling the from_buffer() and

from_buffer_copy() methods on abstract classes like Array.
- bpo-28563: Fixed possible DoS and arbitrary code execution when handle
plural form selections in the gettext module. The expression parser now
supports exact syntax supported by GNU gettext.
- bpo-28387: Fixed possible crash in _io.TextIOWrapper deallocator when the

garbage collector is invoked in other thread. Based on patch by Sebastian
Cufre.
- bpo-28449: tarfile.open() with mode "r" or "r:" now tries to open a tar
file with compression before trying to open it without compression.
Otherwise it had 50% chance failed with ignore_zeros=True.
- bpo-25464: Fixed HList.header_exists() in Tix module by adding a

workaround to Tix library bug.
- bpo-28488: shutil.make_archive() no longer adds entry "./" to ZIP archive.
- bpo-28480: Fix error building _sqlite3 module when multithreading is

disabled.
- bpo-24452: Make webbrowser support Chrome on Mac OS X.
- bpo-26293: Fixed writing ZIP files that starts not from the start of the
file. Offsets in ZIP file now are relative to the start of the archive in
conforming to the specification.
- Fix possible integer overflows and crashes in the mmap module with unusual
usage patterns.
- bpo-27897: Fixed possible crash in sqlite3.Connection.create_collation()

if pass invalid string-like object as a name. Original patch by Xiang
Zhang.
- bpo-1703178: Fix the ability to pass the --link-objects option to the

distutils build_ext command.
- bpo-28253: Fixed calendar functions for extreme months: 0001-01 and

9999-12.
Methods itermonthdays() and itermonthdays2() are reimplemented so that

they don't call itermonthdates() which can cause datetime.date
under/overflow.
- bpo-27963: Fixed possible null pointer dereference in

ctypes.set_conversion_mode(). Patch by Xiang Zhang.
- bpo-28284: Strengthen resistance of ``_json.encode_basestring_ascii()`` to

integer overflow.
- bpo-27611: Fixed support of default root window in the Tix module.
- bpo-24363: When parsing HTTP header fields, if an invalid line is

encountered, skip it and continue parsing. Previously, no more header
fields were parsed, which could lead to fields for HTTP framing like
Content-Length and Transfer- Encoding being overlooked.
- bpo-27599: Fixed buffer overrun in binascii.b2a_qp() and

binascii.a2b_qp().
- bpo-25969: Update the lib2to3 grammar to handle the unpacking

generalizations added in 3.5.
- bpo-24594: Validates persist parameter when opening MSI database
- bpo-27570: Avoid zero-length memcpy() etc calls with null source pointers
in the "ctypes" and "array" modules.
- bpo-22450: urllib now includes an "Accept: */*" header among the default
headers. This makes the results of REST API requests more consistent and
predictable especially when proxy servers are involved.
- lib2to3.pgen3.driver.load_grammar() now creates a stable cache file

between runs given the same Grammar.txt input regardless of the hash
randomization setting.
- bpo-27691: Fix ssl module's parsing of GEN_RID subject alternative name

fields in X.509 certs.
- bpo-27850: Remove 3DES from ssl module's default cipher list to counter
measure sweet32 attack (CVE-2016-2183).
- bpo-27766: Add ChaCha20 Poly1305 to ssl module's default ciper list.

(Required OpenSSL 1.1.0 or LibreSSL).
- bpo-26470: Port ssl and hashlib module to OpenSSL 1.1.0.
- bpo-27944: Fix some memory-corruption bugs in the log reading code of the
_hotshot module.
- bpo-27934: Use ``float.__repr__`` instead of plain ``repr`` when JSON-

encoding an instance of a float subclass. Thanks Eddie James.
- bpo-27861: Fixed a crash in sqlite3.Connection.cursor() when a factory

creates not a cursor. Patch by Xiang Zhang.
- bpo-19884: Avoid spurious output on OS X with Gnu Readline.
- bpo-10513: Fix a regression in Connection.commit(). Statements should not

be reset after a commit.
- bpo-2466: posixpath.ismount now correctly recognizes mount points which

the user does not have permission to access.
- bpo-27783: Fix possible usage of uninitialized memory in

operator.methodcaller.
- bpo-27774: Fix possible Py_DECREF on unowned object in _sre.

- bpo-27760: Fix possible integer overflow in binascii.b2a_qp.
- In the curses module, raise an error if window.getstr() or window.instr()

is passed a negative value.
- bpo-27758: Fix possible integer overflow in the _csv module for large
record lengths.
- bpo-23369: Fixed possible integer overflow in

_json.encode_basestring_ascii.
- bpo-27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the

HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
- bpo-27130: In the "zlib" module, fix handling of large buffers (typically

2 or 4 GiB). Previously, inputs were limited to 2 GiB, and compression and
decompression operations did not properly handle results of 2 or 4 GiB.
- bpo-23804: Fix SSL zero-length recv() calls to not block and not raise an
error about unclean EOF.
- bpo-27466: Change time format returned by http.cookie.time2netscape,

confirming the netscape cookie format and making it consistent with
documentation.
- bpo-22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong

mode no longer break tracing, trace_vinfo() now always returns a list of
pairs of strings.
- bpo-27079: Fixed curses.ascii functions isblank(), iscntrl() and

ispunct().
- bpo-22636: Avoid shell injection problems with ctypes.util.find_library().
- bpo-27330: Fixed possible leaks in the ctypes module.
- bpo-27238: Got rid of bare excepts in the turtle module. Original patch
by Jelle Zijlstra.
- bpo-26386: Fixed ttk.TreeView selection operations with item id's

containing spaces.
- bpo-25455: Fixed a crash in repr of cElementTree.Element with recursive

tag.
- bpo-21201: Improves readability of multiprocessing error message. Thanks

to Wojciech Walczak for patch.
IDLE
----
- bpo-27854: Make Help => IDLE Help work again on Windows. Include
idlelib/help.html in 2.7 Windows installer.
- bpo-25507: Add back import needed for 2.x encoding warning box. Add
pointer to 'Encoding declaration' in Language Reference.
- bpo-15308: Add 'interrupt execution' (^C) to Shell menu. Patch by Roger
Serwy, updated by Bayard Randel.
- bpo-27922: Stop IDLE tests from 'flashing' gui widgets on the screen.
- bpo-17642: add larger font sizes for classroom projection.
- Add version to title of IDLE help window.
- bpo-25564: In section on IDLE -- console differences, mention that using

exec means that __builtins__ is defined for each statement.
- bpo-27714: text_textview and test_autocomplete now pass when re-run in the

same process. This occurs when test_idle fails when run with the -w
option but without -jn. Fix warning from test_config.
- bpo-27452: add line counter and crc to IDLE configHandler test dump.
- bpo-27365: Allow non-ascii chars in IDLE NEWS.txt, for contributor names.
- bpo-27245: IDLE: Cleanly delete custom themes and key bindings.

Previously, when IDLE was started from a console or by import, a cascade
of warnings was emitted. Patch by Serhiy Storchaka.
Documentation
-------------
- bpo-28513: Documented command-line interface of zipfile.
- bpo-16484: Change the default PYTHONDOCS URL to "https:", and fix the
resulting links to use lowercase. Patch by Sean Rodman, test by Kaushik
Nadikuditi.
Tests
-----
- bpo-28666: Now test.test_support.rmtree is able to remove unwritable or

unreadable directories.
- bpo-23839: Various caches now are cleared before running every test file.
- bpo-27369: In test_pyexpat, avoid testing an error message detail that

changed in Expat 2.2.0.
Build
-----
- bpo-10656: Fix out-of-tree building on AIX. Patch by Tristan Carel and

Michael Haubenwallner.
- bpo-26359: Rename --with-optimiations to --enable-optimizations.
- bpo-28248: Update Windows build and OS X installers to use OpenSSL 1.0.2j.
- bpo-28258: Fixed build with Estonian locale (distclean target in

Makefile). Patch by Arfrever Frehtes Taifersar Arahesis.
- bpo-26661: setup.py now detects system libffi with multiarch wrapper.

- bpo-15819: The Include directory in the build tree is already searched;
drop unused code trying to add it again.
- bpo-27566: Fix clean target in freeze makefile (patch by Lisa Roach)
- bpo-27983: Cause lack of llvm-profdata tool when using clang as required

for PGO linking to be a configure time error rather than make time when
``--with- optimizations`` is enabled. Also improve our ability to find
the llvm- profdata tool on MacOS and some Linuxes.
- bpo-26359: Add the --with-optimizations configure flag.
- bpo-10910: Avoid C++ compilation errors on FreeBSD and OS X. Also update

FreedBSD version checks for the original ctype UTF-8 workaround.
- bpo-27806: Fix 32-bit builds on macOS Sierra 10.12 broken by removal of

deprecated QuickTime/QuickTime.h header file. Patch by Aleks Bunin.
- bpo-28676: Prevent missing 'getentropy' declaration warning on macOS.

Initial patch by Gareth Rees.
Tools/Demos
-----------
- bpo-27952: Get Tools/scripts/fixcid.py working with the current "re"

module, avoid invalid Python backslash escapes, and fix a bug parsing
escaped C quote signs.
Windows
-------
- bpo-27932: Prevent memory leak in win32_ver().
- bpo-27888: Prevent Windows installer from displaying console windows and

failing when pip cannot be installed/uninstalled.
macOS
-----
- bpo-28440: No longer add /Library/Python/site-packages, the Apple-supplied

system Python site-packages directory, to sys.path for macOS framework
builds. The coupling between the two Python instances often caused
confusion and, as of macOS 10.12, changes to the site-packages layout can
cause pip component installations to fail. This change reverts the
effects introduced in 2.7.0 by Issue #4865. If you are using a package
with both the Apple system Python 2.7 and a user-installed Python 2.7, you
will need to ensure that copies of the package are installed with both
Python instances.

==================================
Build
-----
- bpo-27641: The configure script now inserts comments into the makefile to
prevent the pgen executable from being cross-compiled.
- bpo-26930: Update Windows builds to use OpenSSL 1.0.2h.
IDLE
----
- bpo-27365: Fix about dialog.

================================================
Core and Builtins

-----------------
- bpo-20041: Fixed TypeError when frame.f_trace is set to None. Patch by

Xavier de Gaye.
- bpo-25702: A --with-lto configure option has been added that will enable
link time optimizations at build time during a make profile-opt. Some
compilers and toolchains are known to not produce stable code when using
LTO, be sure to test things thoroughly before relying on it. It can
provide a few % speed up over profile-opt alone.
- bpo-26168: Fixed possible refleaks in failing Py_BuildValue() with the "N"

format unit.
- bpo-27039: Fixed bytearray.remove() for values greater than 127. Patch by

Joe Jevnik.
- bpo-4806: Avoid masking the original TypeError exception when using star
(*) unpacking and the exception was raised from a generator. Based on
patch by Hagen Fürstenau.
- bpo-26659: Make the builtin slice type support cycle collection.
- bpo-26718: super.__init__ no longer leaks memory if called multiple times.

NOTE: A direct call of super.__init__ is not endorsed!
- bpo-13410: Fixed a bug in PyUnicode_Format where it failed to properly

ignore errors from a __int__() method.
- bpo-26494: Fixed crash on iterating exhausting iterators. Affected classes

are generic sequence iterators, iterators of bytearray, list, tuple, set,
frozenset, dict, OrderedDict and corresponding views.
- bpo-26581: If coding cookie is specified multiple times on a line in

Python source code file, only the first one is taken to account.
- bpo-22836: Ensure exception reports from PyErr_Display() and

PyErr_WriteUnraisable() are sensible even when formatting them produces
secondary errors. This affects the reports produced by
sys.__excepthook__() and when __del__() raises an exception.
- bpo-22847: Improve method cache efficiency.

- bpo-25843: When compiling code, don't merge constants if they are equal
but have a different types. For example, ``f1, f2 = lambda: 1, lambda:
1.0`` is now correctly compiled to two different functions: ``f1()``
returns ``1`` (`ìnt``) and ``f2()`` returns ``1.0`` (`ìnt``), even if
``1`` and ``1.0`` are equal.
- bpo-22995: [UPDATE] Remove the one of the pickleability tests in

_PyObject_GetState() due to regressions observed in Cython-based projects.
- bpo-25961: Disallowed null characters in the type name.
- bpo-22995: Instances of extension types with a state that aren't

subclasses of list or dict and haven't implemented any pickle-related
methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or
__getstate__), can no longer be pickled. Including memoryview.
- bpo-20440: Massive replacing unsafe attribute setting code with special

macro Py_SETREF.
- bpo-25421: __sizeof__ methods of builtin types now use dynamic basic size.
This allows sys.getsize() to work correctly with their subclasses with
__slots__ defined.
- bpo-19543: Added Py3k warning for decoding unicode.
- bpo-24097: Fixed crash in object.__reduce__() if slot name is freed inside

__getattr__.
- bpo-24731: Fixed crash on converting objects with special methods __str__,

__trunc__, and __float__ returning instances of subclasses of str, long,
and float to subclasses of str, long, and float correspondingly.
- bpo-26478: Fix semantic bugs when using binary operators with dictionary
views and tuples.
- bpo-26171: Fix possible integer overflow and heap corruption in

zipimporter.get_data().
Library
-------
- bpo-26556: Update expat to 2.1.1, fixes CVE-2015-1283.
- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by

Team Oststrom
- bpo-7356: ctypes.util: Make parsing of ldconfig output independent of the

locale.
- bpo-25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from

sending a message body for 205 Reset Content. Also, don't send the
Content-Type header field in responses that don't have a body. Based on
patch by Susumu Koshiba.
- bpo-21313: Fix the "platform" module to tolerate when sys.version contains

truncated build information.
- bpo-27211: Fix possible memory corruption in io.IOBase.readline().

- bpo-27114: Fix SSLContext._load_windows_store_certs fails with
PermissionError
- bpo-14132: Fix urllib.request redirect handling when the target only has a
query string. Fix by Ján Janech.
- Removed the requirements for the ctypes and modulefinder modules to be

compatible with earlier Python versions.
- bpo-22274: In the subprocess module, allow stderr to be redirected to

stdout even when stdout is not redirected. Patch by Akira Li.
- bpo-12045: Avoid duplicate execution of command in

ctypes.util._get_soname(). Patch by Sijin Joseph.
- bpo-26960: Backported #16270 from Python 3 to Python 2, to prevent urllib

from hanging when retrieving certain FTP files.
- bpo-25745: Fixed leaking a userptr in curses panel destructor.
- bpo-17765: weakref.ref() no longer silently ignores keyword arguments.

Patch by Georg Brandl.
- bpo-26873: xmlrpclib now raises ResponseError on unsupported type tags

instead of silently return incorrect result.
- bpo-24114: Fix an uninitialized variable in `ctypes.util`.
The bug only occurs on SunOS when the ctypes implementation searches for
the `crle` program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos.
- bpo-26864: In urllib, change the proxy bypass host checking against

no_proxy to be case-insensitive, and to not match unrelated host names
that happen to have a bypassed hostname as a suffix. Patch by Xiang
Zhang.
- bpo-26804: urllib will prefer lower_case proxy environment variables over

UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen.
- bpo-26837: assertSequenceEqual() now correctly outputs non-stringified

differing items. This affects assertListEqual() and assertTupleEqual().
- bpo-26822: itemgetter, attrgetter and methodcaller objects no longer

silently ignore keyword arguments.
- bpo-26657: Fix directory traversal vulnerability with SimpleHTTPServer on

Windows. This fixes a regression that was introduced in 2.7.7. Based on
patch by Philipp Hagemeister.
- bpo-19377: Add .svg to mimetypes.types_map.
- bpo-13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson.
- bpo-16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'.
- bpo-23735: Handle terminal resizing with Readline 6.3+ by installing our

own SIGWINCH handler. Patch by Eric Price.
- bpo-26644: Raise ValueError rather than SystemError when a negative length

is passed to SSLSocket.recv() or read().
- bpo-23804: Fix SSL recv(0) and read(0) methods to return zero bytes
instead of up to 1024.
- bpo-24266: Ctrl+C during Readline history search now cancels the search
mode when compiled with Readline 7.
- bpo-23857: Implement PEP 493, adding a Python-2-only ssl module API and
environment variable to configure the default handling of SSL/TLS
certificates for HTTPS connections.
- bpo-26313: ssl.py _load_windows_store_certs fails if windows cert store is

empty. Patch by Baji.
- bpo-26513: Fixes platform module detection of Windows Server
- bpo-23718: Fixed parsing time in week 0 before Jan 1. Original patch by

Tamás Bence Gedai.
- bpo-26177: Fixed the keys() method for Canvas and Scrollbar widgets.
- bpo-15068: Got rid of excessive buffering in the fileinput module. The

bufsize parameter is no longer used.
- bpo-2202: Fix UnboundLocalError in

AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu
Dupuy.
- bpo-26475: Fixed debugging output for regular expressions with the (?x)
flag.
- bpo-26385: Remove the file if the internal fdopen() call in

NamedTemporaryFile() fails. Based on patch by Silent Ghost.
- bpo-26309: In the "SocketServer" module, shut down the request (closing

the connected socket) when verify_request() returns false. Based on patch
by Aviv Palivoda.
- bpo-25939: On Windows open the cert store readonly in

ssl.enum_certificates.
- bpo-24303: Fix random EEXIST upon multiprocessing semaphores creation with

Linux PID namespaces enabled.
- bpo-25698: Importing module if the stack is too deep no longer replaces

imported module with the empty one.
- bpo-12923: Reset FancyURLopener's redirect counter even if there is an

exception. Based on patches by Brian Brazil and Daniel Rocco.
- bpo-25945: Fixed a crash when unpickle the functools.partial object with

wrong state. Fixed a leak in failed functools.partial constructor. "args"
and "keywords" attributes of functools.partial have now always types tuple
and dict correspondingly.
- bpo-19883: Fixed possible integer overflows in zipimport.
- bpo-26147: xmlrpclib now works with unicode not encodable with used non-
UTF-8 encoding.
- bpo-16620: Fixed AttributeError in msilib.Directory.glob().
- bpo-21847: Fixed xmlrpclib on Unicode-disabled builds.
- bpo-6500: Fixed infinite recursion in urllib2.Request.__getattr__().
- bpo-26083: Workaround a subprocess bug that raises an incorrect

"ValueError: insecure string pickle" exception instead of the actual
exception on some platforms such as Mac OS X when an exception raised in
the forked child process prior to the exec() was large enough that it
overflowed the internal errpipe_read pipe buffer.
- bpo-24103: Fixed possible use after free in ElementTree.iterparse().
- bpo-20954: _args_from_interpreter_flags used by multiprocessing and some

tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED
environment variable.
- bpo-14285: When executing a package with the "python -m package" option,

and package initialization raises ImportError, a proper traceback is now
reported.
- bpo-6478: _strptime's regexp cache now is reset after changing timezone

with time.tzset().
- bpo-25718: Fixed copying object with state with boolean value is false.
- bpo-25742: :func:`locale.setlocale` now accepts a Unicode string for its

second parameter.
- bpo-10131: Fixed deep copying of minidom documents. Based on patch by

Marian Ganisin.
- bpo-25725: Fixed a reference leak in cPickle.loads() when unpickling

invalid data including tuple instructions.
- bpo-25663: In the Readline completer, avoid listing duplicate global

names, and search the global namespace before searching builtins.
- bpo-25688: Fixed file leak in ElementTree.iterparse() raising an error.
- bpo-23914: Fixed SystemError raised by CPickle unpickler on broken data.
- bpo-25924: Avoid unnecessary serialization of getaddrinfo(3) calls on OS X

versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis.
- bpo-26406: Avoid unnecessary serialization of getaddrinfo(3) calls on

current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis.
IDLE
----
- bpo-5124: Paste with text selected now replaces the selection on X11. This
matches how paste works on Windows, Mac, most modern Linux apps, and ttk
widgets. Original patch by Serhiy Storchaka.
- bpo-24759: Make clear in idlelib.idle_test.__init__ that the directory is

a private implementation of test.test_idle and tool for maintainers.
- bpo-26673: When tk reports font size as 0, change to size 10. Such fonts
on Linux prevented the configuration dialog from opening.
- bpo-27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks.
- In the 'IDLE-console differences' section of the IDLE doc, clarify how

running with IDLE affects sys.modules and the standard streams.
- bpo-25507: fix incorrect change in IOBinding that prevented printing.

Change also prevented saving shell window with non-ascii characters.
Augment IOBinding htest to include all major IOBinding functions.
- bpo-25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION

MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode
CREDITS.txt to utf-8 and open it with 'utf-8'.
- bpo-26417: Prevent spurious errors and incorrect defaults when installing

IDLE 2.7 on OS X: default configuration settings are no longer installed
from OS X specific copies.
Documentation
-------------
- bpo-26736: Used HTTPS for external links in the documentation if possible.
- bpo-6953: Rework the Readline module documentation to group related

functions together, and add more details such as what underlying Readline
functions and variables are accessed.
- bpo-26014: Guide users to the newer packaging documentation as was done

for Python 3.x. In particular, the top-level 2.7 documentation page now
links to the newer installer and distributions pages rather than the
legacy install and Distutils pages; these are still linked to in the
library/distutils doc page.
Tests
-----
- bpo-21916: Added tests for the turtle module. Patch by ingrid, Gregory
Loyse and Jelle Zijlstra.
- bpo-25940: Changed test_ssl to use self-signed.pythontest.net. This

avoids relying on svn.python.org, which recently changed root certificate.
- bpo-25616: Tests for OrderedDict are extracted from test_collections into

separate file test_ordered_dict.
Build
-----
- bpo-22359: Avoid incorrect recursive $(MAKE), and disable the rules for
running pgen when cross-compiling. The pgen output is normally saved with
the source code anyway, and is still regenerated when doing a native
build. Patch by Jonas Wagner and Xavier de Gaye.
- bpo-19450: Update Windows builds to use SQLite 3.8.11.0.

- bpo-27229: Fix the cross-compiling pgen rule for in-tree builds. Patch by
Xavier de Gaye.
- bpo-17603: Avoid error about nonexistant fileblocks.o file by using a

lower-level check for st_blocks in struct stat.
- bpo-26465: Update Windows builds to use OpenSSL 1.0.2g.
- bpo-24421: Compile Modules/_math.c once, before building extensions.

Previously it could fail to compile properly if the math and cmath builds
were concurrent.
- bpo-25824: Fixes sys.winver to not include any architecture suffix.
- bpo-25348: Added ``--pgo`` and ``--pgo-job`` arguments to

``PCbuild\build.bat`` for building with Profile-Guided Optimization. The
old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls
``PCbuild\build.bat --pgo %*``.
- bpo-25827: Add support for building with ICC to ``configure``, including a

new ``--with-icc`` flag.
- bpo-25696: Fix installation of Python on UNIX with make -j9.
- bpo-26930: Update OS X 10.5+ 32-bit-only installer to build and link with

OpenSSL 1.0.2h.
- bpo-26268: Update Windows builds to use OpenSSL 1.0.2f.
- bpo-25136: Support Apple Xcode 7's new textual SDK stub libraries.
Tools/Demos
-----------
- bpo-26799: Fix python-gdb.py: don't get C types once when the Python code
is loaded, but get C types on demand. The C types can change if python-
gdb.py is loaded before the Python executable. Patch written by Thomas
Ilsche.
C API
-----
- bpo-30255: PySlice_GetIndicesEx now clips the step to [-PY_SSIZE_T_MAX,

PY_SSIZE_T_MAX] instead of [-PY_SSIZE_T_MAX-1, PY_SSIZE_T_MAX]. This
makes it safe to do "step = -step" when reversing a slice.
- bpo-26476: Fixed compilation error when use PyErr_BadInternalCall() in

C++. Patch by Jeroen Demeyer.
Windows
-------
- bpo-17500: Remove unused and outdated icons. (See also:

https://github.com/python/pythondotorg/issues/945)

==================================
Library
-------
- bpo-25624: ZipFile now always writes a ZIP_STORED header for directory

entries. Patch by Dingyuan Wang.

================================================
Core and Builtins

-----------------
- bpo-25678: Avoid buffer overreads when int(), long(), float(), and

compile() are passed buffer objects. These objects are not necessarily
terminated by a null byte, but the functions assumed they were.
- bpo-25388: Fixed tokenizer hang when processing undecodable source code

with a null byte.
- bpo-22995: Default implementation of __reduce__ and __reduce_ex__ now

rejects builtin types with not defined __new__.
- bpo-7267: format(int, 'c') now raises OverflowError when the argument is

not in range(0, 256).
- bpo-24806: Prevent builtin types that are not allowed to be subclassed

from being subclassed through multiple inheritance.
- bpo-24848: Fixed a number of bugs in UTF-7 decoding of misformed data.
- bpo-25003: os.urandom() doesn't use getentropy() on Solaris because

getentropy() is blocking, whereas os.urandom() should not block.
getentropy() is supported since Solaris 11.3.
- bpo-21167: NAN operations are now handled correctly when python is

compiled with ICC even if -fp-model strict is not specified.
- bpo-24467: Fixed possible buffer over-read in bytearray. The bytearray

object now always allocates place for trailing null byte and it's buffer
now is always null-terminated.
- bpo-19543: encode() and decode() methods and constructors of str, unicode

and bytearray classes now emit deprecation warning for known non-text
encodings when Python is ran with the -3 option.
- bpo-24115: Update uses of PyObject_IsTrue(), PyObject_Not(),

PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains()
to check for and handle errors correctly.
- bpo-4753: On compilers where it is supported, use "computed gotos" for

bytecode dispatch in the interpreter. This improves interpretation
performance.
- bpo-22939: Fixed integer overflow in iterator object. Original patch by

Clement Rouault.
- bpo-24102: Fixed exception type checking in standard error handlers.
Library
-------
- bpo-10128: backport issue #10845's mitigation of incompatibilities between

the multiprocessing module and directory and zipfile execution.
Multiprocessing on Windows will now automatically skip rerunning __main__
in spawned processes, rather than failing with AssertionError.
- bpo-25578: Fix (another) memory leak in SSLSocket.getpeercer().
- bpo-25590: In the Readline completer, only call getattr() once per

attribute.
- bpo-25530: Disable the vulnerable SSLv3 protocol by default when creating

ssl.SSLContext.
- bpo-25569: Fix memory leak in SSLSocket.getpeercert().
- bpo-7759: Fixed the mhlib module on filesystems that doesn't support link
counting for directories.
- bpo-892902: Fixed pickling recursive objects.
- bpo-18010: Fix the pydoc GUI's search function to handle exceptions from
importing packages.
- bpo-25515: Always use os.urandom as a source of randomness in uuid.uuid4.
- bpo-21827: Fixed textwrap.dedent() for the case when largest common

whitespace is a substring of smallest leading whitespace. Based on patch
by Robert Li.
- bpo-21709: Fix the logging module to not depend upon __file__ being set
properly to get the filename of its caller from the stack. This allows it
to work if run in a frozen or embedded environment where the module's
.__file__ attribute does not match its code object's .co_filename.
- bpo-25319: When threading.Event is reinitialized, the underlying condition

should use a regular lock rather than a recursive lock.
- bpo-25232: Fix CGIRequestHandler to split the query from the URL at the
first question mark (?) rather than the last. Patch from Xiang Zhang.
- bpo-24657: Prevent CGIRequestHandler from collapsing slashes in the query

part of the URL as if it were a path. Patch from Xiang Zhang.
- bpo-22958: Constructor and update method of weakref.WeakValueDictionary

now accept the self keyword argument.
- bpo-22609: Constructor and the update method of collections.UserDict now

accept the self keyword argument.
- bpo-25203: Failed readline.set_completer_delims() no longer left the

module in inconsistent state.
- bpo-19143: platform module now reads Windows version from kernel32.dll to
avoid compatibility shims.
- bpo-25135: Make deque_clear() safer by emptying the deque before clearing.

This helps avoid possible reentrancy issues.
- bpo-24684: socket.socket.getaddrinfo() now calls

PyUnicode_AsEncodedString() instead of calling the encode() method of the
host, to handle correctly custom unicode string with an encode() method
which doesn't return a byte string. The encoder of the IDNA codec is now
called directly instead of calling the encode() method of the string.
- bpo-24982: shutil.make_archive() with the "zip" format now adds entries

for directories (including empty directories) in ZIP file.
- bpo-17849: Raise a sensible exception if an invalid response is received

for a HTTP tunnel request, as seen with some servers that do not support
tunnelling. Initial patch from Cory Benfield.
- bpo-16180: Exit pdb if file has syntax error, instead of trapping user in
an infinite loop. Patch by Xavier de Gaye.
- bpo-22812: Fix unittest discovery examples. Patch from Pam McA'Nulty.
- bpo-24634: Importing uuid should not try to load libc on Windows
- bpo-23652: Make it possible to compile the select module against the libc
headers from the Linux Standard Base, which do not include some EPOLL
macros. Initial patch by Matt Frank.
- bpo-15138: Speed up base64.urlsafe_b64{en,de}code considerably.
- bpo-23319: Fix ctypes.BigEndianStructure, swap correctly bytes. Patch

written by Matthieu Gautier.
- bpo-23254: Document how to close the TCPServer listening socket. Patch

from Martin Panter.
- bpo-17527: Add PATCH to wsgiref.validator. Patch from Luca Sbardella.
- bpo-24613: Calling array.fromstring() with self is no longer allowed to

prevent the use-after-free error. Patch by John Leitch.
- bpo-24708: Fix possible integer overflow in strop.replace().
- bpo-24620: Random.setstate() now validates the value of state last

element.
- bpo-13938: 2to3 converts StringTypes to a tuple. Patch from Mark Hammond.
- bpo-24611: Fixed compiling the posix module on non-Windows platforms

without mknod() or makedev() (e.g. on Unixware).
- bpo-18684: Fixed reading out of the buffer in the re module.
- bpo-24259: tarfile now raises a ReadError if an archive is truncated

inside a data segment.
- bpo-24514: tarfile now tolerates number fields consisting of only

whitespace.
- bpo-20387: Restore semantic round-trip correctness in tokenize/untokenize

for tab- indented blocks.
- bpo-24456: Fixed possible buffer over-read in adpcm2lin() and lin2adpcm()

functions of the audioop module. Fixed SystemError when the state is not
a tuple. Fixed possible memory leak.
- bpo-24481: Fix possible memory corruption with large profiler info strings
in hotshot.
- bpo-24489: ensure a previously set C errno doesn't disturb cmath.polar().
- bpo-19543: io.TextIOWrapper (and hence io.open()) now uses the internal

codec marking system added to emit deprecation warning for known non-text
encodings at stream construction time when Python is ran with the -3
option.
- bpo-24264: Fixed buffer overflow in the imageop module.
- bpo-5633: Fixed timeit when the statement is a string and the setup is
not.
- bpo-24326: Fixed audioop.ratecv() with non-default weightB argument.

Original patch by David Moore.
- bpo-22095: Fixed HTTPConnection.set_tunnel with default port. The port

value in the host header was set to "None". Patch by Demian Brecht.
- bpo-24257: Fixed segmentation fault in sqlite3.Row constructor with faked

cursor type.
- bpo-24286: Dict view were not registered with the MappingView abstract
base classes. This caused key and item views in OrderedDict to not be
equal to their regular dict counterparts.
- bpo-22107: tempfile.gettempdir() and tempfile.mkdtemp() now try again when

a directory with the chosen name already exists on Windows as well as on
Unix. tempfile.mkstemp() now fails early if parent directory is not valid
(not exists or is a file) on Windows.
- bpo-6598: Increased time precision and random number range in

email.utils.make_msgid() to strengthen the uniqueness of the message ID.
- bpo-24091: Fixed various crashes in corner cases in cElementTree.
- bpo-15267: HTTPConnection.request() now is compatible with old-style

classes (such as TemporaryFile). Original patch by Atsuo Ishimoto.
- bpo-20014: array.array() now accepts unicode typecodes. Based on patch by

Vajrasky Kok.
- bpo-23637: Showing a warning no longer fails with UnicodeError. Formatting

unicode warning in the file with the path containing non-ascii characters
no longer fails with UnicodeError.
- bpo-24134: Reverted issue #24134 changes.

IDLE
----
- bpo-15348: Stop the debugger engine (normally in a user process) before

closing the debugger window (running in the IDLE process). This prevents
the RuntimeErrors that were being caught and ignored.
- bpo-24455: Prevent IDLE from hanging when a) closing the shell while the
debugger is active (15347); b) closing the debugger with the [X] button
(15348); and c) activating the debugger when already active (24455). The
patch by Mark Roseman does this by making two changes. 1. Suspend and
resume the gui.interaction method with the tcl vwait mechanism intended
for this purpose (instead of root.mainloop & .quit). 2. In gui.run, allow
any existing interaction to terminate first.
- Change 'The program' to 'Your program' in an IDLE 'kill program?' message

to make it clearer that the program referred to is the currently running
user program, not IDLE itself.
- bpo-24750: Improve the appearance of the IDLE editor window status bar.
Patch by Mark Roseman.
- bpo-25313: Change the handling of new built-in text color themes to better
address the compatibility problem introduced by the addition of IDLE Dark.
Consistently use the revised idleConf.CurrentTheme everywhere in idlelib.
- bpo-24782: Extension configuration is now a tab in the IDLE Preferences

dialog rather than a separate dialog. The former tabs are now a sorted
list. Patch by Mark Roseman.
- bpo-22726: Re-activate the config dialog help button with some content
about the other buttons and the new IDLE Dark theme.
- bpo-24820: IDLE now has an 'IDLE Dark' built-in text color theme. It is
more or less IDLE Classic inverted, with a cobalt blue background.
Strings, comments, keywords, ... are still green, red, orange, ... . To
use it with IDLEs released before November 2015, hit the 'Save as New
Custom Theme' button and enter a new name, such as 'Custom Dark'. The
custom theme will work with any IDLE release, and can be modified.
- bpo-25224: README.txt is now an idlelib index for IDLE developers and

curious users. The previous user content is now in the IDLE doc chapter.
'IDLE' now means 'Integrated Development and Learning Environment'.
- bpo-24820: Users can now set breakpoint colors in Settings -> Custom
Highlighting. Original patch by Mark Roseman.
- bpo-24972: Inactive selection background now matches active selection

background, as configured by users, on all systems. Found items are now
always highlighted on Windows. Initial patch by Mark Roseman.
- bpo-24570: Idle: make calltip and completion boxes appear on Macs affected
by a tk regression. Initial patch by Mark Roseman.
- bpo-24988: Idle ScrolledList context menus (used in debugger) now work on

Mac Aqua. Patch by Mark Roseman.
- bpo-24801: Make right-click for context menu work on Mac Aqua. Patch by
Mark Roseman.
- bpo-25173: Associate tkinter messageboxes with a specific widget. For Mac
OSX, make them a 'sheet'. Patch by Mark Roseman.
- bpo-25198: Enhance the initial html viewer now used for Idle Help. *
Properly indent fixed-pitch text (patch by Mark Roseman). * Give code
snippet a very Sphinx- like light blueish-gray background. * Re-use
initial width and height set by users for shell and editor. * When the
Table of Contents (TOC) menu is used, put the section header at the top of
the screen.
- bpo-25225: Condense and rewrite Idle doc section on text colors.
- bpo-21995: Explain some differences between IDLE and console Python.
- bpo-22820: Explain need for *print* when running file from Idle editor.
- bpo-25224: Doc: augment Idle feature list and no-subprocess section.
- bpo-25219: Update doc for Idle command line options. Some were missing and
notes were not correct.
- bpo-24861: Most of idlelib is private and subject to change. Use

idleib.idle.* to start Idle. See idlelib.__init__.__doc__.
- bpo-25199: Idle: add synchronization comments for future maintainers.
- bpo-16893: Replace help.txt with help.html for Idle doc display. The new
idlelib/help.html is rstripped Doc/build/html/library/idle.html. It looks
better than help.txt and will better document Idle as released. The
tkinter html viewer that works for this file was written by Mark Roseman.
The now unused EditorWindow.HelpDialog class and helt.txt file are
deprecated.
- bpo-24199: Deprecate unused idlelib.idlever with possible removal in 3.6.
- bpo-24790: Remove extraneous code (which also create 2 & 3 conflicts).
- bpo-23672: Allow Idle to edit and run files with astral chars in name.
Patch by Mohd Sanad Zaki Rizvi.
- bpo-24745: Idle editor default font. Switch from Courier to platform-

sensitive TkFixedFont. This should not affect current customized font
selections. If there is a problem, edit $HOME/.idlerc/config-main.cfg and
remove 'fontxxx' entries from [Editor Window]. Patch by Mark Roseman.
- bpo-21192: Idle editor. When a file is run, put its name in the restart
bar. Do not print false prompts. Original patch by Adnan Umer.
- bpo-13884: Idle menus. Remove tearoff lines. Patch by Roger Serwy.
- bpo-15809: IDLE shell now uses locale encoding instead of Latin1 for
decoding unicode literals.
Documentation
-------------
- bpo-24952: Clarify the default size argument of stack_size() in the

"threading" and "thread" modules. Patch from Mattip.
- bpo-20769: Improve reload() docs. Patch by Dorian Pula.
- bpo-23589: Remove duplicate sentence from the FAQ. Patch by Yongzhi Pan.
- bpo-22155: Add File Handlers subsection with createfilehandler to Tkinter

doc. Remove obsolete example from FAQ. Patch by Martin Panter.
Tests
-----
- bpo-24751: When running regrtest with the ``-w`` command line option, a
test run is no longer marked as a failure if all tests succeed when re-
run.
- PCbuild\rt.bat now accepts an unlimited number of arguments to pass along

to regrtest.py. Previously there was a limit of 9.
Build
-----
- bpo-24915: When doing a PGO build, the test suite is now used instead of
pybench; Clang support was also added as part off this work. Initial patch
by Alecsandru Patrascu of Intel.
- bpo-24986: It is now possible to build Python on Windows without errors

when external libraries are not available.
- bpo-24508: Backported the MSBuild project files from Python 3.5. The
backported files replace the old project files in PCbuild; the old files
moved to PC/VS9.0 and remain supported.
- bpo-24603: Update Windows builds and OS X 10.5 installer to use OpenSSL

1.0.2d.
Windows
-------
- bpo-25022: Removed very outdated PC/example_nt/ directory.

==================================
Library
-------
- bpo-22931: Allow '[' and ']' in cookie values.

================================================
Core and Builtins

-----------------
- bpo-23971: Fix underestimated presizing in dict.fromkeys().
- bpo-23757: PySequence_Tuple() incorrectly called the concrete list API

when the data was a list subclass.
- bpo-23629: Fix the default __sizeof__ implementation for variable-sized

objects.
- bpo-23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis and

fix by Guido Vranken.
- bpo-23048: Fix jumping out of an infinite while loop in the pdb.
Library
-------
- The keywords attribute of functools.partial is now always a dictionary.
- bpo-20274: When calling a _sqlite.Connection, it now complains if passed

any keyword arguments. Previously it silently ignored them.
- bpo-20274: Remove ignored and erroneous "kwargs" parameters from three

METH_VARARGS methods on _sqlite.Connection.
- bpo-24134: assertRaises() and assertRaisesRegexp() checks are not longer

successful if the callable is None.
- bpo-23008: Fixed resolving attributes with boolean value is False in

pydoc.
- bpo-24099: Fix use-after-free bug in heapq's siftup and siftdown

functions. (See also: bpo-24100, bpo-24101)
- Backport collections.deque fixes from Python 3.5. Prevents reentrant

badness during deletion by deferring the decref until the container has
been restored to a consistent state.
- bpo-23842: os.major(), os.minor() and os.makedev() now support ints again.
- bpo-23811: Add missing newline to the PyCompileError error message. Patch

by Alex Shkop.
- bpo-17898: Fix exception in gettext.py when parsing certain plural forms.
- bpo-23865: close() methods in multiple modules now are idempotent and more
robust at shutdown. If they need to release multiple resources, all are
released even if errors occur.
- bpo-23881: urllib.ftpwrapper constructor now closes the socket if the FTP

connection failed.
- bpo-15133: _tkinter.tkapp.getboolean() now supports long and Tcl_Obj and

always returns bool. tkinter.BooleanVar now validates input values
(accepted bool, int, long, str, unicode, and Tcl_Obj).
tkinter.BooleanVar.get() now always returns bool.
- bpo-23338: Fixed formatting ctypes error messages on Cygwin. Patch by

Makoto Kato.
- bpo-16840: Tkinter now supports 64-bit integers added in Tcl 8.4 and
arbitrary precision integers added in Tcl 8.5.
- bpo-23834: Fix socket.sendto(), use the C long type to store the result of
sendto() instead of the C int type.
- bpo-21526: Tkinter now supports new boolean type in Tcl 8.5.
- bpo-23838: linecache now clears the cache and returns an empty result on
MemoryError.
- bpo-23742: ntpath.expandvars() no longer loses unbalanced single quotes.
- bpo-21802: The reader in BufferedRWPair now is closed even when closing

writer failed in BufferedRWPair.close().
- bpo-23671: string.Template now allows specifying the "self" parameter as a

keyword argument. string.Formatter now allows specifying the "self" and
the "format_string" parameters as keyword arguments.
- bpo-21560: An attempt to write a data of wrong type no longer cause

GzipFile corruption. Original patch by Wolfgang Maier.
- bpo-23647: Increase impalib's MAXLINE to accommodate modern mailbox sizes.
- bpo-23539: If body is None, http.client.HTTPConnection.request now sets

Content-Length to 0 for PUT, POST, and PATCH headers to avoid 411 errors
from some web servers.
- bpo-23136: _strptime now uniformly handles all days in week 0, including

Dec 30 of previous year. Based on patch by Jim Carroll.
- bpo-23138: Fixed parsing cookies with absent keys or values in cookiejar.

Patch by Demian Brecht.
- bpo-23051: multiprocessing.Pool methods imap() and imap_unordered() now

handle exceptions raised by an iterator. Patch by Alon Diamant and Davin
Potts.
- bpo-22928: Disabled HTTP header injections in httplib. Original patch by

Demian Brecht.
- bpo-23615: Module tarfile is now can be reloaded with imp.reload().
- bpo-22853: Fixed a deadlock when use multiprocessing.Queue at import time.

Patch by Florian Finkernagel and Davin Potts.
- bpo-23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST

flag on certificate stores when it is available.
- bpo-23576: Avoid stalling in SSL reads when EOF has been reached in the
SSL layer but the underlying connection hasn't been closed.
- bpo-23504: Added an __all__ to the types module.
- bpo-23458: On POSIX, the file descriptor kept open by os.urandom() is now

set to non inheritable
- bpo-22113: struct.pack_into() now supports new buffer protocol (in
particular accepts writable memoryview).
- bpo-814253: Warnings now are raised when group references and conditional
group references are used in lookbehind assertions in regular expressions.
(See also: bpo-9179)
- bpo-23215: Multibyte codecs with custom error handlers that ignores errors
consumed too much memory and raised SystemError or MemoryError. Original
patch by Aleksi Torhamo.
- bpo-5700: io.FileIO() called flush() after closing the file. flush() was
not called in close() if closefd=False.
- bpo-21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty

docstrings. Initial patch by Yuyang Guo.
- bpo-22885: Fixed arbitrary code execution vulnerability in the dumbdbm

module. Original patch by Claudiu Popa.
- bpo-23481: Remove RC4 from the SSL module's default cipher list.
- bpo-21849: Fixed xmlrpclib serialization of non-ASCII unicode strings in

the multiprocessing module.
- bpo-21840: Fixed expanding unicode variables of form $var in

posixpath.expandvars(). Fixed all os.path implementations on unicode-
disabled builds.
- bpo-23367: Fix possible overflows in the unicodedata module.
- bpo-23363: Fix possible overflow in itertools.permutations.
- bpo-23364: Fix possible overflow in itertools.product.
- bpo-23365: Fixed possible integer overflow in

itertools.combinations_with_replacement.
- bpo-23366: Fixed possible integer overflow in itertools.combinations.
- bpo-23191: fnmatch functions that use caching are now threadsafe.
- bpo-18518: timeit now rejects statements which can't be compiled outside a

function or a loop (e.g. "return" or "break").
- bpo-19996: Make :mod:`httplib` ignore headers with no name rather than

assuming the body has started.
- bpo-20188: Support Application-Layer Protocol Negotiation (ALPN) in the

ssl module.
- bpo-23248: Update ssl error codes from latest OpenSSL git master.
- bpo-23098: 64-bit dev_t is now supported in the os module.
- bpo-23063: In the disutils' check command, fix parsing of reST with code
or code-block directives.
- bpo-21356: Make ssl.RAND_egd() optional to support LibreSSL. The

availability of the function is checked during the compilation. Patch
written by Bernard Spil.
- Backport the context argument to ftplib.FTP_TLS.
- bpo-23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
- bpo-23112: Fix SimpleHTTPServer to correctly carry the query string and

fragment when it redirects to add a trailing slash.
- bpo-22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),

instead of reading /dev/urandom, to get pseudo-random bytes.
- bpo-23093: In the io, module allow more operations to work on detached

streams.
- bpo-23071: Added missing names to codecs.__all__. Patch by Martin Panter.
- bpo-23016: A warning no longer produces an AttributeError when sys.stderr

is None.
- bpo-21032: Fixed socket leak if HTTPConnection.getresponse() fails.

Original patch by Martin Panter.
- bpo-22609: Constructors and update methods of mapping classes in the

collections module now accept the self keyword argument.
Documentation
-------------
- bpo-23006: Improve the documentation and indexing of dict.__missing__. Add

an entry in the language datamodel special methods section. Revise and
index its discussion in the stdtypes mapping/dict section. Backport the
code example from 3.4.
- bpo-21514: The documentation of the json module now refers to new JSON RFC
7159 instead of obsoleted RFC 4627.
Tools/Demos
-----------
- bpo-23330: h2py now supports arbitrary filenames in #include.
- bpo-6639: Module-level turtle functions no longer raise TclError after

closing the window.
- bpo-22314: pydoc now works when the LINES environment variable is set.
- bpo-18905: "pydoc -p 0" now outputs actually used port. Based on patch by
Wieland Hoffmann.
- bpo-23345: Prevent test_ssl failures with large OpenSSL patch level values
(like 0.9.8zc).
Tests
-----
- bpo-23799: Added test.test_support.start_threads() for running and

cleaning up multiple threads.
- bpo-22390: test.regrtest now emits a warning if temporary files or
directories are left after running a test.
- bpo-23583: Added tests for standard IO streams in IDLE.
- bpo-23392: Added tests for marshal C API that works with FILE*.
- bpo-18982: Add tests for CLI of the calendar module.
- bpo-19949: The test_xpickle test now tests compatibility with installed

Python 2.7 and reports skipped tests. Based on patch by Zachary Ware.
- bpo-11578: Backported test for the timeit module.
- bpo-22943: bsddb tests are locale independend now.
IDLE
----
- bpo-23583: Fixed writing unicode to standard output stream in IDLE.
- bpo-20577: Configuration of the max line length for the FormatParagraph

extension has been moved from the General tab of the Idle preferences
dialog to the FormatParagraph tab of the Config Extensions dialog. Patch
by Tal Einat.
- bpo-16893: Update Idle doc chapter to match current Idle and add new
information.
- bpo-23180: Rename IDLE "Windows" menu item to "Window". Patch by Al

Sweigart.
Build
-----
- bpo-15506: Use standard PKG_PROG_PKG_CONFIG autoconf macro in the

configure script.
- bpo-23032: Fix installer build failures on OS X 10.4 Tiger by disabling

assembly code in the OpenSSL build.
- bpo-23686: Update OS X 10.5 installer and Windows builds to use OpenSSL

1.0.2a.
C API
-----
- bpo-23998: PyImport_ReInitLock() now checks for lock allocation error
- bpo-22079: PyType_Ready() now checks that statically allocated type has no

dynamically allocated bases.

=================================

Library
-------
- bpo-22959: Remove the *check_hostname* parameter of

httplib.HTTPSConnection. The *context* parameter should be used instead.
- bpo-16043: Add a default limit for the amount of data

xmlrpclib.gzip_decode will return. This resolves CVE-2013-1753.
- bpo-16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting

the call to readline(). Original patch by Christian Heimes.
- bpo-16041: In poplib, limit maximum line length read from the server to
prevent CVE-2013-1752.
- bpo-22960: Add a context argument to xmlrpclib.ServerProxy.
Build
-----
- bpo-22935: Allow the ssl module to be compiled if openssl doesn't support

SSL 3.
- bpo-17128: Use private version of OpenSSL for 2.7.9 OS X 10.5+ installer.

===============================================
Core and Builtins

-----------------
- bpo-21963: backout issue #1856 patch (avoid crashes and lockups when
daemon threads run while the interpreter is shutting down; instead, these
threads are now killed when they try to take the GIL), as it seems to
break some existing code.
- bpo-22604: Fix assertion error in debug mode when dividing a complex

number by (nan+0j).
- bpo-22470: Fixed integer overflow issues in "backslashreplace" and

"xmlcharrefreplace" error handlers.
- bpo-22526: Fix iterating through files with lines longer than 2^31 bytes.
- bpo-22519: Fix overflow checking in PyString_Repr.
- bpo-22518: Fix integer overflow issues in latin-1 encoding.
- bpo-22379: Fix empty exception message in a TypeError raised in

``str.join``.
- bpo-22221: Now the source encoding declaration on the second line isn't
effective if the first line contains anything except a comment.
- bpo-22023: Fix ``%S``, ``%R`` and ``%V`` formats of

:c:func:`PyUnicode_FromFormat`.
- bpo-21591: Correctly handle qualified exec statements in tuple form by
moving compatibility layer from run-time to AST transformation.
Library
-------
- bpo-22417: Verify certificates by default in httplib (PEP 476).
- bpo-22927: Allow urllib.urlopen to take a *context* parameter to control

SSL settings for HTTPS connections.
- bpo-22921: Allow SSLContext to take the *hostname* parameter even if

OpenSSL doesn't support SNI.
- bpo-9003: httplib.HTTPSConnection, urllib2.HTTPSHandler and

urllib2.urlopen now take optional arguments to allow for server
certificate checking, as recommended in public uses of HTTPS. This
backport is part of PEP 467. (See also: bpo-22366)
- bpo-12728: Different Unicode characters having the same uppercase but

different lowercase are now matched in case-insensitive regular
expressions.
- bpo-22821: Fixed fcntl() with integer argument on 64-bit big-endian

platforms.
- bpo-17293: uuid.getnode() now determines MAC address on AIX using netstat.

Based on patch by Aivars Kalvāns.
- bpo-22769: Fixed ttk.Treeview.tag_has() when called without arguments.
- bpo-22787: Allow the keyfile argument of SSLContext.load_cert_chain to be

None.
- bpo-22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2. Patch

by Tim Graham.
- bpo-22776: Brought excluded code into the scope of a try block in

SysLogHandler.emit().
- bpo-17381: Fixed ranges handling in case-insensitive regular expressions.
- bpo-19329: Optimized compiling charsets in regular expressions.
- bpo-22410: Module level functions in the re module now cache compiled

locale-dependent regular expressions taking into account the locale.
- bpo-8876: distutils now falls back to copying files when hard linking
doesn't work. This allows use with special filesystems such as VirtualBox
shared folders.
- bpo-9351: Defaults set with set_defaults on an argparse subparser are no

longer ignored when also set on the parent parser.
- bpo-20421: Add a .version() method to SSL sockets exposing the actual

protocol version in use.
- bpo-22435: Fix a file descriptor leak when SocketServer bind fails.

- bpo-13664: GzipFile now supports non-ascii Unicode filenames.
- bpo-13096: Fixed segfault in CTypes POINTER handling of large values.
- bpo-11694: Raise ConversionError in xdrlib as documented. Patch by Filip

Gruszczyński and Claudiu Popa.
- bpo-1686: Fix string.Template when overriding the pattern attribute.
- bpo-11866: Eliminated race condition in the computation of names for new

threads.
- bpo-22219: The zipfile module CLI now adds entries for directories
(including empty directories) in ZIP file.
- bpo-22449: In the ssl.SSLContext.load_default_certs, consult the

environmental variables SSL_CERT_DIR and SSL_CERT_FILE on Windows.
- bpo-8473: doctest.testfile now uses universal newline mode to read the

test file.
- bpo-20076: Added non derived UTF-8 aliases to locale aliases table.
- bpo-20079: Added locales supported in glibc 2.18 to locale alias table.
- bpo-22530: Allow the ``group()`` method of regular expression match

objects to take a ``long`` as an index.
- bpo-22517: When an io.BufferedRWPair object is deallocated, clear its

weakrefs.
- bpo-10510: distutils register and upload methods now use HTML standards
compliant CRLF line endings.
- bpo-9850: Fixed macpath.join() for empty first component. Patch by Oleg

Oshmyan.
- bpo-20912: Now directories added to ZIP file have correct Unix and MS-DOS
directory attributes.
- bpo-21866: ZipFile.close() no longer writes ZIP64 central directory

records if allowZip64 is false.
- bpo-22415: Fixed debugging output of the GROUPREF_EXISTS opcode in the re

module.
- bpo-22423: Unhandled exception in thread no longer causes unhandled

AttributeError when sys.stderr is None.
- bpo-22419: Limit the length of incoming HTTP request in wsgiref server to

65536 bytes and send a 414 error code for higher lengths. Patch
contributed by Devin Cook.
- Lax cookie parsing in http.cookies could be a security issue when combined

with non-standard cookie handling in some Web browsers. Reported by
Sergey Bobrov.
- bpo-21147: sqlite3 now raises an exception if the request contains a null

character instead of truncating it. Based on patch by Victor Stinner.
- bpo-21951: Fixed a crash in Tkinter on AIX when called Tcl command with
empty string or tuple argument.
- bpo-21951: Tkinter now most likely raises MemoryError instead of crash if

the memory allocation fails.
- bpo-22226: First letter no longer is stripped from the "status" key in the
result of Treeview.heading().
- bpo-22051: turtledemo no longer reloads examples to re-run them.

Initialization of variables and gui setup should be done in main(), which
is called each time a demo is run, but not on import.
- bpo-21597: The separator between the turtledemo text pane and the drawing
canvas can now be grabbed and dragged with a mouse. The code text pane
can be widened to easily view or copy the full width of the text. The
canvas can be widened on small screens. Original patches by Jan Kanis and
Lita Cho.
- bpo-18132: Turtledemo buttons no longer disappear when the window is

shrunk. Original patches by Jan Kanis and Lita Cho.
- bpo-22312: Fix ntpath.splitdrive IndexError.
- bpo-22216: smtplib now resets its state more completely after a quit. The
most obvious consequence of the previous behavior was a STARTTLS failure
during a connect/starttls/quit/connect/starttls sequence.
- bpo-21305: os.urandom now caches a fd to /dev/urandom. This is a PEP 466

backport from Python 3.
- bpo-21307: As part of PEP 466, backport hashlib.algorithms_guaranteed and

hashlib.algorithms_available.
- bpo-22259: Fix segfault when attempting to fopen a file descriptor

corresponding to a directory.
- bpo-22236: Fixed Tkinter images copying operations in NoDefaultRoot mode.
- bpo-22191: Fixed warnings.__all__.
- bpo-21308: Backport numerous features from Python's ssl module. This is

part of PEP 466.
- bpo-15696: Add a __sizeof__ implementation for mmap objects on Windows.
- bpo-8797: Raise HTTPError on failed Basic Authentication immediately.

Initial patch by Sam Bull.
- bpo-22068: Avoided reference loops with Variables and Fonts in Tkinter.
- bpo-21448: Changed FeedParser feed() to avoid O(N**2) behavior when

parsing long line. Original patch by Raymond Hettinger.
- bpo-17923: glob() patterns ending with a slash no longer match non-dirs on

AIX. Based on patch by Delhallt.
- bpo-21975: Fixed crash when using uninitialized sqlite3.Row (in particular
when unpickling pickled sqlite3.Row). sqlite3.Row is now initialized in
the __new__() method.
- bpo-16037: HTTPMessage.readheaders() raises an HTTPException when more

than 100 headers are read. Patch by Jyrki Pulliainen and Daniel Eriksson.
- bpo-21580: Now Tkinter correctly handles binary "data" and "maskdata"

configure options of tkinter.PhotoImage.
- bpo-19612: subprocess.communicate() now also ignores EINVAL when using at

least two pipes.
- Fix repr(_socket.socket) on Windows 64-bit: don't fail with OverflowError

on closed socket.
- bpo-16133: The asynchat.async_chat.handle_read() method now ignores

socket.error() exceptions with blocking I/O errors: EAGAIN, EALREADY,
EINPROGRESS, or EWOULDBLOCK.
- bpo-21990: Clean-up unnecessary and slow inner class definition in

saxutils (Contributed by Alex Gaynor).
- bpo-1730136: Fix the comparison between a tkFont.Font and an object of

another kind.
- bpo-19884: readline: Disable the meta modifier key if stdout is not a

terminal to not write the ANSI sequence "\033[1034h" into stdout. This
sequence is used on some terminal (ex: TERM=xterm-256color") to enable
support of 8 bit characters.
- bpo-22017: Correct reference counting error in the initialization of the

_warnings module.
- bpo-21868: Prevent turtle crash when undo buffer set to a value less than
one.
- bpo-21151: Fixed a segfault in the _winreg module when ``None`` is passed

as a ``REG_BINARY`` value to SetValueEx. Patch by John Ehresman.
- bpo-21090: io.FileIO.readall() does not ignore I/O errors anymore. Before,

it ignored I/O errors if at least the first C call read() succeed.
- bpo-19870: BaseCookie now parses 'secure' and 'httponly' flags. Backport

of issue #16611.
- bpo-21923: Prevent AttributeError in

distutils.sysconfig.customize_compiler due to possible uninitialized
_config_vars.
- bpo-21323: Fix CGIHTTPServer to again handle scripts in CGI

subdirectories, broken by the fix for security issue #19435. Patch by
Zach Byrne.
- bpo-22199: Make get_makefile_filename() available in Lib/sysconfig.py for

2.7 to match other versions of sysconfig.
IDLE
----
- bpo-3068: Add Idle extension configuration dialog to Options menu. Changes
are written to HOME/.idlerc/config-extensions.cfg. Original patch by Tal
Einat.
- bpo-16233: A module browser (File : Class Browser, Alt+C) requires an

editor window with a filename. When Class Browser is requested otherwise,
from a shell, output window, or 'Untitled' editor, Idle no longer displays
an error box. It now pops up an Open Module box (Alt+M). If a valid name
is entered and a module is opened, a corresponding browser is also opened.
- bpo-4832: Save As to type Python files automatically adds .py to the name
you enter (even if your system does not display it). Some systems
automatically add .txt when type is Text files.
- bpo-21986: Code objects are not normally pickled by the pickle module. To
match this, they are no longer pickled when running under Idle.
- bpo-22221: IDLE now ignores the source encoding declaration on the second
line if the first line contains anything except a comment.
- bpo-17390: Adjust Editor window title; remove 'Python', move version to

end.
- bpo-14105: Idle debugger breakpoints no longer disappear when inserting or

deleting lines.
Library
-------
- bpo-22381: Update zlib to 1.2.8.
- bpo-22176: Update the ctypes module's libffi to v3.1. This release adds
support for the Linux AArch64 and POWERPC ELF ABIv2 little endian
architectures.
Tools/Demos
-----------
- bpo-10712: 2to3 has a new "asserts" fixer that replaces deprecated names
of unittest methods (e.g. failUnlessEqual -> assertEqual).
- bpo-22221: 2to3 and the findnocoding.py script now ignore the source
encoding declaration on the second line if the first line contains
anything except a comment.
- bpo-22201: Command-line interface of the zipfile module now correctly

extracts ZIP files with directory entries. Patch by Ryan Wilson.
Tests
-----
- bpo-22236: Tkinter tests now don't reuse default root window. New root
window is created for every test class.
- bpo-18004: test_overflow in test_list by mistake consumed 40 GiB of memory

on 64-bit systems.
- bpo-21976: Fix test_ssl to accept LibreSSL version strings. Thanks to

William Orr.
- bpo-22770: Prevent some Tk segfaults on OS X when running gui tests.
Build
-----
- bpo-20221: Removed conflicting (or circular) hypot definition when

compiled with VS 2010 or above. Initial patch by Tabrez Mohammed.
- bpo-16537: Check whether self.extensions is empty in setup.py. Patch by

Jonathan Hosmer.
- The documentation Makefile no longer automatically downloads Sphinx. Users

are now required to have Sphinx already installed to build the
documentation.
- bpo-21958: Define HAVE_ROUND when building with Visual Studio 2013 and
above. Patch by Zachary Turner.
- bpo-15759: "make suspicious", "make linkcheck" and "make doctest" in Doc/

now display special message when and only when there are failures.
- bpo-21166: Prevent possible segfaults and other random failures of python

``--generate- posix-vars`` in pybuilddir.txt build target.
- bpo-18096: Fix library order returned by python-config.
- bpo-17219: Add library build dir for Python extension cross-builds.
- bpo-22877: PEP 477 - OS X installer now installs pip.
- bpo-22878: PEP 477 - "make install" and "make altinstall" can now install
or upgrade pip, using the bundled pip provided by the backported ensurepip
module. A configure option, --with-ensurepip[=upgrade|install|no], is
available to set the option for subsequent installs; the default for
Python 2 in "no" (do not install or upgrade pip). The option can also be
set with "make [alt]install ENSUREPIP=[upgrade|install|no]".
Windows
-------
- bpo-17896: The Windows build scripts now expect external library sources
to be in ``PCbuild\..\externals`` rather than ``PCbuild\..\..``.
- bpo-17717: The Windows build scripts now use a copy of NASM pulled from
svn.python.org to build OpenSSL.
- bpo-22644: The bundled version of OpenSSL has been updated to 1.0.1j.

=================================
Core and Builtins

-----------------
- bpo-4346: In PyObject_CallMethod and PyObject_CallMethodObjArgs, don't
overwrite the error set in PyObject_GetAttr.
- bpo-21831: Avoid integer overflow when large sizes and offsets are given
to the buffer type. CVE-2014-7185.
- bpo-19656: Running Python with the -3 option now also warns about non-
ascii bytes literals.
- bpo-21642: If the conditional if-else expression, allow an integer written

with no space between itself and the `èlse`` keyword (e.g. ``True if
42else False``) to be valid syntax.
- bpo-21523: Fix over-pessimistic computation of the stack effect of some

opcodes in the compiler. This also fixes a quadratic compilation time
issue noticeable when compiling code with a large number of "and" and "or"
operators.
Library
-------
- bpo-21652: Prevent mimetypes.type_map from containing unicode keys on

Windows.
- bpo-21729: Used the "with" statement in the dbm.dumb module to ensure

files closing.
- bpo-21672: Fix the behavior of ntpath.join on UNC-style paths.
- bpo-19145: The times argument for itertools.repeat now handles negative

values the same way for keyword arguments as it does for positional
arguments.
- bpo-21832: Require named tuple inputs to be exact strings.
- bpo-8343: Named group error messages in the re module did not show the
name of the erroneous group.
- bpo-21491: SocketServer: Fix a race condition in child processes reaping.
- bpo-21635: The difflib SequenceMatcher.get_matching_blocks() method cache

didn't match the actual result. The former was a list of tuples and the
latter was a list of named tuples.
- bpo-21722: The distutils "upload" command now exits with a non-zero return
code when uploading fails. Patch by Martin Dengler.
- bpo-21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths

before checking for a CGI script at that path.
- bpo-21310: Fixed possible resource leak in failed open().
- bpo-21304: Backport the key derivation function hashlib.pbkdf2_hmac from

Python 3 per PEP 466.
- bpo-11709: Fix the pydoc.help function to not fail when sys.stdin is not a
valid file.
- bpo-13223: Fix pydoc.writedoc so that the HTML documentation for methods

that use 'self' in the example code is generated correctly.
- bpo-21552: Fixed possible integer overflow of too long string lengths in

the tkinter module on 64-bit platforms.
- bpo-14315: The zipfile module now ignores extra fields in the central
directory that are too short to be parsed instead of letting a
struct.unpack error bubble up as this "bad data" appears in many real
world zip files in the wild and is ignored by other zip tools.
- bpo-21402: Tkinter.ttk now works when default root window is not set.
- bpo-10203: sqlite3.Row now truly supports sequence protocol. In particulr

it supports reverse() and negative indices. Original patch by Claudiu
Popa.
- bpo-8743: Fix interoperability between set objects and the

collections.Set() abstract base class.
- bpo-21481: Argparse equality and inequality tests now return

NotImplemented when comparing to an unknown type.
IDLE
----
- bpo-21940: Add unittest for WidgetRedirector. Initial patch by Saimadhav

Heblikar.
- bpo-18592: Add unittest for SearchDialogBase. Patch by Phil Webster.
- bpo-21694: Add unittest for ParenMatch. Patch by Saimadhav Heblikar.
- bpo-21686: add unittest for HyperParser. Original patch by Saimadhav

Heblikar.
- bpo-12387: Add missing upper(lower)case versions of default Windows key

bindings for Idle so Caps Lock does not disable them. Patch by Roger
Serwy.
- bpo-21695: Closing a Find-in-files output window while the search is still

in progress no longer closes Idle.
- bpo-18910: Add unittest for textView. Patch by Phil Webster.
- bpo-18292: Add unittest for AutoExpand. Patch by Saihadhav Heblikar.
- bpo-18409: Add unittest for AutoComplete. Patch by Phil Webster.
Tests
-----
- bpo-20155: Changed HTTP method names in failing tests in test_httpservers

so that packet filtering software (specifically Windows Base Filtering
Engine) does not interfere with the transaction semantics expected by the
tests.
- bpo-19493: Refactored the ctypes test package to skip tests explicitly

rather than silently.
- bpo-18492: All resources are now allowed when tests are not run by
regrtest.py.
- bpo-21605: Added tests for Tkinter images.
- bpo-21493: Added test for ntpath.expanduser(). Original patch by Claudiu

Popa.
- bpo-19925: Added tests for the spwd module. Original patch by Vajrasky
Kok.
- bpo-13355: random.triangular() no longer fails with a ZeroDivisionError

when low equals high.
- bpo-21522: Added Tkinter tests for Listbox.itemconfigure(),

PanedWindow.paneconfigure(), and Menu.entryconfigure().
- bpo-20635: Added tests for Tk geometry managers.
Build
-----
- bpo-21811: Anticipated fixes to support OS X versions > 10.9.
Windows
-------
- bpo-21671: The bundled version of OpenSSL has been updated to 1.0.1h. (See
also: CVE-2014-0224)

=================================
Build
-----
- bpo-21462: Build the Windows installers with OpenSSL 1.0.1g.
- bpo-19866: Include some test data in the Windows installers, so tests

don't fail.

===============================================
Core and Builtins

-----------------
- bpo-21350: Fix file.writelines() to accept arbitrary buffer objects, as

advertised. Patch by Brian Kearns.
- bpo-20437: Fixed 43 potential bugs when deleting object references.
- bpo-21134: Fix segfault when str is called on an uninitialized

UnicodeEncodeError, UnicodeDecodeError, or UnicodeTranslateError object.
- bpo-20494: Ensure that free()d memory arenas are really released on POSIX
systems supporting anonymous memory mappings. Patch by Charles-François
Natali.
- bpo-17825: Cursor "^" is correctly positioned for SyntaxError and

IndentationError.
- Raise a better error when non-unicode codecs are used for a file's coding
cookie.
- bpo-17976: Fixed potential problem with file.write() not detecting IO

error by inspecting the return value of fwrite(). Based on patches by
Jaakko Moisio and Victor Stinner.
- bpo-14432: Generator now clears the borrowed reference to the thread

state. Fix a crash when a generator is created in a C thread that is
destroyed while the generator is still used. The issue was that a
generator contains a frame, and the frame kept a reference to the Python
state of the destroyed C thread. The crash occurs when a trace function is
setup.
- bpo-19932: Fix typo in import.h, missing whitespaces in function

prototypes.
- bpo-19638: Fix possible crash / undefined behaviour from huge (more than 2
billion characters) input strings in _Py_dg_strtod.
- bpo-12546: Allow \x00 to be used as a fill character when using str, int,
float, and complex __format__ methods.
Library
-------
- bpo-10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial
shape.
- bpo-7776: Backport Fix ``Host:'' header and reconnection when using

http.client.HTTPConnection.set_tunnel() from Python 3. Patch by Nikolaus
Rath.
- bpo-21306: Backport hmac.compare_digest from Python 3. This is part of PEP

466.
- bpo-21470: Do a better job seeding the random number generator by using

enough bytes to span the full state space of the Mersenne Twister.
- bpo-21469: Reduced the risk of false positives in robotparser by checking

to make sure that robots.txt has been read or does not exist prior to
returning True in can_fetch().
- bpo-21321: itertools.islice() now releases the reference to the source

iterator when the slice is exhausted. Patch by Anton Afanasyev.
- bpo-9291: Do not attempt to re-encode mimetype data read from registry in

ANSI mode. Initial patches by Dmitry Jemerov & Vladimir Iofik.
- bpo-21349: Passing a memoryview to _winreg.SetValueEx now correctly raises

a TypeError where it previously crashed the interpreter. Patch by Brian
Kearns
- bpo-21529: Fix arbitrary memory access in JSONDecoder.raw_decode with a

negative second parameter. Bug reported by Guido Vranken. (See also:
CVE-2014-4616)
- bpo-21172: isinstance check relaxed from dict to collections.Mapping.
- bpo-21191: In os.fdopen, never close the file descriptor when an exception

happens.
- bpo-21149: Improved thread-safety in logging cleanup during interpreter

shutdown. Thanks to Devin Jeanpierre for the patch.
- Fix possible overflow bug in strop.expandtabs. You shouldn't be using this

module!
- bpo-20145: àssertRaisesRegex` now raises a TypeError if the second

argument is not a string or compiled regex.
- bpo-21058: Fix a leak of file descriptor in tempfile.NamedTemporaryFile(),

close the file descriptor if os.fdopen() fails
- bpo-20283: RE pattern methods now accept the string keyword parameters as

documented. The pattern and source keyword parameters are left as
deprecated aliases.
- bpo-11599: When an external command (e.g. compiler) fails, distutils now

prints out the whole command line (instead of just the command name) if
the environment variable DISTUTILS_DEBUG is set.
- bpo-4931: distutils should not produce unhelpful "error: None" messages

anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
- Improve the random module's default seeding to use 256 bits of entropy
from os.urandom(). This was already done for Python 3, mildly improving
security with a bigger seed space.
- bpo-15618: Make turtle.py compatible with 'from __future__ import

unicode_literals'. Initial patch by Juancarlo Añez.
- bpo-20501: fileinput module no longer reads whole file into memory when
using fileinput.hook_encoded.
- bpo-6815: os.path.expandvars() now supports non-ASCII Unicode environment

variables names and values.
- bpo-20635: Fixed grid_columnconfigure() and grid_rowconfigure() methods of

Tkinter widgets to work in wantobjects=True mode.
- bpo-17671: Fixed a crash when use non-initialized io.BufferedRWPair. Based

on patch by Stephen Tu.
- bpo-8478: Untokenizer.compat processes first token from iterator input.

Patch based on lines from Georg Brandl, Eric Snow, and Gareth Rees.
- bpo-20594: Avoid name clash with the libc function posix_close.

- bpo-19856: shutil.move() failed to move a directory to other directory on
Windows if source name ends with os.altsep.
- bpo-14983: email.generator now always adds a line end after each MIME
boundary marker, instead of doing so only when there is an epilogue. This
fixes an RFC compliance bug and solves an issue with signed MIME parts.
- bpo-20013: Some imap servers disconnect if the current mailbox is deleted,

and imaplib did not handle that case gracefully. Now it handles the 'bye'
correctly.
- bpo-20426: When passing the re.DEBUG flag, re.compile() displays the debug
output every time it is called, regardless of the compilation cache.
- bpo-20368: The null character now correctly passed from Tcl to Python (in
unicode strings only). Improved error handling in variables-related
commands.
- bpo-20435: Fix _pyio.StringIO.getvalue() to take into account newline

translation settings.
- bpo-20288: fix handling of invalid numeric charrefs in HTMLParser.
- bpo-19456: ntpath.join() now joins relative paths correctly when a drive

is present.
- bpo-8260: The read(), readline() and readlines() methods of

codecs.StreamReader returned incomplete data when were called after
readline() or read(size). Based on patch by Amaury Forgeot d'Arc.
- bpo-20374: Fix build with GNU readline >= 6.3.
- bpo-14548: Make multiprocessing finalizers check pid before running to

cope with possibility of gc running just after fork. (Backport from 3.x.)
- bpo-20262: Warnings are raised now when duplicate names are added in the
ZIP file or too long ZIP file comment is truncated.
- bpo-20270: urllib and urlparse now support empty ports.
- bpo-20243: TarFile no longer raise ReadError when opened in write mode.
- bpo-20245: The open functions in the tarfile module now correctly handle
empty mode.
- bpo-20086: Restored the use of locale-independent mapping instead of

locale-dependent str.lower() in locale.normalize().
- bpo-20246: Fix buffer overflow in socket.recvfrom_into.
- bpo-19082: Working SimpleXMLRPCServer and xmlrpclib examples, both in

modules and documentation.
- bpo-13107: argparse and optparse no longer raises an exception when output

a help on environment with too small COLUMNS. Based on patch by Elazar
Gershuni.
- bpo-20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly

asked for.
- bpo-20072: Fixed multiple errors in tkinter with wantobjects is False.
- bpo-1065986: pydoc can now handle unicode strings.
- bpo-16039: CVE-2013-1752: Change use of readline in imaplib module to

limit line length. Patch by Emil Lind.
- bpo-19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module,

rather than silently let them emit clear text data.
- bpo-20027: Fixed locale aliases for devanagari locales.
- bpo-20067: Tkinter variables now work when wantobjects is false.
- bpo-19020: Tkinter now uses splitlist() instead of split() in configure

methods.
- bpo-12226: HTTPS is now used by default when connecting to PyPI.
- bpo-20048: Fixed ZipExtFile.peek() when it is called on the boundary of

the uncompress buffer and read() goes through more than one readbuffer.
- bpo-20034: Updated alias mapping to most recent locale.alias file from

X.org distribution using makelocalealias.py.
- bpo-5815: Fixed support for locales with modifiers. Fixed support for
locale encodings with hyphens.
- bpo-20026: Fix the sqlite module to handle correctly invalid isolation

level (wrong type).
- bpo-18829: csv.Dialect() now checks type for delimiter, escapechar and

quotechar fields. Original patch by Vajrasky Kok.
- bpo-19855: uuid.getnode() on Unix now looks on the PATH for the

executables used to find the mac address, with /sbin and /usr/sbin as
fallbacks.
- bpo-20007: HTTPResponse.read(0) no more prematurely closes connection.

Original patch by Simon Sapin.
- bpo-19912: Fixed numerous bugs in ntpath.splitunc().
- bpo-19623: Fixed writing to unseekable files in the aifc module. Fixed

writing 'ulaw' (lower case) compressed AIFC files.
- bpo-17919: select.poll.register() again works with poll.POLLNVAL on AIX.

Fixed integer overflow in the eventmask parameter.
- bpo-17200: telnetlib's read_until and expect timeout was broken by the fix
to Issue #14635 in Python 2.7.4 to be interpreted as milliseconds instead
of seconds when the platform supports select.poll (ie: everywhere). It is
now treated as seconds once again.
- bpo-19099: The struct module now supports Unicode format strings.
- bpo-19878: Fix segfault in bz2 module after calling __init__ twice with
non-existent filename. Initial patch by Vajrasky Kok.
- bpo-16373: Prevent infinite recursion for ABC Set class comparisons.
- bpo-19138: doctest's IGNORE_EXCEPTION_DETAIL now allows a match when no

exception detail exists (no colon following the exception's name, or a
colon does follow but no text follows the colon).
- bpo-16231: Fixed pickle.Pickler to only fallback to its default pickling

behaviour when Pickler.persistent_id returns None, but not for any other
false values. This allows false values other than None to be used as
persistent IDs. This behaviour is consistent with cPickle.
- bpo-11508: Fixed uuid.getnode() and uuid.uuid1() on environment with

virtual interface. Original patch by Kent Frazier.
- bpo-11489: JSON decoder now accepts lone surrogates.
- Fix test.test_support.bind_port() to not cause an error when Python was

compiled on a system with SO_REUSEPORT defined in the headers but run on a
system with an OS kernel that does not support that new socket option.
- bpo-19633: Fixed writing not compressed 16- and 32-bit wave files on big-
endian platforms.
- bpo-19449: in csv's writerow, handle non-string keys when generating the

error message that certain keys are not in the 'fieldnames' list.
- bpo-12853: Fix NameError in distutils.command.upload.
- bpo-19523: Closed FileHandler leak which occurred when delay was set.
- bpo-1575020: Fixed support of 24-bit wave files on big-endian platforms.
- bpo-19480: HTMLParser now accepts all valid start-tag names as defined by

the HTML5 standard.
- bpo-17827: Add the missing documentation for ``codecs.encode`` and

``codecs.decode``.
- bpo-6157: Fixed Tkinter.Text.debug(). Original patch by Guilherme Polo.
- bpo-6160: The bbox() method of tkinter.Spinbox now returns a tuple of

integers instead of a string. Based on patch by Guilherme Polo.
- bpo-19286: Directories in ``package_data`` are no longer added to the

filelist, preventing failure outlined in the ticket.
- bpo-6676: Ensure a meaningful exception is raised when attempting to parse

more than one XML document per pyexpat xmlparser instance. (Original
patches by Hirokazu Yamamoto and Amaury Forgeot d'Arc, with suggested
wording by David Gutteridge)
- bpo-21311: Avoid exception in _osx_support with non-standard compiler

configurations. Patch by John Szakmeister.
Tools/Demos
-----------
- bpo-3561: The Windows installer now has an option, off by default, for
placing the Python installation into the system "Path" environment
variable. This was backported from Python 3.3.
- Add support for ``yield from`` to 2to3.
- Add support for the PEP 465 matrix multiplication operator to 2to3.
- bpo-19936: Added executable bits or shebang lines to Python scripts which

requires them. Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface.
IDLE
----
- bpo-18104: Add idlelib/idle_test/htest.py with a few sample tests to begin

consolidating and improving human-validated tests of Idle. Change other
files as needed to work with htest. Running the module as __main__ runs
all tests.
- bpo-21139: Change default paragraph width to 72, the PEP 8 recommendation.
- bpo-21284: Paragraph reformat test passes after user changes reformat

width.
- bpo-20406: Use Python application icons for Idle window title bars. Patch
mostly by Serhiy Storchaka.
- bpo-21029: Occurrences of "print" are now consistently colored as being a

keyword (the colorizer doesn't know if print functions are enabled in the
source).
- bpo-17721: Remove non-functional configuration dialog help button until we

make it actually gives some help when clicked. Patch by Guilherme Simões.
- bpo-17390: Add Python version to Idle editor window title bar. Original
patches by Edmond Burnett and Kent Johnson.
- bpo-20058: sys.stdin.readline() in IDLE now always returns only one line.
- bpo-19481: print() of unicode, str or bytearray subclass instance in IDLE

no more hangs.
- bpo-18270: Prevent possible IDLE AttributeError on OS X when no initial

shell window is present.
- bpo-17654: Ensure IDLE menus are customized properly on OS X for non-

framework builds and for all variants of Tk.
Tests
-----
- bpo-17752: Fix distutils tests when run from the installed location.
- bpo-18604: Consolidated checks for GUI availability. All platforms now at

least check whether Tk can be instantiated when the GUI resource is
requested.
- bpo-20946: Correct alignment assumptions of some ctypes tests.

- bpo-20743: Fix a reference leak in test_tcl.
- bpo-20510: Rewrote test_exit in test_sys to match existing comments, use

modern unittest features, and use helpers from test.script_helper instead
of using subprocess directly. Initial patch by Gareth Rees.
- bpo-20532: Tests which use _testcapi now are marked as CPython only.
- bpo-19920: Added tests for TarFile.list(). Based on patch by Vajrasky

Kok.
- bpo-19990: Added tests for the imghdr module. Based on patch by Claudiu
Popa.
- bpo-19804: The test_find_mac test in test_uuid is now skipped if the

ifconfig executable is not available.
- bpo-19886: Use better estimated memory requirements for bigmem tests.
- Backported tests for Tkinter variables.
- bpo-19320: test_tcl no longer fails when wantobjects is false.
- bpo-19683: Removed empty tests from test_minidom. Initial patch by

Ajitesh Gupta.
- bpo-19928: Implemented a test for repr() of cell objects.
- bpo-19595: Re-enabled a long-disabled test in test_winsound. (See also:

bpo-19987)
- bpo-19588: Fixed tests in test_random that were silently skipped most of

the time. Patch by Julian Gindi.
- bpo-17883: Tweak test_tcl testLoadWithUNC to skip the test in the event of

a permission error on Windows and to properly report other skip
conditions.
- bpo-17883: Backported _is_gui_available() in test.test_support to avoid

hanging Windows buildbots on test_ttk_guionly.
- bpo-18702: All skipped tests now reported as skipped. (See also:

bpo-19572)
- bpo-19085: Added basic tests for all tkinter widget options.
- bpo-20605: Make test_socket getaddrinfo OS X segfault test more robust.
- bpo-20939: Avoid various network test failures due to new redirect of

http://www.python.org/ to https://www.python.org: use
http://www.example.com instead.
- bpo-21093: Prevent failures of ctypes test_macholib on OS X if a copy of

libz exists in $HOME/lib or /usr/local/lib.
Build
-----
- bpo-21285: Refactor and fix curses configure check to always search in a
ncursesw directory.
Documentation
-------------
- bpo-20255: Update the about and bugs pages.
- bpo-18840: Introduce the json module in the tutorial, and de-emphasize the
pickle module.
- bpo-19795: Improved markup of True/False constants.
Windows
-------
- bpo-21303: Updated the version of Tcl/Tk included in the installer from

8.5.2 to 8.5.15. (See also: bpo-20565)
macOS
-----
- As of 2.7.8, the 32-bit-only installer will support OS X 10.5 and later

systems as is currently done for Python 3.x installers. For 2.7.7 only, we
will provide three installers: the legacy deprecated 10.3+ 32-bit-only
format; the newer 10.5+ 32-bit-only format; and the unchanged 10.6+
64-/32-bit format. Although binary installers will no longer be available
from python.org as of 2.7.8, it will still be possible to build from
source on 10.3.9 and 10.4 systems if necessary. See
Mac/BuildScript/README.txt for more information.

=================================
Library
-------
- bpo-19435: Fix directory traversal attack on CGIHttpRequestHandler.
IDLE
----
- bpo-19426: Fixed the opening of Python source file with specified

encoding.
Tests
-----
- bpo-19457: Fixed xmlcharrefreplace tests on wide build when tests are

loaded from .py[co] files.
Build
-----
- bpo-15663: Revert OS X installer built-in Tcl/Tk support for 2.7.6. Some

third-party projects, such as Matplotlib and PIL/Pillow, depended on being
able to build with Tcl and Tk frameworks in /Library/Frameworks.

===============================================
Core and Builtins

-----------------
- bpo-18603: Ensure that PyOS_mystricmp and PyOS_mystrnicmp are in the

Python executable and not removed by the linker's optimizer.
- bpo-19279: UTF-7 decoder no more produces illegal unicode strings.
- bpo-18739: Fix an inconsistency between math.log(n) and math.log(long(n));

the results could be off from one another by a ulp or two.
- bpo-13461: Fix a crash in the "replace" error handler on 64-bit platforms.

Patch by Yogesh Chaudhari.
- bpo-15866: The xmlcharrefreplace error handler no more produces two XML

entities for a non-BMP character on narrow build.
- bpo-18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise

OverflowError when an argument of %c format is out of range.
- bpo-18137: Detect integer overflow on precision in float.__format__() and

complex.__format__().
- bpo-18038: SyntaxError raised during compilation sources with illegal

encoding now always contains an encoding name.
- bpo-18019: Fix crash in the repr of dictionaries containing their own

views.
- bpo-18427: str.replace could crash the interpreter with huge strings.
Library
-------
- bpo-19393: Fix symtable.symtable function to not be confused when there

are functions or classes named "top".
- bpo-19327: Fixed the working of regular expressions with too big charset.
- bpo-19350: Increasing the test coverage of macurl2path. Patch by Colin

Williams.
- bpo-19352: Fix unittest discovery when a module can be reached through

several paths (e.g. under Debian/Ubuntu with virtualenv).
- bpo-15207: Fix mimetypes to read from correct part of Windows registry

Original patch by Dave Chambers
- bpo-8964: fix platform._sys_version to handle IronPython 2.6+. Patch by

Martin Matusiak.
- bpo-16038: CVE-2013-1752: ftplib: Limit amount of data read by limiting
the call to readline(). Original patch by Michał Jastrzębski and
Giampaolo Rodola.
- bpo-19276: Fixed the wave module on 64-bit big-endian platforms.
- bpo-18458: Prevent crashes with newer versions of libedit. Its readline

emulation has changed from 0-based indexing to 1-based like gnu readline.
Original patch by Ronald Oussoren.
- bpo-18919: If the close() method of a writer in the sunau or wave module

failed, second invocation of close() and destructor no more raise an
exception. Second invocation of close() on sunau writer now has no
effects. The aifc module now accepts lower case of names of the 'ulaw' and
'alaw' codecs.
- bpo-19131: The aifc module now correctly reads and writes sampwidth of
compressed streams.
- bpo-19158: A rare race in BoundedSemaphore could allow .release() too

often.
- bpo-18037: 2to3 now escapes '\u' and '\U' in native strings.
- bpo-19137: The pprint module now correctly formats empty set and frozenset
and instances of set and frozenset subclasses.
- bpo-16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to

prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
- bpo-12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except

when necessary. Patch by Oscar Benjamin.
- Properly initialize all fields of a SSL object after allocation.
- bpo-4366: Fix building extensions on all platforms when --enable-shared is

used.
- bpo-18950: Fix miscellaneous bugs in the sunau module.

Au_read.readframes() now updates current file position and reads correct
number of frames from multichannel stream. Au_write.writeframesraw() now
correctly updates current file position. Au_read and Au_write now
correctly work with file object if start file position is not a zero.
- bpo-18050: Fixed an incompatibility of the re module with Python 2.7.3 and

older binaries.
- bpo-19037: The mailbox module now makes all changes to maildir files
before moving them into place, to avoid race conditions with other
programs that may be accessing the maildir directory.
- bpo-14984: On POSIX systems, when netrc is called without a filename

argument (and therefore is reading the user's $HOME/.netrc file), it now
enforces the same security rules as typical ftp clients: the .netrc file
must be owned by the user that owns the process and must not be readable
by any other user.
- bpo-17324: Fix http.server's request handling case on trailing '/'. Patch

contributed by Vajrasky Kok.
- bpo-19018: The heapq.merge() function no longer suppresses IndexError in

the underlying iterables.
- bpo-18784: The uuid module no more attempts to load libc via ctypes.CDLL,
if all necessary functions are already found in libuuid. Patch by Evgeny
Sologubov.
- bpo-14971: unittest test discovery no longer gets confused when a function

has a different __name__ than its name in the TestCase class dictionary.
- bpo-18672: Fixed format specifiers for Py_ssize_t in debugging output in

the _sre module.
- bpo-18830: inspect.getclasstree() no more produces duplicated entries even

when input list contains duplicates.
- bpo-18909: Fix _tkinter.tkapp.interpaddr() on Windows 64-bit, don't cast

64-bit pointer to long (32 bits).
- bpo-18876: The FileIO.mode attribute now better reflects the actual mode
under which the file was opened. Patch by Erik Bray.
- bpo-18851: Avoid a double close of subprocess pipes when the child process
fails starting.
- bpo-18418: After fork(), reinit all threads states, not only active ones.
Patch by A. Jesse Jiryu Davis.
- bpo-11973: Fix a problem in kevent. The flags and fflags fields are now
properly handled as unsigned.
- bpo-16809: Fixed some tkinter incompatibilities with Tcl/Tk 8.6.
- bpo-16809: Tkinter's splitlist() and split() methods now accept Tcl_Obj

argument.
- bpo-17119: Fixed integer overflows when processing large Unicode strings

and tuples in the tkinter module.
- bpo-15233: Python now guarantees that callables registered with the atexit
module will be called in a deterministic order.
- bpo-18747: Re-seed OpenSSL's pseudo-random number generator after fork. A

pthread_atfork() parent handler is used to seed the PRNG with pid, time
and some stack data.
- bpo-8865: Concurrent invocation of select.poll.poll() now raises a

RuntimeError exception. Patch by Christian Schubert.
- bpo-13461: Fix a crash in the TextIOWrapper.tell method on 64-bit

platforms. Patch by Yogesh Chaudhari.
- bpo-18777: The ssl module now uses the new CRYPTO_THREADID API of OpenSSL
1.0.0+ instead of the deprecated CRYPTO id callback function.
- bpo-18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.

- bpo-18178: Fix ctypes on BSD. dlmalloc.c was compiled twice which broke
malloc weak symbols.
- bpo-18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes inside
subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string representation of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
`ùniformResourceIdentifier`` (URI).
- bpo-18756: Improve error reporting in os.urandom() when the failure is due

to something else than /dev/urandom not existing (for example, exhausting
the file descriptor limit).
- Fix tkinter regression introduced by the security fix in issue #16248.
- bpo-18676: Change 'positive' to 'non-negative' in queue.py put and get

docstrings and ValueError messages. Patch by Zhongyue Luo
- bpo-17998: Fix an internal error in regular expression engine.
- bpo-17557: Fix os.getgroups() to work with the modified behavior of

getgroups(2) on OS X 10.8. Original patch by Mateusz Lenik.
- bpo-18455: multiprocessing should not retry connect() with same socket.
- bpo-18513: Fix behaviour of cmath.rect w.r.t. signed zeros on OS X 10.8 +

gcc.
- bpo-18101: Tcl.split() now process Unicode strings nested in a tuple as it

do with byte strings.
- bpo-18347: ElementTree's html serializer now preserves the case of closing

tags.
- bpo-17261: Ensure multiprocessing's proxies use proper address.
- bpo-17097: Make multiprocessing ignore EINTR.
- bpo-18155: The csv module now correctly handles csv files that use a
delimiter character that has a special meaning in regexes, instead of
throwing an exception.
- bpo-18135: ssl.SSLSocket.write() now raises an OverflowError if the input

string in longer than 2 gigabytes. The ssl module does not support partial
write.
- bpo-18167: cgi.FieldStorage no longer fails to handle multipart/form-data

when \r\n appears at end of 65535 bytes without other newlines.
- bpo-17403: urllib.parse.robotparser normalizes the urls before adding to

ruleline. This helps in handling certain types invalid urls in a
conservative manner. Patch contributed by Mher Movsisyan.
- Implement inequality on weakref.WeakSet.
- bpo-17981: Closed socket on error in SysLogHandler.
- bpo-18015: Fix unpickling of 2.7.3 and 2.7.4 namedtuples.

- bpo-17754: Make ctypes.util.find_library() independent of the locale.
- Fix typos in the multiprocessing module.
- bpo-17269: Workaround for socket.getaddrinfo crash on MacOS X with port

None or "0" and flags AI_NUMERICSERV.
- bpo-18080: When building a C extension module on OS X, if the compiler is

overridden with the CC environment variable, use the new compiler as the
default for linking if LDSHARED is not also overridden. This restores
Distutils behavior introduced in 2.7.3 and inadvertently dropped in 2.7.4.
- bpo-18071: C extension module builds on OS X could fail with TypeError if

the Xcode command line tools were not installed.
- bpo-18113: Fixed a refcount leak in the curses.panel module's

set_userptr() method. Reported by Atsuo Ishimoto.
- bpo-18849: Fixed a Windows-specific tempfile bug where collision with an

existing directory caused mkstemp and related APIs to fail instead of
retrying. Report and fix by Vlad Shcherbina.
- bpo-19400: Prevent extension module build failures with Xcode 5 on OS X

10.8+ when using a universal Python that included a PPC architecture, such
as with a python.org 32-bit-only binary installer.
Tools/Demos
-----------
- bpo-18873: 2to3 and the findnocoding.py script now detect Python source
code encoding only in comment lines.
- bpo-18817: Fix a resource warning in Lib/aifc.py demo.
- bpo-18439: Make patchcheck work on Windows for ACKS, NEWS.
- bpo-18448: Fix a typo in Demo/newmetaclasses/Eiffel.py.
- bpo-12990: The "Python Launcher" on OSX could not launch python scripts
that have paths that include wide characters.
Build
-----
- bpo-16067: Add description into MSI file to replace installer's temporary

name.
- bpo-18256: Compilation fix for recent AIX releases. Patch by David

Edelsohn.
- bpo-18098: The deprecated OS X Build Applet.app fails to build on OS X

10.8 systems because the Apple-deprecated QuickDraw headers have been
removed from Xcode 4. Skip building it in this case.
- bpo-1584: Provide options to override default search paths for Tcl and Tk
when building _tkinter.
- bpo-15663: Tcl/Tk 8.5.15 is now included with the OS X 10.6+ 64-bit/32-bit

installer for 10.6+. It is no longer necessary to install a third-party
version of Tcl/Tk 8.5 to work around the problems in the Apple-supplied
Tcl/Tk 8.5 shipped in OS X 10.6 and later releases.
- bpo-19019: Change the OS X installer build script to use CFLAGS instead of

OPT for special build options. By setting OPT, some compiler-specific
options like -fwrapv were overridden and thus not used, which could result
in broken interpreters when building with clang.
IDLE
----
- bpo-18873: IDLE now detects Python source code encoding only in comment
lines.
- bpo-18988: The "Tab" key now works when a word is already autocompleted.
- bpo-18489: Add tests for SearchEngine. Original patch by Phil Webster.
- bpo-18429: Format / Format Paragraph, now works when comment blocks are
selected. As with text blocks, this works best when the selection only
includes complete lines.
- bpo-18226: Add docstrings and unittests for FormatParagraph.py. Original

patches by Todd Rovito and Phil Webster.
- bpo-18279: Format - Strip trailing whitespace no longer marks a file as

changed when it has not been changed. This fix followed the addition of a
test file originally written by Phil Webster (the issue's main goal).
- bpo-18539: Calltips now work for float default arguments.
- bpo-7136: In the Idle File menu, "New Window" is renamed "New File". Patch
by Tal Einat, Roget Serwy, and Todd Rovito.
- bpo-8515: Set __file__ when run file in IDLE. Initial patch by Bruce
Frederiksen.
- bpo-5492: Avoid traceback when exiting IDLE caused by a race condition.
- bpo-17511: Keep IDLE find dialog open after clicking "Find Next". Original
patch by Sarah K.
- bpo-15392: Create a unittest framework for IDLE. Preliminary patch by

Rajagopalasarma Jayakrishnan See Lib/idlelib/idle_test/README.txt for how
to run Idle tests.
- bpo-14146: Highlight source line while debugging on Windows.
- bpo-17532: Always include Options menu for IDLE on OS X. Patch by

Guilherme Simões.
Tests
-----
- bpo-18919: Added tests for the sunau module. Unified and extended tests
for audio modules: aifc, sunau and wave.
- bpo-18792: Use "127.0.0.1" or "::1" instead of "localhost" as much as

possible, since "localhost" goes through a DNS lookup under recent Windows
versions.
- bpo-18357: add tests for dictview set difference. Patch by Fraser

Tweedale.
- bpo-11185: Fix test_wait4 under AIX. Patch by Sébastien Sablé.
- bpo-18094: test_uuid no more reports skipped tests as passed.
- bpo-11995: test_pydoc doesn't import all sys.path modules anymore.
Documentation
-------------
- bpo-18758: Fixed and improved cross-references.
- bpo-18718: datetime documentation contradictory on leap second support.
- bpo-17701: Improving strftime documentation.
- bpo-17844: Refactor a documentation of Python specific encodings. Add

links to encoders and decoders for binary-to-binary codecs.

=================================
Core and Builtins

-----------------
- bpo-15535: Fixed regression in the pickling of named tuples by removing

the __dict__ property introduced in 2.7.4.
- bpo-17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such

as was shipped with Centos 5 and Mac OS X 10.4.
- bpo-17703: Fix a regression where an illegal use of Py_DECREF() after

interpreter finalization can cause a crash.
- bpo-16447: Fixed potential segmentation fault when setting __name__ on a

class.
- bpo-17610: Don't rely on non-standard behavior of the C qsort() function.
Library
-------
- bpo-17979: Fixed the re module in build with --disable-unicode.
- bpo-17606: Fixed support of encoded byte strings in the XMLGenerator

.characters() and ignorableWhitespace() methods. Original patch by
Sebastian Ortiz Vasquez.
- bpo-16601: Restarting iteration over tarfile no more continues from where

it left off. Patch by Michael Birtwell.
- bpo-16584: in filecomp._cmp, catch IOError as well as os.error. Patch by

Till Maas.
- bpo-17926: Fix dbm.__contains__ on 64-bit big-endian machines.
- bpo-19267: Fix support of multibyte encoding (ex: UTF-16) in the logging

module.
- bpo-17918: When using SSLSocket.accept(), if the SSL handshake failed on

the new socket, the socket would linger indefinitely. Thanks to Peter
Saveliev for reporting.
- bpo-17289: The readline module now plays nicer with external modules or
applications changing the rl_completer_word_break_characters global
variable. Initial patch by Bradley Froehle.
- bpo-12181: select module: Fix struct kevent definition on OpenBSD 64-bit

platforms. Patch by Federico Schwindt.
- bpo-14173: Avoid crashing when reading a signal handler during interpreter

shutdown.
- bpo-16316: mimetypes now recognizes the .xz and .txz (.tar.xz) extensions.
- bpo-17192: Restore the patch for Issue #10309 which was ommitted in 2.7.4
when updating the bundled version of libffi used by ctypes.
- bpo-17843: Removed test data file that was triggering false-positive virus
warnings with certain antivirus software.
- bpo-17353: Plistlib emitted empty data tags with deeply nested

datastructures
- bpo-11714: Use 'with' statements to assure a Semaphore releases a

condition variable. Original patch by Thomas Rachel.
- bpo-17795: Reverted backwards-incompatible change in SysLogHandler with

Unix domain sockets.
- bpo-17555: Fix ForkAwareThreadLock so that size of after fork registry

does not grow exponentially with generation of process.
- bpo-17710: Fix cPickle raising a SystemError on bogus input.
- bpo-17341: Include the invalid name in the error messages from re about
invalid group names.
- bpo-17016: Get rid of possible pointer wraparounds and integer overflows

in the re module. Patch by Nickolai Zeldovich.
- bpo-17536: Add to webbrowser's browser list: xdg-open, gvfs-open, www-

browser, x-www- browser, chromium browsers, iceweasel, iceape.
- bpo-17656: Fix extraction of zip files with unicode member paths.
- bpo-17666: Fix reading gzip files with an extra field.
- bpo-13150: sysconfig no longer parses the Makefile and config.h files when
imported, instead doing it at build time. This makes importing sysconfig
faster and reduces Python startup time by 20%. (See also: bpo-17512)
- bpo-13163: Rename operands in smtplib.SMTP._get_socket to correct names;
fixes otherwise misleading output in tracebacks and when when debug is on.
- bpo-17526: fix an IndexError raised while passing code without filename to

inspect.findsource(). Initial patch by Tyler Doyle.
Build
-----
- bpo-17547: In configure, explicitly pass -Wformat for the benefit for GCC
4.8.
- bpo-17682: Add the _io module to Modules/Setup.dist (commented out).
- bpo-17086: Search the include and library directories provided by the

compiler.
Tests
-----
- bpo-17928: Fix test_structmembers on 64-bit big-endian machines.
- bpo-17883: Fix buildbot testing of Tkinter on Windows. Patch by Zachary

Ware.
- bpo-7855: Add tests for ctypes/winreg for issues found in IronPython.

Initial patch by Dino Viehland.
- bpo-17712: Fix test_gdb failures on Ubuntu 13.04.
- bpo-17065: Use process-unique key for winreg tests to avoid failures if

test is run multiple times in parallel (eg: on a buildbot host).
IDLE
----
- bpo-17838: Allow sys.stdin to be reassigned.
- bpo-14735: Update IDLE docs to omit "Control-z on Windows".
- bpo-17585: Fixed IDLE regression. Now closes when using exit() or quit().
- bpo-17657: Show full Tk version in IDLE's about dialog. Patch by Todd

Rovito.
- bpo-17613: Prevent traceback when removing syntax colorizer in IDLE.
- bpo-1207589: Backwards-compatibility patch for right-click menu in IDLE.
- bpo-16887: IDLE now accepts Cancel in tabify/untabify dialog box.
- bpo-14254: IDLE now handles readline correctly across shell restarts.
- bpo-17614: IDLE no longer raises exception when quickly closing a file.
- bpo-6698: IDLE now opens just an editor window when configured to do so.
- bpo-8900: Using keyboard shortcuts in IDLE to open a file no longer raises

an exception.
- bpo-6649: Fixed missing exit status in IDLE. Patch by Guilherme Polo.
- bpo-17390: Display Python version on Idle title bar. Initial patch by

Edmond Burnett.
Documentation
-------------
- bpo-15940: Specify effect of locale on time functions.
- bpo-6696: add documentation for the Profile objects, and improve

profile/cProfile docs. Patch by Tom Pinckney.

=================================
Build
-----
- bpo-17550: Fix the --enable-profiling configure switch.
Core and Builtins

-----------------
- bpo-15801: With string % formatting, relax the type check for a mapping
such that any type with a __getitem__ can be used on the right hand side.
IDLE
----
- bpo-17625: In IDLE, close the replace dialog after it is used.
Tests
-----
- bpo-17835: Fix test_io when the default OS pipe buffer size is larger than
one million bytes.
- bpo-17531: Fix tests that thought group and user ids were always the int
type. Also, always allow -1 as a valid group and user id.
- bpo-17533: Fix test_xpickle with older versions of Python 2.5.
Documentation
-------------
- bpo-17538: Document XML vulnerabilties

===============================================

Core and Builtins
-----------------
- bpo-10211: Buffer objects expose the new buffer interface internally
- bpo-16445: Fixed potential segmentation fault when deleting an exception

message.
- bpo-17275: Corrected class name in init error messages of the C version of

BufferedWriter and BufferedRandom.
- bpo-7963: Fixed misleading error message that issued when object is called
without arguments.
- bpo-5308: Raise ValueError when marshalling too large object (a sequence

with size >= 2**31), instead of producing illegal marshal data.
- bpo-17043: The unicode-internal decoder no longer read past the end of

input buffer.
- bpo-16979: Fix error handling bugs in the unicode-escape-decode decoder.
- bpo-10156: In the interpreter's initialization phase, unicode globals are

now initialized dynamically as needed.
- bpo-16975: Fix error handling bug in the escape-decode decoder.
- bpo-14850: Now a charmap decoder treats U+FFFE as "undefined mapping" in

any mapping, not only in a Unicode string.
- bpo-11461: Fix the incremental UTF-16 decoder. Original patch by Amaury

Forgeot d'Arc.
- bpo-16367: Fix FileIO.readall() on Windows for files larger than 2 GB.
- bpo-15516: Fix a bug in PyString_FromFormat where it failed to properly

ignore errors from a __int__() method.
- bpo-16839: Fix a segfault when calling unicode() on a classic class early

in interpreter initialization.
- bpo-16761: Calling `ìnt()`` and ``long()`` with *base* argument only now
raises TypeError.
- bpo-16759: Support the full DWORD (unsigned long) range in Reg2Py when
retrieving a REG_DWORD value. This corrects functions like
winreg.QueryValueEx that may have been returning truncated values.
- bpo-14420: Support the full DWORD (unsigned long) range in Py2Reg when
passed a REG_DWORD value. Fixes ValueError in winreg.SetValueEx when given
a long.
- bpo-13863: Work around buggy 'fstat' implementation on Windows / NTFS that

lead to incorrect timestamps (off by one hour) being stored in .pyc files
on some systems.
- bpo-16602: When a weakref's target was part of a long deallocation chain,

the object could remain reachable through its weakref even though its
refcount had dropped to zero.
- bpo-9011: Fix hacky AST code that modified the CST when compiling a
negated numeric literal.
- bpo-16306: Fix multiple error messages when unknown command line

parameters where passed to the interpreter. Patch by Hieu Nguyen.
- bpo-15379: Fix passing of non-BMP characters as integers for the charmap

decoder (already working as unicode strings). Patch by Serhiy Storchaka.
- bpo-16453: Fix equality testing of dead weakref objects.
- bpo-9535: Fix pending signals that have been received but not yet handled
by Python to not persist after os.fork() in the child process.
- bpo-15001: fix segfault on "del sys.modules['__main__']". Patch by Victor

Stinner.
- bpo-5057: the peepholer no longer optimizes subscription on unicode

literals (e.g. u'foo'[0]) in order to produce compatible pyc files between
narrow and wide builds.
- bpo-8401: assigning an int to a bytearray slice (e.g. b[3:4] = 5) now

raises an error.
- bpo-14700: Fix buggy overflow checks for large width and precision in
string formatting operations.
- bpo-16345: Fix an infinite loop when ``fromkeys`` on a dict subclass

received a nonempty dict from the constructor.
- bpo-6074: Ensure cached bytecode files can always be updated by the user
that created them, even when the source file is read-only.
- bpo-14783: Improve int() and long() docstrings and switch docstrings for
unicode(), slice(), range(), and xrange() to use multi-line signatures.
- bpo-16030: Fix overflow bug in computing the `repr` of an xrange object

with large start, step or length.
- bpo-16029: Fix overflow bug occurring when pickling xranges with large
start, step or length.
- bpo-16037: Limit httplib's _read_status() function to work around broken

HTTP servers and reduce memory usage. It's actually a backport of a Python
3.2 fix. Thanks to Adrien Kunysz.
- bpo-16588: Silence unused-but-set warnings in Python/thread_pthread
- bpo-13992: The trashcan mechanism is now thread-safe. This eliminates

sporadic crashes in multi-thread programs when several long deallocator
chains ran concurrently and involved subclasses of built-in container
types.
- bpo-15801: Make sure mappings passed to '%' formatting are actually

subscriptable.
- bpo-15604: Update uses of PyObject_IsTrue() to check for and handle errors

correctly. Patch by Serhiy Storchaka.
- bpo-14579: Fix error handling bug in the utf-16 decoder. Patch by Serhiy
Storchaka.
- bpo-15368: An issue that caused bytecode generation to be non-

deterministic when using randomized hashing (-R) has been fixed.
- bpo-15897: zipimport.c doesn't check return value of fseek(). Patch by

Felipe Cruz.
- bpo-16369: Global PyTypeObjects not initialized with PyType_Ready(...).
- bpo-15033: Fix the exit status bug when modules invoked using -m switch,
return the proper failure return value (1). Patch contributed by Jeff
Knupp.
- bpo-12268: File readline, readlines and read() methods no longer lose data
when an underlying read system call is interrupted. IOError is no longer
raised due to a read system call returning EINTR from within these
methods.
- bpo-13512: Create ~/.pypirc securely (CVE-2011-4944). Initial patch by

Philip Jenvey, tested by Mageia and Debian.
- bpo-7719: Make distutils ignore ``.nfs*`` files instead of choking later

on. Initial patch by SilentGhost and Jeff Ramnani.
- bpo-10053: Don't close FDs when FileIO.__init__ fails. Loosely based on

the work by Hirokazu Yamamoto.
- bpo-14775: Fix a potential quadratic dict build-up due to the garbage

collector repeatedly trying to untrack dicts.
- bpo-14494: Fix __future__.py and its documentation to note that absolute

imports are the default behavior in 3.0 instead of 2.7. Patch by Sven
Marnach.
- bpo-14761: Fix potential leak on an error case in the import machinery.
- bpo-14699: Fix calling the classmethod descriptor directly.
- bpo-11603: Setting __repr__ to __str__ now raises a RuntimeError when

repr() or str() is called on such an object.
- bpo-14658: Fix binding a special method to a builtin implementation of a

special method with a different name.
- bpo-14612: Fix jumping around with blocks by setting f_lineno.
- bpo-13889: Check and (if necessary) set FPU control word before calling
any of the dtoa.c string <-> float conversion functions, on MSVC builds of
Python. This fixes issues when embedding Python in a Delphi app.
- bpo-14505: Fix file descriptor leak when deallocating file objects created
with PyFile_FromString().
- bpo-14474: Save and restore exception state in thread.start_new_thread()

while writing error message if the thread leaves an unhandled exception.
- bpo-13019: Fix potential reference leaks in bytearray.extend(). Patch by
Suman Saha.
- bpo-14378: Fix compiling ast.ImportFrom nodes with a "__future__" string

as the module name that was not interned.
- bpo-14331: Use significantly less stack space when importing modules by

allocating path buffers on the heap instead of the stack.
- bpo-14334: Prevent in a segfault in type.__getattribute__ when it was not

passed strings. Also fix segfaults in the __getattribute__ and __setattr__
methods of old-style classes.
- bpo-14161: fix the __repr__ of file objects to escape the file name.
- bpo-1469629: Allow cycles through an object's __dict__ slot to be

collected. (For example if ``x.__dict__ is x``).
- bpo-13521: dict.setdefault() now does only one lookup for the given key,
making it "atomic" for many purposes. Patch by Filip Gruszczyński.
- bpo-1602133: on Mac OS X a shared library build (``--enable-shared``) now

fills the `òs.environ`` variable correctly.
- bpo-10538: When using the "s*" code with PyArg_ParseTuple() to fill a

Py_buffer structure with data from an object supporting only the old
PyBuffer interface, a reference to the source objects is now properly
added to the Py_buffer.obj member.
Library
-------
- bpo-12718: Fix interaction with winpdb overriding __import__ by setting

importer attribute on BaseConfigurator instance.
- bpo-17521: Corrected non-enabling of logger following two calls to

fileConfig().
- bpo-17508: Corrected MemoryHandler configuration in dictConfig() where the

target handler wasn't configured first.
- bpo-10212: cStringIO and struct.unpack support new buffer objects.
- bpo-12098: multiprocessing on Windows now starts child processes using the

same sys.flags as the current process. Initial patch by Sergey Mezentsev.
- bpo-8862: Fixed curses cleanup when getkey is interrupted by a signal.
- bpo-9090: When a socket with a timeout fails with EWOULDBLOCK or EAGAIN,

retry the select() loop instead of bailing out. This is because select()
can incorrectly report a socket as ready for reading (for example, if it
received some data with an invalid checksum).
- bpo-1285086: Get rid of the refcounting hack and speed up

urllib.unquote().
- bpo-17368: Fix an off-by-one error in the Python JSON decoder that caused
a failure while decoding empty object literals when object_pairs_hook was
specified.
- bpo-17278: Fix a crash in heapq.heappush() and heapq.heappop() when the
list is being resized concurrently.
- bpo-17018: Make Process.join() retry if os.waitpid() fails with EINTR.
- bpo-14720: sqlite3: Convert datetime microseconds correctly. Patch by Lowe

Thiderman.
- bpo-17225: JSON decoder now counts columns in the first line starting with
1, as in other lines.
- bpo-7842: backported fix for py_compile.compile() syntax error handling.
- bpo-13153: Tkinter functions now raise TclError instead of ValueError when

a unicode argument contains non-BMP character.
- bpo-9669: Protect re against infinite loops on zero-width matching in non-

greedy repeat. Patch by Matthew Barnett.
- bpo-13169: The maximal repetition number in a regular expression has been

increased from 65534 to 2147483647 (on 32-bit platform) or 4294967294 (on
64-bit).
- bpo-16743: Fix mmap overflow check on 32 bit Windows.
- bpo-11311: StringIO.readline(0) now returns an empty string as all other

file-like objects.
- bpo-16800: tempfile.gettempdir() no longer left temporary files when the

disk is full. Original patch by Amir Szekely.
- bpo-13555: cPickle now supports files larger than 2 GiB.
- bpo-17052: unittest discovery should use self.testLoader.
- bpo-4591: Uid and gid values larger than 2**31 are supported now.
- bpo-17141: random.vonmisesvariate() no more hangs for large kappas.
- bpo-17149: Fix random.vonmisesvariate to always return results in the

range [0, 2*math.pi].
- bpo-1470548: XMLGenerator now works with UTF-16 and UTF-32 encodings.
- bpo-6975: os.path.realpath() now correctly resolves multiple nested

symlinks on POSIX platforms.
- bpo-7358: cStringIO.StringIO now supports writing to and reading from a

stream larger than 2 GiB on 64-bit systems.
- bpo-10355: In SpooledTemporaryFile class mode and name properties and

xreadlines method now work for unrolled files. encoding and newlines
properties now removed as they have no sense and always produced
AttributeError.
- bpo-16686: Fixed a lot of bugs in audioop module. Fixed crashes in

avgpp(), maxpp() and ratecv(). Fixed an integer overflow in add(),
bias(), and ratecv(). reverse(), lin2lin() and ratecv() no more lose
precision for 32-bit samples. max() and rms() no more returns a negative
result and various other functions now work correctly with 32-bit sample
-0x80000000.
- bpo-17073: Fix some integer overflows in sqlite3 module.
- bpo-6083: Fix multiple segmentation faults occurred when PyArg_ParseTuple

parses nested mutating sequence.
- bpo-5289: Fix ctypes.util.find_library on Solaris.
- bpo-17106: Fix a segmentation fault in io.TextIOWrapper when an underlying

stream or a decoder produces data of an unexpected type (i.e. when
io.TextIOWrapper initialized with text stream or use bytes-to-bytes
codec).
- bpo-13994: Add compatibility alias in distutils.ccompiler for

distutils.sysconfig.customize_compiler.
- bpo-15633: httplib.HTTPResponse is now mark closed when the server sends

less than the advertised Content-Length.
- bpo-15881: Fixed atexit hook in multiprocessing.
- bpo-14340: Upgrade the embedded expat library to version 2.1.0.
- bpo-11159: SAX parser now supports unicode file names.
- bpo-6972: The zipfile module no longer overwrites files outside of its

destination path when extracting malicious zip files.
- bpo-17049: Localized calendar methods now return unicode if a locale

includes an encoding and the result string contains month or weekday (was
regression from Python 2.6).
- bpo-4844: ZipFile now raises BadZipfile when opens a ZIP file with an
incomplete "End of Central Directory" record. Original patch by Guilherme
Polo and Alan McIntyre.
- bpo-15505: ùnittest.installHandler` no longer assumes SIGINT handler is

set to a callable object.
- bpo-17051: Fix a memory leak in os.path.isdir() on Windows. Patch by

Robert Xiao.
- bpo-13454: Fix a crash when deleting an iterator created by

itertools.tee() if all other iterators were very advanced before.
- bpo-16992: On Windows in signal.set_wakeup_fd, validate the file

descriptor argument.
- bpo-15861: tkinter now correctly works with lists and tuples containing
strings with whitespaces, backslashes or unbalanced braces.
- bpo-10527: Use poll() instead of select() for multiprocessing pipes.
- bpo-9720: zipfile now writes correct local headers for files larger than 4
GiB.
- bpo-13899: \A, \Z, and \B now correctly match the A, Z, and B literals
when used inside character classes (e.g. '[\A]'). Patch by Matthew
Barnett.
- bpo-16398: Optimize deque.rotate() so that it only moves pointers and

doesn't touch the underlying data with increfs and decrefs.
- bpo-15109: Fix regression in sqlite3's iterdump method where it would die

with an encoding error if the database contained string values containing
non-ASCII. (Regression was introduced by fix for 9750).
- bpo-15545: Fix regression in sqlite3's iterdump method where it was

failing if the connection used a row factory (such as sqlite3.Row) that
produced unsortable objects. (Regression was introduced by fix for 9750).
- bpo-16828: Fix error incorrectly raised by bz2.compress(''). Patch by

Martin Packman.
- bpo-9586: Redefine SEM_FAILED on MacOSX to keep compiler happy.
- bpo-10527: make multiprocessing use poll() instead of select() if

available.
- bpo-16485: Now file descriptors are closed if file header patching failed
on closing an aifc file.
- bpo-12065: connect_ex() on an SSL socket now returns the original errno

when the socket's timeout expires (it used to return None).
- bpo-16713: Fix the parsing of tel url with params using urlparse module.
- bpo-16443: Add docstrings to regular expression match objects. Patch by

Anton Kasyanov.
- bpo-8853: Allow port to be of type long for socket.getaddrinfo().
- bpo-16597: In buffered and text IO, call close() on the underlying stream
if invoking flush() fails.
- bpo-15701: Fix HTTPError info method call to return the headers

information.
- bpo-16646: ftplib.FTP.makeport() might lose socket error details. (patch

by Serhiy Storchaka)
- bpo-16626: Fix infinite recursion in glob.glob() on Windows when the

pattern contains a wildcard in the drive or UNC path. Patch by Serhiy
Storchaka.
- bpo-16298: In HTTPResponse.read(), close the socket when there is no

Content-Length and the incoming stream is finished. Patch by Eran
Rundstein.
- bpo-16248: Disable code execution from the user's home directory by

tkinter when the -E flag is passed to Python. Patch by Zachary Ware.
- bpo-16628: Fix a memory leak in ctypes.resize().
- bpo-13614: Fix setup.py register failure with invalid rst in description.

Patch by Julien Courteau and Pierre Paul Lefebvre.
- bpo-10182: The re module doesn't truncate indices to 32 bits anymore.

Patch by Serhiy Storchaka.
- bpo-16573: In 2to3, treat enumerate() like a consuming call, so

superfluous list() calls aren't added to filter(), map(), and zip() which
are directly passed enumerate().
- bpo-1160: Fix compiling large regular expressions on UCS2 builds. Patch by

Serhiy Storchaka.
- bpo-14313: zipfile now raises NotImplementedError when the compression

type is unknown.
- bpo-16408: Fix file descriptors not being closed in error conditions in

the zipfile module. Patch by Serhiy Storchaka.
- bpo-16327: The subprocess module no longer leaks file descriptors used for
stdin/stdout/stderr pipes to the child when fork() fails.
- bpo-14396: Handle the odd rare case of waitpid returning 0 when not
expected in subprocess.Popen.wait().
- bpo-16411: Fix a bug where zlib.decompressobj().flush() might try to

access previously- freed memory. Patch by Serhiy Storchaka.
- bpo-16350: zlib.decompressobj().decompress() now accumulates data from

successive calls after EOF in unused_data, instead of only saving the
argument to the last call. decompressobj().flush() now correctly sets
unused_data and unconsumed_tail. A bug in the handling of MemoryError when
setting the unconsumed_tail attribute has also been fixed. Patch by Serhiy
Storchaka.
- bpo-12759: sre_parse now raises a proper error when the name of the group
is missing. Initial patch by Serhiy Storchaka.
- bpo-16152: fix tokenize to ignore whitespace at the end of the code when
no newline is found. Patch by Ned Batchelder.
- bpo-16230: Fix a crash in select.select() when one of the lists changes

size while iterated on. Patch by Serhiy Storchaka.
- bpo-16228: Fix a crash in the json module where a list changes size while
it is being encoded. Patch by Serhiy Storchaka.
- bpo-14897: Enhance error messages of struct.pack and struct.pack_into.

Patch by Matti Mäki.
- bpo-12890: cgitb no longer prints spurious <p> tags in text mode when the
logdir option is specified.
- bpo-14398: Fix size truncation and overflow bugs in the bz2 module.
- bpo-5148: Ignore 'U' in mode given to gzip.open() and gzip.GzipFile().
- bpo-16220: wsgiref now always calls close() on an iterable response. Patch

by Brent Tubbs.
- bpo-16461: Wave library should be able to deal with 4GB wav files, and
sample rate of 44100 Hz.
- bpo-16176: Properly identify Windows 8 via platform.platform()
- bpo-15756: subprocess.poll() now properly handles errno.ECHILD to return a

returncode of 0 when the child has already exited or cannot be waited on.
- bpo-12376: Pass on parameters in TextTestResult.__init__ super call
- bpo-15222: Insert blank line after each message in mbox mailboxes
- bpo-16013: Fix CSV Reader parsing issue with ending quote characters.
Patch by Serhiy Storchaka.
- bpo-15421: fix an OverflowError in Calendar.itermonthdates() after

datetime.MAXYEAR. Patch by Cédric Krier.
- bpo-15970: xml.etree.ElementTree now serializes correctly the empty HTML

elements 'meta' and 'param'.
- bpo-15676: Now "mmap" check for empty files before doing the offset check.
Patch by Steven Willis.
- bpo-15340: Fix importing the random module when /dev/urandom cannot be

opened. This was a regression caused by the hash randomization patch.
- bpo-15841: The readable(), writable() and seekable() methods of io.BytesIO

and io.StringIO objects now raise ValueError when the object has been
closed. Patch by Alessandro Moura.
- bpo-16112: platform.architecture does not correctly escape argument to

/usr/bin/file. Patch by David Benjamin.
- bpo-12776: call argparse type function (specified by add_argument) only

once. Before, the type function was called twice in the case where the
default was specified and the argument was given as well. This was
especially problematic for the FileType type, as a default file would
always be opened, even if a file argument was specified on the command
line. (See also: bpo-11839)
- bpo-15906: Fix a regression in argparse caused by the preceding change,

when action='append', type='str' and default=[].
- bpo-13370: Ensure that ctypes works on Mac OS X when Python is compiled

using the clang compiler
- bpo-15544: Fix Decimal.__float__ to work with payload-carrying NaNs.
- bpo-15199: Fix JavaScript's default MIME type to application/javascript.

Patch by Bohuslav Kabrda.
- bpo-15477: In cmath and math modules, add workaround for platforms whose
system- supplied log1p function doesn't respect signs of zeros.
- bpo-11062: Fix adding a message from file to Babyl mailbox.
- bpo-15646: Prevent equivalent of a fork bomb when using multiprocessing on

Windows without the "if __name__ == '__main__'" idiom.
- bpo-15567: Fix NameError when running threading._test
- bpo-15424: Add a __sizeof__ implementation for array objects. Patch by

Ludwig Hähne.
- bpo-15538: Fix compilation of the getnameinfo() / getaddrinfo() emulation

code. Patch by Philipp Hagemeister.
- bpo-12288: Consider '0' and '0.0' as valid initialvalue for tkinter

SimpleDialog.
- bpo-15489: Add a __sizeof__ implementation for BytesIO objects. Patch by

Serhiy Storchaka.
- bpo-15469: Add a __sizeof__ implementation for deque objects. Patch by

Serhiy Storchaka.
- bpo-15487: Add a __sizeof__ implementation for buffered I/O objects. Patch

by Serhiy Storchaka.
- bpo-15512: Add a __sizeof__ implementation for parser. Patch by Serhiy

Storchaka.
- bpo-15402: An issue in the struct module that caused sys.getsizeof to

return incorrect results for struct.Struct instances has been fixed.
Initial patch by Serhiy Storchaka.
- bpo-15232: when mangle_from is True, email.Generator now correctly mangles

lines that start with 'From ' that occur in a MIME preamble or epilog.
- bpo-13922: argparse no longer incorrectly strips '--'s that appear after

the first one.
- bpo-12353: argparse now correctly handles null argument values.
- bpo-6493: An issue in ctypes on Windows that caused structure bitfields of

type ctypes.c_uint32 and width 32 to incorrectly be set has been fixed.
- bpo-14635: telnetlib will use poll() rather than select() when possible to
avoid failing due to the select() file descriptor limit.
- bpo-15247: FileIO now raises an error when given a file descriptor

pointing to a directory.
- bpo-14591: Fix bug in Random.jumpahead that could produce an invalid

Mersenne Twister state on 64-bit machines.
- bpo-5346: Preserve permissions of mbox, MMDF and Babyl mailbox files on

flush().
- bpo-15219: Fix a reference leak when hashlib.new() is called with invalid

parameters.
- bpo-9559: If messages were only added, a new file is no longer created and
renamed over the old file when flush() is called on an mbox, MMDF or Babyl
mailbox.
- bpo-14653: email.utils.mktime_tz() no longer relies on system mktime()

when timezone offest is supplied.
- bpo-6056: Make multiprocessing use setblocking(True) on the sockets it

uses. Original patch by J Derek Wilson.
- bpo-15101: Make pool finalizer avoid joining current thread.
- bpo-15054: A bug in tokenize.tokenize that caused string literals with 'b'

and 'br' prefixes to be incorrectly tokenized has been fixed. Patch by
Serhiy Storchaka.
- bpo-15036: Mailbox no longer throws an error if a flush is done between

operations when removing or changing multiple items in mbox, MMDF, or
Babyl mailboxes.
- bpo-10133: Make multiprocessing deallocate buffer if socket read fails.

Patch by Hallvard B Furuseth.
- bpo-13854: Make multiprocessing properly handle non-integer non-string

argument to SystemExit.
- bpo-12157: Make pool.map() empty iterables correctly. Initial patch by

mouad.
- bpo-14036: Add an additional check to validate that port in urlparse does

not go in illegal range and returns None.
- bpo-14888: Fix misbehaviour of the _md5 module when called on data larger
than 2**32 bytes.
- bpo-15908: Fix misbehaviour of the sha1 module when called on data larger
than 2**32 bytes.
- bpo-15910: Fix misbehaviour of _md5 and sha1 modules when "updating" on

data larger than 2**32 bytes.
- bpo-14875: Use float('inf') instead of float('1e66666') in the json

module.
- bpo-14572: Prevent build failures with pre-3.5.0 versions of sqlite3, such

as was shipped with Centos 5 and Mac OS X 10.4.
- bpo-14426: Correct the Date format in Expires attribute of Set-Cookie

Header in Cookie.py.
- bpo-14721: Send proper header, Content-length: 0 when the body is an empty

string ''. Initial Patch contributed by Arve Knudsen.
- bpo-14072: Fix parsing of 'tel' URIs in urlparse by making the check for
ports stricter.
- bpo-9374: Generic parsing of query and fragment portions of url for any
scheme. Supported both by RFC3986 and RFC2396.
- bpo-14798: Fix the functions in pyclbr to raise an ImportError when the

first part of a dotted name is not a package. Patch by Xavier de Gaye.
- bpo-14832: fixed the order of the argument references in the error message
produced by unittest's assertItemsEqual.
- bpo-14829: Fix bisect issues under 64-bit Windows.
- bpo-14777: tkinter may return undecoded UTF-8 bytes as a string when

accessing the Tk clipboard. Modify clipboard_get() to first request type
UTF8_STRING when no specific type is requested in an X11 windowing
environment, falling back to the current default type STRING if that
fails. Original patch by Thomas Kluyver.
- bpo-12541: Be lenient with quotes around Realm field with HTTP Basic
Authentation in urllib2.
- bpo-14662: Prevent shutil failures on OS X when destination does not

support chflag operations. Patch by Hynek Schlawack.
- bpo-14157: Fix time.strptime failing without a year on February 29th.

Patch by Hynek Schlawack.
- bpo-14768: os.path.expanduser('~/a') doesn't work correctly when HOME is

'/'.
- bpo-13183: Fix pdb skipping frames after hitting a breakpoint and running
step. Patch by Xavier de Gaye.
- bpo-14664: It is now possible to use @unittest.skip{If,Unless} on a test

class that doesn't inherit from TestCase (i.e. a mixin).
- bpo-14160: TarFile.extractfile() failed to resolve symbolic links when the

links were not located in an archive subdirectory.
- bpo-14638: pydoc now treats non-string __name__ values as if they were

missing, instead of raising an error.
- bpo-13684: Fix httplib tunnel issue of infinite loops for certain sites
which send EOF without trailing \r\n.
- bpo-14308: Fix an exception when a "dummy" thread is in the threading

module's active list after a fork().
- bpo-14538: HTMLParser can now parse correctly start tags that contain a
bare '/'.
- bpo-14452: SysLogHandler no longer inserts a UTF-8 BOM into the message.
- bpo-13496: Fix potential overflow in bisect.bisect algorithm when applied

to a collection of size > sys.maxsize / 2.
- bpo-14399: zipfile now recognizes that the archive has been modified even
if only the comment is changed. As a consequence of this fix, ZipFile is
now a new style class.
- bpo-7978: SocketServer now restarts the select() call when EINTR is

returned. This avoids crashing the server loop when a signal is received.
Patch by Jerzy Kozera.
- bpo-10340: asyncore - properly handle EINVAL in dispatcher constructor on

OSX; avoid to call handle_connect in case of a disconnected socket which
was not meant to connect.
- bpo-12757: Fix the skipping of doctests when python is run with -OO so
that it works in unittest's verbose mode as well as non-verbose mode.
- bpo-13694: asynchronous connect in asyncore.dispatcher does not set addr

attribute.
- bpo-10484: Fix the CGIHTTPServer's PATH_INFO handling problem.
- bpo-11199: Fix the with urllib which hangs on particular ftp urls.
- bpo-14252: Fix subprocess.Popen.terminate() to not raise an error under

Windows when the child process has already exited.
- bpo-14195: An issue that caused weakref.WeakSet instances to incorrectly

return True for a WeakSet instance 'a' in both 'a < a' and 'a > a' has
been fixed.
- bpo-14159: Fix the len() of weak sets to return a better approximation

when some objects are dead or dying. Moreover, the implementation is now
O(1) rather than O(n).
- bpo-2945: Make the distutils upload command aware of bdist_rpm products.
- bpo-6884: Fix long-standing bugs with MANIFEST.in parsing in distutils on

Windows.
- bpo-16441: Avoid excessive memory usage working with large gzip files
using the gzip module.
- bpo-15782: Prevent compile errors of OS X Carbon modules _Fm, _Qd, and

_Qdoffs when compiling with an SDK of 10.7 or later. The OS X APIs they
wrap have long been deprecated and have now been removed with 10.7. These
modules were already empty for 64-bit builds and have been removed in
Python 3.
- bpo-17477: Update the bsddb module to pybsddb 5.3.0, supporting db-5.x,

and dropping support for db-4.1 and db-4.2.
- bpo-17192: Update the ctypes module's libffi to v3.0.13. This

specifically addresses a stack misalignment issue on x86 and issues on
some more recent platforms.
- bpo-12268: The io module file object write methods no longer abort early
when a write system calls is interrupted (EINTR).
- Fix the leak of a dict in the time module when used in an embedded
interpreter that is repeatedly initialized and shutdown and reinitialized.
- bpo-12268: File readline, readlines and read or readall methods no longer

lose data when an underlying read system call is interrupted within an io
module object. IOError is no longer raised due to a read system call
returning EINTR from within these methods.
- bpo-16012: Fix a regression in pyexpat. The parser's UseForeignDTD()

method doesn't require an argument again.
- bpo-13590: OS X Xcode 4 - improve support for universal extension modules

In particular, fix extension module build failures when trying to use
32-bit- only installer Pythons on systems with Xcode 4 (currently OS X
10.8, 10.7, and optionally 10.6). * Backport 3.3.0 fixes to 2.7 branch
(for release in 2.7.4) * Since Xcode 4 removes ppc support, extension
module builds now check for ppc compiler support and by default remove ppc
and ppc64 archs when they are not available. * Extension module builds
now revert to using system installed headers and libs (/usr and
/System/Library) if the SDK used to build the interpreter is not
installed or has moved. * Try to avoid building extension modules with
deprecated and problematic Apple llvm-gcc compiler. If original
compiler is not available, use clang instead by default.
IDLE
----
- IDLE was displaying spurious SystemExit tracebacks when running scripts

that terminated by raising SystemExit (i.e. unittest and turtledemo).
- bpo-9290: In IDLE the sys.std* streams now implement io.TextIOBase

interface and support all mandatory methods and properties.
- bpo-16829: IDLE printing no longer fails if there are spaces or other

special characters in the file path.
- bpo-16819: IDLE method completion now correctly works for unicode

literals.
- bpo-16504: IDLE now catches SyntaxErrors raised by tokenizer. Patch by

Roger Serwy.
- bpo-1207589: Add Cut/Copy/Paste items to IDLE right click Context Menu.

Patch by Todd Rovito.
- bpo-13052: Fix IDLE crashing when replace string in Search/Replace dialog

ended with '\'. Patch by Roger Serwy.
- bpo-9803: Don't close IDLE on saving if breakpoint is open. Patch by Roger

Serwy.
- bpo-14958: Change IDLE systax highlighting to recognize all string and

byte literals currently supported in Python 2.7.
- bpo-14962: Update text coloring in IDLE shell window after changing

options. Patch by Roger Serwy.
- bpo-10997: Prevent a duplicate entry in IDLE's "Recent Files" menu.
- bpo-12510: Attempting to get invalid tooltip no longer closes IDLE.

Original patch by Roger Serwy.
- bpo-10365: File open dialog now works instead of crashing even when parent
window is closed. Patch by Roger Serwy.
- bpo-14876: Use user-selected font for highlight configuration. Patch by

Roger Serwy.
- bpo-14409: IDLE now properly executes commands in the Shell window when it
cannot read the normal config files on startup and has to use the built-in
default key bindings. There was previously a bug in one of the defaults.
- bpo-3573: IDLE hangs when passing invalid command line args

(directory(ies) instead of file(s)) (Patch by Guilherme Polo)
- bpo-5219: Prevent event handler cascade in IDLE.
- bpo-15318: Prevent writing to sys.stdin.
- bpo-13532: Check that arguments to sys.stdout.write are strings. (See

also: bpo-15319)
- bpo-10365: File open dialog now works instead of crashing even when parent
window is closed while dialog is open.
- bpo-14018: Update checks for unstable system Tcl/Tk versions on OS X to

include versions shipped with OS X 10.7 and 10.8 in addition to 10.6.
- bpo-15853: Prevent IDLE crash on OS X when opening Preferences menu with

certain versions of Tk 8.5. Initial patch by Kevin Walzer.
Tests
-----
- bpo-16702: test_urllib2_localnet tests now correctly ignores proxies for

localhost tests.
- bpo-13447: Add a test file to host regression tests for bugs in the
scripts found in the Tools directory.
- bpo-11420: make test suite pass with -B/DONTWRITEBYTECODE set. Initial

patch by Thomas Wouters.
- bpo-17299: Add test coverage for cPickle with file objects and general IO
objects. Original patch by Aman Shah.
- bpo-11963: remove human verification from test_parser and test_subprocess.
- bpo-17249: convert a test in test_capi to use unittest and reap threads.
- We now run both test_email.py and test_email_renamed.py when running the

test_email regression test. test_email_renamed contains some tests that
test_email does not.
- bpo-17041: Fix testing when Python is configured with the --without-doc-

strings option.
- bpo-15539: Added regression tests for Tools/scripts/pindent.py.
- bpo-15324: Fix regrtest parsing of --fromfile and --randomize options.
- bpo-16618: Add more regression tests for glob. Patch by Serhiy Storchaka.
- bpo-16664: Add regression tests for glob's behaviour concerning entries

starting with a ".". Patch by Sebastian Kreft.
- bpo-15747: ZFS always returns EOPNOTSUPP when attempting to set the

UF_IMMUTABLE flag (via either chflags or lchflags); refactor affected
tests in test_posix.py to account for this.
- bpo-16549: Add tests for json.tools. Initial patch by Berker Peksag and
Serhiy Storchaka.
- bpo-16559: Add more tests for the json module, including some from the
official test suite at json.org. Patch by Serhiy Storchaka.
- bpo-16274: Fix test_asyncore on Solaris. Patch by Giampaolo Rodola'.
- bpo-15040: Close files in mailbox tests for PyPy compatibility. Original

patch by Matti Picus.
- bpo-15802: Fix test logic in TestMaildir.test_create_tmp. Patch by Serhiy

Storchaka.
- bpo-15765: Extend a previous fix to Solaris and OpenBSD for quirky

getcwd() behaviour (issue #9185) to NetBSD as well.
- bpo-15615: Add some tests for the json module's handling of invalid input
data. Patch by Kushal Das.
- bpo-15496: Add directory removal helpers for tests on Windows. Patch by

Jeremy Kloth.
- bpo-15043: test_gdb is now skipped entirely if gdb security settings block

loading of the gdb hooks
- bpo-14589: Update certificate chain for sha256.tbs-internet.com, fixing a

test failure in test_ssl.
- bpo-16698: Skip posix test_getgroups when built with OS X deployment

target prior to 10.6.
- bpo-17111: Prevent test_surrogates (test_fileio) failure on OS X 10.4.
Build
-----
- bpo-17425: Build against openssl 0.9.8y on Windows.
- bpo-16004: Add `make touch`.
- bpo-5033: Fix building of the sqlite3 extension module when the SQLite
library version has "beta" in it. Patch by Andreas Pelme.
- bpo-17228: Fix building without pymalloc.
- bpo-17086: Backport the patches from the 3.3 branch to cross-build the
package.
- bpo-3754: fix typo in pthread AC_CACHE_VAL.
- bpo-17029: Let h2py search the multiarch system include directory.
- bpo-16953: Fix socket module compilation on platforms with

HAVE_BROKEN_POLL. Patch by Jeffrey Armstrong.
- bpo-16836: Enable IPv6 support even if IPv6 is disabled on the build host.
- bpo-15923: fix a mistake in asdl_c.py that resulted in a TypeError after

2801bf875a24 (see #15801).
- bpo-11715: Fix multiarch detection without having Debian development tools
(dpkg-dev) installed.
- bpo-15819: Make sure we can build Python out-of-tree from a readonly

source directory. (Somewhat related to Issue #9860.)
- bpo-15822: Ensure 2to3 grammar pickles are properly installed.
- bpo-15560: Fix building _sqlite3 extension on OS X with an SDK.
- bpo-8847: Disable COMDAT folding in Windows PGO builds.
- bpo-14018: Fix OS X Tcl/Tk framework checking when using OS X SDKs.
- bpo-16256: OS X installer now sets correct permissions for doc directory.
- bpo-8767: Restore building with --disable-unicode. Patch by Stefano

Taschini.
- Build against bzip2 1.0.6 and openssl 0.9.8x on Windows.
- bpo-14557: Fix extensions build on HP-UX. Patch by Adi Roiban.
- bpo-14437: Fix building the _io module under Cygwin.
- bpo-15587: Enable Tk high-resolution text rendering on Macs with Retina

displays. Applies to Tkinter apps, such as IDLE, on OS X framework builds
linked with Cocoa Tk 8.5.
- bpo-17161: make install now also installs a python2 and python man page.
- bpo-16848: python-config now returns proper --ldflags values for OS X

framework builds.
Tools/Demos
-----------
- bpo-17156: pygettext.py now correctly escapes non-ascii characters.
- bpo-15539: Fix a number of bugs in Tools/scripts/pindent.py. Now

pindent.py works with a "with" statement. pindent.py no longer produces
improper indentation. pindent.py now works with continued lines broken
after "class" or "def" keywords and with continuations at the start of
line.
- bpo-16476: Fix json.tool to avoid including trailing whitespace.
- bpo-13301: use ast.literal_eval() instead of eval() in

Tools/i18n/msgfmt.py. Patch by Serhiy Storchaka.
Documentation
-------------
- bpo-15041: Update "see also" list in tkinter documentation.
- bpo-17412: update 2.7 Doc/make.bat to also use sphinx-1.0.7.
- bpo-17047: remove doubled words in docs and docstrings reported by Serhiy

Storchaka and Matthew Barnett.
- bpo-16406: combine the pages for uploading and registering to PyPI.
- bpo-16403: Document how distutils uses the maintainer field in PKG-INFO.

Patch by Jyrki Pulliainen.
- bpo-16695: Document how glob handles filenames starting with a dot.

Initial patch by Jyrki Pulliainen.
- bpo-8890: Stop advertising an insecure practice by replacing uses of the

/tmp directory with better alternatives in the documentation. Patch by
Geoff Wilson.
- bpo-17203: add long option names to unittest discovery docs.
- bpo-13094: add "Why do lambdas defined in a loop with different values all
return the same result?" programming FAQ.
- bpo-14901: Update portions of the Windows FAQ. Patch by Ashish Nitin

Patil.
- bpo-15990: Improve argument/parameter documentation.
- bpo-16400: Update the description of which versions of a given package

PyPI displays.
- bpo-15677: Document that zlib and gzip accept a compression level of 0 to

mean 'no compression'. Patch by Brian Brazil.
- bpo-8040: added a version switcher to the documentation. Patch by Yury

Selivanov.
- bpo-16115: Improve subprocess.Popen() documentation around args, shell,

and executable arguments.
- bpo-15979: Improve timeit documentation.
- bpo-16036: Improve documentation of built-in int()'s signature and

arguments.
- bpo-15935: Clarification of argparse docs, re: add_argument() type and

default arguments. Patch contributed by Chris Jerdonek.
- bpo-13769: Document the effect of ensure_ascii to the return type of JSON

decoding functions.
- bpo-14880: Fix kwargs notation in csv.reader, .writer & .register_dialect.

Patch by Chris Rebert.
- bpo-14674: Add a discussion of the json module's standard compliance.

Patch by Chris Rebert.
- bpo-15630: Add an example for "continue" stmt in the tutorial. Patch by

Daniel Ellis.
- bpo-13557: Clarify effect of giving two different namespaces to exec or

execfile().
- bpo-14034: added the argparse tutorial.

- bpo-15250: Document that filecmp.dircmp compares files shallowly. Patch
contributed by Chris Jerdonek.
- bpo-15116: Remove references to appscript as it is no longer being

supported.

===============================================
Library
-------
- bpo-14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash

table internal to the pyexpat module's copy of the expat library to avoid
a denial of service due to hash collisions. Patch by David Malcolm with
some modifications by the expat project.

===============================================
Core and Builtins

-----------------
- bpo-13020: Fix a reference leak when allocating a structsequence object

fails. Patch by Suman Saha.
- bpo-13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED

environment variable, to provide an opt-in way to protect against denial
of service attacks due to hash collisions within the dict and set types.
Patch by David Malcolm, based on work by Victor Stinner.
- bpo-11235: Fix OverflowError when trying to import a source file whose

modification time doesn't fit in a 32-bit timestamp.
- bpo-11638: Unicode strings in 'name' and 'version' no longer cause

UnicodeDecodeErrors.
- Fix the fix for issue #12149: it was incorrect, although it had the side
effect of appearing to resolve the issue. Thanks to Mark Shannon for
noticing.
- bpo-13546: Fixed an overflow issue that could crash the intepreter when
calling sys.setrecursionlimit((1<<31)-1).
- bpo-13333: The UTF-7 decoder now accepts lone surrogates (the encoder
already accepts them).
- bpo-10519: Avoid unnecessary recursive function calls in setobject.c.
- bpo-13268: Fix the assert statement when a tuple is passed as the message.
- bpo-13018: Fix reference leaks in error paths in dictobject.c. Patch by

Suman Saha.
- bpo-12604: VTRACE macro expanded to no-op in _sre.c to avoid compiler

warnings. Patch by Josh Triplett and Petri Lehtinen.
- bpo-7833: Extension modules built using distutils on Windows will no

longer include a "manifest" to prevent them failing at import time in some
embedded situations.
- bpo-13186: Fix __delitem__ on old-style instances when invoked through

PySequence_DelItem.
- bpo-13156: Revert the patch for issue #10517 (reset TLS upon fork()),
which was only relevant for the native pthread TLS implementation.
- bpo-7732: Fix a crash on importing a module if a directory has the same

name than a Python module (e.g. "__init__.py"): don't close the file
twice.
- bpo-12973: Fix overflow checks that invoked undefined behaviour in

int.__pow__. These overflow checks were causing int.__pow__ to produce
incorrect results with recent versions of Clang, as a result of the
compiler optimizing the check away. Also fix similar overflow checks in
list_repeat (listobject.c) and islice_next (itertoolsmodule.c). These
bugs caused test failures with recent versions of Clang.
- bpo-12266: Fix str.capitalize() to correctly uppercase/lowercase

titlecased and cased non-letter characters.
- bpo-12610: Verify that user generated AST has correct string and
identifier types before compiling. (See also: bpo-12609)
- bpo-11627: Fix segfault when __new__ on an exception returns a non-

exception class.
- bpo-12149: Update the method cache after a type's dictionnary gets cleared
by the garbage collector. This fixes a segfault when an instance and its
type get caught in a reference cycle, and the instance's deallocator calls
one of the methods on the type (e.g. when subclassing IOBase). Diagnosis
and patch by Davide Rizzo.
- bpo-12501: Remove Py3k warning for callable. callable() is supported again

in Python 3.2.
- bpo-9611: FileIO.read(), FileIO.readinto(), FileIO.write() and os.write()

clamp the length to INT_MAX on Windows. (See also: bpo-9015)
- bpo-1195: my_fgets() now always clears errors before calling fgets(). Fix
the following case: sys.stdin.read() stopped with CTRL+d (end of file),
raw_input() interrupted by CTRL+c.
- bpo-10860: httplib now correctly handles an empty port after port

delimiter in URLs.
- dict_proxy objects now display their contents rather than just the class
name.
Library
-------
- bpo-8033: sqlite3: Fix 64-bit integer handling in user functions on 32-bit
architectures. Initial patch by Philippe Devalkeneer.
- HTMLParser is now able to handle slashes in the start tag.
- bpo-14001: CVE-2012-0845: xmlrpc: Fix an endless loop in

SimpleXMLRPCServer upon malformed POST request.
- bpo-2489: pty.spawn could consume 100% cpu when it encountered an EOF.
- bpo-13014: Fix a possible reference leak in SSLSocket.getpeercert().
- bpo-13987: HTMLParser is now able to handle EOFs in the middle of a

construct and malformed start tags.
- bpo-13015: Fix a possible reference leak in defaultdict.__repr__. Patch by

Suman Saha.
- bpo-13979: A bug in ctypes.util.find_library that caused the wrong library

name to be returned has been fixed.
- bpo-1326113: distutils' build_ext command --libraries option now correctly

parses multiple values separated by whitespace or commas.
- bpo-13993: HTMLParser is now able to handle broken end tags.
- bpo-13960: HTMLParser is now able to handle broken comments.
- bpo-9750: Fix sqlite3.Connection.iterdump on tables and fields with a name

that is a keyword or contains quotes. Patch by Marko Kohtala.
- bpo-13994: Earlier partial revert of Distutils enhancements in 2.7 has

left two versions of customize_compiler, the original in
distutils.sysconfig and another copy in distutils.ccompiler, with some
parts of distutils calling one and others using the other. Complete the
revert back to only having one in distutils.sysconfig as is the case in
3.x.
- bpo-13590: On OS X 10.7 and 10.6 with Xcode 4.2, building Distutils-based

packages with C extension modules may fail because Apple has removed
gcc-4.2, the version used to build python.org 64-bit/32-bit Pythons. If
the user does not explicitly override the default C compiler by setting
the CC environment variable, Distutils will now attempt to compile
extension modules with clang if gcc-4.2 is required but not found. Also as
a convenience, if the user does explicitly set CC, substitute its value as
the default compiler in the Distutils LDSHARED configuration variable for
OS X. (Note, the python.org 32-bit-only Pythons use gcc-4.0 and the 10.4u
SDK, neither of which are available in Xcode 4. This change does not
attempt to override settings to support their use with Xcode 4.)
- bpo-9021: Add an introduction to the copy module documentation.
- bpo-6005: Examples in the socket library documentation use sendall, where

relevant, instead send method.
- bpo-10811: Fix recursive usage of cursors. Instead of crashing, raise a

ProgrammingError now.
- bpo-13676: Handle strings with embedded zeros correctly in sqlite3.
- bpo-13806: The size check in audioop decompression functions was too

strict and could reject valid compressed data. Patch by Oleg Plakhotnyuk.
- bpo-13885: CVE-2011-3389: the _ssl module would always disable the CBC IV
attack countermeasure.
- bpo-6631: Disallow relative file paths in urllib urlopen methods.
- bpo-13781: Prevent gzip.GzipFile from using the dummy filename provided by

file objects opened with os.fdopen().
- bpo-13589: Fix some serialization primitives in the aifc module. Patch by

Oleg Plakhotnyuk.
- bpo-13803: Under Solaris, distutils doesn't include bitness in the

directory name.
- bpo-13642: Unquote before b64encoding user:password during Basic

Authentication. Patch contributed by Joonas Kuorilehto and Michele Orrù.
- bpo-13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for).
- bpo-12798: Updated the mimetypes documentation.
- bpo-13639: Accept unicode filenames in tarfile.open(mode="w|gz").
- bpo-1785: Fix inspect and pydoc with misbehaving descriptors.
- bpo-7502: Fix equality comparison for DocTestCase instances. Patch by

Cédric Krier.
- bpo-11870: threading: Properly reinitialize threads internal locks and

condition variables to avoid deadlocks in child processes.
- bpo-8035: urllib: Fix a bug where the client could remain stuck after a
redirection or an error.
- tarfile.py: Correctly detect bzip2 compressed streams with blocksizes

other than 900k.
- bpo-13573: The csv.writer now uses the repr() for floats rather than
str(). This allows floats to round-trip without loss of precision.
- bpo-13439: Fix many errors in turtle docstrings.
- bpo-12856: Ensure child processes do not inherit the parent's random seed
for filename generation in the tempfile module. Patch by Brian Harring.
- bpo-13458: Fix a memory leak in the ssl module when decoding a certificate
with a subjectAltName. Patch by Robert Xiao.
- bpo-13415: os.unsetenv() doesn't ignore errors anymore.
- bpo-13322: Fix BufferedWriter.write() to ensure that BlockingIOError is

raised when the wrapped raw file is non-blocking and the write would
block. Previous code assumed that the raw write() would raise
BlockingIOError, but RawIOBase.write() is defined to returned None when
the call would block. Patch by sbt.
- bpo-13358: HTMLParser now calls handle_data only once for each CDATA.
- bpo-4147: minidom's toprettyxml no longer adds whitespace around a text

node when it is the only child of an element. Initial patch by Dan
Kenigsberg.
- bpo-1745761: HTMLParser now correctly handles non-valid attributes,

including adjacent and unquoted attributes. (See also: bpo-755670,
bpo-13357, bpo-12629, bpo-1200313)
- bpo-13373: multiprocessing.Queue.get() could sometimes block indefinitely

when called with a timeout. Patch by Arnaud Ysmal.
- bpo-3067: Enhance the documentation and docstring of locale.setlocale().
- bpo-13254: Fix Maildir initialization so that maildir contents are read

correctly.
- bpo-13140: Fix the daemon_threads attribute of ThreadingMixIn.
- bpo-2892: preserve iterparse events in case of SyntaxError.
- bpo-670664: Fix HTMLParser to correctly handle the content of

``<script>...</script>`` and ``<style>...</style>``.
- bpo-10817: Fix urlretrieve function to raise ContentTooShortError even

when reporthook is None. Patch by Jyrki Pulliainen.
- bpo-7334: close source files on ElementTree.parse and iterparse.
- bpo-13232: logging: Improved logging of exceptions in the presence of

multiple encodings.
- bpo-10332: multiprocessing: fix a race condition when a Pool is closed

before all tasks have completed.
- bpo-1548891: The cStringIO.StringIO() constructor now encodes unicode

arguments with the system default encoding just like the write() method
does, instead of converting it to a raw buffer. This also fixes handling
of unicode input in the shlex module (#6988, #1170).
- bpo-9168: now smtpd is able to bind privileged port.
- bpo-12529: fix cgi.parse_header issue on strings with double-quotes and

semicolons together. Patch by Ben Darnell and Petri Lehtinen.
- bpo-6090: zipfile raises a ValueError when a document with a timestamp

earlier than 1980 is provided. Patch contributed by Petri Lehtinen.
- bpo-13194: zlib.compressobj().copy() and zlib.decompressobj().copy() are

now available on Windows.
- bpo-13114: Fix the distutils commands check and register when the long
description is a Unicode string with non-ASCII characters.
- bpo-7367: Fix pkgutil.walk_paths to skip directories whose contents cannot

be read.
- bpo-7425: Prevent pydoc -k failures due to module import errors. (Backport

to 2.7 of existing 3.x fix)
- bpo-13099: Fix sqlite3.Cursor.lastrowid under a Turkish locale. Reported

and diagnosed by Thomas Kluyver.
- bpo-7689: Allow pickling of dynamically created classes when their

metaclass is registered with copy_reg. Patch by Nicolas M. Thiéry and
Craig Citro.
- bpo-13058: ossaudiodev: fix a file descriptor leak on error. Patch by

Thomas Jarosch.
- bpo-12931: xmlrpclib now encodes Unicode URI to ISO-8859-1, instead of

failing with a UnicodeDecodeError.
- bpo-8933: distutils' PKG-INFO files will now correctly report Metadata-

Version: 1.1 instead of 1.0 if a Classifier or Download-URL field is
present.
- bpo-8286: The distutils command sdist will print a warning message instead
of crashing when an invalid path is given in the manifest template.
- bpo-12841: tarfile unnecessarily checked the existence of numerical user

and group ids on extraction. If one of them did not exist the respective
id of the current user (i.e. root) was used for the file and ownership
information was lost.
- bpo-10946: The distutils commands bdist_dumb, bdist_wininst and bdist_msi

now respect a --skip-build option given to bdist.
- bpo-12287: Fix a stack corruption in ossaudiodev module when the FD is

greater than FD_SETSIZE.
- bpo-12839: Fix crash in zlib module due to version mismatch. Fix by

Richard M. Tew.
- bpo-12786: Set communication pipes used by subprocess.Popen CLOEXEC to

avoid them being inherited by other subprocesses.
- bpo-4106: Fix occasional exceptions printed out by multiprocessing on

interpreter shutdown.
- bpo-11657: Fix sending file descriptors over 255 over a multiprocessing

Pipe.
- bpo-12213: Fix a buffering bug with interleaved reads and writes that
could appear on io.BufferedRandom streams.
- bpo-12326: sys.platform is now always 'linux2' on Linux, even if Python is

compiled on Linux 3.
- bpo-13007: whichdb should recognize gdbm 1.9 magic numbers.
- bpo-9173: Let shutil._make_archive work if the logger argument is None.
- bpo-12650: Fix a race condition where a subprocess.Popen could leak

resources (FD/zombie) when killed at the wrong time.
- bpo-12752: Fix regression which prevented locale.normalize() from

accepting unicode strings.
- bpo-12683: urlparse updated to include svn as schemes that uses relative

paths. (svn from 1.5 onwards support relative path).
- bpo-11933: Fix incorrect mtime comparison in distutils.
- bpo-11104: Fix the behavior of distutils' sdist command with manually-

maintained MANIFEST files. (See also: bpo-8688)
- bpo-8887: "pydoc somebuiltin.somemethod" (or

help('somebuiltin.somemethod') in Python code) now finds the doc of the
method.
- bpo-12603: Fix pydoc.synopsis() on files with non-negative st_mtime.
- bpo-12514: Use try/finally to assure the timeit module restores garbage

collections when it is done.
- bpo-12607: In subprocess, fix issue where if stdin, stdout or stderr is

given as a low fd, it gets overwritten.
- bpo-12102: Document that buffered files must be flushed before being used
with mmap. Patch by Steffen Daode Nurpmeso.
- bpo-12560: Build libpython.so on OpenBSD. Patch by Stefan Sperling.
- bpo-1813: Fix codec lookup and setting/getting locales under Turkish

locales.
- bpo-10883: Fix socket leaks in urllib when using FTP.
- bpo-12592: Make Python build on OpenBSD 5 (and future major releases).
- bpo-12372: POSIX semaphores are broken on AIX: don't use them.
- bpo-12571: Add a plat-linux3 directory mirroring the plat-linux2

directory, so that "import DLFCN" and other similar imports work on Linux
3.0.
- bpo-7484: smtplib no longer puts <> around addresses in VRFY and EXPN
commands; they aren't required and in fact postfix doesn't support that
form.
- bpo-11603: Fix a crash when __str__ is rebound as __repr__. Patch by

Andreas Stührk.
- bpo-12502: asyncore: fix polling loop with AF_UNIX sockets.
- bpo-4376: ctypes now supports nested structures in an endian different

than the parent structure. Patch by Vlad Riscutia.
- bpo-12493: subprocess: Popen.communicate() now also handles EINTR errors

if the process has only one pipe.
- bpo-12467: warnings: fix a race condition if a warning is emitted at

shutdown, if globals()['__file__'] is None.
- bpo-12352: Fix a deadlock in multiprocessing.Heap when a block is freed by

the garbage collector while the Heap lock is held.
- bpo-9516: On Mac OS X, change Distutils to no longer globally attempt to

check or set the MACOSX_DEPLOYMENT_TARGET environment variable for the
interpreter process. This could cause failures in non-Distutils
subprocesses and was unreliable since tests or user programs could modify
the interpreter environment after Distutils set it. Instead, have
Distutils set the deployment target only in the environment of each build
subprocess. It is still possible to globally override the default by
setting MACOSX_DEPLOYMENT_TARGET before launching the interpreter; its
value must be greater or equal to the default value, the value with which
the interpreter was built.
- bpo-11802: The cache in filecmp now has a maximum size of 100 so that it
won't grow without bound.
- bpo-12404: Remove C89 incompatible code from mmap module. Patch by Akira
Kitada.
- bpo-11700: mailbox proxy object close methods can now be called multiple
times without error, and _ProxyFile now closes the wrapped file.
- bpo-12133: AbstractHTTPHandler.do_open() of urllib.request closes the HTTP

connection if its getresponse() method fails with a socket error. Patch
written by Ezio Melotti.
- bpo-9284: Allow inspect.findsource() to find the source of doctest

functions.
- bpo-10694: zipfile now ignores garbage at the end of a zipfile.
- bpo-11583: Speed up os.path.isdir on Windows by using GetFileAttributes

instead of os.stat.
- bpo-12080: Fix a performance issue in Decimal._power_exact that caused

some corner-case Decimal.__pow__ calls to take an unreasonably long time.
- Named tuples now work correctly with vars().
- sys.setcheckinterval() now updates the current ticker count as well as

updating the check interval, so if the user decreases the check interval,
the ticker doesn't have to wind down to zero from the old starting point
before the new interval takes effect. And if the user increases the
interval, it makes sure the new limit takes effect right away rather have
an early task switch before recognizing the new interval.
- bpo-12085: Fix an attribute error in subprocess.Popen destructor if the

constructor has failed, e.g. because of an undeclared keyword argument.
Patch written by Oleg Oshmyan.
- bpo-9041: An issue in ctypes.c_longdouble, ctypes.c_double, and

ctypes.c_float that caused an incorrect exception to be returned in the
case of overflow has been fixed.
- bsddb module: Erratic behaviour of "DBEnv->rep_elect()" because a typo.

Possible crash.
- bpo-13774: json: Fix a SystemError when a bogus encoding is passed to
json.loads().
- bpo-9975: socket: Fix incorrect use of flowinfo and scope_id. Patch by

Vilmos Nebehaj.
- bpo-13159: FileIO, BZ2File, and the built-in file class now use a linear-
time buffer growth strategy instead of a quadratic one.
- bpo-13070: Fix a crash when a TextIOWrapper caught in a reference cycle

would be finalized after the reference to its underlying BufferedRWPair's
writer got cleared by the GC.
- bpo-12881: ctypes: Fix segfault with large structure field names.
- bpo-13013: ctypes: Fix a reference leak in PyCArrayType_from_ctype. Thanks

to Suman Saha for finding the bug and providing a patch.
- bpo-13022: Fix: _multiprocessing.recvfd() doesn't check that file

descriptor was actually received.
- bpo-12483: ctypes: Fix a crash when the destruction of a callback object

triggers the garbage collector.
- bpo-12950: Fix passing file descriptors in multiprocessing, under

OpenIndiana/Illumos.
- bpo-12764: Fix a crash in ctypes when the name of a Structure field is not
a string.
- bpo-9651: Fix a crash when ctypes.create_string_buffer(0) was passed to

some functions like file.write().
- bpo-10309: Define _GNU_SOURCE so that mremap() gets the proper signature.

Without this, architectures where sizeof void* != sizeof int are broken.
Patch given by Hallvard B Furuseth.
IDLE
----
- bpo-964437: Make IDLE help window non-modal. Patch by Guilherme Polo and
Roger Serwy.
- bpo-13933: IDLE auto-complete did not work with some imported module, like
hashlib. (Patch by Roger Serwy)
- bpo-13506: Add '' to path for IDLE Shell when started and restarted with
Restart Shell. Original patches by Marco Scataglini and Roger Serwy.
- bpo-4625: If IDLE cannot write to its recent file or breakpoint files,

display a message popup and continue rather than crash. (original patch by
Roger Serwy)
- bpo-8793: Prevent IDLE crash when given strings with invalid hex escape
sequences.
- bpo-13296: Fix IDLE to clear compile __future__ flags on shell restart.

(Patch by Roger Serwy)
- bpo-14409: IDLE now properly executes commands in the Shell window when it
cannot read the normal config files on startup and has to use the built-in
default key bindings. There was previously a bug in one of the defaults.
- bpo-3573: IDLE hangs when passing invalid command line args

(directory(ies) instead of file(s)).
Build
-----
- bpo-6807: Run msisupport.mak earlier.
- bpo-10580: Minor grammar change in Windows installer.
- bpo-12627: Implement PEP 394 for Python 2.7 ("python2").
- bpo-8746: Correct faulty configure checks so that os.chflags() and

os.lchflags() are once again built on systems that support these functions
(*BSD and OS X). Also add new stat file flags for OS X (UF_HIDDEN and
UF_COMPRESSED).
Tools/Demos
-----------
- bpo-14053: patchcheck.py ("make patchcheck") now works with MQ patches.

Patch by Francisco Martín Brugué.
- bpo-13930: 2to3 is now able to write its converted output files to another
directory tree as well as copying unchanged files and altering the file
suffix. See its new -o, -W and --add-suffix options. This makes it more
useful in many automated code translation workflows.
- bpo-10639: reindent.py no longer converts newlines and will raise an error

if attempting to convert a file with mixed newlines.
- bpo-13628: python-gdb.py is now able to retrieve more frames in the Python

traceback if Python is optimized.
Tests
-----
- bpo-15467: Move helpers for __sizeof__ tests into test_support. Patch by

Serhiy Storchaka.
- bpo-11689: Fix a variable scoping error in an sqlite3 test. Initial patch

by Torsten Landschoff.
- bpo-10881: Fix test_site failures with OS X framework builds.
- bpo-13901: Prevent test_distutils failures on OS X with --enable-shared.
- bpo-13304: Skip test case if user site-packages disabled (-s or

PYTHONNOUSERSITE). (Patch by Carl Meyer)
- bpo-13218: Fix test_ssl failures on Debian/Ubuntu.
- bpo-12821: Fix test_fcntl failures on OpenBSD 5.

- bpo-12331: The test suite for lib2to3 can now run from an installed
Python.
- bpo-12549: Correct test_platform to not fail when OS X returns 'x86_64' as

the processor type on some Mac systems.
- Skip network tests when getaddrinfo() returns EAI_AGAIN, meaning a

temporary failure in name resolution.
- bpo-11812: Solve transient socket failure to connect to 'localhost' in

test_telnetlib.py.
- Solved a potential deadlock in test_telnetlib.py. Related to issue #11812.
- Avoid failing in test_robotparser when mueblesmoraleda.com is flaky and an

overzealous DNS service (e.g. OpenDNS) redirects to a placeholder Web
site.
- Avoid failing in test_urllibnet.test_bad_address when some overzealous DNS

service (e.g. OpenDNS) resolves a non-existent domain name. The test is
now skipped instead.
- bpo-8716: Avoid crashes caused by Aqua Tk on OSX when attempting to run

test_tk or test_ttk_guionly under a username that is not currently logged
in to the console windowserver (as may be the case under buildbot or ssh).
- bpo-12141: Install a copy of template C module file so that test_build_ext

of test_distutils is no longer silently skipped when run outside of a
build directory.
- bpo-8746: Add additional tests for os.chflags() and os.lchflags(). Patch

by Garrett Cooper.
- bpo-10736: Fix test_ttk test_widgets failures with Cocoa Tk 8.5.9 on Mac

OS X. (Patch by Ronald Oussoren)
- bpo-12057: Add tests for ISO 2022 codecs (iso2022_jp, iso2022_jp_2,

iso2022_kr).
Documentation
-------------
- bpo-13491: Fix many errors in sqlite3 documentation. Initial patch for

#13491 by Johannes Vogel. (See also: bpo-13995)
- bpo-13402: Document absoluteness of sys.executable.
- bpo-13883: PYTHONCASEOK also works on OS X, OS/2, and RiscOS.
- bpo-2134: The tokenize documentation has been clarified to explain why all
operator and delimiter tokens are treated as token.OP tokens.
- bpo-13513: Fix io.IOBase documentation to correctly link to the

io.IOBase.readline method instead of the readline module.
- bpo-13237: Reorganise subprocess documentation to emphasise convenience

functions and the most commonly needed arguments to Popen.
- bpo-13141: Demonstrate recommended style for SocketServer examples.

=================================
Library
-------
- bpo-12009: Fixed regression in netrc file comment handling.
- bpo-1221: Make pyexpat.__version__ equal to the Python version.

===============================================
Core and Builtins

-----------------
- bpo-9670: Increase the default stack size for secondary threads on Mac OS
X and FreeBSD to reduce the chances of a crash instead of a "maximum
recursion depth" RuntimeError exception. (patch by Ronald Oussoren)
- Correct lookup of __dir__ on objects. This allows old-style classes to

have __dir__. It also causes errors besides AttributeError found on lookup
to be propagated.
- bpo-1195: Fix input() if it is interrupted by CTRL+d and then CTRL+c,

clear the end- of-file indicator after CTRL+d.
- bpo-8651: PyArg_Parse*() functions raise an OverflowError if the file

doesn't have PY_SSIZE_T_CLEAN define and the size doesn't fit in an int
(length bigger than 2^31-1 bytes).
- bpo-8651: Fix "z#" format of PyArg_Parse*() function: the size was not
written if PY_SSIZE_T_CLEAN is defined.
- bpo-9756: When calling a method descriptor or a slot wrapper descriptor,

the check of the object type doesn't read the __class__ attribute anymore.
Fix a crash if a class override its __class__ attribute (e.g. a proxy of
the str type). Patch written by Andreas Stührk.
- bpo-10517: After fork(), reinitialize the TLS used by the PyGILState_*

APIs, to avoid a crash with the pthread implementation in RHEL 5. Patch
by Charles-François Natali.
- bpo-6780: fix starts/endswith error message to mention that tuples are

accepted too.
- bpo-5057: fix a bug in the peepholer that led to non-portable pyc files
between narrow and wide builds while optimizing BINARY_SUBSCR on non-BMP
chars (e.g. u"\U00012345"[0]).
- bpo-11650: PyOS_StdioReadline() retries fgets() if it was interrupted

(EINTR), for example if the program is stopped with CTRL+z on Mac OS X.
Patch written by Charles-Francois Natali.
- bpo-11144: Ensure that int(a_float) returns an int whenever possible.

Previously, there were some corner cases where a long was returned even
though the result was within the range of an int.
- bpo-11450: Don't truncate hg version info in Py_GetBuildInfo() when there

are many tags (e.g. when using mq). Patch by Nadeem Vawda.
- bpo-10451: memoryview objects could allow mutating a readable buffer.

Initial patch by Ross Lagerwall.
- bpo-10892: Don't segfault when trying to delete __abstractmethods__ from a

class.
- bpo-8020: Avoid a crash where the small objects allocator would read non-
Python managed memory while it is being modified by another thread. Patch
by Matt Bandy.
- bpo-11004: Repaired edge case in deque.count().
- bpo-8278: On Windows and with a NTFS filesystem, os.stat() and os.utime()

can now handle dates after 2038.
- bpo-4236: Py_InitModule4 now checks the import machinery directly rather

than the Py_IsInitialized flag, avoiding a Fatal Python error in certain
circumstances when an import is done in __del__.
- bpo-11828: startswith and endswith don't accept None as slice index. Patch
by Torsten Becker.
- bpo-10674: Remove unused 'dictmaker' rule from grammar.
- bpo-10596: Fix float.__mod__ to have the same behaviour as

float.__divmod__ with respect to signed zeros. -4.0 % 4.0 should be 0.0,
not -0.0.
- bpo-11386: bytearray.pop() now throws IndexError when the bytearray is

empty, instead of OverflowError.
Library
-------
- bpo-12161: Cause StringIO.getvalue() to raise a ValueError when used on a

closed StringIO instance.
- bpo-12182: Fix pydoc.HTMLDoc.multicolumn() if Python uses the new (true)

division (python -Qnew). Patch written by Ralf W. Grosse-Kunstleve.
- bpo-12175: RawIOBase.readall() now returns None if read() returns None.
- bpo-12175: FileIO.readall() now raises a ValueError instead of an IOError

if the file is closed.
- bpo-1441530: In imaplib, use makefile() to wrap the SSL socket to avoid

heap fragmentation and MemoryError with some malloc implementations.
- bpo-12100: Don't reset incremental encoders of CJK codecs at each call to

their encode() method anymore, but continue to call the reset() method if
the final argument is True.
- bpo-12124: zipimport doesn't keep a reference to zlib.decompress() anymore

to be able to unload the module.
- bpo-10154: change the normalization of UTF-8 to "UTF-8" instead of "UTF8"

in the locale module as the latter is not supported MacOSX and OpenBSD.
- bpo-9516: avoid errors in sysconfig when MACOSX_DEPLOYMENT_TARGET is set

in shell.
- bpo-12050: zlib.decompressobj().decompress() now clears the

unconsumed_tail attribute when called without a max_length argument.
- bpo-12062: In the ìo` module, fix a flushing bug when doing a certain
type of I/O sequence on a file opened in read+write mode (namely: reading,
seeking a bit forward, writing, then seeking before the previous write but
still within buffered data, and writing again).
- bpo-8498: In socket.accept(), allow specifying 0 as a backlog value in

order to accept exactly one connection. Patch by Daniel Evers.
- bpo-12012: ssl.PROTOCOL_SSLv2 becomes optional.
- bpo-11927: SMTP_SSL now uses port 465 by default as documented. Patch by

Kasun Herath.
- bpo-11999: fixed sporadic sync failure mailbox.Maildir due to its trying

to detect mtime changes by comparing to the system clock instead of to the
previous value of the mtime.
- bpo-10684: shutil.move used to delete a folder on case insensitive

filesystems when the source and destination name where the same except for
the case.
- bpo-11982: fix json.loads('""') to return u'' rather than ''.
- bpo-11277: mmap.mmap() calls fcntl(fd, F_FULLFSYNC) on Mac OS X to get

around a mmap bug with sparse files. Patch written by Steffen Daode
Nurpmeso.
- bpo-10761: Fix tarfile.extractall failure when symlinked files are

present. Initial patch by Scott Leerssen.
- bpo-11763: don't use difflib in TestCase.assertMultiLineEqual if the

strings are too long.
- bpo-11236: getpass.getpass responds to ctrl-c or ctrl-z on terminal.
- bpo-11768: The signal handler of the signal module only calls

Py_AddPendingCall() for the first signal to fix a deadlock on reentrant or
parallel calls. PyErr_SetInterrupt() writes also into the wake up file.
- bpo-11875: collections.OrderedDict's __reduce__ was temporarily mutating

the object instead of just working on a copy.
- bpo-11442: Add a charset parameter to the Content-type in SimpleHTTPServer

to avoid XSS attacks.
- bpo-11467: Fix urlparse behavior when handling urls which contains scheme
specific part only digits. Patch by Santoso Wijaya.
- collections.Counter().copy() now works correctly for subclasses.
- bpo-11474: Fix the bug with url2pathname() handling of '/C|/' on Windows.

Patch by Santoso Wijaya.
- bpo-9233: Fix json.loads('{}') to return a dict (instead of a list), when

_json is not available.
- bpo-11703: urllib2.geturl() does not return correct url when the original
url contains #fragment.
- bpo-10019: Fixed regression in json module where an indent of 0 stopped

adding newlines and acted instead like 'None'.
- bpo-5162: Treat services like frozen executables to allow child spawning

from multiprocessing.forking on Windows.
- bpo-4877: Fix a segfault in xml.parsers.expat while attempting to parse a

closed file.
- bpo-11830: Remove unnecessary introspection code in the decimal module. It

was causing a failed import in the Turkish locale where the locale
sensitive str.upper() method caused a name mismatch.
- bpo-8428: Fix a race condition in multiprocessing.Pool when terminating

worker processes: new processes would be spawned while the pool is being
shut down. Patch by Charles-François Natali.
- bpo-7311: Fix HTMLParser to accept non-ASCII attribute values.
- bpo-10963: Ensure that subprocess.communicate() never raises EPIPE.
- bpo-11662: Make urllib and urllib2 ignore redirections if the scheme is

not HTTP, HTTPS or FTP (CVE-2011-1521).
- bpo-11256: Fix inspect.getcallargs on functions that take only keyword

arguments.
- bpo-11696: Fix ID generation in msilib.
- bpo-9696: Fix exception incorrectly raised by xdrlib.Packer.pack_int when

trying to pack a negative (in-range) integer.
- bpo-11675: multiprocessing.[Raw]Array objects created from an integer size

are now zeroed on creation. This matches the behaviour specified by the
documentation.
- bpo-7639: Fix short file name generation in bdist_msi.
- bpo-11666: let help() display named tuple attributes and methods that
start with a leading underscore.
- bpo-11673: Fix multiprocessing Array and RawArray constructors to accept a

size of type 'long', rather than only accepting 'int'.
- bpo-10042: Fixed the total_ordering decorator to handle cross-type
comparisons that could lead to infinite recursion.
- bpo-10979: unittest stdout buffering now works with class and module setup
and teardown.
- bpo-11569: use absolute path to the sysctl command in multiprocessing to

ensure that it will be found regardless of the shell PATH. This ensures
that multiprocessing.cpu_count works on default installs of MacOSX.
- bpo-11500: Fixed a bug in the os x proxy bypass code for fully qualified
IP addresses in the proxy exception list.
- bpo-11131: Fix sign of zero in plus and minus operations when the context
rounding mode is ROUND_FLOOR.
- bpo-5622: Fix curses.wrapper to raise correct exception if curses

initialization fails.
- bpo-11391: Writing to a mmap object created with

``mmap.PROT_READ|mmap.PROT_EXEC`` would segfault instead of raising a
TypeError. Patch by Charles-François Natali.
- bpo-11306: mailbox in certain cases adapts to an inability to open certain

files in read-write mode. Previously it detected this by checking for
EACCES, now it also checks for EROFS.
- bpo-11265: asyncore now correctly handles EPIPE, EBADF and EAGAIN errors
on accept(), send() and recv().
- bpo-11326: Add the missing connect_ex() implementation for SSL sockets,

and make it work for non-blocking connects.
- bpo-10956: Buffered I/O classes retry reading or writing after a signal

has arrived and the handler returned successfully.
- bpo-10680: Fix mutually exclusive arguments for argument groups in

argparse.
- bpo-4681: Allow mmap() to work on file sizes and offsets larger than 4GB,
even on 32-bit builds. Initial patch by Ross Lagerwall, adapted for
32-bit Windows.
- bpo-10360: In WeakSet, do not raise TypeErrors when testing for membership

of non- weakrefable objects.
- bpo-10549: Fix pydoc traceback when text-documenting certain classes.
- bpo-940286: pydoc.Helper.help() ignores input/output init parameters.
- bpo-11171: Fix detection of config/Makefile when --prefix != --exec-

prefix, which caused Python to not start.
- bpo-11116: any error during addition of a message to a mailbox now causes

a rollback, instead of leaving the mailbox partially modified.
- bpo-8275: Fix passing of callback arguments with ctypes under Win64. Patch
by Stan Mihai.
- bpo-10949: Improved robustness of rotating file handlers.
- bpo-10955: Fix a potential crash when trying to mmap() a file past its
length. Initial patch by Ross Lagerwall.
- bpo-10898: Allow compiling the posix module when the C library defines a
symbol named FSTAT.
- bpo-10916: mmap should not segfault when a file is mapped using 0 as

length and a non- zero offset, and an attempt to read past the end of file
is made (IndexError is raised instead). Patch by Ross Lagerwall.
- bpo-10875: Update Regular Expression HOWTO; patch by 'SilentGhost'.
- bpo-10827: Changed the rules for 2-digit years. The time.asctime function
will now format any year when ``time.accept2dyear`` is false and will
accept years >= 1000 otherwise. The year range accepted by
``time.mktime`` and ``time.strftime`` is still system dependent, but
``time.mktime`` will now accept full range supported by the OS.
Conversion of 2-digit years to 4-digit is deprecated.
- bpo-10869: Fixed bug where ast.increment_lineno modified the root node

twice.
- bpo-7858: Raise an error properly when os.utime() fails under Windows on

an existing file.
- bpo-3839: wsgiref should not override a Content-Length header set by the

application. Initial patch by Clovis Fabricio.
- bpo-10806: Fix subprocess pipes when some of the standard file descriptors
(0, 1, 2) are closed in the parent process. Initial patch by Ross
Lagerwall. (See also: bpo-9905)
- bpo-4662: os.tempnam(), os.tmpfile() and os.tmpnam() now raise a py3k

DeprecationWarning.
- Subclasses of collections.OrderedDict now work correctly with __missing__.
- bpo-10753: Characters ';', '=' and ',' in the PATH_INFO environment

variable won't be quoted when the URI is constructed by the wsgiref.util
's request_uri method. According to RFC 3986, these characters can be a
part of params in PATH component of URI and need not be quoted.
- bpo-10738: Fix webbrowser.Opera.raise_opts
- bpo-9824: SimpleCookie now encodes , and ; in values to cater to how

browsers actually parse cookies.
- bpo-1379416: eliminated a source of accidental unicode promotion in

email.header.Header.encode.
- bpo-5258: if site.py encounters a .pth file that generates an error, it

now prints the filename, line number, and traceback to stderr and skips
the rest of that individual file, instead of stopping processing entirely.
- bpo-10750: The ``raw`` attribute of buffered IO objects is now read-only.

- bpo-10242: unittest.TestCase.assertItemsEqual makes too many assumptions
about input.
- bpo-10611: SystemExit should not cause a unittest test run to exit.
- bpo-6791: Limit header line length (to 65535 bytes) in http.client, to

avoid denial of services from the other party.
- bpo-9907: Fix tab handling on OSX when using editline by calling

rl_initialize first, then setting our custom defaults, then reading
.editrc.
- bpo-4188: Avoid creating dummy thread objects when logging operations from
the threading module (with the internal verbose flag activated).
- bpo-9721: Fix the behavior of urljoin when the relative url starts with a
';' character. Patch by Wes Chow.
- bpo-10714: Limit length of incoming request in http.server to 65536 bytes

for security reasons. Initial patch by Ross Lagerwall.
- bpo-9558: Fix distutils.command.build_ext with VS 8.0.
- bpo-10695: passing the port as a string value to telnetlib no longer

causes debug mode to fail.
- bpo-10478: Reentrant calls inside buffered IO objects (for example by way

of a signal handler) now raise a RuntimeError instead of freezing the
current process.
- bpo-10497: Fix incorrect use of gettext in argparse.
- bpo-10464: netrc now correctly handles lines with embedded '#' characters.
- bpo-1731717: Fixed the problem where subprocess.wait() could cause an

OSError exception when The OS had been told to ignore SIGCLD in our
process or otherwise not wait for exiting child processes.
- bpo-9509: argparse now properly handles IOErrors raised by

argparse.FileType.
- bpo-9348: Raise an early error if argparse nargs and metavar don't match.
- bpo-8982: Improve the documentation for the argparse Namespace object.
- bpo-9343: Document that argparse parent parsers must be configured before

their children.
- bpo-9026: Fix order of argparse sub-commands in help messages.
- bpo-9347: Fix formatting for tuples in argparse type= error messages.
- Stop using the old interface for providing methods and attributes in the
_sre module. Among other things, this gives these classes ``__class__``
attributes. (See #12099)
- bpo-10169: Fix argument parsing in socket.sendto() to avoid error masking.
- bpo-12051: Fix segfault in json.dumps() while encoding highly-nested

objects using the C accelerations.
- bpo-12017: Fix segfault in json.loads() while decoding highly-nested

objects using the C accelerations.
- bpo-1838: Prevent segfault in ctypes, when _as_parameter_ on a class is

set to an instance of the class.
- bpo-678250: Make mmap flush a noop on ACCESS_READ and ACCESS_COPY.
IDLE
----
- bpo-11718: IDLE's open module dialog couldn't find the __init__.py file in
a package.
- bpo-12590: IDLE editor window now always displays the first line when
opening a long file. With Tk 8.5, the first line was hidden.
- bpo-11088: don't crash when using F5 to run a script in IDLE on MacOSX

with Tk 8.5.
- bpo-10940: Workaround an IDLE hang on Mac OS X 10.6 when using the menu
accelerators for Open Module, Go to Line, and New Indent Width. The
accelerators still work but no longer appear in the menu items.
- bpo-10907: Warn OS X 10.6 IDLE users to use ActiveState Tcl/Tk 8.5, rather
than the currently problematic Apple-supplied one, when running with the
64-/32-bit installer variant.
- bpo-11052: Correct IDLE menu accelerators on Mac OS X for Save commands.
- bpo-6075: IDLE on Mac OS X now works with both Carbon AquaTk and Cocoa
AquaTk.
- bpo-10404: Use ctl-button-1 on OSX for the context menu in Idle.
- bpo-10107: Warn about unsaved files in IDLE on OSX.
- bpo-10406: Enable Rstrip IDLE extension on OSX (just like on other

platforms).
- bpo-6378: Further adjust idle.bat to start associated Python
- bpo-11896: Save on Close failed despite selecting "Yes" in dialog.
- bpo-4676: <Home> toggle failing on Tk 8.5, causing IDLE exits and strange
selection behavior. Improve selection extension behaviour.
- bpo-3851: <Home> toggle non-functional when NumLock set on Windows.
Build
-----
- bpo-11217: For 64-bit/32-bit Mac OS X universal framework builds, ensure

"make install" creates symlinks in --prefix bin for the "-32" files in the
framework bin directory like the installer does.
- bpo-11411: Fix 'make DESTDIR=' with a relative destination.

- bpo-10709: Add updated AIX notes in Misc/README.AIX.
- bpo-11184: Fix large-file support on AIX.
- bpo-941346: Fix broken shared library build on AIX.
- bpo-11268: Prevent Mac OS X Installer failure if Documentation package had

previously been installed.
- bpo-11079: The /Applications/Python x.x folder created by the Mac OS X

installers now includes a link to the installed documentation.
- bpo-11054: Allow Mac OS X installer builds to again work on 10.5 with the
system- provided Python.
- bpo-10843: Update third-party library versions used in OS X 32-bit

installer builds: bzip2 1.0.6, readline 6.1.2, SQLite 3.7.4 (with
FTS3/FTS4 and RTREE enabled), and ncursesw 5.5 (wide-char support
enabled).
- Don't run pgen twice when using make -j.
- bpo-7716: Under Solaris, don't assume existence of /usr/xpg4/bin/grep in

the configure script but use $GREP instead. Patch by Fabian Groffen.
- bpo-10475: Don't hardcode compilers for LDSHARED/LDCXXSHARED on NetBSD and

DragonFly BSD. Patch by Nicolas Joly.
- bpo-10655: Fix the build on PowerPC on Linux with GCC when building with
timestamp profiling (--with-tsc): the preprocessor test for the PowerPC
support now looks for "__powerpc__" as well as "__ppc__": the latter seems
to only be present on OS X; the former is the correct one for Linux with
GCC.
- bpo-1099: Fix the build on MacOSX when building a framework with pydebug
using GCC 4.0.
Tests
-----
- bpo-11164: Remove obsolete allnodes test from minidom test.
- bpo-12205: Fix test_subprocess failure due to uninstalled test data.
- bpo-5723: Improve json tests to be executed with and without

accelerations.
- bpo-11910: Fix test_heapq to skip the C tests when _heapq is missing.
- Fix test_startfile to wait for child process to terminate before

finishing.
- bpo-11719: Fix message about unexpected test_msilib skip on non-Windows

platforms. Patch by Nadeem Vawda.
- bpo-7108: Fix test_commands to not fail when special attributes ('@' or

'.') appear in 'ls -l' output.
- bpo-11490: test_subprocess:test_leaking_fds_on_error no longer gives a
false positive if the last directory in the path is inaccessible.
- bpo-10822: Fix test_posix:test_getgroups failure under Solaris. Patch by

Ross Lagerwall.
- bpo-6293: Have regrtest.py echo back sys.flags. This is done by default

in whole runs and enabled selectively using ``--header`` when running an
explicit list of tests. Original patch by Collin Winter.
- bpo-775964: test_grp now skips YP/NIS entries instead of failing when

encountering them.
- bpo-7110: regrtest now sends test failure reports and single-failure

tracebacks to stderr rather than stdout.

=================================
Library
-------
- bpo-2236: distutils' mkpath ignored the mode parameter.
- Fix typo in one sdist option (medata-check).
- bpo-10323: itertools.islice() now consumes the minimum number of inputs

before stopping. Formerly, the final state of the underlying iterator was
undefined.
- bpo-10565: The collections.Iterator ABC now checks for both ``__iter__``

and ``next``.
- bpo-10092: Properly reset locale in calendar.Locale*Calendar classes.
- bpo-10459: Update CJK character names to Unicode 5.2.
- bpo-6098: Don't claim DOM level 3 conformance in minidom.
- bpo-10561: In pdb, clear the breakpoints by the breakpoint number.
- bpo-5762: Fix AttributeError raised by ``xml.dom.minidom`` when an empty

XML namespace attribute is encountered.
- bpo-1710703: Write structures for an empty ZIP archive when a ZipFile is

created in modes 'a' or 'w' and then closed without adding any files.
Raise BadZipfile (rather than IOError) when opening small non-ZIP files.
- bpo-4493: urllib2 adds '/' in front of path components which does not
start with '/. Common behavior exhibited by browsers and other clients.
- bpo-10407: Fix one NameError in distutils.
- bpo-10198: fix duplicate header written to wave files when writeframes()

is called without data.
- bpo-10467: Fix BytesIO.readinto() after seeking into a position after the
end of the file.
- bpo-5111: IPv6 Host in the Header is wrapped inside [ ]. Patch by Chandru.
IDLE
----
- bpo-6378: idle.bat now runs with the appropriate Python version rather
than the system default. Patch by Sridhar Ratnakumar.
Build
-----
- Backport r83399 to allow test_distutils to pass on installed versions.
- bpo-1303434: Generate ZIP file containing all PDBs.
Tests
-----
- bpo-9424: Replace deprecated assert* methods in the Python test suite.
Documentation
-------------
- bpo-10299: List the built-in functions in a table in functions.rst.

===============================================
Core and Builtins

-----------------
- bpo-10221: dict.pop(k) now has a key error message that includes the
missing key (same message d[k] returns for missing keys).
- bpo-10125: Don't segfault when the iterator passed to

``file.writelines()`` closes the file.
- bpo-10186: Fix the SyntaxError caret when the offset is equal to the
length of the offending line.
- bpo-9997: Don't let the name "top" have special significance in scope
resolution.
- bpo-9862: Compensate for broken PIPE_BUF in AIX by hard coding its value
as the default 512 when compiling on AIX.
- bpo-9675: CObject use is marked as a Py3k warning, not a deprecation

warning.
- bpo-10068: Global objects which have reference cycles with their module's
dict are now cleared again. This causes issue #7140 to appear again.
- bpo-9869: Make long() and PyNumber_Long return something of type long for
a class whose __long__ method returns a plain int. This fixes an
interpreter crash when initializing an instance of a long subclass from an
object whose __long__ method returns a plain int.
- bpo-10006: type.__abstractmethods__ now raises an AttributeError.
- bpo-9797: pystate.c wrongly assumed that zero couldn't be a valid thread-

local storage key.
- bpo-4947: The write() method of sys.stdout and sys.stderr uses their

encoding and errors attributes instead of using utf-8 in strict mode, to
get the same behaviour than the print statement.
- bpo-9737: Fix a crash when trying to delete a slice or an item from a

memoryview object.
- Restore GIL in nis_cat in case of error.
- bpo-9688: __basicsize__ and __itemsize__ must be accessed as Py_ssize_t.
- bpo-8530: Prevent stringlib fastsearch from reading beyond the front of an

array.
- bpo-83755: Implicit set-to-frozenset conversion was not thread-safe.
- bpo-9416: Fix some issues with complex formatting where the output with no
type specifier failed to match the str output:
- format(complex(-0.0, 2.0), '-') omitted the real part from the output,
- format(complex(0.0, 2.0), '-') included a sign and parentheses.
- bpo-7616: Fix copying of overlapping memoryview slices with the Intel

compiler.
Library
-------
- bpo-9926: Wrapped TestSuite subclass does not get __call__ executed
- bpo-4471: Properly shutdown socket in IMAP.shutdown(). Patch by Lorenzo

M. Catucci.
- bpo-10126: Fix distutils' test_build when Python was built with --enable-
shared.
- Fix typo in one sdist option (medata-check).
- bpo-9199: Fix incorrect use of distutils.cmd.Command.announce.
- bpo-1718574: Fix options that were supposed to accept arguments but did
not in build_clib.
- bpo-9281: Prevent race condition with mkdir in distutils. Patch by

Arfrever.
- bpo-10229: Fix caching error in gettext.
- bpo-10252: Close file objects in a timely manner in distutils code and

tests. Patch by Brian Brazil, completed by Éric Araujo.
- bpo-10311: The signal module now restores errno before returning from its
low-level signal handler. Patch by Hallvard B Furuseth.
- bpo-10038: json.loads() on str should always return unicode (regression

from Python 2.6). Patch by Walter Dörwald.
- bpo-120176: Wrapped TestSuite subclass does not get __call__ executed.
- bpo-6706: asyncore accept() method no longer raises

EWOULDBLOCK/ECONNABORTED on incomplete connection attempt but returns None
instead.
- bpo-10266: uu.decode didn't close in_file explicitly when it was given as

a filename. Patch by Brian Brazil.
- bpo-10246: uu.encode didn't close file objects explicitly when filenames

were given to it. Patch by Brian Brazil.
- bpo-10253: FileIO leaks a file descriptor when trying to open a file for
append that isn't seekable. Patch by Brian Brazil.
- bpo-6105: json.dumps now respects OrderedDict's iteration order.
- bpo-9295: Fix a crash under Windows when calling close() on a file object
with custom buffering from two threads at once.
- bpo-5027: The standard ``xml`` namespace is now understood by

xml.sax.saxutils.XMLGenerator as being bound to
http://www.w3.org/XML/1998/namespace. Patch by Troy J. Farrell.
- bpo-10163: Skip unreadable registry keys during mimetypes initialization.
- bpo-5117: Fixed root directory related issue on posixpath.relpath() and

ntpath.relpath().
- bpo-9409: Fix the regex to match all kind of filenames, for interactive
debugging in doctests.
- bpo-6612: Fix site and sysconfig to catch os.getcwd() error, eg. if the
current directory was deleted. Patch written by W. Trevor King.
- bpo-10045: Improved performance when writing after seeking past the end of
the "file" in cStringIO.
- bpo-9948: Fixed problem of losing filename case information.
- bpo-9437: Fix building C extensions with non-default LDFLAGS.
- bpo-9759: GzipFile now raises ValueError when an operation is attempted

after the file is closed. Patch by Jeffrey Finkelstein.
- bpo-9042: Fix interaction of custom translation classes and caching in

gettext.
- bpo-9065: tarfile no longer uses "root" as the default for the uname and
gname field.
- bpo-1050268: parseaddr now correctly quotes double quote and backslash

characters that appear inside quoted strings in email addresses.
- bpo-10004: quoprimime no longer generates a traceback when confronted with

invalid characters after '=' in a Q-encoded word.
- bpo-9950: Fix socket.sendall() crash or misbehaviour when a signal is

received. Now sendall() properly calls signal handlers if necessary, and
retries sending if these returned successfully, including on sockets with
a timeout.
- bpo-9947: logging: Fixed locking bug in stopListening.
- bpo-9945: logging: Fixed locking bugs in addHandler/removeHandler.
- bpo-9936: Fixed executable lines' search in the trace module.
- bpo-9928: Properly initialize the types exported by the bz2 module.
- bpo-9854: The default read() implementation in io.RawIOBase now handles

non-blocking readinto() returning None correctly.
- bpo-9729: Fix the signature of SSLSocket.recvfrom() and SSLSocket.sendto()

to match the corresponding socket methods. Also, fix various SSLSocket
methods to raise socket.error rather than an unhelpful TypeError when
called on an unconnected socket. Original patch by Andrew Bennetts.
- bpo-9826: OrderedDict.__repr__ can now handle self-referential values:

d['x'] = d.
- bpo-767645: Set os.path.supports_unicode_filenames to True on Mac OS X.
- bpo-9837: The read() method of ZipExtFile objects (as returned by

ZipFile.open()) could return more bytes than requested.
- bpo-9825: removed __del__ from the definition of collections.OrderedDict.

This prevents user-created self-referencing ordered dictionaries from
becoming permanently uncollectable GC garbage. The downside is that
removing __del__ means that the internal doubly-linked list has to wait
for GC collection rather than freeing memory immediately when the refcnt
drops to zero.
- bpo-9816: random.Random.jumpahead(n) did not produce a sufficiently

different internal state for small values of n. Fixed by salting the
value.
- bpo-9792: In case of connection failure, socket.create_connection() would

swallow the exception and raise a new one, making it impossible to fetch
the original errno, or to filter timeout errors. Now the original error
is re-raised.
- bpo-9758: When fcntl.ioctl() was called with mutable_flag set to True, and
the passed buffer was exactly 1024 bytes long, the buffer wouldn't be
updated back after the system call. Original patch by Brian Brazil.
- bpo-1100562: Fix deep-copying of objects derived from the list and dict
types. Patch by Michele Orrù and Björn Lindqvist.
- bpo-7005: Fixed output of None values for RawConfigParser.write and

ConfigParser.write.
- bpo-808164: Fixed socket.close to avoid references to globals, to avoid
issues when socket.close is called from a __del__ method.
- bpo-2986: difflib.SequenceMatcher gets a new parameter, autojunk, which

can be set to False to turn off the previously undocumented 'popularity'
heuristic. Patch by Terry Reedy and Eli Bendersky
- bpo-8797: urllib2 does a retry for Basic Authentication failure instead of

falling into recursion.
- bpo-1194222: email.utils.parsedate now returns RFC2822 compliant four

character years even if the message contains RFC822 two character years.
- bpo-8750: Fixed MutableSet's methods to correctly handle reflexive

operations, namely x -= x and x ^= x.
- bpo-9129: smtpd.py is vulnerable to DoS attacks deriving from missing

error handling when accepting a new connection.
- bpo-658749: asyncore's connect() method now correctly interprets winsock

errors.
- bpo-9501: Fixed logging regressions in cleanup code.
- bpo-9214: Set operations on KeysView or ItemsView in the collections

module now correctly return a set. (Patch by Eli Bendersky.)
- bpo-9617: Signals received during a low-level write operation aren't

ignored by the buffered IO layer anymore.
- bpo-2521: Use weakrefs on for caching in the abc module, so that classes
are not held onto after they are deleted elsewhere.
- bpo-9626: the view methods for collections.OrderedDict() were returning

the unordered versions inherited from dict. Those methods are now
overridden to provide ordered views.
- bpo-8688: MANIFEST files created by distutils now include a magic comment

indicating they are generated. Manually maintained MANIFESTs without this
marker will not be overwritten or removed.
- bpo-7467: when reading a file from a ZIP archive, its CRC is checked and a
BadZipfile error is raised if it doesn't match (as used to be the case in
Python 2.5 and earlier).
- bpo-9550: a BufferedReader could issue an additional read when the

original read request had been satisfied, which could block indefinitely
when the underlying raw IO channel was e.g. a socket. Report and original
patch by Jason V. Miller.
- bpo-9551: Don't raise TypeError when setting the value to None for
SafeConfigParser instances constructed with allow_no_value == True.
- bpo-6915: Under Windows, os.listdir() didn't release the Global

Interpreter Lock around all system calls. Original patch by Ryan Kelly.
- bpo-3757: thread-local objects now support cyclic garbage collection.

Thread-local objects involved in reference cycles will be deallocated
timely by the cyclic GC, even if the underlying thread is still running.
- bpo-6231: Fix xml.etree.ElementInclude to include the tail of the current

node.
- bpo-6869: Fix a refcount problem in the _ctypes extension.
- bpo-5504: ctypes should now work with systems where mmap can't be
PROT_WRITE and PROT_EXEC.
- bpo-8280: urllib2's Request method will remove fragements in the url. This
is how it is supposed to work, wget and curl do the same. Previous
behavior was wrong.
- bpo-2944: asyncore doesn't handle connection refused correctly.
- bpo-3196: email header decoding is now forgiving if an RFC2047 encoded

word encoded in base64 is lacking padding.
- bpo-9444: Argparse now uses the first element of prefix_chars as the

option character for the added 'h/help' option if prefix_chars does not
contain a '-', instead of raising an error.
- bpo-9354: Provide getsockopt() in asyncore's file_wrapper.
- bpo-9428: Fix running scripts with the profile/cProfile modules from the
command line.
- bpo-7781: Fix restricting stats by entry counts in the pstats interactive

browser.
- bpo-9209: Do not crash in the pstats interactive browser on invalid

regular expressions.
- bpo-7372: Fix pstats regression when stripping paths from profile data
generated with the profile module.
- bpo-4108: In urllib.robotparser, if there are multiple 'User-agent: *'

entries, consider the first one.
- bpo-8397: Raise an error when attempting to mix iteration and regular

reads on a BZ2File object, rather than returning incorrect results.
- bpo-5294: Fix the behavior of pdb's "continue" command when called in the
top-level debugged frame.
- bpo-5727: Restore the ability to use readline when calling into pdb in
doctests.
- bpo-6719: In pdb, do not stop somewhere in the encodings machinery if the

source file to be debugged is in a non-builtin encoding.
- bpo-8048: Prevent doctests from failing when sys.displayhook has been

reassigned.
- bpo-8015: In pdb, do not crash when an empty line is entered as a

breakpoint command.
- bpo-9448: Fix a leak of OS resources (mutexes or semaphores) when re-

initializing a buffered IO object by calling its ``__init__`` method.
- bpo-7909: Do not touch paths with the special prefixes ``\\.\`` or

``\\?\`` in ntpath.normpath().
- bpo-5146: Handle UID THREAD command correctly in imaplib.
- bpo-5147: Fix the header generated for cookie files written by

http.cookiejar.MozillaCookieJar.
- bpo-8198: In pydoc, output all help text to the correct stream when
sys.stdout is reassigned.
- bpo-7395: Fix tracebacks in pstats interactive browser.
- bpo-8230: Fix Lib/test/sortperf.py.
- bpo-1713: Fix os.path.ismount(), which returned true for symbolic links

across devices.
- bpo-8826: Properly load old-style "expires" attribute in http.cookies.
- bpo-1690103: Fix initial namespace for code run with trace.main().
- bpo-8471: In doctest, properly reset the output stream to an empty string

when Unicode was previously output.
- bpo-8620: when a Cmd is fed input that reaches EOF without a final
newline, it no longer truncates the last character of the last command
line.
- bpo-6213: Implement getstate() and setstate() methods of utf-8-sig and

utf-16 incremental encoders.
- bpo-7113: Speed up loading in ConfigParser. Patch by Łukasz Langa.
- bpo-3704: cookielib was not properly handling URLs with a / in the

parameters.
- bpo-9032: XML-RPC client retries the request on EPIPE error. The EPIPE
error occurs when the server closes the socket and the client sends a big
XML-RPC request.
- bpo-5542: Remove special logic that closes HTTPConnection socket on EPIPE.
- bpo-4629: getopt raises an error if an argument ends with = whereas getopt

doesn't except a value (eg. --help= is rejected if getopt uses ['help=']
long options).
- bpo-7895: platform.mac_ver() no longer crashes after calling os.fork()
- bpo-5395: array.fromfile() would raise a spurious EOFError when an I/O

error occurred. Now an IOError is raised instead. Patch by chuck (Jan
Hosang).
- bpo-7646: The fnmatch pattern cache no longer grows without bound.
- bpo-9136: Fix 'dictionary changed size during iteration' RuntimeError

produced when profiling the decimal module. This was due to a dangerous
iteration over 'locals()' in Context.__init__.
- Fix extreme speed issue in Decimal.pow when the base is an exact power of
10 and the exponent is tiny (for example, Decimal(10) **
Decimal('1e-999999999')).
- bpo-9161: Fix regression in optparse's acceptance of unicode strings in

add_option calls.
- bpo-9130: Fix validation of relative imports in parser module.
- bpo-9128: Fix validation of class decorators in parser module.
- bpo-9164: Ensure sysconfig handles dupblice archs while building on OSX
- bpo-9315: Fix for the trace module to record correct class name for
tracing methods.
- bpo-9054: Fix a crash occurring when using the pyexpat module with expat
version 2.0.1.
- bpo-10003: Allow handling of SIGBREAK on Windows. Fixes a regression

introduced by issue #9324.
- bpo-8734: Avoid crash in msvcrt.get_osfhandle() when an invalid file

descriptor is provided. Patch by Pascal Chambon.
- bpo-7736: Release the GIL around calls to opendir() and closedir() in the
posix module. Patch by Marcin Bachry.
- As a result of issue #2521, the _weakref module is now compiled into the
interpreter by default.
- bpo-9324: Add parameter validation to signal.signal on Windows in order to

prevent crashes.
- bpo-9526: Remove some outdated (int) casts that were preventing the array
module from working correctly with arrays of more than 2**31 elements.
- Fix memory leak in ssl._ssl._test_decode_cert.
- bpo-8065: Fix memory leak in readline module (from failure to free the
result of history_get_history_state()).
- bpo-9450: Fix memory leak in readline.replace_history_item and

readline.remove_history_item for readline version >= 5.0.
- bpo-8105: Validate file descriptor passed to mmap.mmap on Windows.
- bpo-1019882: Fix IndexError when loading certain hotshot stats.
- bpo-9422: Fix memory leak when re-initializing a struct.Struct object.
- bpo-7900: The getgroups(2) system call on MacOSX behaves rather oddly

compared to other unix systems. In particular, os.getgroups() does not
reflect any changes made using os.setgroups() but basically always returns
the same information as the id command.
os.getgroups() can now return more than 16 groups on MacOSX.

- bpo-9277: Fix bug in struct.pack for bools in standard mode (e.g.,
struct.pack('>?')): if conversion to bool raised an exception then that
exception wasn't properly propagated on machines where char is unsigned.
- bpo-7567: Don't call `setupterm' twice.
Tools/Demos
-----------
- bpo-7287: Demo/imputil/knee.py was removed.
- bpo-9188: The gdb extension now handles correctly narrow (UCS2) as well as
wide (UCS4) unicode builds for both the host interpreter (embedded inside
gdb) and the interpreter under test.
Build
-----
- bpo-8852: Allow the socket module to build on OpenSolaris.
- bpo-10054: Some platforms provide uintptr_t in inttypes.h. Patch by Akira

Kitada.
- bpo-10055: Make json C89-compliant in UCS4 mode.
- bpo-1633863: Don't ignore $CC under AIX.
- bpo-9810: Compile bzip2 source files in python's project file directly. It

used to be built with bzip2's makefile.
- bpo-941346: Improve the build process under AIX and allow Python to be
built as a shared library. Patch by Sébastien Sablé.
- bpo-4026: Make the fcntl extension build under AIX. Patch by Sébastien
Sablé.
- bpo-3101: Helper functions _add_one_to_index_C() and _add_one_to_index_F()

become _Py_add_one_to_index_C() and _Py_add_one_to_index_F(),
respectively.
- bpo-9700: define HAVE_BROKEN_POSIX_SEMAPHORES under AIX 6.x. Patch by

Sébastien Sablé.
- bpo-9280: Make sharedinstall depend on sharedmods.
- bpo-9275: The OSX installer once again installs links to binaries in

``/usr/local/bin``.
- bpo-9392: A framework build on OSX will once again use a versioned name of
the ``2to3`` tool, that is you can use ``2to3-2.7`` to select the Python
2.7 edition of 2to3.
- bpo-9701: The MacOSX installer can patch the shell profile to ensure that
the "bin" directory inside the framework is on the shell's search path.
This feature now also supports the ZSH shell.
- bpo-7473: avoid link errors when building a framework with a different set
of architectures than the one that is currently installed.
Tests
-----
- bpo-9978: Wait until subprocess completes initialization. (Win32KillTests

in test_os)
- bpo-9894: Do not hardcode ENOENT in test_subprocess.
- bpo-9323: Make test.regrtest.__file__ absolute, this was not always the

case when running profile or trace, for example.
- bpo-9315: Added tests for the trace module. Patch by Eli Bendersky.
- Strengthen test_unicode with explicit type checking for assertEqual tests.
- bpo-8857: Provide a test case for socket.getaddrinfo.
- bpo-7564: Skip test_ioctl if another process is attached to /dev/tty.
- bpo-8433: Fix test_curses failure with newer versions of ncurses.
- bpo-9496: Provide a test suite for the rlcompleter module. Patch by

Michele Orrù.
- bpo-8605: Skip test_gdb if Python is compiled with optimizations.
- bpo-9568: Fix test_urllib2_localnet on OS X 10.3.
Documentation
-------------
- bpo-9817: Add expat COPYING file; add expat, libffi and expat licenses to
Doc/license.rst.
- bpo-9524: Document that two CTRL* signals are meant for use only with
os.kill.
- bpo-9255: Document that the 'test' package is for internal Python use
only.
- bpo-7829: Document in dis that bytecode is an implementation detail.
What's New in Python 2.7 final?

===============================
Core and Builtins

-----------------
- Prevent assignment to set literals.
Library
-------
- bpo-1868: Eliminate subtle timing issues in thread-local objects by

getting rid of the cached copy of thread-local attribute dictionary.
- bpo-9125: Add recognition of 'except ... as ...' syntax to parser module.
- bpo-7673: Fix security vulnerability (CVE-2010-2089) in the audioop

module, ensure that the input string length is a multiple of the frame
size.
- bpo-9075: In the ssl module, remove the setting of a ``debug`` flag on an

OpenSSL structure.
What's New in Python 2.7 release candidate 2?

=============================================
Core and Builtins

-----------------
- bpo-9058: Remove assertions about INT_MAX in UnicodeDecodeError.
- bpo-8202: Previous change to ``sys.argv[0]`` handling for -m command line

option reverted due to unintended side effects on handling of
``sys.path``. See tracker issue for details.
- bpo-8941: decoding big endian UTF-32 data in UCS-2 builds could crash the
interpreter with characters outside the Basic Multilingual Plane (higher
than 0x10000).
- In the unicode/str.format(), raise a ValueError when indexes to arguments

are too large.
Build
-----
- bpo-8854: Fix finding Visual Studio 2008 on Windows x64.
Library
-------
- bpo-6589: cleanup asyncore.socket_map in case smtpd.SMTPServer constructor

raises an exception.
- bpo-8959: fix regression caused by using unmodified libffi library on

Windows. ctypes does now again check the stack before and after calling
foreign functions.
- bpo-8720: fix regression caused by fix for #4050 by making getsourcefile

smart enough to find source files in the linecache.
- bpo-8986: math.erfc was incorrectly raising OverflowError for values

between -27.3 and -30.0 on some platforms.
- bpo-8924: logging: Improved error handling for Unicode in exception text.
- bpo-8948: cleanup functions and class / module setups and teardowns are
now honored in unittest debug methods.
Documentation
-------------
- bpo-8909: Added the size of the bitmap used in the installer created by
distutils' bdist_wininst. Patch by Anatoly Techtonik.
Windows
-------
- bpo-8362: Add maintainers.rst: list of module maintainers

=============================================
Core and Builtins

-----------------
- bpo-8271: during the decoding of an invalid UTF-8 byte sequence, only the
start byte and the continuation byte(s) are now considered invalid,
instead of the number of bytes specified by the start byte. E.g.:
'\xf1\x80AB'.decode('utf-8', 'replace') now returns u'\ufffdAB' and
replaces with U+FFFD only the start byte ('\xf1') and the continuation
byte ('\x80') even if '\xf1' is the start byte of a 4-bytes sequence.
Previous versions returned a single u'\ufffd'.
- bpo-8627: Remove bogus "Overriding __cmp__ blocks inheritance of __hash__

in 3.x" warning. Also fix "XXX undetected error" that arises from the
"Overriding __eq__ blocks inheritance ..." warning when turned into an
exception: in this case the exception simply gets ignored.
- bpo-8748: Fix two issues with comparisons between complex and integer
objects. (1) The comparison could incorrectly return True in some cases
(2**53+1 == complex(2**53) == 2**53), breaking transivity of equality. (2)
The comparison raised an OverflowError for large integers, leading to
unpredictable exceptions when combining integers and complex objects in
sets or dicts.
- bpo-5211: Implicit coercion for the complex type is now completely

removed. (Coercion for arithmetic operations was already removed in 2.7
alpha 4, but coercion for rich comparisons was accidentally left in.)
- bpo-3798: Write sys.exit() message to sys.stderr to use stderr encoding

and error handler, instead of writing to the C stderr file in utf-8
- bpo-7902: When using explicit relative import syntax, don't try implicit
relative import semantics.
- bpo-7079: Fix a possible crash when closing a file object while using it
from another thread. Patch by Daniel Stutzbach.
- bpo-8868: Fix that ensures that python scripts have access to the Window
Server again in a framework build on MacOSX 10.5 or earlier.
C API
-----
- bpo-5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows embedders

of the interpreter to set sys.argv without also modifying sys.path. This
helps fix `CVE-2008-5983 <http://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2008-5983>`_.
Library
-------
- bpo-8302: SkipTest in unittest.TestCase.setUpClass or setUpModule is now

reported as a skip rather than an error.
- bpo-8351: Excessively large diffs due to

unittest.TestCase.assertSequenceEqual are no longer included in failure
reports.
- bpo-8899: time.struct_time now has class and attribute docstrings.
- bpo-4487: email now accepts as charset aliases all codec aliases accepted
by the codecs module.
- bpo-6470: Drop UNC prefix in FixTk.
- bpo-5610: feedparser no longer eats extra characters at the end of a body

part if the body part ends with a \r\n.
- bpo-8833: tarfile created hard link entries with a size field != 0 by

mistake.
- bpo-1368247: set_charset (and therefore MIMEText) now automatically

encodes a unicode _payload to the output_charset.
- bpo-7150: Raise OverflowError if the result of adding or subtracting

timedelta from date or datetime falls outside of the MINYEAR:MAXYEAR
range.
- bpo-6662: Fix parsing of malformatted charref (&#bad;), patch written by

Fredrik Håård
- bpo-8016: Add the CP858 codec.
- bpo-3924: Ignore cookies with invalid "version" field in cookielib.
- bpo-6268: Fix seek() method of codecs.open(), don't read or write the BOM
twice after seek(0). Fix also reset() method of codecs, UTF-16, UTF-32 and
StreamWriter classes.
- bpo-5640: Fix Shift-JIS incremental encoder for error handlers different

than 'strict'.
- bpo-8782: Add a trailing newline in linecache.updatecache to the last line

of files without one.
- bpo-8729: Return NotImplemented from ``collections.Mapping.__eq__()`` when

comparing to a non-mapping.
- bpo-8759: Fix user paths in sysconfig for posix and os2 schemes.
- bpo-1285086: Speed up `ùrllib.quote()`` and urllib.unquote for simple

cases.
- bpo-8688: Distutils now recalculates MANIFEST every time.
- bpo-5099: The ``__del__()`` method of ``subprocess.Popen`` (and the

methods it calls) referenced global objects, causing errors to pop up
during interpreter shutdown.
- bpo-7384: If the system readline library is linked against ncurses, the

curses module must be linked against ncurses as well. Otherwise it is not
safe to load both the readline and curses modules in an application.
- bpo-2810: Fix cases where the Windows registry API returns

ERROR_MORE_DATA, requiring a re-try in order to get the complete result.
- bpo-8674: Fixed a number of incorrect or undefined-behaviour-inducing

overflow checks in the `àudioop`` module.
Tests
-----
- bpo-8889: test_support.transient_internet rewritten so that the new checks

also work on FreeBSD, which lacks EAI_NODATA.
- bpo-8835: test_support.transient_internet() catches gaierror(EAI_NONAME)

and gaierror(EAI_NODATA)
- bpo-7449: Skip test_socketserver if threading support is disabled
- On darwin, ``test_site`` assumed that a framework build was being used,

leading to a failure where four directories were expected for site-
packages instead of two in a non-framework build.
Build
-----
- Display installer warning that Windows 2000 won't be supported in future

releases.
- bpo-1759169: Drop _XOPEN_SOURCE on Solaris, define it for multiprocessing

only. (See also: bpo-8864)
Tools/Demos
-----------
- bpo-5464: Implement plural forms in msgfmt.py.
What's New in Python 2.7 beta 2?

================================
Core and Builtins

-----------------
- Run Clang 2.7's static analyzer for `Òbjects/`` and ``Python/``.
- bpo-1533: Fix inconsistency in range function argument processing: any

non-float non- integer argument is now converted to an integer (if
possible) using its __int__ method. Previously, only small arguments were
treated this way; larger arguments (those whose __int__ was outside the
range of a C long) would produce a TypeError.
- bpo-8202: ``sys.argv[0]`` is now set to '-m' instead of '-c' when

searching for the module file to be executed with the -m command line
option.
- bpo-7319: When -Q is used, do not silence DeprecationWarning.
- bpo-7332: Remove the 16KB stack-based buffer in

``PyMarshal_ReadLastObjectFromFile``, which doesn't bring any noticeable
benefit compared to the dynamic memory allocation fallback. Patch by
Charles-François Natali.
- bpo-8417: Raise an OverflowError when an integer larger than sys.maxsize

is passed to bytearray.
- bpo-7072: `ìsspace(0xa0)`` is true on Mac OS X.
- bpo-8404: Fix set operations on dictionary views.
- bpo-8084: PEP 370 now conforms to system conventions for framework builds
on MacOS X. That is, ``python setup.py install --user`` will install into
``~/Library/Python/2.7`` instead of ``~/.local``.
Library
-------
- bpo-8681: Make the zlib module's error messages more informative when the
zlib itself doesn't give any detailed explanation.
- bpo-8571: Fix an internal error when compressing or decompressing a chunk

larger than 1GB with the zlib module's compressor and decompressor
objects.
- bpo-8573: asyncore ``_strerror()`` function might throw ValueError.
- bpo-8483: asyncore.dispatcher's __getattr__ method produced confusing

error messages when accessing undefined class attributes because of the
cheap inheritance with the underlying socket object. The cheap
inheritance has been deprecated.
- bpo-4265: ``shutil.copyfile()`` was leaking file descriptors when disk

fills. Patch by Tres Seaver.
- bpo-7755: Use an unencumbered audio file for tests.
- bpo-8621: `ùuid.uuid4()`` returned the same sequence of values in the

parent and any children created using `òs.fork`` on Mac OS X 10.6.
- bpo-8313: ``traceback.format_exception_only()`` encodes unicode message to

ASCII with backslashreplace error handler if ``str(value)`` failed.
- bpo-8567: Fix precedence of signals in Decimal module: when a Decimal

operation raises multiple signals and more than one of those signals is
trapped, the specification determines the order in which the signals
should be handled. In many cases this order wasn't being followed, leading
to the wrong Python exception being raised.
- bpo-7865: The close() method of :mod:ìo` objects should not swallow
exceptions raised by the implicit flush(). Also ensure that calling
close() several times is supported. Patch by Pascal Chambon.
- bpo-8576: logging updated to remove usage of find_unused_port().
- bpo-4687: Fix accuracy of garbage collection runtimes displayed with

gc.DEBUG_STATS.
- bpo-8354: The siginterrupt setting is now preserved for all signals, not
just SIGCHLD.
- bpo-7192: ``webbrowser.get("firefox")`` now works on Mac OS X, as does

``webbrowser.get("safari")``.
- bpo-8577: ``distutils.sysconfig.get_python_inc()`` now makes a difference

between the build dir and the source dir when looking for "python.h" or
"Include".
- bpo-8464: tarfile no longer creates files with execute permissions set

when mode="w|" is used.
- bpo-7834: Fix connect() of Bluetooth L2CAP sockets with recent versions of

the Linux kernel. Patch by Yaniv Aknin.
- bpo-6312: Fix http HEAD request when the transfer encoding is chunked. It
should correctly return an empty response now.
- bpo-7490: To facilitate sharing of doctests between 2.x and 3.x test

suites, the `ÌGNORE_EXCEPTION_DETAIL`` directive now also ignores the
module location of the raised exception. Based on initial patch by
Lennart Regebro.
- bpo-8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline

before the certificate footer. Patch by Kyle VanderBeek.
- bpo-8546: Reject None given as the buffering argument to ``_pyio.open()``.
- bpo-8549: Fix compiling the _ssl extension under AIX. Patch by Sridhar
Ratnakumar.
- bpo-6656: Fix locale.format_string to handle escaped percents and

mappings.
- bpo-2302: Fix a race condition in SocketServer.BaseServer.shutdown, where

the method could block indefinitely if called just before the event loop
started running. This also fixes the occasional freezes witnessed in
test_httpservers.
- bpo-5103: SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
- The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
- bpo-7507: Quote "!" in pipes.quote(); it is special to some shells.
- bpo-5238: Calling makefile() on an SSL object would prevent the underlying

socket from being closed until all objects get truely destroyed.
- bpo-7943: Fix circular reference created when instantiating an SSL socket.
Initial patch by Péter Szabó.
- bpo-8451: Syslog module now uses basename(sys.argv[0]) instead of the

string "python" as the *ident*. openlog() arguments are all optional and
keywords.
- bpo-8108: Fix the unwrap() method of SSL objects when the socket has a
non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
- bpo-8484: Load all ciphers and digest algorithms when initializing the
_ssl extension, such that verification of some SSL certificates doesn't
fail because of an "unknown algorithm".
- bpo-8437: Fix test_gdb failures, patch written by Dave Malcolm
- bpo-4814: The timeout parameter is now applied also for connections

resulting from PORT/EPRT commands.
- bpo-8463: Add missing reference to bztar in shutil's documentation.
- bpo-8438: Remove reference to the missing "surrogateescape" encoding error

handler from the new IO library.
- bpo-3817: ftplib.FTP.abort() method now considers 225 a valid response

code as stated in RFC-959 at chapter 5.4.
- bpo-8279: Fix test_gdb failures.
- bpo-8322: Add a *ciphers* argument to SSL sockets, so as to change the

available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
- bpo-2987: RFC 2732 support for urlparse (IPv6 addresses). Patch by Tony
Locke and Hans Ulrich Niedermann.
- bpo-7585: difflib context and unified diffs now place a tab between
filename and date, conforming to the 'standards' they were originally
designed to follow. This improves compatibility with patch tools.
- bpo-7472: Fixed typo in email.encoders module; messages using ISO-2022

character sets will now consistently use a Content-Transfer-Encoding of
7bit rather than sometimes being marked as 8bit.
- bpo-8330: Fix expected output in test_gdb.
- bpo-8374: Update the internal alias table in the :mod:`locale` module to

cover recent locale changes and additions.
- bpo-8644: Improved accuracy of ``timedelta.total_seconds()``.
- Use Clang 2.7's static analyzer to find places to clean up some code.
- Build the ossaudio extension on GNU/kFreeBSD.
- On Windows, ctypes no longer checks the stack before and after calling a
foreign function. This allows using the unmodified libffi library.
Tests
-----
- bpo-8672: Add a zlib test ensuring that an incomplete stream can be

handled by a decompressor object without errors (it returns incomplete
uncompressed data).
- bpo-8490: asyncore now has a more solid test suite which actually tests
its API.
- bpo-8576: Remove use of find_unused_port() in test_smtplib and

test_multiprocessing. Patch by Paul Moore.
- bpo-7449: Fix many tests to support Python compiled without thread

support. Patches written by Jerry Seutter.
- bpo-8108: test_ftplib's non-blocking SSL server now has proper handling of

SSL shutdowns.
Build
-----
- bpo-8625: Turn off optimization in ``--with-pydebug`` builds with gcc.

(Optimization was unintentionally turned on in gcc --with-pydebug builds
in 2.7 beta1 as a result of the issue #1628484 fix, combined with
autoconf's strange choice of default CFLAGS produced by AC_PROG_CC for
gcc.)
- bpo-8509: Fix quoting in help strings and code snippets in configure.in.
- bpo-3646: It is now easily possible to install a Python framework into

your home directory on Mac OS X, see Mac/README for more information.
- bpo-8510: Update to autoconf 2.65.
Windows
-------
- Update the Vim syntax highlight file.

================================
Core and Builtins

-----------------
- bpo-7301: Add environment variable $PYTHONWARNINGS.
- bpo-8329: Don't return the same lists from select.select when no fds are
changed.
- bpo-8259: ``1L << (2**31)`` no longer produces an 'outrageous shift error'

on 64-bit machines. The shift count for either left or right shift is
permitted to be up to sys.maxsize.
- Ensure that tokenization of identifiers is not affected by locale.
- bpo-1222585: Added LDCXXSHARED for C++ support. Patch by Arfrever.
- Raise a TypeError when trying to delete a T_STRING_INPLACE struct member.
- bpo-7994: Issue a PendingDeprecationWarning if object.__format__ is called

with a nonempty format string. This is an effort to future-proof user
code. If a derived class does not currently implement __format__ but later
adds its own __format__, it would most likely break user code that had
supplied a format string. This will be changed to a DeprecationWarning in
Python 3.3 and it will be an error in Python 3.4.
- bpo-8268: Old-style classes (not just instances) now support weak

references.
- bpo-8211: Save/restore CFLAGS around AC_PROG_CC in configure.in, in case

it is set.
- bpo-1583863: A unicode subclass can now override the __unicode__ method
- bpo-6474: Make error message from passing an inadequate number of keyword

arguments to a function correct.
- bpo-8164: Don't allow lambda functions to have a docstring.
- bpo-3137: Don't ignore errors at startup, especially a keyboard interrupt

(SIGINT). If an error occurs while importing the site module, the error is
printed and Python exits. Initialize the GIL before importing the site
module.
- Code objects now support weak references.
Library
-------
- bpo-5277: Fix quote counting when parsing RFC 2231 encoded parameters.
- bpo-8321: Give access to OpenSSL version numbers from the `ssl` module,
using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
and `ssl.OPENSSL_VERSION_NUMBER`.
- bpo-8310: Allow dis to examine new style classes.
- bpo-8257: The Decimal construct now accepts a float instance directly,

converting that float to a Decimal of equal value:
>>> Decimal(1.1)
Decimal('1.100000000000000088817841970012523233890533447265625')
- collections.Counter() now supports a subtract() method.
- The functools module now has a total_ordering() class decorator to

simplify the specification of rich comparisons.
- The functools module also adds cmp_to_key() as a tool to transition old-

style comparison functions to new-style key-functions.
- bpo-8294: The Fraction constructor now accepts Decimal and float instances
directly.
- bpo-7279: Comparisons involving a Decimal signaling NaN now signal

InvalidOperation instead of returning False. (Comparisons involving a
quiet NaN are unchanged.) Also, Decimal quiet NaNs are now hashable;
Decimal signaling NaNs remain unhashable.
- bpo-2531: Comparison operations between floats and Decimal instances now

return a result based on the numeric values of the operands; previously
they returned an arbitrary result based on the relative ordering of
id(float) and id(Decimal).
- bpo-8233: When run as a script, py_compile.py optionally takes a single

argument `-` which tells it to read files to compile from stdin. Each
line is read on demand and the named file is compiled immediately.
(Original patch by Piotr Ożarowski).
- bpo-3135: Add `ìnspect.getcallargs()``, which binds arguments to a

function like a normal call.
- Backwards incompatible change: Unicode codepoints line tabulation (0x0B)

and form feed (0x0C) are now considered linebreaks, as specified in
Unicode Standard Annex #14. See issue #7643.
http://www.unicode.org/reports/tr14/
- Comparisons using one of <, <=, >, >= between a complex instance and a
Fractions instance now raise TypeError instead of returning True/False.
This makes Fraction <=> complex comparisons consistent with int <=>
complex, float <=> complex, and complex <=> complex comparisons.
- Addition of ``WeakSet`` to the ``weakref`` module.
- logging: Added LOG_FTP to SysLogHandler and updated documentation.
- bpo-8205: Remove the "Modules" directory from sys.path when Python is

running from the build directory (POSIX only).
- bpo-7667: Fix doctest failures with non-ASCII paths.
- bpo-7512: shutil.copystat() could raise an OSError when the filesystem

didn't support chflags() (for example ZFS under FreeBSD). The error is
now silenced.
- bpo-7703: ctypes supports both buffer() and memoryview(). The former is

deprecated.
- bpo-7860: platform.uname now reports the correct 'machine' type when

Python is running in WOW64 mode on 64 bit Windows.
- logging: Added getChild utility method to Logger and added isEnabledFor

method to LoggerAdapter.
- bpo-8201: logging: Handle situation of non-ASCII and Unicode logger names

existing at the same time, causing a Unicode error when configuration code
attempted to sort the existing loggers.
- bpo-8200: logging: Handle errors when multiprocessing is not fully loaded

when logging occurs.
- bpo-3890: Fix recv() and recv_into() on non-blocking SSL sockets. Also,
enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking reads
and writes are always retried by OpenSSL itself. (See also: bpo-8222)
- bpo-8179: Fix macpath.realpath() on a non-existing path.
- bpo-8024: Update the Unicode database to 5.2.
- bpo-8104: socket.recv_into() and socket.recvfrom_into() now support

writing into objects supporting the new buffer API, for example bytearrays
or memoryviews.
- bpo-4961: Inconsistent/wrong result of askyesno function in tkMessageBox

with Tcl/Tk-8.5.
- bpo-8140: Extend compileall to compile single files. Add -i option.
- bpo-7774: Set sys.executable to an empty string if `àrgv[0]`` has been

set to a non existent program name and Python is unable to retrieve the
real program name.
- bpo-8117: logging: Improved algorithm for computing initial rollover time

for ``TimedRotatingFileHandler`` by using the modification time of an
existing log file to compute the next rollover time. If the log file does
not exist, the current time is used as the basis for the computation.
- bpo-6472: The ``xml.etree`` package is updated to ElementTree 1.3. The

cElementTree module is updated too.
- bpo-7880: Fix sysconfig when the python executable is a symbolic link.
- bpo-7624: Fix `ìsinstance(foo(), collections.Callable)`` for old-style

classes.
- bpo-7143: email: ``get_payload()`` used to strip any trailing newline from

a base64 transfer-encoded payload *after* decoding it; it no longer does.
This is a behavior change, so email's minor version number is now bumped,
to version 4.0.2, for the 2.7 release.
- bpo-8235: _socket: Add the constant ``SO_SETFIB``. SO_SETFIB is a socket

option available on FreeBSD 7.1 and newer.
- bpo-8038: unittest.TestCase.assertNotRegexpMatches
- Addition of -b command line option to unittest for buffering stdout /

stderr during test runs.
- bpo-1220212: Added os.kill support for Windows, including support for

sending CTRL+C and CTRL+BREAK events to console subprocesses.
- bpo-8314: Fix unsigned long long bug in libffi on Sparc v8.
- bpo-1039: Fix os.execlp() crash with missing 2nd argument. (See also:
bpo-8154)
- bpo-8156: bsddb module updated to version 4.8.4.

http://www.jcea.es/programacion/pybsddb.htm#bsddb3-4.8.4. This update
drops support for Berkeley DB 4.0, and adds support for 4.8.
- bpo-3928: os.mknod() now available in Solaris, also.
- bpo-8142: Update libffi to the 3.0.9 release.
- bpo-8300: When passing a non-integer argument to struct.pack with any

integer format code, struct.pack first attempts to convert the non-integer
using its __index__ method. If that method is non-existent or raises
TypeError it goes on to try the __int__ method, as described below.
- bpo-1530559: When passing a non-integer argument to struct.pack with *any*

integer format code (one of 'bBhHiIlLqQ'), struct.pack attempts to use the
argument's __int__ method to convert to an integer before packing. It
also produces a DeprecationWarning in this case. (In Python 2.6, the
behaviour was inconsistent: __int__ was used for some integer codes but
not for others, and the set of integer codes for which it was used
differed between native packing and standard packing.)
- bpo-7347: _winreg: Add CreateKeyEx and DeleteKeyEx, as well as fix a bug

in the return value of QueryReflectionKey.
Tools/Demos
-----------
- bpo-7993: Add a test of IO packet processing bandwidth to ccbench. It

measures the number of UDP packets processed per second depending on the
number of background CPU-bound Python threads.
- python-config now supports multiple options on the same command line.
Build
-----
- bpo-8032: For gdb7, a python-gdb.py file is added to the build, allowing

to use advanced gdb features when debugging Python.
- bpo-1628484: The Makefile doesn't ignore the CFLAGS environment variable

anymore. It also forwards the LDFLAGS settings to the linker when
building a shared library.
- bpo-6716: Quote -x arguments of compileall in MSI installer.
- bpo-7705: Fix linking on FreeBSD.
- Make sure that the FreeBSD build of the included libffi uses the proper
assembly file.
C API
-----
- bpo-8276: PyEval_CallObject() is now only available in macro form. The

function declaration, which was kept for backwards compatibility reasons,
is now removed (the macro was introduced in 1997!).
- bpo-7992: A replacement PyCObject API, PyCapsule, has been backported from

Python 3.1. All existing Python CObjects in the main distribution have
been converted to capsules. To address backwards-compatibility concerns,
PyCObject_AsVoidPtr() was changed to understand capsules.
Tests
-----
- bpo-3864: Skip three test_signal tests on freebsd6 because they fail if

any thread was previously started, most likely due to a platform bug.
- bpo-8348: Fix test ftp url in test_urllib2net.
- bpo-8204: Fix test_ttk notebook test by forcing focus.
- bpo-8344: Fix test_ttk bug on FreeBSD.
- bpo-8193: Fix test_zlib failure with zlib 1.2.4.
- bpo-8248: Add some tests for the bool type. Patch by Gregory Nofi.
- bpo-8263: Now regrtest.py will report a failure if it receives a

KeyboardInterrupt (SIGINT).
- bpo-8180: Fix test_pep277 on OS X and add more tests for special Unicode
normalization cases. (See also: bpo-8207)
- bpo-7783: test.test_support.open_urlresource invalidates the outdated

files from the local cache.
What's New in Python 2.7 alpha 4?

=================================
Core and Builtins

-----------------
- bpo-7544: Preallocate thread memory before creating the thread to avoid a

fatal error in low memory condition.
- bpo-7820: The parser tokenizer restores all bytes in the right if the BOM
check fails.
- bpo-7309: Fix unchecked attribute access when converting

UnicodeEncodeError, UnicodeDecodeError, and UnicodeTranslateError to
strings.
- bpo-7649: "u'%c' % char" now behaves like "u'%s' % char" and raises a
UnicodeDecodeError if 'char' is a byte string that can't be decoded using
the default encoding.
- bpo-6902: Fix problem with built-in types format incorrectly with 0

padding.
- bpo-2560: Remove an unnecessary 'for' loop from ``my_fgets()`` in

Parser/myreadline.c.
- bpo-7988: Fix default alignment to be right aligned for

``complex.__format__``. Now it matches other numeric types.
- bpo-5211: The complex type no longer uses implicit coercion in mixed-type

binary arithmetic operations.
Library
-------
- bpo-7904: Changes to urllib.parse.urlsplit to handle schemes as defined by

RFC3986. Anything before :// is considered a scheme and is followed by an
authority (or netloc) and by '/' led path, which is optional.
- bpo-1555570: email no longer inserts extra blank lines when a \r\n combo
crosses an 8192 byte boundary.
- bpo-6906: Tk should not set Unicode environment variables on Windows.
- bpo-1054943: Fix `ùnicodedata.normalize('NFC', text)`` for the Public

Review Issue #29 (http://unicode.org/review/pr-29.html).
- bpo-7494: Fix a crash in ``_lsprof`` (cProfile) after clearing the

profiler, reset also the pointer to the current pointer context.
- bpo-7232: Add support for the context management protocol to the

``tarfile.TarFile`` class.
- bpo-7250: Fix info leak of os.environ across multi-run uses of

``wsgiref.handlers.CGIHandler``.
- bpo-1729305: Fix doctest to handle encode error with "backslashreplace".
- bpo-691291: ``codecs.open()`` should not convert end of lines on reading

and writing.
- bpo-7975: Correct regression in dict methods supported by bsddb.dbshelve.
- bpo-7959: ctypes callback functions are now registered correctly with the
cycle garbage collector.
- bpo-7970: `èmail.Generator.flatten`` now correctly flattens

message/rfc822 messages parsed by `èmail.Parser.HeaderParser``.
- bpo-3426: `òs.path.abspath`` now returns unicode when its arg is unicode.
- bpo-7633: In the decimal module, ``Context`` class methods (with the

exception of canonical and is_canonical) now accept instances of int and
long wherever a Decimal instance is accepted, and implicitly convert that
argument to Decimal. Previously only some arguments were converted.
- bpo-6003: Add an argument to ``zipfile.Zipfile.writestr`` to specify the

compression type.
- bpo-7893: `ùnittest.TextTestResult`` is made public and a ``resultclass``

argument added to the TextTestRunner constructor allowing a different
result class to be used without having to subclass.
- bpo-7588: `ùnittest.TextTestResult.getDescription`` now includes the test

name in failure reports even if the test has a docstring.
- bpo-5801: Remove spurious empty lines in wsgiref.
- bpo-1537721: Add a ``writeheader()`` method to ``csv.DictWriter``.
- bpo-7427: Improve the representation of httplib.BadStatusLine exceptions.

- bpo-7481: When a ``threading.Thread`` failed to start it would leave the
instance stuck in initial state and present in ``threading.enumerate()``.
- bpo-1068268: The subprocess module now handles EINTR in internal

`òs.waitpid()`` and `òs.read()`` system calls where appropriate.
- bpo-6729: Add ``ctypes.c_ssize_t`` to represent ssize_t.
- bpo-6247: The argparse module has been added to the standard library.
- The sqlite3 module was updated to pysqlite 2.6.0. This fixes several
obscure bugs and allows loading SQLite extensions from shared libraries.
- bpo-7808: Fix reference leaks in _bsddb and related tests.
- bpo-6544: Fix a reference leak in the kqueue implementation's error

handling.
- Stop providing crtassem.h symbols when compiling with Visual Studio 2010,
as msvcr100.dll is not a platform assembly anymore.
- bpo-7242: On Solaris 9 and earlier calling `òs.fork()`` from within a

thread could raise an incorrect RuntimeError about not holding the import
lock. The import lock is now reinitialized after fork.
- bpo-7999: `òs.setreuid()`` and `òs.setregid()`` would refuse to accept a

-1 parameter on some platforms such as OS X.
Tests
-----
- bpo-7849: The utility ``test.test_support.check_warnings()`` verifies if

warnings are effectively raised. A new utility ``check_py3k_warnings()``
is available.
- The four path modules (genericpath, macpath, ntpath, posixpath) share a

common TestCase for some tests: test_genericpath.CommonTest.
- Print platform information when running the whole test suite, or using the
``--verbose`` flag.
- bpo-767675: Enable test_pep277 on POSIX platforms with Unicode-friendly

filesystem encoding.
- bpo-6292: For the moment at least, the test suite runs cleanly if python
is run with the -OO flag. Tests requiring docstrings are skipped.
- bpo-7712: test_support gained a new ``temp_cwd`` context manager which is

now also used by regrtest to run all the tests in a temporary directory.
The original CWD is saved in ``test.test_support.SAVEDCWD``. Thanks to
Florent Xicluna who helped with the patch.
Build
-----
- bpo-3920: Define _BSD_SOURCE on OpenBSD 4.4 through 4.9. (See also:

bpo-7903)
=================================
Core and Builtins

-----------------
- bpo-5677: Explicitly forbid write operations on read-only file objects,

and read operations on write-only file objects. On Windows, the system C
library would return a bogus result; on Solaris, it was possible to crash
the interpreter. Patch by Stefan Krah.
- bpo-7853: Normalize exceptions before they are passed to a context

manager's ``__exit__()`` method.
- bpo-7385: Fix a crash in ``PyMemoryView_FromObject()`` when

``PyObject_GetBuffer()`` fails. Patch by Florent Xicluna.
- bpo-7819: Check ``sys.call_tracing()`` arguments types.
- bpo-7788: Fix an interpreter crash produced by deleting a list slice with

very large step value.
- bpo-7766: Change ``sys.getwindowsversion()`` return value to a named tuple

and add the additional members returned in an OSVERSIONINFOEX structure.
The new members are service_pack_major, service_pack_minor, suite_mask,
and product_type.
- bpo-7561: Operations on empty bytearrays (such as `ìnt(bytearray())``)

could crash in many places because of the ``PyByteArray_AS_STRING()``
macro returning NULL. The macro now returns a statically allocated empty
string instead.
- bpo-7622: Improve the split(), rsplit(), splitlines() and replace()

methods of bytes, bytearray and unicode objects by using a common
implementation based on stringlib's fast search. Patch by Florent
Xicluna.
- bpo-7632: Fix various str -> float conversion bugs present in 2.7 alpha 2,
including:
(1) a serious 'wrong output' bug that could occur for long (> 40 digit)
input strings, (2) a crash in dtoa.c that occurred in debug builds
when parsing certain long numeric strings corresponding to subnormal
values, (3) a memory leak for some values large enough to cause overflow,
and (4) a number of flaws that could lead to incorrectly rounded results.
- bpo-7319: Silence ``DeprecationWarning`` by default when the -3 option is

not used. (See also: bpo-7770)
- bpo-2335: Backport set literals syntax from Python 3.x.
- bpo-2333: Backport set and dict comprehensions syntax from Python 3.x.
- bpo-1967: Backport dictionary views from Python 3.x.
Library
-------
- bpo-9137: Fix issue in MutableMapping.update, which incorrectly treated

keyword arguments called 'self' or 'other' specially.
- bpo-7835: shelve should no longer produce mysterious warnings during

interpreter shutdown.
- bpo-2746: Don't escape ampersands and angle brackets ("&", "<", ">") in
XML processing instructions and comments. These raw characters are
allowed by the XML specification, and are necessary when outputting e.g.
PHP code in a processing instruction. Patch by Neil Muller.
- bpo-7869: logging: Improved diagnostic for format-time errors.
- bpo-7868: logging: Added loggerClass attribute to Manager.
- bpo-7851: logging: Clarification on logging configuration files.
- bpo-4772: Raise a ValueError when an unknown Bluetooth protocol is

specified, rather than fall through to AF_PACKET (in the ``socket``
module). Also, raise ValueError rather than TypeError when an unknown TIPC
address type is specified. Patch by Brian Curtin.
- logging: Implemented PEP 391.
- bpo-6939: Fix file I/O objects in the ìo` module to keep the original
file position when calling `truncate()`. It would previously change the
file position to the given argument, which goes against the tradition of
ftruncate() and other truncation APIs. Patch by Pascal Chambon.
- bpo-7610: Reworked implementation of the internal ``zipfile.ZipExtFile``

class used to represent files stored inside an archive. The new
implementation is significantly faster and can be wrapped in an
`ìo.BufferedReader`` object for more speedups. It also solves an issue
where interleaved calls to ``read()`` and ``readline()`` give wrong
results. Patch by Nir Aides.
- bpo-7792: Registering non-classes to ABCs raised an obscure error.
- Removed the deprecated functions ``verify()`` and ``vereq()`` from

Lib/test/test_support.py.
- bpo-7773: Fix an UnboundLocalError in ``platform.linux_distribution()``

when the release file is empty.
- bpo-7748: Since unicode values are supported for some metadata options in
Distutils, the DistributionMetadata get_* methods will now return a utf-8
encoded string for them. This ensures that the upload and register
commands send the correct values to PyPI without any error.
- bpo-1670765: Prevent `èmail.generator.Generator`` from re-wrapping

headers in multipart/signed MIME parts, which fixes one of the sources of
invalid modifications to such parts by Generator.
- bpo-7701: Fix crash in ``binascii.b2a_uu()`` in debug mode when given a

1-byte argument. Patch by Victor Stinner.
- bpo-3299: Fix possible crash in the _sre module when given bad argument
values in debug mode. Patch by Victor Stinner.
- bpo-7703: Add support for the new buffer API to functions of the binascii
module. Backported from py3k by Florent Xicluna, with some additional
tests.
- bpo-2846: Add support for gzip.GzipFile reading zero-padded files. Patch

by Brian Curtin.
- bpo-5827: Make sure that normpath preserves unicode. Initial patch by

Matt Giuca.
- bpo-5372: Drop the reuse of .o files in Distutils' ccompiler (since

Extension extra options may change the output without changing the .c
file). Initial patch by Collin Winter.
- Expat: Fix DoS via XML document with malformed UTF-8 sequences
(CVE_2009_3560).
Build
-----
- bpo-7632: When Py_USING_MEMORY_DEBUGGER is defined, disable the private

memory allocation scheme in dtoa.c and use PyMem_Malloc and PyMem_Free
instead. Also disable caching of powers of 5.
- bpo-7658: Ensure that the new pythonw executable works on OSX 10.4
- bpo-7714: Use ``gcc -dumpversion`` to detect the version of GCC on MacOSX.
- bpo-7661: Allow ctypes to be built from a non-ASCII directory path. Patch

by Florent Xicluna.
Tools/Demos
-----------
- iobench (a file I/O benchmark) and ccbench (a concurrency benchmark) were

added to the ``Tools`` directory. They were previously living in the
sandbox.
Tests
-----
- bpo-7728: test_timeout was changed to use ``test_support.bind_port()``

instead of a hard coded port.
Documentation
-------------
- Updated "Using Python" documentation to include description of CPython's

-J, -U and -X options.
- Updated Python manual page (options -B, -O0, -s, environment variables
PYTHONDONTWRITEBYTECODE, PYTHONNOUSERSITE).

=================================
Core and Builtins

-----------------
- The ``__complex__()`` method is now looked up on the class of instances to

make it consistent with other special methods.
- bpo-7462: Implement the stringlib fast search algorithm for the `rfind`,
`rindex`, `rsplit` and `rpartition` methods. Patch by Florent Xicluna.
- bpo-5080: A number of functions and methods previously produced a

DeprecationWarning when passed a float argument where an integer was
expected. These functions and methods now raise TypeError instead. The
majority of the effects of this change are in the extension modules, but
some core functions and methods are affected: notably the 'chr', 'range'
and 'xrange' builtins, and many unicode/str methods.
- bpo-7604: Deleting an unset slotted attribute did not raise an

AttributeError.
- bpo-7534: Fix handling of IEEE specials (infinities, nans, negative zero)

in ** operator. The behaviour now conforms to that described in C99 Annex
F.
- bpo-7579: The msvcrt module now has docstrings for all its functions.
- bpo-7413: Passing '\0' as the separator to datetime.datetime.isoformat()

used to drop the time part of the result.
- bpo-1811: Improve accuracy and cross-platform consistency for true

division of integers: the result of a/b is now correctly rounded for ints
a and b (at least on IEEE 754 platforms), and in particular does not
depend on the internal representation of a long.
- bpo-6108: `ùnicode(exception)`` and ``str(exception)`` should return the

same message when only ``__str__()`` (and not ``__unicode__()``) is
overridden in the subclass.
- bpo-6834: Replace the implementation for the 'python' and 'pythonw'

executables on OSX.
These executables now work properly with the arch(1) command: `àrch -ppc
python`` will start a universal binary version of python in PPC mode
(unlike previous releases).
- bpo-1680159: Unicode coercion during an 'in' operation no longer masks the

underlying error when the coercion fails for the left hand operand.
- bpo-7491: Metaclass's __cmp__ method was ignored.
- bpo-7466: Segmentation fault when the garbage collector is called in the

middle of populating a tuple. Patch by Florent Xicluna.
Library
-------
- bpo-6963: Added "maxtasksperchild" argument to ``multiprocessing.Pool``,

allowing for a maximum number of tasks within the pool to be completed by
the worker before that worker is terminated, and a new one created to
replace it.
- bpo-7617: Make sure distutils.unixccompiler.UnixCCompiler recognizes gcc

when it has a fully qualified configuration prefix. Initial patch by
Arfrever.
- bpo-7092: Remove py3k warning when importing cPickle. 2to3 handles

renaming of `cPickle` to `pickle`. The warning was annoying since there's
no alternative to cPickle if you care about performance. Patch by Florent
Xicluna.
- bpo-7455: Fix possible crash in cPickle on invalid input. Patch by Victor

Stinner.
- bpo-7092: Fix the DeprecationWarnings emitted by the standard library when

using the -3 flag. Patch by Florent Xicluna.
- bpo-7471: Improve the performance of GzipFile's buffering mechanism, and

make it implement the `ìo.BufferedIOBase`` ABC to allow for further
speedups by wrapping it in an `ìo.BufferedReader``. Patch by Nir Aides.
- bpo-3972: ``httplib.HTTPConnection`` now accepts an optional

source_address parameter to allow specifying where your connections come
from.
- ``socket.create_connection()`` now accepts an optional source_address

parameter.
- bpo-5511: ``zipfile.ZipFile`` can now be used as a context manager.

Initial patch by Brian Curtin.
- Distutils now correctly identifies the build architecture as "x86_64" when

building on OSX 10.6 without "-arch" flags.
- bpo-7556: Distutils' msvc9compiler now opens the MSVC Manifest file in

text mode.
- bpo-7552: Removed line feed in the base64 Authorization header in the

Distutils upload command to avoid an error when PyPI reads it. This
occurs on long passwords. Initial patch by JP St. Pierre.
- bpo-7231: urllib2 cannot handle https with proxy requiring auth. Patch by
Tatsuhiro Tsujikawa.
- bpo-7349: Make methods of file objects in the io module accept None as an

argument where file-like objects (ie StringIO and BytesIO) accept them to
mean the same as passing no argument.
- bpo-7348: ``StringIO.StringIO.readline(-1)`` now acts as if it got no

argument like other file objects.
- bpo-7357: tarfile no longer suppresses fatal extraction errors by default.
- bpo-7470: logging: Fix bug in Unicode encoding fallback.
- bpo-5949: Fixed IMAP4_SSL hang when the IMAP server response is missing
proper end-of- line termination.
- bpo-7457: Added a read_pkg_file method to
``distutils.dist.DistributionMetadata``.
- bpo-3745: Undo the 2.7a1 change to have hashlib to reject unicode and non
buffer API supporting objects as input. That behavior is for 3.x only.
C API
-----
- bpo-7767: New function ``PyLong_AsLongLongAndOverflow()`` added, analogous

to ``PyLong_AsLongAndOverflow()``.
- bpo-5080: The argument parsing functions ``PyArg_ParseTuple()``,

``PyArg_ParseTupleAndKeywords()``, ``PyArg_VaParse()``,
``PyArg_VaParseTupleAndKeywords()`` and ``PyArg_Parse()`` no longer accept
float arguments for integer format codes (other than 'L'): previously an
attempt to pass a float resulted in a DeprecationWarning; now it gives a
TypeError. For the 'L' format code (which previously had no warning)
there is now a DeprecationWarning.
- bpo-7033: Function ``PyErr_NewExceptionWithDoc()`` added.
Build
-----
- bpo-6491: Allow --with-dbmliborder to specify that no dbms will be built.
- bpo-6943: Use pkg-config to find the libffi headers when the ``--with-
system-ffi`` flag is used.
- bpo-7609: Add a ``--with-system-expat`` option that causes the system's

expat library to be used for the pyexpat module instead of the one
included with Python.
- bpo-7589: Only build the nis module when the correct header files are
found.
- Switch to OpenSSL 0.9.8l and sqlite 3.6.21 on Windows.
- bpo-7541: when using ``python-config`` with a framework install the

compiler might use the wrong library.
Tests
-----
- bpo-7376: Instead of running a self-test (which was failing) when called

with no arguments, doctest.py now gives a usage message.
- bpo-7396: Fix regrtest -s, which was broken by the -j enhancement.
- bpo-7498: test_multiprocessing now uses test_support.find_unused_port

instead of a hardcoded port number in test_rapid_restart.

=================================

Core and Builtins
-----------------
- bpo-7419: ``locale.setlocale()`` could crash the interpreter on Windows

when called with invalid values.
- bpo-3382: 'F' formatting for float and complex now convert the result to
upper case. This only affects 'inf' and 'nan', since 'f' no longer
converts to 'g' for large values.
- Remove switch from "%f" formatting to "%g" formatting for floats larger
than 1e50 in absolute value.
- Remove restrictions on precision when formatting floats. E.g., "%.120g" %

1e-100 used to raise OverflowError, but now gives the requested 120
significant digits instead.
- Add Py3k warnings for parameter names in parentheses.
- bpo-7362: Give a proper error message for ``def f((x)=3): pass``.
- bpo-7085: Fix crash when importing some extensions in a thread on MacOSX

10.6.
- bpo-7117: ``repr(x)`` for a float x returns a result based on the shortest

decimal string that's guaranteed to round back to x under correct rounding
(with round-half-to-even rounding mode). Previously it gave a string
based on rounding x to 17 decimal digits. repr(x) for a complex number
behaves similarly. On platforms where the correctly-rounded strtod and
dtoa code is not supported (see below), repr is unchanged.
- bpo-7117: On almost all platforms: float-to-string and string-to-float

conversions within Python are now correctly rounded. Places these
conversions occur include: str for floats and complex numbers; the float
and complex constructors; old-style and new-style numeric formatting;
serialization and deserialization of floats and complex numbers using
marshal, pickle and json; parsing of float and imaginary literals in
Python code; Decimal-to- float conversion.
The conversions use a Python-adapted version of David Gay's well-known

dtoa.c, providing correctly-rounded strtod and dtoa C functions. This
code is supported on Windows, and on Unix-like platforms using gcc, icc or
suncc as the C compiler. There may be a small number of platforms on
which correct operation of this code cannot be guaranteed, so the code is
not used: notably, this applies to platforms where the C double format is
not IEEE 754 binary64, and to platforms on x86 hardware where the x87 FPU
is set to 64-bit precision and Python's configure script is unable to
determine how to change the FPU precision. On these platforms conversions
use the platform strtod and dtoa, as before.
- bpo-7117: Backport round implementation from Python 3.x. ``round()`` now

uses the correctly-rounded string <-> float conversions described above
(when available), and so produces correctly rounded results that will
display nicely under the float repr. There are two related small changes:
(1) round now accepts any class with an ``__index__()`` method for its
second argument (but no longer accepts floats for the second argument),
and (2) an excessively large second integer argument (e.g., ``round(1.234,
10**100)``) no longer raises an exception.
- bpo-1757126: Fix the cyrillic-asian alias for the ptcp154 encoding.
- Fix several issues with ``compile()``. The input can now contain Windows
and Mac newlines and is no longer required to end in a newline.
- Remove length limitation when constructing a complex number from a unicode

string.
- bpo-7244: `ìtertools.izip_longest()`` no longer ignores exceptions raised

during the formation of an output tuple.
- bpo-1087418: Boost performance of bitwise operations for longs.
- bpo-1722344: ``threading._shutdown()`` is now called in ``Py_Finalize()``,

which fixes the problem of some exceptions being thrown at shutdown when
the interpreter is killed. Patch by Adam Olsen.
- bpo-7168: Document ``PyFloat_AsString()`` and ``PyFloat_AsReprString()``,

and note that they are unsafe and deprecated.
- bpo-7120: logging: Remove import of multiprocessing which is causing crash

in GAE.
- bpo-7140: The ``__dict__`` of a module should not be cleared unless the

module is the only object holding a reference to it.
- bpo-1754094: Improve the stack depth calculation in the compiler. There

should be no other effect than a small decrease in memory use. Patch by
Christopher Tur Lesniewski-Laas.
- bpo-7084: Fix a (very unlikely) crash when printing a list from one
thread, and mutating it from another one. Patch by Scott Dial.
- bpo-1571184: The Unicode database contains properties for more characters.

The tables for code points representing numeric values, white spaces or
line breaks are now generated from the official Unicode Character Database
files, and include information from the Unihan.txt file.
- bpo-7050: Fix a SystemError when trying to use unpacking and augmented

assignment.
- bpo-5329: Fix `òs.popen*`` regression from 2.5 with commands as a

sequence running through the shell. Patch by Jean-Paul Calderone and Jani
Hakala.
- bpo-7019: Raise ValueError when unmarshalling bad long data, instead of

producing internally inconsistent Python longs.
- bpo-6990: Fix ``threading.local`` subclasses leaving old state around

after a reference cycle GC which could be recycled by new locals.
- bpo-6300: unicode.encode, unicode.decode, str.decode, and str.encode now

take keyword arguments.
- bpo-6922: Fix an infinite loop when trying to decode an invalid UTF-32

stream with a non-raising error handler like "replace" or "ignore".
- bpo-6713: Improve performance of base 10 int -> string and long -> string
conversions.
- bpo-1590864: Fix potential deadlock when mixing threads and fork().
- bpo-6844: Do not emit DeprecationWarnings when accessing a "message"

attribute on exceptions that was set explicitly.
- bpo-6846: Fix bug where bytearray.pop() returns negative integers.
- ``classmethod()`` no longer checks if its argument is callable.
- bpo-6750: A text file opened with `ìo.open()`` could duplicate its output
when writing from multiple threads at the same time.
- bpo-6704: Improve the col_offset in AST for "for" statements with a target
of tuple unpacking.
- bpo-6707: ``dir()`` on an uninitialized module caused a crash.
- bpo-6540: Fixed crash for ``bytearray.translate()`` with invalid

parameters.
- bpo-6573: ``set.union()`` stopped processing inputs if an instance of self

occurred in the argument chain.
- bpo-1616979: Added the cp720 (Arabic DOS) encoding.
- bpo-6070: On posix platforms import no longer copies the execute bit from
the .py file to the .pyc file if it is set. Patch by Marco N.
- bpo-4618: When unicode arguments are passed to ``print()``, the default

separator and end should be unicode also.
- bpo-6119: Fixed an incorrect Py3k warning about order comparisons of

built-in functions and methods.
- bpo-6347: Include inttypes.h as well as stdint.h in pyport.h. This fixes

a build failure on HP-UX: int32_t and uint32_t are defined in inttypes.h
instead of stdint.h on that platform.
- bpo-4856: Remove checks for win NT.
- bpo-2016: Fixed a crash in a corner case where the dictionary of keyword

arguments could be modified during the function call setup.
- Removed the ipaddr module.
- bpo-6329: Fixed iteration for memoryview objects (it was being blocked
because it wasn't recognized as a sequence).
- bpo-6289: Encoding errors from ``compile()`` were being masked.
- When no module is given in a relative import, the module field of the

ImportFrom AST node is now None instead of an empty string.
- Assignment to None using import statements now raises a SyntaxError.
- bpo-4547: When debugging a very large function, it was not always possible
to update the lineno attribute of the current frame.
- bpo-5330: C functions called with keyword arguments were not reported by
the various profiling modules (profile, cProfile). Patch by Hagen
Fürstenau.
- bpo-5982: staticmethod and classmethod now expose the wrapped function

with ``__func__``.
- Added support for multiple context managers in the same with-statement.

Deprecated ``contextlib.nested()`` which is no longer needed.
- bpo-6101: A new opcode, SETUP_WITH, has been added to speed up the with
statement and correctly lookup the __enter__ and __exit__ special methods.
- bpo-5829: complex("1e500") no longer raises OverflowError. This makes it

consistent with float("1e500") and interpretation of real and imaginary
literals.
- bpo-3527: Removed Py_WIN_WIDE_FILENAMES which is not used any more.
- ``__instancecheck__()`` and ``__subclasscheck__()`` are now completely

ignored on classic classes and instances.
- bpo-5994: The marshal module now has docstrings.
- bpo-5981: Fix three minor inf/nan issues in float.fromhex:
(1) inf and nan strings with trailing whitespace were incorrectly
rejected; (2) parsing of strings representing infinities and nans was
locale aware; and (3) the interpretation of fromhex('-nan') didn't match
that of float('-nan').
- bpo-5920: For ``float.__format__()``, change the behavior with the empty

presentation type (that is, not one of 'e', 'f', 'g', or 'n') to be like
'g' but with at least one decimal point and with a default precision of
12. Previously, the behavior the same but with a default precision of 6.
This more closely matches ``str()``, and reduces surprises when adding
alignment flags to the empty presentation type. This also affects the new
complex.__format__ in the same way.
- bpo-5890: In subclasses of 'property' the __doc__ attribute was shadowed

by classtype's, even if it was None. property now inserts the __doc__
into the subclass instance __dict__.
- bpo-4426: The UTF-7 decoder was too strict and didn't accept some legal
sequences. Patch by Nick Barnes and Victor Stinner.
- bpo-1588: Add complex.__format__. For example, ``format(complex(1, 2./3),

'.5')`` now produces a sensible result.
- bpo-5864: Fix empty format code formatting for floats so that it never
gives more than the requested number of significant digits.
- bpo-5793: Rationalize isdigit / isalpha / tolower, etc. Includes new

Py_ISDIGIT / Py_ISALPHA / Py_TOLOWER, etc. in pctypes.h.
- bpo-4971: Fix titlecase for characters that are their own titlecase, but
not their own uppercase.
- bpo-5835: Deprecate PyOS_ascii_formatd and replace it with

_PyOS_double_to_string or PyOS_double_to_string.
- bpo-5283: Setting __class__ in __del__ caused a segfault.
- bpo-5816: ``complex(repr(z))`` now recovers z exactly, even when z

involves nans, infs or negative zeros.
- Implement PEP 378, Format Specifier for Thousands Separator, for floats,
ints, and longs.
- bpo-5515: 'n' formatting for ints, longs, and floats handles leading zero
formatting poorly.
- bpo-5772: For float.__format__, don't add a trailing ".0" if we're using

no type code and we have an exponent.
- bpo-3166: Make long -> float (and int -> float) conversions correctly
rounded.
- bpo-5787: `òbject.__getattribute__(some_type, "__bases__")`` segfaulted

on some built-in types.
- bpo-1869: Fix a couple of minor round() issues. ``round(5e15+1)`` was

giving 5e15+2; ``round(-0.0)`` was losing the sign of the zero.
- bpo-5759: float() didn't call __float__ on str subclasses.
- bpo-5704: The "-3" command-line option now implies "-t".
- bpo-2170: Refactored ``xml.dom.minidom.normalize``, increasing both its

clarity and its speed.
- bpo-2396: The memoryview object was backported from Python 3.1.
- Fix a problem in PyErr_NormalizeException that leads to "undetected

errors" when hitting the recursion limit under certain circumstances.
- bpo-1665206: Remove the last eager import in _warnings.c and make it lazy.
- bpo-4865: On MacOSX /Library/Python/2.7/site-packages is added to the end

sys.path, for compatibility with the system install of Python.
- bpo-4688: Add a heuristic so that tuples and dicts containing only

untrackable objects are not tracked by the garbage collector. This can
reduce the size of collections and therefore the garbage collection
overhead on long-running programs, depending on their particular use of
datatypes.
- bpo-5512: Rewrite PyLong long division algorithm (x_divrem) to improve its

performance. Long divisions and remainder operations are now between 50%
and 150% faster.
- bpo-4258: Make it possible to use base 2**30 instead of base 2**15 for the
internal representation of integers, for performance reasons. Base 2**30
is enabled by default on 64-bit machines. Add --enable-big-digits option
to configure, which overrides the default. Add sys.long_info structseq to
provide information about the internal format.
- bpo-4034: Fix weird attribute error messages of the traceback object. (As
a result traceback.__members__ no longer exists.)
- bpo-4474: PyUnicode_FromWideChar now converts characters outside the BMP

to surrogate pairs, on systems with sizeof(wchar_t) == 4 and
sizeof(Py_UNICODE) == 2.
- bpo-5237: Allow auto-numbered fields in str.format(). For example: ``'{}

{}'.format(1, 2) == '1 2'``.
- bpo-3652: Make the 'line' argument for ``warnings.showwarning()`` a

requirement. Means the DeprecationWarning from Python 2.6 can go away.
- bpo-5247: Improve error message when unknown format codes are used when
using ``str.format()`` with str, unicode, long, int, and float arguments.
- Running Python with the -3 option now also warns about classic division
for ints and longs.
- bpo-5260: Long integers now consume less memory: average saving is 2 bytes
per long on a 32-bit system and 6 bytes per long on a 64-bit system.
- bpo-5186: Reduce hash collisions for objects with no __hash__ method by

rotating the object pointer by 4 bits to the right.
- bpo-4575: Fix Py_IS_INFINITY macro to work correctly on x87 FPUs: it now

forces its argument to double before testing for infinity.
- bpo-4978: Passing keyword arguments as unicode strings is now allowed.
- bpo-1242657: the __len__() and __length_hint__() calls in several tools

were suppressing all exceptions. These include list(), filter(), map(),
zip(), and bytearray().
- os.ftruncate raises OSErrors instead of IOErrors for consistency with

other os functions.
- bpo-4991: Passing invalid file descriptors to io.FileIO now raises an

OSError.
- bpo-4807: Port the _winreg module to Windows CE.
- bpo-4935: The overflow checking code in the expandtabs() method common to

str, bytes and bytearray could be optimized away by the compiler, letting
the interpreter segfault instead of raising an error.
- bpo-3720: Fix a crash when an iterator modifies its class and removes its
__next__ method.
- bpo-4893: Use NT threading on CE.
- bpo-4915: Port sysmodule to Windows CE.
- bpo-4074: Change the criteria for doing a full garbage collection (i.e.
collecting the oldest generation) so that allocating lots of objects
without destroying them does not show quadratic performance. Based on a
proposal by Martin von Löwis at http://mail.python.org/pipermail/python-
dev/2008-June/080579.html.
- bpo-4850: Change COUNT_ALLOCS variables to Py_ssize_t.

- bpo-1180193: When importing a module from a .pyc (or .pyo) file with an
existing .py counterpart, override the co_filename attributes of all code
objects if the original filename is obsolete (which can happen if the file
has been renamed, moved, or if it is accessed through different paths).
Patch by Ziga Seilnacht and Jean-Paul Calderone.
- bpo-4075: Use `ÒutputDebugStringW()`` in Py_FatalError.
- bpo-4797: IOError.filename was not set when _fileio.FileIO failed to open

file with `str' filename on Windows.
- bpo-3680: Reference cycles created through a dict, set or deque iterator

did not get collected.
- bpo-4701: PyObject_Hash now implicitly calls PyType_Ready on types where

the tp_hash and tp_dict slots are both NULL.
- bpo-4764: With io.open, IOError.filename is set when trying to open a

directory on POSIX systems.
- bpo-4764: IOError.filename is set when trying to open a directory on POSIX

systems.
- bpo-4759: None is now allowed as the first argument of

``bytearray.translate()``. It was always allowed for
``bytes.translate()``.
- Added test case to ensure attempts to read from a file opened for writing
fail.
- bpo-2467: gc.DEBUG_STATS reported invalid elapsed times. Also, always

print elapsed times, not only when some objects are
uncollectable/unreachable. Original patch by Neil Schemenauer.
- bpo-3439: Add a bit_length method to int and long.
- bpo-2183: Simplify and optimize bytecode for list comprehensions.

Original patch by Neal Norwitz.
- bpo-4597: Fixed exception handling when the __exit__ function of a context

manager returns a value that cannot be converted to a bool.
- bpo-4597: Fixed several opcodes that weren't always propagating

exceptions.
- bpo-4445: Replace ``sizeof(PyStringObject)`` with

`òffsetof(PyStringObject, ob_sval) + 1`` when allocating memory for str
instances. On a typical machine this saves 3 bytes of memory (on average)
per string allocation.
- bpo-3996: On Windows, the PyOS_CheckStack function would cause the

interpreter to abort ("Fatal Python error: Could not reset the stack!")
instead of throwing a MemoryError.
- bpo-3689: The list reversed iterator now supports __length_hint__ instead

of __len__. Behavior now matches other reversed iterators.
- bpo-4367: Python would segfault during compiling when the unicodedata

module couldn't be imported and \N escapes were present.
- bpo-4233: Changed semantic of ``_fileio.FileIO``'s ``close()`` method on

file objects with closefd=False. The file descriptor is still kept open
but the file object behaves like a closed file. The ``FileIO`` object also
got a new readonly attribute ``closefd``.
- bpo-4348: Some bytearray methods returned that didn't cause any change to
the bytearray, returned the same bytearray instead of a copy.
- bpo-4317: Fixed a crash in the `ìmageop.rgb2rgb8()`` function.
- bpo-4230: If ``__getattr__`` is a descriptor, it now functions correctly.
- bpo-4048: The parser module now correctly validates relative imports.
- bpo-4225: ``from __future__ import unicode_literals`` didn't work in an

exec statement.
- bpo-4176: Fixed a crash when pickling an object which ``__reduce__``

method does not return iterators for the 4th and 5th items.
- bpo-4209: Enabling unicode_literals and the print_function in the same

__future__ import didn't work.
- Using ``nonlocal`` as a variable name will now raise a Py3k SyntaxWarning

because it is a reserved word in 3.x.
- On windows, `òs.chdir()`` given unicode was not working if

GetCurrentDirectoryW returned a path longer than MAX_PATH. (But It's
doubtful this code path is really executed because I cannot move to such
directory on win2k)
- bpo-4069: When ``set.remove(element)`` is used with a set element, the

element is temporarily replaced with an equivalent frozenset. But the
eventual KeyError would always report the empty ``frozenset()`` as the
missing key. Now it correctly refers to the initial element.
- bpo-4509: Various issues surrounding resize of bytearray objects to which

there are buffer exports.
- bpo-4748: Lambda generators no longer return a value.
- bpo-3582: Use native TLS functions on Windows
- The re.sub(), re.subn() and re.split() functions now accept a flags

parameter.
- bpo-3845: In PyRun_SimpleFileExFlags avoid invalid memory access with

short file names.
- bpo-1113244: Py_XINCREF, Py_DECREF, Py_XDECREF: Add `do { ... } while (0)'

to avoid compiler warnings.
- bpo-5705: os.setuid() would not accept values > 2**31-1 but pwd.getpwnam()
returned them on 64bit platforms.
- bpo-5108: Handle %s like %S and %R in PyUnicode_FromFormatV(): Call

PyUnicode_DecodeUTF8() once, remember the result and output it in a second
step. This avoids problems with counting UTF-8 bytes that ignores the
effect of using the replace error handler in PyUnicode_DecodeUTF8().
- bpo-3739: The unicode-internal encoder now reports the number of

characters consumed like any other encoder (instead of the number of
bytes).
- bpo-2422: When compiled with the ``--with-valgrind`` option, the pymalloc

allocator will be automatically disabled when running under Valgrind.
This gives improved memory leak detection when running under Valgrind,
while taking advantage of pymalloc at other times.
Library
-------
- Add count() and reverse() methods to collections.deque().
- Fix variations of extending deques: d.extend(d) d.extendleft(d) d+=d
- bpo-6986: Fix crash in the JSON C accelerator when called with the wrong
parameter types. Patch by Victor Stinner.
- logging: Added optional "secure" parameter to SMTPHandler, to enable use

of TLS with authentication credentials.
- bpo-1923: Fixed the removal of meaningful spaces when PKG-INFO is

generated in Distutils. Patch by Stephen Emslie.
- bpo-4120: Drop reference to CRT from manifest when building extensions

with msvc9compiler.
- bpo-7333: The ``posix`` module gains an `ìnitgroups()`` function

providing access to the initgroups(3) C library call on Unix systems which
implement it. Patch by Jean-Paul Calderone.
- bpo-7408: Fixed distutils.tests.sdist so it doesn't check for group

ownership when the group is not forced, because the group may be different
from the user's group and inherit from its container when the test is run.
- bpo-1515: Enable use of deepcopy() with instance methods. Patch by Robert

Collins.
- bpo-7403: logging: Fixed possible race condition in lock creation.
- bpo-6845: Add restart support for binary upload in ftplib. The

``storbinary()`` method of FTP and FTP_TLS objects gains an optional
"rest" argument. Patch by Pablo Mouzo.
- bpo-5788: ``datetime.timedelta`` objects get a new ``total_seconds()``

method returning the total number of seconds in the duration. Patch by
Brian Quinlan.
- bpo-6615: logging: Used weakrefs in internal handler list.
- bpo-1488943: ``difflib.Differ`` doesn't always add hints for tab

characters.
- bpo-6123: tarfile now opens empty archives correctly and consistently

raises ReadError on empty files.
- bpo-7354: distutils.tests.test_msvc9compiler - dragfullwindows can be 2.
- bpo-5037: Proxy the __unicode__ special method to __unicode__ instead of

__str__.
- bpo-7341: Close the internal file object in the TarFile constructor in

case of an error.
- bpo-7293: ``distutils.test_msvc9compiler`` is fixed to work on any fresh

Windows box. Help provided by David Bolen.
- bpo-7328: pydoc no longer corrupts sys.path when run with the '-m' switch.
- bpo-2054: ftplib now provides an FTP_TLS class to do secure FTP using TLS
or SSL. Patch by Giampaolo Rodola'.
- bpo-4969: The mimetypes module now reads the MIME database from the
registry under Windows. Patch by Gabriel Genellina.
- bpo-6816: runpy now provides a run_path function that allows Python code
to execute file paths that refer to source or compiled Python files as
well as zipfiles, directories and other valid sys.path entries that
contain a __main__.py file. This allows applications that run other Python
scripts to support the same flexibility as the CPython command line
itself.
- bpo-7318: multiprocessing now uses a timeout when it fails to establish a

connection with another process, rather than looping endlessly. The
default timeout is 20 seconds, which should be amply sufficient for local
connections.
- bpo-7197: Allow unittest.TextTestRunner objects to be pickled and

unpickled. This fixes crashes under Windows when trying to run
test_multiprocessing in verbose mode.
- bpo-7282: Fix a memory leak when an RLock was used in a thread other than
those started through ``threading.Thread`` (for example, using
``thread.start_new_thread()``.
- bpo-7264: Fix a possible deadlock when deallocating thread-local objects

which are part of a reference cycle.
- bpo-7211: Allow 64-bit values for the `ìdent`` and ``data`` fields of
kevent objects on 64-bit systems. Patch by Michael Broghton.
- bpo-6896: ``mailbox.Maildir`` now invalidates its internal cache each time

a modification is done through it. This fixes inconsistencies and test
failures on systems with slightly bogus mtime behaviour.
- bpo-7246: getpass now properly flushes input before reading from stdin so
that existing input does not confuse it and lead to incorrect entry or an
IOError. It also properly flushes it afterwards to avoid the terminal
echoing the input afterwards on OSes such as Solaris. (See also: bpo-7208)
- bpo-7233: Fix a number of two-argument Decimal methods to make sure that

they accept an int or long as the second argument. Also fix buggy
handling of large arguments (those with coefficient longer than the
current precision) in shift and rotate.
- bpo-4750: Store the basename of the original filename in the gzip FNAME
header as required by RFC 1952.
- bpo-1180: Added a new global option to ignore ~/.pydistutils.cfg in

Distutils.
- bpo-7218: Fix test_site for win32, the directory comparison was done with
an uppercase.
- bpo-7205: Fix a possible deadlock when using a BZ2File object from several
threads at once.
- bpo-7071: byte-compilation in Distutils is now done with respect to

sys.dont_write_bytecode.
- bpo-7066: archive_util.make_archive now restores the cwd if an error is

raised. Initial patch by Ezio Melotti.
- bpo-6218: io.StringIO and io.BytesIO instances are now picklable with

protocol 2.
- bpo-7077: logging: SysLogHandler now treats Unicode as per RFC 5424.
- bpo-7099: Decimal.is_normal now returns True for numbers with exponent

larger than emax.
- bpo-5833: Fix extra space character in readline completion with the GNU
readline library version 6.0.
- bpo-7133: SSL objects now support the new buffer API.
- bpo-7149: urllib fails on OSX in the proxy detection code.
- bpo-7069: Make inspect.isabstract() return a boolean.
- Add support to the `ìhooks`` module for relative imports.
- bpo-6894: Fixed the issue urllib2 doesn't respect "no_proxy" environment.
- bpo-7086: Added TCP support to SysLogHandler, and tidied up some

anachronisms in the code which were a relic of 1.5.2 compatibility.
- bpo-7082: When falling back to the MIME 'name' parameter, the correct
place to look for it is the Content-Type header.
- bpo-7048: Force Decimal.logb to round its result when that result is too
large to fit in the current precision.
- bpo-6516: Added owner/group support when creating tar archives in

Distutils.
- bpo-7031: Add ``TestCase.assert(Not)IsInstance()`` methods.
- bpo-6790: Make it possible again to pass an `àrray.array`` to

``httplib.HTTPConnection.send``. Patch by Kirk McDonald.
- bpo-6236: Fix various failures in the ìo` module under AIX and other
platforms, when using a non-gcc compiler. Patch by egreen. (See also:
bpo-6348)
- bpo-6954: Fixed crash when using DISTUTILS_DEBUG flag in Distutils.
- bpo-6851: Fix urllib.urlopen crash on secondairy threads on OSX 10.6
- bpo-4606: Passing 'None' if ctypes argtype is set to POINTER(...) does now

always result in NULL.
- bpo-5042: ctypes Structure sub-subclass does now initialize correctly with

base class positional arguments.
- bpo-6938: Fix a TypeError in string formatting of a multiprocessing debug

message.
- bpo-6635: Fix profiler printing usage message.
- bpo-6856: Add a filter keyword argument to TarFile.add().
- bpo-6163: Fixed HP-UX runtime library dir options in

distutils.unixcompiler. Initial patch by Sridhar Ratnakumar and Michael
Haubenwallner.
- bpo-6857: Default format() alignment should be '>' for Decimal instances.
- bpo-6795: int(Decimal('nan')) now raises ValueError instead of returning

NaN or raising InvalidContext. Also, fix infinite recursion in
long(Decimal('nan')).
- bpo-6850: Fix bug in Decimal._parse_format_specifier for formats with no

type specifier.
- bpo-4937: plat-mac/bundlebuilder refers to non-existing version.plist.
- bpo-6838: Use a list to accumulate the value instead of repeatedly

concatenating strings in httplib's HTTPResponse._read_chunked providing a
significant speed increase when downloading large files servend with a
Transfer-Encoding of 'chunked'.
- bpo-5275: In Cookie's Cookie.load(), properly handle non-string arguments

as documented.
- bpo-2666: Handle BROWSER environment variable properly for unknown browser

names in the webbrowser module.
- bpo-6054: Do not normalize stored pathnames in tarfile.
- bpo-6794: Fix Decimal.compare_total and Decimal.compare_total_mag: NaN

payloads are now ordered by integer value rather than lexicographically.
- bpo-6693: New functions in site.py to get user/global site packages paths.
- The thread.lock type now supports weak references.
- bpo-1356969: Add missing info methods in Tix.HList.
- bpo-1522587: New constants and methods for the Tix.Grid widget.
- bpo-1250469: Fix the return value of Tix.PanedWindow.panes.

- bpo-1119673: Do not override Tkinter.Text methods when creating a
ScrolledText.
- bpo-6665: Fix fnmatch to properly match filenames with newlines in them.
- bpo-1135: Add the XView and YView mix-ins to avoid duplicating the xview*
and yview* methods.
- bpo-6629: Fix a data corruption issue in the new ìo` package, which could
occur when writing to a BufferedRandom object (e.g. a file opened in "rb+"
or "wb+" mode) after having buffered a certain amount of data for reading.
This bug was not present in the pure Python implementation.
- bpo-4660: If a multiprocessing.JoinableQueue.put() was preempted, it was

possible to get a spurious 'task_done() called too many times' error.
- bpo-1628205: Socket file objects returned by socket.socket.makefile() now

properly handles EINTR within the read, readline, write & flush methods.
The socket.sendall() method now properly handles interrupted system calls.
- bpo-6595: The Decimal constructor now allows arbitrary Unicode decimal

digits in input, as recommended by the standard. Previously it was
restricted to accepting [0-9].
- bpo-6511: ZipFile now raises BadZipfile (instead of an IOError) when

opening an empty or very small file.
- bpo-6553: Fixed a crash in cPickle.load(), when given a file-like object

containing incomplete data.
- bpo-6545: Removed assert statements in distutils.Extension, so the

behavior is similar when used with -O.
- unittest has been split up into a package. All old names should still
work.
- bpo-6431: Make Fraction type return NotImplemented when it doesn't know

how to handle a comparison without loss of precision. Also add correct
handling of infinities and nans for comparisons with float.
- bpo-6415: Fixed warnings.warn segfault on bad formatted string.
- bpo-6466: Now distutils.cygwinccompiler and distutils.emxccompiler uses

the same refactored function to get gcc/ld/dllwrap versions numbers. It's
``distutils.util.get_compiler_versions()``. Added deprecation warnings
for the obsolete get_versions() functions.
- bpo-6433: Fixed issues with multiprocessing.pool.map hanging on empty

list.
- bpo-6314: logging: Extra checks on the "level" argument in more places.
- bpo-2622: Fixed an ImportError when importing email.messsage from a

standalone application built with py2exe or py2app.
- bpo-6455: Fixed test_build_ext under win32.
- bpo-6377: Enabled the compiler option, and deprecate its usage as an

attribute.
- bpo-6413: Fixed the log level in distutils.dist for announce.
- bpo-3392: The subprocess communicate() method no longer fails in select()

when file descriptors are large; communicate() now uses poll() when
possible.
- bpo-6403: Fixed package path usage in build_ext.
- bpo-5155: multiprocessing.Process._bootstrap was unconditionally calling

"os.close(sys.stdin.fileno())" resulting in file descriptor errors. (See
also: bpo-5313, bpo-5331)
- bpo-6365: Distutils build_ext inplace mode was copying the compiled

extension in a subdirectory if the extension name had dots.
- bpo-6344: Fixed a crash of mmap.read() when passed a negative argument.
- bpo-5230: pydoc would report no documentation found if a module generated

a 'not found' import error when loaded; it now reports the import errors.
Thanks to Lucas Prado Melo for initial fix and collaboration on the tests.
- bpo-6314: ``logging.basicConfig()`` performs extra checks on the "level"

argument.
- bpo-6164: Added an AIX specific linker argument in Distutils unixcompiler.

Original patch by Sridhar Ratnakumar.
- bpo-6274: Fixed possible file descriptors leak in subprocess.py.
- bpo-6189: Restored compatibility of subprocess.py with Python 2.2.
- bpo-6287: Added the license field in Distutils documentation.
- bpo-6286: Now Distutils upload command is based on urllib2 instead of

httplib, allowing the usage of http_proxy.
- bpo-6271: mmap tried to close invalid file handle (-1) for anonymous maps
on Unix.
- bpo-6215: All bug fixes and enhancements from the Python 3.1 io library
(including the fast C implementation) have been backported to the standard
`ìo`` module.
- bpo-6258: Support AMD64 in bdist_msi.
- bpo-6252: Fixed bug in next rollover time computation in

TimedRotatingFileHandler.
- bpo-6263: Fixed syntax error in distutils.cygwincompiler.
- bpo-5201: distutils.sysconfig.parse_makefile() now understands ``$$`` in

Makefiles. This prevents compile errors when using syntax like:
``LDFLAGS='-rpath=\$$LIB:/some/other/path'``. Patch by Floris Bruynooghe.
- bpo-5767: Removed sgmlop support from xmlrpclib.
- bpo-6131: test_modulefinder leaked when run after test_distutils. Patch

by Hirokazu Yamamoto.
- bpo-6048: Now Distutils uses the tarfile module in archive_util.
- bpo-6121: pydoc now ignores leading and trailing spaces in the argument to
the 'help' function.
- In unittest, using a skipping decorator on a class is now equivalent to

skipping every test on the class. The ClassTestSuite class has been
removed.
- bpo-6050: Don't fail extracting a directory from a zipfile if the

directory already exists.
- bpo-5311: bdist_msi can now build packages that do not depend on a

specific Python version.
- bpo-1309352: fcntl now converts its third arguments to a C `long` rather

than an int, which makes some operations possible under 64-bit Linux (e.g.
DN_MULTISHOT with F_NOTIFY).
- bpo-1424152: Fix for httplib, urllib2 to support SSL while working through
proxy. Original patch by Christopher Li, changes made by Senthil Kumaran.
- bpo-1983: Fix functions taking or returning a process identifier to use

the dedicated C type ``pid_t`` instead of a C `ìnt``. Some platforms
have a process identifier type wider than the standard C integer type.
- bpo-4066: smtplib.SMTP_SSL._get_socket now correctly returns the socket.

Patch by Farhan Ahmad, test by Marcin Bachry.
- bpo-6062: In distutils, fixed the package option of build_ext. Feedback

and tests on pywin32 by Tim Golden.
- bpo-6053: Fixed distutils tests on win32. Patch by Hirokazu Yamamoto.
- bpo-6046: Fixed the library extension when distutils build_ext is used in

place. Initial patch by Roumen Petrov.
- bpo-6041: Now distutils `sdist` and `register` commands use `check` as a

subcommand.
- bpo-2116: Weak references and weak dictionaries now support copy()ing and
deepcopy()ing.
- bpo-1655: Make imaplib IPv6-capable. Patch by Derek Morr.
- bpo-5918: Fix a crash in the parser module.
- bpo-1664: Make nntplib IPv6-capable. Patch by Derek Morr.
- bpo-6022: A test file was created in the current working directory by

test_get_outputs in Distutils.
- bpo-4050: inspect.findsource/getsource now raise an IOError if the

'source' file is a binary. Patch by Brodie Rao, tests by Daniel Diniz.
- bpo-5977: distutils build_ext.get_outputs was not taking into account the

inplace option. Initial patch by kxroberto.
- bpo-5984: distutils.command.build_ext.check_extensions_list checks were
broken for old-style extensions.
- bpo-5971: StreamHandler.handleError now swallows IOErrors which occur when

trying to print a traceback.
- bpo-5976: Fixed Distutils test_check_environ.
- bpo-5900: Ensure RUNPATH is added to extension modules with RPATH if GNU

ld is used. Original patch by Floris Bruynooghe.
- bpo-5941: Distutils build_clib command was not working anymore because of

an incomplete customization of the archiver command. Added ARFLAGS in the
Makefile besides AR and make Distutils use it. Original patch by David
Cournapeau.
- bpo-5955: aifc's close method did not close the file it wrapped, now it
does. This also means getfp method now returns the real fp.
- bpo-4875: On win32, ctypes.util.find_library does no longer return

directories.
- bpo-5142: Add the ability to skip modules while stepping to pdb.
- bpo-1309567: Fix linecache behavior of stripping subdirectories when

looking for files given by a relative filename.
- bpo-5692: In ``zipfile.Zipfile``, fix wrong path calculation when

extracting a file to the root directory.
- bpo-5913: `òs.listdir()`` should fail for empty path on windows.
- bpo-5084: Unpickling now interns the attribute names of pickled objects,

saving memory and avoiding growth in size of subsequent pickles. Proposal
and original patch by Jake McGuire.
- bpo-3002: ``shutil.copyfile()`` and ``shutil.copytree()`` now raise an

error when a named pipe is encountered, rather than blocking infinitely.
- bpo-3959: The ipaddr module has been added to the standard library.
Contributed by Google.
- bpo-2245: aifc now skips chunk types it doesn't recognize, per spec.
- bpo-5874: distutils.tests.test_config_cmd is not locale-sensitive anymore.
- bpo-4305: ctypes should now build again on mipsel-linux-gnu
- bpo-1734234: Massively speedup `ùnicodedata.normalize()`` when the string

is already in normalized form, by performing a quick check beforehand.
Original patch by Rauli Ruohonen.
- bpo-5853: Calling a function of the mimetypes module from several threads

at once could hit the recursion limit if the mimetypes database hadn't
been initialized before.
- bpo-5854: Updated __all__ to include some missing names and remove some
names which should not be exported.
- bpo-5810: Fixed Distutils test_build_scripts so it uses
``sysconfig.get_config_vars()``.
- bpo-4951: Fixed failure in test_httpservers.
- bpo-3102: All global symbols that the _ctypes extension defines are now
prefixed with 'Py' or '_ctypes'.
- bpo-5041: ctypes does now allow pickling wide character.
- bpo-5812: For the two-argument form of the Fraction constructor,

``Fraction(m, n)``, m and n are permitted to be arbitrary Rational
instances.
- bpo-5812: Fraction('1e6') is valid: more generally, any string that's

valid for float() is now valid for Fraction(), with the exception of
strings representing NaNs and infinities.
- bpo-5795: Fixed test_distutils failure on Debian ppc.
- bpo-5768: Fixed bug in Unicode output logic and test case for same.
- bpo-1161031: Fix readwrite select flag handling: POLLPRI now results in a

handle_expt_event call, not handle_read_event, and POLLERR and POLLNVAL
now call handle_close, not handle_expt_event. Also, dispatcher now has an
'ignore_log_types' attribute for suppressing log messages, which is set to
'warning' by default.
- bpo-5607: Fixed Distutils test_get_platform for Mac OS X fat binaries.
- bpo-5741: Don't disallow "%%" (which is an escape for "%") when setting a
value in SafeConfigParser.
- bpo-5732: Added a new command in Distutils: check.
- bpo-5731: Distutils bdist_wininst no longer worked on non-Windows

platforms. Initial patch by Paul Moore.
- bpo-2254: Fix CGIHTTPServer information disclosure. Relative paths are

now collapsed within the url properly before looking in cgi_directories.
- bpo-5095: Added bdist_msi to the list of bdist supported formats. Initial

fix by Steven Bethard.
- bpo-1491431: Fixed distutils.filelist.glob_to_re for edge cases. Initial

fix by Wayne Davison.
- bpo-5693: TestSuite.__iter__ can now be consistently overridden in

subclasses.
- bpo-5694: Removed spurious test output in Distutils (test_clean).
- bpo-5471: Fix os.path.expanduser() for $HOME set to '/'.
- bpo-1326077: Fix the formatting of SyntaxErrors by the traceback module.
- bpo-1726172: Fix IndexError in the case of and empty response in ftplib.

- bpo-2625: Added missing iteritems() call to the for loop in
mailbox.MH.get_message().
- bpo-5585: Add the ability to call an initializer to

multiprocessing.manager so that users can install custom handlers/etc.
- bpo-3551: Patch multiprocessing to raise a proper exception if the size of

the object when writefile is called causes an ERROR_NO_SYSTEM_RESOURCES.
Added docs to note the limitation.
- unittest.assertNotEqual() now uses the inequality operator (!=) instead of

the equality operator.
- bpo-6001: Test discovery for unittest. Implemented in

unittest.TestLoader.discover and from the command line.
- bpo-5679: The methods unittest.TestCase.addCleanup and doCleanups were

added. addCleanup allows you to add cleanup functions that will be called
unconditionally (after setUp if setUp fails, otherwise after tearDown).
This allows for much simpler resource allocation and deallocation during
tests.
- bpo-3379: unittest.main now takes an optional exit argument. If False main

doesn't call sys.exit allowing it to be used from the interactive
interpreter.
- bpo-5995: unittest.main now takes an optional verbosity argument allowing

test modules to be run with a higher than default verbosity.
- bpo-5995: A fix to allow you to run "python -m unittest test_module" or

"python -m unittest test_module.TestClass" from the command line.
- bpo-5728: unittest.TestResult has new startTestRun and stopTestRun

methods; called immediately before and after a test run.
- bpo-5663: Better failure messages for unittest asserts. Default assertTrue

and assertFalse messages are now useful. TestCase has a longMessage
attribute. This defaults to False, but if set to True useful error
messages are shown in addition to explicit messages passed to assert
methods.
- bpo-3110: Add additional protect around SEM_VALUE_MAX for multiprocessing.
- In Pdb, prevent the reassignment of __builtin__._ by sys.displayhook on

printing out values.
- bpo-4572: Added SEEK_* symbolic constants to io module.
- bpo-1665206: Move imports in cgitb to the top of the module instead of

performing them in functions. Helps prevent import deadlocking in threads.
- bpo-5647: MutableSet.__iand__() no longer mutates self during iteration.
- Actually make the SimpleXMLRPCServer CGI handler work.
- bpo-2522: locale.format() now checks its first argument to ensure it has

been passed only one pattern, avoiding mysterious errors where it appeared
that it was failing to do localization.
- bpo-5583: Added optional extensions in Distutils. Initial patch by Georg
Brandl.
- bpo-5619: Multiprocessing children disobey the debug flag and causes

popups on windows buildbots. Patch applied to work around this issue.
- bpo-5632: Thread.ident was None for the main thread and threads not
created with the threading module.
- bpo-5400: Added patch for multiprocessing on netbsd compilation/support.
- bpo-5387: Fixed mmap.move crash by integer overflow.
- bpo-5261: Patch multiprocessing's semaphore.c to support context manager

use: "with multiprocessing.Lock()" works now.
- bpo-5177: Multiprocessing's SocketListener class now uses

socket.SO_REUSEADDR on all connections so that the user no longer needs to
wait 120 seconds for the socket to expire.
- Adjusted _tkinter to compile without warnings when WITH_THREAD is not

defined (part of issue #5035).
- bpo-5561: Removed the sys.version_info shortcuts from platform's

python_version() and python_version_tuple() since they produced different
output compared to previous Python versions.
- bpo-1034053: unittest now supports skipping tests and expected failures.
- The unittest.TestCase.assertRaises() method now returns a context manager

when not given a callable so that code to be tested can be written inline
using a with statement.
- bpo-2578: The unittest.TestCase.assertEqual() now displays the differences

in lists, tuples, dicts and sets on failure. Many new handy type and
comparison specific assert* methods have been added that fail with error
messages actually useful for debugging. Contributed in part by Google.
- bpo-5068: Fixed the tarfile._BZ2Proxy.read() method that would loop

forever on incomplete input. That caused tarfile.open() to hang when used
with mode 'r' or 'r:bz2' and a fileobj argument that contained no data or
partial bzip2 compressed data.
- bpo-5536: urllib.urlretrieve makes sure to close the file it's writing to

even if an exception occurs.
- bpo-5381: Added object_pairs_hook to the json module. This allows

OrderedDicts to be built by the decoder.
- bpo-2110: Add support for thousands separator and 'n' type specifier to
``Decimal.__format__()``.
- Fix Decimal.__format__ bug that swapped the meanings of the '<' and '>'
alignment characters.
- bpo-1222: ``locale.format()`` bug when the thousands separator is a space

character.
- bpo-5472: Fixed distutils.test_util tear down. Original patch by Tim

Golden.
- collections.deque objects now have a read-only attribute called maxlen.
- bpo-2638: Show a window constructed with tkSimpleDialog.Dialog only after

it is has been populated and properly configured in order to prevent
window flashing.
- bpo-4792: Prevent a segfault in _tkinter by using the guaranteed to be

safe interp argument given to the PythonCmd in place of the Tcl
interpreter taken from a PythonCmd_ClientData.
- bpo-5193: Guarantee that Tkinter.Text.search returns a string.
- bpo-5394: Removed > 2.3 syntax from distutils.msvc9compiler. Original

patch by Akira Kitada.
- bpo-5385: Fixed mmap crash after resize failure on windows.
- bpo-5179: Fixed subprocess handle leak on failure on windows.
- PEP 372: Added collections.OrderedDict().
- The _asdict() for method for namedtuples now returns an OrderedDict().
- The configparser module now defaults to using an ordered dictionary.
- bpo-4308: httplib.IncompleteRead's repr doesn't include all of the data

all ready received.
- bpo-5401: Fixed a performance problem in mimetypes when ``from mimetypes

import guess_extension`` was used.
- bpo-1733986: Fixed mmap crash on Windows in accessing elements of second

map object with same tagname but larger size than first map.
- bpo-5386: mmap.write_byte didn't check map size, so it could cause buffer

overrun.
- bpo-1533164: Installed but not listed *.pyo was breaking Distutils

bdist_rpm command.
- bpo-5378: Added --quiet option to Distutils bdist_rpm command.
- bpo-5052: Make Distutils compatible with 2.3 again.
- Deprecated methods of symtable.Symbol have been removed: is_keywordarg(),

is_vararg(), and is_in_tuple().
- bpo-5316: Fixed buildbot failures introduced by multiple inheritance in

Distutils tests.
- bpo-5287: Add exception handling around findCaller() call to help out

IronPython.
- bpo-5282: Fixed mmap resize on 32bit Windows and Unix. When `òffset >
0``, the file was resized to wrong size.
- bpo-5292: Fixed mmap crash on its boundary access m[len(m)].

- bpo-2279: distutils.sdist.add_defaults now add files from the package_data
and the data_files metadata.
- bpo-5257: Refactored all tests in distutils, so they use

support.TempdirManager, to avoid writing in the tests directory.
- bpo-4524: distutils build_script command failed with --with-suffix=3.

Initial patch by Amaury Forgeot d'Arc.
- bpo-2461: Added tests for distutils.util.
- bpo-1008086: Fixed socket.inet_aton() to always return 4 bytes even on

LP64 platforms (most 64-bit Linux, bsd, unix systems).
- bpo-5203: Fixed ctypes segfaults when passing a unicode string to a

function without argtypes (only occurs if HAVE_USABLE_WCHAR_T is false).
- bpo-3386: distutils.sysconfig.get_python_lib prefix argument was ignored

under NT and OS2. Patch by Philip Jenvey.
- bpo-5128: Make compileall properly inspect bytecode to determine if needs

to be recreated. This avoids a timing hole thanks to the old reliance on
the ctime of the files involved.
- bpo-5122: Synchronize tk load failure check to prevent a potential

deadlock.
- bpo-1818: collections.namedtuple() now supports a keyword argument

'rename' which lets invalid fieldnames be automatically converted to
positional names in the form, _1, _2, ...
- bpo-4890: Handle empty text search pattern in Tkinter.Text.search.
- bpo-5170: Fixed Unicode output bug in logging and added test case. This
is a regression which did not occur in 2.5.
- bpo-4512: Promote ``ZipImporter._get_filename()`` to be a public

documented method ``ZipImporter.get_filename()``.
- bpo-4195: The ``runpy`` module (and the ``-m`` switch) now support the
execution of packages by looking for and executing a ``__main__``
submodule when a package name is supplied. Initial patch by Andi Vajda.
- bpo-1731706: Call Tcl_ConditionFinalize for Tcl_Conditions that will not

be used again (this requires Tcl/Tk 8.3.1), also fix a memory leak in
Tkapp_Call when calling from a thread different than the one that created
the Tcl interpreter. Patch by Robert Hancock.
- bpo-1520877: Now distutils.sysconfig reads $AR from the

environment/Makefile. Patch by Douglas Greiman.
- bpo-4285: Change sys.version_info to be a named tuple. Patch by Ross

Light.
- bpo-1276768: The verbose option was not used in the code of

distutils.file_util and distutils.dir_util.
- bpo-5132: Fixed trouble building extensions under Solaris with --enabled-

shared activated. Initial patch by Dave Peterson.
- bpo-1581476: Always use the Tcl global namespace when calling into Tcl.
- bpo-2047: shutil.move() could believe that its destination path was inside
its source path if it began with the same letters (e.g. "src" vs.
"src.new").
- bpo-4920: Fixed .next() vs .__next__() issues in the ABCs for Iterator and
MutableSet.
- Added the ttk module. See issue #2983: Ttk support for Tkinter.
- bpo-5021: doctest.testfile() did not create __name__ and

collections.namedtuple() relied on __name__ being defined.
- Backport importlib from Python 3.1. Only the import_module() function has
been backported to help facilitate transitions from 2.7 to 3.1.
- bpo-1885: distutils: When running sdist with --formats=tar,gztar the tar

file was overridden by the gztar one.
- bpo-4863: distutils.mwerkscompiler has been removed.
- Added new itertools functions: combinations_with_replacement() and

compress().
- bpo-5032: Added a step argument to itertools.count() and allowed non-

integer arguments.
- Fix and properly document the multiprocessing module's logging support,

expose the internal levels and provide proper usage examples.
- bpo-1672332: Fix unpickling of subnormal floats, which was producing a

ValueError on some platforms.
- bpo-3881: Help Tcl to load even when started through the unreadable local
symlink to "Program Files" on Vista.
- bpo-4710: Extract directories properly in the zipfile module; allow adding

directories to a zipfile.
- bpo-3807: _multiprocessing build fails when configure is passed --without-

threads argument. When this occurs, _multiprocessing will be disabled, and
not compiled.
- bpo-5008: When a file is opened in append mode with the new IO library, do
an explicit seek to the end of file (so that e.g. tell() returns the file
size rather than 0). This is consistent with the behaviour of the
traditional 2.x file object.
- bpo-5013: Fixed a bug in FileHandler which occurred when the delay

parameter was set.
- bpo-4998: The memory saving effect of __slots__ had been lost on Fractions
which inherited from numbers.py which did not have __slots__ defined. The
numbers hierarchy now has its own __slots__ declarations.
- bpo-3321: _multiprocessing.Connection() doesn't check handle; added checks

for *nix machines for negative handles and large int handles. Without
this check it is possible to segfault the interpreter.
- bpo-4449: AssertionError in mp_benchmarks.py, caused by an underlying

issue in sharedctypes.py.
- bpo-1225107: inspect.isclass() returned True for instances with a custom

__getattr__.
- bpo-3997: Zipfiles generated with more than 65536 files could not be
opened with other applications.
- bpo-1162154: `ìnspect.getmembers()`` now skips attributes that raise

AttributeError, e.g. a __slots__ attribute which has not been set.
- bpo-1696199: Add collections.Counter() for rapid and convenient counting.
- bpo-3860: GzipFile and BZ2File now support the context management

protocol.
- bpo-4272: Add an optional argument to the GzipFile constructor to override

the timestamp in the gzip stream. The default value remains the current
time. The information can be used by e.g. gunzip when decompressing.
Patch by Jacques Frechet.
- Restore Python 2.3 compatibility for decimal.py.
- bpo-1702551: distutils sdist was not excluding VCS directories under

Windows. Initial solution by Guy Dalberto.
- The _tkinter module functions "createfilehandler", "deletefilehandler",

"createtimerhandler", "mainloop", "dooneevent" and "quit" have been
deprecated for removal in 3.x
- bpo-4796: Added Decimal.from_float() and

Context.create_decimal_from_float() to the decimal module.
- bpo-4812: Add missing underscore prefix to some internal-use-only

constants in the decimal module. (Dec_0 becomes _Dec_0, etc.)
- bpo-4795: inspect.isgeneratorfunction() returns False instead of None when

the function is not a generator.
- bpo-4702: Throwing a DistutilsPlatformError instead of IOError in case no

MSVC compiler is found under Windows. Original patch by Philip Jenvey.
- bpo-4646: distutils was choking on empty options arg in the setup

function. Original patch by Thomas Heller.
- Fractions.from_float() no longer loses precision for integers too big to

cast as floats.
- bpo-4790: The nsmallest() and nlargest() functions in the heapq module did
unnecessary work in the common case where no key function was specified.
- bpo-3767: Convert Tk object to string in tkColorChooser.
- bpo-3248: Allow placing ScrolledText in a PanedWindow.

- bpo-4444: Allow assertRaises() to be used as a context handler, so that
the code under test can be written inline if more practical.
- bpo-4739: Add pydoc help topics for symbols, so that e.g. help('@') works
as expected in the interactive environment.
- bpo-4756: zipfile.is_zipfile() now supports file-like objects. Patch by

Gabriel Genellina.
- bpo-4400: .pypirc default generated file was broken in distutils.
- bpo-4736: io.BufferedRWPair's closed property now functions properly.
- bpo-3954: Fix a potential SystemError in _hotshot.logreader error

handling.
- bpo-4574: Fix a crash in io.IncrementalNewlineDecoder when a carriage

return encodes to more than one byte in the source encoding (e.g. UTF-16)
and gets split on a chunk boundary.
- bpo-4223: inspect.getsource() will now correctly display source code for

packages loaded via zipimport (or any other conformant PEP 302 loader).
Original patch by Alexander Belopolsky.
- bpo-4201: pdb can now access and display source code loaded via zipimport
(or any other conformant PEP 302 loader). Original patch by Alexander
Belopolsky.
- bpo-4197: Doctests in modules loaded via zipimport (or any other PEP 302
conformant loader) will now work correctly in most cases (they are still
subject to the constraints that exist for all code running from inside a
module loaded via a PEP 302 loader and attempting to perform IO operations
based on __file__). Original patch by Alexander Belopolsky.
- bpo-4082: Add runpy support to zipimport in a manner that allows

backporting to maintenance branches. Original patch by Alexander
Belopolsky. (See also: bpo-4512)
- bpo-4163: Use unicode-friendly word splitting in the textwrap functions

when given a Unicode string.
- bpo-4616: TarFile.utime(): Restore directory times on Windows.
- bpo-4084: Fix max, min, max_mag and min_mag Decimal methods to give
correct results in the case where one argument is a quiet NaN and the
other is a finite number that requires rounding.
- bpo-1030250: Distutils created directories even when run with the --dry-
run option.
- bpo-4483: _dbm module now builds on systems with gdbm & gdbm_compat libs.
- bpo-4529: Fix the parser module's validation of try-except-finally

statements.
- bpo-4458: getopt.gnu_getopt() now recognizes a single "-" as an argument,

not a malformed option.
- Added the subprocess.check_output() convenience function to get output

from a subprocess on success or raise an exception on error.
- bpo-1055234: cgi.parse_header(): Fixed parsing of header parameters to

support unusual filenames (such as those containing semi-colons) in
Content-Disposition headers.
- bpo-4384: Added logging integration with warnings module using

captureWarnings(). This change includes a NullHandler which does nothing;
it will be of use to library developers who want to avoid the "No handlers
could be found for logger XXX" message which can appear if the library
user doesn't configure logging.
- bpo-3741: DISTUTILS_USE_SDK set causes msvc9compiler.py to raise an

exception.
- bpo-4363: The uuid.uuid1() and uuid.uuid4() functions now work even if the
ctypes module is not present.
- FileIO's mode attribute now always includes ``"b"``.
- bpo-4116: Resolve member name conflict in ScrolledCanvas.__init__.
- httplib.HTTPConnection.putheader() now accepts an arbitrary number of

values for any header, matching what the documentation has claimed for a
while.
- bpo-3774: Fixed an error when create a Tkinter menu item without command
and then remove it.
- Fixed a modulefinder crash on certain relative imports.
- bpo-4150: Pdb's "up" command now works for generator frames in post-mortem
debugging.
- bpo-4092: Return ArgInfo as promised in the documentation from

inspect.getargvalues.
- bpo-3935: Properly support list subclasses in bisect's C implementation.
- bpo-4014: Don't claim that Python has an Alpha release status, in addition
to claiming it is Mature.
- bpo-4730: Fixed the cPickle module to handle correctly astral characters

when protocol 0 is used.
- bpo-1594: MacOS.GetCreatorAndType now always returns a big-endian result,

to be consistent with Apple tools.
- bpo-900949: plat-mac/videoreader.py no longer relies on a non-existing

module.
- bpo-16278952: plat-mac/videoreader.py now correctly imports MediaDescr
- bpo-1737832: plat-mac/EasyDialog.py no longer uses the broken aepack

module.
- bpo-1149804: macostools.mkdirs now even works when another process creates

one of the needed subdirectories.
- bpo-900506: added --no-zipimport flag to the bundlebuilder script.
- bpo-841800: bundlebuilder now works with 'python -O'.
- bpo-4861: ctypes.util.find_library(): Robustify. Fix library detection on

biarch systems. Try to rely on ldconfig only, without using objdump and
gcc.
- bpo-5104: The socket module now raises OverflowError when 16-bit port and
protocol numbers are supplied outside the allowed 0-65536 range on bind()
and getservbyport().
- bpo-999042: The Python compiler now handles explict global statements

correctly (should be assigned using STORE_GLOBAL opcode).
- bpo-2703: SimpleXMLRPCDispatcher.__init__: Provide default values for new

arguments introduced in 2.5.
- bpo-5828: Fixed bogus logic in makeunicodedata.py and regenerated the

Unicode database (This fixes u'\u1d79'.lower() == '\x00').
- Windows locale mapping updated to Vista.
IDLE
----
- bpo-5150: IDLE's format menu now has an option to strip trailing

whitespace.
- bpo-5847: Remove -n switch on "Edit with IDLE" menu item.
- idle.py modified and simplified to better support developing experimental

versions of IDLE which are not installed in the standard location.
- bpo-5559: OutputWindow/PyShell right click menu "Go to file/line" wasn't

working with file paths containing spaces.
- bpo-5783: Windows: Version string for the .chm help file changed, file not
being accessed. Patch by Guilherme Polo/
- bpo-1529142: Allow multiple IDLE GUI/subprocess pairs to exist

simultaneously. Thanks to David Scherer for suggesting the use of an
ephemeral port for the GUI. Patch by Weeble.
- Remove port spec from run.py and fix bug where subprocess fails to extract
port from command line when warnings are present.
- bpo-5129: Tk 8.5 Text widget requires 'wordprocessor' tabstyle attr to

handle mixed space/tab properly. Patch by Guilherme Polo.
- bpo-3549: On MacOS the preferences menu was not present
Tools/Demos
-----------
- Ttk demos added in Demo/tkinter/ttk/.
- bpo-4677: Add two list comprehension tests to pybench.

Build
-----
- bpo-6603: Change READ_TIMESTAMP macro in ceval.c so that it compiles

correctly under gcc on x86-64. This fixes a reported problem with the
--with-tsc build on x86-64.
- Add 2 new options to ``--with-universal-archs`` on MacOSX: `ìntel``

builds a distribution with `ì386`` and ``x86_64`` architectures, while
``3-way`` builds a distribution with the ``ppc``, `ì386`` and ``x86_64``
architectures.
- bpo-6802: Fix build issues on MacOSX 10.6.
- bpo-6244: Allow detect_tkinter to look for Tcl/Tk 8.6.
- bpo-5390: Add uninstall icon independent of whether file extensions are

installed.
- bpo-5809: Specifying both --enable-framework and --enable-shared is an

error. Configure now explicitly tells you about this.
- bpo-3585: Add pkg-config support. It creates a python-2.7.pc file and a

python.pc symlink in the $(LIBDIR)/pkgconfig directory. Patch by Clinton
Roy.
- bpo-6094: Build correctly with Subversion 1.7.
- bpo-5726: Make Modules/ld_so_aix return the actual exit code of the

linker, rather than always exit successfully. Patch by Floris Bruynooghe.
- bpo-4587: Add configure option --with-dbmliborder=db1:db2:... to specify

the order that backends for the dbm extension are checked.
- Link the shared python library with $(MODLIBS).
- bpo-5134: Silence compiler warnings when compiling sqlite with VC++.
- bpo-4494: Fix build with Py_NO_ENABLE_SHARED on Windows.
- bpo-4895: Use _strdup on Windows CE.
- bpo-4472: ``configure --enable-shared`` now works on OSX.
- bpo-4728: WORDS_BIGEDIAN is now correct in Universal builds. (See also:

bpo-4060)
- bpo-4389: Add icon to the uninstall entry in "add-and-remove-programs".
- bpo-4289: Remove Cancel button from AdvancedDlg.
- bpo-1656675: Register a drop handler for .py* files on Windows.
- bpo-4120: Exclude manifest from extension modules in VS2008.
- bpo-4091: Install pythonxy.dll in system32 again.
- bpo-4018: Disable "for me" installations on Vista.

- bpo-3758: Add ``patchcheck`` build target to ``.PHONY``.
- bpo-4204: Fixed module build errors on FreeBSD 4.
Documentation
-------------
- bpo-6556: Fixed the Distutils configuration files location explanation for

Windows.
- bpo-6801: symmetric_difference_update also accepts ``|``. Thanks to Carl

Chenet.
C API
-----
- bpo-7528: Add PyLong_AsLongAndOverflow (backported from py3k).
- bpo-7228: Add '%lld' and '%llu' support to PyString_FromFormat(V) and

PyErr_Format, on machines with HAVE_LONG_LONG defined.
- Add new C-API function PyOS_string_to_double, and deprecated

PyOS_ascii_atof and PyOS_ascii_strtod.
- Removed _PyOS_double_to_string. Use PyOS_double_to_string instead. This

is in preparation for (but not strictly related to) issue #7117, short
float repr.
- bpo-6624: PyArg_ParseTuple with "s" format when parsing argument with

NULL: Bogus TypeError detail string.
- bpo-5954: Add a PyFrame_GetLineNumber() function to replace most uses of

PyCode_Addr2Line().
- bpo-5959: Add a PyCode_NewEmpty() function to create a new empty code

object at a specified file, function, and line number.
- bpo-1419652: Change the first argument to PyImport_AppendInittab() to

``const char *`` as the string is stored beyond the call.
- Some PyBytes_* aliases have been removed because they don't exist in 3.x.
- bpo-5175: PyLong_AsUnsignedLongLong now raises OverflowError for negative

arguments. Previously, it raised TypeError.
- bpo-4720: The format for PyArg_ParseTupleAndKeywords can begin with '|'.
- bpo-3632: From the gdb debugger, the 'pyo' macro can now be called when
the GIL is released, or owned by another thread.
- bpo-4122: On Windows, fix a compilation error when using the

Py_UNICODE_ISSPACE macro in an extension module.
- bpo-4293: Py_AddPendingCall() is now thread safe and can be used for

asynchronous notifications to python from any thread. Documentation
added.
Library
-------
- bpo-6508: Add posix.{getresuid,getresgid,setresuid,setresgid}.
- bpo-7078: Set struct.__doc__ from _struct.__doc__.
- bpo-3366: Add erf, erfc, expm1, gamma, lgamma functions to math module.
- bpo-6823: Allow time.strftime() to accept a tuple with a isdst field

outside of the range of [-1, 1] by normalizing the value to within that
range.
- bpo-6877: Make it possible to link the readline extension to libedit on

OSX.
- bpo-6944: Fix a SystemError when socket.getnameinfo() was called with

something other than a tuple as first argument.
- bpo-6865: Fix reference counting issue in the initialization of the pwd

module.
- bpo-6848: Fix curses module build failure on OS X 10.6.
- Fix a segfault in expat when given a specially crafted input lead to the
tokenizer not stopping. CVE-2009-3720.
- bpo-6561: '\d' in a regex now matches only characters with Unicode

category 'Nd' (Number, Decimal Digit). Previously it also matched
characters with category 'No'.
- bpo-1523: Remove deprecated overflow wrapping for struct.pack with an

integer format code ('bBhHiIlLqQ'). Packing an out-of-range integer now
consistently raises struct.error.
- bpo-1530559: Fix various struct.pack inconsistencies for the integer

formats ('bBhHiIlLqQ'). In the following, '*' represents any of '=', '<',
'>'.
- Packing a float now always gives a Deprecation Warning. Previously it

only warned for 'I', 'L', '*B', '*H', '*I', '*L'.
- If x is not an int, long or float, then packing x will always result in

struct.error. Previously an x with an __int__ method could be packed by
'b', 'B', 'h', 'H', 'i', 'l', '*b', '*h' ,'*i', '*l', and an x with a
__long__ method could be packed by 'q', 'Q', '*q', '*Q'; for x with
neither __int__ nor __long__, TypeError used to be raised (with a
confusing error message) for 'I', 'L', '*B', '*H', '*I', '*L', and
struct.error in other cases.
Note: as of Python 2.7 beta 1, the above is out of date. In 2.7 beta 1,
any argument with an __int__ method can be packed, but use of this feature
triggers a DeprecationWarning. (See also: bpo-1741130)
- bpo-4873: Fix resource leaks in error cases of pwd and grp.
- bpo-4751: For hashlib algorithms provided by OpenSSL, the Python GIL is

now released during computation on data lengths >= 2048 bytes.
- bpo-3745: Fix hashlib to always reject unicode and non buffer-api

supporting objects as input no matter how it was compiled (built in
implementations or external openssl library). NOTE: Undone in 2.7a2.
- bpo-4397: Fix occasional test_socket failure on OS X.
- bpo-4279: Fix build of parsermodule under Cygwin.
- bpo-4051: Prevent conflict of UNICODE macros in cPickle.
- bpo-4228: Pack negative values the same way as 2.4 in struct's L format.
- bpo-1040026: Fix os.times result on systems where HZ is incorrect.
- bpo-3167: Fix test_math failures for log, log10 on Solaris, OpenBSD. (See
also: bpo-3682)
- bpo-4365: Add crtassem.h constants to the msvcrt module.
- bpo-4396: The parser module now correctly validates the with statement.
- bpo-5228: Make functools.partial objects can now be pickled.
Tests
-----
- bpo-7431: Use TESTFN in test_linecache instead of trying to create a file

in the Lib/test directory, which might be read-only for the user running
the tests.
- bpo-7324: Add a sanity check to regrtest argument parsing to catch the

case of an option with no handler.
- bpo-7312: Add a -F flag to run the selected tests in a loop until a test
fails. Can be combined with -j.
- bpo-7295: Do not use a hardcoded file name in test_tarfile.
- bpo-7270: Add some dedicated unit tests for multi-thread synchronization

primitives such as Lock, RLock, Condition, Event and Semaphore.
- bpo-7222: Make thread "reaping" more reliable so that reference leak-

chasing test runs give sensible results. The previous method of reaping
threads could return successfully while some Thread objects were still
referenced. This also introduces a new private function:
``thread._count()``.
- bpo-7151: Fixed regrtest -j so that output to stderr from a test no longer

runs the risk of causing the worker thread to fail.
- bpo-7055: test___all__ now greedily detects all modules which have an

__all__ attribute, rather than using a hardcoded and incomplete list.
- bpo-7058: Added save/restore for things like sys.argv and cwd to

runtest_inner in regrtest, with warnings if the called test modifies them,
and a new section in the summary report at the end.
- bpo-7042: Fix test_signal (test_itimer_virtual) failure on OS X 10.6.
- bpo-6806: test_platform failed under OS X 10.6.0 because ``sw_ver`` leaves

off the trailing 0 in the version number.
- bpo-5450: Moved tests involving loading tk from Lib/test/test_tcl to
Lib/lib- tk/test/test_tkinter/test_loadtk. With this, these tests
demonstrate the same behaviour as test_ttkguionly (and now also test_tk)
which is to skip the tests if DISPLAY is defined but can't be used.
- bpo-6152: New option '-j'/'--multiprocess' for regrtest allows running

regression tests in parallel, shortening the total runtime.
- bpo-5354: New test support function import_fresh_module() makes it easy to

import both normal and optimised versions of modules. test_heapq and
test_warnings have been adjusted to use it, tests for other modules with
both C and Python implementations in the stdlib can be adjusted to use it
over time.
- Fix test_warnings to no longer reset the warnings filter.
- Fix test_logging to no longer reset the warnings filter.
- bpo-5635: Fix running test_sys with tracing enabled.
- regrtest no longer treats ImportError as equivalent to SkipTest. Imports

that should cause a test to be skipped are now done using import_module
from test support, which does the conversion.
- bpo-5083: New 'gui' resource for regrtest.
- bpo-5837: Certain sequences of calls to set() and unset() for

support.EnvironmentVarGuard objects restored the environment variables
incorrectly on __exit__.
- bpo-2389: Array objects are now pickled in a portable manner.
Windows
-------
- bpo-5611: Auto-detect whether a C file uses tabs or spaces in Vim.
What's New in Python 2.6 final?

===============================
*Release date: 01-Oct-2008*
Core and Builtins

-----------------
- bpo-3967: Fixed a crash in the count() and find() methods of string-like

objects, when the "start" parameter is a huge value.
- bpo-3965: Fixed a crash on Windows when open() is given an invalid

filename or mode, and the filename is a unicode string.
- bpo-3951: Py_USING_MEMORY_DEBUGGER should not be enabled by default.
Library
-------
- bpo-3965: Allow repeated calls to turtle.Screen, by making it a true

singleton object.
- bpo-3895: It was possible to crash the interpreter when an external timer

was used with cProfile that returned an object that could not be converted
into a float.
- bpo-3950: Made turtle respect scale factors.
- bpo-3547: Fixed ctypes structures bitfields of varying integer sizes.
- bpo-3879: A regression in urllib.getproxies_environment was fixed.
- bpo-3863: Disabled a unit test of fork being called from a thread when
running on platforms known to exhibit OS bugs when attempting that.
Build
-----
- bpo-3989: Package the 2to3 script (as 2to3.py) in the Windows installer.
- bpo-3887: Package x64 version of CRT for AMD64 Windows binaries.

=============================================
*Release date: 17-Sep-2008*
Library
-------
- Security Issue #2: imageop did not validate arguments correctly and could
segfault as a result.
- bpo-3886: Possible integer overflows in the _hashopenssl module were

closed.
Tools/Demos
-----------
- bpo-3850: recursion tests in Tools/scripts/find_recursion_limit.py can

raise AttributeError instead of RuntimeError, depending in which C API
call exactly the recursion limit is exceeded. Consequently, both exception
types are caught and silenced.
Build
-----
- bpo-3617: Include a licensing statement regarding the Microsoft C runtime

in the Windows installer.

=============================================
*Release date: 12-Sep-2008*
Core and Builtins

-----------------
- bpo-3642: Suppress warning in obmalloc when size_t is larger than uint.
- bpo-3743: In a few places, PY_FORMAT_SIZE_T was incorrectly used with

PyString_FromFormat or PyErr_Format to display size_t values. The macro
PY_FORMAT_SIZE_T is designed to select the correct format for the OS
``printf`` function, whereas PyString_FromFormat has an independent
implementation and uses "%zd" on all platforms for size_t values. This
makes a difference on win64, where ``printf`` needs "%Id" to display 64bit
values.
- bpo-3634: _weakref.ref(Exception).__init__() gave invalid return value on

error.
- bpo-3777: long() applied to a float object now always return a long

object; previously an int would be returned for small values. the __long__
method is allowed to return either an int or a long, but the behaviour of
float objects should not change to respect backward compatibility.
- bpo-3751: str.rpartition would perform a left-partition when called with a

unicode argument.
- bpo-3683: Fix compilation when --without-threads is given.
- bpo-3668: Fix a memory leak with the "s*" argument parser in

PyArg_ParseTuple and friends, which occurred when the argument for "s*"
was correctly parsed but parsing of subsequent arguments failed.
- bpo-2534: speed up isinstance() and issubclass() by 50-70%, so as to match

Python 2.5 speed despite the __instancecheck__ / __subclasscheck__
mechanism. In the process, fix a bug where isinstance() and issubclass(),
when given a tuple of classes as second argument, were looking up
__instancecheck__ / __subclasscheck__ on the tuple rather than on each
type object.
- Fix crashes on memory allocation failure found with failmalloc.
- Fix memory leaks found with valgrind and update suppressions file.
- Fix compiler warnings in opt mode which would lead to invalid memory
reads.
- Fix problem using wrong name in decimal module reported by pychecker.
- Silenced another compiler warning about a used but not defined function
'stringlib_contains_obj'.
- Added warnings on the use of ``__getslice__``, ``__setslice__``, or

``__delslice__``.
- bpo-3678: Correctly pass LDFLAGS and LDLAST to the linker on shared

library targets in the Makefile.
- bpo-1204: The configure script now tests for additional libraries that may
be required when linking against readline. This fixes issues with x86_64
builds on some platforms (a few Linux flavors and OpenBSD).
C API
-----
- Aliased PyObject_Bytes to PyObject_Str.
Library
-------
- bpo-3640: Pickling a list or a dict uses less local variables, to reduce

stack usage in the case of deeply nested objects.
- bpo-3629: Fix sre "bytecode" validator for an end case.
- bpo-3811: The Unicode database was updated to 5.1.
- bpo-3781: Further warnings.catch_warnings() cleanup to prevent silent

misbehaviour when a single instance is nested in multiple with statements,
or when the methods are invoked in the wrong order.
- bpo-3809: Fixed spurious 'test.blah' file left behind by test_logging.
- bpo-3781: Clean up the API for warnings.catch_warnings() by having it

return a list or None rather than a custom object.
- bpo-1638033: Cookie.Morsel gained the httponly attribute.
- bpo-3535: zipfile couldn't read some zip files larger than 2GB.
- bpo-3776: Deprecate the bsddb package for removal in 3.0.
- bpo-3762: platform.architecture() fails if python is lanched via its

symbolic link.
- bpo-3772: Fixed regression problem in StreamHandler.emit().
- bpo-600362: Relocated parse_qs() and parse_qsl(), from the cgi module to

the urlparse one. Added a PendingDeprecationWarning in the old module, it
will be deprecated in the future.
- bpo-2562: Fix distutils PKG-INFO writing logic to allow having non-ascii

characters and Unicode in setup.py meta-data.
- bpo-3726: Allow spaces in separators in logging configuration files.
- bpo-3719: platform.architecture() fails if there are spaces in the path to

the Python binary.
- bpo-3602: Moved test.test_support.catch_warning() to

warnings.catch_warnings() along with some API cleanup. Expanding the tests
for catch_warnings() also led to an improvement in the raising of a
DeprecationWarning related to warnings.warn_explicit().
- The deprecation warnings for the old camelCase threading API were removed.
- logging: fixed lack of use of encoding attribute specified on a stream.
- Silenced a trivial compiler warning in the sqlite module.
- Fixed two format strings in the _collections module.
- bpo-3703: _fileio.FileIO gave unhelpful error message when trying to open

a directory.
- bpo-3708: os.urandom no longer goes into an infinite loop when passed a

non-integer floating point number.
- bpo-3110: multiprocessing fails to compiel on solaris 10 due to missing

SEM_VALUE_MAX.
- bpo-4301: Patch the logging module to add processName support, remove

_check_logger_class from multiprocessing.
- bpo-2975: When compiling several extension modules with Visual Studio 2008
from the same python interpreter, some environment variables would grow
without limit.
- bpo-3643: Added a few more checks to _testcapi to prevent segfaults by

exploitation of poor argument checking.
- sqlite3: Changed docstring of iterdump() to mark method as "Non-standard".
- bpo-3103: Reduced globals symbols used by sqlite3 module and made sure all
remaining ones have "pysqlite_" prefix.
- bpo-3846: Release the GIL during sqlite3_prepare calls. This improves

concurrent access to the same SQLite database from multiple
threads/processes.
Tests
-----
- bpo-3781: Add test.test_support.check_warnings() as a convenience wrapper

for warnings.catch_warnings() that makes it easier to check that expected
warning messages are being reported.
- bpo-3796: Some tests functions were not enabled in test_float.
- bpo-3768: Move test_py3kwarn over to the new API for catch_warnings().
Build
-----
- bpo-3833: Use a different upgrade code for Win64 installers.
- bpo-2271: Set SecureCustomProperties so that installation will properly

use the TARGETDIR even for unprivileged users.
- Allow passing the MSI file name to merge.py.
- bpo-3758: Rename the 'check' target to 'patchcheck' so as to not clash

with GNU build target guidelines.

================================
*Release date: 20-Aug-2008*
Core and Builtins

-----------------
- bpo-1878: Remove Py_TPFLAGS_HAVE_VERSION_TAG from Py_TPFLAGS_DEFAULT when
not building the core. This means 3rd party extensions do not
automatically benefit from the class attribute cache; they will have to
explicitly add Py_TPFLAGS_HAVE_VERSION_TAG to their tp_flags field if they
care. This is a backwards compatibility feature; in 3.0, all types will
use the cache by default.
- Keyword arguments can now follow starred arguments. (``f(a, *args,

keyword=23)`` is now valid syntax.)
- ctypes function pointers that are COM methods have a boolean True value
again.
- bpo-3139: Make buffer-interface thread-safe wrt. PyArg_ParseTuple, by

denying s# to parse objects that have a releasebuffer procedure, and
introducing s*.
- bpo-3537: Fix an assertion failure when an empty but presized dict object
was stored in the freelist.
- bpo-1481296: Make long(float('nan')) and int(float('nan')) raise

ValueError consistently across platforms.
- bpo-3479: On platforms where sizeof(int) is smaller than sizeof(long)

(64bit Unix, for example), unichr() would truncate its argument and return
u'\x00' for unichr(2**32). Now it properly raises an OverflowError.
- Apply security patches from Apple.
- bpo-2542: Now that issubclass() may call arbitrary code, ensure that
PyErr_ExceptionMatches returns 0 when an exception occurs there.
- bpo-1819: function calls with several named parameters are now on average
35% faster (as measured by pybench).
- bpo-2378: An unexpected UnboundLocalError or NameError could appear when

the python debugger steps into a class statement: the free variables
(local variables defined in an outer scope) would be deleted from the
outer scope.
- bpo-2620: Overflow checking when allocating or reallocating memory was not

always being done properly in some python types and extension modules.
PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have all been
updated to perform better checks and places in the code that would
previously leak memory on the error path when such an allocation failed
have been fixed.
Library
-------
- bpo-3612: Added some missing basic types in ctypes.wintypes.
- The methods `ìs_in_tuple()``, `ìs_vararg()``, and `ìs_keywordarg()`` of

symtable.Symbol have been deprecated for removal in 3.0 and the next
release.
- bpo-2234: distutils failed for some versions of the cygwin compiler. The
version reported by these tools does not necessarily follow the python
version numbering scheme, so the module is less strict when parsing it.
- bpo-2235: Added Py3k warnings for types which will become unhashable under
the stricter __hash__ inheritance rules in 3.0. Several types which did
not meet the rules for hash invariants and were already unhashable in 3.0
have now been explicitly flagged as unhashable in 2.6 as well
(collections.Mapping, collections.Set, unittest.TestSuite,
xml.dom.minidom.NamedNodeMap, numbers.Number, UserList.UserList)
- Update __all__ for cookielib, csv, os, urllib2, and weakref to include
things imported into the module but exposed as part of the module's API.
- Remove an unneeded import of abc.ABCMeta from 'inspect'.
- Remove unneeded imports of 'sys' and 'warnings' from 'io'.
- Remove unneeded imports of 'warnings' from shelve, filecmp, and

dummy_thread.
- bpo-3575: Incremental decoder's decode function now takes bytearray by

using 's*' instead of 't#'.
- bpo-2222: Fixed reference leak when occurred os.rename() fails unicode

conversion on 2nd parameter. (windows only)
- bpo-2464: urllib2 now supports a malformation in the URL received in a

redirect.
- Silence the DeprecationWarning raised when importing mimetools in

BaseHTTPServer, cgi (and rfc822), httplib.
- bpo-2776: fixed small issue when handling a URL with double slash after a
302 response in the case of not going through a proxy.
- bpo-2676: in the email package, content-type parsing was hanging on

pathological input because of quadratic or exponential behaviour of a
regular expression.
- bpo-3476: binary buffered reading through the new "io" library is now
thread-safe.
- Silence the DeprecationWarning of rfc822 when it is imported by mimetools

since mimetools itself is deprecated. Because modules are cached, all
subsequent imports of rfc822 will not raise a visible DeprecationWarning.
- bpo-3134: shutil referenced undefined WindowsError symbol.
- bpo-1342811: Fix leak in Tkinter.Menu.delete. Commands associated to menu

entries were not deleted.
- Copied the implementation of reduce() to _functools.reduce() to have a

version that did not raise a DeprecationWarning under -3.
- bpo-3205: When iterating over a BZ2File fails allocating memory, raise a

MemoryError rather than silently stop the iteration.
- bpo-3487: sre "bytecode" validator. Passing invalid "re-bytecode" to

_sre.compile() will now be rejected. This should not affect anybody since
the re.compile() function never generates invalid re-bytecode.
- bpo-3436: Make csv.DictReader's fieldnames attribute a property so that
upon first access it can be automatically initialized from the csv file if
it wasn't initialized during instantiation.
- bpo-2338: Create imp.reload() to help with transitioning to Python 3.0 as

the reload() built-in has been removed.
- Changed code in the following modules/packages to remove warnings raised

while running under the ``-3`` flag: aifc, asynchat, asyncore, bdb, bsddb,
ConfigParser, cookielib, csv, difflib, distutils, DocXMLRPCServer, email,
filecmp, fileinput, inspect, logging, modulefinder, pdb, pickle, profile,
pstats, pydoc, re, rlcompleter, SimpleXMLRPCServer, shelve, socket,
subprocess, sqlite3, tarfile, Tkinter, test.test_support, textwrap,
threading, tokenize, traceback, urlparse, wsgiref, xml, xmlrpclib.
- bpo-3039: Fix tarfile.TarFileCompat.writestr() which always raised an

AttributeError.
- bpo-2523: Fix quadratic behaviour when read()ing a binary file without

asking for a specific length. This problem only affected files opened
using the new "io" module, not the built-in open() function.
- bpo-3449: Update decimal module to use most recent specification (v. 1.68)
and tests (v. 2.58) from IBM.
- bpo-3437: Bug fix in robotparser parsing of Allow: lines.
- bpo-1592: Improve error reporting when operations are attempted on a

closed shelf.
- Deprecate the "ast" parser function aliases.
- bpo-3120: On 64-bit Windows the subprocess module was truncating handles.
- bpo-3303: Fix a crash in locale.strcoll() when calling it with invalid

arguments.
- bpo-3302: Fix several crashes when calling locale's gettext functions with
None arguments.
- bpo-3389: Allow resolving dotted names for handlers in logging

configuration files.
- Deprecate the sunaudio module for removal in Python 3.0.
- bpo-3394: zipfile.writestr sets external attributes when passed a file

name rather than a ZipInfo instance, so files are extracted with mode 0600
rather than 000 under Unix.
- bpo-1857: subprocess.Popen.poll gained an additional _deadstate keyword

argument in python 2.5, this broke code that subclassed Popen to include
its own poll method. Fixed my moving _deadstate to an _internal_poll
method.
Build
-----
- Generate the PatternGrammar pickle during "make install".

Documentation
-------------
- bpo-2235: the C API function PyObject_HashNotImplemented and its

interaction with the tp_hash slot (added in 2.6b2) are now documented
- bpo-643841: The language reference now provides more detailed coverage of

the lookup process for special methods. The disclaimers regarding lack of
coverage of new-style classes have also been removed, since the coverage
is now fairly reasonable.

================================
*Release date: 17-Jul-2008*
Core and Builtins

-----------------
- bpo-3156: Fix inconsistent behavior of the bytearray type: all its methods
now allow for items objects that can be converted to an integer using
operator.index().
- bpo-3360: Fix incorrect parsing of '020000000000.0', which produced a

ValueError instead of giving the correct float.
- bpo-3083: Add alternate (#) formatting for bin, oct, hex output for
str.format(). This adds the prefix 0b, 0o, or 0x, respectively.
- bpo-3008: the float type has a new instance method 'float.hex' and a new
class method 'float.fromhex' to convert floating-point numbers to and from
hexadecimal strings, respectively.
- bpo-2235: __hash__ is once again inherited by default. To allow

collections.Hashable to remain meaningful in the presence of the default
hash implementation (object.__hash__), it is now possible to explicit
block inheritance of hash by setting __hash__=None at the Python level, or
tp_hash=PyObject_HashNotImplemented at the C level.
- bpo-3221: Issue a RuntimeWarning instead of raising SystemError if the

parent module cannot be found while performing an absolute import. This
means that an incorrectly defined __package__ attribute will now only
prevent relative imports in that module rather than causing all imports
from that module to fail.
- bpo-2517: Allow unicode messages in Exceptions again by correctly

bypassing the instance dictionary when looking up __unicode__ on new-style
classes.
- bpo-3242: Fix a crash inside the print statement, if sys.stdout is set to

a custom object whose write() method happens to install another file in
sys.stdout.
- bpo-3088: Corrected a race condition in classes derived from

threading.local: the first member set by a thread could be saved in
another thread's dictionary.
- bpo-3004: Minor change to slice.indices(): the start and stop arguments
are now treated identically, making the behaviour easier to describe and
understand. For example, slice(None, -10, 1).indices(9) now returns (0, 0,
1) instead of (0, -1, 1), and slice(None, 10, -1).indices(10) returns (9,
9, -1) instead of (9, 10, -1).
- bpo-3219: Calling a function with repeated keyword arguments, f(a=2,

a=23), would not cause a syntax error. This was a regression from 2.4
caused by the switch to the new compiler.
- bpo-2862: Make int and float freelist management consistent with other
freelists. Changes their CompactFreeList apis into ClearFreeList apis and
calls them via gc.collect().
Library
-------
- bpo-3554: ctypes.string_at and ctypes.wstring_at did call Python api

functions without holding the GIL, which could lead to a fatal error when
they failed.
- bpo-799428: Fix Tkinter.Misc._nametowidget to unwrap Tcl command objects.
- bpo-3395: fix reference in test_multiprocessing to old debugInfo method
- bpo-3312: Fix two crashes in sqlite3.
- bpo-1608818: Fix misbehavior in os.listdir() if readdir() fails.
- bpo-3125: Remove copy_reg in multiprocessing and replace it with

ForkingPickler.register() to resolve conflict with ctypes.
- bpo-3090: Fixed ARCHFLAGS parsing on OS/X
- bpo-3313: Fixed a crash when a failed dlopen() call does not set a valid
dlerror() message.
- bpo-3258: Fixed a crash when a ctypes POINTER type to an incomplete

structure was created.
- bpo-3339: dummy_thread.acquire() should not return None.
- bpo-3285: Fractions from_float() and from_decimal() accept Integral

arguments.
- bpo-3301: Bisect module behaved badly when lo was negative.
- bpo-839496: SimpleHTTPServer used to open text files in text mode. This is

both unnecessary (HTTP allows text content to be sent in several forms)
and wrong because the actual transmitted size could differ from the
content-length. The problem had been corrected in the 2.4 branch, but
never merged into trunk.
- bpo-2663: add filtering capability to shutil.copytree().
- bpo-1622: Correct interpretation of various ZIP header fields.
- bpo-1526: Allow more than 64k files to be added to Zip64 file.

- bpo-1746: Correct handling of zipfile archive comments (previously
archives with comments over 4k were flagged as invalid). Allow writing Zip
files with archives by setting the 'comment' attribute of a ZipFile.
- bpo-449227: The rlcompleter module now adds "(" to callable objects when
completed.
- bpo-3190: Pydoc now hides the automatic module attribute __package__ (the
handling is now the same as that of other special attributes like
__name__).
- bpo-2885: The urllib.urlopen() function has been deprecated for removal in

Python 3.0 in favor of urllib2.urlopen().
- bpo-2113: Fix error in subprocess.Popen if the select system call is

interrupted by a signal.
- bpo-3309: Fix bz2.BZFile iterator to release its internal lock properly

when raising an exception due to the bz2file being closed. Prevents a
deadlock.
- bpo-3094: httplib.HTTPSConnection Host: headers no longer include the

redundant ":443" port number designation when the connection is using the
default https port (443).
- bpo-874900: after an os.fork() call the threading module state is cleaned

up in the child process to prevent deadlock and report proper thread
counts if the new process uses the threading module.
Tests
-----
- test.test_support.catch_warning now keeps track of all warnings it sees

and is now better documented. Explicit unit tests for this context manager
have been added to test_warnings.
Build
-----
- bpo-3215: Build sqlite3 as sqlite3.dll, not sqlite3.pyd.
Documentation
-------------
- Document that robotparser has been renamed to urllib.robotparser in Python

3.0.
- Document that urlparse has been renamed to urllib.parse in Python 3.0.
- Document that urllib2 is split across multiple modules and renamed in

Python 3.0.
- Document that urllib is split across multiple modules and renamed in

Python 3.0.

================================
*Release date: 18-June-2008*
Core and Builtins

-----------------
- bpo-3211: warnings.warn_explicit() did not guard against its 'registry'

argument being anything other than a dict or None. Also fixed a bug in
error handling when 'message' and 'category' were both set to None,
triggering a bus error.
- bpo-3100: Corrected a crash on deallocation of a subclassed weakref which

holds the last (strong) reference to its referent.
- Add future_builtins.ascii().
- Several set methods now accept multiple arguments: update(), union(),

intersection(), intersection_update(), difference(), and
difference_update().
- bpo-2898: Added sys.getsizeof() to retrieve size of objects in bytes.
- New environment variable PYTHONIOENCODING.
- bpo-2488: Add sys.maxsize.
- bpo-2353: file.xreadlines() now emits a Py3k warning.
- bpo-2863: generators now have a ``gen.__name__`` attribute that equals

``gen.gi_code.co_name``, like ``func.__name___`` that equals
``func.func_code.co_name``. The repr() of a generator now also contains
this name.
- bpo-2831: enumerate() now has a ``start`` argument.
- bpo-2801: fix bug in the float.is_integer method where a ValueError was

sometimes incorrectly raised.
- bpo-2790: sys.flags was not properly exposing its bytes_warning attribute.
- bpo-2196: hasattr() now lets exceptions which do not inherit Exception

(KeyboardInterrupt, and SystemExit) propagate instead of ignoring them.
- Added checks for integer overflows, contributed by Google. Some are only
available if asserts are left in the code, in cases where they can't be
triggered from Python code.
Library
-------
- bpo-1179: [CVE-2007-4965] Integer overflow in imageop module.
- bpo-3116: marshal.dumps() had quadratic behavior for strings > 32Mb.
- bpo-2138: Add factorial() to the math module.
- The heapq module does comparisons using LT instead of LE. This makes its
implementation match that used by list.sort().
- bpo-2819: add full-precision summation function to math module, based on

Hettinger's ASPN Python Cookbook recipe.
- bpo-2592: delegate nb_index and the floor/truediv slots in weakref.proxy.
- Support os.O_ASYNC and fcntl.FASYNC if the constants exist on the

platform.
- Support for Windows 9x has been removed from the winsound module.
- bsddb module updated to version 4.7.3.

http://www.jcea.es/programacion/pybsddb.htm#bsddb3-4.7.3. This code should
be compatible with Python 3.0.
- bpo-2858: Fix potential memory corruption when bsddb.db.DBEnv.lock_get and

other bsddb.db object constructors raised an exception.
- bpo-2669: bsddb/__init__.py iteration no longer silently fails when the

database has changed size during iteration. It now raises a RuntimeError
in the same manner as a dictionary.
- bpo-2870: cmathmodule.c compile error.
- Added a threading.Thread.ident property.
- logging.config: Removed out-of-date comment in _install_handlers and used

issubclass in place of equality comparison of classes.
- bpo-2722: Now the os.getcwd() supports very long path names.
- bpo-2888: Fixed the behaviour of pprint when working with nested

structures, to match the behaviour of 2.5 and 3.0 (now follows the common
sense).
- bpo-1817: cgi now correctly handles the querystring on POST requests
- bpo-3136: fileConfig()'s disabling of old loggers is now conditional via

an optional disable_existing_loggers parameter, but the default value is
such that the old behaviour is preserved. Thanks to Leandro Lucarella for
the patch.
- bpo-3126: StreamHandler and FileHandler check before calling "flush" and

"close" that the stream object has these, using hasattr (thanks to bobf
for the patch).
- bpo-2912: platform.uname now tries to determine unknown information even

if os.uname exists.
- The rfc822 module has been deprecated for removal in 3.0.
- The mimetools module has been deprecated for removal in 3.0.
- The ctypes.byref function now takes an optional second parameter which

specifies an offset in bytes for the constructed pointer-like object.
- Added the ast module.
- Added the multiprocessing module, PEP 371.
- Factored out the indentation cleaning from inspect.getdoc() into

inspect.cleandoc() to ease standalone use.
- bpo-1798: Add ctypes calling convention that allows safe access to errno.
- bpo-2404: ctypes objects support the new pep3118 buffer interface.
- bpo-2125: Add GetInteger and GetString methods for msilib.Record objects.
- bpo-2782: The datetime module's strftime methods now accept unicode format
strings just as time.strftime always has.
- The sgmllib and htmllib modules have been deprecated for removal in Python
3.0.
- bpo-3011: locale module alias table was updated to the latest version from
the X.org locale.alias file.
- bpo-1797: ctypes NULL function pointers have a False boolean value now.
- bpo-2985: Allow 64-bit integer responses (``<i8>``) in XMLRPC transfers.
- bpo-2877: The UserString.MutableString class has been removed in Python

3.0.
- Do not close external file objects passed to tarfile.open(mode='w:bz2')

when the TarFile is closed.
- bpo-2959: For consistency with other file-like objects, gzip's

GzipFile.close() can now be called multiple times without raising an
exception.
- bpo-1390: Raise ValueError in toxml when an invalid comment would

otherwise be produced.
- bpo-2914: TimedRotatingFileHandler now takes an optional keyword argument

"utc" to use UTC time rather than local time.
- bpo-2929: TimedRotatingFileHandler was using the wrong path when deleting

old log files (filename only instead of full path).
- bpo-1775025: You can now specify zipfile members to open(), read() or

extract() via a ZipInfo instance. This allows handling duplicate
filenames in zipfiles.
- bpo-961805: Fix Text.edit_modified() in Tkinter.
- bpo-1793: Function ctypes.util.find_msvcrt() added that returns the name

of the C runtime library that Python uses. ctypes.util.find_library(name)
now call this function when name is 'm' or 'c'.
- The statvfs module has been deprecated for removal in Python 3.0.
- The sunaudiodev and SUNAUDIODEV modules have been deprecated for removal
in Python 3.0.
- The WAIT module from IRIX has been deprecated for removal in Python 3.0.
- The torgb module from IRIX has been deprecated for removal in Python 3.0.
- The SV module from IRIX has been deprecated for removal in Python 3.0.
- The readcd module from IRIX has been deprecated for removal in Python 3.0.
- The panelparser module from IRIX has been deprecated for removal in Python
3.0.
- The panel module from IRIX has been deprecated for removal in Python 3.0.
- The jpeg module from IRIX has been deprecated for removal in Python 3.0.
- The IOCTL module from IRIX has been deprecated for removal in Python 3.0.
- The IN module from IRIX has been deprecated for removal in Python 3.0.
- The imgfile module from IRIX has been deprecated for removal in Python
3.0.
- The GLWS module from IRIX has been deprecated for removal in Python 3.0.
- The GET module from IRIX has been deprecated for removal in Python 3.0.
- The fm module from IRIX has been deprecated for removal in Python 3.0.
- The FL, flp, and fl modules from IRIX have been deprecated for removal in
Python 3.0.
- The FILE module on IRIX has been deprecated for removal in Python 3.0.
- The ERRNO module on IRIX has been deprecated for removal in Python 3.0.
- The DEVICE, GL, gl, and cgen modules (which indirectly includes
cgensupport) have been deprecated for removal in Python 3.0.
- The CL, CL_old, and cl modules for IRIX have been deprecated for removal
in Python 3.0.
- The cdplayer module for IRIX has been deprecated for removal in Python
3.0.
- The cddb module for IRIX has been deprecated for removal in Python 3.0.
- The cd and CD modules for IRIX have been deprecated for removal in Python
3.0.
- The al and AL modules for IRIX have been deprecated for removal in Python
3.0.
- bpo-1713041: fix pprint's handling of maximum depth.
- The timing module has been deprecated for removal in Python 3.0.
- The sv module has been deprecated for removal in Python 3.0.
- The multifile module has been deprecated as per PEP 4.
- The imageop module has been deprecated for removal in Python 3.0.
- bpo-2250: Exceptions raised during evaluation of names in rlcompleter's

``Completer.complete()`` method are now caught and ignored.
- bpo-2659: Added ``break_on_hyphens`` option to textwrap TextWrapper class.
- The mhlib module has been deprecated for removal in Python 3.0.
- The linuxaudiodev module has been deprecated for removal in Python 3.0.
- The ihooks module has been deprecated for removal in Python 3.0.
- The fpformat module has been deprecated for removal in Python 3.0.
- The dl module has been deprecated for removal in Python 3.0.
- The Canvas module has been deprecated for removal in Python 3.0.
- The compiler package has been deprecated for removal in Python 3.0.
- The Bastion and rexec modules have been deprecated for removal in Python
3.0.
- The bsddb185 module has been deprecated for removal in Python 3.0.
- The pure module has been deprecated for removal in Python 3.0.
- bpo-2487: change the semantics of math.ldexp(x, n) when n is too large to

fit in a C long. ldexp(x, n) now returns a zero (with suitable sign) if n
is large and negative; previously, it raised OverflowError.
- The toaiff module has been deprecated for removal in Python 3.0.
- The test.testall module has been deprecated for removal in Python 3.0.
- The new module has been deprecated for removal in Python 3.0.
- The user module has been deprecated for removal in Python 3.0.
- The stringold module has been deprecated for removal in Python 3.0.
- The mutex module has been deprecated for removal in Python 3.0.
- The imputil module has been deprecated for removal in Python 3.0.
- test.test_support.catch_warning() gained a 'record' argument.
- os.path.walk is deprecated in favor of os.walk.
- pdb gained the "until" command.
- The Mac Modules (including Carbon) have been deprecated for removal in
Python 3.0.
- Library: on MacOS X you can now set `ÀRCHFLAGS`` in the shell environment
to control the '-arch' flags that are used to build an extension. This was
added for compatibility with Apple's build of Python.
- The bundled OSX-specific copy of libbffi is now in sync with the version
shipped with PyObjC 2.0 and includes support for x86_64 and ppc64
platforms.
- The threading module gained aliases for names that will be removed in the
3.x series.
Build
-----
- The Windows installer now includes Tk 8.5, bzip2 1.0.5, and SQLite 3.5.9.
- bpo-1722225: Support QNX 6.
- ``Lib/lib-old`` is now added to sys.path.
- On MacOS X it is now possible to install the framework in 64-bit mode or

even as a 4-way universal binary (that is, PPC, i386, PPC64 and x86_64
support in one binary).
This is controlled by the configure argument ``--with-universal-archs``:
- ``--with-universal-archs=all``: install 4-way universal
- ``--with-universal-archs=32-bit``: install 2-way universal, 32-bit (the

default)
- ``--with-universal-archs=64-bit``: install 2-way universal, 64-bit
This option should be used in combination with ``--enable-universalsdk=``.
NOTE: 64-bit and 4-way builds are only suppported on Mac OS X 10.5 (or
later).
C API
-----
- Add ``PyType_Modified()`` as a public API to clear the type cache.
- The PyBytes functions have been renamed to PyByteArray.
- The PyString functions have been renamed to PyBytes. A batch of defines

were added so that the linker still sees the original PyString names.

=================================
*Release date: 08-May-2008*
Core and Builtins

-----------------
- bpo-2719: backported the ``next()`` builtin from Python 3.
- bpo-2681: The octal literal ``0o8`` was incorrecly acctepted. Now it

properly raises a SyntaxError.
- bpo-2617: Reserved -J and -X arguments for Jython, IronPython and other

implementations of Python.
- Implemented PEP 370: Per user site-packages directory.

Library
-------
- bpo-2670: Fix a failure in urllib2.build_opener(), when passed two

handlers that derive the same default base class.
- Added kill, terminate and send_signal(sig) to subprocess.Popen.
- Added phase(z) -> phi, polar(z) -> r, phi and rect(r, phi) -> z to the
cmath module.
- Four new methods were added to the math and cmath modules: acosh, asinh,
atanh and log1p.
- zlib.decompressobj().flush(value) no longer crashes the interpreter when

passed a value less than or equal to zero.
- bpo-1631171: Re-implement the 'warnings' module in C (the original Python

code has been kept as backup). This will allow for using the 'warning's
machinery in such places as the parser where use of pure Python code is
not possible. Both the ``showarning()`` and ``formatwarning()`` gain an
optional 'line' argument which is not called by default for backwards-
compatibility reasons. Setting ``warnings.showwarning()`` to an
implementation that lacks support for the ``line`` argument will raise a
DeprecationWarning.
- The audiodev module has been deprecated for removal in Python 3.0.
- bpo-2750: Add the 'json' package. Based on simplejson 1.9 and contributed
by Bob Ippolito.
- bpo-1734346: Support Unicode file names for zipfiles.
- bpo-2581: distutils: Vista UAC/elevation support for bdist_wininst.
- bpo-2635: Fix bug in 'fix_sentence_endings' textwrap.fill option, where an

extra space was added after a word containing (but not ending in) '.', '!'
or '?'.
- Add from_buffer() and from_buffer_copy() class methods to ctypes data

types.
- bpo-2682: ctypes callback functions no longer contain a cyclic reference

to themselves.
- The getpass module has been improved on Unix. It now uses /dev/tty by
default and uses stderr instead of stdout. A GetPassWarning is issued
when input echo cannot be controlled.
- bpo-2014: Allow XML-RPC datetime objects to have dates before 1900-01-01.
- bpo-2439: Added new function pkgutil.get_data(), which is a convenience

wrapper for the PEP 302 get_data() API.
- bpo-2616: The ctypes.pointer() and ctypes.POINTER() functions are now

implemented in C for better performance.
- bpo-2408: The ``_types`` module, which was used as in implementation

detail of the public ``types`` module, has been removed and replaced by
pure python code.
- bpo-2513: distutils on Windows is now capable of cross-compiling extension

modules between 32 and 64 bit platforms. See the distutls build
documentation for more information.
- bpo-815646: Individual file objects may now be used from multiple threads
at once without fear of crashing the Python interpreter. If file.close()
is called while an object is in use by another thread an IOError exception
will be raised and the file will not be closed.
- The bundled libffi copy is now in sync with the recently released
libffi3.0.5 version, apart from some small changes to
Modules/_ctypes/libffi/configure.ac.
- bpo-2385: distutils.core.run_script() makes __file__ available, so the

controlled environment will more closely mirror the typical script
environment. This supports setup.py scripts that refer to data files.
Tests
-----
- bpo-2550: The approach used by client/server code for obtaining ports to

listen on in network-oriented tests has been refined in an effort to
facilitate running multiple instances of the entire regression test suite
in parallel without issue. test_support.bind_port() has been fixed such
that it will always return a unique port -- which wasn't always the case
with the previous implementation, especially if socket options had been
set that affected address reuse (i.e. SO_REUSEADDR, SO_REUSEPORT). The
new implementation of bind_port() will actually raise an exception if it
is passed an AF_INET/SOCK_STREAM socket with either the SO_REUSEADDR or
SO_REUSEPORT socket option set. Furthermore, if available, bind_port()
will set the SO_EXCLUSIVEADDRUSE option on the socket it's been passed.
This currently only applies to Windows. This option prevents any other
sockets from binding to the host/port we've bound to, thus removing the
possibility of the 'non-deterministic' behaviour, as Microsoft puts it,
that occurs when a second SOCK_STREAM socket binds and accepts to a
host/port that's already been bound by another socket. The optional
preferred port parameter to bind_port() has been removed. Under no
circumstances should tests be hard coding ports!
test_support.find_unused_port() has also been introduced, which will pass

a temporary socket object to bind_port() in order to obtain an unused
port. The temporary socket object is then closed and deleted, and the port
is returned. This method should only be used for obtaining an unused port
in order to pass to an external program (i.e. the -accept [port] argument
to openssl's s_server mode) or as a parameter to a server-oriented class
that doesn't give you direct access to the underlying socket used.
Finally, test_support.HOST has been introduced, which should be used for

the host argument of any relevant socket calls (i.e. bind and connect).
The following tests were updated to following the new conventions:

test_socket, test_smtplib, test_asyncore, test_ssl, test_httplib,
test_poplib, test_ftplib, test_telnetlib, test_socketserver,
test_asynchat and test_socket_ssl.
It is now possible for multiple instances of the regression test suite to

run in parallel without issue.
Build
-----
- bpo-1496032: On alpha, use -mieee when gcc is the compiler.
- bpo-2544: On HP-UX systems, use 'gcc -shared' for linking when gcc is used
as compiler.
- bpo-2573: On MacOS X it is now possible to install the framework with a

different name using --with-framework-name=NAME.
C API
-----
- Added implementation of copysign, acosh, asinh, atanh and log1p to the new
files Include/pymath.h and Python/pymath.h for platforms which provide the
functions through their libm. The files also contains several helpers and
constants for math.
- Added a new convenience macro, PyErr_WarnPy3k, for issuing Py3k warnings.

=================================
*Release date: 02-Apr-2008*
Core and Builtins

-----------------
- bpo-1733757: The interpreter would hang on shutdown if the tracing

function set by sys.settrace is still active and happens to call
threading.currentThread().
- bpo-1442: properly report exceptions when the PYTHONSTARTUP file cannot be

executed.
- The compilation of a class nested in another class used to leak one

reference on the outer class name.
- bpo-1810: compile() can now compile _ast trees as returned by

``compile(..., PyCF_ONLY_AST)``.
- bpo-2426: Added sqlite3.Connection.iterdump method to allow easy dumping

of databases. Contributed by Paul Kippes at PyCon 2008.
- bpo-2477: Added from __future__ import unicode_literals.
- Added backport of bytearray type.
- bpo-2355: add Py3k warning for buffer().
- bpo-1477: With narrow Unicode builds, the unicode escape sequence

\Uxxxxxxxx did not accept values outside the Basic Multilingual Plane.
This affected raw unicode literals and the 'raw-unicode-escape' codec.
Now UTF-16 surrogates are generated in this case, like normal unicode
literals and the 'unicode- escape' codec.
- bpo-2348: add Py3k warning for file.softspace.
- bpo-2346: add Py3k warnings for __methods__ and __members__. (See also:
bpo-2347)
- bpo-2358: Add a Py3k warning on sys.exc_clear() usage.
- bpo-2400: Allow relative imports to "import *".
- bpo-1745: Backport print function with ``from __future__ import

print_function``.
- bpo-2332: add new attribute names for instance method objects. The two
changes are: im_self -> __self__ and im_func -> __func__
- bpo-2379: Raise a Py3K warning for __getitem__ or __getslice__ on

exception instances.
- bpo-2371: Add a Py3k warning when catching an exception that doesn't

derive from BaseException.
- bpo-2341: Add a Py3k warning when raising an exception that doesn't derive
from BaseException.
- bpo-2321: use pymalloc for unicode object string data to reduce memory
usage in some circumstances.
- PEP 3127: octal literals now start with "0o". Old-style octal literals are
still valid. There are binary literals with a prefix of "0b". This also
affects int(x, 0).
- bpo-2359: Adding deprecation warnings for array.{read,write}.
- bpo-1779871: GNU gcc can now build Python on OS X because the flags -Wno-
long-double, -no-cpp-precomp, and -mno-fused-madd are no longer passed.
- Add a warning when asserting a non-empty tuple which is always true.
- bpo-2179: speed up with statement execution by storing the exit method on

the stack instead of in a temporary variable (patch by Jeffrey Yaskin)
- bpo-2238: Some syntax errors in *args and **kwargs expressions could give
bogus error messages.
- bpo-2143: Fix embedded readline() hang on SSL socket EOF.
Library
-------
- bpo-2240: Implement signal.setitimer and signal.getitimer.
- bpo-2315: logging.handlers: TimedRotatingFileHandler now accounts for

daylight savings time in calculating the next rollover.
- bpo-2316: logging.handlers: TimedRotatingFileHandler now calculates

rollovers correctly even when nothing is logged for a while.
- bpo-2317: logging.handlers: TimedRotatingFileHandler now uses improved

logic for removing old files.
- bpo-2495: tokenize.untokenize now inserts a space between two consecutive

string literals; previously, ["" ""] was rendered as [""""], which is
incorrect python code.
- bpo-2248: return the result of the QUIT command. from SMTP.quit().
- Backport of Python 3.0's io module.
- bpo-2482: Make sure that the coefficient of a Decimal is always stored as

a str instance, not as a unicode instance. This ensures that str(Decimal)
is always an instance of str.
- bpo-2478: fix failure of decimal.Decimal(0).sqrt()
- bpo-2432: give DictReader the dialect and line_num attributes advertised

in the docs.
- bpo-2460: Make Ellipsis object copyable.
- bpo-1681432: Add triangular distribution to the random module
- bpo-2136: urllib2's auth handler now allows single-quoted realms in the

WWW- Authenticate header.
- bpo-2434: Enhanced platform.win32_ver() to also work on Python

installation which do not have the win32all package installed.
- Added support to platform.uname() to also report the machine and processor

information on Windows XP and later. As a result, platform.machine() and
platform.processor() will report this information as well.
- The library implementing the 2to3 conversion, lib2to3, was added to the
standard distribution.
- bpo-1747858: Fix chown to work with large uid's and gid's on 64-bit
platforms.
- bpo-1202: zlib.crc32 and zlib.adler32 no longer return different values on

32-bit vs. 64-bit python interpreters. Both were correct, but they now
both return a signed integer object for consistency.
- bpo-1158: add %f format (fractions of a second represented as

microseconds) to datetime objects. Understood by both strptime and
strftime.
- bpo-705836: struct.pack(">f", x) now raises OverflowError on all platforms

when x is too large to fit into an IEEE 754 float; previously it only
raised OverflowError on non IEEE 754 platforms.
- bpo-2166: now distutils deals with HOME correctly under win32 (See also:
bpo-1741, bpo-1531505)
- bpo-1858: distutils: added multiple server support in .pypirc
- bpo-1106316: pdb.post_mortem()'s parameter, "traceback", is now optional:

it defaults to the traceback of the exception that is currently being
handled (is mandatory to be in the middle of an exception, otherwise it
raises ValueError).
- bpo-1193577: A .shutdown() method has been added to SocketServers which

terminates the .serve_forever() loop.
- bpo-2220: handle rlcompleter attribute match failure more gracefully.
- bpo-2225: py_compile, when executed as a script, now returns a non- zero

status code if not all files could be compiled successfully.
- bpo-1725737: In distutils' sdist, exclude RCS, CVS etc. also in the root
directory, and also exclude .hg, .git, .bzr, and _darcs.
- bpo-1872: The struct module typecode for _Bool has been changed from 't'
to '?'.
- The bundled libffi copy is now in sync with the recently released
libffi3.0.4 version, apart from some small changes to
Modules/_ctypes/libffi/configure.ac. On OS X, preconfigured libffi files
are used. On all linux systems the --with-system-ffi configure option
defaults to "yes".
- bpo-1577: shutil.move() now calls os.rename() if the destination is a

directory instead of copying-then-remove-source.
Tests
-----
- test_nis no longer fails when test.test_support.verbose is true and NIS is

not set up on the testing machine.
- Output comparison tests are no longer supported.
- Rewrite test_errno to use unittest and no longer be a no-op.
- GHOP 234: Convert test_extcall to doctest.
- GHOP 290: Convert test_dbm and test_dummy_threading to unittest.
- GHOP 293: Convert test_strftime, test_getargs, and test_pep247 to

unittest.
- bpo-2055: Convert test_fcntl to unittest.
- bpo-1960: Convert test_gdbm to unittest.
- GHOP 294: Convert test_contains, test_crypt, and test_select to unittest.
- GHOP 238: Convert test_tokenize to use doctest.
- GHOP 237: Rewrite test_thread using unittest.
- bpo-2232: os.tmpfile might fail on Windows if the user has no permission

to create files in the root directory.
Build
-----
- A new script 2to3 is now installed, to run the 2.x to 3.x converter.
- Python/memmove.c and Python/strerror.c have been removed; both functions
are in the C89 standard library.
- bpo-2284: Add -x64 option to rt.bat.
C API
-----
- bpo-2477: Added PyParser_ParseFileFlagsEx() and

PyParser_ParseStringFlagsFilenameEx().

=================================
*Release date: 29-Feb-2008*
Core and Builtins

-----------------
- bpo-2051: pyc and pyo files are no longer created with permission 644. The
mode is now inherited from the py file.
- bpo-2067: file.__exit__() now calls subclasses' close() method.
- bpo-1759: Backport of PEP 3129 class decorators.
- bpo-1881: An internal parser limit has been increased. Also see issue
#215555 for a discussion.
- Added the future_builtins module, which contains hex() and oct(). These
are the PEP 3127 version of these functions, designed to be compatible
with the hex() and oct() builtins from Python 3.0. They differ slightly
in their output formats from the existing, unchanged Python 2.6 builtins.
The expected usage of the future_builtins module is: from
future_builtins import hex, oct
- bpo-1600: Modified PyOS_ascii_formatd to use at most 2 digit exponents for

exponents with absolute value < 100. Follows C99 standard. This is a
change on Windows, which would use 3 digits. Also, added 'n' to the
formats that PyOS_ascii_formatd understands, so that any alterations it
does to the resulting string will be available in stringlib/formatter.h
(for float.__format__).
- Implemented PEP 3101, Advanced String Formatting. This adds a new builtin
format(); a format() method for str and unicode; a __format__() method to
object, str, unicode, int, long, float, and datetime; the class
string.Formatter; and the C API PyObject_Format().
- Fixed several potential crashes, all caused by specially crafted __del__

methods exploiting objects in temporarily inconsistent state.
- bpo-2115: Important speedup in setting __slot__ attributes. Also prevent

a possible crash: an Abstract Base Class would try to access a slot on a
registered virtual subclass.
- Fixed repr() and str() of complex numbers with infinity or nan as real or
imaginary part.
- Clear all free lists during a gc.collect() of the highest generation in
order to allow pymalloc to free more arenas. Python may give back memory
to the OS earlier.
- bpo-2045: Fix an infinite recursion triggered when printing a subclass of

collections.defaultdict, if its default_factory is set to a bound method.
- Fixed a minor memory leak in dictobject.c. The content of the free list
was not freed on interpreter shutdown.
- Limit free list of method and built-in function objects to 256 entries
each.
- bpo-1953: Added ``sys._compact_freelists()`` and the C API functions

``PyInt_CompactFreeList`` and ``PyFloat_CompactFreeList`` to compact the
internal free lists of pre-allocted ints and floats.
- bpo-1983: Fixed return type of fork(), fork1() and forkpty() calls.

Python expected the return type int but the fork familie returns pi_t.
- bpo-1678380: Fix a bug that identifies 0j and -0j when they appear in the
same code unit.
- bpo-2025: Add tuple.count() and tuple.index() methods to comply with the

collections.Sequence API.
- bpo-1970: Speedup unicode whitespace and linebreak detection. (Patch by

Antoine Pitrou.)
- Added ``PyType_ClearCache()`` and ``sys._clear_type_cache`` to clear the

internal lookup cache for ref leak tests.
- bpo-1473257: generator objects gain a gi_code attribute. This is the same

object as the func_code attribute of the function that produced the
generator.
- bpo-1920: "while 0" statements were completely removed by the compiler,

even in the presence of an "else" clause, which is supposed to be run when
the condition is false. Now the compiler correctly emits bytecode for the
"else" suite.
- A few crashers fixed: weakref_in_del.py (issue #1377858);

loosing_dict_ref.py (issue #1303614, test67.py); borrowed_ref_[34].py (not
in tracker).
- bpo-1069410: The "can't load dll" message box on Windows is suppressed

while an extension is loaded by calling SetErrorMode in dynload_win.c. The
error is still reported properly.
- bpo-1915: Python compiles with --enable-unicode=no again. However several

extension methods and modules do not work without unicode support.
- bpo-1882: when compiling code from a string, encoding cookies in the

second line of code were not always recognized correctly.
- bpo-1679: "0x" was taken as a valid integer literal.
- bpo-1865: ``bytes`` as an alias for ``str`` and b"" as an alias "" were
added.
- sys.float_info / PyFloat_GetInfo: The floating point information object

was converted from a dict to a specialized structseq object.
- bpo-1816: Added sys.flags structseq. It exposes the status of most command

line arguments and PYTHON* environment variables.
- Objects/structseq.c: Implemented new structseq representation. The patch

makes structseqs (e.g. the return value of os.stat) more readable.
- bpo-1700288: added a type attribute cache that caches method accesses,

resulting in speedups in heavily object-oriented code.
- bpo-1776: __import__() no longer accepts filenames on any platform. The

first parameter to __import__() must be a valid module name.
- bpo-1668: renamed THREADDEBUG envvar to PYTHONTHREADDEBUG.
- bpo-602345: Add -B command line option, PYTHONDONTWRITEBYTECODE envvar and

sys.dont_write_bytecode attribute. All these can be set to forbid Python
to attempt to write compiled bytecode files.
- Improve some exception messages when Windows fails to load an extension

module. Now we get for example '%1 is not a valid Win32 application'
instead of 'error code 193'.
- bpo-1481296: Fixed long(float('nan')) != 0L.
- bpo-1640: Added math.isinf(x), math.isnan(x) and math.copysign(x, y)

functions.
- bpo-1635: Platform independent creation and representation of NaN and INF.

float("nan"), float("inf") and float("-inf") now work on every platform
with IEEE 754 semantics.
- Compiler now generates simpler and faster code for dictionary literals.
The oparg for BUILD_MAP now indicates an estimated dictionary size. There
is a new opcode, STORE_MAP, for adding entries to the dictionary.
- bpo-1638: %zd configure test fails on Linux.
- bpo-1620: New property decorator syntax was modifying the decorator in

place instead of creating a new decorator object.
- bpo-1538: Avoid copying string in split/rsplit if the split char is not

found.
- bpo-1553: An erroneous __length_hint__ can make list() raise a

SystemError.
- PEP 366: Allow explicit relative imports when executing modules inside
packages with the -m switch via a new module level __package__ attribute.
- bpo-1402: Fix a crash on exit, when another thread is still running, and
if the deallocation of its frames somehow calls the PyGILState_Ensure() /
PyGILState_Release() functions.
- Expose the Py_Py3kWarningFlag as sys.py3kwarning.

- bpo-1445: Fix a SystemError when accessing the ``cell_contents`` attribute
of an empty cell object.
- bpo-1460: The utf-7 incremental decoder did not accept truncated input.
It now correctly saves its state between chunks of data.
- bpo-1739468: Directories and zipfiles containing a __main__.py file can

now be directly executed by passing their name to the interpreter. The
directory/zipfile is automatically inserted as the first entry in
sys.path.
- bpo-1265: Fix a problem with sys.settrace, if the tracing function uses a

generator expression when at the same time the executed code is closing a
paused generator.
- sets and frozensets now have an isdisjoint() method.
- optimize the performance of builtin.sum().
- Fix warnings found by the new version of the Coverity checker.
- The enumerate() built-in function is no longer bounded to sequences

smaller than LONG_MAX. Formerly, it raised an OverflowError. Now,
automatically shifts from ints to longs.
- bpo-1686386: Tuple's tp_repr did not take into account the possibility of
having a self- referential tuple, which is possible from C code. Nor did
object's tp_str consider that a type's tp_str could do something that
could lead to an inifinite recursion. Py_ReprEnter() and
Py_EnterRecursiveCall(), respectively, fixed the issues.
- bpo-1164: It was possible to trigger deadlock when using the 'print'

statement to write to a file since the GIL was not released as needed.
Now PyObject_Print() does the right thing along with various tp_print
implementations of the built-in types and those in the collections module.
- bpo-1147: Exceptions were directly allowing string exceptions in their

throw() method even though string exceptions no longer allowed.
- bpo-1096: Prevent a segfault from getting the repr of a very deeply nested
list by using the recursion counter.
- bpo-1202533: Fix infinite recursion calls triggered by calls to

PyObject_Call() never calling back out to Python code to trigger recursion
depth updates/checks. Required the creation of a static RuntimeError
instance in case normalizing an exception put the recursion check value
past its limit. Fixes crashers infinite_rec_(1|2|4|5).py.
- bpo-1031213: Decode source line in SyntaxErrors back to its original

source encoding.
- bpo-1673759: add a missing overflow check when formatting floats with %G.
- Prevent expandtabs() on string and unicode objects from causing a segfault

when a large width is passed on 32-bit platforms.
- bpo-1733488: Fix compilation of bufferobject.c on AIX.

- bpo-1722485: remove docstrings again when running with -OO.
- Add new attribute names for function objects. All the func_* become __*__
attributes. (Some already existed, e.g., __doc__ and __name__.)
- Add -3 option to the interpreter to warn about features that are

deprecated and will be changed/removed in Python 3.0.
- bpo-1686487: you can now pass any mapping after '**' in function calls.
- except clauses may now be spelled either "except E, target:" or "except E

as target:". This is to provide forwards compatibility with Python 3.0.
- Deprecate BaseException.message as per PEP 352.
- bpo-1303614: don't expose object's __dict__ when the dict is inherited

from a built-in base.
- When __slots__ are set to a unicode string, make it work the same as
setting a plain string, ie don't expand to single letter identifiers.
- bpo-1191699: Slices can now be pickled.
- bpo-1193128: str.translate() now allows a None argument for translations

that only remove characters without re-mapping the remaining characters.
- bpo-1682205: a TypeError while unpacking an iterable is no longer masked

by a generic one with the message "unpack non-sequence".
- Remove unused file Python/fmod.c.
- bpo-1683368: The object.__init__() and object.__new__() methods are now

stricter in rejecting excess arguments. The only time when either allows
excess arguments is when it is not overridden and the other one is. For
backwards compatibility, when both are overridden, it is a deprecation
warning (for now; maybe a Py3k warning later). Also, type.__init__()
insists on the same signature as supported by type.__new__().
- bpo-1675423: PyComplex_AsCComplex() now tries to convert an object to

complex using its __complex__() method before falling back to the
__float__() method. Therefore, the functions in the cmath module now can
operate on objects that define a __complex__() method.
- bpo-1623563: allow __class__ assignment for classes with __slots__. The

old and the new class are still required to have the same slot names.
- bpo-1642547: Fix an error/crash when encountering syntax errors in complex

if statements.
- bpo-1462488: Python no longer segfaults when `òbject.__reduce_ex__()`` is

called with an object that is faking its type.
- bpo-1680015: Don't modify __slots__ tuple if it contains a unicode name.
- bpo-1444529: the builtin compile() now accepts keyword arguments.
- bpo-1678647: write a newline after printing an exception in any case, even

when converting the value to a string failed.
- The dir() function has been extended to call the __dir__() method on its
argument, if it exists. If not, it will work like before. This allows
customizing the output of dir() in the presence of a __getattr__().
- bpo-922167: Python no longer segfaults when faced with infinitely self-

recursive reload() calls (as reported by bug #742342).
- bpo-1675981: remove unreachable code from ``type.__new__()`` method.
- bpo-1491866: change the complex() constructor to allow parthensized forms.

This means complex(repr(x)) now works instead of raising a ValueError.
- bpo-703779: unset __file__ in __main__ after running a file. This makes

the filenames the warning module prints much more sensible when a
PYTHONSTARTUP file is used.
- bpo-697613: Don't exit the interpreter on a SystemExit exception if the -i

command line option or PYTHONINSPECT environment variable is given, but
break into the interactive interpreter just like on other exceptions or
normal program exit.
- bpo-1638879: don't accept strings with embedded NUL bytes in long().
- bpo-1674503: close the file opened by execfile() in an error condition.
- bpo-1674228: when assigning a slice (old-style), check for the

sq_ass_slice instead of the sq_slice slot.
- When printing an unraisable error, don't print exceptions. before the

name. This duplicates the behavior whening normally printing exceptions.
- bpo-1653736: Properly discard third argument to slot_nb_inplace_power.
- PEP 352: Raising a string exception now triggers a TypeError. Attempting

to catch a string exception raises DeprecationWarning.
- bpo-1377858: Fix the segfaulting of the interpreter when an object created

a weakref on itself during a __del__ call for new-style classes (classic
classes still have the bug).
- bpo-1579370: Make PyTraceBack_Here use the current thread, not the frame's
thread state.
- bpo-1630975: Fix crash when replacing sys.stdout in sitecustomize.py.
- Prevent seg fault on shutdown which could occur if an object raised a

warning.
- bpo-1566280: Explicitly invoke threading._shutdown from Py_Main, to avoid

relying on atexit.
- bpo-1590891: random.randrange don't return correct value for big number.
- bpo-1586791: Better exception messages for some operations on strings,

tuples and lists.
- bpo-1067760: Deprecate passing floats to file.seek.
- bpo-1591996: Correctly forward exception in instance_contains().

- bpo-1588287: fix invalid assertion for `1,2` in debug builds.
- bpo-1576657: when setting a KeyError for a tuple key, make sure that the
tuple isn't used as the "exception arguments tuple".
- bpo-1565514: SystemError not raised on too many nested blocks.
- bpo-1576174: WindowsError now displays the windows error code again, no

longer the posix error code.
- bpo-1549049: Support long values in structmember, issue warnings if the

assigned value for structmember fields gets truncated.
- Update the peephole optimizer to remove more dead code (jumps after
returns) and inline unconditional jumps to returns.
- bpo-1545497: when given an explicit base, int() did ignore NULs embedded
in the string to convert.
- bpo-1569998: break inside a try statement (outside a loop) is now

recognized and rejected.
- list.pop(x) accepts any object x following the __index__ protocol.
- A number of places, including integer negation and absolute value, were

fixed to not rely on undefined behaviour of the C compiler anymore.
- bpo-1566800: make sure that EnvironmentError can be called with any number
of arguments, as was the case in Python 2.4.
- bpo-1567691: super() and new.instancemethod() now don't accept keyword

arguments any more (previously they accepted them, but didn't use them).
- Fix a bug in the parser's future statement handling that led to "with" not
being recognized as a keyword after, e.g., this statement: from __future__
import division, with_statement
- bpo-1557232: fix seg fault with def f((((x)))) and def f(((x),)).
- Fix %zd string formatting on Mac OS X so it prints negative numbers.
- Allow exception instances to be directly sliced again.
- bpo-1551432: Exceptions do not define an explicit __unicode__ method.

This allows calling unicode() on exceptions classes directly to succeed.
- bpo-1542051: Exceptions now correctly call PyObject_GC_UnTrack. Also make

sure that every exception class has __module__ set to 'exceptions'.
- bpo-1550983: emit better error messages for erroneous relative imports (if
not in package and if beyond toplevel package).
- Overflow checking code in integer division ran afoul of new gcc

optimizations. Changed to be more standard-conforming.
- bpo-1542451: disallow continue anywhere under a finally.
- bpo-1546288: fix seg fault in dict_equal due to ref counting bug.

- The return tuple from str.rpartition(sep) is (tail, sep, head) where head
is the original string if sep was not found.
- bpo-1520864: unpacking singleton tuples in list comprehensions and

generator expressions (x for x, in ... ) works again. Fixing this problem
required changing the .pyc magic number. This means that .pyc files
generated before 2.5c2 will be regenerated.
- ``with`` and `às`` are now keywords.
- bpo-1664966: Fix crash in exec if Unicode filename can't be decoded.
- bpo-1537: Changed GeneratorExit's base class from Exception to

BaseException.
- bpo-1703448: A joined thread could show up in the threading.enumerate()

list after the join() for a brief period until it actually exited.
Library
-------
- bpo-2274: Add heapq.heappushpop().
- Add inspect.isabstract(object) to fix bug #2223
- Add a __format__ method to Decimal, to support PEP 3101.
- Add a timing parameter when using trace.Trace to print out timestamps.
- bpo-1627: httplib now ignores negative Content-Length headers.
- bpo-900744: If an invalid chunked-encoding header is sent by a server,

httplib will now raise IncompleteRead and close the connection instead of
raising ValueError.
- bpo-1492: The content type of BaseHTTPServer error messages can now be

overridden.
- bpo-1781: ConfigParser now does not let you add the "default" section
(ignore-case)
- Removed uses of dict.has_key() from distutils, and uses of callable() from

copy_reg.py, so the interpreter now starts up without warnings when '-3'
is given. More work like this needs to be done in the rest of the stdlib.
- bpo-1916: added isgenerator() and isgeneratorfunction() to inspect.py.
- bpo-1224: Fixed bad url parsing when path begins with double slash.
- ctypes instances that are not or do not contain pointers can now be
pickled.
- bpo-1966: Break infinite loop in httplib when the servers implements the
chunked encoding incorrectly.
- Rename rational.py to fractions.py and the rational.Rational class to

fractions.Fraction, to avoid the name clash with the abstract base class
numbers.Rational. See discussion in issue #1682.
- The pickletools module now provides an optimize() function that eliminates
unused PUT opcodes from a pickle string.
- bpo-2021: Allow tempfile.NamedTemporaryFile and SpooledTemporaryFile to be

used in with statements by correctly supporting the context management
protocol.
- bpo-1979: Add rich comparisons to Decimal, and make Decimal comparisons

involving a NaN follow the IEEE 754 standard.
- bpo-2004: tarfile.py: Use mode 0700 for temporary directories and default
permissions for missing directories.
- bpo-175006: The debugger used to skip the condition of a "while" statement

after the first iteration. Now it correctly steps on the expression, and
breakpoints on the "while" statement are honored on each loop.
- bpo-1765140: add an optional delay argument to FileHandler and its

subclasses. Defaults to false (existing behaviour), but if true, defers
opening the file until the first call to emit().
- The pprint module now supports sets and frozensets.
- bpo-1221598: add optional callbacks to ftplib.FTP's storbinary() and

storlines() methods. (Contributed by Phil Schwartz)
- bpo-1715: include sub-extension modules in pydoc's text output.
- bpo-1836: fix an off-by-one bug in TimedRotatingHandler's rollover time

calculation.
- bpo-1021: fix a bug to allow basicConfig to accept NOTSET as a level.
- bpo-932563: add LoggerAdapter convenience class to make it easier to add

contextual information in logging output.
- bpo-1760556: fix a bug to avoid FileHandler throwing an exception in

flush().
- bpo-1530959: distutils' build command now uses different build directory

when building extension modules against versions of Python compiled with
``--with- pydebug``.
- bpo-1555501: move plistlib from plat-mac directory to general library.
- bpo-1269: fix a bug in pstats.add_callers() and add a unit test file for
pstats.
- bpo-1669: don't allow shutil.rmtree() to be called on a symlink to a

directory.
- bpo-1664522: in urllib, don't read non-existing directories in ftp mode,

returning a 0-byte file -- raise an IOError instead.
- bpo-856047: respect the ``no_proxy`` environment variable when using the

``http_proxy`` etc. environment variables in urllib.
- bpo-1178141: add a getcode() method to the addinfourls that urllib.open()

returns so that you can retrieve the HTTP status code.
- bpo-1003: Fix zipfile decryption check, it would fail zip files with
extended local headers.
- bpo-1189216: Fix the zipfile module to work on archives with headers past
the 2**31 byte boundary.
- bpo-1336: fix a race condition in subprocess.Popen if the garbage

collector kicked in at the wrong time that would cause the process to hang
when the child wrote to stderr.
- bpo-1146: fix how textwrap breaks a long word that would start in the last
column of a line.
- bpo-1693149: trace.py --ignore-module - accept multiple comma-separated

modules to be given.
- bpo-1822: MIMEMultipart.is_multipart() behaves correctly for a just-

created (and empty) instance. Thanks Jonathan Share.
- bpo-1861: Added an attribute to the sched module which returns an ordered

list of upcoming events (displayed as named tuples).
- bpo-1837: The queue module now also supports a LIFO queue and a priority
queue.
- bpo-1048820: Add insert-mode editing to curses.textpad.Textbox (patch by

Stefan Wehr). Also, fix an off-by-one bug in Textbox.gather().
- bpo-1831: ctypes now raises a TypeError if conflicting positional and

named arguments are passed to a Structure or Union initializer. When too
many positional arguments are passed, also a TypeError is raised instead
of a ValueError.
- Convert the internal ctypes array type cache to a WeakValueDict so that

array types do not live longer than needed.
- bpo-1786: pdb should use its own stdin/stdout around an exec call and when
creating a recursive instance.
- bpo-1698398: ZipFile.printdir() crashed because the format string expected

a tuple type of length six instead of time.struct_time object.
- bpo-1780: The Decimal constructor now accepts arbitrary leading and

trailing whitespace when constructing from a string.
Context.create_decimal no longer accepts trailing newlines.
- Decimal.as_tuple(), difflib.find_longest_match() and inspect functions

that returned a tuple now return a named tuple.
- Doctest now returns results as a named tuple for readability: (0, 7)

--> TestResults(failed=0, attempted=7)
- bpo-846388: re.match is interruptible now, which is particularly good for

long regular expression matches.
- bpo-1137: allow setting buffer_size attribute on pyexpat Parser objects to

set the character data buffer size.
- bpo-1757: The hash of a Decimal instance is no longer affected by the
current context.
- bpo-467924: add ZipFile.extract() and ZipFile.extractall() in the zipfile

module.
- bpo-1646: Make socket support the TIPC protocol.
- bpo-1742: return os.curdir from os.path.relpath() if both arguments are

equal instead of raising an exception.
- bpo-1637: fix urlparse for URLs like 'http://x.com?arg=/foo'.
- bpo-1698: allow '@' in username parsed by urlparse.py.
- bpo-1735: TarFile.extractall() now correctly sets directory permissions

and times.
- bpo-1713: posixpath.ismount() claims symlink to a mountpoint is a

mountpoint.
- bpo-1687: Fxed plistlib.py restricts <integer> to Python int when writing
- bpo-1700: Regular expression inline flags incorrectly handle certain

unicode characters.
- bpo-1689: PEP 3141, numeric abstract base classes.
- Tk issue #1851526: Return results from Python callbacks to Tcl as Tcl

objects.
- bpo-1642: Fix segfault in ctypes when trying to delete attributes.
- bpo-1727780: Support loading pickles of random.Random objects created on

32-bit systems on 64-bit systems, and vice versa. As a consequence of the
change, Random pickles created by Python 2.6 cannot be loaded in Python
2.5.
- bpo-1455: The distutils package now supports VS 2005 and VS 2008 for both
the msvccompiler and cygwincompiler.
- bpo-1531: tarfile.py: Read fileobj from the current offset, do not seek to
the start.
- bpo-1534: Added a dictionary sys.float_info with information about the

internal floating point type to the sys module.
- bpo-1429818: patch for trace and doctest modules so they play nicely
together.
- doctest made a bad assumption that a package's __loader__.get_data()

method used universal newlines.
- bpo-1705170: contextlib.contextmanager was still swallowing StopIteration

in some cases. This should no longer happen.
- bpo-1292: On alpha, arm, ppc, and s390 linux systems the --with-system-ffi
configure option defaults to "yes".
- IN module for FreeBSD 8 is added and preexisting FreeBSD 6 and 7 files are
updated.
- bpo-1181: unsetenv() is now called when the os.environ.pop() and

os.environ.clear() methods are used. (See also: bpo-1287)
- ctypes will now work correctly on 32-bit systems when Python is configured
with --with-system-ffi.
- bpo-1203: ctypes now does work on OS X when Python is built with

``--disable-toolbox- glue``.
- collections.deque() now supports a "maxlen" argument.
- itertools.count() is no longer bounded to LONG_MAX. Formerly, it raised

an OverflowError. Now, automatically shifts from ints to longs.
- Added itertools.product() which forms the Cartesian product of the input

iterables.
- Added itertools.combinations() and itertools.permutations().
- bpo-1541463: optimize performance of cgi.FieldStorage operations.
- Decimal is fully updated to the latest Decimal Specification (v1.66).
- bpo-1153: repr.repr() now doesn't require set and dictionary items to be

orderable to properly represent them.
- A 'c_longdouble' type was added to the ctypes module.
- bpo-1709599: Run test_1565150 only if the file system is NTFS.
- When encountering a password-protected robots.txt file the RobotFileParser

no longer prompts interactively for a username and password (bug 813986).
- TarFile.__init__() no longer fails if no name argument is passed and the

fileobj argument has no usable name attribute (e.g. StringIO).
- The functools module now provides 'reduce', for forward compatibility with
Python 3000.
- Server-side SSL support and cert verification added, by Bill Janssen.
- socket.ssl deprecated; use new ssl module instead.
- uuid creation is now threadsafe.
- EUC-KR codec now handles the cheot-ga-keut composed make-up hangul

syllables.
- GB18030 codec now can encode additional two-byte characters that are
missing in GBK.
- Add new codecs for UTF-32, UTF-32-LE and UTF-32-BE.
- bpo-1704793: Return UTF-16 pair if unicodedata.lookup cannot represent the

result in a single character.
- bpo-978833: Close https sockets by releasing the _ssl object.
- Change location of the package index to pypi.python.org/pypi
- bpo-1701409: Fix a segfault in printing ctypes.c_char_p and

ctypes.c_wchar_p when they point to an invalid location. As a sideeffect
the representation of these instances has changed.
- tarfile.py: Added "exclude" keyword argument to TarFile.add().
- bpo-1734723: Fix repr.Repr() so it doesn't ignore the maxtuple attribute.
- The urlopen function of urllib2 now has an optional timeout parameter

(note that it actually works with HTTP, HTTPS, FTP and FTPS connections).
- In ftplib, the FTP.ntransfercmd method, when in passive mode, now uses the
socket.create_connection function, using the timeout specified at
connection time.
- bpo-1728403: Fix a bug that CJKCodecs StreamReader hangs when it reads a

file that ends with incomplete sequence and sizehint argument for .read()
is specified.
- bpo-1730389: Change time.strptime() to use ``\s+`` instead of ``\s*`` when

matching spaces in the specified format argument.
- bpo-1668596: distutils now copies data files even if package_dir is empty.

- sha now raises a DeprecationWarning upon import.
- md5 now raises a DeprecationWarning upon import.
- bpo-1385: The hmac module now computes the correct hmac when using hashes
with a block size other than 64 bytes (such as sha384 and sha512).
- mimify now raises a DeprecationWarning upon import.
- MimeWriter now raises a DeprecationWarning upon import.
- tarfile.py: Improved unicode support. Unicode input names are now

officially supported. Added "errors" argument to the TarFile class.
- urllib.ftpwrapper class now accepts an optional timeout.
- shlex.split() now has an optional "posix" parameter.
- The posixfile module now raises a DeprecationWarning.
- Remove the gopherlib module. This also leads to the removal of gopher
support in urllib/urllib2.
- Fix bug in marshal where bad data would cause a segfault due to lack of an
infinite recursion check.
- Removed plat-freebsd2 and plat-freebsd3 directories (and IN.py in the

directories).
- HTML-escape the plain traceback in cgitb's HTML output, to prevent the
traceback inadvertently or maliciously closing the comment and injecting
HTML into the error page.
- The popen2 module and os.popen* are deprecated. Use the subprocess
module.
- Added an optional credentials argument to SMTPHandler, for use with SMTP

servers which require authentication.
- bpo-1695948: Added optional timeout parameter to SocketHandler.
- bpo-1652788: Minor fix for currentframe.
- bpo-1598415: Added WatchedFileHandler to better support external log file

rotation using e.g. newsyslog or logrotate. This handler is only useful in
Unix/Linux environments.
- bpo-1706381: Specifying the SWIG option "-c++" in the setup.py file (as
opposed to the command line) will now write file names ending in ".cpp"
too.
- As specified in RFC 2616, an HTTP response like 2xx indicates that the
client's request was successfully received, understood, and accepted. Now
in these cases no error is raised in urllib (issue #1177) and urllib2.
- bpo-1290505: time.strptime's internal cache of locale information is now

properly recreated when the locale is changed.
- bpo-1685563: remove (don't add) duplicate paths in distutils.MSVCCompiler.
- Added a timeout parameter to the constructor of other protocols

(telnetlib, ftplib, smtplib and poplib). This is second part of the work
started with create_connection() and timeout in httplib, and closes patch
#723312.
- bpo-1676823: Added create_connection() to socket.py, which may be called

with a timeout, and use it from httplib (whose HTTPConnection and
HTTPSConnection now accept an optional timeout).
- bpo-978833: Revert r50844, as it broke _socketobject.dup.
- bpo-1675967: re patterns pickled with Python 2.4 and earlier can now be
unpickled with Python 2.5 and newer.
- bpo-1630118: add a SpooledTemporaryFile class to tempfile.py.
- bpo-1273829: os.walk() now has a "followlinks" parameter. If set to True

(which is not the default), it visits symlinks pointing to directories.
- bpo-1681228: the webbrowser module now correctly uses the default GNOME or
KDE browser, depending on whether there is a session of one of those
present. Also, it tries the Windows default browser before trying Mozilla
variants.
- bpo-1339796: add a relpath() function to os.path.
- bpo-1681153: the wave module now closes a file object it opened if

initialization failed.
- bpo-767111: fix long-standing bug in urllib which caused an AttributeError
instead of an IOError when the server's response didn't contain a valid
HTTP status line.
- bpo-957650: "%var%" environment variable references are now properly

expanded in ntpath.expandvars(), also "~user" home directory references
are recognized and handled on Windows.
- bpo-1429539: pdb now correctly initializes the __main__ module for the
debugged script, which means that imports from __main__ work correctly
now.
- The nonobvious commands.getstatus() function is now deprecated.
- bpo-1393667: pdb now has a "run" command which restarts the debugged
Python program, optionally with different arguments.
- bpo-1649190: Adding support for _Bool to ctypes as c_bool.
- bpo-1530482: add pydoc.render_doc() which returns the documentation for a

thing instead of paging it to stdout, which pydoc.doc() does.
- bpo-1533909: the timeit module now accepts callables in addition to

strings for the code to time and the setup code. Also added two
convenience functions for instantiating a Timer and calling its methods.
- bpo-1537850: tempfile.NamedTemporaryFile now has a "delete" parameter

which can be set to False to prevent the default delete-on-close behavior.
- bpo-1581073: add a flag to textwrap that prevents the dropping of

whitespace while wrapping.
- bpo-1603688: ConfigParser.SafeConfigParser now checks values that are set

for invalid interpolation sequences that would lead to errors on reading
back those values.
- Added support for the POSIX.1-2001 (pax) format to tarfile.py. Extended

and cleaned up the test suite. Added a new testtar.tar.
- bpo-1449244: Support Unicode strings in

email.message.Message.{set_charset,get_content_charset}.
- bpo-1542681: add entries for "with", "as" and "CONTEXTMANAGERS" to pydoc's

help keywords.
- bpo-1555098: use str.join() instead of repeated string concatenation in

robotparser.
- bpo-1635454: the csv.DictWriter class now includes the offending field

names in its exception message if you try to write a record with a
dictionary containing fields not in the CSV field names list.
- bpo-1668100: urllib2 now correctly raises URLError instead of OSError if

accessing a local file via the file:// protocol fails.
- bpo-1677862: Require a space or tab after import in .pth files.
- bpo-1192590: Fix pdb's "ignore" and "condition" commands so they trap the
IndexError caused by passing in an invalid breakpoint number.
- bpo-1599845: Add an option to disable the implicit calls to server_bind()

and server_activate() in the constructors for TCPServer,
SimpleXMLRPCServer and DocXMLRPCServer.
- bpo-1531963: Make SocketServer.TCPServer's server_address always be equal

to calling getsockname() on the server's socket. Fixed by patch #1545011.
- bpo-742598: Add .timeout attribute to SocketServer that calls

.handle_timeout() when no requests are received.
- bpo-1651235: When a tuple was passed to a ctypes function call, Python

would crash instead of raising an error.
- bpo-1646630: ctypes.string_at(buf, 0) and ctypes.wstring_at(buf, 0)

returned string up to the first NUL character.
- bpo-957003: Implement smtplib.LMTP.
- bpo-1481079: add support for HTTP_REFERER to CGIHTTPServer.
- bpo-1675424: Added tests for uncovered code in the zipfile module. The
KeyError raised by Zipfile.getinfo for nonexistent names now has a
descriptive message.
- bpo-1115886: os.path.splitext('.cshrc') gives now ('.cshrc', '').
- unittest now verifies more of its assumptions. In particular, TestCase and

TestSuite subclasses (not instances) are no longer accepted in
TestSuite.addTest(). This should cause no incompatibility since it never
made sense with ordinary subclasses -- the failure just occurred later,
with a more cumbersome exception.
- bpo-787789: allow passing custom TestRunner instances to unittest's main()

function.
- bpo-1550273: fix a few bugs in unittest and add a comprehensive test suite
for the module. (See also: bpo-1550272)
- bpo-1001604: glob.glob() now returns unicode filenames if it was given a

unicode argument and os.listdir() returns unicode filenames.
- bpo-1673619: setup.py identifies extension modules it doesn't know how to

build and those it knows how to build but that fail to build.
- bpo-912410: Replace HTML entity references for attribute values in

HTMLParser.
- bpo-1663234: you can now run doctest on test files and modules using
"python -m doctest [-v] filename ...".
- bpo-1121142: Implement ZipFile.open.
- Taught setup.py how to locate Berkeley DB on Macs using MacPorts.
- Added heapq.merge() for merging sorted input streams.
- Added collections.namedtuple() for assigning field names to tuples.

- Added itertools.izip_longest().
- Have the encoding package's search function dynamically import using

absolute import semantics.
- bpo-1647484: Renamed GzipFile's filename attribute to name.
- bpo-1517891: Mode 'a' for ZipFile now creates the file if it doesn't
exist.
- bpo-698833: Support file decryption in zipfile.
- bpo-685268: Consider a package's __path__ in imputil.
- bpo-1463026: Support default namespace in XMLGenerator.
- bpo-1571379: Make trace's --ignore-dir facility work in the face of

relative directory names.
- bpo-1600860: Search for shared python library in LIBDIR, not

lib/python/config, on "linux" and "gnu" systems.
- bpo-1652681: tarfile.py: create nonexistent files in append mode and allow

appending to empty files.
- bpo-1124861: Automatically create pipes if GetStdHandle fails in

subprocess.
- bpo-1634778: add missing encoding aliases for iso8859_15 and iso8859_16.
- bpo-1638243: the compiler package is now able to correctly compile a with

statement; previously, executing code containing a with statement compiled
by the compiler package crashed the interpreter.
- bpo-1643943: Fix time.strptime's support for the %U directive.
- bpo-1507247: tarfile.py: use current umask for intermediate directories.
- bpo-1627441: close sockets properly in urllib2.
- bpo-494589: make ntpath.expandvars behave according to its docstring.
- Changed platform module API python_version_tuple() to actually return a

tuple (it used to return a list).
- Added new platform module APIs python_branch(), python_revision(),

python_implementation() and linux_distribution().
- Added support for IronPython and Jython to the platform module.
- The sets module has been deprecated. Use the built-in set/frozenset types
instead.
- bpo-1610795: make ctypes.util.find_library work on BSD systems.
- Fixes for 64-bit Windows: In ctypes.wintypes, correct the definitions of

HANDLE, WPARAM, LPARAM data types. Make parameterless foreign function
calls work.
- The version number of the ctypes package changed to "1.1.0".
- bpo-1627575: logging: Added _open() method to FileHandler which can be

used to reopen files. The FileHandler instance now saves the encoding
(which can be None) in an attribute called "encoding".
- bpo-411881: logging.handlers: bare except clause removed from

SMTPHandler.emit. Now, only ImportError is trapped.
- bpo-411881: logging.handlers: bare except clause removed from

SocketHandler.createSocket. Now, only socket.error is trapped.
- bpo-411881: logging: bare except clause removed from LogRecord.__init__.

Now, only ValueError, TypeError and AttributeError are trapped.
- bpo-1504073: Fix tarfile.open() for mode "r" with a fileobj argument.
- bpo-1182394: Speed up ``HMAC.hexdigest``. (Patch by Shane Holloway.)
- bpo-1262036: Prevent TarFiles from being added to themselves under certain

conditions.
- bpo-1230446: tarfile.py: fix ExFileObject so that read() and tell() work

correctly together with readline().
- bpo-1484695: The tarfile module now raises a HeaderError exception if a

buffer given to frombuf() is invalid.
- bpo-1503765: Fix a problem in logging.config with spaces in comma-

separated lists read from logging config files.
- bpo-1604907: Fix problems in logging.handlers caused at logging shutdown

when syslog handlers fail to initialize because of syslogd problems.
- bpo-1608267: fix a race condition in os.makedirs() if the directory to be

created is already there.
- bpo-1610437: fix a tarfile bug with long filename headers.
- bpo-1371075: Make ConfigParser accept optional dict type for ordering,

sorting, etc.
- bpo-1563807: _ctypes built on AIX fails with ld ffi error.
- bpo-1598620: A ctypes Structure cannot contain itself.
- bpo-1070046: Marshal new-style objects like InstanceType in xmlrpclib.
- cStringIO.truncate(-1) now raises an IOError, like StringIO and regular

files.
- bpo-1472877: Fix Tix subwidget name resolution.
- bpo-1594554: Always close a tkSimpleDialog on ok(), even if an exception

occurs.
- bpo-1538878: Don't make tkSimpleDialog dialogs transient if the parent

window is withdrawn.
- bpo-1597824: return the registered function from atexit.register() to
facilitate usage as a decorator.
- bpo-1360200: Use unmangled_version RPM spec field to deal with file name
mangling.
- bpo-1359217: Process 2xx response in an ftplib transfer that precedes an

1xx response.
- bpo-1355023: support whence argument for GzipFile.seek.
- bpo-1065257: Support passing open files as body in

HTTPConnection.request().
- bpo-1569790: mailbox.py: Maildir.get_folder() and MH.get_folder() weren't

passing the message factory on to newly created Maildir/MH objects.
- bpo-1514543: mailbox.py: In the Maildir class, report errors if there's a

filename clash instead of possibly losing a message. (Patch by David
Watson.)
- bpo-1514544: Try to ensure that messages/indexes have been physically

written to disk after calling .flush() or .close(). (Patch by David
Watson.)
- bpo-1592250: Add elide argument to Tkinter.Text.search.
- bpo-838546: Make terminal become controlling in pty.fork().
- bpo-1351744: Add askyesnocancel helper for tkMessageBox.
- bpo-1060577: Extract list of RPM files from spec file in bdist_rpm.
- bpo-1586613: fix zlib and bz2 codecs' incremental en/decoders.
- bpo-1583880: fix tarfile's problems with long names and posix/ GNU modes.
- bpo-1586448: the compiler module now emits the same bytecode for list
comprehensions as the built-in compiler, using the LIST_APPEND opcode.
- Fix codecs.EncodedFile which did not use file_encoding in 2.5.0, and fix
all codecs file wrappers to work correctly with the "with" statement (bug
#1586513).
- Lib/modulefinder.py now handles absolute and relative imports correctly.
- bpo-1567274: Support SMTP over TLS.
- bpo-1560695: Add .note.GNU-stack to ctypes' sysv.S so that ctypes isn't

considered as requiring executable stacks.
- ctypes callback functions only support 'fundamental' data types as result

type. Raise an error when something else is used. This is a partial fix
for Bug #1574584.
- Fix turtle so that time.sleep is imported for the entire library. Allows
the demo2 function to be executed on its own instead of only when the
module is run as a script.
- bpo-1565150: Fix subsecond processing for os.utime on Windows.
- Support for MSVC 8 was added to bdist_wininst.
- bpo-1446043: correctly raise a LookupError if an encoding name given to

encodings.search_function() contains a dot.
- bpo-1560617: in pyclbr, return full module name not only for classes, but
also for functions.
- bpo-1457823: cgi.(Sv)FormContentDict's constructor now takes

keep_blank_values and strict_parsing keyword arguments.
- bpo-1566602: correct failure of posixpath unittest when $HOME ends with a

slash.
- bpo-1565661: in webbrowser, split() the command for the default GNOME

browser in case it is a command with args.
- Made the error message for time.strptime when the data and format do match
be more clear.
- Fix a bug in traceback.format_exception_only() that led to an error being

raised when print_exc() was called without an exception set. In version
2.4, this printed "None", restored that behavior.
- Make webbrowser.BackgroundBrowser usable in Windows (it wasn't because the

close_fds arg to subprocess.Popen is not supported).
- bpo-1504333: Reverted change to sgmllib because it introduced an infinite

loop.
- bpo-1553314: Fix the inspect.py slowdown that was hurting IPython & SAGE
by adding smarter caching in inspect.getmodule()
- Fix missing import of the types module in logging.config.
- bpo-1550886: Fix decimal module context management implementation to match

the localcontext() example from PEP 343.
- bpo-1545341: The 'classifier' keyword argument to the Distutils setup()

function now accepts tuples as well as lists.
- bpo-1541863: uuid.uuid1 failed to generate unique identifiers on systems

with low clock resolution.
- bpo-1531862: Do not close standard file descriptors in subprocess.
- Fix utf-8-sig incremental decoder, which didn't recognise a BOM when the
first chunk fed to the decoder started with a BOM, but was longer than 3
bytes.
- The implementation of UnicodeError objects has been simplified (start and

end attributes are now stored directly as Py_ssize_t members).
- bpo-829951: In the smtplib module, SMTP.starttls() now complies with RFC

3207 and forgets any knowledge obtained from the server not obtained from
the TLS negotiation itself. Patch contributed by Bill Fenner.
- bpo-1339: The smtplib.SMTP class has been refactored a bit such that the
SMTP.starttls() caller no longer needs to call ehlo() beforehand.
SMTP.starttls() now raises an exception of the server does not claim to
support starttls. Adds the SMTP.ehlo_or_helo_if_needed() method. Patch
contributed by Bill Fenner.
- bpo-1089358: Add signal.siginterrupt, a wrapper around siginterrupt(3).
- bpo-1657: added select.epoll and select.kqueue.
- bpo-1506171: added operator.methodcaller().
- bpo-1826: operator.attrgetter() now supports dotted attribute paths.
- bpo-1957: syslogmodule: Release GIL when calling syslog(3).
- bpo-2112: mmap.error is now a subclass of EnvironmentError and not a

direct EnvironmentError.
- bpo-2111: mmap segfaults when trying to write a block opened with

PROT_READ.
- bpo-2063: correct order of utime and stime in os.times() result on

Windows.
- bpo-1736: Fix file name handling of _msi.FCICreate.
- Updated ``big5hkscs`` codec to the HKSCS revision of 2004.
- bpo-1940: make it possible to use curses.filter() before curses.initscr()

as the documentation says.
- Backport of _fileio module from Python 3.0.
- bpo-1087741: mmap.mmap is now a class, not a factory function. It is also

subclassable now.
- bpo-1648: added ``sys.getprofile()`` and ``sys.gettrace()``.
- bpo-1663329: added `òs.closerange()`` function to quickly close a range

of file descriptors without considering errors.
- bpo-976880: ``mmap`` objects now have an ``rfind`` method that works as

expected. ``mmap.find`` also takes an optional `ènd`` parameter.
- _winreg's HKEY object has gained __enter__ and __exit__ methods to support
the context management protocol. The _winreg module also gained a new
function `ÈxpandEnvironmentStrings`` to expand REG_EXPAND_SZ keys.
- itertools.starmap() now accepts any iterable input. Previously, it

required the function inputs to be tuples.
- itertools.chain() now has an alternate constructor, chain.from_iterable().
- bpo-1646: Make socket support TIPC. The socket module now has support for
TIPC under Linux, see http://tipc.sf.net/ for more information.
- Added interface for Windows' WSAIoctl to socket object and added an

example for a simple network sniffer.
- bpo-1301: Bad assert in _tkinter fixed.
- Added bdist_wininst executable for VS 2008.
- bpo-1604: collections.deque.__init__(iterable) now clears any prior

contents before adding elements from the iterable. This fix brings the
behavior into line with that for list.__init__().
- Added wide char functions to msvcrt module: getwch, getwche, putwch and
ungetwch. The functions accept or return unicode.
- os.access now returns True on Windows for any existing directory.
- Added warnpy3k function to the warnings module.
- Marshal.dumps() now expects exact type matches for int, long, float,
complex, tuple, list, dict, set, and frozenset. Formerly, it would
silently miscode subclasses of those types. Now, it raises a ValueError
instead.
- bpo-1388440: Add set_completion_display_matches_hook and

get_completion_type to readline.
- bpo-1649098: Avoid declaration of zero-sized array declaration in

structure.
- Removed the rgbimg module; been deprecated since Python 2.5.
- bpo-1721309: prevent bsddb module from freeing random memory.
- bpo-1233: fix bsddb.dbshelve.DBShelf append method to work as intended for

RECNO databases.
- pybsddb.sf.net Bug #477182: Load the database flags at database open time
so that opening a database previously created with the DB_DUP or
DB_DUPSORT flag set will keep the proper behavior on subsequent opens.
Specifically: dictionary assignment to a DB object will replace all values
for a given key when the database allows duplicate values. DB users
should use DB.put(k, v) when they want to store duplicates; not DB[k] = v.
- Add the bsddb.db.DBEnv.lock_id_free method.
- bpo-1686475: Support stat'ing open files on Windows again.
- bpo-1185447: binascii.b2a_qp() now correctly quotes binary characters with

ASCII value less than 32. Also, it correctly quotes dots only if they
occur on a single line, as opposed to the previous behavior of quoting
dots if they are the second character of any line.
- bpo-1622896: fix a rare corner case where the bz2 module raised an error
in spite of a succesful compression.
- bpo-1654417: make operator.{get,set,del}slice use the full range of

Py_ssize_t.
- bpo-1646728: datetime.fromtimestamp fails with negative fractional times.

With unittest.
- bpo-1490190: posixmodule now includes os.chflags() and os.lchflags()
functions on platforms where the underlying system calls are available.
- bpo-1494140: Add documentation for the new struct.Struct object.
- bpo-1432399: Support the HCI protocol for bluetooth sockets
- bpo-1657276: Make NETLINK_DNRTMSG conditional.
- bpo-1653736: Complain about keyword arguments to time.isoformat.
- bpo-1486663: don't reject keyword arguments for subclasses of built-in

types.
- bpo-1610575: The struct module now supports the 't' code, for C99 _Bool.
- bpo-1635058: ensure that htonl and friends never accept or return negative
numbers, per the underlying C implementation.
- bpo-1544279: Improve thread-safety of the socket module by moving the

sock_addr_t storage out of the socket object.
- bpo-1019808: fix bug that causes an incorrect error to be returned when a

socket timeout is set and a connection attempt fails.
- Speed up function calls into the math module.
- bpo-1588217: don't parse "= " as a soft line break in binascii's a2b_qp()
function, instead leave it in the string as quopri.decode() does.
- bpo-1599782: Fix segfault on bsddb.db.DB().type().
- bpo-1567666: Emulate GetFileAttributesExA for Win95.
- bpo-1576166: Support os.utime for directories on Windows NT+.
- bpo-1572724: fix typo ('=' instead of '==') in _msi.c.
- bpo-1572832: fix a bug in ISO-2022 codecs which may cause segfault when
encoding non-BMP unicode characters.
- bpo-1556784: allow format strings longer than 127 characters in datetime's

strftime function.
- Fix itertools.count(n) to work with negative numbers again.
- RLIMIT_SBSIZE was added to the resource module where available.
- bpo-1551427: fix a wrong NULL pointer check in the win32 version of

os.urandom().
- bpo-1548092: fix curses.tparm seg fault on invalid input.
- bpo-1114: fix curses module compilation on 64-bit AIX, & possibly other
64-bit LP64 platforms where attr_t is not the same size as a long.
(Contributed by Luke Mewburn.)
- bpo-1550714: fix SystemError from itertools.tee on negative value for n.

- Fixed a few bugs on cjkcodecs: - gbk and gb18030 codec now handle U+30FB
KATAKANA MIDDLE DOT correctly. - iso2022_jp_2 codec now encodes into G0
for KS X 1001, GB2312 codepoints to conform the standard. - iso2022_jp_3
and iso2022_jp_2004 codec can encode JIS X 0213:2 codepoints now.
- bpo-1552726: in readline.c, avoid repeatedly polling in interactive mode

by only placing a timeout on the select() if an input hook has been
defined. This prevents an interactive Python from waking up 10 times per
second. Patch by Richard Boulton.
- fixed a bug with bsddb.DB.stat: the flags and txn keyword arguments were
transposed.
- Added support for linking the bsddb module against BerkeleyDB 4.5.x, 4.6.x
and 4.7.x.
- bpo-1633621: if curses.resizeterm() or curses.resize_term() is called,

update _curses.LINES, _curses.COLS, curses.LINES and curses.COLS.
- Fix an off-by-one bug in locale.strxfrm().
- Fix libffi configure for hppa*-*-linux* | parisc*-*-linux*.
- Build using system ffi library on arm*-linux*.
- bpo-1372: zlibmodule.c: int overflow in PyZlib_decompress
- bsddb module: Fix memory leak when using database cursors on databases
without a DBEnv.
- The sqlite3 module was updated to pysqlite 2.4.1.
IDLE
----
- bpo-813342: Start the IDLE subprocess with -Qnew if the parent is started
with that option.
- IDLE: Honor the "Cancel" action in the save dialog (Debian bug #299092).
Tests
-----
- bpo-30357: test_thread: setUp() now uses support.threading_setup() and

support.threading_cleanup() to wait until threads complete to avoid random
side effects on following tests. Initial patch written by Grzegorz
Grzywacz.
- Refactor test_logging to use unittest.
- Refactor test_profile and test_cprofile to use the same code to profile.
- Make test_runpy reentrant by fixing _check_module to clear out any module

being tested. Was causing an error by __import__ doing a reload on the
second run and thus suppressing bytecode recreation.
- Capture socket connection resets and timeouts in test_socket_ssl and

test_urllib2net and raise test.test_support.ResourceDenied.
- bpo-1559413: Fix test_cmd_line if sys.executable contains a space.
- Added test.test_support.TransientResource which is a context manager to

surround calls to resources that are not guaranteed to work even if
test.test_support.requires says that the resource should exist.
- Added a test for slicing of an exception.
- Added test.test_support.EnvironmentVarGuard. It's a class that provides a

context manager so that one can temporarily set or unset environment
variables.
- Added some tests for modulefinder.
- Converted test_imp to use unittest.
- Fix bsddb test_basics.test06_Transactions to check the version number

properly.
- test.test_support.catch_warning is a new context manager that can be used

to catch the warnings issued by the warning framework.
Tools/Demos
-----------
- Tools/scripts/reindent.py now creates the backup file using shutil.copy to

preserve user/group and permissions. Added also a --nobackup option to not
create the backup if the user is concerned regarding this. Check issue
#1050828 for more details.
- Tools/scripts/win_add2path.py was added. The simple script modifes the

PATH environment var of the HKCU tree and adds the python bin and script
directory.
- Tools/18n/pygettext.py was added to the list of scripts installed by

Tools/scripts/setup.py (tracker item 642309).
- Added IronPython and Jython support to pybench (part of which was patch
#1563844).
- Made some minor changes to pybench output to allow the user to see which
Python version is running pybench.
- Added support for the new platform module feature

platform.python_implementation(); this will now be saved in the benchmark
pickle.
Documentation
-------------
- RFE #1765140: Updated documentation on FileHandler and subclasses to

include new optional delay argument.
- bpo-932563: Added section on getting contextual information into logging

output, and added documentation for the new LoggerAdapter class.
- bpo-1295: Added information about caching of formatted exception

information in the LogRecord by Formatter.format().
- bpo-1637365: add subsection about "__name__ == __main__" to the Python
tutorial.
- bpo-1698768: updated the "using Python on the Mac" intro.
- bpo-1569057: Document that calling file.next() when the file is open for
writing is undefined.
- bpo-1489771: the syntax rules in Python Reference Manual were updated to

reflect the current Python syntax.
- bpo-1686451: Fix return type for PySequence_{Count,Index,Fast_GET_SIZE}.
- bpo-1679379: add documentation for fnmatch.translate().
- bpo-1629566: clarify the docs on the return values of parsedate() and

parsedate_tz() in email.utils and rfc822.
- bpo-1671450: add a section about subclassing built-in types to the

"extending and embedding" tutorial.
- bpo-1629125: fix wrong data type (int -> Py_ssize_t) in PyDict_Next docs.
- bpo-1565919: document set types in the Language Reference.
- bpo-1546052: clarify that PyString_FromString(AndSize) copies the string

pointed to by its parameter.
- bpo-1566663: remove obsolete example from datetime docs.
- bpo-1541682: Fix example in the "Refcount details" API docs. Additionally,

remove a faulty example showing PySequence_SetItem applied to a newly
created list object and add notes that this isn't a good idea.
Tools/Demos
-----------
- bpo-1552024: add decorator support to unparse.py demo script.
- Make auto-generated python.vim file list built-ins and exceptions in

alphatbetical order. Makes output more deterministic and easier to tell
if the file is stale or not.
- bpo-1546372: Fixed small bugglet in pybench that caused a missing file not
to get reported properly.
Build
-----
- Have the search path for building extensions follow the declared order in
$CPPFLAGS and $LDFLAGS when adding directories from those environment
variables.
- bpo-1983: Added a check to pyport to verify that sizeof(pid_t) is smaller

or equal sizeof(long).
- bpo-1234: Fixed semaphore errors on AIX 5.2

- bpo-1726: Remove Python/atof.c from PCBuild/pythoncore.vcproj.
- Removed PCbuild8/ directory and added a new build directory for VS 2005
based on the VS 2008 build directory to PC/VS8.0. The script
PCbuild/vs8to9.py was added to sync changes from PCbuild to PC/VS8.0.
- Moved PCbuild/ directory for VS 2003 to PC/VS7.1 and renamed PCBuild9/

directory to PCBuild/.
- bpo-1699: Define _BSD_SOURCE only on OpenBSD.
- bpo-1608: use -fwrapv when GCC supports it. This is important, newer GCC
versions may optimize away overflow buffer overflow checks without this
option!
- bpo-1418: Make the AC_REPLACE_FUNCS object files actually work.
- Add a FAST_LOOPS build option that speeds-up looping by trading away

periodic threadstate and signal checking in tight loops. By default, this
option is turned-off. It should only be enabled in debugged, performance
critical applications.
- bpo-786737: Allow building in a tree of symlinks pointing to a readonly

source.
- bpo-1737210: Change Manufacturer of Windows installer to PSF.
- bpo-1746880: Correctly install DLLs into system32 folder on Win64.
- Define _BSD_SOURCE, to get access to POSIX extensions on OpenBSD 4.1+.
- Stop supporting AtheOS and cause a build error in configure for the
platform.
- bpo-1655392: don't add -L/usr/lib/pythonX.Y/config to the LDFLAGS returned

by python- config if Python was built with --enable-shared because that
prevented the shared library from being used.
- bpo-1569798: fix a bug in distutils when building Python from a directory

within sys.exec_prefix.
- bpo-1675511: Use -Kpic instead of -xcode=pic32 on Solaris/x86.
- Disable _XOPEN_SOURCE on NetBSD 1.x.
- configure now checks whether gcc supports the PyArg_ParseTuple format

attribute.
- bpo-1578513: Cross compilation was broken by a change to configure. Repair

so that it's back to how it was in 2.4.3.
- bpo-1576954: Update VC6 build directory; remove redundant files in VC7.
- bpo-1568842: Fix test for uintptr_t.
- bpo-1540470: for OpenBSD 4.0.
- Fix build failure on kfreebsd and on the hurd.

- Fix the build of the library reference in info format.
- Allow Emacs 22 for building the documentation in info format.
- Makefile.pre.in(buildbottest): Run an optional script pybuildbot.identify

to include some information about the build environment.
C API
-----
- Unified naming convention for free lists and their limits. All free lists
in Object/ are named ``free_list``, the counter ``numfree`` and the upper
limit is a macro ``PyName_MAXFREELIST`` inside an #ifndef block.
- ``PySet_Add()`` can now modify a newly created frozenset. Similarly to

``PyTuple_SetItem``, it can be used to populate a brand new frozenset; but
it does not steal a reference to the added item.
- Added ``PySet_Check()`` and ``PyFrozenSet_Check()`` to the set API.
- Backport of PyUnicode_FromString(), _FromStringAndSize(), _Format and

_FormatV from Python 3.0. Made PyLong_AsSsize_t and PyLong_FromSsize_t
public functions.
- bpo-1720595: add T_BOOL to the range of structmember types.
- bpo-1534: Added ``PyFloat_GetMax()``, ``PyFloat_GetMin()`` and

``PyFloat_GetInfo()`` to the float API.
- bpo-1521: On 64bit platforms, using PyArgs_ParseTuple with the t# of w#

format code incorrectly truncated the length to an int, even when
PY_SSIZE_T_CLEAN is set. The str.decode method used to return incorrect
results with huge strings.
- bpo-1629: Renamed Py_Size, Py_Type and Py_Refcnt to Py_SIZE, Py_TYPE and

Py_REFCNT.
- PEP 3123: Provide forward compatibility with Python 3.0, while keeping
backwards compatibility. Add Py_Refcnt, Py_Type, Py_Size, and
PyVarObject_HEAD_INIT.
- Py_ssize_t fields work in structmember when HAVE_LONG_LONG is not defined.
- bpo-1733960: Allow T_LONGLONG to accept ints.
- T_PYSSIZET can now be used in PyMemberDef lists for Py_ssize_t members.
- Added a new API function ``PyImport_ImportModuleNoBlock``.
- bpo-1637022: Prefix AST symbols with _Py_.
- Fix some leftovers from the conversion from int to Py_ssize_t (relevant to
strings and sequences of more than 2**31 items).
- Make _PyGILState_NoteThreadState() static, it was not used anywhere

outside of pystate.c and should not be necessary.
- ``PyImport_Import`` and ``PyImport_ImportModule`` now always do absolute

imports. In earlier versions they might have used relative imports under
some conditions.
- Added case insensitive comparison methods ``PyOS_stricmp(char*, char*)``

and ``PyOS_strnicmp(char*, char*, Py_ssize_t)``.
- bpo-1542693: remove semi-colon at end of PyImport_ImportModuleEx macro so

it can be used as an expression.
Windows
-------
- bpo-1706: Drop support for Win9x, WinME and NT4. Python now requires
Windows 2000 or greater. The _WINVER and NTDDI_VERSION macros are set to
Win2k for x86/32bit builds and WinXP for AMD64 builds.
- Conditionalize definition of _CRT_SECURE_NO_DEPRECATE and

_CRT_NONSTDC_NO_DEPRECATE.
- bpo-1216: Restore support for Visual Studio 2002.
macOS
-----
- cfmfile now raises a DeprecationWarning.
- buildtools now raises a DeprecationWarning.
- Removed the macfs module. It had been deprecated since Python 2.5. This
lead to the deprecation of macostools.touched() as it relied solely on
macfs and was a no-op under OS X.
**(For information about older versions, consult the HISTORY file.)**

NEWS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NEWS

Uploaded by

Copyright:

Available Formats

+++++++++++

What's New in Python 2.7.17 final?

*Release date: 2019-10-19*

There were no new changes in version 2.7.17.

What's New in Python 2.7.17 release candidate 1?

*Release date: 2019-10-07*

- bpo-38243: Escape the server title of

- bpo-38174: Update vendorized expat library version to 2.2.8, which

- bpo-34631: Updated OpenSSL to 1.0.2s in Windows installer

- bpo-35121: Don't send cookies of domain A without Domain attribute to

- bpo-36742: Fixes mishandling of pre-normalization characters in

- bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded

- bpo-36216: Changes urlsplit() to raise ValueError when the URL contains

- bpo-35907: CVE-2019-9948: Avoid file reading by disallowing ``local-

- bpo-38106: Fix race in PyThread_release_lock that was leading to memory

- bpo-37329: valgrind: suppress a false alarm in memory leak checks.

- bpo-26423: Fix possible overflow in ``wrap_lenfunc()`` when ``sizeof(long)

- bpo-27987: pymalloc returns memory blocks aligned by 16 bytes, instead of

- bpo-36504: Fix signed integer overflow in _ctypes.c's

- bpo-36459: Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's

- bpo-36430: Fix a possible reference leak in :func:`itertools.count`.

- bpo-18368: PyOS_StdioReadline() no longer leaks memory when realloc()

- bpo-36262: Fix an unlikely memory leak on conversion from string to float

- bpo-36149: Fix use of uninitialized memory in cPickle when reading a

- bpo-38175: Fix a memory leak in comparison of :class:`sqlite3.Row`

- bpo-33936: _hashlib no longer calls obsolete OpenSSL initialization

- bpo-34410: Fixed a crash in the :func:`tee` iterator when re-enter it.

- bpo-34521: Fix file descriptors transfer in multiprocessing on FreeBSD:

- bpo-37437: Update vendorized expat version to 2.2.7.

- bpo-36742: :func:`urlparse.urlsplit` error message for invalid ``netloc``

- bpo-12639: :meth:`msilib.Directory.start_component()` no longer fails if

- bpo-36713: Rename the :meth:`test_ascii_replace` to

- bpo-28552: Fix :mod:`distutils.sysconfig` if :data:`sys.executable` is

- bpo-36337: Fix buffer overflow in :meth:`~socket.socket.send` and

- bpo-36291: Fix a possible reference leak in the json module.

- bpo-36289: Fix a possible reference leak in the io module.

- bpo-36212: Fix two possible reference leaks in the hotshot module.

- bpo-36235: Fix ``CFLAGS`` in ``customize_compiler()`` of

- bpo-35807: Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.

- bpo-36186: Fix linuxaudiodev.linux_audio_device() error handling: close

- bpo-13096: Fix memory leak in ctypes POINTER handling of large values.

- bpo-36179: Fix two unlikely reference leaks in _hashopenssl. The leaks

- bpo-36106: Resolve potential name clash with libm's sinpi(). Patch by

- bpo-31292: Fix ``setup.py check --restructuredtext`` for files containing

- bpo-35126: Improve the examples in the "How do I convert a number to

- bpo-35605: Fix documentation build for sphinx<1.6. Patch by Anthony

- bpo-35564: Explicitly set master_doc variable in conf.py for compliance

- bpo-33832: Add glossary entry for 'magic method'.

- bpo-37411: Fix test_wsgiref.testEnviron() to no longer depend on the

- bpo-37359: Add --cleanup option to python3 -m test to remove

- bpo-37362: test_gdb no longer fails if it gets an "unexpected" message on

- bpo-36816: Update Lib/test/selfsigned_pythontestdotnet.pem to match self-

- bpo-36234: test_posix.PosixUidGidTests: add tests for invalid uid/gid type

- bpo-36019: Add test.support.TEST_HTTP_URL and replace references of

- bpo-27313: Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa

- bpo-26386: Re-enable missing widget testcases in test_ttk_guionly.

- bpo-34836: Fix ``test_default_ecdh_curve`` when TLSv1.3 is enabled by

- bpo-38301: In Solaris family, we must be sure to use ``-D_REENTRANT``.

- bpo-14353: Fix detection of the bind_textdomain_codeset function for

- bpo-36605: ``make tags`` and ``make TAGS`` now also parse

- bpo-35264: Fix SSL module build with OpenSSL 1.1.0

- bpo-38117: Updates bundled OpenSSL to 1.0.2t

- bpo-37445: Include the ``FORMAT_MESSAGE_IGNORE_INSERTS`` flag in

Release date: 2019-10-19

Release date: 2019-10-07

Release date: 2019-03-02

Release date: 2019-02-16

- bpo-10496: :func:`posixpath.expanduser` now returns the input path

- bpo-32861: The urllib.robotparser's ``str`` representation now