(CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc,
CVE-2012-0876 is not affect to pkgsrc, using external expat)
What's New in Python 2.6.8?
===========================
*Release date: 2012-04-10*
No changes since 2.6.8rc2.
What's New in Python 2.6.8 rc 2?
================================
*Release date: 2012-03-17*
Library
-------
- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
table internal to the pyexpat module's copy of the expat library to avoid a
denial of service due to hash collisions. Patch by David Malcolm with some
modifications by the expat project.
What's New in Python 2.6.8 rc 1?
================================
*Release date: 2012-02-23*
Core and Builtins
-----------------
- Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line
option and PYTHONHASHSEED environment variable, to provide an opt-in
way to protect against denial of service attacks due to hash
collisions within the dict and set types. Patch by David Malcolm,
based on work by Victor Stinner.
Library
-------
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
"platform" in Python terms is different for Linux kernel 2.* Vs Linux
kernel 3.*. Add in support to pull in a different PLIST for Linux 3.*.
Fixes build under Ubuntu 11.10.
XXX Perhaps it would be cleaner to name the PLIST to match the python platform
name - since we already calculate that anyway, and that is exactly what drives
the contents of these PLISTs.
awkwardly, leading to Python 2.6 failing to build.
Python 2.7 builds ok, because it has been taught to deal with this.
This patch retro-fits the 2.7 code into 2.6, and allows 2.6 to build on
Ubuntu 11.04.
Ok'd by wiz@
It is not a leaf package, but the changes affect Mac OS X only.
Test builds on 10.5/i386, 10.6/i386 (thanks tron@), 10.7/i386 and
10.7/x86_64 (thanks ryoon@).
(CVE-2011-1521 had been fixed in pkgsrc).
What's New in Python 2.6.7?
===========================
*Release date: 2011-06-03*
*NOTE: Python 2.6 is in security-fix-only mode. No non-security bug fixes are
allowed. Python 2.6.7 and beyond will be source only releases.*
* No changes since 2.6.7rc2.
What's New in Python 2.6.7 rc 2?
================================
*Release date: 2011-05-20*
*NOTE: Python 2.6 is in security-fix-only mode. No non-security bug fixes are
allowed. Python 2.6.7 and beyond will be source only releases.*
Library
-------
- Issue #11662: Make urllib and urllib2 ignore redirections if the
scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
- Issue #11442: Add a charset parameter to the Content-type in SimpleHTTPServer
to avoid XSS attacks.
What's New in Python 2.6.7 rc 1?
================================
*Release date: 2011-05-06*
Library
-------
- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
error handling when accepting a new connection.
definitions which do things behind the client pkgs back, in particular
manipulate the library search path
It is well possible that this causes some fallout, but I hope it
will be small and can be dealt with on a per-pkg basis.
(partly) suggested by Mark Davies on tech-pkg
* Use $(CC) for LDSHARED on NetBSD and DragonFly like any other.
Fixes PR#42598 for that libpython will be linked with sufficient flags.
Bump PKGREVISION.
* fix a typo in patch-am
* MESSAGE.SunOS is not required since the previous bump,
because "sunaudiodev" module will not be installed anymore.
* install 2to3 script with version suffix (and ALTERNATIVES)
to avoid conflict with future python version.
Bump PKGREVISION.
What's New in Python 2.6.6?
===========================
*Release date: 2010-08-24*
Core and Builtins
-----------------
Library
-------
What's New in Python 2.6.6 rc 2?
================================
*Release date: 2010-08-16*
Library
-------
- Issue #9600: Don't use relative import for _multiprocessing on Windows.
- Issue #8688: Revert regression introduced in 2.6.6rc1 (making Distutils
recalculate MANIFEST every time).
- Issue #5798: Handle select.poll flag oddities properly on OS X.
This fixes test_asynchat and test_smtplib failures on OS X.
- Issue #9543: Fix regression in socket.py introduced in Python 2.6.6 rc 1
in r83624.
Extension Modules
-----------------
- Issue #7567: Don't call `setupterm' twice.
Tests
-----
- Issue #9568: Fix test_urllib2_localnet on OS X 10.3.
- Issue #9145: Fix test_coercion failure in refleak runs.
- Issue #8433: Fix test_curses failure caused by newer versions of
ncurses returning ERR from getmouse() when there are no mouse
events available.
What's New in Python 2.6.6 rc 1?
================================
*Release date: 2010-08-03*
Core and Builtins
-----------------
- Issue #6213: Implement getstate() and setstate() methods of utf-8-sig and
utf-16 incremental encoders.
- Issue #8271: during the decoding of an invalid UTF-8 byte sequence, only the
start byte and the continuation byte(s) are now considered invalid, instead
of the number of bytes specified by the start byte.
E.g.: '\xf1\x80AB'.decode('utf-8', 'replace') now returns u'\ufffdAB' and
replaces with U+FFFD only the start byte ('\xf1') and the continuation byte
('\x80') even if '\xf1' is the start byte of a 4-bytes sequence.
Previous versions returned a single u'\ufffd'.
- Issue #9058: Remove assertions about INT_MAX in UnicodeDecodeError.
- Issue #8941: decoding big endian UTF-32 data in UCS-2 builds could crash
the interpreter with characters outside the Basic Multilingual Plane
(higher than 0x10000).
- Issue #8627: Remove bogus "Overriding __cmp__ blocks inheritance of
__hash__ in 3.x" warning. Also fix "XXX undetected error" that
arises from the "Overriding __eq__ blocks inheritance ..." warning
when turned into an exception: in this case the exception simply
gets ignored.
- Issue #4108: In urllib.robotparser, if there are multiple 'User-agent: *'
entries, consider the first one.
- Issue #9354: Provide getsockopt() in asyncore's file_wrapper.
- In the unicode/str.format(), raise a ValueError when indexes to arguments are
too large.
- Issue #3798: Write sys.exit() message to sys.stderr to use stderr encoding
and error handler, instead of writing to the C stderr file in utf-8
- Issue #7902: When using explicit relative import syntax, don't try
implicit relative import semantics.
- Issue #7079: Fix a possible crash when closing a file object while using
it from another thread. Patch by Daniel Stutzbach.
- Issue #1533: fix inconsistency in range function argument
processing: any non-float non-integer argument is now converted to
an integer (if possible) using its __int__ method. Previously, only
small arguments were treated this way; larger arguments (those whose
__int__ was outside the range of a C long) would produce a TypeError.
- Issue #8417: Raise an OverflowError when an integer larger than sys.maxsize
is passed to bytearray.
- Issue #8329: Don't return the same lists from select.select when no fds are
changed.
- Raise a TypeError when trying to delete a T_STRING_INPLACE struct member.
- Issue #1583863: An unicode subclass can now override the __unicode__ method.
- Issue #7507: Quote "!" in pipes.quote(); it is special to some shells.
- Issue #7544: Preallocate thread memory before creating the thread to avoid
a fatal error in low memory condition.
- Issue #7820: The parser tokenizer restores all bytes in the right if
the BOM check fails.
- Issue #7072: isspace(0xa0) is true on Mac OS X
C-API
-----
- Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
embedders of the interpreter to set sys.argv without also modifying
sys.path. This helps fix `CVE-2008-5983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
Library
-------
- Issue #8447: Make distutils.sysconfig follow symlinks in the path to
the interpreter executable. This fixes a failure of test_httpservers
on OS X.
- Issue #7092: Fix the DeprecationWarnings emitted by the standard library
when using the -3 flag. Patch by Florent Xicluna.
- Issue #7395: Fix tracebacks in pstats interactive browser.
- Issue #1713: Fix os.path.ismount(), which returned true for symbolic links
across devices.
- Issue #8826: Properly load old-style "expires" attribute in http.cookies.
- Issue #1690103: Fix initial namespace for code run with trace.main().
- Issue #5294: Fix the behavior of pdb's "continue" command when called
in the top-level debugged frame.
- Issue #5727: Restore the ability to use readline when calling into pdb
in doctests.
- Issue #6719: In pdb, do not stop somewhere in the encodings machinery
if the source file to be debugged is in a non-builtin encoding.
- Issue #8048: Prevent doctests from failing when sys.displayhook has
been reassigned.
- Issue #8015: In pdb, do not crash when an empty line is entered as
a breakpoint command.
- Issue #7909: Do not touch paths with the special prefixes ``\\.\``
or ``\\?\`` in ntpath.normpath().
- Issue #5146: Handle UID THREAD command correctly in imaplib.
- Issue #5147: Fix the header generated for cookie files written by
http.cookiejar.MozillaCookieJar.
- Issue #8198: In pydoc, output all help text to the correct stream
when sys.stdout is reassigned.
- Issue #1019882: Fix IndexError when loading certain hotshot stats.
- Issue #8471: In doctest, properly reset the output stream to an empty
string when Unicode was previously output.
- Issue #8397: Raise an error when attempting to mix iteration and regular
reads on a BZ2File object, rather than returning incorrect results.
- Issue #8620: when a Cmd is fed input that reaches EOF without a final
newline, it no longer truncates the last character of the last command line.
- Issue #7066: archive_util.make_archive now restores the cwd if an error is
raised. Initial patch by Ezio Melotti.
- Issue #5006: Better handling of unicode byte-order marks (BOM) in the io
library. This means, for example, that opening an UTF-16 text file in append
mode doesn't add a BOM at the end of the file if the file isn't empty.
- Issue #3704: cookielib was not properly handling URLs with a / in the
parameters.
- Issue #4629: getopt raises an error if an argument ends with = whereas getopt
doesn't except a value (eg. --help= is rejected if getopt uses ['help='] long
options).
- Issue #7895: platform.mac_ver() no longer crashes after calling os.fork()
- Issue #5395: array.fromfile() would raise a spurious EOFError when an
I/O error occurred. Now an IOError is raised instead. Patch by chuck
(Jan Hosang).
- Issue #1555570: email no longer inserts extra blank lines when a \r\n
combo crosses an 8192 byte boundary.
- Issue #9164: Ensure sysconfig handles dupblice archs while building on OSX
- Issue #7646: The fnmatch pattern cache no longer grows without bound.
- Issue #9136: Fix 'dictionary changed size during iteration'
RuntimeError produced when profiling the decimal module. This was
due to a dangerous iteration over 'locals()' in Context.__init__.
- Fix extreme speed issue in Decimal.pow when the base is an exact
power of 10 and the exponent is tiny (for example,
Decimal(10) ** Decimal('1e-999999999')).
- Issue #9130: Fix validation of relative imports in parser module.
- Issue #9128: Fix validation of class decorators in parser module.
- Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop
module, ensure that the input string length is a multiple of the frame size
- Issue #6589: cleanup asyncore.socket_map in case smtpd.SMTPServer constructor
raises an exception.
- Issue #9125: Add recognition of 'except ... as ...' syntax to parser module.
- Issue #9085: email package version number bumped to its correct
value of 4.0.2 (same as it was in 2.5).
- Issue #9075: In the ssl module, remove the setting of a ``debug`` flag
on an OpenSSL structure.
- Issue #5610: feedparser no longer eats extra characters at the end of
a body part if the body part ends with a \r\n.
- Issue #8924: logging: Improved error handling for Unicode in exception text.
- Fix codecs.escape_encode to return the correct consumed size.
- Issue #6470: Drop UNC prefix in FixTk.
- Issue #8833: tarfile created hard link entries with a size field != 0 by
mistake.
- Issue #1368247: set_charset (and therefore MIMEText) now automatically
encodes a unicode _payload to the output_charset.
- Issue #7150: Raise OverflowError if the result of adding or subtracting
timedelta from date or datetime falls outside of the MINYEAR:MAXYEAR range.
- Issue #6662: Fix parsing of malformatted charref (&#bad;), patch written by
Fredrik Håård
- Issue #1628205: Socket file objects returned by socket.socket.makefile() now
properly handles EINTR within the read, readline, write & flush methods.
The socket.sendall() method now properly handles interrupted system calls.
- Issue #3924: Ignore cookies with invalid "version" field in cookielib.
- Issue #6268: Fix seek() method of codecs.open(), don't read or write the BOM
twice after seek(0). Fix also reset() method of codecs, UTF-16, UTF-32 and
StreamWriter classes.
- Issue #5640: Fix Shift-JIS incremental encoder for error handlers different
than strict
- Issue #8782: Add a trailing newline in linecache.updatecache to the last line
of files without one.
- Issue #8729: Return NotImplemented from collections.Mapping.__eq__ when
comparing to a non-mapping.
- Issue #5918: Fix a crash in the parser module.
- Issue #8688: Distutils now recalculates MANIFEST everytime.
- Issue #7640: In the new `io` module, fix relative seek() for buffered
readable streams when the internal buffer isn't empty. Patch by Pascal
Chambon.
- Issue #5099: subprocess.Popen.__del__ no longer references global objects,
leading to issues during interpreter shutdown.
- Issue #8681: Make the zlib module's error messages more informative when
the zlib itself doesn't give any detailed explanation.
- Issue #8674: Fixed a number of incorrect or undefined-behaviour-inducing
overflow checks in the audioop module.
- Issue #8571: Fix an internal error when compressing or decompressing a
chunk larger than 1GB with the zlib module's compressor and decompressor
objects.
- Issue #8573: asyncore _strerror() function might throw ValueError.
- Issue #8483: asyncore.dispatcher's __getattr__ method produced confusing
error messages when accessing undefined class attributes because of the cheap
inheritance with the underlying socket object.
- Issue #4265: shutil.copyfile() was leaking file descriptors when disk fills.
Patch by Tres Seaver.
- Issue #8621: uuid.uuid4() returned the same sequence of values in the
parent and any children created using ``os.fork`` on MacOS X 10.6.
- Issue #8313: traceback.format_exception_only() encodes unicode message to
ASCII with backslashreplace error handler if str(value) failed
- Issue #8567: Fix precedence of signals in Decimal module: when a
Decimal operation raises multiple signals and more than one of those
signals is trapped, the specification determines the order in which
the signals should be handled. In many cases this order wasn't
being followed, leading to the wrong Python exception being raised.
- Issue #7865: The close() method of :mod:`io` objects should not swallow
exceptions raised by the implicit flush(). Also ensure that calling
close() several times is supported. Initial patch by Pascal Chambon.
- Issue #8581: logging: removed errors raised when closing handlers twice.
- Issue #4687: Fix accuracy of garbage collection runtimes displayed with
gc.DEBUG_STATS.
- Issue #8354: The siginterrupt setting is now preserved for all signals,
not just SIGCHLD.
- Issue #8577: distutils.sysconfig.get_python_inc() now makes a difference
between the build dir and the source dir when looking for "python.h" or
"Include".
- Issue #8464: tarfile no longer creates files with execute permissions set
when mode="w|" is used.
- Issue #7834: Fix connect() of Bluetooth L2CAP sockets with recent versions
of the Linux kernel. Patch by Yaniv Aknin.
- Issue #6312: Fixed http HEAD request when the transfer encoding is chunked.
It should correctly return an empty response now.
- Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline
before the certificate footer. Patch by Kyle VanderBeek.
- Issue #8549: Fix compiling the _ssl extension under AIX. Patch by
Sridhar Ratnakumar.
- Issue #2302: Fix a race condition in SocketServer.BaseServer.shutdown,
where the method could block indefinitely if called just before the
event loop started running. This also fixes the occasional freezes
witnessed in test_httpservers.
- Issue #5103: SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
- The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
- Issue #5238: Calling makefile() on an SSL object would prevent the
underlying socket from being closed until all objects get truely destroyed.
- Issue #7943: Fix circular reference created when instantiating an SSL
socket. Initial patch by Péter Szabó.
- Issue #8108: Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
- Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
- Issue #4814: timeout parameter is now applied also for connections resulting
from PORT/EPRT commands.
- Issue #3817: ftplib.FTP.abort() method now considers 225 a valid response
code as stated in RFC-959 at chapter 5.4.
- Issue #5277: Fix quote counting when parsing RFC 2231 encoded parameters.
- Issue #8179: Fix macpath.realpath() on a non-existing path.
- Issue #8310: Allow dis to examine new style classes.
- Issue #7667: Fix doctest failures with non-ASCII paths.
- Issue #7624: Fix isinstance(foo(), collections.Callable) for old-style
classes.
- Issue #7512: shutil.copystat() could raise an OSError when the filesystem
didn't support chflags() (for example ZFS under FreeBSD). The error is
now silenced.
- Issue #3890, #8222: Fix recv() and recv_into() on non-blocking SSL sockets.
Also, enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
reads and writes are always retried by OpenSSL itself.
- Issue #6544: fix a reference leak in the kqueue implementation's error
handling.
- Issue #7774: Set sys.executable to an empty string if argv[0] has been
set to an non existent program name and Python is unable to retrieve the real
program name
- Issue #6906: Tk should not set Unicode environment variables on Windows.
- Issue #1054943: Fix unicodedata.normalize('NFC', text) for the Public Review
Issue #29
- Issue #7494: fix a crash in _lsprof (cProfile) after clearing the profiler,
reset also the pointer to the current pointer context.
- Issue #4961: Inconsistent/wrong result of askyesno function in tkMessageBox
with Tcl/Tk-8.5.
- Issue #7356: ctypes.util: Make parsing of ldconfig output independent of
the locale.
Extension Modules
-----------------
- Fix memory leak in ssl._ssl._test_decode_cert.
- Issue #9422: Fix memory leak when re-initializing a struct.Struct object.
- Issue #7900: The getgroups(2) system call on MacOSX behaves rather oddly
compared to other unix systems. In particular, os.getgroups() does
not reflect any changes made using os.setgroups() but basicly always
returns the same information as the id command.
os.getgroups() can now return more than 16 groups on MacOSX.
- Issue #9277: Fix bug in struct.pack for bools in standard mode
(e.g., struct.pack('>?')): if conversion to bool raised an exception
then that exception wasn't properly propagated on machines where
char is unsigned.
- Issue #7384: If the system readline library is linked against
ncurses, do not link the readline module against ncursesw. The
additional restriction of linking the readline and curses modules
against the same curses library is currently not enabled.
- Issue #2810: Fix cases where the Windows registry API returns
ERROR_MORE_DATA, requiring a re-try in order to get the complete result.
Build
-----
- Issue #8854: Fix finding Visual Studio 2008 on Windows x64.
- Issue #3928: os.mknod() now available in Solaris, also.
- Issue #8175: --with-universal-archs=all works correctly on OSX 10.5
- Issue #6716: Quote -x arguments of compileall in MSI installer.
- Issue #1628484: The Makefile doesn't ignore the CFLAGS environment
variable anymore. It also forwards the LDFLAGS settings to the linker
when building a shared library.
Tests
-----
- Issue #7849: Now the utility ``check_warnings`` verifies if the warnings are
effectively raised. A new private utility ``_check_py3k_warnings`` has been
backported to help silencing py3k warnings.
- Issue #8672: Add a zlib test ensuring that an incomplete stream can be
handled by a decompressor object without errors (it returns incomplete
uncompressed data).
- Issue #8629: Disable some test_ssl tests, since they give different
results with OpenSSL 1.0.0 and higher.
- Issue #8576: Remove use of find_unused_port() in test_smtplib and
test_multiprocessing. Patch by Paul Moore.
- Issue #7027: regrtest.py keeps a reference to the encodings.ascii module as a
workaround to #7140 bug
- Issue #3864: Skip three test_signal tests on freebsd6 because they fail
if any thread was previously started, most likely due to a platform bug.
- Issue #8193: Fix test_zlib failure with zlib 1.2.4.
Documentation
-------------
- Issue #9255: Document that the 'test' package is for internal Python use
only.
- Issue #8909: Added the size of the bitmap used in the installer created by
distutils' bdist_wininst. Patch by Anatoly Techtonik.
What's New in Python 2.6.5?
===========================
*Release date: 2010-03-18*
What's New in Python 2.6.5 rc 2?
================================
*Release date: 2010-03-09*
Core and Builtins
-----------------
- Issue #8089: a OS X framework build with --with-universal-archs=3-way|intel
had no way to select a 32-bit executable.
- Issue #8084: fixes build issues on OSX 10.6 when targetting OSX 10.4.
Library
-------
- Reverting the changes made in r78432. Discussed in the tracker issue #7540.
- Issue #8107: Fixed test_distutils so it doesn't crash when the source
directory cannot be found.
Extension Modules
-----------------
- Issue #7670: sqlite3: Fixed crashes when operating on closed connections.
- Issue #8053: logic was inverted on which platforms to run a test on.
caused test_thread to fail on Windows.
What's New in Python 2.6.5 rc 1?
================================
*Release date: 2010-03-01*
Core and Builtins
-----------------
- Issue #7309: Fix unchecked attribute access when converting
UnicodeEncodeError, UnicodeDecodeError, and UnicodeTranslateError to
strings.
- Issue #7649: "u'%c' % char" now behaves like "u'%s' % char" and raises a
UnicodeDecodeError if 'char' is a byte string that can't be decoded using
the default encoding.
- Issue #5677: Explicitly forbid write operations on read-only file objects,
and read operations on write-only file objects. On Windows, the system C
library would return a bogus result; on Solaris, it was possible to crash
the interpreter. Patch by Stefan Krah.
- Issue #4978: Passing keyword arguments as unicode strings is now allowed.
- Issue #7819: Check sys.call_tracing() arguments types.
- Issue #7788: Fix an interpreter crash produced by deleting a list
slice with very large step value.
- Issue #7561: Operations on empty bytearrays (such as `int(bytearray())`)
could crash in many places because of the PyByteArray_AS_STRING() macro
returning NULL. The macro now returns a statically allocated empty
string instead.
- Issue #7604: Deleting an unset slotted attribute did not raise an
AttributeError.
- Issue #7413: Passing '\0' as the separator to datetime.datetime.isoformat()
used to drop the time part of the result.
- Issue #6108: unicode(exception) and str(exception) should return the same
message when only __str__ (and not __unicode__) is overridden in the
subclass.
- Issue #7491: Metaclass's __cmp__ method was ignored.
- Add Py3k warnings for parameter names in parenthesis.
- Issue #7362: Give a proper error message for def f((x)=3): pass.
- Issue #7085: Fix crash when importing some extensions in a thread
on MacOSX 10.6.
- Issue #7070: Fix round bug for large odd integer arguments.
- Issue #7078: Set struct.__doc__ from _struct.__doc__.
- Issue #1722344: threading._shutdown() is now called in Py_Finalize(), which
fixes the problem of some exceptions being thrown at shutdown when the
interpreter is killed. Patch by Adam Olsen.
- Issue #7084: Fix a (very unlikely) crash when printing a list from one
thread, and mutating it from another one. Patch by Scott Dial.
- Issue #1747858: Fix lchown & fchown to work with large uid's and gid's on
64-bit platforms.
Library
-------
- Issue #7250: Fix info leak of os.environ across multi-run uses of
wsgiref.handlers.CGIHandler.
- Issue #1729305: Fix doctest to handle encode error with "backslashreplace".
- Issue #691291: codecs.open() should not convert end of lines on reading and
writing.
- Issue #7975: correct regression in dict methods supported by bsddb.dbshelve.
- Issue #7959: ctypes callback functions are now registered correctly
with the cycle garbage collector.
- Issue #6243: curses.getkey() can segfault when used with ungetch.
Fix by Trundle and Jerry Chen.
- Issue #7597: curses.use_env() can now be called before initscr().
Noted by Kan-Ru Chen.
- Issue #7970: email.Generator.flatten now correctly flattens message/rfc822
messages parsed by email.Parser.HeaderParser.
- Issue #3426: ``os.path.abspath`` now returns unicode when its arg is unicode.
- Issue #7835: shelve should no longer produce mysterious warnings during
interpreter shutdown.
- Issue #4772: Raise a ValueError when an unknown Bluetooth protocol is
specified, rather than fall through to AF_PACKET (in the `socket` module).
Also, raise ValueError rather than TypeError when an unknown TIPC address
type is specified. Patch by Brian Curtin.
- Issue #6939: Fix file I/O objects in the `io` module to keep the original
file position when calling `truncate()`. It would previously change the
file position to the given argument, which goes against the tradition of
ftruncate() and other truncation APIs. Patch by Pascal Chambon.
- Issue #7773: Fix an UnboundLocalError in platform.linux_distribution() when
the release file is empty.
- Issue #7748: Since unicode values are supported for some metadata options
in Distutils, the DistributionMetadata get_* methods will now return an utf-8
encoded string for them. This ensure that the upload and register commands
send the right values to PyPI without any error.
- Issue #1670765: Prevent email.generator.Generator from re-wrapping
headers in multipart/signed MIME parts, which fixes one of the sources of
invalid modifications to such parts by Generator.
- Issue #7701: Fix crash in binascii.b2a_uu() in debug mode when given a
1-byte argument. Patch by Victor Stinner.
- Issue #3299: Fix possible crash in te _sre module when given bad
argument values in debug mode. Patch by Victor Stinner.
- Issue #5827: Make sure that normpath preserves unicode. Initial patch
by Matt Giuca.
- Issue #5372: Drop the reuse of .o files in Distutils' ccompiler (since
ing the .c
file). Initial patch by Collin Winter.
- Issue #7617: Make sure distutils.unixccompiler.UnixCCompiler recognizes
gcc when it has a fully qualified configuration prefix. Initial patch
by Arfrever.
- Issue #7071: byte-compilation in Distue.
- Issue #7092: Remove py3k warning when importing cPickle. 2to3 handles
renaming of `cPickle` to `pickle`. The warning was annoying since there's
no alternative to cPickle if you care about performance. Patch by Florent
Xicluna.
- Issue #745tch by
Victor Stinner.
- Issue #6511: ZipFile now raises BadZipfile (instead of an IOError) when
opening an empty or very small file.
- Issue #7552: Removed line feed in the base64 Authorization header in
the Distutils upload command to avoid an ers on long passwords. Initial patch by JP St. Pierre.
- Issue #7231: urllib2 cannot handle https with proxy requiring auth. Patch by
Tatsuhiro Tsujikawa.
- Issue #7348: StringIO.StringIO.readline(-1) now acts as if it got no argument
like other file objects.
- Issue #5949: fixed IMAP4_SSL hang when the IMAP server response is
missing proper end-of-line termination.
- Fix variations of extending deques: d.extend(d) d.extendleft(d) d+=d
- Issue #1923: Fixed the removal of meaningful spaces when PKG-INFO is
generated in Distutils. Patch by Stephen Emslie.
- Issue #4120: Drop reference to CRT from manifest when building extensions
with msvc9compiler.
- Issue #7410: deepcopy of itertools.count() erroneously reset the count.
- Issue #7403: logging: Fixed possible race condition in lock creation.
- Issue #7341: Close the internal file object in the TarFile constructor in
case of an error.
- Issue #7328: pydoc no longer corrupts sys.path when run with the '-m' switch
- Issue #7318: multiprocessing now uses a timeout when it fails to establish
a connection with another process, rather than looping endlessly. The
default timeout is 20 seconds, which should be amply sufficient for
local connections.
- Issue #7282: Fix a memory leak when an RLock was used in a thread other
than those started through `threading.Thread` (for example, using
`thread.start_new_thread()`.
- Issue #7264: Fix a possible deadlock when deallocating thread-local objects
which are part of a reference cycle.
- Issue #7249: Methods of io.BytesIO now allow `long` as well as `int`
arguments.
- Issue #6665: Fix fnmatch to properly match filenames with newlines in them.
- Issue #1008086: Fixed socket.inet_aton() to always return 4 bytes even on
LP64 platforms (most 64-bit Linux, bsd, unix systems).
- Issue #7246 & Issue #7208: getpass now properly flushes input before
reading from stdin so that existing input does not confuse it and
lead to incorrect entry or an IOError. It also properly flushes it
afterwards to avoid the terminal echoing the input afterwards on
OSes such as Solaris.
- Issue #7244: itertools.izip_longest() no longer ignores exceptions
raised during the formation of an output tuple.
- Issue #7233: Fix a number of two-argument Decimal methods to make
sure that they accept an int or long as the second argument. Also
fix buggy handling of large arguments (those with coefficient longer
than the current precision) in shift and rotate.
- Issue #7082: When falling back to the MIME 'name' parameter, the
correct place to look for it is the Content-Type header.
- Issue #7099: Decimal.is_normal now returns True for numbers with exponent
larger than emax.
- Issue #7205: Fix a possible deadlock when using a BZ2File object from
several threads at once.
- Issue #7048: Force Decimal.logb to round its result when that result
is too large to fit in the current precision.
- Issue #1488943: difflib.Differ() doesn't always add hints for tab characters
- Issue #5037: Proxy the __unicode__ special method to __unicode__ instead of
__str__.
- Issue #7481: When a threading.Thread failed to start it would leave the
instance stuck in initial state and present in threading.enumerate().
- Issue #1068268: The subprocess module now handles EINTR in internal
os.waitpid and os.read system calls where appropriate.
Extension Modules
-----------------
- Issue #7808: Fix reference leaks in _bsddb and related tests.
- Stop providing crtassem.h symbols when compiling with Visual Studio 2010, as
msvcr100.dll is not a platform assembly anymore.
- Issue #6877: Make it possible to link the readline extension to libedit
on OSX.
- Expat: Fix DoS via XML document with malformed UTF-8 sequences
(CVE_2009_3560).
- Issue #7242: On Solaris 9 and earlier calling os.fork() from within a
thread could raise an incorrect RuntimeError about not holding the import
lock. The import lock is now reinitialized after fork.
- Issue #7999: os.setreuid() and os.setregid() would refuse to accept a -1
parameter on some platforms such as OS X.
Build
-----
- Issue #3920, #7903: Define _BSD_SOURCE on OpenBSD 4.4 through 4.9.
- Issue #7661: Allow ctypes to be built from a non-ASCII directory path.
Patch by Florent Xicluna.
- Issue #7589: Only build the nis module when the correct header files are
found.
- Switch to OpenSSL 0.9.8l on Windows.
- Issue #6603: Change READ_TIMESTAMP macro in ceval.c so that it
compiles correctly under gcc on x86-64. This fixes a reported
problem with the --with-tsc build on x86-64.
- Ensure that it possible to build extensions for the default
binary distribution on OSX 10.6 even when the user does not
have the 10.4u SDK installed.
- Issue #7541: when using ``python-config`` with a framework install the
compiler might use the wrong library.
Documentation
-------------
- Updating `Using Python` documentation to include description of CPython's
-J, -U and -X options.
- Update python manual page (options -B, -O0, -s, environment variables
PYTHONDONTWRITEBYTECODE, PYTHONNOUSERSITE).
Tests
-----
- issue #7728: test_timeout was changed to use test_support.bind_port
instead of a hard coded port.
- Issue #7498: test_multiprocessing now uses test_support.find_unused_port
instead of a hardcoded port number in test_rapid_restart.
- Issue #7431: use TESTFN in test_linecache instead of trying to create a
file in the Lib/test directory, which might be read-only for the
user running the tests.
- Issue #7324: add a sanity check to regrtest argument parsing to
catch the case of an option with no handler.
- Issue #7295: Do not use a hardcoded file name in test_tarfile.
- Issue #7270: Add some dedicated unit tests for multi-thread synchronization
primitives such as Lock, RLock, Condition, Event and Semaphore.
- Issue #7055: test___all__ now greedily detects all modules which have an
__all__ attribute, rather than using a hardcoded and incomplete list.
on the "pkgsrc-users" mailing list:
1.) Fix 64-Bit ABI check for Snow Leopard so it doesn't break the build
on older version of Mac OS X.
2.) Properly disable the "pyexpat" module and remove it from the
package list.
Bump package revision because of these changes.
