The NetBSD Project

CVS log for pkgsrc/lang/python27/dist.mk

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / python27

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.18 / (download) - annotate - [select for diffs], Mon Apr 20 20:05:56 2020 UTC (3 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, HEAD
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored) to selected 1.15 (colored)

python27: updated to 2.7.18

Python 2.7.18, the last release of Python 2

The CPython core developers are pleased to announce the immediate availability of Python 2.7.18.

Python 2.7.18 is the last Python 2.7
release and therefore the last Python 2 release. It's time for the CPython
community to say a fond but firm farewell to Python 2.

Download this unique, commemorative Python release on python.org.

Python 2.7 has been under active development since the release of Python 2.6,
more than 11 years ago. Over all those years, CPython's core developers and
contributors sedulously applied bug fixes to the 2.7 branch, no small task as
the Python 2 and 3 branches diverged. There were large changes midway through
Python 2.7's life such as PEP 466's feature backports to the ssl module and
hash randomization. Traditionally, these features would never have been added
to a branch in maintenance mode, but exceptions were made to keep Python 2 users
secure. Thank you to CPython's community for such dedication.

Python 2.7 was lucky to have the services of two generations of binary builders
and operating system experts, Martin von Löwis and Steve Dower for Windows, and
Ronald Oussoren and Ned Deily for macOS. The reason we provided binary Python
2.7 releases for macOS 10.9, an operating system obsoleted by Apple 4 years ago,
or why the "Microsoft Visual C++ Compiler for Python 2.7" exists is the
dedication of these individuals.

Python 3 would be nowhere without the dedication of the wider community. Library
maintainers followed CPython by maintaining Python 2 support for many years but
also threw their weight behind the Python 3 statement.
Linux distributors chased Python 2 out of their
archives. Users migrated hundreds of millions of lines of code, developed
porting guides, and kept Python 2 in their brain while Python 3 gained 10 years
of improvements.

Finally, thank you to GvR for creating Python 0.9, 1, 2, and 3.

Long live Python 3+!

Revision 1.17 / (download) - annotate - [select for diffs], Mon Oct 21 09:40:35 2019 UTC (4 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored) to selected 1.15 (colored)

python27: updated to 2.7.17

2.7.17:
Escape the server title of :class:`DocXMLRPCServer.DocXMLRPCServer` when
rendering the document page as HTML.

Update vendorized expat library version to 2.2.8, which resolves
CVE-2019-15903.

Updated OpenSSL to 1.0.2s in Windows installer

Don't set cookie for a request when the request path is a prefix match of
the cookie's path attribute but doesn't end with "/".

Don't send cookies of domain A without Domain attribute to domain B when
domain A is a suffix match of domain B while using a cookiejar with
:class:`cookielib.DefaultCookiePolicy` policy.

Fix parsing of invalid email addresses with more than one ``@`` (e.g.
a@b@c.com.) to not return the part before 2nd ``@`` as valid email address.

Fixes mishandling of pre-normalization characters in urlsplit().

Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
control characters through into the underlying http client request.  Such
potentially malicious header injection URLs now cause an httplib.InvalidURL
exception to be raised.

Changes urlsplit() to raise ValueError when the URL contains characters that
decompose under IDNA encoding (NFKC-normalization) into characters that
affect how the URL is parsed.

CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
``local_file://`` URL schemes in :func:`urllib.urlopen`,
:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.

Fix race in PyThread_release_lock that was leading to memory corruption and
deadlocks. The fix applies to POSIX systems where Python locks are
implemented with mutex and condition variable because POSIX semaphores are
either not provided, or are known to be broken. One particular example of
such system is macOS.

valgrind: suppress a false alarm in memory leak checks. _PyWarnings_Init()
only allocates memory once at startup but it is not released at exit. Ignore
this issue to be able to catch other bugs more easily.

Fix possible overflow in ``wrap_lenfunc()`` when ``sizeof(long) <
sizeof(Py_ssize_t)`` (e.g., 64-bit Windows).

pymalloc returns memory blocks aligned by 16 bytes, instead of 8 bytes, on
64-bit platforms to conform x86-64 ABI. Recent compilers assume this
alignment more often.

Fix signed integer overflow in _ctypes.c's ``PyCArrayType_new()``.

Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's ``tok_nextc()``.

Fix a possible reference leak in :func:`itertools.count`.

PyOS_StdioReadline() no longer leaks memory when realloc() fails.

Fix an unlikely memory leak on conversion from string to float in the
function ``_Py_dg_strtod()`` used by ``float(str)``, ``complex(str)``,
:func:`pickle.load`, :func:`marshal.load`, etc.

Fix use of uninitialized memory in cPickle when reading a truncated pickle
from a file object.

Clarified Doc string for builtin filter function. 2nd Argument can be any
iterable.

Allow the rare code that wants to send invalid http requests from the
`http.client` library a way to do so.  The fixes for bpo-30458 led to
breakage for some projects that were relying on this ability to test their
own behavior in the face of bad requests.

Fix a memory leak in comparison of :class:`sqlite3.Row` objects.

_hashlib no longer calls obsolete OpenSSL initialization function with
OpenSSL 1.1.0+.

Fixed a crash in the :func:`tee` iterator when re-enter it. RuntimeError is
now raised in this case.

Fix C compiler warning caused by distutils.ccompiler.CCompiler.has_function.

Fix file descriptors transfer in multiprocessing on FreeBSD: use
``CMSG_SPACE()`` rather than ``CMSG_LEN()``; see :rfc:`3542`.

Update wheels bundled with ensurepip (pip 19.2.3 and setuptools 41.2.0)

Update vendorized expat version to 2.2.7.

:func:`urlparse.urlsplit` error message for invalid ``netloc`` according to
NFKC normalization is now a :class:`str` string, rather than a
:class:`unicode` string, to prevent error when displaying the error.

:meth:`msilib.Directory.start_component()` no longer fails if *keyfile* is
not ``None``.

Rename the :meth:`test_ascii_replace` to :meth:`test_ascii_strict`.

Fix :mod:`distutils.sysconfig` if :data:`sys.executable` is ``None`` or an
empty string: use :func:`os.getcwd` to initialize ``project_base``.  Fix
also the distutils build command: don't use :data:`sys.executable` if it is
``None`` or an empty string.

Fix buffer overflow in :meth:`~socket.socket.send` and
:meth:`~socket.socket.sendall` methods of :func:`socket.socket` for data
larger than 2 GiB.

Fix a possible reference leak in the json module.

Fix a possible reference leak in the io module.

Fix two possible reference leaks in the hotshot module.

Fix ``CFLAGS`` in ``customize_compiler()`` of ``distutils.sysconfig``: when
the ``CFLAGS`` environment variable is defined, don't override ``CFLAGS``
variable with the ``OPT`` variable anymore.

Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.

Fix linuxaudiodev.linux_audio_device() error handling: close the internal
file descriptor if it fails to open the device.

Fix memory leak in ctypes POINTER handling of large values.

Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in
out-of-memory cases.

Resolve potential name clash with libm's sinpi().

Fix ``setup.py check --restructuredtext`` for files containing ``include``
directives.

Fix PyList_GetItem index description to include 0.

Replace the dead link to the Tkinter 8.5 reference by John Shipman, New
Mexico Tech, with a link to the archive.org copy.

Improve the examples in the "How do I convert a number to string?" question
of the "Programming" section of the FAQ.

Fix documentation build for sphinx<1.6.

Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0

Add glossary entry for 'magic method'.

Fix test_wsgiref.testEnviron() to no longer depend on the environment
variables (don't fail if "X" variable is set).

Add --cleanup option to python3 -m test to remove ``test_python_*``
directories of previous failed jobs. Add "make cleantest" to run ``python3
-m test --cleanup``.

test_gdb no longer fails if it gets an "unexpected" message on stderr: it
now ignores stderr. The purpose of test_gdb is to test that python-gdb.py
commands work as expected, not to test gdb.

Update Lib/test/selfsigned_pythontestdotnet.pem to match
self-signed.pythontest.net's new TLS certificate.

Skip specific nntplib and ssl networking tests when they would otherwise
fail due to a modern OS or distro with a default OpenSSL policy of rejecting
connections to servers with weak certificates or disabling TLS below
TLSv1.2.

Fix reference leak hunting in regrtest: compute also deltas (of reference
count and file descriptor count) during warmup, to ensure that everything is
initialized before starting to hunt reference leaks.

test_posix.PosixUidGidTests: add tests for invalid uid/gid type (str).

Add test.support.TEST_HTTP_URL and replace references of
http://www.example.com by this new constant.

Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.

Re-enable missing widget testcases in test_ttk_guionly.

Fix ``test_default_ecdh_curve`` when TLSv1.3 is enabled by default.

In Solaris family, we must be sure to use ``-D_REENTRANT``.

Fix detection of the bind_textdomain_codeset function for building gettext
support into the locale module.

``make tags`` and ``make TAGS`` now also parse ``Modules/_io/*.c`` and
``Modules/_io/*.h``.

Fix SSL module build with OpenSSL 1.1.0

Updates bundled OpenSSL to 1.0.2t

Include the ``FORMAT_MESSAGE_IGNORE_INSERTS`` flag in ``FormatMessageW()``
calls.

Update Windows builds to use SQLite 3.28.0.

Correctly handle string length in ``msilib.SummaryInfo.GetProperty()`` to
prevent it from truncating the last character.

Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x.

When building 2.7 on macOS without system header files installed in
``/usr/include``, a few extension modules dependent on system-supplied
third-party libraries were not being built, most notably zlib.

Update macOS installer to use SQLite 3.28.0.

Updated OpenSSL to 1.0.2s in macOS installer.

Support building Python on macOS without /usr/include installed. As of macOS
10.14, system header files are only available within an SDK provided by
either the Command Line Tools or the Xcode app.

Properly 'attach' search dialogs to their main window so that they behave
like other dialogs and do not get hidden behind their main window.

When saving a file, call os.fsync() so bits are flushed to e.g. USB drive.

2to3 now works when run from a zipped standard library.

Fix the argument handling in Tools/scripts/lll.py.

Fix the cast on error in :c:func:`PyLong_AsUnsignedLongLongMask()`.

Revision 1.16 / (download) - annotate - [select for diffs], Tue Mar 5 12:43:40 2019 UTC (5 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)

python27: updated to 2.7.16

Python 2.7.16 is a bugfix release in the Python 2.7 series.

Revision 1.14.8.1 / (download) - annotate - [select for diffs], Thu May 24 15:50:09 2018 UTC (5 years, 10 months ago) by bsiegert
Branch: pkgsrc-2018Q1
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)

Pullup ticket #5760 - requested by spz
lang/python27: security fix

Revisions pulled up:
- lang/python27/PLIST.common                                    1.19
- lang/python27/dist.mk                                         1.15
- lang/python27/distinfo                                        1.68
- lang/python27/patches/patch-ah                                1.9
- lang/python27/patches/patch-al                                1.18

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Sat May 19 06:54:55 UTC 2018

   Modified Files:
   	pkgsrc/lang/python27: PLIST.common dist.mk distinfo
   	pkgsrc/lang/python27/patches: patch-ah patch-al

   Log Message:
   update python27 by one teeny, fixing 3 vulnerabilities.

   Upstream changelog, slightly reordered:

   Security
   --------

   - bpo-31530: Fixed crashes when iterating over a file on multiple threads.
     This resolves CVE-2018-1000030.

   - bpo-32997: A regex in fpformat was vulnerable to catastrophic
     backtracking. This regex was a potential DOS vector (REDOS). Based on
     typical uses of fpformat the risk seems low. The regex has been refactored
     and is now safe. Patch by Jamie Davis.

   - bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic
     backtracking. These regexes formed potential DOS vectors (REDOS). They
     have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch
     by Jamie Davis.

   - bpo-31339: Rewrite time.asctime() and time.ctime(). Backport and adapt the
     _asctime() function from the master branch to not depend on the
     implementation of asctime() and ctime() from the external C library. This
     change fixes a bug when Python is run using the musl C library.

   - bpo-30730: Prevent environment variables injection in subprocess on
     Windows.  Prevent passing other environment variables and command
     arguments.

   - bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple
     security vulnerabilities including: CVE-2017-9233 (External entity
     infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
     CVE-2016-0718 (Fix regression bugs from 2.2.0's fix to CVE-2016-0718) and
     CVE-2012-0876 (Counter hash flooding with SipHash). Note: the
     CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn't
     impact Python, since Python already gets entropy from the OS to set the
     expat secret using ``XML_SetHashSalt()``.

   - bpo-30500: Fix urllib.splithost() to correctly parse fragments. For
     example, ``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the
     ``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an
     authentification (``login@host``).

   - bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of
     CVE-2016-0718 and CVE-2016-4472. See
     https://sourceforge.net/p/expat/bugs/537/ for more information.

   Core and Builtins
   -----------------

   - bpo-33374: Tweak the definition of PyGC_Head, so compilers do not believe
     it is always 16-byte aligned on x86. This prevents crashes with more
     aggressive optimizations present in GCC 8.

   - bpo-33026: Fixed jumping out of "with" block by setting f_lineno.

   - bpo-17288: Prevent jumps from 'return' and 'exception' trace events.

   - bpo-18533: ``repr()`` on a dict containing its own ``viewvalues()`` or
     ``viewitems()`` no longer raises ``RuntimeError``.  Instead, use ``...``,
     as for other recursive structures.  Patch by Ben North.

   - bpo-10544: Yield expressions are now deprecated in comprehensions and
     generator expressions when checking Python 3 compatibility. They are still
     permitted in the definition of the outermost iterable, as that is
     evaluated directly in the enclosing scope.

   - bpo-32137: The repr of deeply nested dict now raises a RecursionError
     instead of crashing due to a stack overflow.

   - bpo-20047: Bytearray methods partition() and rpartition() now accept only
     bytes-like objects as separator, as documented.  In particular they now
     raise TypeError rather of returning a bogus result when an integer is
     passed as a separator.

   - bpo-31733: Add a new PYTHONSHOWREFCOUNT environment variable. In debug
     mode, Python now only print the total reference count if
     PYTHONSHOWREFCOUNT is set.

   - bpo-31692: Add a new PYTHONSHOWALLOCCOUNT environment variable. When
     Python is compiled with COUNT_ALLOCS, PYTHONSHOWALLOCCOUNT now has to be
     set to dump allocation counts into stderr on shutdown. Moreover,
     allocations statistics are now dumped into stderr rather than stdout.

   - bpo-31478: Prevent unwanted behavior in `_random.Random.seed()` in case
     the argument has a bad ``__abs__()`` method. Patch by Oren Milman.

   - bpo-31490: Fix an assertion failure in `ctypes` class definition, in case
     the class has an attribute whose name is specified in ``_anonymous_`` but
     not in ``_fields_``. Patch by Oren Milman.

   - bpo-31411: Raise a TypeError instead of SystemError in case
     warnings.onceregistry is not a dictionary. Patch by Oren Milman.

   - bpo-31343: Include sys/sysmacros.h for major(), minor(), and makedev().
     GNU C libray plans to remove the functions from sys/types.h.

   - bpo-31311: Fix a crash in the ``__setstate__()`` method of
     `ctypes._CData`, in case of a bad ``__dict__``. Patch by Oren Milman.

   - bpo-31243: Fix a crash in some methods of `io.TextIOWrapper`, when the
     decoder's state is invalid. Patch by Oren Milman.

   - bpo-31095: Fix potential crash during GC caused by ``tp_dealloc`` which
     doesn't call ``PyObject_GC_UnTrack()``.

   - bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape. Patch
     by Jay Bosamiya.

   - bpo-27945: Fixed various segfaults with dict when input collections are
     mutated during searching, inserting or comparing.  Based on patches by
     Duane Griffin and Tim Mitchell.

   - bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non-
     interned or unicode attribute names.  Based on patch by Eryk Sun.

   - bpo-29935: Fixed error messages in the index() method of tuple and list
     when pass indices of wrong type.

   - bpo-28598: Support __rmod__ for subclasses of str being called before
     str.__mod__. Patch by Martijn Pieters.

   - bpo-29602: Fix incorrect handling of signed zeros in complex constructor
     for complex subclasses and for inputs having a __complex__ method. Patch
     by Serhiy Storchaka.

   - bpo-29347: Fixed possibly dereferencing undefined pointers when creating
     weakref objects.

   - bpo-14376: Allow sys.exit to accept longs as well as ints. Patch by Gareth
     Rees.

   - bpo-29028: Fixed possible use-after-free bugs in the subscription of the
     buffer object with custom index object.

   - bpo-29145: Fix overflow checks in string, bytearray and unicode. Patch by
     jan matejek and Xiang Zhang.

   - bpo-28932: Do not include <sys/random.h> if it does not exist.

   Library
   -------

   - bpo-33096: Allow ttk.Treeview.insert to insert iid that has a false
     boolean value. Note iid=0 and iid=False would be same. Patch by Garvit
     Khatri.

   - bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.

   - bpo-30622: The ssl module now detects missing NPN support in LibreSSL.

   - bpo-21060: Rewrite confusing message from setup.py upload from "No dist
     file created in earlier command" to the more helpful "Must create and
     upload files in one command".

   - bpo-30157: Fixed guessing quote and delimiter in csv.Sniffer.sniff() when
     only the last field is quoted.  Patch by Jake Davis.

   - bpo-32647: The ctypes module used to depend on indirect linking for
     dlopen. The shared extension is now explicitly linked against libdl on
     platforms with dl.

   - bpo-32304: distutils' upload command no longer corrupts tar files ending
     with a CR byte, and no longer tries to convert CR to CRLF in any of the
     upload text fields.

   - bpo-31848: Fix the error handling in Aifc_read.initfp() when the SSND
     chunk is not found. Patch by Zackery Spytz.

   - bpo-32521: The nis module is now compatible with new libnsl and headers
     location.

   - bpo-32539: Fix ``OSError`` for ``os.listdir`` with deep paths (starting
     with ``\\?\``) on windows.  Patch by Anthony Sottile.

   - bpo-32521: glibc has removed Sun RPC. Use replacement libtirpc headers and
     library in nis module.

   - bpo-18035: ``telnetlib``: ``select.error`` doesn't have an ``errno``
     attribute. Patch by Segev Finer.

   - bpo-32185: The SSL module no longer sends IP addresses in SNI TLS
     extension on platforms with OpenSSL 1.0.2+ or inet_pton.

   - bpo-32186: Creating io.FileIO() and builtin file() objects now release the
     GIL when checking the file descriptor. io.FileIO.readall(),
     io.FileIO.read(), and file.read() now release the GIL when getting the
     file size.  Fixed hang of all threads with inaccessible NFS server.  Patch
     by Nir Soffer.

   - bpo-32110: ``codecs.StreamReader.read(n)`` now returns not more than *n*
     characters/bytes for non-negative *n*. This makes it compatible with
     ``read()`` methods of other file-like objects.

   - bpo-21149: Silence a `'NoneType' object is not callable` in
     `_removeHandlerRef` error that could happen when a logging Handler is
     destroyed as part of cyclic garbage collection during process shutdown.

   - bpo-31764: Prevent a crash in ``sqlite3.Cursor.close()`` in case the
     ``Cursor`` object is uninitialized. Patch by Oren Milman.

   - bpo-31955: Fix CCompiler.set_executable() of distutils to handle properly
     Unicode strings.

   - bpo-9678: Fixed determining the MAC address in the uuid module:

     * Using ifconfig on NetBSD and OpenBSD.
     * Using arp on Linux, FreeBSD, NetBSD and OpenBSD.

     Based on patch by Takayuki Shimizukawa.

   - bpo-30057: Fix potential missed signal in signal.signal().

   - bpo-31927: Fixed reading arbitrary data when parse a AF_BLUETOOTH address
     on NetBSD and DragonFly BSD.

   - bpo-27666: Fixed stack corruption in curses.box() and curses.ungetmouse()
     when the size of types chtype or mmask_t is less than the size of C long.
     curses.box() now accepts characters as arguments.  Based on patch by Steve
     Fink.

   - bpo-25720: Fix the method for checking pad state of curses WINDOW. Patch
     by Masayuki Yamamoto.

   - bpo-31893: Fixed the layout of the kqueue_event structure on OpenBSD and
     NetBSD. Fixed the comparison of the kqueue_event objects.

   - bpo-31891: Fixed building the curses module on NetBSD.

   - bpo-30058: Fixed buffer overflow in select.kqueue.control().

   - bpo-31770: Prevent a crash when calling the ``__init__()`` method of a
     ``sqlite3.Cursor`` object more than once. Patch by Oren Milman.

   - bpo-31728: Prevent crashes in `_elementtree` due to unsafe cleanup of
     `Element.text` and `Element.tail`. Patch by Oren Milman.

   - bpo-31752: Fix possible crash in timedelta constructor called with custom
     integers.

   - bpo-31681: Fix pkgutil.get_data to avoid leaking open files.

   - bpo-31675: Fixed memory leaks in Tkinter's methods splitlist() and split()
     when pass a string larger than 2 GiB.

   - bpo-30806: Fix the string representation of a netrc object.

   - bpo-30347: Stop crashes when concurrently iterate over itertools.groupby()
     iterators.

   - bpo-25732: `functools.total_ordering()` now implements the `__ne__`
     method.

   - bpo-31351: python -m ensurepip now exits with non-zero exit code if pip
     bootstrapping has failed.

   - bpo-31544: The C accelerator module of ElementTree ignored exceptions
     raised when looking up TreeBuilder target methods in XMLParser().

   - bpo-31455: The C accelerator module of ElementTree ignored exceptions
     raised when looking up TreeBuilder target methods in XMLParser().

   - bpo-25404: SSLContext.load_dh_params() now supports non-ASCII path.

   - bpo-28958: ssl.SSLContext() now uses OpenSSL error information when a
     context cannot be instantiated.

   - bpo-27448: Work around a `gc.disable()` race condition in the `subprocess`
     module that could leave garbage collection disabled when multiple threads
     are spawning subprocesses at once.  Users are *strongly encouraged* to use
     the `subprocess32` module from PyPI on Python 2.7 instead, it is much more
     reliable.

   - bpo-31170: expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of
     partial characters for UTF-8 input (libexpat bug 115):
     https://github.com/libexpat/libexpat/issues/115

   - bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3.

   - bpo-31334: Fix ``poll.poll([timeout])`` in the ``select`` module for
     arbitrary negative timeouts on all OSes where it can only be a non-
     negative integer or -1. Patch by Riccardo Coccioli.

   - bpo-10746: Fix ctypes producing wrong PEP 3118 type codes for integer
     types.

   - bpo-30102: The ssl and hashlib modules now call
     OPENSSL_add_all_algorithms_noconf() on OpenSSL < 1.1.0. The function
     detects CPU features and enables optimizations on some CPU architectures
     such as POWER8. Patch is based on research from Gustavo Serra Scalet.

   - bpo-30502: Fix handling of long oids in ssl.  Based on patch by Christian
     Heimes.

   - bpo-25684: Change ``ttk.OptionMenu`` radiobuttons to be unique across
     instances of ``OptionMenu``.

   - bpo-29169: Update zlib to 1.2.11.

   - bpo-30746: Prohibited the '=' character in environment variable names in
     ``os.putenv()`` and ``os.spawn*()``.

   - bpo-28994: The traceback no longer displayed for SystemExit raised in a
     callback registered by atexit.

   - bpo-30418: On Windows, subprocess.Popen.communicate() now also ignore
     EINVAL on stdin.write() if the child process is still running but closed
     the pipe.

   - bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot
     handle IPv6 addresses.

   - bpo-29960: Preserve generator state when _random.Random.setstate() raises
     an exception. Patch by Bryan Olson.

   - bpo-30310: tkFont now supports unicode options (e.g. font family).

   - bpo-30414: multiprocessing.Queue._feed background running thread do not
     break from main loop on exception.

   - bpo-30003: Fix handling escape characters in HZ codec.  Based on patch by
     Ma Lin.

   - bpo-30375: Warnings emitted when compile a regular expression now always
     point to the line in the user code.  Previously they could point into
     inners of the re module if emitted from inside of groups or conditionals.

   - bpo-30363: Running Python with the -3 option now warns about regular
     expression syntax that is invalid or has different semantic in Python 3 or
     will change the behavior in future Python versions.

   - bpo-30365: Running Python with the -3 option now emits deprecation
     warnings for getchildren() and getiterator() methods of the Element class
     in the xml.etree.cElementTree module and when pass the html argument to
     xml.etree.ElementTree.XMLParser().

   - bpo-30365: Fixed a deprecation warning about the doctype() method of the
     xml.etree.ElementTree.XMLParser class.  Now it is emitted only when define
     the doctype() method in the subclass of XMLParser.

   - bpo-30329: imaplib now catchs the Windows socket WSAEINVAL error (code
     10022) on shutdown(SHUT_RDWR): An invalid operation was attempted. This
     error occurs sometimes on SSL connections.

   - bpo-30342: Fix sysconfig.is_python_build() if Python is built with Visual
     Studio 2008 (VS 9.0).

   - bpo-29990: Fix range checking in GB18030 decoder.  Original patch by Ma
     Lin.

   - bpo-30243: Removed the __init__ methods of _json's scanner and encoder.
     Misusing them could cause memory leaks or crashes.  Now scanner and
     encoder objects are completely initialized in the __new__ methods.

   - bpo-26293: Change resulted because of zipfile breakage. (See also:
     bpo-29094)

   - bpo-30070: Fixed leaks and crashes in errors handling in the parser
     module.

   - bpo-30061: Fixed crashes in IOBase methods next() and readlines() when
     readline() or next() respectively return non-sizeable object. Fixed
     possible other errors caused by not checking results of PyObject_Size(),
     PySequence_Size(), or PyMapping_Size().

   - bpo-30011: Fixed race condition in HTMLParser.unescape().

   - bpo-30068: _io._IOBase.readlines will check if it's closed first when hint
     is present.

   - bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions
     and wrong types.

   - bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering
     long runs of empty iterables.

   - bpo-29861: Release references to tasks, their arguments and their results
     as soon as they are finished in multiprocessing.Pool.

   - bpo-27880: Fixed integer overflow in cPickle when pickle large strings or
     too many objects.

   - bpo-29110: Fix file object leak in aifc.open() when file is given as a
     filesystem path and is not in valid AIFF format. Original patch by Anthony
     Zhang.

   - bpo-29354: Fixed inspect.getargs() for parameters which are cell
     variables.

   - bpo-29335: Fix subprocess.Popen.wait() when the child process has exited
     to a stopped instead of terminated state (ex: when under ptrace).

   - bpo-29219: Fixed infinite recursion in the repr of uninitialized
     ctypes.CDLL instances.

   - bpo-29082: Fixed loading libraries in ctypes by unicode names on Windows.
     Original patch by Chi Hsuan Yen.

   - bpo-29188: Support glibc 2.24 on Linux: don't use getentropy() function
     but read from /dev/urandom to get random bytes, for example in
     os.urandom(). On Linux, getentropy() is implemented which getrandom() is
     blocking mode, whereas os.urandom() should not block.

   - bpo-29142: In urllib, suffixes in no_proxy environment variable with
     leading dots could match related hostnames again (e.g. .b.c matches
     a.b.c). Patch by Milan Oberkirch.

   - bpo-13051: Fixed recursion errors in large or resized
     curses.textpad.Textbox.  Based on patch by Tycho Andersen.

   - bpo-9770: curses.ascii predicates now work correctly with negative
     integers.

   - bpo-28427: old keys should not remove new values from WeakValueDictionary
     when collecting from another thread.

   - bpo-28998: More APIs now support longs as well as ints.

   - bpo-28923: Remove editor artifacts from Tix.py, including encoding not
     recognized by codecs.lookup.

   - bpo-29019: Fix dict.fromkeys(x) overallocates when x is sparce dict.
     Original patch by Rasmus Villemoes.

   - bpo-19542: Fix bugs in WeakValueDictionary.setdefault() and
     WeakValueDictionary.pop() when a GC collection happens in another thread.

   - bpo-28925: cPickle now correctly propagates errors when unpickle instances
     of old-style classes.

   Documentation
   -------------

   - bpo-27212: Modify documentation for the :func:`islice` recipe to consume
     initial values up to the start index.

   - bpo-32800: Update link to w3c doc for xml default namespaces.

   - bpo-17799: Explain real behaviour of sys.settrace and sys.setprofile and
     their C-API counterparts regarding which type of events are received in
     each function. Patch by Pablo Galindo Salgado.

   - bpo-8243: Add a note about curses.addch and curses.addstr exception
     behavior when writing outside a window, or pad.

   - bpo-21649: Add RFC 7525 and Mozilla server side TLS links to SSL
     documentation.

   - bpo-30176: Add missing attribute related constants in curses
     documentation.

   - bpo-28929: Link the documentation to its source file on GitHub.

   - bpo-26355: Add canonical header link on each page to corresponding major
     version of the documentation. Patch by Matthias Bussonnier.

   - bpo-12067: Rewrite Comparisons section in the Expressions chapter of the
     language reference. Some of the details of comparing mixed types were
     incorrect or ambiguous. Added default behaviour and consistency
     suggestions for user- defined classes. Based on patch from Andy Maier.

   Tests
   -----

   - bpo-31719: Fix test_regrtest.test_crashed() on s390x. Add a new
     _testcapi._read_null() function to crash Python in a reliable way on
     s390x. On s390x, ctypes.string_at(0) returns an empty string rather than
     crashing.

   - bpo-31518: Debian Unstable has disabled TLS 1.0 and 1.1 for
     SSLv23_METHOD(). Change TLS/SSL protocol of some tests to PROTOCOL_TLS or
     PROTOCOL_TLSv1_2 to make them pass on Debian.

   - bpo-25674: Remove sha256.tbs-internet.com ssl test

   - bpo-11790: Fix sporadic failures in
     test_multiprocessing.WithProcessesTestCondition.

   - bpo-30236: Backported test.regrtest options -m/--match and -G/--failfast
     from Python 3.

   - bpo-30223: To unify running tests in Python 2.7 and Python 3, the test
     package can be run as a script.  This is equivalent to running the
     test.regrtest module as a script.

   - bpo-30207: To simplify backports from Python 3, the test.test_support
     module was converted into a package and renamed to test.support.  The
     test.script_helper module was moved into the test.support package. Names
     test.test_support and test.script_helper are left as aliases to
     test.support and test.support.script_helper.

   - bpo-30197: Enhanced function swap_attr() in the test.test_support module.
     It now works when delete replaced attribute inside the with statement.
     The old value of the attribute (or None if it doesn't exist) now will be
     assigned to the target of the "as" clause, if there is one. Also
     backported function swap_item().

   - bpo-28087: Skip test_asyncore and test_eintr poll failures on macOS. Skip
     some tests of select.poll when running on macOS due to unresolved issues
     with the underlying system poll function on some macOS versions.

   - bpo-15083: Convert ElementTree doctests to unittests.

   Build
   -----

   - bpo-33163: Upgrade pip to 9.0.3 and setuptools to v39.0.1.

   - bpo-32616: Disable computed gotos by default for clang < 5.0. It caused
     significant performance regression.

   - bpo-32635: Fix segfault of the crypt module when libxcrypt is provided
     instead of libcrypt at the system.

   - bpo-31934: Abort the build when building out of a not clean source tree.

   - bpo-31474: Fix -Wint-in-bool-context warnings in PyMem_MALLOC and
     PyMem_REALLOC macros

   - bpo-29243: Prevent unnecessary rebuilding of Python during ``make test``,
     ``make install`` and some other make targets when configured with
     ``--enable- optimizations``.

   - bpo-23404: Don't regenerate generated files based on file modification
     time anymore: the action is now explicit. Replace ``make touch`` with
     ``make regen-all``.

   - bpo-27593: sys.version and the platform module python_build(),
     python_branch(), and python_revision() functions now use git information
     rather than hg when building from a repo.

   - bpo-29643: Fix ``--enable-optimization`` configure option didn't work.

   - bpo-29572: Update Windows build and OS X installers to use OpenSSL 1.0.2k.

   - bpo-28768: Fix implicit declaration of function _setmode. Patch by
     Masayuki Yamamoto

   Windows
   -------

   - bpo-33184: Update Windows build to use OpenSSL 1.0.2o.

   - bpo-32903: Fix a memory leak in os.chdir() on Windows if the current
     directory is set to a UNC path.

   - bpo-30855: Bump Tcl/Tk to 8.5.19.

   - bpo-30450: Pull build dependencies from GitHub rather than svn.python.org.

   macOS
   -----

   - bpo-32726: Provide an additional, more modern macOS installer variant that
     supports macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied
     third-party libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+
     installer now supplies its own private copy of Tcl/Tk 8.6.8.

   - bpo-24414: Default macOS deployment target is now set by ``configure`` to
     the build system's OS version (as is done by Python 3), not ``10.4``;
     override with, for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``.

   - bpo-17128: All 2.7 macOS installer variants now supply their own version
     of ``OpenSSL 1.0.2``; the Apple-supplied SSL libraries and root
     certificates are not longer used.  The ``Installer Certificate`` command
     in ``/Applications/Python 2.7`` may be used to download and install a
     default set of root certificates from the third-party ``certifi`` package.

   - bpo-11485: python.org macOS Pythons no longer supply a default SDK value
     (e.g. ``-isysroot /``) or specific compiler version default (e.g.
     ``gcc-4.2``) when building extension modules.  Use ``CC``, ``SDKROOT``,
     and ``DEVELOPER_DIR`` environment variables to override compilers or to
     use an SDK.  See Apple's ``xcrun`` man page for more info.

   - bpo-33184: Update macOS installer build to use OpenSSL 1.0.2o.

   Tools/Demos
   -----------

   - bpo-31920: Fixed handling directories as arguments in the ``pygettext``
     script. Based on patch by Oleg Krasnikov.

   - bpo-30109: Fixed Tools/scripts/reindent.py for non-ASCII files. It now
     processes files as binary streams. This also fixes "make reindent".

   - bpo-24960: 2to3 and lib2to3 can now read pickled grammar files using
     pkgutil.get_data() rather than probing the filesystem. This lets 2to3 and
     lib2to3 work when run from a zipfile.

   C API
   -----

   - bpo-20891: Fix PyGILState_Ensure(). When PyGILState_Ensure() is called in
     a non-Python thread before PyEval_InitThreads(), only call
     PyEval_InitThreads() after calling PyThreadState_New() to fix a crash.

   - bpo-31626: When Python is built in debug mode, the memory debug hooks now
     fail with a fatal error if realloc() fails to shrink a memory block,
     because the debug hook just erased freed bytes without keeping a copy of
     them.

Revision 1.15 / (download) - annotate - [selected], Sat May 19 06:54:55 2018 UTC (5 years, 10 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

update python27 by one teeny, fixing 3 vulnerabilities.

Upstream changelog, slightly reordered:

Security
--------

- bpo-31530: Fixed crashes when iterating over a file on multiple threads.
  This resolves CVE-2018-1000030.

- bpo-32997: A regex in fpformat was vulnerable to catastrophic
  backtracking. This regex was a potential DOS vector (REDOS). Based on
  typical uses of fpformat the risk seems low. The regex has been refactored
  and is now safe. Patch by Jamie Davis.

- bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic
  backtracking. These regexes formed potential DOS vectors (REDOS). They
  have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch
  by Jamie Davis.

- bpo-31339: Rewrite time.asctime() and time.ctime(). Backport and adapt the
  _asctime() function from the master branch to not depend on the
  implementation of asctime() and ctime() from the external C library. This
  change fixes a bug when Python is run using the musl C library.

- bpo-30730: Prevent environment variables injection in subprocess on
  Windows.  Prevent passing other environment variables and command
  arguments.

- bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple
  security vulnerabilities including: CVE-2017-9233 (External entity
  infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
  CVE-2016-0718 (Fix regression bugs from 2.2.0's fix to CVE-2016-0718) and
  CVE-2012-0876 (Counter hash flooding with SipHash). Note: the
  CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn't
  impact Python, since Python already gets entropy from the OS to set the
  expat secret using ``XML_SetHashSalt()``.

- bpo-30500: Fix urllib.splithost() to correctly parse fragments. For
  example, ``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the
  ``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an
  authentification (``login@host``).

- bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of
  CVE-2016-0718 and CVE-2016-4472. See
  https://sourceforge.net/p/expat/bugs/537/ for more information.

Core and Builtins
-----------------

- bpo-33374: Tweak the definition of PyGC_Head, so compilers do not believe
  it is always 16-byte aligned on x86. This prevents crashes with more
  aggressive optimizations present in GCC 8.

- bpo-33026: Fixed jumping out of "with" block by setting f_lineno.

- bpo-17288: Prevent jumps from 'return' and 'exception' trace events.

- bpo-18533: ``repr()`` on a dict containing its own ``viewvalues()`` or
  ``viewitems()`` no longer raises ``RuntimeError``.  Instead, use ``...``,
  as for other recursive structures.  Patch by Ben North.

- bpo-10544: Yield expressions are now deprecated in comprehensions and
  generator expressions when checking Python 3 compatibility. They are still
  permitted in the definition of the outermost iterable, as that is
  evaluated directly in the enclosing scope.

- bpo-32137: The repr of deeply nested dict now raises a RecursionError
  instead of crashing due to a stack overflow.

- bpo-20047: Bytearray methods partition() and rpartition() now accept only
  bytes-like objects as separator, as documented.  In particular they now
  raise TypeError rather of returning a bogus result when an integer is
  passed as a separator.

- bpo-31733: Add a new PYTHONSHOWREFCOUNT environment variable. In debug
  mode, Python now only print the total reference count if
  PYTHONSHOWREFCOUNT is set.

- bpo-31692: Add a new PYTHONSHOWALLOCCOUNT environment variable. When
  Python is compiled with COUNT_ALLOCS, PYTHONSHOWALLOCCOUNT now has to be
  set to dump allocation counts into stderr on shutdown. Moreover,
  allocations statistics are now dumped into stderr rather than stdout.

- bpo-31478: Prevent unwanted behavior in `_random.Random.seed()` in case
  the argument has a bad ``__abs__()`` method. Patch by Oren Milman.

- bpo-31490: Fix an assertion failure in `ctypes` class definition, in case
  the class has an attribute whose name is specified in ``_anonymous_`` but
  not in ``_fields_``. Patch by Oren Milman.

- bpo-31411: Raise a TypeError instead of SystemError in case
  warnings.onceregistry is not a dictionary. Patch by Oren Milman.

- bpo-31343: Include sys/sysmacros.h for major(), minor(), and makedev().
  GNU C libray plans to remove the functions from sys/types.h.

- bpo-31311: Fix a crash in the ``__setstate__()`` method of
  `ctypes._CData`, in case of a bad ``__dict__``. Patch by Oren Milman.

- bpo-31243: Fix a crash in some methods of `io.TextIOWrapper`, when the
  decoder's state is invalid. Patch by Oren Milman.

- bpo-31095: Fix potential crash during GC caused by ``tp_dealloc`` which
  doesn't call ``PyObject_GC_UnTrack()``.

- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape. Patch
  by Jay Bosamiya.

- bpo-27945: Fixed various segfaults with dict when input collections are
  mutated during searching, inserting or comparing.  Based on patches by
  Duane Griffin and Tim Mitchell.

- bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non-
  interned or unicode attribute names.  Based on patch by Eryk Sun.

- bpo-29935: Fixed error messages in the index() method of tuple and list
  when pass indices of wrong type.

- bpo-28598: Support __rmod__ for subclasses of str being called before
  str.__mod__. Patch by Martijn Pieters.

- bpo-29602: Fix incorrect handling of signed zeros in complex constructor
  for complex subclasses and for inputs having a __complex__ method. Patch
  by Serhiy Storchaka.

- bpo-29347: Fixed possibly dereferencing undefined pointers when creating
  weakref objects.

- bpo-14376: Allow sys.exit to accept longs as well as ints. Patch by Gareth
  Rees.

- bpo-29028: Fixed possible use-after-free bugs in the subscription of the
  buffer object with custom index object.

- bpo-29145: Fix overflow checks in string, bytearray and unicode. Patch by
  jan matejek and Xiang Zhang.

- bpo-28932: Do not include <sys/random.h> if it does not exist.

Library
-------

- bpo-33096: Allow ttk.Treeview.insert to insert iid that has a false
  boolean value. Note iid=0 and iid=False would be same. Patch by Garvit
  Khatri.

- bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.

- bpo-30622: The ssl module now detects missing NPN support in LibreSSL.

- bpo-21060: Rewrite confusing message from setup.py upload from "No dist
  file created in earlier command" to the more helpful "Must create and
  upload files in one command".

- bpo-30157: Fixed guessing quote and delimiter in csv.Sniffer.sniff() when
  only the last field is quoted.  Patch by Jake Davis.

- bpo-32647: The ctypes module used to depend on indirect linking for
  dlopen. The shared extension is now explicitly linked against libdl on
  platforms with dl.

- bpo-32304: distutils' upload command no longer corrupts tar files ending
  with a CR byte, and no longer tries to convert CR to CRLF in any of the
  upload text fields.

- bpo-31848: Fix the error handling in Aifc_read.initfp() when the SSND
  chunk is not found. Patch by Zackery Spytz.

- bpo-32521: The nis module is now compatible with new libnsl and headers
  location.

- bpo-32539: Fix ``OSError`` for ``os.listdir`` with deep paths (starting
  with ``\\?\``) on windows.  Patch by Anthony Sottile.

- bpo-32521: glibc has removed Sun RPC. Use replacement libtirpc headers and
  library in nis module.

- bpo-18035: ``telnetlib``: ``select.error`` doesn't have an ``errno``
  attribute. Patch by Segev Finer.

- bpo-32185: The SSL module no longer sends IP addresses in SNI TLS
  extension on platforms with OpenSSL 1.0.2+ or inet_pton.

- bpo-32186: Creating io.FileIO() and builtin file() objects now release the
  GIL when checking the file descriptor. io.FileIO.readall(),
  io.FileIO.read(), and file.read() now release the GIL when getting the
  file size.  Fixed hang of all threads with inaccessible NFS server.  Patch
  by Nir Soffer.

- bpo-32110: ``codecs.StreamReader.read(n)`` now returns not more than *n*
  characters/bytes for non-negative *n*. This makes it compatible with
  ``read()`` methods of other file-like objects.

- bpo-21149: Silence a `'NoneType' object is not callable` in
  `_removeHandlerRef` error that could happen when a logging Handler is
  destroyed as part of cyclic garbage collection during process shutdown.

- bpo-31764: Prevent a crash in ``sqlite3.Cursor.close()`` in case the
  ``Cursor`` object is uninitialized. Patch by Oren Milman.

- bpo-31955: Fix CCompiler.set_executable() of distutils to handle properly
  Unicode strings.

- bpo-9678: Fixed determining the MAC address in the uuid module:

  * Using ifconfig on NetBSD and OpenBSD.
  * Using arp on Linux, FreeBSD, NetBSD and OpenBSD.

  Based on patch by Takayuki Shimizukawa.

- bpo-30057: Fix potential missed signal in signal.signal().

- bpo-31927: Fixed reading arbitrary data when parse a AF_BLUETOOTH address
  on NetBSD and DragonFly BSD.

- bpo-27666: Fixed stack corruption in curses.box() and curses.ungetmouse()
  when the size of types chtype or mmask_t is less than the size of C long.
  curses.box() now accepts characters as arguments.  Based on patch by Steve
  Fink.

- bpo-25720: Fix the method for checking pad state of curses WINDOW. Patch
  by Masayuki Yamamoto.

- bpo-31893: Fixed the layout of the kqueue_event structure on OpenBSD and
  NetBSD. Fixed the comparison of the kqueue_event objects.

- bpo-31891: Fixed building the curses module on NetBSD.

- bpo-30058: Fixed buffer overflow in select.kqueue.control().

- bpo-31770: Prevent a crash when calling the ``__init__()`` method of a
  ``sqlite3.Cursor`` object more than once. Patch by Oren Milman.

- bpo-31728: Prevent crashes in `_elementtree` due to unsafe cleanup of
  `Element.text` and `Element.tail`. Patch by Oren Milman.

- bpo-31752: Fix possible crash in timedelta constructor called with custom
  integers.

- bpo-31681: Fix pkgutil.get_data to avoid leaking open files.

- bpo-31675: Fixed memory leaks in Tkinter's methods splitlist() and split()
  when pass a string larger than 2 GiB.

- bpo-30806: Fix the string representation of a netrc object.

- bpo-30347: Stop crashes when concurrently iterate over itertools.groupby()
  iterators.

- bpo-25732: `functools.total_ordering()` now implements the `__ne__`
  method.

- bpo-31351: python -m ensurepip now exits with non-zero exit code if pip
  bootstrapping has failed.

- bpo-31544: The C accelerator module of ElementTree ignored exceptions
  raised when looking up TreeBuilder target methods in XMLParser().

- bpo-31455: The C accelerator module of ElementTree ignored exceptions
  raised when looking up TreeBuilder target methods in XMLParser().

- bpo-25404: SSLContext.load_dh_params() now supports non-ASCII path.

- bpo-28958: ssl.SSLContext() now uses OpenSSL error information when a
  context cannot be instantiated.

- bpo-27448: Work around a `gc.disable()` race condition in the `subprocess`
  module that could leave garbage collection disabled when multiple threads
  are spawning subprocesses at once.  Users are *strongly encouraged* to use
  the `subprocess32` module from PyPI on Python 2.7 instead, it is much more
  reliable.

- bpo-31170: expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of
  partial characters for UTF-8 input (libexpat bug 115):
  https://github.com/libexpat/libexpat/issues/115

- bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3.

- bpo-31334: Fix ``poll.poll([timeout])`` in the ``select`` module for
  arbitrary negative timeouts on all OSes where it can only be a non-
  negative integer or -1. Patch by Riccardo Coccioli.

- bpo-10746: Fix ctypes producing wrong PEP 3118 type codes for integer
  types.

- bpo-30102: The ssl and hashlib modules now call
  OPENSSL_add_all_algorithms_noconf() on OpenSSL < 1.1.0. The function
  detects CPU features and enables optimizations on some CPU architectures
  such as POWER8. Patch is based on research from Gustavo Serra Scalet.

- bpo-30502: Fix handling of long oids in ssl.  Based on patch by Christian
  Heimes.

- bpo-25684: Change ``ttk.OptionMenu`` radiobuttons to be unique across
  instances of ``OptionMenu``.

- bpo-29169: Update zlib to 1.2.11.

- bpo-30746: Prohibited the '=' character in environment variable names in
  ``os.putenv()`` and ``os.spawn*()``.

- bpo-28994: The traceback no longer displayed for SystemExit raised in a
  callback registered by atexit.

- bpo-30418: On Windows, subprocess.Popen.communicate() now also ignore
  EINVAL on stdin.write() if the child process is still running but closed
  the pipe.

- bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot
  handle IPv6 addresses.

- bpo-29960: Preserve generator state when _random.Random.setstate() raises
  an exception. Patch by Bryan Olson.

- bpo-30310: tkFont now supports unicode options (e.g. font family).

- bpo-30414: multiprocessing.Queue._feed background running thread do not
  break from main loop on exception.

- bpo-30003: Fix handling escape characters in HZ codec.  Based on patch by
  Ma Lin.

- bpo-30375: Warnings emitted when compile a regular expression now always
  point to the line in the user code.  Previously they could point into
  inners of the re module if emitted from inside of groups or conditionals.

- bpo-30363: Running Python with the -3 option now warns about regular
  expression syntax that is invalid or has different semantic in Python 3 or
  will change the behavior in future Python versions.

- bpo-30365: Running Python with the -3 option now emits deprecation
  warnings for getchildren() and getiterator() methods of the Element class
  in the xml.etree.cElementTree module and when pass the html argument to
  xml.etree.ElementTree.XMLParser().

- bpo-30365: Fixed a deprecation warning about the doctype() method of the
  xml.etree.ElementTree.XMLParser class.  Now it is emitted only when define
  the doctype() method in the subclass of XMLParser.

- bpo-30329: imaplib now catchs the Windows socket WSAEINVAL error (code
  10022) on shutdown(SHUT_RDWR): An invalid operation was attempted. This
  error occurs sometimes on SSL connections.

- bpo-30342: Fix sysconfig.is_python_build() if Python is built with Visual
  Studio 2008 (VS 9.0).

- bpo-29990: Fix range checking in GB18030 decoder.  Original patch by Ma
  Lin.

- bpo-30243: Removed the __init__ methods of _json's scanner and encoder.
  Misusing them could cause memory leaks or crashes.  Now scanner and
  encoder objects are completely initialized in the __new__ methods.

- bpo-26293: Change resulted because of zipfile breakage. (See also:
  bpo-29094)

- bpo-30070: Fixed leaks and crashes in errors handling in the parser
  module.

- bpo-30061: Fixed crashes in IOBase methods next() and readlines() when
  readline() or next() respectively return non-sizeable object. Fixed
  possible other errors caused by not checking results of PyObject_Size(),
  PySequence_Size(), or PyMapping_Size().

- bpo-30011: Fixed race condition in HTMLParser.unescape().

- bpo-30068: _io._IOBase.readlines will check if it's closed first when hint
  is present.

- bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions
  and wrong types.

- bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering
  long runs of empty iterables.

- bpo-29861: Release references to tasks, their arguments and their results
  as soon as they are finished in multiprocessing.Pool.

- bpo-27880: Fixed integer overflow in cPickle when pickle large strings or
  too many objects.

- bpo-29110: Fix file object leak in aifc.open() when file is given as a
  filesystem path and is not in valid AIFF format. Original patch by Anthony
  Zhang.

- bpo-29354: Fixed inspect.getargs() for parameters which are cell
  variables.

- bpo-29335: Fix subprocess.Popen.wait() when the child process has exited
  to a stopped instead of terminated state (ex: when under ptrace).

- bpo-29219: Fixed infinite recursion in the repr of uninitialized
  ctypes.CDLL instances.

- bpo-29082: Fixed loading libraries in ctypes by unicode names on Windows.
  Original patch by Chi Hsuan Yen.

- bpo-29188: Support glibc 2.24 on Linux: don't use getentropy() function
  but read from /dev/urandom to get random bytes, for example in
  os.urandom(). On Linux, getentropy() is implemented which getrandom() is
  blocking mode, whereas os.urandom() should not block.

- bpo-29142: In urllib, suffixes in no_proxy environment variable with
  leading dots could match related hostnames again (e.g. .b.c matches
  a.b.c). Patch by Milan Oberkirch.

- bpo-13051: Fixed recursion errors in large or resized
  curses.textpad.Textbox.  Based on patch by Tycho Andersen.

- bpo-9770: curses.ascii predicates now work correctly with negative
  integers.

- bpo-28427: old keys should not remove new values from WeakValueDictionary
  when collecting from another thread.

- bpo-28998: More APIs now support longs as well as ints.

- bpo-28923: Remove editor artifacts from Tix.py, including encoding not
  recognized by codecs.lookup.

- bpo-29019: Fix dict.fromkeys(x) overallocates when x is sparce dict.
  Original patch by Rasmus Villemoes.

- bpo-19542: Fix bugs in WeakValueDictionary.setdefault() and
  WeakValueDictionary.pop() when a GC collection happens in another thread.

- bpo-28925: cPickle now correctly propagates errors when unpickle instances
  of old-style classes.

Documentation
-------------

- bpo-27212: Modify documentation for the :func:`islice` recipe to consume
  initial values up to the start index.

- bpo-32800: Update link to w3c doc for xml default namespaces.

- bpo-17799: Explain real behaviour of sys.settrace and sys.setprofile and
  their C-API counterparts regarding which type of events are received in
  each function. Patch by Pablo Galindo Salgado.

- bpo-8243: Add a note about curses.addch and curses.addstr exception
  behavior when writing outside a window, or pad.

- bpo-21649: Add RFC 7525 and Mozilla server side TLS links to SSL
  documentation.

- bpo-30176: Add missing attribute related constants in curses
  documentation.

- bpo-28929: Link the documentation to its source file on GitHub.

- bpo-26355: Add canonical header link on each page to corresponding major
  version of the documentation. Patch by Matthias Bussonnier.

- bpo-12067: Rewrite Comparisons section in the Expressions chapter of the
  language reference. Some of the details of comparing mixed types were
  incorrect or ambiguous. Added default behaviour and consistency
  suggestions for user- defined classes. Based on patch from Andy Maier.

Tests
-----

- bpo-31719: Fix test_regrtest.test_crashed() on s390x. Add a new
  _testcapi._read_null() function to crash Python in a reliable way on
  s390x. On s390x, ctypes.string_at(0) returns an empty string rather than
  crashing.

- bpo-31518: Debian Unstable has disabled TLS 1.0 and 1.1 for
  SSLv23_METHOD(). Change TLS/SSL protocol of some tests to PROTOCOL_TLS or
  PROTOCOL_TLSv1_2 to make them pass on Debian.

- bpo-25674: Remove sha256.tbs-internet.com ssl test

- bpo-11790: Fix sporadic failures in
  test_multiprocessing.WithProcessesTestCondition.

- bpo-30236: Backported test.regrtest options -m/--match and -G/--failfast
  from Python 3.

- bpo-30223: To unify running tests in Python 2.7 and Python 3, the test
  package can be run as a script.  This is equivalent to running the
  test.regrtest module as a script.

- bpo-30207: To simplify backports from Python 3, the test.test_support
  module was converted into a package and renamed to test.support.  The
  test.script_helper module was moved into the test.support package. Names
  test.test_support and test.script_helper are left as aliases to
  test.support and test.support.script_helper.

- bpo-30197: Enhanced function swap_attr() in the test.test_support module.
  It now works when delete replaced attribute inside the with statement.
  The old value of the attribute (or None if it doesn't exist) now will be
  assigned to the target of the "as" clause, if there is one. Also
  backported function swap_item().

- bpo-28087: Skip test_asyncore and test_eintr poll failures on macOS. Skip
  some tests of select.poll when running on macOS due to unresolved issues
  with the underlying system poll function on some macOS versions.

- bpo-15083: Convert ElementTree doctests to unittests.

Build
-----

- bpo-33163: Upgrade pip to 9.0.3 and setuptools to v39.0.1.

- bpo-32616: Disable computed gotos by default for clang < 5.0. It caused
  significant performance regression.

- bpo-32635: Fix segfault of the crypt module when libxcrypt is provided
  instead of libcrypt at the system.

- bpo-31934: Abort the build when building out of a not clean source tree.

- bpo-31474: Fix -Wint-in-bool-context warnings in PyMem_MALLOC and
  PyMem_REALLOC macros

- bpo-29243: Prevent unnecessary rebuilding of Python during ``make test``,
  ``make install`` and some other make targets when configured with
  ``--enable- optimizations``.

- bpo-23404: Don't regenerate generated files based on file modification
  time anymore: the action is now explicit. Replace ``make touch`` with
  ``make regen-all``.

- bpo-27593: sys.version and the platform module python_build(),
  python_branch(), and python_revision() functions now use git information
  rather than hg when building from a repo.

- bpo-29643: Fix ``--enable-optimization`` configure option didn't work.

- bpo-29572: Update Windows build and OS X installers to use OpenSSL 1.0.2k.

- bpo-28768: Fix implicit declaration of function _setmode. Patch by
  Masayuki Yamamoto

Windows
-------

- bpo-33184: Update Windows build to use OpenSSL 1.0.2o.

- bpo-32903: Fix a memory leak in os.chdir() on Windows if the current
  directory is set to a UNC path.

- bpo-30855: Bump Tcl/Tk to 8.5.19.

- bpo-30450: Pull build dependencies from GitHub rather than svn.python.org.

macOS
-----

- bpo-32726: Provide an additional, more modern macOS installer variant that
  supports macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied
  third-party libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+
  installer now supplies its own private copy of Tcl/Tk 8.6.8.

- bpo-24414: Default macOS deployment target is now set by ``configure`` to
  the build system's OS version (as is done by Python 3), not ``10.4``;
  override with, for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``.

- bpo-17128: All 2.7 macOS installer variants now supply their own version
  of ``OpenSSL 1.0.2``; the Apple-supplied SSL libraries and root
  certificates are not longer used.  The ``Installer Certificate`` command
  in ``/Applications/Python 2.7`` may be used to download and install a
  default set of root certificates from the third-party ``certifi`` package.

- bpo-11485: python.org macOS Pythons no longer supply a default SDK value
  (e.g. ``-isysroot /``) or specific compiler version default (e.g.
  ``gcc-4.2``) when building extension modules.  Use ``CC``, ``SDKROOT``,
  and ``DEVELOPER_DIR`` environment variables to override compilers or to
  use an SDK.  See Apple's ``xcrun`` man page for more info.

- bpo-33184: Update macOS installer build to use OpenSSL 1.0.2o.

Tools/Demos
-----------

- bpo-31920: Fixed handling directories as arguments in the ``pygettext``
  script. Based on patch by Oleg Krasnikov.

- bpo-30109: Fixed Tools/scripts/reindent.py for non-ASCII files. It now
  processes files as binary streams. This also fixes "make reindent".

- bpo-24960: 2to3 and lib2to3 can now read pickled grammar files using
  pkgutil.get_data() rather than probing the filesystem. This lets 2to3 and
  lib2to3 work when run from a zipfile.

C API
-----

- bpo-20891: Fix PyGILState_Ensure(). When PyGILState_Ensure() is called in
  a non-Python thread before PyEval_InitThreads(), only call
  PyEval_InitThreads() after calling PyThreadState_New() to fix a crash.

- bpo-31626: When Python is built in debug mode, the memory debug hooks now
  fail with a fatal error if realloc() fails to shrink a memory block,
  because the debug hook just erased freed bytes without keeping a copy of
  them.

Revision 1.14 / (download) - annotate - [select for diffs], Sun Sep 17 09:54:52 2017 UTC (6 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Branch point for: pkgsrc-2018Q1
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored) to selected 1.15 (colored)

lang/python27: update to 2.7.14

Python 2.7.14:

Core and Builtins
- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape.
- bpo-27945: Fixed various segfaults with dict when input collections are
  mutated during searching, inserting or comparing.  Based on patches by
  Duane Griffin and Tim Mitchell.
- bpo-25794: Fixed type.__setattr__() and type.__delattr__() for
  non-interned or unicode attribute names.  Based on patch by Eryk Sun.
- bpo-29935: Fixed error messages in the index() method of tuple and list
  when pass indices of wrong type.
- bpo-28598: Support __rmod__ for subclasses of str being called before
  str.__mod__.  Patch by Martijn Pieters.
- bpo-29602: Fix incorrect handling of signed zeros in complex constructor for
  complex subclasses and for inputs having a __complex__ method. Patch
  by Serhiy Storchaka.
- bpo-29347: Fixed possibly dereferencing undefined pointers
  when creating weakref objects.
- Issue 14376: Allow sys.exit to accept longs as well as ints. Patch
  by Gareth Rees.
- Issue 29028: Fixed possible use-after-free bugs in the subscription of the
  buffer object with custom index object.
- Issue 29145: Fix overflow checks in string, bytearray and unicode.
  Patch by jan matejek and Xiang Zhang.
- Issue 28932: Do not include <sys/random.h> if it does not exist.

Extension Modules
- bpo-31170: Update vendorized expat to 2.2.4.
- Issue 29169: Update zlib to 1.2.11.

Revision 1.13 / (download) - annotate - [select for diffs], Fri Dec 30 10:53:21 2016 UTC (7 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored) to selected 1.15 (colored)

Changes 2.7.13:
Core and Builtins
-----------------
- Issue 28847: dumbdbm no longer writes the index file in when it is not
  changed and supports reading read-only files.
- Issue 11145: Fixed miscellaneous issues with C-style formatting of types
  with custom __oct__ and __hex__.
- Issue 24469: Fixed memory leak caused by int subclasses without overridden
  tp_free (e.g. C-inherited Cython classes).
- Issue 19398: Extra slash no longer added to sys.path components in case of
  empty compile-time PYTHONPATH components.
- Issue 21720: Improve exception message when the type of fromlist is unicode.
  fromlist parameter of __import__() only accepts str in Python 2 and this
  will help to identify the problem especially when the unicode_literals
  future import is used.
- Issue 26906: Resolving special methods of uninitialized type now causes
  implicit initialization of the type instead of a fail.
- Issue 18287: PyType_Ready() now checks that tp_name is not NULL.
  Original patch by Niklas Koep.
- Issue 24098: Fixed possible crash when AST is changed in process of
  compiling it.
- Issue 28350: String constants with null character no longer interned.
- Issue 27942: String constants now interned recursively in tuples and frozensets.
- Issue 15578: Correctly incref the parent module while importing.
- Issue 26307: The profile-opt build now applies PGO to the built-in modules.
- Issue 26020: set literal evaluation order did not match documented behaviour.
- Issue 27870: A left shift of zero by a large integer no longer attempts
  to allocate large amounts of memory.
- Issue 25604: Fix a minor bug in integer true division; this bug could
  potentially have caused off-by-one-ulp results on platforms with
  unreliable ldexp implementations.
- Issue 27473: Fixed possible integer overflow in str, unicode and bytearray
  concatenations and repetitions.  Based on patch by Xiang Zhang.
- Issue 27507: Add integer overflow check in bytearray.extend().  Patch by
  Xiang Zhang.
- Issue 27581: Don't rely on wrapping for overflow check in
  PySequence_Tuple().  Patch by Xiang Zhang.
- Issue 23908: os functions, open() and the io.FileIO constructor now reject
  unicode paths with embedded null character on Windows instead of silently
  truncating them.
- Issue 27514: Make having too many statically nested blocks a SyntaxError
  instead of SystemError.

Revision 1.11.6.1 / (download) - annotate - [select for diffs], Tue Sep 6 19:04:27 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: pkgsrc-2016Q2
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored) next main 1.12 (colored) to selected 1.15 (colored)

Pullup ticket #5090 - requested by sevan
lang/python27: security fix

Revisions pulled up:
- lang/python27/Makefile                                        1.61
- lang/python27/PLIST.common                                    1.15
- lang/python27/dist.mk                                         1.12
- lang/python27/distinfo                                        1.55
- lang/python27/patches/patch-Lib_distutils_unixccompiler.py    1.4

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Sat Jul  2 15:05:43 UTC 2016

   Modified Files:
           pkgsrc/lang/python27: Makefile PLIST.common dist.mk distinfo
           pkgsrc/lang/python27/patches: patch-Lib_distutils_unixccompiler.py

   Log Message:
   Changes 2.7.2:

   Core and Builtins
   -----------------
   - Issue 20041: Fixed TypeError when frame.f_trace is set to None.
     Patch by Xavier de Gaye.

   - Issue 25702: A --with-lto configure option has been added that will
     enable link time optimizations at build time during a make profile-opt.
     Some compilers and toolchains are known to not produce stable code when
     using LTO, be sure to test things thoroughly before relying on it.
     It can provide a few % speed up over profile-opt alone.

   - Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N"
     format unit.

   - Issue 27039: Fixed bytearray.remove() for values greater than 127.  Patch by
     Joe Jevnik.

   - Issue 4806: Avoid masking the original TypeError exception when using star
     (*) unpacking and the exception was raised from a generator.  Based on
     patch by Hagen Fu:rstenau.

   - Issue 26659: Make the builtin slice type support cycle collection.

   - Issue 26718: super.__init__ no longer leaks memory if called multiple times.
     NOTE: A direct call of super.__init__ is not endorsed!

   - Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly
     ignore errors from a __int__() method.

   - Issue 26494: Fixed crash on iterating exhausting iterators.
     Affected classes are generic sequence iterators, iterators of bytearray,
     list, tuple, set, frozenset, dict, OrderedDict and corresponding views.

   - Issue 26581: If coding cookie is specified multiple times on a line in
     Python source code file, only the first one is taken to account.

   - Issue 22836: Ensure exception reports from PyErr_Display() and
     PyErr_WriteUnraisable() are sensible even when formatting them produces
     secondary errors.  This affects the reports produced by
     sys.__excepthook__() and when __del__() raises an exception.

   - Issue 22847: Improve method cache efficiency.

   - Issue 25843: When compiling code, don't merge constants if they are equal
     but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0``
     is now correctly compiled to two different functions: ``f1()`` returns ``1``
     (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0``
     are equal.

   - Issue 22995: [UPDATE] Remove the one of the pickleability tests in
     _PyObject_GetState() due to regressions observed in Cython-based projects.

   - Issue 25961: Disallowed null characters in the type name.

   - Issue 22995: Instances of extension types with a state that aren't
     subclasses of list or dict and haven't implemented any pickle-related
     methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__,
     or __getstate__), can no longer be pickled.  Including memoryview.

   - Issue 20440: Massive replacing unsafe attribute setting code with special
     macro Py_SETREF.

   - Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size.
     This allows sys.getsize() to work correctly with their subclasses with
     __slots__ defined.

   - Issue 19543: Added Py3k warning for decoding unicode.

   - Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside
     __getattr__.

   - Issue 24731: Fixed crash on converting objects with special methods
     __str__, __trunc__, and __float__ returning instances of subclasses of
     str, long, and float to subclasses of str, long, and float correspondingly.

   - Issue 26478: Fix semantic bugs when using binary operators with dictionary
     views and tuples.

   - Issue 26171: Fix possible integer overflow and heap corruption in
     zipimporter.get_data().

   Library
   -------
   - Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283.

   - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
     Oststrom

   - Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the
     locale.

   - Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from
     sending a message body for 205 Reset Content.  Also, don't send the
     Content-Type header field in responses that don't have a body.  Based on
     patch by Susumu Koshiba.

   - Issue 21313: Fix the "platform" module to tolerate when sys.version
     contains truncated build information.

   - Issue 27211: Fix possible memory corruption in io.IOBase.readline().

   - Issue 27114: Fix SSLContext._load_windows_store_certs fails with
     PermissionError

   - Issue 14132: Fix urllib.request redirect handling when the target only has
     a query string.  Fix by Ja'n Janech.

   - Removed the requirements for the ctypes and modulefinder modules to be
     compatible with earlier Python versions.

   - Issue 22274: In the subprocess module, allow stderr to be redirected to
     stdout even when stdout is not redirected.  Patch by Akira Li.

   - Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname().
     Patch by Sijin Joseph.

   - Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib
     from hanging when retrieving certain FTP files.

   - Issue 25745: Fixed leaking a userptr in curses panel destructor.

   - Issue 17765: weakref.ref() no longer silently ignores keyword arguments.
     Patch by Georg Brandl.

   - Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags
     instead of silently return incorrect result.

   - Issue 24114: Fix an uninitialized variable in `ctypes.util`.

     The bug only occurs on SunOS when the ctypes implementation searches
     for the `crle` program.  Patch by Xiang Zhang.  Tested on SunOS by
     Kees Bos.

   - Issue 26864: In urllib, change the proxy bypass host checking against
     no_proxy to be case-insensitive, and to not match unrelated host names that
     happen to have a bypassed hostname as a suffix.  Patch by Xiang Zhang.

   - Issue 26804: urllib will prefer lower_case proxy environment variables over
     UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen.

   - Issue 26837: assertSequenceEqual() now correctly outputs non-stringified
     differing items.  This affects assertListEqual() and assertTupleEqual().

   - Issue 26822: itemgetter, attrgetter and methodcaller objects no longer
     silently ignore keyword arguments.

   - Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer
     on Windows.  This fixes a regression that was introduced in 2.7.7.  Based
     on patch by Philipp Hagemeister.

   - Issue 19377: Add .svg to mimetypes.types_map.

   - Issue 13952: Add .csv to mimetypes.types_map.  Patch by Geoff Wilson.

   - Issue 16329: Add .webm to mimetypes.types_map.  Patch by Giampaolo Rodola'.

   - Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our
     own SIGWINCH handler.  Patch by Eric Price.

   - Issue 26644: Raise ValueError rather than SystemError when a negative
     length is passed to SSLSocket.recv() or read().

   - Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes
     instead of up to 1024.

   - Issue 24266: Ctrl+C during Readline history search now cancels the search
     mode when compiled with Readline 7.

   - Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and
     environment variable to configure the default handling of SSL/TLS certificates
     for HTTPS connections.

   - Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store
     is empty. Patch by Baji.

   - Issue 26513: Fixes platform module detection of Windows Server

   - Issue 23718: Fixed parsing time in week 0 before Jan 1.  Original patch by
     Tama's Bence Gedai.

   - Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets.

   - Issue 15068: Got rid of excessive buffering in the fileinput module.
     The bufsize parameter is no longer used.

   - Issue 2202: Fix UnboundLocalError in
     AbstractDigestAuthHandler.get_algorithm_impls.  Initial patch by Mathieu Dupuy.

   - Issue 26475: Fixed debugging output for regular expressions with the (?x)
     flag.

   - Issue 26385: Remove the file if the internal fdopen() call in
     NamedTemporaryFile() fails.  Based on patch by Silent Ghost.

   - Issue 26309: In the "socketserver" module, shut down the request (closing
     the connected socket) when verify_request() returns false.  Based on patch
     by Aviv Palivoda.

   - Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates.

   - Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with
     Linux PID namespaces enabled.

   - Issue 25698: Importing module if the stack is too deep no longer replaces
     imported module with the empty one.

   - Issue 12923: Reset FancyURLopener's redirect counter even if there is an
     exception.  Based on patches by Brian Brazil and Daniel Rocco.

   - Issue 25945: Fixed a crash when unpickle the functools.partial object with
     wrong state.  Fixed a leak in failed functools.partial constructor.
     "args" and "keywords" attributes of functools.partial have now always types
     tuple and dict correspondingly.

   - Issue 19883: Fixed possible integer overflows in zipimport.

   - Issue 26147: xmlrpclib now works with unicode not encodable with used
     non-UTF-8 encoding.

   - Issue 16620: Fixed AttributeError in msilib.Directory.glob().

   - Issue 21847: Fixed xmlrpclib on Unicode-disabled builds.

   - Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__().

   - Issue 26083: Workaround a subprocess bug that raises an incorrect
     "ValueError: insecure string pickle" exception instead of the actual
     exception on some platforms such as Mac OS X when an exception raised
     in the forked child process prior to the exec() was large enough that
     it overflowed the internal errpipe_read pipe buffer.

   - Issue 24103: Fixed possible use after free in ElementTree.iterparse().

   - Issue 20954: _args_from_interpreter_flags used by multiprocessing and some
     tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED
     environment variable.

   - Issue 14285: When executing a package with the "python -m package" option,
     and package initialization raises ImportError, a proper traceback is now
     reported.

   - Issue 6478: _strptime's regexp cache now is reset after changing timezone
     with time.tzset().

   - Issue 25718: Fixed copying object with state with boolean value is false.

   - Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for
     its second parameter.

   - Issue 10131: Fixed deep copying of minidom documents.  Based on patch
     by Marian Ganisin.

   - Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling
     invalid data including tuple instructions.

   - Issue 25663: In the Readline completer, avoid listing duplicate global
     names, and search the global namespace before searching builtins.

   - Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error.

   - Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data.

   - Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on
     OS X versions 10.5 or higher.  Original patch by A. Jesse Jiryu Davis.

   - Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on
     current versions of OpenBSD and NetBSD.  Patch by A. Jesse Jiryu Davis.

   IDLE
   ----
   - Issue 5124: Paste with text selected now replaces the selection on X11.
     This matches how paste works on Windows, Mac, most modern Linux apps,
     and ttk widgets.  Original patch by Serhiy Storchaka.

   - Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory
     is a private implementation of test.test_idle and tool for maintainers.

   - Issue 26673: When tk reports font size as 0, change to size 10.
     Such fonts on Linux prevented the configuration dialog from opening.

   - Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks.

   - In the 'IDLE-console differences' section of the IDLE doc, clarify
     how running with IDLE affects sys.modules and the standard streams.

   - Issue 25507: fix incorrect change in IOBinding that prevented printing.
     Change also prevented saving shell window with non-ascii characters.
     Augment IOBinding htest to include all major IOBinding functions.

   - Issue 25905: Revert unwanted conversion of ' to ? RIGHT SINGLE QUOTATION
     MARK in README.txt and open this and NEWS.txt with 'ascii'.
     Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'.

   - Issue 26417: Prevent spurious errors and incorrect defaults when
     installing IDLE 2.7 on OS X: default configuration settings are
     no longer installed from OS X specific copies.

   Documentation
   -------------
   - Issue 26736: Used HTTPS for external links in the documentation if possible.

   - Issue 6953: Rework the Readline module documentation to group related
     functions together, and add more details such as what underlying Readline
     functions and variables are accessed.

   - Issue 26014: Guide users to the newer packaging documentation as was done
     for Python 3.x.  In particular, the top-level 2.7 documentation page now
     links to the newer installer and distributions pages rather than the
     legacy install and Distutils pages; these are still linked to in the
     library/distutils doc page.

   Tests
   -----
   - Issue 21916: Added tests for the turtle module.  Patch by ingrid,
     Gregory Loyse and Jelle Zijlstra.

   - Issue 25940: Changed test_ssl to use self-signed.pythontest.net.  This
     avoids relying on svn.python.org, which recently changed root certificate.

   - Issue 25616: Tests for OrderedDict are extracted from test_collections
     into separate file test_ordered_dict.

   Build
   -----
   - Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for
     running pgen when cross-compiling.  The pgen output is normally saved with
     the source code anyway, and is still regenerated when doing a native build.
     Patch by Jonas Wagner and Xavier de Gaye.

   - Issue 19450: Update Windows builds to use SQLite 3.8.11.0.

   - Issue 27229: Fix the cross-compiling pgen rule for in-tree builds.  Patch
     by Xavier de Gaye.

   - Issue 17603: Avoid error about nonexistant fileblocks.o file by using a
     lower-level check for st_blocks in struct stat.

   - Issue 26465: Update Windows builds to use OpenSSL 1.0.2g.

   - Issue 24421: Compile Modules/_math.c once, before building extensions.
     Previously it could fail to compile properly if the math and cmath builds
     were concurrent.

   - Issue 25824: Fixes sys.winver to not include any architecture suffix.

   - Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to
     ``PCbuild\build.bat`` for building with Profile-Guided Optimization.  The
     old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls
     ``PCbuild\build.bat --pgo %*``.

   - Issue 25827: Add support for building with ICC to ``configure``, including
     a new ``--with-icc`` flag.

   - Issue 25696: Fix installation of Python on UNIX with make -j9.

   - Issue 26930: Update OS X 10.5+ 32-bit-only installer to build
     and link with OpenSSL 1.0.2h.

   - Issue 26268: Update Windows builds to use OpenSSL 1.0.2f.

   - Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries.

   Tools/Demos
   -----------
   - Issue 26799: Fix python-gdb.py: don't get C types once when the Python code
     is loaded, but get C types on demand. The C types can change if
     python-gdb.py is loaded before the Python executable. Patch written by Thomas
     Ilsche.

   C API
   -----
   - Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++.
     Patch by Jeroen Demeyer.

   Misc
   ----
   - Issue 17500, and https://github.com/python/pythondotorg/issues/945: Remove
     unused and outdated icons.

Revision 1.12 / (download) - annotate - [select for diffs], Sat Jul 2 15:05:43 2016 UTC (7 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored) to selected 1.15 (colored)

Changes 2.7.2:

Core and Builtins
-----------------
- Issue 20041: Fixed TypeError when frame.f_trace is set to None.
  Patch by Xavier de Gaye.

- Issue 25702: A --with-lto configure option has been added that will
  enable link time optimizations at build time during a make profile-opt.
  Some compilers and toolchains are known to not produce stable code when
  using LTO, be sure to test things thoroughly before relying on it.
  It can provide a few % speed up over profile-opt alone.

- Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N"
  format unit.

- Issue 27039: Fixed bytearray.remove() for values greater than 127.  Patch by
  Joe Jevnik.

- Issue 4806: Avoid masking the original TypeError exception when using star
  (*) unpacking and the exception was raised from a generator.  Based on
  patch by Hagen Fürstenau.

- Issue 26659: Make the builtin slice type support cycle collection.

- Issue 26718: super.__init__ no longer leaks memory if called multiple times.
  NOTE: A direct call of super.__init__ is not endorsed!

- Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly
  ignore errors from a __int__() method.

- Issue 26494: Fixed crash on iterating exhausting iterators.
  Affected classes are generic sequence iterators, iterators of bytearray,
  list, tuple, set, frozenset, dict, OrderedDict and corresponding views.

- Issue 26581: If coding cookie is specified multiple times on a line in
  Python source code file, only the first one is taken to account.

- Issue 22836: Ensure exception reports from PyErr_Display() and
  PyErr_WriteUnraisable() are sensible even when formatting them produces
  secondary errors.  This affects the reports produced by
  sys.__excepthook__() and when __del__() raises an exception.

- Issue 22847: Improve method cache efficiency.

- Issue 25843: When compiling code, don't merge constants if they are equal
  but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0``
  is now correctly compiled to two different functions: ``f1()`` returns ``1``
  (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0``
  are equal.

- Issue 22995: [UPDATE] Remove the one of the pickleability tests in
  _PyObject_GetState() due to regressions observed in Cython-based projects.

- Issue 25961: Disallowed null characters in the type name.

- Issue 22995: Instances of extension types with a state that aren't
  subclasses of list or dict and haven't implemented any pickle-related
  methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__,
  or __getstate__), can no longer be pickled.  Including memoryview.

- Issue 20440: Massive replacing unsafe attribute setting code with special
  macro Py_SETREF.

- Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size.
  This allows sys.getsize() to work correctly with their subclasses with
  __slots__ defined.

- Issue 19543: Added Py3k warning for decoding unicode.

- Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside
  __getattr__.

- Issue 24731: Fixed crash on converting objects with special methods
  __str__, __trunc__, and __float__ returning instances of subclasses of
  str, long, and float to subclasses of str, long, and float correspondingly.

- Issue 26478: Fix semantic bugs when using binary operators with dictionary
  views and tuples.

- Issue 26171: Fix possible integer overflow and heap corruption in
  zipimporter.get_data().

Library
-------
- Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283.

- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
  Oststrom

- Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the
  locale.

- Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from
  sending a message body for 205 Reset Content.  Also, don't send the
  Content-Type header field in responses that don't have a body.  Based on
  patch by Susumu Koshiba.

- Issue 21313: Fix the "platform" module to tolerate when sys.version
  contains truncated build information.

- Issue 27211: Fix possible memory corruption in io.IOBase.readline().

- Issue 27114: Fix SSLContext._load_windows_store_certs fails with
  PermissionError

- Issue 14132: Fix urllib.request redirect handling when the target only has
  a query string.  Fix by Ján Janech.

- Removed the requirements for the ctypes and modulefinder modules to be
  compatible with earlier Python versions.

- Issue 22274: In the subprocess module, allow stderr to be redirected to
  stdout even when stdout is not redirected.  Patch by Akira Li.

- Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname().
  Patch by Sijin Joseph.

- Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib
  from hanging when retrieving certain FTP files.

- Issue 25745: Fixed leaking a userptr in curses panel destructor.

- Issue 17765: weakref.ref() no longer silently ignores keyword arguments.
  Patch by Georg Brandl.

- Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags
  instead of silently return incorrect result.

- Issue 24114: Fix an uninitialized variable in `ctypes.util`.

  The bug only occurs on SunOS when the ctypes implementation searches
  for the `crle` program.  Patch by Xiang Zhang.  Tested on SunOS by
  Kees Bos.

- Issue 26864: In urllib, change the proxy bypass host checking against
  no_proxy to be case-insensitive, and to not match unrelated host names that
  happen to have a bypassed hostname as a suffix.  Patch by Xiang Zhang.

- Issue 26804: urllib will prefer lower_case proxy environment variables over
  UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen.

- Issue 26837: assertSequenceEqual() now correctly outputs non-stringified
  differing items.  This affects assertListEqual() and assertTupleEqual().

- Issue 26822: itemgetter, attrgetter and methodcaller objects no longer
  silently ignore keyword arguments.

- Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer
  on Windows.  This fixes a regression that was introduced in 2.7.7.  Based
  on patch by Philipp Hagemeister.

- Issue 19377: Add .svg to mimetypes.types_map.

- Issue 13952: Add .csv to mimetypes.types_map.  Patch by Geoff Wilson.

- Issue 16329: Add .webm to mimetypes.types_map.  Patch by Giampaolo Rodola'.

- Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our
  own SIGWINCH handler.  Patch by Eric Price.

- Issue 26644: Raise ValueError rather than SystemError when a negative
  length is passed to SSLSocket.recv() or read().

- Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes
  instead of up to 1024.

- Issue 24266: Ctrl+C during Readline history search now cancels the search
  mode when compiled with Readline 7.

- Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and
  environment variable to configure the default handling of SSL/TLS certificates
  for HTTPS connections.

- Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store
  is empty. Patch by Baji.

- Issue 26513: Fixes platform module detection of Windows Server

- Issue 23718: Fixed parsing time in week 0 before Jan 1.  Original patch by
  Tamás Bence Gedai.

- Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets.

- Issue 15068: Got rid of excessive buffering in the fileinput module.
  The bufsize parameter is no longer used.

- Issue 2202: Fix UnboundLocalError in
  AbstractDigestAuthHandler.get_algorithm_impls.  Initial patch by Mathieu Dupuy.

- Issue 26475: Fixed debugging output for regular expressions with the (?x)
  flag.

- Issue 26385: Remove the file if the internal fdopen() call in
  NamedTemporaryFile() fails.  Based on patch by Silent Ghost.

- Issue 26309: In the "socketserver" module, shut down the request (closing
  the connected socket) when verify_request() returns false.  Based on patch
  by Aviv Palivoda.

- Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates.

- Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with
  Linux PID namespaces enabled.

- Issue 25698: Importing module if the stack is too deep no longer replaces
  imported module with the empty one.

- Issue 12923: Reset FancyURLopener's redirect counter even if there is an
  exception.  Based on patches by Brian Brazil and Daniel Rocco.

- Issue 25945: Fixed a crash when unpickle the functools.partial object with
  wrong state.  Fixed a leak in failed functools.partial constructor.
  "args" and "keywords" attributes of functools.partial have now always types
  tuple and dict correspondingly.

- Issue 19883: Fixed possible integer overflows in zipimport.

- Issue 26147: xmlrpclib now works with unicode not encodable with used
  non-UTF-8 encoding.

- Issue 16620: Fixed AttributeError in msilib.Directory.glob().

- Issue 21847: Fixed xmlrpclib on Unicode-disabled builds.

- Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__().

- Issue 26083: Workaround a subprocess bug that raises an incorrect
  "ValueError: insecure string pickle" exception instead of the actual
  exception on some platforms such as Mac OS X when an exception raised
  in the forked child process prior to the exec() was large enough that
  it overflowed the internal errpipe_read pipe buffer.

- Issue 24103: Fixed possible use after free in ElementTree.iterparse().

- Issue 20954: _args_from_interpreter_flags used by multiprocessing and some
  tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED
  environment variable.

- Issue 14285: When executing a package with the "python -m package" option,
  and package initialization raises ImportError, a proper traceback is now
  reported.

- Issue 6478: _strptime's regexp cache now is reset after changing timezone
  with time.tzset().

- Issue 25718: Fixed copying object with state with boolean value is false.

- Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for
  its second parameter.

- Issue 10131: Fixed deep copying of minidom documents.  Based on patch
  by Marian Ganisin.

- Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling
  invalid data including tuple instructions.

- Issue 25663: In the Readline completer, avoid listing duplicate global
  names, and search the global namespace before searching builtins.

- Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error.

- Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data.

- Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on
  OS X versions 10.5 or higher.  Original patch by A. Jesse Jiryu Davis.

- Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on
  current versions of OpenBSD and NetBSD.  Patch by A. Jesse Jiryu Davis.

IDLE
----
- Issue 5124: Paste with text selected now replaces the selection on X11.
  This matches how paste works on Windows, Mac, most modern Linux apps,
  and ttk widgets.  Original patch by Serhiy Storchaka.

- Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory
  is a private implementation of test.test_idle and tool for maintainers.

- Issue 26673: When tk reports font size as 0, change to size 10.
  Such fonts on Linux prevented the configuration dialog from opening.

- Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks.

- In the 'IDLE-console differences' section of the IDLE doc, clarify
  how running with IDLE affects sys.modules and the standard streams.

- Issue 25507: fix incorrect change in IOBinding that prevented printing.
  Change also prevented saving shell window with non-ascii characters.
  Augment IOBinding htest to include all major IOBinding functions.

- Issue 25905: Revert unwanted conversion of ' to RIGHT SINGLE QUOTATION
  MARK in README.txt and open this and NEWS.txt with 'ascii'.
  Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'.

- Issue 26417: Prevent spurious errors and incorrect defaults when
  installing IDLE 2.7 on OS X: default configuration settings are
  no longer installed from OS X specific copies.

Documentation
-------------
- Issue 26736: Used HTTPS for external links in the documentation if possible.

- Issue 6953: Rework the Readline module documentation to group related
  functions together, and add more details such as what underlying Readline
  functions and variables are accessed.

- Issue 26014: Guide users to the newer packaging documentation as was done
  for Python 3.x.  In particular, the top-level 2.7 documentation page now
  links to the newer installer and distributions pages rather than the
  legacy install and Distutils pages; these are still linked to in the
  library/distutils doc page.

Tests
-----
- Issue 21916: Added tests for the turtle module.  Patch by ingrid,
  Gregory Loyse and Jelle Zijlstra.

- Issue 25940: Changed test_ssl to use self-signed.pythontest.net.  This
  avoids relying on svn.python.org, which recently changed root certificate.

- Issue 25616: Tests for OrderedDict are extracted from test_collections
  into separate file test_ordered_dict.

Build
-----
- Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for
  running pgen when cross-compiling.  The pgen output is normally saved with
  the source code anyway, and is still regenerated when doing a native build.
  Patch by Jonas Wagner and Xavier de Gaye.

- Issue 19450: Update Windows builds to use SQLite 3.8.11.0.

- Issue 27229: Fix the cross-compiling pgen rule for in-tree builds.  Patch
  by Xavier de Gaye.

- Issue 17603: Avoid error about nonexistant fileblocks.o file by using a
  lower-level check for st_blocks in struct stat.

- Issue 26465: Update Windows builds to use OpenSSL 1.0.2g.

- Issue 24421: Compile Modules/_math.c once, before building extensions.
  Previously it could fail to compile properly if the math and cmath builds
  were concurrent.

- Issue 25824: Fixes sys.winver to not include any architecture suffix.

- Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to
  ``PCbuild\build.bat`` for building with Profile-Guided Optimization.  The
  old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls
  ``PCbuild\build.bat --pgo %*``.

- Issue 25827: Add support for building with ICC to ``configure``, including
  a new ``--with-icc`` flag.

- Issue 25696: Fix installation of Python on UNIX with make -j9.

- Issue 26930: Update OS X 10.5+ 32-bit-only installer to build
  and link with OpenSSL 1.0.2h.

- Issue 26268: Update Windows builds to use OpenSSL 1.0.2f.

- Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries.

Tools/Demos
-----------
- Issue 26799: Fix python-gdb.py: don't get C types once when the Python code
  is loaded, but get C types on demand. The C types can change if
  python-gdb.py is loaded before the Python executable. Patch written by Thomas
  Ilsche.

C API
-----
- Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++.
  Patch by Jeroen Demeyer.

Misc
----
- Issue 17500, and https://github.com/python/pythondotorg/issues/945: Remove
  unused and outdated icons.

Revision 1.11 / (download) - annotate - [select for diffs], Sun Dec 6 18:22:35 2015 UTC (8 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Branch point for: pkgsrc-2016Q2
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored) to selected 1.15 (colored)

Python 2.7.11 is the latest bugfix release of the Python 2.7 series.

Revision 1.10 / (download) - annotate - [select for diffs], Sun May 24 07:44:07 2015 UTC (8 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored) to selected 1.15 (colored)

Changes 2.7.10:
This is a bug-fix release.

Revision 1.9 / (download) - annotate - [select for diffs], Tue Dec 16 07:07:32 2014 UTC (9 years, 3 months ago) by chopps
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored) to selected 1.15 (colored)

Update to 2.7.9 removing patches that were incorporated. Significant
changes include:

- The entirety of Python 3.4's ssl module has been backported for
  Python 2.7.9. See PEP 466 for justification.
- HTTPS certificate validation using the system's certificate store
  is now enabled by default. See PEP 476 for details.
- SSLv3 has been disabled by default in httplib and its reverse
  dependencies due to the POODLE attack.
- The ensurepip module module has been backported, which provides the
  pip package manager in every Python 2.7 installation. See PEP 477.

Revision 1.8 / (download) - annotate - [select for diffs], Wed Jul 2 09:53:16 2014 UTC (9 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored) to selected 1.15 (colored)

Changes 2.7.8:
The openssl version bundled in the Windows installer has been updated.
A regression in the mimetypes module on Windows has been fixed.
A possible overflow in the buffer type has been fixed.
A bug in the CGIHTTPServer module which allows arbitrary execution of code in the server root has been patched.
A regression in the handling of UNC paths in os.path.join has been fixed

Revision 1.7 / (download) - annotate - [select for diffs], Mon Jun 2 06:12:03 2014 UTC (9 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored) to selected 1.15 (colored)

Changes 2.7.7:
This is a regularly scheduled 2.7 series bugfix and includes numerous bugfixes (http://hg.python.org/cpython/raw-file/f89216059edf/Misc/NEWS) over 2.7.6.

Revision 1.6 / (download) - annotate - [select for diffs], Tue Nov 12 18:57:25 2013 UTC (10 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) to selected 1.15 (colored)

Changes 2.7.6:
This is a 2.7 series bugfix release. Most importantly, it resolves an issue that caused the interactive prompt to crash on OS X 10.9. It also includes numerous bugfixes over 2.7.5.

Revision 1.5 / (download) - annotate - [select for diffs], Mon May 27 16:24:00 2013 UTC (10 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored) to selected 1.15 (colored)

This is a 2.7 series bugfix release. It contains several regression fixes to 2.7.4. Modules with regressions fixed include zipfile, gzip, and logging.

Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 12 09:03:41 2013 UTC (10 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored) to selected 1.15 (colored)

Changes 2.7.4:
This is a 2.7 series bugfix release.
It includes hundreds of bugfixes over 2.7.3.

Revision 1.3 / (download) - annotate - [select for diffs], Fri Apr 13 18:47:27 2012 UTC (11 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored) to selected 1.15 (colored)

Changes 2.7.3:
* An ordered dictionary type
* New unittest features including test skipping, new assert methods, and test
  discovery
* A much faster io module
* Automatic numbering of fields in the str.format() method
* Float repr improvements backported from 3.x
* Tile support for Tkinter
* A backport of the memoryview object from 3.x
* Set literals
* Set and dictionary comprehensions
* Dictionary views
* New syntax for nested with statements
* The sysconfig module

Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 13 11:31:13 2011 UTC (12 years, 9 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored) to selected 1.15 (colored)

Update python27 to 2.7.2.

What's New in Python 2.7.2?
===========================

*Release date: 2011-06-11*

Library
-------

- Issue #12009: Fixed regression in netrc file comment handling.

Extension Modules
-----------------

- Issue #1221: Make pyexpat.__version__ equal to the Python version.


What's New in Python 2.7.2 release candidate 1?
===============================================

*Release date: 2011-05-29*

Core and Builtins
-----------------

- Issue #9670: Increase the default stack size for secondary threads on
  Mac OS X and FreeBSD to reduce the chances of a crash instead of a
  "maximum recursion depth" RuntimeError exception.
  (patch by Ronald Oussoren)

- Correct lookup of __dir__ on objects. This allows old-style classes to have
  __dir__. It also causes errors besides AttributeError found on lookup to be
  propagated.

- Issue #1195: Fix input() if it is interrupted by CTRL+d and then CTRL+c,
  clear the end-of-file indicator after CTRL+d.

- Issue #8651: PyArg_Parse*() functions raise an OverflowError if the file
  doesn't have PY_SSIZE_T_CLEAN define and the size doesn't fit in an int
  (length bigger than 2^31-1 bytes).

- Issue #8651: Fix "z#" format of PyArg_Parse*() function: the size was not
  written if PY_SSIZE_T_CLEAN is defined.

- Issue #9756: When calling a method descriptor or a slot wrapper descriptor,
  the check of the object type doesn't read the __class__ attribute anymore.
  Fix a crash if a class override its __class__ attribute (e.g. a proxy of the
  str type). Patch written by Andreas Stührk.

- Issue #10517: After fork(), reinitialize the TLS used by the PyGILState_*
  APIs, to avoid a crash with the pthread implementation in RHEL 5.  Patch
  by Charles-François Natali.

- Issue #6780: fix starts/endswith error message to mention that tuples are
  accepted too.

- Issue #5057: fix a bug in the peepholer that led to non-portable pyc files
  between narrow and wide builds while optimizing BINARY_SUBSCR on non-BMP
  chars (e.g. u"\U00012345"[0]).

- Issue #11650: PyOS_StdioReadline() retries fgets() if it was interrupted
  (EINTR), for example if the program is stopped with CTRL+z on Mac OS X. Patch
  written by Charles-Francois Natali.

- Issue #11144: Ensure that int(a_float) returns an int whenever possible.
  Previously, there were some corner cases where a long was returned even
  though the result was within the range of an int.

- Issue #11450: Don't truncate hg version info in Py_GetBuildInfo() when
  there are many tags (e.g. when using mq).  Patch by Nadeem Vawda.

- Issue #10451: memoryview objects could allow to mutate a readable buffer.
  Initial patch by Ross Lagerwall.

- Issue #10892: Don't segfault when trying to delete __abstractmethods__ from a
  class.

- Issue #8020: Avoid a crash where the small objects allocator would read
  non-Python managed memory while it is being modified by another thread.
  Patch by Matt Bandy.

- Issue #11004: Repaired edge case in deque.count().

- Issue #8278: On Windows and with a NTFS filesystem, os.stat() and os.utime()
  can now handle dates after 2038.

- Issue #4236: Py_InitModule4 now checks the import machinery directly
  rather than the Py_IsInitialized flag, avoiding a Fatal Python
  error in certain circumstances when an import is done in __del__.

- issue #11828: startswith and endswith don't accept None as slice index.
  Patch by Torsten Becker.

- Issue #10674: Remove unused 'dictmaker' rule from grammar.

- Issue #10596: Fix float.__mod__ to have the same behaviour as
  float.__divmod__ with respect to signed zeros.  -4.0 % 4.0 should be
  0.0, not -0.0.

- Issue #11386: bytearray.pop() now throws IndexError when the bytearray is
  empty, instead of OverflowError.

Library
-------

- Issue #12161: Cause StringIO.getvalue() to raise a ValueError when used on a
  closed StringIO instance.

- Issue #12182: Fix pydoc.HTMLDoc.multicolumn() if Python uses the new (true)
  division (python -Qnew). Patch written by Ralf W. Grosse-Kunstleve.

- Issue #12175: RawIOBase.readall() now returns None if read() returns None.

- Issue #12175: FileIO.readall() now raises a ValueError instead of an IOError
  if the file is closed.

- Issue #1441530: In imaplib, use makefile() to wrap the SSL socket to avoid
  heap fragmentation and MemoryError with some malloc implementations.

- Issue #12100: Don't reset incremental encoders of CJK codecs at each call to
  their encode() method anymore, but continue to call the reset() method if the
  final argument is True.

- Issue #12124: zipimport doesn't keep a reference to zlib.decompress() anymore
  to be able to unload the module.

- Issue #11088: don't crash when using F5 to run a script in IDLE on MacOSX
  with Tk 8.5.

- Issue #10154, #10090: change the normalization of UTF-8 to "UTF-8" instead
  of "UTF8" in the locale module as the latter is not supported MacOSX and OpenBSD.

- Issue #9516: avoid errors in sysconfig when MACOSX_DEPLOYMENT_TARGET is
  set in shell.

- Issue #12050: zlib.decompressobj().decompress() now clears the unconsumed_tail
  attribute when called without a max_length argument.

- Issue #12062: In the `io` module, fix a flushing bug when doing a certain
  type of I/O sequence on a file opened in read+write mode (namely: reading,
  seeking a bit forward, writing, then seeking before the previous write but
  still within buffered data, and writing again).

- Issue #8498: In socket.accept(), allow to specify 0 as a backlog value in
  order to accept exactly one connection.  Patch by Daniel Evers.

- Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional.

- Issue #11164: Remove obsolete allnodes test from minidom test.

- Issue #11927: SMTP_SSL now uses port 465 by default as documented.  Patch
  by Kasun Herath.

- Issue 11999: fixed sporadic sync failure mailbox.Maildir due to its trying to
  detect mtime changes by comparing to the system clock instead of to the
  previous value of the mtime.

- Issue #10684: shutil.move used to delete a folder on case insensitive
  filesystems when the source and destination name where the same except
  for the case.

- Issue #11982: fix json.loads('""') to return u'' rather than ''.

- Issue #11277: mmap.mmap() calls fcntl(fd, F_FULLFSYNC) on Mac OS X to get
  around a mmap bug with sparse files. Patch written by Steffen Daode Nurpmeso.

- Issue #10761: Fix tarfile.extractall failure  when symlinked files are
  present. Initial patch by Scott Leerssen.

- Issue #11763: don't use difflib in TestCase.assertMultiLineEqual if the
  strings are too long.

- Issue #11236: getpass.getpass responds to ctrl-c or ctrl-z on terminal.

- Issue #11768: The signal handler of the signal module only calls
  Py_AddPendingCall() for the first signal to fix a deadlock on reentrant or
  parallel calls. PyErr_SetInterrupt() writes also into the wake up file.

- Issue #11875: collections.OrderedDict's __reduce__ was temporarily
  mutating the object instead of just working on a copy.

- Issue #11442: Add a charset parameter to the Content-type in SimpleHTTPServer
  to avoid XSS attacks.

- Issue #11467: Fix urlparse behavior when handling urls which contains scheme
  specific part only digits. Patch by Santoso Wijaya.

- collections.Counter().copy() now works correctly for subclasses.

- Issue #11474: Fix the bug with url2pathname() handling of '/C|/' on Windows.
  Patch by Santoso Wijaya.

- Issue #9233: Fix json.loads('{}') to return a dict (instead of a list), when
  _json is not available.

- Issue #11703: urllib2.geturl() does not return correct url when the original
  url contains #fragment.

- Issue #10019: Fixed regression in json module where an indent of 0 stopped
  adding newlines and acted instead like 'None'.

- Issue #5162: Treat services like frozen executables to allow child spawning
  from multiprocessing.forking on Windows.

- Issue #4877: Fix a segfault in xml.parsers.expat while attempting to parse
  a closed file.

- Issue #11830: Remove unnecessary introspection code in the decimal module.
  It was causing a failed import in the Turkish locale where the locale
  sensitive str.upper() method caused a name mismatch.

- Issue #8428: Fix a race condition in multiprocessing.Pool when terminating
  worker processes: new processes would be spawned while the pool is being
  shut down.  Patch by Charles-François Natali.

- Issue #7311: Fix HTMLParser to accept non-ASCII attribute values.

- Issue #10963: Ensure that subprocess.communicate() never raises EPIPE.

- Issue #11662: Make urllib and urllib2 ignore redirections if the
  scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).

- Issue #11256: Fix inspect.getcallargs on functions that take only keyword
  arguments.

- Issue #11696: Fix ID generation in msilib.

- Issue #9696: Fix exception incorrectly raised by xdrlib.Packer.pack_int when
  trying to pack a negative (in-range) integer.

- Issue #11675: multiprocessing.[Raw]Array objects created from an integer size
  are now zeroed on creation.  This matches the behaviour specified by the
  documentation.

- Issue #7639: Fix short file name generation in bdist_msi.

- Issue #11666: let help() display named tuple attributes and methods
  that start with a leading underscore.

- Issue #11673: Fix multiprocessing Array and RawArray constructors to accept a
  size of type 'long', rather than only accepting 'int'.

- Issue #10042: Fixed the total_ordering decorator to handle cross-type
  comparisons that could lead to infinite recursion.

- Issue #10979: unittest stdout buffering now works with class and module
  setup and teardown.

- Issue #11569: use absolute path to the sysctl command in multiprocessing to
  ensure that it will be found regardless of the shell PATH. This ensures
  that multiprocessing.cpu_count works on default installs of MacOSX.

- Issue #11500: Fixed a bug in the os x proxy bypass code for fully qualified
  IP addresses in the proxy exception list.

- Issue #11131: Fix sign of zero in plus and minus operations when
  the context rounding mode is ROUND_FLOOR.

- Issue #5622: Fix curses.wrapper to raise correct exception if curses
  initialization fails.

- Issue #11391: Writing to a mmap object created with
  ``mmap.PROT_READ|mmap.PROT_EXEC`` would segfault instead of raising a
  TypeError.  Patch by Charles-François Natali.

- Issue #11306: mailbox in certain cases adapts to an inability to open
  certain files in read-write mode.  Previously it detected this by
  checking for EACCES, now it also checks for EROFS.

- Issue #11265: asyncore now correctly handles EPIPE, EBADF and EAGAIN errors
  on accept(), send() and recv().

- Issue #11326: Add the missing connect_ex() implementation for SSL sockets,
  and make it work for non-blocking connects.

- Issue #10956: Buffered I/O classes retry reading or writing after a signal
  has arrived and the handler returned successfully.

- Issue #10680: Fix mutually exclusive arguments for argument groups in
  argparse.

- Issue #4681: Allow mmap() to work on file sizes and offsets larger than
  4GB, even on 32-bit builds.  Initial patch by Ross Lagerwall, adapted for
  32-bit Windows.

- Issue #10360: In WeakSet, do not raise TypeErrors when testing for
  membership of non-weakrefable objects.

- Issue #10549: Fix pydoc traceback when text-documenting certain classes.

- Issue #940286: pydoc.Helper.help() ignores input/output init parameters.

- Issue #11171: Fix detection of config/Makefile when --prefix !=
  --exec-prefix, which caused Python to not start.

- Issue #11116: any error during addition of a message to a mailbox now causes
  a rollback, instead of leaving the mailbox partially modified.

- Issue #8275: Fix passing of callback arguments with ctypes under Win64.
  Patch by Stan Mihai.

- Issue #10940: Workaround an IDLE hang on Mac OS X 10.6 when using the
  menu accelerators for Open Module, Go to Line, and New Indent Width.
  The accelerators still work but no longer appear in the menu items.

- Issue #10907: Warn OS X 10.6 IDLE users to use ActiveState Tcl/Tk 8.5, rather
  than the currently problematic Apple-supplied one, when running with the
  64-/32-bit installer variant.

- Issue #11052: Correct IDLE menu accelerators on Mac OS X for Save
  commands.

- Issue #10949: Improved robustness of rotating file handlers.

- Issue #10955: Fix a potential crash when trying to mmap() a file past its
  length.  Initial patch by Ross Lagerwall.

- Issue #10898: Allow compiling the posix module when the C library defines
  a symbol named FSTAT.

- Issue #6075: IDLE on Mac OS X now works with both Carbon AquaTk and
  Cocoa AquaTk.

- Issue #10916: mmap should not segfault when a file is mapped using 0 as
  length and a non-zero offset, and an attempt to read past the end of file
  is made (IndexError is raised instead).  Patch by Ross Lagerwall.

- Issue #10875: Update Regular Expression HOWTO; patch by 'SilentGhost'.

- Issue #10827: Changed the rules for 2-digit years.  The time.asctime
  function will now format any year when ``time.accept2dyear`` is
  false and will accept years >= 1000 otherwise.  The year range
  accepted by ``time.mktime`` and ``time.strftime`` is still system
  dependent, but ``time.mktime`` will now accept full range supported
  by the OS.  Conversion of 2-digit years to 4-digit is deprecated.

- Issue #10869: Fixed bug where ast.increment_lineno modified the root
  node twice.

- Issue #7858: Raise an error properly when os.utime() fails under Windows
  on an existing file.

- Issue #3839: wsgiref should not override a Content-Length header set by
  the application.  Initial patch by Clovis Fabricio.

- Issue #10806, issue #9905: Fix subprocess pipes when some of the standard
  file descriptors (0, 1, 2) are closed in the parent process.  Initial
  patch by Ross Lagerwall.

- Issue #4662: os.tempnam(), os.tmpfile() and os.tmpnam() now raise a py3k
  DeprecationWarning.

- Subclasses of collections.OrderedDict now work correctly with __missing__.

- Issue #10753 - Characters ';', '=' and ',' in the PATH_INFO environment
  variable won't be quoted when the URI is constructed by the wsgiref.util 's
  request_uri method. According to RFC 3986, these characters can be a part of
  params in PATH component of URI and need not be quoted.

- Issue #10738: Fix webbrowser.Opera.raise_opts

- Issue #9824: SimpleCookie now encodes , and ; in values to cater to how
  browsers actually parse cookies.

- Issue #1379416: eliminated a source of accidental unicode promotion in
  email.header.Header.encode.

- Issue #5258/#10642: if site.py encounters a .pth file that generates an error,
  it now prints the filename, line number, and traceback to stderr and skips
  the rest of that individual file, instead of stopping processing entirely.

- Issue #10750: The ``raw`` attribute of buffered IO objects is now read-only.

- Issue #10242: unittest.TestCase.assertItemsEqual makes too many assumptions
  about input.

- Issue #10611: SystemExit should not cause a unittest test run to exit.

- Issue #6791: Limit header line length (to 65535 bytes) in http.client,
  to avoid denial of services from the other party.

- Issue #10404: Use ctl-button-1 on OSX for the context menu in Idle.

- Issue #9907: Fix tab handling on OSX when using editline by calling
  rl_initialize first, then setting our custom defaults, then reading .editrc.

- Issue #4188: Avoid creating dummy thread objects when logging operations
  from the threading module (with the internal verbose flag activated).

- Issue #9721: Fix the behavior of urljoin when the relative url starts with a
  ';' character. Patch by Wes Chow.

- Issue #10714: Limit length of incoming request in http.server to 65536 bytes
  for security reasons.  Initial patch by Ross Lagerwall.

- Issue #9558: Fix distutils.command.build_ext with VS 8.0.

- Issue #10695: passing the port as a string value to telnetlib no longer
  causes debug mode to fail.

- Issue #10107: Warn about unsaved files in IDLE on OSX.

- Issue #10406: Enable Rstrip IDLE extension on OSX (just like on other
  platforms).

- Issue #10478: Reentrant calls inside buffered IO objects (for example by
  way of a signal handler) now raise a RuntimeError instead of freezing the
  current process.

- Issue #10497: Fix incorrect use of gettext in argparse.

- Issue #10464: netrc now correctly handles lines with embedded '#' characters.

- Issue #1731717: Fixed the problem where subprocess.wait() could cause an
  OSError exception when The OS had been told to ignore SIGCLD in our process
  or otherwise not wait for exiting child processes.

- Issue #9509: argparse now properly handles IOErrors raised by
  argparse.FileType.

- Issue #9348: Raise an early error if argparse nargs and metavar don't match.

- Issue #8982: Improve the documentation for the argparse Namespace object.

- Issue #9343: Document that argparse parent parsers must be configured before
  their children.

- Issue #9026: Fix order of argparse sub-commands in help messages.

- Issue #9347: Fix formatting for tuples in argparse type= error messages.

Extension Modules
-----------------

- Stop using the old interface for providing methods and attributes in the _sre
  module. Among other things, this gives these classes ``__class__``
  attributes. (See #12099)

- Issue #10169: Fix argument parsing in socket.sendto() to avoid error masking.

- Issue #12051: Fix segfault in json.dumps() while encoding highly-nested
  objects using the C accelerations.

- Issue #12017: Fix segfault in json.loads() while decoding highly-nested
  objects using the C accelerations.

- Issue #1838: Prevent segfault in ctypes, when _as_parameter_ on a class is set
  to an instance of the class.

- Issue #678250: Make mmap flush a noop on ACCESS_READ and ACCESS_COPY.

Build
-----

- Issue #11217: For 64-bit/32-bit Mac OS X universal framework builds,
  ensure "make install" creates symlinks in --prefix bin for the "-32"
  files in the framework bin directory like the installer does.

- Issue #11411: Fix 'make DESTDIR=' with a relative destination.

- Issue #10709: Add updated AIX notes in Misc/README.AIX.

- Issue #11184: Fix large-file support on AIX.

- Issue #941346: Fix broken shared library build on AIX.

- Issue #11268: Prevent Mac OS X Installer failure if Documentation
  package had previously been installed.

- Issue #11079: The /Applications/Python x.x folder created by the Mac
  OS X installers now includes a link to the installed documentation.

- Issue #11054: Allow Mac OS X installer builds to again work on 10.5 with
  the system-provided Python.

- Issue #10843: Update third-party library versions used in OS X
  32-bit installer builds: bzip2 1.0.6, readline 6.1.2, SQLite 3.7.4
  (with FTS3/FTS4 and RTREE enabled), and ncursesw 5.5 (wide-char
  support enabled).

- Don't run pgen twice when using make -j.

- Issue #7716: Under Solaris, don't assume existence of /usr/xpg4/bin/grep in
  the configure script but use $GREP instead.  Patch by Fabian Groffen.

- Issue #10475: Don't hardcode compilers for LDSHARED/LDCXXSHARED on NetBSD
  and DragonFly BSD.  Patch by Nicolas Joly.

- Issue #10655: Fix the build on PowerPC on Linux with GCC when building with
  timestamp profiling (--with-tsc): the preprocessor test for the PowerPC
  support now looks for "__powerpc__" as well as "__ppc__": the latter seems to
  only be present on OS X; the former is the correct one for Linux with GCC.

- Issue #1099: Fix the build on MacOSX when building a framework with pydebug
  using GCC 4.0.

IDLE
----

- Issue #11718: IDLE's open module dialog couldn't find the __init__.py
  file in a package.

Tests
-----

- Issue #12205: Fix test_subprocess failure due to uninstalled test data.

- Issue #5723: Improve json tests to be executed with and without accelerations.

- Issue #11910: Fix test_heapq to skip the C tests when _heapq is missing.

- Fix test_startfile to wait for child process to terminate before finishing.

- Issue #11719: Fix message about unexpected test_msilib skip on non-Windows
  platforms. Patch by Nadeem Vawda.

- Issue #7108: Fix test_commands to not fail when special attributes ('@'
  or '.') appear in 'ls -l' output.

- Issue #11490: test_subprocess:test_leaking_fds_on_error no longer gives a
  false positive if the last directory in the path is inaccessible.

- Issue #10822: Fix test_posix:test_getgroups failure under Solaris.  Patch
  by Ross Lagerwall.

- Issue #6293: Have regrtest.py echo back sys.flags.  This is done by default
  in whole runs and enabled selectively using ``--header`` when running an
  explicit list of tests.  Original patch by Collin Winter.

- Issue #775964: test_grp now skips YP/NIS entries instead of failing when
  encountering them.

- Issue #7110: regrtest now sends test failure reports and single-failure
  tracebacks to stderr rather than stdout.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Feb 22 08:51:58 2011 UTC (13 years, 1 month ago) by obache
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored) to selected 1.15 (colored)

Import python27-2.7.1 as lang/python27.

Python 2.7 is intended to be the last major release in the 2.x series.
The Python maintainers are planning to focus their future efforts on
the Python 3.x series.

This means that 2.7 will remain in place for a long time, running
production systems that have not been ported to Python 3.x.
Two consequences of the long-term significance of 2.7 are:

* It's very likely the 2.7 release will have a longer period of
  maintenance compared to earlier 2.x versions.  Python 2.7 will
  continue to be maintained while the transition to 3.x continues, and
  the developers are planning to support Python 2.7 with bug-fix
  releases beyond the typical two years.

* A policy decision was made to silence warnings only of interest to
  developers.  :exc:`DeprecationWarning` and its
  descendants are now ignored unless otherwise requested, preventing
  users from seeing warnings triggered by an application.  This change
  was also made in the branch that will become Python 3.2. (Discussed
  on stdlib-sig and carried out in :issue:`7319`.)

  In previous releases, :exc:`DeprecationWarning` messages were
  enabled by default, providing Python developers with a clear
  indication of where their code may break in a future major version
  of Python.

  However, there are increasingly many users of Python-based
  applications who are not directly involved in the development of
  those applications.  :exc:`DeprecationWarning` messages are
  irrelevant to such users, making them worry about an application
  that's actually working correctly and burdening application developers
  with responding to these concerns.

  You can re-enable display of :exc:`DeprecationWarning` messages by
  running Python with the :option:`-Wdefault <-W>` (short form:
  :option:`-Wd <-W>`) switch, or by setting the :envvar:`PYTHONWARNINGS`
  environment variable to ``"default"`` (or ``"d"``) before running
  Python.  Python code can also re-enable them
  by calling ``warnings.simplefilter('default')``.

Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 22 08:51:58 2011 UTC (13 years, 1 month ago) by obache
Branch: MAIN
Diff to selected 1.15 (colored)

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>