Python-2.7.11 (Python2-2.7.11)

[Fernando de Oliveira]

Vulnerability Fixed

• Issue #25530: Disable the vulnerable SSLv3 protocol by default when creating ssl.SSLContext.

​https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tar.xz

​https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tar.xz.asc

​https://www.python.org/downloads/release/python-2711/

md5: 1dbcc848b4cd8399a8199d000f9f823c

​https://docs.python.org/2.7/archives/python-2.7.11-docs-html.tar.bz2

​https://hg.python.org/cpython/raw-file/15c95b7d81dc/Misc/NEWS

What's New in Python 2.7.11?
============================

*Release date: 2015-12-05*

Library
-------

- Issue #25624: ZipFile now always writes a ZIP_STORED header for directory
  entries.  Patch by Dingyuan Wang.

What's New in Python 2.7.11 release candidate 1?
================================================

*Release date: 2015-11-21*

Core and Builtins
-----------------

- Issue #25678: Avoid buffer overreads when int(), long(), float(), and
  compile() are passed buffer objects.  These objects are not
  necessarily terminated by a null byte, but the functions assumed they
  were.
- Issue #25388: Fixed tokenizer hang when processing undecodable source
  code with a null byte.
- Issue #22995: Default implementation of __reduce__ and __reduce_ex__
  now rejects builtin types with not defined __new__.
- Issue #7267: format(int, 'c') now raises OverflowError when the
  argument is not in range(0, 256).
- Issue #24806: Prevent builtin types that are not allowed to be
  subclassed from being subclassed through multiple inheritance.
- Issue #24848: Fixed a number of bugs in UTF-7 decoding of misformed
  data.
- Issue #25003: os.urandom() doesn't use getentropy() on Solaris because
  getentropy() is blocking, whereas os.urandom() should not block.
  getentropy() is supported since Solaris 11.3.
- Issue #21167: NAN operations are now handled correctly when python is
  compiled with ICC even if -fp-model strict is not specified.
- Issue #24467: Fixed possible buffer over-read in bytearray. The
  bytearray object now always allocates place for trailing null byte and
  it's buffer now is always null-terminated.
- Issue #19543: encode() and decode() methods and constructors of str,
  unicode and bytearray classes now emit deprecation warning for known
  non-text encodings when Python is ran with the -3 option.
- Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(),
  PyObject_IsInstance(), PyObject_RichCompareBool() and
  _PyDict_Contains() to check for and handle errors correctly.
- Issue #4753: On compilers where it is supported, use "computed gotos"
  for bytecode dispatch in the interpreter. This improves interpretation
  performance.
- Issue #22939: Fixed integer overflow in iterator object.  Original
  patch by Clement Rouault.
- Issue #24102: Fixed exception type checking in standard error
  handlers.

Library
-------

- Issue #10128: backport issue #10845's mitigation of incompatibilities
  between the multiprocessing module and directory and zipfile
  execution.  Multiprocessing on Windows will now automatically skip
  rerunning __main__ in spawned processes, rather than failing with
  AssertionError.
- Issue #25578: Fix (another) memory leak in SSLSocket.getpeercer().
- Issue #25590: In the Readline completer, only call getattr() once per
  attribute.
- Issue #25530: Disable the vulnerable SSLv3 protocol by default when
  creating ssl.SSLContext.
- Issue #25569: Fix memory leak in SSLSocket.getpeercert().
- Issue #7759: Fixed the mhlib module on filesystems that doesn't
  support link counting for directories.
- Issue #892902: Fixed pickling recursive objects.
- Issue #18010: Fix the pydoc GUI's search function to handle exceptions
  from importing packages.
- Issue #25515: Always use os.urandom as a source of randomness in
  uuid.uuid4.
- Issue #21827: Fixed textwrap.dedent() for the case when largest common
  whitespace is a substring of smallest leading whitespace.  Based on
  patch by Robert Li.
- Issue #21709: Fix the logging module to not depend upon __file__ being
  set properly to get the filename of its caller from the stack.  This
  allows it to work if run in a frozen or embedded environment where the
  module's .__file__ attribute does not match its code object's
  .co_filename.
- Issue #25319: When threading.Event is reinitialized, the underlying
  condition should use a regular lock rather than a recursive lock.
- Issue #25232: Fix CGIRequestHandler to split the query from the URL at
  the first question mark (?) rather than the last. Patch from Xiang
  Zhang.
- Issue #24657: Prevent CGIRequestHandler from collapsing slashes in the
  query part of the URL as if it were a path. Patch from Xiang Zhang.
- Issue #22958: Constructor and update method of
  weakref.WeakValueDictionary now accept the self keyword argument.
- Issue #22609: Constructor and the update method of
  collections.UserDict now accept the self keyword argument.
- Issue #25203: Failed readline.set_completer_delims() no longer left
  the module in inconsistent state.
- Issue #19143: platform module now reads Windows version from
  kernel32.dll to avoid compatibility shims.
- Issue #25135: Make deque_clear() safer by emptying the deque before
  clearing.  This helps avoid possible reentrancy issues.
- Issue #24684: socket.socket.getaddrinfo() now calls
  PyUnicode_AsEncodedString() instead of calling the encode() method of
  the host, to handle correctly custom unicode string with an encode()
  method which doesn't return a byte string. The encoder of the IDNA
  codec is now called directly instead of calling the encode() method of
  the string.
- Issue #24982: shutil.make_archive() with the "zip" format now adds
  entries for directories (including empty directories) in ZIP file.
- Issue #17849: Raise a sensible exception if an invalid response is
  received for a HTTP tunnel request, as seen with some servers that do
  not support tunnelling.  Initial patch from Cory Benfield.
- Issue #16180: Exit pdb if file has syntax error, instead of trapping
  user in an infinite loop.  Patch by Xavier de Gaye.
- Issue #22812: Fix unittest discovery examples.  Patch from Pam
  McA'Nulty.
- Issue #24634: Importing uuid should not try to load libc on Windows
- Issue #23652: Make it possible to compile the select module against
  the libc headers from the Linux Standard Base, which do not include
  some EPOLL macros.  Initial patch by Matt Frank.
- Issue #15138: Speed up base64.urlsafe_b64{en,de}code considerably.
- Issue #23319: Fix ctypes.BigEndianStructure, swap correctly bytes.
  Patch written by Matthieu Gautier.
- Issue #23254: Document how to close the TCPServer listening socket.
  Patch from Martin Panter.
- Issue #17527: Add PATCH to wsgiref.validator. Patch from Luca
  Sbardella.
- Issue #24613: Calling array.fromstring() with self is no longer
  allowed to prevent the use-after-free error.  Patch by John Leitch.
- Issue #24708: Fix possible integer overflow in strop.replace().
- Issue #24620: Random.setstate() now validates the value of state last
  element.
- Issue #13938: 2to3 converts StringTypes to a tuple. Patch from Mark
  Hammond.
- Issue #24611: Fixed compiling the posix module on non-Windows
  platforms without mknod() or makedev() (e.g. on Unixware).
- Issue #18684: Fixed reading out of the buffer in the re module.
- Issue #24259: tarfile now raises a ReadError if an archive is
  truncated inside a data segment.
- Issue #24514: tarfile now tolerates number fields consisting of only
  whitespace.
- Issue #20387: Restore semantic round-trip correctness in
  tokenize/untokenize for tab-indented blocks.
- Issue #24456: Fixed possible buffer over-read in adpcm2lin() and
  lin2adpcm() functions of the audioop module.  Fixed SystemError when
  the state is not a tuple.  Fixed possible memory leak.
- Issue #24481: Fix possible memory corruption with large profiler info
  strings in hotshot.
- Issue #24489: ensure a previously set C errno doesn't disturb
  cmath.polar().
- Issue #19543: io.TextIOWrapper (and hence io.open()) now uses the
  internal codec marking system added to emit deprecation warning for
  known non-text encodings at stream construction time when Python is
  ran with the -3 option.
- Issue #24264: Fixed buffer overflow in the imageop module.
- Issue #5633: Fixed timeit when the statement is a string and the setup
  is not.
- Issue #24326: Fixed audioop.ratecv() with non-default weightB
  argument.  Original patch by David Moore.
- Issue #22095: Fixed HTTPConnection.set_tunnel with default port.  The
  port value in the host header was set to "None".  Patch by Demian
  Brecht.
- Issue #24257: Fixed segmentation fault in sqlite3.Row constructor with
  faked cursor type.
- Issue #24286: Dict view were not registered with the MappingView
  abstract base classes.  This caused key and item views in OrderedDict
  to not be equal to their regular dict counterparts.
- Issue #22107: tempfile.gettempdir() and tempfile.mkdtemp() now try
  again when a directory with the chosen name already exists on Windows
  as well as on Unix.  tempfile.mkstemp() now fails early if parent
  directory is not valid (not exists or is a file) on Windows.
- Issue #6598: Increased time precision and random number range in
  email.utils.make_msgid() to strengthen the uniqueness of the message
  ID.
- Issue #24091: Fixed various crashes in corner cases in cElementTree.
- Issue #15267: HTTPConnection.request() now is compatibile with
  old-style classes (such as TemporaryFile).  Original patch by Atsuo
  Ishimoto.
- Issue #20014: array.array() now accepts unicode typecodes.  Based on
  patch by Vajrasky Kok.
- Issue #23637: Showing a warning no longer fails with UnicodeErrror.
  Formatting unicode warning in the file with the path containing
  non-ascii characters no longer fails with UnicodeErrror.
- Issue #24134: Reverted issue #24134 changes.

IDLE
----

- Issue 15348: Stop the debugger engine (normally in a user process)
  before closing the debugger window (running in the IDLE process).
  This prevents the RuntimeErrors that were being caught and ignored.
- Issue #24455: Prevent IDLE from hanging when a) closing the shell
  while the debugger is active (15347); b) closing the debugger with the
  [X] button (15348); and c) activating the debugger when already active
  (24455).  The patch by Mark Roseman does this by making two changes.
  1. Suspend and resume the gui.interaction method with the tcl vwait
  mechanism intended for this purpose (instead of root.mainloop &
  .quit).  2. In gui.run, allow any existing interaction to terminate
  first.
- Change 'The program' to 'Your program' in an IDLE 'kill program?'
  message to make it clearer that the program referred to is the
  currently running user program, not IDLE itself.
- Issue #24750: Improve the appearance of the IDLE editor window status
  bar.  Patch by Mark Roseman.
- Issue #25313: Change the handling of new built-in text color themes to
  better address the compatibility problem introduced by the addition of
  IDLE Dark.  Consistently use the revised idleConf.CurrentTheme
  everywhere in idlelib.
- Issue #24782: Extension configuration is now a tab in the IDLE
  Preferences dialog rather than a separate dialog.   The former tabs
  are now a sorted list.  Patch by Mark Roseman.
- Issue #22726: Re-activate the config dialog help button with some
  content about the other buttons and the new IDLE Dark theme.
- Issue #24820: IDLE now has an 'IDLE Dark' built-in text color theme.
  It is more or less IDLE Classic inverted, with a cobalt blue
  background.  Strings, comments, keywords, ... are still green, red,
  orange, ... .  To use it with IDLEs released before November 2015, hit
  the 'Save as New Custom Theme' button and enter a new name, such as
  'Custom Dark'.  The custom theme will work with any IDLE release, and
  can be modified.
- Issue #25224: README.txt is now an idlelib index for IDLE developers
  and curious users.  The previous user content is now in the IDLE doc
  chapter.  'IDLE' now means 'Integrated Development and Learning
  Environment'.
- Issue #24820: Users can now set breakpoint colors in Settings ->
  Custom Highlighting.  Original patch by Mark Roseman.
- Issue #24972: Inactive selection background now matches active
  selection background, as configured by users, on all systems.  Found
  items are now always highlighted on Windows.  Initial patch by Mark
  Roseman.
- Issue #24570: Idle: make calltip and completion boxes appear on Macs
  affected by a tk regression.  Initial patch by Mark Roseman.
- Issue #24988: Idle ScrolledList context menus (used in debugger) now
  work on Mac Aqua.  Patch by Mark Roseman.
- Issue #24801: Make right-click for context menu work on Mac Aqua.
  Patch by Mark Roseman.
- Issue #25173: Associate tkinter messageboxes with a specific widget.
  For Mac OSX, make them a 'sheet'.  Patch by Mark Roseman.
- Issue #25198: Enhance the initial html viewer now used for Idle Help.
  • Properly indent fixed-pitch text (patch by Mark Roseman).
  • Give code snippet a very Sphinx-like light blueish-gray background.
  • Re-use initial width and height set by users for shell and editor.
  • When the Table of Contents (TOC) menu is used, put the section
    header at the top of the screen.
- Issue #25225: Condense and rewrite Idle doc section on text colors.
- Issue #21995: Explain some differences between IDLE and console
  Python.
- Issue #22820: Explain need for *print* when running file from Idle
  editor.
- Issue #25224: Doc: augment Idle feature list and no-subprocess
  section.
- Issue #25219: Update doc for Idle command line options.  Some were
  missing and notes were not correct.
- Issue #24861: Most of idlelib is private and subject to change.  Use
  idleib.idle.* to start Idle. See idlelib.__init__.__doc__.
- Issue #25199: Idle: add synchronization comments for future
  maintainers.
- Issue #16893: Replace help.txt with help.html for Idle doc display.
  The new idlelib/help.html is rstripped
  Doc/build/html/library/idle.html.  It looks better than help.txt and
  will better document Idle as released.  The tkinter html viewer that
  works for this file was written by Mark Roseman.  The now unused
  EditorWindow.HelpDialog class and helt.txt file are deprecated.
- Issue #24199: Deprecate unused idlelib.idlever with possible removal
  in 3.6.
- Issue #24790: Remove extraneous code (which also create 2 & 3
  conflicts).
- Issue #23672: Allow Idle to edit and run files with astral chars in
  name.  Patch by Mohd Sanad Zaki Rizvi.
- Issue 24745: Idle editor default font. Switch from Courier to
  platform-sensitive TkFixedFont.  This should not affect current
  customized font selections.  If there is a problem, edit
  $HOME/.idlerc/config-main.cfg and remove 'fontxxx' entries from
  [Editor Window].  Patch by Mark Roseman.
- Issue #21192: Idle editor. When a file is run, put its name in the
  restart bar.  Do not print false prompts. Original patch by Adnan
  Umer.
- Issue #13884: Idle menus. Remove tearoff lines. Patch by Roger Serwy.
- Issue #15809: IDLE shell now uses locale encoding instead of Latin1
  for decoding unicode literals.

Documentation
-------------

- Issue #24952: Clarify the default size argument of stack_size() in the
  "threading" and "thread" modules. Patch from Mattip.
- Issue #20769: Improve reload() docs. Patch by Dorian Pula.
- Issue #23589: Remove duplicate sentence from the FAQ.  Patch by
  Yongzhi Pan.
- Issue #22155: Add File Handlers subsection with createfilehandler to
  Tkinter doc.  Remove obsolete example from FAQ.  Patch by Martin
  Panter.

Tests
-----

- Issue #24751: When running regrtest with the ``-w`` command line
  option, a test run is no longer marked as a failure if all tests
  succeed when re-run.
- PCbuild\rt.bat now accepts an unlimited number of arguments to pass
  along to regrtest.py.  Previously there was a limit of 9.

Build
-----

- Issue #24915: When doing a PGO build, the test suite is now used
  instead of pybench; Clang support was also added as part off this
  work. Initial patch by Alecsandru Patrascu of Intel.
- Issue #24986: It is now possible to build Python on Windows without
  errors when external libraries are not available.
- Issue #24508: Backported the MSBuild project files from Python 3.5.
  The backported files replace the old project files in PCbuild; the old
  files moved to PC/VS9.0 and remain supported.
- Issue #24603: Update Windows builds and OS X 10.5 installer to use
  OpenSSL 1.0.2d.

Windows
-------

- Issue #25022: Removed very outdated PC/example_nt/ directory.

[Fernando de Oliveira]

Fixed at r16712.