bpo-32551: Thesys.path[0] initialization change forbpo-29139 causeda regression by revealing an inconsistency in how sys.path is initializedwhen executing__main__ from a zipfile, directory, or other importlocation. This is considered a potential security issue, as it may lead toprivileged processes unexpectedly loading code from user controlleddirectories in situations where that was not previously the case.

The interpreter now consistently avoids ever adding the import location’sparent directory tosys.path, and ensures no othersys.pathentries are inadvertently modified when inserting the import locationnamed on the command line. (Originally reported asbpo-29723 againstPython 3.6rc1, but it was missed at the time that the then upcoming Python3.5.4 release would also be affected)

bpo-30657: Fixed possible integer overflow in PyBytes_DecodeEscape,CVE-2017-1000158. Original patch by Jay Bosamiya; rebased to Python 3 byMiro Hrončok.

bpo-30947: Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 toget security fixes.

• Fixed saving bytearrays.
• Identical objects will be saved only once.
• Equal references will be load as identical objects.
• Added support for saving and loading recursive data structures.

bpo-29403: Fixunittest.mock’s autospec to not fail on method-boundbuiltin functions. Patch by Aaron Gallagher.

bpo-30961: Fix decrementing a borrowed reference in tracemalloc.

bpo-30886: Fix multiprocessing.Queue.join_thread(): it now waits until thethread completes, even if the thread was started by the same process whichcreated the queue.

bpo-29854: Fix segfault in readline when using readline’s history-sizeoption. Patch by Nir Soffer.

bpo-30807: signal.setitimer() may disable the timer when passed a tinyvalue.

Tiny values (such as 1e-6) are valid non-zero values for setitimer(),which is specified as taking microsecond-resolution intervals. However, onsome platform, our conversion routine could convert 1e-6 into a zerointerval, therefore disabling the timer instead of (re-)scheduling it.

bpo-30441: Fix bug when modifying os.environ while iterating over it

bpo-30532: Fix email header value parser dropping folding white space incertain cases.

bpo-29169: Update zlib to 1.2.11.

bpo-30879: os.listdir() and os.scandir() now emit bytes names when calledwith bytes- like argument.

bpo-30746: Prohibited the ‘=’ character in environment variable names inos.putenv() andos.spawn*().

bpo-29755: Fixed the lgettext() family of functions in the gettext module.They now always return bytes.

bpo-30645: Fix path calculation in imp.load_package(), fixing it for caseswhen a package is only shipped with bytecodes. Patch by AlexandruArdelean.

bpo-23890: unittest.TestCase.assertRaises() now manually breaks areference cycle to not keep objects alive longer than expected.

bpo-30149: inspect.signature() now supports callables withvariable-argument parameters wrapped with partialmethod. Patch by Dong-heeNa.

bpo-29931: Fixed comparison check for ipaddress.ip_interface objects.Patch by Sanjay Sundaresan.

bpo-24484: Avoid race condition in multiprocessing cleanup.

bpo-28994: The traceback no longer displayed for SystemExit raised in acallback registered by atexit.

bpo-30508: Don’t log exceptions if Task/Future “cancel()” method wascalled.

bpo-28556: Updates to typing module: Add generic AsyncContextManager, addsupport for ContextManager on all versions. Original PRs by Jelle Zijlstraand Ivan Levkivskyi

bpo-29870: Fix ssl sockets leaks when connection is aborted in asyncio/sslimplementation. Patch by Michaël Sghaïer.

bpo-29743: Closing transport during handshake process leaks open socket.Patch by Nikolay Kim

bpo-27585: Fix waiter cancellation in asyncio.Lock. Patch by MathieuSornay.

bpo-30418: On Windows, subprocess.Popen.communicate() now also ignoreEINVAL on stdin.write() if the child process is still running but closedthe pipe.

bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannothandle IPv6 addresses.

bpo-29960: Preserve generator state when _random.Random.setstate() raisesan exception. Patch by Bryan Olson.

bpo-30414: multiprocessing.Queue._feed background running thread do notbreak from main loop on exception.

bpo-30003: Fix handling escape characters in HZ codec. Based on patch byMa Lin.

bpo-30301: Fix AttributeError when using SimpleQueue.empty() underspawnandforkserver start methods.

bpo-30329: imaplib and poplib now catch the Windows socket WSAEINVAL error(code 10022) on shutdown(SHUT_RDWR): An invalid operation was attempted.This error occurs sometimes on SSL connections.

bpo-30375: Warnings emitted when compile a regular expression now alwayspoint to the line in the user code. Previously they could point intoinners of the re module if emitted from inside of groups or conditionals.

bpo-30048: FixedTask.cancel() can be ignored when the task is runningcoroutine and the coroutine returned without any moreawait.

bpo-29990: Fix range checking in GB18030 decoder. Original patch by MaLin.

bpo-26293: Change resulted because of zipfile breakage. (See also:bpo-29094)

bpo-30243: Removed the __init__ methods of _json’s scanner and encoder.Misusing them could cause memory leaks or crashes. Now scanner andencoder objects are completely initialized in the __new__ methods.

bpo-30185: Avoid KeyboardInterrupt tracebacks in forkserver helper processwhen Ctrl-C is received.

bpo-28556: Various updates to typing module: add typing.NoReturn type, useWrapperDescriptorType, minor bug-fixes. Original PRs by Jim Fasarakis-Hilliard and Ivan Levkivskyi.

bpo-30205: Fix getsockname() for unbound AF_UNIX sockets on Linux.

bpo-30070: Fixed leaks and crashes in errors handling in the parsermodule.

bpo-30061: Fixed crashes in IOBase methods __next__() and readlines() whenreadline() or __next__() respectively return non-sizeable object. Fixedpossible other errors caused by not checking results of PyObject_Size(),PySequence_Size(), or PyMapping_Size().

bpo-30068: _io._IOBase.readlines will check if it’s closed first when hintis present.

bpo-29694: Fixed race condition in pathlib mkdir with flags parents=True.Patch by Armin Rigo.

bpo-29692: Fixed arbitrary unchaining of RuntimeError exceptions incontextlib.contextmanager. Patch by Siddharth Velankar.

bpo-29998: Pickling and copying ImportError now preserves name and pathattributes.

bpo-29942: Fix a crash in itertools.chain.from_iterable when encounteringlong runs of empty iterables.

bpo-27863: Fixed multiple crashes in ElementTree caused by race conditionsand wrong types.

bpo-28699: Fixed a bug in pools in multiprocessing.pool that raising anexception at the very first of an iterable may swallow the exception ormake the program hang. Patch by Davin Potts and Xiang Zhang.

bpo-25803: Avoid incorrect errors raised by Path.mkdir(exist_ok=True) whenthe OS gives priority to errors such as EACCES over EEXIST.

bpo-29861: Release references to tasks, their arguments and their resultsas soon as they are finished in multiprocessing.Pool.

bpo-29884: faulthandler: Restore the old sigaltstack during teardown.Patch by Christophe Zeitouny.

bpo-25455: Fixed crashes in repr of recursive buffered file-like objects.

bpo-29800: Fix crashes in partial.__repr__ if the keys of partial.keywordsare not strings. Patch by Michael Seifert.

bpo-29742: get_extra_info() raises exception if get called on closed ssltransport. Patch by Nikolay Kim.

bpo-8256: Fixed possible failing or crashing input() if attributes“encoding” or “errors” of sys.stdin or sys.stdout are not set or are notstrings.

bpo-28298: Fix a bug that prevented array ‘Q’, ‘L’ and ‘I’ from acceptingbig intables (objects that have __int__) as elements. Patch by OrenMilman.

bpo-29615: SimpleXMLRPCDispatcher no longer chains KeyError (or any otherexception) to exception(s) raised in the dispatched methods. Patch by PetrMotejlek.

bpo-29704: asyncio.subprocess.SubprocessStreamProtocol no longer closesbefore all pipes are closed.

bpo-29703: Fix asyncio to support instantiation of new event loops inchild processes.

bpo-29376: Fix assertion error in threading._DummyThread.is_alive().

bpo-29110: Fix file object leak in aifc.open() when file is given as afilesystem path and is not in valid AIFF format. Patch by Anthony Zhang.

bpo-28961: Fix unittest.mock._Call helper: don’t ignore the name parameteranymore. Patch written by Jiajun Huang.

bpo-29532: Altering a kwarg dictionary passed to functools.partial() nolonger affects a partial object after creation.

bpo-28556: Various updates to typing module: typing.Counter,typing.ChainMap, improved ABC caching, etc. Original PRs by JelleZijlstra, Ivan Levkivskyi, Manuel Krebber, and Łukasz Langa.

bpo-29100: Fix datetime.fromtimestamp() regression introduced in Python3.6.0: check minimum and maximum years.

bpo-29519: Fix weakref spewing exceptions during interpreter shutdown whenused with a rare combination of multiprocessing and custom codecs.

bpo-29416: Prevent infinite loop in pathlib.Path.mkdir

bpo-29444: Fixed out-of-bounds buffer access in the group() method of thematch object. Based on patch by WGH.

bpo-29335: Fix subprocess.Popen.wait() when the child process has exitedto a stopped instead of terminated state (ex: when under ptrace).

bpo-29290: Fix a regression in argparse that help messages would wrap atnon-breaking spaces.

bpo-28735: Fixed the comparison of mock.MagickMock with mock.ANY.

bpo-29011: Fix an important omission by adding Deque to the typing module.

bpo-29219: Fixed infinite recursion in the repr of uninitializedctypes.CDLL instances.

bpo-28969: Fixed race condition in C implementation offunctools.lru_cache. KeyError could be raised when cached function withfull cache was simultaneously called from differen threads with the sameuncached arguments.

bpo-29142: In urllib.request, suffixes in no_proxy environment variablewith leading dots could match related hostnames again (e.g. .b.c matchesa.b.c). Patch by Milan Oberkirch.

bpo-30822: Fix regrtest command line parser to allow passing -uextralargefile to run test_zipfile64.

bpo-30383: regrtest: Enhance regrtest and backport features from themaster branch.

Add options: –coverage, –testdir, –list-tests (list test files, don’trun them), –list-cases (list test identifiers, don’t run them,bpo-30523), –matchfile (load a list of test filters from a textfile,bpo-30540), –slowest (alias to –slow).

Enhance output: add timestamp, test result, currently running tests,“Tests result: xxx” summary with total duration, etc.

Fix reference leak hunting in regrtest, –huntrleaks: regrtest now warmsup caches, create explicitly all internal singletons which are created ondemand to prevent false positives when checking for reference leaks.(bpo-30675).

bpo-30357: test_thread: setUp() now uses support.threading_setup() andsupport.threading_cleanup() to wait until threads complete to avoid randomside effects on following tests. Initial patch written by GrzegorzGrzywacz.

bpo-28087: Skip test_asyncore and test_eintr poll failures on macOS. Skipsome tests of select.poll when running on macOS due to unresolved issueswith the underlying system poll function on some macOS versions.

bpo-30197: Enhanced functions swap_attr() and swap_item() in thetest.support module. They now work when delete replaced attribute or iteminside the with statement. The old value of the attribute or item (orNone if it doesn’t exist) now will be assigned to the target of the “as”clause, if there is one.

bpo-29571: to match the behaviour of there.LOCALE flag,test_re.test_locale_flag now useslocale.getpreferredencoding(False)to determine the candidate encoding for the test regex (allowing it tocorrectly skip the test when the default locale encoding is a multi-byteencoding)

bpo-15812: inspect.getframeinfo() now correctly shows the first line of acontext. Patch by Sam Breese.

bpo-29094: Offsets in a ZIP file created with extern file object and modes“w” and “x” now are relative to the start of the file.

bpo-13051: Fixed recursion errors in large or resizedcurses.textpad.Textbox. Based on patch by Tycho Andersen.

bpo-29119: Fix weakrefs in the pure python version ofcollections.OrderedDict move_to_end() method. Contributed by AndraBogildea.

bpo-9770: curses.ascii predicates now work correctly with negativeintegers.

bpo-28427: old keys should not remove new values from WeakValueDictionarywhen collecting from another thread.

bpo-28923: Remove editor artifacts from Tix.py.

bpo-28871: Fixed a crash when deallocate deep ElementTree.

bpo-19542: Fix bugs in WeakValueDictionary.setdefault() andWeakValueDictionary.pop() when a GC collection happens in another thread.

bpo-20191: Fixed a crash in resource.prlimit() when pass a sequence thatdoesn’t own its elements as limits.

bpo-28779: multiprocessing.set_forkserver_preload() would crash theforkserver process if a preloaded module instantiated some multiprocessingobjects such as locks.

bpo-28847: dbm.dumb now supports reading read-only files and no longerwrites the index file when it is not changed.

bpo-25659: In ctypes, prevent a crash calling the from_buffer() andfrom_buffer_copy() methods on abstract classes like Array.

bpo-28732: Fix crash in os.spawnv() with no elements in args

bpo-28485: Always raise ValueError for negativecompileall.compile_dir(workers=…) parameter, even when multithreading isunavailable.

bpo-28387: Fixed possible crash in _io.TextIOWrapper deallocator when thegarbage collector is invoked in other thread. Based on patch by SebastianCufre.

bpo-27517: LZMA compressor and decompressor no longer raise exceptions ifgiven empty data twice. Patch by Benjamin Fogle.

bpo-28549: Fixed segfault in curses’s addch() with ncurses6.

bpo-28449: tarfile.open() with mode “r” or “r:” now tries to open a tarfile with compression before trying to open it without compression.Otherwise it had 50% chance failed with ignore_zeros=True.

bpo-23262: The webbrowser module now supports Firefox 36+ and derivedbrowsers. Based on patch by Oleg Broytman.

bpo-27939: Fixed bugs in tkinter.ttk.LabeledScale and tkinter.Scale causedby representing the scale as float value internally in Tk. tkinter.IntVarnow works if float value is set to underlying Tk variable.

bpo-28255: calendar.TextCalendar().prmonth() no longer prints a space atthe start of new line after printing a month’s calendar. Patch by XiangZhang.

bpo-20491: The textwrap.TextWrapper class now honors non-breaking spaces.Based on patch by Kaarle Ritvanen.

bpo-28353: os.fwalk() no longer fails on broken links.

bpo-25464: Fixed HList.header_exists() in tkinter.tix module by addin aworkaround to Tix library bug.

bpo-28488: shutil.make_archive() no longer add entry “./” to ZIP archive.

bpo-24452: Make webbrowser support Chrome on Mac OS X.

bpo-20766: Fix references leaked by pdb in the handling of SIGINThandlers.

bpo-26293: Fixed writing ZIP files that starts not from the start of thefile. Offsets in ZIP file now are relative to the start of the archive inconforming to the specification.

bpo-28321: Fixed writing non-BMP characters with binary format inplistlib.

bpo-28322: Fixed possible crashes when unpickle itertools objects fromincorrect pickle data. Based on patch by John Leitch.

Fix possible integer overflows and crashes in the mmap module with unusualusage patterns.

bpo-1703178: Fix the ability to pass the –link-objects option to thedistutils build_ext command.

bpo-28253: Fixed calendar functions for extreme months: 0001-01 and9999-12.

Methods itermonthdays() and itermonthdays2() are reimplemented so thatthey don’t call itermonthdates() which can cause datetime.dateunder/overflow.

bpo-28275: Fixed possible use after free in the decompress() methods ofthe LZMADecompressor and BZ2Decompressor classes. Original patch by JohnLeitch.

bpo-27897: Fixed possible crash in sqlite3.Connection.create_collation()if pass invalid string-like object as a name. Patch by Xiang Zhang.

bpo-18893: Fix invalid exception handling in Lib/ctypes/macholib/dyld.py.Patch by Madison May.

bpo-27611: Fixed support of default root window in the tkinter.tix module.

bpo-27348: In the traceback module, restore the formatting of exceptionmessages like “Exception: None”. This fixes a regression introduced in3.5a2.

bpo-25651: Allow falsy values to be used for msg parameter of subTest().

bpo-27932: Prevent memory leak in win32_ver().

Fix UnboundLocalError in socket._sendfile_use_sendfile.

bpo-28075: Check for ERROR_ACCESS_DENIED in Windows implementation ofos.stat(). Patch by Eryk Sun.

bpo-25270: Prevent codecs.escape_encode() from raising SystemError when anempty bytestring is passed.

bpo-28181: Get antigravity over HTTPS. Patch by Kaartic Sivaraam.

bpo-25895: Enable WebSocket URL schemes in urllib.parse.urljoin. Patch byGergely Imreh and Markus Holtermann.

bpo-27599: Fixed buffer overrun in binascii.b2a_qp() andbinascii.a2b_qp().

bpo-19003: m email.generator now replaces only\r and/or\n lineendings, per the RFC, instead of all unicode line endings.

bpo-28019: itertools.count() no longer rounds non-integer step in rangebetween 1.0 and 2.0 to 1.

bpo-25969: Update the lib2to3 grammar to handle the unpackinggeneralizations added in 3.5.

bpo-14977: mailcap now respects the order of the lines in the mailcapfiles (“first match”), as required by RFC 1542. Patch by Michael Lazar.

bpo-24594: Validates persist parameter when opening MSI database

bpo-17582: xml.etree.ElementTree nows preserves whitespaces in attributes(Patch by Duane Griffin. Reviewed and approved by Stefan Behnel.)

bpo-28047: Fixed calculation of line length used for the base64 CTE in thenew email policies.

bpo-27445: Don’t pass str(_charset) to MIMEText.set_payload(). Patch byClaude Paroz.

bpo-22450: urllib now includes anAccept:*/* header among the defaultheaders. This makes the results of REST API requests more consistent andpredictable especially when proxy servers are involved.

lib2to3.pgen3.driver.load_grammar() now creates a stable cache filebetween runs given the same Grammar.txt input regardless of the hashrandomization setting.

bpo-27570: Avoid zero-length memcpy() etc calls with null source pointersin the “ctypes” and “array” modules.

bpo-22233: Break email header linesonly on the RFC specified CR and LFcharacters, not on arbitrary unicode line breaks. This also fixes a bugin HTTP header parsing.

bpo-27988: Fix email iter_attachments incorrect mutation of payload list.

bpo-27691: Fix ssl module’s parsing of GEN_RID subject alternative namefields in X.509 certs.

bpo-27850: Remove 3DES from ssl module’s default cipher list to countermeasure sweet32 attack (CVE-2016-2183).

bpo-27766: Add ChaCha20 Poly1305 to ssl module’s default ciper list.(Required OpenSSL 1.1.0 or LibreSSL).

bpo-26470: Port ssl and hashlib module to OpenSSL 1.1.0.

Remove support for passing a file descriptor to os.access. It never workedbut previously didn’t raise.

bpo-12885: Fix error when distutils encounters symlink.

bpo-27881: Fixed possible bugs when settingsqlite3.Connection.isolation_level. Based on patch by Xiang Zhang.

bpo-27861: Fixed a crash in sqlite3.Connection.cursor() when a factorycreates not a cursor. Patch by Xiang Zhang.

bpo-19884: Avoid spurious output on OS X with Gnu Readline.

bpo-27706: Restore deterministic behavior of random.Random().seed() forstring seeds using seeding version 1. Allows sequences of calls torandom() to exactly match those obtained in Python 2. Patch by NofarSchnider.

bpo-10513: Fix a regression in Connection.commit(). Statements should notbe reset after a commit.

A new version of typing.py fromhttps://github.com/python/typing: -Collection (only for 3.6) (bpo-27598) - Add FrozenSet to __all__(upstream #261) - fix crash in _get_type_vars() (upstream #259) - Removethe dict constraint in ForwardRef._eval_type (upstream #252)

bpo-27539: Fix unnormalisedFraction.__pow__ result in the case ofnegative exponent and negative base.

bpo-21718: cursor.description is now available for queries using CTEs.

bpo-2466: posixpath.ismount now correctly recognizes mount points whichthe user does not have permission to access.

bpo-27773: Correct some memory management errors server_hostname in_ssl.wrap_socket().

bpo-26750: unittest.mock.create_autospec() now works properly forsubclasses of property() and other data descriptors.

In the curses module, raise an error if window.getstr() or window.instr()is passed a negative value.

bpo-27783: Fix possible usage of uninitialized memory inoperator.methodcaller.

bpo-27774: Fix possible Py_DECREF on unowned object in _sre.

bpo-27760: Fix possible integer overflow in binascii.b2a_qp.

bpo-27758: Fix possible integer overflow in the _csv module for largerecord lengths.

bpo-27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore theHTTP_PROXY variable when REQUEST_METHOD environment is set, whichindicates that the script is in CGI mode.

bpo-27656: Do not assume sched.h defines any SCHED_* constants.

bpo-27130: In the “zlib” module, fix handling of large buffers (typically4 GiB) when compressing and decompressing. Previously, inputs werelimited to 4 GiB, and compression and decompression operations did notproperly handle results of 4 GiB.

bpo-27533: Release GIL in nt._isdir

bpo-17711: Fixed unpickling by the persistent ID with protocol 0. Originalpatch by Alexandre Vassalotti.

bpo-27522: Avoid an unintentional reference cycle in email.feedparser.

bpo-26844: Fix error message for imp.find_module() to refer to ‘path’instead of ‘name’. Patch by Lev Maximov.

bpo-23804: Fix SSL zero-length recv() calls to not block and not raise anerror about unclean EOF.

bpo-27466: Change time format returned by http.cookie.time2netscape,confirming the netscape cookie format and making it consistent withdocumentation.

bpo-26664: Fix activate.fish by removing mis-use of$.

bpo-22115: Fixed tracing Tkinter variables: trace_vdelete() with wrongmode no longer break tracing, trace_vinfo() now always returns a list ofpairs of strings, tracing in the “u” mode now works.

Fix a scoping issue in importlib.util.LazyLoader which triggered anUnboundLocalError when lazy-loading a module that was already put intosys.modules.

bpo-27079: Fixed curses.ascii functions isblank(), iscntrl() andispunct().

bpo-26754: Some functions (compile() etc) accepted a filename argumentencoded as an iterable of integers. Now only strings and byte-like objectsare accepted.

bpo-27048: Prevents distutils failing on Windows when environmentvariables contain non-ASCII characters

bpo-27330: Fixed possible leaks in the ctypes module.

bpo-27238: Got rid of bare excepts in the turtle module. Original patchby Jelle Zijlstra.

bpo-27122: When an exception is raised within the context being managed bya contextlib.ExitStack() and one of the exit stack generators catches andraises it in a chain, do not re-raise the original exception when exiting,let the new chained one through. This avoids the PEP 479 bug described inissue25782.

bpo-27164: In the zlib module, allow decompressing raw Deflate streamswith a predefined zdict. Based on patch by Xiang Zhang.

bpo-24291: Fix wsgiref.simple_server.WSGIRequestHandler to completelywrite data to the client. Previously it could do partial writes andtruncate data. Also, wsgiref.handler.ServerHandler can now handle stdoutdoing partial writes, but this is deprecated.

bpo-26809: Add__all__ tostring. Patch by Emanuel Barry.

bpo-26373: subprocess.Popen.communicate now correctly ignoresBrokenPipeError when the child process dies before .communicate() iscalled in more/all circumstances.

bpo-21776: distutils.upload now correctly handles HTTPError. Initial patchby Claudiu Popa.

bpo-27114: Fix SSLContext._load_windows_store_certs fails withPermissionError

bpo-18383: Avoid creating duplicate filters when using filterwarnings andsimplefilter. Based on patch by Alex Shkop.

bpo-27057: Fix os.set_inheritable() on Android, ioctl() is blocked bySELinux and fails with EACCESS. The function now falls back to fcntl().Patch written by Michał Bednarski.

bpo-27014: Fix infinite recursion using typing.py. Thanks to Kalle Tuure!

bpo-14132: Fix urllib.request redirect handling when the target only has aquery string. Original fix by Ján Janech.

bpo-17214: The “urllib.request” module now percent-encodes non-ASCII bytesfound in redirect target URLs. Some servers send Location header fieldswith non- ASCII bytes, but “http.client” requires the request target to beASCII- encodable, otherwise a UnicodeEncodeError is raised. Based onpatch by Christian Heimes.

bpo-26892: Honor debuglevel flag in urllib.request.HTTPHandler. Patchcontributed by Chi Hsuan Yen.

bpo-22274: In the subprocess module, allow stderr to be redirected tostdout even when stdout is not redirected. Patch by Akira Li.

bpo-26807: mock_open ‘files’ no longer error on readline at end of file.Patch from Yolanda Robla.

bpo-25745: Fixed leaking a userptr in curses panel destructor.

bpo-26977: Removed unnecessary, and ignored, call to sum of squares helperin statistics.pvariance.

bpo-26881: The modulefinder module now supports extended opcode arguments.

bpo-23815: Fixed crashes related to directly created instances of types in_tkinter and curses.panel modules.

bpo-17765: weakref.ref() no longer silently ignores keyword arguments.Patch by Georg Brandl.

bpo-26873: xmlrpc now raises ResponseError on unsupported type tagsinstead of silently return incorrect result.

bpo-26711: Fixed the comparison of plistlib.Data with other types.

bpo-24114: Fix an uninitialized variable inctypes.util.

The bug only occurs on SunOS when the ctypes implementation searches forthecrle program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos.

bpo-26864: In urllib.request, change the proxy bypass host checkingagainst no_proxy to be case-insensitive, and to not match unrelated hostnames that happen to have a bypassed hostname as a suffix. Patch by XiangZhang.

bpo-26634: recursive_repr() now sets __qualname__ of wrapper. Patch byXiang Zhang.

bpo-26804: urllib.request will prefer lower_case proxy environmentvariables over UPPER_CASE or Mixed_Case ones. Patch contributed byHans-Peter Jansen.

bpo-26837: assertSequenceEqual() now correctly outputs non-stringifieddiffering items (like bytes in the -b mode). This affectsassertListEqual() and assertTupleEqual().

bpo-26041: Remove “will be removed in Python 3.7” from deprecationmessages of platform.dist() and platform.linux_distribution(). Patch byKumaripaba Miyurusara Athukorala.

bpo-26822: itemgetter, attrgetter and methodcaller objects no longersilently ignore keyword arguments.

bpo-26733: Disassembling a class now disassembles class and staticmethods. Patch by Xiang Zhang.

bpo-26801: Fix error handling inshutil.get_terminal_size(), catchAttributeError instead ofNameError. Patch written byEmanuel Barry.

bpo-24838: tarfile’s ustar and gnu formats now correctly calculate nameand link field limits for multibyte character encodings like utf-8.

bpo-22524: New os.scandir() function, part of the PEP 471: “os.scandir()function – a better and faster directory iterator”. Patch written by BenHoyt.

bpo-23103: Reduced the memory consumption of IPv4Address and IPv6Address.

bpo-21793: BaseHTTPRequestHandler again logs response code as numeric, notas stringified enum. Patch by Demian Brecht.

bpo-23476: In the ssl module, enable OpenSSL’s X509_V_FLAG_TRUSTED_FIRSTflag on certificate stores when it is available.

bpo-23576: Avoid stalling in SSL reads when EOF has been reached in theSSL layer but the underlying connection hasn’t been closed.

bpo-23504: Added an __all__ to the types module.

bpo-23563: Optimized utility functions in urllib.parse.

bpo-7830: Flatten nested functools.partial.

bpo-20204: Added the __module__ attribute to _tkinter classes.

bpo-19980: Improved help() for non-recognized strings. help(‘’) now showsthe help on str. help(‘help’) now shows the help on help(). Originalpatch by Mark Lawrence.

bpo-23521: Corrected pure python implementation of timedelta division.

Eliminated OverflowError fromtimedelta*float for some floats;Corrected rounding in timedlta true division.

bpo-21619: Popen objects no longer leave a zombie after exit in the withstatement if the pipe was broken. Patch by Martin Panter.

bpo-22936: Make it possible to show local variables in tracebacks for boththe traceback module and unittest.

bpo-15955: Add an option to limit the output size in bz2.decompress().Patch by Nikolaus Rath.

bpo-6639: Module-level turtle functions no longer raise TclError afterclosing the window.

bpo-814253: Group references and conditional group references now work inlookbehind assertions in regular expressions. (See also:bpo-9179)

bpo-23215: Multibyte codecs with custom error handlers that ignores errorsconsumed too much memory and raised SystemError or MemoryError. Originalpatch by Aleksi Torhamo.

bpo-5700: io.FileIO() called flush() after closing the file. flush() wasnot called in close() if closefd=False.

bpo-23374: Fixed pydoc failure with non-ASCII files when stdout encodingdiffers from file system encoding (e.g. on Mac OS).

bpo-23481: Remove RC4 from the SSL module’s default cipher list.

bpo-21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with emptydocstrings.

bpo-22885: Fixed arbitrary code execution vulnerability in the dbm.dumbmodule. Original patch by Claudiu Popa.

bpo-23239: ssl.match_hostname() now supports matching of IP addresses.

bpo-23146: Fix mishandling of absolute Windows paths with forward slashesin pathlib.

bpo-23096: Pickle representation of floats with protocol 0 now is the samefor both Python and C implementations.

bpo-19105: pprint now more efficiently uses free space at the right.

bpo-14910: Add allow_abbrev parameter to argparse.ArgumentParser. Patch byJonathan Paugh, Steven Bethard, paul j3 and Daniel Eriksson.

bpo-21717: tarfile.open() now supports ‘x’ (exclusive creation) mode.

bpo-23344: marshal.dumps() is now 20-25% faster on average.

bpo-20416: marshal.dumps() with protocols 3 and 4 is now 40-50% faster onaverage.

bpo-23421: Fixed compression in tarfile CLI. Patch by wdv4758h.

bpo-23367: Fix possible overflows in the unicodedata module.

bpo-23361: Fix possible overflow in Windows subprocess creation code.

logging.handlers.QueueListener now takes a respect_handler_level keywordargument which, if set to True, will pass messages to handlers takinghandler levels into account.

bpo-19705: turtledemo now has a visual sorting algorithm demo. Originalpatch from Jason Yeo.

bpo-23801: Fix issue where cgi.FieldStorage did not always ignore theentire preamble to a multipart body.