diff -Nru python2.7-2.7.11/configure python2.7-2.7.12/configure --- python2.7-2.7.11/configure 2015-12-05 19:47:20.000000000 +0000 +++ python2.7-2.7.12/configure 2016-06-25 21:49:32.000000000 +0000 @@ -667,6 +667,7 @@ LLVM_PROF_MERGER PGO_PROF_USE_FLAG PGO_PROF_GEN_FLAG +LTOFLAGS UNIVERSAL_ARCH_FLAGS BASECFLAGS OPT @@ -743,6 +744,7 @@ build_vendor build_cpu build +cross_compiling target_alias host_alias build_alias @@ -789,11 +791,13 @@ with_framework_name enable_framework with_gcc +with_icc with_cxx_main with_suffix enable_shared enable_profiling with_pydebug +with_lto enable_toolbox_glue with_libs with_system_expat @@ -1469,11 +1473,14 @@ specify an alternate name of the framework built with --enable-framework --without-gcc never use gcc + --with-icc build with icc --with-cxx-main= compile main() and link python executable with C++ compiler --with-suffix=.exe set executable suffix --with-pydebug build with Py_DEBUG defined + --with-lto Enable Link Time Optimization in PGO builds. + Disabled by default. --with-libs='lib1 ...' link against additional libs --with-system-expat build pyexpat module using an installed expat library @@ -3375,7 +3382,7 @@ # # SGI compilers allow the specification of the both the ABI and the # ISA on the command line. Depending on the values of these switches, -# different and often incompatable code will be generated. +# different and often incompatible code will be generated. # # The SGI_ABI variable can be used to modify the CC and LDFLAGS and # thus supply support for various ABI/ISA combinations. The MACHDEP @@ -3480,6 +3487,29 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $without_gcc" >&5 $as_echo "$without_gcc" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-icc" >&5 +$as_echo_n "checking for --with-icc... " >&6; } + +# Check whether --with-icc was given. +if test "${with_icc+set}" = set; then : + withval=$with_icc; + case $withval in + no) CC=${CC:-cc} + with_icc=no;; + yes) CC=icc + CXX=icpc + with_icc=yes;; + *) CC=$withval + with_icc=$withval;; + esac +else + + with_icc=no +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_icc" >&5 +$as_echo "$with_icc" >&6; } + # If the user switches compilers, we can't believe the cache if test ! -z "$ac_cv_prog_CC" -a ! -z "$CC" -a "$CC" != "$ac_cv_prog_CC" then @@ -6188,6 +6218,13 @@ ;; esac +# ICC needs -fp-model strict or floats behave badly +case "$CC" in +*icc*) + BASECFLAGS="$BASECFLAGS -fp-model strict" + ;; +esac + if test "$Py_DEBUG" = 'true'; then : else @@ -6333,7 +6370,56 @@ fi +# Enable LTO flags + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-lto" >&5 +$as_echo_n "checking for --with-lto... " >&6; } + +# Check whether --with-lto was given. +if test "${with_lto+set}" = set; then : + withval=$with_lto; +if test "$withval" != no +then + Py_LTO='true' + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; +else + Py_LTO='false' + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; +fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +if test "$Py_LTO" = 'true' ; then + case $CC in + *clang*) + # Any changes made here should be reflected in the GCC+Darwin case below + LTOFLAGS="-flto" + ;; + *gcc*) + case $ac_sys_system in + Darwin*) + LTOFLAGS="-flto" + ;; + *) + LTOFLAGS="-flto -fuse-linker-plugin -ffat-lto-objects -flto-partition=none" + ;; + esac + ;; + esac +fi + + # Enable PGO flags. + + + + + + # Extract the first word of "llvm-profdata", so it can be a program name with args. set dummy llvm-profdata; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 @@ -6405,6 +6491,12 @@ ;; esac ;; + *icc*) + PGO_PROF_GEN_FLAG="-prof-gen" + PGO_PROF_USE_FLAG="-prof-use" + LLVM_PROF_MERGER="true" + LLVM_PROF_FILE="" + ;; esac @@ -11918,19 +12010,9 @@ _ACEOF -$as_echo "#define HAVE_ST_BLOCKS 1" >>confdefs.h - -else - case " $LIBOBJS " in - *" fileblocks.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS fileblocks.$ac_objext" - ;; -esac - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for time.h that defines altzone" >&5 $as_echo_n "checking for time.h that defines altzone... " >&6; } if ${ac_cv_header_time_altzone+:} false; then : @@ -13890,6 +13972,50 @@ fi + +# also in 4.0, but not in editline +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for rl_resize_terminal in -lreadline" >&5 +$as_echo_n "checking for rl_resize_terminal in -lreadline... " >&6; } +if ${ac_cv_lib_readline_rl_resize_terminal+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lreadline $READLINE_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char rl_resize_terminal (); +int +main () +{ +return rl_resize_terminal (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_readline_rl_resize_terminal=yes +else + ac_cv_lib_readline_rl_resize_terminal=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_readline_rl_resize_terminal" >&5 +$as_echo "$ac_cv_lib_readline_rl_resize_terminal" >&6; } +if test "x$ac_cv_lib_readline_rl_resize_terminal" = xyes; then : + +$as_echo "#define HAVE_RL_RESIZE_TERMINAL 1" >>confdefs.h + +fi + # check for readline 4.2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rl_completion_matches in -lreadline" >&5 diff -Nru python2.7-2.7.11/configure.ac python2.7-2.7.12/configure.ac --- python2.7-2.7.11/configure.ac 2015-12-05 19:47:20.000000000 +0000 +++ python2.7-2.7.12/configure.ac 2016-06-25 21:49:32.000000000 +0000 @@ -12,6 +12,7 @@ AC_CONFIG_SRCDIR([Include/object.h]) AC_CONFIG_HEADER(pyconfig.h) +AC_SUBST(cross_compiling) AC_CANONICAL_HOST AC_SUBST(build) AC_SUBST(host) @@ -478,7 +479,7 @@ # # SGI compilers allow the specification of the both the ABI and the # ISA on the command line. Depending on the values of these switches, -# different and often incompatable code will be generated. +# different and often incompatible code will be generated. # # The SGI_ABI variable can be used to modify the CC and LDFLAGS and # thus supply support for various ABI/ISA combinations. The MACHDEP @@ -573,6 +574,22 @@ esac]) AC_MSG_RESULT($without_gcc) +AC_MSG_CHECKING(for --with-icc) +AC_ARG_WITH(icc, + AS_HELP_STRING([--with-icc], [build with icc]), +[ + case $withval in + no) CC=${CC:-cc} + with_icc=no;; + yes) CC=icc + CXX=icpc + with_icc=yes;; + *) CC=$withval + with_icc=$withval;; + esac], [ + with_icc=no]) +AC_MSG_RESULT($with_icc) + # If the user switches compilers, we can't believe the cache if test ! -z "$ac_cv_prog_CC" -a ! -z "$CC" -a "$CC" != "$ac_cv_prog_CC" then @@ -1266,6 +1283,13 @@ ;; esac +# ICC needs -fp-model strict or floats behave badly +case "$CC" in +*icc*) + BASECFLAGS="$BASECFLAGS -fp-model strict" + ;; +esac + if test "$Py_DEBUG" = 'true'; then : else @@ -1353,6 +1377,40 @@ fi +# Enable LTO flags +AC_SUBST(LTOFLAGS) +AC_MSG_CHECKING(for --with-lto) +AC_ARG_WITH(lto, AS_HELP_STRING([--with-lto], [Enable Link Time Optimization in PGO builds. Disabled by default.]), +[ +if test "$withval" != no +then + Py_LTO='true' + AC_MSG_RESULT(yes); +else + Py_LTO='false' + AC_MSG_RESULT(no); +fi], +[AC_MSG_RESULT(no)]) +if test "$Py_LTO" = 'true' ; then + case $CC in + *clang*) + # Any changes made here should be reflected in the GCC+Darwin case below + LTOFLAGS="-flto" + ;; + *gcc*) + case $ac_sys_system in + Darwin*) + LTOFLAGS="-flto" + ;; + *) + LTOFLAGS="-flto -fuse-linker-plugin -ffat-lto-objects -flto-partition=none" + ;; + esac + ;; + esac +fi + + # Enable PGO flags. AC_SUBST(PGO_PROF_GEN_FLAG) AC_SUBST(PGO_PROF_USE_FLAG) @@ -1394,6 +1452,12 @@ ;; esac ;; + *icc*) + PGO_PROF_GEN_FLAG="-prof-gen" + PGO_PROF_USE_FLAG="-prof-use" + LLVM_PROF_MERGER="true" + LLVM_PROF_FILE="" + ;; esac @@ -3410,7 +3474,7 @@ AC_CHECK_MEMBERS([struct stat.st_flags]) AC_CHECK_MEMBERS([struct stat.st_gen]) AC_CHECK_MEMBERS([struct stat.st_birthtime]) -AC_STRUCT_ST_BLOCKS +AC_CHECK_MEMBERS([struct stat.st_blocks]) AC_MSG_CHECKING(for time.h that defines altzone) AC_CACHE_VAL(ac_cv_header_time_altzone,[ @@ -4170,6 +4234,11 @@ AC_DEFINE(HAVE_RL_COMPLETION_DISPLAY_MATCHES_HOOK, 1, [Define if you have readline 4.0]), ,$READLINE_LIBS) +# also in 4.0, but not in editline +AC_CHECK_LIB(readline, rl_resize_terminal, + AC_DEFINE(HAVE_RL_RESIZE_TERMINAL, 1, + [Define if you have readline 4.0]), ,$READLINE_LIBS) + # check for readline 4.2 AC_CHECK_LIB(readline, rl_completion_matches, AC_DEFINE(HAVE_RL_COMPLETION_MATCHES, 1, diff -Nru python2.7-2.7.11/debian/changelog python2.7-2.7.12/debian/changelog --- python2.7-2.7.11/debian/changelog 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/changelog 2018-11-12 17:58:55.000000000 +0000 @@ -1,8 +1,205 @@ -python2.7 (2.7.11-7ubuntu1) xenial; urgency=medium +python2.7 (2.7.12-1ubuntu0~16.04.4) xenial-security; urgency=medium + * SECURITY UPDATE: heap buffer overflow via race condition + - debian/patches/CVE-2018-1000030-1.patch: stop crashes when iterating + over a file on multiple threads in Lib/test/test_file2k.py, + Objects/fileobject.c. + - debian/patches/CVE-2018-1000030-2.patch: fix crash when multiple + threads iterate over a file in Lib/test/test_file2k.py, + Objects/fileobject.c. + - CVE-2018-1000030 + * SECURITY UPDATE: command injection in shutil module + - debian/patches/CVE-2018-1000802.patch: use subprocess rather than + distutils.spawn in Lib/shutil.py. + - CVE-2018-1000802 + * SECURITY UPDATE: DoS via catastrophic backtracking + - debian/patches/CVE-2018-106x.patch: fix expressions in + Lib/difflib.py, Lib/poplib.py. Added tests to + Lib/test/test_difflib.py, Lib/test/test_poplib.py. + - CVE-2018-1060 + - CVE-2018-1061 + * SECURITY UPDATE: incorrect Expat hash salt initialization + - debian/patches/CVE-2018-14647.patch: call SetHashSalt in + Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c. + - CVE-2018-14647 + + -- Marc Deslauriers Mon, 12 Nov 2018 09:36:49 -0500 + +python2.7 (2.7.12-1ubuntu0~16.04.3) xenial-proposed; urgency=medium + + * Some performance improvements: LP: #1638695. + - Build the _math.o object file without -fPIC for static builds. + * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109. + * Explicitly use the system python for byte compilation in postinst scripts. + LP: #1682934. + * Fix issue #22636: Avoid shell injection problems with + ctypes.util.find_library(). LP: #1512068. + + -- Matthias Klose Mon, 04 Dec 2017 15:50:18 +0100 + +python2.7 (2.7.12-1ubuntu0~16.04.2) xenial-security; urgency=medium + + * SECURITY UPDATE: integer overflow in the PyString_DecodeEscape + function + - debian/patches/CVE-2017-1000158.patch: fix this integer overflow + in Objects/stringobject.c. + - CVE-2017-1000158 + + -- Leonidas S. Barbosa Mon, 20 Nov 2017 15:23:56 -0300 + +python2.7 (2.7.12-1ubuntu0~16.04.1) xenial-security; urgency=medium + + * SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI + scripts (aka HTTPOXY attack) + - debian/patches/CVE-2016-1000110.patch: if running as CGI + script, forget HTTP_PROXY in Lib/urllib.py, add test to + Lib/test/test_urllib.py, add documentation. + - CVE-2016-1000110 + * NOTE: backport of 2.7.12 to Ubuntu 16.04 LTS also addresses: + - CVE-2016-0772: StartTLS stripping attack + - CVE-2016-5636: Integer overflow when handling zipfiles + + -- Steve Beattie Fri, 18 Nov 2016 22:48:10 -0800 + +python2.7 (2.7.12-1~16.04) xenial-proposed; urgency=medium + + * SRU: LP: #1591895. Backport 2.7.12 to 16.04 LTS. + + -- Matthias Klose Fri, 01 Jul 2016 17:12:24 +0200 + +python2.7 (2.7.12-1) unstable; urgency=medium + + * Python 2.7.12 release. + + -- Matthias Klose Wed, 29 Jun 2016 10:18:26 +0200 + +python2.7 (2.7.12~rc1-2) unstable; urgency=medium + + * Extend debian/copyright to the files shipped in the wheel files. + + -- Matthias Klose Mon, 13 Jun 2016 11:20:59 +0200 + +python2.7 (2.7.12~rc1-1) unstable; urgency=medium + + * Python 2.7.12 release candidate 1. + - Issue #20041: Fixed TypeError when frame.f_trace is set to None. + - Issue #25702: A --with-lto configure option has been added that will + enable link time optimizations at build time during a make profile-opt. + Some compilers and toolchains are known to not produce stable code when + using LTO, be sure to test things thoroughly before relying on it. + It can provide a few % speed up over profile-opt alone. + - Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283. + - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. + - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of + the locale. + - Issue #25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() + from sending a message body for 205 Reset Content. Also, don't send the + Content-Type header field in responses that don't have a body. + - Issue #21313: Fix the "platform" module to tolerate when sys.version + contains truncated build information. + - Issue #27211: Fix possible memory corruption in io.IOBase.readline(). + - Issue #5124: Paste with text selected now replaces the selection on X11. + This matches how paste works on Windows, Mac, most modern Linux apps, + and ttk widgets. + - Issue #24759: Make clear in idlelib.idle_test.__init__ that the directory + is a private implementation of test.test_idle and tool for maintainers. + - Issue #21916: Added tests for the turtle module. + - Issue #27229: Fix the cross-compiling pgen rule for in-tree builds. + - Issue #17500, and https://github.com/python/pythondotorg/issues/945: Remove + unused and outdated icons. + + -- Matthias Klose Mon, 13 Jun 2016 09:07:49 +0200 + +python2.7 (2.7.11-11) unstable; urgency=medium + + * Update to 20160602 from the 2.7 branch. + - Issue #26168: Fixed possible refleaks in failing Py_BuildValue() with + the "N" format unit. + - Issue #27114: Fix SSLContext._load_windows_store_certs fails with + PermissionError. + - Issue #26673: When tk reports font size as 0, change to size 10. + Such fonts on Linux prevented the configuration dialog from opening. + - Issue #27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. + - In the 'IDLE-console differences' section of the IDLE doc, clarify + how running with IDLE affects sys.modules and the standard streams. + - Issue #25507: Fix incorrect change in IOBinding that prevented printing. + Change also prevented saving shell window with non-ascii characters. + Augment IOBinding htest to include all major IOBinding functions. + - Issue #25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION + MARK in README.txt and open this and NEWS.txt with 'ascii'. + Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. + * Rebuild to pick up the GNU triplet change on i386 archs. Closes: #826128. + + -- Matthias Klose Thu, 02 Jun 2016 21:34:15 +0200 + +python2.7 (2.7.11-10) unstable; urgency=medium + + * Update to 20160518 from the 2.7 branch. + - Issue #27039: Fixed bytearray.remove() for values greater than 127. + - Issue #14132: Fix urllib.request redirect handling when the target only + has a query string. + - Removed the requirements for the ctypes and modulefinder modules to be + compatible with earlier Python versions. + - Issue #22274: In the subprocess module, allow stderr to be redirected to + stdout even when stdout is not redirected. + - Issue #12045: Avoid duplicate execution of command in + ctypes.util._get_soname(). + - Issue #26960: Backported #16270 from Python 3 to Python 2, to prevent + urllib from hanging when retrieving certain FTP files. + + -- Matthias Klose Wed, 18 May 2016 21:39:41 +0200 + +python2.7 (2.7.11-9) unstable; urgency=medium + + * Update to 20160509 from the 2.7 branch. + - Issue #25745: Fixed leaking a userptr in curses panel destructor. + - Issue #17765: weakref.ref() no longer silently ignores keyword arguments. + - Issue #26873: xmlrpclib now raises ResponseError on unsupported type tags + instead of silently return incorrect result. + - Issue #24114: Fix an uninitialized variable in `ctypes.util`. + - Issue #26864: In urllib, change the proxy bypass host checking against + no_proxy to be case-insensitive, and to not match unrelated host names + that happen to have a bypassed hostname as a suffix. + - Issue #26804: urllib will prefer lower_case proxy environment variables + over UPPER_CASE or Mixed_Case ones. + - Issue #26837: assertSequenceEqual() now correctly outputs non-stringified + differing items. This affects assertListEqual() and assertTupleEqual(). + - Issue #26822: itemgetter, attrgetter and methodcaller objects no longer + silently ignore keyword arguments. + - Issue #26657: Fix directory traversal vulnerability with SimpleHTTPServer + on Windows. This fixes a regression that was introduced in 2.7.7. + - Issue #26736: Used HTTPS for external links in the documentation if + possible. + - Issue #22359: Avoid incorrect recursive $(MAKE), and disable the rules for + running pgen when cross-compiling. + - Issue #26799: Fix python-gdb.py: don't get C types once when the Python + code is loaded, but get C types on demand. The C types can change if + python-gdb.py is loaded before the Python executable. + * Fix issue #26673, runtime error in idle3. LP: #1578927. + + -- Matthias Klose Mon, 09 May 2016 17:54:33 +0200 + +python2.7 (2.7.11-8) unstable; urgency=medium + + * Update to 20160417 from the 2.7 branch. + - Issue #4806: Avoid masking the original TypeError exception when using + star (*) unpacking and the exception was raised from a generator. + - Issue #26659: Make the builtin slice type support cycle collection. + - Issue #26718: super.__init__ no longer leaks memory if called multiple + times. NOTE: A direct call of super.__init__ is not endorsed! + - Issue #13410: Fixed a bug in PyUnicode_Format where it failed to properly + ignore errors from a __int__() method. + - Issue #19377: Add .svg to mimetypes.types_map. + - Issue #13952: Add .csv to mimetypes.types_map. + - Issue #16329: Add .webm to mimetypes.types_map. + - Issue #23735: Handle terminal resizing with Readline 6.3+ by installing + our own SIGWINCH handler. + - Issue #6953: Rework the Readline module documentation to group related + functions together, and add more details such as what underlying Readline + functions and variables are accessed. * Fix gdb auto-load symlink for the python2.7 binary. LP: #1571198. - -- Matthias Klose Sun, 17 Apr 2016 16:00:29 +0200 + -- Matthias Klose Sun, 17 Apr 2016 16:00:29 +0200 python2.7 (2.7.11-7) unstable; urgency=medium diff -Nru python2.7-2.7.11/debian/control python2.7-2.7.12/debian/control --- python2.7-2.7.11/debian/control 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/control 2018-11-12 17:58:55.000000000 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Ubuntu Core Developers XSBC-Original-Maintainer: Matthias Klose -Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.17.11), +Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.17.11), gcc-5 (>= 5.4), quilt, autoconf, autotools-dev, lsb-release, sharutils, libreadline-dev, libtinfo-dev, libncursesw5-dev (>= 5.3), @@ -22,7 +22,7 @@ python2.7-xml, python-xml, autoconf2.13, python-cxx-dev, hardening-wrapper -Standards-Version: 3.9.7 +Standards-Version: 3.9.8 Vcs-Browser: https://code.launchpad.net/~doko/python/pkg2.7-debian Vcs-Bzr: http://bazaar.launchpad.net/~doko/python/pkg2.7-debian XS-Testsuite: autopkgtest diff -Nru python2.7-2.7.11/debian/control.in python2.7-2.7.12/debian/control.in --- python2.7-2.7.11/debian/control.in 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/control.in 2018-11-12 17:58:55.000000000 +0000 @@ -21,7 +21,7 @@ @PVER@-xml, python-xml, autoconf2.13, python-cxx-dev, hardening-wrapper -Standards-Version: 3.9.7 +Standards-Version: 3.9.8 Vcs-Browser: https://code.launchpad.net/~doko/python/pkg@VER@-debian Vcs-Bzr: http://bazaar.launchpad.net/~doko/python/pkg@VER@-debian XS-Testsuite: autopkgtest diff -Nru python2.7-2.7.11/debian/copyright python2.7-2.7.12/debian/copyright --- python2.7-2.7.11/debian/copyright 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/copyright 2018-11-12 17:58:55.000000000 +0000 @@ -730,3 +730,229 @@ /* Modified by Guido van Rossum */ /* Beep added by Mark Hammond */ /* Win9X Beep and platform identification added by Uncle Timmy */ + +Files: Lib/ensurepip/_bundled/setuptools-*.whl +License: see above, some license as Python. + +Files: Lib/ensurepip/_bundled/pip-*.whl +Copyright: Copyright © 2008-2013 The pip developers: + Alex Grönholm + Alex Morega + Alexandre Conrad + Andrey Bulgakov + Antti Kaihola + Armin Ronacher + Aziz Köksal + Ben Rosser + Brian Rosner + Carl Meyer + Chris McDonough + Christian Oudard + Clay McClure + Cody Soyland + Daniel Holth + Dave Abrahams + David (d1b) + Dmitry Gladkov + Donald Stufft + Francesco + Geoffrey Lehée + Georgi Valkov + Hugo Lopes Tavares + Ian Bicking + Igor Sobreira + Ionel Maries Cristian + Jakub Vysoky + James Cleveland + Jannis Leidel + Jay Graves + John-Scott Atlakson + Jon Parise + Jonas Nockert + Josh Bronson + Kamal Bin Mustafa + Kelsey Hightower + Kenneth Belitzky + Kumar McMillan + Luke Macken + Masklinn + Marc Abramowitz + Marcus Smith + Markus Hametner + Matt Maker + Maxime R. + Miguel Araujo + Nick Stenning + Nowell Strite + Oliver Tonnhofer + Olivier Girardot + Patrick Jenkins + Paul Moore + Paul Nasrat + Paul Oswald + Paul van der Linden + Peter Waller + Phil Whelan + Piet Delport + Przemek Wrzos + Qiangning Hong + Rafael Caricio + Rene Dudfield + Roey Berman + Ronny Pfannschmidt + Rory McCann + Simon Cross + Stavros Korokithakis + Thomas Fenzl + Thomas Johansson + Vinay Sajip + Vitaly Babiy + W Trevor King + Wil Tan + Hsiaoming Yang +License: Expat + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/ipaddress.py +Copyright: 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Python Software Foundation; All Rights Reserved + 2007 Google Inc. +License: PSF-2 + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/retrying.py +Copyright: (c) 2013-2014, + (c) 2014, Derek Wilson + (c) 2014, Alex Kuang +License: Apache-2 + +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in /usr/share/common-licenses/Apache-2.0. + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/six.py +Copyright: Copyright (c) 2010-2014 Benjamin Peterson +License: Expat + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/cachecontrol +Copyright: 2015 Eric Larson +License: Apache-2.0 + Copyright 2015 Eric Larson + . + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied. + . + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the license is available at + /usr/share/common-licenses/Apache-2.0 + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/colorama +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/distlib +Copyright: Copyright (C) 2012-2013 The Python Software Foundation + Copyright (C) 2012-2013 Vinay Sajip +License: Python + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/html5lib +html5lib is Copyright (c) 2006 The Authors +Authors: + James Graham - james@hoppipolla.co.uk + Anne van Kesteren - annevankesteren@gmail.com + Lachlan Hunt - lachlan.hunt@lachy.id.au + Matt McDonald - kanashii@kanashii.ca + Sam Ruby - rubys@intertwingly.net + Ian Hickson (Google) - ian@hixie.ch + Thomas Broyer - t.broyer@gmail.com + +License: + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/lockfile +Copyright: + © 2014–2015 OpenStack Foundation + © 2007–2012 Skip Montanaro + © 2008–2014 Ben Finney +License: Expat + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/packaging +Copyright: Copyright (C) 2014 Donald Stufft + Copyright (C) 2012-2013 Vinay Sajip +License: Apache-2.0 + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/progress +Copyright: Copyright (c) 2012 Giorgos Verigakis +License: ISC + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/requests +Copyright: 2016, Kenneth Reitz +License: Apache + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/requests/packages/urllib3/* +Copyright: 2008-2016, Andrey Petrov +License: Expat + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/requests/packages/urllib3/packages/ordered_dict.py +Copyright: 2009, Raymond Hettinger +License: Expat + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py +Copyright: 2011, Python Software Foundation +License: PSF-2 + +Files: Lib/ensurepip/_bundled/pip-*.whl/pip/_vendor/requests/packages/chardet/* +Copyright: 2006-2008, Mark Pilgrim + 2012-2013, Ian Cordasco +License: LGPL-2.1+ diff -Nru python2.7-2.7.11/debian/idle-PVER.postinst.in python2.7-2.7.12/debian/idle-PVER.postinst.in --- python2.7-2.7.11/debian/idle-PVER.postinst.in 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/idle-PVER.postinst.in 2018-11-12 17:58:55.000000000 +0000 @@ -12,10 +12,10 @@ configure|abort-upgrade|abort-remove|abort-deconfigure) for i in $DIRLIST ; do - @PVER@ /usr/lib/@PVER@/compileall.py -q $i + /usr/bin/@PVER@ /usr/lib/@PVER@/compileall.py -q $i if grep -sq '^byte-compile[^#]*optimize' /etc/python/debian_config then - @PVER@ -O /usr/lib/@PVER@/compileall.py -q $i + /usr/bin/@PVER@ -O /usr/lib/@PVER@/compileall.py -q $i fi done ;; diff -Nru python2.7-2.7.11/debian/libpython.symbols.in python2.7-2.7.12/debian/libpython.symbols.in --- python2.7-2.7.11/debian/libpython.symbols.in 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/libpython.symbols.in 2018-11-12 17:58:55.000000000 +0000 @@ -1293,9 +1293,9 @@ (optional)partial_reduce@Base @VER@ (optional)partial_setstate@Base @VER@ - (optional)md5_append@Base @VER@ - (optional)md5_finish@Base @VER@ - (optional)md5_init@Base @VER@ + (optional)_Py_md5_append@Base @VER@ + (optional)_Py_md5_finish@Base @VER@ + (optional)_Py_md5_init@Base @VER@ # _check_for_multiple_distdirs@Base @VER@ (optional)init_ast@Base @VER@ diff -Nru python2.7-2.7.11/debian/patches/add-python-config-sh.diff python2.7-2.7.12/debian/patches/add-python-config-sh.diff --- python2.7-2.7.11/debian/patches/add-python-config-sh.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/add-python-config-sh.diff 2018-11-12 17:58:55.000000000 +0000 @@ -2,7 +2,7 @@ =================================================================== --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1179,6 +1179,8 @@ python-config: $(srcdir)/Misc/python-con +@@ -1191,6 +1191,8 @@ python-config: $(srcdir)/Misc/python-con # Substitution happens here, as the completely-expanded BINDIR # is not available in configure sed -e "s,@EXENAME@,$(BINDIR)/python$(VERSION)$(EXE)," < $(srcdir)/Misc/python-config.in >python-config @@ -11,7 +11,7 @@ # Install the include files INCLDIRSTOMAKE=$(INCLUDEDIR) $(CONFINCLUDEDIR) $(INCLUDEPY) $(CONFINCLUDEPY) -@@ -1238,6 +1240,7 @@ libainstall: all python-config +@@ -1250,6 +1252,7 @@ libainstall: all python-config $(INSTALL_SCRIPT) $(srcdir)/install-sh $(DESTDIR)$(LIBPL)/install-sh $(INSTALL_SCRIPT) python-config $(DESTDIR)$(BINDIR)/python$(VERSION)-config rm python-config @@ -147,7 +147,7 @@ =================================================================== --- a/configure.ac +++ b/configure.ac -@@ -897,6 +897,7 @@ fi +@@ -898,6 +898,7 @@ fi # Other platforms follow if test $enable_shared = "yes"; then @@ -155,7 +155,7 @@ AC_DEFINE(Py_ENABLE_SHARED, 1, [Defined if Python is built as a shared library.]) case $ac_sys_system in BeOS*) -@@ -957,6 +958,7 @@ if test $enable_shared = "yes"; then +@@ -958,6 +959,7 @@ if test $enable_shared = "yes"; then esac else # shared is disabled @@ -163,7 +163,7 @@ case $ac_sys_system in CYGWIN*) BLDLIBRARY='$(LIBRARY)' -@@ -964,6 +966,7 @@ else # shared is disabled +@@ -965,6 +967,7 @@ else # shared is disabled ;; esac fi @@ -171,7 +171,7 @@ if test "$cross_compiling" = yes; then RUNSHARED= -@@ -4723,7 +4726,7 @@ AC_MSG_RESULT($ENSUREPIP) +@@ -4763,7 +4766,7 @@ AC_MSG_RESULT($ENSUREPIP) AC_SUBST(ENSUREPIP) # generate output files diff -Nru python2.7-2.7.11/debian/patches/build-libpython.diff python2.7-2.7.12/debian/patches/build-libpython.diff --- python2.7-2.7.11/debian/patches/build-libpython.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/build-libpython.diff 2018-11-12 17:58:55.000000000 +0000 @@ -4,7 +4,7 @@ =================================================================== --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -426,7 +426,7 @@ LIBRARY_OBJS= \ +@@ -429,7 +429,7 @@ LIBRARY_OBJS= \ $(PYTHON_OBJS) \ $(MODULE_OBJS) \ $(SIGNAL_OBJS) \ @@ -13,7 +13,7 @@ ######################################################################### # Rules -@@ -560,7 +560,7 @@ $(LIBRARY): $(LIBRARY_OBJS) +@@ -563,7 +563,7 @@ $(LIBRARY): $(LIBRARY_OBJS) $(AR) $(ARFLAGS) $@ $(OBJECT_OBJS) $(AR) $(ARFLAGS) $@ $(PYTHON_OBJS) $(AR) $(ARFLAGS) $@ $(MODULE_OBJS) $(SIGNAL_OBJS) diff -Nru python2.7-2.7.11/debian/patches/ctypes-arm.diff python2.7-2.7.12/debian/patches/ctypes-arm.diff --- python2.7-2.7.11/debian/patches/ctypes-arm.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/ctypes-arm.diff 2018-11-12 17:58:55.000000000 +0000 @@ -1,6 +1,8 @@ +Index: b/Lib/ctypes/util.py +=================================================================== --- a/Lib/ctypes/util.py +++ b/Lib/ctypes/util.py -@@ -213,16 +213,27 @@ +@@ -208,16 +208,27 @@ elif os.name == "posix": def _findSoname_ldconfig(name): import struct diff -Nru python2.7-2.7.11/debian/patches/CVE-2016-1000110.patch python2.7-2.7.12/debian/patches/CVE-2016-1000110.patch --- python2.7-2.7.11/debian/patches/CVE-2016-1000110.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2016-1000110.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,115 @@ +Origin: https://hg.python.org/cpython/rev/ba915d561667/ +# HG changeset patch +# User Senthil Kumaran +# Date 1469882993 25200 +# Node ID ba915d561667fa0584ad89f8d5a844fd43803c0d +# Parent c8c1ea94379a7706638f1571988576d504d7fc98 +Prevent HTTPoxy attack (CVE-2016-1000110) + +Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which +indicates that the script is in CGI mode. + +Issue reported and patch contributed by Rémi Rampin. + +CVE-2016-1000110 + +[Note: patch differs from upstream commit in the NEWS entry change has + been dropped to avoid patch application conflicts. -- sbeattie] + +diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst +--- a/Doc/howto/urllib2.rst ++++ b/Doc/howto/urllib2.rst +@@ -525,6 +525,11 @@ setting up a `Basic Authentication`_ han + through a proxy. However, this can be enabled by extending urllib2 as + shown in the recipe [#]_. + ++.. note:: ++ ++ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see ++ the documentation on :func:`~urllib.getproxies`. ++ + + Sockets and Layers + ================== +diff --git a/Doc/library/urllib.rst b/Doc/library/urllib.rst +--- a/Doc/library/urllib.rst ++++ b/Doc/library/urllib.rst +@@ -295,6 +295,16 @@ Utility functions + If both lowercase and uppercase environment variables exist (and disagree), + lowercase is preferred. + ++ .. note:: ++ ++ If the environment variable ``REQUEST_METHOD`` is set, which usually ++ indicates your script is running in a CGI environment, the environment ++ variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is ++ because that variable can be injected by a client using the "Proxy:" ++ HTTP header. If you need to use an HTTP proxy in a CGI environment, ++ either use ``ProxyHandler`` explicitly, or make sure the variable name ++ is in lowercase (or at least the ``_proxy`` suffix). ++ + .. note:: + urllib also exposes certain utility functions like splittype, splithost and + others parsing URL into various components. But it is recommended to use +diff --git a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst +--- a/Doc/library/urllib2.rst ++++ b/Doc/library/urllib2.rst +@@ -229,6 +229,11 @@ The following classes are provided: + + To disable autodetected proxy pass an empty dictionary. + ++ .. note:: ++ ++ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; ++ see the documentation on :func:`~urllib.getproxies`. ++ + + .. class:: HTTPPasswordMgr() + +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +--- a/Lib/test/test_urllib.py ++++ b/Lib/test/test_urllib.py +@@ -170,6 +170,18 @@ class ProxyTests(unittest.TestCase): + self.assertTrue(urllib.proxy_bypass_environment('anotherdomain.com:8888')) + self.assertTrue(urllib.proxy_bypass_environment('newdomain.com:1234')) + ++ def test_proxy_cgi_ignore(self): ++ try: ++ self.env.set('HTTP_PROXY', 'http://somewhere:3128') ++ proxies = urllib.getproxies_environment() ++ self.assertEqual('http://somewhere:3128', proxies['http']) ++ self.env.set('REQUEST_METHOD', 'GET') ++ proxies = urllib.getproxies_environment() ++ self.assertNotIn('http', proxies) ++ finally: ++ self.env.unset('REQUEST_METHOD') ++ self.env.unset('HTTP_PROXY') ++ + def test_proxy_bypass_environment_host_match(self): + bypass = urllib.proxy_bypass_environment + self.env.set('NO_PROXY', +diff --git a/Lib/urllib.py b/Lib/urllib.py +--- a/Lib/urllib.py ++++ b/Lib/urllib.py +@@ -1380,12 +1380,21 @@ def getproxies_environment(): + If you need a different way, you can pass a proxies dictionary to the + [Fancy]URLopener constructor. + """ ++ # Get all variables + proxies = {} + for name, value in os.environ.items(): + name = name.lower() + if value and name[-6:] == '_proxy': + proxies[name[:-6]] = value + ++ # CVE-2016-1000110 - If we are running as CGI script, forget HTTP_PROXY ++ # (non-all-lowercase) as it may be set from the web server by a "Proxy:" ++ # header from the client ++ # If "proxy" is lowercase, it will still be used thanks to the next block ++ if 'REQUEST_METHOD' in os.environ: ++ proxies.pop('http', None) ++ ++ # Get lowercase variables + for name, value in os.environ.items(): + if name[-6:] == '_proxy': + name = name.lower() diff -Nru python2.7-2.7.11/debian/patches/CVE-2017-1000158.patch python2.7-2.7.12/debian/patches/CVE-2017-1000158.patch --- python2.7-2.7.11/debian/patches/CVE-2017-1000158.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2017-1000158.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,57 @@ +From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001 +From: Jay Bosamiya +Date: Sun, 18 Jun 2017 22:11:03 +0530 +Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in + PyString_DecodeEscape (#2174) + +#--- +# Misc/ACKS | 1 + +# Misc/NEWS | 3 +++ +# Objects/stringobject.c | 8 +++++++- +# 3 files changed, 11 insertions(+), 1 deletion(-) +# +#diff --git a/Misc/ACKS b/Misc/ACKS +#index 95be42717a0..a411bc5ffc8 100644 +#--- a/Misc/ACKS +#+++ b/Misc/ACKS +#@@ -152,6 +152,7 @@ Gregory Bond +# Matias Bordese +# Jonas Borgström +# Jurjen Bos +#+Jay Bosamiya +# Peter Bosch +# Dan Boswell +# Eric Bouck +#diff --git a/Misc/NEWS b/Misc/NEWS +#index b89f6ea62d8..62559edf837 100644 +#--- a/Misc/NEWS +#+++ b/Misc/NEWS +#@@ -10,6 +10,9 @@ What's New in Python 2.7.14? +# Core and Builtins +# ----------------- +# +#+- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape. +#+ Patch by Jay Bosamiya. +#+ +# - bpo-27945: Fixed various segfaults with dict when input collections are +# mutated during searching, inserting or comparing. Based on patches by +# Duane Griffin and Tim Mitchell. +diff --git a/Objects/stringobject.c b/Objects/stringobject.c +index c78e19316a0..59d22e76946 100644 +--- a/Objects/stringobject.c ++++ b/Objects/stringobject.c +@@ -612,7 +612,13 @@ PyObject *PyString_DecodeEscape(const char *s, + char *p, *buf; + const char *end; + PyObject *v; +- Py_ssize_t newlen = recode_encoding ? 4*len:len; ++ Py_ssize_t newlen; ++ /* Check for integer overflow */ ++ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) { ++ PyErr_SetString(PyExc_OverflowError, "string is too large"); ++ return NULL; ++ } ++ newlen = recode_encoding ? 4*len:len; + v = PyString_FromStringAndSize((char *)NULL, newlen); + if (v == NULL) + return NULL; diff -Nru python2.7-2.7.11/debian/patches/CVE-2018-1000030-1.patch python2.7-2.7.12/debian/patches/CVE-2018-1000030-1.patch --- python2.7-2.7.11/debian/patches/CVE-2018-1000030-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2018-1000030-1.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,121 @@ +From 6401e5671781eb217ee1afb4603cc0d1b0367ae6 Mon Sep 17 00:00:00 2001 +From: Serhiy Storchaka +Date: Fri, 10 Nov 2017 12:58:55 +0200 +Subject: [PATCH] [2.7] bpo-31530: Stop crashes when iterating over a file on + multiple threads. (#3672) + +--- + Lib/test/test_file2k.py | 32 +++++++++++++++++++ + .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst | 4 +++ + Objects/fileobject.c | 19 +++++++++-- + 3 files changed, 52 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Core and Builtins/2017-09-20-18-28-09.bpo-31530.CdLOM7.rst + +Index: python2.7-2.7.12/Lib/test/test_file2k.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/test/test_file2k.py 2018-11-12 09:34:59.096639506 -0500 ++++ python2.7-2.7.12/Lib/test/test_file2k.py 2018-11-12 09:34:59.096639506 -0500 +@@ -652,6 +652,38 @@ class FileThreadingTests(unittest.TestCa + self.f.writelines('') + self._test_close_open_io(io_func) + ++ def test_iteration_torture(self): ++ # bpo-31530: Crash when concurrently iterate over a file. ++ with open(self.filename, "wb") as fp: ++ for i in xrange(2**20): ++ fp.write(b"0"*50 + b"\n") ++ with open(self.filename, "rb") as f: ++ def iterate(): ++ try: ++ for l in f: ++ pass ++ except IOError: ++ pass ++ self._run_workers(iterate, 10) ++ ++ def test_iteration_seek(self): ++ # bpo-31530: Crash when concurrently seek and iterate over a file. ++ with open(self.filename, "wb") as fp: ++ for i in xrange(10000): ++ fp.write(b"0"*50 + b"\n") ++ with open(self.filename, "rb") as f: ++ it = iter([1] + [0]*10) # one thread reads, others seek ++ def iterate(): ++ try: ++ if next(it): ++ for l in f: ++ pass ++ else: ++ for i in range(100): ++ f.seek(i*100, 0) ++ except IOError: ++ pass ++ self._run_workers(iterate, 10) + + @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.') + class TestFileSignalEINTR(unittest.TestCase): +Index: python2.7-2.7.12/Objects/fileobject.c +=================================================================== +--- python2.7-2.7.12.orig/Objects/fileobject.c 2018-11-12 09:34:59.096639506 -0500 ++++ python2.7-2.7.12/Objects/fileobject.c 2018-11-12 09:34:59.096639506 -0500 +@@ -430,7 +430,7 @@ close_the_file(PyFileObject *f) + if (f->ob_refcnt > 0) { + PyErr_SetString(PyExc_IOError, + "close() called during concurrent " +- "operation on the same file object."); ++ "operation on the same file object"); + } else { + /* This should not happen unless someone is + * carelessly playing with the PyFileObject +@@ -438,7 +438,7 @@ close_the_file(PyFileObject *f) + * pointer. */ + PyErr_SetString(PyExc_SystemError, + "PyFileObject locking error in " +- "destructor (refcnt <= 0 at close)."); ++ "destructor (refcnt <= 0 at close)"); + } + return NULL; + } +@@ -762,6 +762,12 @@ file_seek(PyFileObject *f, PyObject *arg + + if (f->f_fp == NULL) + return err_closed(); ++ if (f->unlocked_count > 0) { ++ PyErr_SetString(PyExc_IOError, ++ "seek() called during concurrent " ++ "operation on the same file object"); ++ return NULL; ++ } + drop_readahead(f); + whence = 0; + if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence)) +@@ -2238,6 +2244,7 @@ readahead(PyFileObject *f, Py_ssize_t bu + { + Py_ssize_t chunksize; + ++ assert(f->unlocked_count == 0); + if (f->f_buf != NULL) { + if( (f->f_bufend - f->f_bufptr) >= 1) + return 0; +@@ -2279,6 +2286,12 @@ readahead_get_line_skip(PyFileObject *f, + char *buf; + Py_ssize_t len; + ++ if (f->unlocked_count > 0) { ++ PyErr_SetString(PyExc_IOError, ++ "next() called during concurrent " ++ "operation on the same file object"); ++ return NULL; ++ } + if (f->f_buf == NULL) + if (readahead(f, bufsize) < 0) + return NULL; +@@ -2691,7 +2704,7 @@ int PyObject_AsFileDescriptor(PyObject * + } + else { + PyErr_SetString(PyExc_TypeError, +- "argument must be an int, or have a fileno() method."); ++ "argument must be an int, or have a fileno() method"); + return -1; + } + diff -Nru python2.7-2.7.11/debian/patches/CVE-2018-1000030-2.patch python2.7-2.7.12/debian/patches/CVE-2018-1000030-2.patch --- python2.7-2.7.11/debian/patches/CVE-2018-1000030-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2018-1000030-2.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,288 @@ +From dbf52e02f18dac6f5f0a64f78932f3dc6efc056b Mon Sep 17 00:00:00 2001 +From: Benjamin Peterson +Date: Tue, 2 Jan 2018 09:25:41 -0800 +Subject: [PATCH] bpo-31530: fix crash when multiple threads iterate over a + file, round 2 (#5060) + +Multiple threads iterating over a file can corrupt the file's internal readahead +buffer resulting in crashes. To fix this, cache buffer state thread-locally for +the duration of a file_iternext call and only update the file's internal state +after reading completes. + +No attempt is made to define or provide "reasonable" semantics for iterating +over a file on multiple threads. (Non-crashing) races are still +present. Duplicated, corrupt, and missing data will happen. + +This was originally fixed by 6401e5671781eb217ee1afb4603cc0d1b0367ae6, which +raised an exception from seek() and next() when concurrent operations were +detected. Alas, this simpler solution breaks legitimate use cases such as +capturing the standard streams when multiple threads are logging. +--- + Lib/test/test_file2k.py | 27 ++-- + .../2017-09-20-18-28-09.bpo-31530.CdLOM7.rst | 3 - + Objects/fileobject.c | 118 ++++++++++-------- + 3 files changed, 78 insertions(+), 70 deletions(-) + +Index: python2.7-2.7.12/Lib/test/test_file2k.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/test/test_file2k.py 2018-11-12 09:35:33.092810255 -0500 ++++ python2.7-2.7.12/Lib/test/test_file2k.py 2018-11-12 09:35:33.088810235 -0500 +@@ -653,18 +653,15 @@ class FileThreadingTests(unittest.TestCa + self._test_close_open_io(io_func) + + def test_iteration_torture(self): +- # bpo-31530: Crash when concurrently iterate over a file. ++ # bpo-31530 + with open(self.filename, "wb") as fp: + for i in xrange(2**20): + fp.write(b"0"*50 + b"\n") + with open(self.filename, "rb") as f: +- def iterate(): +- try: +- for l in f: +- pass +- except IOError: ++ def it(): ++ for l in f: + pass +- self._run_workers(iterate, 10) ++ self._run_workers(it, 10) + + def test_iteration_seek(self): + # bpo-31530: Crash when concurrently seek and iterate over a file. +@@ -674,17 +671,15 @@ class FileThreadingTests(unittest.TestCa + with open(self.filename, "rb") as f: + it = iter([1] + [0]*10) # one thread reads, others seek + def iterate(): +- try: +- if next(it): +- for l in f: +- pass +- else: +- for i in range(100): +- f.seek(i*100, 0) +- except IOError: +- pass ++ if next(it): ++ for l in f: ++ pass ++ else: ++ for i in xrange(100): ++ f.seek(i*100, 0) + self._run_workers(iterate, 10) + ++ + @unittest.skipUnless(os.name == 'posix', 'test requires a posix system.') + class TestFileSignalEINTR(unittest.TestCase): + def _test_reading(self, data_to_write, read_and_verify_code, method_name, +Index: python2.7-2.7.12/Objects/fileobject.c +=================================================================== +--- python2.7-2.7.12.orig/Objects/fileobject.c 2018-11-12 09:35:33.092810255 -0500 ++++ python2.7-2.7.12/Objects/fileobject.c 2018-11-12 09:35:33.088810235 -0500 +@@ -604,7 +604,12 @@ err_iterbuffered(void) + return NULL; + } + +-static void drop_readahead(PyFileObject *); ++static void ++drop_file_readahead(PyFileObject *f) ++{ ++ PyMem_FREE(f->f_buf); ++ f->f_buf = NULL; ++} + + /* Methods */ + +@@ -627,7 +632,7 @@ file_dealloc(PyFileObject *f) + Py_XDECREF(f->f_mode); + Py_XDECREF(f->f_encoding); + Py_XDECREF(f->f_errors); +- drop_readahead(f); ++ drop_file_readahead(f); + Py_TYPE(f)->tp_free((PyObject *)f); + } + +@@ -762,13 +767,7 @@ file_seek(PyFileObject *f, PyObject *arg + + if (f->f_fp == NULL) + return err_closed(); +- if (f->unlocked_count > 0) { +- PyErr_SetString(PyExc_IOError, +- "seek() called during concurrent " +- "operation on the same file object"); +- return NULL; +- } +- drop_readahead(f); ++ drop_file_readahead(f); + whence = 0; + if (!PyArg_ParseTuple(args, "O|i:seek", &offobj, &whence)) + return NULL; +@@ -2227,12 +2226,16 @@ static PyGetSetDef file_getsetlist[] = { + {0}, + }; + ++typedef struct { ++ char *buf, *bufptr, *bufend; ++} readaheadbuffer; ++ + static void +-drop_readahead(PyFileObject *f) ++drop_readaheadbuffer(readaheadbuffer *rab) + { +- if (f->f_buf != NULL) { +- PyMem_Free(f->f_buf); +- f->f_buf = NULL; ++ if (rab->buf != NULL) { ++ PyMem_FREE(rab->buf); ++ rab->buf = NULL; + } + } + +@@ -2240,36 +2243,34 @@ drop_readahead(PyFileObject *f) + (unless at EOF) and no more than bufsize. Returns negative value on + error, will set MemoryError if bufsize bytes cannot be allocated. */ + static int +-readahead(PyFileObject *f, Py_ssize_t bufsize) ++readahead(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t bufsize) + { + Py_ssize_t chunksize; + +- assert(f->unlocked_count == 0); +- if (f->f_buf != NULL) { +- if( (f->f_bufend - f->f_bufptr) >= 1) ++ if (rab->buf != NULL) { ++ if ((rab->bufend - rab->bufptr) >= 1) + return 0; + else +- drop_readahead(f); ++ drop_readaheadbuffer(rab); + } +- if ((f->f_buf = (char *)PyMem_Malloc(bufsize)) == NULL) { ++ if ((rab->buf = PyMem_MALLOC(bufsize)) == NULL) { + PyErr_NoMemory(); + return -1; + } + FILE_BEGIN_ALLOW_THREADS(f) + errno = 0; +- chunksize = Py_UniversalNewlineFread( +- f->f_buf, bufsize, f->f_fp, (PyObject *)f); ++ chunksize = Py_UniversalNewlineFread(rab->buf, bufsize, f->f_fp, (PyObject *)f); + FILE_END_ALLOW_THREADS(f) + if (chunksize == 0) { + if (ferror(f->f_fp)) { + PyErr_SetFromErrno(PyExc_IOError); + clearerr(f->f_fp); +- drop_readahead(f); ++ drop_readaheadbuffer(rab); + return -1; + } + } +- f->f_bufptr = f->f_buf; +- f->f_bufend = f->f_buf + chunksize; ++ rab->bufptr = rab->buf; ++ rab->bufend = rab->buf + chunksize; + return 0; + } + +@@ -2279,51 +2280,43 @@ readahead(PyFileObject *f, Py_ssize_t bu + logarithmic buffer growth to about 50 even when reading a 1gb line. */ + + static PyStringObject * +-readahead_get_line_skip(PyFileObject *f, Py_ssize_t skip, Py_ssize_t bufsize) ++readahead_get_line_skip(PyFileObject *f, readaheadbuffer *rab, Py_ssize_t skip, Py_ssize_t bufsize) + { + PyStringObject* s; + char *bufptr; + char *buf; + Py_ssize_t len; + +- if (f->unlocked_count > 0) { +- PyErr_SetString(PyExc_IOError, +- "next() called during concurrent " +- "operation on the same file object"); +- return NULL; +- } +- if (f->f_buf == NULL) +- if (readahead(f, bufsize) < 0) ++ if (rab->buf == NULL) ++ if (readahead(f, rab, bufsize) < 0) + return NULL; + +- len = f->f_bufend - f->f_bufptr; ++ len = rab->bufend - rab->bufptr; + if (len == 0) +- return (PyStringObject *) +- PyString_FromStringAndSize(NULL, skip); +- bufptr = (char *)memchr(f->f_bufptr, '\n', len); ++ return (PyStringObject *)PyString_FromStringAndSize(NULL, skip); ++ bufptr = (char *)memchr(rab->bufptr, '\n', len); + if (bufptr != NULL) { + bufptr++; /* Count the '\n' */ +- len = bufptr - f->f_bufptr; +- s = (PyStringObject *) +- PyString_FromStringAndSize(NULL, skip + len); ++ len = bufptr - rab->bufptr; ++ s = (PyStringObject *)PyString_FromStringAndSize(NULL, skip + len); + if (s == NULL) + return NULL; +- memcpy(PyString_AS_STRING(s) + skip, f->f_bufptr, len); +- f->f_bufptr = bufptr; +- if (bufptr == f->f_bufend) +- drop_readahead(f); ++ memcpy(PyString_AS_STRING(s) + skip, rab->bufptr, len); ++ rab->bufptr = bufptr; ++ if (bufptr == rab->bufend) ++ drop_readaheadbuffer(rab); + } else { +- bufptr = f->f_bufptr; +- buf = f->f_buf; +- f->f_buf = NULL; /* Force new readahead buffer */ ++ bufptr = rab->bufptr; ++ buf = rab->buf; ++ rab->buf = NULL; /* Force new readahead buffer */ + assert(len <= PY_SSIZE_T_MAX - skip); +- s = readahead_get_line_skip(f, skip + len, bufsize + (bufsize>>2)); ++ s = readahead_get_line_skip(f, rab, skip + len, bufsize + (bufsize>>2)); + if (s == NULL) { +- PyMem_Free(buf); ++ PyMem_FREE(buf); + return NULL; + } + memcpy(PyString_AS_STRING(s) + skip, bufptr, len); +- PyMem_Free(buf); ++ PyMem_FREE(buf); + } + return s; + } +@@ -2341,7 +2334,30 @@ file_iternext(PyFileObject *f) + if (!f->readable) + return err_mode("reading"); + +- l = readahead_get_line_skip(f, 0, READAHEAD_BUFSIZE); ++ { ++ /* ++ Multiple threads can enter this method while the GIL is released ++ during file read and wreak havoc on the file object's readahead ++ buffer. To avoid dealing with cross-thread coordination issues, we ++ cache the file buffer state locally and only set it back on the file ++ object when we're done. ++ */ ++ readaheadbuffer rab = {f->f_buf, f->f_bufptr, f->f_bufend}; ++ f->f_buf = NULL; ++ l = readahead_get_line_skip(f, &rab, 0, READAHEAD_BUFSIZE); ++ /* ++ Make sure the file's internal read buffer is cleared out. This will ++ only do anything if some other thread interleaved with us during ++ readahead. We want to drop any changeling buffer, so we don't leak ++ memory. We may lose data, but that's what you get for reading the same ++ file object in multiple threads. ++ */ ++ drop_file_readahead(f); ++ f->f_buf = rab.buf; ++ f->f_bufptr = rab.bufptr; ++ f->f_bufend = rab.bufend; ++ } ++ + if (l == NULL || PyString_GET_SIZE(l) == 0) { + Py_XDECREF(l); + return NULL; diff -Nru python2.7-2.7.11/debian/patches/CVE-2018-1000802.patch python2.7-2.7.12/debian/patches/CVE-2018-1000802.patch --- python2.7-2.7.11/debian/patches/CVE-2018-1000802.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2018-1000802.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,52 @@ +From d8b103b8b3ef9644805341216963a64098642435 Mon Sep 17 00:00:00 2001 +From: Benjamin Peterson +Date: Wed, 29 Aug 2018 21:59:21 -0700 +Subject: [PATCH] closes bpo-34540: Convert shutil._call_external_zip to use + subprocess rather than distutils.spawn. (GH-8985) + +--- + Lib/shutil.py | 16 ++++++++++------ + .../2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst | 3 +++ + 2 files changed, 13 insertions(+), 6 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2018-08-28-22-11-54.bpo-34540.gfQ0TM.rst + +Index: python2.7-2.7.12/Lib/shutil.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/shutil.py 2018-11-12 09:35:41.528852443 -0500 ++++ python2.7-2.7.12/Lib/shutil.py 2018-11-12 09:35:41.528852443 -0500 +@@ -396,17 +396,21 @@ def _make_tarball(base_name, base_dir, c + + return archive_name + +-def _call_external_zip(base_dir, zip_filename, verbose=False, dry_run=False): ++def _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger): + # XXX see if we want to keep an external call here + if verbose: + zipoptions = "-r" + else: + zipoptions = "-rq" +- from distutils.errors import DistutilsExecError +- from distutils.spawn import spawn ++ cmd = ["zip", zipoptions, zip_filename, base_dir] ++ if logger is not None: ++ logger.info(' '.join(cmd)) ++ if dry_run: ++ return ++ import subprocess + try: +- spawn(["zip", zipoptions, zip_filename, base_dir], dry_run=dry_run) +- except DistutilsExecError: ++ subprocess.check_call(cmd) ++ except subprocess.CalledProcessError: + # XXX really should distinguish between "couldn't find + # external 'zip' command" and "zip failed". + raise ExecError, \ +@@ -440,7 +444,7 @@ def _make_zipfile(base_name, base_dir, v + zipfile = None + + if zipfile is None: +- _call_external_zip(base_dir, zip_filename, verbose, dry_run) ++ _call_external_zip(base_dir, zip_filename, verbose, dry_run, logger) + else: + if logger is not None: + logger.info("creating '%s' and adding '%s' to it", diff -Nru python2.7-2.7.11/debian/patches/CVE-2018-106x.patch python2.7-2.7.12/debian/patches/CVE-2018-106x.patch --- python2.7-2.7.11/debian/patches/CVE-2018-106x.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2018-106x.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,132 @@ +From e052d40cea15f582b50947f7d906b39744dc62a2 Mon Sep 17 00:00:00 2001 +From: Benjamin Peterson +Date: Sat, 3 Mar 2018 22:18:17 -0800 +Subject: [PATCH] [2.7] bpo-32981: Fix catastrophic backtracking vulns + (GH-5955) + +* Prevent low-grade poplib REDOS (CVE-2018-1060) + +The regex to test a mail server's timestamp is susceptible to +catastrophic backtracking on long evil responses from the server. + +Happily, the maximum length of malicious inputs is 2K thanks +to a limit introduced in the fix for CVE-2013-1752. + +A 2KB evil response from the mail server would result in small slowdowns +(milliseconds vs. microseconds) accumulated over many apop calls. +This is a potential DOS vector via accumulated slowdowns. + +Replace it with a similar non-vulnerable regex. + +The new regex is RFC compliant. +The old regex was non-compliant in edge cases. + +* Prevent difflib REDOS (CVE-2018-1061) + +The default regex for IS_LINE_JUNK is susceptible to +catastrophic backtracking. +This is a potential DOS vector. + +Replace it with an equivalent non-vulnerable regex. + +Also introduce unit and REDOS tests for difflib. + +Co-authored-by: Tim Peters +Co-authored-by: Christian Heimes . +(cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac) +--- + Lib/difflib.py | 2 +- + Lib/poplib.py | 2 +- + Lib/test/test_difflib.py | 22 ++++++++++++++++++- + Lib/test/test_poplib.py | 10 +++++++++ + Misc/ACKS | 2 ++ + .../2018-03-02-10-24-52.bpo-32981.O_qDyj.rst | 4 ++++ + 6 files changed, 39 insertions(+), 3 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2018-03-02-10-24-52.bpo-32981.O_qDyj.rst + +Index: python2.7-2.7.12/Lib/difflib.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/difflib.py 2018-11-12 09:35:54.888919114 -0500 ++++ python2.7-2.7.12/Lib/difflib.py 2018-11-12 09:35:54.884919094 -0500 +@@ -1103,7 +1103,7 @@ class Differ: + + import re + +-def IS_LINE_JUNK(line, pat=re.compile(r"\s*#?\s*$").match): ++def IS_LINE_JUNK(line, pat=re.compile(r"\s*(?:#\s*)?$").match): + r""" + Return 1 for ignorable line: iff `line` is blank or contains a single '#'. + +Index: python2.7-2.7.12/Lib/poplib.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/poplib.py 2018-11-12 09:35:54.888919114 -0500 ++++ python2.7-2.7.12/Lib/poplib.py 2018-11-12 09:35:54.884919094 -0500 +@@ -274,7 +274,7 @@ class POP3: + return self._shortcmd('RPOP %s' % user) + + +- timestamp = re.compile(r'\+OK.*(<[^>]+>)') ++ timestamp = re.compile(br'\+OK.[^<]*(<.*>)') + + def apop(self, user, secret): + """Authorisation +Index: python2.7-2.7.12/Lib/test/test_difflib.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/test/test_difflib.py 2018-11-12 09:35:54.888919114 -0500 ++++ python2.7-2.7.12/Lib/test/test_difflib.py 2018-11-12 09:35:54.884919094 -0500 +@@ -269,13 +269,33 @@ class TestOutputFormat(unittest.TestCase + self.assertEqual(fmt(3,6), '4,6') + self.assertEqual(fmt(0,0), '0') + ++class TestJunkAPIs(unittest.TestCase): ++ def test_is_line_junk_true(self): ++ for line in ['#', ' ', ' #', '# ', ' # ', '']: ++ self.assertTrue(difflib.IS_LINE_JUNK(line), repr(line)) ++ ++ def test_is_line_junk_false(self): ++ for line in ['##', ' ##', '## ', 'abc ', 'abc #', 'Mr. Moose is up!']: ++ self.assertFalse(difflib.IS_LINE_JUNK(line), repr(line)) ++ ++ def test_is_line_junk_REDOS(self): ++ evil_input = ('\t' * 1000000) + '##' ++ self.assertFalse(difflib.IS_LINE_JUNK(evil_input)) ++ ++ def test_is_character_junk_true(self): ++ for char in [' ', '\t']: ++ self.assertTrue(difflib.IS_CHARACTER_JUNK(char), repr(char)) ++ ++ def test_is_character_junk_false(self): ++ for char in ['a', '#', '\n', '\f', '\r', '\v']: ++ self.assertFalse(difflib.IS_CHARACTER_JUNK(char), repr(char)) + + def test_main(): + difflib.HtmlDiff._default_prefix = 0 + Doctests = doctest.DocTestSuite(difflib) + run_unittest( + TestWithAscii, TestAutojunk, TestSFpatches, TestSFbugs, +- TestOutputFormat, Doctests) ++ TestOutputFormat, TestJunkAPIs) + + if __name__ == '__main__': + test_main() +Index: python2.7-2.7.12/Lib/test/test_poplib.py +=================================================================== +--- python2.7-2.7.12.orig/Lib/test/test_poplib.py 2018-11-12 09:35:54.888919114 -0500 ++++ python2.7-2.7.12/Lib/test/test_poplib.py 2018-11-12 09:35:54.884919094 -0500 +@@ -211,6 +211,16 @@ class TestPOP3Class(TestCase): + def test_rpop(self): + self.assertOK(self.client.rpop('foo')) + ++ def test_apop_REDOS(self): ++ # Replace welcome with very long evil welcome. ++ # NB The upper bound on welcome length is currently 2048. ++ # At this length, evil input makes each apop call take ++ # on the order of milliseconds instead of microseconds. ++ evil_welcome = b'+OK' + (b'<' * 1000000) ++ with test_support.swap_attr(self.client, 'welcome', evil_welcome): ++ # The evil welcome is invalid, so apop should throw. ++ self.assertRaises(poplib.error_proto, self.client.apop, 'a', 'kb') ++ + def test_top(self): + expected = ('+OK 116 bytes', + ['From: postmaster@python.org', 'Content-Type: text/plain', diff -Nru python2.7-2.7.11/debian/patches/CVE-2018-14647.patch python2.7-2.7.12/debian/patches/CVE-2018-14647.patch --- python2.7-2.7.11/debian/patches/CVE-2018-14647.patch 1970-01-01 00:00:00.000000000 +0000 +++ python2.7-2.7.12/debian/patches/CVE-2018-14647.patch 2018-11-12 17:58:55.000000000 +0000 @@ -0,0 +1,81 @@ +From 18b20bad75b4ff0486940fba4ec680e96e70f3a2 Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Tue, 18 Sep 2018 15:13:09 +0200 +Subject: [PATCH] [2.7] bpo-34623: Use XML_SetHashSalt in _elementtree + (GH-9146) (GH-9394) + +The C accelerated _elementtree module now initializes hash randomization +salt from _Py_HashSecret instead of libexpat's default CPRNG. + +Signed-off-by: Christian Heimes + +https://bugs.python.org/issue34623. +(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) + +Co-authored-by: Christian Heimes + + + +https://bugs.python.org/issue34623 +--- + Include/pyexpat.h | 4 +++- + .../next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++ + Modules/_elementtree.c | 5 +++++ + Modules/pyexpat.c | 5 +++++ + 4 files changed, 15 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst + +Index: python2.7-2.7.12/Include/pyexpat.h +=================================================================== +--- python2.7-2.7.12.orig/Include/pyexpat.h 2018-11-12 09:36:09.860993625 -0500 ++++ python2.7-2.7.12/Include/pyexpat.h 2018-11-12 09:36:09.856993606 -0500 +@@ -3,7 +3,7 @@ + + /* note: you must import expat.h before importing this module! */ + +-#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0" ++#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1" + #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI" + + struct PyExpat_CAPI +@@ -43,6 +43,8 @@ struct PyExpat_CAPI + XML_Parser parser, XML_UnknownEncodingHandler handler, + void *encodingHandlerData); + void (*SetUserData)(XML_Parser parser, void *userData); ++ /* might be none for expat < 2.1.0 */ ++ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt); + /* always add new stuff to the end! */ + }; + +Index: python2.7-2.7.12/Modules/_elementtree.c +=================================================================== +--- python2.7-2.7.12.orig/Modules/_elementtree.c 2018-11-12 09:36:09.860993625 -0500 ++++ python2.7-2.7.12/Modules/_elementtree.c 2018-11-12 09:36:09.856993606 -0500 +@@ -2613,6 +2613,11 @@ expat_parse(XMLParserObject* self, char* + ); + return NULL; + } ++ /* expat < 2.1.0 has no XML_SetHashSalt() */ ++ if (EXPAT(SetHashSalt) != NULL) { ++ EXPAT(SetHashSalt)(self->parser, ++ (unsigned long)_Py_HashSecret.prefix); ++ } + + Py_RETURN_NONE; + } +Index: python2.7-2.7.12/Modules/pyexpat.c +=================================================================== +--- python2.7-2.7.12.orig/Modules/pyexpat.c 2018-11-12 09:36:09.860993625 -0500 ++++ python2.7-2.7.12/Modules/pyexpat.c 2018-11-12 09:36:09.856993606 -0500 +@@ -2044,6 +2044,11 @@ MODULE_INITFUNC(void) + capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler; + capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler; + capi.SetUserData = XML_SetUserData; ++#if XML_COMBINED_VERSION >= 20100 ++ capi.SetHashSalt = XML_SetHashSalt; ++#else ++ capi.SetHashSalt = NULL; ++#endif + + /* export using capsule */ + capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL); diff -Nru python2.7-2.7.11/debian/patches/debug-build.diff python2.7-2.7.12/debian/patches/debug-build.diff --- python2.7-2.7.11/debian/patches/debug-build.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/debug-build.diff 2018-11-12 17:58:55.000000000 +0000 @@ -84,7 +84,7 @@ # Short name and location for Mac OS X Python framework UNIVERSALSDK=@UNIVERSALSDK@ PYTHONFRAMEWORK= @PYTHONFRAMEWORK@ -@@ -563,7 +565,7 @@ $(LIBRARY): $(LIBRARY_OBJS) +@@ -566,7 +568,7 @@ $(LIBRARY): $(LIBRARY_OBJS) $(AR) $(ARFLAGS) $@ $(sort $(MODOBJS)) $(RANLIB) $@ @@ -93,7 +93,7 @@ if test $(INSTSONAME) != $(LDLIBRARY); then \ $(BLDSHARED) $(PY_LDFLAGS) -Wl,-h$(INSTSONAME) -o $(INSTSONAME) $(LIBRARY_OBJS) $(MODLIBS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST); \ $(LN) -f $(INSTSONAME) $@; \ -@@ -1190,8 +1192,8 @@ inclinstall: +@@ -1202,8 +1204,8 @@ inclinstall: $(INSTALL_DATA) pyconfig.h $(DESTDIR)$(CONFINCLUDEPY)/pyconfig.h # Install the library and miscellaneous stuff needed for extending/embedding @@ -153,7 +153,7 @@ =================================================================== --- a/configure.ac +++ b/configure.ac -@@ -759,7 +759,7 @@ AC_SUBST(LIBRARY) +@@ -760,7 +760,7 @@ AC_SUBST(LIBRARY) AC_MSG_CHECKING(LIBRARY) if test -z "$LIBRARY" then @@ -162,7 +162,7 @@ fi AC_MSG_RESULT($LIBRARY) -@@ -905,8 +905,8 @@ if test $enable_shared = "yes"; then +@@ -906,8 +906,8 @@ if test $enable_shared = "yes"; then INSTSONAME="$LDLIBRARY".$SOVERSION ;; Linux*|GNU*|NetBSD*|FreeBSD*|DragonFly*|OpenBSD*) @@ -173,7 +173,7 @@ RUNSHARED=LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} case $ac_sys_system in FreeBSD*) -@@ -1049,6 +1049,12 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' +@@ -1050,6 +1050,12 @@ else AC_MSG_RESULT(no); Py_DEBUG='false' fi], [AC_MSG_RESULT(no)]) @@ -186,7 +186,7 @@ # XXX Shouldn't the code above that fiddles with BASECFLAGS and OPT be # merged with this chunk of code? -@@ -1996,7 +2002,7 @@ then +@@ -2031,7 +2037,7 @@ then esac ;; CYGWIN*) SO=.dll;; diff -Nru python2.7-2.7.11/debian/patches/disable-sem-check.diff python2.7-2.7.12/debian/patches/disable-sem-check.diff --- python2.7-2.7.11/debian/patches/disable-sem-check.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/disable-sem-check.diff 2018-11-12 17:58:55.000000000 +0000 @@ -4,7 +4,7 @@ =================================================================== --- a/configure.ac +++ b/configure.ac -@@ -3922,6 +3922,11 @@ int main(void) { +@@ -3957,6 +3957,11 @@ int main(void) { [ac_cv_posix_semaphores_enabled=no], [ac_cv_posix_semaphores_enabled=yes]) ) @@ -16,7 +16,7 @@ AC_MSG_RESULT($ac_cv_posix_semaphores_enabled) if test $ac_cv_posix_semaphores_enabled = no then -@@ -3958,6 +3963,11 @@ int main(void){ +@@ -3993,6 +3998,11 @@ int main(void){ [ac_cv_broken_sem_getvalue=yes], [ac_cv_broken_sem_getvalue=yes]) ) diff -Nru python2.7-2.7.11/debian/patches/distutils-install-layout.diff python2.7-2.7.12/debian/patches/distutils-install-layout.diff --- python2.7-2.7.11/debian/patches/distutils-install-layout.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/distutils-install-layout.diff 2018-11-12 17:58:55.000000000 +0000 @@ -6,7 +6,7 @@ =================================================================== --- a/Doc/install/index.rst +++ b/Doc/install/index.rst -@@ -250,6 +250,8 @@ is pure Python or contains extensions (" +@@ -255,6 +255,8 @@ is pure Python or contains extensions (" +-----------------+-----------------------------------------------------+--------------------------------------------------+-------+ | Platform | Standard installation location | Default value | Notes | +=================+=====================================================+==================================================+=======+ @@ -15,7 +15,7 @@ | Unix (pure) | :file:`{prefix}/lib/python{X.Y}/site-packages` | :file:`/usr/local/lib/python{X.Y}/site-packages` | \(1) | +-----------------+-----------------------------------------------------+--------------------------------------------------+-------+ | Unix (non-pure) | :file:`{exec-prefix}/lib/python{X.Y}/site-packages` | :file:`/usr/local/lib/python{X.Y}/site-packages` | \(1) | -@@ -259,6 +261,14 @@ is pure Python or contains extensions (" +@@ -264,6 +266,14 @@ is pure Python or contains extensions (" Notes: @@ -30,7 +30,7 @@ (1) Most Linux distributions include Python as a standard part of the system, so :file:`{prefix}` and :file:`{exec-prefix}` are usually both :file:`/usr` on -@@ -443,6 +453,15 @@ them to go in :file:`/usr/local/lib/pyth +@@ -448,6 +458,15 @@ them to go in :file:`/usr/local/lib/pyth /usr/bin/python setup.py install --prefix=/usr/local @@ -46,7 +46,7 @@ Another possibility is a network filesystem where the name used to write to a remote directory is different from the name used to read it: for example, the Python interpreter accessed as :file:`/usr/local/bin/python` might search for -@@ -694,6 +713,17 @@ Add-on Python modules might then belong +@@ -699,6 +718,17 @@ Add-on Python modules might then belong import them, this directory must be added to ``sys.path``. There are several different ways to add the directory. diff -Nru python2.7-2.7.11/debian/patches/ensurepip-wheels.diff python2.7-2.7.12/debian/patches/ensurepip-wheels.diff --- python2.7-2.7.11/debian/patches/ensurepip-wheels.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/ensurepip-wheels.diff 2018-11-12 17:58:55.000000000 +0000 @@ -16,7 +16,7 @@ __all__ = ["version", "bootstrap"] --_SETUPTOOLS_VERSION = "20.3" +-_SETUPTOOLS_VERSION = "20.10.1" - -_PIP_VERSION = "8.1.1" - diff -Nru python2.7-2.7.11/debian/patches/fix-sslv3-test.diff python2.7-2.7.12/debian/patches/fix-sslv3-test.diff --- python2.7-2.7.11/debian/patches/fix-sslv3-test.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/fix-sslv3-test.diff 2018-11-12 17:58:55.000000000 +0000 @@ -6,7 +6,7 @@ =================================================================== --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py -@@ -751,7 +751,8 @@ class ContextTests(unittest.TestCase): +@@ -752,7 +752,8 @@ class ContextTests(unittest.TestCase): self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3, ctx.options) ctx.options = 0 diff -Nru python2.7-2.7.11/debian/patches/hg-updates.diff python2.7-2.7.12/debian/patches/hg-updates.diff --- python2.7-2.7.11/debian/patches/hg-updates.diff 2018-11-12 17:58:54.000000000 +0000 +++ python2.7-2.7.12/debian/patches/hg-updates.diff 2018-11-12 17:58:55.000000000 +0000 @@ -1,30739 +1,4 @@ -# DP: hg updates of the 2.7 release branch (until 2016-03-30). +# DP: hg updates of the 2.7 release branch (until 2016-xx-xx). # hg diff -r v2.7.11 | filterdiff --exclude=.*ignore --exclude=.hg* --remove-timestamps -diff -r 6d1b6a68f775 Doc/README.txt ---- a/Doc/README.txt -+++ b/Doc/README.txt -@@ -119,27 +119,3 @@ - - If you want to help the Documentation Team, you are always welcome. Just send - a mail to docs@python.org. -- -- --Copyright notice --================ -- --The Python source is copyrighted, but you can freely use and copy it --as long as you don't change or remove the copyright notice: -- ------------------------------------------------------------------------ --Copyright (c) 2000-2014 Python Software Foundation. --All rights reserved. -- --Copyright (c) 2000 BeOpen.com. --All rights reserved. -- --Copyright (c) 1995-2000 Corporation for National Research Initiatives. --All rights reserved. -- --Copyright (c) 1991-1995 Stichting Mathematisch Centrum. --All rights reserved. -- --See the file "license.rst" for information on usage and redistribution --of this file, and for a DISCLAIMER OF ALL WARRANTIES. ------------------------------------------------------------------------ -diff -r 6d1b6a68f775 Doc/bugs.rst ---- a/Doc/bugs.rst -+++ b/Doc/bugs.rst -@@ -16,7 +16,8 @@ - please submit a bug report on the :ref:`tracker `. If you - have a suggestion how to fix it, include that as well. - --If you're short on time, you can also email your bug report to docs@python.org. -+If you're short on time, you can also email documentation bug reports to -+docs@python.org (behavioral bugs can be sent to python-list@python.org). - 'docs@' is a mailing list run by volunteers; your request will be noticed, - though it may take a while to be processed. - -diff -r 6d1b6a68f775 Doc/c-api/arg.rst ---- a/Doc/c-api/arg.rst -+++ b/Doc/c-api/arg.rst -@@ -24,7 +24,7 @@ - that matches the format unit; and the entry in [square] brackets is the type - of the C variable(s) whose address should be passed. - --These formats allow to access an object as a contiguous chunk of memory. -+These formats allow accessing an object as a contiguous chunk of memory. - You don't have to provide raw storage for the returned unicode or bytes - area. Also, you won't have to release any memory yourself, except with the - ``es``, ``es#``, ``et`` and ``et#`` formats. -@@ -136,7 +136,8 @@ - :c:func:`PyArg_ParseTuple` will use this location as the buffer and - interpret the initial value of *\*buffer_length* as the buffer size. It - will then copy the encoded data into the buffer and NUL-terminate it. If -- the buffer is not large enough, a :exc:`ValueError` will be set. -+ the buffer is not large enough, a :exc:`TypeError` will be set. -+ Note: starting from Python 3.6 a :exc:`ValueError` will be set. - - In both cases, *\*buffer_length* is set to the length of the encoded data - without the trailing NUL byte. -diff -r 6d1b6a68f775 Doc/c-api/exceptions.rst ---- a/Doc/c-api/exceptions.rst -+++ b/Doc/c-api/exceptions.rst -@@ -404,8 +404,8 @@ - :meth:`__del__` method. - - The function is called with a single argument *obj* that identifies the context -- in which the unraisable exception occurred. The repr of *obj* will be printed in -- the warning message. -+ in which the unraisable exception occurred. If possible, -+ the repr of *obj* will be printed in the warning message. - - - .. _unicodeexceptions: -diff -r 6d1b6a68f775 Doc/c-api/intro.rst ---- a/Doc/c-api/intro.rst -+++ b/Doc/c-api/intro.rst -@@ -258,7 +258,7 @@ - if (PyObject_SetItem(target, index, item) < 0) { - Py_DECREF(index); - return -1; -- } -+ } - Py_DECREF(index); - } - return 0; -diff -r 6d1b6a68f775 Doc/c-api/structures.rst ---- a/Doc/c-api/structures.rst -+++ b/Doc/c-api/structures.rst -@@ -69,6 +69,37 @@ - expansion varies depending on the definition of :c:macro:`Py_TRACE_REFS`. - - -+.. c:macro:: Py_TYPE(o) -+ -+ This macro is used to access the :attr:`ob_type` member of a Python object. -+ It expands to:: -+ -+ (((PyObject*)(o))->ob_type) -+ -+ .. versionadded:: 2.6 -+ -+ -+.. c:macro:: Py_REFCNT(o) -+ -+ This macro is used to access the :attr:`ob_refcnt` member of a Python -+ object. -+ It expands to:: -+ -+ (((PyObject*)(o))->ob_refcnt) -+ -+ .. versionadded:: 2.6 -+ -+ -+.. c:macro:: Py_SIZE(o) -+ -+ This macro is used to access the :attr:`ob_size` member of a Python object. -+ It expands to:: -+ -+ (((PyVarObject*)(o))->ob_size) -+ -+ .. versionadded:: 2.6 -+ -+ - .. c:macro:: PyObject_HEAD_INIT(type) - - This is a macro which expands to initialization values for a new -diff -r 6d1b6a68f775 Doc/conf.py ---- a/Doc/conf.py -+++ b/Doc/conf.py -@@ -135,6 +135,14 @@ - # Get LaTeX to handle Unicode correctly - latex_elements = {'inputenc': r'\usepackage[utf8x]{inputenc}', 'utf8extra': ''} - -+ -+# Options for Epub output -+# ----------------------- -+ -+epub_author = 'Python Documentation Authors' -+epub_publisher = 'Python Software Foundation' -+ -+ - # Options for the coverage checker - # -------------------------------- - -diff -r 6d1b6a68f775 Doc/copyright.rst ---- a/Doc/copyright.rst -+++ b/Doc/copyright.rst -@@ -4,7 +4,7 @@ - - Python and this documentation is: - --Copyright © 2001-2015 Python Software Foundation. All rights reserved. -+Copyright © 2001-2016 Python Software Foundation. All rights reserved. - - Copyright © 2000 BeOpen.com. All rights reserved. - -diff -r 6d1b6a68f775 Doc/glossary.rst ---- a/Doc/glossary.rst -+++ b/Doc/glossary.rst -@@ -346,8 +346,8 @@ - All of Python's immutable built-in objects are hashable, while no mutable - containers (such as lists or dictionaries) are. Objects which are - instances of user-defined classes are hashable by default; they all -- compare unequal (except with themselves), and their hash value is their -- :func:`id`. -+ compare unequal (except with themselves), and their hash value is derived -+ from their :func:`id`. - - IDLE - An Integrated Development Environment for Python. IDLE is a basic editor -@@ -519,7 +519,8 @@ - method resolution order - Method Resolution Order is the order in which base classes are searched - for a member during lookup. See `The Python 2.3 Method Resolution Order -- `_. -+ `_ for details of the -+ algorithm used by the Python interpreter since the 2.3 release. - - module - An object that serves as an organizational unit of Python code. Modules -diff -r 6d1b6a68f775 Doc/howto/argparse.rst ---- a/Doc/howto/argparse.rst -+++ b/Doc/howto/argparse.rst -@@ -513,7 +513,7 @@ - - * Sadly, our help output isn't very informative on the new ability our script - has acquired, but that can always be fixed by improving the documentation for -- out script (e.g. via the ``help`` keyword argument). -+ our script (e.g. via the ``help`` keyword argument). - - * That last output exposes a bug in our program. - -diff -r 6d1b6a68f775 Doc/howto/logging-cookbook.rst ---- a/Doc/howto/logging-cookbook.rst -+++ b/Doc/howto/logging-cookbook.rst -@@ -94,6 +94,61 @@ - 2005-03-23 23:47:11,673 - spam_application - INFO - - done with auxiliary_module.some_function() - -+Logging from multiple threads -+----------------------------- -+ -+Logging from multiple threads requires no special effort. The following example -+shows logging from the main (initIal) thread and another thread:: -+ -+ import logging -+ import threading -+ import time -+ -+ def worker(arg): -+ while not arg['stop']: -+ logging.debug('Hi from myfunc') -+ time.sleep(0.5) -+ -+ def main(): -+ logging.basicConfig(level=logging.DEBUG, format='%(relativeCreated)6d %(threadName)s %(message)s') -+ info = {'stop': False} -+ thread = threading.Thread(target=worker, args=(info,)) -+ thread.start() -+ while True: -+ try: -+ logging.debug('Hello from main') -+ time.sleep(0.75) -+ except KeyboardInterrupt: -+ info['stop'] = True -+ break -+ thread.join() -+ -+ if __name__ == '__main__': -+ main() -+ -+When run, the script should print something like the following:: -+ -+ 0 Thread-1 Hi from myfunc -+ 3 MainThread Hello from main -+ 505 Thread-1 Hi from myfunc -+ 755 MainThread Hello from main -+ 1007 Thread-1 Hi from myfunc -+ 1507 MainThread Hello from main -+ 1508 Thread-1 Hi from myfunc -+ 2010 Thread-1 Hi from myfunc -+ 2258 MainThread Hello from main -+ 2512 Thread-1 Hi from myfunc -+ 3009 MainThread Hello from main -+ 3013 Thread-1 Hi from myfunc -+ 3515 Thread-1 Hi from myfunc -+ 3761 MainThread Hello from main -+ 4017 Thread-1 Hi from myfunc -+ 4513 MainThread Hello from main -+ 4518 Thread-1 Hi from myfunc -+ -+This shows the logging output interspersed as one might expect. This approach -+works for more threads than shown here, of course. -+ - Multiple handlers and formatters - -------------------------------- - -diff -r 6d1b6a68f775 Doc/howto/pyporting.rst ---- a/Doc/howto/pyporting.rst -+++ b/Doc/howto/pyporting.rst -@@ -243,8 +243,8 @@ - binary reading). Under Python 3, binary files and text files are clearly - distinct and mutually incompatible; see the :mod:`io` module for details. - Therefore, you **must** make a decision of whether a file will be used for --binary access (allowing to read and/or write binary data) or text access --(allowing to read and/or write text data). You should also use :func:`io.open` -+binary access (allowing binary data to be read and/or written) or text access -+(allowing text data to be read and/or written). You should also use :func:`io.open` - for opening files instead of the built-in :func:`open` function as the :mod:`io` - module is consistent from Python 2 to 3 while the built-in :func:`open` function - is not (in Python 3 it's actually :func:`io.open`). -diff -r 6d1b6a68f775 Doc/howto/regex.rst ---- a/Doc/howto/regex.rst -+++ b/Doc/howto/regex.rst -@@ -172,7 +172,7 @@ - Repetitions such as ``*`` are :dfn:`greedy`; when repeating a RE, the matching - engine will try to repeat it as many times as possible. If later portions of the - pattern don't match, the matching engine will then back up and try again with --few repetitions. -+fewer repetitions. - - A step-by-step example will make this more obvious. Let's consider the - expression ``a[bcd]*b``. This matches the letter ``'a'``, zero or more letters -@@ -1015,17 +1015,18 @@ - - A negative lookahead cuts through all this confusion: - --``.*[.](?!bat$).*$`` The negative lookahead means: if the expression ``bat`` -+``.*[.](?!bat$)[^.]*$`` The negative lookahead means: if the expression ``bat`` - doesn't match at this point, try the rest of the pattern; if ``bat$`` does - match, the whole pattern will fail. The trailing ``$`` is required to ensure - that something like ``sample.batch``, where the extension only starts with --``bat``, will be allowed. -+``bat``, will be allowed. The ``[^.]*`` makes sure that the pattern works -+when there are multiple dots in the filename. - - Excluding another filename extension is now easy; simply add it as an - alternative inside the assertion. The following pattern excludes filenames that - end in either ``bat`` or ``exe``: - --``.*[.](?!bat$|exe$).*$`` -+``.*[.](?!bat$|exe$)[^.]*$`` - - - Modifying Strings -diff -r 6d1b6a68f775 Doc/howto/urllib2.rst ---- a/Doc/howto/urllib2.rst -+++ b/Doc/howto/urllib2.rst -@@ -499,7 +499,7 @@ - e.g. "http://example.com/" *or* an "authority" (i.e. the hostname, - optionally including the port number) e.g. "example.com" or "example.com:8080" - (the latter example includes a port number). The authority, if present, must --NOT contain the "userinfo" component - for example "joe@password:example.com" is -+NOT contain the "userinfo" component - for example "joe:password@example.com" is - not correct. - - -diff -r 6d1b6a68f775 Doc/installing/index.rst ---- a/Doc/installing/index.rst -+++ b/Doc/installing/index.rst -@@ -82,10 +82,12 @@ - Python. - - It's also possible to specify an exact or minimum version directly on the --command line:: -+command line. When using comparator operators such as ``>``, ``<`` or some other -+special character which get interpreted by shell, the package name and the -+version should be enclosed within double quotes:: - - python -m pip install SomePackage==1.0.4 # specific version -- python -m pip install 'SomePackage>=1.0.4' # minimum version -+ python -m pip install "SomePackage>=1.0.4" # minimum version - - Normally, if a suitable module is already installed, attempting to install - it again will have no effect. Upgrading existing modules must be requested -diff -r 6d1b6a68f775 Doc/library/base64.rst ---- a/Doc/library/base64.rst -+++ b/Doc/library/base64.rst -@@ -16,7 +16,8 @@ - encoding algorithm is not the same as the :program:`uuencode` program. - - There are two interfaces provided by this module. The modern interface supports --encoding and decoding string objects using all three alphabets. The legacy -+encoding and decoding string objects using both base-64 alphabets defined -+in :rfc:`3548` (normal, and URL- and filesystem-safe). The legacy - interface provides for encoding and decoding to and from file-like objects as - well as strings, but only using the Base64 standard alphabet. - -@@ -25,7 +26,7 @@ - - .. function:: b64encode(s[, altchars]) - -- Encode a string use Base64. -+ Encode a string using Base64. - - *s* is the string to encode. Optional *altchars* must be a string of at least - length 2 (additional characters are ignored) which specifies an alternative -@@ -44,9 +45,10 @@ - length 2 (additional characters are ignored) which specifies the alternative - alphabet used instead of the ``+`` and ``/`` characters. - -- The decoded string is returned. A :exc:`TypeError` is raised if *s* were -- incorrectly padded or if there are non-alphabet characters present in the -- string. -+ The decoded string is returned. A :exc:`TypeError` is raised if *s* is -+ incorrectly padded. Characters that are neither -+ in the normal base-64 alphabet nor the alternative alphabet are -+ discarded prior to the padding check. - - - .. function:: standard_b64encode(s) -@@ -61,14 +63,16 @@ - - .. function:: urlsafe_b64encode(s) - -- Encode string *s* using a URL-safe alphabet, which substitutes ``-`` instead of -+ Encode string *s* using the URL- and filesystem-safe -+ alphabet, which substitutes ``-`` instead of - ``+`` and ``_`` instead of ``/`` in the standard Base64 alphabet. The result - can still contain ``=``. - - - .. function:: urlsafe_b64decode(s) - -- Decode string *s* using a URL-safe alphabet, which substitutes ``-`` instead of -+ Decode string *s* using the URL- and filesystem-safe -+ alphabet, which substitutes ``-`` instead of - ``+`` and ``_`` instead of ``/`` in the standard Base64 alphabet. - - -diff -r 6d1b6a68f775 Doc/library/binascii.rst ---- a/Doc/library/binascii.rst -+++ b/Doc/library/binascii.rst -@@ -45,8 +45,10 @@ - .. function:: b2a_base64(data) - - Convert binary data to a line of ASCII characters in base64 coding. The return -- value is the converted line, including a newline char. The length of *data* -- should be at most 57 to adhere to the base64 standard. -+ value is the converted line, including a newline char. The newline is -+ added because the original use case for this function was to feed it a -+ series of 57 byte input lines to get output lines that conform to the -+ MIME-base64 standard. Otherwise the output conforms to :rfc:`3548`. - - - .. function:: a2b_qp(string[, header]) -@@ -165,7 +167,7 @@ - .. seealso:: - - Module :mod:`base64` -- Support for base64 encoding used in MIME email messages. -+ Support for RFC compliant base64-style encoding in base 16, 32, and 64. - - Module :mod:`binhex` - Support for the binhex format used on the Macintosh. -diff -r 6d1b6a68f775 Doc/library/crypto.rst ---- a/Doc/library/crypto.rst -+++ b/Doc/library/crypto.rst -@@ -18,13 +18,3 @@ - hmac.rst - md5.rst - sha.rst --.. index:: -- pair: AES; algorithm -- single: cryptography -- single: Kuchling, Andrew -- --Hardcore cypherpunks will probably find the cryptographic modules written by --A.M. Kuchling of further interest; the package contains modules for various --encryption algorithms, most notably AES. These modules are not distributed with --Python but available separately. See the URL http://www.pycrypto.org/ for more --information. -diff -r 6d1b6a68f775 Doc/library/csv.rst ---- a/Doc/library/csv.rst -+++ b/Doc/library/csv.rst -@@ -112,6 +112,7 @@ - value :const:`None` is written as the empty string. While this isn't a - reversible transformation, it makes it easier to dump SQL NULL data values to - CSV files without preprocessing the data returned from a ``cursor.fetch*`` call. -+ Floats are stringified with :func:`repr` before being written. - All other non-string data are stringified with :func:`str` before being written. - - A short usage example:: -diff -r 6d1b6a68f775 Doc/library/ctypes.rst ---- a/Doc/library/ctypes.rst -+++ b/Doc/library/ctypes.rst -@@ -708,8 +708,8 @@ - >>> pi = pointer(i) - >>> - --Pointer instances have a :attr:`contents` attribute which returns the object to --which the pointer points, the ``i`` object above:: -+Pointer instances have a :attr:`~_Pointer.contents` attribute which -+returns the object to which the pointer points, the ``i`` object above:: - - >>> pi.contents - c_long(42) -@@ -934,7 +934,7 @@ - Callback functions - ^^^^^^^^^^^^^^^^^^ - --:mod:`ctypes` allows to create C callable function pointers from Python callables. -+:mod:`ctypes` allows creating C callable function pointers from Python callables. - These are sometimes called *callback functions*. - - First, you must create a class for the callback function, the class knows the -@@ -1348,7 +1348,7 @@ - Loading shared libraries - ^^^^^^^^^^^^^^^^^^^^^^^^ - --There are several ways to loaded shared libraries into the Python process. One -+There are several ways to load shared libraries into the Python process. One - way is to instantiate one of the following classes: - - -@@ -1404,7 +1404,7 @@ - ignored. - - The *use_errno* parameter, when set to True, enables a ctypes mechanism that --allows to access the system :data:`errno` error number in a safe way. -+allows accessing the system :data:`errno` error number in a safe way. - :mod:`ctypes` maintains a thread-local copy of the systems :data:`errno` - variable; if you call foreign functions created with ``use_errno=True`` then the - :data:`errno` value before the function call is swapped with the ctypes private -@@ -1478,7 +1478,7 @@ - Class which loads shared libraries. *dlltype* should be one of the - :class:`CDLL`, :class:`PyDLL`, :class:`WinDLL`, or :class:`OleDLL` types. - -- :meth:`__getattr__` has special behavior: It allows to load a shared library by -+ :meth:`__getattr__` has special behavior: It allows loading a shared library by - accessing it as attribute of a library loader instance. The result is cached, - so repeated attribute accesses return the same library each time. - -@@ -1557,7 +1557,7 @@ - - It is possible to assign a callable Python object that is not a ctypes - type, in this case the function is assumed to return a C :c:type:`int`, and -- the callable will be called with this integer, allowing to do further -+ the callable will be called with this integer, allowing further - processing or error checking. Using this is deprecated, for more flexible - post processing or error checking use a ctypes data type as - :attr:`restype` and assign a callable to the :attr:`errcheck` attribute. -@@ -1573,7 +1573,7 @@ - - When a foreign function is called, each actual argument is passed to the - :meth:`from_param` class method of the items in the :attr:`argtypes` -- tuple, this method allows to adapt the actual argument to an object that -+ tuple, this method allows adapting the actual argument to an object that - the foreign function accepts. For example, a :class:`c_char_p` item in - the :attr:`argtypes` tuple will convert a unicode string passed as - argument into an byte string using ctypes conversion rules. -@@ -1581,7 +1581,7 @@ - New: It is now possible to put items in argtypes which are not ctypes - types, but each item must have a :meth:`from_param` method which returns a - value usable as argument (integer, string, ctypes instance). This allows -- to define adapters that can adapt custom objects as function parameters. -+ defining adapters that can adapt custom objects as function parameters. - - - .. attribute:: errcheck -@@ -1595,12 +1595,12 @@ - *result* is what the foreign function returns, as specified by the - :attr:`restype` attribute. - -- *func* is the foreign function object itself, this allows to reuse the -+ *func* is the foreign function object itself, this allows reusing the - same callable object to check or post process the results of several - functions. - - *arguments* is a tuple containing the parameters originally passed to -- the function call, this allows to specialize the behavior on the -+ the function call, this allows specializing the behavior on the - arguments used. - - The object that this function returns will be returned from the -@@ -1853,7 +1853,7 @@ - If a string is specified as first argument, the buffer is made one item larger - than the length of the string so that the last element in the array is a NUL - termination character. An integer can be passed as second argument which allows -- to specify the size of the array if the length of the string should not be used. -+ specifying the size of the array if the length of the string should not be used. - - If the first parameter is a unicode string, it is converted into an 8-bit string - according to ctypes conversion rules. -@@ -1870,7 +1870,7 @@ - If a unicode string is specified as first argument, the buffer is made one item - larger than the length of the string so that the last element in the array is a - NUL termination character. An integer can be passed as second argument which -- allows to specify the size of the array if the length of the string should not -+ allows specifying the size of the array if the length of the string should not - be used. - - If the first parameter is a 8-bit string, it is converted into an unicode string -@@ -1879,14 +1879,14 @@ - - .. function:: DllCanUnloadNow() - -- Windows only: This function is a hook which allows to implement in-process -+ Windows only: This function is a hook which allows implementing in-process - COM servers with ctypes. It is called from the DllCanUnloadNow function that - the _ctypes extension dll exports. - - - .. function:: DllGetClassObject() - -- Windows only: This function is a hook which allows to implement in-process -+ Windows only: This function is a hook which allows implementing in-process - COM servers with ctypes. It is called from the DllGetClassObject function - that the ``_ctypes`` extension dll exports. - -@@ -2432,7 +2432,7 @@ - checked, only one field can be accessed when names are repeated. - - It is possible to define the :attr:`_fields_` class variable *after* the -- class statement that defines the Structure subclass, this allows to create -+ class statement that defines the Structure subclass, this allows creating - data types that directly or indirectly reference themselves:: - - class List(Structure): -@@ -2453,7 +2453,7 @@ - - .. attribute:: _pack_ - -- An optional small integer that allows to override the alignment of -+ An optional small integer that allows overriding the alignment of - structure fields in the instance. :attr:`_pack_` must already be defined - when :attr:`_fields_` is assigned, otherwise it will have no effect. - -@@ -2465,8 +2465,8 @@ - assigned, otherwise it will have no effect. - - The fields listed in this variable must be structure or union type fields. -- :mod:`ctypes` will create descriptors in the structure type that allows to -- access the nested fields directly, without the need to create the -+ :mod:`ctypes` will create descriptors in the structure type that allow -+ accessing the nested fields directly, without the need to create the - structure or union field. - - Here is an example type (Windows):: -@@ -2512,6 +2512,56 @@ - Arrays and pointers - ^^^^^^^^^^^^^^^^^^^ - --Not yet written - please see the sections :ref:`ctypes-pointers` and section --:ref:`ctypes-arrays` in the tutorial. -- -+.. class:: Array(\*args) -+ -+ Abstract base class for arrays. -+ -+ The recommended way to create concrete array types is by multiplying any -+ :mod:`ctypes` data type with a positive integer. Alternatively, you can subclass -+ this type and define :attr:`_length_` and :attr:`_type_` class variables. -+ Array elements can be read and written using standard -+ subscript and slice accesses; for slice reads, the resulting object is -+ *not* itself an :class:`Array`. -+ -+ -+ .. attribute:: _length_ -+ -+ A positive integer specifying the number of elements in the array. -+ Out-of-range subscripts result in an :exc:`IndexError`. Will be -+ returned by :func:`len`. -+ -+ -+ .. attribute:: _type_ -+ -+ Specifies the type of each element in the array. -+ -+ -+ Array subclass constructors accept positional arguments, used to -+ initialize the elements in order. -+ -+ -+.. class:: _Pointer -+ -+ Private, abstract base class for pointers. -+ -+ Concrete pointer types are created by calling :func:`POINTER` with the -+ type that will be pointed to; this is done automatically by -+ :func:`pointer`. -+ -+ If a pointer points to an array, its elements can be read and -+ written using standard subscript and slice accesses. Pointer objects -+ have no size, so :func:`len` will raise :exc:`TypeError`. Negative -+ subscripts will read from the memory *before* the pointer (as in C), and -+ out-of-range subscripts will probably crash with an access violation (if -+ you're lucky). -+ -+ -+ .. attribute:: _type_ -+ -+ Specifies the type pointed to. -+ -+ .. attribute:: contents -+ -+ Returns the object to which to pointer points. Assigning to this -+ attribute changes the pointer to point to the assigned object. -+ -diff -r 6d1b6a68f775 Doc/library/datetime.rst ---- a/Doc/library/datetime.rst -+++ b/Doc/library/datetime.rst -@@ -558,7 +558,7 @@ - - .. method:: date.__format__(format) - -- Same as :meth:`.date.strftime`. This makes it possible to specify format -+ Same as :meth:`.date.strftime`. This makes it possible to specify a format - string for a :class:`.date` object when using :meth:`str.format`. - See section :ref:`strftime-strptime-behavior`. - -@@ -1058,7 +1058,7 @@ - - .. method:: datetime.__format__(format) - -- Same as :meth:`.datetime.strftime`. This makes it possible to specify format -+ Same as :meth:`.datetime.strftime`. This makes it possible to specify a format - string for a :class:`.datetime` object when using :meth:`str.format`. - See section :ref:`strftime-strptime-behavior`. - -@@ -1292,7 +1292,7 @@ - - .. method:: time.__format__(format) - -- Same as :meth:`.time.strftime`. This makes it possible to specify format string -+ Same as :meth:`.time.strftime`. This makes it possible to specify a format string - for a :class:`.time` object when using :meth:`str.format`. - See section :ref:`strftime-strptime-behavior`. - -diff -r 6d1b6a68f775 Doc/library/fileinput.rst ---- a/Doc/library/fileinput.rst -+++ b/Doc/library/fileinput.rst -@@ -60,6 +60,9 @@ - .. versionchanged:: 2.5 - Added the *mode* and *openhook* parameters. - -+ .. versionchanged:: 2.7.12 -+ The *bufsize* parameter is no longer used. -+ - The following functions use the global state created by :func:`fileinput.input`; - if there is no active state, :exc:`RuntimeError` is raised. - -@@ -143,6 +146,9 @@ - .. versionchanged:: 2.5 - Added the *mode* and *openhook* parameters. - -+ .. versionchanged:: 2.7.12 -+ The *bufsize* parameter is no longer used. -+ - **Optional in-place filtering:** if the keyword argument ``inplace=1`` is passed - to :func:`fileinput.input` or to the :class:`FileInput` constructor, the file is - moved to a backup file and standard output is directed to the input file (if a -diff -r 6d1b6a68f775 Doc/library/inspect.rst ---- a/Doc/library/inspect.rst -+++ b/Doc/library/inspect.rst -@@ -272,7 +272,8 @@ - - .. function:: ismethod(object) - -- Return true if the object is a bound method written in Python. -+ Return true if the object is a bound or unbound method written in Python. -+ - - - .. function:: isfunction(object) -diff -r 6d1b6a68f775 Doc/library/itertools.rst ---- a/Doc/library/itertools.rst -+++ b/Doc/library/itertools.rst -@@ -695,6 +695,11 @@ - "Returns the nth item or a default value" - return next(islice(iterable, n, None), default) - -+ def all_equal(iterable): -+ "Returns True if all the elements are equal to each other" -+ g = groupby(iterable) -+ return next(g, True) and not next(g, False) -+ - def quantify(iterable, pred=bool): - "Count how many times the predicate is true" - return sum(imap(pred, iterable)) -diff -r 6d1b6a68f775 Doc/library/logging.rst ---- a/Doc/library/logging.rst -+++ b/Doc/library/logging.rst -@@ -622,7 +622,9 @@ - | Attribute name | Format | Description | - +================+=========================+===============================================+ - | args | You shouldn't need to | The tuple of arguments merged into ``msg`` to | --| | format this yourself. | produce ``message``. | -+| | format this yourself. | produce ``message``, or a dict whose values | -+| | | are used for the merge (when there is only one| -+| | | argument, and it is a dictionary). | - +----------------+-------------------------+-----------------------------------------------+ - | asctime | ``%(asctime)s`` | Human-readable time when the | - | | | :class:`LogRecord` was created. By default | -diff -r 6d1b6a68f775 Doc/library/multiprocessing.rst ---- a/Doc/library/multiprocessing.rst -+++ b/Doc/library/multiprocessing.rst -@@ -215,7 +215,7 @@ - proxies. - - A manager returned by :func:`Manager` will support types :class:`list`, -- :class:`dict`, :class:`Namespace`, :class:`Lock`, :class:`RLock`, -+ :class:`dict`, :class:`~managers.Namespace`, :class:`Lock`, :class:`RLock`, - :class:`Semaphore`, :class:`BoundedSemaphore`, :class:`Condition`, - :class:`Event`, :class:`~multiprocessing.Queue`, :class:`Value` and :class:`Array`. For - example, :: -@@ -261,16 +261,41 @@ - - For example:: - -- from multiprocessing import Pool -+ from multiprocessing import Pool, TimeoutError -+ import time -+ import os - - def f(x): - return x*x - - if __name__ == '__main__': - pool = Pool(processes=4) # start 4 worker processes -- result = pool.apply_async(f, [10]) # evaluate "f(10)" asynchronously -- print result.get(timeout=1) # prints "100" unless your computer is *very* slow -- print pool.map(f, range(10)) # prints "[0, 1, 4,..., 81]" -+ -+ # print "[0, 1, 4,..., 81]" -+ print pool.map(f, range(10)) -+ -+ # print same numbers in arbitrary order -+ for i in pool.imap_unordered(f, range(10)): -+ print i -+ -+ # evaluate "f(20)" asynchronously -+ res = pool.apply_async(f, (20,)) # runs in *only* one process -+ print res.get(timeout=1) # prints "400" -+ -+ # evaluate "os.getpid()" asynchronously -+ res = pool.apply_async(os.getpid, ()) # runs in *only* one process -+ print res.get(timeout=1) # prints the PID of that process -+ -+ # launching multiple evaluations asynchronously *may* use more processes -+ multiple_results = [pool.apply_async(os.getpid, ()) for i in range(4)] -+ print [res.get(timeout=1) for res in multiple_results] -+ -+ # make a single worker sleep for 10 secs -+ res = pool.apply_async(time.sleep, (10,)) -+ try: -+ print res.get(timeout=1) -+ except TimeoutError: -+ print "We lacked patience and got a multiprocessing.TimeoutError" - - Note that the methods of a pool should only ever be used by the - process which created it. -@@ -751,8 +776,10 @@ - If the ``freeze_support()`` line is omitted then trying to run the frozen - executable will raise :exc:`RuntimeError`. - -- If the module is being run normally by the Python interpreter then -- :func:`freeze_support` has no effect. -+ Calling ``freeze_support()`` has no effect when invoked on any operating -+ system other than Windows. In addition, if the module is being run -+ normally by the Python interpreter on Windows (the program has not been -+ frozen), then ``freeze_support()`` has no effect. - - .. function:: set_executable() - -@@ -1510,24 +1537,25 @@ - lproxy[0] = d - - --Namespace objects -->>>>>>>>>>>>>>>>> -- --A namespace object has no public methods, but does have writable attributes. --Its representation shows the values of its attributes. -- --However, when using a proxy for a namespace object, an attribute beginning with --``'_'`` will be an attribute of the proxy and not an attribute of the referent: -- --.. doctest:: -- -- >>> manager = multiprocessing.Manager() -- >>> Global = manager.Namespace() -- >>> Global.x = 10 -- >>> Global.y = 'hello' -- >>> Global._z = 12.3 # this is an attribute of the proxy -- >>> print Global -- Namespace(x=10, y='hello') -+.. class:: Namespace -+ -+ A type that can register with :class:`SyncManager`. -+ -+ A namespace object has no public methods, but does have writable attributes. -+ Its representation shows the values of its attributes. -+ -+ However, when using a proxy for a namespace object, an attribute beginning with -+ ``'_'`` will be an attribute of the proxy and not an attribute of the referent: -+ -+ .. doctest:: -+ -+ >>> manager = multiprocessing.Manager() -+ >>> Global = manager.Namespace() -+ >>> Global.x = 10 -+ >>> Global.y = 'hello' -+ >>> Global._z = 12.3 # this is an attribute of the proxy -+ >>> print Global -+ Namespace(x=10, y='hello') - - - Customized managers -@@ -1884,6 +1912,7 @@ - The following example demonstrates the use of a pool:: - - from multiprocessing import Pool -+ import time - - def f(x): - return x*x -@@ -1891,7 +1920,7 @@ - if __name__ == '__main__': - pool = Pool(processes=4) # start 4 worker processes - -- result = pool.apply_async(f, (10,)) # evaluate "f(10)" asynchronously -+ result = pool.apply_async(f, (10,)) # evaluate "f(10)" asynchronously in a single process - print result.get(timeout=1) # prints "100" unless your computer is *very* slow - - print pool.map(f, range(10)) # prints "[0, 1, 4,..., 81]" -@@ -1901,9 +1930,8 @@ - print it.next() # prints "1" - print it.next(timeout=1) # prints "4" unless your computer is *very* slow - -- import time - result = pool.apply_async(time.sleep, (10,)) -- print result.get(timeout=1) # raises TimeoutError -+ print result.get(timeout=1) # raises multiprocessing.TimeoutError - - - .. _multiprocessing-listeners-clients: -diff -r 6d1b6a68f775 Doc/library/nis.rst ---- a/Doc/library/nis.rst -+++ b/Doc/library/nis.rst -@@ -27,7 +27,7 @@ - Note that *mapname* is first checked if it is an alias to another name. - - .. versionchanged:: 2.5 -- The *domain* argument allows to override the NIS domain used for the lookup. If -+ The *domain* argument allows overriding the NIS domain used for the lookup. If - unspecified, lookup is in the default NIS domain. - - -@@ -40,7 +40,7 @@ - Note that *mapname* is first checked if it is an alias to another name. - - .. versionchanged:: 2.5 -- The *domain* argument allows to override the NIS domain used for the lookup. If -+ The *domain* argument allows overriding the NIS domain used for the lookup. If - unspecified, lookup is in the default NIS domain. - - -@@ -49,7 +49,7 @@ - Return a list of all valid maps. - - .. versionchanged:: 2.5 -- The *domain* argument allows to override the NIS domain used for the lookup. If -+ The *domain* argument allows overriding the NIS domain used for the lookup. If - unspecified, lookup is in the default NIS domain. - - -diff -r 6d1b6a68f775 Doc/library/pprint.rst ---- a/Doc/library/pprint.rst -+++ b/Doc/library/pprint.rst -@@ -190,7 +190,7 @@ - the current presentation context (direct and indirect containers for *object* - that are affecting the presentation) as the keys; if an object needs to be - presented which is already represented in *context*, the third return value -- should be ``True``. Recursive calls to the :meth:`format` method should add -+ should be ``True``. Recursive calls to the :meth:`.format` method should add - additional entries for containers to this dictionary. The third argument, - *maxlevels*, gives the requested limit to recursion; this will be ``0`` if there - is no requested limit. This argument should be passed unmodified to recursive -diff -r 6d1b6a68f775 Doc/library/pyexpat.rst ---- a/Doc/library/pyexpat.rst -+++ b/Doc/library/pyexpat.rst -@@ -595,9 +595,9 @@ - .. sectionauthor:: Fred L. Drake, Jr. - - --Content modules are described using nested tuples. Each tuple contains four -+Content models are described using nested tuples. Each tuple contains four - values: the type, the quantifier, the name, and a tuple of children. Children --are simply additional content module descriptions. -+are simply additional content model descriptions. - - The values of the first two fields are constants defined in the ``model`` object - of the :mod:`xml.parsers.expat` module. These constants can be collected in two -diff -r 6d1b6a68f775 Doc/library/random.rst ---- a/Doc/library/random.rst -+++ b/Doc/library/random.rst -@@ -19,7 +19,7 @@ - lognormal, negative exponential, gamma, and beta distributions. For generating - distributions of angles, the von Mises distribution is available. - --Almost all module functions depend on the basic function :func:`random`, which -+Almost all module functions depend on the basic function :func:`.random`, which - generates a random float uniformly in the semi-open range [0.0, 1.0). Python - uses the Mersenne Twister as the core generator. It produces 53-bit precision - floats and has a period of 2\*\*19937-1. The underlying implementation in C is -@@ -36,9 +36,10 @@ - it likely that the generated sequences seen by each thread don't overlap. - - Class :class:`Random` can also be subclassed if you want to use a different --basic generator of your own devising: in that case, override the :meth:`random`, --:meth:`seed`, :meth:`getstate`, :meth:`setstate` and :meth:`jumpahead` methods. --Optionally, a new generator can supply a :meth:`getrandbits` method --- this -+basic generator of your own devising: in that case, override the :meth:`~Random.random`, -+:meth:`~Random.seed`, :meth:`~Random.getstate`, :meth:`~Random.setstate` and -+:meth:`~Random.jumpahead` methods. Optionally, a new generator can supply a -+:meth:`~Random.getrandbits` method --- this - allows :meth:`randrange` to produce selections over an arbitrarily large range. - - .. versionadded:: 2.4 -@@ -158,7 +159,7 @@ - - Shuffle the sequence *x* in place. The optional argument *random* is a - 0-argument function returning a random float in [0.0, 1.0); by default, this is -- the function :func:`random`. -+ the function :func:`.random`. - - Note that for even rather small ``len(x)``, the total number of permutations of - *x* is larger than the period of most random number generators; this implies -diff -r 6d1b6a68f775 Doc/library/readline.rst ---- a/Doc/library/readline.rst -+++ b/Doc/library/readline.rst -@@ -214,6 +214,8 @@ - histfile = os.path.join(os.path.expanduser("~"), ".pyhist") - try: - readline.read_history_file(histfile) -+ # default history len is -1 (infinite), which may grow unruly -+ readline.set_history_length(1000) - except IOError: - pass - import atexit -@@ -244,5 +246,6 @@ - atexit.register(self.save_history, histfile) - - def save_history(self, histfile): -+ readline.set_history_length(1000) - readline.write_history_file(histfile) - -diff -r 6d1b6a68f775 Doc/library/sets.rst ---- a/Doc/library/sets.rst -+++ b/Doc/library/sets.rst -@@ -76,7 +76,8 @@ - +-------------------------------+------------+---------------------------------+ - | Operation | Equivalent | Result | - +===============================+============+=================================+ --| ``len(s)`` | | cardinality of set *s* | -+| ``len(s)`` | | number of elements in set *s* | -+| | | (cardinality) | - +-------------------------------+------------+---------------------------------+ - | ``x in s`` | | test *x* for membership in *s* | - +-------------------------------+------------+---------------------------------+ -diff -r 6d1b6a68f775 Doc/library/socketserver.rst ---- a/Doc/library/socketserver.rst -+++ b/Doc/library/socketserver.rst -@@ -16,16 +16,34 @@ - - The :mod:`SocketServer` module simplifies the task of writing network servers. - --There are four basic server classes: :class:`TCPServer` uses the Internet TCP --protocol, which provides for continuous streams of data between the client and --server. :class:`UDPServer` uses datagrams, which are discrete packets of --information that may arrive out of order or be lost while in transit. The more --infrequently used :class:`UnixStreamServer` and :class:`UnixDatagramServer` --classes are similar, but use Unix domain sockets; they're not available on --non-Unix platforms. For more details on network programming, consult a book --such as --W. Richard Steven's UNIX Network Programming or Ralph Davis's Win32 Network --Programming. -+There are four basic concrete server classes: -+ -+ -+.. class:: TCPServer(server_address, RequestHandlerClass, bind_and_activate=True) -+ -+ This uses the Internet TCP protocol, which provides for -+ continuous streams of data between the client and server. -+ If *bind_and_activate* is true, the constructor automatically attempts to -+ invoke :meth:`~BaseServer.server_bind` and -+ :meth:`~BaseServer.server_activate`. The other parameters are passed to -+ the :class:`BaseServer` base class. -+ -+ -+.. class:: UDPServer(server_address, RequestHandlerClass, bind_and_activate=True) -+ -+ This uses datagrams, which are discrete packets of information that may -+ arrive out of order or be lost while in transit. The parameters are -+ the same as for :class:`TCPServer`. -+ -+ -+.. class:: UnixStreamServer(server_address, RequestHandlerClass, bind_and_activate=True) -+ UnixDatagramServer(server_address, RequestHandlerClass, bind_and_activate=True) -+ -+ These more infrequently used classes are similar to the TCP and -+ UDP classes, but use Unix domain sockets; they're not available on -+ non-Unix platforms. The parameters are the same as for -+ :class:`TCPServer`. -+ - - These four classes process requests :dfn:`synchronously`; each request must be - completed before the next request can be started. This isn't suitable if each -@@ -37,10 +55,12 @@ - - Creating a server requires several steps. First, you must create a request - handler class by subclassing the :class:`BaseRequestHandler` class and --overriding its :meth:`handle` method; this method will process incoming -+overriding its :meth:`~BaseRequestHandler.handle` method; -+this method will process incoming - requests. Second, you must instantiate one of the server classes, passing it - the server's address and the request handler class. Then call the --:meth:`handle_request` or :meth:`serve_forever` method of the server object to -+:meth:`~BaseServer.handle_request` or -+:meth:`~BaseServer.serve_forever` method of the server object to - process one or many requests. Finally, call :meth:`~BaseServer.server_close` - to close the socket. - -@@ -81,18 +101,33 @@ - stream server is the address family, which is simply repeated in both Unix - server classes. - --Forking and threading versions of each type of server can be created using the --:class:`ForkingMixIn` and :class:`ThreadingMixIn` mix-in classes. For instance, --a threading UDP server class is created as follows:: - -- class ThreadingUDPServer(ThreadingMixIn, UDPServer): pass -+.. class:: ForkingMixIn -+ ThreadingMixIn - --The mix-in class must come first, since it overrides a method defined in --:class:`UDPServer`. Setting the various attributes also change the --behavior of the underlying server mechanism. -+ Forking and threading versions of each type of server can be created -+ using these mix-in classes. For instance, :class:`ThreadingUDPServer` -+ is created as follows:: -+ -+ class ThreadingUDPServer(ThreadingMixIn, UDPServer): -+ pass -+ -+ The mix-in class comes first, since it overrides a method defined in -+ :class:`UDPServer`. Setting the various attributes also changes the -+ behavior of the underlying server mechanism. -+ -+ -+.. class:: ForkingTCPServer -+ ForkingUDPServer -+ ThreadingTCPServer -+ ThreadingUDPServer -+ -+ These classes are pre-defined using the mix-in classes. -+ - - To implement a service, you must derive a class from :class:`BaseRequestHandler` --and redefine its :meth:`handle` method. You can then run various versions of -+and redefine its :meth:`~BaseRequestHandler.handle` method. -+You can then run various versions of - the service by combining one of the server classes with your request handler - class. The request handler class must be different for datagram or stream - services. This can be hidden by using the handler subclasses -@@ -114,7 +149,7 @@ - In some cases, it may be appropriate to process part of a request synchronously, - but to finish processing in a forked child depending on the request data. This - can be implemented by using a synchronous server and doing an explicit fork in --the request handler class :meth:`handle` method. -+the request handler class :meth:`~BaseRequestHandler.handle` method. - - Another approach to handling multiple simultaneous requests in an environment - that supports neither threads nor :func:`~os.fork` (or where these are too -@@ -132,215 +167,230 @@ - Server Objects - -------------- - --.. class:: BaseServer -+.. class:: BaseServer(server_address, RequestHandlerClass) - - This is the superclass of all Server objects in the module. It defines the - interface, given below, but does not implement most of the methods, which is -- done in subclasses. -+ done in subclasses. The two parameters are stored in the respective -+ :attr:`server_address` and :attr:`RequestHandlerClass` attributes. - - --.. method:: BaseServer.fileno() -+ .. method:: fileno() - -- Return an integer file descriptor for the socket on which the server is -- listening. This function is most commonly passed to :func:`select.select`, to -- allow monitoring multiple servers in the same process. -+ Return an integer file descriptor for the socket on which the server is -+ listening. This function is most commonly passed to :func:`select.select`, to -+ allow monitoring multiple servers in the same process. - - --.. method:: BaseServer.handle_request() -+ .. method:: handle_request() - -- Process a single request. This function calls the following methods in -- order: :meth:`get_request`, :meth:`verify_request`, and -- :meth:`process_request`. If the user-provided :meth:`handle` method of the -- handler class raises an exception, the server's :meth:`handle_error` method -- will be called. If no request is received within :attr:`self.timeout` -- seconds, :meth:`handle_timeout` will be called and :meth:`handle_request` -- will return. -+ Process a single request. This function calls the following methods in -+ order: :meth:`get_request`, :meth:`verify_request`, and -+ :meth:`process_request`. If the user-provided -+ :meth:`~BaseRequestHandler.handle` method of the -+ handler class raises an exception, the server's :meth:`handle_error` method -+ will be called. If no request is received within :attr:`timeout` -+ seconds, :meth:`handle_timeout` will be called and :meth:`handle_request` -+ will return. - - --.. method:: BaseServer.serve_forever(poll_interval=0.5) -+ .. method:: serve_forever(poll_interval=0.5) - -- Handle requests until an explicit :meth:`shutdown` request. -- Poll for shutdown every *poll_interval* seconds. Ignores :attr:`self.timeout`. -- If you need to do periodic tasks, do them in another thread. -+ Handle requests until an explicit :meth:`shutdown` request. Poll for -+ shutdown every *poll_interval* seconds. -+ Ignores the :attr:`timeout` attribute. -+ If you need to do periodic tasks, do them in another thread. - - --.. method:: BaseServer.shutdown() -+ .. method:: shutdown() - -- Tell the :meth:`serve_forever` loop to stop and wait until it does. -+ Tell the :meth:`serve_forever` loop to stop and wait until it does. - -- .. versionadded:: 2.6 -+ .. versionadded:: 2.6 - - --.. method:: BaseServer.server_close() -+ .. method:: server_close() - -- Clean up the server. May be overridden. -+ Clean up the server. May be overridden. - -- .. versionadded:: 2.6 -+ .. versionadded:: 2.6 - - --.. attribute:: BaseServer.address_family -+ .. attribute:: address_family - -- The family of protocols to which the server's socket belongs. -- Common examples are :const:`socket.AF_INET` and :const:`socket.AF_UNIX`. -+ The family of protocols to which the server's socket belongs. -+ Common examples are :const:`socket.AF_INET` and :const:`socket.AF_UNIX`. - - --.. attribute:: BaseServer.RequestHandlerClass -+ .. attribute:: RequestHandlerClass - -- The user-provided request handler class; an instance of this class is created -- for each request. -+ The user-provided request handler class; an instance of this class is created -+ for each request. - - --.. attribute:: BaseServer.server_address -+ .. attribute:: server_address - -- The address on which the server is listening. The format of addresses varies -- depending on the protocol family; see the documentation for the socket module -- for details. For Internet protocols, this is a tuple containing a string giving -- the address, and an integer port number: ``('127.0.0.1', 80)``, for example. -+ The address on which the server is listening. The format of addresses varies -+ depending on the protocol family; -+ see the documentation for the :mod:`socket` module -+ for details. For Internet protocols, this is a tuple containing a string giving -+ the address, and an integer port number: ``('127.0.0.1', 80)``, for example. - - --.. attribute:: BaseServer.socket -+ .. attribute:: socket - -- The socket object on which the server will listen for incoming requests. -+ The socket object on which the server will listen for incoming requests. - - --The server classes support the following class variables: -+ The server classes support the following class variables: - --.. XXX should class variables be covered before instance variables, or vice versa? -+ .. XXX should class variables be covered before instance variables, or vice versa? - --.. attribute:: BaseServer.allow_reuse_address -+ .. attribute:: allow_reuse_address - -- Whether the server will allow the reuse of an address. This defaults to -- :const:`False`, and can be set in subclasses to change the policy. -+ Whether the server will allow the reuse of an address. This defaults to -+ :const:`False`, and can be set in subclasses to change the policy. - - --.. attribute:: BaseServer.request_queue_size -+ .. attribute:: request_queue_size - -- The size of the request queue. If it takes a long time to process a single -- request, any requests that arrive while the server is busy are placed into a -- queue, up to :attr:`request_queue_size` requests. Once the queue is full, -- further requests from clients will get a "Connection denied" error. The default -- value is usually 5, but this can be overridden by subclasses. -+ The size of the request queue. If it takes a long time to process a single -+ request, any requests that arrive while the server is busy are placed into a -+ queue, up to :attr:`request_queue_size` requests. Once the queue is full, -+ further requests from clients will get a "Connection denied" error. The default -+ value is usually 5, but this can be overridden by subclasses. - - --.. attribute:: BaseServer.socket_type -+ .. attribute:: socket_type - -- The type of socket used by the server; :const:`socket.SOCK_STREAM` and -- :const:`socket.SOCK_DGRAM` are two common values. -+ The type of socket used by the server; :const:`socket.SOCK_STREAM` and -+ :const:`socket.SOCK_DGRAM` are two common values. - - --.. attribute:: BaseServer.timeout -+ .. attribute:: timeout - -- Timeout duration, measured in seconds, or :const:`None` if no timeout is -- desired. If :meth:`handle_request` receives no incoming requests within the -- timeout period, the :meth:`handle_timeout` method is called. -+ Timeout duration, measured in seconds, or :const:`None` if no timeout is -+ desired. If :meth:`handle_request` receives no incoming requests within the -+ timeout period, the :meth:`handle_timeout` method is called. - - --There are various server methods that can be overridden by subclasses of base --server classes like :class:`TCPServer`; these methods aren't useful to external --users of the server object. -+ There are various server methods that can be overridden by subclasses of base -+ server classes like :class:`TCPServer`; these methods aren't useful to external -+ users of the server object. - --.. XXX should the default implementations of these be documented, or should -- it be assumed that the user will look at SocketServer.py? -+ .. XXX should the default implementations of these be documented, or should -+ it be assumed that the user will look at SocketServer.py? - --.. method:: BaseServer.finish_request() -+ .. method:: finish_request() - -- Actually processes the request by instantiating :attr:`RequestHandlerClass` and -- calling its :meth:`handle` method. -+ Actually processes the request by instantiating :attr:`RequestHandlerClass` and -+ calling its :meth:`~BaseRequestHandler.handle` method. - - --.. method:: BaseServer.get_request() -+ .. method:: get_request() - -- Must accept a request from the socket, and return a 2-tuple containing the *new* -- socket object to be used to communicate with the client, and the client's -- address. -+ Must accept a request from the socket, and return a 2-tuple containing the *new* -+ socket object to be used to communicate with the client, and the client's -+ address. - - --.. method:: BaseServer.handle_error(request, client_address) -+ .. method:: handle_error(request, client_address) - -- This function is called if the :attr:`RequestHandlerClass`'s :meth:`handle` -- method raises an exception. The default action is to print the traceback to -- standard output and continue handling further requests. -+ This function is called if the :meth:`~BaseRequestHandler.handle` -+ method of a :attr:`RequestHandlerClass` instance raises -+ an exception. The default action is to print the traceback to -+ standard output and continue handling further requests. - - --.. method:: BaseServer.handle_timeout() -+ .. method:: handle_timeout() - -- This function is called when the :attr:`timeout` attribute has been set to a -- value other than :const:`None` and the timeout period has passed with no -- requests being received. The default action for forking servers is -- to collect the status of any child processes that have exited, while -- in threading servers this method does nothing. -+ This function is called when the :attr:`timeout` attribute has been set to a -+ value other than :const:`None` and the timeout period has passed with no -+ requests being received. The default action for forking servers is -+ to collect the status of any child processes that have exited, while -+ in threading servers this method does nothing. - - --.. method:: BaseServer.process_request(request, client_address) -+ .. method:: process_request(request, client_address) - -- Calls :meth:`finish_request` to create an instance of the -- :attr:`RequestHandlerClass`. If desired, this function can create a new process -- or thread to handle the request; the :class:`ForkingMixIn` and -- :class:`ThreadingMixIn` classes do this. -+ Calls :meth:`finish_request` to create an instance of the -+ :attr:`RequestHandlerClass`. If desired, this function can create a new process -+ or thread to handle the request; the :class:`ForkingMixIn` and -+ :class:`ThreadingMixIn` classes do this. - - --.. Is there any point in documenting the following two functions? -- What would the purpose of overriding them be: initializing server -- instance variables, adding new network families? -+ .. Is there any point in documenting the following two functions? -+ What would the purpose of overriding them be: initializing server -+ instance variables, adding new network families? - --.. method:: BaseServer.server_activate() -+ .. method:: server_activate() - -- Called by the server's constructor to activate the server. The default behavior -- just :meth:`listen`\ s to the server's socket. May be overridden. -+ Called by the server's constructor to activate the server. The default behavior -+ for a TCP server just invokes :meth:`~socket.socket.listen` -+ on the server's socket. May be overridden. - - --.. method:: BaseServer.server_bind() -+ .. method:: server_bind() - -- Called by the server's constructor to bind the socket to the desired address. -- May be overridden. -+ Called by the server's constructor to bind the socket to the desired address. -+ May be overridden. - - --.. method:: BaseServer.verify_request(request, client_address) -+ .. method:: verify_request(request, client_address) - -- Must return a Boolean value; if the value is :const:`True`, the request will be -- processed, and if it's :const:`False`, the request will be denied. This function -- can be overridden to implement access controls for a server. The default -- implementation always returns :const:`True`. -+ Must return a Boolean value; if the value is :const:`True`, the request will be -+ processed, and if it's :const:`False`, the request will be denied. This function -+ can be overridden to implement access controls for a server. The default -+ implementation always returns :const:`True`. - - --RequestHandler Objects ------------------------ -+Request Handler Objects -+----------------------- - --The request handler class must define a new :meth:`handle` method, and can --override any of the following methods. A new instance is created for each --request. -+.. class:: BaseRequestHandler - -+ This is the superclass of all request handler objects. It defines -+ the interface, given below. A concrete request handler subclass must -+ define a new :meth:`handle` method, and can override any of -+ the other methods. A new instance of the subclass is created for each -+ request. - --.. method:: RequestHandler.finish() - -- Called after the :meth:`handle` method to perform any clean-up actions -- required. The default implementation does nothing. If :meth:`setup` -- raises an exception, this function will not be called. -+ .. method:: setup() - -+ Called before the :meth:`handle` method to perform any initialization actions -+ required. The default implementation does nothing. - --.. method:: RequestHandler.handle() - -- This function must do all the work required to service a request. The -- default implementation does nothing. Several instance attributes are -- available to it; the request is available as :attr:`self.request`; the client -- address as :attr:`self.client_address`; and the server instance as -- :attr:`self.server`, in case it needs access to per-server information. -+ .. method:: handle() - -- The type of :attr:`self.request` is different for datagram or stream -- services. For stream services, :attr:`self.request` is a socket object; for -- datagram services, :attr:`self.request` is a pair of string and socket. -- However, this can be hidden by using the request handler subclasses -- :class:`StreamRequestHandler` or :class:`DatagramRequestHandler`, which -- override the :meth:`setup` and :meth:`finish` methods, and provide -- :attr:`self.rfile` and :attr:`self.wfile` attributes. :attr:`self.rfile` and -- :attr:`self.wfile` can be read or written, respectively, to get the request -- data or return data to the client. -+ This function must do all the work required to service a request. The -+ default implementation does nothing. Several instance attributes are -+ available to it; the request is available as :attr:`self.request`; the client -+ address as :attr:`self.client_address`; and the server instance as -+ :attr:`self.server`, in case it needs access to per-server information. - -+ The type of :attr:`self.request` is different for datagram or stream -+ services. For stream services, :attr:`self.request` is a socket object; for -+ datagram services, :attr:`self.request` is a pair of string and socket. - --.. method:: RequestHandler.setup() - -- Called before the :meth:`handle` method to perform any initialization actions -- required. The default implementation does nothing. -+ .. method:: finish() -+ -+ Called after the :meth:`handle` method to perform any clean-up actions -+ required. The default implementation does nothing. If :meth:`setup` -+ raises an exception, this function will not be called. -+ -+ -+.. class:: StreamRequestHandler -+ DatagramRequestHandler -+ -+ These :class:`BaseRequestHandler` subclasses override the -+ :meth:`~BaseRequestHandler.setup` and :meth:`~BaseRequestHandler.finish` -+ methods, and provide :attr:`self.rfile` and :attr:`self.wfile` attributes. -+ The :attr:`self.rfile` and :attr:`self.wfile` attributes can be -+ read or written, respectively, to get the request data or return data -+ to the client. - - - Examples -@@ -355,7 +405,7 @@ - - class MyTCPHandler(SocketServer.BaseRequestHandler): - """ -- The RequestHandler class for our server. -+ The request handler class for our server. - - It is instantiated once per connection to the server, and must - override the handle() method to implement communication to the -diff -r 6d1b6a68f775 Doc/library/sqlite3.rst ---- a/Doc/library/sqlite3.rst -+++ b/Doc/library/sqlite3.rst -@@ -595,6 +595,18 @@ - - It is set for ``SELECT`` statements without any matching rows as well. - -+ .. attribute:: connection -+ -+ This read-only attribute provides the SQLite database :class:`Connection` -+ used by the :class:`Cursor` object. A :class:`Cursor` object created by -+ calling :meth:`con.cursor() ` will have a -+ :attr:`connection` attribute that refers to *con*:: -+ -+ >>> con = sqlite3.connect(":memory:") -+ >>> cur = con.cursor() -+ >>> cur.connection == con -+ True -+ - .. _sqlite3-row-objects: - - Row Objects -diff -r 6d1b6a68f775 Doc/library/ssl.rst ---- a/Doc/library/ssl.rst -+++ b/Doc/library/ssl.rst -@@ -280,6 +280,44 @@ - - RC4 was dropped from the default cipher string. - -+.. function:: _https_verify_certificates(enable=True) -+ -+ Specifies whether or not server certificates are verified when creating -+ client HTTPS connections without specifying a particular SSL context. -+ -+ Starting with Python 2.7.9, :mod:`httplib` and modules which use it, such as -+ :mod:`urllib2` and :mod:`xmlrpclib`, default to verifying remote server -+ certificates received when establishing client HTTPS connections. This -+ default verification checks that the certificate is signed by a Certificate -+ Authority in the system trust store and that the Common Name (or Subject -+ Alternate Name) on the presented certificate matches the requested host. -+ -+ Setting *enable* to :const:`True` ensures this default behaviour is in -+ effect. -+ -+ Setting *enable* to :const:`False` reverts the default HTTPS certificate -+ handling to that of Python 2.7.8 and earlier, allowing connections to -+ servers using self-signed certificates, servers using certificates signed -+ by a Certicate Authority not present in the system trust store, and servers -+ where the hostname does not match the presented server certificate. -+ -+ The leading underscore on this function denotes that it intentionally does -+ not exist in any implementation of Python 3 and may not be present in all -+ Python 2.7 implementations. The portable approach to bypassing certificate -+ checks or the system trust store when necessary is for tools to enable that -+ on a case-by-case basis by explicitly passing in a suitably configured SSL -+ context, rather than reverting the default behaviour of the standard library -+ client modules. -+ -+ .. versionadded:: 2.7.12 -+ -+ .. seealso:: -+ -+ * `CVE-2014-9365 `_ -+ -- HTTPS man-in-the-middle attack against Python clients using default settings -+ * :pep:`476` -- Enabling certificate verification by default for HTTPS -+ * :pep:`493` -- HTTPS verification migration tools for Python 2.7 -+ - - Random generation - ^^^^^^^^^^^^^^^^^ -diff -r 6d1b6a68f775 Doc/library/stdtypes.rst ---- a/Doc/library/stdtypes.rst -+++ b/Doc/library/stdtypes.rst -@@ -963,10 +963,9 @@ - - .. method:: str.find(sub[, start[, end]]) - -- Return the lowest index in the string where substring *sub* is found, such -- that *sub* is contained in the slice ``s[start:end]``. Optional arguments -- *start* and *end* are interpreted as in slice notation. Return ``-1`` if -- *sub* is not found. -+ Return the lowest index in the string where substring *sub* is found within -+ the slice ``s[start:end]``. Optional arguments *start* and *end* are -+ interpreted as in slice notation. Return ``-1`` if *sub* is not found. - - .. note:: - -@@ -1780,7 +1779,7 @@ - - .. describe:: len(s) - -- Return the cardinality of set *s*. -+ Return the number of elements in set *s* (cardinality of *s*). - - .. describe:: x in s - -diff -r 6d1b6a68f775 Doc/library/string.rst ---- a/Doc/library/string.rst -+++ b/Doc/library/string.rst -@@ -105,8 +105,8 @@ - - .. _new-string-formatting: - --String Formatting ------------------- -+Custom String Formatting -+------------------------ - - .. versionadded:: 2.6 - -@@ -115,7 +115,7 @@ - :meth:`str.format` method described in :pep:`3101`. The :class:`Formatter` - class in the :mod:`string` module allows you to create and customize your own - string formatting behaviors using the same implementation as the built-in --:meth:`format` method. -+:meth:`~str.format` method. - - .. class:: Formatter - -@@ -123,9 +123,9 @@ - - .. method:: format(format_string, *args, **kwargs) - -- :meth:`format` is the primary API method. It takes a format string and -+ The primary API method. It takes a format string and - an arbitrary set of positional and keyword arguments. -- :meth:`format` is just a wrapper that calls :meth:`vformat`. -+ It is just a wrapper that calls :meth:`vformat`. - - .. method:: vformat(format_string, args, kwargs) - -@@ -293,8 +293,9 @@ - described in the next section. - - A *format_spec* field can also include nested replacement fields within it. --These nested replacement fields can contain only a field name; conversion flags --and format specifications are not allowed. The replacement fields within the -+These nested replacement fields may contain a field name, conversion flag -+and format specification, but deeper nesting is -+not allowed. The replacement fields within the - format_spec are substituted before the *format_spec* string is interpreted. - This allows the formatting of a value to be dynamically specified. - -@@ -332,8 +333,10 @@ - - If a valid *align* value is specified, it can be preceded by a *fill* - character that can be any character and defaults to a space if omitted. --Note that it is not possible to use ``{`` and ``}`` as *fill* char while --using the :meth:`str.format` method; this limitation however doesn't -+It is not possible to use a literal curly brace ("``{``" or "``}``") as -+the *fill* character when using the :meth:`str.format` -+method. However, it is possible to insert a curly brace -+with a nested replacement field. This limitation doesn't - affect the :func:`format` function. - - The meaning of the various alignment options is as follows: -@@ -350,7 +353,8 @@ - | ``'='`` | Forces the padding to be placed after the sign (if any) | - | | but before the digits. This is used for printing fields | - | | in the form '+000000120'. This alignment option is only | -- | | valid for numeric types. | -+ | | valid for numeric types. It becomes the default when '0'| -+ | | immediately precedes the field width. | - +---------+----------------------------------------------------------+ - | ``'^'`` | Forces the field to be centered within the available | - | | space. | -@@ -390,7 +394,8 @@ - *width* is a decimal integer defining the minimum field width. If not - specified, then the field width will be determined by the content. - --Preceding the *width* field by a zero (``'0'``) character enables -+When no explicit alignment is given, preceding the *width* field by a zero -+(``'0'``) character enables - sign-aware zero-padding for numeric types. This is equivalent to a *fill* - character of ``'0'`` with an *alignment* type of ``'='``. - -@@ -508,8 +513,8 @@ - Format examples - ^^^^^^^^^^^^^^^ - --This section contains examples of the new format syntax and comparison with --the old ``%``-formatting. -+This section contains examples of the :meth:`str.format` syntax and -+comparison with the old ``%``-formatting. - - In most of the cases the syntax is similar to the old ``%``-formatting, with the - addition of the ``{}`` and with ``:`` used instead of ``%``. -diff -r 6d1b6a68f775 Doc/library/tarfile.rst ---- a/Doc/library/tarfile.rst -+++ b/Doc/library/tarfile.rst -@@ -90,7 +90,7 @@ - specifies the blocksize and defaults to ``20 * 512`` bytes. Use this variant - in combination with e.g. ``sys.stdin``, a socket file object or a tape - device. However, such a :class:`TarFile` object is limited in that it does -- not allow to be accessed randomly, see :ref:`tar-examples`. The currently -+ not allow random access, see :ref:`tar-examples`. The currently - possible modes: - - +-------------+--------------------------------------------+ -@@ -438,20 +438,29 @@ - - Add the :class:`TarInfo` object *tarinfo* to the archive. If *fileobj* is given, - ``tarinfo.size`` bytes are read from it and added to the archive. You can -- create :class:`TarInfo` objects using :meth:`gettarinfo`. -+ create :class:`TarInfo` objects directly, or by using :meth:`gettarinfo`. - - .. note:: -- - On Windows platforms, *fileobj* should always be opened with mode ``'rb'`` to - avoid irritation about the file size. - - - .. method:: TarFile.gettarinfo(name=None, arcname=None, fileobj=None) - -- Create a :class:`TarInfo` object for either the file *name* or the file object -- *fileobj* (using :func:`os.fstat` on its file descriptor). You can modify some -- of the :class:`TarInfo`'s attributes before you add it using :meth:`addfile`. -- If given, *arcname* specifies an alternative name for the file in the archive. -+ Create a :class:`TarInfo` object from the result of :func:`os.stat` or -+ equivalent on an existing file. The file is either named by *name*, or -+ specified as a file object *fileobj* with a file descriptor. If -+ given, *arcname* specifies an alternative name for the file in the -+ archive, otherwise, the name is taken from *fileobj*’s -+ :attr:`~file.name` attribute, or the *name* argument. -+ -+ You can modify some -+ of the :class:`TarInfo`’s attributes before you add it using :meth:`addfile`. -+ If the file object is not an ordinary file object positioned at the -+ beginning of the file, attributes such as :attr:`~TarInfo.size` may need -+ modifying. This is the case for objects such as :class:`~gzip.GzipFile`. -+ The :attr:`~TarInfo.name` may also be modified, in which case *arcname* -+ could be a dummy string. - - - .. method:: TarFile.close() -diff -r 6d1b6a68f775 Doc/library/tempfile.rst ---- a/Doc/library/tempfile.rst -+++ b/Doc/library/tempfile.rst -@@ -64,7 +64,8 @@ - This function operates exactly as :func:`TemporaryFile` does, except that - the file is guaranteed to have a visible name in the file system (on - Unix, the directory entry is not unlinked). That name can be retrieved -- from the :attr:`name` attribute of the file object. Whether the name can be -+ from the :attr:`name` attribute of the returned -+ file-like object. Whether the name can be - used to open the file a second time, while the named temporary file is - still open, varies across platforms (it can be so used on Unix; it cannot - on Windows NT or later). If *delete* is true (the default), the file is -diff -r 6d1b6a68f775 Doc/library/test.rst ---- a/Doc/library/test.rst -+++ b/Doc/library/test.rst -@@ -418,7 +418,7 @@ - Module and package deprecation messages are suppressed during this import - if *deprecated* is :const:`True`. - -- This function will raise :exc:`unittest.SkipTest` is the named module -+ This function will raise :exc:`unittest.SkipTest` if the named module - cannot be imported. - - Example use:: -diff -r 6d1b6a68f775 Doc/library/time.rst ---- a/Doc/library/time.rst -+++ b/Doc/library/time.rst -@@ -427,9 +427,12 @@ - - Note that unlike the C structure, the month value is a range of [1, 12], not - [0, 11]. A year value will be handled as described under :ref:`Year 2000 -- (Y2K) issues ` above. A ``-1`` argument as the daylight -- savings flag, passed to :func:`mktime` will usually result in the correct -- daylight savings state to be filled in. -+ (Y2K) issues ` above. -+ -+ In calls to :func:`mktime`, :attr:`tm_isdst` may be set to 1 when daylight -+ savings time is in effect, and 0 when it is not. A value of -1 indicates -+ that this is not known, and will usually result in the correct state being -+ filled in. - - When a tuple with an incorrect length is passed to a function expecting a - :class:`struct_time`, or having elements of the wrong type, a -diff -r 6d1b6a68f775 Doc/library/tokenize.rst ---- a/Doc/library/tokenize.rst -+++ b/Doc/library/tokenize.rst -@@ -28,7 +28,7 @@ - - The :func:`generate_tokens` generator requires one argument, *readline*, - which must be a callable object which provides the same interface as the -- :meth:`readline` method of built-in file objects (see section -+ :meth:`~file.readline` method of built-in file objects (see section - :ref:`bltin-file-objects`). Each call to the function should return one line - of input as a string. Alternately, *readline* may be a callable object that - signals completion by raising :exc:`StopIteration`. -@@ -47,11 +47,11 @@ - - .. function:: tokenize(readline[, tokeneater]) - -- The :func:`tokenize` function accepts two parameters: one representing the input -- stream, and one providing an output mechanism for :func:`tokenize`. -+ The :func:`.tokenize` function accepts two parameters: one representing the input -+ stream, and one providing an output mechanism for :func:`.tokenize`. - - The first parameter, *readline*, must be a callable object which provides the -- same interface as the :meth:`readline` method of built-in file objects (see -+ same interface as the :meth:`~file.readline` method of built-in file objects (see - section :ref:`bltin-file-objects`). Each call to the function should return one - line of input as a string. Alternately, *readline* may be a callable object that - signals completion by raising :exc:`StopIteration`. -@@ -65,7 +65,7 @@ - - All constants from the :mod:`token` module are also exported from - :mod:`tokenize`, as are two additional token type values that might be passed to --the *tokeneater* function by :func:`tokenize`: -+the *tokeneater* function by :func:`.tokenize`: - - - .. data:: COMMENT -diff -r 6d1b6a68f775 Doc/library/traceback.rst ---- a/Doc/library/traceback.rst -+++ b/Doc/library/traceback.rst -@@ -14,29 +14,30 @@ - .. index:: object: traceback - - The module uses traceback objects --- this is the object type that is stored in --the variables :data:`sys.exc_traceback` (deprecated) and :data:`sys.last_traceback` and --returned as the third item from :func:`sys.exc_info`. -+the variables :data:`sys.exc_traceback` (deprecated) and -+:data:`sys.last_traceback` and returned as the third item from -+:func:`sys.exc_info`. - - The module defines the following functions: - - --.. function:: print_tb(traceback[, limit[, file]]) -+.. function:: print_tb(tb[, limit[, file]]) - -- Print up to *limit* stack trace entries from *traceback*. If *limit* is omitted -- or ``None``, all entries are printed. If *file* is omitted or ``None``, the -- output goes to ``sys.stderr``; otherwise it should be an open file or file-like -- object to receive the output. -+ Print up to *limit* stack trace entries from the traceback object *tb*. If -+ *limit* is omitted or ``None``, all entries are printed. If *file* is omitted -+ or ``None``, the output goes to ``sys.stderr``; otherwise it should be an -+ open file or file-like object to receive the output. - - --.. function:: print_exception(type, value, traceback[, limit[, file]]) -+.. function:: print_exception(etype, value, tb[, limit[, file]]) - -- Print exception information and up to *limit* stack trace entries from -- *traceback* to *file*. This differs from :func:`print_tb` in the following ways: -- (1) if *traceback* is not ``None``, it prints a header ``Traceback (most recent -- call last):``; (2) it prints the exception *type* and *value* after the stack -- trace; (3) if *type* is :exc:`SyntaxError` and *value* has the appropriate -- format, it prints the line where the syntax error occurred with a caret -- indicating the approximate position of the error. -+ Print exception information and up to *limit* stack trace entries from the -+ traceback *tb* to *file*. This differs from :func:`print_tb` in the following -+ ways: (1) if *tb* is not ``None``, it prints a header ``Traceback (most -+ recent call last):``; (2) it prints the exception *etype* and *value* after -+ the stack trace; (3) if *etype* is :exc:`SyntaxError` and *value* has the -+ appropriate format, it prints the line where the syntax error occurred with a -+ caret indicating the approximate position of the error. - - - .. function:: print_exc([limit[, file]]) -@@ -49,8 +50,8 @@ - - .. function:: format_exc([limit]) - -- This is like ``print_exc(limit)`` but returns a string instead of printing to a -- file. -+ This is like ``print_exc(limit)`` but returns a string instead of printing to -+ a file. - - .. versionadded:: 2.4 - -@@ -64,21 +65,21 @@ - - .. function:: print_stack([f[, limit[, file]]]) - -- This function prints a stack trace from its invocation point. The optional *f* -- argument can be used to specify an alternate stack frame to start. The optional -- *limit* and *file* arguments have the same meaning as for -+ This function prints a stack trace from its invocation point. The optional -+ *f* argument can be used to specify an alternate stack frame to start. The -+ optional limit* and *file* arguments have the same meaning as for - :func:`print_exception`. - - --.. function:: extract_tb(traceback[, limit]) -+.. function:: extract_tb(tb[, limit]) - - Return a list of up to *limit* "pre-processed" stack trace entries extracted -- from the traceback object *traceback*. It is useful for alternate formatting of -- stack traces. If *limit* is omitted or ``None``, all entries are extracted. A -- "pre-processed" stack trace entry is a 4-tuple (*filename*, *line number*, -- *function name*, *text*) representing the information that is usually printed -- for a stack trace. The *text* is a string with leading and trailing whitespace -- stripped; if the source is not available it is ``None``. -+ from the traceback object *tb*. It is useful for alternate formatting of -+ stack traces. If *limit* is omitted or ``None``, all entries are extracted. -+ A "pre-processed" stack trace entry is a 4-tuple (*filename*, *line number*, -+ function name*, *text*) representing the information that is usually printed -+ for a stack trace. The *text* is a string with leading and trailing -+ whitespace stripped; if the source is not available it is ``None``. - - - .. function:: extract_stack([f[, limit]]) -@@ -88,33 +89,35 @@ - arguments have the same meaning as for :func:`print_stack`. - - --.. function:: format_list(list) -+.. function:: format_list(extracted_list) - - Given a list of tuples as returned by :func:`extract_tb` or -- :func:`extract_stack`, return a list of strings ready for printing. Each string -- in the resulting list corresponds to the item with the same index in the -- argument list. Each string ends in a newline; the strings may contain internal -- newlines as well, for those items whose source text line is not ``None``. -+ :func:`extract_stack`, return a list of strings ready for printing. Each -+ string in the resulting list corresponds to the item with the same index in -+ the argument list. Each string ends in a newline; the strings may contain -+ internal newlines as well, for those items whose source text line is not -+ ``None``. - - --.. function:: format_exception_only(type, value) -+.. function:: format_exception_only(etype, value) - -- Format the exception part of a traceback. The arguments are the exception type -- and value such as given by ``sys.last_type`` and ``sys.last_value``. The return -- value is a list of strings, each ending in a newline. Normally, the list -- contains a single string; however, for :exc:`SyntaxError` exceptions, it -- contains several lines that (when printed) display detailed information about -- where the syntax error occurred. The message indicating which exception -- occurred is the always last string in the list. -+ Format the exception part of a traceback. The arguments are the exception -+ type, *etype* and *value* such as given by ``sys.last_type`` and -+ ``sys.last_value``. The return value is a list of strings, each ending in a -+ newline. Normally, the list contains a single string; however, for -+ :exc:`SyntaxError` exceptions, it contains several lines that (when printed) -+ display detailed information about where the syntax error occurred. The -+ message indicating which exception occurred is the always last string in the -+ list. - - --.. function:: format_exception(type, value, tb[, limit]) -+.. function:: format_exception(etype, value, tb[, limit]) - - Format a stack trace and the exception information. The arguments have the - same meaning as the corresponding arguments to :func:`print_exception`. The -- return value is a list of strings, each ending in a newline and some containing -- internal newlines. When these lines are concatenated and printed, exactly the -- same text is printed as does :func:`print_exception`. -+ return value is a list of strings, each ending in a newline and some -+ containing internal newlines. When these lines are concatenated and printed, -+ exactly the same text is printed as does :func:`print_exception`. - - - .. function:: format_tb(tb[, limit]) -@@ -129,10 +132,10 @@ - - .. function:: tb_lineno(tb) - -- This function returns the current line number set in the traceback object. This -- function was necessary because in versions of Python prior to 2.3 when the -- :option:`-O` flag was passed to Python the ``tb.tb_lineno`` was not updated -- correctly. This function has no use in versions past 2.3. -+ This function returns the current line number set in the traceback object. -+ This function was necessary because in versions of Python prior to 2.3 when -+ the :option:`-O` flag was passed to Python the ``tb.tb_lineno`` was not -+ updated correctly. This function has no use in versions past 2.3. - - - .. _traceback-example: -diff -r 6d1b6a68f775 Doc/library/ttk.rst ---- a/Doc/library/ttk.rst -+++ b/Doc/library/ttk.rst -@@ -293,7 +293,7 @@ - :meth:`Widget.configure`, :meth:`Widget.identify`, :meth:`Widget.instate` - and :meth:`Widget.state`) and those inherited from :class:`Entry` - (:meth:`Entry.bbox`, :meth:`Entry.delete`, :meth:`Entry.icursor`, --:meth:`Entry.index`, :meth:`Entry.inset`, :meth:`Entry.selection`, -+:meth:`Entry.index`, :meth:`Entry.insert`, :meth:`Entry.selection`, - :meth:`Entry.xview`), this class has some other methods, described at - :class:`ttk.Combobox`. - -diff -r 6d1b6a68f775 Doc/library/unittest.rst ---- a/Doc/library/unittest.rst -+++ b/Doc/library/unittest.rst -@@ -147,7 +147,7 @@ - - The :meth:`~TestCase.setUp` and :meth:`~TestCase.tearDown` methods allow you - to define instructions that will be executed before and after each test method. --They are covered in more details in the section :ref:`organizing-tests`. -+They are covered in more detail in the section :ref:`organizing-tests`. - - The final block shows a simple way to run the tests. :func:`unittest.main` - provides a command-line interface to the test script. When run from the command -@@ -720,10 +720,12 @@ - Method called immediately after the test method has been called and the - result recorded. This is called even if the test method raised an - exception, so the implementation in subclasses may need to be particularly -- careful about checking internal state. Any exception, other than :exc:`AssertionError` -- or :exc:`SkipTest`, raised by this method will be considered an error rather than a -- test failure. This method will only be called if the :meth:`setUp` succeeds, -- regardless of the outcome of the test method. The default implementation does nothing. -+ careful about checking internal state. Any exception, other than -+ :exc:`AssertionError` or :exc:`SkipTest`, raised by this method will be -+ considered an additional error rather than a test failure (thus increasing -+ the total number of reported errors). This method will only be called if -+ the :meth:`setUp` succeeds, regardless of the outcome of the test method. -+ The default implementation does nothing. - - - .. method:: setUpClass() -@@ -783,8 +785,9 @@ - - .. _assert-methods: - -- The :class:`TestCase` class provides a number of methods to check for and -- report failures, such as: -+ The :class:`TestCase` class provides several assert methods to check for and -+ report failures. The following table lists the most commonly used methods -+ (see the tables below for more assert methods): - - +-----------------------------------------+-----------------------------+---------------+ - | Method | Checks that | New in | -@@ -1763,9 +1766,10 @@ - instead of repeatedly creating new instances. - - --.. class:: TextTestRunner(stream=sys.stderr, descriptions=True, verbosity=1) -- -- A basic test runner implementation which prints results on standard error. It -+.. class:: TextTestRunner(stream=sys.stderr, descriptions=True, verbosity=1, \ -+ failfast=False, buffer=False, resultclass=None) -+ -+ A basic test runner implementation which prints results on standard error. It - has a few configurable parameters, but is essentially very simple. Graphical - applications which run test suites should provide alternate implementations. - -diff -r 6d1b6a68f775 Doc/library/webbrowser.rst ---- a/Doc/library/webbrowser.rst -+++ b/Doc/library/webbrowser.rst -@@ -144,6 +144,14 @@ - +-----------------------+-----------------------------------------+-------+ - | ``'safari'`` | :class:`MacOSX('safari')` | \(3) | - +-----------------------+-----------------------------------------+-------+ -+| ``'google-chrome'`` | :class:`Chrome('google-chrome')` | \(4) | -++-----------------------+-----------------------------------------+-------+ -+| ``'chrome'`` | :class:`Chrome('chrome')` | \(4) | -++-----------------------+-----------------------------------------+-------+ -+| ``'chromium'`` | :class:`Chromium('chromium')` | \(4) | -++-----------------------+-----------------------------------------+-------+ -+| ``'chromium-browser'``| :class:`Chromium('chromium-browser')` | \(4) | -++-----------------------+-----------------------------------------+-------+ - - Notes: - -@@ -160,6 +168,9 @@ - (3) - Only on Mac OS X platform. - -+(4) -+ Support for Chrome/Chromium has been added in version 2.7.5. -+ - Here are some simple examples:: - - url = 'http://www.python.org/' -diff -r 6d1b6a68f775 Doc/library/xmlrpclib.rst ---- a/Doc/library/xmlrpclib.rst -+++ b/Doc/library/xmlrpclib.rst -@@ -564,7 +564,7 @@ - except Error as v: - print "ERROR", v - --To access an XML-RPC server through a proxy, you need to define a custom -+To access an XML-RPC server through a HTTP proxy, you need to define a custom - transport. The following example shows how: - - .. Example taken from http://lowlife.jp/nobonobo/wiki/xmlrpcwithproxy.html -@@ -578,7 +578,7 @@ - self.proxy = proxy - def make_connection(self, host): - self.realhost = host -- h = httplib.HTTP(self.proxy) -+ h = httplib.HTTPConnection(self.proxy) - return h - def send_request(self, connection, handler, request_body): - connection.putrequest("POST", 'http://%s%s' % (self.realhost, handler)) -@@ -587,7 +587,7 @@ - - p = ProxiedTransport() - p.set_proxy('proxy-server:8080') -- server = xmlrpclib.Server('http://time.xmlrpc.com/RPC2', transport=p) -+ server = xmlrpclib.ServerProxy('http://time.xmlrpc.com/RPC2', transport=p) - print server.currentTime.getCurrentTime() - - -diff -r 6d1b6a68f775 Doc/library/zlib.rst ---- a/Doc/library/zlib.rst -+++ b/Doc/library/zlib.rst -@@ -71,10 +71,12 @@ - .. function:: compressobj([level[, method[, wbits[, memlevel[, strategy]]]]]) - - Returns a compression object, to be used for compressing data streams that won't -- fit into memory at once. *level* is an integer from ``0`` to ``9`` controlling -+ fit into memory at once. *level* is an integer from -+ ``0`` to ``9`` or ``-1``, controlling - the level of compression; ``1`` is fastest and produces the least compression, - ``9`` is slowest and produces the most. ``0`` is no compression. The default -- value is ``6``. -+ value is ``-1`` (Z_DEFAULT_COMPRESSION). Z_DEFAULT_COMPRESSION represents a default -+ compromise between speed and compression (currently equivalent to level 6). - - *method* is the compression algorithm. Currently, the only supported value is - ``DEFLATED``. -diff -r 6d1b6a68f775 Doc/license.rst ---- a/Doc/license.rst -+++ b/Doc/license.rst -@@ -73,181 +73,189 @@ - ============================================================ - - --.. centered:: PSF LICENSE AGREEMENT FOR PYTHON |release| -+PSF LICENSE AGREEMENT FOR PYTHON |release| -+------------------------------------------ - --#. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and -- the Individual or Organization ("Licensee") accessing and otherwise using Python -- |release| software in source or binary form and its associated documentation. -+.. parsed-literal:: - --#. Subject to the terms and conditions of this License Agreement, PSF hereby -- grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, -- analyze, test, perform and/or display publicly, prepare derivative works, -- distribute, and otherwise use Python |release| alone or in any derivative -- version, provided, however, that PSF's License Agreement and PSF's notice of -- copyright, i.e., "Copyright © 2001-2015 Python Software Foundation; All Rights -- Reserved" are retained in Python |release| alone or in any derivative version -- prepared by Licensee. -+ 1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and -+ the Individual or Organization ("Licensee") accessing and otherwise using Python -+ |release| software in source or binary form and its associated documentation. - --#. In the event Licensee prepares a derivative work that is based on or -- incorporates Python |release| or any part thereof, and wants to make the -- derivative work available to others as provided herein, then Licensee hereby -- agrees to include in any such work a brief summary of the changes made to Python -- |release|. -+ 2. Subject to the terms and conditions of this License Agreement, PSF hereby -+ grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, -+ analyze, test, perform and/or display publicly, prepare derivative works, -+ distribute, and otherwise use Python |release| alone or in any derivative -+ version, provided, however, that PSF's License Agreement and PSF's notice of -+ copyright, i.e., "Copyright © 2001-2016 Python Software Foundation; All Rights -+ Reserved" are retained in Python |release| alone or in any derivative version -+ prepared by Licensee. - --#. PSF is making Python |release| available to Licensee on an "AS IS" basis. -- PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF -- EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR -- WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE -- USE OF PYTHON |release| WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. -+ 3. In the event Licensee prepares a derivative work that is based on or -+ incorporates Python |release| or any part thereof, and wants to make the -+ derivative work available to others as provided herein, then Licensee hereby -+ agrees to include in any such work a brief summary of the changes made to Python -+ |release|. - --#. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON |release| -- FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF -- MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON |release|, OR ANY DERIVATIVE -- THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. -+ 4. PSF is making Python |release| available to Licensee on an "AS IS" basis. -+ PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF -+ EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND DISCLAIMS ANY REPRESENTATION OR -+ WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE -+ USE OF PYTHON |release| WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. - --#. This License Agreement will automatically terminate upon a material breach of -- its terms and conditions. -+ 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON |release| -+ FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF -+ MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON |release|, OR ANY DERIVATIVE -+ THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. - --#. Nothing in this License Agreement shall be deemed to create any relationship -- of agency, partnership, or joint venture between PSF and Licensee. This License -- Agreement does not grant permission to use PSF trademarks or trade name in a -- trademark sense to endorse or promote products or services of Licensee, or any -- third party. -+ 6. This License Agreement will automatically terminate upon a material breach of -+ its terms and conditions. - --#. By copying, installing or otherwise using Python |release|, Licensee agrees -- to be bound by the terms and conditions of this License Agreement. -+ 7. Nothing in this License Agreement shall be deemed to create any relationship -+ of agency, partnership, or joint venture between PSF and Licensee. This License -+ Agreement does not grant permission to use PSF trademarks or trade name in a -+ trademark sense to endorse or promote products or services of Licensee, or any -+ third party. - -+ 8. By copying, installing or otherwise using Python |release|, Licensee agrees -+ to be bound by the terms and conditions of this License Agreement. - --.. centered:: BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0 - -+BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0 -+------------------------------------------- - --.. centered:: BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1 -+BEOPEN PYTHON OPEN SOURCE LICENSE AGREEMENT VERSION 1 - --#. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an office at -- 160 Saratoga Avenue, Santa Clara, CA 95051, and the Individual or Organization -- ("Licensee") accessing and otherwise using this software in source or binary -- form and its associated documentation ("the Software"). -+.. parsed-literal:: - --#. Subject to the terms and conditions of this BeOpen Python License Agreement, -- BeOpen hereby grants Licensee a non-exclusive, royalty-free, world-wide license -- to reproduce, analyze, test, perform and/or display publicly, prepare derivative -- works, distribute, and otherwise use the Software alone or in any derivative -- version, provided, however, that the BeOpen Python License is retained in the -- Software, alone or in any derivative version prepared by Licensee. -+ 1. This LICENSE AGREEMENT is between BeOpen.com ("BeOpen"), having an office at -+ 160 Saratoga Avenue, Santa Clara, CA 95051, and the Individual or Organization -+ ("Licensee") accessing and otherwise using this software in source or binary -+ form and its associated documentation ("the Software"). - --#. BeOpen is making the Software available to Licensee on an "AS IS" basis. -- BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF -- EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND DISCLAIMS ANY REPRESENTATION OR -- WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE -- USE OF THE SOFTWARE WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. -+ 2. Subject to the terms and conditions of this BeOpen Python License Agreement, -+ BeOpen hereby grants Licensee a non-exclusive, royalty-free, world-wide license -+ to reproduce, analyze, test, perform and/or display publicly, prepare derivative -+ works, distribute, and otherwise use the Software alone or in any derivative -+ version, provided, however, that the BeOpen Python License is retained in the -+ Software, alone or in any derivative version prepared by Licensee. - --#. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR -- ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, -- MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY DERIVATIVE THEREOF, EVEN IF -- ADVISED OF THE POSSIBILITY THEREOF. -+ 3. BeOpen is making the Software available to Licensee on an "AS IS" basis. -+ BEOPEN MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF -+ EXAMPLE, BUT NOT LIMITATION, BEOPEN MAKES NO AND DISCLAIMS ANY REPRESENTATION OR -+ WARRANTY OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE -+ USE OF THE SOFTWARE WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. - --#. This License Agreement will automatically terminate upon a material breach of -- its terms and conditions. -+ 4. BEOPEN SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF THE SOFTWARE FOR -+ ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF USING, -+ MODIFYING OR DISTRIBUTING THE SOFTWARE, OR ANY DERIVATIVE THEREOF, EVEN IF -+ ADVISED OF THE POSSIBILITY THEREOF. - --#. This License Agreement shall be governed by and interpreted in all respects -- by the law of the State of California, excluding conflict of law provisions. -- Nothing in this License Agreement shall be deemed to create any relationship of -- agency, partnership, or joint venture between BeOpen and Licensee. This License -- Agreement does not grant permission to use BeOpen trademarks or trade names in a -- trademark sense to endorse or promote products or services of Licensee, or any -- third party. As an exception, the "BeOpen Python" logos available at -- http://www.pythonlabs.com/logos.html may be used according to the permissions -- granted on that web page. -+ 5. This License Agreement will automatically terminate upon a material breach of -+ its terms and conditions. - --#. By copying, installing or otherwise using the software, Licensee agrees to be -- bound by the terms and conditions of this License Agreement. -+ 6. This License Agreement shall be governed by and interpreted in all respects -+ by the law of the State of California, excluding conflict of law provisions. -+ Nothing in this License Agreement shall be deemed to create any relationship of -+ agency, partnership, or joint venture between BeOpen and Licensee. This License -+ Agreement does not grant permission to use BeOpen trademarks or trade names in a -+ trademark sense to endorse or promote products or services of Licensee, or any -+ third party. As an exception, the "BeOpen Python" logos available at -+ http://www.pythonlabs.com/logos.html may be used according to the permissions -+ granted on that web page. - -+ 7. By copying, installing or otherwise using the software, Licensee agrees to be -+ bound by the terms and conditions of this License Agreement. - --.. centered:: CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1 - --#. This LICENSE AGREEMENT is between the Corporation for National Research -- Initiatives, having an office at 1895 Preston White Drive, Reston, VA 20191 -- ("CNRI"), and the Individual or Organization ("Licensee") accessing and -- otherwise using Python 1.6.1 software in source or binary form and its -- associated documentation. -+CNRI LICENSE AGREEMENT FOR PYTHON 1.6.1 -+--------------------------------------- - --#. Subject to the terms and conditions of this License Agreement, CNRI hereby -- grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, -- analyze, test, perform and/or display publicly, prepare derivative works, -- distribute, and otherwise use Python 1.6.1 alone or in any derivative version, -- provided, however, that CNRI's License Agreement and CNRI's notice of copyright, -- i.e., "Copyright © 1995-2001 Corporation for National Research Initiatives; All -- Rights Reserved" are retained in Python 1.6.1 alone or in any derivative version -- prepared by Licensee. Alternately, in lieu of CNRI's License Agreement, -- Licensee may substitute the following text (omitting the quotes): "Python 1.6.1 -- is made available subject to the terms and conditions in CNRI's License -- Agreement. This Agreement together with Python 1.6.1 may be located on the -- Internet using the following unique, persistent identifier (known as a handle): -- 1895.22/1013. This Agreement may also be obtained from a proxy server on the -- Internet using the following URL: http://hdl.handle.net/1895.22/1013." -+.. parsed-literal:: - --#. In the event Licensee prepares a derivative work that is based on or -- incorporates Python 1.6.1 or any part thereof, and wants to make the derivative -- work available to others as provided herein, then Licensee hereby agrees to -- include in any such work a brief summary of the changes made to Python 1.6.1. -+ 1. This LICENSE AGREEMENT is between the Corporation for National Research -+ Initiatives, having an office at 1895 Preston White Drive, Reston, VA 20191 -+ ("CNRI"), and the Individual or Organization ("Licensee") accessing and -+ otherwise using Python 1.6.1 software in source or binary form and its -+ associated documentation. - --#. CNRI is making Python 1.6.1 available to Licensee on an "AS IS" basis. CNRI -- MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, -- BUT NOT LIMITATION, CNRI MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY -- OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF -- PYTHON 1.6.1 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. -+ 2. Subject to the terms and conditions of this License Agreement, CNRI hereby -+ grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, -+ analyze, test, perform and/or display publicly, prepare derivative works, -+ distribute, and otherwise use Python 1.6.1 alone or in any derivative version, -+ provided, however, that CNRI's License Agreement and CNRI's notice of copyright, -+ i.e., "Copyright © 1995-2001 Corporation for National Research Initiatives; All -+ Rights Reserved" are retained in Python 1.6.1 alone or in any derivative version -+ prepared by Licensee. Alternately, in lieu of CNRI's License Agreement, -+ Licensee may substitute the following text (omitting the quotes): "Python 1.6.1 -+ is made available subject to the terms and conditions in CNRI's License -+ Agreement. This Agreement together with Python 1.6.1 may be located on the -+ Internet using the following unique, persistent identifier (known as a handle): -+ 1895.22/1013. This Agreement may also be obtained from a proxy server on the -+ Internet using the following URL: http://hdl.handle.net/1895.22/1013." - --#. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 1.6.1 FOR -- ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF -- MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 1.6.1, OR ANY DERIVATIVE -- THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. -+ 3. In the event Licensee prepares a derivative work that is based on or -+ incorporates Python 1.6.1 or any part thereof, and wants to make the derivative -+ work available to others as provided herein, then Licensee hereby agrees to -+ include in any such work a brief summary of the changes made to Python 1.6.1. - --#. This License Agreement will automatically terminate upon a material breach of -- its terms and conditions. -+ 4. CNRI is making Python 1.6.1 available to Licensee on an "AS IS" basis. CNRI -+ MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, -+ BUT NOT LIMITATION, CNRI MAKES NO AND DISCLAIMS ANY REPRESENTATION OR WARRANTY -+ OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF -+ PYTHON 1.6.1 WILL NOT INFRINGE ANY THIRD PARTY RIGHTS. - --#. This License Agreement shall be governed by the federal intellectual property -- law of the United States, including without limitation the federal copyright -- law, and, to the extent such U.S. federal law does not apply, by the law of the -- Commonwealth of Virginia, excluding Virginia's conflict of law provisions. -- Notwithstanding the foregoing, with regard to derivative works based on Python -- 1.6.1 that incorporate non-separable material that was previously distributed -- under the GNU General Public License (GPL), the law of the Commonwealth of -- Virginia shall govern this License Agreement only as to issues arising under or -- with respect to Paragraphs 4, 5, and 7 of this License Agreement. Nothing in -- this License Agreement shall be deemed to create any relationship of agency, -- partnership, or joint venture between CNRI and Licensee. This License Agreement -- does not grant permission to use CNRI trademarks or trade name in a trademark -- sense to endorse or promote products or services of Licensee, or any third -- party. -+ 5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 1.6.1 FOR -+ ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS A RESULT OF -+ MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON 1.6.1, OR ANY DERIVATIVE -+ THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. - --#. By clicking on the "ACCEPT" button where indicated, or by copying, installing -- or otherwise using Python 1.6.1, Licensee agrees to be bound by the terms and -- conditions of this License Agreement. -+ 6. This License Agreement will automatically terminate upon a material breach of -+ its terms and conditions. - -+ 7. This License Agreement shall be governed by the federal intellectual property -+ law of the United States, including without limitation the federal copyright -+ law, and, to the extent such U.S. federal law does not apply, by the law of the -+ Commonwealth of Virginia, excluding Virginia's conflict of law provisions. -+ Notwithstanding the foregoing, with regard to derivative works based on Python -+ 1.6.1 that incorporate non-separable material that was previously distributed -+ under the GNU General Public License (GPL), the law of the Commonwealth of -+ Virginia shall govern this License Agreement only as to issues arising under or -+ with respect to Paragraphs 4, 5, and 7 of this License Agreement. Nothing in -+ this License Agreement shall be deemed to create any relationship of agency, -+ partnership, or joint venture between CNRI and Licensee. This License Agreement -+ does not grant permission to use CNRI trademarks or trade name in a trademark -+ sense to endorse or promote products or services of Licensee, or any third -+ party. - --.. centered:: ACCEPT -+ 8. By clicking on the "ACCEPT" button where indicated, or by copying, installing -+ or otherwise using Python 1.6.1, Licensee agrees to be bound by the terms and -+ conditions of this License Agreement. - - --.. centered:: CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2 -+CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2 -+-------------------------------------------------- - --Copyright © 1991 - 1995, Stichting Mathematisch Centrum Amsterdam, The --Netherlands. All rights reserved. -+.. parsed-literal:: - --Permission to use, copy, modify, and distribute this software and its --documentation for any purpose and without fee is hereby granted, provided that --the above copyright notice appear in all copies and that both that copyright --notice and this permission notice appear in supporting documentation, and that --the name of Stichting Mathematisch Centrum or CWI not be used in advertising or --publicity pertaining to distribution of the software without specific, written --prior permission. -+ Copyright © 1991 - 1995, Stichting Mathematisch Centrum Amsterdam, The -+ Netherlands. All rights reserved. - --STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS --SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO --EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE FOR ANY SPECIAL, INDIRECT --OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, --DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS --ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS --SOFTWARE. -+ Permission to use, copy, modify, and distribute this software and its -+ documentation for any purpose and without fee is hereby granted, provided that -+ the above copyright notice appear in all copies and that both that copyright -+ notice and this permission notice appear in supporting documentation, and that -+ the name of Stichting Mathematisch Centrum or CWI not be used in advertising or -+ publicity pertaining to distribution of the software without specific, written -+ prior permission. -+ -+ STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS -+ SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO -+ EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE FOR ANY SPECIAL, INDIRECT -+ OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, -+ DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -+ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -+ SOFTWARE. - - - Licenses and Acknowledgements for Incorporated Software -@@ -329,18 +337,17 @@ - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND -- GAI_ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE -- FOR GAI_ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- HOWEVER CAUSED AND ON GAI_ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN GAI_ANY WAY -+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -- - Floating point exception control - -------------------------------- - -@@ -894,4 +901,3 @@ - - Jean-loup Gailly Mark Adler - jloup@gzip.org madler@alumni.caltech.edu -- -diff -r 6d1b6a68f775 Doc/reference/introduction.rst ---- a/Doc/reference/introduction.rst -+++ b/Doc/reference/introduction.rst -@@ -59,7 +59,7 @@ - This implementation actually uses the CPython implementation, but is a managed - .NET application and makes .NET libraries available. It was created by Brian - Lloyd. For more information, see the `Python for .NET home page -- `_. -+ `_. - - IronPython - An alternate Python for .NET. Unlike Python.NET, this is a complete Python -diff -r 6d1b6a68f775 Doc/tools/extensions/pyspecific.py ---- a/Doc/tools/extensions/pyspecific.py -+++ b/Doc/tools/extensions/pyspecific.py -@@ -131,7 +131,7 @@ - 'assert', 'assignment', 'atom-identifiers', 'atom-literals', - 'attribute-access', 'attribute-references', 'augassign', 'binary', - 'bitwise', 'bltin-code-objects', 'bltin-ellipsis-object', -- 'bltin-null-object', 'bltin-type-objects', 'booleans', -+ 'bltin-file-objects', 'bltin-null-object', 'bltin-type-objects', 'booleans', - 'break', 'callable-types', 'calls', 'class', 'comparisons', 'compound', - 'context-managers', 'continue', 'conversions', 'customization', 'debugger', - 'del', 'dict', 'dynamic-features', 'else', 'exceptions', 'exec', 'execmodel', -diff -r 6d1b6a68f775 Doc/tools/rstlint.py ---- a/Doc/tools/rstlint.py -+++ b/Doc/tools/rstlint.py -@@ -42,7 +42,7 @@ - ] - - all_directives = '(' + '|'.join(directives) + ')' --seems_directive_re = re.compile(r'\.\. %s([^a-z:]|:(?!:))' % all_directives) -+seems_directive_re = re.compile(r'(?>>>'); - button.css(button_styles) - button.attr('title', hide_text); -+ button.data('hidden', 'false'); - jthis.prepend(button); - } - // tracebacks (.gt) contain bare text elements that need to be -@@ -37,20 +38,24 @@ - }); - - // define the behavior of the button when it's clicked -- $('.copybutton').toggle( -- function() { -- var button = $(this); -+ $('.copybutton').click(function(e){ -+ e.preventDefault(); -+ var button = $(this); -+ if (button.data('hidden') === 'false') { -+ // hide the code output - button.parent().find('.go, .gp, .gt').hide(); - button.next('pre').find('.gt').nextUntil('.gp, .go').css('visibility', 'hidden'); - button.css('text-decoration', 'line-through'); - button.attr('title', show_text); -- }, -- function() { -- var button = $(this); -+ button.data('hidden', 'true'); -+ } else { -+ // show the code output - button.parent().find('.go, .gp, .gt').show(); - button.next('pre').find('.gt').nextUntil('.gp, .go').css('visibility', 'visible'); - button.css('text-decoration', 'none'); - button.attr('title', hide_text); -- }); -+ button.data('hidden', 'false'); -+ } -+ }); - }); - -diff -r 6d1b6a68f775 Doc/tools/susp-ignored.csv ---- a/Doc/tools/susp-ignored.csv -+++ b/Doc/tools/susp-ignored.csv -@@ -46,7 +46,7 @@ - howto/pyporting,,::,Programming Language :: Python :: 3 - howto/regex,,::, - howto/regex,,:foo,(?:foo) --howto/urllib2,,:example,"for example ""joe@password:example.com""" -+howto/urllib2,,:password,"for example ""joe:password@example.com""" - library/audioop,,:ipos,"# factor = audioop.findfactor(in_test[ipos*2:ipos*2+len(out_test)]," - library/bisect,,:hi,all(val >= x for val in a[i:hi]) - library/bisect,,:hi,all(val > x for val in a[i:hi]) -diff -r 6d1b6a68f775 Doc/tools/templates/download.html ---- a/Doc/tools/templates/download.html -+++ b/Doc/tools/templates/download.html -@@ -7,55 +7,96 @@ - {% endif %} - - {% block body %} --

Download Python {{ release }} Documentation

-+

{% trans %}Download Python {{ release }} Documentation{% endtrans %}

- --{% if last_updated %}

Last updated on: {{ last_updated }}.

{% endif %} -+{% if last_updated %} -+

{% trans %}Last updated on: {{ last_updated }}.{% endtrans %}

-+{% endif %} - --

To download an archive containing all the documents for this version of --Python in one of various formats, follow one of links in this table. The numbers --in the table are the size of the download files in megabytes.

-+

{% trans %}To download an archive containing all the documents for -+this version of Python in one of various formats, follow one of links -+in this table. The numbers in the table are the size of the download -+files in megabytes.{% endtrans %}

- - -- -- -- -- -+ -+ -+ - -- -- -- -+ -+ -+ - -- -- -- -+ -+ -+ - -- -- -- -+ -+ -+ -+ -+ -+ -+ -+ - -
FormatPacked as .zipPacked as .tar.bz2
PDF (US-Letter paper size)Download (ca. 8 MB)Download (ca. 8 MB)
{% trans %}Format{% endtrans %}{% trans %}Packed as .zip{% endtrans %}{% trans %}Packed as .tar.bz2{% endtrans %}
PDF (A4 paper size)Download (ca. 8 MB)Download (ca. 8 MB)
{% trans %}PDF (US-Letter paper size){% endtrans %} -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 8 MB){% endtrans %} -+ -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 8 MB){% endtrans %} -+
HTMLDownload (ca. 6 MB)Download (ca. 4 MB)
{% trans %}PDF (A4 paper size){% endtrans %} -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 8 MB){% endtrans %} -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 8 MB){% endtrans %}
Plain TextDownload (ca. 2 MB)Download (ca. 1.5 MB)
{% trans %}HTML{% endtrans %} -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 6 MB){% endtrans %} -+ -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 4 MB){% endtrans %} -+
{% trans %}Plain Text{% endtrans %} -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 2 MB){% endtrans %} -+ -+ -+ {% trans %}Download{% endtrans %} -+ {% trans %}(ca. 1.5 MB){% endtrans %} -+
- --

These archives contain all the content in the documentation.

-+

{% trans %}These archives contain all the content in the -+documentation.{% endtrans %}

- --

HTML Help (.chm) files are made available in the "Windows" section --on the Python --download page.

-+

{% trans download_page="https://www.python.org/download/releases/{{ release[:5] }}/" %}HTML Help -+(.chm) files are made available in the "Windows" section -+on the Python download page.{% endtrans %}

- - --

Unpacking

-+

{% trans %}Unpacking{% endtrans %}

- --

Unix users should download the .tar.bz2 archives; these are bzipped tar --archives and can be handled in the usual way using tar and the bzip2 --program. The InfoZIP unzip program can be --used to handle the ZIP archives if desired. The .tar.bz2 archives provide the --best compression and fastest download times.

-+

{% trans %}Unix users should download the .tar.bz2 archives; these -+are bzipped tar archives and can be handled in the usual way using tar -+and the bzip2 program. The InfoZIP unzip -+program can be used to handle the ZIP archives if desired. The -+.tar.bz2 archives provide the best compression and fastest download -+times.{% endtrans %}

- --

Windows users can use the ZIP archives since those are customary on that --platform. These are created on Unix using the InfoZIP zip program.

-+

{% trans %}Windows users can use the ZIP archives since those are -+customary on that platform. These are created on Unix using the -+InfoZIP zip program.{% endtrans %}

- - --

Problems

-+

{% trans %}Problems{% endtrans %}

- --

If you have comments or suggestions for the Python documentation, please send --email to docs@python.org.

-+

{% trans %}If you have comments or suggestions for the Python -+documentation, please send email to -+docs@python.org.{% endtrans %}

- {% endblock %} -diff -r 6d1b6a68f775 Doc/tools/templates/indexcontent.html ---- a/Doc/tools/templates/indexcontent.html -+++ b/Doc/tools/templates/indexcontent.html -@@ -1,59 +1,59 @@ - {% extends "defindex.html" %} - {% block tables %} --

Parts of the documentation:

-+

{% trans %}Parts of the documentation:{% endtrans %}

- - -
--

What's new in Python {{ version }}?
-- or all "What's new" documents since 2.0

--

Tutorial
-- start here

--

Library Reference
-- keep this under your pillow

--

Language Reference
-- describes syntax and language elements

--

Python Setup and Usage
-- how to use Python on different platforms

--

Python HOWTOs
-- in-depth documents on specific topics

-+

{% trans %}What's new in Python {{ version }}?{% endtrans %}
-+ {% trans whatsnew_index=pathto("whatsnew/index") %}or all "What's new" documents since 2.0{% endtrans %}

-+

{% trans %}Tutorial{% endtrans %}
-+ {% trans %}start here{% endtrans %}

-+

{% trans %}Library Reference{% endtrans %}
-+ {% trans %}keep this under your pillow{% endtrans %}

-+

{% trans %}Language Reference{% endtrans %}
-+ {% trans %}describes syntax and language elements{% endtrans %}

-+

{% trans %}Python Setup and Usage{% endtrans %}
-+ {% trans %}how to use Python on different platforms{% endtrans %}

-+

{% trans %}Python HOWTOs{% endtrans %}
-+ {% trans %}in-depth documents on specific topics{% endtrans %}

- 		--

Extending and Embedding
-- tutorial for C/C++ programmers

--

Python/C API
-- reference for C/C++ programmers

--

Installing Python Modules
-- information for installers & sys-admins

--

Distributing Python Modules
-- sharing modules with others

--

FAQs
-- frequently asked questions (with answers!)

-+

{% trans %}Extending and Embedding{% endtrans %}
-+ {% trans %}tutorial for C/C++ programmers{% endtrans %}

-+

{% trans %}Python/C API{% endtrans %}
-+ {% trans %}reference for C/C++ programmers{% endtrans %}

-+

{% trans %}Installing Python Modules{% endtrans %}
-+ {% trans %}information for installers & sys-admins{% endtrans %}

-+

{% trans %}Distributing Python Modules{% endtrans %}
-+ {% trans %}sharing modules with others{% endtrans %}

-+

{% trans %}FAQs{% endtrans %}
-+ {% trans %}frequently asked questions (with answers!){% endtrans %}

-
- --

Indices and tables:

-+

{% trans %}Indices and tables:{% endtrans %}

- - -
--

Global Module Index
-- quick access to all modules

--

General Index
-- all functions, classes, terms

--

Glossary
-- the most important terms explained

-+

{% trans %}Global Module Index{% endtrans %}
-+ {% trans %}quick access to all modules{% endtrans %}

-+

{% trans %}General Index{% endtrans %}
-+ {% trans %}all functions, classes, terms{% endtrans %}

-+

{% trans %}Glossary{% endtrans %}
-+ {% trans %}the most important terms explained{% endtrans %}

- 		--

Search page
-- search this documentation

--

Complete Table of Contents
-- lists all sections and subsections

-+

{% trans %}Search page{% endtrans %}
-+ {% trans %}search this documentation{% endtrans %}

-+

{% trans %}Complete Table of Contents{% endtrans %}
-+ {% trans %}lists all sections and subsections{% endtrans %}

-
- --

Meta information:

-+

{% trans %}Meta information:{% endtrans %}

- - -
--

Reporting bugs

--

About the documentation

-+

{% trans %}Reporting bugs{% endtrans %}

-+

{% trans %}About the documentation{% endtrans %}

- 		--

History and License of Python

--

Copyright

-+

{% trans %}History and License of Python{% endtrans %}

-+

{% trans %}Copyright{% endtrans %}

-
- {% endblock %} -diff -r 6d1b6a68f775 Doc/tools/templates/indexsidebar.html ---- a/Doc/tools/templates/indexsidebar.html -+++ b/Doc/tools/templates/indexsidebar.html -@@ -1,17 +1,17 @@ --

Download

--

Download these documents

--

Docs for other versions

-+

{% trans %}Download{% endtrans %}

-+

{% trans %}Download these documents{% endtrans %}

-+

{% trans %}Docs for other versions{% endtrans %}

- - --

Other resources

-+

{% trans %}Other resources{% endtrans %}

- -diff -r 6d1b6a68f775 Doc/tools/templates/layout.html ---- a/Doc/tools/templates/layout.html -+++ b/Doc/tools/templates/layout.html -@@ -6,7 +6,7 @@ -
  • - {%- if versionswitcher is defined %} - {{ release }} -- Documentation{{ reldelim1 }} -+ {% trans %}Documentation{% endtrans %}{{ reldelim1 }} - {%- else %} - {{ shorttitle }}{{ reldelim1 }} - {%- endif %} -@@ -28,24 +28,24 @@ - {% endblock %} - {% block footer %} -
    -- © Copyright {{ copyright|e }}. -+ © {% trans %}Copyright{% endtrans %} {{ copyright|e }}. -
    -- The Python Software Foundation is a non-profit corporation. -- Please donate. -+ {% trans %}The Python Software Foundation is a non-profit corporation.{% endtrans %} -+ {% trans %}Please donate.{% endtrans %} -
    -- Last updated on {{ last_updated|e }}. -- Found a bug? -+ {% trans last_update=last_updated|e %}Last updated on {{ last_update }}.{% endtrans %} -+ {% trans pathto_bugs=pathto('bugs') %}Found a bug?{% endtrans %} -
    -- Created using Sphinx {{ sphinx_version|e }}. -+ {% trans sphinx_version=sphinx_version|e %}Created using Sphinx {{ sphinx_version }}.{% endtrans %} -
    - {% endblock %} - {% block sidebarsourcelink %} - {%- if show_source and has_source and sourcename %} -

    {{ _('This Page') }}

    - - {%- endif %} - {% endblock %} -diff -r 6d1b6a68f775 Doc/tutorial/introduction.rst ---- a/Doc/tutorial/introduction.rst -+++ b/Doc/tutorial/introduction.rst -@@ -357,9 +357,8 @@ - Both strings and Unicode strings support a large number of methods for - basic transformations and searching. - -- :ref:`new-string-formatting` -- Information about string formatting with :meth:`str.format` is described -- here. -+ :ref:`formatstrings` -+ Information about string formatting with :meth:`str.format`. - - :ref:`string-formatting` - The old formatting operations invoked when strings and Unicode strings are -diff -r 6d1b6a68f775 Doc/using/cmdline.rst ---- a/Doc/using/cmdline.rst -+++ b/Doc/using/cmdline.rst -@@ -613,6 +613,17 @@ - times. - - -+.. envvar:: PYTHONHTTPSVERIFY -+ -+ If this environment variable is set specifically to ``0``, then it is -+ equivalent to implicitly calling :func:`ssl._https_verify_certificates` with -+ ``enable=False`` when :mod:`ssl` is first imported. -+ -+ Refer to the documentation of :func:`ssl._https_verify_certificates` for -+ details. -+ -+ .. versionadded:: 2.7.12 -+ - Debug-mode variables - ~~~~~~~~~~~~~~~~~~~~ - -diff -r 6d1b6a68f775 Doc/whatsnew/2.7.rst ---- a/Doc/whatsnew/2.7.rst -+++ b/Doc/whatsnew/2.7.rst -@@ -2588,7 +2588,7 @@ - - :pep:`477` approves the inclusion of the :pep:`453` ensurepip module and the - improved documentation that was enabled by it in the Python 2.7 maintenance --releases, appearing first in the the Python 2.7.9 release. -+releases, appearing first in the Python 2.7.9 release. - - - Bootstrapping pip By Default -@@ -2649,11 +2649,12 @@ - PEP 476: Enabling certificate verification by default for stdlib http clients - ----------------------------------------------------------------------------- - --:mod:`httplib` and modules which use it, such as :mod:`urllib2` and --:mod:`xmlrpclib`, will now verify that the server presents a certificate --which is signed by a CA in the platform trust store and whose hostname matches --the hostname being requested by default, significantly improving security for --many applications. -+:pep:`476` updated :mod:`httplib` and modules which use it, such as -+:mod:`urllib2` and :mod:`xmlrpclib`, to now verify that the server -+presents a certificate which is signed by a Certificate Authority in the -+platform trust store and whose hostname matches the hostname being requested -+by default, significantly improving security for many applications. This -+change was made in the Python 2.7.9 release. - - For applications which require the old previous behavior, they can pass an - alternate context:: -@@ -2670,6 +2671,29 @@ - - urllib2.urlopen("https://invalid-cert", context=context) - -+ -+PEP 493: HTTPS verification migration tools for Python 2.7 -+---------------------------------------------------------- -+ -+:pep:`493` provides additional migration tools to support a more incremental -+infrastructure upgrade process for environments containing applications and -+services relying on the historically permissive processing of server -+certificates when establishing client HTTPS connections. These additions were -+made in the Python 2.7.12 release. -+ -+These tools are intended for use in cases where affected applications and -+services can't be modified to explicitly pass a more permissive SSL context -+when establishing the connection. -+ -+For applications and services which can't be modified at all, the new -+``PYTHONHTTPSVERIFY`` environment variable may be set to ``0`` to revert an -+entire Python process back to the default permissive behaviour of Python 2.7.8 -+and earlier. -+ -+For cases where the connection establishment code can't be modified, but the -+overall application can be, the new :func:`ssl._https_verify_certificates` -+function can be used to adjust the default behaviour at runtime. -+ - .. ====================================================================== - - .. _acks27: -diff -r 6d1b6a68f775 Include/code.h ---- a/Include/code.h -+++ b/Include/code.h -@@ -70,7 +70,7 @@ - /* Public interface */ - PyAPI_FUNC(PyCodeObject *) PyCode_New( - int, int, int, int, PyObject *, PyObject *, PyObject *, PyObject *, -- PyObject *, PyObject *, PyObject *, PyObject *, int, PyObject *); -+ PyObject *, PyObject *, PyObject *, PyObject *, int, PyObject *); - /* same as struct above */ - - /* Creates a new empty code object with the specified source location. */ -@@ -98,6 +98,15 @@ - PyAPI_FUNC(int) _PyCode_CheckLineNumber(PyCodeObject* co, - int lasti, PyAddrPair *bounds); - -+/* Create a comparable key used to compare constants taking in account the -+ * object type. It is used to make sure types are not coerced (e.g., float and -+ * complex) _and_ to distinguish 0.0 from -0.0 e.g. on IEEE platforms -+ * -+ * Return (type(obj), obj, ...): a tuple with variable size (at least 2 items) -+ * depending on the type and the value. The type is the first item to not -+ * compare bytes and str which can raise a BytesWarning exception. */ -+PyAPI_FUNC(PyObject*) _PyCode_ConstantKey(PyObject *obj); -+ - PyAPI_FUNC(PyObject*) PyCode_Optimize(PyObject *code, PyObject* consts, - PyObject *names, PyObject *lineno_obj); - -diff -r 6d1b6a68f775 Include/dictobject.h ---- a/Include/dictobject.h -+++ b/Include/dictobject.h -@@ -108,6 +108,7 @@ - - PyAPI_FUNC(PyObject *) PyDict_New(void); - PyAPI_FUNC(PyObject *) PyDict_GetItem(PyObject *mp, PyObject *key); -+PyAPI_FUNC(PyObject *) _PyDict_GetItemWithError(PyObject *mp, PyObject *key); - PyAPI_FUNC(int) PyDict_SetItem(PyObject *mp, PyObject *key, PyObject *item); - PyAPI_FUNC(int) PyDict_DelItem(PyObject *mp, PyObject *key); - PyAPI_FUNC(void) PyDict_Clear(PyObject *mp); -diff -r 6d1b6a68f775 Include/object.h ---- a/Include/object.h -+++ b/Include/object.h -@@ -824,6 +824,29 @@ - #define Py_XINCREF(op) do { if ((op) == NULL) ; else Py_INCREF(op); } while (0) - #define Py_XDECREF(op) do { if ((op) == NULL) ; else Py_DECREF(op); } while (0) - -+/* Safely decref `op` and set `op` to `op2`. -+ * -+ * As in case of Py_CLEAR "the obvious" code can be deadly: -+ * -+ * Py_XDECREF(op); -+ * op = op2; -+ * -+ * The safe way is: -+ * -+ * Py_SETREF(op, op2); -+ * -+ * That arranges to set `op` to `op2` _before_ decref'ing, so that any code -+ * triggered as a side-effect of `op` getting torn down no longer believes -+ * `op` points to a valid object. -+ */ -+ -+#define Py_SETREF(op, op2) \ -+ do { \ -+ PyObject *_py_tmp = (PyObject *)(op); \ -+ (op) = (op2); \ -+ Py_XDECREF(_py_tmp); \ -+ } while (0) -+ - /* - These are provided as conveniences to Python runtime embedders, so that - they can have object code that is not dependent on Python compilation flags. -diff -r 6d1b6a68f775 Include/patchlevel.h ---- a/Include/patchlevel.h -+++ b/Include/patchlevel.h -@@ -27,7 +27,7 @@ - #define PY_RELEASE_SERIAL 0 - - /* Version as a string */ --#define PY_VERSION "2.7.11" -+#define PY_VERSION "2.7.11+" - /*--end constants--*/ - - /* Subversion Revision number of this file (not of the repository). Empty -diff -r 6d1b6a68f775 Include/pyerrors.h ---- a/Include/pyerrors.h -+++ b/Include/pyerrors.h -@@ -215,7 +215,7 @@ - - /* Export the old function so that the existing API remains available: */ - PyAPI_FUNC(void) PyErr_BadInternalCall(void); --PyAPI_FUNC(void) _PyErr_BadInternalCall(char *filename, int lineno); -+PyAPI_FUNC(void) _PyErr_BadInternalCall(const char *filename, int lineno); - /* Mask the old API with a call to the new API for code compiled under - Python 2.0: */ - #define PyErr_BadInternalCall() _PyErr_BadInternalCall(__FILE__, __LINE__) -diff -r 6d1b6a68f775 LICENSE ---- a/LICENSE -+++ b/LICENSE -@@ -74,8 +74,9 @@ - distribute, and otherwise use Python alone or in any derivative version, - provided, however, that PSF's License Agreement and PSF's notice of copyright, - i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, --2011, 2012, 2013, 2014, 2015 Python Software Foundation; All Rights Reserved" --are retained in Python alone or in any derivative version prepared by Licensee. -+2011, 2012, 2013, 2014, 2015, 2016 Python Software Foundation; All Rights -+Reserved" are retained in Python alone or in any derivative version prepared by -+Licensee. - - 3. In the event Licensee prepares a derivative work that is based on - or incorporates Python or any part thereof, and wants to make -diff -r 6d1b6a68f775 Lib/SocketServer.py ---- a/Lib/SocketServer.py -+++ b/Lib/SocketServer.py -@@ -121,11 +121,6 @@ - - # Author of the BaseServer patch: Luke Kenneth Casson Leighton - --# XXX Warning! --# There is a test suite for this module, but it cannot be run by the --# standard regression test. --# To run it manually, run Lib/test/test_socketserver.py. -- - __version__ = "0.4" - - -@@ -296,6 +291,8 @@ - except: - self.handle_error(request, client_address) - self.shutdown_request(request) -+ else: -+ self.shutdown_request(request) - - def handle_timeout(self): - """Called if no new request arrives within self.timeout. -@@ -642,7 +639,7 @@ - client address as self.client_address, and the server (in case it - needs access to per-server information) as self.server. Since a - separate instance is created for each request, the handle() method -- can define arbitrary other instance variariables. -+ can define other arbitrary instance variables. - - """ - -@@ -719,9 +716,6 @@ - - class DatagramRequestHandler(BaseRequestHandler): - -- # XXX Regrettably, I cannot get this working on Linux; -- # s.recvfrom() doesn't return a meaningful client address. -- - """Define self.rfile and self.wfile for datagram sockets.""" - - def setup(self): -diff -r 6d1b6a68f775 Lib/_strptime.py ---- a/Lib/_strptime.py -+++ b/Lib/_strptime.py -@@ -75,6 +75,8 @@ - self.__calc_date_time() - if _getlang() != self.lang: - raise ValueError("locale changed during initialization") -+ if time.tzname != self.tzname or time.daylight != self.daylight: -+ raise ValueError("timezone changed during initialization") - - def __pad(self, seq, front): - # Add '' to seq to either the front (is True), else the back. -@@ -159,15 +161,17 @@ - - def __calc_timezone(self): - # Set self.timezone by using time.tzname. -- # Do not worry about possibility of time.tzname[0] == timetzname[1] -- # and time.daylight; handle that in strptime . -+ # Do not worry about possibility of time.tzname[0] == time.tzname[1] -+ # and time.daylight; handle that in strptime. - try: - time.tzset() - except AttributeError: - pass -- no_saving = frozenset(["utc", "gmt", time.tzname[0].lower()]) -- if time.daylight: -- has_saving = frozenset([time.tzname[1].lower()]) -+ self.tzname = time.tzname -+ self.daylight = time.daylight -+ no_saving = frozenset(["utc", "gmt", self.tzname[0].lower()]) -+ if self.daylight: -+ has_saving = frozenset([self.tzname[1].lower()]) - else: - has_saving = frozenset() - self.timezone = (no_saving, has_saving) -@@ -296,12 +300,15 @@ - """Return a time struct based on the input string and the format string.""" - global _TimeRE_cache, _regex_cache - with _cache_lock: -- if _getlang() != _TimeRE_cache.locale_time.lang: -+ locale_time = _TimeRE_cache.locale_time -+ if (_getlang() != locale_time.lang or -+ time.tzname != locale_time.tzname or -+ time.daylight != locale_time.daylight): - _TimeRE_cache = TimeRE() - _regex_cache.clear() -+ locale_time = _TimeRE_cache.locale_time - if len(_regex_cache) > _CACHE_MAX_SIZE: - _regex_cache.clear() -- locale_time = _TimeRE_cache.locale_time - format_regex = _regex_cache.get(format) - if not format_regex: - try: -@@ -438,6 +445,10 @@ - week_starts_Mon = True if week_of_year_start == 0 else False - julian = _calc_julian_from_U_or_W(year, week_of_year, weekday, - week_starts_Mon) -+ if julian <= 0: -+ year -= 1 -+ yday = 366 if calendar.isleap(year) else 365 -+ julian += yday - # Cannot pre-calculate datetime_date() since can change in Julian - # calculation and thus could have different value for the day of the week - # calculation. -diff -r 6d1b6a68f775 Lib/base64.py ---- a/Lib/base64.py -+++ b/Lib/base64.py -@@ -64,9 +64,10 @@ - length 2 (additional characters are ignored) which specifies the - alternative alphabet used instead of the '+' and '/' characters. - -- The decoded string is returned. A TypeError is raised if s were -- incorrectly padded or if there are non-alphabet characters present in the -- string. -+ The decoded string is returned. A TypeError is raised if s is -+ incorrectly padded. Characters that are neither in the normal base-64 -+ alphabet nor the alternative alphabet are discarded prior to the padding -+ check. - """ - if altchars is not None: - s = s.translate(string.maketrans(altchars[:2], '+/')) -@@ -87,9 +88,10 @@ - def standard_b64decode(s): - """Decode a string encoded with the standard Base64 alphabet. - -- s is the string to decode. The decoded string is returned. A TypeError -- is raised if the string is incorrectly padded or if there are non-alphabet -- characters present in the string. -+ Argument s is the string to decode. The decoded string is returned. A -+ TypeError is raised if the string is incorrectly padded. Characters that -+ are not in the standard alphabet are discarded prior to the padding -+ check. - """ - return b64decode(s) - -@@ -97,19 +99,20 @@ - _urlsafe_decode_translation = string.maketrans(b'-_', b'+/') - - def urlsafe_b64encode(s): -- """Encode a string using a url-safe Base64 alphabet. -+ """Encode a string using the URL- and filesystem-safe Base64 alphabet. - -- s is the string to encode. The encoded string is returned. The alphabet -- uses '-' instead of '+' and '_' instead of '/'. -+ Argument s is the string to encode. The encoded string is returned. The -+ alphabet uses '-' instead of '+' and '_' instead of '/'. - """ - return b64encode(s).translate(_urlsafe_encode_translation) - - def urlsafe_b64decode(s): -- """Decode a string encoded with the standard Base64 alphabet. -+ """Decode a string using the URL- and filesystem-safe Base64 alphabet. - -- s is the string to decode. The decoded string is returned. A TypeError -- is raised if the string is incorrectly padded or if there are non-alphabet -- characters present in the string. -+ Argument s is the string to decode. The decoded string is returned. A -+ TypeError is raised if the string is incorrectly padded. Characters that -+ are not in the URL-safe base-64 alphabet, and are not a plus '+' or slash -+ '/', are discarded prior to the padding check. - - The alphabet uses '-' instead of '+' and '_' instead of '/'. - """ -@@ -267,7 +270,7 @@ - a lowercase alphabet is acceptable as input. For security purposes, the - default is False. - -- The decoded string is returned. A TypeError is raised if s were -+ The decoded string is returned. A TypeError is raised if s is - incorrectly padded or if there are non-alphabet characters present in the - string. - """ -diff -r 6d1b6a68f775 Lib/collections.py ---- a/Lib/collections.py -+++ b/Lib/collections.py -@@ -1,3 +1,15 @@ -+'''This module implements specialized container datatypes providing -+alternatives to Python's general purpose built-in containers, dict, -+list, set, and tuple. -+ -+* namedtuple factory function for creating tuple subclasses with named fields -+* deque list-like container with fast appends and pops on either end -+* Counter dict subclass for counting hashable objects -+* OrderedDict dict subclass that remembers the order entries were added -+* defaultdict dict subclass that calls a factory function to supply missing values -+ -+''' -+ - __all__ = ['Counter', 'deque', 'defaultdict', 'namedtuple', 'OrderedDict'] - # For bootstrapping reasons, the collection ABCs are defined in _abcoll.py. - # They should however be considered an integral part of collections.py. -diff -r 6d1b6a68f775 Lib/copy.py ---- a/Lib/copy.py -+++ b/Lib/copy.py -@@ -315,7 +315,7 @@ - if n > 2: - state = info[2] - else: -- state = {} -+ state = None - if n > 3: - listiter = info[3] - else: -@@ -329,7 +329,7 @@ - y = callable(*args) - memo[id(x)] = y - -- if state: -+ if state is not None: - if deep: - state = deepcopy(state, memo) - if hasattr(y, '__setstate__'): -diff -r 6d1b6a68f775 Lib/ctypes/__init__.py ---- a/Lib/ctypes/__init__.py -+++ b/Lib/ctypes/__init__.py -@@ -386,8 +386,8 @@ - return func - - class PyDLL(CDLL): -- """This class represents the Python library itself. It allows to -- access Python API functions. The GIL is not released, and -+ """This class represents the Python library itself. It allows -+ accessing Python API functions. The GIL is not released, and - Python exceptions are handled correctly. - """ - _func_flags_ = _FUNCFLAG_CDECL | _FUNCFLAG_PYTHONAPI -diff -r 6d1b6a68f775 Lib/ctypes/test/test_arrays.py ---- a/Lib/ctypes/test/test_arrays.py -+++ b/Lib/ctypes/test/test_arrays.py -@@ -24,20 +24,24 @@ - self.assertEqual(len(ia), alen) - - # slot values ok? -- values = [ia[i] for i in range(len(init))] -+ values = [ia[i] for i in range(alen)] - self.assertEqual(values, init) - -+ # out-of-bounds accesses should be caught -+ with self.assertRaises(IndexError): ia[alen] -+ with self.assertRaises(IndexError): ia[-alen-1] -+ - # change the items - from operator import setitem - new_values = range(42, 42+alen) - [setitem(ia, n, new_values[n]) for n in range(alen)] -- values = [ia[i] for i in range(len(init))] -+ values = [ia[i] for i in range(alen)] - self.assertEqual(values, new_values) - - # are the items initialized to 0? - ia = int_array() -- values = [ia[i] for i in range(len(init))] -- self.assertEqual(values, [0] * len(init)) -+ values = [ia[i] for i in range(alen)] -+ self.assertEqual(values, [0] * alen) - - # Too many initializers should be caught - self.assertRaises(IndexError, int_array, *range(alen*2)) -diff -r 6d1b6a68f775 Lib/ctypes/test/test_pointers.py ---- a/Lib/ctypes/test/test_pointers.py -+++ b/Lib/ctypes/test/test_pointers.py -@@ -53,9 +53,13 @@ - # C code: - # int x = 12321; - # res = &x -- res.contents = c_int(12321) -+ x = c_int(12321) -+ res.contents = x - self.assertEqual(i.value, 54345) - -+ x.value = -99 -+ self.assertEqual(res.contents.value, -99) -+ - def test_callbacks_with_pointers(self): - # a function type receiving a pointer - PROTOTYPE = CFUNCTYPE(c_int, POINTER(c_int)) -@@ -128,9 +132,10 @@ - - def test_basic(self): - p = pointer(c_int(42)) -- # Although a pointer can be indexed, it ha no length -+ # Although a pointer can be indexed, it has no length - self.assertRaises(TypeError, len, p) - self.assertEqual(p[0], 42) -+ self.assertEqual(p[0:1], [42]) - self.assertEqual(p.contents.value, 42) - - def test_charpp(self): -diff -r 6d1b6a68f775 Lib/ctypes/test/test_values.py ---- a/Lib/ctypes/test/test_values.py -+++ b/Lib/ctypes/test/test_values.py -@@ -22,8 +22,7 @@ - ctdll = CDLL(_ctypes_test.__file__) - self.assertRaises(ValueError, c_int.in_dll, ctdll, "Undefined_Symbol") - --@unittest.skipUnless(sys.platform == 'win32', 'Windows-specific test') --class Win_ValuesTestCase(unittest.TestCase): -+class PythonValuesTestCase(unittest.TestCase): - """This test only works when python itself is a dll/shared library""" - - def test_optimizeflag(self): -diff -r 6d1b6a68f775 Lib/distutils/ccompiler.py ---- a/Lib/distutils/ccompiler.py -+++ b/Lib/distutils/ccompiler.py -@@ -842,8 +842,9 @@ - def library_filename(self, libname, lib_type='static', # or 'shared' - strip_dir=0, output_dir=''): - assert output_dir is not None -- if lib_type not in ("static", "shared", "dylib"): -- raise ValueError, "'lib_type' must be \"static\", \"shared\" or \"dylib\"" -+ if lib_type not in ("static", "shared", "dylib", "xcode_stub"): -+ raise ValueError, ("""'lib_type' must be "static", "shared", """ -+ """"dylib", or "xcode_stub".""") - fmt = getattr(self, lib_type + "_lib_format") - ext = getattr(self, lib_type + "_lib_extension") - -diff -r 6d1b6a68f775 Lib/distutils/unixccompiler.py ---- a/Lib/distutils/unixccompiler.py -+++ b/Lib/distutils/unixccompiler.py -@@ -79,7 +79,9 @@ - static_lib_extension = ".a" - shared_lib_extension = ".so" - dylib_lib_extension = ".dylib" -+ xcode_stub_lib_extension = ".tbd" - static_lib_format = shared_lib_format = dylib_lib_format = "lib%s%s" -+ xcode_stub_lib_format = dylib_lib_format - if sys.platform == "cygwin": - exe_extension = ".exe" - -@@ -245,12 +247,28 @@ - def find_library_file(self, dirs, lib, debug=0): - shared_f = self.library_filename(lib, lib_type='shared') - dylib_f = self.library_filename(lib, lib_type='dylib') -+ xcode_stub_f = self.library_filename(lib, lib_type='xcode_stub') - static_f = self.library_filename(lib, lib_type='static') - - if sys.platform == 'darwin': - # On OSX users can specify an alternate SDK using - # '-isysroot', calculate the SDK root if it is specified - # (and use it further on) -+ # -+ # Note that, as of Xcode 7, Apple SDKs may contain textual stub -+ # libraries with .tbd extensions rather than the normal .dylib -+ # shared libraries installed in /. The Apple compiler tool -+ # chain handles this transparently but it can cause problems -+ # for programs that are being built with an SDK and searching -+ # for specific libraries. Callers of find_library_file need to -+ # keep in mind that the base filename of the returned SDK library -+ # file might have a different extension from that of the library -+ # file installed on the running system, for example: -+ # /Applications/Xcode.app/Contents/Developer/Platforms/ -+ # MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/ -+ # usr/lib/libedit.tbd -+ # vs -+ # /usr/lib/libedit.dylib - cflags = sysconfig.get_config_var('CFLAGS') - m = re.search(r'-isysroot\s+(\S+)', cflags) - if m is None: -@@ -264,6 +282,7 @@ - shared = os.path.join(dir, shared_f) - dylib = os.path.join(dir, dylib_f) - static = os.path.join(dir, static_f) -+ xcode_stub = os.path.join(dir, xcode_stub_f) - - if sys.platform == 'darwin' and ( - dir.startswith('/System/') or ( -@@ -272,6 +291,7 @@ - shared = os.path.join(sysroot, dir[1:], shared_f) - dylib = os.path.join(sysroot, dir[1:], dylib_f) - static = os.path.join(sysroot, dir[1:], static_f) -+ xcode_stub = os.path.join(sysroot, dir[1:], xcode_stub_f) - - # We're second-guessing the linker here, with not much hard - # data to go on: GCC seems to prefer the shared library, so I'm -@@ -279,6 +299,8 @@ - # ignoring even GCC's "-static" option. So sue me. - if os.path.exists(dylib): - return dylib -+ elif os.path.exists(xcode_stub): -+ return xcode_stub - elif os.path.exists(shared): - return shared - elif os.path.exists(static): -diff -r 6d1b6a68f775 Lib/ensurepip/__init__.py ---- a/Lib/ensurepip/__init__.py -+++ b/Lib/ensurepip/__init__.py -@@ -12,9 +12,9 @@ - __all__ = ["version", "bootstrap"] - - --_SETUPTOOLS_VERSION = "18.2" -+_SETUPTOOLS_VERSION = "20.3" - --_PIP_VERSION = "7.1.2" -+_PIP_VERSION = "8.1.1" - - # pip currently requires ssl support, so we try to provide a nicer - # error message when that is missing (http://bugs.python.org/issue19744) -diff -r 6d1b6a68f775 Lib/ensurepip/_bundled/pip-7.1.2-py2.py3-none-any.whl -Binary file Lib/ensurepip/_bundled/pip-7.1.2-py2.py3-none-any.whl has changed -diff -r 6d1b6a68f775 Lib/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl -Binary file Lib/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl has changed -diff -r 6d1b6a68f775 Lib/ensurepip/_bundled/setuptools-18.2-py2.py3-none-any.whl -Binary file Lib/ensurepip/_bundled/setuptools-18.2-py2.py3-none-any.whl has changed -diff -r 6d1b6a68f775 Lib/ensurepip/_bundled/setuptools-20.3-py2.py3-none-any.whl -Binary file Lib/ensurepip/_bundled/setuptools-20.3-py2.py3-none-any.whl has changed -diff -r 6d1b6a68f775 Lib/fileinput.py ---- a/Lib/fileinput.py -+++ b/Lib/fileinput.py -@@ -64,13 +64,6 @@ - disabled when standard input is read. XXX The current implementation - does not work for MS-DOS 8+3 filesystems. - --Performance: this module is unfortunately one of the slower ways of --processing large numbers of input lines. Nevertheless, a significant --speed-up has been obtained by using readlines(bufsize) instead of --readline(). A new keyword argument, bufsize=N, is present on the --input() function and the FileInput() class to override the default --buffer size. -- - XXX Possible additions: - - - optional getopt argument processing -@@ -86,6 +79,7 @@ - - _state = None - -+# No longer used - DEFAULT_BUFSIZE = 8*1024 - - def input(files=None, inplace=0, backup="", bufsize=0, -@@ -207,17 +201,14 @@ - self._files = files - self._inplace = inplace - self._backup = backup -- self._bufsize = bufsize or DEFAULT_BUFSIZE - self._savestdout = None - self._output = None - self._filename = None -- self._lineno = 0 -+ self._startlineno = 0 - self._filelineno = 0 - self._file = None - self._isstdin = False - self._backupfilename = None -- self._buffer = [] -- self._bufindex = 0 - # restrict mode argument to reading modes - if mode not in ('r', 'rU', 'U', 'rb'): - raise ValueError("FileInput opening mode must be one of " -@@ -242,22 +233,18 @@ - return self - - def next(self): -- try: -- line = self._buffer[self._bufindex] -- except IndexError: -- pass -- else: -- self._bufindex += 1 -- self._lineno += 1 -- self._filelineno += 1 -- return line -- line = self.readline() -- if not line: -- raise StopIteration -- return line -+ while 1: -+ line = self._readline() -+ if line: -+ self._filelineno += 1 -+ return line -+ if not self._file: -+ raise StopIteration -+ self.nextfile() -+ # repeat with next file - - def __getitem__(self, i): -- if i != self._lineno: -+ if i != self.lineno(): - raise RuntimeError, "accessing lines out of order" - try: - return self.next() -@@ -277,7 +264,11 @@ - output.close() - finally: - file = self._file -- self._file = 0 -+ self._file = None -+ try: -+ del self._readline # restore FileInput._readline -+ except AttributeError: -+ pass - try: - if file and not self._isstdin: - file.close() -@@ -289,75 +280,72 @@ - except OSError: pass - - self._isstdin = False -- self._buffer = [] -- self._bufindex = 0 - - def readline(self): -- try: -- line = self._buffer[self._bufindex] -- except IndexError: -- pass -+ while 1: -+ line = self._readline() -+ if line: -+ self._filelineno += 1 -+ return line -+ if not self._file: -+ return line -+ self.nextfile() -+ # repeat with next file -+ -+ def _readline(self): -+ if not self._files: -+ return "" -+ self._filename = self._files[0] -+ self._files = self._files[1:] -+ self._startlineno = self.lineno() -+ self._filelineno = 0 -+ self._file = None -+ self._isstdin = False -+ self._backupfilename = 0 -+ if self._filename == '-': -+ self._filename = '' -+ self._file = sys.stdin -+ self._isstdin = True - else: -- self._bufindex += 1 -- self._lineno += 1 -- self._filelineno += 1 -- return line -- if not self._file: -- if not self._files: -- return "" -- self._filename = self._files[0] -- self._files = self._files[1:] -- self._filelineno = 0 -- self._file = None -- self._isstdin = False -- self._backupfilename = 0 -- if self._filename == '-': -- self._filename = '' -- self._file = sys.stdin -- self._isstdin = True -+ if self._inplace: -+ self._backupfilename = ( -+ self._filename + (self._backup or os.extsep+"bak")) -+ try: os.unlink(self._backupfilename) -+ except os.error: pass -+ # The next few lines may raise IOError -+ os.rename(self._filename, self._backupfilename) -+ self._file = open(self._backupfilename, self._mode) -+ try: -+ perm = os.fstat(self._file.fileno()).st_mode -+ except OSError: -+ self._output = open(self._filename, "w") -+ else: -+ fd = os.open(self._filename, -+ os.O_CREAT | os.O_WRONLY | os.O_TRUNC, -+ perm) -+ self._output = os.fdopen(fd, "w") -+ try: -+ if hasattr(os, 'chmod'): -+ os.chmod(self._filename, perm) -+ except OSError: -+ pass -+ self._savestdout = sys.stdout -+ sys.stdout = self._output - else: -- if self._inplace: -- self._backupfilename = ( -- self._filename + (self._backup or os.extsep+"bak")) -- try: os.unlink(self._backupfilename) -- except os.error: pass -- # The next few lines may raise IOError -- os.rename(self._filename, self._backupfilename) -- self._file = open(self._backupfilename, self._mode) -- try: -- perm = os.fstat(self._file.fileno()).st_mode -- except OSError: -- self._output = open(self._filename, "w") -- else: -- fd = os.open(self._filename, -- os.O_CREAT | os.O_WRONLY | os.O_TRUNC, -- perm) -- self._output = os.fdopen(fd, "w") -- try: -- if hasattr(os, 'chmod'): -- os.chmod(self._filename, perm) -- except OSError: -- pass -- self._savestdout = sys.stdout -- sys.stdout = self._output -+ # This may raise IOError -+ if self._openhook: -+ self._file = self._openhook(self._filename, self._mode) - else: -- # This may raise IOError -- if self._openhook: -- self._file = self._openhook(self._filename, self._mode) -- else: -- self._file = open(self._filename, self._mode) -- self._buffer = self._file.readlines(self._bufsize) -- self._bufindex = 0 -- if not self._buffer: -- self.nextfile() -- # Recursive call -- return self.readline() -+ self._file = open(self._filename, self._mode) -+ -+ self._readline = self._file.readline # hide FileInput._readline -+ return self._readline() - - def filename(self): - return self._filename - - def lineno(self): -- return self._lineno -+ return self._startlineno + self._filelineno - - def filelineno(self): - return self._filelineno -diff -r 6d1b6a68f775 Lib/idlelib/CREDITS.txt ---- a/Lib/idlelib/CREDITS.txt -+++ b/Lib/idlelib/CREDITS.txt -@@ -24,7 +24,7 @@ - integration, debugger integration and persistent breakpoints). - - Scott David Daniels, Tal Einat, Hernan Foffani, Christos Georgiou, --Jim Jewett, Martin v. Löwis, Jason Orendorff, Guilherme Polo, Josh Robb, -+Jim Jewett, Martin v. Löwis, Jason Orendorff, Guilherme Polo, Josh Robb, - Nigel Rowe, Bruce Sherwood, Jeff Shute, and Weeble have submitted useful - patches. Thanks, guys! - -diff -r 6d1b6a68f775 Lib/idlelib/IOBinding.py ---- a/Lib/idlelib/IOBinding.py -+++ b/Lib/idlelib/IOBinding.py -@@ -17,6 +17,8 @@ - import tkMessageBox - from SimpleDialog import SimpleDialog - -+from idlelib.configHandler import idleConf -+ - # Try setting the locale, so that we can find out - # what encoding to use - try: -@@ -63,7 +65,7 @@ - - encoding = encoding.lower() - --coding_re = re.compile(r'^[ \t\f]*#.*coding[:=][ \t]*([-\w.]+)') -+coding_re = re.compile(r'^[ \t\f]*#.*?coding[:=][ \t]*([-\w.]+)') - blank_re = re.compile(r'^[ \t\f]*(?:[#\r\n]|$)') - - class EncodingMessage(SimpleDialog): -@@ -137,7 +139,6 @@ - raise LookupError, "Unknown encoding "+name - return name - -- - class IOBinding: - - def __init__(self, editwin): -@@ -567,7 +568,6 @@ - - def _io_binding(parent): # htest # - from Tkinter import Toplevel, Text -- from idlelib.configHandler import idleConf - - root = Toplevel(parent) - root.title("Test IOBinding") -@@ -578,15 +578,24 @@ - self.text = text - self.flist = None - self.text.bind("", self.open) -+ self.text.bind('', self.printer) - self.text.bind("", self.save) -+ self.text.bind("", self.saveas) -+ self.text.bind('', self.savecopy) - def get_saved(self): return 0 - def set_saved(self, flag): pass - def reset_undo(self): pass -+ def update_recent_files_list(self, filename): pass - def open(self, event): - self.text.event_generate("<>") -+ def printer(self, event): -+ self.text.event_generate("<>") - def save(self, event): - self.text.event_generate("<>") -- def update_recent_files_list(s, f): pass -+ def saveas(self, event): -+ self.text.event_generate("<>") -+ def savecopy(self, event): -+ self.text.event_generate("<>") - - text = Text(root) - text.pack() -diff -r 6d1b6a68f775 Lib/idlelib/NEWS.txt ---- a/Lib/idlelib/NEWS.txt -+++ b/Lib/idlelib/NEWS.txt -@@ -162,7 +162,7 @@ - move version to end. - - - Issue #14105: Idle debugger breakpoints no longer disappear -- when inseting or deleting lines. -+ when inserting or deleting lines. - - - What's New in IDLE 2.7.8? -diff -r 6d1b6a68f775 Lib/idlelib/README.txt ---- a/Lib/idlelib/README.txt -+++ b/Lib/idlelib/README.txt -@@ -1,6 +1,6 @@ - README.txt: an index to idlelib files and the IDLE menu. - --IDLE is Python’s Integrated Development and Learning -+IDLE is Python's Integrated Development and Learning - Environment. The user documentation is part of the Library Reference and - is available in IDLE by selecting Help => IDLE Help. This README documents - idlelib for IDLE developers and curious users. -diff -r 6d1b6a68f775 Lib/idlelib/aboutDialog.py ---- a/Lib/idlelib/aboutDialog.py -+++ b/Lib/idlelib/aboutDialog.py -@@ -110,6 +110,7 @@ - command=self.ShowIDLECredits) - idle_credits_b.pack(side=LEFT, padx=10, pady=10) - -+ # License, et all, are of type _sitebuiltins._Printer - def ShowLicense(self): - self.display_printer_text('About - License', license) - -@@ -119,14 +120,16 @@ - def ShowPythonCredits(self): - self.display_printer_text('About - Python Credits', credits) - -+ # Encode CREDITS.txt to utf-8 for proper version of Loewis. -+ # Specify others as ascii until need utf-8, so catch errors. - def ShowIDLECredits(self): -- self.display_file_text('About - Credits', 'CREDITS.txt', 'iso-8859-1') -+ self.display_file_text('About - Credits', 'CREDITS.txt', 'utf-8') - - def ShowIDLEAbout(self): -- self.display_file_text('About - Readme', 'README.txt') -+ self.display_file_text('About - Readme', 'README.txt', 'ascii') - - def ShowIDLENEWS(self): -- self.display_file_text('About - NEWS', 'NEWS.txt') -+ self.display_file_text('About - NEWS', 'NEWS.txt', 'ascii') - - def display_printer_text(self, title, printer): - printer._Printer__setup() -diff -r 6d1b6a68f775 Lib/idlelib/help.html ---- a/Lib/idlelib/help.html -+++ b/Lib/idlelib/help.html -@@ -6,15 +6,15 @@ - - - -- 24.6. IDLE — Python 2.7.10 documentation -+ 24.6. IDLE — Python 2.7.11 documentation - -- -+ - - - - - - - -- -+ - - - -@@ -40,8 +40,8 @@ - - - -- --
    -+ -+ - -
    -
    -
    --
    -+
    - -
    -

    24.6. IDLE¶

    -

    IDLE is Python’s Integrated Development and Learning Environment.

    -

    IDLE has the following features:

    -
      --
    • coded in 100% pure Python, using the tkinter GUI toolkit
      • -+
    • coded in 100% pure Python, using the tkinter GUI toolkit
      • -
    • cross-platform: works mostly the same on Windows, Unix, and Mac OS X
      • -
    • Python shell window (interactive interpreter) with colorizing - of code input, output, and error messages
      • -@@ -224,10 +224,10 @@ -
      Run Module
      -
      Do Check Module (above). If no error, restart the shell to clean the - environment, then execute the module. Output is displayed in the Shell --window. Note that output requires use of print or write. -+window. Note that output requires use of print or write. - When execution is complete, the Shell retains focus and displays a prompt. - At this point, one may interactively explore the result of execution. --This is similar to executing a file with python -i file at a command -+This is similar to executing a file with python -i file at a command - line.
      - -
    -@@ -339,47 +339,47 @@ -
    -
    -

    24.6.2. Editing and navigation¶

    --

    In this section, ‘C’ refers to the Control key on Windows and Unix and --the Command key on Mac OSX.

    -+

    In this section, ‘C’ refers to the Control key on Windows and Unix and -+the Command key on Mac OSX.

    -
      --

    • Backspace deletes to the left; Del deletes to the right

      -+

    • Backspace deletes to the left; Del deletes to the right

      -
      • --

    • C-Backspace delete word left; C-Del delete word to the right

      -+

    • C-Backspace delete word left; C-Del delete word to the right

      -
      • --

    • Arrow keys and Page Up/Page Down to move around

      -+

    • Arrow keys and Page Up/Page Down to move around

      -
      • --

    • C-LeftArrow and C-RightArrow moves by words

      -+

    • C-LeftArrow and C-RightArrow moves by words

      -
      • --

    • Home/End go to begin/end of line

      -+

    • Home/End go to begin/end of line

      -
      • --

    • C-Home/C-End go to begin/end of file

      -+

    • C-Home/C-End go to begin/end of file

      -
      • -

    • Some useful Emacs bindings are inherited from Tcl/Tk:

      -
      -
        --
      • C-a beginning of line
        • --
      • C-e end of line
        • --
      • C-k kill line (but doesn’t put it in clipboard)
        • --
      • C-l center window around the insertion point
        • --
      • C-b go backwards one character without deleting (usually you can -+
      • C-a beginning of line
        • -+
      • C-e end of line
        • -+
      • C-k kill line (but doesn’t put it in clipboard)
        • -+
      • C-l center window around the insertion point
        • -+
      • C-b go backwards one character without deleting (usually you can - also use the cursor key for this)
        • --
      • C-f go forward one character without deleting (usually you can -+
      • C-f go forward one character without deleting (usually you can - also use the cursor key for this)
        • --
      • C-p go up one line (usually you can also use the cursor key for -+
      • C-p go up one line (usually you can also use the cursor key for - this)
        • --
      • C-d delete next character
        • -+
      • C-d delete next character
        • -
      -
      -
      • -
    --

    Standard keybindings (like C-c to copy and C-v to paste) -+

    Standard keybindings (like C-c to copy and C-v to paste) - may work. Keybindings are selected in the Configure IDLE dialog.

    -
    -

    24.6.2.1. Automatic indentation¶

    -

    After a block-opening statement, the next line is indented by 4 spaces (in the - Python Shell window by one tab). After certain keywords (break, return etc.) --the next line is dedented. In leading indentation, Backspace deletes up --to 4 spaces if they are there. Tab inserts spaces (in the Python -+the next line is dedented. In leading indentation, Backspace deletes up -+to 4 spaces if they are there. Tab inserts spaces (in the Python - Shell window one tab), number depends on Indent width. Currently tabs - are restricted to four spaces due to Tcl/Tk limitations.

    -

    See also the indent/dedent region commands in the edit menu.

    -@@ -394,25 +394,25 @@ - of those characters (plus zero or more other characters) a tab is typed - the ACW will open immediately if a possible continuation is found.

    -

    If there is only one possible completion for the characters entered, a --Tab will supply that completion without opening the ACW.

    -+Tab will supply that completion without opening the ACW.

    -

    ‘Show Completions’ will force open a completions window, by default the --C-space will open a completions window. In an empty -+C-space will open a completions window. In an empty - string, this will contain the files in the current directory. On a - blank line, it will contain the built-in and user-defined functions and - classes in the current name spaces, plus any modules imported. If some - characters have been entered, the ACW will attempt to be more specific.

    -

    If a string of characters is typed, the ACW selection will jump to the --entry most closely matching those characters. Entering a tab will -+entry most closely matching those characters. Entering a tab will - cause the longest non-ambiguous match to be entered in the Editor window or --Shell. Two tab in a row will supply the current ACW selection, as -+Shell. Two tab in a row will supply the current ACW selection, as - will return or a double click. Cursor keys, Page Up/Down, mouse selection, - and the scroll wheel all operate on the ACW.

    -

    “Hidden” attributes can be accessed by typing the beginning of hidden - name after a ‘.’, e.g. ‘_’. This allows access to modules with --__all__ set, or to class-private attributes.

    -+__all__ set, or to class-private attributes.

    -

    Completions and the ‘Expand Word’ facility can save a lot of typing!

    -

    Completions are currently limited to those in the namespaces. Names in --an Editor window which are not via __main__ and sys.modules will -+an Editor window which are not via __main__ and sys.modules will - not be found. Run the module once with your imports to correct this situation. - Note that IDLE itself places quite a few modules in sys.modules, so - much can be found by default, e.g. the re module.

    -@@ -421,10 +421,10 @@ -
    -
    -

    24.6.2.3. Calltips¶

    --

    A calltip is shown when one types ( after the name of an acccessible -+

    A calltip is shown when one types ( after the name of an acccessible - function. A name expression may include dots and subscripts. A calltip - remains until it is clicked, the cursor is moved out of the argument area, --or ) is typed. When the cursor is in the argument part of a definition, -+or ) is typed. When the cursor is in the argument part of a definition, - the menu or shortcut display a calltip.

    -

    A calltip consists of the function signature and the first line of the - docstring. For builtins without an accessible signature, the calltip -@@ -433,11 +433,11 @@ -

    The set of accessible functions depends on what modules have been imported - into the user process, including those imported by Idle itself, - and what definitions have been run, all since the last restart.

    --

    For example, restart the Shell and enter itertools.count(. A calltip -+

    For example, restart the Shell and enter itertools.count(. A calltip - appears because Idle imports itertools into the user process for its own use. --(This could change.) Enter turtle.write( and nothing appears. Idle does -+(This could change.) Enter turtle.write( and nothing appears. Idle does - not import turtle. The menu or shortcut do nothing either. Enter --import turtle and then turtle.write( will work.

    -+import turtle and then turtle.write( will work.

    -

    In an editor, import statements have no effect until one runs the file. One - might want to run a file after writing the import statements at the top, - or immediately run an existing file before editing.

    -@@ -445,17 +445,17 @@ -
    -

    24.6.2.4. Python Shell window¶

    -
      --

    • C-c interrupts executing command

      -+

    • C-c interrupts executing command

      -
      • --

    • C-d sends end-of-file; closes window if typed at a >>> prompt

      -+

    • C-d sends end-of-file; closes window if typed at a >>> prompt

      -
      • --

    • Alt-/ (Expand word) is also useful to reduce typing

      -+

    • Alt-/ (Expand word) is also useful to reduce typing

      -

      Command history

      -
        --
      • Alt-p retrieves previous command matching what you have typed. On --OS X use C-p.
        • --
      • Alt-n retrieves next. On OS X use C-n.
        • --
      • Return while on any previous command retrieves that command
        • -+
      • Alt-p retrieves previous command matching what you have typed. On -+OS X use C-p.
        • -+
      • Alt-n retrieves next. On OS X use C-n.
        • -+
      • Return while on any previous command retrieves that command
        • -
      -
      • -
    -@@ -465,8 +465,8 @@ -

    Idle defaults to black on white text, but colors text with special meanings. - For the shell, these are shell output, shell error, user output, and - user error. For Python code, at the shell prompt or in an editor, these are --keywords, builtin class and function names, names following class and --def, strings, and comments. For any text window, these are the cursor (when -+keywords, builtin class and function names, names following class and -+def, strings, and comments. For any text window, these are the cursor (when - present), found text (when possible), and selected text.

    -

    Text coloring is done in the background, so uncolorized text is occasionally - visible. To change the color scheme, use the Configure IDLE dialog -@@ -476,15 +476,15 @@ -

    -
    -

    24.6.3. Startup and code execution¶

    --

    Upon startup with the -s option, IDLE will execute the file referenced by --the environment variables IDLESTARTUP or PYTHONSTARTUP. --IDLE first checks for IDLESTARTUP; if IDLESTARTUP is present the file --referenced is run. If IDLESTARTUP is not present, IDLE checks for --PYTHONSTARTUP. Files referenced by these environment variables are -+

    Upon startup with the -s option, IDLE will execute the file referenced by -+the environment variables IDLESTARTUP or PYTHONSTARTUP. -+IDLE first checks for IDLESTARTUP; if IDLESTARTUP is present the file -+referenced is run. If IDLESTARTUP is not present, IDLE checks for -+PYTHONSTARTUP. Files referenced by these environment variables are - convenient places to store functions that are used frequently from the IDLE - shell, or for executing import statements to import common modules.

    --

    In addition, Tk also loads a startup file if it is present. Note that the --Tk file is loaded unconditionally. This additional file is .Idle.py and is -+

    In addition, Tk also loads a startup file if it is present. Note that the -+Tk file is loaded unconditionally. This additional file is .Idle.py and is - looked for in the user’s home directory. Statements in this file will be - executed in the Tk namespace, so this file is not useful for importing - functions to be used from IDLE’s Python shell.

    -@@ -505,12 +505,12 @@ -
    -

    If there are arguments:

    -
      --
    • If -, -c, or r is used, all arguments are placed in --sys.argv[1:...] and sys.argv[0] is set to '', '-c', --or '-r'. No editor window is opened, even if that is the default -+
    • If -, -c, or r is used, all arguments are placed in -+sys.argv[1:...] and sys.argv[0] is set to '', '-c', -+or '-r'. No editor window is opened, even if that is the default - set in the Options dialog.
      • -
    • Otherwise, arguments are files opened for editing and --sys.argv reflects the arguments passed to IDLE itself.
      • -+sys.argv reflects the arguments passed to IDLE itself. -
    -
    -
    -@@ -595,7 +595,7 @@ -
    -
    -
    --
    -+