-
python3.5 (3.5.3-1ubuntu0~17.04.2) zesty-security; urgency=medium
* SECURITY UPDATE: integer overflow in the PyBytes_DecodeEscape
function
- debian/patches/CVE-2017-1000158.patch: fix this integer overflow
in Objects/bytesobject.c.
- CVE-2017-1000158
-- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Nov 2017 08:34:05 -0300
-
python3.5 (3.5.3-1ubuntu0~17.04.1) zesty; urgency=medium
* Explicitly use the system python for byte compilation in postinst scripts.
(LP: #1682934)
-- Brian Murray <email address hidden> Thu, 14 Sep 2017 15:58:41 -0700
-
python3.5 (3.5.3-1ubuntu0~17.04.0) zesty; urgency=medium
* SRU: LP: #1711724 Fix dict segfault. Issue #27945.
-- Clint Byrum <email address hidden> Thu, 07 Sep 2017 09:23:57 -0700
-
python3.5 (3.5.3-1) unstable; urgency=medium
* Python 3.5.3 release.
-- Matthias Klose <email address hidden> Thu, 19 Jan 2017 15:11:04 +0100
-
python3.5 (3.5.3~rc1-1) unstable; urgency=medium
* Python 3.5.3 release candidate 1.
- Issue #29073: bytearray formatting no longer truncates on first null byte.
- Issue #28932: Do not include <sys/random.h> if it does not exist.
- Issue #28147: Fix a memory leak in split-table dictionaries: setattr()
must not convert combined table into split table.
- Issue #25677: Correct the positioning of the syntax error caret for
indented blocks.
- Issue #29000: Fixed bytes formatting of octals with zero padding in
alternate form.
- Issue #15812: inspect.getframeinfo() now correctly shows the first line of
a context.
- Issue #29094: Offsets in a ZIP file created with extern file object and
modes "w" and "x" now are relative to the start of the file.
- Issue #13051: Fixed recursion errors in large or resized
curses.textpad.Textbox.
- Issue #29119: Fix weakrefs in the pure python version of
collections.OrderedDict move_to_end() method.
- Issue #9770: curses.ascii predicates now work correctly with negative
integers.
- Issue #28427: old keys should not remove new values from
WeakValueDictionary when collecting from another thread.
- Issue 28923: Remove editor artifacts from Tix.py.
- Issue #28871: Fixed a crash when deallocate deep ElementTree.
- Issue #19542: Fix bugs in WeakValueDictionary.setdefault() and
WeakValueDictionary.pop() when a GC collection happens in another
thread.
- Issue #20191: Fixed a crash in resource.prlimit() when pass a sequence that
doesn't own its elements as limits.
- Issue #28990: Fix SSL hanging if connection is closed before handshake
completed.
* Update symbols files.
-- Matthias Klose <email address hidden> Tue, 03 Jan 2017 05:40:57 +0100
-
python3.5 (3.5.2-9) unstable; urgency=medium
* Update to 20161213 from the 3.5 branch.
- Issue #28512: Fixed setting the offset attribute of SyntaxError by
PyErr_SyntaxLocationEx() and PyErr_SyntaxLocationObject().
- Issue #5322: Fixed setting __new__ to a PyCFunction inside Python code.
- Issue #28779: multiprocessing.set_forkserver_preload() would crash the
forkserver process if a preloaded module instantiated some
multiprocessing objects such as locks.
- Issue #28847: dbm.dumb now supports reading read-only files and no longer
writes the index file when it is not changed.
- Issue #24142: Reading a corrupt config file left the parser in an
invalid state.
- Issue #28808: PyUnicode_CompareWithASCIIString() now never raises
exceptions.
* Update references in pdb(1). Closes: #840239.
* Update symbols files.
-- Matthias Klose <email address hidden> Tue, 13 Dec 2016 15:16:35 +0100
-
python3.5 (3.5.2-8) unstable; urgency=medium
* Update to 20161121 from the 3.5 branch.
- Issue #19398: Extra slash no longer added to sys.path components
in case of empty compile-time PYTHONPATH components.
- Issue #27942: Fix memory leak in codeobject.c
- Issue #25659: In ctypes, prevent a crash calling the from_buffer() and
from_buffer_copy() methods on abstract classes like Array.
- Issue #28732: Fix crash in os.spawnv() with no elements in args.
- Issue #28485: Always raise ValueError for negative
compileall.compile_dir(workers=...) parameter,
even when multithreading is unavailable.
- Issue #28387: Fixed possible crash in _io.TextIOWrapper deallocator when
the garbage collector is invoked in other thread.
- Issue #28600: Optimize loop.call_soon().
- Issue #28613: Fix get_event_loop() return the current loop if
called from coroutines/callbacks.
- Issue #28639: Fix inspect.isawaitable to always return bool
- Issue #28652: Make loop methods reject socket kinds they do not support.
- Issue #28653: Fix a refleak in functools.lru_cache.
- Issue #28703: Fix asyncio.iscoroutinefunction to handle Mock objects.
- Issue #28666: Now test.support.rmtree is able to remove unwritable or
unreadable directories.
- Issue #23839: Various caches now are cleared before running every
test file.
- Issue #26359: Rename --with-optimiations to --enable-optimizations.
-- Matthias Klose <email address hidden> Tue, 22 Nov 2016 02:00:20 +0100
-
python3.5 (3.5.2-7) unstable; urgency=medium
* Update to 20161103 from the 3.5 branch.
- Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in
debug build.
- Issue #23782: Fixed possible memory leak in _PyTraceback_Add() and
exception loss in PyTraceBack_Here().
- Issue #28379: Added sanity checks and tests for
PyUnicode_CopyCharacters().
- Issue #28376: The type of long range iterator is now registered as
Iterator.
- Issue #28376: The constructor of range_iterator now checks that step is
not 0.
- Issue #26906: Resolving special methods of uninitialized type now causes
implicit initialization of the type instead of a fail.
- Issue #18287: PyType_Ready() now checks that tp_name is not NULL.
- Issue #24098: Fixed possible crash when AST is changed in process of
compiling it.
- Issue #28350: String constants with null character no longer interned.
- Issue #26617: Fix crash when GC runs during weakref callbacks.
- Issue #27942: String constants now interned recursively in tuples and
frozensets.
- Issue #21578: Fixed misleading error message when ImportError called with
invalid keyword args.
- Issue #28203: Fix incorrect type in error message from
``complex(1.0, {2:3})``.
- Issue #27517: LZMA compressor and decompressor no longer raise exceptions
if given empty data twice.
- Issue #28549: Fixed segfault in curses's addch() with ncurses6.
- Issue #28449: tarfile.open() with mode "r" or "r:" now tries to open a
tar file with compression before trying to open it without compression.
Otherwise it had 50% chance failed with ignore_zeros=True.
- Issue #23262: The webbrowser module now supports Firefox 36+ and derived
browsers.
- Issue #27939: Fixed bugs in tkinter.ttk.LabeledScale and tkinter.Scale
caused by representing the scale as float value internally in Tk.
tkinter.IntVar now works if float value is set to underlying Tk variable.
- Issue #28255: calendar.TextCalendar().prmonth() no longer prints a space
at the start of new line after printing a month's calendar.
- Issue #20491: The textwrap.TextWrapper class now honors non-breaking
spaces.
- Issue #28353: os.fwalk() no longer fails on broken links.
- Issue #25464: Fixed HList.header_exists() in tkinter.tix module by addin
a workaround to Tix library bug.
- Issue #28488: shutil.make_archive() no longer add entry "./" to ZIP
archive.
- Issue #24452: Make webbrowser support Chrome on Mac OS X.
- Issue #20766: Fix references leaked by pdb in the handling of SIGINT
handlers.
- Issue #26293: Fixed writing ZIP files that starts not from the start of
the file. Offsets in ZIP file now are relative to the start of the
archive in conforming to the specification.
- Issue #28321: Fixed writing non-BMP characters with binary format in
plistlib.
- Issue #28322: Fixed possible crashes when unpickle itertools objects from
incorrect pickle data.
- Fix possible integer overflows and crashes in the mmap module with
unusual usage patterns.
- Issue #1703178: Fix the ability to pass the --link-objects option to the
distutils build_ext command.
- Issue #28253: Fixed calendar functions for extreme months: 0001-01
and 9999-12.
- Issue #28275: Fixed possible use after free in the decompress()
methods of the LZMADecompressor and BZ2Decompressor classes.
- Issue #27897: Fixed possible crash in
sqlite3.Connection.create_collation() if pass invalid string-like object
as a name.
- Issue #27611: Fixed support of default root window in the tkinter.tix
module.
- Issue #28368: Refuse monitoring processes if the child watcher has
no loop attached.
- Issue #28369: Raise RuntimeError when transport's FD is used with
add_reader, add_writer, etc.
- Issue #28370: Speedup asyncio.StreamReader.readexactly.
- Issue #28371: Deprecate passing asyncio.Handles to run_in_executor.
- Issue #28372: Fix asyncio to support formatting of non-python coroutines.
- Issue #28399: Remove UNIX socket from FS before binding.
- Issue #27972: Prohibit Tasks to await on themselves.
- Issue #26923: Fix asyncio.Gather to refuse being cancelled once all
children are done.
- Issue #26796: Don't configure the number of workers for default
threadpool executor.
- Issue #15308: Add 'interrupt execution' (^C) to Shell menu.
- Issue #28513: Documented command-line interface of zipfile.
- Issue #28409: regrtest: fix the parser of command line arguments.
- Issue #28444: Fix missing extensions modules when cross compiling.
- Issue #28258: Fixed build with Estonian locale (python-config and
distclean targets in Makefile).
* Build using openssl 1.1. Closes: #835794.
-- Matthias Klose <email address hidden> Thu, 03 Nov 2016 12:10:16 +0100
-
python3.5 (3.5.2-6) unstable; urgency=medium
* Update to 20160922 from the 3.5 branch.
- Issue #27955: Fallback on reading /dev/urandom device when the getrandom()
syscall fails with EPERM, for example when blocked by SECCOMP.
- Issue #28131: Fix a regression in zipimport's compile_source().
zipimport should use the same optimization level as the interpreter.
- Issue #25221: Fix corrupted result from PyLong_FromLong(0) when
Python is compiled with NSMALLPOSINTS = 0.
- Issue #28189: dictitems_contains no longer swallows compare errors.
- Issue #27348: In the traceback module, restore the formatting of
exception messages like "Exception: None". This fixes a regression
introduced in 3.5a2.
- Issue #25651: Allow falsy values to be used for msg parameter of
subTest().
- Fix UnboundLocalError in socket._sendfile_use_sendfile.
- Issue #28075: Check for ERROR_ACCESS_DENIED in Windows implementation of
os.stat().
- Issue #25270: Prevent codecs.escape_encode() from raising SystemError
when an empty bytestring is passed.
- Issue #28181: Get antigravity over HTTPS.
- Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoin.
- Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and
binascii.a2b_qp().
- Issue #19003:m email.generator now replaces only \r and/or \n line
endings, per the RFC, instead of all unicode line endings.
- Issue #28019: itertools.count() no longer rounds non-integer step in
range between 1.0 and 2.0 to 1.
- Issue #25969: Update the lib2to3 grammar to handle the unpacking
generalizations added in 3.5.
- Issue #17582: xml.etree.ElementTree nows preserves whitespaces in
attributes.
- Issue #27456: asyncio: Set TCP_NODELAY by default.
- Issue #27906: Fix socket accept exhaustion during high TCP traffic.
- Issue #28174: Handle when SO_REUSEPORT isn't properly supported.
- Issue #26654: Inspect functools.partial in asyncio.Handle.__repr__.
- Issue #26909: Fix slow pipes IO in asyncio.
- Issue #28176: Fix callbacks race in asyncio.SelectorLoop.sock_connect.
- Issue #27759: Fix selectors incorrectly retain invalid file descriptors.
- Issue #27922: Stop IDLE tests from 'flashing' gui widgets on the screen.
- Add version to title of IDLE help window.
- Issue #25564: In section on IDLE -- console differences, mention that
using exec means that __builtins__ is defined for each statement.
- Issue #27952: Get Tools/scripts/fixcid.py working with Python 3 and
the current "re" module, avoid invalid Python backslash escapes,
and fix a bug parsing escaped C quote signs.
- Issue #26661: setup.py now detects system libffi with multiarch wrapper.
- Issue #28066: Fix the logic that searches build directories for generated
include files when building outside the source tree.
- Issue #15819: Remove redundant include search directory option for
building outside the source tree.
- Issue #27566: Fix clean target in freeze makefile.
- Issue #27705: Update message in validate_ucrtbase.py
* Don't build the fpectl module on hppa. Closes: #837314.
-- Matthias Klose <email address hidden> Thu, 22 Sep 2016 14:18:14 +0200
