please include the PC/icons/* files from the python repository #945

doko42 · 2016-06-03T03:41:43Z

please include the PC/icons/* files from the python repository. The python mercurial repository ships PC/icons/* files, although these are not used anymore for any Python build on any architecture. Please could you include these (maybe as part of community/python logs) in this project? The corresponding issue in the python tracker is http://bugs.python.org/issue17500

berkerpeksag · 2016-06-06T08:27:24Z

I think we already have the same logos (except the source.xar file) in the community logos page. If source.xar is an important file I can upload to the community logos page.

malemburg · 2016-06-06T09:00:13Z

We do and the .xar file includes an old variant which is not the official version of the logo. Overall, the data in PC/icons/* dir is not official logo data, so I don't think we should include on the website.

It may actually be better to do the reverse: i.e. add the official logo files from the website to the PC/logo/ dir and replace the in-official files with the official ones.

malemburg · 2016-06-06T09:01:24Z

Some additional files are available here: https://wiki.python.org/psf/Python%20Logos

ned-deily · 2016-06-06T15:59:14Z

@doko42 brought this issue up with me at the PyCon sprints. His concern is that Debian considers .xar files to be non-free and thus they have to explicitly delete the file from each Python release when they repackage. It's not clear to us whether the .xar file is needed at all anymore but, as a precaution, he thought that saving in pythondotorg repo and removing it from cpython would make sure it didn't get lost and solve the non-free issue for redistributors. Otherwise, no other changes are being proposed.

malemburg · 2016-06-06T21:30:10Z

On 06.06.2016 17:59, Ned Deily wrote:

@doko42 brought this issue up with me at the PyCon sprints. His concern is that Debian considers .xar files to be non-free and thus they have to have explicitly delete the file from each Python release when they repackage. It's not clear to us whether the .xar file is needed at all anymore but, as a precaution, he thought that saving in pythondotorg repo and removing it from cpython would make sure it didn't get lost and solve the non-free issue for redistributors. Otherwise, no other changes are being proposed.

Hi Ned,

as mentioned, neither the .xar nor the .svg file in the directory
contain the official logo files, so IMO they can both be deleted and
don't have to be hosted anywhere else.

If people are seeking the official logos, they should go to the
website.

Cheers,

Marc-Andre Lemburg
http://www.malemburg.com/

ned-deily · 2016-06-07T14:38:23Z

OK, good, then I guess we can close this issue. OK, @doko42?

doko42 · 2016-06-10T16:14:31Z

ok. maybe a different request would be the addition of the logo with just the two snakes, which can be used as a desktop icon for starting the the interpreter.

unused and outdated icons. --HG-- branch : 2.7

unused and outdated icons.

unused and outdated icons. --HG-- branch : 3.5

berkerpeksag · 2016-06-17T23:58:05Z

Looks like this can be closed now. Please reopen if not.

Core and Builtins ----------------- - Issue 20041: Fixed TypeError when frame.f_trace is set to None. Patch by Xavier de Gaye. - Issue 25702: A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone. - Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by Joe Jevnik. - Issue 4806: Avoid masking the original TypeError exception when using star (*) unpacking and the exception was raised from a generator. Based on patch by Hagen Fürstenau. - Issue 26659: Make the builtin slice type support cycle collection. - Issue 26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly ignore errors from a __int__() method. - Issue 26494: Fixed crash on iterating exhausting iterators. Affected classes are generic sequence iterators, iterators of bytearray, list, tuple, set, frozenset, dict, OrderedDict and corresponding views. - Issue 26581: If coding cookie is specified multiple times on a line in Python source code file, only the first one is taken to account. - Issue 22836: Ensure exception reports from PyErr_Display() and PyErr_WriteUnraisable() are sensible even when formatting them produces secondary errors. This affects the reports produced by sys.__excepthook__() and when __del__() raises an exception. - Issue 22847: Improve method cache efficiency. - Issue 25843: When compiling code, don't merge constants if they are equal but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0`` is now correctly compiled to two different functions: ``f1()`` returns ``1`` (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0`` are equal. - Issue 22995: [UPDATE] Remove the one of the pickleability tests in _PyObject_GetState() due to regressions observed in Cython-based projects. - Issue 25961: Disallowed null characters in the type name. - Issue 22995: Instances of extension types with a state that aren't subclasses of list or dict and haven't implemented any pickle-related methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or __getstate__), can no longer be pickled. Including memoryview. - Issue 20440: Massive replacing unsafe attribute setting code with special macro Py_SETREF. - Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size. This allows sys.getsize() to work correctly with their subclasses with __slots__ defined. - Issue 19543: Added Py3k warning for decoding unicode. - Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside __getattr__. - Issue 24731: Fixed crash on converting objects with special methods __str__, __trunc__, and __float__ returning instances of subclasses of str, long, and float to subclasses of str, long, and float correspondingly. - Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples. - Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). Library ------- - Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283. - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team Oststrom - Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the locale. - Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send the Content-Type header field in responses that don't have a body. Based on patch by Susumu Koshiba. - Issue 21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue 27211: Fix possible memory corruption in io.IOBase.readline(). - Issue 27114: Fix SSLContext._load_windows_store_certs fails with PermissionError - Issue 14132: Fix urllib.request redirect handling when the target only has a query string. Fix by Ján Janech. - Removed the requirements for the ctypes and modulefinder modules to be compatible with earlier Python versions. - Issue 22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. Patch by Akira Li. - Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname(). Patch by Sijin Joseph. - Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib from hanging when retrieving certain FTP files. - Issue 25745: Fixed leaking a userptr in curses panel destructor. - Issue 17765: weakref.ref() no longer silently ignores keyword arguments. Patch by Georg Brandl. - Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue 24114: Fix an uninitialized variable in `ctypes.util`. The bug only occurs on SunOS when the ctypes implementation searches for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos. - Issue 26864: In urllib, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang. - Issue 26804: urllib will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen. - Issue 26837: assertSequenceEqual() now correctly outputs non-stringified differing items. This affects assertListEqual() and assertTupleEqual(). - Issue 26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer on Windows. This fixes a regression that was introduced in 2.7.7. Based on patch by Philipp Hagemeister. - Issue 19377: Add .svg to mimetypes.types_map. - Issue 13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson. - Issue 16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'. - Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. Patch by Eric Price. - Issue 26644: Raise ValueError rather than SystemError when a negative length is passed to SSLSocket.recv() or read(). - Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes instead of up to 1024. - Issue 24266: Ctrl+C during Readline history search now cancels the search mode when compiled with Readline 7. - Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and environment variable to configure the default handling of SSL/TLS certificates for HTTPS connections. - Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. - Issue 26513: Fixes platform module detection of Windows Server - Issue 23718: Fixed parsing time in week 0 before Jan 1. Original patch by Tamás Bence Gedai. - Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets. - Issue 15068: Got rid of excessive buffering in the fileinput module. The bufsize parameter is no longer used. - Issue 2202: Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy. - Issue 26475: Fixed debugging output for regular expressions with the (?x) flag. - Issue 26385: Remove the file if the internal fdopen() call in NamedTemporaryFile() fails. Based on patch by Silent Ghost. - Issue 26309: In the "socketserver" module, shut down the request (closing the connected socket) when verify_request() returns false. Based on patch by Aviv Palivoda. - Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates. - Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with Linux PID namespaces enabled. - Issue 25698: Importing module if the stack is too deep no longer replaces imported module with the empty one. - Issue 12923: Reset FancyURLopener's redirect counter even if there is an exception. Based on patches by Brian Brazil and Daniel Rocco. - Issue 25945: Fixed a crash when unpickle the functools.partial object with wrong state. Fixed a leak in failed functools.partial constructor. "args" and "keywords" attributes of functools.partial have now always types tuple and dict correspondingly. - Issue 19883: Fixed possible integer overflows in zipimport. - Issue 26147: xmlrpclib now works with unicode not encodable with used non-UTF-8 encoding. - Issue 16620: Fixed AttributeError in msilib.Directory.glob(). - Issue 21847: Fixed xmlrpclib on Unicode-disabled builds. - Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__(). - Issue 26083: Workaround a subprocess bug that raises an incorrect "ValueError: insecure string pickle" exception instead of the actual exception on some platforms such as Mac OS X when an exception raised in the forked child process prior to the exec() was large enough that it overflowed the internal errpipe_read pipe buffer. - Issue 24103: Fixed possible use after free in ElementTree.iterparse(). - Issue 20954: _args_from_interpreter_flags used by multiprocessing and some tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED environment variable. - Issue 14285: When executing a package with the "python -m package" option, and package initialization raises ImportError, a proper traceback is now reported. - Issue 6478: _strptime's regexp cache now is reset after changing timezone with time.tzset(). - Issue 25718: Fixed copying object with state with boolean value is false. - Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for its second parameter. - Issue 10131: Fixed deep copying of minidom documents. Based on patch by Marian Ganisin. - Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling invalid data including tuple instructions. - Issue 25663: In the Readline completer, avoid listing duplicate global names, and search the global namespace before searching builtins. - Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error. - Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data. - Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis. - Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis. IDLE ---- - Issue 5124: Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. Original patch by Serhiy Storchaka. - Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue 26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue 25507: fix incorrect change in IOBinding that prevented printing. Change also prevented saving shell window with non-ascii characters. Augment IOBinding htest to include all major IOBinding functions. - Issue 25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. - Issue 26417: Prevent spurious errors and incorrect defaults when installing IDLE 2.7 on OS X: default configuration settings are no longer installed from OS X specific copies. Documentation ------------- - Issue 26736: Used HTTPS for external links in the documentation if possible. - Issue 6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. - Issue 26014: Guide users to the newer packaging documentation as was done for Python 3.x. In particular, the top-level 2.7 documentation page now links to the newer installer and distributions pages rather than the legacy install and Distutils pages; these are still linked to in the library/distutils doc page. Tests ----- - Issue 21916: Added tests for the turtle module. Patch by ingrid, Gregory Loyse and Jelle Zijlstra. - Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate. - Issue 25616: Tests for OrderedDict are extracted from test_collections into separate file test_ordered_dict. Build ----- - Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for running pgen when cross-compiling. The pgen output is normally saved with the source code anyway, and is still regenerated when doing a native build. Patch by Jonas Wagner and Xavier de Gaye. - Issue 19450: Update Windows builds to use SQLite 3.8.11.0. - Issue 27229: Fix the cross-compiling pgen rule for in-tree builds. Patch by Xavier de Gaye. - Issue 17603: Avoid error about nonexistant fileblocks.o file by using a lower-level check for st_blocks in struct stat. - Issue 26465: Update Windows builds to use OpenSSL 1.0.2g. - Issue 24421: Compile Modules/_math.c once, before building extensions. Previously it could fail to compile properly if the math and cmath builds were concurrent. - Issue 25824: Fixes sys.winver to not include any architecture suffix. - Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to ``PCbuild\build.bat`` for building with Profile-Guided Optimization. The old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls ``PCbuild\build.bat --pgo %*``. - Issue 25827: Add support for building with ICC to ``configure``, including a new ``--with-icc`` flag. - Issue 25696: Fix installation of Python on UNIX with make -j9. - Issue 26930: Update OS X 10.5+ 32-bit-only installer to build and link with OpenSSL 1.0.2h. - Issue 26268: Update Windows builds to use OpenSSL 1.0.2f. - Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries. Tools/Demos ----------- - Issue 26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. Patch written by Thomas Ilsche. C API ----- - Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++. Patch by Jeroen Demeyer. Misc ---- - Issue 17500, and python/pythondotorg#945: Remove unused and outdated icons.

lang/python27: security fix Revisions pulled up: - lang/python27/Makefile 1.61 - lang/python27/PLIST.common 1.15 - lang/python27/dist.mk 1.12 - lang/python27/distinfo 1.55 - lang/python27/patches/patch-Lib_distutils_unixccompiler.py 1.4 --- Module Name: pkgsrc Committed By: adam Date: Sat Jul 2 15:05:43 UTC 2016 Modified Files: pkgsrc/lang/python27: Makefile PLIST.common dist.mk distinfo pkgsrc/lang/python27/patches: patch-Lib_distutils_unixccompiler.py Log Message: Changes 2.7.2: Core and Builtins ----------------- - Issue 20041: Fixed TypeError when frame.f_trace is set to None. Patch by Xavier de Gaye. - Issue 25702: A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone. - Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by Joe Jevnik. - Issue 4806: Avoid masking the original TypeError exception when using star (*) unpacking and the exception was raised from a generator. Based on patch by Hagen Fu:rstenau. - Issue 26659: Make the builtin slice type support cycle collection. - Issue 26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly ignore errors from a __int__() method. - Issue 26494: Fixed crash on iterating exhausting iterators. Affected classes are generic sequence iterators, iterators of bytearray, list, tuple, set, frozenset, dict, OrderedDict and corresponding views. - Issue 26581: If coding cookie is specified multiple times on a line in Python source code file, only the first one is taken to account. - Issue 22836: Ensure exception reports from PyErr_Display() and PyErr_WriteUnraisable() are sensible even when formatting them produces secondary errors. This affects the reports produced by sys.__excepthook__() and when __del__() raises an exception. - Issue 22847: Improve method cache efficiency. - Issue 25843: When compiling code, don't merge constants if they are equal but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0`` is now correctly compiled to two different functions: ``f1()`` returns ``1`` (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0`` are equal. - Issue 22995: [UPDATE] Remove the one of the pickleability tests in _PyObject_GetState() due to regressions observed in Cython-based projects. - Issue 25961: Disallowed null characters in the type name. - Issue 22995: Instances of extension types with a state that aren't subclasses of list or dict and haven't implemented any pickle-related methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or __getstate__), can no longer be pickled. Including memoryview. - Issue 20440: Massive replacing unsafe attribute setting code with special macro Py_SETREF. - Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size. This allows sys.getsize() to work correctly with their subclasses with __slots__ defined. - Issue 19543: Added Py3k warning for decoding unicode. - Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside __getattr__. - Issue 24731: Fixed crash on converting objects with special methods __str__, __trunc__, and __float__ returning instances of subclasses of str, long, and float to subclasses of str, long, and float correspondingly. - Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples. - Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). Library ------- - Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283. - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team Oststrom - Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the locale. - Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send the Content-Type header field in responses that don't have a body. Based on patch by Susumu Koshiba. - Issue 21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue 27211: Fix possible memory corruption in io.IOBase.readline(). - Issue 27114: Fix SSLContext._load_windows_store_certs fails with PermissionError - Issue 14132: Fix urllib.request redirect handling when the target only has a query string. Fix by Ja'n Janech. - Removed the requirements for the ctypes and modulefinder modules to be compatible with earlier Python versions. - Issue 22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. Patch by Akira Li. - Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname(). Patch by Sijin Joseph. - Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib from hanging when retrieving certain FTP files. - Issue 25745: Fixed leaking a userptr in curses panel destructor. - Issue 17765: weakref.ref() no longer silently ignores keyword arguments. Patch by Georg Brandl. - Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue 24114: Fix an uninitialized variable in `ctypes.util`. The bug only occurs on SunOS when the ctypes implementation searches for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos. - Issue 26864: In urllib, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang. - Issue 26804: urllib will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen. - Issue 26837: assertSequenceEqual() now correctly outputs non-stringified differing items. This affects assertListEqual() and assertTupleEqual(). - Issue 26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer on Windows. This fixes a regression that was introduced in 2.7.7. Based on patch by Philipp Hagemeister. - Issue 19377: Add .svg to mimetypes.types_map. - Issue 13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson. - Issue 16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'. - Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. Patch by Eric Price. - Issue 26644: Raise ValueError rather than SystemError when a negative length is passed to SSLSocket.recv() or read(). - Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes instead of up to 1024. - Issue 24266: Ctrl+C during Readline history search now cancels the search mode when compiled with Readline 7. - Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and environment variable to configure the default handling of SSL/TLS certificates for HTTPS connections. - Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. - Issue 26513: Fixes platform module detection of Windows Server - Issue 23718: Fixed parsing time in week 0 before Jan 1. Original patch by Tama's Bence Gedai. - Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets. - Issue 15068: Got rid of excessive buffering in the fileinput module. The bufsize parameter is no longer used. - Issue 2202: Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy. - Issue 26475: Fixed debugging output for regular expressions with the (?x) flag. - Issue 26385: Remove the file if the internal fdopen() call in NamedTemporaryFile() fails. Based on patch by Silent Ghost. - Issue 26309: In the "socketserver" module, shut down the request (closing the connected socket) when verify_request() returns false. Based on patch by Aviv Palivoda. - Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates. - Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with Linux PID namespaces enabled. - Issue 25698: Importing module if the stack is too deep no longer replaces imported module with the empty one. - Issue 12923: Reset FancyURLopener's redirect counter even if there is an exception. Based on patches by Brian Brazil and Daniel Rocco. - Issue 25945: Fixed a crash when unpickle the functools.partial object with wrong state. Fixed a leak in failed functools.partial constructor. "args" and "keywords" attributes of functools.partial have now always types tuple and dict correspondingly. - Issue 19883: Fixed possible integer overflows in zipimport. - Issue 26147: xmlrpclib now works with unicode not encodable with used non-UTF-8 encoding. - Issue 16620: Fixed AttributeError in msilib.Directory.glob(). - Issue 21847: Fixed xmlrpclib on Unicode-disabled builds. - Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__(). - Issue 26083: Workaround a subprocess bug that raises an incorrect "ValueError: insecure string pickle" exception instead of the actual exception on some platforms such as Mac OS X when an exception raised in the forked child process prior to the exec() was large enough that it overflowed the internal errpipe_read pipe buffer. - Issue 24103: Fixed possible use after free in ElementTree.iterparse(). - Issue 20954: _args_from_interpreter_flags used by multiprocessing and some tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED environment variable. - Issue 14285: When executing a package with the "python -m package" option, and package initialization raises ImportError, a proper traceback is now reported. - Issue 6478: _strptime's regexp cache now is reset after changing timezone with time.tzset(). - Issue 25718: Fixed copying object with state with boolean value is false. - Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for its second parameter. - Issue 10131: Fixed deep copying of minidom documents. Based on patch by Marian Ganisin. - Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling invalid data including tuple instructions. - Issue 25663: In the Readline completer, avoid listing duplicate global names, and search the global namespace before searching builtins. - Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error. - Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data. - Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis. - Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis. IDLE ---- - Issue 5124: Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. Original patch by Serhiy Storchaka. - Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue 26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue 25507: fix incorrect change in IOBinding that prevented printing. Change also prevented saving shell window with non-ascii characters. Augment IOBinding htest to include all major IOBinding functions. - Issue 25905: Revert unwanted conversion of ' to ? RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. - Issue 26417: Prevent spurious errors and incorrect defaults when installing IDLE 2.7 on OS X: default configuration settings are no longer installed from OS X specific copies. Documentation ------------- - Issue 26736: Used HTTPS for external links in the documentation if possible. - Issue 6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. - Issue 26014: Guide users to the newer packaging documentation as was done for Python 3.x. In particular, the top-level 2.7 documentation page now links to the newer installer and distributions pages rather than the legacy install and Distutils pages; these are still linked to in the library/distutils doc page. Tests ----- - Issue 21916: Added tests for the turtle module. Patch by ingrid, Gregory Loyse and Jelle Zijlstra. - Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate. - Issue 25616: Tests for OrderedDict are extracted from test_collections into separate file test_ordered_dict. Build ----- - Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for running pgen when cross-compiling. The pgen output is normally saved with the source code anyway, and is still regenerated when doing a native build. Patch by Jonas Wagner and Xavier de Gaye. - Issue 19450: Update Windows builds to use SQLite 3.8.11.0. - Issue 27229: Fix the cross-compiling pgen rule for in-tree builds. Patch by Xavier de Gaye. - Issue 17603: Avoid error about nonexistant fileblocks.o file by using a lower-level check for st_blocks in struct stat. - Issue 26465: Update Windows builds to use OpenSSL 1.0.2g. - Issue 24421: Compile Modules/_math.c once, before building extensions. Previously it could fail to compile properly if the math and cmath builds were concurrent. - Issue 25824: Fixes sys.winver to not include any architecture suffix. - Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to ``PCbuild\build.bat`` for building with Profile-Guided Optimization. The old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls ``PCbuild\build.bat --pgo %*``. - Issue 25827: Add support for building with ICC to ``configure``, including a new ``--with-icc`` flag. - Issue 25696: Fix installation of Python on UNIX with make -j9. - Issue 26930: Update OS X 10.5+ 32-bit-only installer to build and link with OpenSSL 1.0.2h. - Issue 26268: Update Windows builds to use OpenSSL 1.0.2f. - Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries. Tools/Demos ----------- - Issue 26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. Patch written by Thomas Ilsche. C API ----- - Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++. Patch by Jeroen Demeyer. Misc ---- - Issue 17500, and python/pythondotorg#945: Remove unused and outdated icons.

unused and outdated icons.

lang/python27: security fix Revisions pulled up: - lang/python27/Makefile 1.61 - lang/python27/PLIST.common 1.15 - lang/python27/dist.mk 1.12 - lang/python27/distinfo 1.55 - lang/python27/patches/patch-Lib_distutils_unixccompiler.py 1.4 --- Module Name: pkgsrc Committed By: adam Date: Sat Jul 2 15:05:43 UTC 2016 Modified Files: pkgsrc/lang/python27: Makefile PLIST.common dist.mk distinfo pkgsrc/lang/python27/patches: patch-Lib_distutils_unixccompiler.py Log Message: Changes 2.7.2: Core and Builtins ----------------- - Issue 20041: Fixed TypeError when frame.f_trace is set to None. Patch by Xavier de Gaye. - Issue 25702: A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone. - Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by Joe Jevnik. - Issue 4806: Avoid masking the original TypeError exception when using star (*) unpacking and the exception was raised from a generator. Based on patch by Hagen Fu:rstenau. - Issue 26659: Make the builtin slice type support cycle collection. - Issue 26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly ignore errors from a __int__() method. - Issue 26494: Fixed crash on iterating exhausting iterators. Affected classes are generic sequence iterators, iterators of bytearray, list, tuple, set, frozenset, dict, OrderedDict and corresponding views. - Issue 26581: If coding cookie is specified multiple times on a line in Python source code file, only the first one is taken to account. - Issue 22836: Ensure exception reports from PyErr_Display() and PyErr_WriteUnraisable() are sensible even when formatting them produces secondary errors. This affects the reports produced by sys.__excepthook__() and when __del__() raises an exception. - Issue 22847: Improve method cache efficiency. - Issue 25843: When compiling code, don't merge constants if they are equal but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0`` is now correctly compiled to two different functions: ``f1()`` returns ``1`` (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0`` are equal. - Issue 22995: [UPDATE] Remove the one of the pickleability tests in _PyObject_GetState() due to regressions observed in Cython-based projects. - Issue 25961: Disallowed null characters in the type name. - Issue 22995: Instances of extension types with a state that aren't subclasses of list or dict and haven't implemented any pickle-related methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or __getstate__), can no longer be pickled. Including memoryview. - Issue 20440: Massive replacing unsafe attribute setting code with special macro Py_SETREF. - Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size. This allows sys.getsize() to work correctly with their subclasses with __slots__ defined. - Issue 19543: Added Py3k warning for decoding unicode. - Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside __getattr__. - Issue 24731: Fixed crash on converting objects with special methods __str__, __trunc__, and __float__ returning instances of subclasses of str, long, and float to subclasses of str, long, and float correspondingly. - Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples. - Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). Library ------- - Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283. - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team Oststrom - Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the locale. - Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send the Content-Type header field in responses that don't have a body. Based on patch by Susumu Koshiba. - Issue 21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue 27211: Fix possible memory corruption in io.IOBase.readline(). - Issue 27114: Fix SSLContext._load_windows_store_certs fails with PermissionError - Issue 14132: Fix urllib.request redirect handling when the target only has a query string. Fix by Ja'n Janech. - Removed the requirements for the ctypes and modulefinder modules to be compatible with earlier Python versions. - Issue 22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. Patch by Akira Li. - Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname(). Patch by Sijin Joseph. - Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib from hanging when retrieving certain FTP files. - Issue 25745: Fixed leaking a userptr in curses panel destructor. - Issue 17765: weakref.ref() no longer silently ignores keyword arguments. Patch by Georg Brandl. - Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue 24114: Fix an uninitialized variable in `ctypes.util`. The bug only occurs on SunOS when the ctypes implementation searches for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos. - Issue 26864: In urllib, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang. - Issue 26804: urllib will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen. - Issue 26837: assertSequenceEqual() now correctly outputs non-stringified differing items. This affects assertListEqual() and assertTupleEqual(). - Issue 26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer on Windows. This fixes a regression that was introduced in 2.7.7. Based on patch by Philipp Hagemeister. - Issue 19377: Add .svg to mimetypes.types_map. - Issue 13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson. - Issue 16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'. - Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. Patch by Eric Price. - Issue 26644: Raise ValueError rather than SystemError when a negative length is passed to SSLSocket.recv() or read(). - Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes instead of up to 1024. - Issue 24266: Ctrl+C during Readline history search now cancels the search mode when compiled with Readline 7. - Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and environment variable to configure the default handling of SSL/TLS certificates for HTTPS connections. - Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. - Issue 26513: Fixes platform module detection of Windows Server - Issue 23718: Fixed parsing time in week 0 before Jan 1. Original patch by Tama's Bence Gedai. - Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets. - Issue 15068: Got rid of excessive buffering in the fileinput module. The bufsize parameter is no longer used. - Issue 2202: Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy. - Issue 26475: Fixed debugging output for regular expressions with the (?x) flag. - Issue 26385: Remove the file if the internal fdopen() call in NamedTemporaryFile() fails. Based on patch by Silent Ghost. - Issue 26309: In the "socketserver" module, shut down the request (closing the connected socket) when verify_request() returns false. Based on patch by Aviv Palivoda. - Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates. - Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with Linux PID namespaces enabled. - Issue 25698: Importing module if the stack is too deep no longer replaces imported module with the empty one. - Issue 12923: Reset FancyURLopener's redirect counter even if there is an exception. Based on patches by Brian Brazil and Daniel Rocco. - Issue 25945: Fixed a crash when unpickle the functools.partial object with wrong state. Fixed a leak in failed functools.partial constructor. "args" and "keywords" attributes of functools.partial have now always types tuple and dict correspondingly. - Issue 19883: Fixed possible integer overflows in zipimport. - Issue 26147: xmlrpclib now works with unicode not encodable with used non-UTF-8 encoding. - Issue 16620: Fixed AttributeError in msilib.Directory.glob(). - Issue 21847: Fixed xmlrpclib on Unicode-disabled builds. - Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__(). - Issue 26083: Workaround a subprocess bug that raises an incorrect "ValueError: insecure string pickle" exception instead of the actual exception on some platforms such as Mac OS X when an exception raised in the forked child process prior to the exec() was large enough that it overflowed the internal errpipe_read pipe buffer. - Issue 24103: Fixed possible use after free in ElementTree.iterparse(). - Issue 20954: _args_from_interpreter_flags used by multiprocessing and some tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED environment variable. - Issue 14285: When executing a package with the "python -m package" option, and package initialization raises ImportError, a proper traceback is now reported. - Issue 6478: _strptime's regexp cache now is reset after changing timezone with time.tzset(). - Issue 25718: Fixed copying object with state with boolean value is false. - Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for its second parameter. - Issue 10131: Fixed deep copying of minidom documents. Based on patch by Marian Ganisin. - Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling invalid data including tuple instructions. - Issue 25663: In the Readline completer, avoid listing duplicate global names, and search the global namespace before searching builtins. - Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error. - Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data. - Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis. - Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis. IDLE ---- - Issue 5124: Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. Original patch by Serhiy Storchaka. - Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue 26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue 25507: fix incorrect change in IOBinding that prevented printing. Change also prevented saving shell window with non-ascii characters. Augment IOBinding htest to include all major IOBinding functions. - Issue 25905: Revert unwanted conversion of ' to ? RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. - Issue 26417: Prevent spurious errors and incorrect defaults when installing IDLE 2.7 on OS X: default configuration settings are no longer installed from OS X specific copies. Documentation ------------- - Issue 26736: Used HTTPS for external links in the documentation if possible. - Issue 6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. - Issue 26014: Guide users to the newer packaging documentation as was done for Python 3.x. In particular, the top-level 2.7 documentation page now links to the newer installer and distributions pages rather than the legacy install and Distutils pages; these are still linked to in the library/distutils doc page. Tests ----- - Issue 21916: Added tests for the turtle module. Patch by ingrid, Gregory Loyse and Jelle Zijlstra. - Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate. - Issue 25616: Tests for OrderedDict are extracted from test_collections into separate file test_ordered_dict. Build ----- - Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for running pgen when cross-compiling. The pgen output is normally saved with the source code anyway, and is still regenerated when doing a native build. Patch by Jonas Wagner and Xavier de Gaye. - Issue 19450: Update Windows builds to use SQLite 3.8.11.0. - Issue 27229: Fix the cross-compiling pgen rule for in-tree builds. Patch by Xavier de Gaye. - Issue 17603: Avoid error about nonexistant fileblocks.o file by using a lower-level check for st_blocks in struct stat. - Issue 26465: Update Windows builds to use OpenSSL 1.0.2g. - Issue 24421: Compile Modules/_math.c once, before building extensions. Previously it could fail to compile properly if the math and cmath builds were concurrent. - Issue 25824: Fixes sys.winver to not include any architecture suffix. - Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to ``PCbuild\build.bat`` for building with Profile-Guided Optimization. The old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls ``PCbuild\build.bat --pgo %*``. - Issue 25827: Add support for building with ICC to ``configure``, including a new ``--with-icc`` flag. - Issue 25696: Fix installation of Python on UNIX with make -j9. - Issue 26930: Update OS X 10.5+ 32-bit-only installer to build and link with OpenSSL 1.0.2h. - Issue 26268: Update Windows builds to use OpenSSL 1.0.2f. - Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries. Tools/Demos ----------- - Issue 26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. Patch written by Thomas Ilsche. C API ----- - Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++. Patch by Jeroen Demeyer. Misc ---- - Issue 17500, and python/pythondotorg#945: Remove unused and outdated icons.

python3.5 (3.5.3-1+deb9u4) stretch-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2021-23336: only use '&' as a query string separator * CVE-2021-3426: remove the pydoc getfile feature * CVE-2021-3177: replace snprintf with Python unicode python3.5 (3.5.3-1+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the LTS Team. [ Thorsten Alteholz ] * CVE-2019-20907: In Lib/tarfile.py, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation * CVE-2020-26116: http.client allows CRLF injection if the attacker controls the HTTP request method [ Roberto C. Sánchez ] * Update expired SSL certificates in unit test suite. python3.5 (3.5.3-1+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the LTS Security Team. * CVE-2018-20406: Modules/_pickle.c has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. * CVE-2018-20852: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. * Update test_ssl.py with newer certificate and openssl version handling * CVE-2019-5010: an exploitable denial-of-service vulnerability exists in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. * CVE-2019-9636: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. * Fix functional regression introduced by CVE-2019-9636 fix, which in turn introduces CVE-2019-10160 * CVE-2019-10160: a security regression was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. * CVE-2019-9740: an issue was discovered in urllib2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. * CVE-2019-9947: an issue was discovered in urllib2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. * CVE-2019-18348: an issue was discovered in urllib2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue * CVE-2019-9948: urllib supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. * CVE-2019-16935: The documentation XML-RPC server has XSS via the server_title field. This occurs in Lib/xmlrpc/server.py. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. * CVE-2019-16056: the email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. * CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. python3.5 (3.5.3-1+deb9u1) stretch-security; urgency=medium * CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 python3.5 (3.5.3-1) unstable; urgency=medium * Python 3.5.3 release. python3.5 (3.5.3~rc1-1) unstable; urgency=medium * Python 3.5.3 release candidate 1. - Issue #29073: bytearray formatting no longer truncates on first null byte. - Issue #28932: Do not include <sys/random.h> if it does not exist. - Issue #28147: Fix a memory leak in split-table dictionaries: setattr() must not convert combined table into split table. - Issue #25677: Correct the positioning of the syntax error caret for indented blocks. - Issue #29000: Fixed bytes formatting of octals with zero padding in alternate form. - Issue #15812: inspect.getframeinfo() now correctly shows the first line of a context. - Issue #29094: Offsets in a ZIP file created with extern file object and modes "w" and "x" now are relative to the start of the file. - Issue #13051: Fixed recursion errors in large or resized curses.textpad.Textbox. - Issue #29119: Fix weakrefs in the pure python version of collections.OrderedDict move_to_end() method. - Issue #9770: curses.ascii predicates now work correctly with negative integers. - Issue #28427: old keys should not remove new values from WeakValueDictionary when collecting from another thread. - Issue 28923: Remove editor artifacts from Tix.py. - Issue #28871: Fixed a crash when deallocate deep ElementTree. - Issue #19542: Fix bugs in WeakValueDictionary.setdefault() and WeakValueDictionary.pop() when a GC collection happens in another thread. - Issue #20191: Fixed a crash in resource.prlimit() when pass a sequence that doesn't own its elements as limits. - Issue #28990: Fix SSL hanging if connection is closed before handshake completed. * Update symbols files. python3.5 (3.5.2-9) unstable; urgency=medium * Update to 20161213 from the 3.5 branch. - Issue #28512: Fixed setting the offset attribute of SyntaxError by PyErr_SyntaxLocationEx() and PyErr_SyntaxLocationObject(). - Issue #5322: Fixed setting __new__ to a PyCFunction inside Python code. - Issue #28779: multiprocessing.set_forkserver_preload() would crash the forkserver process if a preloaded module instantiated some multiprocessing objects such as locks. - Issue #28847: dbm.dumb now supports reading read-only files and no longer writes the index file when it is not changed. - Issue #24142: Reading a corrupt config file left the parser in an invalid state. - Issue #28808: PyUnicode_CompareWithASCIIString() now never raises exceptions. * Update references in pdb(1). Closes: #840239. * Update symbols files. python3.5 (3.5.2-8) unstable; urgency=medium * Update to 20161121 from the 3.5 branch. - Issue #19398: Extra slash no longer added to sys.path components in case of empty compile-time PYTHONPATH components. - Issue #27942: Fix memory leak in codeobject.c - Issue #25659: In ctypes, prevent a crash calling the from_buffer() and from_buffer_copy() methods on abstract classes like Array. - Issue #28732: Fix crash in os.spawnv() with no elements in args. - Issue #28485: Always raise ValueError for negative compileall.compile_dir(workers=...) parameter, even when multithreading is unavailable. - Issue #28387: Fixed possible crash in _io.TextIOWrapper deallocator when the garbage collector is invoked in other thread. - Issue #28600: Optimize loop.call_soon(). - Issue #28613: Fix get_event_loop() return the current loop if called from coroutines/callbacks. - Issue #28639: Fix inspect.isawaitable to always return bool - Issue #28652: Make loop methods reject socket kinds they do not support. - Issue #28653: Fix a refleak in functools.lru_cache. - Issue #28703: Fix asyncio.iscoroutinefunction to handle Mock objects. - Issue #28666: Now test.support.rmtree is able to remove unwritable or unreadable directories. - Issue #23839: Various caches now are cleared before running every test file. - Issue #26359: Rename --with-optimiations to --enable-optimizations. python3.5 (3.5.2-7) unstable; urgency=medium * Update to 20161103 from the 3.5 branch. - Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug build. - Issue #23782: Fixed possible memory leak in _PyTraceback_Add() and exception loss in PyTraceBack_Here(). - Issue #28379: Added sanity checks and tests for PyUnicode_CopyCharacters(). - Issue #28376: The type of long range iterator is now registered as Iterator. - Issue #28376: The constructor of range_iterator now checks that step is not 0. - Issue #26906: Resolving special methods of uninitialized type now causes implicit initialization of the type instead of a fail. - Issue #18287: PyType_Ready() now checks that tp_name is not NULL. - Issue #24098: Fixed possible crash when AST is changed in process of compiling it. - Issue #28350: String constants with null character no longer interned. - Issue #26617: Fix crash when GC runs during weakref callbacks. - Issue #27942: String constants now interned recursively in tuples and frozensets. - Issue #21578: Fixed misleading error message when ImportError called with invalid keyword args. - Issue #28203: Fix incorrect type in error message from ``complex(1.0, {2:3})``. - Issue #27517: LZMA compressor and decompressor no longer raise exceptions if given empty data twice. - Issue #28549: Fixed segfault in curses's addch() with ncurses6. - Issue #28449: tarfile.open() with mode "r" or "r:" now tries to open a tar file with compression before trying to open it without compression. Otherwise it had 50% chance failed with ignore_zeros=True. - Issue #23262: The webbrowser module now supports Firefox 36+ and derived browsers. - Issue #27939: Fixed bugs in tkinter.ttk.LabeledScale and tkinter.Scale caused by representing the scale as float value internally in Tk. tkinter.IntVar now works if float value is set to underlying Tk variable. - Issue #28255: calendar.TextCalendar().prmonth() no longer prints a space at the start of new line after printing a month's calendar. - Issue #20491: The textwrap.TextWrapper class now honors non-breaking spaces. - Issue #28353: os.fwalk() no longer fails on broken links. - Issue #25464: Fixed HList.header_exists() in tkinter.tix module by addin a workaround to Tix library bug. - Issue #28488: shutil.make_archive() no longer add entry "./" to ZIP archive. - Issue #24452: Make webbrowser support Chrome on Mac OS X. - Issue #20766: Fix references leaked by pdb in the handling of SIGINT handlers. - Issue #26293: Fixed writing ZIP files that starts not from the start of the file. Offsets in ZIP file now are relative to the start of the archive in conforming to the specification. - Issue #28321: Fixed writing non-BMP characters with binary format in plistlib. - Issue #28322: Fixed possible crashes when unpickle itertools objects from incorrect pickle data. - Fix possible integer overflows and crashes in the mmap module with unusual usage patterns. - Issue #1703178: Fix the ability to pass the --link-objects option to the distutils build_ext command. - Issue #28253: Fixed calendar functions for extreme months: 0001-01 and 9999-12. - Issue #28275: Fixed possible use after free in the decompress() methods of the LZMADecompressor and BZ2Decompressor classes. - Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() if pass invalid string-like object as a name. - Issue #27611: Fixed support of default root window in the tkinter.tix module. - Issue #28368: Refuse monitoring processes if the child watcher has no loop attached. - Issue #28369: Raise RuntimeError when transport's FD is used with add_reader, add_writer, etc. - Issue #28370: Speedup asyncio.StreamReader.readexactly. - Issue #28371: Deprecate passing asyncio.Handles to run_in_executor. - Issue #28372: Fix asyncio to support formatting of non-python coroutines. - Issue #28399: Remove UNIX socket from FS before binding. - Issue #27972: Prohibit Tasks to await on themselves. - Issue #26923: Fix asyncio.Gather to refuse being cancelled once all children are done. - Issue #26796: Don't configure the number of workers for default threadpool executor. - Issue #15308: Add 'interrupt execution' (^C) to Shell menu. - Issue #28513: Documented command-line interface of zipfile. - Issue #28409: regrtest: fix the parser of command line arguments. - Issue #28444: Fix missing extensions modules when cross compiling. - Issue #28258: Fixed build with Estonian locale (python-config and distclean targets in Makefile). * Build using openssl 1.1. Closes: #835794. python3.5 (3.5.2-6) unstable; urgency=medium * Update to 20160922 from the 3.5 branch. - Issue #27955: Fallback on reading /dev/urandom device when the getrandom() syscall fails with EPERM, for example when blocked by SECCOMP. - Issue #28131: Fix a regression in zipimport's compile_source(). zipimport should use the same optimization level as the interpreter. - Issue #25221: Fix corrupted result from PyLong_FromLong(0) when Python is compiled with NSMALLPOSINTS = 0. - Issue #28189: dictitems_contains no longer swallows compare errors. - Issue #27348: In the traceback module, restore the formatting of exception messages like "Exception: None". This fixes a regression introduced in 3.5a2. - Issue #25651: Allow falsy values to be used for msg parameter of subTest(). - Fix UnboundLocalError in socket._sendfile_use_sendfile. - Issue #28075: Check for ERROR_ACCESS_DENIED in Windows implementation of os.stat(). - Issue #25270: Prevent codecs.escape_encode() from raising SystemError when an empty bytestring is passed. - Issue #28181: Get antigravity over HTTPS. - Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoin. - Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). - Issue #19003:m email.generator now replaces only \r and/or \n line endings, per the RFC, instead of all unicode line endings. - Issue #28019: itertools.count() no longer rounds non-integer step in range between 1.0 and 2.0 to 1. - Issue #25969: Update the lib2to3 grammar to handle the unpacking generalizations added in 3.5. - Issue #17582: xml.etree.ElementTree nows preserves whitespaces in attributes. - Issue #27456: asyncio: Set TCP_NODELAY by default. - Issue #27906: Fix socket accept exhaustion during high TCP traffic. - Issue #28174: Handle when SO_REUSEPORT isn't properly supported. - Issue #26654: Inspect functools.partial in asyncio.Handle.__repr__. - Issue #26909: Fix slow pipes IO in asyncio. - Issue #28176: Fix callbacks race in asyncio.SelectorLoop.sock_connect. - Issue #27759: Fix selectors incorrectly retain invalid file descriptors. - Issue #27922: Stop IDLE tests from 'flashing' gui widgets on the screen. - Add version to title of IDLE help window. - Issue #25564: In section on IDLE -- console differences, mention that using exec means that __builtins__ is defined for each statement. - Issue #27952: Get Tools/scripts/fixcid.py working with Python 3 and the current "re" module, avoid invalid Python backslash escapes, and fix a bug parsing escaped C quote signs. - Issue #26661: setup.py now detects system libffi with multiarch wrapper. - Issue #28066: Fix the logic that searches build directories for generated include files when building outside the source tree. - Issue #15819: Remove redundant include search directory option for building outside the source tree. - Issue #27566: Fix clean target in freeze makefile. - Issue #27705: Update message in validate_ucrtbase.py * Don't build the fpectl module on hppa. Closes: #837314. python3.5 (3.5.2-5) unstable; urgency=medium * Update to 20160910 from the 3.5 branch. - Issue #25758: Prevents zipimport from unnecessarily encoding a filename. - Issue #27812: Properly clear out a generator's frame's backreference to the generator to prevent crashes in frame.clear(). - Issue #27811: Fix a crash when a coroutine that has not been awaited is finalized with warnings-as-errors enabled. - Issue #26020: set literal evaluation order did not match documented behaviour. - Issue #27936: The round() function accepted a second None argument for some types but not for others. Fixed the inconsistency by accepting None for all numeric types. - Issue #14977: mailcap now respects the order of the lines in the mailcap files ("first match"), as required by RFC 1542. - Issue #24594: Validates persist parameter when opening MSI database - Issue #28047: Fixed calculation of line length used for the base64 CTE in the new email policies. - Issue #27445: Don't pass str(_charset) to MIMEText.set_payload(). - Issue #22450: urllib now includes an "Accept: */*" header among the default headers. This makes the results of REST API requests more consistent and predictable especially when proxy servers are involved. - lib2to3.pgen3.driver.load_grammar() now creates a stable cache file between runs given the same Grammar.txt input regardless of the hash randomization setting. - Issue #27570: Avoid zero-length memcpy() etc calls with null source pointers in the "ctypes" and "array" modules. - Issue #22233: Break email header lines *only* on the RFC specified CR and LF characters, not on arbitrary unicode line breaks. This also fixes a bug in HTTP header parsing. - Issue 27988: Fix email iter_attachments incorrect mutation of payload list. - Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. - Issue #27850: Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack (CVE-2016-2183). - Issue #27766: Add ChaCha20 Poly1305 to ssl module's default ciper list. (Required OpenSSL 1.1.0 or LibreSSL). - Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. - Remove support for passing a file descriptor to os.access. It never worked but previously didn't raise. - Issue #12885: Fix error when distutils encounters symlink. - Issue #27881: Fixed possible bugs when setting sqlite3.Connection.isolation_level. - Issue #27706: Restore deterministic behavior of random.Random().seed() for string seeds using seeding version 1. Allows sequences of calls to random() to exactly match those obtained in Python 2. - Issue #27930: Improved behaviour of logging.handlers.QueueListener. - Issue #21201: Improves readability of multiprocessing error message. - Issue #27983: Cause lack of llvm-profdata tool when using clang as required for PGO linking to be a configure time error rather than make time when --with-optimizations is enabled. Also improve our ability to find the llvm-profdata tool on MacOS and some Linuxes. - Issue #26307: The profile-opt build now applys PGO to the built-in modules. - Issue #26359: Add the --with-optimizations configure flag. * Fix invalid code in pyhash/siphash24. LP: #1620754. Issue #28055. * Disable the Pgen cache tests; not shipping the pickled grammar files. * Update symbols files. python3.5 (3.5.2-4) unstable; urgency=medium * Update to 20160830 from the 3.5 branch. - Issue #27587: Fix another issue found by PVS-Studio: Null pointer check after use of 'def' in _PyState_AddModule(). - Issue #27782: Multi-phase extension module import now correctly allows the ``m_methods`` field to be used to add module level functions to instances of non-module types returned from ``Py_create_mod``. - Issue #27487: Warn if a submodule argument to "python -m" or runpy.run_module() is found in sys.modules after parent packages are imported, but before the submodule is executed. - Issue #27558: Fix a SystemError in the implementation of "raise" statement. In a brand new thread, raise a RuntimeError since there is no active exception to reraise. - Issue #27861: Fixed a crash in sqlite3.Connection.cursor() when a factory creates not a cursor. - Issue #19884: Avoid spurious output on OS X with Gnu Readline. - Issue #10513: Fix a regression in Connection.commit(). Statements should not be reset after a commit. - A new version of typing.py from https://github.com/python/typing: - Collection (only for 3.6) (Issue #27598) - Add FrozenSet to __all__ (upstream #261) - fix crash in _get_type_vars() (upstream #259) - Remove the dict constraint in ForwardRef._eval_type (upstream #252) - Issue #27539: Fix unnormalised ``Fraction.__pow__`` result in the case of negative exponent and negative base. - Issue #21718: cursor.description is now available for queries using CTEs. - Issue #2466: posixpath.ismount now correctly recognizes mount points which the user does not have permission to access. - Issue #27773: Correct some memory management errors server_hostname in _ssl.wrap_socket(). - Issue #26750: unittest.mock.create_autospec() now works properly for subclasses of property() and other data descriptors. - In the curses module, raise an error if window.getstr() or window.instr() is passed a negative value. - Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller. - Issue #27774: Fix possible Py_DECREF on unowned object in _sre. - Issue #27760: Fix possible integer overflow in binascii.b2a_qp. - Issue #27758: Fix possible integer overflow in the _csv module for large record lengths. - Issue #27714: text_textview and test_autocomplete now pass when re-run in the same process. This occurs when test_idle fails when run with the -w option but without -jn. Fix warning from test_config. - Issue #25507: IDLE no longer runs buggy code because of its tkinter imports. Users must include the same imports required to run directly in Python. - Issue #27452: add line counter and crc to IDLE configHandler test dump. - Issue #27787: Call gc.collect() before checking each test for "dangling threads", since the dangling threads are weak references. - Issue #27713: Suppress spurious build warnings when updating importlib's bootstrap files. - Issue #25825: Correct the references to Modules/python.exp and ld_so_aix, which are required on AIX. This updates references to an installation path that was changed in 3.2a4, and undoes changed references to the build tree that were made in 3.5.0a1. * Disable PGO build on armhf (bus errors in the python executable). python3.5 (3.5.2-3) unstable; urgency=medium * Update to 20160805 from the 3.5 branch. - Issue #27419: Standard __import__() no longer look up "__import__" in globals or builtins for importing submodules or "from import". Fixed handling an error of non-string package name. - Issue #27514: Make having too many statically nested blocks a SyntaxError instead of SystemError. - Issue #27473: Fixed possible integer overflow in bytes and bytearray concatenations. - Issue #27507: Add integer overflow check in bytearray.extend(). - Issue #27581: Don't rely on wrapping for overflow check in PySequence_Tuple(). - Issue #27443: __length_hint__() of bytearray iterators no longer return a negative integer for a resized bytearray. - Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. - Issue #27656: Do not assume sched.h defines any SCHED_* constants. - Issue #27130: In the "zlib" module, fix handling of large buffers (typically 4 GiB) when compressing and decompressing. Previously, inputs were limited to 4 GiB, and compression and decompression operations did not properly handle results of 4 GiB. - Issue #27533: Release GIL in nt._isdir - Issue #17711: Fixed unpickling by the persistent ID with protocol 0. - Issue #27522: Avoid an unintentional reference cycle in email.feedparser. - Issue #26844: Fix error message for imp.find_module() to refer to 'path' instead of 'name'. - Issue #23804: Fix SSL zero-length recv() calls to not block and not raise an error about unclean EOF. - Issue #27466: Change time format returned by http.cookie.time2netscape, confirming the netscape cookie format and making it consistent with documentation. - Issue #26664: Fix activate.fish by removing mis-use of ``$``. - Issue #22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong mode no longer break tracing, trace_vinfo() now always returns a list of pairs of strings, tracing in the "u" mode now works. - Fix a scoping issue in importlib.util.LazyLoader which triggered an UnboundLocalError when lazy-loading a module that was already put into sys.modules. - Issue #27079: Fixed curses.ascii functions isblank(), iscntrl() and ispunct(). - Issue #26754: Some functions (compile() etc) accepted a filename argument encoded as an iterable of integers. Now only strings and byte-like objects are accepted. - Issue #27048: Prevents distutils failing on Windows when environment variables contain non-ASCII characters - Issue #27330: Fixed possible leaks in the ctypes module. - Issue #27238: Got rid of bare excepts in the turtle module. - Issue #27122: When an exception is raised within the context being managed by a contextlib.ExitStack() and one of the exit stack generators catches and raises it in a chain, do not re-raise the original exception when exiting, let the new chained one through. This avoids the PEP 479 bug described in issue25782. - [Security] Issue #27278: Fix os.urandom() implementation using getrandom() on Linux. - Issue #26386: Fixed ttk.TreeView selection operations with item id's containing spaces. - [Security] Issue #22636: Avoid shell injection problems with ctypes.util.find_library(). - Issue #16182: Fix various functions in the "readline" module to use the locale encoding, and fix get_begidx() and get_endidx() to return code point indexes. - Issue #27392: Add loop.connect_accepted_socket(). - Issue #27245: IDLE: Cleanly delete custom themes and key bindings. - Issue #26754: PyUnicode_FSDecoder() accepted a filename argument encoded as an iterable of integers. Now only strings and bytes-like objects are accepted. - Issue #27369: In test_pyexpat, avoid testing an error message detail that changed in Expat 2.2.0. - Issue #27332: Fixed the type of the first argument of module-level functions generated by Argument Clinic. - Issue #27418: Fixed Tools/importbench/importbench.py. - Issue #27453: CPP invocation in configure must use CPPFLAGS. - Issue #27641: The configure script now inserts comments into the makefile to prevent the pgen and _freeze_importlib executables from being cross- compiled. - Issue #26662: Set PYTHON_FOR_GEN in configure as the Python program to be used for file generation during the build. * Revert the proposed patch for asyncio issue 366, doesn't work anymore, and not applied upstream.. python3.5 (3.5.2-2) unstable; urgency=medium * asyncio: Fix callbacks race in SelectorLoop.sock_connect, proposed patch taken from https://github.com/python/asyncio/pull/366. * asyncio: Fix NameError in asyncio.sslproto. Closes: #827453. python3.5 (3.5.2-1) unstable; urgency=medium * Python 3.5.2 release. - Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test. - Issue #27365: Allow non-ascii in idlelib/NEWS.txt. python3.5 (3.5.2~rc1-3) unstable; urgency=medium * Fix building with the wheel files in the source package. python3.5 (3.5.2~rc1-1) unstable; urgency=medium * Python 3.5.2 release candidate 1. - Issue #15657: Delete incorrect statement from PyMethodDef documentation. - Issue #27289: Prevent test_urllib2net failures due to EOFError raised by ftplib. - Issue #25455: Clean up reference loops created in tests for recursive. - Issue #27190: Raise NotSupportedError if sqlite3 is older than 3.3.1. - Issue #27188: Fix various sqlite3 documentation errors. - Issue #15476: Make "code object" its own entry in the index. - Issue #8491: Add link to Gnu Readline configuration documentation. - Issue #24617: Add comment for os.mkdir about mode quirks. - Issue #27280: Fix typo in IPv6Network documentation. - Issue #17500, and https://github.com/python/pythondotorg/issues/945: Remove unused and outdated icons. - Issue #20900: distutils register command now decodes HTTP responses correctly. - Issue #5124: Paste with selection should always replace. This is how paste work on Windows, Mac, modern Linux apps, and ttk widgets. The exception was X11 tk widgets. - Issue #27223: aio: Fix _read_ready and _write_ready to respect _conn_lost. - Issue #22970: asyncio: Fix inconsistency cancelling Condition.wait. - Issue #22558: Add remaining doc links to source code for Python-coded modules. - Issue #21386: Implement missing IPv4Address.is_global property. - Issue #27194: superfluous truncate calls in tarfile.py slow down extraction. - Issue #14209: pkgutil.iter_zipimport_modules ignores the prefix for packages. - Issue #24136: Document generalized unpacking, PEP 448. - Issue #27286: Fixed compiling BUILD_MAP_UNPACK_WITH_CALL opcode. Calling function with generalized unpacking (PEP 448) and conflicting keyword names could cause undefined behavior. - Issue #25455: Fixed a crash in repr of ElementTree.Element with recursive tag. * Extend debian/copyright to the files shipped in the wheel files. python3.5 (3.5.1-16) unstable; urgency=high * Restore the distutils-init patch, only applied on upstream trunk. python3.5 (3.5.1-15) unstable; urgency=high * Fix bad update of the distutils-install-layout patch. python3.5 (3.5.1-14) unstable; urgency=medium * Update to 20160609 from the 3.5 branch. - A new version of typing.py provides several new classes and features: @overload outside stubs, Reversible, DefaultDict, Text, ContextManager, Type[], NewType(), TYPE_CHECKING, and numerous bug fixes (note that some of the new features are not yet implemented in mypy or other static analyzers). Also classes for PEP 492 (Awaitable, AsyncIterable, AsyncIterator) have been added (in fact they made it into 3.5.1 but were never mentioned). - Issue #25738: Stop http.server.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send Content header fields in responses that don't have a body. - Issue #21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue #26839: On Linux, :func:`os.urandom` now calls ``getrandom()`` with ``GRND_NONBLOCK`` to fall back on reading ``/dev/urandom`` if the urandom entropy pool is not initialized yet. Closes: #824379. - Issue #27164: In the zlib module, allow decompressing raw Deflate streams with a predefined zdict. - Issue #24291: Fix wsgiref.simple_server.WSGIRequestHandler to completely write data to the client. Previously it could do partial writes and truncate data. Also, wsgiref.handler.ServerHandler can now handle stdout doing partial writes, but this is deprecated. - Issue #26809: Add ``__all__`` to :mod:`string`. - Issue #26373: subprocess.Popen.communicate now correctly ignores BrokenPipeError when the child process dies before .communicate() is called in more/all circumstances. - Issue #24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue #27196: Stop 'ThemeChanged' warnings when running IDLE tests. These persisted after other warnings were suppressed in #20567. - Issue #20567: Revise idle_test/README.txt with advice about avoiding tk warning messages from tests. Apply advice to several IDLE tests. - Issue #26884: Fix linking extension modules for cross builds. - Issue #26014: Update 3.x packaging documentation: * "See also" links to the new docs are now provided in the legacy pages * links to setuptools documentation have been updated - Issue #27229: Fix the cross-compiling pgen rule for in-tree builds. * Don't run multiprocessing tests during the profiling build. python3.5 (3.5.1-13) unstable; urgency=medium * Update to 20160603 from the 3.5 branch. - Issue #26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue #26991: Fix possible refleak when creating a function with annotations. - Issue #27039: Fixed bytearray.remove() for values greater than 127. - Issue #23640: int.from_bytes() no longer bypasses constructors for subclasses. - Issue #27138: Fix the doc comment for FileFinder.find_spec(). - Issue #27147: Mention PEP 420 in the importlib docs. - Issue #21776: distutils.upload now correctly handles HTTPError. - Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError. - Issue #18383: Avoid creating duplicate filters when using filterwarnings and simplefilter. - Issue #27057: Fix os.set_inheritable() on Android, ioctl() is blocked by SELinux and fails with EACCESS. The function now falls back to fcntl(). - Issue #27014: Fix infinite recursion using typing.py. - Issue #14132: Fix urllib.request redirect handling when the target only has a query string. - Issue #17214: The "urllib.request" module now percent-encodes non-ASCII bytes found in redirect target URLs. Some servers send Location header fields with non-ASCII bytes, but "http.client" requires the request target to be ASCII-encodable, otherwise a UnicodeEncodeError is raised. - Issue #26892: Honor debuglevel flag in urllib.request.HTTPHandler. - Issue #22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. - Issue #26807: mock_open 'files' no longer error on readline at end of file. - Issue #26977: Removed unnecessary, and ignored, call to sum of squares helper in statistics.pvariance. - Issue #26848: Fix asyncio/subprocess.communicate() to handle empty input. - Issue #27040: Add loop.get_exception_handler method - Issue #27041: asyncio: Add loop.create_future method * IDLE changes: - Issue #27117: Make colorizer htest and turtledemo work with dark themes. Move code for configuring text widget colors to a new function. - Issue #26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue #21939: Add test for IDLE's percolator. - Issue #21676: Add test for IDLE's replace dialog. - Issue #18410: Add test for IDLE's search dialog. - Issue #21703: Add test for IDLE's undo delegator. - Issue #27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - Issue #23977: Add more asserts to test_delegator. - Issue #20640: Add tests for idlelib.configHelpSourceEdit. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue #25507: fix incorrect change in IOBinding that prevented printing. Augment IOBinding htest to include all major IOBinding functions. - Issue #25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. * Rebuild to pick up the GNU triplet change on i386 archs. Addresses: #826128. python3.5 (3.5.1-12) unstable; urgency=medium * Update to 20160509 from the 3.5 branch. - Issue #26811: gc.get_objects() no longer contains a broken tuple with NULL pointer. - Issue #20120: Use RawConfigParser for .pypirc parsing, removing support for interpolation unintentionally added with move to Python 3. Behavior no longer does any interpolation in .pypirc files, matching behavior in Python 2.7 and Setuptools 19.0. - Issue #25745: Fixed leaking a userptr in curses panel destructor. - Issue #26881: The modulefinder module now supports extended opcode arguments. - Issue #23815: Fixed crashes related to directly created instances of types in _tkinter and curses.panel modules. - Issue #17765: weakref.ref() no longer silently ignores keyword arguments. - Issue #26873: xmlrpc now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue #26881: modulefinder now works with bytecode with extended args. - Issue #26711: Fixed the comparison of plistlib.Data with other types. - Issue #24114: Fix an uninitialized variable in `ctypes.util`. - Issue #26864: In urllib.request, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. - Issue #26634: recursive_repr() now sets __qualname__ of wrapper. - Issue #26804: urllib.request will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. - Issue #26837: assertSequenceEqual() now correctly outputs non-stringified differing items (like bytes in the -b mode). This affects assertListEqual() and assertTupleEqual(). - Issue #26041: Remove "will be removed in Python 3.7" from deprecation messages of platform.dist() and platform.linux_distribution(). - Issue #26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue #26733: Disassembling a class now disassembles class and static methods. - Issue #26801: Fix error handling in :func:`shutil.get_terminal_size`, catch :exc:`AttributeError` instead of :exc:`NameError`. - Issue #24838: tarfile's ustar and gnu formats now correctly calculate name and link field limits for multibyte character encodings like utf-8. - Issue #26657: Fix directory traversal vulnerability with http.server on Windows. - Issue #26736: Used HTTPS for external links in the documentation if possible. - Issue #22359: Disable the rules for running _freeze_importlib and pgen when cross-compiling. The output of these programs is normally saved with the source code anyway, and is still regenerated when doing a native build. Closes: #820509. - Issue #21668: Link audioop, _datetime, _ctypes_test modules to libm. - Issue #26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. * Fix issue #26673, runtime error in idle3. LP: #1574892. * Update symbols files. python3.5 (3.5.1-11) unstable; urgency=medium * Update to 20160330 from the 3.5 branch. - Issue #26659: Make the builtin slice type support cycle collection. - Issue #26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue #25339: PYTHONIOENCODING now has priority over locale in setting the error handler for stdin and stdout. - Issue #26717: Stop encoding Latin-1-ized WSGI paths with UTF-8. - Issue #26735: Fix :func:`os.urandom` on Solaris 11.3 and newer when reading more than 1,024 bytes: call ``getrandom()`` multiple times with a limit of 1024 bytes per call. - Issue #16329: Add .webm to mimetypes.types_map. - Issue #13952: Add .csv to mimetypes.types_map. - Issue #26709: Fixed Y2038 problem in loading binary PLists. - Issue #23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. - Issue #26586: In http.server, respond with "413 Request header fields too large" if there are too many header fields to parse, rather than killing the connection and raising an unhandled exception. - Issue #22854: Change BufferedReader.writable() and BufferedWriter.readable() to always return False. - Issue #6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. python3.5 (3.5.1-10) unstable; urgency=medium * Update to 20160330 from the 3.5 branch. python3.5 (3.5.1-9) unstable; urgency=medium * Update to 20160323 from the 3.5 branch. * Always build _math.o with -fPIC. python3.5 (3.5.1-8) unstable; urgency=medium * Update to 20160318 from the 3.5 branch. * Fix python3-venv with updated python-pip packages (Barry Warsaw). Closes: #815014, #815864. * Fix generating devhelp documentation (Simon McVittie). Closes: #816299. LP: #1553633. python3.5 (3.5.1-7) unstable; urgency=medium * Update to 20160224 from the 3.5 branch. * python3.5-venv: Drop the dependency on python-setuptools-whl, depend on python-pip-whl (>= 8.0.2-7). * Don't run the test_socket test, hangs on some buildds. python3.5 (3.5.1-6) unstable; urgency=medium * Update to 20160221 from the 3.5 branch. python3.5 (3.5.1-5) unstable; urgency=medium * Update to 20160113 from the 3.5 branch. python3.5 (3.5.1-4) unstable; urgency=medium * Update to 20160111 from the 3.5 branch. python3.5 (3.5.1-3) unstable; urgency=medium * Update to 20160105 from the 3.5 branch. * Fix maintainer scripts with findutils 4.6. Closes: #809079. python3.5 (3.5.1-2) unstable; urgency=medium * Disable LTO on Debian/s390x. * Don't run test_signal on alpha, currently breaks the testsuite. python3.5 (3.5.1-1) unstable; urgency=medium * Python 3.5.1 release. * Fix building architecture independent packages only. Closes: #806870. * Update symbols files for i386. * d/p/fix-sslv3-test.diff: properly handle Ubuntu's openssl having OP_NO_SSLv3 forced on by default (Marc Deslauriers). python3.5 (3.5.1~rc1-2) unstable; urgency=medium * Build-depend on time. python3.5 (3.5.1~rc1-1) unstable; urgency=medium * Python 3.5.1 release candidate 1. * Don't ship menu files anymore, just desktop files. * Update symbols file. python3.5 (3.5.0-4) unstable; urgency=medium * Update to 20151028 from the 3.5 branch. - Issue #25274: sys.setrecursionlimit() now raises a RecursionError if the new recursion limit is too low depending at the current recursion depth. Modify also the "lower-water mark" formula to make it monotonic. This mark is used to decide when the overflowed flag of the thread state is reset. - Issue #25447: The lru_cache() wrapper objects now can be copied and pickled (by returning the original object unchanged). - Issue #25390: typing: Don't crash on Union[str, Pattern]. - Issue #25441: asyncio: Raise error from drain() when socket is closed. - Issue #25410: Cleaned up and fixed minor bugs in C implementation of OrderedDict. - Issue #25411: Improved Unicode support in SMTPHandler through better use of the email package. - Issue #25407: Remove mentions of the formatter module being removed in Python 3.6. - Issue #25406: Fixed a bug in C implementation of OrderedDict.move_to_end() that caused segmentation fault or hang in iterating after moving several items to the start of ordered dict. - Issue #25380: Fixed protocol for the STACK_GLOBAL opcode in pickletools.opcodes. - Issue #25471: Sockets returned from accept() shouldn't appear to be nonblocking. - Issue #25440: Fix output of python-config --extension-suffix. python3.5 (3.5.0-3) unstable; urgency=medium * Update to 20151011 from the 3.5 branch. - Idle updates. - Issue #24402: Fix input() to prompt to the redirected stdout when sys.stdout.fileno() fails. - Issue #24806: Prevent builtin types that are not allowed to be subclassed from being subclassed through multiple inheritance. - Issue #24848: Fixed a number of bugs in UTF-7 decoding of misformed data. - Issue #25280: Import trace messages emitted in verbose (-v) mode are no longer formatted twice. - Issue #25003: On Solaris 11.3 or newer, os.urandom() now uses the getrandom() function instead of the getentropy() function. The getentropy() function is blocking to generate very good quality entropy, os.urandom() doesn't need such high-quality entropy. - Issue #25182: The stdprinter (used as sys.stderr before the io module is imported at startup) now uses the backslashreplace error handler. - Issue #25131: Make the line number and column offset of set/dict literals and comprehensions correspond to the opening brace. - Issue #25364: zipfile now works in threads disabled builds. - Issue #25328: smtpd's SMTPChannel now correctly raises a ValueError if both decode_data and enable_SMTPUTF8 are set to true. - Issue #25316: distutils raises OSError instead of DistutilsPlatformError when MSVC is not installed. - Issue #23972: Updates asyncio datagram create method allowing reuseport and reuseaddr socket options to be set prior to binding the socket. Mirroring the existing asyncio create_server method the reuseaddr option for datagram sockets defaults to True if the O/S is 'posix' (except if the platform is Cygwin). - Issue #25304: Add asyncio.run_coroutine_threadsafe(). This lets you submit a coroutine to a loop from another thread, returning a concurrent.futures.Future. - Issue #25232: Fix CGIRequestHandler to split the query from the URL at the first question mark (?) rather than the last. - Issue #24657: Prevent CGIRequestHandler from collapsing slashes in the query part of the URL as if it were a path. - Issue #24483: C implementation of functools.lru_cache() now calculates key's hash only once. - Issue #22958: Constructor and update method of weakref.WeakValueDictionary now accept the self and the dict keyword arguments. - Issue #22609: Constructor of collections.UserDict now accepts the self keyword argument. - Issue #25111: Fixed comparison of traceback.FrameSummary. - Issue #25262. Added support for BINBYTES8 opcode in Python implementation of unpickler. - Issue #25034: Fix string.Formatter problem with auto-numbering and nested format_specs. - Issue #25233: Rewrite the guts of asyncio.Queue and asyncio.Semaphore to be more understandable and correct. - Issue #25203: Failed readline.set_completer_delims() no longer left the module in inconsistent state. - Issue #23600: Default implementation of tzinfo.fromutc() was returning wrong results in some cases. - Issue #23329: Allow the ssl module to be built with older versions of LibreSSL. - Issue #25319: When threading.Event is reinitialized, the underlying condition should use a regular lock rather than a recursive lock. - Issue #25099: Make test_compileall not fail when a entry on sys.path cannot be written to. - Issue #23919: Prevents assert dialogs appearing in the test suite. * Back-out the local patch for issue 21264, supposed to be fixed by #25099. * Adjust setting DH_COMPAT for dh_movefiles with updated debhelper supporting globbing of arguments. Closes: #800247. * pydoc: use the pager command if available. Addresses: #799555. python3.5 (3.5.0-2) unstable; urgency=medium * Update to 20150924 from the 3.5 branch. * Expect the test_code_module test to fail in the autopkg tests. See upstream issue #25109. * Provide some user-friendly advice when `python3 -m venv` fails because the python3-venv package is not installed (Barry Warsaw). python3.5 (3.5.0-1) unstable; urgency=medium * Python 3.5.0 release. * Drop the no-zip-on-sys.path patch; not worth saving, and the test suite needs adjustments ... * Mark the test_site test as failing. Investigate why this fails. The package has one sitedir less than expected. python3.5 (3.5.0~rc3-1) unstable; urgency=medium * Python 3.5.0 release candidate 3. python3.5 (3.5.0~rc2-1) unstable; urgency=medium * Python 3.5.0 release candidate 2. python3.5 (3.5.0~rc1-1) unstable; urgency=medium * Python 3.5.0 release candidate 1. * Update symbols file. python3.5 (3.5.0~b4-1) unstable; urgency=medium * Python 3.5.0 beta 4. python3.5 (3.5.0~b3-2) unstable; urgency=medium * Fix expansion of makefile macros for _sysconfigdata. Issue #24705. LP: #1477759. python3.5 (3.5.0~b3-1) unstable; urgency=medium * Python 3.5.0 beta 3. python3.5 (3.5.0~b2-1) unstable; urgency=medium * Python 3.5.0 beta 2. * Make the build reproducible (Jérémy Bobbio). Closes: #786959. - Pass time of latest debian/changelog entry to sphinx via SPHINXOPTS. - Do not store a timestamps when compressing devhelp. * Pass DATE and TIME macros matching the current debian/changelog entry when building getbuildinfo.o. python3.5 (3.5.0~b1-1ubuntu1) wily; urgency=medium * Disable pgo optimization on i386. python3.5 (3.5.0~b1-1) unstable; urgency=medium * Python 3.5.0 beta 1. * Refresh patches. * Update symbols files. python3.5 (3.5.0~a4-5) unstable; urgency=medium * Update to 20150519 from the trunk. - Fix issue #24226, parsing of many sequential one-line 'def' statements. * Don't rename extensions when they already have the multiarch tag. python3.5 (3.5.0~a4-4) unstable; urgency=medium * Update to 20150518 from the trunk. - Fix build on big endian targets. * Work around issue #24226, byte compilation of IN.py. * Disable PGO (fails to build in unstable). python3.5 (3.5.0~a4-3) unstable; urgency=medium * Update to 20150517 from the trunk. python3.5 (3.5.0~a4-2) experimental; urgency=medium * Update to 20150421 from the trunk. * Fix renaming of extensions. Closes: #783090. python3.5 (3.5.0~a4-1) experimental; urgency=medium * Python 3.5.0 alpha 4. * Update to 20150420 from the trunk. * Build debug builds with -Og. python3.5 (3.5.0~a3-1) experimental; urgency=medium * Python 3.5.0 alpha 3. * Update to 20150415 from the trunk. python3.4 (3.4.3-3) experimental; urgency=medium * Update to 20150311 from the 3.4 branch. * Relax the version check for mpdecimal (all required patches applied in the distro version of mpdecimal 2.4.0). * When using GCC versions older than 4.9 for extension builds, automagically mangle -fstack-protector-strong to -fstack-protector. python3.4 (3.4.3-2) experimental; urgency=medium * debian/tests: Use init system agnostic "service" command instead of upstart specific "stop". Also drop unnecessary "status" call right after stopping apport (Martin Pitt). python3.4 (3.4.3-1) experimental; urgency=medium * Python 3.4.3 release. * Changes since 20141202 (3.4.2-4): - Issue #22896: Avoid using PyObject_AsCharBuffer(), PyObject_AsReadBuffer(), and PyObject_AsWriteBuffer(). - Issue #21295: Revert some changes (issue #16795) to AST line numbers and column offsets that constituted a regression. - Issue #21408: The default __ne__() now returns NotImplemented if __eq__() returned NotImplemented. - Issue #23321: Fixed a crash in str.decode() when error handler returned replacment string longer than mailformed input data. - Issue #23048: Fix jumping out of an infinite while loop in the pdb. - Issue #23165: Perform overflow checks before allocating memory in the _Py_char2wchar function. - Issue #23099: Closing io.BytesIO with exported buffer is rejected now to prevent corrupting exported buffer. - Issue #23363: Fix possible overflow in itertools.permutations. - Issue #23364: Fix possible overflow in itertools.product. - Issue #23366: Fixed possible integer overflow in itertools.combinations. - Issue #23369: Fixed possible integer overflow in _json.encode_basestring_ascii. - Issue #23353: Fix the exception handling of generators in PyEval_EvalFrameEx(). At entry, save or swap the exception state even if PyEval_EvalFrameEx() is called with throwflag=0. At exit, the exception state is now always restored or swapped, not only if why is WHY_YIELD or WHY_RETURN. - Issue #18518: timeit now rejects statements which can't be compiled outside a function or a loop (e.g. "return" or "break"). - Issue #23094: Fixed readline with frames in Python implementation of pickle. - Issue #23268: Fixed bugs in the comparison of ipaddress classes. - Issue #21408: Removed incorrect implementations of __ne__() which didn't returned NotImplemented if __eq__() returned NotImplemented. The default __ne__() now works correctly. - Issue #19996: :class:`email.feedparser.FeedParser` now handles (malformed) headers with no key rather than amusing the body has started. - Issue #23248: Update ssl error codes from latest OpenSSL git master. - Issue #23098: 64-bit dev_t is now supported in the os module. - Issue #23250: In the http.cookies module, capitalize "HttpOnly" and "Secure" as they are written in the standard. - Issue #23063: In the disutils' check command, fix parsing of reST with code or code-block directives. - Issue #23209, #23225: selectors.BaseSelector.close() now clears its internal reference to the selector mapping to break a reference cycle. - Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. - Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not :data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms where :data:`~ssl.PROTOCOL_SSLv3` support is disabled. - Issue #23111: In the ftplib, make ssl.PROTOCOL_SSLv23 the default protocol version. - Issue #23132: Mitigate regression in speed and clarity in functools.total_ordering. - Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(), instead of reading /dev/urandom, to get pseudo-random bytes. - Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and fragment when it redirects to add a trailing slash. - Issue #23093: In the io, module allow more operations to work on detached streams. - Issue #19104: pprint now produces evaluable output for wrapped strings. - Issue #23071: Added missing names to codecs.__all__. - Issue #15513: Added a __sizeof__ implementation for pickle classes. - Issue #19858: pickletools.optimize() now aware of the MEMOIZE opcode, can produce more compact result and no longer produces invalid output if input data contains MEMOIZE opcodes together with PUT or BINPUT opcodes. - Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port value in the host header was set to "None". - Issue #23016: A warning no longer produces an AttributeError when the program is run with pythonw.exe. - Issue #21775: shutil.copytree(): fix crash when copying to VFAT. An exception handler assumed that that OSError objects always have a 'winerror' attribute. That is not the case, so the exception handler itself raised AttributeError when run on Linux (and, presumably, any other non-Windows OS). - Issue #1218234: Fix inspect.getsource() to load updated source of reloaded module. - Issue #22959: In the constructor of http.client.HTTPSConnection, prefer the context's check_hostname attribute over the *check_hostname* parameter. - Issue #23009: Make sure selectors.EpollSelecrtor.select() works when no FD is registered. - Issue #20577: Configuration of the max line length for the FormatParagraph extension has been moved from the General tab of the Idle preferences dialog to the FormatParagraph tab of the Config Extensions dialog. - Issue #16893: Update Idle doc chapter to match current Idle and add new information. - Issue #23180: Rename IDLE "Windows" menu item to "Window". - Issue #19548: Added some additional checks to test_codecs to ensure that statements in the updated documentation remain accurate. - Issue #15506: Use standard PKG_PROG_PKG_CONFIG autoconf macro in the configure script. - Issue #22935: Allow the ssl module to be compiled if openssl doesn't support SSL 3. - Issue #22079: PyType_Ready() now checks that statically allocated type has no dynamically allocated bases. - Issue #19548: Update the codecs module documentation to better cover the distinction between text encodings and other codecs, together with other clarifications. - Issue #22914: Update the Python 2/3 porting HOWTO to describe a more automated approach. - Issue #22735: Fix many edge cases (including crashes) involving custom mro() implementations. - Issue #23399: pyvenv creates relative symlinks where possible. - Issue #23392: Added tests for marshal C API that works with FILE*. - Issue #18982: Add tests for CLI of the calendar module. - Issue #23345: Prevent test_ssl failures with large OpenSSL patch level values (like 0.9.8zc). * Remove LTO sections from the static libraries. python3.4 (3.4.2-4) unstable; urgency=medium * Fix issue #22935: Fix ssl module when SSLv3 protocol is not supported. * Fix issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode will return. CVE-2013-1753. Closes: #742927. * Disable ensurepip for the system installation, only enable it for virtual environments. Closes: #772730. python3.4 (3.4.2-3) unstable; urgency=medium * Update to 20141202 from the 3.4 branch. - Issue #20335: bytes constructor now raises TypeError when encoding or errors is specified with non-string argument. - Issue #21971: Update turtledemo doc and add module to the index. - Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails. - Issue #22960: Add a context argument to xmlrpclib.ServerProxy constructor. - Issue #22915: SAX parser now supports files opened with file descriptor or bytes path. - Issue #22609: Constructors and update methods of mapping classes in the collections module now accept the self keyword argument. - Issue #22788: Add *context* parameter to logging.handlers.HTTPHandler. - Issue #22921: Allow SSLContext to take the *hostname* parameter even if OpenSSL doesn't support SNI. - Issue #22894: TestCase.subTest() would cause the test suite to be stopped when in failfast mode, even in the absence of failures. - Issue #22638: SSLv3 is now disabled throughout the standard library. It can still be enabled by instantiating a SSLContext manually. - Issue #22370: Windows detection in pathlib is now more robust. - Issue #22841: Reject coroutines in asyncio add_signal_handler(). - Issue #22838: All test_re tests now work with unittest test discovery. - Issue #21514: The documentation of the json module now refers to new JSON RFC 7159 instead of obsoleted RFC 4627. - Issue #22314: pydoc now works when the LINES environment variable is set. - IDLE updates. * Fix byte-code removal for the __phello__ module (mismatching source and byte-code file name). Closes: #769769. * Let ensurepip use a temporary location for the copy of the wheels. Remove the ad-hoc /usr/lib/python-wheels location on package purge. Let python3.4-venv break python3-pip (<< 1.5.6-4). Closes: #769449. * Don't pass default compiler search directories in the pkgconfig file. Closes: #770936. * Don't run pyexpat.test_exception as an autopkg test, requires a source file. * Allow building and testing without SSLv3 support (Kurt Roeckx). Addresses: #768611. * Fix issue 22966, when byte compiling, keep the base name of a file containing dots. Closes: #769769. python3.4 (3.4.2-2) unstable; urgency=medium * Repackage the upstream source without the bundled ensurepip wheels (using package format 3.0 (quilt)). * Update to 20141112 from the 3.4 branch. - Issue #19524: Fixed resource leak in the HTTP connection when an invalid response is received. - Issue #22216: smtplib now resets its state more completely after a quit. The most obvious consequence of the previous behavior was a STARTTLS failure during a connect/starttls/quit/connect/starttls sequence. - Issue #22185: Fix an occasional RuntimeError in threading.Condition.wait() caused by mutation of the waiters queue without holding the lock. - Issue #22182: Use e.args to unpack exceptions correctly in distutils.file_util.move_file. - The webbrowser module now uses subprocess's start_new_session=True rather than a potentially risky preexec_fn=os.setsid call. - Issue #22191: Fix warnings.__all__. - Issue #8797: Raise HTTPError on failed Basic Authentication immediately. - Issue #21166: Prevent possible segfaults and other random failures of python --generate-posix-vars in pybuilddir.txt build target. - Idle changes: - Issue #17390: Adjust Editor window title; remove 'Python', move version to end. - Issue #14105: Idle debugger breakpoints no longer disappear when inseting or deleting lines. - Issue #17172: Turtledemo can now be run from Idle. - Issue #22236: Tkinter tests now don't reuse default root window. New root window is created for every test class. - Tk changes: - Issue #22226: First letter no longer is stripped from the "status" key in the result of Treeview.heading(). - Issue #22051: turtledemo no longer reloads examples to re-run them. Initialization of variables and gui setup should be done …

python2.7 (2.7.18-1~20.04) focal; urgency=medium * SRU: LP: #1890272: Update to to the final 2.7.18 release. python2.7 (2.7.18-1) unstable; urgency=medium * Python 2.7.18 release. * Let the Python2 end-of-life banner point to the python3 packages, not to the online documentation. python2.7 (2.7.18~rc1-2) unstable; urgency=medium * Ignore some autopkg tests: - test_ssl: Fails with OPENSSL_TLS_SECURITY_LEVEL=2. - tst_io: Fails on Ubuntu's autopkg test infrastructure. * Lower OpenSSL security level from 2 to 1 during testing as test_ssl assumes that. * Add XB-Cnf-Visible-Pkgname header on the python*-minimal package to point command-not-found at the full one. LP: #1867157 python2.7 (2.7.18~rc1-1) unstable; urgency=medium * Python 2.7.18 release candidate 1. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. * Make autopkgtests cross-test-friendly (Steve Langasek). python2.7 (2.7.17-1) unstable; urgency=medium * Python 2.7.17 release. python2.7 (2.7.17~rc1-1) unstable; urgency=medium * Python 2.7.17 release candidate 1. - CVE-2019-16056, don't parse domains containing @. Closes: #940901. * Bump standards version. python2.7 (2.7.16-4) unstable; urgency=medium * Update to 20190904 from the 2.7 branch. * Refresh patches. * Drop build dependency on python:any. Addresses: #937569. * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514. python2.7 (2.7.16-3) unstable; urgency=medium * Update to 20190708 from the 2.7 branch. * Bump standards version. python2.7 (2.7.16-2) unstable; urgency=high [ Matthias Klose ] * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that normalize to separators. Closes: #924073. * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema (file://). [ Dimitri John Ledkov ] * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to 1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one shouldn't mix and match python2.7 & libssl1.1. LP: #1808476 python2.7 (2.7.16-1) unstable; urgency=medium * Python 2.7.16 release. - Now has a version without a trailing '+'. Closes: #914072. python2.7 (2.7.16~rc1-1) unstable; urgency=medium * Python 2.7.16 release candidate 1. python2.7 (2.7.15-9) unstable; urgency=medium * Update to 20190216 from the 2.7 branch. - Backport of TLS 1.3 related fixes from 3.7. * Drop the local TLS 1.3 backports. python2.7 (2.7.15-8) unstable; urgency=medium * Fix typo in autopkg test. python2.7 (2.7.15-7) unstable; urgency=medium * Expect the test_site test failing as in 3.7. python2.7 (2.7.15-6) unstable; urgency=medium * Update to 20190201 from the 2.7 branch. - CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline(). - CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt(). Closes: #921039. - CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser. Closes: #921040. * Bump standards version. * Update symbols file. python2.7 (2.7.15-5) unstable; urgency=medium * Update to 20181127 from the 2.7 branch. - Fix issue #20744, running an external 'zip' in shutil.make_archive(). CVE-2018-1000802. Closes: #909673. * Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure of the 2.7 with openssl 1.1.1 (Dimitri John Ledkov). * Don't hard code location of netinet/in.h. Closes: #912422. * Update VCS attributes. python2.7 (2.7.15-4) unstable; urgency=medium * Update to 20180831 from the 2.7 branch. - Fixes the build with OpenSSL 1.1.1. Closes: #900157. * Don't run the test_ftplib and test_ssl autopkg tests, not yet ready for OpenSSL 1.1.1. Closes: #907033. python2.7 (2.7.15-3) unstable; urgency=medium * Bump standards version. * Pass the list of the pyFPE breaks as a parameter into dpkg-gencontrol instead of hard-coding them in the control file. python2.7 (2.7.15-1) unstable; urgency=medium * Python 2.7.15 release. python2.7 (2.7.15~rc1-1) unstable; urgency=medium * Python 2.7.15 release candidate 1. python2.7 (2.7.14-8) unstable; urgency=medium * Update to 20180402 from the 2.7 branch. python2.7 (2.7.14-7) unstable; urgency=medium * Update to 20180313 from the 2.7 branch. - Fix issue #32185: The SSL module no longer sends IP addresses in SNI TLS extension on platforms with OpenSSL 1.0.2+ or inet_pton. See #892814. * Add support for riscv64 (Aurelien Jarno). Closes: #892329. python2.7 (2.7.14-6) unstable; urgency=medium * Don't run lib2to3 tests which rely on the pickled grammar files. python2.7 (2.7.14-5) unstable; urgency=medium * Update to 20180204 from the 2.7 branch. - Fix issue #31530. Closes: #889280. * python2.7-minimal: Pre-Depend on zlib1g. Closes: #887629. python2.7 (2.7.14-4) unstable; urgency=medium * Fix applying the m-i-p-s-r6 patch. python2.7 (2.7.14-3) unstable; urgency=medium * Update to 20171205 from the 2.7 branch. * Build with -fstack-protector instead of -fstack-protector-strong. Performance improvements of around 1-2%. * Add support for mipsr6 triplets (YunQiang Su). Closes: #881945. python2.7 (2.7.14-2) unstable; urgency=medium * Really rename the md5_* functions. python2.7 (2.7.14-1) unstable; urgency=medium * Python 2.7.14 release. python2.7 (2.7.14~rc1-3) unstable; urgency=medium * Add package breaks for extensions referencing symbols for the removed _PyFPE module. Closes: #873791, #873915, #873899. * Expect the regrtest test to fail on s390x. python2.7 (2.7.14~rc1-2) unstable; urgency=medium * Rename md5_* functions to _Py_md5_*. Closes: #868366. * Break python-numpy (<< 1:1.12.1-3.1), referencing the now missing fpectl modules. Closes: #873791. python2.7 (2.7.14~rc1-1) unstable; urgency=medium * Python 2.7.14 release candidate 1. * Stop building the fpectl extension. * Build the _math.o object file without -fPIC for static builds. LP: #1638695. python2.7 (2.7.13-4) unstable; urgency=medium * Update to 20170719 from the 2.7 branch. * Move test/support from libpython2.7-testsuite to libpython2.7-stdlib. Closes: #868168. python2.7 (2.7.13-3) unstable; urgency=medium * Update to 20170608 from the 2.7 branch. - bpo-27945: Fixed various segfaults with dict when input collections are mutated during searching, inserting or comparing. - bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non-interned or unicode attribute names. - bpo-29935: Fixed error messages in the index() method of tuple and list when pass indices of wrong type. - bpo-28598: Support __rmod__ for subclasses of str being called before str.__mod__. - bpo-29602: Fix incorrect handling of signed zeros in complex constructor for complex subclasses and for inputs having a __complex__ method. - bpo-29347: Fixed possibly dereferencing undefined pointers when creating weakref objects. - Issue #14376: Allow sys.exit to accept longs as well as ints. - Issue #29028: Fixed possible use-after-free bugs in the subscription of the buffer object with custom index object. - Issue #29145: Fix overflow checks in string, bytearray and unicode. - Issue #28932: Do not include <sys/random.h> if it does not exist. - bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot handle IPv6 addresses. - bpo-29960: Preserve generator state when _random.Random.setstate() raises an exception. - bpo-30310: tkFont now supports unicode options (e.g. font family). - bpo-30414: multiprocessing.Queue._feed background running thread do not break from main loop on exception. - bpo-30003: Fix handling escape characters in HZ codec. - bpo-30375: Warnings emitted when compile a regular expression now always point to the line in the user code. Previously they could point into inners of the re module if emitted from inside of groups or conditionals. - bpo-30363: Running Python with the -3 option now warns about regular expression syntax that is invalid or has different semantic in Python 3 or will change the behavior in future Python versions. - bpo-30365: Running Python with the -3 option now emits deprecation warnings for getchildren() and getiterator() methods of the Element class in the xml.etree.cElementTree module and when pass the html argument to xml.etree.ElementTree.XMLParser(). - bpo-30365: Fixed a deprecation warning about the doctype() method of the xml.etree.ElementTree.XMLParser class. Now it is emitted only when define the doctype() method in the subclass of XMLParser. - bpo-29990: Fix range checking in GB18030 decoder. - bpo-30243: Removed the __init__ methods of _json's scanner and encoder. Misusing them could cause memory leaks or crashes. Now scanner and encoder objects are completely initialized in the __new__ methods. - Revert bpo-26293 for zipfile breakage. See also bpo-29094. - bpo-30070: Fixed leaks and crashes in errors handling in the parser module. - bpo-30061: Fixed crashes in IOBase methods next() and readlines() when readline() or next() respectively return non-sizeable object. Fixed possible other errors caused by not checking results of PyObject_Size(), PySequence_Size(), or PyMapping_Size(). - bpo-30011: Fixed race condition in HTMLParser.unescape(). - bpo-30068: _io._IOBase.readlines will check if it's closed first when hint is present. - bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions and wrong types. - bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering long runs of empty iterables. - bpo-29861: Release references to tasks, their arguments and their results as soon as they are finished in multiprocessing.Pool. - bpo-27880: Fixed integer overflow in cPickle when pickle large strings or too many objects. - bpo-29110: Fix file object leak in aifc.open() when file is given as a filesystem path and is not in valid AIFF format. - Issue #29354: Fixed inspect.getargs() for parameters which are cell variables. - Issue #29335: Fix subprocess.Popen.wait() when the child process has exited to a stopped instead of terminated state (ex: when under ptrace). - Issue #29219: Fixed infinite recursion in the repr of uninitialized ctypes.CDLL instances. - Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but read from /dev/urandom to get random bytes, for example in os.urandom(). On Linux, getentropy() is implemented which getrandom() is blocking mode, whereas os.urandom() should not block. - Issue #29142: In urllib, suffixes in no_proxy environment variable with leading dots could match related hostnames again (e.g. .b.c matches a.b.c). - Issue #13051: Fixed recursion errors in large or resized curses.textpad.Textbox. - Issue #9770: curses.ascii predicates now work correctly with negative integers. - Issue #28427: old keys should not remove new values from WeakValueDictionary when collecting from another thread. - Issue #28998: More APIs now support longs as well as ints. - Issue 28923: Remove editor artifacts from Tix.py, including encoding not recognized by codecs.lookup. - Issue #29019: Fix dict.fromkeys(x) overallocates when x is sparce dict. - Issue #19542: Fix bugs in WeakValueDictionary.setdefault() and WeakValueDictionary.pop() when a GC collection happens in another thread. - Issue #28925: cPickle now correctly propagates errors when unpickle instances of old-style classes. - Issue #26355: Add canonical header link on each page to corresponding major version of the documentation. - Issue #12067: Rewrite Comparisons section in the Expressions chapter of the language reference. Some of the details of comparing mixed types were incorrect or ambiguous. Added default behaviour and consistency suggestions for user-defined classes. - bpo-29243: Prevent unnecessary rebuilding of Python during ``make test``, ``make install`` and some other make targets when configured with ``--enable-optimizations``. - bpo-23404: Don't regenerate generated files based on file modification time anymore: the action is now explicit. Replace ``make touch`` with ``make regen-all``. - bpo-27593: sys.version and the platform module python_build(), python_branch(), and python_revision() functions now use git information rather than hg when building from a repo. - bpo-29643: Fix ``--enable-optimization`` configure option didn't work. - Issue #28768: Fix implicit declaration of function _setmode. - bpo-11790: Fix sporadic failures in test_multiprocessing.WithProcessesTestCondition. - bpo-30236: Backported test.regrtest options -m/--match and -G/--failfast from Python 3. - bpo-30223: To unify running tests in Python 2.7 and Python 3, the test package can be run as a script. This is equivalent to running the test.regrtest module as a script. - bpo-30207: To simplify backports from Python 3, the test.test_support module was converted into a package and renamed to test.support. The test.script_helper module was moved into the test.support package. Names test.test_support and test.script_helper are left as aliases to test.support and test.support.script_helper. - bpo-30197: Enhanced function swap_attr() in the test.test_support module. It now works when delete replaced attribute inside the with statement. The old value of the attribute (or None if it doesn't exist) now will be assigned to the target of the "as" clause, if there is one. Also backported function swap_item(). - bpo-15083: Convert ElementTree doctests to unittests. * Explicitly use the system python for byte compilation in postinst scripts. Addresses: #852163. LP: #1682934. * Build using -fexceptions on ppc64 and ppc64el. Closes: #862925. LP: #1691848. python2.7 (2.7.13-2) unstable; urgency=medium * Lower priority of interpreter packages to optional. python2.7 (2.7.13-1) unstable; urgency=medium * Python 2.7.13 release. - Revert a37cc3d926ec (Issue #5322). Closes: #847791. * Fix one more broken -gdb.py symlink. Closes: #807513. python2.7 (2.7.13~rc1-1) unstable; urgency=medium * Python 2.7.13 release candidate 1. - Issue #5322: Fixed setting __new__ to a PyCFunction inside Python code. - Issue #28847: dumbdbm no longer writes the index file in when it is not changed and supports reading read-only files. - Issue #11145: Fixed miscellaneous issues with C-style formatting of types with custom __oct__ and __hex__. - Issue #24469: Fixed memory leak caused by int subclasses without overridden tp_free (e.g. C-inherited Cython classes). * Pass CXX when configuring and building. Closes: #846326. * Add profile for libbluetooth-dev build dependency. Closes: #738520. python2.7 (2.7.12-7) unstable; urgency=medium * Update to 20161121 from the 2.7 branch. - Issue #19398: Extra slash no longer added to sys.path components in case of empty compile-time PYTHONPATH components. - Issue #25659: In ctypes, prevent a crash calling the from_buffer() and from_buffer_copy() methods on abstract classes like Array. - Issue #28563: Fixed possible DoS and arbitrary code execution when handle plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext. - Issue #25507: Add back import needed for 2.x encoding warning box. Add pointer to 'Encoding declaration' in Language Reference. - Issue #28666: Now test.test_support.rmtree is able to remove unwritable or unreadable directories. - Issue #23839: Various caches now are cleared before running every test file. - Issue #26359: Rename --with-optimiations to --enable-optimizations. python2.7 (2.7.12-5) unstable; urgency=medium * Update to 20161104 from the 2.7 branch. - Issue #28387: Fixed possible crash in _io.TextIOWrapper deallocator when the garbage collector is invoked in other thread. * Disable some lib2to3 tests relying on the saved pickled grammar files. python2.7 (2.7.12-4) unstable; urgency=medium * Update to 20161103 from the 2.7 branch. - Issue #21720: Improve exception message when the type of fromlist is unicode. fromlist parameter of __import__() only accepts str in Python 2 and this will help to identify the problem especially when the unicode_literals future import is used. - Issue #26906: Resolving special methods of uninitialized type now causes implicit initialization of the type instead of a fail. - Issue #18287: PyType_Ready() now checks that tp_name is not NULL. - Issue #24098: Fixed possible crash when AST is changed in process of compiling it. - Issue #28350: String constants with null character no longer interned. - Issue #27942: String constants now interned recursively in tuples and frozensets. - Issue #15578: Correctly incref the parent module while importing. - Issue #26307: The profile-opt build now applies PGO to the built-in modules. - Issue #26020: set literal evaluation order did not match documented behaviour. - Issue #28449: tarfile.open() with mode "r" or "r:" now tries to open a tar file with compression before trying to open it without compression. Otherwise it had 50% chance failed with ignore_zeros=True. - Issue #25464: Fixed HList.header_exists() in Tix module by adding a workaround to Tix library bug. - Issue #28488: shutil.make_archive() no longer adds entry "./" to ZIP archive. - Issue #28480: Fix error building _sqlite3 module when multithreading is disabled. - Issue #26293: Fixed writing ZIP files that starts not from the start of the file. Offsets in ZIP file now are relative to the start of the archive in conforming to the specification. - Fix possible integer overflows and crashes in the mmap module with unusual usage patterns. - Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() if pass invalid string-like object as a name. - Issue #1703178: Fix the ability to pass the --link-objects option to the distutils build_ext command. - Issue #28253: Fixed calendar functions for extreme months: 0001-01 and 9999-12. Methods itermonthdays() and itermonthdays2() are reimplemented so that they don't call itermonthdates() which can cause datetime.date under/overflow. - Issue #27963: Fixed possible null pointer dereference in ctypes.set_conversion_mode(). - Issue #28284: Strengthen resistance of ``_json.encode_basestring_ascii()`` to integer overflow. - Issue #27611: Fixed support of default root window in the Tix module. - Issue #24363: When parsing HTTP header fields, if an invalid line is encountered, skip it and continue parsing. Previously, no more header fields were parsed, which could lead to fields for HTTP framing like Content-Length and Transfer-Encoding being overlooked. - Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). - Issue #25969: Update the lib2to3 grammar to handle the unpacking generalizations added in 3.5. - Issue #24594: Validates persist parameter when opening MSI database - Issue #27570: Avoid zero-length memcpy() etc calls with null source pointers in the "ctypes" and "array" modules. - Issue #22450: urllib now includes an "Accept: */*" header among the default headers. This makes the results of REST API requests more consistent and predictable especially when proxy servers are involved. - lib2to3.pgen3.driver.load_grammar() now creates a stable cache file between runs given the same Grammar.txt input regardless of the hash randomization setting. - Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. - Issue #27850: Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack (CVE-2016-2183). - Issue #27766: Add ChaCha20 Poly1305 to ssl module's default ciper list. (Required OpenSSL 1.1.0 or LibreSSL). - Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. Closes: #835793. - Issue #27944: Fix some memory-corruption bugs in the log reading code of the _hotshot module. - Issue #27934: Use ``float.__repr__`` instead of plain ``repr`` when JSON- encoding an instance of a float subclass. - Issue #21201: Improves readability of multiprocessing error message. - Issue #15308: Add 'interrupt execution' (^C) to Shell menu. - Issue #27922: Stop IDLE tests from 'flashing' gui widgets on the screen. - Issue #17642: add larger font sizes for classroom projection. - Add version to title of IDLE help window. - Issue #25564: In section on IDLE -- console differences, mention that using exec means that __builtins__ is defined for each statement. - Issue #28513: Documented command-line interface of zipfile. - Issue #28258: Fixed build with Estonian locale. - Issue #26661: setup.py now detects system libffi with multiarch wrapper. - Issue #15819: The Include directory in the build tree is already searched; drop unused code trying to add it again. - Issue #27566: Fix clean target in freeze makefile. - Issue #27983: Cause lack of llvm-profdata tool when using clang as required for PGO linking to be a configure time error rather than make time when --with-optimizations is enabled. Also improve our ability to find the llvm-profdata tool on MacOS and some Linuxes. - Issue #26359: Add the --with-optimizations configure flag. - Issue #27952: Get Tools/scripts/fixcid.py working with the current "re" module, avoid invalid Python backslash escapes, and fix a bug parsing escaped C quote signs. python2.7 (2.7.12-3) unstable; urgency=medium * Update to 20160901 from the 2.7 branch. - Issue #27870: A left shift of zero by a large integer no longer attempts to allocate large amounts of memory. - Issue #25604: Fix a minor bug in integer true division; this bug could potentially have caused off-by-one-ulp results on platforms with unreliable ldexp implementations. - Issue #27861: Fixed a crash in sqlite3.Connection.cursor() when a factory creates not a cursor. - Issue #10513: Fix a regression in Connection.commit(). Statements should not be reset after a commit. - Issue #2466: posixpath.ismount now correctly recognizes mount points which the user does not have permission to access. - Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller. - Issue #27774: Fix possible Py_DECREF on unowned object in _sre. - Issue #27760: Fix possible integer overflow in binascii.b2a_qp. - In the curses module, raise an error if window.getstr() or window.instr() is passed a negative value. - Issue #27758: Fix possible integer overflow in the _csv module for large record lengths. - Issue #23369: Fixed possible integer overflow in _json.encode_basestring_ascii. - Issue #27714: text_textview and test_autocomplete now pass when re-run in the same process. This occurs when test_idle fails when run with the -w option but without -jn. Fix warning from test_config. - Issue #27452: add line counter and crc to IDLE configHandler test dump. python2.7 (2.7.12-2) unstable; urgency=medium * Update to 20160804 from the 2.7 branch. - Issue #27473: Fixed possible integer overflow in str, unicode and bytearray concatenations and repetitions. - Issue #27507: Add integer overflow check in bytearray.extend(). - Issue #27581: Don't rely on wrapping for overflow check in PySequence_Tuple(). - Issue #23908: os functions, open() and the io.FileIO constructor now reject unicode paths with embedded null character on Windows instead of silently truncating them. - Issue #27514: Make having too many statically nested blocks a SyntaxError instead of SystemError. - Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. - Issue #27130: In the "zlib" module, fix handling of large buffers (typically 2 or 4 GiB). Previously, inputs were limited to 2 GiB, and compression and decompression operations did not properly handle results of 2 or 4 GiB. - Issue #23804: Fix SSL zero-length recv() calls to not block and not raise an error about unclean EOF. - Issue #27466: Change time format returned by http.cookie.time2netscape, confirming the netscape cookie format and making it consistent with documentation. - Issue #22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong mode no longer break tracing, trace_vinfo() now always returns a list of pairs of strings. - Issue #27079: Fixed curses.ascii functions isblank(), iscntrl() and ispunct(). - Issue #22636: Avoid shell injection problems with ctypes.util.find_library(). - Issue #27330: Fixed possible leaks in the ctypes module. - Issue #27238: Got rid of bare excepts in the turtle module. - Issue #26386: Fixed ttk.TreeView selection operations with item id's containing spaces. - Issue #25455: Fixed a crash in repr of cElementTree.Element with recursive tag. - Issue #27365: Allow non-ascii chars in IDLE NEWS.txt, for contributor names. - Issue #27245: IDLE: Cleanly delete custom themes and key bindings. Previously, when IDLE was started from a console or by import, a cascade of warnings was emitted. - Issue #16484: Change the default PYTHONDOCS URL to "https:", and fix the resulting links to use lowercase. - Issue #27369: In test_pyexpat, avoid testing an error message detail that changed in Expat 2.2.0. * Fix issue 27239, idlelib: macos _tk_type shall always be "other". Closes: #830686. * Ignore the winreg module for the set of minimal modules. Closes: #830573. python2.7 (2.7.12-1) unstable; urgency=medium * Python 2.7.12 release. python2.7 (2.7.12~rc1-2) unstable; urgency=medium * Extend debian/copyright to the files shipped in the wheel files. python2.7 (2.7.12~rc1-1) unstable; urgency=medium * Python 2.7.12 release candidate 1. - Issue #20041: Fixed TypeError when frame.f_trace is set to None. - Issue #25702: A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone. - Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283. - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the locale. - Issue #25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send the Content-Type header field in responses that don't have a body. - Issue #21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue #27211: Fix possible memory corruption in io.IOBase.readline(). - Issue #5124: Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. - Issue #24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue #21916: Added tests for the turtle module. - Issue #27229: Fix the cross-compiling pgen rule for in-tree builds. - Issue #17500, and https://github.com/python/pythondotorg/issues/945: Remove unused and outdated icons. python2.7 (2.7.11-11) unstable; urgency=medium * Update to 20160602 from the 2.7 branch. - Issue #26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError. - Issue #26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue #27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue #25507: Fix incorrect change in IOBinding that prevented printing. Change also prevented saving shell window with non-ascii characters. Augment IOBinding htest to include all major IOBinding functions. - Issue #25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. * Rebuild to pick up the GNU triplet change on i386 archs. Closes: #826128. python2.7 (2.7.11-10) unstable; urgency=medium * Update to 20160518 from the 2.7 branch. - Issue #27039: Fixed bytearray.remove() for values greater than 127. - Issue #14132: Fix urllib.request redirect handling when the target only has a query string. - Removed the requirements for the ctypes and modulefinder modules to be compatible with earlier Python versions. - Issue #22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. - Issue #12045: Avoid duplicate execution of command in ctypes.util._get_soname(). - Issue #26960: Backported #16270 from Python 3 to Python 2, to prevent urllib from hanging when retrieving certain FTP files. python2.7 (2.7.11-9) unstable; urgency=medium * Update to 20160509 from the 2.7 branch. - Issue #25745: Fixed leaking a userptr in curses panel destructor. - Issue #17765: weakref.ref() no longer silently ignores keyword arguments. - Issue #26873: xmlrpclib now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue #24114: Fix an uninitialized variable in `ctypes.util`. - Issue #26864: In urllib, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. - Issue #26804: urllib will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. - Issue #26837: assertSequenceEqual() now correctly outputs non-stringified differing items. This affects assertListEqual() and assertTupleEqual(). - Issue #26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue #26657: Fix directory traversal vulnerability with SimpleHTTPServer on Windows. This fixes a regression that was introduced in 2.7.7. - Issue #26736: Used HTTPS for external links in the documentation if possible. - Issue #22359: Avoid incorrect recursive $(MAKE), and disable the rules for running pgen when cross-compiling. - Issue #26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. * Fix issue #26673, runtime error in idle3. LP: #1578927. python2.7 (2.7.11-8) unstable; urgency=medium * Update to 20160417 from the 2.7 branch. - Issue #4806: Avoid masking the original TypeError exception when using star (*) unpacking and the exception was raised from a generator. - Issue #26659: Make the builtin slice type support cycle collection. - Issue #26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue #13410: Fixed a bug in PyUnicode_Format where it failed to properly ignore errors from a __int__() method. - Issue #19377: Add .svg to mimetypes.types_map. - Issue #13952: Add .csv to mimetypes.types_map. - Issue #16329: Add .webm to mimetypes.types_map. - Issue #23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. - Issue #6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. * Fix gdb auto-load symlink for the python2.7 binary. LP: #1571198. python2.7 (2.7.11-7) unstable; urgency=medium * Update to 20160330 from the 2.7 branch. python2.7 (2.7.11-6) unstable; urgency=medium * Update to 20160323 from the 2.7 branch. * Always build _math.o with -fPIC. python2.7 (2.7.11-5) unstable; urgency=medium * Update to 20160319, taken from the 2.7 release branch. * Update symbols files. * Don't run test_signal on alpha, hanging on the buildd. python2.7 (2.7.11-4) unstable; urgency=medium * Update to 20160222, taken from the 2.7 release branch. python2.7 (2.7.11-3) unstable; urgency=medium * Revert patches concerning issue #22995. python2.7 (2.7.11-2) unstable; urgency=medium * Disable LTO on ppc64, ppc64el and s390x. * Don't run the test_signal tests on alpha. python2.7 (2.7.11-1) unstable; urgency=medium * Python 2.7.11 release. * Don't run the test_cpickle test, causes other tests to fail. See issue 25698. * Fix building architecture independent packages only. Closes: #806868. * Don't ship menu files anymore, just desktop files. * d/p/fix-sslv3-test.diff: properly handle Ubuntu's openssl having OP_NO_SSLv3 forced on by default (Marc Deslauriers). * Update symbols files. python2.7 (2.7.10-5) unstable; urgency=medium * Update to 20151010, taken from the 2.7 release branch. * Adjust setting DH_COMPAT for dh_movefiles with updated debhelper supporting globbing of arguments. Closes: #800301. * pydoc: use the pager command if available. Closes: #799555. python2.7 (2.7.10-4) unstable; urgency=medium * Remove byte-code for _sysconfigdata_d.py in /usr/lib/python2.7. Closes: #793528. * Make derivatives builds the same as the parent distro. Closes: #797667. python2.7 (2.7.10-3) unstable; urgency=medium * Revert issue #24134 changes, taken from the branch. * Add hint to install the idle package when trying to run the turtle demo. Closes: #788621. python2.7 (2.7.10-2) unstable; urgency=medium * Cherry-pick some changes from the 2.7 branch: - Issue #24264: Fixed buffer overflow in the imageop module. - Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(), PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains() to check for and handle errors correctly. - Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port value in the host header was set to "None". - Issue #4753, backport computed gotos. * Configure --with-computed-gotos. * Make the build reproducible (Jérémy Bobbio). Closes: #786978. - Pass time of latest debian/changelog entry to sphinx via SPHINXOPTS. - Do not store a timestamps when compressing devhelp. * Pass DATE and TIME macros matching the current debian/changelog entry when building getbuildinfo.o. * Don't run the test_io test on sparc. python2.7 (2.7.10-1) unstable; urgency=medium * Python 2.7.10 release. python2.7 (2.7.10~rc1-1) unstable; urgency=medium * Python 2.7.10 release candidate 1. * Re-enable running the tests, re-enable the pgo/lto build. python2.7 (2.7.9-5) unstable; urgency=medium * Update to 20150507, taken from the 2.7 release branch. - Issue #24134: assertRaises() and assertRaisesRegexp() checks are not longer successful if the callable is None. - Issues #24099, #24100, and #24101: Fix free-after-use bug in heapq's siftup and siftdown functions. - Backport collections.deque fixes from Python 3.5. Prevents reentrant badness during deletion by deferring the decref until the container has been restored to a consistent state. - Issue #24125: Saved error's line and column numbers when an error occured. Fixes python-docutils. Closes: #784270. - Issue #23842, SystemError in os.minor, os.major. Closes: #782081. python2.7 (2.7.9-4) unstable; urgency=medium * Fix installation of the optimized interpreter. Closes: #766877. python2.7 (2.7.9-3) unstable; urgency=medium * Update to 20150429, taken from the 2.7 release branch. - Issue #23629: Fix the default __sizeof__ implementation for variable-sized objects. - Issue #21526: Tkinter now supports new boolean type in Tcl 8.5. - Issue #23838: linecache now clears the cache and returns an empty result on MemoryError. - Issue #23742: ntpath.expandvars() no longer loses unbalanced single quotes. - Issue #21802: The reader in BufferedRWPair now is closed even when closing writer failed in BufferedRWPair.close(). - Issue #23671: string.Template now allows to specify the "self" parameter as keyword argument. string.Formatter now allows to specify the "self" and the "format_string" parameters as keyword arguments. - Issue #21560: An attempt to write a data of wrong type no longer cause GzipFile corruption. - Issue #23647: Increase imaplib's MAXLINE to accommodate modern mailbox sizes. - Issue #23539: If body is None, http.client.HTTPConnection.request now sets Content-Length to 0 for PUT, POST, and PATCH headers to avoid 411 errors from some web servers. - Issue #23136: _strptime now uniformly handles all days in week 0, including Dec 30 of previous year. - Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar. - Issue #23051: multiprocessing.Pool methods imap() and imap_unordered() now handle exceptions raised by an iterator. - Issue #22928: Disabled HTTP header injections in httplib. - Issue #23615: Module tarfile now can be reloaded with imp.reload(). - Issue #23799: Added test.test_support.start_threads() for running and cleaning up multiple threads. - Issue #22390: test.regrtest now emits a warning if temporary files or directories are left after running a test. - Issue #23583: Added tests for standard IO streams in IDLE. - Issue #23583: Fixed writing unicode to standard output stream in IDLE. - Issue #22853: Fixed a deadlock when use multiprocessing.Queue at import time. - Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST flag on certificate stores when it is available. - Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed. - Issue #23504: Added an __all__ to the types module. - Issue #23367: Fix possible overflows in the unicodedata module. - Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. - Issue #23048: Fix jumping out of an infinite while loop in the pdb. - Issue #23458: On POSIX, the file descriptor kept open by os.urandom() is now set to non inheritable. - Issue #22113: struct.pack_into() now supports new buffer protocol (in particular accepts writable memoryview). - Issues #814253, #9179: Warnings now are raised when group references and conditional group references are used in lookbehind assertions in regular expressions. - Issue #23215: Multibyte codecs with custom error handlers that ignores errors consumed too much memory and raised SystemError or MemoryError. - Issue #5700: io.FileIO() called flush() after closing the file. flush() was not called in close() if closefd=False. - Issue #21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty docstrings. - Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm module. - Issue #23481: Remove RC4 from the SSL module's default cipher list. - Issue #21849: Fixed xmlrpclib serialization of non-ASCII unicode strings in the multiprocessing module. - Issue #21840: Fixed expanding unicode variables of form $var in posixpath.expandvars(). Fixed all os.path implementations on unicode-disabled builds. - Issue #23363: Fix possible overflow in itertools.permutations. - Issue #23364: Fix possible overflow in itertools.product. - Issue #23365: Fixed possible integer overflow in itertools.combinations_with_replacement. - Issue #23366: Fixed possible integer overflow in itertools.combinations. - Issue #23191: fnmatch functions that use caching are now threadsafe. - Issue #18518: timeit now rejects statements which can't be compiled outside a function or a loop (e.g. "return" or "break"). - Issue #19996: Make :mod:`httplib` ignore headers with no name rather than assuming the body has started. - Issue #20188: Support Application-Layer Protocol Negotiation (ALPN) in the ssl module. - Issue #23248: Update ssl error codes from latest OpenSSL git master. - Issue #23098: 64-bit dev_t is now supported in the os module. - Issue #23063: In the disutils' check command, fix parsing of reST with code or code-block directives. - Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. - Backport the context argument to ftplib.FTP_TLS. - Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS. - Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and fragment when it redirects to add a trailing slash. - Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(), instead of reading /dev/urandom, to get pseudo-random bytes. - Issue #23093: In the io, module allow more operations to work on detached streams. - Issue #23071: Added missing names to codecs.__all__. - Issue #23016: A warning no longer produces an AttributeError when sys.stderr is None. - Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails. Original patch by Martin Panter. - Issue #22609: Constructors and update methods of mapping classes in the collections module now accept the self keyword argument. - Issue #23006: Improve the documentation and indexing of dict.__missing__. Add an entry in the language datamodel special methods section. Revise and index its discussion in the stdtypes mapping/dict section. Backport the code example from 3.4. - Issue #21514: The documentation of the json module now refers to new JSON RFC 7159 instead of obsoleted RFC 4627. - Issue #6639: Module-level turtle functions no longer raise TclError after closing the window. - Issue #22314: pydoc now works when the LINES environment variable is set. - Issue #18905: "pydoc -p 0" now outputs actually used port. - Issue #23345: Prevent test_ssl failures with large OpenSSL patch level values (like 0.9.8zc). - Issue #23392: Added tests for marshal C API that works with FILE*. - Issue #18982: Add tests for CLI of the calendar module. - Issue #19949: The test_xpickle test now tests compatibility with installed Python 2.7 and reports skipped tests. - Issue #11578: Backported test for the timeit module. - Issue #22943: bsddb tests are locale independend now. - Issue #20577: Configuration of the max line length for the FormatParagraph extension has been moved from the General tab of the Idle preferences dialog to the FormatParagraph tab of the Config Extensions dialog. - Issue #16893: Update Idle doc chapter to match current Idle and add new information. - Issue #23180: Rename IDLE "Windows" menu item to "Window". - Issue #15506: Use standard PKG_PROG_PKG_CONFIG autoconf macro in the configure script. - Issue #22079: PyType_Ready() now checks that statically allocated type has no dynamically allocated bases. * Re-apply the fix for issue #22079. This is now a warning instead of an error. LP: #1426294. * Fix issue #23842, SystemError in os.minor, os.major. LP: #1435242. * When using GCC versions older than 4.9 for extension builds, automagically mangle -fstack-protector-strong to -fstack-protector. * debian/tests: Use init system agnostic "service" command instead of upstart specific "stop". Also drop unnecessary "status" call right after stopping apport. * Refresh patches. python2.7 (2.7.9-2) unstable; urgency=medium * python2.7-minimal: Make Pre-Depends mangling more robust. Closes: #779294. * python2.7-doc: Depend on libjs-underscore. LP: #1424538. * Remove LTO sections from the static libraries. Closes: #698395. python2.7 (2.7.9-1) unstable; urgency=medium * Python 2.7.9 release. python2.7 (2.7.9~rc1-2) unstable; urgency=medium * Update to 20141209, taken from the 2.7 release repository. - Issue #22959: Remove the *check_hostname* parameter of httplib.HTTPSConnection. The *context* parameter should be used instead. - Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode will return. This resolves CVE-2013-1753. Closes: #742929. - Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting the call to readline(). Closes: #742929. - Issue #16041: In poplib, limit maximum line length read from the server to prevent CVE-2013-1752. Closes: #742929. - Issue #22960: Add a context argument to xmlrpclib.ServerProxy. - Issue #22935: Allow the ssl module to be compiled if openssl doesn't support SSL 3. * Add locales to autopkg test dependencies as in 3.4. * Remove Demo/scripts/newslist.* from the examples package, not distributable, will get removed in 2.7.9~rc2 sources. See issue #12987. * Let ensurepip always use a temporary directory for installations. python2.7 (2.7.9~rc1-1) unstable; urgency=medium * Python 2.7.9 release candidate 1. - Testsuite updates. - Issue #16056: Rename test methods to avoid conflict. - Issue #20351: Add examples for csv.DictReader and csv.DictWriter. - PEP 476: verify certificates by default (#22417). - Give urllib.urlopen a context parameter (closes #22927). - Allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI (closes #22921). - Allow passing cert/ssl information to urllib2.urlopen and httplib.HTTPSConnection (backport of issues #9003 and #22366). * Let libpython2.7-stdlib break python-urllib3 (<< 1.9.1-3). Closes: #770157. * Ignore the test_threading_local test failure in the Debian CI environment. Succeeds even there when repeated. * Don't pass default compiler search directories in the pkgconfig file. Closes: #770935. python2.7 (2.7.8-12) unstable; urgency=medium * Update to 20141118, taken from the 2.7 branch. - Issue #12728: Different Unicode characters having the same uppercase but different lowercase are now matched in case-insensitive regular expressions. - Issue #22821: Fixed fcntl() with integer argument on 64-bit big-endian platforms. - Issues #814253, #9179: Group references and conditional group references now work in lookbehind assertions in regular expressions. - Issue #22769: Fixed ttk.Treeview.tag_has() when called without arguments. - Issue #22787: Allow the keyfile argument of SSLContext.load_cert_chain to be None. - Issue #22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2. - Issue #22776: Brought excluded code into the scope of a try block in SysLogHandler.emit(). - Issue #17381: Fixed ranges handling in case-insensitive regular expressions. - Issue #19329: Optimized compiling charsets in regular expressions. - Issue #22410: Module level functions in the re module now cache compiled locale-dependent regular expressions taking into account the locale. - Issue #8876: distutils now falls back to copying files when hard linking doesn't work. This allows use with special filesystems such as VirtualBox shared folders. - Issue #22193: Fixed integer overflow error in sys.getsizeof(). * Backport the ensurepip patch from 3.4. * Disable ensurepip in Debian, at least for the upcoming release. * Fix maintainer scripts for byte-code removal. Closes: #769078. * Allow building and testing without SSLv3 support (Kurt Roeckx). Closes: #768611. * Let distutils.sysconfig.get_python_inc() honor the "prefix" argument. Closes: #769720. python2.7 (2.7.8-11) unstable; urgency=medium * Update to 20141018, taken from the 2.7 branch. - Issue #9351: Defaults set with set_defaults on an argparse subparser are no longer ignored when also set on the parent parser. - Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. - Issue #22435: Fix a file descriptor leak when SocketServer bind fails. - Issue #13664: GzipFile now supports non-ascii Unicode filenames. - Issue #13096: Fixed segfault in CTypes POINTER handling of large values. - Issue #11694: Raise ConversionError in xdrlib as documented. - Issue #10712: 2to3 has a new "asserts" fixer that replaces deprecated names of unittest methods (e.g. failUnlessEqual -> assertEqual). * Pass -ffat-lto-objects for LTO enabled builds with GCC 4.9. python2.7 (2.7.8-10) unstable; urgency=medium * Update to 20141007, taken from the 2.7 branch. python2.7 (2.7.8-9) unstable; urgency=medium * Fix refcounting error in the fix for issue #22523. Closes: #762010. python2.7 (2.7.8-8) unstable; urgency=medium * Update to 20141002, taken from the 2.7 branch. * Refresh patches. * Apply proposed patch for issue #22523. Closes: #762010. python2.7 (2.7.8-7) unstable; urgency=medium * Update to 20140909, taken from the 2.7 branch. * debian/tests/testsuite{,-dbg}: Several tests fail with configured proxy and disabled network test resources. Explicitly unset proxy variables. See issue #22371. python2.7 (2.7.8-6) unstable; urgency=medium * distuils: For extension builds, always pass BASECFLAGS. python2.7 (2.7.8-5) unstable; urgency=medium * Build-depend on dpkg-dev (>= 1.17.11). python2.7 (2.7.8-4) unstable; urgency=medium * distutils: For extension builds pass the CPPFLAGS, CFLAGS, LDFLAGS used for the python build when these flags cannot be found in the environment. * Don't use the system python during the build. * Build using autotools-dev. Closes: #756772. * Pass AR and RANLIB for lto enabled builds. python2.7 (2.7.8-3) unstable; urgency=medium * Call dpkg -L in the maintainer scripts with an architecture qualifier for M-A: same packages. Closes: #736385. * Apply the plat-linux2_mips patch for mips64 and mips64el. Closes: #755578. python2.7 (2.7.8-2) unstable; urgency=medium * Revert the backport of issue #1856 (avoid daemon thread problems at shutdown). Issue #21963. Apparently ceph has issues with it. Closes: #754341. python2.7 (2.7.8-1) unstable; urgency=medium * Python 2.7.8 release. python2.7 (2.7.7-2) unstable; urgency=medium * Re-enable the test_pydoc, test_tools, test_subprocess and test_uuid autopkg tests. * In the autopkg tests, make $ADTTMP accessible to the su user. python2.7 (2.7.7-1) unstable; urgency=medium * Python 2.7.7 release. * Refresh patches. * In the autopkg tests, set HOME to the temporary home directory after the su call. * Expect test failures in the distutils autopkg tests. * Disable the test_solaris_enable_shared test. python2.7 (2.7.7~rc1-1) unstable; urgency=medium * Python 2.7.7 release candidate 1. * Run the testsuite in a temporary home directory. python2.7 (2.7.6-8) unstable; urgency=medium * Set a temporary home directory for the build and the autopkg tests. python2.7 (2.7.6-8) unstable; urgency=medium * Update to 20140322, taken from the 2.7 branch. * Install updated idle icons. LP: #1295969. * Update the ssl.match_hostname backport: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125, for security reasons. It now doesn't match multiple wildcards nor wildcards inside IDN fragments. Closes: #740255. python2.7 (2.7.6-7) unstable; urgency=medium * Include test data for test_imghdr test. python2.7 (2.7.6-6) unstable; urgency=high * Update to 20140225, taken from the 2.7 branch. - CVE-2014-1912. Fix issue 20246, buffer overflow in socket.recvfrom_into. * Build without ffi on or1k. Closes: #738519. * Allow loading of extensions in the sqlite module. Closes: #739555. * Update autopkg tests (Martin Pitt): - Don't fail if apport is not installed. - Call su with explicit shell, as nobody has nologin as default shell now. - Only use $SUDO_USER if that user actually exists in the testbed. - Drop obsolete chowning of $TMPDIR and $ADTTMP; with current autopkgtest $TMPDIR has appropriate permissions, and $ADTTMP is not being used. python2.7 (2.7.6-5) unstable; urgency=medium * Update to 20140111, taken from the 2.7 branch. * Build-depend on net-tools, required for the test_uuid test. * Build-depend on the default Tcl/Tk. * Add two new autopkg tests to run the failing tests. python2.7 (2.7.6-4) unstable; urgency=medium * Update to 20131230, taken from the 2.7 branch. * Disable sphinx refcounting extension, removed in sphinx-1.2. Closes: #733404. python2.7 (2.7.6-3) unstable; urgency=low * Update to 20131206, taken from the 2.7 branch. * Disable the test_uuid autopkg test, hanging, missing entropy? * Drop python dependency in libpython2.7-dbg. * Revert patch from http://bugs.python.org/issue19352 as it completely breaks unittest discovery on Debian/Ubuntu. LP: #1255505. python2.7 (2.7.6-2) unstable; urgency=low * Update to 20131121, taken from the 2.7 branch. * Fix test support when the running kernel doesn't handle port reuse. * Build-depend on libdb-dev (<< 1:6.0) instead of a specific db version. python2.7 (2.7.6-1) unstable; urgency=low * Python 2.7.6 release. * Update to 20131119, taken from the 2.7 branch. * For autopkg tests, only run the separate tests when defined. * Don't run the curses autopkg test. * Disable running the testsuite on mipsn32(el) and mips64(el), requested by YunQiang Su. Closes: #719057. python2.7 (2.7.5-8) unstable; urgency=medium * Update to 20130917, taken from the 2.7 branch. - Fix SSL module to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238). Closes: #719566. * Don't run the curses autopkg test. * Set Multi-Arch attributes for binary packages. * Fix multiarch include header for sparc64. Closes: #714802, #715063. python2.7 (2.7.5-7) unstable; urgency=low * Update to 20130803, taken from the 2.7 branch. * Update package descriptions (Filipus Klutiero). Closes: #715801. * Fix multiarch include header for sparc64. Closes: #715063. * Move removal of the sitecustomize.py file into the libpython-minimal postrm. Closes: #709964. python2.7 (2.7.5-6) unstable; urgency=low * Update to 20130613, taken from the 2.7 branch. * Refresh patches. * Don't run consistency check for cross builds. * Really skip byte compile of non-existing sitecustomize.py. * Fix the multiarch header file for mips64 (YunQiang Su). Closes: #710374. python2.7 (2.7.5-5) unstable; urgency=low * Update to 20130602, taken from the 2.7 branch. * Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). Closes: #709066. * Don't try to byte-compile sitecustomize.py if the target of the symlink doesn't exist anymore. Closes: #709157. * Handle byte compilation in python2.7{-minimal,}, byte removal in libpython2.7{-minimal,-stdlib}. Closes: #709964. * Backport patch to fix issue #13146, possible race conditions when writing .pyc/.pyo files in py_compile.py (Barry Warsaw). LP: #1058884. * Fix issue #17988, internal error in regular expression engine on 32bit targets (closes: #710315). python2.7 (2.7.5-4) unstable; urgency=low * Move the libc dependency of -minimal from Depends to Pre-Depends. Closes: #708831. * Disable the test_io test on armel, armhf, mips, mipsel. Hangs the buildds. python2.7 (2.7.5-3) unstable; urgency=high * Fix the multiarch header file for ppc64. Closes: #708641. python2.7 (2.7.5-2) unstable; urgency=low * Only run the _multiprocessing build check on linux targets. python2.7 (2.7.5-1) unstable; urgency=low * Python 2.7.5 release. * Set the platinclude dir back to the non-multiarch include path, where the multiarch pyconfig.h compatibility header is found. * Fix issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. * Issue #17754, setting LANG and LC_ALL for the compiler call in ctypes/util. * Issue #17761, platform._parse_release_file doesn't close the /etc/lsb-release file, and doesn't know about 'Ubuntu'. * Fix autopkg tests. * Re-enable lto and pgo optimized builds, accidentally disabled for the last upload. * more autopkg test fixes. * Link the ctypes extension with the shared libffi library. * Fix a distutils test with the deb install layout. * Move lib2to3 library into libpython2.7-stdlib. Closes: #705078. * Don't set yet any Multi-Arch: attributes in Debian. python2.7 (2.7.4-2) experimental; urgency=low * Idle updates: - Issue #17657: Show full Tk version in IDLE's about dialog. - Issue #17613: Prevent traceback when removing syntax colorizer. - Issue #1207589: Backwards-compatibility patch for right-click menu. - Issue #16887: Now accepts Cancel in tabify/untabify dialog box. - Issue #14254: Now handles readline correctly across shell restarts. - Issue #17614: No longer raises exception when quickly closing a file. - Issue #6698: Now opens just an editor window when configured to do so. - Issue #8900: Using keyboard shortcuts in IDLE to open a file no longer raises an exception. - Issue #6649: Fixed missing exit status. * Build a libpython2.7-testsuite package. LP: #301629. * Add autopkg tests to run the installed testsuite in normal and debug mode. * Re-enable running the tests during the build. * Add the io and _io modules to libpython2.7-minimal. * Backport ssl.CertificateError as well. Closes: #626539. LP: #1166344. * Don't ship an uncompress python man page. Closes: #705079. python2.7 (2.7.4-1ubuntu4) raring; urgency=low * Build a libpython2.7-testsuite package. LP: #301629. * Add autopkg tests to run the installed testsuite in normal and debug mode. * Re-enable running the tests during the build. * Idle updates: - Issue #17657: Show full Tk version in IDLE's about dialog. - Issue #17613: Prevent traceback when removing syntax colorizer. - Issue #1207589: Backwards-compatibility patch for right-click menu. - Issue #16887: Now accepts Cancel in tabify/untabify dialog box. - Issue #14254: Now handles readline correctly across shell restarts. - Issue #17614: No longer raises exception when quickly closing a file. - Issue #6698: Now opens just an editor window when configured to do so. - Issue #8900: Using keyboard shortcuts in IDLE to open a file no longer raises an exception. - Issue #6649: Fixed missing exit status. python2.7 (2.7.4-1ubuntu3) raring; urgency=low * Add the io and _io modules to libpython2.7-minimal. LP: #1165172. * Add missing import for the ssl module. LP: #1166644. python2.7 (2.7.4-1ubuntu2) raring; urgency=low * Backport ssl.CertificateError as well. Closes: #626539. LP: #1166344. python2.7 (2.7.4-1ubuntu1) raring; urgency=low * Merge with Debian; remaining changes: - Build-depend on python:any instead of python. python2.7 (2.7.4-1) experimental; urgency=low * Python 2.7.4 release. - Issue #17550: Fix the --enable-profiling configure switch. - Issue #15801 (again): With string % formatting, relax the type check for a mapping such that any type with a __getitem__ can be used on the right hand side. - Issue #17625: In IDLE, close the replace dialog after it is used. - Issue #17531: Fix tests that thought group and user ids were always the int type. Also, always allow -1 as a valid group and user id. - Issue 17538: Document XML vulnerabilties * Byte-compile files in libpython2.7-dbg. * libpython2.7-minimal: Break earlier python2.7-minimal versions. Closes: #704084. LP: #1157687. * Call python with -E -S for the byte compilation. python2.7 (2.7.4~rc1-4) experimental; urgency=low * Fix byte-compiliation/-removal for the split-out library packages. LP: #1160944. python2.7 (2.7.4~rc1-3) experimental; urgency=low * Fix webbrowser update. Closes: #703872. LP: #1159636. python2.7 (2.7.4~rc1-2) experimental; urgency=low * Backport webbrowser updates from 3.3. Closes: #700429. * Build again using db-5.1 instead of db-5.3. python2.7 (2.7.4~rc1-1) experimental; urgency=low * Python 2.7.4 release candidate 1. - Issue #10211: Buffer objects expose the new buffer interface internally. - Issue #10212: cStringIO and struct.unpack support new buffer objects. - Issue #12098: multiprocessing on Windows now starts child processes using the same sys.flags as the current process. - Issue #8862: Fixed curses cleanup when getkey is interrputed by a signal. - Issue #9090: When a socket with a timeout fails with EWOULDBLOCK or EAGAIN, retry the select() loop instead of bailing out. - Issue #1285086: Get rid of the refcounting hack and speed up urllib.unquote(). - Issue #17368: Fix an off-by-one error in the Python JSON decoder that caused a failure while decoding empty object literals when object_pairs_hook was specified. - Issue #17477: Update the bsddb module to pybsddb 5.3.0, supporting db-5.x, and dropping support for db-4.1 and db-4.2. - Issue #17192: Update the ctypes module's libffi to v3.0.13. This specifically addresses a stack misalignment issue on x86 and issues on some more recent platforms. - Issue #11420: make test suite pass with -B/DONTWRITEBYTECODE set. - Issue #17299: Add test coverage for cPickle with file objects and general IO objects. - Issue #11963: remove human verification from test_parser and test_subprocess. - Issue #16004: Add `make touch`. - Issue #17047: remove doubled words in docs and docstrings * Rework the sysconfigdata patch into something upstreamable. python2.7 (2.7.3-16ubuntu2) raring; urgency=low * Update to 20130315, taken from the 2.7 branch. - Issue #1285086: Get rid of the refcounting hack and speed up urllib.unquote(). - Issue #17368: Fix an off-by-one error in the Python JSON decoder that caused a failure while decoding empty object literals when object_pairs_hook was specified. - Issue #17299: Add test coverage for cPickle with file objects and general IO objects. - Issue #11963: Remove human verification from test_parser and test_subprocess. - Issue #16004: Add `make touch`. - Issue #17412: Update 2.7 Doc/make.bat to also use sphinx-1.0.7. - Issue #17047: Remove doubled words in docs and docstrings. * Revert the patch for Issue #1159051, handling corrupted gzip files with unexpected EOF. LP: #1116079. python2.7 (2.7.3-16ubuntu1) raring; urgency=low * Merge with Debian; remaining changes: - Build-depend on python:any instead of python. * Update symbols files. python2.7 (2.7.3-16) experimental; urgency=low * Update to 20130308, taken from the 2.7 branch. - Issue #10156: In the interpreter's initialization phase, unicode globals are now initialized dynamically as needed. - Issue #16975: Fix error handling bug in the escape-decode decoder. - Issue #9290: In IDLE the sys.std* streams now implement i…

python2.7 (2.7.18-13ubuntu1.1) jammy-security; urgency=medium * SECURITY UPDATE: Injection Attack - debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe filenames/types/param in Lib/mailcap.py. - CVE-2015-20107 python2.7 (2.7.18-13ubuntu1) jammy; urgency=medium * Hard-code dependency on libssl3 instead of libssl1.1. python2.7 (2.7.18-13) unstable; urgency=medium * Skip tests requiring TLS 1.2 under OpenSSL 3. * Test suite adjustments for Expat >=2.4.5. python2.7 (2.7.18-12) unstable; urgency=medium * Apply patches for a binary-indep only build. python2.7 (2.7.18-11) unstable; urgency=medium [ Stefano Rivera ] * Preliminary OpenSSL 3 support. * Support building docs with Sphinx 4. [ Matthias Klose ] * (Build-)Depend on media-types. Closes: #991565. * Bump standards version. * Bump debhelper version. python2.7 (2.7.18-9) unstable; urgency=medium * Bump standards version. python2.7 (2.7.18-8) unstable; urgency=medium [ Andreas Beckmann ] * python2.7, libpython2.7-minimal: Add Breaks: python-dev (<< 2.7.18), libpython-dev (<< 2.7.18), python-dbg (<< 2.7.18), libpython-dbg (<< 2.7.18) to remove more unversioned python packages. Add Breaks: libgcj-common (<< 1:7), libvolk1-bin (<< 2), pysycache (<< 3.1-4~), python-catkin-pkg (<< 0.4.14-2~), python-chardet (<< 3.0.4-6~), python-extras (<< 1.0.0-4~), python-fixtures (<< 3.0.0-3~), python-genpy (<< 0.6.9-2~), python-iso8601 (<< 0.1.12-2~), python-linecache2 (<< 1.0.0-4~), python-pbr (<< 5.4.5), python-pyasn1 (<< 0.4.2-4~), python-pygame (<< 1.9.6+dfsg-3~), python-pyicu (<< 2.2-3~), python-rospkg (1.1.10-2~), python-std-msgs (<< 0.5.12-2~), python-testtools (<< 2.3.0-7~), python-traceback2 (<< 1.4.0-6~), python-traitlets (<< 4.3.3-3~), python-urllib3 (<< 1.25.8-2~), python-yaml (<< 5.3.1-2~) to remove some persisting obsolete module packages along the unversioned python packages on upgrades from buster. Closes: #990520. * libpython2.7-stdlib: Breaks: ${python27:Breaks}, too. python2.7 (2.7.18-7) unstable; urgency=medium [ Andreas Beckmann ] * python2.7, libpython2.7-minimal: Add Breaks: python (<< 2.7.18) to ensure removal of the unversioned python packages on upgrades from buster. The previously added (transitive) Breaks are not sufficient in a few upgrade scenarios. Closes: #987661. python2.7 (2.7.18-6) unstable; urgency=medium * python2.7, libpython2.7-minimal: Add Breaks: python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18) to ensure removal of the unversioned python packages on upgrades from buster (Andreas Beckmann). Closes: #984777. python2.7 (2.7.18-5) unstable; urgency=medium * Use the posix_prefix layout when inside a virtualenv (Stefano Rivera). Closes: #983552. python2.7 (2.7.18-4) unstable; urgency=medium * Update the patch for issue #42938 (Marc Deslauriers). Closes: #983516. python2.7 (2.7.18-2) unstable; urgency=medium * Fix issue #39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). * Backport of 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4, trimmed down to the fix for CVE-2020-8492. Closes: #970099. * Fix FTCBFS: Add back a dependency on python2.7:any (Helmut Grohne). Closes: #939514. * Fix issue #42938: Replace snprintf with Python unicode formatting in ctypes param reprs (CVE-2021-3177) (Saif Hakim). LP: #1916117. python2.7 (2.7.18-1) unstable; urgency=medium * Python 2.7.18 release. * Let the Python2 end-of-life banner point to the python3 packages, not to the online documentation. python2.7 (2.7.18~rc1-2) unstable; urgency=medium * Ignore some autopkg tests: - test_ssl: Fails with OPENSSL_TLS_SECURITY_LEVEL=2. - tst_io: Fails on Ubuntu's autopkg test infrastructure. * Lower OpenSSL security level from 2 to 1 during testing as test_ssl assumes that. * Add XB-Cnf-Visible-Pkgname header on the python*-minimal package to point command-not-found at the full one. LP: #1867157 python2.7 (2.7.18~rc1-1) unstable; urgency=medium * Python 2.7.18 release candidate 1. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. * Make autopkgtests cross-test-friendly (Steve Langasek). python2.7 (2.7.17-1) unstable; urgency=medium * Python 2.7.17 release. python2.7 (2.7.17~rc1-1) unstable; urgency=medium * Python 2.7.17 release candidate 1. - CVE-2019-16056, don't parse domains containing @. Closes: #940901. * Bump standards version. python2.7 (2.7.16-4) unstable; urgency=medium * Update to 20190904 from the 2.7 branch. * Refresh patches. * Drop build dependency on python:any. Addresses: #937569. * Annotate Build-Depends: xvfb and xauth with <!nocheck>. Closes: #928514. python2.7 (2.7.16-3) unstable; urgency=medium * Update to 20190708 from the 2.7 branch. * Bump standards version. python2.7 (2.7.16-2) unstable; urgency=high [ Matthias Klose ] * CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that normalize to separators. Closes: #924073. * CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema (file://). [ Dimitri John Ledkov ] * Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to 1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one shouldn't mix and match python2.7 & libssl1.1. LP: #1808476 python2.7 (2.7.16-1) unstable; urgency=medium * Python 2.7.16 release. - Now has a version without a trailing '+'. Closes: #914072. python2.7 (2.7.16~rc1-1) unstable; urgency=medium * Python 2.7.16 release candidate 1. python2.7 (2.7.15-9) unstable; urgency=medium * Update to 20190216 from the 2.7 branch. - Backport of TLS 1.3 related fixes from 3.7. * Drop the local TLS 1.3 backports. python2.7 (2.7.15-8) unstable; urgency=medium * Fix typo in autopkg test. python2.7 (2.7.15-7) unstable; urgency=medium * Expect the test_site test failing as in 3.7. python2.7 (2.7.15-6) unstable; urgency=medium * Update to 20190201 from the 2.7 branch. - CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline(). - CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt(). Closes: #921039. - CVE-2019-5010: DsO vulnerability exists in the X509 certificate parser. Closes: #921040. * Bump standards version. * Update symbols file. python2.7 (2.7.15-5) unstable; urgency=medium * Update to 20181127 from the 2.7 branch. - Fix issue #20744, running an external 'zip' in shutil.make_archive(). CVE-2018-1000802. Closes: #909673. * Cherrypick in-progress backports to 2.7 branch from 3.6 branch to fix test_ssl assertions with openssl 1.1.1. Resolves autopkgtest failure of the 2.7 with openssl 1.1.1 (Dimitri John Ledkov). * Don't hard code location of netinet/in.h. Closes: #912422. * Update VCS attributes. python2.7 (2.7.15-4) unstable; urgency=medium * Update to 20180831 from the 2.7 branch. - Fixes the build with OpenSSL 1.1.1. Closes: #900157. * Don't run the test_ftplib and test_ssl autopkg tests, not yet ready for OpenSSL 1.1.1. Closes: #907033. python2.7 (2.7.15-3) unstable; urgency=medium * Bump standards version. * Pass the list of the pyFPE breaks as a parameter into dpkg-gencontrol instead of hard-coding them in the control file. python2.7 (2.7.15-1) unstable; urgency=medium * Python 2.7.15 release. python2.7 (2.7.15~rc1-1) unstable; urgency=medium * Python 2.7.15 release candidate 1. python2.7 (2.7.14-8) unstable; urgency=medium * Update to 20180402 from the 2.7 branch. python2.7 (2.7.14-7) unstable; urgency=medium * Update to 20180313 from the 2.7 branch. - Fix issue #32185: The SSL module no longer sends IP addresses in SNI TLS extension on platforms with OpenSSL 1.0.2+ or inet_pton. See #892814. * Add support for riscv64 (Aurelien Jarno). Closes: #892329. python2.7 (2.7.14-6) unstable; urgency=medium * Don't run lib2to3 tests which rely on the pickled grammar files. python2.7 (2.7.14-5) unstable; urgency=medium * Update to 20180204 from the 2.7 branch. - Fix issue #31530. Closes: #889280. * python2.7-minimal: Pre-Depend on zlib1g. Closes: #887629. python2.7 (2.7.14-4) unstable; urgency=medium * Fix applying the m-i-p-s-r6 patch. python2.7 (2.7.14-3) unstable; urgency=medium * Update to 20171205 from the 2.7 branch. * Build with -fstack-protector instead of -fstack-protector-strong. Performance improvements of around 1-2%. * Add support for mipsr6 triplets (YunQiang Su). Closes: #881945. python2.7 (2.7.14-2) unstable; urgency=medium * Really rename the md5_* functions. python2.7 (2.7.14-1) unstable; urgency=medium * Python 2.7.14 release. python2.7 (2.7.14~rc1-3) unstable; urgency=medium * Add package breaks for extensions referencing symbols for the removed _PyFPE module. Closes: #873791, #873915, #873899. * Expect the regrtest test to fail on s390x. python2.7 (2.7.14~rc1-2) unstable; urgency=medium * Rename md5_* functions to _Py_md5_*. Closes: #868366. * Break python-numpy (<< 1:1.12.1-3.1), referencing the now missing fpectl modules. Closes: #873791. python2.7 (2.7.14~rc1-1) unstable; urgency=medium * Python 2.7.14 release candidate 1. * Stop building the fpectl extension. * Build the _math.o object file without -fPIC for static builds. LP: #1638695. python2.7 (2.7.13-4) unstable; urgency=medium * Update to 20170719 from the 2.7 branch. * Move test/support from libpython2.7-testsuite to libpython2.7-stdlib. Closes: #868168. python2.7 (2.7.13-3) unstable; urgency=medium * Update to 20170608 from the 2.7 branch. - bpo-27945: Fixed various segfaults with dict when input collections are mutated during searching, inserting or comparing. - bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non-interned or unicode attribute names. - bpo-29935: Fixed error messages in the index() method of tuple and list when pass indices of wrong type. - bpo-28598: Support __rmod__ for subclasses of str being called before str.__mod__. - bpo-29602: Fix incorrect handling of signed zeros in complex constructor for complex subclasses and for inputs having a __complex__ method. - bpo-29347: Fixed possibly dereferencing undefined pointers when creating weakref objects. - Issue #14376: Allow sys.exit to accept longs as well as ints. - Issue #29028: Fixed possible use-after-free bugs in the subscription of the buffer object with custom index object. - Issue #29145: Fix overflow checks in string, bytearray and unicode. - Issue #28932: Do not include <sys/random.h> if it does not exist. - bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot handle IPv6 addresses. - bpo-29960: Preserve generator state when _random.Random.setstate() raises an exception. - bpo-30310: tkFont now supports unicode options (e.g. font family). - bpo-30414: multiprocessing.Queue._feed background running thread do not break from main loop on exception. - bpo-30003: Fix handling escape characters in HZ codec. - bpo-30375: Warnings emitted when compile a regular expression now always point to the line in the user code. Previously they could point into inners of the re module if emitted from inside of groups or conditionals. - bpo-30363: Running Python with the -3 option now warns about regular expression syntax that is invalid or has different semantic in Python 3 or will change the behavior in future Python versions. - bpo-30365: Running Python with the -3 option now emits deprecation warnings for getchildren() and getiterator() methods of the Element class in the xml.etree.cElementTree module and when pass the html argument to xml.etree.ElementTree.XMLParser(). - bpo-30365: Fixed a deprecation warning about the doctype() method of the xml.etree.ElementTree.XMLParser class. Now it is emitted only when define the doctype() method in the subclass of XMLParser. - bpo-29990: Fix range checking in GB18030 decoder. - bpo-30243: Removed the __init__ methods of _json's scanner and encoder. Misusing them could cause memory leaks or crashes. Now scanner and encoder objects are completely initialized in the __new__ methods. - Revert bpo-26293 for zipfile breakage. See also bpo-29094. - bpo-30070: Fixed leaks and crashes in errors handling in the parser module. - bpo-30061: Fixed crashes in IOBase methods next() and readlines() when readline() or next() respectively return non-sizeable object. Fixed possible other errors caused by not checking results of PyObject_Size(), PySequence_Size(), or PyMapping_Size(). - bpo-30011: Fixed race condition in HTMLParser.unescape(). - bpo-30068: _io._IOBase.readlines will check if it's closed first when hint is present. - bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions and wrong types. - bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering long runs of empty iterables. - bpo-29861: Release references to tasks, their arguments and their results as soon as they are finished in multiprocessing.Pool. - bpo-27880: Fixed integer overflow in cPickle when pickle large strings or too many objects. - bpo-29110: Fix file object leak in aifc.open() when file is given as a filesystem path and is not in valid AIFF format. - Issue #29354: Fixed inspect.getargs() for parameters which are cell variables. - Issue #29335: Fix subprocess.Popen.wait() when the child process has exited to a stopped instead of terminated state (ex: when under ptrace). - Issue #29219: Fixed infinite recursion in the repr of uninitialized ctypes.CDLL instances. - Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but read from /dev/urandom to get random bytes, for example in os.urandom(). On Linux, getentropy() is implemented which getrandom() is blocking mode, whereas os.urandom() should not block. - Issue #29142: In urllib, suffixes in no_proxy environment variable with leading dots could match related hostnames again (e.g. .b.c matches a.b.c). - Issue #13051: Fixed recursion errors in large or resized curses.textpad.Textbox. - Issue #9770: curses.ascii predicates now work correctly with negative integers. - Issue #28427: old keys should not remove new values from WeakValueDictionary when collecting from another thread. - Issue #28998: More APIs now support longs as well as ints. - Issue 28923: Remove editor artifacts from Tix.py, including encoding not recognized by codecs.lookup. - Issue #29019: Fix dict.fromkeys(x) overallocates when x is sparce dict. - Issue #19542: Fix bugs in WeakValueDictionary.setdefault() and WeakValueDictionary.pop() when a GC collection happens in another thread. - Issue #28925: cPickle now correctly propagates errors when unpickle instances of old-style classes. - Issue #26355: Add canonical header link on each page to corresponding major version of the documentation. - Issue #12067: Rewrite Comparisons section in the Expressions chapter of the language reference. Some of the details of comparing mixed types were incorrect or ambiguous. Added default behaviour and consistency suggestions for user-defined classes. - bpo-29243: Prevent unnecessary rebuilding of Python during ``make test``, ``make install`` and some other make targets when configured with ``--enable-optimizations``. - bpo-23404: Don't regenerate generated files based on file modification time anymore: the action is now explicit. Replace ``make touch`` with ``make regen-all``. - bpo-27593: sys.version and the platform module python_build(), python_branch(), and python_revision() functions now use git information rather than hg when building from a repo. - bpo-29643: Fix ``--enable-optimization`` configure option didn't work. - Issue #28768: Fix implicit declaration of function _setmode. - bpo-11790: Fix sporadic failures in test_multiprocessing.WithProcessesTestCondition. - bpo-30236: Backported test.regrtest options -m/--match and -G/--failfast from Python 3. - bpo-30223: To unify running tests in Python 2.7 and Python 3, the test package can be run as a script. This is equivalent to running the test.regrtest module as a script. - bpo-30207: To simplify backports from Python 3, the test.test_support module was converted into a package and renamed to test.support. The test.script_helper module was moved into the test.support package. Names test.test_support and test.script_helper are left as aliases to test.support and test.support.script_helper. - bpo-30197: Enhanced function swap_attr() in the test.test_support module. It now works when delete replaced attribute inside the with statement. The old value of the attribute (or None if it doesn't exist) now will be assigned to the target of the "as" clause, if there is one. Also backported function swap_item(). - bpo-15083: Convert ElementTree doctests to unittests. * Explicitly use the system python for byte compilation in postinst scripts. Addresses: #852163. LP: #1682934. * Build using -fexceptions on ppc64 and ppc64el. Closes: #862925. LP: #1691848. python2.7 (2.7.13-2) unstable; urgency=medium * Lower priority of interpreter packages to optional. python2.7 (2.7.13-1) unstable; urgency=medium * Python 2.7.13 release. - Revert a37cc3d926ec (Issue #5322). Closes: #847791. * Fix one more broken -gdb.py symlink. Closes: #807513. python2.7 (2.7.13~rc1-1) unstable; urgency=medium * Python 2.7.13 release candidate 1. - Issue #5322: Fixed setting __new__ to a PyCFunction inside Python code. - Issue #28847: dumbdbm no longer writes the index file in when it is not changed and supports reading read-only files. - Issue #11145: Fixed miscellaneous issues with C-style formatting of types with custom __oct__ and __hex__. - Issue #24469: Fixed memory leak caused by int subclasses without overridden tp_free (e.g. C-inherited Cython classes). * Pass CXX when configuring and building. Closes: #846326. * Add profile for libbluetooth-dev build dependency. Closes: #738520. python2.7 (2.7.12-7) unstable; urgency=medium * Update to 20161121 from the 2.7 branch. - Issue #19398: Extra slash no longer added to sys.path components in case of empty compile-time PYTHONPATH components. - Issue #25659: In ctypes, prevent a crash calling the from_buffer() and from_buffer_copy() methods on abstract classes like Array. - Issue #28563: Fixed possible DoS and arbitrary code execution when handle plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext. - Issue #25507: Add back import needed for 2.x encoding warning box. Add pointer to 'Encoding declaration' in Language Reference. - Issue #28666: Now test.test_support.rmtree is able to remove unwritable or unreadable directories. - Issue #23839: Various caches now are cleared before running every test file. - Issue #26359: Rename --with-optimiations to --enable-optimizations. python2.7 (2.7.12-5) unstable; urgency=medium * Update to 20161104 from the 2.7 branch. - Issue #28387: Fixed possible crash in _io.TextIOWrapper deallocator when the garbage collector is invoked in other thread. * Disable some lib2to3 tests relying on the saved pickled grammar files. python2.7 (2.7.12-4) unstable; urgency=medium * Update to 20161103 from the 2.7 branch. - Issue #21720: Improve exception message when the type of fromlist is unicode. fromlist parameter of __import__() only accepts str in Python 2 and this will help to identify the problem especially when the unicode_literals future import is used. - Issue #26906: Resolving special methods of uninitialized type now causes implicit initialization of the type instead of a fail. - Issue #18287: PyType_Ready() now checks that tp_name is not NULL. - Issue #24098: Fixed possible crash when AST is changed in process of compiling it. - Issue #28350: String constants with null character no longer interned. - Issue #27942: String constants now interned recursively in tuples and frozensets. - Issue #15578: Correctly incref the parent module while importing. - Issue #26307: The profile-opt build now applies PGO to the built-in modules. - Issue #26020: set literal evaluation order did not match documented behaviour. - Issue #28449: tarfile.open() with mode "r" or "r:" now tries to open a tar file with compression before trying to open it without compression. Otherwise it had 50% chance failed with ignore_zeros=True. - Issue #25464: Fixed HList.header_exists() in Tix module by adding a workaround to Tix library bug. - Issue #28488: shutil.make_archive() no longer adds entry "./" to ZIP archive. - Issue #28480: Fix error building _sqlite3 module when multithreading is disabled. - Issue #26293: Fixed writing ZIP files that starts not from the start of the file. Offsets in ZIP file now are relative to the start of the archive in conforming to the specification. - Fix possible integer overflows and crashes in the mmap module with unusual usage patterns. - Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() if pass invalid string-like object as a name. - Issue #1703178: Fix the ability to pass the --link-objects option to the distutils build_ext command. - Issue #28253: Fixed calendar functions for extreme months: 0001-01 and 9999-12. Methods itermonthdays() and itermonthdays2() are reimplemented so that they don't call itermonthdates() which can cause datetime.date under/overflow. - Issue #27963: Fixed possible null pointer dereference in ctypes.set_conversion_mode(). - Issue #28284: Strengthen resistance of ``_json.encode_basestring_ascii()`` to integer overflow. - Issue #27611: Fixed support of default root window in the Tix module. - Issue #24363: When parsing HTTP header fields, if an invalid line is encountered, skip it and continue parsing. Previously, no more header fields were parsed, which could lead to fields for HTTP framing like Content-Length and Transfer-Encoding being overlooked. - Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp(). - Issue #25969: Update the lib2to3 grammar to handle the unpacking generalizations added in 3.5. - Issue #24594: Validates persist parameter when opening MSI database - Issue #27570: Avoid zero-length memcpy() etc calls with null source pointers in the "ctypes" and "array" modules. - Issue #22450: urllib now includes an "Accept: */*" header among the default headers. This makes the results of REST API requests more consistent and predictable especially when proxy servers are involved. - lib2to3.pgen3.driver.load_grammar() now creates a stable cache file between runs given the same Grammar.txt input regardless of the hash randomization setting. - Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. - Issue #27850: Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack (CVE-2016-2183). - Issue #27766: Add ChaCha20 Poly1305 to ssl module's default ciper list. (Required OpenSSL 1.1.0 or LibreSSL). - Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. Closes: #835793. - Issue #27944: Fix some memory-corruption bugs in the log reading code of the _hotshot module. - Issue #27934: Use ``float.__repr__`` instead of plain ``repr`` when JSON- encoding an instance of a float subclass. - Issue #21201: Improves readability of multiprocessing error message. - Issue #15308: Add 'interrupt execution' (^C) to Shell menu. - Issue #27922: Stop IDLE tests from 'flashing' gui widgets on the screen. - Issue #17642: add larger font sizes for classroom projection. - Add version to title of IDLE help window. - Issue #25564: In section on IDLE -- console differences, mention that using exec means that __builtins__ is defined for each statement. - Issue #28513: Documented command-line interface of zipfile. - Issue #28258: Fixed build with Estonian locale. - Issue #26661: setup.py now detects system libffi with multiarch wrapper. - Issue #15819: The Include directory in the build tree is already searched; drop unused code trying to add it again. - Issue #27566: Fix clean target in freeze makefile. - Issue #27983: Cause lack of llvm-profdata tool when using clang as required for PGO linking to be a configure time error rather than make time when --with-optimizations is enabled. Also improve our ability to find the llvm-profdata tool on MacOS and some Linuxes. - Issue #26359: Add the --with-optimizations configure flag. - Issue #27952: Get Tools/scripts/fixcid.py working with the current "re" module, avoid invalid Python backslash escapes, and fix a bug parsing escaped C quote signs. python2.7 (2.7.12-3) unstable; urgency=medium * Update to 20160901 from the 2.7 branch. - Issue #27870: A left shift of zero by a large integer no longer attempts to allocate large amounts of memory. - Issue #25604: Fix a minor bug in integer true division; this bug could potentially have caused off-by-one-ulp results on platforms with unreliable ldexp implementations. - Issue #27861: Fixed a crash in sqlite3.Connection.cursor() when a factory creates not a cursor. - Issue #10513: Fix a regression in Connection.commit(). Statements should not be reset after a commit. - Issue #2466: posixpath.ismount now correctly recognizes mount points which the user does not have permission to access. - Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller. - Issue #27774: Fix possible Py_DECREF on unowned object in _sre. - Issue #27760: Fix possible integer overflow in binascii.b2a_qp. - In the curses module, raise an error if window.getstr() or window.instr() is passed a negative value. - Issue #27758: Fix possible integer overflow in the _csv module for large record lengths. - Issue #23369: Fixed possible integer overflow in _json.encode_basestring_ascii. - Issue #27714: text_textview and test_autocomplete now pass when re-run in the same process. This occurs when test_idle fails when run with the -w option but without -jn. Fix warning from test_config. - Issue #27452: add line counter and crc to IDLE configHandler test dump. python2.7 (2.7.12-2) unstable; urgency=medium * Update to 20160804 from the 2.7 branch. - Issue #27473: Fixed possible integer overflow in str, unicode and bytearray concatenations and repetitions. - Issue #27507: Add integer overflow check in bytearray.extend(). - Issue #27581: Don't rely on wrapping for overflow check in PySequence_Tuple(). - Issue #23908: os functions, open() and the io.FileIO constructor now reject unicode paths with embedded null character on Windows instead of silently truncating them. - Issue #27514: Make having too many statically nested blocks a SyntaxError instead of SystemError. - Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. - Issue #27130: In the "zlib" module, fix handling of large buffers (typically 2 or 4 GiB). Previously, inputs were limited to 2 GiB, and compression and decompression operations did not properly handle results of 2 or 4 GiB. - Issue #23804: Fix SSL zero-length recv() calls to not block and not raise an error about unclean EOF. - Issue #27466: Change time format returned by http.cookie.time2netscape, confirming the netscape cookie format and making it consistent with documentation. - Issue #22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong mode no longer break tracing, trace_vinfo() now always returns a list of pairs of strings. - Issue #27079: Fixed curses.ascii functions isblank(), iscntrl() and ispunct(). - Issue #22636: Avoid shell injection problems with ctypes.util.find_library(). - Issue #27330: Fixed possible leaks in the ctypes module. - Issue #27238: Got rid of bare excepts in the turtle module. - Issue #26386: Fixed ttk.TreeView selection operations with item id's containing spaces. - Issue #25455: Fixed a crash in repr of cElementTree.Element with recursive tag. - Issue #27365: Allow non-ascii chars in IDLE NEWS.txt, for contributor names. - Issue #27245: IDLE: Cleanly delete custom themes and key bindings. Previously, when IDLE was started from a console or by import, a cascade of warnings was emitted. - Issue #16484: Change the default PYTHONDOCS URL to "https:", and fix the resulting links to use lowercase. - Issue #27369: In test_pyexpat, avoid testing an error message detail that changed in Expat 2.2.0. * Fix issue 27239, idlelib: macos _tk_type shall always be "other". Closes: #830686. * Ignore the winreg module for the set of minimal modules. Closes: #830573. python2.7 (2.7.12-1) unstable; urgency=medium * Python 2.7.12 release. python2.7 (2.7.12~rc1-2) unstable; urgency=medium * Extend debian/copyright to the files shipped in the wheel files. python2.7 (2.7.12~rc1-1) unstable; urgency=medium * Python 2.7.12 release candidate 1. - Issue #20041: Fixed TypeError when frame.f_trace is set to None. - Issue #25702: A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone. - Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283. - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the locale. - Issue #25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send the Content-Type header field in responses that don't have a body. - Issue #21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue #27211: Fix possible memory corruption in io.IOBase.readline(). - Issue #5124: Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. - Issue #24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue #21916: Added tests for the turtle module. - Issue #27229: Fix the cross-compiling pgen rule for in-tree builds. - Issue #17500, and https://github.com/python/pythondotorg/issues/945: Remove unused and outdated icons. python2.7 (2.7.11-11) unstable; urgency=medium * Update to 20160602 from the 2.7 branch. - Issue #26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError. - Issue #26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue #27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue #25507: Fix incorrect change in IOBinding that prevented printing. Change also prevented saving shell window with non-ascii characters. Augment IOBinding htest to include all major IOBinding functions. - Issue #25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. * Rebuild to pick up the GNU triplet change on i386 archs. Closes: #826128. python2.7 (2.7.11-10) unstable; urgency=medium * Update to 20160518 from the 2.7 branch. - Issue #27039: Fixed bytearray.remove() for values greater than 127. - Issue #14132: Fix urllib.request redirect handling when the target only has a query string. - Removed the requirements for the ctypes and modulefinder modules to be compatible with earlier Python versions. - Issue #22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. - Issue #12045: Avoid duplicate execution of command in ctypes.util._get_soname(). - Issue #26960: Backported #16270 from Python 3 to Python 2, to prevent urllib from hanging when retrieving certain FTP files. python2.7 (2.7.11-9) unstable; urgency=medium * Update to 20160509 from the 2.7 branch. - Issue #25745: Fixed leaking a userptr in curses panel destructor. - Issue #17765: weakref.ref() no longer silently ignores keyword arguments. - Issue #26873: xmlrpclib now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue #24114: Fix an uninitialized variable in `ctypes.util`. - Issue #26864: In urllib, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. - Issue #26804: urllib will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. - Issue #26837: assertSequenceEqual() now correctly outputs non-stringified differing items. This affects assertListEqual() and assertTupleEqual(). - Issue #26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue #26657: Fix directory traversal vulnerability with SimpleHTTPServer on Windows. This fixes a regression that was introduced in 2.7.7. - Issue #26736: Used HTTPS for external links in the documentation if possible. - Issue #22359: Avoid incorrect recursive $(MAKE), and disable the rules for running pgen when cross-compiling. - Issue #26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. * Fix issue #26673, runtime error in idle3. LP: #1578927. python2.7 (2.7.11-8) unstable; urgency=medium * Update to 20160417 from the 2.7 branch. - Issue #4806: Avoid masking the original TypeError exception when using star (*) unpacking and the exception was raised from a generator. - Issue #26659: Make the builtin slice type support cycle collection. - Issue #26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue #13410: Fixed a bug in PyUnicode_Format where it failed to properly ignore errors from a __int__() method. - Issue #19377: Add .svg to mimetypes.types_map. - Issue #13952: Add .csv to mimetypes.types_map. - Issue #16329: Add .webm to mimetypes.types_map. - Issue #23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. - Issue #6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. * Fix gdb auto-load symlink for the python2.7 binary. LP: #1571198. python2.7 (2.7.11-7) unstable; urgency=medium * Update to 20160330 from the 2.7 branch. python2.7 (2.7.11-6) unstable; urgency=medium * Update to 20160323 from the 2.7 branch. * Always build _math.o with -fPIC. python2.7 (2.7.11-5) unstable; urgency=medium * Update to 20160319, taken from the 2.7 release branch. * Update symbols files. * Don't run test_signal on alpha, hanging on the buildd. python2.7 (2.7.11-4) unstable; urgency=medium * Update to 20160222, taken from the 2.7 release branch. python2.7 (2.7.11-3) unstable; urgency=medium * Revert patches concerning issue #22995. python2.7 (2.7.11-2) unstable; urgency=medium * Disable LTO on ppc64, ppc64el and s390x. * Don't run the test_signal tests on alpha. python2.7 (2.7.11-1) unstable; urgency=medium * Python 2.7.11 release. * Don't run the test_cpickle test, causes other tests to fail. See issue 25698. * Fix building architecture independent packages only. Closes: #806868. * Don't ship menu files anymore, just desktop files. * d/p/fix-sslv3-test.diff: properly handle Ubuntu's openssl having OP_NO_SSLv3 forced on by default (Marc Deslauriers). * Update symbols files. python2.7 (2.7.10-5) unstable; urgency=medium * Update to 20151010, taken from the 2.7 release branch. * Adjust setting DH_COMPAT for dh_movefiles with updated debhelper supporting globbing of arguments. Closes: #800301. * pydoc: use the pager command if available. Closes: #799555. python2.7 (2.7.10-4) unstable; urgency=medium * Remove byte-code for _sysconfigdata_d.py in /usr/lib/python2.7. Closes: #793528. * Make derivatives builds the same as the parent distro. Closes: #797667. python2.7 (2.7.10-3) unstable; urgency=medium * Revert issue #24134 changes, taken from the branch. * Add hint to install the idle package when trying to run the turtle demo. Closes: #788621. python2.7 (2.7.10-2) unstable; urgency=medium * Cherry-pick some changes from the 2.7 branch: - Issue #24264: Fixed buffer overflow in the imageop module. - Issue #24115: Update uses of PyObject_IsTrue(), PyObject_Not(), PyObject_IsInstance(), PyObject_RichCompareBool() and _PyDict_Contains() to check for and handle errors correctly. - Issue #22095: Fixed HTTPConnection.set_tunnel with default port. The port value in the host header was set to "None". - Issue #4753, backport computed gotos. * Configure --with-computed-gotos. * Make the build reproducible (Jérémy Bobbio). Closes: #786978. - Pass time of latest debian/changelog entry to sphinx via SPHINXOPTS. - Do not store a timestamps when compressing devhelp. * Pass DATE and TIME macros matching the current debian/changelog entry when building getbuildinfo.o. * Don't run the test_io test on sparc. python2.7 (2.7.10-1) unstable; urgency=medium * Python 2.7.10 release. python2.7 (2.7.10~rc1-1) unstable; urgency=medium * Python 2.7.10 release candidate 1. * Re-enable running the tests, re-enable the pgo/lto build. python2.7 (2.7.9-5) unstable; urgency=medium * Update to 20150507, taken from the 2.7 release branch. - Issue #24134: assertRaises() and assertRaisesRegexp() checks are not longer successful if the callable is None. - Issues #24099, #24100, and #24101: Fix free-after-use bug in heapq's siftup and siftdown functions. - Backport collections.deque fixes from Python 3.5. Prevents reentrant badness during deletion by deferring the decref until the container has been restored to a consistent state. - Issue #24125: Saved error's line and column numbers when an error occured. Fixes python-docutils. Closes: #784270. - Issue #23842, SystemError in os.minor, os.major. Closes: #782081. python2.7 (2.7.9-4) unstable; urgency=medium * Fix installation of the optimized interpreter. Closes: #766877. python2.7 (2.7.9-3) unstable; urgency=medium * Update to 20150429, taken from the 2.7 release branch. - Issue #23629: Fix the default __sizeof__ implementation for variable-sized objects. - Issue #21526: Tkinter now supports new boolean type in Tcl 8.5. - Issue #23838: linecache now clears the cache and returns an empty result on MemoryError. - Issue #23742: ntpath.expandvars() no longer loses unbalanced single quotes. - Issue #21802: The reader in BufferedRWPair now is closed even when closing writer failed in BufferedRWPair.close(). - Issue #23671: string.Template now allows to specify the "self" parameter as keyword argument. string.Formatter now allows to specify the "self" and the "format_string" parameters as keyword arguments. - Issue #21560: An attempt to write a data of wrong type no longer cause GzipFile corruption. - Issue #23647: Increase imaplib's MAXLINE to accommodate modern mailbox sizes. - Issue #23539: If body is None, http.client.HTTPConnection.request now sets Content-Length to 0 for PUT, POST, and PATCH headers to avoid 411 errors from some web servers. - Issue #23136: _strptime now uniformly handles all days in week 0, including Dec 30 of previous year. - Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar. - Issue #23051: multiprocessing.Pool methods imap() and imap_unordered() now handle exceptions raised by an iterator. - Issue #22928: Disabled HTTP header injections in httplib. - Issue #23615: Module tarfile now can be reloaded with imp.reload(). - Issue #23799: Added test.test_support.start_threads() for running and cleaning up multiple threads. - Issue #22390: test.regrtest now emits a warning if temporary files or directories are left after running a test. - Issue #23583: Added tests for standard IO streams in IDLE. - Issue #23583: Fixed writing unicode to standard output stream in IDLE. - Issue #22853: Fixed a deadlock when use multiprocessing.Queue at import time. - Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST flag on certificate stores when it is available. - Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed. - Issue #23504: Added an __all__ to the types module. - Issue #23367: Fix possible overflows in the unicodedata module. - Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. - Issue #23048: Fix jumping out of an infinite while loop in the pdb. - Issue #23458: On POSIX, the file descriptor kept open by os.urandom() is now set to non inheritable. - Issue #22113: struct.pack_into() now supports new buffer protocol (in particular accepts writable memoryview). - Issues #814253, #9179: Warnings now are raised when group references and conditional group references are used in lookbehind assertions in regular expressions. - Issue #23215: Multibyte codecs with custom error handlers that ignores errors consumed too much memory and raised SystemError or MemoryError. - Issue #5700: io.FileIO() called flush() after closing the file. flush() was not called in close() if closefd=False. - Issue #21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty docstrings. - Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm module. - Issue #23481: Remove RC4 from the SSL module's default cipher list. - Issue #21849: Fixed xmlrpclib serialization of non-ASCII unicode strings in the multiprocessing module. - Issue #21840: Fixed expanding unicode variables of form $var in posixpath.expandvars(). Fixed all os.path implementations on unicode-disabled builds. - Issue #23363: Fix possible overflow in itertools.permutations. - Issue #23364: Fix possible overflow in itertools.product. - Issue #23365: Fixed possible integer overflow in itertools.combinations_with_replacement. - Issue #23366: Fixed possible integer overflow in itertools.combinations. - Issue #23191: fnmatch functions that use caching are now threadsafe. - Issue #18518: timeit now rejects statements which can't be compiled outside a function or a loop (e.g. "return" or "break"). - Issue #19996: Make :mod:`httplib` ignore headers with no name rather than assuming the body has started. - Issue #20188: Support Application-Layer Protocol Negotiation (ALPN) in the ssl module. - Issue #23248: Update ssl error codes from latest OpenSSL git master. - Issue #23098: 64-bit dev_t is now supported in the os module. - Issue #23063: In the disutils' check command, fix parsing of reST with code or code-block directives. - Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. - Backport the context argument to ftplib.FTP_TLS. - Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS. - Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and fragment when it redirects to add a trailing slash. - Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(), instead of reading /dev/urandom, to get pseudo-random bytes. - Issue #23093: In the io, module allow more operations to work on detached streams. - Issue #23071: Added missing names to codecs.__all__. - Issue #23016: A warning no longer produces an AttributeError when sys.stderr is None. - Issue #21032. Fixed socket leak if HTTPConnection.getresponse() fails. Original patch by Martin Panter. - Issue #22609: Constructors and update methods of mapping classes in the collections module now accept the self keyword argument. - Issue #23006: Improve the documentation and indexing of dict.__missing__. Add an entry in the language datamodel special methods section. Revise and index its discussion in the stdtypes mapping/dict section. Backport the code example from 3.4. - Issue #21514: The documentation of the json module now refers to new JSON RFC 7159 instead of obsoleted RFC 4627. - Issue #6639: Module-level turtle functions no longer raise TclError after closing the window. - Issue #22314: pydoc now works when the LINES environment variable is set. - Issue #18905: "pydoc -p 0" now outputs actually used port. - Issue #23345: Prevent test_ssl failures with large OpenSSL patch level values (like 0.9.8zc). - Issue #23392: Added tests for marshal C API that works with FILE*. - Issue #18982: Add tests for CLI of the calendar module. - Issue #19949: The test_xpickle test now tests compatibility with installed Python 2.7 and reports skipped tests. - Issue #11578: Backported test for the timeit module. - Issue #22943: bsddb tests are locale independend now. - Issue #20577: Configuration of the max line length for the FormatParagraph extension has been moved from the General tab of the Idle preferences dialog to the FormatParagraph tab of the Config Extensions dialog. - Issue #16893: Update Idle doc chapter to match current Idle and add new information. - Issue #23180: Rename IDLE "Windows" menu item to "Window". - Issue #15506: Use standard PKG_PROG_PKG_CONFIG autoconf macro in the configure script. - Issue #22079: PyType_Ready() now checks that statically allocated type has no dynamically allocated bases. * Re-apply the fix for issue #22079. This is now a warning instead of an error. LP: #1426294. * Fix issue #23842, SystemError in os.minor, os.major. LP: #1435242. * When using GCC versions older than 4.9 for extension builds, automagically mangle -fstack-protector-strong to -fstack-protector. * debian/tests: Use init system agnostic "service" command instead of upstart specific "stop". Also drop unnecessary "status" call right after stopping apport. * Refresh patches. python2.7 (2.7.9-2) unstable; urgency=medium * python2.7-minimal: Make Pre-Depends mangling more robust. Closes: #779294. * python2.7-doc: Depend on libjs-underscore. LP: #1424538. * Remove LTO sections from the static libraries. Closes: #698395. python2.7 (2.7.9-1) unstable; urgency=medium * Python 2.7.9 release. python2.7 (2.7.9~rc1-2) unstable; urgency=medium * Update to 20141209, taken from the 2.7 release repository. - Issue #22959: Remove the *check_hostname* parameter of httplib.HTTPSConnection. The *context* parameter should be used instead. - Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode will return. This resolves CVE-2013-1753. Closes: #742929. - Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting the call to readline(). Closes: #742929. - Issue #16041: In poplib, limit maximum line length read from the server to prevent CVE-2013-1752. Closes: #742929. - Issue #22960: Add a context argument to xmlrpclib.ServerProxy. - Issue #22935: Allow the ssl module to be compiled if openssl doesn't support SSL 3. * Add locales to autopkg test dependencies as in 3.4. * Remove Demo/scripts/newslist.* from the examples package, not distributable, will get removed in 2.7.9~rc2 sources. See issue #12987. * Let ensurepip always use a temporary directory for installations. python2.7 (2.7.9~rc1-1) unstable; urgency=medium * Python 2.7.9 release candidate 1. - Testsuite updates. - Issue #16056: Rename test methods to avoid conflict. - Issue #20351: Add examples for csv.DictReader and csv.DictWriter. - PEP 476: verify certificates by default (#22417). - Give urllib.urlopen a context parameter (closes #22927). - Allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI (closes #22921). - Allow passing cert/ssl information to urllib2.urlopen and httplib.HTTPSConnection (backport of issues #9003 and #22366). * Let libpython2.7-stdlib break python-urllib3 (<< 1.9.1-3). Closes: #770157. * Ignore the test_threading_local test failure in the Debian CI environment. Succeeds even there when repeated. * Don't pass default compiler search directories in the pkgconfig file. Closes: #770935. python2.7 (2.7.8-12) unstable; urgency=medium * Update to 20141118, taken from the 2.7 branch. - Issue #12728: Different Unicode characters having the same uppercase but different lowercase are now matched in case-insensitive regular expressions. - Issue #22821: Fixed fcntl() with integer argument on 64-bit big-endian platforms. - Issues #814253, #9179: Group references and conditional group references now work in lookbehind assertions in regular expressions. - Issue #22769: Fixed ttk.Treeview.tag_has() when called without arguments. - Issue #22787: Allow the keyfile argument of SSLContext.load_cert_chain to be None. - Issue #22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2. - Issue #22776: Brought excluded code into the scope of a try block in SysLogHandler.emit(). - Issue #17381: Fixed ranges handling in case-insensitive regular expressions. - Issue #19329: Optimized compiling charsets in regular expressions. - Issue #22410: Module level functions in the re module now cache compiled locale-dependent regular expressions taking into account the locale. - Issue #8876: distutils now falls back to copying files when hard linking doesn't work. This allows use with special filesystems such as VirtualBox shared folders. - Issue #22193: Fixed integer overflow error in sys.getsizeof(). * Backport the ensurepip patch from 3.4. * Disable ensurepip in Debian, at least for the upcoming release. * Fix maintainer scripts for byte-code removal. Closes: #769078. * Allow building and testing without SSLv3 support (Kurt Roeckx). Closes: #768611. * Let distutils.sysconfig.get_python_inc() honor the "prefix" argument. Closes: #769720. python2.7 (2.7.8-11) unstable; urgency=medium * Update to 20141018, taken from the 2.7 branch. - Issue #9351: Defaults set with set_defaults on an argparse subparser are no longer ignored when also set on the parent parser. - Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. - Issue #22435: Fix a file descriptor leak when SocketServer bind fails. - Issue #13664: GzipFile now supports non-ascii Unicode filenames. - Issue #13096: Fixed segfault in CTypes POINTER handling of large values. - Issue #11694: Raise ConversionError in xdrlib as documented. - Issue #10712: 2to3 has a new "asserts" fixer that replaces deprecated names of unittest methods (e.g. failUnlessEqual -> assertEqual). * Pass -ffat-lto-objects for LTO enabled builds with GCC 4.9. python2.7 (2.7.8-10) unstable; urgency=medium * Update to 20141007, taken from the 2.7 branch. python2.7 (2.7.8-9) unstable; urgency=medium * Fix refcounting error in the fix for issue #22523. Closes: #762010. python2.7 (2.7.8-8) unstable; urgency=medium * Update to 20141002, taken from the 2.7 branch. * Refresh patches. * Apply proposed patch for issue #22523. Closes: #762010. python2.7 (2.7.8-7) unstable; urgency=medium * Update to 20140909, taken from the 2.7 branch. * debian/tests/testsuite{,-dbg}: Several tests fail with configured proxy and disabled network test resources. Explicitly unset proxy variables. See issue #22371. python2.7 (2.7.8-6) unstable; urgency=medium * distuils: For extension builds, always pass BASECFLAGS. python2.7 (2.7.8-5) unstable; urgency=medium * Build-depend on dpkg-dev (>= 1.17.11). python2.7 (2.7.8-4) unstable; urgency=medium * distutils: For extension builds pass the CPPFLAGS, CFLAGS, LDFLAGS used for the python build when these flags cannot be found in the environment. * Don't use the system python during the build. * Build using autotools-dev. Closes: #756772. * Pass AR and RANLIB for lto enabled builds. python2.7 (2.7.8-3) unstable; urgency=medium * Call dpkg -L in the maintainer scripts with an architecture qualifier for M-A: same packages. Closes: #736385. * Apply the plat-linux2_mips patch for mips64 and mips64el. Closes: #755578. python2.7 (2.7.8-2) unstable; urgency=medium * Revert the backport of issue #1856 (avoid daemon thread problems at shutdown). Issue #21963. Apparently ceph has issues with it. Closes: #754341. python2.7 (2.7.8-1) unstable; urgency=medium * Python 2.7.8 release. python2.7 (2.7.7-2) unstable; urgency=medium * Re-enable the test_pydoc, test_tools, test_subprocess and test_uuid autopkg tests. * In the autopkg tests, make $ADTTMP accessible to the su user. python2.7 (2.7.7-1) unstable; urgency=medium * Python 2.7.7 release. * Refresh patches. * In the autopkg tests, set HOME to the temporary home directory after the su call. * Expect test failures in the distutils autopkg tests. * Disable the test_solaris_enable_shared test. python2.7 (2.7.7~rc1-1) unstable; urgency=medium * Python 2.7.7 release candidate 1. * Run the testsuite in a temporary home directory. python2.7 (2.7.6-8) unstable; urgency=medium * Set a temporary home directory for the build and the autopkg tests. python2.7 (2.7.6-8) unstable; urgency=medium * Update to 20140322, taken from the 2.7 branch. * Install updated idle icons. LP: #1295969. * Update the ssl.match_hostname backport: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125, for security reasons. It now doesn't match multiple wildcards nor wildcards inside IDN fragments. Closes: #740255. python2.7 (2.7.6-7) unstable; urgency=medium * Include test data for test_imghdr test. python2.7 (2.7.6-6) unstable; urgency=high * Update to 20140225, taken from the 2.7 branch. - CVE-2014-1912. Fix issue 20246, buffer overflow in socket.recvfrom_into. * Build without ffi on or1k. Closes: #738519. * Allow loading of extensions in the sqlite module. Closes: #739555. * Update autopkg tests (Martin Pitt): - Don't fail if apport is not installed. - Call su with explicit shell, as nobody has nologin as default shell now. - Only use $SUDO_USER if that user actually exists in the testbed. - Drop obsolete chowning of $TMPDIR and $ADTTMP; with current autopkgtest $TMPDIR has appropriate permissions, and $ADTTMP is not being used. python2.7 (2.7.6-5) unstable; urgency=medium * Update to 20140111, taken from the 2.7 branch. * Build-depend on net-tools, required for the test_uuid test. * Build-depend on the default Tcl/Tk. * Add two new autopkg tests to run the failing tests. python2.7 (2.7.6-4) unstable; urgency=medium * Update to 20131230, taken from the 2.7 branch. * Disable sphinx refcounting extension, removed in sphinx-1.2. Closes: #733404. python2.7 (2.7.6-3) unstable; urgency=low * Update to 20131206, taken from the 2.7 branch. * Disable the test_uuid autopkg test, hanging, missing entropy? * Drop python dependency in libpython2.7-dbg. * Revert patch from http://bugs.python.org/issue19352 as it completely breaks unittest discovery on Debian/Ubuntu. LP: #1255505. python2.7 (2.7.6-2) unstable; urgency=low * Update to 20131121, taken from the 2.7 branch. * Fix test support when the running kernel doesn't handle port reuse. * Build-depend on libdb-dev (<< 1:6.0) instead of a specific db version. python2.7 (2.7.6-1) unstable; urgency=low * Python 2.7.6 release. * Update to 20131119, taken from the 2.7 branch. * For autopkg tests, only run the separate tests when defined. * Don't run the curses autopkg test. * Disable running the testsuite on mipsn32(el) and mips64(el), requested by YunQiang Su. Closes: #719057. python2.7 (2.7.5-8) unstable; urgency=medium * Update to 20130917, taken from the 2.7 branch. - Fix SSL module to handle NULL bytes inside subjectAltNames general names (CVE-2013-4238). Closes: #719566. * Don't run the curses autopkg test. * Set Multi-Arch attributes for binary packages. * Fix multiarch include header for sparc64. Closes: #714802, #715063. python2.7 (2.7.5-7) unstable; urgency=low * Update to 20130803, taken from the 2.7 branch. * Update package descriptions (Filipus Klutiero). Closes: #715801. * Fix multiarch include header for sparc64. Closes: #715063. * Move removal of the sitecustomize.py file into the libpython-minimal postrm. Closes: #709964. python2.7 (2.7.5-6) unstable; urgency=low * Update to 20130613, taken from the 2.7 branch. * Refresh patches. * Don't run consistency check for cross builds. * Really skip byte compile of non-existing sitecustomize.py. * Fix the multiarch header file for mips64 (YunQiang Su). Closes: #710374. python2.7 (2.7.5-5) unstable; urgency=low * Update to 20130602, taken from the 2.7 branch. * Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). Closes: #709066. * Don't try to byte-compile sitecustomize.py if the target of the symlink doesn't exist anymore. Closes: #709157. * Handle byte compilation in python2.7{-minimal,}, byte removal in libpython2.7{-minimal,-stdlib}. Closes: #709964. * Backport patch to fix issue #13146, possible race conditions when writing .pyc/.pyo files in py_compile.py (Barry Warsaw). LP: #1058884. * Fix issue #17988, internal error in regular expression engine on 32bit targets (closes: #710315). python2.7 (2.7.5-4) unstable; urgency=low * Move the libc dependency of -minimal from Depends to Pre-Depends. Closes: #708831. * Disable the test_io test on armel, armhf, mips, mipsel. Hangs the buildds. python2.7 (2.7.5-3) unstable; urgency=high * Fix the multiarch header file for ppc64. Closes: #708641. python2.7 (2.7.5-2) unstable; urgency=low * Only run the _multiprocessing build check on linux targets. python2.7 (2.7.5-1) unstable; urgency=low * Python 2.7.5 release. * Set the platinclude dir back to the non-multiarch include path, where the multiarch pyconfig.h compatibility header is found. * Fix issue #17703: Fix a regression where an illegal use of Py_DECREF() after interpreter finalization can cause a crash. * Issue #17754, setting LANG and LC_ALL for the compiler call in ctypes/util. * Issue #17761, platform._parse_release_file doesn't close the /etc/lsb-release file, and doesn't know about 'Ubuntu'. * Fix autopkg tests. * Re-enable lto and pgo optimized builds, accidentally disabled for the last upload. * more autopkg test fixes. * Link the ctypes extension with the shared libffi library. * Fix a distutils test with the deb install layout. * Move lib2to3 library into libpython2.7-stdlib. Closes: #705078. * Don't set yet any Multi-Arch: attributes in Debian. python2.7 (2.7.4-2) experimental; urgency=low * Idle updates: - Issue #17657: Show full Tk version in IDLE's about dialog. - Issue #17613: Prevent traceback when removing syntax colorizer. - Issue #1207589: Backwards-compatibility patch for right-click menu. - Issue #16887: Now accepts Cancel in tabify/untabify dialog box. - Issue #14254: Now handles readline correctly across shell restarts. - Issue #17614: No longer raises exception when quickly closing a file. - Issue #6698: Now opens just an editor window when configured to do so. - Issue #8900: Using keyboard shortcuts in IDLE to open a file no longer raises an exception. - Issue #6649: Fixed missing exit status. * Build a libpython2.7-testsuite package. LP: #301629. * Add autopkg tests to run the installed testsuite in normal and debug mode. * Re-enable running the tests during the build. * Add the io and _io modules to libpython2.7-minimal. * Backport ssl.CertificateError as well. Closes: #626539. LP: #1166344. * Don't ship an uncompress python man page. Closes: #705079. python2.7 (2.7.4-1ubuntu4) raring; urgency=low * Build a libpython2.7-testsuite package. LP: #301629. * Add autopkg tests to run the installed testsuite in normal and debug mode. * Re-enable running the tests during the build. * Idle updates: - Issue #17657: Show full Tk version in IDLE's about dialog. - Issue #17613: Prevent traceback when removing syntax colorizer. - Issue #1207589: Backwards-compatibility patch for right-click menu. - Issue #16887: Now accepts Cancel in tabify/untabify dialog box. - Issue #14254: Now handles readline correctly across shell restarts. - Issue #17614: No longer raises exception when quickly closing a file. - Issue #6698: Now opens just an editor window when configured to do so. - Issue #8900: Using keyboard shortcuts in IDLE to open a file no longer raises an exception. - Issue #6649: Fixed missing exit status. python2.7 (2.7.4-1ubuntu3) raring; urgency=low * Add the io and _io modules to libpython2.7-minimal. LP: #1165172. * Add missing import for the ssl module. LP: #1166644. python2.7 (2.7.4-1ubuntu2) raring; urgency=low * Backport ssl.CertificateError as well. Closes: #626539. LP: #1166344. python2.7 (2.7.4-1ubuntu1) raring; urgency=low * Merge with Debian; remaining changes: - Build-depend on python:any instead of python. python2.7 (2.7.4-1) experimental; urgency=low * Python 2.7.4 release. - Issue #17550: Fix the --enable-profiling configure switch. - Issue #15801 (again): With string % formatting, relax the type check for a mapping such that any type with a __getitem__ can be used on the right hand side. - Issue #17625: In IDLE, close the replace dialog after it is used. - Issue #17531: Fix tests that thought group and user ids were always the int type. Also, always allow -1 as a valid group and user id. - Issue 17538: Document XML vulnerabilties * Byte-compile files in libpython2.7-dbg. * libpython2.7-minimal: Break earlier python2.7-minimal versions. Closes: #704084. LP: #1157687. * Call python with -E -S for the byte compilatio…

lang/python27: security fix Revisions pulled up: - lang/python27/Makefile 1.61 - lang/python27/PLIST.common 1.15 - lang/python27/dist.mk 1.12 - lang/python27/distinfo 1.55 - lang/python27/patches/patch-Lib_distutils_unixccompiler.py 1.4 --- Module Name: pkgsrc Committed By: adam Date: Sat Jul 2 15:05:43 UTC 2016 Modified Files: pkgsrc/lang/python27: Makefile PLIST.common dist.mk distinfo pkgsrc/lang/python27/patches: patch-Lib_distutils_unixccompiler.py Log Message: Changes 2.7.2: Core and Builtins ----------------- - Issue 20041: Fixed TypeError when frame.f_trace is set to None. Patch by Xavier de Gaye. - Issue 25702: A --with-lto configure option has been added that will enable link time optimizations at build time during a make profile-opt. Some compilers and toolchains are known to not produce stable code when using LTO, be sure to test things thoroughly before relying on it. It can provide a few % speed up over profile-opt alone. - Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N" format unit. - Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by Joe Jevnik. - Issue 4806: Avoid masking the original TypeError exception when using star (*) unpacking and the exception was raised from a generator. Based on patch by Hagen Fu:rstenau. - Issue 26659: Make the builtin slice type support cycle collection. - Issue 26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed! - Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly ignore errors from a __int__() method. - Issue 26494: Fixed crash on iterating exhausting iterators. Affected classes are generic sequence iterators, iterators of bytearray, list, tuple, set, frozenset, dict, OrderedDict and corresponding views. - Issue 26581: If coding cookie is specified multiple times on a line in Python source code file, only the first one is taken to account. - Issue 22836: Ensure exception reports from PyErr_Display() and PyErr_WriteUnraisable() are sensible even when formatting them produces secondary errors. This affects the reports produced by sys.__excepthook__() and when __del__() raises an exception. - Issue 22847: Improve method cache efficiency. - Issue 25843: When compiling code, don't merge constants if they are equal but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0`` is now correctly compiled to two different functions: ``f1()`` returns ``1`` (``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0`` are equal. - Issue 22995: [UPDATE] Remove the one of the pickleability tests in _PyObject_GetState() due to regressions observed in Cython-based projects. - Issue 25961: Disallowed null characters in the type name. - Issue 22995: Instances of extension types with a state that aren't subclasses of list or dict and haven't implemented any pickle-related methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or __getstate__), can no longer be pickled. Including memoryview. - Issue 20440: Massive replacing unsafe attribute setting code with special macro Py_SETREF. - Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size. This allows sys.getsize() to work correctly with their subclasses with __slots__ defined. - Issue 19543: Added Py3k warning for decoding unicode. - Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside __getattr__. - Issue 24731: Fixed crash on converting objects with special methods __str__, __trunc__, and __float__ returning instances of subclasses of str, long, and float to subclasses of str, long, and float correspondingly. - Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples. - Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). Library ------- - Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283. - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team Oststrom - Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the locale. - Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from sending a message body for 205 Reset Content. Also, don't send the Content-Type header field in responses that don't have a body. Based on patch by Susumu Koshiba. - Issue 21313: Fix the "platform" module to tolerate when sys.version contains truncated build information. - Issue 27211: Fix possible memory corruption in io.IOBase.readline(). - Issue 27114: Fix SSLContext._load_windows_store_certs fails with PermissionError - Issue 14132: Fix urllib.request redirect handling when the target only has a query string. Fix by Ja'n Janech. - Removed the requirements for the ctypes and modulefinder modules to be compatible with earlier Python versions. - Issue 22274: In the subprocess module, allow stderr to be redirected to stdout even when stdout is not redirected. Patch by Akira Li. - Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname(). Patch by Sijin Joseph. - Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib from hanging when retrieving certain FTP files. - Issue 25745: Fixed leaking a userptr in curses panel destructor. - Issue 17765: weakref.ref() no longer silently ignores keyword arguments. Patch by Georg Brandl. - Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags instead of silently return incorrect result. - Issue 24114: Fix an uninitialized variable in `ctypes.util`. The bug only occurs on SunOS when the ctypes implementation searches for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by Kees Bos. - Issue 26864: In urllib, change the proxy bypass host checking against no_proxy to be case-insensitive, and to not match unrelated host names that happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang. - Issue 26804: urllib will prefer lower_case proxy environment variables over UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen. - Issue 26837: assertSequenceEqual() now correctly outputs non-stringified differing items. This affects assertListEqual() and assertTupleEqual(). - Issue 26822: itemgetter, attrgetter and methodcaller objects no longer silently ignore keyword arguments. - Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer on Windows. This fixes a regression that was introduced in 2.7.7. Based on patch by Philipp Hagemeister. - Issue 19377: Add .svg to mimetypes.types_map. - Issue 13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson. - Issue 16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'. - Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our own SIGWINCH handler. Patch by Eric Price. - Issue 26644: Raise ValueError rather than SystemError when a negative length is passed to SSLSocket.recv() or read(). - Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes instead of up to 1024. - Issue 24266: Ctrl+C during Readline history search now cancels the search mode when compiled with Readline 7. - Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and environment variable to configure the default handling of SSL/TLS certificates for HTTPS connections. - Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. - Issue 26513: Fixes platform module detection of Windows Server - Issue 23718: Fixed parsing time in week 0 before Jan 1. Original patch by Tama's Bence Gedai. - Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets. - Issue 15068: Got rid of excessive buffering in the fileinput module. The bufsize parameter is no longer used. - Issue 2202: Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy. - Issue 26475: Fixed debugging output for regular expressions with the (?x) flag. - Issue 26385: Remove the file if the internal fdopen() call in NamedTemporaryFile() fails. Based on patch by Silent Ghost. - Issue 26309: In the "socketserver" module, shut down the request (closing the connected socket) when verify_request() returns false. Based on patch by Aviv Palivoda. - Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates. - Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with Linux PID namespaces enabled. - Issue 25698: Importing module if the stack is too deep no longer replaces imported module with the empty one. - Issue 12923: Reset FancyURLopener's redirect counter even if there is an exception. Based on patches by Brian Brazil and Daniel Rocco. - Issue 25945: Fixed a crash when unpickle the functools.partial object with wrong state. Fixed a leak in failed functools.partial constructor. "args" and "keywords" attributes of functools.partial have now always types tuple and dict correspondingly. - Issue 19883: Fixed possible integer overflows in zipimport. - Issue 26147: xmlrpclib now works with unicode not encodable with used non-UTF-8 encoding. - Issue 16620: Fixed AttributeError in msilib.Directory.glob(). - Issue 21847: Fixed xmlrpclib on Unicode-disabled builds. - Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__(). - Issue 26083: Workaround a subprocess bug that raises an incorrect "ValueError: insecure string pickle" exception instead of the actual exception on some platforms such as Mac OS X when an exception raised in the forked child process prior to the exec() was large enough that it overflowed the internal errpipe_read pipe buffer. - Issue 24103: Fixed possible use after free in ElementTree.iterparse(). - Issue 20954: _args_from_interpreter_flags used by multiprocessing and some tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED environment variable. - Issue 14285: When executing a package with the "python -m package" option, and package initialization raises ImportError, a proper traceback is now reported. - Issue 6478: _strptime's regexp cache now is reset after changing timezone with time.tzset(). - Issue 25718: Fixed copying object with state with boolean value is false. - Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for its second parameter. - Issue 10131: Fixed deep copying of minidom documents. Based on patch by Marian Ganisin. - Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling invalid data including tuple instructions. - Issue 25663: In the Readline completer, avoid listing duplicate global names, and search the global namespace before searching builtins. - Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error. - Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data. - Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis. - Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis. IDLE ---- - Issue 5124: Paste with text selected now replaces the selection on X11. This matches how paste works on Windows, Mac, most modern Linux apps, and ttk widgets. Original patch by Serhiy Storchaka. - Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory is a private implementation of test.test_idle and tool for maintainers. - Issue 26673: When tk reports font size as 0, change to size 10. Such fonts on Linux prevented the configuration dialog from opening. - Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks. - In the 'IDLE-console differences' section of the IDLE doc, clarify how running with IDLE affects sys.modules and the standard streams. - Issue 25507: fix incorrect change in IOBinding that prevented printing. Change also prevented saving shell window with non-ascii characters. Augment IOBinding htest to include all major IOBinding functions. - Issue 25905: Revert unwanted conversion of ' to ? RIGHT SINGLE QUOTATION MARK in README.txt and open this and NEWS.txt with 'ascii'. Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'. - Issue 26417: Prevent spurious errors and incorrect defaults when installing IDLE 2.7 on OS X: default configuration settings are no longer installed from OS X specific copies. Documentation ------------- - Issue 26736: Used HTTPS for external links in the documentation if possible. - Issue 6953: Rework the Readline module documentation to group related functions together, and add more details such as what underlying Readline functions and variables are accessed. - Issue 26014: Guide users to the newer packaging documentation as was done for Python 3.x. In particular, the top-level 2.7 documentation page now links to the newer installer and distributions pages rather than the legacy install and Distutils pages; these are still linked to in the library/distutils doc page. Tests ----- - Issue 21916: Added tests for the turtle module. Patch by ingrid, Gregory Loyse and Jelle Zijlstra. - Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate. - Issue 25616: Tests for OrderedDict are extracted from test_collections into separate file test_ordered_dict. Build ----- - Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for running pgen when cross-compiling. The pgen output is normally saved with the source code anyway, and is still regenerated when doing a native build. Patch by Jonas Wagner and Xavier de Gaye. - Issue 19450: Update Windows builds to use SQLite 3.8.11.0. - Issue 27229: Fix the cross-compiling pgen rule for in-tree builds. Patch by Xavier de Gaye. - Issue 17603: Avoid error about nonexistant fileblocks.o file by using a lower-level check for st_blocks in struct stat. - Issue 26465: Update Windows builds to use OpenSSL 1.0.2g. - Issue 24421: Compile Modules/_math.c once, before building extensions. Previously it could fail to compile properly if the math and cmath builds were concurrent. - Issue 25824: Fixes sys.winver to not include any architecture suffix. - Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to ``PCbuild\build.bat`` for building with Profile-Guided Optimization. The old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls ``PCbuild\build.bat --pgo %*``. - Issue 25827: Add support for building with ICC to ``configure``, including a new ``--with-icc`` flag. - Issue 25696: Fix installation of Python on UNIX with make -j9. - Issue 26930: Update OS X 10.5+ 32-bit-only installer to build and link with OpenSSL 1.0.2h. - Issue 26268: Update Windows builds to use OpenSSL 1.0.2f. - Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries. Tools/Demos ----------- - Issue 26799: Fix python-gdb.py: don't get C types once when the Python code is loaded, but get C types on demand. The C types can change if python-gdb.py is loaded before the Python executable. Patch written by Thomas Ilsche. C API ----- - Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++. Patch by Jeroen Demeyer. Misc ---- - Issue 17500, and python/pythondotorg#945: Remove unused and outdated icons.

akheron pushed a commit to akheron/cpython that referenced this issue Jun 11, 2016

- Issue #17500, and python/pythondotorg#945: Remove

d549aa8

unused and outdated icons. --HG-- branch : 2.7

akheron pushed a commit to akheron/cpython that referenced this issue Jun 11, 2016

- Issue #17500, and python/pythondotorg#945: Remove

63cdc92

unused and outdated icons.

akheron pushed a commit to akheron/cpython that referenced this issue Jun 11, 2016

- Issue #17500, and python/pythondotorg#945: Remove

8f94a3f

unused and outdated icons. --HG-- branch : 3.5

berkerpeksag closed this as completed Jun 17, 2016

akruis pushed a commit to akruis/cpython that referenced this issue Oct 18, 2017

- Issue python#17500, and python/pythondotorg#945: Remove

3398808

unused and outdated icons.

akruis pushed a commit to akruis/cpython that referenced this issue Oct 18, 2017

- Issue python#17500, and python/pythondotorg#945: Remove

87a8bcc

unused and outdated icons.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

please include the PC/icons/* files from the python repository #945

please include the PC/icons/* files from the python repository #945

doko42 commented Jun 3, 2016

berkerpeksag commented Jun 6, 2016

malemburg commented Jun 6, 2016

malemburg commented Jun 6, 2016

ned-deily commented Jun 6, 2016 •

edited

Loading

malemburg commented Jun 6, 2016

ned-deily commented Jun 7, 2016

doko42 commented Jun 10, 2016

berkerpeksag commented Jun 17, 2016

please include the PC/icons/* files from the python repository #945

please include the PC/icons/* files from the python repository #945

Comments

doko42 commented Jun 3, 2016

berkerpeksag commented Jun 6, 2016

malemburg commented Jun 6, 2016

malemburg commented Jun 6, 2016

ned-deily commented Jun 6, 2016 • edited Loading

malemburg commented Jun 6, 2016

Cheers,

ned-deily commented Jun 7, 2016

doko42 commented Jun 10, 2016

berkerpeksag commented Jun 17, 2016

ned-deily commented Jun 6, 2016 •

edited

Loading