-
python3.5 (3.5.2-2ubuntu0~16.04.13) xenial-security; urgency=medium
* SECURITY UPDATE: Code execution from content received via HTTP
- debian/patches/CVE-2020-27619.patch: no longer call eval() on
content received via HTTP in Lib/test/multibytecodec_support.py.
- CVE-2020-27619
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2021-3177.patch: replace snprintf with Python unicode
formatting in ctypes param reprs in Lib/ctypes/test/test_parameters.py,
Modules/_ctypes/callproc.c.
- CVE-2021-3177
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 26 Jan 2021 10:30:48 -0300
-
python3.5 (3.5.2-2ubuntu0~16.04.12) xenial-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2020-26116.patch: prevent header injection
in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
- CVE-2020-26116
* debian/patches/skipping_broken_test_httphandlertest.patch:
- skipping Lib/test/test_logging.py was hanging during building time
causing the building to be killed after 150 minutes of hang.
-- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Oct 2020 14:19:02 -0300
-
python3.5 (3.5.2-2ubuntu0~16.04.11) xenial-security; urgency=medium
* SECURITY UPDATE: Misleading information
- debian/patches/CVE-2019-17514.patch: explain that the orderness of the
of the result is system-dependant in Doc/library/glob.rst.
- CVE-2019-17514
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9674.patch: add pitfalls to
zipfile module doc in Doc/library/zipfile.rst,
Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst.
- CVE-2019-9674
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2019-20907.patch: avoid infinite loop in the
tarfile module in Lib/tarfile.py, Lib/test/test_tarfile.py and add
Lib/test/recursion.tar binary for test.
- CVE-2019-20907
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-14422.patch: Resolve hash collisions for
IPv4Interface and IPv6Interface in Lib/ipaddress.py,
Lib/test/test_ipaddress.py.
- CVE-2020-14422
-- <email address hidden> (Leonidas S. Barbosa) Fri, 17 Jul 2020 11:04:10 -0300
-
python3.5 (3.5.2-2ubuntu0~16.04.10) xenial-security; urgency=medium
* SECURITY UPDATE: CRLF injection
- debian/patches/CVE-2019-18348.patch: disallow control characters
in hostnames in http.client in Lib/http/client.py, Lib/test/test_urllib.py.
- CVE-2019-18348
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-8492.patch: fix the regex to prevent
the regex denial of service in Lib/urllib/request.py,
- CVE-2020-8492
-- <email address hidden> (Leonidas S. Barbosa) Thu, 16 Apr 2020 14:47:17 -0300
-
python3.5 (3.5.2-2ubuntu0~16.04.9) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect email address parsing
- debian/patches/CVE-2019-16056.patch: don't parse domains containing @
in Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
Lib/test/test_email/test__header_value_parser.py,
Lib/test/test_email/test_email.py.
- CVE-2019-16056
* SECURITY UPDATE: XSS in documentation XML-RPC server
- debian/patches/CVE-2019-16935.patch: escape the server_title in
Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
- CVE-2019-16935
* debian/patches/avoid_test_docxmlrpc_race.patch: avoid race in
test_docxmlrpc server setup in Lib/test/test_docxmlrpc.py.
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2019 09:06:37 -0400
-
python3.5 (3.5.2-2ubuntu0~16.04.8) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect cookie domain check
- debian/patches/CVE-2018-20852.patch: prefix dot in domain for proper
subdomain validation in Lib/http/cookiejar.py,
Lib/test/test_http_cookiejar.py.
- CVE-2018-20852
* SECURITY UPDATE: integer overflow in pickle
- debian/patches/CVE-2018-20406.patch: avoid relying on signed overflow
in _pickle memos in Modules/_pickle.c.
- CVE-2018-20406
* SECURITY UPDATE: NULL pointer dereference via X509 certificate
- debian/patches/CVE-2019-5010.patch: fix segfault in ssl cert parser
in Lib/test/talos-2019-0758.pem, Lib/test/test_ssl.py,
Modules/_ssl.c.
- CVE-2019-5010
* SECURITY UPDATE: improper handling of unicode encoding
- debian/patches/CVE-2019-9636.patch: add check for characters in
netloc that normalize to separators in Doc/library/urllib.parse.rst,
Lib/test/test_urlparse.py, Lib/urllib/parse.py.
- CVE-2019-9636
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2019-9740.patch: disallow control chars in http
URLs in Lib/http/client.py, Lib/test/test_urllib.py,
Lib/test/test_xmlrpc.py.
- CVE-2019-9740
- CVE-2019-9947
* SECURITY UPDATE: urllib support the local_file: scheme
- debian/patches/CVE-2019-9948.patch: disallow file reading in
Lib/urllib/request.py, Lib/test/test_urllib.py.
- CVE-2019-9948
* SECURITY UPDATE: incomplete fix for CVE-2019-9636
- debian/patches/CVE-2019-10160-1.patch: fix handling of
pre-normalization characters in urlsplit() in
Lib/test/test_urlparse.py, Lib/urllib/parse.py.
- debian/patches/CVE-2019-10160-2.patch: correct fix to handle
decomposition in usernames in Lib/test/test_urlparse.py,
Lib/urllib/parse.py.
- CVE-2019-10160
* debian/patches/issue9146.diff: fix FIPS mode environments where MD5
isn't available in Modules/_hashopenssl.c. (LP: #1835135)
-- Marc Deslauriers <email address hidden> Wed, 10 Jul 2019 07:58:48 -0400
-
python3.5 (3.5.2-2ubuntu0~16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via catastrophic backtracking
- debian/patches/CVE-2018-106x.patch: fix expressions in
Lib/difflib.py, Lib/poplib.py. Added tests to
Lib/test/test_difflib.py, Lib/test/test_poplib.py.
- CVE-2018-1060
- CVE-2018-1061
* SECURITY UPDATE: incorrect Expat hash salt initialization
- debian/patches/CVE-2018-14647.patch: call SetHashSalt in
Include/pyexpat.h, Modules/_elementtree.c, Modules/pyexpat.c.
- CVE-2018-14647
-- Marc Deslauriers <email address hidden> Mon, 12 Nov 2018 08:43:14 -0500
-
python3.5 (3.5.2-2ubuntu0~16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in the PyBytes_DecodeEscape
function
- debian/patches/CVE-2017-1000158.patch: fix this integer overflow
in Objects/bytesobject.c.
- CVE-2017-1000158
-- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Nov 2017 13:37:01 -0300
-
python3.5 (3.5.2-2ubuntu0~16.04.3) xenial; urgency=medium
* Explicitly use the system python for byte compilation in postinst scripts.
(LP: #1682934)
-- Brian Murray <email address hidden> Thu, 14 Sep 2017 15:51:06 -0700
-
python3.5 (3.5.2-2ubuntu0~16.04.2) xenial; urgency=medium
* SRU: LP: #1711724 Fix dict segfault. Issue #27945.
-- Clint Byrum <email address hidden> Fri, 18 Aug 2017 10:48:00 -0700
-
python3.5 (3.5.2-2ubuntu0~16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
scripts (aka HTTPOXY attack)
- debian/patches/CVE-2016-1000110.patch: if running as CGI
script, forget HTTP_PROXY in Lib/urllib.py, add test to
Lib/test/test_urllib.py, add documentation.
- CVE-2016-1000110
* NOTE: backport of 3.5.2 to Ubuntu 16.04 LTS also addresses:
- CVE-2016-0772: StartTLS stripping attack
- CVE-2016-5636: Integer overflow when handling zipfiles
python3.5 (3.5.2-2~16.04) xenial-proposed; urgency=medium
* SRU: LP: #1620754: Fix invalid code in pyhash/siphash24. Issue #28055.
python3.5 (3.5.2-2~16.01) xenial-proposed; urgency=medium
* SRU: LP: #1591887. Backport 3.5.2 to 16.04 LTS.
-- Steve Beattie <email address hidden> Thu, 17 Nov 2016 09:05:23 -0800
-
python3.5 (3.5.2-2~16.04) xenial-proposed; urgency=medium
* SRU: LP: #1620754: Fix invalid code in pyhash/siphash24. Issue #28055.
-- Matthias Klose <email address hidden> Sat, 10 Sep 2016 10:21:44 +0200
-
python3.5 (3.5.2-2~16.01) xenial-proposed; urgency=medium
* SRU: LP: #1591887. Backport 3.5.2 to 16.04 LTS.
python3.5 (3.5.2-2) unstable; urgency=medium
* asyncio: Fix callbacks race in SelectorLoop.sock_connect, proposed patch
taken from https://github.com/python/asyncio/pull/366.
* asyncio: Fix NameError in asyncio.sslproto. Closes: #827453.
python3.5 (3.5.2-1) unstable; urgency=medium
* Python 3.5.2 release.
- Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default;
fix test.
- Issue #27365: Allow non-ascii in idlelib/NEWS.txt.
python3.5 (3.5.2~rc1-3) unstable; urgency=medium
* Fix building with the wheel files in the source package.
python3.5 (3.5.2~rc1-1) unstable; urgency=medium
* Python 3.5.2 release candidate 1.
- Issue #15657: Delete incorrect statement from PyMethodDef documentation.
- Issue #27289: Prevent test_urllib2net failures due to EOFError raised
by ftplib.
- Issue #25455: Clean up reference loops created in tests for recursive.
- Issue #27190: Raise NotSupportedError if sqlite3 is older than 3.3.1.
- Issue #27188: Fix various sqlite3 documentation errors.
- Issue #15476: Make "code object" its own entry in the index.
- Issue #8491: Add link to Gnu Readline configuration documentation.
- Issue #24617: Add comment for os.mkdir about mode quirks.
- Issue #27280: Fix typo in IPv6Network documentation.
- Issue #17500, and https://github.com/python/pythondotorg/issues/945:
Remove unused and outdated icons.
- Issue #20900: distutils register command now decodes HTTP responses
correctly.
- Issue #5124: Paste with selection should always replace.
This is how paste work on Windows, Mac, modern Linux apps, and ttk
widgets. The exception was X11 tk widgets.
- Issue #27223: aio: Fix _read_ready and _write_ready to respect _conn_lost.
- Issue #22970: asyncio: Fix inconsistency cancelling Condition.wait.
- Issue #22558: Add remaining doc links to source code for Python-coded
modules.
- Issue #21386: Implement missing IPv4Address.is_global property.
- Issue #27194: superfluous truncate calls in tarfile.py slow down
extraction.
- Issue #14209: pkgutil.iter_zipimport_modules ignores the prefix for
packages.
- Issue #24136: Document generalized unpacking, PEP 448.
- Issue #27286: Fixed compiling BUILD_MAP_UNPACK_WITH_CALL opcode. Calling
function with generalized unpacking (PEP 448) and conflicting keyword
names could cause undefined behavior.
- Issue #25455: Fixed a crash in repr of ElementTree.Element with recursive
tag.
* Extend debian/copyright to the files shipped in the wheel files.
python3.5 (3.5.1-16) unstable; urgency=high
* Restore the distutils-init patch, only applied on upstream trunk.
python3.5 (3.5.1-15) unstable; urgency=high
* Fix bad update of the distutils-install-layout patch.
python3.5 (3.5.1-14) unstable; urgency=medium
* Update to 20160609 from the 3.5 branch.
- A new version of typing.py provides several new classes and
features: @overload outside stubs, Reversible, DefaultDict, Text,
ContextManager, Type[], NewType(), TYPE_CHECKING, and numerous bug
fixes (note that some of the new features are not yet implemented in
mypy or other static analyzers). Also classes for PEP 492
(Awaitable, AsyncIterable, AsyncIterator) have been added (in fact
they made it into 3.5.1 but were never mentioned).
- Issue #25738: Stop http.server.BaseHTTPRequestHandler.send_error() from
sending a message body for 205 Reset Content. Also, don't send Content
header fields in responses that don't have a body.
- Issue #21313: Fix the "platform" module to tolerate when sys.version
contains truncated build information.
- Issue #26839: On Linux, :func:`os.urandom` now calls ``getrandom()`` with
``GRND_NONBLOCK`` to fall back on reading ``/dev/urandom`` if the urandom
entropy pool is not initialized yet. Closes: #824379.
- Issue #27164: In the zlib module, allow decompressing raw Deflate streams
with a predefined zdict.
- Issue #24291: Fix wsgiref.simple_server.WSGIRequestHandler to completely
write data to the client. Previously it could do partial writes and
truncate data. Also, wsgiref.handler.ServerHandler can now handle stdout
doing partial writes, but this is deprecated.
- Issue #26809: Add ``__all__`` to :mod:`string`.
- Issue #26373: subprocess.Popen.communicate now correctly ignores
BrokenPipeError when the child process dies before .communicate()
is called in more/all circumstances.
- Issue #24759: Make clear in idlelib.idle_test.__init__ that the directory
is a private implementation of test.test_idle and tool for maintainers.
- Issue #27196: Stop 'ThemeChanged' warnings when running IDLE tests.
These persisted after other warnings were suppressed in #20567.
- Issue #20567: Revise idle_test/README.txt with advice about avoiding
tk warning messages from tests. Apply advice to several IDLE tests.
- Issue #26884: Fix linking extension modules for cross builds.
- Issue #26014: Update 3.x packaging documentation:
* "See also" links to the new docs are now provided in the legacy pages
* links to setuptools documentation have been updated
- Issue #27229: Fix the cross-compiling pgen rule for in-tree builds.
* Don't run multiprocessing tests during the profiling build.
python3.5 (3.5.1-13) unstable; urgency=medium
* Update to 20160603 from the 3.5 branch.
- Issue #26168: Fixed possible refleaks in failing Py_BuildValue() with
the "N" format unit.
- Issue #26991: Fix possible refleak when creating a function with
annotations.
- Issue #27039: Fixed bytearray.remove() for values greater than 127.
- Issue #23640: int.from_bytes() no longer bypasses constructors for
subclasses.
- Issue #27138: Fix the doc comment for FileFinder.find_spec().
- Issue #27147: Mention PEP 420 in the importlib docs.
- Issue #21776: distutils.upload now correctly handles HTTPError.
- Issue #27114: Fix SSLContext._load_windows_store_certs fails with
PermissionError.
- Issue #18383: Avoid creating duplicate filters when using filterwarnings
and simplefilter.
- Issue #27057: Fix os.set_inheritable() on Android, ioctl() is blocked by
SELinux and fails with EACCESS. The function now falls back to fcntl().
- Issue #27014: Fix infinite recursion using typing.py.
- Issue #14132: Fix urllib.request redirect handling when the target only
has a query string.
- Issue #17214: The "urllib.request" module now percent-encodes non-ASCII
bytes found in redirect target URLs. Some servers send Location header
fields with non-ASCII bytes, but "http.client" requires the request
target to be ASCII-encodable, otherwise a UnicodeEncodeError is raised.
- Issue #26892: Honor debuglevel flag in urllib.request.HTTPHandler.
- Issue #22274: In the subprocess module, allow stderr to be redirected to
stdout even when stdout is not redirected.
- Issue #26807: mock_open 'files' no longer error on readline at
end of file.
- Issue #26977: Removed unnecessary, and ignored, call to sum of squares
helper in statistics.pvariance.
- Issue #26848: Fix asyncio/subprocess.communicate() to handle empty input.
- Issue #27040: Add loop.get_exception_handler method
- Issue #27041: asyncio: Add loop.create_future method
* IDLE changes:
- Issue #27117: Make colorizer htest and turtledemo work with dark themes.
Move code for configuring text widget colors to a new function.
- Issue #26673: When tk reports font size as 0, change to size 10.
Such fonts on Linux prevented the configuration dialog from opening.
- Issue #21939: Add test for IDLE's percolator.
- Issue #21676: Add test for IDLE's replace dialog.
- Issue #18410: Add test for IDLE's search dialog.
- Issue #21703: Add test for IDLE's undo delegator.
- Issue #27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks.
- Issue #23977: Add more asserts to test_delegator.
- Issue #20640: Add tests for idlelib.configHelpSourceEdit.
- In the 'IDLE-console differences' section of the IDLE doc, clarify
how running with IDLE affects sys.modules and the standard streams.
- Issue #25507: fix incorrect change in IOBinding that prevented printing.
Augment IOBinding htest to include all major IOBinding functions.
- Issue #25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION
MARK in README.txt and open this and NEWS.txt with 'ascii'.
Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'.
* Rebuild to pick up the GNU triplet change on i386 archs. Addresses: #826128.
python3.5 (3.5.1-12) unstable; urgency=medium
* Update to 20160509 from the 3.5 branch.
- Issue #26811: gc.get_objects() no longer contains a broken tuple with
NULL pointer.
- Issue #20120: Use RawConfigParser for .pypirc parsing, removing support
for interpolation unintentionally added with move to Python 3. Behavior
no longer does any interpolation in .pypirc files, matching behavior in
Python 2.7 and Setuptools 19.0.
- Issue #25745: Fixed leaking a userptr in curses panel destructor.
- Issue #26881: The modulefinder module now supports extended opcode
arguments.
- Issue #23815: Fixed crashes related to directly created instances of
types in _tkinter and curses.panel modules.
- Issue #17765: weakref.ref() no longer silently ignores keyword arguments.
- Issue #26873: xmlrpc now raises ResponseError on unsupported type tags
instead of silently return incorrect result.
- Issue #26881: modulefinder now works with bytecode with extended args.
- Issue #26711: Fixed the comparison of plistlib.Data with other types.
- Issue #24114: Fix an uninitialized variable in `ctypes.util`.
- Issue #26864: In urllib.request, change the proxy bypass host checking
against no_proxy to be case-insensitive, and to not match unrelated host
names that happen to have a bypassed hostname as a suffix.
- Issue #26634: recursive_repr() now sets __qualname__ of wrapper.
- Issue #26804: urllib.request will prefer lower_case proxy environment
variables over UPPER_CASE or Mixed_Case ones.
- Issue #26837: assertSequenceEqual() now correctly outputs non-stringified
differing items (like bytes in the -b mode).
This affects assertListEqual() and assertTupleEqual().
- Issue #26041: Remove "will be removed in Python 3.7" from deprecation
messages of platform.dist() and platform.linux_distribution().
- Issue #26822: itemgetter, attrgetter and methodcaller objects no longer
silently ignore keyword arguments.
- Issue #26733: Disassembling a class now disassembles class and static
methods.
- Issue #26801: Fix error handling in :func:`shutil.get_terminal_size`,
catch :exc:`AttributeError` instead of :exc:`NameError`.
- Issue #24838: tarfile's ustar and gnu formats now correctly calculate name
and link field limits for multibyte character encodings like utf-8.
- Issue #26657: Fix directory traversal vulnerability with http.server on
Windows.
- Issue #26736: Used HTTPS for external links in the documentation if
possible.
- Issue #22359: Disable the rules for running _freeze_importlib and pgen
when cross-compiling. The output of these programs is normally saved
with the source code anyway, and is still regenerated when doing a
native build. Closes: #820509.
- Issue #21668: Link audioop, _datetime, _ctypes_test modules to libm.
- Issue #26799: Fix python-gdb.py: don't get C types once when the Python
code is loaded, but get C types on demand. The C types can change if
python-gdb.py is loaded before the Python executable.
* Fix issue #26673, runtime error in idle3. LP: #1574892.
* Update symbols files.
python3.5 (3.5.1-11) unstable; urgency=medium
* Update to 20160330 from the 3.5 branch.
- Issue #26659: Make the builtin slice type support cycle collection.
- Issue #26718: super.__init__ no longer leaks memory if called multiple
times. NOTE: A direct call of super.__init__ is not endorsed!
- Issue #25339: PYTHONIOENCODING now has priority over locale in setting
the error handler for stdin and stdout.
- Issue #26717: Stop encoding Latin-1-ized WSGI paths with UTF-8.
- Issue #26735: Fix :func:`os.urandom` on Solaris 11.3 and newer when
reading more than 1,024 bytes: call ``getrandom()`` multiple times with
a limit of 1024 bytes per call.
- Issue #16329: Add .webm to mimetypes.types_map.
- Issue #13952: Add .csv to mimetypes.types_map.
- Issue #26709: Fixed Y2038 problem in loading binary PLists.
- Issue #23735: Handle terminal resizing with Readline 6.3+ by installing
our own SIGWINCH handler.
- Issue #26586: In http.server, respond with "413 Request header fields too
large" if there are too many header fields to parse, rather than killing
the connection and raising an unhandled exception.
- Issue #22854: Change BufferedReader.writable() and
BufferedWriter.readable() to always return False.
- Issue #6953: Rework the Readline module documentation to group related
functions together, and add more details such as what underlying Readline
functions and variables are accessed.
-- Matthias Klose <email address hidden> Tue, 05 Jul 2016 14:43:10 +0200
-
python3.5 (3.5.1-10) unstable; urgency=medium
* Update to 20160330 from the 3.5 branch.
-- Matthias Klose <email address hidden> Thu, 31 Mar 2016 00:46:26 +0200
-
python3.5 (3.5.1-9ubuntu1) xenial; urgency=medium
* Lib/_pydecimal.py: Bump __libmpdec_version__.
* libpython3.5-stdlib: Add breaks on libmpdec2 (<< 2.4.2).
-- Matthias Klose <email address hidden> Wed, 23 Mar 2016 13:57:53 +0100
-
python3.5 (3.5.1-9) unstable; urgency=medium
* Update to 20160323 from the 3.5 branch.
* Always build _math.o with -fPIC.
-- Matthias Klose <email address hidden> Wed, 23 Mar 2016 11:47:21 +0100
-
python3.5 (3.5.1-8) unstable; urgency=medium
* Update to 20160318 from the 3.5 branch.
* Fix python3-venv with updated python-pip packages (Barry Warsaw).
Closes: #815014, #815864.
* Fix generating devhelp documentation (Simon McVittie).
Closes: #816299. LP: #1553633.
-- Matthias Klose <email address hidden> Fri, 18 Mar 2016 16:12:19 +0100
-
python3.5 (3.5.1-6ubuntu2) xenial; urgency=medium
* python3.5-venv: Drop the dependency on python-pip-whl, depend on
python-pip-whl (>= 8.0.2-7).
-- Matthias Klose <email address hidden> Wed, 24 Feb 2016 11:41:47 +0100
-
python3.5 (3.5.1-6ubuntu1) xenial; urgency=medium
* Don't run the test_socket test, hangs on the buildds.
-- Matthias Klose <email address hidden> Mon, 22 Feb 2016 11:28:07 +0100
-
python3.5 (3.5.1-6) unstable; urgency=medium
* Update to 20160221 from the 3.5 branch.
-- Matthias Klose <email address hidden> Mon, 22 Feb 2016 00:11:32 +0100
-
python3.5 (3.5.1-5) unstable; urgency=medium
* Update to 20160113 from the 3.5 branch.
-- Matthias Klose <email address hidden> Wed, 13 Jan 2016 16:09:18 +0100
-
python3.5 (3.5.1-4) unstable; urgency=medium
* Update to 20160111 from the 3.5 branch.
-- Matthias Klose <email address hidden> Mon, 11 Jan 2016 21:50:55 +0100
-
python3.5 (3.5.1-3) unstable; urgency=medium
* Update to 20160105 from the 3.5 branch.
* Fix maintainer scripts with findutils 4.6. Closes: #809079.
-- Matthias Klose <email address hidden> Tue, 05 Jan 2016 12:13:30 +0100
-
python3.5 (3.5.1-2) unstable; urgency=medium
* Disable LTO on Debian/s390x.
* Don't run test_signal on alpha, currently breaks the testsuite.
-- Matthias Klose <email address hidden> Thu, 10 Dec 2015 15:34:41 +0100
-
python3.5 (3.5.1-1) unstable; urgency=medium
* Python 3.5.1 release.
* Fix building architecture independent packages only. Closes: #806870.
* Update symbols files for i386.
* d/p/fix-sslv3-test.diff: properly handle Ubuntu's openssl having OP_NO_SSLv3
forced on by default (Marc Deslauriers).
-- Matthias Klose <email address hidden> Mon, 07 Dec 2015 11:34:52 +0100
-
python3.5 (3.5.1~rc1-2ubuntu1) xenial; urgency=medium
* debian/patches/fix-sslv3-test.diff: properly handle Ubuntu's openssl
having OP_NO_SSLv3 forced on by default.
-- Marc Deslauriers <email address hidden> Tue, 24 Nov 2015 12:47:11 -0500
-
python3.5 (3.5.1~rc1-1ubuntu1) xenial; urgency=medium
* debian/patches/fix-sslv3-test.diff: properly handle Ubuntu's openssl
having OP_NO_SSLv3 forced on by default.
-- Marc Deslauriers <email address hidden> Tue, 24 Nov 2015 10:31:22 -0500
-
python3.5 (3.5.1~rc1-1) unstable; urgency=medium
* Python 3.5.1 release candidate 1.
* Don't ship menu files anymore, just desktop files.
* Update symbols file.
-- Matthias Klose <email address hidden> Mon, 23 Nov 2015 22:10:38 +0100
-
python3.5 (3.5.0-3ubuntu1) xenial; urgency=medium
* debian/patches/fix-sslv3-test.diff: properly handle Ubuntu's openssl
having OP_NO_SSLv3 forced on by default.
-- Marc Deslauriers <email address hidden> Thu, 12 Nov 2015 07:21:10 -0500
-
python3.5 (3.5.0-3) unstable; urgency=medium
* Update to 20151011 from the 3.5 branch.
- Idle updates.
- Issue #24402: Fix input() to prompt to the redirected stdout when
sys.stdout.fileno() fails.
- Issue #24806: Prevent builtin types that are not allowed to be subclassed
from being subclassed through multiple inheritance.
- Issue #24848: Fixed a number of bugs in UTF-7 decoding of misformed data.
- Issue #25280: Import trace messages emitted in verbose (-v) mode are no
longer formatted twice.
- Issue #25003: On Solaris 11.3 or newer, os.urandom() now uses the
getrandom() function instead of the getentropy() function. The getentropy()
function is blocking to generate very good quality entropy, os.urandom()
doesn't need such high-quality entropy.
- Issue #25182: The stdprinter (used as sys.stderr before the io module is
imported at startup) now uses the backslashreplace error handler.
- Issue #25131: Make the line number and column offset of set/dict literals
and comprehensions correspond to the opening brace.
- Issue #25364: zipfile now works in threads disabled builds.
- Issue #25328: smtpd's SMTPChannel now correctly raises a ValueError if
both decode_data and enable_SMTPUTF8 are set to true.
- Issue #25316: distutils raises OSError instead of DistutilsPlatformError
when MSVC is not installed.
- Issue #23972: Updates asyncio datagram create method allowing reuseport
and reuseaddr socket options to be set prior to binding the socket.
Mirroring the existing asyncio create_server method the reuseaddr option
for datagram sockets defaults to True if the O/S is 'posix' (except if
the platform is Cygwin).
- Issue #25304: Add asyncio.run_coroutine_threadsafe(). This lets you
submit a coroutine to a loop from another thread, returning a
concurrent.futures.Future.
- Issue #25232: Fix CGIRequestHandler to split the query from the URL at the
first question mark (?) rather than the last.
- Issue #24657: Prevent CGIRequestHandler from collapsing slashes in the
query part of the URL as if it were a path.
- Issue #24483: C implementation of functools.lru_cache() now calculates
key's hash only once.
- Issue #22958: Constructor and update method of weakref.WeakValueDictionary
now accept the self and the dict keyword arguments.
- Issue #22609: Constructor of collections.UserDict now accepts the self
keyword argument.
- Issue #25111: Fixed comparison of traceback.FrameSummary.
- Issue #25262. Added support for BINBYTES8 opcode in Python implementation
of unpickler.
- Issue #25034: Fix string.Formatter problem with auto-numbering and
nested format_specs.
- Issue #25233: Rewrite the guts of asyncio.Queue and
asyncio.Semaphore to be more understandable and correct.
- Issue #25203: Failed readline.set_completer_delims() no longer left the
module in inconsistent state.
- Issue #23600: Default implementation of tzinfo.fromutc() was returning
wrong results in some cases.
- Issue #23329: Allow the ssl module to be built with older versions of
LibreSSL.
- Issue #25319: When threading.Event is reinitialized, the underlying
condition should use a regular lock rather than a recursive lock.
- Issue #25099: Make test_compileall not fail when a entry on sys.path
cannot be written to.
- Issue #23919: Prevents assert dialogs appearing in the test suite.
* Back-out the local patch for issue 21264, supposed to be fixed by #25099.
* Adjust setting DH_COMPAT for dh_movefiles with updated debhelper supporting
globbing of arguments. Closes: #800247.
* pydoc: use the pager command if available. Addresses: #799555.
-- Matthias Klose <email address hidden> Sun, 11 Oct 2015 11:05:38 +0200
