lp://staging/ubuntu/quantal-updates/python3.2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

46. By Marc Deslauriers on 2014-02-27

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

45. By Marc Deslauriers on 2013-09-25

* SECURITY UPDATE: denial of service via ssl hostname wildcards
  - debian/patches/CVE-2013-2099.diff: limit number of wildcards in
    Lib/ssl.py, add test to Lib/test/test_ssl.py.
  - CVE-2013-2099
* SECURITY UPDATE: incorrect ssl hostname verification
  - debian/patches/CVE-2013-4238.diff: correctly handle NULL bytes in
    the subjectAltName in Modules/_ssl.c, add test to
    Lib/test/test_ssl.py, Lib/test/nullbytecert.pem.
  - CVE-2013-4238
* This package does _not_ contain the changes from 3.2.3-6ubuntu3.3 in
  quantal-proposed.

44. By Jamie Strandboge on 2012-10-17

* SECURITY UPDATE: http://bugs.python.org/issue13512
  - debian/patches/CVE-2011-4944.diff: create ~/.pypirc securely
  - CVE-2011-4944

43. By Matthias Klose on 2012-09-29

* Update to 20120921 from the 3.2 branch. Linux relevant fixes:
  - Issue #15970: xml.etree.ElementTree now serializes correctly the empty
    HTML elements 'meta' and 'param'.
  - Issue #11715: Fix multiarch detection without having Debian development
    tools (dpkg-dev) installed.
* Fix issue #16012, a regression in pyexpat. The parser's UseForeignDTD()
  method doesn't require an argument again. LP: #1056740.

42. By Matthias Klose on 2012-09-15

* Update to 20120915 from the 3.2 branch. Linux relevant fixes:
  - Issue #15842: the SocketIO.{readable,writable,seekable} methods now
    raise ValueError when the file-like object is closed.
  - Issue #15906: Fix a regression in argparse caused by the preceding change,
    when action='append', type='str' and default=[]. LP: #1048710.
  - Issue #15793: Stack corruption in ssl.RAND_egd().

41. By Matthias Klose on 2012-09-10

* Update to 20120910 from the 3.2 branch. Linux relevant fixes:
  - Issue #13992: The trashcan mechanism is now thread-safe. This eliminates
    sporadic crashes in multi-thread programs when several long deallocator
    chains ran concurrently and involved subclasses of built-in container
    types.
  - Issue #15846: Fix SystemError which happened when using ast.parse in an
    exception handler on code with syntax errors.
  - Issue #15801: Make sure mappings passed to '%' formatting are actually
    subscriptable.
  - Issue #15881: Fixed atexit hook in multiprocessing.
  - Issue #15340: Fix importing the random module when /dev/urandom cannot
    be opened. This was a regression caused by the hash randomization patch.
  - Issue #15841: The readable(), writable() and seekable() methods of BytesIO
    and StringIO objects now raise ValueError when the object has been closed.
  - Issue #15509: webbrowser.UnixBrowser no longer passes empty arguments to
    Popen when %action substitutions produce empty strings.
  - Issue #12776,#11839: call argparse type function (specified by
    add_argument) only once.
  - Issue #15676: Now "mmap" check for empty files before doing the
    offset check.
  - Issue #15802: Fix test logic in TestMaildir.test_create_tmp.
  - Issue #15819: Make sure we can build Python out-of-tree from a readonly
    source directory.
  - Issue #15822: Ensure 2to3 grammar pickles are properly installed.
  - Issue #11964: Document a change in v3.2 to the behavior of the indent
    parameter of json encoding operations.

40. By Matthias Klose on 2012-08-15

* Update to 20120826 from the 3.2 branch. Linux relevant fixes:
  - Follwup for issue #9374. Restore the removed attributes in the
    urlparse module.
  - Issue #14579: Fix CVE-2012-2135: vulnerability in the utf-16 decoder
    after error handling.
  - Issue #15404: Refleak in PyMethodObject repr.
  - Issue #15394: An issue in PyModule_Create that caused references to
    be leaked on some error paths has been fixed.
  - Issue #15368: An issue that caused bytecode generation to be
    non-deterministic when using randomized hashing (-R) has been fixed.
  - Issue #15424: Add a __sizeof__ implementation for array objects.
  - Issue #13052: Fix IDLE crashing when replace string in Search/Replace
    dialog ended with '\'.
  - Issue #15538: Fix compilation of the getnameinfo() / getaddrinfo()
    emulation code.
  - Issue #15726: Fix incorrect bounds checking in PyState_FindModule.
  - Issue #15604: Update uses of PyObject_IsTrue() to check for and handle
    errors correctly.
  - Issue #9803: Don't close IDLE on saving if breakpoint is open.
  - Issue #12288: Consider '0' and '0.0' as valid initialvalue
    for tkinter SimpleDialog.
  - Issue #11062: Fix adding a message from file to Babyl mailbox.
  - Issue #15544: Fix Decimal.__float__ to work with payload-carrying NaNs.
  - Issue #15249: BytesGenerator now correctly mangles From lines (when
    requested) even if the body contains undecodable bytes.
  - Issue #15777: Fix a refleak in _posixsubprocess.
  - Issue #15199: Fix JavaScript's default MIME type to
    application/javascript.
  - Issue #13579: string.Formatter now understands the 'a' conversion
    specifier.
  - Issue #15595: Fix subprocess.Popen(universal_newlines=True)
    for certain locales (utf-16 and utf-32 family). Patch by Chris Jerdonek.
  - Issue #15477: In cmath and math modules, add workaround for platforms
    whose system-supplied log1p function doesn't respect signs of zeros.
  - Issue #15512: Add a __sizeof__ implementation for parser.
  - Issue #15469: Add a __sizeof__ implementation for deque objects.
  - Issue #15489: Add a __sizeof__ implementation for BytesIO objects.
  - Issue #15487: Add a __sizeof__ implementation for buffered I/O objects.
  - Issue #6056: Make multiprocessing use setblocking(True) on the
    sockets it uses.
  - Issue #15041: update "see also" list in tkinter documentation.
  - Issue #15402: An issue in the struct module that caused sys.getsizeof to
    return incorrect results for struct.Struct instances has been fixed.
  - Issue #15232: when mangle_from is True, email.Generator now correctly
    mangles lines that start with 'From ' that occur in a MIME preamble
    or epilogue.
  - Issue #13922: argparse no longer incorrectly strips '--'s that appear
    after the first one.
  - Issue #12353: argparse now correctly handles null argument values.
  - Issues #10017 and #14998: Fix TypeError using pprint on dictionaries with
    user-defined types as keys or other unorderable keys.
  - Issue #14635: telnetlib will use poll() rather than select() when possible
    to avoid failing due to the select() file descriptor limit.
  - Issue #15645: Ensure 2to3 grammar pickles are properly installed.
  - Issue #15180: Clarify posixpath.join() error message when mixing
    str & bytes.
  - Issue #15230: runpy.run_path now correctly sets __package__ as described
    in the documentation
  - Issue #15467: Move helpers for __sizeof__ tests into test_support.
  - Issue #15320: Make iterating the list of tests thread-safe when running
    tests in multiprocess mode.
  - Issue #15230: Adopted a more systematic approach in the runpy tests
  - Issue #15747: ZFS always returns EOPNOTSUPP when attempting to set the
    UF_IMMUTABLE flag (via either chflags or lchflags); refactor affected
    tests in test_posix.py to account for this.
  - Issue #15285: Refactor the approach for testing connect timeouts using
    two external hosts that have been configured specifically for this type
    of test.
  - Issue #15615: Add some tests for the json module's handling of invalid
    input data.
  - Issue #15630: Add an example for "continue" stmt in the tutorial.
  - Issue #15444: Use proper spelling for non-ASCII contributor names.
  - Issue 15482: Properly document the default 'level' value for __import__()
    while warning about using negative values.
  - Issue #15230: Clearly document some of the limitations of the runpy
    module and nudge readers towards importlib when appropriate.
  - Issue #15250: Document that filecmp.dircmp compares files shallowly.
  - Issue #14674: Add a discussion of the json module's standard compliance.
* Don't look up multiarch extension names for wheezy. Addresses: #682795.
* Fortified build.
* Build-depend on unversioned libdb-dev.

39. By Matthias Klose on 2012-07-13

* Update to 20120709 from the 3.2 branch. Fixes:
  - Issue #15020: The program name used to search for Python's path is now
    "python3" under Unix, not "python".
  - Issue #15033: Fix the exit status bug when modules invoked using -m
    switch, return the proper failure return value (1).
  - Issue #12268: File readline, readlines and read() or readall() methods
    no longer lose data when an underlying read system call is interrupted.
    IOError is no longer raised due to a read system call returning EINTR
    from within these methods.
  - Issue #15142: Fix reference leak when deallocating instances of types
    created using PyType_FromSpec().
  - Issue #10053: Don't close FDs when FileIO.__init__ fails.
  - Issue #14990: Correctly fail with SyntaxError on invalid encoding
    declaration.
  - Issue #15247: FileIO now raises an error when given a file descriptor
    pointing to a directory.
  - Issue #5346: Preserve permissions of mbox, MMDF and Babyl mailbox
    files on flush().
  - Issue #10571: Fix the "--sign" option of distutils' upload command.
  - Issue #9559: If messages were only added, a new file is no longer
    created and renamed over the old file when flush() is called on an
    mbox, MMDF or Babyl mailbox.
  - Issue #14653: email.utils.mktime_tz() no longer relies on system
    mktime() when timezone offest is supplied.
  - Fix GzipFile's handling of filenames given as bytes objects.
  - Issue #15101: Make pool finalizer avoid joining current thread.
  - Issue #15036: Mailbox no longer throws an error if a flush is done
    between operations when removing or changing multiple items in mbox,
    MMDF, or Babyl mailboxes.
  - test_nntplib now tolerates being run from behind NNTP gateways that add
    "X-Antivirus" headers to articles.
  - Issue #15043: test_gdb is now skipped entirely if gdb security settings
    block loading of the gdb hooks.
  - Issue #13557: Clarify effect of giving two different namespaces to exec
    or execfile().
  - Issue #15300: Ensure the temporary test working directories are in the same
    parent folder when running tests in multiprocess mode from a Python build.
* Lookup extension modules with a multiarch suffix too.
* Include /usr/include/ncursesw in CPPFLAGS for the curses configure
  checks. Closes: #681007. LP: #1021783.
* Fix running the testsuite.
* Backport issue #13150: sysconfig no longer parses the Makefile and config.h
  files when imported, instead doing it at build time. This makes importing
  sysconfig faster and reduces Python startup time by 20%.
* Don't build the _hashlib and _ssl extensions as a builtin, but as
  extensions. Addresses: #680930.
* python3.2: Add a break for python-virtualenv (<< 1.7.1.2-2~).
* For lto builds, use -g instead of -g1; filter out lto flags in the
  installed Makefile. Addresses: #681348.
* Don't run the test_gdb test on mips/mipsel, not even in debug mode.

38. By Matthias Klose on 2012-05-03

* Build _ctypes as an extension, not a builtin. LP: #909292.
* Mark symbols defined in the _ctypes extension as optional.

37. By Matthias Klose on 2012-05-03

Build _ctypes as an extension, not a builtin. LP: #909292.