Changelog
python3.5 (3.5.2-3) unstable; urgency=medium
* Update to 20160805 from the 3.5 branch.
- Issue #27419: Standard __import__() no longer look up "__import__" in
globals or builtins for importing submodules or "from import".
Fixed handling an error of non-string package name.
- Issue #27514: Make having too many statically nested blocks a SyntaxError
instead of SystemError.
- Issue #27473: Fixed possible integer overflow in bytes and bytearray
concatenations.
- Issue #27507: Add integer overflow check in bytearray.extend().
- Issue #27581: Don't rely on wrapping for overflow check in
PySequence_Tuple().
- Issue #27443: __length_hint__() of bytearray iterators no longer return a
negative integer for a resized bytearray.
- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
- Issue #27656: Do not assume sched.h defines any SCHED_* constants.
- Issue #27130: In the "zlib" module, fix handling of large buffers
(typically 4 GiB) when compressing and decompressing. Previously, inputs
were limited to 4 GiB, and compression and decompression operations did
not properly handle results of 4 GiB.
- Issue #27533: Release GIL in nt._isdir
- Issue #17711: Fixed unpickling by the persistent ID with protocol 0.
- Issue #27522: Avoid an unintentional reference cycle in email.feedparser.
- Issue #26844: Fix error message for imp.find_module() to refer to 'path'
instead of 'name'.
- Issue #23804: Fix SSL zero-length recv() calls to not block and not raise
an error about unclean EOF.
- Issue #27466: Change time format returned by http.cookie.time2netscape,
confirming the netscape cookie format and making it consistent with
documentation.
- Issue #26664: Fix activate.fish by removing mis-use of ``$``.
- Issue #22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong
mode no longer break tracing, trace_vinfo() now always returns a list of
pairs of strings, tracing in the "u" mode now works.
- Fix a scoping issue in importlib.util.LazyLoader which triggered an
UnboundLocalError when lazy-loading a module that was already put into
sys.modules.
- Issue #27079: Fixed curses.ascii functions isblank(), iscntrl() and
ispunct().
- Issue #26754: Some functions (compile() etc) accepted a filename argument
encoded as an iterable of integers. Now only strings and byte-like
objects are accepted.
- Issue #27048: Prevents distutils failing on Windows when environment
variables contain non-ASCII characters
- Issue #27330: Fixed possible leaks in the ctypes module.
- Issue #27238: Got rid of bare excepts in the turtle module.
- Issue #27122: When an exception is raised within the context being
managed by a contextlib.ExitStack() and one of the exit stack generators
catches and raises it in a chain, do not re-raise the original exception
when exiting, let the new chained one through. This avoids the PEP 479
bug described in issue25782.
- [Security] Issue #27278: Fix os.urandom() implementation using
getrandom() on Linux.
- Issue #26386: Fixed ttk.TreeView selection operations with item id's
containing spaces.
- [Security] Issue #22636: Avoid shell injection problems with
ctypes.util.find_library().
- Issue #16182: Fix various functions in the "readline" module to use the
locale encoding, and fix get_begidx() and get_endidx() to return code
point indexes.
- Issue #27392: Add loop.connect_accepted_socket().
- Issue #27245: IDLE: Cleanly delete custom themes and key bindings.
- Issue #26754: PyUnicode_FSDecoder() accepted a filename argument encoded
as an iterable of integers. Now only strings and bytes-like objects are
accepted.
- Issue #27369: In test_pyexpat, avoid testing an error message detail that
changed in Expat 2.2.0.
- Issue #27332: Fixed the type of the first argument of module-level
functions generated by Argument Clinic.
- Issue #27418: Fixed Tools/importbench/importbench.py.
- Issue #27453: CPP invocation in configure must use CPPFLAGS.
- Issue #27641: The configure script now inserts comments into the makefile
to prevent the pgen and _freeze_importlib executables from being cross-
compiled.
- Issue #26662: Set PYTHON_FOR_GEN in configure as the Python program to be
used for file generation during the build.
* Revert the proposed patch for asyncio issue 366, doesn't work anymore,
and not applied upstream..
-- Matthias Klose <email address hidden> Fri, 05 Aug 2016 10:07:14 +0200
