diff options
| author | Ned Deily <nad@python.org> | 2019-12-11 03:27:49 -0500 |
|---|---|---|
| committer | Ned Deily <nad@python.org> | 2019-12-11 03:28:36 -0500 |
| commit | 7ea0551592d80584b318099d5ebde4e7c552679f (patch) | |
| tree | fef3f8fa117cdeecf5384fb67a80f8987a13b587 | |
| parent | b23c0840ce07e03f2705fb08d94f8f03e5c5d5b8 (diff) | |
| download | cpython-git-7ea0551592d80584b318099d5ebde4e7c552679f.tar.gz | |
3.6.10rc1v3.6.10rc1
13 files changed, 104 insertions, 30 deletions
diff --git a/Include/patchlevel.h b/Include/patchlevel.h index a1ab4d9832..7e046e3e3e 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -18,12 +18,12 @@ /*--start constants--*/ #define PY_MAJOR_VERSION 3 #define PY_MINOR_VERSION 6 -#define PY_MICRO_VERSION 9 -#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL -#define PY_RELEASE_SERIAL 0 +#define PY_MICRO_VERSION 10 +#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_GAMMA +#define PY_RELEASE_SERIAL 1 /* Version as a string */ -#define PY_VERSION "3.6.9+" +#define PY_VERSION "3.6.10rc1" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py index df3f212eb7..b7d7cfa412 100644 --- a/Lib/pydoc_data/topics.py +++ b/Lib/pydoc_data/topics.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Autogenerated by Sphinx on Tue Jun 18 20:31:29 2019 +# Autogenerated by Sphinx on Wed Dec 11 03:20:37 2019 topics = {'assert': 'The "assert" statement\n' '**********************\n' '\n' diff --git a/Misc/NEWS.d/3.6.10rc1.rst b/Misc/NEWS.d/3.6.10rc1.rst new file mode 100644 index 0000000000..1a902e429d --- /dev/null +++ b/Misc/NEWS.d/3.6.10rc1.rst @@ -0,0 +1,97 @@ +.. bpo: 38945 +.. date: 2019-12-01-22-44-40 +.. nonce: ztmNXc +.. release date: 2019-12-11 +.. section: Security + +Newline characters have been escaped when performing uu encoding to prevent +them from overflowing into to content section of the encoded file. This +prevents malicious or accidental modification of data during the decoding +process. + +.. + +.. bpo: 37228 +.. date: 2019-11-21-21-36-54 +.. nonce: yBZnFG +.. section: Security + +Due to significant security concerns, the *reuse_address* parameter of +:meth:`asyncio.loop.create_datagram_endpoint` is no longer supported. This +is because of the behavior of ``SO_REUSEADDR`` in UDP. For more details, see +the documentation for ``loop.create_datagram_endpoint()``. (Contributed by +Kyle Stanley, Antoine Pitrou, and Yury Selivanov in :issue:`37228`.) + +.. + +.. bpo: 38804 +.. date: 2019-11-15-00-54-42 +.. nonce: vjbM8V +.. section: Security + +Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. + +.. + +.. bpo: 38243 +.. date: 2019-09-25-13-21-09 +.. nonce: 1pfz24 +.. section: Security + +Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer` when +rendering the document page as HTML. (Contributed by Dong-hee Na in +:issue:`38243`.) + +.. + +.. bpo: 38174 +.. date: 2019-09-23-21-02-46 +.. nonce: MeWuJd +.. section: Security + +Update vendorized expat library version to 2.2.8, which resolves +CVE-2019-15903. + +.. + +.. bpo: 37461 +.. date: 2019-07-16-08-11-00 +.. nonce: 1Ahz7O +.. section: Security + +Fix an infinite loop when parsing specially crafted email headers. Patch by +Abhilash Raj. + +.. + +.. bpo: 34155 +.. date: 2019-05-04-13-33-37 +.. nonce: MJll68 +.. section: Security + +Fix parsing of invalid email addresses with more than one ``@`` (e.g. +a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. +Patch by maxking & jpic. + +.. + +.. bpo: 38216 +.. date: 2019-09-27-15-24-45 +.. nonce: -7yvZR +.. section: Library + +Allow the rare code that wants to send invalid http requests from the +`http.client` library a way to do so. The fixes for bpo-30458 led to +breakage for some projects that were relying on this ability to test their +own behavior in the face of bad requests. + +.. + +.. bpo: 36564 +.. date: 2019-04-08-13-00-13 +.. nonce: _n67m_ +.. section: Library + +Fix infinite loop in email header folding logic that would be triggered when +an email policy's max_line_length is not long enough to include the required +markup and any values in the message. Patch by Paul Ganssle diff --git a/Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst b/Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst deleted file mode 100644 index ddd17aec1d..0000000000 --- a/Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix infinite loop in email header folding logic that would be triggered when -an email policy's max_line_length is not long enough to include the required -markup and any values in the message. Patch by Paul Ganssle diff --git a/Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst b/Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst deleted file mode 100644 index ac8e2b042d..0000000000 --- a/Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst +++ /dev/null @@ -1,4 +0,0 @@ -Allow the rare code that wants to send invalid http requests from the -`http.client` library a way to do so. The fixes for bpo-30458 led to -breakage for some projects that were relying on this ability to test their -own behavior in the face of bad requests. diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst deleted file mode 100644 index 50292e29ed..0000000000 --- a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst +++ /dev/null @@ -1 +0,0 @@ -Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic. diff --git a/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst b/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst deleted file mode 100644 index 9d47578c62..0000000000 --- a/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix an infinite loop when parsing specially crafted email headers. Patch by -Abhilash Raj. diff --git a/Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst b/Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst deleted file mode 100644 index e3da6fcdd1..0000000000 --- a/Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst +++ /dev/null @@ -1,2 +0,0 @@ -Update vendorized expat library version to 2.2.8, which resolves -CVE-2019-15903. diff --git a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst deleted file mode 100644 index 98d7be1295..0000000000 --- a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst +++ /dev/null @@ -1,3 +0,0 @@ -Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer` -when rendering the document page as HTML. -(Contributed by Dong-hee Na in :issue:`38243`.) diff --git a/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst b/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst deleted file mode 100644 index 1f45142d9f..0000000000 --- a/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst +++ /dev/null @@ -1 +0,0 @@ -Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller. diff --git a/Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst b/Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst deleted file mode 100644 index 0fafb63402..0000000000 --- a/Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst +++ /dev/null @@ -1,6 +0,0 @@ -Due to significant security concerns, the *reuse_address* parameter of
-:meth:`asyncio.loop.create_datagram_endpoint` is no longer supported. This is
-because of the behavior of ``SO_REUSEADDR`` in UDP. For more details, see the
-documentation for ``loop.create_datagram_endpoint()``.
-(Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov in
-:issue:`37228`.)
diff --git a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst deleted file mode 100644 index 1bf6ed567b..0000000000 --- a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst +++ /dev/null @@ -1 +0,0 @@ -Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.
\ No newline at end of file diff --git a/README.rst b/README.rst index 88524f95ca..e3ef5ec6cc 100644 --- a/README.rst +++ b/README.rst @@ -1,5 +1,5 @@ -This is Python version 3.6.9+ -============================= +This is Python version 3.6.10 candidate 1 +========================================= .. image:: https://travis-ci.org/python/cpython.svg?branch=3.6 :alt: CPython build status on Travis CI |