[Python-checkins] cpython (3.3): fix reordering
benjamin.peterson
python-checkins at python.org
Sat Dec 5 03:27:51 EST 2015
https://hg.python.org/cpython/rev/39a709f1ca3a
changeset: 99456:39a709f1ca3a
branch: 3.3
parent: 99452:2932933afbe1
user: Benjamin Peterson <benjamin at python.org>
date: Sat Dec 05 00:27:11 2015 -0800
summary:
fix reordering
files:
Misc/NEWS | 144 +++++++++++++++++++++---------------------
1 files changed, 72 insertions(+), 72 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -47,82 +47,82 @@
- Issue #23365: Fixed possible integer overflow in
itertools.combinations_with_replacement.
+C API
+-----
+
+- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error
+
+
+What's New in Python 3.3.6?
+===========================
+
+*Release date: 11-Oct-2014*
+
+Core and Builtins
+-----------------
+
+- Issue #22643: Fix integer overflow in Unicode case operations (upper, lower,
+ title, swapcase, casefold).
+
+- Issue #22518: Fixed integer overflow issues in "backslashreplace",
+ "xmlcharrefreplace", and "surrogatepass" error handlers.
+
+- Issue #22520: Fix overflow checking when generating the repr of a unicode
+ object.
+
+- Issue #22519: Fix overflow checking in PyBytes_Repr.
+
+- Issue #22518: Fix integer overflow issues in latin-1 encoding.
+
+- Issue #23165: Perform overflow checks before allocating memory in the
+ _Py_char2wchar function.
+
+Library
+-------
+
+- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
+ will return. This resolves CVE-2013-1753.
+
+- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
+ weakrefs.
+
+- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
+ 65536 bytes and send a 414 error code for higher lengths. Patch contributed
+ by Devin Cook.
+
+- Lax cookie parsing in http.cookies could be a security issue when combined
+ with non-standard cookie handling in some Web browsers. Reported by
+ Sergey Bobrov.
+
+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
+ before checking for a CGI script at that path.
+
+- Issue #20633: Replace relative import by absolute import.
+
+- Issue #21082: In os.makedirs, do not set the process-wide umask. Note this
+ changes behavior of makedirs when exist_ok=True.
+
+- Issue #20875: Prevent possible gzip "'read' is not defined" NameError.
+ Patch by Claudiu Popa.
+
+- Issue #11599: When an external command (e.g. compiler) fails, distutils now
+ prints out the whole command line (instead of just the command name) if the
+ environment variable DISTUTILS_DEBUG is set.
+
+- Issue #4931: distutils should not produce unhelpful "error: None" messages
+ anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
+
+- Issue #20283: RE pattern methods now accept the string keyword parameters
+ as documented. The pattern and source keyword parameters are left as
+ deprecated aliases.
+
+- Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
+ broken by the fix for security issue #19435. Patch by Zach Byrne.
+
- Issue #21529 (CVE-2014-4616): Fix arbitrary memory access in
JSONDecoder.raw_decode with a negative second parameter. Bug reported by Guido
Vranken.
-C API
------
-
-- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error
-
-
-What's New in Python 3.3.6?
-===========================
-
-*Release date: 11-Oct-2014*
-
-Core and Builtins
------------------
-
-- Issue #22643: Fix integer overflow in Unicode case operations (upper, lower,
- title, swapcase, casefold).
-
-- Issue #22518: Fixed integer overflow issues in "backslashreplace",
- "xmlcharrefreplace", and "surrogatepass" error handlers.
-
-- Issue #22520: Fix overflow checking when generating the repr of a unicode
- object.
-
-- Issue #22519: Fix overflow checking in PyBytes_Repr.
-
-- Issue #22518: Fix integer overflow issues in latin-1 encoding.
-
-- Issue #23165: Perform overflow checks before allocating memory in the
- _Py_char2wchar function.
-
-Library
--------
-
-- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
- will return. This resolves CVE-2013-1753.
-
-- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
- weakrefs.
-
-- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
- 65536 bytes and send a 414 error code for higher lengths. Patch contributed
- by Devin Cook.
-
-- Lax cookie parsing in http.cookies could be a security issue when combined
- with non-standard cookie handling in some Web browsers. Reported by
- Sergey Bobrov.
-
-- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
- before checking for a CGI script at that path.
-
-- Issue #20633: Replace relative import by absolute import.
-
-- Issue #21082: In os.makedirs, do not set the process-wide umask. Note this
- changes behavior of makedirs when exist_ok=True.
-
-- Issue #20875: Prevent possible gzip "'read' is not defined" NameError.
- Patch by Claudiu Popa.
-
-- Issue #11599: When an external command (e.g. compiler) fails, distutils now
- prints out the whole command line (instead of just the command name) if the
- environment variable DISTUTILS_DEBUG is set.
-
-- Issue #4931: distutils should not produce unhelpful "error: None" messages
- anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
-
-- Issue #20283: RE pattern methods now accept the string keyword parameters
- as documented. The pattern and source keyword parameters are left as
- deprecated aliases.
-
-- Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
- broken by the fix for security issue #19435. Patch by Zach Byrne.
-
Tests
-----
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list