[Python-checkins] 3.6.10rc1

Ned Deily webhook-mailer at python.org
Wed Dec 11 04:40:16 EST 2019 

https://github.com/python/cpython/commit/7ea0551592d80584b318099d5ebde4e7c552679f
commit: 7ea0551592d80584b318099d5ebde4e7c552679f
branch: 3.6
author: Ned Deily <nad at python.org>
committer: Ned Deily <nad at python.org>
date: 2019-12-11T03:28:36-05:00
summary:

3.6.10rc1

files:
A Misc/NEWS.d/3.6.10rc1.rst
D Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst
D Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst
D Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
D Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst
D Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst
D Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
D Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst
D Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst
D Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
M Include/patchlevel.h
M Lib/pydoc_data/topics.py
M README.rst

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index a1ab4d98322dc..7e046e3e3ee4a 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION	3
 #define PY_MINOR_VERSION	6
-#define PY_MICRO_VERSION	9
-#define PY_RELEASE_LEVEL	PY_RELEASE_LEVEL_FINAL
-#define PY_RELEASE_SERIAL	0
+#define PY_MICRO_VERSION	10
+#define PY_RELEASE_LEVEL	PY_RELEASE_LEVEL_GAMMA
+#define PY_RELEASE_SERIAL	1
 
 /* Version as a string */
-#define PY_VERSION      	"3.6.9+"
+#define PY_VERSION      	"3.6.10rc1"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index df3f212eb73ef..b7d7cfa412bc3 100644
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Tue Jun 18 20:31:29 2019
+# Autogenerated by Sphinx on Wed Dec 11 03:20:37 2019
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'
diff --git a/Misc/NEWS.d/3.6.10rc1.rst b/Misc/NEWS.d/3.6.10rc1.rst
new file mode 100644
index 0000000000000..1a902e429d438
--- /dev/null
+++ b/Misc/NEWS.d/3.6.10rc1.rst
@@ -0,0 +1,97 @@
+.. bpo: 38945
+.. date: 2019-12-01-22-44-40
+.. nonce: ztmNXc
+.. release date: 2019-12-11
+.. section: Security
+
+Newline characters have been escaped when performing uu encoding to prevent
+them from overflowing into to content section of the encoded file. This
+prevents malicious or accidental modification of data during the decoding
+process.
+
+..
+
+.. bpo: 37228
+.. date: 2019-11-21-21-36-54
+.. nonce: yBZnFG
+.. section: Security
+
+Due to significant security concerns, the *reuse_address* parameter of
+:meth:`asyncio.loop.create_datagram_endpoint` is no longer supported. This
+is because of the behavior of ``SO_REUSEADDR`` in UDP. For more details, see
+the documentation for ``loop.create_datagram_endpoint()``. (Contributed by
+Kyle Stanley, Antoine Pitrou, and Yury Selivanov in :issue:`37228`.)
+
+..
+
+.. bpo: 38804
+.. date: 2019-11-15-00-54-42
+.. nonce: vjbM8V
+.. section: Security
+
+Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller.
+
+..
+
+.. bpo: 38243
+.. date: 2019-09-25-13-21-09
+.. nonce: 1pfz24
+.. section: Security
+
+Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer` when
+rendering the document page as HTML. (Contributed by Dong-hee Na in
+:issue:`38243`.)
+
+..
+
+.. bpo: 38174
+.. date: 2019-09-23-21-02-46
+.. nonce: MeWuJd
+.. section: Security
+
+Update vendorized expat library version to 2.2.8, which resolves
+CVE-2019-15903.
+
+..
+
+.. bpo: 37461
+.. date: 2019-07-16-08-11-00
+.. nonce: 1Ahz7O
+.. section: Security
+
+Fix an infinite loop when parsing specially crafted email headers. Patch by
+Abhilash Raj.
+
+..
+
+.. bpo: 34155
+.. date: 2019-05-04-13-33-37
+.. nonce: MJll68
+.. section: Security
+
+Fix parsing of invalid email addresses with more than one ``@`` (e.g.
+a at b@c.com.) to not return the part before 2nd ``@`` as valid email address.
+Patch by maxking & jpic.
+
+..
+
+.. bpo: 38216
+.. date: 2019-09-27-15-24-45
+.. nonce: -7yvZR
+.. section: Library
+
+Allow the rare code that wants to send invalid http requests from the
+`http.client` library a way to do so.  The fixes for bpo-30458 led to
+breakage for some projects that were relying on this ability to test their
+own behavior in the face of bad requests.
+
+..
+
+.. bpo: 36564
+.. date: 2019-04-08-13-00-13
+.. nonce: _n67m_
+.. section: Library
+
+Fix infinite loop in email header folding logic that would be triggered when
+an email policy's max_line_length is not long enough to include the required
+markup and any values in the message. Patch by Paul Ganssle
diff --git a/Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst b/Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst
deleted file mode 100644
index ddd17aec1dd86..0000000000000
--- a/Misc/NEWS.d/next/Library/2019-04-08-13-00-13.bpo-36564._n67m_.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix infinite loop in email header folding logic that would be triggered when
-an email policy's max_line_length is not long enough to include the required
-markup and any values in the message. Patch by Paul Ganssle
diff --git a/Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst b/Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst
deleted file mode 100644
index ac8e2b042d929..0000000000000
--- a/Misc/NEWS.d/next/Library/2019-09-27-15-24-45.bpo-38216.-7yvZR.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Allow the rare code that wants to send invalid http requests from the
-`http.client` library a way to do so.  The fixes for bpo-30458 led to
-breakage for some projects that were relying on this ability to test their
-own behavior in the face of bad requests.
diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
deleted file mode 100644
index 50292e29ed1d2..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix parsing of invalid email addresses with more than one ``@`` (e.g. a at b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.
diff --git a/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst b/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst
deleted file mode 100644
index 9d47578c62771..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-07-16-08-11-00.bpo-37461.1Ahz7O.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fix an infinite loop when parsing specially crafted email headers. Patch by
-Abhilash Raj.
diff --git a/Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst b/Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst
deleted file mode 100644
index e3da6fcdd139f..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-09-23-21-02-46.bpo-38174.MeWuJd.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Update vendorized expat library version to 2.2.8, which resolves
-CVE-2019-15903.
diff --git a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
deleted file mode 100644
index 98d7be129573a..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer`
-when rendering the document page as HTML.
-(Contributed by Dong-hee Na in :issue:`38243`.)
diff --git a/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst b/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst
deleted file mode 100644
index 1f45142d9f743..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-11-15-00-54-42.bpo-38804.vjbM8V.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fixes a ReDoS vulnerability in :mod:`http.cookiejar`. Patch by Ben Caller.
diff --git a/Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst b/Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst
deleted file mode 100644
index 0fafb63402e46..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-11-21-21-36-54.bpo-37228.yBZnFG.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-Due to significant security concerns, the *reuse_address* parameter of
-:meth:`asyncio.loop.create_datagram_endpoint` is no longer supported. This is
-because of the behavior of ``SO_REUSEADDR`` in UDP. For more details, see the
-documentation for ``loop.create_datagram_endpoint()``.
-(Contributed by Kyle Stanley, Antoine Pitrou, and Yury Selivanov in
-:issue:`37228`.)
diff --git a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
deleted file mode 100644
index 1bf6ed567b241..0000000000000
--- a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
+++ /dev/null
@@ -1 +0,0 @@
-Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.
\ No newline at end of file
diff --git a/README.rst b/README.rst
index 88524f95cad29..e3ef5ec6cc763 100644
--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,5 @@
-This is Python version 3.6.9+
-=============================
+This is Python version 3.6.10 candidate 1
+=========================================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.6
    :alt: CPython build status on Travis CI

More information about the Python-checkins mailing list