[Python-checkins] 3.6.9rc1

Ned Deily webhook-mailer at python.org
Tue Jun 18 23:51:29 EDT 2019


https://github.com/python/cpython/commit/0d47586d0262a4a2cc2ff855db3b3e9def8fda11
commit: 0d47586d0262a4a2cc2ff855db3b3e9def8fda11
branch: 3.6
author: Ned Deily <nad at python.org>
committer: Ned Deily <nad at python.org>
date: 2019-06-18T20:37:44-04:00
summary:

3.6.9rc1

files:
A Misc/NEWS.d/3.6.9rc1.rst
D Misc/NEWS.d/next/Documentation/2018-12-22-22-52-05.bpo-35564.TuEU_D.rst
D Misc/NEWS.d/next/Documentation/2018-12-30-09-56-13.bpo-35605.gAWt32.rst
D Misc/NEWS.d/next/Library/2018-12-30-14-35-19.bpo-35121.oWmiGU.rst
D Misc/NEWS.d/next/Library/2019-01-02-20-04-49.bpo-35643.DaMiaV.rst
D Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
D Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
D Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst
D Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
D Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
D Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst
D Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
D Misc/NEWS.d/next/Tests/2019-01-18-17-46-10.bpo-32947.Hk0KnM.rst
D Misc/NEWS.d/next/Tests/2019-02-24-01-58-38.bpo-27313.Sj9veH.rst
D Misc/NEWS.d/next/Tests/2019-05-06-18-29-54.bpo-35925.gwQPuC.rst
D Misc/NEWS.d/next/Tests/2019-05-08-15-55-46.bpo-36816.WBKRGZ.rst
D Misc/NEWS.d/next/macOS/2019-04-29-10-54-14.bpo-34602.Lrl2zU.rst
M Include/patchlevel.h
M Lib/pydoc_data/topics.py
M README.rst

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 7289d41e6c81..270e61792ceb 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION	3
 #define PY_MINOR_VERSION	6
-#define PY_MICRO_VERSION	8
-#define PY_RELEASE_LEVEL	PY_RELEASE_LEVEL_FINAL
-#define PY_RELEASE_SERIAL	0
+#define PY_MICRO_VERSION	9
+#define PY_RELEASE_LEVEL	PY_RELEASE_LEVEL_GAMMA
+#define PY_RELEASE_SERIAL	1
 
 /* Version as a string */
-#define PY_VERSION      	"3.6.8+"
+#define PY_VERSION      	"3.6.9rc1"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index e4c63058087e..df3f212eb73e 100644
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Sun Dec 23 16:24:21 2018
+# Autogenerated by Sphinx on Tue Jun 18 20:31:29 2019
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'
@@ -4862,7 +4862,7 @@
                   'Meaning                                                    '
                   '|\n'
                   '   '
-                  '+===========+============================================================+\n'
+                  '|===========|============================================================|\n'
                   '   | "\'<\'"     | Forces the field to be left-aligned '
                   'within the available   |\n'
                   '   |           | space (this is the default for most '
@@ -4911,7 +4911,7 @@
                   'Meaning                                                    '
                   '|\n'
                   '   '
-                  '+===========+============================================================+\n'
+                  '|===========|============================================================|\n'
                   '   | "\'+\'"     | indicates that a sign should be used for '
                   'both positive as  |\n'
                   '   |           | well as negative '
@@ -5015,7 +5015,7 @@
                   'Meaning                                                    '
                   '|\n'
                   '   '
-                  '+===========+============================================================+\n'
+                  '|===========|============================================================|\n'
                   '   | "\'s\'"     | String format. This is the default type '
                   'for strings and    |\n'
                   '   |           | may be '
@@ -5035,7 +5035,7 @@
                   'Meaning                                                    '
                   '|\n'
                   '   '
-                  '+===========+============================================================+\n'
+                  '|===========|============================================================|\n'
                   '   | "\'b\'"     | Binary format. Outputs the number in '
                   'base 2.               |\n'
                   '   '
@@ -5097,7 +5097,7 @@
                   'Meaning                                                    '
                   '|\n'
                   '   '
-                  '+===========+============================================================+\n'
+                  '|===========|============================================================|\n'
                   '   | "\'e\'"     | Exponent notation. Prints the number in '
                   'scientific         |\n'
                   '   |           | notation using the letter ‘e’ to indicate '
@@ -6777,7 +6777,7 @@
                      '+-------------------------------------------------+---------------------------------------+\n'
                      '| Operator                                        | '
                      'Description                           |\n'
-                     '+=================================================+=======================================+\n'
+                     '|=================================================|=======================================|\n'
                      '| "lambda"                                        | '
                      'Lambda expression                     |\n'
                      '+-------------------------------------------------+---------------------------------------+\n'
@@ -9911,7 +9911,7 @@
                    '   | Representation          | '
                    'Description                   |\n'
                    '   '
-                   '+=========================+===============================+\n'
+                   '|=========================|===============================|\n'
                    '   | "\\n"                    | Line '
                    'Feed                     |\n'
                    '   '
@@ -10252,7 +10252,7 @@
             '+-------------------+-----------------------------------+---------+\n'
             '| Escape Sequence   | Meaning                           | Notes   '
             '|\n'
-            '+===================+===================================+=========+\n'
+            '|===================|===================================|=========|\n'
             '| "\\newline"        | Backslash and newline ignored     '
             '|         |\n'
             '+-------------------+-----------------------------------+---------+\n'
@@ -10298,7 +10298,7 @@
             '+-------------------+-----------------------------------+---------+\n'
             '| Escape Sequence   | Meaning                           | Notes   '
             '|\n'
-            '+===================+===================================+=========+\n'
+            '|===================|===================================|=========|\n'
             '| "\\N{name}"        | Character named *name* in the     | '
             '(4)     |\n'
             '|                   | Unicode database                  |         '
@@ -10929,7 +10929,7 @@
           '      | Attribute                 | Meaning                         '
           '|             |\n'
           '      '
-          '+===========================+=================================+=============+\n'
+          '|===========================|=================================|=============|\n'
           '      | "__doc__"                 | The function’s documentation    '
           '| Writable    |\n'
           '      |                           | string, or "None" if            '
@@ -12110,7 +12110,7 @@
              '+----------------------------+----------------------------------+------------+\n'
              '| Operation                  | Result                           '
              '| Notes      |\n'
-             '+============================+==================================+============+\n'
+             '|============================|==================================|============|\n'
              '| "x in s"                   | "True" if an item of *s* is      '
              '| (1)        |\n'
              '|                            | equal to *x*, else "False"       '
@@ -12339,7 +12339,7 @@
              '+--------------------------------+----------------------------------+-----------------------+\n'
              '| Operation                      | '
              'Result                           | Notes                 |\n'
-             '+================================+==================================+=======================+\n'
+             '|================================|==================================|=======================|\n'
              '| "s[i] = x"                     | item *i* of *s* is replaced '
              'by   |                       |\n'
              '|                                | '
@@ -12793,7 +12793,7 @@
                      '| Operation                      | '
                      'Result                           | Notes                 '
                      '|\n'
-                     '+================================+==================================+=======================+\n'
+                     '|================================|==================================|=======================|\n'
                      '| "s[i] = x"                     | item *i* of *s* is '
                      'replaced by   |                       |\n'
                      '|                                | '
diff --git a/Misc/NEWS.d/3.6.9rc1.rst b/Misc/NEWS.d/3.6.9rc1.rst
new file mode 100644
index 000000000000..c810151fafdc
--- /dev/null
+++ b/Misc/NEWS.d/3.6.9rc1.rst
@@ -0,0 +1,165 @@
+.. bpo: 35907
+.. date: 2019-05-21-23-20-18
+.. nonce: NC_zNK
+.. release date: 2019-06-18
+.. section: Security
+
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in ``URLopener().open()`` and
+``URLopener().retrieve()`` of :mod:`urllib.request`.
+
+..
+
+.. bpo: 36742
+.. date: 2019-04-29-15-34-59
+.. nonce: QCUY0i
+.. section: Security
+
+Fixes mishandling of pre-normalization characters in urlsplit().
+
+..
+
+.. bpo: 30458
+.. date: 2019-04-10-08-53-30
+.. nonce: 51E-DA
+.. section: Security
+
+Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
+control characters through into the underlying http client request.  Such
+potentially malicious header injection URLs now cause an
+http.client.InvalidURL exception to be raised.
+
+..
+
+.. bpo: 36216
+.. date: 2019-03-06-09-38-40
+.. nonce: 6q1m4a
+.. section: Security
+
+Changes urlsplit() to raise ValueError when the URL contains characters that
+decompose under IDNA encoding (NFKC-normalization) into characters that
+affect how the URL is parsed.
+
+..
+
+.. bpo: 33529
+.. date: 2019-02-24-18-48-16
+.. nonce: wpNNBD
+.. section: Security
+
+Prevent fold function used in email header encoding from entering infinite
+loop when there are too many non-ASCII characters in a header.
+
+..
+
+.. bpo: 35746
+.. date: 2019-01-15-18-16-05
+.. nonce: nMSd0j
+.. section: Security
+
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
+not handle CRL distribution points with empty DP or URI correctly. A
+malicious or buggy certificate can result into segfault. Vulnerability
+(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
+
+..
+
+.. bpo: 35121
+.. date: 2018-10-31-15-39-17
+.. nonce: EgHv9k
+.. section: Security
+
+Don't send cookies of domain A without Domain attribute to domain B when
+domain A is a suffix match of domain B while using a cookiejar with
+:class:`http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan
+Singaravelan.
+
+..
+
+.. bpo: 35643
+.. date: 2019-01-02-20-04-49
+.. nonce: DaMiaV
+.. section: Library
+
+Fixed a SyntaxWarning: invalid escape sequence in Modules/_sha3/cleanup.py.
+Patch by Mickaël Schoentgen.
+
+..
+
+.. bpo: 35121
+.. date: 2018-12-30-14-35-19
+.. nonce: oWmiGU
+.. section: Library
+
+Don't set cookie for a request when the request path is a prefix match of
+the cookie's path attribute but doesn't end with "/". Patch by Karthikeyan
+Singaravelan.
+
+..
+
+.. bpo: 35605
+.. date: 2018-12-30-09-56-13
+.. nonce: gAWt32
+.. section: Documentation
+
+Fix documentation build for sphinx<1.6.  Patch by Anthony Sottile.
+
+..
+
+.. bpo: 35564
+.. date: 2018-12-22-22-52-05
+.. nonce: TuEU_D
+.. section: Documentation
+
+Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0
+
+..
+
+.. bpo: 36816
+.. date: 2019-05-08-15-55-46
+.. nonce: WBKRGZ
+.. section: Tests
+
+Update Lib/test/selfsigned_pythontestdotnet.pem to match
+self-signed.pythontest.net's new TLS certificate.
+
+..
+
+.. bpo: 35925
+.. date: 2019-05-06-18-29-54
+.. nonce: gwQPuC
+.. section: Tests
+
+Skip specific nntplib and ssl networking tests when they would otherwise
+fail due to a modern OS or distro with a default OpenSSL policy of rejecting
+connections to servers with weak certificates or disabling TLS below
+TLSv1.2.
+
+..
+
+.. bpo: 27313
+.. date: 2019-02-24-01-58-38
+.. nonce: Sj9veH
+.. section: Tests
+
+Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.
+
+..
+
+.. bpo: 32947
+.. date: 2019-01-18-17-46-10
+.. nonce: Hk0KnM
+.. section: Tests
+
+test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1.
+
+..
+
+.. bpo: 34602
+.. date: 2019-04-29-10-54-14
+.. nonce: Lrl2zU
+.. section: macOS
+
+Avoid failures setting macOS stack resource limit with resource.setrlimit.
+This reverts an earlier fix for bpo-18075 which forced a non-default stack
+size when building the interpreter executable on macOS.
diff --git a/Misc/NEWS.d/next/Documentation/2018-12-22-22-52-05.bpo-35564.TuEU_D.rst b/Misc/NEWS.d/next/Documentation/2018-12-22-22-52-05.bpo-35564.TuEU_D.rst
deleted file mode 100644
index 8ca95eed4c56..000000000000
--- a/Misc/NEWS.d/next/Documentation/2018-12-22-22-52-05.bpo-35564.TuEU_D.rst
+++ /dev/null
@@ -1 +0,0 @@
-Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0
diff --git a/Misc/NEWS.d/next/Documentation/2018-12-30-09-56-13.bpo-35605.gAWt32.rst b/Misc/NEWS.d/next/Documentation/2018-12-30-09-56-13.bpo-35605.gAWt32.rst
deleted file mode 100644
index cbc0f1e07f31..000000000000
--- a/Misc/NEWS.d/next/Documentation/2018-12-30-09-56-13.bpo-35605.gAWt32.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix documentation build for sphinx<1.6.  Patch by Anthony Sottile.
diff --git a/Misc/NEWS.d/next/Library/2018-12-30-14-35-19.bpo-35121.oWmiGU.rst b/Misc/NEWS.d/next/Library/2018-12-30-14-35-19.bpo-35121.oWmiGU.rst
deleted file mode 100644
index 032e1e2c00bc..000000000000
--- a/Misc/NEWS.d/next/Library/2018-12-30-14-35-19.bpo-35121.oWmiGU.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Don't set cookie for a request when the request path is a prefix match of
-the cookie's path attribute but doesn't end with "/". Patch by Karthikeyan
-Singaravelan.
diff --git a/Misc/NEWS.d/next/Library/2019-01-02-20-04-49.bpo-35643.DaMiaV.rst b/Misc/NEWS.d/next/Library/2019-01-02-20-04-49.bpo-35643.DaMiaV.rst
deleted file mode 100644
index 0b47bb61fc05..000000000000
--- a/Misc/NEWS.d/next/Library/2019-01-02-20-04-49.bpo-35643.DaMiaV.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fixed a SyntaxWarning: invalid escape sequence in Modules/_sha3/cleanup.py.
-Patch by Mickaël Schoentgen.
diff --git a/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst b/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
deleted file mode 100644
index d2eb8f1f352c..000000000000
--- a/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Don't send cookies of domain A without Domain attribute to domain B
-when domain A is a suffix match of domain B while using a cookiejar
-with :class:`http.cookiejar.DefaultCookiePolicy` policy. Patch by
-Karthikeyan Singaravelan.
diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
deleted file mode 100644
index fc703b9c2469..000000000000
--- a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
-not handle CRL distribution points with empty DP or URI correctly. A
-malicious or buggy certificate can result into segfault. Vulnerability
-(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
diff --git a/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst b/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst
deleted file mode 100644
index 84d16f5a56ae..000000000000
--- a/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Prevent fold function used in email header encoding from entering infinite
-loop when there are too many non-ASCII characters in a header.
diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
deleted file mode 100644
index 5546394157f9..000000000000
--- a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes urlsplit() to raise ValueError when the URL contains characters that
-decompose under IDNA encoding (NFKC-normalization) into characters that
-affect how the URL is parsed.
diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
deleted file mode 100644
index ed8027fb4d64..000000000000
--- a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst
+++ /dev/null
@@ -1 +0,0 @@
-Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request.  Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised.
diff --git a/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst b/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst
deleted file mode 100644
index d729ed2f3cd5..000000000000
--- a/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fixes mishandling of pre-normalization characters in urlsplit().
diff --git a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
deleted file mode 100644
index 37b567a5b6f9..000000000000
--- a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
-``local_file://`` URL schemes in ``URLopener().open()`` and
-``URLopener().retrieve()`` of :mod:`urllib.request`.
diff --git a/Misc/NEWS.d/next/Tests/2019-01-18-17-46-10.bpo-32947.Hk0KnM.rst b/Misc/NEWS.d/next/Tests/2019-01-18-17-46-10.bpo-32947.Hk0KnM.rst
deleted file mode 100644
index f508504ea65b..000000000000
--- a/Misc/NEWS.d/next/Tests/2019-01-18-17-46-10.bpo-32947.Hk0KnM.rst
+++ /dev/null
@@ -1 +0,0 @@
-test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1.
diff --git a/Misc/NEWS.d/next/Tests/2019-02-24-01-58-38.bpo-27313.Sj9veH.rst b/Misc/NEWS.d/next/Tests/2019-02-24-01-58-38.bpo-27313.Sj9veH.rst
deleted file mode 100644
index 189b9cf69f07..000000000000
--- a/Misc/NEWS.d/next/Tests/2019-02-24-01-58-38.bpo-27313.Sj9veH.rst
+++ /dev/null
@@ -1 +0,0 @@
-Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.
diff --git a/Misc/NEWS.d/next/Tests/2019-05-06-18-29-54.bpo-35925.gwQPuC.rst b/Misc/NEWS.d/next/Tests/2019-05-06-18-29-54.bpo-35925.gwQPuC.rst
deleted file mode 100644
index 428326cdfe5b..000000000000
--- a/Misc/NEWS.d/next/Tests/2019-05-06-18-29-54.bpo-35925.gwQPuC.rst
+++ /dev/null
@@ -1 +0,0 @@
-Skip specific nntplib and ssl networking tests when they would otherwise fail due to a modern OS or distro with a default OpenSSL policy of rejecting connections to servers with weak certificates or disabling TLS below TLSv1.2.
diff --git a/Misc/NEWS.d/next/Tests/2019-05-08-15-55-46.bpo-36816.WBKRGZ.rst b/Misc/NEWS.d/next/Tests/2019-05-08-15-55-46.bpo-36816.WBKRGZ.rst
deleted file mode 100644
index 420dfe832366..000000000000
--- a/Misc/NEWS.d/next/Tests/2019-05-08-15-55-46.bpo-36816.WBKRGZ.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update Lib/test/selfsigned_pythontestdotnet.pem to match self-signed.pythontest.net's new TLS certificate.
\ No newline at end of file
diff --git a/Misc/NEWS.d/next/macOS/2019-04-29-10-54-14.bpo-34602.Lrl2zU.rst b/Misc/NEWS.d/next/macOS/2019-04-29-10-54-14.bpo-34602.Lrl2zU.rst
deleted file mode 100644
index 6f7ac881c82e..000000000000
--- a/Misc/NEWS.d/next/macOS/2019-04-29-10-54-14.bpo-34602.Lrl2zU.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Avoid failures setting macOS stack resource limit with resource.setrlimit.
-This reverts an earlier fix for bpo-18075 which forced a non-default stack
-size when building the interpreter executable on macOS.
diff --git a/README.rst b/README.rst
index e1d13b07ee9f..48ed11934214 100644
--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,5 @@
-This is Python version 3.6.8+
-=============================
+This is Python version 3.6.9 candidate 1
+========================================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.6
    :alt: CPython build status on Travis CI



More information about the Python-checkins mailing list