[RELEASED] Release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're pleased to announce the immediate availability of release candidates for
Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 . The main impetus for these releases is
fixing a security issue in Python's hash based types, dict and set, as described
below. Python 2.7.3 and 3.2.3 include the security patch and the normal set of
bug fixes. Since Python 2.6 and 3.1 are maintained only for security issues,
2.6.8 and 3.1.5 contain only various security patches.
The security issue exploits Python's dict and set implementations. Carefully
crafted input can lead to extremely long computation times and denials of
service. [1] Python dict and set types use hash tables to provide amortized
constant time operations. Hash tables require a well-distributed hash function
to spread data evenly across the hash table. The security issue is that an
attacker could compute thousands of keys with colliding hashes; this causes
quadratic algorithmic complexity when the hash table is constructed. To
alleviate the problem, the new releases add randomization to the hashing of
Python's string types (bytes/str in Python 3 and str/unicode in Python 2),
datetime.date, and datetime.datetime. This prevents an attacker from computing
colliding keys of these types without access to the Python process.
Hash randomization causes the iteration order of dicts and sets to be
unpredictable and differ across Python runs. Python has never guaranteed
iteration order of keys in a dict or set,...
[RELEASED] Release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're pleased to announce the immediate availability of release candidates for
Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 . The main impetus for these releases is
fixing a security issue in Python's hash based types, dict and set, as described
below. Python 2.7.3 and 3.2.3 include the security patch and the normal set of
bug fixes. Since Python 2.6 and 3.1 are maintained only for security issues,
2.6.8 and 3.1.5 contain only various security patches.
The security issue exploits Python's dict and set implementations. Carefully
crafted input can lead to extremely long computation times a...
[RELEASED] Python 3.1.3 release candidate 1On behalf of the Python development team, I'm gladsome to announce a release
candidate of the third bugfix release for the Python 3.1 series, Python 3.1.3.
This bug fix release fixes numerous issues found in 3.1.2. Please try it with
your packages and report any bugs you find. The final of 3.1.3 is scheduled to
be released in two weeks.
The Python 3.1 version series focuses on the stabilization and optimization of
the features and changes that Python 3.0 introduced. For example, the new I/O
system has been rewritten in C for speed. File system APIs that use unicode
strings ...
[RELEASED] Second release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're chuffed to announce the immediate availability of the second release
candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3. The only change from the
first release candidates is the patching of an additional security hole.
The security issue fixed in the second release candidates is in the expat XML
parsing library. expat had the same hash security issue detailed below as
Python's core types. The hashing algorithm used in the expat library is now
randomized. A more thorough explanation of the "hash attack" security hole
follows.
The main impetus for these releases is fixing a security issue in Python's hash
based types, dict and set, as described below. Python 2.7.3 and 3.2.3 include
the security patch and the normal set of bug fixes. Since Python 2.6 and 3.1 are
maintained only for security issues, 2.6.8 and 3.1.5 contain only various
security patches.
The security issue exploits Python's dict and set implementations. Carefully
crafted input can lead to extremely long computation times and denials of
service. [1] Python dict and set types use hash tables to provide amortized
constant time operations. Hash tables require a well-distributed hash function
to spread data evenly across the hash table. The security issue is that an
attacker could compute thousands of keys with colliding hashes; this causes
quadratic algorithmic complexity when the hash table is constructed. To
alleviate the problem, the new releases add rando...
[RELEASED] Second release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're chuffed to announce the immediate availability of the second release
candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3. The only change from the
first release candidates is the patching of an additional security hole.
The security issue fixed in the second release candidates is in the expat XML
parsing library. expat had the same hash security issue detailed below as
Python's core types. The hashing algorithm used in the expat library is now
randomized. A more thorough explanation of the "hash attack" security hole
follows.
The main impetus for these releases is fi...
Problem installing matplotlib 1.3.1 with Python 2.7.6 and 3.3.3 (release candidate 1)Hello,
I tried to install matplotlib 1.3.1 on the release candidates of Python 2.7.6 and 3.3.3.
I am on Mac OS X 10.6.8.
Although the installation gave no problems, there is a problem with Tcl/Tk.
The new Pythons have their own embedded Tcl/Tk, but when installing matplotlib it links to the Frameworks version of Tcl and TK, not to the embedded version. This causes confusion when importing matplotlib.pyplot:
objc[70648]: Class TKApplication is implemented in both /Library/Frameworks/Python.framework/Versions/2.7/lib/libtk8.5.dylib and /Library/Frameworks/Tk.framework/Versions/8.5/Tk....
[RELEASED] Python 3.3.0 release candidate 3-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm delighted to announce the
third release candidate of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. Major new features and changes
in the 3.3 release series are:
* PEP 380, syntax for delegating to a subgenerator ("yield from")
* PEP 393, flexible string representation (doing away with the
distinction between ...
[RELEASED] Python 3.3.3 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm quite happy to announce the
Python 3.3.3 release candidate 2.
Python 3.3.3 includes several security fixes and over 150 bug fixes compared to
the Python 3.3.2 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total, almost 500 API items are new or improved
in Python 3.3. For a more extensive list of changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
To download Python 3.3.3 rc2 visit:
http://www.python.org/download/releases/3.3.3/
This is a preview release, please report any bugs to
http://bugs.python.org/
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and 3.3's contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlKB1G4ACgkQN9GcIYhpnLAu5gCfRkfpnEs+rmtZ9iTjaaZcHDx3
sNYAn180Q4cFZmKtwJdaG+g/3jHAVd97
=n/Tt
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.3.3 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm quite happy to announce the
Python 3.3.3 release candidate 2.
Python 3.3.3 includes several security fixes and over 150 bug fixes compared to
the Python 3.3.2 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total, almo...
[RELEASED] Python 3.3.0 release candidate 3-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm delighted to announce the
third release candidate of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. Major new features and changes
in the 3.3 release series are:
* PEP 380, syntax for delegating to a subgenerator ("yield from")
* PEP 393, flexible string representation (doing away with the
distinction between "wide" and "narrow" Unicode builds)
* A C implementation of the "decimal" module, with up to 80x speedup
for decimal-heavy applications
* The import system (__import__) now based on importlib by default
* The new "lzma" module with LZMA/XZ support
* PEP 397, a Python launcher for Windows
* PEP 405, virtual environment support in core
* PEP 420, namespace package support
* PEP 3151, reworking the OS and IO exception hierarchy
* PEP 3155, qualified name for classes and functions
* PEP 409, suppressing exception context
* PEP 414, explicit Unicode literals to help with porting
* PEP 418, extended platform-independent clocks in the "time" module
* PEP 412, a new key-sharing dictionary implementation that
significantly saves memory for object-oriented code
* PEP 362, the function-signature object
* The new "faultha...
[RELEASED] Python 3.1.3 release candidate 1 #2On behalf of the Python development team, I'm gladsome to announce a release
candidate of the third bugfix release for the Python 3.1 series, Python 3.1.3.
This bug fix release fixes numerous issues found in 3.1.2. Please try it with
your packages and report any bugs you find. The final of 3.1.3 is scheduled to
be released in two weeks.
The Python 3.1 version series focuses on the stabilization and optimization of
the features and changes that Python 3.0 introduced. For example, the new I/O
system has been rewritten in C for speed. File system APIs that use unicode
strings ...
[RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
first release candidates of Python 3.2.4 and 3.3.1.
Python 3.2.4 will be the last regular maintenance release for the Python 3.2
series, while Python 3.3.1 is the first maintenance release for the 3.3
series. Both releases include hundreds of bugfixes.
There has recently been a lot of discussion about XML-based denial of service
attacks. Specifically, certain XML files can cause XML parsers, including ones
in the Python stdlib, to consume gigabytes of RAM and swamp the CPU. These
releases do not include any changes in Python XML code to address these issues.
Interested parties should examine the defusedxml package on PyPI:
https://pypi.python.org/pypi/defusedxml
These are testing releases: Please consider trying them with your code
and reporting any bugs you may notice to:
http://bugs.python.org/
To download Python 3.2.4 or Python 3.3.1, visit:
http://www.python.org/download/releases/3.2.4/ or
http://www.python.org/download/releases/3.3.1/
respectively.
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlFRRIoACgkQN9GcIYhpnLD6jACgnzYdYRKZ4kwkKeN3zSLSZ3Zr
M/IAn17vlpxI3a3xk+i/ODOrCkMnRZro
=B5sA
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
first release candidates of Python 3.2.4 and 3.3.1.
Python 3.2.4 will be the last regular maintenance release for the Python 3.2
series, while Python 3.3.1 is the first maintenance release for the 3.3
series. Both releases include hundreds of bugfixes.
There has recently been a lot of discussion about XML-based denial of service
attacks. Specifically, certain XML files can cause XML parsers, including ones
in the Python stdlib, to consume gigabytes of RAM and swa...
Re: pymozilla ([Python-Dev] RELEASED Python 2.3.3 (release candidate 1)[Brad Clements wrote]
>I'd like to find out more about pymozilla.. It sounds very interesting
pymozilla is is a proprietary application so I can't share the code.
It's a modified python.exe with builtin Browser module - Python wrapped
Gecko engine.
Custom nsIProtocolHandler and zip-file-system Python module is used to get
and load files(html,xml,css,images,Python code) from zip
and to resolve and process all ".py" links and html forms. It's pretty like
CGI, but no server is required.
The main problem was to have it run from CD (client requirement) without
installing anything (Mozilla/Python)
Wiktor
On Fri, 19 Dec 2003 04:30:53 +0100, "Wiktor Sadowski"
<art@wiktorsadowski.com> wrote:
>The main problem was to have it run from CD (client requirement) without
>installing anything (Mozilla/Python)
I had the same problem. I solved it using Webware and SQLite.
--
JZ
JZ <jroznfgre@jngpugbjreQBGbet.cy> writes:
> On Fri, 19 Dec 2003 04:30:53 +0100, "Wiktor Sadowski"
> <art@wiktorsadowski.com> wrote:
>
> >The main problem was to have it run from CD (client requirement) without
> >installing anything (Mozilla/Python)
>
> I had the same problem. I solved it using Webware and SQLite.
What's the problem? Does Python not like having nowhere to save .pyc
files?
John
"John J. Lee" wrote:
>
> JZ <jroznfgre@jngpugbjreQBGbet.cy> writes:
>
> > ...
[RELEASED] Python 3.2.4 and Python 3.3.1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
final releases of Python 3.2.4 and 3.3.1.
Python 3.2.4 is the final regular maintenance release for the Python 3.2
series, while Python 3.3.1 is the first maintenance release for the 3.3
series. Both releases include hundreds of bugfixes.
There has recently been a lot of discussion about XML-based denial of service
attacks. Specifically, certain XML files can cause XML parsers, including ones
in the Python stdlib, to consume gigabytes of RAM and swamp the CPU. These
releases do not include any changes in Python XML code to address these issues.
Interested parties should examine the defusedxml package on PyPI:
https://pypi.python.org/pypi/defusedxml
To download Python 3.2.4 or Python 3.3.1, visit:
http://www.python.org/download/releases/3.2.4/ or
http://www.python.org/download/releases/3.3.1/
respectively. As always, please report bugs to
http://bugs.python.org/
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlFgiN8ACgkQN9GcIYhpnLAXxQCdHAd2lECpYfmYM4Wbd3I01es4
898AoKBDvHtgecD/PeVRKUrdQRSWGPJg
=K8RQ
-----END PGP SIGNATURE-----
On Saturday, 6 April 2013 21:43:11 UTC+1, Georg Brandl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hash...
[RELEASED] Python 3.3.5 release candidate 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm happy to announce
the release of Python 3.3.5, release candidate 1.
Python 3.3.5 includes a fix for a regression in zipimport in 3.3.4
(see http://bugs.python.org/issue20621) and a few other bugs.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. In total, almost 500 API items
are new or improved in Python 3.3. For a more extensive list of
changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
To download Python 3.3.5 visit:
http://www.python.org/download/releases/3.3.5/
This is a preview release, please report any bugs to
http://bugs.python.org/
The final release is scheduled one week from now.
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and 3.3's contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMKIPEACgkQN9GcIYhpnLCjXACfQwbC/eD/lhKAZ+XCwTwYPVWj
GMwAnjWkbdk7hqsKoh12EiagpGApEPSA
=2BCx
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.3.0 release candidate 1On behalf of the Python development team, I'm delighted to announce the
first release candidate of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. Major new features and changes
in the 3.3 release series are:
* PEP 380, syntax for delegating to a subgenerator ("yield from")
* PEP 393, flexible string representation (doing away with the
distinction between "wide" and "narrow" Unicode bu...
RELEASED Python 2.3.3 (release candidate 1)--==_Exmh_1079726856P
Content-Type: text/plain; charset=us-ascii
On behalf of the Python development team and the Python community, I'm
happy to announce the release of Python 2.3.3 (release candidate 1).
Python 2.3.3 is a bug-fix release of Python 2.3. A couple of serious
bugs related to weakrefs and the cyclic garbage collector have been
fixed, along with a number of bugs in the standard library. See the
release notes on the web page for more details.
For more information on Python 2.3.3c1, including download links for
various platforms, release notes, and known issues, please see
http://www.python.org/2.3.3
Highlights of this new release include:
- A couple of serious bugs in the interactions of weakrefs and
cyclic GC have been squashed.
- At shutdown, the second call to the cyclic garbage collector has
been removed. This caused more problems than it solved.
- The xml.parsers.expat module now provides Expat 1.95.7.
- urllib2's HTTP Digest Auth support works again.
- See http://www.python.org/2.3.3/NEWS.html for other bugfixes.
Highlights of the previous major Python release (2.3) are available
from the Python 2.3 page, at
http://www.python.org/2.3/highlights.html
A final version of Python 2.3.3 should follow in a couple of weeks,
just in time for your Christmas stockings.
Enjoy the new release,
Anthony
Anthony Baxter
anthony@python.org
P...
[RELEASED] Python 3.3.4 release candidate 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm reasonably happy to announce the
Python 3.3.4 release candidate 1.
Python 3.3.4 includes several security fixes and over 120 bug fixes compared to
the Python 3.3.3 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total, almost 500 API items are new or improved
in Python 3.3. For a more extensive list of changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
and for the detailed changelog of 3.3.4, see
http://docs.python.org/3.3/whatsnew/changelog.html
To download Python 3.3.4 rc1 visit:
http://www.python.org/download/releases/3.3.4/
This is a preview release, please report any bugs to
http://bugs.python.org/
The final version is scheduled to be released in two weeks' time, on or about
the 10th of February.
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and 3.3's contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlLmDI4ACgkQN9GcIYhpnLAr6wCePRbHF80k5goV4RUDBA5FfkwF
rLUAnRg0RpL/b6apv+Dt2/sgnUd3hTPA
=Z4Ss
-----END PGP SIG...
[RELEASED] Python 3.3.0 release candidate 1On behalf of the Python development team, I'm delighted to announce the
first release candidate of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. Major new features and changes
in the 3.3 release series are:
* PEP 380, syntax for delegating to a subgenerator ("yield from")
* PEP 393, flexible string representation (doing away with the
distinction between "wide" and "narrow" Unicode builds)
* A C implementation of the "decimal" module, with up to 80x speedup
for decimal-heavy applications
* The import system (__import__) now based on importlib by default
* The new "lzma" module with LZMA/XZ support
* PEP 397, a Python launcher for Windows
* PEP 405, virtual environment support in core
* PEP 420, namespace package support
* PEP 3151, reworking the OS and IO exception hierarchy
* PEP 3155, qualified name for classes and functions
* PEP 409, suppressing exception context
* PEP 414, explicit Unicode literals to help with porting
* PEP 418, extended platform-independent clocks in the "time" module
* PEP 412, a new key-sharing dictionary implementation that
significantly saves memory for object-oriented code
* PEP 362, the function-signature object
* The new "faulthandler" module that helps diagnosing crashes
...
RELEASED Python 2.3.3 (release candidate 1)--==_Exmh_1079726856P
Content-Type: text/plain; charset=us-ascii
On behalf of the Python development team and the Python community, I'm
happy to announce the release of Python 2.3.3 (release candidate 1).
Python 2.3.3 is a bug-fix release of Python 2.3. A couple of serious
bugs related to weakrefs and the cyclic garbage collector have been
fixed, along with a number of bugs in the standard library. See the
release notes on the web page for more details.
For more information on Python 2.3.3c1, including download links for
various platforms, release notes, and known issues, please see
...
[RELEASED] Python 3.3.5 release candidate 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm happy to announce
the release of Python 3.3.5, release candidate 1.
Python 3.3.5 includes a fix for a regression in zipimport in 3.3.4
(see http://bugs.python.org/issue20621) and a few other bugs.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. In total, almost 500 API items
are new or improved in Python 3.3. For a more extensive list of
changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
To download Python 3.3.5 visit:
http://www.python.org/download/releases/3.3.5/
This is a preview release, please report any bugs to
http://bugs.python.org/
The final release is scheduled one week from now.
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and 3.3's contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlMKIPEACgkQN9GcIYhpnLCjXACfQwbC/eD/lhKAZ+XCwTwYPVWj
GMwAnjWkbdk7hqsKoh12EiagpGApEPSA
=2BCx
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.3.4 release candidate 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm reasonably happy to announce the
Python 3.3.4 release candidate 1.
Python 3.3.4 includes several security fixes and over 120 bug fixes compared to
the Python 3.3.3 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total,...