[RELEASED] Release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're pleased to announce the immediate availability of release candidates for
Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 . The main impetus for these releases is
fixing a security issue in Python's hash based types, dict and set, as described
below. Python 2.7.3 and 3.2.3 include the security patch and the normal set of
bug fixes. Since Python 2.6 and 3.1 are maintained only for security issues,
2.6.8 and 3.1.5 contain only various security patches.
The security issue exploits Python's dict and set implementations. Carefully
crafted input can lead to extremely long computation times a...
[RELEASED] Release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're pleased to announce the immediate availability of release candidates for
Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 . The main impetus for these releases is
fixing a security issue in Python's hash based types, dict and set, as described
below. Python 2.7.3 and 3.2.3 include the security patch and the normal set of
bug fixes. Since Python 2.6 and 3.1 are maintained only for security issues,
2.6.8 and 3.1.5 contain only various security patches.
The security issue exploits Python's dict and set implementations. Carefully
crafted input can lead to extremely long computation times and denials of
service. [1] Python dict and set types use hash tables to provide amortized
constant time operations. Hash tables require a well-distributed hash function
to spread data evenly across the hash table. The security issue is that an
attacker could compute thousands of keys with colliding hashes; this causes
quadratic algorithmic complexity when the hash table is constructed. To
alleviate the problem, the new releases add randomization to the hashing of
Python's string types (bytes/str in Python 3 and str/unicode in Python 2),
datetime.date, and datetime.datetime. This prevents an attacker from computing
colliding keys of these types without access to the Python process.
Hash randomization causes the iteration order of dicts and sets to be
unpredictable and differ across Python runs. Python has never guaranteed
iteration order of keys in a dict or set,...
[RELEASED] Second release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're chuffed to announce the immediate availability of the second release
candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3. The only change from the
first release candidates is the patching of an additional security hole.
The security issue fixed in the second release candidates is in the expat XML
parsing library. expat had the same hash security issue detailed below as
Python's core types. The hashing algorithm used in the expat library is now
randomized. A more thorough explanation of the "hash attack" security hole
follows.
The main impetus for these releases is fixing a security issue in Python's hash
based types, dict and set, as described below. Python 2.7.3 and 3.2.3 include
the security patch and the normal set of bug fixes. Since Python 2.6 and 3.1 are
maintained only for security issues, 2.6.8 and 3.1.5 contain only various
security patches.
The security issue exploits Python's dict and set implementations. Carefully
crafted input can lead to extremely long computation times and denials of
service. [1] Python dict and set types use hash tables to provide amortized
constant time operations. Hash tables require a well-distributed hash function
to spread data evenly across the hash table. The security issue is that an
attacker could compute thousands of keys with colliding hashes; this causes
quadratic algorithmic complexity when the hash table is constructed. To
alleviate the problem, the new releases add rando...
[RELEASED] Second release candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3We're chuffed to announce the immediate availability of the second release
candidates for Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3. The only change from the
first release candidates is the patching of an additional security hole.
The security issue fixed in the second release candidates is in the expat XML
parsing library. expat had the same hash security issue detailed below as
Python's core types. The hashing algorithm used in the expat library is now
randomized. A more thorough explanation of the "hash attack" security hole
follows.
The main impetus for these releases is fi...
[RELEASED] Python 3.1.3 release candidate 1 #2On behalf of the Python development team, I'm gladsome to announce a release
candidate of the third bugfix release for the Python 3.1 series, Python 3.1.3.
This bug fix release fixes numerous issues found in 3.1.2. Please try it with
your packages and report any bugs you find. The final of 3.1.3 is scheduled to
be released in two weeks.
The Python 3.1 version series focuses on the stabilization and optimization of
the features and changes that Python 3.0 introduced. For example, the new I/O
system has been rewritten in C for speed. File system APIs that use unicode
strings ...
[RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
first release candidates of Python 3.2.4 and 3.3.1.
Python 3.2.4 will be the last regular maintenance release for the Python 3.2
series, while Python 3.3.1 is the first maintenance release for the 3.3
series. Both releases include hundreds of bugfixes.
There has recently been a lot of discussion about XML-based denial of service
attacks. Specifically, certain XML files can cause XML parsers, including ones
in the Python stdlib, to consume gigabytes of RAM and swamp the CPU. These
releases do not include any changes in Python XML code to address these issues.
Interested parties should examine the defusedxml package on PyPI:
https://pypi.python.org/pypi/defusedxml
These are testing releases: Please consider trying them with your code
and reporting any bugs you may notice to:
http://bugs.python.org/
To download Python 3.2.4 or Python 3.3.1, visit:
http://www.python.org/download/releases/3.2.4/ or
http://www.python.org/download/releases/3.3.1/
respectively.
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlFRRIoACgkQN9GcIYhpnLD6jACgnzYdYRKZ4kwkKeN3zSLSZ3Zr
M/IAn17vlpxI3a3xk+i/ODOrCkMnRZro
=B5sA
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
first release candidates of Python 3.2.4 and 3.3.1.
Python 3.2.4 will be the last regular maintenance release for the Python 3.2
series, while Python 3.3.1 is the first maintenance release for the 3.3
series. Both releases include hundreds of bugfixes.
There has recently been a lot of discussion about XML-based denial of service
attacks. Specifically, certain XML files can cause XML parsers, including ones
in the Python stdlib, to consume gigabytes of RAM and swamp the CPU. These
releases do not include any changes in Python XML code to address these issues.
Interested parties should examine the defusedxml package on PyPI:
https://pypi.python.org/pypi/defusedxml
These are testing releases: Please consider trying them with your code
and reporting any bugs you may notice to:
http://bugs.python.org/
To download Python 3.2.4 or Python 3.3.1, visit:
http://www.python.org/download/releases/3.2.4/ or
http://www.python.org/download/releases/3.3.1/
respectively.
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlFRRIoACgkQN9GcIYhpnLD6jACgnzYdYRKZ4kwkKeN3zSLSZ3Zr
M/IAn17vlpxI3a3xk+i/ODOrCkMnRZro
=B5sA
-----END PGP SIGNATURE-----
...
Problem installing matplotlib 1.3.1 with Python 2.7.6 and 3.3.3 (release candidate 1)Hello,
I tried to install matplotlib 1.3.1 on the release candidates of Python 2.7.6 and 3.3.3.
I am on Mac OS X 10.6.8.
Although the installation gave no problems, there is a problem with Tcl/Tk.
The new Pythons have their own embedded Tcl/Tk, but when installing matplotlib it links to the Frameworks version of Tcl and TK, not to the embedded version. This causes confusion when importing matplotlib.pyplot:
objc[70648]: Class TKApplication is implemented in both /Library/Frameworks/Python.framework/Versions/2.7/lib/libtk8.5.dylib and /Library/Frameworks/Tk.framework/Versions/8.5/Tk. One of the two will be used. Which one is undefined.
objc[70648]: Class TKMenu is implemented in both /Library/Frameworks/Python.framework/Versions/2.7/lib/libtk8.5.dylib and /Library/Frameworks/Tk.framework/Versions/8.5/Tk. One of the two will be used. Which one is undefined.
objc[70648]: Class TKContentView is implemented in both /Library/Frameworks/Python.framework/Versions/2.7/lib/libtk8.5.dylib and /Library/Frameworks/Tk.framework/Versions/8.5/Tk. One of the two will be used. Which one is undefined.
objc[70648]: Class TKWindow is implemented in both /Library/Frameworks/Python.framework/Versions/2.7/lib/libtk8.5.dylib and /Library/Frameworks/Tk.framework/Versions/8.5/Tk. One of the two will be used. Which one is undefined.
And then later it gives a lot of error messages.
So I think it should be linked to the embedded version. For this the matplotlib setupext.py should be ad...
[RELEASED] Python 3.3.3 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm quite happy to announce the
Python 3.3.3 release candidate 2.
Python 3.3.3 includes several security fixes and over 150 bug fixes compared to
the Python 3.3.2 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total, almost 500 API items are new or improved
in Python 3.3. For a more extensive list of changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
To download Python 3.3.3 rc2 visit:
http://www.python.org/download/releases/3.3.3/
This is a preview release, please report any bugs to
http://bugs.python.org/
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and 3.3's contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlKB1G4ACgkQN9GcIYhpnLAu5gCfRkfpnEs+rmtZ9iTjaaZcHDx3
sNYAn180Q4cFZmKtwJdaG+g/3jHAVd97
=n/Tt
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.3.3 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm quite happy to announce the
Python 3.3.3 release candidate 2.
Python 3.3.3 includes several security fixes and over 150 bug fixes compared to
the Python 3.3.2 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total, almost 500 API items are new or improved
in Python 3.3. For a more extensive list of changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
To download Python 3.3.3 rc2 visit:
http://www.python.org/download/releases/3.3.3/
This is a preview release, please report any bugs to
http://bugs.python.org/
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and 3.3's contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlKB1G4ACgkQN9GcIYhpnLAu5gCfRkfpnEs+rmtZ9iTjaaZcHDx3
sNYAn180Q4cFZmKtwJdaG+g/3jHAVd97
=n/Tt
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.3.3 release candidate 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm quite happy to announce the
Python 3.3.3 release candidate 1.
Python 3.3.3 includes several security fixes and over 150 bug fixes compared to
the Python 3.3.2 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3.3 also contains a new batteries-included feature for OS X users of
IDLE and other Tkinter-based programs. The python.org Mac OS X 64-bit/32-bit
x86-64/i386 Installer for OS X 10.6+ now includes its own builtin version of
Tcl/Tk 8.5. It is no longer necessary to install a third-party version of
Tcl/Tk 8.5 to workaround the problematic system versions. See
http://www.python.org/download/mac/tcltk/ for more information.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total, almost 500 API items are new or improved
in Python 3.3. For a more extensive list of changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
and for the detailed changelog of 3.3.3, see
http://docs.python.org/3.3/whatsnew/changelog.html
To download Python 3.3.3 rc1 visit:
http://www.python.org/download/releases/3.3.3/
This is a preview release, please report any bugs to
http://bugs.python.org/
T...
[RELEASED] Python 3.2.4 and Python 3.3.1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
final releases of Python 3.2.4 and 3.3.1.
Python 3.2.4 is the final regular maintenance release for the Python 3.2
series, while Python 3.3.1 is the first maintenance release for the 3.3
series. Both releases include hundreds of bugfixes.
There has recently been a lot of discussion about XML-based denial of service
attacks. Specifically, certain XML files can cause XML parsers, including ones
in the Python stdlib, to consume gigabytes of RAM and swamp the CPU. These
releases do not include any changes in Python XML code to address these issues.
Interested parties should examine the defusedxml package on PyPI:
https://pypi.python.org/pypi/defusedxml
To download Python 3.2.4 or Python 3.3.1, visit:
http://www.python.org/download/releases/3.2.4/ or
http://www.python.org/download/releases/3.3.1/
respectively. As always, please report bugs to
http://bugs.python.org/
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlFgiN8ACgkQN9GcIYhpnLAXxQCdHAd2lECpYfmYM4Wbd3I01es4
898AoKBDvHtgecD/PeVRKUrdQRSWGPJg
=K8RQ
-----END PGP SIGNATURE-----
On Saturday, 6 April 2013 21:43:11 UTC+1, Georg Brandl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hash...
[RELEASED] Python 3.1.3 release candidate 1On behalf of the Python development team, I'm gladsome to announce a release
candidate of the third bugfix release for the Python 3.1 series, Python 3.1.3.
This bug fix release fixes numerous issues found in 3.1.2. Please try it with
your packages and report any bugs you find. The final of 3.1.3 is scheduled to
be released in two weeks.
The Python 3.1 version series focuses on the stabilization and optimization of
the features and changes that Python 3.0 introduced. For example, the new I/O
system has been rewritten in C for speed. File system APIs that use unicode
strings ...
RE: RELEASED Python 2.3.4, release candidate 1 #3"""
What gives you the right to say this? *I'm offended.*
Speaking of moral and ethics, there seem to be other things to care
about, especially these days.
Thomas
"""
Ok, so perhaps "moral" and "ethical" is slightly strong. Sheesh. Levity.
Point being, if the developers of Python (and Perl and .... so on) spent =
so much time and energy creating something cross platform, it should be =
used thusly. I'm not saying it's "evil" not to do so, I'm saying that if =
you NEED platform-specific tools (which, let's be h...
RELEASED Python 2.3.3 (release candidate 1)Thomas,consider this:
specialized_python.exe --path/foo.px (command line)
where foo.px is zipped ctypes-venster program -modules,some
code,binaries(images etc.)
specialized_python.exe could be statically linked against C ctypes,and could
contain ctypes and venster python code (freezed)
(specialized_python.exe could also work as "regular" python.exe and
successfully run ".py" , ".pyc" files)
Now associate ".px" with specialized_python.exe and you have clickable
packed python programs.
To build such specialized_python.exe you would need your own
PyRun_*N...
[RELEASED] Python 3.2.5 and Python 3.3.2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
releases of Python 3.2.5 and 3.3.2.
The releases fix a few regressions in 3.2.4 and 3.3.1 in the zipfile, gzip
and xml.sax modules. Details can be found in the changelogs:
http://hg.python.org/cpython/file/v3.2.5/Misc/NEWS and
http://hg.python.org/cpython/file/v3.3.2/Misc/NEWS
To download Python 3.2.5 or Python 3.3.2, visit:
http://www.python.org/download/releases/3.2.5/ or
http://www.python.org/download/releases/3.3.2/
respectively. As always, please report bugs to
http://bugs.python.org/
(Thank you to those who reported these regressions.)
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlGUbJ4ACgkQN9GcIYhpnLDH8ACdEM4k7bobLJsFmCb49zuwQR3W
EjgAoIWAOFNhJNdTAWEGSWqFWUP20wrb
=YnPr
-----END PGP SIGNATURE-----
...
[RELEASED] Python 3.2.5 and Python 3.3.2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I am pleased to announce the
releases of Python 3.2.5 and 3.3.2.
The releases fix a few regressions in 3.2.4 and 3.3.1 in the zipfile, gzip
and xml.sax modules. Details can be found in the changelogs:
http://hg.python.org/cpython/file/v3.2.5/Misc/NEWS and
http://hg.python.org/cpython/file/v3.3.2/Misc/NEWS
To download Python 3.2.5 or Python 3.3.2, visit:
http://www.python.org/download/releases/3.2.5/ or
http://www.python.org/download/releases/3.3.2/
respectively. As always, please report bugs to
http://bugs.python.org/
(Thank you to those who reported these regressions.)
Enjoy!
- --
Georg Brandl, Release Manager
georg at python.org
(on behalf of the entire python-dev team and all contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlGUbJ4ACgkQN9GcIYhpnLDH8ACdEM4k7bobLJsFmCb49zuwQR3W
EjgAoIWAOFNhJNdTAWEGSWqFWUP20wrb
=YnPr
-----END PGP SIGNATURE-----
...
RELEASED Python 2.3.2, release candidate 1
On behalf of the Python development team and the Python community, I'm
happy to announce the release of Python 2.3.2 (release candidate 1).
Python 2.3.2 is a bug-fix release, to repair a couple of build problems
and packaging errors in Python 2.3.1. Assuming no major problems crop up,
a final release of Python 2.3.2 will follow later this week.
For more information on Python 2.3.2, including download links for
various platforms, release notes, and known issues, please see:
http://www.python.org/2.3.2
Highlights of this new release include:
- A bug in autoconf that broke buildin...
[RELEASED] Python 3.3.4 release candidate 1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm reasonably happy to announce the
Python 3.3.4 release candidate 1.
Python 3.3.4 includes several security fixes and over 120 bug fixes compared to
the Python 3.3.3 release.
This release fully supports OS X 10.9 Mavericks. In particular, this release
fixes an issue that could cause previous versions of Python to crash when typing
in interactive mode on OS X 10.9.
Python 3.3 includes a range of improvements of the 3.x series, as well as easier
porting between 2.x and 3.x. In total,...
[RELEASED] Python 3.3.5 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm happy to announce
the release of Python 3.3.5, release candidate 2.
Python 3.3.5 includes a fix for a regression in zipimport in 3.3.4
(see http://bugs.python.org/issue20621) and a few other bugs.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. In total, almost 500 API items
are new or improved in Python 3.3. For a more extensive list of
changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
...
[RELEASED] Python 3.3.0 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm delighted to announce the
second release candidate of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. Major new features and changes
in the 3.3 release series are:
* PEP 380, syntax for delegating to a subgenerator ("yield from")
* PEP 393, flexible string representation (doing away with the
distinction between "wide" and "narrow" Unicode builds)
* A C implementation of the "decimal" module, with up to 80x speedup
for decimal-heavy applications
* The import system (__import__) now based on importlib by default
* The new "lzma" module with LZMA/XZ support
* PEP 397, a Python launcher for Windows
* PEP 405, virtual environment support in core
* PEP 420, namespace package support
* PEP 3151, reworking the OS and IO exception hierarchy
* PEP 3155, qualified name for classes and functions
* PEP 409, suppressing exception context
* PEP 414, explicit Unicode literals to help with porting
* PEP 418, extended platform-independent clocks in the "time" module
* PEP 412, a new key-sharing dictionary implementation that
significantly saves memory for object-oriented code
* PEP 362, the function-signature object
* The new "faulth...
[RELEASED] Python 3.3.0 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm delighted to announce the
second release candidate of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. Major new features and changes
in the 3.3 release series are:
* PEP 380, syntax for delegating to a subgenerator ("yield from")
* PEP 393, flexible string representation (doing away with the
distinction between...
[RELEASED] Python 3.3.5 release candidate 2-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of the Python development team, I'm happy to announce
the release of Python 3.3.5, release candidate 2.
Python 3.3.5 includes a fix for a regression in zipimport in 3.3.4
(see http://bugs.python.org/issue20621) and a few other bugs.
Python 3.3 includes a range of improvements of the 3.x series, as well
as easier porting between 2.x and 3.x. In total, almost 500 API items
are new or improved in Python 3.3. For a more extensive list of
changes in the 3.3 series, see
http://docs.python.org/3.3/whatsnew/3.3.html
...
RE: RELEASED Python 2.3.4, release candidate 1 #2>
>WINDOWS
>... Windows users may also be
>interested in Mark Hammond's win32all, a collection of
>Windows-specific extensions including COM support and Pythonwin, an
>IDE built using Windows components.
>
PS... I have moral and ethical arguments against this. I believe it's =
just plain WRONG to use a language like Python or Java or even C#/.NET =
and RELY on platform specific "extensions".
If it ain't cross platform, then it's VB.
$.02/MHO
Hornberger, Chris wrote:
>>WINDOWS
>>... Windows users may also be
>>interested in ...