no argument is given, the file :file:`.netrc` in the user's home directory will
be read. Parse errors will raise :exc:`NetrcParseError` with diagnostic
information including the file name, line number, and terminating token.
- .. versionchanged:: 3.1.6 Added the POSIX permission check.
+ If no argument is specified on a POSIX system, the presence of passwords in
+ the :file:`.netrc` file will raise a :exc:`NetrcParseError` if the file
+ ownership or permissions are insecure (owned by a user other than the user
+ running the process, or accessible for read or write by any other user).
+ This implements security behavior equivalent to that of ftp and other
+ programs that use :file:`.netrc`.
+
++ .. versionchanged:: 3.2.6 Added the POSIX permission check.
.. exception:: NetrcParseError
Library
-------
-- Issue #16248: Disable code execution from the user's home directory by tkinter
- when the -E flag is passed to Python.
+ - Issue #14984: On POSIX systems, when netrc is called without a filename
+ argument (and therefore is reading the user's $HOME/.netrc file), it now
+ enforces the same security rules as typical ftp clients: the .netrc file must
+ be owned by the user that owns the process and must not be readable by any
+ other user.
+
+- Fix tkinter regression introduced by the security fix in issue #16248.
+- Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of
+ service using certificates with many wildcards (CVE-2013-2099).
-What's New in Python 3.1.5?
-===========================
-
-*Release date: 2012-04-08*
-Core and Builtins
------------------
+What's New in Python 3.2.5?
+===========================
-- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
- environment variable, to provide an opt-in way to protect against denial of
- service attacks due to hash collisions within the dict and set types. Patch
- by David Malcolm, based on work by Victor Stinner.
+*Release date: 13-May-2013*
Library
-------
projects / thirdparty / Python / cpython.git / commitdiff
