From: Lars Gustäbel Date: Mon, 5 Sep 2011 14:59:44 +0000 (+0200) Subject: Merge with 3.2: Issue #12841: Fix tarfile extraction of non-existent uids/gids. X-Git-Tag: v3.3.0a1~1570^2~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=24757851b7f95a4fbb6ecef1354b12c426a0c5e5;p=thirdparty%2FPython%2Fcpython.git Merge with 3.2: Issue #12841: Fix tarfile extraction of non-existent uids/gids. --- 24757851b7f95a4fbb6ecef1354b12c426a0c5e5 diff --cc Misc/NEWS index b15876b1cfae,bd8c49788b30..16e0e40d0f74 --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -271,73 -73,66 +271,78 @@@ Core and Builtin Library ------- + - Issue #12841: tarfile unnecessarily checked the existence of numerical user + and group ids on extraction. If one of them did not exist the respective id + of the current user (i.e. root) was used for the file and ownership + information was lost. + -- Issue #10946: The distutils commands bdist_dumb, bdist_wininst and bdist_msi - now respect a --skip-build option given to bdist. +- Issue #12888: Fix a bug in HTMLParser.unescape that prevented it to escape + more than 128 entities. Patch by Peter Otten. -- Issue #12839: Fix crash in zlib module due to version mismatch. - Fix by Richard M. Tew. +- Issue #12878: Expose a __dict__ attribute on io.IOBase and its subclasses. -Extension Modules ------------------ +- Issue #12636: IDLE reads the coding cookie when executing a Python script. -- Issue #9651: Fix a crash when ctypes.create_string_buffer(0) was passed to - some functions like file.write(). +- Issue #12494: On error, call(), check_call(), check_output() and + getstatusoutput() functions of the subprocess module now kill the process, + read its status (to avoid zombis) and close pipes. +- Issue #12720: Expose low-level Linux extended file attribute functions in os. +- Issue #10946: The distutils commands bdist_dumb, bdist_wininst and bdist_msi + now respect a --skip-build option given to bdist. The packaging commands + were fixed too. -What's New in Python 3.2.2 release candidate 1? -=============================================== +- Issue #12847: Fix a crash with negative PUT and LONG_BINPUT arguments in + the C pickle implementation. -*Release date: 14-Aug-2011* +- Issue #11564: Avoid crashes when trying to pickle huge objects or containers + (more than 2**31 items). Instead, in most cases, an OverflowError is raised. -Core and Builtins ------------------ +- Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is + greater than FD_SETSIZE. -- Issue #12732: In narrow unicode builds, allow Unicode identifiers which fall - outside the BMP. +- Issue #12839: Fix crash in zlib module due to version mismatch. + Fix by Richard M. Tew. -- Issue #11603: Fix a crash when __str__ is rebound as __repr__. Patch by - Andreas Stührk. +- Issue #9923: The mailcap module now correctly uses the platform path + separator for the MAILCAP environment variable on non-POSIX platforms. -- Issue #11321: Fix a crash with multiple imports of the _pickle module when - embedding Python. Patch by Andreas Stührk. +- Issue #12835: Follow up to #6560 that unconditionally prevents use of the + unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets. Patch by David + Watson. -- Verify the types of AST strings and identifiers provided by the user before - compiling them. +- Issue #12803: SSLContext.load_cert_chain() now accepts a password argument + to be used if the private key is encrypted. Patch by Adam Simpkins. -- Issue #12579: str.format_map() now raises a ValueError if used on a - format string that contains positional fields. Initial patch by - Julian Berman. +- Issue #11657: Fix sending file descriptors over 255 over a multiprocessing + Pipe. -- Issue #11627: Fix segfault when __new__ on a exception returns a - non-exception class. +- Issue #12811: tabnanny.check() now promptly closes checked files. Patch by + Anthony Briggs. -- Issue #12149: Update the method cache after a type's dictionary gets - cleared by the garbage collector. This fixes a segfault when an instance - and its type get caught in a reference cycle, and the instance's - deallocator calls one of the methods on the type (e.g. when subclassing - IOBase). Diagnosis and patch by Davide Rizzo. +- Issue #6560: The sendmsg/recvmsg API is now exposed by the socket module + when provided by the underlying platform, supporting processing of + ancillary data in pure Python code. Patch by David Watson and Heiko Wundram. -- When a generator yields, do not retain the caller's exception state on the - generator. +- Issue #12326: On Linux, sys.platform doesn't contain the major version + anymore. It is now always 'linux', instead of 'linux2' or 'linux3' depending + on the Linux version used to build Python. -- Issue #12475: Prevent generators from leaking their exception state into the - caller's frame as they return for the last time. +- Issue #12213: Fix a buffering bug with interleaved reads and writes that + could appear on BufferedRandom streams. -Library -------- +- Issue #12778: Reduce memory consumption when JSON-encoding a large + container of many small objects. + +- Issue #12650: Fix a race condition where a subprocess.Popen could leak + resources (FD/zombie) when killed at the wrong time. + +- Issue #12744: Fix inefficient representation of integers between 2**31 and + 2**63 on systems with a 64-bit C "long". + +- Issue #12646: Add an 'eof' attribute to zlib.Decompress, to make it easier to + detect truncated input streams. - Issue #11513: Fix exception handling ``tarfile.TarFile.gzopen()`` when the file cannot be opened.