Vulnerability: urlsplit does not handle NFKC normalization

[Steve Dower]

We recently disclosed and patched a potential vulnerability in Python 
applications that use urlsplit() or urlparse() on user-provide URLs.


You may be impacted if a user can provide a Unicode URL to your 
application that is later converted to IDNA (Punycode) or ASCII. This 
conversion will decompose certain Unicode characters that can affect the 
netloc part of your URL, potentially resulting in requests being sent to 
an unexpected host.


All versions of Python are affected. Patches have been applied for the 
next releases of 2.7, 3.7 and 3.8, and are under review for 3.4, 3.5 and 
3.6.


Full details, links to the patches, and workarounds for applications are 
available at:
* 
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html

* https://bugs.python.org/issue36216

A CVE number has been requested but is not yet available.

The issue was discovered by Jonathan Birch of Microsoft Corporation and 
Panayiotis Panayiotou, and reported to the Python Security Response Team 
.

--
https://mail.python.org/mailman/listinfo/python-announce-list

   Support the Python Software Foundation:
   http://www.python.org/psf/donations/

UG Announcement - Python Mauritius User-Group (pymug)

[Abdur-Rahmaan Janhangeer]

As per requirements, i'm announcing the existence of the Python User-Group
for Mauritius, an island in the Indian Ocean. Below are some info.

Name: Python Mauritius User-Group
Website: pymug.com
Github: github.com/pymug
Mailing list: https://mail.python.org/mailman3/lists/pymug.python.org/
Wiki mention: https://wiki.python.org/moin/LocalUserGroups#Other_Africa
under Other Africa

First local meeting held: yes
Organising members: 4
Motivation: Python promotion and helping with docs translations.

Should anybody require any info, please let me know.

Yours,

-- 
Abdur-Rahmaan Janhangeer
http://www.pythonmembers.club | https://github.com/Abdur-rahmaanJ
Mauritius


Garanti
sans virus. www.avast.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

cx_Oracle 7.1.2

[Anthony Tuininga]

What is cx_Oracle?

cx_Oracle is a Python extension module that enables access to Oracle Database
for Python 3.x and 2.x and conforms to the Python database API 2.0
specifications with a number of enhancements.


Where do I get it?
https://oracle.github.io/python-cx_Oracle

The easiest method to install/upgrade cx_Oracle is via pip as in

python -m pip install cx_Oracle --upgrade


What's new?

This release addresses a couple of bugs. See the release notes for more
information.

https://cx-oracle.readthedocs.io/en/latest/releasenotes.html#version-7-1-2-march-2019

Please provide any feedback via GitHub issues (https://github.com/oracle
/python-cx_Oracle/issues).
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

[ANN] PyYAML-5.1: YAML parser and emitter for Python

[Ingy dot Net]

===
 Announcing PyYAML-5.1
===

A new MAJOR RELEASE of PyYAML is now available:
https://pypi.org/project/PyYAML/

This is the first major release of PyYAML under the new maintenance team.

Among the many changes listed below, this release specifically addresses the
arbitrary code execution issue raised by:

https://nvd.nist.gov/vuln/detail/CVE-2017-18342


(See https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
for complete details).

The PyYAML project is now maintained by the YAML and Python communities.
Planning happens on the #yaml-dev, #pyyaml and #libyaml IRC channels on
irc.freenode.net.


Changes
===

* https://github.com/yaml/pyyaml/pull/35  -- Some modernization of the test
running
* https://github.com/yaml/pyyaml/pull/42  -- Install tox in a virtualenv
* https://github.com/yaml/pyyaml/pull/45  -- Allow colon in a plain scalar
in a flow context
* https://github.com/yaml/pyyaml/pull/48  -- Fix typos
* https://github.com/yaml/pyyaml/pull/55  -- Improve RepresenterError
creation
* https://github.com/yaml/pyyaml/pull/59  -- Resolves #57, update readme
issues link
* https://github.com/yaml/pyyaml/pull/60  -- Document and test Python 3.6
support
* https://github.com/yaml/pyyaml/pull/61  -- Use Travis CI built in pip
cache support
* https://github.com/yaml/pyyaml/pull/62  -- Remove tox workaround for
Travis CI
* https://github.com/yaml/pyyaml/pull/63  -- Adding support to Unicode
characters over codepoint 0x
* https://github.com/yaml/pyyaml/pull/65  -- Support unicode literals over
codepoint 0x
* https://github.com/yaml/pyyaml/pull/75  -- add 3.12 changelog
* https://github.com/yaml/pyyaml/pull/76  -- Fallback to Pure Python if
Compilation fails
* https://github.com/yaml/pyyaml/pull/84  -- Drop unsupported Python 3.3
* https://github.com/yaml/pyyaml/pull/102 -- Include license file in the
generated wheel package
* https://github.com/yaml/pyyaml/pull/105 -- Removed Python 2.6 & 3.3
support
* https://github.com/yaml/pyyaml/pull/111 -- Remove commented out Psyco code
* https://github.com/yaml/pyyaml/pull/129 -- Remove call to `ord` in lib3
emitter code
* https://github.com/yaml/pyyaml/pull/143 -- Allow to turn off sorting keys
in Dumper
* https://github.com/yaml/pyyaml/pull/149 -- Test on Python 3.7-dev
* https://github.com/yaml/pyyaml/pull/158 -- Support escaped slash in
double quotes "\/"
* https://github.com/yaml/pyyaml/pull/181 -- Import Hashable from
collections.abc
* https://github.com/yaml/pyyaml/pull/256 -- Make default_flow_style=False
* https://github.com/yaml/pyyaml/pull/257 -- Deprecate yaml.load and add
FullLoader and UnsafeLoader classes
* https://github.com/yaml/pyyaml/pull/263 -- Windows Appveyor build


Resources
=

PyYAML IRC Channel: #pyyaml on irc.freenode.net
PyYAML homepage: https://github.com/yaml/pyyaml
PyYAML documentation: http://pyyaml.org/wiki/PyYAMLDocumentation
Source and binary installers: https://pypi.org/project/PyYAML/
GitHub repository: https://github.com/yaml/pyyaml/
Bug tracking: https://github.com/yaml/pyyaml/issues

YAML homepage: http://yaml.org/
YAML-core mailing list:
http://lists.sourceforge.net/lists/listinfo/yaml-core


About PyYAML


YAML is a data serialization format designed for human readability and
interaction with scripting languages. PyYAML is a YAML parser and emitter
for
Python.

PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support,
capable extension API, and sensible error messages. PyYAML supports standard
YAML tags and provides Python-specific tags that allow to represent an
arbitrary Python object.

PyYAML is applicable for a broad range of tasks from complex configuration
files to object serialization and persistence.


Example
===

>>> import yaml

>>> yaml.full_load("""
... name: PyYAML
... description: YAML parser and emitter for Python
... homepage: https://github.com/yaml/pyyaml
... keywords: [YAML, serialization, configuration, persistence, pickle]
... """)
{'keywords': ['YAML', 'serialization', 'configuration', 'persistence',
'pickle'], 'homepage': 'https://github.com/yaml/pyyaml', 'description':
'YAML parser and emitter for Python', 'name': 'PyYAML'}

>>> print(yaml.dump(_))
name: PyYAML
homepage: https://github.com/yaml/pyyaml
description: YAML parser and emitter for Python
keywords: [YAML, serialization, configuration, persistence, pickle]


Maintainers
===

The following people are currently responsible for maintaining PyYAML:

* Ingy döt Net
* Tina Mueller
* Matt Davis

and many thanks to all who have contribributed!
See: https://github.com/yaml/pyyaml/pulls


Copyright
=

Copyright (c) 2017-2019 Ingy döt Net 
Copyright (c) 2006-2016 Kirill Simonov 

The PyYAML module was written by Kirill Simonov .
It is currently maintained by the YAML and Python communities.

PyYAML is released under the MIT license.
See the file LICENSE for more details.
-- 

rJSmin 1.1.0

[André Malo]

Hello World,

I'm pleased to announce version 1.1.0 of rJSmin.


About rJSmin


rJSmin is a javascript minifier written in python. The minifier is based
on the semantics of jsmin.c by Douglas Crockford.

The module is a re-implementation aiming for speed, so it can be used at
runtime (rather than during a preprocessing step). Usually it produces
the same results as the original jsmin.c. It differs in the following
ways:

- there is no error detection: unterminated string, regex and comment
  literals are treated as regular javascript code and minified as such.
- Control characters inside string and regex literals are left
  untouched; they are not converted to spaces (nor to \n)
- Newline characters are not allowed inside string and regex literals,
  except for line continuations in string literals (ECMA-5).
- "return /regex/" is recognized correctly.
- Line terminators after regex literals are handled more sensibly
- "+ +" and "- -" sequences are not collapsed to "++" or "--"
- Newlines before ! operators are removed more sensibly
- (Unnested) template literals are supported (ECMA-6)
- Comments starting with an exclamation mark ('!') can be kept optionally
- rJSmin does not handle streams, but only complete strings. (However,
  the module provides a "streamy" interface).


About Release 1.1.0
===

Main changes include:

- Python version support updated
- The C extension is no longer required for installation by default. Also it's
  only used if its version is matching the python implementation's version
- Tentative support for template literals has been added. Only un-nested
  template literals are recognized for now.
- '+', '-' and '*' are recognized in front of regexes


Supported Python Versions
=

* Python 2.7
* Python 3.4 -


Untested Python Versions


* PyPy
* Jython


License
===

rJSmin is available under the terms and conditions of the "Apache License,
Version 2.0."


Links
=

* Homepage + Documentation: http://opensource.perlig.de/rjsmin/
* PyPI: https://pypi.org/project/rjsmin/
* Github: https://github.com/ndparker/rjsmin
* License: http://www.apache.org/licenses/LICENSE-2.0


André "nd" Malo


-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

ANN: psutil 5.6.0 with Process.parents() is out

[Giampaolo Rodola']

Hello all,
I'm glad to announce the release of psutil 5.6.1:
https://github.com/giampaolo/psutil
Blog post:
http://grodola.blogspot.com/2019/03/psutil-560-with-processparents-is-out.html

About
=

psutil (process and system utilities) is a cross-platform library for
retrieving information on running processes and system utilization (CPU,
memory, disks, network) in Python. It is useful mainly for system
monitoring, profiling and limiting process resources and management of
running processes. It implements many functionalities offered by command
line tools such as: ps, top, lsof, netstat, ifconfig, who, df, kill, free,
nice, ionice, iostat, iotop, uptime, pidof, tty, taskset, pmap. It
currently supports Linux, Windows, macOS, Sun Solaris, FreeBSD, OpenBSD,
NetBSD and AIX, both 32-bit and 64-bit architectures.  Supported Python
versions are 2.6, 2.7 and 3.4+. PyPy is also known to work.

What's new
==

2019-03-05

**Enhancements**

- #1379: [Windows] Process suspend() and resume() now use NtSuspendProcess
  and NtResumeProcess instead of stopping/resuming all threads of a process.
  This is faster and more reliable (aka this is what ProcessHacker does).
- #1420: [Windows] in case of exception disk_usage() now also shows the path
  name.
- #1422: [Windows] Windows APIs requiring to be dynamically loaded from DLL
  libraries are now loaded only once on startup (instead of on per function
  call) significantly speeding up different functions and methods.
- #1426: [Windows] PAGESIZE and number of processors is now calculated on
  startup.
- #1428: in case of error, the traceback message now shows the underlying C
  function called which failed.
- #1433: new Process.parents() method.  (idea by Ghislain Le Meur)
- #1437: pids() are returned in sorted order.
- #1442: python3 is now the default interpreter used by Makefile.

**Bug fixes**

- #1353: process_iter() is now thread safe (it rarely raised TypeError).
- #1394: [Windows] Process name() and exe() may erroneously return
"Registry".
  QueryFullProcessImageNameW is now used instead of GetProcessImageFileNameW
  in order to prevent that.
- #1411: [BSD] lack of Py_DECREF could cause segmentation fault on process
  instantiation.
- #1419: [Windows] Process.environ() raises NotImplementedError when
querying
  a 64-bit process in 32-bit-WoW mode. Now it raises AccessDenied.
- #1427: [OSX] Process cmdline() and environ() may erroneously raise OSError
  on failed malloc().
- #1429: [Windows] SE DEBUG was not properly set for current process. It is
  now, and it should result in less AccessDenied exceptions for low-pid
  processes.
- #1432: [Windows] Process.memory_info_ex()'s USS memory is miscalculated
  because we're not using the actual system PAGESIZE.
- #1439: [NetBSD] Process.connections() may return incomplete results if
using
  oneshot().
- #1447: original exception wasn't turned into NSP/AD exceptions when using
  Process.oneshot() ctx manager.

**Incompatible API changes**

- #1291: [OSX] Process.memory_maps() was removed because inherently broken
  (segfault) for years.

Links
=

- Home page: https://github.com/giampaolo/psutil
- Download: https://pypi.org/project/psutil/#files
- Documentation: http://psutil.readthedocs.io
- What's new: https://github.com/giampaolo/psutil/blob/master/HISTORY.rst

--

Giampaolo - http://grodola.blogspot.com
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

[RELEASE] Python 3.7.3rc1 is now available for testing.

[Ned Deily]

Python 3.7.3rc1 is now available for testing. 3.7.3rc1 is the release
preview of the next maintenance release of Python 3.7, the latest
feature release of Python. Assuming no critical problems are found
prior to 2019-03-25, no code changes are planned between now and the
final release. This release candidate is intended to give you the
opportunity to test the new security and bug fixes in 3.7.3. We
strongly encourage you to test your projects and report issues found
to bugs.python.org as soon as possible. Please keep in mind that this
is a preview release and, thus, its use is not recommended for
production environments.

You can find the release files, a link to the changelog, and more
information here:
https://www.python.org/downloads/release/python-373rc1/

--
  Ned Deily
  n...@python.org -- []

-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

[RELEASED] Python 3.4.10rc1 and Python 3.5.7rc1 are now available

[Larry Hastings]

On behalf of the Python development community, I'm chuffed to announce 
the availability of Python 3.4.10rc1 and Python 3.5.7rc1.


Both Python 3.4 and 3.5 are in "security fixes only" mode.  Both 
versions only accept security fixes, not conventional bug fixes, and 
both releases are source-only.


The "final" releases on both these branches should be out in about two 
weeks.  Of particular note: that release of Python 3.4, Python 3.4.10 
final, will be the final release ever in the Python 3.4 series.  After 
3.4.10, the branch will be closed for good and I'll retire as Python 3.4 
Release Manager.  I'll still be the Python 3.5 Release Manager until 3.5 
similarly concludes, approximately eighteen months from now.


You can find Python 3.4.10rc1 here:

   https://www.python.org/downloads/release/python-3410rc1/


And you can find Python 3.5.7rc1 here:

   https://www.python.org/downloads/release/python-357rc1/


Best wishes,



//arry/
--
https://mail.python.org/mailman/listinfo/python-announce-list

   Support the Python Software Foundation:
   http://www.python.org/psf/donations/

ANN: psutil 5.6.1 released

[Giampaolo Rodola']

Hello all,
I'm glad to announce the release of psutil 5.6.1:
https://github.com/giampaolo/psutil

About
=

psutil (process and system utilities) is a cross-platform library for
retrieving information on running processes and system utilization (CPU,
memory, disks, network) in Python. It is useful mainly for system
monitoring, profiling and limiting process resources and management of
running processes. It implements many functionalities offered by command
line tools such as: ps, top, lsof, netstat, ifconfig, who, df, kill, free,
nice, ionice, iostat, iotop, uptime, pidof, tty, taskset, pmap. It
currently supports Linux, Windows, macOS, Sun Solaris, FreeBSD, OpenBSD,
NetBSD and AIX, both 32-bit and 64-bit architectures.  Supported Python
versions are 2.6, 2.7 and 3.4+. PyPy is also known to work.

What's new
==

2019-03-11

**Bug fixes**

- #1329: [AIX] psutil doesn't compile on AIX 6.1.  (patch by Arnon Yaari)
- #1448: [Windows] crash on import due to rtlIpv6AddressToStringA not
available
  on Wine.
- #1451: [Windows] Process.memory_full_info() segfaults.
NtQueryVirtualMemory
  is now used instead of QueryWorkingSet to calculate USS memory.

Links
=

- Home page: https://github.com/giampaolo/psutil
- Download: https://pypi.org/project/psutil/#files
- Documentation: http://psutil.readthedocs.io
- What's new: https://github.com/giampaolo/psutil/blob/master/HISTORY.rst

--

Giampaolo - http://grodola.blogspot.com
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

pytest 4.3.1 bug fix release

[Bruno Oliveira]

Hi everyone,

pytest 4.3.1 has just been released to PyPI.

This is a bug-fix release, being a drop-in replacement. To upgrade::

  pip install --upgrade pytest

The full changelog is available at
https://docs.pytest.org/en/latest/changelog.html.

Thanks to all who contributed to this release, among them:

* Andras Mitzki
* Anthony Sottile
* Bruno Oliveira
* Daniel Hahler
* Danilo Horta
* Grygorii Iermolenko
* Jeff Hale
* Kyle Altendorf
* Stephan Hoyer
* Zac Hatfield-Dodds
* Zac-HD
* songbowen


Happy testing,
The pytest Development Team
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

[RELEASE] Python 2.7.16

[Benjamin Peterson]

Hello all,
I'm pleased to announce the immediate availability of Python 2.7.16 for 
download at https://www.python.org/downloads/release/python-2716/.

The only change since the release candidate was a fix for the IDLE icon on 
macOS. See https://bugs.python.org/issue32129. Refer to the changelog for a 
full list of changes: 
https://raw.githubusercontent.com/python/cpython/v2.7.16/Misc/NEWS.d/2.7.16rc1.rst

Please report any bugs to https://bugs.python.org/.

Regards,
Benjamin
2.7 release manager
(on behalf of all Python 2.7's contributors)
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

[ANN] python-blosc v1.8.0

[Valentin Haenel]

=
Announcing python-blosc 1.8.0
=

What is new?


This is a maintenance and fetaure release. A regression affecting
windows users has been fixed by Robert McLeod and support for older C
compilers has been contributed by Nicholas Devenish. Also, c-blosc
v1.16.2 has been included and support for the new `cbuffer_validate` is
included. Lastly there have been several minor improvements and cleanups
as usual.

For more info, you can have a look at the release notes in:

https://github.com/Blosc/python-blosc/blob/master/RELEASE_NOTES.rst

More docs and examples are available in the documentation site:

http://python-blosc.blosc.org


What is it?
===

Blosc (http://www.blosc.org) is a high performance compressor optimized
for binary data.  It has been designed to transmit data to the processor
cache faster than the traditional, non-compressed, direct memory fetch
approach via a memcpy() OS call.  Blosc works well for compressing
numerical arrays that contains data with relatively low entropy, like
sparse data, time series, grids with regular-spaced values, etc.

python-blosc (http://python-blosc.blosc.org/) is the Python wrapper for
the Blosc compression library, with added functions (`compress_ptr()`
and `pack_array()`) for efficiently compressing NumPy arrays, minimizing
the number of memory copies during the process.  python-blosc can be
used to compress in-memory data buffers for transmission to other
machines, persistence or just as a compressed cache.

There is also a handy tool built on top of python-blosc called Bloscpack
(https://github.com/Blosc/bloscpack). It features a commmand line
interface that allows you to compress large binary datafiles on-disk.
It also comes with a Python API that has built-in support for
serializing and deserializing Numpy arrays both on-disk and in-memory at
speeds that are competitive with regular Pickle/cPickle machinery.


Sources repository
==

The sources and documentation are managed through github services at:

http://github.com/Blosc/python-blosc





  **Enjoy data!**
-- 
https://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

Wing Python IDE 6.1.5 released

[Wingware]

Wing Python IDE version 6.1.5 is now available for download 
.



 Changes in 6.1.5

 * Improves code intelligence for extension modules on remote hosts
   
 * Adds a debug status icon to the debug process selector, and does a
   better job truncating items in the process selection menu
 * Checks for conflicts before introducing names with refactoring
    operations, to avoid
   inadvertently reusing an existing symbol name
 * Improves support for py.exe on Windows, so that the correct Python
   version is launched

This release also makes about 30 other minor improvements. See the 
change log  for 
details.



 About Wing

Wingware's family of cross-platform Python IDEs provide powerful 
integrated editing, debugging, unit testing, and project management 
features for interactive Python development. Wing can speed development 
and improve code quality for any kind of Python project, including web, 
desktop, scientific, data analysis, embedded scripting, and other 
applications.


For more information, please visit wingware.com 

Stephan Deibel
Wing Python IDE | The Intelligent Development Environment for Python


--
https://mail.python.org/mailman/listinfo/python-announce-list

   Support the Python Software Foundation:
   http://www.python.org/psf/donations/