lp:ubuntu/quantal-security/python2.7
- Get this branch:
- bzr branch lp:ubuntu/quantal-security/python2.7
Branch merges
Branch information
Recent revisions
- 64. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in socket.recvfrom_ into
- debian/patches/ CVE-2014- 1912.diff: check buffer length in
Modules/socketmodule. c, added tests to Lib/test/ test_socket. py.
- CVE-2014-1912 - 63. By Marc Deslauriers
-
* SECURITY UPDATE: incorrect ssl hostname verification
- debian/patches/ CVE-2013- 4238.diff: correctly handle NULL bytes in
the subjectAltName in Modules/_ssl.c, add test to
Lib/test/test_ ssl.py, Lib/test/ nullbytecert. pem.
- CVE-2013-4238
* debian/patches/ disable- ssl-cert- tests.diff: disable patch to re-enable
ssl cert tests.
* debian/patches/ fix_expired_ certs.diff: update expired ssl certs to fix
ssl tests.
* This package does _not_ contain the changes from 2.7.3-5ubuntu4.2 in
quantal-proposed. - 62. By Matthias Klose
-
Fix issue #16012: Fix a regression in pyexpat. The parser's UseForeignDTD()
method doesn't require an argument again. LP: #1056740. - 61. By Matthias Klose
-
* Update to 20120915, taken from the 2.7 branch. Posix relevant patches:
- Issue #15906: Fix a regression in argparse caused by the preceding change,
when action='append', type='str' and default=[]. LP: #1048710.
- Issue #15908: Fix misbehaviour of the sha1 module when called on data
larger than 2**32 bytes.
- Issue #15910: Fix misbehaviour of _md5 and sha1 modules when "updating"
on data larger than 2**32 bytes. - 60. By Matthias Klose
-
* Update to 20120910, taken from the 2.7 branch. Posix relevant patches:
- Issue #13992: The trashcan mechanism is now thread-safe. This eliminates
sporadic crashes in multi-thread programs when several long deallocator
chains ran concurrently and involved subclasses of built-in container
types.
- Issue #15801: Make sure mappings passed to '%' formatting are actually
subscriptable.
- Issue #15604: Update uses of PyObject_IsTrue() to check for and handle
errors correctly.
- Issue #15676: Now "mmap" check for empty files before doing the
offset check.
- Issue #15340: Fix importing the random module when /dev/urandom cannot
be opened. This was a regression caused by the hash randomization patch.
- Issue #15841: The readable(), writable() and seekable() methods of
io.BytesIO and io.StringIO objects now raise ValueError when the object
has been closed.
- Issue #12776, #11839: call argparse type function (specified by
add_argument) only once.
- Issue #15544: Fix Decimal.__float__ to work with payload-carrying NaNs.
- Issue #15199: Fix JavaScript's default MIME type to
application/javascript.
- Issue #15477: In cmath and math modules, add workaround for platforms
whose system-supplied log1p function doesn't respect signs of zeros.
- Issue #15802: Fix test logic in TestMaildir.test_create_ tmp.
- Issue #15765: Extend a previous fix to Solaris and OpenBSD for quirky
getcwd() behaviour (issue #9185) to NetBSD as well.
- Issue #15615: Add some tests for the json module's handling of invalid
input data.
- Issue #15819: Make sure we can build Python out-of-tree from a readonly
source directory.
- Issue #15822: Ensure 2to3 grammar pickles are properly installed. - 59. By Matthias Klose
-
* Follwup for issue #9374. Restore the removed attributes in the
urlparse module.
* Update symbols files.
* Disable test_subprocess on the Hurd buildds.
* Call dh_movefiles with --srcdir. Closes: #685543. - 58. By Scott Kitterman
-
Cherry pick af46a001d5ec to remove Python syslog BOM insertion code that
was causing corrupt log messages in syslog. LP: #1029640 - 57. By Steve Langasek
-
* python2.7-minimal needs a versioned depends on python-minimal, not a
Conflicts. Conflicts with essential packages, versioned or otherwise,
are a serious problem for upgrades, as the previous upload demonstrated.
Instead, we allow a circular dependency between python2.7-minimal and
python-minimal, and rely on the fact that the package manager ensures
new versions of both packages will be unpacked before running the
maintainer script from python2.7-minimal. LP: #986374.
* Our versioned dependency on python-minimal is 2.6.6-3+squeeze1, which is
the first version shipping a pycompile that supports passing a -V option
referring to a version python-minimal doesn't already know about.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/saucy/python2.7