lp:ubuntu/quantal-security/python2.7

Created by Ubuntu Package Importer on 2013-10-01 and last modified on 2014-02-27
Get this branch:
bzr branch lp:ubuntu/quantal-security/python2.7
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

64. By Marc Deslauriers on 2014-02-27

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

63. By Marc Deslauriers on 2013-09-26

* SECURITY UPDATE: incorrect ssl hostname verification
  - debian/patches/CVE-2013-4238.diff: correctly handle NULL bytes in
    the subjectAltName in Modules/_ssl.c, add test to
    Lib/test/test_ssl.py, Lib/test/nullbytecert.pem.
  - CVE-2013-4238
* debian/patches/disable-ssl-cert-tests.diff: disable patch to re-enable
  ssl cert tests.
* debian/patches/fix_expired_certs.diff: update expired ssl certs to fix
  ssl tests.
* This package does _not_ contain the changes from 2.7.3-5ubuntu4.2 in
  quantal-proposed.

62. By Matthias Klose on 2012-09-26

Fix issue #16012: Fix a regression in pyexpat. The parser's UseForeignDTD()
method doesn't require an argument again. LP: #1056740.

61. By Matthias Klose on 2012-09-15

* Update to 20120915, taken from the 2.7 branch. Posix relevant patches:
  - Issue #15906: Fix a regression in argparse caused by the preceding change,
    when action='append', type='str' and default=[]. LP: #1048710.
  - Issue #15908: Fix misbehaviour of the sha1 module when called on data
    larger than 2**32 bytes.
  - Issue #15910: Fix misbehaviour of _md5 and sha1 modules when "updating"
    on data larger than 2**32 bytes.

60. By Matthias Klose on 2012-09-10

* Update to 20120910, taken from the 2.7 branch. Posix relevant patches:
  - Issue #13992: The trashcan mechanism is now thread-safe. This eliminates
    sporadic crashes in multi-thread programs when several long deallocator
    chains ran concurrently and involved subclasses of built-in container
    types.
  - Issue #15801: Make sure mappings passed to '%' formatting are actually
    subscriptable.
  - Issue #15604: Update uses of PyObject_IsTrue() to check for and handle
    errors correctly.
  - Issue #15676: Now "mmap" check for empty files before doing the
    offset check.
  - Issue #15340: Fix importing the random module when /dev/urandom cannot
    be opened. This was a regression caused by the hash randomization patch.
  - Issue #15841: The readable(), writable() and seekable() methods of
    io.BytesIO and io.StringIO objects now raise ValueError when the object
    has been closed.
  - Issue #12776, #11839: call argparse type function (specified by
    add_argument) only once.
  - Issue #15544: Fix Decimal.__float__ to work with payload-carrying NaNs.
  - Issue #15199: Fix JavaScript's default MIME type to
    application/javascript.
  - Issue #15477: In cmath and math modules, add workaround for platforms
    whose system-supplied log1p function doesn't respect signs of zeros.
  - Issue #15802: Fix test logic in TestMaildir.test_create_tmp.
  - Issue #15765: Extend a previous fix to Solaris and OpenBSD for quirky
    getcwd() behaviour (issue #9185) to NetBSD as well.
  - Issue #15615: Add some tests for the json module's handling of invalid
    input data.
  - Issue #15819: Make sure we can build Python out-of-tree from a readonly
    source directory.
  - Issue #15822: Ensure 2to3 grammar pickles are properly installed.

59. By Matthias Klose on 2012-08-26

* Follwup for issue #9374. Restore the removed attributes in the
  urlparse module.
* Update symbols files.
* Disable test_subprocess on the Hurd buildds.
* Call dh_movefiles with --srcdir. Closes: #685543.

58. By Scott Kitterman on 2012-07-27

Cherry pick af46a001d5ec to remove Python syslog BOM insertion code that
was causing corrupt log messages in syslog. LP: #1029640

57. By Steve Langasek on 2012-04-20

* python2.7-minimal needs a versioned depends on python-minimal, not a
  Conflicts. Conflicts with essential packages, versioned or otherwise,
  are a serious problem for upgrades, as the previous upload demonstrated.
  Instead, we allow a circular dependency between python2.7-minimal and
  python-minimal, and rely on the fact that the package manager ensures
  new versions of both packages will be unpacked before running the
  maintainer script from python2.7-minimal. LP: #986374.
* Our versioned dependency on python-minimal is 2.6.6-3+squeeze1, which is
  the first version shipping a pycompile that supports passing a -V option
  referring to a version python-minimal doesn't already know about.

56. By Matthias Klose on 2012-04-19

python2.7-minimal: Conflict with python-minimal (<< 2.7.3). LP: #983981.

55. By Matthias Klose on 2012-04-10

Python 2.7.3 release.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/saucy/python2.7
This branch contains Public information 
Everyone can see this information.

Subscribers