lp:ubuntu/trusty-updates/python2.7

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

106. By Marc Deslauriers on 2015-06-22

* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-httplib-2.patch: limit amount of headers
    in Lib/httplib.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
    Lib/test/test_smtplib.py.
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpclib.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/json/tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/CGIHTTPServer.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650
* SECURITY UPDATE: information disclosure via buffer function
  - debian/patches/CVE-2014-7185.patch: avoid overflow in
    Objects/bufferobject.c, added test to Lib/test/test_buffer.py.
  - CVE-2014-7185

105. By Matthias Klose on 2014-03-22

* Update to 20140322, taken from the 2.7 branch.
* Install updated idle icons. LP: #1295969.
* Update the ssl.match_hostname backport: Change behavior of
  ``ssl.match_hostname()`` to follow RFC 6125, for security reasons.
  It now doesn't match multiple wildcards nor wildcards inside IDN fragments.
  Closes: #740255.

104. By Matthias Klose on 2014-02-26

Include test data for test_imghdr test.

103. By Matthias Klose on 2014-02-25

* Update to 20140225, taken from the 2.7 branch.
  - CVE-2014-1912. Fix issue 20246, buffer overflow in socket.recvfrom_into.
* Build without ffi on or1k. Closes: #738519.
* Allow loading of extensions in the sqlite module. Closes: #739555.
* Update autopkg tests (Martin Pitt):
  - Don't fail if apport is not installed.
  - Call su with explicit shell, as nobody has nologin as default shell now.
  - Only use $SUDO_USER if that user actually exists in the testbed.
  - Drop obsolete chowning of $TMPDIR and $ADTTMP; with current autopkgtest
    $TMPDIR has appropriate permissions, and $ADTTMP is not being used.

102. By Matthias Klose on 2014-01-11

* Update to 20140111, taken from the 2.7 branch.
* Build-depend on net-tools, required for the test_uuid test.
* Build-depend on the default Tcl/Tk.
* Add two new autopkg tests to run the failing tests.

101. By Matthias Klose on 2014-01-02

Build for Tcl/Tk 8.6.

100. By Matthias Klose on 2013-12-30

* Update to 20131230, taken from the 2.7 branch.
* Disable sphinx refcounting extension, removed in sphinx-1.2.
  Closes: #733404.

99. By Adam Conrad on 2013-12-08

Add powerpc64le support to powerpc64 branch in debian/multiarch.h.in

98. By Matthias Klose on 2013-12-06

* Update to 20131206, taken from the 2.7 branch.
* Disable the test_uuid autopkg test, hanging, missing entropy?
* Drop python dependency in libpython2.7-dbg.
* Revert patch from http://bugs.python.org/issue19352 as it completely breaks
  unittest discovery on Debian/Ubuntu. LP: #1255505.

97. By Martin Pitt on 2013-11-28

Add debian/patches/revert-unittest-loader-symlinks19352.diff: Revert patch
from http://bugs.python.org/issue19352 as it completely breaks unittest
discovery on Debian/Ubuntu. (LP: #1255505)