Commit graph

85 commits

Author SHA1 Message Date
adam
774848635f Python 2.6.9 is a security-fix source-only release for Python 2.6.8, fixing several reported security issues: issue 16037, issue 16038, issue 16039, issue 16040, issue 16041, and issue 16042 (CVE-2013-1752, long lines consuming too much memory), as well as issue 14984 (security enforcement on $HOME/.netrc files), issue 16248 (code execution vulnerability in tkinter), and issue 18709 (CVE-2013-4238, SSL module handling of NULL bytes inside subjectAltName). 2013-11-06 07:25:49 +00:00
joerg
faafd761a1 Always pass rpath argument with -Wl prefix, especially if clang is not called
gcc. Bump revision.
2013-09-10 14:22:29 +00:00
tez
205ad986c6 Patch for CVE-2013-4238 from http://hg.python.org/cpython/raw-rev/79007c4244d6 2013-08-27 18:00:32 +00:00
ryoon
f8e628f818 * .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes
are replaced with .include "../../devel/readline/buildlink3.mk", and
  USE_GNU_READLINE are removed,

* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
  are replaced with .include "../../mk/readline.buildlink3.mk".
2013-07-15 02:02:17 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
dholland
9779b39196 Revert previous as it breaks clang. PR 47342 2012-12-21 20:28:36 +00:00
dholland
ff9fd1aaf2 Use -Werror=format when checking HAVE_ATTRIBUTE_FORMAT_PARSETUPLE, so
injecting -Wall -Wno-error does not cause the test to produce the wrong
answer. (If it does, the wrong information is installed in /usr/include,
and ultimately provokes PR 47342.)

Same as -r1.8 of python27's patch-al.
2012-12-16 23:32:46 +00:00
asau
88feb4ac62 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-02 20:11:34 +00:00
obache
c38c120ee5 recursive bump from libffi shlib major bump
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
2012-09-15 10:03:29 +00:00
drochner
df2589f37e as with python27: avoid POSIX semaphores on NetBSD, this is broken
at least on -current
2012-08-14 18:41:19 +00:00
obache
df6b106d18 fixes reverse condition usage of CHECK_BUILTIN.openssl. 2012-05-13 09:00:43 +00:00
dholland
7e751949e4 Set BUILDLINK_ABI_DEPENDS correctly (with +=, not ?=)
It turns out there were a lot of these.
2012-05-07 01:53:12 +00:00
joerg
fc4bb6cc7e Fix build of py26-expat against expat-2.0. Bump revision. 2012-05-05 22:16:14 +00:00
obache
771b02612e Update python26 to 2.6.8.
(CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc,
 CVE-2012-0876 is not affect to pkgsrc, using external expat)

What's New in Python 2.6.8?
===========================

*Release date: 2012-04-10*

No changes since 2.6.8rc2.


What's New in Python 2.6.8 rc 2?
================================

*Release date: 2012-03-17*

Library
-------

- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
  table internal to the pyexpat module's copy of the expat library to avoid a
  denial of service due to hash collisions.  Patch by David Malcolm with some
  modifications by the expat project.


What's New in Python 2.6.8 rc 1?
================================

*Release date: 2012-02-23*

Core and Builtins
-----------------

- Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line
  option and PYTHONHASHSEED environment variable, to provide an opt-in
  way to protect against denial of service attacks due to hash
  collisions within the dict and set types.  Patch by David Malcolm,
  based on work by Victor Stinner.

Library
-------

- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
  SimpleXMLRPCServer upon malformed POST request.

- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
  IV attack countermeasure.
2012-04-14 10:47:17 +00:00
tron
d605795da0 Add a fix for the DoS vulnerability reported in CVE-2012-1150 taken
from the Python Mercurial repository.
2012-03-25 09:09:05 +00:00
drochner
e35e1d9723 add patch from Python issue#14001 to fix xmlrpc server endless loop
by malformed request
bump PKGREV
2012-02-15 12:21:40 +00:00
adam
70b4394a59 Revbump after updating db5 2012-01-18 13:55:13 +00:00
hans
08a9a325d1 On SunOS, don't ever override _XOPEN_SOURCE if it is already set.
Fixes build on SunOS with gcc>=4.6.
2011-12-16 17:04:17 +00:00
sbd
e9c5eab9e8 Change a unused variable referacne to a fixed string that I missed when
coping the Mac OS X sdk filename handling.

Thank to Matthias Rampke in PR#45581 for catching this.
2011-11-08 07:30:08 +00:00
sbd
162efd13cd Improve the gdbm_compat handling by searching any ndbm.h found for the
string 'This file is part of GDBM' and ignoring it if it dose.

Thanks to obache@ for the idea.
2011-10-31 06:50:53 +00:00
dsainty
668a742391 Internally, Python has a set of modules depending on "platform". The
"platform" in Python terms is different for Linux kernel 2.* Vs Linux
kernel 3.*.  Add in support to pull in a different PLIST for Linux 3.*.

Fixes build under Ubuntu 11.10.

XXX Perhaps it would be cleaner to name the PLIST to match the python platform
name - since we already calculate that anyway, and that is exactly what drives
the contents of these PLISTs.
2011-10-28 10:38:07 +00:00
sbd
ae16b89304 Deal with the fact that if /usr/include/ndbm.h exists on Linux it probably
belongs to gdbm_compat.  I.E. _don't_ use ndbm on Linux.
2011-10-18 21:59:17 +00:00
dsainty
fa63a0d9ad Debian (and therefore Ubuntu) have taken to hiding some libraries
awkwardly, leading to Python 2.6 failing to build.

Python 2.7 builds ok, because it has been taught to deal with this.
This patch retro-fits the 2.7 code into 2.6, and allows 2.6 to build on
Ubuntu 11.04.

Ok'd by wiz@
2011-10-01 03:11:15 +00:00
yyamano
7185c82bbd Make this build on Mac OS X Lion. Fixes PR pkg/45389.
It is not a leaf package, but the changes affect Mac OS X only.
Test builds on 10.5/i386, 10.6/i386 (thanks tron@), 10.7/i386 and
10.7/x86_64 (thanks ryoon@).
2011-09-30 08:34:26 +00:00
adam
faf8ae6ee8 Fix for intereger overflow when compiled with Clang 2011-09-16 10:08:20 +00:00
hans
2b251bca1e Teach configure about SunOS 5.11, preventing some pyconfig.h weirdness. 2011-09-14 17:06:32 +00:00
bsiegert
496f003e12 Fix build on MirBSD by adding the respective stanzas to configure and fix
building the select module.

Reviewed by Bernd Ernesti and Jörg Sonnenberger.
2011-09-12 20:14:06 +00:00
obache
645baf25ae Update python26 to 2.6.7.
(CVE-2011-1521 had been fixed in pkgsrc).

What's New in Python 2.6.7?
===========================

*Release date: 2011-06-03*

*NOTE: Python 2.6 is in security-fix-only mode.  No non-security bug fixes are
 allowed.  Python 2.6.7 and beyond will be source only releases.*

* No changes since 2.6.7rc2.


What's New in Python 2.6.7 rc 2?
================================

*Release date: 2011-05-20*

*NOTE: Python 2.6 is in security-fix-only mode.  No non-security bug fixes are
 allowed.  Python 2.6.7 and beyond will be source only releases.*


Library
-------

- Issue #11662: Make urllib and urllib2 ignore redirections if the
  scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).

- Issue #11442: Add a charset parameter to the Content-type in SimpleHTTPServer
  to avoid XSS attacks.


What's New in Python 2.6.7 rc 1?
================================

*Release date: 2011-05-06*

Library
-------

- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
  error handling when accepting a new connection.
2011-06-04 03:58:58 +00:00
hans
de3bfc1243 Recent SunOS has netpacket/packet.h, but it is not what Python expects.
Fixes build on SunOS.
2011-05-15 10:06:11 +00:00
tron
5d15900b8b Correct path to Python interpreter in all ".py" files to fix build
with revision 1.26 of "pkgsrc/mk/check/check-interpreter.mk".

Bump package revision because the binary package changed.
2011-04-23 10:35:28 +00:00
obache
bef9293041 more replace interpreter line. 2011-04-23 01:41:36 +00:00
obache
1d9df3258a recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
drochner
df521f8a77 comment out BUILDLINK_INCDIRS/BUILDLINK_LIBDIRS/BUILDLINK_TRANSFORM
definitions which do things behind the client pkgs back, in particular
manipulate the library search path
It is well possible that this causes some fallout, but I hope it
will be small and can be dealt with on a per-pkg basis.
(partly) suggested by Mark Davies on tech-pkg
2011-04-15 17:23:23 +00:00
drochner
afd941b03d fix a security issue, using patches from upstream:
stricter redirect handling in urllib, to prevent redirects to eg
"file://" URLs (CVE-2011-1521)
bump PKGREV
2011-03-28 16:00:06 +00:00
tron
50d2377f61 Add fix for the information disclosure vulnerability reported in SA43463
taken from the Python SVN repository.
2011-02-28 22:35:53 +00:00
hiramatsu
244fb1a923 Build shared library on OpenBSD too. 2011-02-05 09:34:04 +00:00
adam
305c76abff Fix find_library_file on Darwin 2011-01-03 12:13:21 +00:00
obache
cf8c8aff00 * Remove a redundant hunk for Darwin,
* Use $(CC) for LDSHARED on NetBSD and DragonFly like any other.
  Fixes PR#42598 for that libpython will be linked with sufficient flags.

Bump PKGREVISION.
2010-12-25 05:45:15 +00:00
tron
a99c0c697c Add fix for CVE-2010-3492 and update the fix for CVE-2010-3493. Both
fixes taken from the Python 2.7 branch in the Python SVN repository.
2010-11-23 08:24:04 +00:00
tez
96a928f480 Add fix for SA41968 (CVE-2010-3493) from the 2.7 branch repo
http://svn.python.org/view/python/branches/release27-maint/Lib/smtpd.py?r1=86084
&r2=82503&view=patch
2010-11-17 18:44:06 +00:00
obache
6027a800eb Remove unwanted hunk from patch-au.
linkage target for Darwin is already exists, and the additonal target
break build on MacOS X 10.4.11 as reported by PR#42993.
2010-09-22 09:13:47 +00:00
obache
5a5140be39 Share distfile related information for each python variants with
srcdist.mk to make update simplicity.
2010-09-17 07:11:41 +00:00
obache
2e750c49f5 fixes one more typo in comments. 2010-09-16 13:24:47 +00:00
obache
42b5a56e4e some fixes and improvements
* fix a typo in patch-am
* MESSAGE.SunOS is not required since the previous bump,
  because "sunaudiodev" module will not be installed anymore.
* install 2to3 script with version suffix (and ALTERNATIVES)
  to avoid conflict with future python version.

Bump PKGREVISION.
2010-09-16 11:09:50 +00:00
drochner
d35b48060a bump PKGREV for recent change, requested by tron 2010-09-07 16:33:23 +00:00
drochner
5711ea3a2d -add workaround for bind_textdomain_codeset()-problem like in python25
-disable build of *audiodev and spwd to avoid complexity -- if needed
 these can be added as seperate pkgs
ride on recent update
2010-09-06 17:33:57 +00:00
obache
ef9e71e4a2 Update to python-2.6.6.
What's New in Python 2.6.6?
===========================

*Release date: 2010-08-24*

Core and Builtins
-----------------

Library
-------


What's New in Python 2.6.6 rc 2?
================================

*Release date: 2010-08-16*

Library
-------

- Issue #9600: Don't use relative import for _multiprocessing on Windows.

- Issue #8688: Revert regression introduced in 2.6.6rc1 (making Distutils
  recalculate MANIFEST every time).

- Issue #5798: Handle select.poll flag oddities properly on OS X.
  This fixes test_asynchat and test_smtplib failures on OS X.

- Issue #9543: Fix regression in socket.py introduced in Python 2.6.6 rc 1
  in r83624.

Extension Modules
-----------------

- Issue #7567: Don't call `setupterm' twice.

Tests
-----

- Issue #9568: Fix test_urllib2_localnet on OS X 10.3.

- Issue #9145: Fix test_coercion failure in refleak runs.

- Issue #8433: Fix test_curses failure caused by newer versions of
  ncurses returning ERR from getmouse() when there are no mouse
  events available.


What's New in Python 2.6.6 rc 1?
================================

*Release date: 2010-08-03*

Core and Builtins
-----------------

- Issue #6213: Implement getstate() and setstate() methods of utf-8-sig and
  utf-16 incremental encoders.

- Issue #8271: during the decoding of an invalid UTF-8 byte sequence, only the
  start byte and the continuation byte(s) are now considered invalid, instead
  of the number of bytes specified by the start byte.
  E.g.: '\xf1\x80AB'.decode('utf-8', 'replace') now returns u'\ufffdAB' and
  replaces with U+FFFD only the start byte ('\xf1') and the continuation byte
  ('\x80') even if '\xf1' is the start byte of a 4-bytes sequence.
  Previous versions returned a single u'\ufffd'.

- Issue #9058: Remove assertions about INT_MAX in UnicodeDecodeError.

- Issue #8941: decoding big endian UTF-32 data in UCS-2 builds could crash
  the interpreter with characters outside the Basic Multilingual Plane
  (higher than 0x10000).

- Issue #8627: Remove bogus "Overriding __cmp__ blocks inheritance of
  __hash__ in 3.x" warning.  Also fix "XXX undetected error" that
  arises from the "Overriding __eq__ blocks inheritance ..." warning
  when turned into an exception: in this case the exception simply
  gets ignored.

- Issue #4108: In urllib.robotparser, if there are multiple 'User-agent: *'
  entries, consider the first one.

- Issue #9354: Provide getsockopt() in asyncore's file_wrapper.

- In the unicode/str.format(), raise a ValueError when indexes to arguments are
  too large.

- Issue #3798: Write sys.exit() message to sys.stderr to use stderr encoding
  and error handler, instead of writing to the C stderr file in utf-8

- Issue #7902: When using explicit relative import syntax, don't try
  implicit relative import semantics.

- Issue #7079: Fix a possible crash when closing a file object while using
  it from another thread.  Patch by Daniel Stutzbach.

- Issue #1533: fix inconsistency in range function argument
  processing: any non-float non-integer argument is now converted to
  an integer (if possible) using its __int__ method.  Previously, only
  small arguments were treated this way; larger arguments (those whose
  __int__ was outside the range of a C long) would produce a TypeError.

- Issue #8417: Raise an OverflowError when an integer larger than sys.maxsize
  is passed to bytearray.

- Issue #8329: Don't return the same lists from select.select when no fds are
  changed.

- Raise a TypeError when trying to delete a T_STRING_INPLACE struct member.

- Issue #1583863: An unicode subclass can now override the __unicode__ method.

- Issue #7507: Quote "!" in pipes.quote(); it is special to some shells.

- Issue #7544: Preallocate thread memory before creating the thread to avoid
  a fatal error in low memory condition.

- Issue #7820: The parser tokenizer restores all bytes in the right if
  the BOM check fails.

- Issue #7072: isspace(0xa0) is true on Mac OS X

C-API
-----

- Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
  embedders of the interpreter to set sys.argv without also modifying
  sys.path.  This helps fix `CVE-2008-5983
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.

Library
-------

- Issue #8447: Make distutils.sysconfig follow symlinks in the path to
  the interpreter executable.  This fixes a failure of test_httpservers
  on OS X.

- Issue #7092: Fix the DeprecationWarnings emitted by the standard library
  when using the -3 flag.  Patch by Florent Xicluna.

- Issue #7395: Fix tracebacks in pstats interactive browser.

- Issue #1713: Fix os.path.ismount(), which returned true for symbolic links
  across devices.

- Issue #8826: Properly load old-style "expires" attribute in http.cookies.

- Issue #1690103: Fix initial namespace for code run with trace.main().

- Issue #5294: Fix the behavior of pdb's "continue" command when called
  in the top-level debugged frame.

- Issue #5727: Restore the ability to use readline when calling into pdb
  in doctests.

- Issue #6719: In pdb, do not stop somewhere in the encodings machinery
  if the source file to be debugged is in a non-builtin encoding.

- Issue #8048: Prevent doctests from failing when sys.displayhook has
  been reassigned.

- Issue #8015: In pdb, do not crash when an empty line is entered as
  a breakpoint command.

- Issue #7909: Do not touch paths with the special prefixes ``\\.\``
  or ``\\?\`` in ntpath.normpath().

- Issue #5146: Handle UID THREAD command correctly in imaplib.

- Issue #5147: Fix the header generated for cookie files written by
  http.cookiejar.MozillaCookieJar.

- Issue #8198: In pydoc, output all help text to the correct stream
  when sys.stdout is reassigned.

- Issue #1019882: Fix IndexError when loading certain hotshot stats.

- Issue #8471: In doctest, properly reset the output stream to an empty
  string when Unicode was previously output.

- Issue #8397: Raise an error when attempting to mix iteration and regular
  reads on a BZ2File object, rather than returning incorrect results.

- Issue #8620: when a Cmd is fed input that reaches EOF without a final
  newline, it no longer truncates the last character of the last command line.

- Issue #7066: archive_util.make_archive now restores the cwd if an error is
  raised. Initial patch by Ezio Melotti.

- Issue #5006: Better handling of unicode byte-order marks (BOM) in the io
  library. This means, for example, that opening an UTF-16 text file in append
  mode doesn't add a BOM at the end of the file if the file isn't empty.

- Issue #3704: cookielib was not properly handling URLs with a / in the
  parameters.

- Issue #4629: getopt raises an error if an argument ends with = whereas getopt
  doesn't except a value (eg. --help= is rejected if getopt uses ['help='] long
  options).

- Issue #7895: platform.mac_ver() no longer crashes after calling os.fork()

- Issue #5395: array.fromfile() would raise a spurious EOFError when an
  I/O error occurred.  Now an IOError is raised instead.  Patch by chuck
  (Jan Hosang).

- Issue #1555570: email no longer inserts extra blank lines when a \r\n
  combo crosses an 8192 byte boundary.

- Issue #9164: Ensure sysconfig handles dupblice archs while building on OSX

- Issue #7646: The fnmatch pattern cache no longer grows without bound.

- Issue #9136: Fix 'dictionary changed size during iteration'
  RuntimeError produced when profiling the decimal module.  This was
  due to a dangerous iteration over 'locals()' in Context.__init__.

- Fix extreme speed issue in Decimal.pow when the base is an exact
  power of 10 and the exponent is tiny (for example,
  Decimal(10) ** Decimal('1e-999999999')).

- Issue #9130: Fix validation of relative imports in parser module.

- Issue #9128: Fix validation of class decorators in parser module.

- Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop
  module, ensure that the input string length is a multiple of the frame size

- Issue #6589: cleanup asyncore.socket_map in case smtpd.SMTPServer constructor
  raises an exception.

- Issue #9125: Add recognition of 'except ... as ...' syntax to parser module.

- Issue #9085: email package version number bumped to its correct
  value of 4.0.2 (same as it was in 2.5).

- Issue #9075: In the ssl module, remove the setting of a ``debug`` flag
  on an OpenSSL structure.

- Issue #5610: feedparser no longer eats extra characters at the end of
  a body part if the body part ends with a \r\n.

- Issue #8924: logging: Improved error handling for Unicode in exception text.

- Fix codecs.escape_encode to return the correct consumed size.

- Issue #6470: Drop UNC prefix in FixTk.

- Issue #8833: tarfile created hard link entries with a size field != 0 by
  mistake.

- Issue #1368247: set_charset (and therefore MIMEText) now automatically
  encodes a unicode _payload to the output_charset.

- Issue #7150: Raise OverflowError if the result of adding or subtracting
  timedelta from date or datetime falls outside of the MINYEAR:MAXYEAR range.

- Issue #6662: Fix parsing of malformatted charref (&#bad;), patch written by
  Fredrik Håård

- Issue #1628205: Socket file objects returned by socket.socket.makefile() now
  properly handles EINTR within the read, readline, write & flush methods.
  The socket.sendall() method now properly handles interrupted system calls.

- Issue #3924: Ignore cookies with invalid "version" field in cookielib.

- Issue #6268: Fix seek() method of codecs.open(), don't read or write the BOM
  twice after seek(0). Fix also reset() method of codecs, UTF-16, UTF-32 and
  StreamWriter classes.

- Issue #5640: Fix Shift-JIS incremental encoder for error handlers different
  than strict

- Issue #8782: Add a trailing newline in linecache.updatecache to the last line
  of files without one.

- Issue #8729: Return NotImplemented from collections.Mapping.__eq__ when
  comparing to a non-mapping.

- Issue #5918: Fix a crash in the parser module.

- Issue #8688: Distutils now recalculates MANIFEST everytime.

- Issue #7640: In the new `io` module, fix relative seek() for buffered
  readable streams when the internal buffer isn't empty.  Patch by Pascal
  Chambon.

- Issue #5099: subprocess.Popen.__del__ no longer references global objects,
  leading to issues during interpreter shutdown.

- Issue #8681: Make the zlib module's error messages more informative when
  the zlib itself doesn't give any detailed explanation.

- Issue #8674: Fixed a number of incorrect or undefined-behaviour-inducing
  overflow checks in the audioop module.

- Issue #8571: Fix an internal error when compressing or decompressing a
  chunk larger than 1GB with the zlib module's compressor and decompressor
  objects.

- Issue #8573: asyncore _strerror() function might throw ValueError.

- Issue #8483: asyncore.dispatcher's __getattr__ method produced confusing
  error messages when accessing undefined class attributes because of the cheap
  inheritance with the underlying socket object.

- Issue #4265: shutil.copyfile() was leaking file descriptors when disk fills.
  Patch by Tres Seaver.

- Issue #8621: uuid.uuid4() returned the same sequence of values in the
  parent and any children created using ``os.fork`` on MacOS X 10.6.

- Issue #8313: traceback.format_exception_only() encodes unicode message to
  ASCII with backslashreplace error handler if str(value) failed

- Issue #8567: Fix precedence of signals in Decimal module: when a
  Decimal operation raises multiple signals and more than one of those
  signals is trapped, the specification determines the order in which
  the signals should be handled.  In many cases this order wasn't
  being followed, leading to the wrong Python exception being raised.

- Issue #7865: The close() method of :mod:`io` objects should not swallow
  exceptions raised by the implicit flush().  Also ensure that calling
  close() several times is supported.  Initial patch by Pascal Chambon.

- Issue #8581: logging: removed errors raised when closing handlers twice.

- Issue #4687: Fix accuracy of garbage collection runtimes displayed with
  gc.DEBUG_STATS.

- Issue #8354: The siginterrupt setting is now preserved for all signals,
  not just SIGCHLD.

- Issue #8577: distutils.sysconfig.get_python_inc() now makes a difference
  between the build dir and the source dir when looking for "python.h" or
  "Include".

- Issue #8464: tarfile no longer creates files with execute permissions set
  when mode="w|" is used.

- Issue #7834: Fix connect() of Bluetooth L2CAP sockets with recent versions
  of the Linux kernel.  Patch by Yaniv Aknin.

- Issue #6312: Fixed http HEAD request when the transfer encoding is chunked.
  It should correctly return an empty response now.

- Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline
  before the certificate footer.  Patch by Kyle VanderBeek.

- Issue #8549: Fix compiling the _ssl extension under AIX.  Patch by
  Sridhar Ratnakumar.

- Issue #2302: Fix a race condition in SocketServer.BaseServer.shutdown,
  where the method could block indefinitely if called just before the
  event loop started running.  This also fixes the occasional freezes
  witnessed in test_httpservers.

- Issue #5103: SSL handshake would ignore the socket timeout and block
  indefinitely if the other end didn't respond.

- The do_handshake() method of SSL objects now adjusts the blocking mode of
  the SSL structure if necessary (as other methods already do).

- Issue #5238: Calling makefile() on an SSL object would prevent the
  underlying socket from being closed until all objects get truely destroyed.

- Issue #7943: Fix circular reference created when instantiating an SSL
  socket.  Initial patch by Péter Szabó.

- Issue #8108: Fix the unwrap() method of SSL objects when the socket has
  a non-infinite timeout.  Also make that method friendlier with applications
  wanting to continue using the socket in clear-text mode, by disabling
  OpenSSL's internal readahead.  Thanks to Darryl Miles for guidance.

- Issue #8484: Load all ciphers and digest algorithms when initializing
  the _ssl extension, such that verification of some SSL certificates
  doesn't fail because of an "unknown algorithm".

- Issue #4814: timeout parameter is now applied also for connections resulting
  from PORT/EPRT commands.

- Issue #3817: ftplib.FTP.abort() method now considers 225 a valid response
  code as stated in RFC-959 at chapter 5.4.

- Issue #5277: Fix quote counting when parsing RFC 2231 encoded parameters.

- Issue #8179: Fix macpath.realpath() on a non-existing path.

- Issue #8310: Allow dis to examine new style classes.

- Issue #7667: Fix doctest failures with non-ASCII paths.

- Issue #7624: Fix isinstance(foo(), collections.Callable) for old-style
  classes.

- Issue #7512: shutil.copystat() could raise an OSError when the filesystem
  didn't support chflags() (for example ZFS under FreeBSD).  The error is
  now silenced.

- Issue #3890, #8222: Fix recv() and recv_into() on non-blocking SSL sockets.
  Also, enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
  reads and writes are always retried by OpenSSL itself.

- Issue #6544: fix a reference leak in the kqueue implementation's error
  handling.

- Issue #7774: Set sys.executable to an empty string if argv[0] has been
  set to an non existent program name and Python is unable to retrieve the real
  program name

- Issue #6906: Tk should not set Unicode environment variables on Windows.

- Issue #1054943: Fix unicodedata.normalize('NFC', text) for the Public Review
  Issue #29

- Issue #7494: fix a crash in _lsprof (cProfile) after clearing the profiler,
  reset also the pointer to the current pointer context.

- Issue #4961: Inconsistent/wrong result of askyesno function in tkMessageBox
  with Tcl/Tk-8.5.

- Issue #7356: ctypes.util: Make parsing of ldconfig output independent of
  the locale.

Extension Modules
-----------------

- Fix memory leak in ssl._ssl._test_decode_cert.

- Issue #9422: Fix memory leak when re-initializing a struct.Struct object.

- Issue #7900: The getgroups(2) system call on MacOSX behaves rather oddly
  compared to other unix systems. In particular, os.getgroups() does
  not reflect any changes made using os.setgroups() but basicly always
  returns the same information as the id command.

  os.getgroups() can now return more than 16 groups on MacOSX.

- Issue #9277: Fix bug in struct.pack for bools in standard mode
  (e.g., struct.pack('>?')):  if conversion to bool raised an exception
  then that exception wasn't properly propagated on machines where
  char is unsigned.

- Issue #7384: If the system readline library is linked against
  ncurses, do not link the readline module against ncursesw. The
  additional restriction of linking the readline and curses modules
  against the same curses library is currently not enabled.

- Issue #2810: Fix cases where the Windows registry API returns
  ERROR_MORE_DATA, requiring a re-try in order to get the complete result.

Build
-----

- Issue #8854: Fix finding Visual Studio 2008 on Windows x64.

- Issue #3928: os.mknod() now available in Solaris, also.

- Issue #8175: --with-universal-archs=all works correctly on OSX 10.5

- Issue #6716: Quote -x arguments of compileall in MSI installer.

- Issue #1628484: The Makefile doesn't ignore the CFLAGS environment
  variable anymore.  It also forwards the LDFLAGS settings to the linker
  when building a shared library.

Tests
-----

- Issue #7849: Now the utility ``check_warnings`` verifies if the warnings are
  effectively raised.  A new private utility ``_check_py3k_warnings`` has been
  backported to help silencing py3k warnings.

- Issue #8672: Add a zlib test ensuring that an incomplete stream can be
  handled by a decompressor object without errors (it returns incomplete
  uncompressed data).

- Issue #8629: Disable some test_ssl tests, since they give different
  results with OpenSSL 1.0.0 and higher.

- Issue #8576: Remove use of find_unused_port() in test_smtplib and
  test_multiprocessing.  Patch by Paul Moore.

- Issue #7027: regrtest.py keeps a reference to the encodings.ascii module as a
  workaround to #7140 bug

- Issue #3864: Skip three test_signal tests on freebsd6 because they fail
  if any thread was previously started, most likely due to a platform bug.

- Issue #8193: Fix test_zlib failure with zlib 1.2.4.

Documentation
-------------

- Issue #9255: Document that the 'test' package is for internal Python use
  only.

- Issue #8909: Added the size of the bitmap used in the installer created by
  distutils' bdist_wininst. Patch by Anatoly Techtonik.
2010-09-04 05:12:00 +00:00
tron
198313b36c Add fix for CVE-2010-2089 taken from Red Hat's Bugzilla database. 2010-06-29 08:15:42 +00:00
lukem
21a9bbd8f6 pydoc needs to be an alternative 2010-06-05 06:27:00 +00:00
wiz
c76856c53f Update to 2.6.5:
What's New in Python 2.6.5?
===========================

*Release date: 2010-03-18*


What's New in Python 2.6.5 rc 2?
================================

*Release date: 2010-03-09*

Core and Builtins
-----------------

- Issue #8089: a OS X framework build with --with-universal-archs=3-way|intel
  had no way to select a 32-bit executable.

- Issue #8084: fixes build issues on OSX 10.6 when targetting OSX 10.4.

Library
-------

- Reverting the changes made in r78432. Discussed in the tracker issue #7540.

- Issue #8107: Fixed test_distutils so it doesn't crash when the source
  directory cannot be found.

Extension Modules
-----------------

- Issue #7670: sqlite3: Fixed crashes when operating on closed connections.

- Issue #8053: logic was inverted on which platforms to run a test on.
  caused test_thread to fail on Windows.


What's New in Python 2.6.5 rc 1?
================================

*Release date: 2010-03-01*

Core and Builtins
-----------------

- Issue #7309: Fix unchecked attribute access when converting
  UnicodeEncodeError, UnicodeDecodeError, and UnicodeTranslateError to
  strings.

- Issue #7649: "u'%c' % char" now behaves like "u'%s' % char" and raises a
  UnicodeDecodeError if 'char' is a byte string that can't be decoded using
  the default encoding.

- Issue #5677: Explicitly forbid write operations on read-only file objects,
  and read operations on write-only file objects.  On Windows, the system C
  library would return a bogus result; on Solaris, it was possible to crash
  the interpreter.  Patch by Stefan Krah.

- Issue #4978: Passing keyword arguments as unicode strings is now allowed.

- Issue #7819: Check sys.call_tracing() arguments types.

- Issue #7788: Fix an interpreter crash produced by deleting a list
  slice with very large step value.

- Issue #7561: Operations on empty bytearrays (such as `int(bytearray())`)
  could crash in many places because of the PyByteArray_AS_STRING() macro
  returning NULL.  The macro now returns a statically allocated empty
  string instead.

- Issue #7604: Deleting an unset slotted attribute did not raise an
  AttributeError.

- Issue #7413: Passing '\0' as the separator to datetime.datetime.isoformat()
  used to drop the time part of the result.

- Issue #6108: unicode(exception) and str(exception) should return the same
  message when only __str__ (and not __unicode__) is overridden in the
  subclass.

- Issue #7491: Metaclass's __cmp__ method was ignored.

- Add Py3k warnings for parameter names in parenthesis.

- Issue #7362: Give a proper error message for def f((x)=3): pass.

- Issue #7085: Fix crash when importing some extensions in a thread
  on MacOSX 10.6.

- Issue #7070: Fix round bug for large odd integer arguments.

- Issue #7078: Set struct.__doc__ from _struct.__doc__.

- Issue #1722344: threading._shutdown() is now called in Py_Finalize(), which
  fixes the problem of some exceptions being thrown at shutdown when the
  interpreter is killed. Patch by Adam Olsen.

- Issue #7084: Fix a (very unlikely) crash when printing a list from one
  thread, and mutating it from another one.  Patch by Scott Dial.

- Issue #1747858: Fix lchown & fchown to work with large uid's and gid's on
  64-bit platforms.


Library
-------

- Issue #7250: Fix info leak of os.environ across multi-run uses of
  wsgiref.handlers.CGIHandler.

- Issue #1729305: Fix doctest to handle encode error with "backslashreplace".

- Issue #691291: codecs.open() should not convert end of lines on reading and
  writing.

- Issue #7975: correct regression in dict methods supported by bsddb.dbshelve.

- Issue #7959: ctypes callback functions are now registered correctly
  with the cycle garbage collector.

- Issue #6243: curses.getkey() can segfault when used with ungetch.
  Fix by Trundle and Jerry Chen.

- Issue #7597: curses.use_env() can now be called before initscr().
  Noted by Kan-Ru Chen.

- Issue #7970: email.Generator.flatten now correctly flattens message/rfc822
  messages parsed by email.Parser.HeaderParser.

- Issue #3426: ``os.path.abspath`` now returns unicode when its arg is unicode.

- Issue #7835: shelve should no longer produce mysterious warnings during
  interpreter shutdown.

- Issue #4772: Raise a ValueError when an unknown Bluetooth protocol is
  specified, rather than fall through to AF_PACKET (in the `socket` module).
  Also, raise ValueError rather than TypeError when an unknown TIPC address
  type is specified.  Patch by Brian Curtin.

- Issue #6939: Fix file I/O objects in the `io` module to keep the original
  file position when calling `truncate()`.  It would previously change the
  file position to the given argument, which goes against the tradition of
  ftruncate() and other truncation APIs.  Patch by Pascal Chambon.

- Issue #7773: Fix an UnboundLocalError in platform.linux_distribution() when
  the release file is empty.

- Issue #7748: Since unicode values are supported for some metadata options
  in Distutils, the DistributionMetadata get_* methods will now return an utf-8
  encoded string for them. This ensure that the upload and register commands
  send the right values to PyPI without any error.

- Issue #1670765: Prevent email.generator.Generator from re-wrapping
  headers in multipart/signed MIME parts, which fixes one of the sources of
  invalid modifications to such parts by Generator.

- Issue #7701: Fix crash in binascii.b2a_uu() in debug mode when given a
  1-byte argument.  Patch by Victor Stinner.

- Issue #3299: Fix possible crash in te _sre module when given bad
  argument values in debug mode.  Patch by Victor Stinner.

- Issue #5827: Make sure that normpath preserves unicode.  Initial patch
  by Matt Giuca.

- Issue #5372: Drop the reuse of .o files in Distutils' ccompiler (since
  ing the .c
  file). Initial patch by Collin Winter.

- Issue #7617: Make sure distutils.unixccompiler.UnixCCompiler recognizes
  gcc when it has a fully qualified configuration prefix. Initial patch
  by Arfrever.

- Issue #7071: byte-compilation in Distue.

- Issue #7092: Remove py3k warning when importing cPickle.  2to3 handles
  renaming of `cPickle` to `pickle`.  The warning was annoying since there's
  no alternative to cPickle if you care about performance.  Patch by Florent
  Xicluna.

- Issue #745tch by
  Victor Stinner.

- Issue #6511: ZipFile now raises BadZipfile (instead of an IOError) when
  opening an empty or very small file.

- Issue #7552: Removed line feed in the base64 Authorization header in
  the Distutils upload command to avoid an ers on long passwords. Initial patch by JP St. Pierre.

- Issue #7231: urllib2 cannot handle https with proxy requiring auth. Patch by
  Tatsuhiro Tsujikawa.

- Issue #7348: StringIO.StringIO.readline(-1) now acts as if it got no argument
  like other file objects.

- Issue #5949: fixed IMAP4_SSL hang when the IMAP server response is
  missing proper end-of-line termination.

- Fix variations of extending deques:  d.extend(d)  d.extendleft(d)  d+=d

- Issue #1923: Fixed the removal of meaningful spaces when PKG-INFO is
  generated in Distutils. Patch by Stephen Emslie.

- Issue #4120: Drop reference to CRT from manifest when building extensions
  with msvc9compiler.

- Issue #7410: deepcopy of itertools.count() erroneously reset the count.

- Issue #7403: logging: Fixed possible race condition in lock creation.

- Issue #7341: Close the internal file object in the TarFile constructor in
  case of an error.

- Issue #7328: pydoc no longer corrupts sys.path when run with the '-m' switch

- Issue #7318: multiprocessing now uses a timeout when it fails to establish
  a connection with another process, rather than looping endlessly. The
  default timeout is 20 seconds, which should be amply sufficient for
  local connections.

- Issue #7282: Fix a memory leak when an RLock was used in a thread other
  than those started through `threading.Thread` (for example, using
  `thread.start_new_thread()`.

- Issue #7264: Fix a possible deadlock when deallocating thread-local objects
  which are part of a reference cycle.

- Issue #7249: Methods of io.BytesIO now allow `long` as well as `int`
  arguments.

- Issue #6665: Fix fnmatch to properly match filenames with newlines in them.

- Issue #1008086: Fixed socket.inet_aton() to always return 4 bytes even on
  LP64 platforms (most 64-bit Linux, bsd, unix systems).

- Issue #7246 & Issue #7208: getpass now properly flushes input before
  reading from stdin so that existing input does not confuse it and
  lead to incorrect entry or an IOError.  It also properly flushes it
  afterwards to avoid the terminal echoing the input afterwards on
  OSes such as Solaris.

- Issue #7244: itertools.izip_longest() no longer ignores exceptions
  raised during the formation of an output tuple.

- Issue #7233: Fix a number of two-argument Decimal methods to make
  sure that they accept an int or long as the second argument.  Also
  fix buggy handling of large arguments (those with coefficient longer
  than the current precision) in shift and rotate.

- Issue #7082: When falling back to the MIME 'name' parameter, the
  correct place to look for it is the Content-Type header.

- Issue #7099: Decimal.is_normal now returns True for numbers with exponent
  larger than emax.

- Issue #7205: Fix a possible deadlock when using a BZ2File object from
  several threads at once.

- Issue #7048: Force Decimal.logb to round its result when that result
  is too large to fit in the current precision.

- Issue #1488943: difflib.Differ() doesn't always add hints for tab characters

- Issue #5037: Proxy the __unicode__ special method to __unicode__ instead of
  __str__.

- Issue #7481: When a threading.Thread failed to start it would leave the
  instance stuck in initial state and present in threading.enumerate().

- Issue #1068268: The subprocess module now handles EINTR in internal
  os.waitpid and os.read system calls where appropriate.

Extension Modules
-----------------

- Issue #7808: Fix reference leaks in _bsddb and related tests.

- Stop providing crtassem.h symbols when compiling with Visual Studio 2010, as
  msvcr100.dll is not a platform assembly anymore.

- Issue #6877: Make it possible to link the readline extension to libedit
  on OSX.

- Expat: Fix DoS via XML document with malformed UTF-8 sequences
  (CVE_2009_3560).

- Issue #7242: On Solaris 9 and earlier calling os.fork() from within a
  thread could raise an incorrect RuntimeError about not holding the import
  lock.  The import lock is now reinitialized after fork.

- Issue #7999: os.setreuid() and os.setregid() would refuse to accept a -1
  parameter on some platforms such as OS X.

Build
-----

- Issue #3920, #7903: Define _BSD_SOURCE on OpenBSD 4.4 through 4.9.

- Issue #7661: Allow ctypes to be built from a non-ASCII directory path.
  Patch by Florent Xicluna.

- Issue #7589: Only build the nis module when the correct header files are
  found.

- Switch to OpenSSL 0.9.8l on Windows.

- Issue #6603: Change READ_TIMESTAMP macro in ceval.c so that it
  compiles correctly under gcc on x86-64.  This fixes a reported
  problem with the --with-tsc build on x86-64.

- Ensure that it possible to build extensions for the default
  binary distribution on OSX 10.6 even when the user does not
  have the 10.4u SDK installed.

- Issue #7541: when using ``python-config`` with a framework install the
  compiler might use the wrong library.

Documentation
-------------

- Updating `Using Python` documentation to include description of CPython's
  -J, -U and -X options.

- Update python manual page (options -B, -O0, -s, environment variables
  PYTHONDONTWRITEBYTECODE, PYTHONNOUSERSITE).

Tests
-----

- issue #7728: test_timeout was changed to use test_support.bind_port
  instead of a hard coded port.

- Issue #7498: test_multiprocessing now uses test_support.find_unused_port
  instead of a hardcoded port number in test_rapid_restart.

- Issue #7431: use TESTFN in test_linecache instead of trying to create a
  file in the Lib/test directory, which might be read-only for the
  user running the tests.

- Issue #7324: add a sanity check to regrtest argument parsing to
  catch the case of an option with no handler.

- Issue #7295: Do not use a hardcoded file name in test_tarfile.

- Issue #7270: Add some dedicated unit tests for multi-thread synchronization
  primitives such as Lock, RLock, Condition, Event and Semaphore.

- Issue #7055: test___all__ now greedily detects all modules which have an
  __all__ attribute, rather than using a hardcoded and incomplete list.
2010-05-02 14:09:11 +00:00