Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #5090 - requested by sevan
lang/python27: security fix
Revisions pulled up:
- lang/python27/Makefile 1.61
- lang/python27/PLIST.common 1.15
- lang/python27/dist.mk 1.12
- lang/python27/distinfo 1.55
- lang/python27/patches/patch-Lib_distutils_unixccompiler.py 1.4
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Jul 2 15:05:43 UTC 2016
Modified Files:
pkgsrc/lang/python27: Makefile PLIST.common dist.mk distinfo
pkgsrc/lang/python27/patches: patch-Lib_distutils_unixccompiler.py
Log Message:
Changes 2.7.2:
Core and Builtins
-----------------
- Issue 20041: Fixed TypeError when frame.f_trace is set to None.
Patch by Xavier de Gaye.
- Issue 25702: A --with-lto configure option has been added that will
enable link time optimizations at build time during a make profile-opt.
Some compilers and toolchains are known to not produce stable code when
using LTO, be sure to test things thoroughly before relying on it.
It can provide a few % speed up over profile-opt alone.
- Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the \
"N"
format unit.
- Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by
Joe Jevnik.
- Issue 4806: Avoid masking the original TypeError exception when using star
(*) unpacking and the exception was raised from a generator. Based on
patch by Hagen Fu:rstenau.
- Issue 26659: Make the builtin slice type support cycle collection.
- Issue 26718: super.__init__ no longer leaks memory if called multiple times.
NOTE: A direct call of super.__init__ is not endorsed!
- Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly
ignore errors from a __int__() method.
- Issue 26494: Fixed crash on iterating exhausting iterators.
Affected classes are generic sequence iterators, iterators of bytearray,
list, tuple, set, frozenset, dict, OrderedDict and corresponding views.
- Issue 26581: If coding cookie is specified multiple times on a line in
Python source code file, only the first one is taken to account.
- Issue 22836: Ensure exception reports from PyErr_Display() and
PyErr_WriteUnraisable() are sensible even when formatting them produces
secondary errors. This affects the reports produced by
sys.__excepthook__() and when __del__() raises an exception.
- Issue 22847: Improve method cache efficiency.
- Issue 25843: When compiling code, don't merge constants if they are equal
but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0``
is now correctly compiled to two different functions: ``f1()`` returns ``1``
(``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0``
are equal.
- Issue 22995: [UPDATE] Remove the one of the pickleability tests in
_PyObject_GetState() due to regressions observed in Cython-based projects.
- Issue 25961: Disallowed null characters in the type name.
- Issue 22995: Instances of extension types with a state that aren't
subclasses of list or dict and haven't implemented any pickle-related
methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__,
or __getstate__), can no longer be pickled. Including memoryview.
- Issue 20440: Massive replacing unsafe attribute setting code with special
macro Py_SETREF.
- Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size.
This allows sys.getsize() to work correctly with their subclasses with
__slots__ defined.
- Issue 19543: Added Py3k warning for decoding unicode.
- Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside
__getattr__.
- Issue 24731: Fixed crash on converting objects with special methods
__str__, __trunc__, and __float__ returning instances of subclasses of
str, long, and float to subclasses of str, long, and float correspondingly.
- Issue 26478: Fix semantic bugs when using binary operators with dictionary
views and tuples.
- Issue 26171: Fix possible integer overflow and heap corruption in
zipimporter.get_data().
Library
-------
- Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283.
- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team
Oststrom
- Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the
locale.
- Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from
sending a message body for 205 Reset Content. Also, don't send the
Content-Type header field in responses that don't have a body. Based on
patch by Susumu Koshiba.
- Issue 21313: Fix the "platform" module to tolerate when sys.version
contains truncated build information.
- Issue 27211: Fix possible memory corruption in io.IOBase.readline().
- Issue 27114: Fix SSLContext._load_windows_store_certs fails with
PermissionError
- Issue 14132: Fix urllib.request redirect handling when the target only has
a query string. Fix by Ja'n Janech.
- Removed the requirements for the ctypes and modulefinder modules to be
compatible with earlier Python versions.
- Issue 22274: In the subprocess module, allow stderr to be redirected to
stdout even when stdout is not redirected. Patch by Akira Li.
- Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname().
Patch by Sijin Joseph.
- Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib
from hanging when retrieving certain FTP files.
- Issue 25745: Fixed leaking a userptr in curses panel destructor.
- Issue 17765: weakref.ref() no longer silently ignores keyword arguments.
Patch by Georg Brandl.
- Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags
instead of silently return incorrect result.
- Issue 24114: Fix an uninitialized variable in `ctypes.util`.
The bug only occurs on SunOS when the ctypes implementation searches
for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by
Kees Bos.
- Issue 26864: In urllib, change the proxy bypass host checking against
no_proxy to be case-insensitive, and to not match unrelated host names that
happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang.
- Issue 26804: urllib will prefer lower_case proxy environment variables over
UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen.
- Issue 26837: assertSequenceEqual() now correctly outputs non-stringified
differing items. This affects assertListEqual() and assertTupleEqual().
- Issue 26822: itemgetter, attrgetter and methodcaller objects no longer
silently ignore keyword arguments.
- Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer
on Windows. This fixes a regression that was introduced in 2.7.7. Based
on patch by Philipp Hagemeister.
- Issue 19377: Add .svg to mimetypes.types_map.
- Issue 13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson.
- Issue 16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'.
- Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our
own SIGWINCH handler. Patch by Eric Price.
- Issue 26644: Raise ValueError rather than SystemError when a negative
length is passed to SSLSocket.recv() or read().
- Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes
instead of up to 1024.
- Issue 24266: Ctrl+C during Readline history search now cancels the search
mode when compiled with Readline 7.
- Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and
environment variable to configure the default handling of SSL/TLS certificates
for HTTPS connections.
- Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store
is empty. Patch by Baji.
- Issue 26513: Fixes platform module detection of Windows Server
- Issue 23718: Fixed parsing time in week 0 before Jan 1. Original patch by
Tama's Bence Gedai.
- Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets.
- Issue 15068: Got rid of excessive buffering in the fileinput module.
The bufsize parameter is no longer used.
- Issue 2202: Fix UnboundLocalError in
AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy.
- Issue 26475: Fixed debugging output for regular expressions with the (?x)
flag.
- Issue 26385: Remove the file if the internal fdopen() call in
NamedTemporaryFile() fails. Based on patch by Silent Ghost.
- Issue 26309: In the "socketserver" module, shut down the request \
(closing
the connected socket) when verify_request() returns false. Based on patch
by Aviv Palivoda.
- Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates.
- Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with
Linux PID namespaces enabled.
- Issue 25698: Importing module if the stack is too deep no longer replaces
imported module with the empty one.
- Issue 12923: Reset FancyURLopener's redirect counter even if there is an
exception. Based on patches by Brian Brazil and Daniel Rocco.
- Issue 25945: Fixed a crash when unpickle the functools.partial object with
wrong state. Fixed a leak in failed functools.partial constructor.
"args" and "keywords" attributes of functools.partial \
have now always types
tuple and dict correspondingly.
- Issue 19883: Fixed possible integer overflows in zipimport.
- Issue 26147: xmlrpclib now works with unicode not encodable with used
non-UTF-8 encoding.
- Issue 16620: Fixed AttributeError in msilib.Directory.glob().
- Issue 21847: Fixed xmlrpclib on Unicode-disabled builds.
- Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__().
- Issue 26083: Workaround a subprocess bug that raises an incorrect
"ValueError: insecure string pickle" exception instead of the actual
exception on some platforms such as Mac OS X when an exception raised
in the forked child process prior to the exec() was large enough that
it overflowed the internal errpipe_read pipe buffer.
- Issue 24103: Fixed possible use after free in ElementTree.iterparse().
- Issue 20954: _args_from_interpreter_flags used by multiprocessing and some
tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED
environment variable.
- Issue 14285: When executing a package with the "python -m \
package" option,
and package initialization raises ImportError, a proper traceback is now
reported.
- Issue 6478: _strptime's regexp cache now is reset after changing timezone
with time.tzset().
- Issue 25718: Fixed copying object with state with boolean value is false.
- Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for
its second parameter.
- Issue 10131: Fixed deep copying of minidom documents. Based on patch
by Marian Ganisin.
- Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling
invalid data including tuple instructions.
- Issue 25663: In the Readline completer, avoid listing duplicate global
names, and search the global namespace before searching builtins.
- Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error.
- Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data.
- Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on
OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis.
- Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on
current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis.
IDLE
----
- Issue 5124: Paste with text selected now replaces the selection on X11.
This matches how paste works on Windows, Mac, most modern Linux apps,
and ttk widgets. Original patch by Serhiy Storchaka.
- Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory
is a private implementation of test.test_idle and tool for maintainers.
- Issue 26673: When tk reports font size as 0, change to size 10.
Such fonts on Linux prevented the configuration dialog from opening.
- Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks.
- In the 'IDLE-console differences' section of the IDLE doc, clarify
how running with IDLE affects sys.modules and the standard streams.
- Issue 25507: fix incorrect change in IOBinding that prevented printing.
Change also prevented saving shell window with non-ascii characters.
Augment IOBinding htest to include all major IOBinding functions.
- Issue 25905: Revert unwanted conversion of ' to ? RIGHT SINGLE QUOTATION
MARK in README.txt and open this and NEWS.txt with 'ascii'.
Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'.
- Issue 26417: Prevent spurious errors and incorrect defaults when
installing IDLE 2.7 on OS X: default configuration settings are
no longer installed from OS X specific copies.
Documentation
-------------
- Issue 26736: Used HTTPS for external links in the documentation if possible.
- Issue 6953: Rework the Readline module documentation to group related
functions together, and add more details such as what underlying Readline
functions and variables are accessed.
- Issue 26014: Guide users to the newer packaging documentation as was done
for Python 3.x. In particular, the top-level 2.7 documentation page now
links to the newer installer and distributions pages rather than the
legacy install and Distutils pages; these are still linked to in the
library/distutils doc page.
Tests
-----
- Issue 21916: Added tests for the turtle module. Patch by ingrid,
Gregory Loyse and Jelle Zijlstra.
- Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This
avoids relying on svn.python.org, which recently changed root certificate.
- Issue 25616: Tests for OrderedDict are extracted from test_collections
into separate file test_ordered_dict.
Build
-----
- Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for
running pgen when cross-compiling. The pgen output is normally saved with
the source code anyway, and is still regenerated when doing a native build.
Patch by Jonas Wagner and Xavier de Gaye.
- Issue 19450: Update Windows builds to use SQLite 3.8.11.0.
- Issue 27229: Fix the cross-compiling pgen rule for in-tree builds. Patch
by Xavier de Gaye.
- Issue 17603: Avoid error about nonexistant fileblocks.o file by using a
lower-level check for st_blocks in struct stat.
- Issue 26465: Update Windows builds to use OpenSSL 1.0.2g.
- Issue 24421: Compile Modules/_math.c once, before building extensions.
Previously it could fail to compile properly if the math and cmath builds
were concurrent.
- Issue 25824: Fixes sys.winver to not include any architecture suffix.
- Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to
``PCbuild\build.bat`` for building with Profile-Guided Optimization. The
old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls
``PCbuild\build.bat --pgo %*``.
- Issue 25827: Add support for building with ICC to ``configure``, including
a new ``--with-icc`` flag.
- Issue 25696: Fix installation of Python on UNIX with make -j9.
- Issue 26930: Update OS X 10.5+ 32-bit-only installer to build
and link with OpenSSL 1.0.2h.
- Issue 26268: Update Windows builds to use OpenSSL 1.0.2f.
- Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries.
Tools/Demos
-----------
- Issue 26799: Fix python-gdb.py: don't get C types once when the Python code
is loaded, but get C types on demand. The C types can change if
python-gdb.py is loaded before the Python executable. Patch written by Thomas
Ilsche.
C API
-----
- Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++.
Patch by Jeroen Demeyer.
Misc
----
- Issue 17500, and https://github.com/python/pythondotorg/issues/945: Remove
unused and outdated icons.