| bad9a58 | Benjamin Peterson | 14 April 2018, 22:06:30 UTC | 2.7.15rc1 version bump | 14 April 2018, 22:06:30 UTC |
| f2f1d4b | Benjamin Peterson | 14 April 2018, 22:06:13 UTC | make NEWS for 2.7.15rc1 | 14 April 2018, 22:06:13 UTC |
| bba2ba1 | Steve Dower | 14 April 2018, 21:50:40 UTC | bpo-33148: Update Windows build to use OpenSSL 1.0.2o closes https://github.com/python/cpython/pull/6474 | 14 April 2018, 22:04:21 UTC |
| 01a0fd4 | Miss Islington (bot) | 14 April 2018, 15:21:02 UTC | [2.7] bpo-33184: Update macOS installer build to use OpenSSL 1.0.2o. (GH-6408) (GH-6471) (cherry picked from commit 76215a4481191b648de522a4e2120f60822f6b9c) Co-authored-by: Ned Deily <nad@python.org> | 14 April 2018, 15:21:02 UTC |
| 93c91ac | Ned Deily | 14 April 2018, 14:56:17 UTC | [2.7] Fix errant NEWS item: bpo-19019 -> bpo-17128 (GH-6470) | 14 April 2018, 14:56:17 UTC |
| ee8e4b6 | Ned Deily | 14 April 2018, 14:37:28 UTC | [2.7] Backport macOS universal build and installer fixes from 3.6. (GH-6469) These include: - bpo-32726: Provide an additional, more modern macOS installer variant that supports macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied third-party libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+ installer now supplies its own private copy of Tcl/Tk 8.6.8. - bpo-24414: Default macOS deployment target is now set by ``configure`` to the build system's OS version (as is done by Python 3), not ``10.4``; override with, for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``. - bpo-19019: All 2.7 macOS installer variants now supply their own version of ``OpenSSL 1.0.2``; the Apple-supplied SSL libraries and root certificates are not longer used. The ``Installer Certificate`` command in ``/Applications/Python 2.7`` may be used to download and install a default set of root certificates from the third-party ``certifi`` package. - bpo-11485: python.org macOS Pythons no longer supply a default SDK value (e.g. ``-isysroot /``) or specific compiler version default (e.g. ``gcc-4.2``) when building extension modules. Use ``CC``, ``SDKROOT``, and ``DEVELOPER_DIR`` environment variables to override compilers or to use an SDK. See Apple's ``xcrun`` man page for more info. - prepare for pending Apple removal of 32-bit support in future macOS release | 14 April 2018, 14:37:28 UTC |
| a61f5da | Serhiy Storchaka | 10 April 2018, 08:03:52 UTC | [2.7] bpo-31920: Fixed handling directories as arguments in the ``pygettext`` script. (GH-6259) (GH-6436) Based on patch by Oleg Krasnikov. (cherry picked from commit c93938b5beea4c3f592119ebee6d4029558db8de) | 10 April 2018, 08:03:52 UTC |
| 77f0a41 | Miss Islington (bot) | 07 April 2018, 02:01:35 UTC | [2.7] bpo-8243: Doc patch for curses.window.addstr and curses.window.addch (GH-5179) (GH-6405) (cherry picked from commit ef5ce884a41c8553a7eff66ebace908c1dcc1f89) Co-authored-by: Jay Crotts <crotts.jay@gmail.com> | 07 April 2018, 02:01:35 UTC |
| 325191b | Cheryl Sabella | 02 April 2018, 05:29:01 UTC | [2.7] bpo-27212: Modify islice recipe to consume initial values preceding start (GH-6195) (GH-6339) (cherry picked from commit da1734c58d2f97387ccc9676074717d38b044128) | 02 April 2018, 05:29:01 UTC |
| 72f3e08 | Serhiy Storchaka | 01 April 2018, 07:26:33 UTC | [2.7] bpo-33132: Fix reference counting issues in the compiler. (GH-6209). (GH-6322) (cherry picked from commit a95d98607efe0c43475b354543e49bf8e240bc6f) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 01 April 2018, 07:26:33 UTC |
| 4a3c4ba | Serhiy Storchaka | 31 March 2018, 23:44:01 UTC | [2.7] Gitignore gmon.out (GH-5796) (GH-6328) gmon.out is generated when profiling turned on Full Configuration: ./configure --prefix=$PWD/install --enable-profiling --enable-big-digits=30 --with-pydebug --with-assertions --with-valgrind. (cherry picked from commit 95ad3822a2b6287772bd752b6ab493c6d4198d4b) Co-authored-by: Neeraj Badlani <neerajbadlani@gmail.com> | 31 March 2018, 23:44:01 UTC |
| e80a232 | Serhiy Storchaka | 31 March 2018, 23:42:58 UTC | [2.7] bpo-33096: Fix ttk.Treeview.insert. (GH-6228) (GH-6326) Allow ttk.Treeview.insert to insert iid that has a false boolean value. Note iid=0 and iid=False would be same. (cherry picked from commit 3ab44c0783eebdff687014f7d14d5dec59b6bd39) Co-authored-by: Garvit Khatri <garvitdelhi@gmail.com> | 31 March 2018, 23:42:58 UTC |
| 924035a | Serhiy Storchaka | 31 March 2018, 22:04:22 UTC | [2.7] Fix error message in sqlite connection thread check. (GH-6028). (GH-6325) (cherry picked from commit 030345c0bfc2f76684666fe5c61e766ba5debfe6) Co-authored-by: Takuya Akiba <469803+iwiwi@users.noreply.github.com> | 31 March 2018, 22:04:22 UTC |
| c498cd8 | scoder | 31 March 2018, 12:23:30 UTC | bpo-31544: Fix a reference leak to 'self' after the previous target error handling fixes. (GH-6318) This change generally splits the xmlparser creation code into an unsafe part with "rollback" error handling and a safe "object initialisation done" part with normal decref cleanup. | 31 March 2018, 12:23:30 UTC |
| 7f48a42 | Miss Islington (bot) | 28 March 2018, 08:55:30 UTC | bpo-33163: Upgrade pip to 9.0.3 and setuptools to v39.0.1. (GH-6284) (cherry picked from commit c0518cde7a8404f310cd3495e77e612820ecad4f) Co-authored-by: Ned Deily <nad@python.org> | 28 March 2018, 08:55:30 UTC |
| a266507 | Miss Islington (bot) | 26 March 2018, 12:11:15 UTC | Fix description about SimpleXMLRPCServer constructor parameter bind_and_activate. (GH-776) Passing True as the `bind_and_activate` *do* immediately opening and binding to their socket. (cherry picked from commit e6223579c87b93f3e60d28796f521587d88091d4) Co-authored-by: cocoatomo <cocoatomo77@gmail.com> | 26 March 2018, 12:11:15 UTC |
| e3e8bdc | Miss Islington (bot) | 26 March 2018, 10:58:47 UTC | Fix typo and edit for clarity in the docstrings of sys.float_info. (GH-2251) (cherry picked from commit 0301c9bdd1ebd788d1334cf3fe06c48f35bab0dc) Co-authored-by: Stefano Taschini <taschini@users.noreply.github.com> | 26 March 2018, 10:58:47 UTC |
| edd5418 | Christian Heimes | 24 March 2018, 18:34:15 UTC | [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6215) LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1) Co-authored-by: Christian Heimes <christian@python.org> | 24 March 2018, 18:34:15 UTC |
| 0694b6a | scoder | 24 March 2018, 05:56:41 UTC | bpo-31544: Avoid calling "PyObject_GetAttrString()" (and potentially executing user code) with a live exception set. (GH-3992) | 24 March 2018, 05:56:41 UTC |
| 1ce4e5b | Miss Islington (bot) | 22 March 2018, 04:14:22 UTC | Upgrade pip to v9.0.3 and setuptools to v39.0.1 (GH-6184) (cherry picked from commit d93b5161af12291f3f98a260c90cc2975ea9e9cd) Co-authored-by: Donald Stufft <donald@stufft.io> | 22 March 2018, 04:14:22 UTC |
| 7ee0936 | Miss Islington (bot) | 21 March 2018, 06:55:44 UTC | Fix typos in mmap() error messages (GH-6173) (cherry picked from commit 9308dea3e1fd565d50a76a667e4e8ef0568b7053) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 21 March 2018, 06:55:44 UTC |
| 4e907d8 | Miss Islington (bot) | 17 March 2018, 15:54:45 UTC | Update pip to 9.0.2 and setuptools to 38.6.1 (GH-6133) (GH-6135) (cherry picked from commit 7f81bb2addbbccfa45a2fc1aa6030f26dcf4bd78) Co-authored-by: Donald Stufft <donald@stufft.io> | 17 March 2018, 15:54:45 UTC |
| baca85f | xdegaye | 13 March 2018, 21:06:14 UTC | [2.7] bpo-17288: Prevent jumps from 'return' and 'exception' trace events. (GH-6111) (cherry picked from commit e32bbaf376a09c149fa7c7f2919d7c9ce4e2a055) | 13 March 2018, 21:06:14 UTC |
| 3854f58 | Miss Islington (bot) | 11 March 2018, 08:55:59 UTC | [2.7] bpo-33026: Fix jumping out of "with" block by setting f_lineno. (GH-6026). (GH-6074) (GH-6076) (cherry picked from commit 26c9f565d016db21257a60d29ab2c99383dd5ac7) (cherry picked from commit 04aadf23eac51fec2e436c5960c1362bbb7d03de) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 11 March 2018, 08:55:59 UTC |
| 34bb88d | Xiang Zhang | 09 March 2018, 02:21:58 UTC | Clear possible exception before calling PyTuple_Pack in IMPORT_NAME (GH-6033) | 09 March 2018, 02:21:58 UTC |
| 55d5bfb | Jamie Davis | 06 March 2018, 05:59:02 UTC | [2.7] closes bpo-32997: Fix REDOS in fpformat (GH-5984) The regex to decode a number in fpformat is susceptible to catastrophic backtracking. This is a potential DOS vector if a server is using fpformat on untrusted number strings. Replace it with an equivalent non-vulnerable regex. The match behavior of the new regex is slightly different. It captures the whole integer part of the number in one group, Leading zeros are stripped off later. | 06 March 2018, 05:59:02 UTC |
| e052d40 | Benjamin Peterson | 04 March 2018, 06:18:17 UTC | [2.7] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) * Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>. (cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac) | 04 March 2018, 06:18:17 UTC |
| 20003f9 | Brett Cannon | 02 March 2018, 22:10:21 UTC | bpo-32963: Fix the tutorial to state source has a default encoding of ASCII (GH-5961) | 02 March 2018, 22:10:21 UTC |
| aa40f92 | Alexey Izbyshev | 01 March 2018, 10:27:34 UTC | [2.7] bpo-32903: Fix a memory leak in os.chdir() on Windows (GH-5801). (#5947) (cherry picked from commit 3e197c7a6740d564ad52fb7901c07d5ff49460f5) Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com> | 01 March 2018, 10:27:34 UTC |
| c20c97f | bennorth | 26 February 2018, 22:35:03 UTC | bpo-18533: Avoid RuntimeError from repr() of recursive dictview (#4823) (#5357) (cherry picked from commit d7773d92bd11640a8c950d6c36a9cef1cee36f96) | 26 February 2018, 22:35:03 UTC |
| ecaa372 | Miss Islington (bot) | 25 February 2018, 21:22:43 UTC | bpo-32500: Correct the documentation for PySequence_Size() and PySequence_Length() (GH-5767) Dropped the part that says: "For objects that do not provide sequence protocol". (cherry picked from commit 7a1e1786f98ad49caa157dcdf14ada9d0b07d0fd) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 25 February 2018, 21:22:43 UTC |
| b7c1a94 | Cheryl Sabella | 25 February 2018, 20:50:26 UTC | [2.7] bpo-25059: Clarify the print separator usage in tutorial (GH-5879) By default `print` adds spaces between its arguments. (cherry picked from commit 84c4b0cc67ceb4b70842b78c718b6e8214874d6a) | 25 February 2018, 20:50:26 UTC |
| 7634947 | Miss Islington (bot) | 25 February 2018, 19:38:24 UTC | bpo-31454: Include information about "import X as Y" in Modules tutorial (GH-4041) (cherry picked from commit fbee88244e8921afdb29fde51a9a010a8ae18277) Co-authored-by: Mario Corchero <mariocj89@gmail.com> | 25 February 2018, 19:38:24 UTC |
| 07c13ee | Miss Islington (bot) | 25 February 2018, 15:34:46 UTC | Delete a broken threading.local example (GH-5870) This code never did anything correct or useful. The class attribute will never be affected, and the condition will never be true. (cherry picked from commit 5fb632e83136399bad9427ee23ec8b771695290a) Co-authored-by: Aaron Gallagher <habnabit@users.noreply.github.com> | 25 February 2018, 15:34:46 UTC |
| df1732a | Christian Heimes | 25 February 2018, 13:28:55 UTC | [2.7] bpo-30622: Fix NPN for OpenSSL 1.1.1-pre1 (GH-5876) (#5882) Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 29eab55309b9f78b79074d26db16a44e7841c639) Co-authored-by: Christian Heimes <christian@python.org> | 25 February 2018, 13:28:55 UTC |
| 439956a | Christian Heimes | 25 February 2018, 12:08:05 UTC | Fix ssl module, Python 2.7 doesn't have Py_MAX (#5878) Signed-off-by: Christian Heimes <christian@python.org> | 25 February 2018, 12:08:05 UTC |
| 4bb9b9a | Christian Heimes | 25 February 2018, 11:31:17 UTC | [2.7] bpo-32647: Link ctypes extension with libdl. (GH-5550) (#5877) The ctypes module used to depend on indirect linking for dlopen. The shared extension is now explicitly linked against libdl on platforms with dl. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 5bb9692575f10f4a7c7f1c2c0c70956baf6d5c23) Co-authored-by: Christian Heimes <christian@python.org> | 25 February 2018, 11:31:17 UTC |
