| 6c00321 | Benjamin Peterson | 15 October 2014, 22:07:54 UTC | goodbye, 2.6 | 15 October 2014, 22:07:54 UTC |
| d69a010 | Benjamin Peterson | 02 April 2014, 03:55:11 UTC | Added tag v2.6.7 for changeset a39a30ac7f2e | 02 April 2014, 03:55:11 UTC |
| ed04982 | Barry Warsaw | 30 October 2013, 15:24:51 UTC | Closing the 2.6 branch | 30 October 2013, 15:24:51 UTC |
| 428f82d | Barry Warsaw | 29 October 2013, 14:16:34 UTC | Added tag v2.6.9 for changeset fcb3ec2842f9 | 29 October 2013, 14:16:34 UTC |
| 8493c0c | Barry Warsaw | 29 October 2013, 14:14:05 UTC | version bump | 29 October 2013, 14:14:05 UTC |
| c26efbb | Barry Warsaw | 29 October 2013, 14:10:41 UTC | updating topics | 29 October 2013, 14:10:41 UTC |
| aa91450 | Barry Warsaw | 01 October 2013, 15:38:38 UTC | Typo caught by : Arfrever Frehtes Taifersar Arahesis. | 01 October 2013, 15:38:38 UTC |
| 6e279ee | Barry Warsaw | 01 October 2013, 01:49:31 UTC | post release bump | 01 October 2013, 01:49:31 UTC |
| c1d9b2d | Barry Warsaw | 01 October 2013, 00:37:58 UTC | Added tag v2.6.9rc1 for changeset a0025037f11a | 01 October 2013, 00:37:58 UTC |
| 9bf51fe | Barry Warsaw | 01 October 2013, 00:37:45 UTC | Bump copyright years. | 01 October 2013, 00:37:45 UTC |
| be1950d | Barry Warsaw | 01 October 2013, 00:34:29 UTC | Bump to 2.6.9rc1 | 01 October 2013, 00:34:29 UTC |
| 290df2c | Barry Warsaw | 01 October 2013, 00:31:56 UTC | Regenerate pydoc_topics.py | 01 October 2013, 00:31:56 UTC |
| 42faa55 | Barry Warsaw | 30 September 2013, 22:35:15 UTC | - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen. | 30 September 2013, 22:35:15 UTC |
| e763a91 | Barry Warsaw | 30 September 2013, 20:45:40 UTC | Fix typo in NEWS file. | 30 September 2013, 20:45:40 UTC |
| c545a5e | Barry Warsaw | 30 September 2013, 19:56:29 UTC | - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much member. Patch by Jyrki Pulliainen. | 30 September 2013, 19:56:29 UTC |
| 6c1bb7b | Barry Warsaw | 29 September 2013, 17:59:06 UTC | - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 100 headers are read. Adapted from patch by Jyrki Pulliainen. | 29 September 2013, 17:59:06 UTC |
| d6fddf3 | Barry Warsaw | 25 September 2013, 13:36:58 UTC | - Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola. with test fixes by Serhiy Storchaka. | 25 September 2013, 13:36:58 UTC |
| 4e95d60 | Barry Warsaw | 22 September 2013, 20:07:09 UTC | - Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit line length. Patch by Emil Lind. | 22 September 2013, 20:07:09 UTC |
| 9e27eda | R David Murray | 18 September 2013, 12:49:25 UTC | #14984: only import pwd on POSIX. | 18 September 2013, 12:49:25 UTC |
| 137b572 | R David Murray | 18 September 2013, 00:08:09 UTC | Add versionchanged for #14984, remove extra blank from string. | 18 September 2013, 00:08:09 UTC |
| 4189b67 | R David Murray | 16 September 2013, 17:48:44 UTC | #14984: On POSIX, enforce permissions when reading default .netrc. Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement. | 16 September 2013, 17:48:44 UTC |
| 503baf9 | Andrew Kuchling | 15 September 2013, 17:11:47 UTC | #16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline(). The SSLFakeFile.readline() method needs to support limiting readline() as well. It's not a full emulation of readline()'s signature, but this class is only used by smtplib's code, so it doesn't have to be. Modified version of original patch by Christian Heimes. | 15 September 2013, 17:11:47 UTC |
| ed9884b | Christian Heimes | 05 September 2013, 14:04:35 UTC | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case | 05 September 2013, 14:04:35 UTC |
| bde2985 | Christian Heimes | 03 September 2013, 12:47:00 UTC | Python 2.6's ssl module has neither OPENSSL_VERSION_INFO nor _OPENSSL_API_VERSION | 03 September 2013, 12:47:00 UTC |
| 8f65ef8 | Christian Heimes | 25 August 2013, 12:12:41 UTC | Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger | 25 August 2013, 12:12:41 UTC |
| 82f8828 | Barry Warsaw | 23 August 2013, 17:26:49 UTC | - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI). | 23 August 2013, 17:26:49 UTC |
| f880e5d | Barry Warsaw | 21 August 2013, 00:35:20 UTC | Fix UnboundLocalError regression due to previous incorrect fix for issue 16248. | 21 August 2013, 00:35:20 UTC |
| f25d957 | Barry Warsaw | 20 February 2013, 23:19:55 UTC | - Issue #16248: Disable code execution from the user's home directory by tkinter when the -E flag is passed to Python. Patch by Zachary Ware. | 20 February 2013, 23:19:55 UTC |
| 55f23c4 | Georg Brandl | 28 October 2012, 07:04:38 UTC | #8040: port versionswitcher patch to 2.6. | 28 October 2012, 07:04:38 UTC |
| cca96f0 | Barry Warsaw | 10 April 2012, 18:50:39 UTC | Post release twiddle. | 10 April 2012, 18:50:39 UTC |
| 27509ce | Barry Warsaw | 10 April 2012, 15:18:47 UTC | Added tag v2.6.8 for changeset c9910fd022fc | 10 April 2012, 15:18:47 UTC |
| a12d0cc | Barry Warsaw | 10 April 2012, 14:59:35 UTC | Bump to 2.6.8 | 10 April 2012, 14:59:35 UTC |
| 75076b4 | Barry Warsaw | 10 April 2012, 14:56:26 UTC | update docs | 10 April 2012, 14:56:26 UTC |
| 222ac8c | Georg Brandl | 18 March 2012, 06:31:17 UTC | Remove duplicate hgtags entries for 2.6.8rc{1,2}. | 18 March 2012, 06:31:17 UTC |
| 9636e46 | Barry Warsaw | 17 March 2012, 22:34:05 UTC | Added tag v2.6.8rc2 for changeset bd9e1a02e3e3 | 17 March 2012, 22:34:05 UTC |
| b1abc08 | Barry Warsaw | 17 March 2012, 22:19:42 UTC | Added tag v2.6.8rc2 for changeset 1d1b7b9fad48 | 17 March 2012, 22:19:42 UTC |
| bd371a4 | Barry Warsaw | 17 March 2012, 22:19:15 UTC | Bump to 2.6.8rc2 | 17 March 2012, 22:19:15 UTC |
| 2875b5b | Barry Warsaw | 17 March 2012, 22:16:58 UTC | Update Docs and NEWS for 2.6.8rc2. | 17 March 2012, 22:16:58 UTC |
| e9bc2f7 | Barry Warsaw | 15 March 2012, 00:10:41 UTC | - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. | 15 March 2012, 00:10:41 UTC |
| 6707826 | Barry Warsaw | 23 February 2012, 16:10:31 UTC | Added tag v2.6.8rc1 for changeset 5356b6c7fd66 | 23 February 2012, 16:10:31 UTC |
| 2593eac | Barry Warsaw | 23 February 2012, 15:59:50 UTC | Added tag v2.6.8rc1 for changeset caab08cd2b3e | 23 February 2012, 15:59:50 UTC |
| 74f4bd5 | Barry Warsaw | 23 February 2012, 15:59:38 UTC | Bump some more copyright years (as per PEP 101), since this is the first release of 2.6 for 2012. | 23 February 2012, 15:59:38 UTC |
| 1fbc16d | Barry Warsaw | 23 February 2012, 15:55:57 UTC | Bump to version 2.6.8rc1. | 23 February 2012, 15:55:57 UTC |
| b383e80 | Barry Warsaw | 22 February 2012, 22:26:50 UTC | Back port from 2.7: http://hg.python.org/cpython/rev/48705250232c changeset: 75187:48705250232c branch: 2.7 parent: 75184:9a1d902714ae user: Antoine Pitrou <solipsis@pitrou.net> date: Wed Feb 22 22:16:25 2012 +0100 | 22 February 2012, 22:26:50 UTC |
| 56fd661 | Barry Warsaw | 22 February 2012, 18:50:04 UTC | Backport from 2.7: changeset: 75153:9b7c6dd19e25 branch: 2.7 parent: 75151:b1a02c17b327 user: Antoine Pitrou <solipsis@pitrou.net> date: Tue Feb 21 22:02:04 2012 +0100 files: Lib/test/test_os.py | 22 February 2012, 18:50:04 UTC |
| 6a9005b | Barry Warsaw | 22 February 2012, 18:34:18 UTC | Backport from 2.7 branch. changeset: 75165:780008020c40 user: Antoine Pitrou <solipsis@pitrou.net> date: Wed Feb 22 03:33:56 2012 +0100 summary: Fix (presumably) test_hash under big-endian systems (PPC). | 22 February 2012, 18:34:18 UTC |
| 3aec568 | Georg Brandl | 21 February 2012, 21:36:27 UTC | Remove reST markup from --help output. Also: O(n**2) is dict construction, not single insertion. | 21 February 2012, 21:36:27 UTC |
| 4e171d1 | Benjamin Peterson | 21 February 2012, 20:08:51 UTC | don't need this hack anymore | 21 February 2012, 20:08:51 UTC |
| 776af40 | Antoine Pitrou | 21 February 2012, 19:42:48 UTC | Fix crash at startup with -W options. | 21 February 2012, 19:42:48 UTC |
| 876e789 | Benjamin Peterson | 21 February 2012, 16:23:21 UTC | merge heads | 21 February 2012, 16:23:21 UTC |
| 8757cad | Barry Warsaw | 21 February 2012, 16:16:06 UTC | Backport fix from default branch for ./python -R -Wd where hash('d') would not have gotten randomized. | 21 February 2012, 16:16:06 UTC |
| 26da920 | Benjamin Peterson | 21 February 2012, 16:08:50 UTC | ensure no one tries to hash things before the random seed is found | 21 February 2012, 16:08:50 UTC |
| b69fa1f | Barry Warsaw | 21 February 2012, 15:22:34 UTC | Let's sort the keys so that this test passes even with random hashes. | 21 February 2012, 15:22:34 UTC |
| b19fb24 | Barry Warsaw | 21 February 2012, 01:44:15 UTC | Whitespace normalization | 21 February 2012, 01:44:15 UTC |
| 1e13eb0 | Barry Warsaw | 21 February 2012, 01:42:21 UTC | - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner. | 21 February 2012, 01:42:21 UTC |
| f5a5beb | Barry Warsaw | 20 February 2012, 19:43:22 UTC | Back port Python 2.7 fix for test_invalid_redirect() in test_urllib.py. | 20 February 2012, 19:43:22 UTC |
| 66f3cc6 | Charles-François Natali | 18 February 2012, 13:15:38 UTC | Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request. | 18 February 2012, 13:15:38 UTC |
| d358e05 | Antoine Pitrou | 27 January 2012, 08:42:45 UTC | Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. | 27 January 2012, 08:42:45 UTC |
| 141e770 | Martin v. Löwis | 31 October 2011, 11:39:25 UTC | merge closing of 2.5 branch | 31 October 2011, 11:39:25 UTC |
| e5b9bff | Martin v. Löwis | 31 October 2011, 11:38:50 UTC | 2.5 is no longer maintained | 31 October 2011, 11:38:50 UTC |
| 345fff3 | Éric Araujo | 28 July 2011, 20:27:28 UTC | Remove mentions of previous license in profile module (#12417 followup) | 28 July 2011, 20:27:28 UTC |
| 5ac56d2 | Benjamin Peterson | 29 June 2011, 02:57:21 UTC | fix ws | 29 June 2011, 02:57:21 UTC |
| 1105f34 | Benjamin Peterson | 27 June 2011, 14:14:34 UTC | update profile license (closes #12417) | 27 June 2011, 14:14:34 UTC |
| d0366e8 | Barry Warsaw | 04 June 2011, 00:05:48 UTC | Replay svn r88852. | 04 June 2011, 00:05:48 UTC |
| 16ec24a | Barry Warsaw | 04 June 2011, 00:02:47 UTC | Replay svn r88850. | 04 June 2011, 00:02:47 UTC |
| 9c53584 | Martin v. Löwis | 28 May 2011, 12:13:32 UTC | Nearly null-merge 2.5.6 | 28 May 2011, 12:13:32 UTC |
| 228516c | Martin v. Löwis | 28 May 2011, 12:06:55 UTC | merge 2.5.6c1 tag | 28 May 2011, 12:06:55 UTC |
| dcdf032 | Martin v. Löwis | 28 May 2011, 12:05:31 UTC | Added tag v2.5.6c1 for changeset a87c7b96672b | 28 May 2011, 12:05:31 UTC |
| 4ca9d48 | Martin v. Löwis | 28 May 2011, 12:00:37 UTC | Added tag v2.5.6 for changeset de34c7b097e8 | 28 May 2011, 12:00:37 UTC |
| 11a859d | Martin v. Löwis | 28 May 2011, 11:58:36 UTC | r88840: Prepare for 2.5.6. | 28 May 2011, 11:58:36 UTC |
| e81c485 | Martin v. Löwis | 28 May 2011, 11:57:28 UTC | r88828: Fix year. | 28 May 2011, 11:57:28 UTC |
| cf60858 | Martin v. Löwis | 28 May 2011, 11:56:22 UTC | r88824: Prepare for 2.5.6c1. | 28 May 2011, 11:56:22 UTC |
| 32140f8 | Barry Warsaw | 23 May 2011, 19:27:52 UTC | Replay changeset 70249:b571c7a8cf2e from fubar branch. Original commit message: Merging post 2.6.7rc2 changes from Subversion. | 23 May 2011, 19:27:52 UTC |
| 3428926 | Barry Warsaw | 23 May 2011, 19:26:11 UTC | Replay changeset 70248:c714e2f92f63 from fubar branch. Original commit message: Cross-port changes for 2.6.7rc2 from the Subversion branch. | 23 May 2011, 19:26:11 UTC |
| cf0d8ab | Barry Warsaw | 23 May 2011, 19:22:56 UTC | Replay changeset 70238:03e488b5c009 from fubar branch. Original commit message: Reconcile with the 2.6svn branch. The 2.6.7 release will be made from Subversion, but there were differences, so this brings them in sync. These changes should *not* propagate to any newer versions. | 23 May 2011, 19:22:56 UTC |
| e26bc10 | Barry Warsaw | 23 May 2011, 01:16:55 UTC | These files have Windows line endings in 2.6. | 23 May 2011, 01:16:55 UTC |
| 22108f1 | Łukasz Langa | 28 April 2011, 15:27:59 UTC | Closes #11786: ConfigParser.[Raw]ConfigParser optionxform(). | 28 April 2011, 15:27:59 UTC |
| 31e1b1f | Martin v. Löwis | 17 April 2011, 20:56:19 UTC | merge 11442 NEWS | 17 April 2011, 20:56:19 UTC |
| 2d253dd | Martin v. Löwis | 17 April 2011, 20:29:40 UTC | Issue 11442: Add NEWS entry for e9724d7abbc2 | 17 April 2011, 20:29:40 UTC |
| 8c850bf | Guido van Rossum | 29 March 2011, 20:03:10 UTC | Merge cleanup. | 29 March 2011, 20:03:10 UTC |
| 079381d | Guido van Rossum | 29 March 2011, 19:51:16 UTC | Merge issue 11662 from 2.5. | 29 March 2011, 19:51:16 UTC |
| 9a9fdfa | guido@google.com | 29 March 2011, 17:48:23 UTC | Merge urllib/urllib2 security fix from 2.5 branch. | 29 March 2011, 17:48:23 UTC |
| 92ecb87 | guido@google.com | 29 March 2011, 16:53:33 UTC | Adding .hgignore (copied from default branch). | 29 March 2011, 16:53:33 UTC |
| af1fee0 | Vinay Sajip | 29 March 2011, 00:07:50 UTC | Issue #11639: Configuration function documentation referred to logging.XXX rather than logging.config.XXX. | 29 March 2011, 00:07:50 UTC |
| db3080e | guido@google.com | 28 March 2011, 20:53:40 UTC | Add CVE number to urllib/urllib2 news item. | 28 March 2011, 20:53:40 UTC |
| f150930 | guido@google.com | 28 March 2011, 20:47:01 UTC | Add tests for the urllib[2] vulnerability. Change to raise exceptions. | 28 March 2011, 20:47:01 UTC |
| 2bc23b8 | guido@google.com | 24 March 2011, 17:44:17 UTC | Add FTP to the allowed url schemes. Add Misc/NEWS. | 24 March 2011, 17:44:17 UTC |
| 60a4a90 | guido@google.com | 24 March 2011, 15:07:45 UTC | Issue 22663: fix redirect vulnerability in urllib/urllib2. | 24 March 2011, 15:07:45 UTC |
| f23c515 | Martin v. Löwis | 21 March 2011, 09:31:44 UTC | null merge | 21 March 2011, 09:31:44 UTC |
| ce5d0e2 | Martin v. Löwis | 21 March 2011, 09:30:07 UTC | Set subversion version identification to empty strings if this is not a subversion checkout (but a mercurial one). Closes #11579. Closes #11421. Patch by Senthil Kumaran. | 21 March 2011, 09:30:07 UTC |
| d7bed77 | Guido van Rossum | 19 March 2011, 23:20:39 UTC | Whoops. The copyright should be two lines (merge from 2.5). | 19 March 2011, 23:20:39 UTC |
| 197f7f6 | Guido van Rossum | 19 March 2011, 23:20:06 UTC | Whoops. The copyright should be two lines. | 19 March 2011, 23:20:06 UTC |
| 54b76d4 | Guido van Rossum | 19 March 2011, 23:17:14 UTC | Test commit. Add 2011 to copyright line (merge from 2.5). | 19 March 2011, 23:17:14 UTC |
| deeb71e | Guido van Rossum | 19 March 2011, 23:14:44 UTC | Test commit. Add 2011 to copyright line. | 19 March 2011, 23:14:44 UTC |
| dfd1579 | Senthil Kumaran | 17 March 2011, 06:23:24 UTC | merge from 2.5 branch. | 17 March 2011, 06:23:24 UTC |
| 3853586 | Senthil Kumaran | 17 March 2011, 04:34:18 UTC | Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks. Patch by Tom N. (Backported from py3k codeline). | 17 March 2011, 04:34:18 UTC |
| 3ae8113 | Vinay Sajip | 11 March 2011, 18:44:10 UTC | Reverted bug fixes for #11444 (fc4d045e3170) and #11424 (b9d76846bb1c), which should not have been made in this branch. | 11 March 2011, 18:44:10 UTC |
| f4d0af4 | Vinay Sajip | 08 March 2011, 22:39:55 UTC | Issue #11444: Lock handlers while flushing/closing during shutdown. | 08 March 2011, 22:39:55 UTC |
| 8dd2a40 | Vinay Sajip | 07 March 2011, 15:02:11 UTC | Issue #11424: Fix bug in determining child loggers. | 07 March 2011, 15:02:11 UTC |
| df8e75e | Georg Brandl | 05 March 2011, 19:40:50 UTC | Merge tags from 2.5. | 05 March 2011, 19:40:50 UTC |
