| c2f86d8 | Benjamin Peterson | 19 October 2019, 18:38:44 UTC | Empty blurb file for 2.7.17. | 19 October 2019, 18:38:44 UTC |
| 74ceb35 | Benjamin Peterson | 19 October 2019, 18:37:52 UTC | Bump version to 2.7.17 final. | 19 October 2019, 18:37:52 UTC |
| 6c4f841 | Miss Islington (bot) | 19 October 2019, 17:52:07 UTC | Update doc switcher list for 3.8.0 (GH-16809) (cherry picked from commit 3f36043db22361500f52634f2b8de49dde0e7da9) Co-authored-by: Ned Deily <nad@python.org> | 19 October 2019, 17:52:07 UTC |
| 4ae38ba | Ned Deily | 19 October 2019, 09:35:44 UTC | Update build docs for macOS (GH-16844) | 19 October 2019, 09:35:44 UTC |
| dedb99a | Ashley Whetter | 18 October 2019, 08:00:22 UTC | bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault the interpreter (GH-5960) (GH-16565) (cherry picked from commit 7a7f100eb352d08938ee0f5ba59c18f56dc4a7b5) Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com> | 18 October 2019, 08:00:22 UTC |
| 8eb27cc | Ashley Whetter | 18 October 2019, 08:00:03 UTC | bpo-32758: Warn that compile() can crash when compiling to an AST object (GH-6043) (GH-16566) (cherry picked from commit f7a6ff6fcab32a53f262ba3f8a072c27afc330d7) Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com> | 18 October 2019, 08:00:03 UTC |
| bef8d9a | Miss Islington (bot) | 14 October 2019, 22:22:18 UTC | Doc: 3.8 is now stable. (GH-16790) (GH-16794) (cherry picked from commit 4504b4500d2a1a80c26b27b0bfff8b624d5ce06c) Co-authored-by: Julien Palard <julien@palard.fr> | 14 October 2019, 22:22:18 UTC |
| 2c9d70a | Ned Deily | 14 October 2019, 08:39:00 UTC | [2.7] Update macOS installer display files for 2.7.17 (GH-16768) | 14 October 2019, 08:39:00 UTC |
| 0bd59d6 | Benjamin Peterson | 08 October 2019, 03:57:05 UTC | [2.7] bpo-31036: Allow sphinx and blurb to be found automatically (GH-16638) Rather than requiring the path to blurb and/or sphinx-build to be specified to the make rule, enhance the Doc/Makefile to look for each first in a virtual environment created by make venv and, if not found, look on the normal process PATH. This allows the Doc/Makefile to take advantage of an installed spinx-build or blurb and, thus, do the right thing most of the time. Also, make the directory for the venv be configurable and document the `make venv` target.. (cherry picked from commit 590665c399fc4aa3c4a9f8e7104d43a02e9f3a0c) Co-authored-by: Ned Deily <nad@python.org> | 08 October 2019, 03:57:05 UTC |
| e78d79c | Miss Islington (bot) | 08 October 2019, 03:43:53 UTC | bpo-35036: Remove empty log line in the suspicious.py tool (GH-10024) Previous to commit ee171a2 the logline was working because of self.info() (now deprecated) defaults to an empty message. (cherry picked from commit c3f52a59ce8406d9e59253ad4621e4749abdaeef) Co-authored-by: Xtreak <tirkarthi@users.noreply.github.com> | 08 October 2019, 03:43:53 UTC |
| d9b3216 | Miss Islington (bot) | 08 October 2019, 03:42:51 UTC | bpo-31589 : Build PDF using xelatex for better UTF8 support. (GH-3940) Also addresses doc build failures documented in bpo-32200. (cherry picked from commit 7324b5ce8e7c031a0a3832a6a8d7c639111ae0ff) Co-authored-by: Julien Palard <julien@palard.fr> | 08 October 2019, 03:42:51 UTC |
| c9a195e | Benjamin Peterson | 08 October 2019, 03:37:45 UTC | [2.7] Stop using deprecated logging API in Sphinx suspicious checker (GH-16635) (cherry picked from commit ee171a26c1169abfae534b08acc0d95c6e45a22a) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> | 08 October 2019, 03:37:45 UTC |
| 1c7b141 | Ned Deily | 08 October 2019, 02:13:04 UTC | Update macOS installer displays for 2.7.17rc1 (#16634) | 08 October 2019, 02:13:04 UTC |
| a6df224 | Benjamin Peterson | 08 October 2019, 02:03:32 UTC | Bump version to 2.7.17rc1. | 08 October 2019, 02:03:32 UTC |
| 89dea46 | Benjamin Peterson | 08 October 2019, 02:01:18 UTC | Roll up news for 2.7.17rc1. | 08 October 2019, 02:01:18 UTC |
| f5b1abb | Jason R. Coombs | 08 October 2019, 02:00:02 UTC | [2.7] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16476) Backporting this change, I observe a couple of things: 1. The _encode_request call is no longer meaningful because the request construction will implicitly encode the request using the default encoding when the format string is used (request = '%s %s %s'...). In order to keep the code as consistent as possible, I decided to include the call as a pass-through. I'd be just as happy to remove it entirely, but I'll leave that up to the reviewer to decide. It's okay that this functionality is disabled on Python 2 because this functionality was mainly around bpo-36274, which was mainly a concern with the transition to Python 3. 2. Because _encode_request is no longer meaningful, neither is the test for it, so I've removed that test. Therefore, the meaningful part of this test is that for bpo-38216, adding a (underscore-protected) hook to customize/disable validation. (cherry picked from commit 7774d7831e8809795c64ce27f7df52674581d298) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> | 08 October 2019, 02:00:01 UTC |
| e7e58fe | Benjamin Peterson | 08 October 2019, 01:54:05 UTC | [2.7] bpo-37664: Update ensurepip bundled wheels, again (GH-16633) (cherry picked from commit 10c452b894d95fed06056fe11e8fe8e1a2a60040) Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com> | 08 October 2019, 01:54:05 UTC |
| c5abd63 | Kirill Smelkov | 03 October 2019, 07:06:52 UTC | bpo-38106: Fix race in pthread PyThread_release_lock() (GH-16047) Fix race in PyThread_release_lock that was leading to memory corruption and deadlocks. The fix applies to POSIX systems where Python locks are implemented with mutex and condition variable because POSIX semaphores are either not provided, or are known to be broken. One particular example of such system is macOS. On Darwin, even though this is considered as POSIX, Python uses mutex+condition variable to implement its lock, and, as of 2019-08-28, Py2.7 implementation, even though similar issue was fixed for Py3 in 2012, contains synchronization bug: the condition is signalled after mutex unlock while the correct protocol is to signal condition from under mutex: https://github.com/python/cpython/blob/v2.7.16-127-g0229b56d8c0/Python/thread_pthread.h#L486-L506 https://github.com/python/cpython/commit/187aa545165d (py3 fix) PyPy has the same bug for both pypy2 and pypy3: https://bitbucket.org/pypy/pypy/src/578667b3fef9/rpython/translator/c/src/thread_pthread.c#lines-443:465 https://bitbucket.org/pypy/pypy/src/5b42890d48c3/rpython/translator/c/src/thread_pthread.c#lines-443:465 Signalling condition outside of corresponding mutex is considered OK by POSIX, but in Python context it can lead to at least memory corruption if we consider the whole lifetime of python level lock. For example the following logical scenario: T1 T2 sema = Lock() sema.acquire() sema.release() sema.acquire() free(sema) ... can translate to the next C-level calls: T1 T2 # sema = Lock() sema = malloc(...) sema.locked = 0 pthread_mutex_init(&sema.mut) pthread_cond_init (&sema.lock_released) # sema.acquire() pthread_mutex_lock(&sema.mut) # sees sema.locked == 0 sema.locked = 1 pthread_mutex_unlock(&sema.mut) # sema.release() pthread_mutex_lock(&sema.mut) sema.locked = 0 pthread_mutex_unlock(&sema.mut) # OS scheduler gets in and relinquishes control from T2 # to another process ... # second sema.acquire() pthread_mutex_lock(&sema.mut) # sees sema.locked == 0 sema.locked = 1 pthread_mutex_unlock(&sema.mut) # free(sema) pthread_mutex_destroy(&sema.mut) pthread_cond_destroy (&sema.lock_released) free(sema) # ... e.g. malloc() which returns memory where sema was ... # OS scheduler returns control to T2 # sema.release() continues # # BUT sema was already freed and writing to anywhere # inside sema block CORRUPTS MEMORY. In particular if # _another_ python-level lock was allocated where sema # block was, writing into the memory can have effect on # further synchronization correctness and in particular # lead to deadlock on lock that was next allocated. pthread_cond_signal(&sema.lock_released) Note that T2.pthread_cond_signal(&sema.lock_released) CORRUPTS MEMORY as it is called when sema memory was already freed and is potentially reallocated for another object. The fix is to move pthread_cond_signal to be done under corresponding mutex: # sema.release() pthread_mutex_lock(&sema.mut) sema.locked = 0 pthread_cond_signal(&sema.lock_released) pthread_mutex_unlock(&sema.mut) To do so this patch cherry-picks thread_pthread.h part of the following 3.2 commit: commit 187aa545165d8d5eac222ecce29c8a77e0282dd4 Author: Kristján Valur Jónsson <kristjan@ccpgames.com> Date: Tue Jun 5 22:17:42 2012 +0000 Signal condition variables with the mutex held. Destroy condition variables before their mutexes. Python/ceval_gil.h | 9 +++++---- Python/thread_pthread.h | 15 +++++++++------ 2 files changed, 14 insertions(+), 10 deletions(-) (ceval_gil.h is Python3 specific and does not apply to Python2.7) The bug was there since 1994 - since at least [1]. It was discussed in 2001 with original code author[2], but the code was still considered to be race-free. In 2010 the place where pthread_cond_signal should be - before or after pthread_mutex_unlock - was discussed with the rationale to avoid threads bouncing[3,4,5], and in 2012 pthread_cond_signal was moved to be called from under mutex, but only for CPython3[6,7]. In 2019 the bug was (re-)discovered while testing Pygolang[8] on macOS with CPython2 and PyPy2 and PyPy3. [1] https://github.com/python/cpython/commit/2c8cb9f3d240 [2] https://bugs.python.org/issue433625 [3] https://bugs.python.org/issue8299#msg103224 [4] https://bugs.python.org/issue8410#msg103313 [5] https://bugs.python.org/issue8411#msg113301 [6] https://bugs.python.org/issue15038#msg163187 [7] https://github.com/python/cpython/commit/187aa545165d [8] https://pypi.org/project/pygolang (cherry picked from commit 187aa545165d8d5eac222ecce29c8a77e0282dd4) Co-Authored-By: Kristján Valur Jónsson <kristjan@ccpgames.com> | 03 October 2019, 07:06:52 UTC |
| 403ca7e | Victor Stinner | 02 October 2019, 16:36:32 UTC | [2.7] bpo-38338, test.pythoninfo: add more ssl infos (GH-16543) test.pythoninfo now logs environment variables used by OpenSSL and Python ssl modules, and logs attributes of 3 SSL contexts (SSLContext, default HTTPS context, stdlib context). (cherry picked from commit 1df1c2f8df53d005ff47af81aa02c58752b84e20) | 02 October 2019, 16:36:32 UTC |
| 8eb6415 | Dong-hee Na | 01 October 2019, 10:58:01 UTC | [2.7] bpo-38243: Escape the server title of DocXMLRPCServer (GH-16447) Escape the server title of DocXMLRPCServer.DocXMLRPCServer when rendering the document page as HTML. | 01 October 2019, 10:58:00 UTC |
| 598f676 | Jesús Cea | 28 September 2019, 03:09:24 UTC | [2.7] bpo-38301: In Solaris family, we must be sure to use '-D_REENTRANT' (GH-16446). (#16454) (cherry picked from commit 52d1b86bde2b772a76919c76991c326384954bf1) Co-authored-by: Jesús Cea <jcea@jcea.es> | 28 September 2019, 03:09:24 UTC |
| 90b4e49 | Benjamin Peterson | 26 September 2019, 05:07:09 UTC | bpo-38174 follow up: Remove loadlibrary.c from VS9.0. (GH-16411) | 26 September 2019, 05:07:09 UTC |
| e73b93a | Benjamin Peterson | 26 September 2019, 04:49:04 UTC | [2.7] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16408) Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.. (cherry picked from commit 52b940803860e37bcc3f6096b2d24e7c20a0e807) Co-authored-by: Benjamin Peterson <benjamin@python.org> | 26 September 2019, 04:49:04 UTC |
| 7c65adf | Miss Islington (bot) | 24 September 2019, 02:31:25 UTC | closes bpo-38253: Fix typo of Py_SET_ERANGE_IF_OVERFLOW in pyport.h. (GH-16230) (cherry picked from commit 4346bad3321699d49a45e3446270b57726ab5c8f) Co-authored-by: Hai Shi <shihai1992@gmail.com> | 24 September 2019, 02:31:25 UTC |
| c47c8ba | Miss Islington (bot) | 18 September 2019, 10:36:57 UTC | bpo-37904: Edition on python tutorial - section 4 (GH-16169) (GH-16236) A little change on first paragraph of python tutorial to be more clearly https://bugs.python.org/issue37904 Automerge-Triggered-By: @ericvsmith (cherry picked from commit b57481318e3e3cbacd398b898f9849ec8f2d7eec) Co-authored-by: Diego Alberto Barriga Martínez <diegobarriga@protonmail.com> | 18 September 2019, 10:36:57 UTC |
| be257bc | Serhiy Storchaka | 17 September 2019, 06:56:27 UTC | [2.7] bpo-38175: Fix a memory leak in comparison of sqlite3.Row objects. (GH-16155). (GH-16215) (cherry picked from commit 8debfa50407107ff2329d01081cdc12d359f1d12) | 17 September 2019, 06:56:27 UTC |
| 5d55d52 | Miss Islington (bot) | 16 September 2019, 19:48:21 UTC | bpo-33936: Don't call obsolete init methods with OpenSSL 1.1.0+ (GH-16140) ``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``. https://bugs.python.org/issue33936 (cherry picked from commit 724f1a57231f9287c37255adf0e4364d12cf693d) Co-authored-by: Christian Heimes <christian@python.org> | 16 September 2019, 19:48:21 UTC |
| d890341 | Steve Dower | 16 September 2019, 12:07:40 UTC | bpo-38117: Updates bundled OpenSSL to 1.0.2t (GH-16178) | 16 September 2019, 12:07:40 UTC |
| 68d8c12 | Xiang Zhang | 16 September 2019, 07:07:32 UTC | [2.7] bpo-38168: Fix a possbile refleak in setint() of mmapmodule.c (GH-16136) (GH-16176) (cherry picked from commit 56a4514) Co-authored-by: Hai Shi shihai1992@gmail.com https://bugs.python.org/issue38168 | 16 September 2019, 07:07:32 UTC |
| 8dd358c | Ned Deily | 16 September 2019, 03:35:55 UTC | bpo-38117: Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x. (GH-16171) | 16 September 2019, 03:35:55 UTC |
| 4cbcd2f | Roberto C. Sánchez | 14 September 2019, 17:26:38 UTC | [2.7] bpo-34155: Dont parse domains containing @ (GH-13079) (GH-16006) This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address. (cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9) Excludes changes to Lib/email/_header_value_parser.py, which did not exist in 2.7. Co-authored-by: jpic <jpic@users.noreply.github.com> https://bugs.python.org/issue34155 | 14 September 2019, 17:26:38 UTC |
| 0d63669 | Alexandru Ardelean | 11 September 2019, 17:23:28 UTC | [2.7] bpo-35264: Modules/_ssl.c: fix build with OpenSSL 1.1.0 (GH-10570) Fixes a build error with OpenSSL 1.1.0. There is already code in the `_ssl.c` that handles all the weird cases of the NPN config macros (with various OpenSSL & LibreSSL versions). That code will provide a HAVE_NPN variable, which should be used in the rest of the code to check whether (or what) to compile regarding NPN. This change adds HAVE_NPN in the remaining places where it should have been placed. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> https://bugs.python.org/issue35264 | 11 September 2019, 17:23:28 UTC |
| f9db011 | Zackery Spytz | 11 September 2019, 13:26:07 UTC | closes bpo-36712: Fix duplicate method in Lib/email/test/test_email_renamed.py. (GH-14800) | 11 September 2019, 13:26:07 UTC |
| b239ab9 | Zackery Spytz | 11 September 2019, 13:22:08 UTC | closes bpo-36711: Remove duplicate method in Lib/email/feedparser.py. (GH-14801) | 11 September 2019, 13:22:08 UTC |
| 289c5ea | Zackery Spytz | 11 September 2019, 09:39:34 UTC | bpo-37445: Include FORMAT_MESSAGE_IGNORE_INSERTS in FormatMessageW() calls (GH-15822) If FormatMessageW() is passed the FORMAT_MESSAGE_FROM_SYSTEM flag without FORMAT_MESSAGE_IGNORE_INSERTS, it will fail if there are insert sequences in the message definition. (cherry picked from commit a656365) | 11 September 2019, 09:39:34 UTC |
| 58d61ef | Benjamin Peterson | 09 September 2019, 17:09:58 UTC | [2.7] bpo-36502: Update link to UAX GH-44, the Unicode doc on the UCD. (GH-15808) The link we have points to the version from Unicode 6.0.0, dated 2010. There have been numerous updates to it since then: https://www.unicode.org/reports/tr44/GH-Modifications Change the link to one that points to the current version. Also, use HTTPS.. (cherry picked from commit 64c6ac74e254d31f93fcc74bf02b3daa7d3e3f25) Co-authored-by: Greg Price <gnprice@gmail.com> | 09 September 2019, 17:09:58 UTC |
| 2fb6921 | Serhiy Storchaka | 09 September 2019, 09:38:05 UTC | [2.7] bpo-34410: Fix a crash in the tee iterator when re-enter it. (GH-15625) (GH-15740) RuntimeError is now raised in this case. (cherry picked from commit 526a01467b3277f9fcf7f91e66c23321caa1245d) | 09 September 2019, 09:38:05 UTC |
| 0229b56 | Miss Islington (bot) | 28 August 2019, 17:36:18 UTC | closes bpo-37965: Fix compiler warning of distutils CCompiler.test_function. (GH-15560) https://bugs.python.org/issue37965 https://bugs.python.org/issue37965 Automerge-Triggered-By: @benjaminp (cherry picked from commit 55aabee07501e1468082b3237620e4ecd75c5da6) Co-authored-by: Anonymous Maarten <madebr@users.noreply.github.com> | 28 August 2019, 17:36:18 UTC |
| c364221 | Victor Stinner | 23 August 2019, 13:00:38 UTC | bpo-34521: Fix FD transfer in multiprocessing on FreeBSD (GH-15422) Fix file descriptors transfer in multiprocessing on FreeBSD: use CMSG_SPACE() rather than CMSG_LEN(); see RFC 3542. | 23 August 2019, 13:00:38 UTC |
| 3b26f73 | Victor Stinner | 23 August 2019, 12:59:40 UTC | test_multiprocessing removes temporary files (GH-15421) (cherry picked from commit d0b10a64351069aa9246d40cb8bd207cc9209cee) | 23 August 2019, 12:59:40 UTC |
| 98b11e1 | Miss Islington (bot) | 21 August 2019, 11:52:05 UTC | bpo-37823: Fix open() link in telnetlib doc (GH-15281) Fixed wrong link to Telnet.open() method in telnetlib documentation. (cherry picked from commit e0b6117e2723327d6741d0aa599408514add5b30) Co-authored-by: Michael Anckaert <michael.anckaert@sinax.be> | 21 August 2019, 11:52:05 UTC |
| 198a0d6 | Miss Islington (bot) | 21 August 2019, 04:12:18 UTC | bpo-35518: Skip test that relies on a deceased network service. (GH-15349) If this service had thoroughly vanished, we could just ignore the test until someone gets around to either recreating such a service or redesigning the test to somehow work locally. The `support.transient_internet` mechanism catches the failure to resolve the domain name, and skips the test. But in fact the domain snakebite.net does still exist, as do its nameservers -- and they can be quite slow to reply. As a result this test can easily take 20-30s before it gets auto-skipped. So, skip the test explicitly up front. (cherry picked from commit 5b95a1507e349da5adae6d2ab57deac3bdd12f15) Co-authored-by: Greg Price <gnprice@gmail.com> | 21 August 2019, 04:12:18 UTC |
| 35f9bcc | David H | 05 August 2019, 09:19:26 UTC | [2.7] bpo-37730: Fix usage of NotImplemented instead of NotImplementedError in docs. (GH-15062). (GH-15133) (cherry picked from commit ed5e8e06cbf766e89d6c58a882ee024abb5b2ed7) Co-authored-by: David H <dheiberg@mozilla.com> | 05 August 2019, 09:19:26 UTC |
| 53639dd | Miss Islington (bot) | 24 July 2019, 23:59:31 UTC | closes bpo-37675: Use pkgutil.iter_modules to find fixers in a package rather than listdir. (14942) (cherry picked from commit 93e8aa62cfd0a61efed4a61a2ffc2283ae986ef2) Co-authored-by: Benjamin Peterson <benjamin@python.org> | 24 July 2019, 23:59:31 UTC |
| 46c2eff | Miss Islington (bot) | 11 July 2019, 14:17:08 UTC | bpo-34369: make kqueue.control() docs better reflect that timeout is positional-only (GH-9499) (cherry picked from commit 79042ac4348ccc09344014f20dd49401579f8795) Co-authored-by: Tal Einat <taleinat@gmail.com> | 11 July 2019, 14:17:08 UTC |
| 0517375 | Miss Islington (bot) | 11 July 2019, 02:49:59 UTC | Document default parameter of .seek() in the signature. (GH-14691) (cherry picked from commit 2a3d4d9c53dd4831c3ecf56bc7c4a289c33030d6) Co-authored-by: Benjamin Peterson <benjamin@python.org> | 11 July 2019, 02:49:59 UTC |
| 00bf4d6 | Miss Islington (bot) | 07 July 2019, 15:59:14 UTC | bpo-37513: Change ValueError to TypeError in an example in ctypes doc (GH-14615) (cherry picked from commit f6cdd3ff687ebbf8209d793a18a042ea495c4aeb) Co-authored-by: Hai Shi <shihai1992@gmail.com> | 07 July 2019, 15:59:14 UTC |
| dd3862e | Miss Islington (bot) | 06 July 2019, 21:55:41 UTC | bpo-37487: Fix PyList_GetItem index description. (GH-14623) (GH-14626) 0 is a legal index. (cherry picked from commit f8709e804d16ec5d44b1d2f00d59a0f78df7b792) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> | 06 July 2019, 21:55:41 UTC |
| 55270d0 | Miss Islington (bot) | 06 July 2019, 07:04:53 UTC | bpo-37149: Replace dead link for online Tkinter reference (GH-14616) Also fix a name misspelling. (cherry picked from commit 45bc61b97178b27ae05bd3eb95481bf0325795bb) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> | 06 July 2019, 07:04:53 UTC |
| 03b0128 | Miss Islington (bot) | 02 July 2019, 05:38:31 UTC | Put pyexpatns.h include back. bpo-37437 (GH-14539) (cherry picked from commit 2cd07920bb7d2d319999394092190f37935dc421) Co-authored-by: Benjamin Peterson <benjamin@python.org> | 02 July 2019, 05:38:31 UTC |
| da7f6db | Ned Deily | 01 July 2019, 23:15:09 UTC | bpo-19960: Fix building of zlib on macOS without installed headers (GH-14257) When building 2.7 on macOS without system header files installed in ``/usr/include``, a few extension modules dependent on system-supplied third-party libraries were not being built, most notably zlib. This situation arose in the past when building without the Command Line Tools and the option to install header files in the traditional system locations (like /usr/include). As of macOS 10.14, the header files are only available in an SDK so the problem addressed here affects most 2.7 builds. | 01 July 2019, 23:15:09 UTC |
| bc60c47 | Miss Islington (bot) | 30 June 2019, 04:41:55 UTC | [2.7] bpo-30754: Document textwrap.dedent blank line behavior. (GH-14469) (GH-14475) * Added documentation for textwrap.dedent behavior. (cherry picked from commit eb97b9211e7c99841d6cae8c63893b3525d5a401) Co-authored-by: tmblweed <tmblweed@users.noreply.github.com> https://bugs.python.org/issue30754 | 30 June 2019, 04:41:55 UTC |
| 065aff3 | Victor Stinner | 28 June 2019, 16:13:33 UTC | [2.7] bpo-37329: valgrind: ignore _PyWarnings_Init false alarms (GH-14202) _PyWarnings_Init() only allocates memory once at startup but it is not released at exit. Ignore this issue to be able to catch other bugs more easily. | 28 June 2019, 16:13:33 UTC |
| 4397c68 | Miss Islington (bot) | 28 June 2019, 04:24:52 UTC | closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436) (cherry picked from commit 3b03b09fc94425915c5b1225e9200a3a95bc827b) Co-authored-by: Benjamin Peterson <benjamin@python.org> | 28 June 2019, 04:24:52 UTC |
| dfa9499 | Miss Islington (bot) | 26 June 2019, 20:54:27 UTC | [2.7] bpo-37411: Rewrite test_wsgiref.testEnviron() (GH-14394) (GH-14404) Fix test_wsgiref.testEnviron() to no longer depend on the environment variables (don't fail if "X" variable is set). testEnviron() now overrides os.environ to get a deterministic environment. Test full TestHandler.environ content: not only a few selected variables. (cherry picked from commit 5150d327924959639215ed0a78feffc0d88258da) Co-authored-by: Victor Stinner <vstinner@redhat.com> | 26 June 2019, 20:54:27 UTC |
| 49032fa | Victor Stinner | 25 June 2019, 11:37:16 UTC | bpo-37396, PCbuild: Include "_d" in "Killing any running ..." message (GH-14370) Add $(PyDebugExt) in "Killing any running python$(PyDebugExt).exe instances...". | 25 June 2019, 11:37:16 UTC |
| 0fc14b3 | animalize | 24 June 2019, 23:27:03 UTC | bpo-35360: Update Windows builds to use SQLite 3.28.0 (GH-14182) | 24 June 2019, 23:27:03 UTC |
| 6cbff56 | Victor Stinner | 24 June 2019, 14:09:49 UTC | bpo-37124: Fix reference leak in test_msilib (GH-13750) (GH-14340) (cherry picked from commit c0295dba259accc4b247beb22a0b2cc2f31d9850) | 24 June 2019, 14:09:49 UTC |
| 9d55bf4 | Victor Stinner | 24 June 2019, 11:21:18 UTC | bpo-37359: Add --cleanup option to python3 -m test (GH-14332) (GH-14333) * regrtest: Add --cleanup option to remove "test_python_*" directories of previous failed test jobs. * Add "make cleantest" to run "python -m test --cleanup". (cherry picked from commit 47fbc4e45b35b3111e2d947a66490a43ac21d363) | 24 June 2019, 11:21:18 UTC |
| 0346448 | Miss Islington (bot) | 23 June 2019, 19:08:28 UTC | Improve threading.daemon docstring (GH-14278) Rephrase and clarify that "the entire Python program exits when only daemon threads are left". This matches the documentation at https://docs.python.org/3/library/threading.htmlGH-thread-objects. (cherry picked from commit bb110cc2ed81447fb48805f31146cf31323a8fc3) Co-authored-by: mbarkhau <mbarkhau@gmail.com> | 23 June 2019, 19:08:28 UTC |
| adcdb1e | Victor Stinner | 21 June 2019, 21:58:53 UTC | bpo-37362: test_gdb now ignores stderr (GH-14287) (GH-14297) test_gdb no longer fails if it gets an "unexpected" message on stderr: it now ignores stderr. The purpose of test_gdb is to test that python-gdb.py commands work as expected, not to test gdb. (cherry picked from commit e56a123fd0acaa295a28b98d2e46d956b97d1263) | 21 June 2019, 21:58:53 UTC |
| c421c66 | Ned Deily | 20 June 2019, 05:59:54 UTC | bpo-36231: Support building on macOS without /usr/include (GH-13773) (GH-14256) | 20 June 2019, 05:59:54 UTC |
| 598c756 | Benjamin Peterson | 19 June 2019, 06:03:35 UTC | [2.7] Fix name of '\0'. (GH-14225) '\0' is the NUL byte not NULL.. (cherry picked from commit 7821b4c6d29933511d50bb42255e39790c6abf00) | 19 June 2019, 06:03:35 UTC |
| a5b1b22 | Ned Deily | 18 June 2019, 10:48:53 UTC | bpo-34631: Updated OpenSSL to 1.0.2s in macOS installer. (GH-14198) | 18 June 2019, 10:48:53 UTC |
| 373dace | animalize | 18 June 2019, 09:59:53 UTC | [2.7] bpo-35360: Update macOS installer to use SQLite 3.28.0 (GH-14183) | 18 June 2019, 09:59:53 UTC |
| eb8b559 | Alex Gaynor | 18 June 2019, 01:41:44 UTC | [2.7] Update link in colorsys docs to be https (GH-14062) (GH-14110) | 18 June 2019, 01:41:44 UTC |
| d8e3a8a | Steve Dower | 17 June 2019, 16:33:11 UTC | bpo-34631: Updated OpenSSL to 1.0.2s in Windows installer (GH-14161) | 17 June 2019, 16:33:11 UTC |
| 722733e | Terry Jan Reedy | 16 June 2019, 20:36:23 UTC | [2.7] Fix 2.7 test -R test_IDLE failure on Windows (GH-13958) Cherry-picked from 66d47da. | 16 June 2019, 20:36:23 UTC |
| ee15aa2 | Xtreak | 15 June 2019, 16:29:29 UTC | [2.7] bpo-35647: Fix path check in cookiejar. (GH-11436) (GH-13427) | 15 June 2019, 16:29:29 UTC |
| 979daae | Xtreak | 15 June 2019, 15:29:43 UTC | [2.7] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (GH-13426) This is a manual backport of ca7fe5063593958e5efdf90f068582837f07bd14 since 2.7 has `http.cookiejar` in `cookielib` https://bugs.python.org/issue35121 | 15 June 2019, 15:29:43 UTC |
| 2b57847 | Victor Stinner | 11 June 2019, 10:45:35 UTC | [2.7] bpo-36742: Fix urlparse.urlsplit() error message for Unicode URL (GH-13937) If urlparse.urlsplit() detects an invalid netloc according to NFKC normalization, the error message type is now str rather than unicode, and use repr() to format the URL, to prevent <exception str() failed> when display the error message. | 11 June 2019, 10:45:35 UTC |
| 99b5c94 | Dimitri John Ledkov | 09 June 2019, 05:44:57 UTC | [2.7] bpo-34836: fix test_default_ecdh_curve, needs no tlsv1.3. (GH-9626) Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> https://bugs.python.org/issue34836 | 09 June 2019, 05:44:57 UTC |
| 48f190f | Eric Wieser | 08 June 2019, 09:19:24 UTC | [2.7] bpo-37188: Fix a divide-by-zero in arrays of size-0 objects (#13906) | 08 June 2019, 09:19:24 UTC |
| 2bfc2dc | Zackery Spytz | 07 June 2019, 16:22:57 UTC | [2.7] bpo-37170: Fix the cast on error in PyLong_AsUnsignedLongLongMask() (GH-13860) (GH-13898) (cherry picked from commit dc2476500d91082f0c907772c83a044bf49af279) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 07 June 2019, 16:22:56 UTC |
| 1b57ab5 | Tal Einat | 07 June 2019, 06:53:05 UTC | [2.7] bpo-37177: make IDLE's search dialogs transient (GH-13869) This avoids the search dialogs being hidden behind the editor window. (cherry picked from commit 554450fb4e95066e825bdb4a2d544a490daeebdc) | 07 June 2019, 06:53:05 UTC |
| 20093b3 | Anthony Sottile | 05 June 2019, 00:19:36 UTC | Update outdated reference to Mercurial (GH-12857) | 05 June 2019, 00:19:36 UTC |
| 49832e6 | Miss Islington (bot) | 04 June 2019, 23:21:08 UTC | Doc: Python 3.9 in sidebar and version switcher. (GH-13824) (cherry picked from commit 59e7bbcaa4d0d556591f774c5ea4869c41fa95b0) Co-authored-by: Julien Palard <julien@palard.fr> | 04 June 2019, 23:21:08 UTC |
| f61599b | Steve Dower | 04 June 2019, 16:40:16 UTC | bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) | 04 June 2019, 16:40:16 UTC |
| 74bede0 | Miss Islington (bot) | 03 June 2019, 03:39:38 UTC | Fix variable name copy/paste error in build-installer.py (GH-13038) (cherry picked from commit d337169156933eaf732566bf29eb968549ada5e8) Co-authored-by: cclauss <cclauss@me.com> | 03 June 2019, 03:39:38 UTC |
| bfc1f60 | Miss Islington (bot) | 31 May 2019, 22:39:39 UTC | [2.7] bpo-12639: msilib.Directory.start_component() fails if *keyfile* is not None (GH-13688) * bpo-12639: msilib.Directory.start_component() fails if *keyfile* is not None (GH-13688) msilib.Directory.start_component() was passing an extra argument to CAB.gen_id(). (cherry picked from commit c8d5bf6c3fa09b43f6a5ee779d493d251dbcc53c) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 31 May 2019, 22:39:39 UTC |
| 103b8d9 | Hai Shi | 29 May 2019, 17:05:26 UTC | [2.7] bpo-33071: remove outdated PyPI docs (GH-13087) (GH-13584) Patch by Kojo Idrissa. (cherry picked from commit 1b4abcf302ff2c8f4d4881294510d48ba5186b53) Co-authored-by: Kojo Idrissa <kojoidrissa@users.noreply.github.com> https://bugs.python.org/issue33071 | 29 May 2019, 17:05:26 UTC |
| 09ba833 | Tony Flury | 29 May 2019, 01:36:04 UTC | [2.7] bpo-33006 - Correct filter doc string to clarify 2nd argument can be iterable (GH-6015) https://bugs.python.org/issue33006 | 29 May 2019, 01:36:04 UTC |
| aaed2c3 | Victor Stinner | 28 May 2019, 16:15:30 UTC | bpo-26423: Fix test_descr.test_wrap_lenfunc_bad_cast() on 32-bit Windows (GH-13629) Skip the test if xrange(sys.maxsize) raises an OverflowError. | 28 May 2019, 16:15:30 UTC |
| 80dfe99 | Victor Stinner | 28 May 2019, 15:23:07 UTC | bpo-26423: Fix possible overflow in wrap_lenfunc() (GH-13606) (GH-13625) Fix possible overflow in wrap_lenfunc() when sizeof(long) < sizeof(Py_ssize_t) (e.g., 64-bit Windows). (cherry picked from commit 05f16416d99dc9fc76fef11e56f16593e7a5955e) | 28 May 2019, 15:23:07 UTC |
| d9d1045 | Victor Stinner | 24 May 2019, 21:28:56 UTC | bpo-35907: Clarify the NEWS entry (GH-13557) | 24 May 2019, 21:28:56 UTC |
| 25d8404 | Michele Angrisano | 23 May 2019, 14:42:50 UTC | bpo-36713: Rename duplicated method in test_unicode. (#13525) modified: Lib/ctypes/test/test_unicode.py modified: Misc/ACKS new file: Misc/NEWS.d/next/Library/2019-05-23-15-57-36.bpo-36713.sjPhnf.rst | 23 May 2019, 14:42:50 UTC |
| 942c31d | Victor Stinner | 22 May 2019, 21:28:03 UTC | bpo-35907: Complete test_urllib.test_local_file_open() (GH-13506) Test also URLopener().open(), URLopener().retrieve(), and DummyURLopener().retrieve(). | 22 May 2019, 21:28:03 UTC |
| b15bde8 | SH | 21 May 2019, 21:12:23 UTC | bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-11842) CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in urllib.urlopen(). | 21 May 2019, 21:12:23 UTC |
| bb8071a | Victor Stinner | 21 May 2019, 13:12:33 UTC | bpo-30458: Disallow control chars in http URLs (GH-12755) (GH-13154) (GH-13315) Disallow control chars in http URLs in urllib2.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected. Disable https related urllib tests on a build without ssl (GH-13032) These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures. Use httplib.InvalidURL instead of ValueError as the new error case's exception. (GH-13044) Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz> (cherry picked from commit 7e200e0763f5b71c199aaf98bd5588f291585619) Notes on backport to Python 2.7: * test_urllib tests urllib.urlopen() which quotes the URL and so is not vulerable to HTTP Header Injection. * Add tests to test_urllib2 on urllib2.urlopen(). * Reject non-ASCII characters: range 0x80-0xff. | 21 May 2019, 13:12:33 UTC |
| c841a30 | Terry Jan Reedy | 20 May 2019, 02:35:21 UTC | [2.7] Update idlelib NEWS.txt for 2.7 (GH-13436) | 20 May 2019, 02:35:21 UTC |
| eda691d | Miss Islington (bot) | 20 May 2019, 00:49:50 UTC | closes bpo-36951: Correct some types in the type_members struct in typeobject.c. (GH-13403) (cherry picked from commit 53d378c81286644138415cb56da52a7351e1a477) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 20 May 2019, 00:49:50 UTC |
| 951af2d | Benjamin Peterson | 17 May 2019, 18:29:38 UTC | closes bpo-36755: Suppress noisy error output in test HTTPS server by default. (GH-13370) TLS 1.3 has a more efficient handshake protocol. The client can reject the server's credentials and close the connection before the server has even finished writing out all of its initial data. Depending on whether the server finishes writing the rest of its handshake before the it sees the connection is reset, the server will read an empty line or see a ECONNRESET OSError. Nothing is really wrong here with the server or client, so just suppress the error output in the OSError case to fix the test. This fix isn't required in Python 3 because clients that reject the server's certificate will shut down the TLS layer before closing the TCP connection. | 17 May 2019, 18:29:38 UTC |
| f24a9f3 | Victor Stinner | 15 May 2019, 14:31:10 UTC | bpo-27987: pymalloc: align by 16bytes on 64bit platform (GH-12850) (GH-13319) (cherry picked from commit f0be4bbb9b3cee876249c23f2ae6f38f43fa7495) | 15 May 2019, 14:31:10 UTC |
| 353f8d2 | Terry Jan Reedy | 13 May 2019, 22:29:15 UTC | [2.7] bpo-36807: When saving a file in IDLE, call flush and fsync (GH-13102) (GH-13293) | 13 May 2019, 22:29:15 UTC |
| 7346a16 | Gregory P. Smith | 13 May 2019, 20:16:34 UTC | [2.7] bpo-35925: Skip SSL tests that fail due to weak external certs or old TLS (GH-13124) (GH-13253) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue. (cherry picked from commit 2cc0223) Changes to test_ssl.py required as 2.7 has legacy protocol tests. The test_httplib.py change is omitted from this backport as self-signed.pythontest.net's certificate was updated and the test_nntplib.py change is not applicable on 2.7. Authored-by: Gregory P. Smith greg@krypto.org | 13 May 2019, 20:16:34 UTC |
| 24ff9a4 | Toshio Kuratomi | 12 May 2019, 20:47:19 UTC | [2.7] closes bpo-14353: Fix detection of bind_textdomain_codeset in libintl. (GH-13265) In Python-2.7, we were only searching for bind_textdomain_codeset in libc. We should have also checked for it in libintl. This change from Mel Flynn https://bugs.python.org/file24918/python27-configure.in.patch fixes that. | 12 May 2019, 20:47:18 UTC |
| 7b5dca8 | Gregory P. Smith | 09 May 2019, 00:53:15 UTC | [2.7] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (GH-13199) * [2.7] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) We updated the server, our testsuite must match. https://bugs.python.org/issue36816 ✈️ CLE -> DEN ✈️ #pycon2019 #beyonce (cherry picked from commit 6bd81734de0b73f1431880d6a75fb71bcbc65fa1) The 2.7 tree also needed a certificate in the capath directory updated. The filename for that was determined by `openssl x509 -in $cert.pem -subject_hash`. Authored-by: Gregory P. Smith <greg@krypto.org> | 09 May 2019, 00:53:15 UTC |
| 8ab24b2 | Julien Palard | 08 May 2019, 13:32:08 UTC | [2.7] bpo-24712: Doc: Make sidebar sticky using browser support. (GH-13179) Patch by Mike Taylor. | 08 May 2019, 13:32:07 UTC |
| 7c2c01f | Zackery Spytz | 02 May 2019, 19:29:22 UTC | [2.7] bpo-14546: Fix the argument handling in Tools/scripts/lll.py (GH-13026) (GH-13063) (cherry picked from commit c4e78b116f9a4299f3b3bfbbd18ef49782bb1143) | 02 May 2019, 19:29:21 UTC |
| 74852b9 | Miss Islington (bot) | 02 May 2019, 03:01:41 UTC | Change bisect to bisect_cmd in docstring (GH-13040) (cherry picked from commit 11e4a941e9c6225776a986b05230a1963e83f4fb) Co-authored-by: Xtreak <tir.karthi@gmail.com> | 02 May 2019, 03:01:41 UTC |
