Here are all the changes in upstream Python 2.6.6 and 2.6.7 as defined in the
Misc/News file. I've pulled out all the extraneous information and left just
the issue bullets. Those that could have SRU implications I've marked with
`@@@`.
TL;DR: Here's what Matthias wants to know: "check the upstream changes made
since 2.6.5 and make sure that these are bug and regression fixes only". The
one new feature is issue 5753, but that cannot hurt existing code, since it
won't be written to use the new API, and besides the new API fixes a CVE.
Bottom line: all other changes are bug and regression fixes only.
Details:
- Issue #11662: Make urllib and urllib2 ignore redirections if the
scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
- Issue #11442: Add a charset parameter to the Content-type in SimpleHTTPServer
to avoid XSS attacks.
- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
error handling when accepting a new connection.
- Issue #9600: Don't use relative import for _multiprocessing on
Windows.
- Issue #8688: Revert regression introduced in 2.6.6rc1 (making Distutils
recalculate MANIFEST every time).
- Issue #5798: Handle select.poll flag oddities properly on OS X.
This fixes test_asynchat and test_smtplib failures on OS X.
- Issue #9543: Fix regression in socket.py introduced in Python 2.6.6 rc 1
in r83624.
- Issue #7567: Don't call `setupterm' twice.
- Issue #9568: Fix test_urllib2_localnet on OS X 10.3.
- Issue #9145: Fix test_coercion failure in refleak runs.
- Issue #8433: Fix test_curses failure caused by newer versions of
ncurses returning ERR from getmouse() when there are no mouse
events available.
- Issue #6213: Implement getstate() and setstate() methods of utf-8-sig and
utf-16 incremental encoders.
@@@ Since the return value of getstate() changed, this could potentially cause
some code to break, but I think that this is such an obscure API, the
likelihood is very low.
- Issue #8271: during the decoding of an invalid UTF-8 byte sequence, only the
start byte and the continuation byte(s) are now considered invalid, instead
of the number of bytes specified by the start byte.
E.g.: '\xf1\x80AB'.decode('utf-8', 'replace') now returns u'\ufffdAB' and
replaces with U+FFFD only the start byte ('\xf1') and the continuation byte
('\x80') even if '\xf1' is the start byte of a 4-bytes sequence.
Previous versions returned a single u'\ufffd'.
- Issue #9058: Remove assertions about INT_MAX in UnicodeDecodeError.
- Issue #8941: decoding big endian UTF-32 data in UCS-2 builds could crash
the interpreter with characters outside the Basic Multilingual Plane
(higher than 0x10000).
- Issue #8627: Remove bogus "Overriding __cmp__ blocks inheritance of
__hash__ in 3.x" warning. Also fix "XXX undetected error" that
arises from the "Overriding __eq__ blocks inheritance ..." warning
when turned into an exception: in this case the exception simply
gets ignored.
- Issue #4108: In urllib.robotparser, if there are multiple 'User-agent: *'
entries, consider the first one.
- Issue #9354: Provide getsockopt() in asyncore's file_wrapper.
- In the unicode/str.format(), raise a ValueError when indexes to arguments are
too large.
@@@ Highly unlikely that valid code expects this to work, so an exception,
while possibly unexpected by clients, should be an indication that the code is
buggy in the first place.
- Issue #3798: Write sys.exit() message to sys.stderr to use stderr encoding
and error handler, instead of writing to the C stderr file in utf-8
@@@ Possibly disruptive if some application cares about sys.exit() text in a
specific encoding.
- Issue #7902: When using explicit relative import syntax, don't try
implicit relative import semantics.
@@@ Has the potential to break existing working code. I'll put "working" in
quotes though because such code was depending on broken behavior that
accidentally worked through an implementation bug. Guido pronounced in favor
of this fix.
- Issue #7079: Fix a possible crash when closing a file object while using
it from another thread. Patch by Daniel Stutzbach.
- Issue #1533: fix inconsistency in range function argument
processing: any non-float non-integer argument is now converted to
an integer (if possible) using its __int__ method. Previously, only
small arguments were treated this way; larger arguments (those whose
__int__ was outside the range of a C long) would produce a TypeError.
- Issue #8417: Raise an OverflowError when an integer larger than sys.maxsize
is passed to bytearray.
- Issue #8329: Don't return the same lists from select.select when no fds are
changed.
- Raise a TypeError when trying to delete a T_STRING_INPLACE struct
member.
- Issue #1583863: An unicode subclass can now override the __unicode__
method.
- Issue #7507: Quote "!" in pipes.quote(); it is special to some shells.
- Issue #7544: Preallocate thread memory before creating the thread to avoid
a fatal error in low memory condition.
- Issue #7820: The parser tokenizer restores all bytes in the right if
the BOM check fails.
- Issue #7072: isspace(0xa0) is true on Mac OS X
- Issue #5753: A new C API function, :cfunc:`PySys_SetArgvEx`, allows
embedders of the interpreter to set sys.argv without also modifying
sys.path. This helps fix `CVE-2008-5983
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
@@@ Yes, this is a new feature, but it can't hurt because code written against
Python < 2.6.6 wouldn't have this available.
- Issue #8447: Make distutils.sysconfig follow symlinks in the path to
the interpreter executable. This fixes a failure of test_httpservers
on OS X.
- Issue #7092: Fix the DeprecationWarnings emitted by the standard library
when using the -3 flag. Patch by Florent Xicluna.
- Issue #7395: Fix tracebacks in pstats interactive browser.
- Issue #1713: Fix os.path.ismount(), which returned true for symbolic links
across devices.
@@@ Could potentially break code that was erroneously expecting this to work.
However if the code recognized this as a bug and has a workaround, that
workaround should still be valid.
- Issue #8826: Properly load old-style "expires" attribute in
http.cookies.
- Issue #1690103: Fix initial namespace for code run with trace.main().
- Issue #5294: Fix the behavior of pdb's "continue" command when called
in the top-level debugged frame.
- Issue #5727: Restore the ability to use readline when calling into pdb
in doctests.
- Issue #6719: In pdb, do not stop somewhere in the encodings machinery
if the source file to be debugged is in a non-builtin encoding.
- Issue #8048: Prevent doctests from failing when sys.displayhook has
been reassigned.
- Issue #8015: In pdb, do not crash when an empty line is entered as
a breakpoint command.
- Issue #7909: Do not touch paths with the special prefixes ``\\.\``
or ``\\?\`` in ntpath.normpath().
- Issue #5146: Handle UID THREAD command correctly in imaplib.
- Issue #5147: Fix the header generated for cookie files written by
http.cookiejar.MozillaCookieJar.
- Issue #8198: In pydoc, output all help text to the correct stream
when sys.stdout is reassigned.
- Issue #1019882: Fix IndexError when loading certain hotshot stats.
- Issue #8471: In doctest, properly reset the output stream to an empty
string when Unicode was previously output.
- Issue #8397: Raise an error when attempting to mix iteration and regular
reads on a BZ2File object, rather than returning incorrect results.
- Issue #8620: when a Cmd is fed input that reaches EOF without a final
newline, it no longer truncates the last character of the last command line.
- Issue #7066: archive_util.make_archive now restores the cwd if an error is
raised. Initial patch by Ezio Melotti.
- Issue #5006: Better handling of unicode byte-order marks (BOM) in the io
library. This means, for example, that opening an UTF-16 text file in append
mode doesn't add a BOM at the end of the file if the file isn't empty.
- Issue #3704: cookielib was not properly handling URLs with a / in the
parameters.
- Issue #4629: getopt raises an error if an argument ends with = whereas getopt
doesn't except a value (eg. --help= is rejected if getopt uses ['help='] long
options).
- Issue #7895: platform.mac_ver() no longer crashes after calling
os.fork()
- Issue #5395: array.fromfile() would raise a spurious EOFError when an
I/O error occurred. Now an IOError is raised instead. Patch by chuck
(Jan Hosang).
- Issue #1555570: email no longer inserts extra blank lines when a \r\n
combo crosses an 8192 byte boundary.
- Issue #9164: Ensure sysconfig handles dupblice archs while building on
OSX
- Issue #7646: The fnmatch pattern cache no longer grows without bound.
- Issue #9136: Fix 'dictionary changed size during iteration'
RuntimeError produced when profiling the decimal module. This was
due to a dangerous iteration over 'locals()' in Context.__init__.
- Fix extreme speed issue in Decimal.pow when the base is an exact
power of 10 and the exponent is tiny (for example,
Decimal(10) ** Decimal('1e-999999999')).
- Issue #9130: Fix validation of relative imports in parser module.
- Issue #9128: Fix validation of class decorators in parser module.
- Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop
module, ensure that the input string length is a multiple of the frame size
- Issue #6589: cleanup asyncore.socket_map in case smtpd.SMTPServer constructor
raises an exception.
- Issue #9125: Add recognition of 'except ... as ...' syntax to parser
module.
- Issue #9085: email package version number bumped to its correct
value of 4.0.2 (same as it was in 2.5).
- Issue #9075: In the ssl module, remove the setting of a ``debug`` flag
on an OpenSSL structure.
- Issue #5610: feedparser no longer eats extra characters at the end of
a body part if the body part ends with a \r\n.
- Issue #8924: logging: Improved error handling for Unicode in exception
text.
- Fix codecs.escape_encode to return the correct consumed size.
- Issue #6470: Drop UNC prefix in FixTk.
- Issue #8833: tarfile created hard link entries with a size field != 0 by
mistake.
- Issue #1368247: set_charset (and therefore MIMEText) now automatically
encodes a unicode _payload to the output_charset.
- Issue #7150: Raise OverflowError if the result of adding or subtracting
timedelta from date or datetime falls outside of the MINYEAR:MAXYEAR range.
- Issue #6662: Fix parsing of malformatted charref (&#bad;), patch written by
Fredrik Håård
- Issue #1628205: Socket file objects returned by socket.socket.makefile() now
properly handles EINTR within the read, readline, write & flush methods.
The socket.sendall() method now properly handles interrupted system calls.
- Issue #3924: Ignore cookies with invalid "version" field in cookielib.
- Issue #6268: Fix seek() method of codecs.open(), don't read or write the BOM
twice after seek(0). Fix also reset() method of codecs, UTF-16, UTF-32 and
StreamWriter classes.
- Issue #5640: Fix Shift-JIS incremental encoder for error handlers different
than strict
- Issue #8782: Add a trailing newline in linecache.updatecache to the last line
of files without one.
- Issue #8729: Return NotImplemented from collections.Mapping.__eq__ when
comparing to a non-mapping.
- Issue #5918: Fix a crash in the parser module.
- Issue #8688: Distutils now recalculates MANIFEST everytime.
- Issue #7640: In the new `io` module, fix relative seek() for buffered
readable streams when the internal buffer isn't empty. Patch by Pascal
Chambon.
- Issue #5099: subprocess.Popen.__del__ no longer references global objects,
leading to issues during interpreter shutdown.
- Issue #8681: Make the zlib module's error messages more informative when
the zlib itself doesn't give any detailed explanation.
- Issue #8674: Fixed a number of incorrect or undefined-behaviour-inducing
overflow checks in the audioop module.
- Issue #8571: Fix an internal error when compressing or decompressing a
chunk larger than 1GB with the zlib module's compressor and decompressor
objects.
- Issue #8573: asyncore _strerror() function might throw ValueError.
- Issue #8483: asyncore.dispatcher's __getattr__ method produced confusing
error messages when accessing undefined class attributes because of the cheap
inheritance with the underlying socket object.
- Issue #4265: shutil.copyfile() was leaking file descriptors when disk fills.
Patch by Tres Seaver.
- Issue #8621: uuid.uuid4() returned the same sequence of values in the
parent and any children created using ``os.fork`` on MacOS X 10.6.
- Issue #8313: traceback.format_exception_only() encodes unicode message to
ASCII with backslashreplace error handler if str(value) failed
- Issue #8567: Fix precedence of signals in Decimal module: when a
Decimal operation raises multiple signals and more than one of those
signals is trapped, the specification determines the order in which
the signals should be handled. In many cases this order wasn't
being followed, leading to the wrong Python exception being raised.
- Issue #7865: The close() method of :mod:`io` objects should not swallow
exceptions raised by the implicit flush(). Also ensure that calling
close() several times is supported. Initial patch by Pascal Chambon.
- Issue #8581: logging: removed errors raised when closing handlers
twice.
- Issue #4687: Fix accuracy of garbage collection runtimes displayed with
gc.DEBUG_STATS.
- Issue #8354: The siginterrupt setting is now preserved for all signals,
not just SIGCHLD.
@@@ Potential API change, but how likely to hurt an Ubuntu developer?
- Issue #8577: distutils.sysconfig.get_python_inc() now makes a difference
between the build dir and the source dir when looking for "python.h" or
"Include".
@@@ Looks correct still on Ubuntu.
- Issue #8464: tarfile no longer creates files with execute permissions set
when mode="w|" is used.
@@@ Could affect applications that expect the execute bit to be set.
- Issue #7834: Fix connect() of Bluetooth L2CAP sockets with recent versions
of the Linux kernel. Patch by Yaniv Aknin.
- Issue #6312: Fixed http HEAD request when the transfer encoding is chunked.
It should correctly return an empty response now.
- Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newline
before the certificate footer. Patch by Kyle VanderBeek.
- Issue #8549: Fix compiling the _ssl extension under AIX. Patch by
Sridhar Ratnakumar.
- Issue #2302: Fix a race condition in SocketServer.BaseServer.shutdown,
where the method could block indefinitely if called just before the
event loop started running. This also fixes the occasional freezes
witnessed in test_httpservers.
- Issue #5103: SSL handshake would ignore the socket timeout and block
indefinitely if the other end didn't respond.
- The do_handshake() method of SSL objects now adjusts the blocking mode of
the SSL structure if necessary (as other methods already do).
- Issue #5238: Calling makefile() on an SSL object would prevent the
underlying socket from being closed until all objects get truely destroyed.
- Issue #7943: Fix circular reference created when instantiating an SSL
socket. Initial patch by Péter Szabó.
- Issue #8108: Fix the unwrap() method of SSL objects when the socket has
a non-infinite timeout. Also make that method friendlier with applications
wanting to continue using the socket in clear-text mode, by disabling
OpenSSL's internal readahead. Thanks to Darryl Miles for guidance.
- Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
- Issue #4814: timeout parameter is now applied also for connections resulting
from PORT/EPRT commands.
- Issue #3817: ftplib.FTP.abort() method now considers 225 a valid response
code as stated in RFC-959 at chapter 5.4.
- Issue #5277: Fix quote counting when parsing RFC 2231 encoded
parameters.
- Issue #8179: Fix macpath.realpath() on a non-existing path.
- Issue #8310: Allow dis to examine new style classes.
- Issue #7667: Fix doctest failures with non-ASCII paths.
- Issue #7624: Fix isinstance(foo(), collections.Callable) for old-style
classes.
- Issue #7512: shutil.copystat() could raise an OSError when the filesystem
didn't support chflags() (for example ZFS under FreeBSD). The error is
now silenced.
- Issue #3890, #8222: Fix recv() and recv_into() on non-blocking SSL sockets.
Also, enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
reads and writes are always retried by OpenSSL itself.
- Issue #6544: fix a reference leak in the kqueue implementation's error
handling.
- Issue #7774: Set sys.executable to an empty string if argv[0] has been
set to an non existent program name and Python is unable to retrieve the real
program name
- Issue #6906: Tk should not set Unicode environment variables on
Windows.
- Issue #1054943: Fix unicodedata.normalize('NFC', text) for the Public Review
Issue #29
- Issue #7494: fix a crash in _lsprof (cProfile) after clearing the profiler,
reset also the pointer to the current pointer context.
- Issue #4961: Inconsistent/wrong result of askyesno function in tkMessageBox
with Tcl/Tk-8.5.
- Issue #7356: ctypes.util: Make parsing of ldconfig output independent of
the locale.
- Fix memory leak in ssl._ssl._test_decode_cert.
- Issue #9422: Fix memory leak when re-initializing a struct.Struct
object.
- Issue #7900: The getgroups(2) system call on MacOSX behaves rather oddly
compared to other unix systems. In particular, os.getgroups() does
not reflect any changes made using os.setgroups() but basicly always
returns the same information as the id command.
os.getgroups() can now return more than 16 groups on MacOSX.
- Issue #9277: Fix bug in struct.pack for bools in standard mode
(e.g., struct.pack('>?')): if conversion to bool raised an exception
then that exception wasn't properly propagated on machines where
char is unsigned.
- Issue #7384: If the system readline library is linked against
ncurses, do not link the readline module against ncursesw. The
additional restriction of linking the readline and curses modules
against the same curses library is currently not enabled.
- Issue #2810: Fix cases where the Windows registry API returns
ERROR_MORE_DATA, requiring a re-try in order to get the complete result.
- Issue #8854: Fix finding Visual Studio 2008 on Windows x64.
- Issue #3928: os.mknod() now available in Solaris, also.
- Issue #8175: --with-universal-archs=all works correctly on OSX 10.5
- Issue #6716: Quote -x arguments of compileall in MSI installer.
- Issue #1628484: The Makefile doesn't ignore the CFLAGS environment
variable anymore. It also forwards the LDFLAGS settings to the linker
when building a shared library.
- Issue #7849: Now the utility ``check_warnings`` verifies if the warnings are
effectively raised. A new private utility ``_check_py3k_warnings`` has been
backported to help silencing py3k warnings.
- Issue #8672: Add a zlib test ensuring that an incomplete stream can be
handled by a decompressor object without errors (it returns incomplete
uncompressed data).
- Issue #8629: Disable some test_ssl tests, since they give different
results with OpenSSL 1.0.0 and higher.
- Issue #8576: Remove use of find_unused_port() in test_smtplib and
test_multiprocessing. Patch by Paul Moore.
- Issue #7027: regrtest.py keeps a reference to the encodings.ascii module as a
workaround to #7140 bug
- Issue #3864: Skip three test_signal tests on freebsd6 because they fail
if any thread was previously started, most likely due to a platform bug.
- Issue #8193: Fix test_zlib failure with zlib 1.2.4.
- Issue #9255: Document that the 'test' package is for internal Python use
only.
- Issue #8909: Added the size of the bitmap used in the installer created by
distutils' bdist_wininst. Patch by Anatoly Techtonik.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5983
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2089
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1521
** Description changed:
Binary package hint: python2.6
(started discussion about this kind of update with Barry and Martin)
the python2.6 branch has a lot of bug fixes not present in the lucid
python2.6 packages; it would be worth updating the python2.6 package to
the 2.6.6 (or the 2.6.7) release. what would need to happen?
- - review changes in the python2.6 branch, these should only be bug fixes
(barry)
- - backport the py_compileall / pycompile changes, needed for dh_python2
backport (doko)
- - review locally applied bug fixes during the maverick and natty release
cycle (doko)
+ - review changes in the python2.6 branch, these should only be bug fixes
(barry - done)
+ - backport the py_compileall / pycompile changes, needed for dh_python2
backport (doko)
+ - review locally applied bug fixes during the maverick and natty release
cycle (doko)
the backport of dh_python2 is tracked in bug #788524
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/788525
Title:
updating to python2.6.7 in lucid and updating
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.6/+bug/788525/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
