Package: release.debian.org Tags: sid jessie Please consider the python 2.7.9 release for jessie. The current version in testing is a snapshot taken from the 2.7 branch taken around freeze time.
python2.7 fixes RC issue #769078, plus some CVE issues are now resolved upstream in the release. At least CVE-2013-1753 extends the API, so I don't just want to backport this issue. All upstream changes are mentioned in the Debian changelog (except those for Windows and MacOSX only). Compared to the version in testing the autopkg tests pass in unstable. I don't plan any further updates for python2 for jessie. Matthias python2.7 (2.7.9-1) unstable; urgency=medium * Python 2.7.9 release. -- Matthias Klose <[email protected]> Thu, 11 Dec 2014 00:38:09 +0100 python2.7 (2.7.9~rc1-2) unstable; urgency=medium * Update to 20141209, taken from the 2.7 release repository. - Issue #22959: Remove the *check_hostname* parameter of httplib.HTTPSConnection. The *context* parameter should be used instead. - Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode will return. This resolves CVE-2013-1753. Closes: #742929. - Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting the call to readline(). Closes: #742929. - Issue #16041: In poplib, limit maximum line length read from the server to prevent CVE-2013-1752. Closes: #742929. - Issue #22960: Add a context argument to xmlrpclib.ServerProxy. - Issue #22935: Allow the ssl module to be compiled if openssl doesn't support SSL 3. * Add locales to autopkg test dependencies as in 3.4. * Remove Demo/scripts/newslist.* from the examples package, not distributable, will get removed in 2.7.9~rc2 sources. See issue #12987. * Let ensurepip always use a temporary directory for installations. -- Matthias Klose <[email protected]> Tue, 09 Dec 2014 15:47:40 +0100 python2.7 (2.7.8-12) unstable; urgency=medium * Update to 20141118, taken from the 2.7 branch. - Issue #12728: Different Unicode characters having the same uppercase but different lowercase are now matched in case-insensitive regular expressions. - Issue #22821: Fixed fcntl() with integer argument on 64-bit big-endian platforms. - Issues #814253, #9179: Group references and conditional group references now work in lookbehind assertions in regular expressions. - Issue #22769: Fixed ttk.Treeview.tag_has() when called without arguments. - Issue #22787: Allow the keyfile argument of SSLContext.load_cert_chain to be None. - Issue #22775: Fixed unpickling of Cookie.SimpleCookie with protocol 2. - Issue #22776: Brought excluded code into the scope of a try block in SysLogHandler.emit(). - Issue #17381: Fixed ranges handling in case-insensitive regular expressions. - Issue #19329: Optimized compiling charsets in regular expressions. - Issue #22410: Module level functions in the re module now cache compiled locale-dependent regular expressions taking into account the locale. - Issue #8876: distutils now falls back to copying files when hard linking doesn't work. This allows use with special filesystems such as VirtualBox shared folders. - Issue #22193: Fixed integer overflow error in sys.getsizeof(). * Backport the ensurepip patch from 3.4. * Disable ensurepip in Debian, at least for the upcoming release. * Fix maintainer scripts for byte-code removal. Closes: #769078. * Allow building and testing without SSLv3 support (Kurt Roeckx). Closes: #768611. * Let distutils.sysconfig.get_python_inc() honor the "prefix" argument. Closes: #769720. -- Matthias Klose <[email protected]> Tue, 18 Nov 2014 11:37:13 +0100 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
