Mailing List Archive: Python: Dev

Python 2.5.3: call for patches

Index | Next | Previous | View Threaded

martin at v

Oct 7, 2008, 12:27 AM

Post #1 of 17 (346 views)
Permalink

Python 2.5.3: call for patches

Within a few weeks, we will release Python 2.5.3. This will be the last
bug fix release of Python 2.5, afterwards, future releases of 2.5 will
only include security fixes, and no binaries (for Windows or OSX) will
be provided anymore (from python.org).

In principle, the release will include all changes that are already on
the release25-maint branch in subversion [1]. If you think that specific
changes should be considered, please create an issue in the bug tracker
[2], and label it with the 2.5.3 version. Backports of changes that
are already released in Python 2.6 but may apply to 2.5 are of
particular interest.

Regards,
Martin

[1] http://svn.python.org/projects/python/branches/release25-maint/
[2] http://bugs.python.org/
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

aahz at pythoncraft

Oct 7, 2008, 7:51 AM

Post #2 of 17 (330 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

On Tue, Oct 07, 2008, "Martin v. L?wis" wrote:
>
> In principle, the release will include all changes that are already on
> the release25-maint branch in subversion [1]. If you think that specific
> changes should be considered, please create an issue in the bug tracker
> [2], and label it with the 2.5.3 version. Backports of changes that
> are already released in Python 2.6 but may apply to 2.5 are of
> particular interest.

Just to emphasize this, "changes" means "bugfixes". (I'm mentioning this
mainly because of the people who joined for 2.6/3.0.) For more info,
see PEP6 about bugfix releases:
http://www.python.org/dev/peps/pep-0006/
--
Aahz (aahz[at]pythoncraft.com) <*> http://www.pythoncraft.com/

"...if I were on life-support, I'd rather have it run by a Gameboy than a
Windows box." --Cliff Wells, comp.lang.python, 3/13/2002
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

martin at v

Oct 7, 2008, 12:56 PM

Post #3 of 17 (324 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

> Just to emphasize this, "changes" means "bugfixes". (I'm mentioning this
> mainly because of the people who joined for 2.6/3.0.) For more info,
> see PEP6 about bugfix releases:
> http://www.python.org/dev/peps/pep-0006/

Thanks for clarifying this. For the last 2.5.x release in particular, we
will strictly enforce the "no new features" policy; users interested
in new features should switch to 2.6.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

kristjan at ccpgames

Oct 7, 2008, 1:05 PM

Post #4 of 17 (324 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

Allow me to suggest that these get some attention:
http://bugs.python.org/issue3677
http://bugs.python.org/issue3367

Kristján
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

amk at amk

Oct 7, 2008, 1:19 PM

Post #5 of 17 (322 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

On Tue, Oct 07, 2008 at 09:27:24AM +0200, "Martin v. Löwis" wrote:
> Within a few weeks, we will release Python 2.5.3. This will be the last
> bug fix release of Python 2.5, afterwards, future releases of 2.5 will
> only include security fixes, and no binaries (for Windows or OSX) will
> be provided anymore (from python.org).

I'm going to the library this evening, and can make my task looking
through the 2.5->2.6 log for candidates. I won't do anything in
Roundup just yet, but I'll put the list in the wiki or post it here,
and then we can cut the list down further before creating any new
issues (or re-opening old ones) in Roundup.

--amk
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

helmert at informatik

Oct 18, 2008, 1:05 PM

Post #6 of 17 (268 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

Martin v. Löwis wrote:
>> Just to emphasize this, "changes" means "bugfixes". (I'm mentioning this
>> mainly because of the people who joined for 2.6/3.0.) For more info,
>> see PEP6 about bugfix releases:
>> http://www.python.org/dev/peps/pep-0006/
>
> Thanks for clarifying this. For the last 2.5.x release in particular, we
> will strictly enforce the "no new features" policy; users interested
> in new features should switch to 2.6.

May I suggest http://bugs.python.org/issue1040026 ?

It has a fairly simple patch (posixmodule.diff), a new test
(test_posix5.PATCH), and it fixes a bug that makes os.times unusable on
common platforms.

Malte

_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

martin at v

Oct 18, 2008, 3:38 PM

Post #7 of 17 (268 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

> May I suggest http://bugs.python.org/issue1040026 ?
>
> It has a fairly simple patch (posixmodule.diff), a new test
> (test_posix5.PATCH), and it fixes a bug that makes os.times unusable on
> common platforms.

In the current form, I'm skeptical about applying this patch to 2.5.2.

It has the possibility of breaking compilation; such patches are
unacceptable. See my comments for details.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

helmert at informatik

Oct 18, 2008, 3:46 PM

Post #8 of 17 (269 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

Martin v. Löwis wrote:
>> May I suggest http://bugs.python.org/issue1040026 ?
>>
>> It has a fairly simple patch (posixmodule.diff), a new test
>> (test_posix5.PATCH), and it fixes a bug that makes os.times unusable on
>> common platforms.
>
> In the current form, I'm skeptical about applying this patch to 2.5.2.
>
> It has the possibility of breaking compilation; such patches are
> unacceptable. See my comments for details.

OK, these should be easy to address. (Comments in the tracker.)

Malte

_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

asmodai at in-nomine

Oct 20, 2008, 2:57 AM

Post #9 of 17 (257 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

Martin,

-On [20081007 09:27], "Martin v. LĂ¶wis" (martin[at]v.loewis.de) wrote:
>Within a few weeks, we will release Python 2.5.3. This will be the last
>bug fix release of Python 2.5, afterwards, future releases of 2.5 will
>only include security fixes, and no binaries (for Windows or OSX) will
>be provided anymore (from python.org).

Since we tripped over these with Trac/Genshi we would appreciate if the
following could be applied (if not already):

http://bugs.python.org/issue2231
http://bugs.python.org/issue2246

(http://bugs.python.org/issue2321 seems to be in 2.5 already based on the
last comment)

--
Jeroen Ruigrok van der Werven <asmodai(-at-)in-nomine.org> / asmodai
ă‚¤ă‚§ă«ăĽăł ă©ă‚¦ă•ăăă‚Ż ă´ă‚ˇăł ă‡ă« ă‚¦ă‚§ă«ă´ă‚§ăł
http://www.in-nomine.org/ | http://www.rangaku.org/ | GPG: 2EAC625B
Ignorance is the opportunity to learn...
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

amk at amk

Oct 20, 2008, 10:06 AM

Post #10 of 17 (255 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

yOn Mon, Oct 20, 2008 at 11:57:36AM +0200, Jeroen Ruigrok van der Werven wrote:
> http://bugs.python.org/issue2231

This fixes a memory leak in itertools.chain(), which was greatly
changed between 2.5 and 2.6, and the patch was to code not present in
2.5. Are you sure this bug affected 2.5 at all?

> http://bugs.python.org/issue2246

Already backported to 2.5 in rev. 61287.

> (http://bugs.python.org/issue2321 seems to be in 2.5 already

Correct; rev. 61485.

--amk
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

martin at v

Oct 20, 2008, 2:29 PM

Post #11 of 17 (252 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

> Since we tripped over these with Trac/Genshi we would appreciate if the
> following could be applied (if not already):

Ok, I've marked them as candidates for a backport.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

asmodai at in-nomine

Oct 21, 2008, 1:50 AM

Post #12 of 17 (241 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

-On [20081020 19:07], A.M. Kuchling (amk[at]amk.ca) wrote:
>This fixes a memory leak in itertools.chain(), which was greatly
>changed between 2.5 and 2.6, and the patch was to code not present in
>2.5. Are you sure this bug affected 2.5 at all?

No, my mind was caught up between versions, so Raymond's closing the issue
is the logical thing to do. Apologies for wasting those few minutes.

--
Jeroen Ruigrok van der Werven <asmodai(-at-)in-nomine.org> / asmodai
ă‚¤ă‚§ă«ăĽăł ă©ă‚¦ă•ăăă‚Ż ă´ă‚ˇăł ă‡ă« ă‚¦ă‚§ă«ă´ă‚§ăł
http://www.in-nomine.org/ | http://www.rangaku.org/ | GPG: 2EAC625B
Nothing is more honorable than enlightenment, nothing is more beautiful
than virtue...
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

doko at ubuntu

Nov 11, 2008, 7:22 AM

Post #13 of 17 (107 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

Martin v. Löwis schrieb:
> Within a few weeks, we will release Python 2.5.3. This will be the last
> bug fix release of Python 2.5, afterwards, future releases of 2.5 will
> only include security fixes, and no binaries (for Windows or OSX) will
> be provided anymore (from python.org).
>
> In principle, the release will include all changes that are already on
> the release25-maint branch in subversion [1]. If you think that specific
> changes should be considered, please create an issue in the bug tracker
> [2], and label it with the 2.5.3 version. Backports of changes that
> are already released in Python 2.6 but may apply to 2.5 are of
> particular interest.

I would like to apply fixes for some CVE's which are addressed in 2.5 but not
yet in 2.4. this would include

CVE-2007-4965
CVE-2008-1679
CVE-2008-1721
CVE-2008-2315
CVE-2008-3144
CVE-2008-1887
CVE-2008-4864

Matthias

_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

tseaver at palladion

Nov 11, 2008, 9:00 AM

Post #14 of 17 (106 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthias Klose wrote:
> Martin v. Löwis schrieb:
>> Within a few weeks, we will release Python 2.5.3. This will be the last
>> bug fix release of Python 2.5, afterwards, future releases of 2.5 will
>> only include security fixes, and no binaries (for Windows or OSX) will
>> be provided anymore (from python.org).
>>
>> In principle, the release will include all changes that are already on
>> the release25-maint branch in subversion [1]. If you think that specific
>> changes should be considered, please create an issue in the bug tracker
>> [2], and label it with the 2.5.3 version. Backports of changes that
>> are already released in Python 2.6 but may apply to 2.5 are of
>> particular interest.
>
> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
> yet in 2.4. this would include
>
> CVE-2007-4965
> CVE-2008-1679
> CVE-2008-1721
> CVE-2008-2315
> CVE-2008-3144
> CVE-2008-1887
> CVE-2008-4864

+1 from a non-core developer who still has to keep sites using 2.4 up
and running.

Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver[at]palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJGboU+gerLs4ltQ4RAmdLAJ9VDv8GpnhnNYI9tK0Sn9ClAbzg/wCbBxDD
aKXYjnK50Cbeb8fp/QL/kaE=
=cUE7
-----END PGP SIGNATURE-----

_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

martin at v

Nov 11, 2008, 11:37 AM

Post #15 of 17 (103 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
> yet in 2.4. this would include
>
> CVE-2007-4965
> CVE-2008-1679
> CVE-2008-1721
> CVE-2008-2315
> CVE-2008-3144
> CVE-2008-1887
> CVE-2008-4864

Can you identify the revisions that would need backporting?

I could only find (trunk revisions)
CVE-2007-4965: r65880
CVE-2008-1721: r62235, issue2586
CVE-2008-3144: issue2588, issue2589, r63734, r63728.
CVE-2008-1887: issue2587, r62261, r62271
CVE-2008-4864: r66689

So what about

CVE-2008-1679: claimed to be issue1179 in the CVE, but
that says it fixes CVE-2007-4965 only?
CVE-2008-2315

In principle, this is fine with me, so go ahead.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

doko at ubuntu

Nov 11, 2008, 11:31 PM

Post #16 of 17 (93 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

Martin v. Löwis schrieb:
>> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
>> yet in 2.4. this would include
>>
>> CVE-2007-4965
>> CVE-2008-1679
>> CVE-2008-1721
>> CVE-2008-2315
>> CVE-2008-3144
>> CVE-2008-1887
>> CVE-2008-4864
>
> Can you identify the revisions that would need backporting?
>
> I could only find (trunk revisions)
> CVE-2007-4965: r65880
> CVE-2008-1721: r62235, issue2586
> CVE-2008-3144: issue2588, issue2589, r63734, r63728.
> CVE-2008-1887: issue2587, r62261, r62271
> CVE-2008-4864: r66689
>
> So what about
>
> CVE-2008-1679: claimed to be issue1179 in the CVE, but
> that says it fixes CVE-2007-4965 only?

the original fix for CVE-2007-4965 did miss two chunks, which are included in
r65878 on the 2.5 branch.

> CVE-2008-2315

this is r65334 on the 2.5 branch and r65335 on the trunk:
Security patches from Apple: prevent int overflow when allocating memory
this was already checked in, with an added NEWS item in 2.4.5. Moved this
to 2.4.6.

> In principle, this is fine with me, so go ahead.

Done.
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

martin at v

Nov 12, 2008, 1:50 PM

Post #17 of 17 (91 views)
Permalink

Re: Python 2.5.3: call for patches [In reply to]

>> In principle, this is fine with me, so go ahead.
>
> Done.

Thanks for looking into these!

Martin
_______________________________________________
Python-Dev mailing list
Python-Dev[at]python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/list-python-dev%40lists.gossamer-threads.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com