headers
"Martin v. =?iso-8859-1?q?L=F6wis=22?= | 7 Oct 09:25

Python 2.5.3: call for patches

Within a few weeks, we will release Python 2.5.3. This will be the last
bug fix release of Python 2.5, afterwards, future releases of 2.5 will
only include security fixes, and no binaries (for Windows or OSX) will
be provided anymore (from python.org).

In principle, the release will include all changes that are already on
the release25-maint branch in subversion [1]. If you think that specific
changes should be considered, please create an issue in the bug tracker
[2], and label it with the 2.5.3 version. Backports of changes that
are already released in Python 2.6 but may apply to 2.5 are of
particular interest.

Regards,
Martin

[1] http://svn.python.org/projects/python/branches/release25-maint/
[2] http://bugs.python.org/
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Aahz | 7 Oct 16:51

Re: [Python-Dev] Python 2.5.3: call for patches

On Tue, Oct 07, 2008, "Martin v. L?wis" wrote:
> 
> In principle, the release will include all changes that are already on
> the release25-maint branch in subversion [1]. If you think that specific
> changes should be considered, please create an issue in the bug tracker
> [2], and label it with the 2.5.3 version. Backports of changes that
> are already released in Python 2.6 but may apply to 2.5 are of
> particular interest.

Just to emphasize this, "changes" means "bugfixes".  (I'm mentioning this
mainly because of the people who joined for 2.6/3.0.)  For more info,
see PEP6 about bugfix releases:
http://www.python.org/dev/peps/pep-0006/
--

-- 
Aahz (aahz <at> pythoncraft.com)           <*>         http://www.pythoncraft.com/

"...if I were on life-support, I'd rather have it run by a Gameboy than a
Windows box."  --Cliff Wells, comp.lang.python, 3/13/2002
--
http://mail.python.org/mailman/listinfo/python-list
Permalink | Reply |
headers
"Martin v. =?iso-8859-1?q?L=F6wis=22?= | 7 Oct 21:56

Re: Python 2.5.3: call for patches

> Just to emphasize this, "changes" means "bugfixes".  (I'm mentioning this
> mainly because of the people who joined for 2.6/3.0.)  For more info,
> see PEP6 about bugfix releases:
> http://www.python.org/dev/peps/pep-0006/

Thanks for clarifying this. For the last 2.5.x release in particular, we
will strictly enforce the "no new features" policy; users interested
in new features should switch to 2.6.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Kristján Valur Jónsson | 7 Oct 22:05
Favicon

Re: Python 2.5.3: call for patches

Allow me to suggest that these get some attention:
http://bugs.python.org/issue3677
http://bugs.python.org/issue3367

Kristján
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Malte Helmert | 18 Oct 22:05
Favicon

Re: Python 2.5.3: call for patches

Martin v. Löwis wrote:
>> Just to emphasize this, "changes" means "bugfixes".  (I'm mentioning this
>> mainly because of the people who joined for 2.6/3.0.)  For more info,
>> see PEP6 about bugfix releases:
>> http://www.python.org/dev/peps/pep-0006/
> 
> Thanks for clarifying this. For the last 2.5.x release in particular, we
> will strictly enforce the "no new features" policy; users interested
> in new features should switch to 2.6.

May I suggest http://bugs.python.org/issue1040026 ?

It has a fairly simple patch (posixmodule.diff), a new test
(test_posix5.PATCH), and it fixes a bug that makes os.times unusable on
common platforms.

Malte

_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
"Martin v. =?iso-8859-1?q?L=F6wis=22?= | 19 Oct 00:38

Re: Python 2.5.3: call for patches

> May I suggest http://bugs.python.org/issue1040026 ?
> 
> It has a fairly simple patch (posixmodule.diff), a new test
> (test_posix5.PATCH), and it fixes a bug that makes os.times unusable on
> common platforms.

In the current form, I'm skeptical about applying this patch to 2.5.2.

It has the possibility of breaking compilation; such patches are
unacceptable. See my comments for details.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Malte Helmert | 19 Oct 00:46
Favicon

Re: Python 2.5.3: call for patches

Martin v. Löwis wrote:
>> May I suggest http://bugs.python.org/issue1040026 ?
>>
>> It has a fairly simple patch (posixmodule.diff), a new test
>> (test_posix5.PATCH), and it fixes a bug that makes os.times unusable on
>> common platforms.
> 
> In the current form, I'm skeptical about applying this patch to 2.5.2.
> 
> It has the possibility of breaking compilation; such patches are
> unacceptable. See my comments for details.

OK, these should be easy to address. (Comments in the tracker.)

Malte

_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
A.M. Kuchling | 7 Oct 22:19
Favicon
Gravatar

Re: Python 2.5.3: call for patches

On Tue, Oct 07, 2008 at 09:27:24AM +0200, "Martin v. Löwis" wrote:
> Within a few weeks, we will release Python 2.5.3. This will be the last
> bug fix release of Python 2.5, afterwards, future releases of 2.5 will
> only include security fixes, and no binaries (for Windows or OSX) will
> be provided anymore (from python.org).

I'm going to the library this evening, and can make my task looking
through the 2.5->2.6 log for candidates.  I won't do anything in
Roundup just yet, but I'll put the list in the wiki or post it here,
and then we can cut the list down further before creating any new
issues (or re-opening old ones) in Roundup.

--amk
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Jeroen Ruigrok van der Werven | 20 Oct 11:57
Gravatar

Re: Python 2.5.3: call for patches

Martin,

-On [20081007 09:27], "Martin v. Löwis" (martin <at> v.loewis.de) wrote:
>Within a few weeks, we will release Python 2.5.3. This will be the last
>bug fix release of Python 2.5, afterwards, future releases of 2.5 will
>only include security fixes, and no binaries (for Windows or OSX) will
>be provided anymore (from python.org).

Since we tripped over these with Trac/Genshi we would appreciate if the
following could be applied (if not already):

http://bugs.python.org/issue2231
http://bugs.python.org/issue2246

(http://bugs.python.org/issue2321 seems to be in 2.5 already based on the
last comment)

--

-- 
Jeroen Ruigrok van der Werven <asmodai(-at-)in-nomine.org> / asmodai
イェルーン ラウフロック ヴァン デル ウェルヴェン
http://www.in-nomine.org/ | http://www.rangaku.org/ | GPG: 2EAC625B
Ignorance is the opportunity to learn...
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
A.M. Kuchling | 20 Oct 19:06
Favicon
Gravatar

Re: Python 2.5.3: call for patches

yOn Mon, Oct 20, 2008 at 11:57:36AM +0200, Jeroen Ruigrok van der Werven wrote:
> http://bugs.python.org/issue2231

This fixes a memory leak in itertools.chain(), which was greatly
changed between 2.5 and 2.6, and the patch was to code not present in
2.5.  Are you sure this bug affected 2.5 at all?

> http://bugs.python.org/issue2246

Already backported to 2.5 in rev. 61287.

> (http://bugs.python.org/issue2321 seems to be in 2.5 already 

Correct; rev. 61485.

--amk
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Jeroen Ruigrok van der Werven | 21 Oct 10:50
Gravatar

Re: Python 2.5.3: call for patches

-On [20081020 19:07], A.M. Kuchling (amk <at> amk.ca) wrote:
>This fixes a memory leak in itertools.chain(), which was greatly
>changed between 2.5 and 2.6, and the patch was to code not present in
>2.5.  Are you sure this bug affected 2.5 at all?

No, my mind was caught up between versions, so Raymond's closing the issue
is the logical thing to do. Apologies for wasting those few minutes.

--

-- 
Jeroen Ruigrok van der Werven <asmodai(-at-)in-nomine.org> / asmodai
イェルーン ラウフロック ヴァン デル ウェルヴェン
http://www.in-nomine.org/ | http://www.rangaku.org/ | GPG: 2EAC625B
Nothing is more honorable than enlightenment, nothing is more beautiful
than virtue...
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
"Martin v. =?iso-8859-1?q?L=F6wis=22?= | 20 Oct 23:29

Re: Python 2.5.3: call for patches

> Since we tripped over these with Trac/Genshi we would appreciate if the
> following could be applied (if not already):

Ok, I've marked them as candidates for a backport.

Regards,
Martin
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |
headers
Matthias Klose | 11 Nov 16:22

Re: [Python-Dev] Python 2.5.3: call for patches

Martin v. Löwis schrieb:
> Within a few weeks, we will release Python 2.5.3. This will be the last
> bug fix release of Python 2.5, afterwards, future releases of 2.5 will
> only include security fixes, and no binaries (for Windows or OSX) will
> be provided anymore (from python.org).
> 
> In principle, the release will include all changes that are already on
> the release25-maint branch in subversion [1]. If you think that specific
> changes should be considered, please create an issue in the bug tracker
> [2], and label it with the 2.5.3 version. Backports of changes that
> are already released in Python 2.6 but may apply to 2.5 are of
> particular interest.

I would like to apply fixes for some CVE's which are addressed in 2.5 but not
yet in 2.4. this would include

CVE-2007-4965
CVE-2008-1679
CVE-2008-1721
CVE-2008-2315
CVE-2008-3144
CVE-2008-1887
CVE-2008-4864

Matthias

--
http://mail.python.org/mailman/listinfo/python-list
(Continue reading)

Permalink | Reply |
headers
Tres Seaver | 11 Nov 18:00

Re: Python 2.5.3: call for patches


Matthias Klose wrote:
> Martin v. Löwis schrieb:
>> Within a few weeks, we will release Python 2.5.3. This will be the last
>> bug fix release of Python 2.5, afterwards, future releases of 2.5 will
>> only include security fixes, and no binaries (for Windows or OSX) will
>> be provided anymore (from python.org).
>>
>> In principle, the release will include all changes that are already on
>> the release25-maint branch in subversion [1]. If you think that specific
>> changes should be considered, please create an issue in the bug tracker
>> [2], and label it with the 2.5.3 version. Backports of changes that
>> are already released in Python 2.6 but may apply to 2.5 are of
>> particular interest.
> 
> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
> yet in 2.4. this would include
> 
> CVE-2007-4965
> CVE-2008-1679
> CVE-2008-1721
> CVE-2008-2315
> CVE-2008-3144
> CVE-2008-1887
> CVE-2008-4864

+1 from a non-core developer who still has to keep sites using 2.4 up
and running.

Tres.
(Continue reading)

Permalink | Reply |
headers
"Martin v. =?iso-8859-1?q?L=F6wis=22?= | 11 Nov 20:37

Re: [Python-Dev] Python 2.5.3: call for patches

> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
> yet in 2.4. this would include
> 
> CVE-2007-4965
> CVE-2008-1679
> CVE-2008-1721
> CVE-2008-2315
> CVE-2008-3144
> CVE-2008-1887
> CVE-2008-4864

Can you identify the revisions that would need backporting?

I could only find (trunk revisions)
  CVE-2007-4965: r65880
  CVE-2008-1721: r62235, issue2586
  CVE-2008-3144: issue2588, issue2589, r63734, r63728.
  CVE-2008-1887: issue2587, r62261, r62271
  CVE-2008-4864: r66689

So what about

  CVE-2008-1679: claimed to be issue1179 in the CVE, but
                 that says it fixes CVE-2007-4965 only?
  CVE-2008-2315

In principle, this is fine with me, so go ahead.

Regards,
Martin
(Continue reading)

Permalink | Reply |
headers
Matthias Klose | 12 Nov 08:31

Re: [Python-Dev] Python 2.5.3: call for patches

Martin v. Löwis schrieb:
>> I would like to apply fixes for some CVE's which are addressed in 2.5 but not
>> yet in 2.4. this would include
>>
>> CVE-2007-4965
>> CVE-2008-1679
>> CVE-2008-1721
>> CVE-2008-2315
>> CVE-2008-3144
>> CVE-2008-1887
>> CVE-2008-4864
> 
> Can you identify the revisions that would need backporting?
> 
> I could only find (trunk revisions)
>   CVE-2007-4965: r65880
>   CVE-2008-1721: r62235, issue2586
>   CVE-2008-3144: issue2588, issue2589, r63734, r63728.
>   CVE-2008-1887: issue2587, r62261, r62271
>   CVE-2008-4864: r66689
> 
> So what about
> 
>   CVE-2008-1679: claimed to be issue1179 in the CVE, but
>                  that says it fixes CVE-2007-4965 only?

the original fix for CVE-2007-4965 did miss two chunks, which are included in
r65878 on the 2.5 branch.

>   CVE-2008-2315
(Continue reading)

Permalink | Reply |
headers
"Martin v. =?iso-8859-1?q?L=F6wis=22?= | 12 Nov 22:50

Re: Python 2.5.3: call for patches

>> In principle, this is fine with me, so go ahead.
> 
> Done.

Thanks for looking into these!

Martin
_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org
Permalink | Reply |

Gmane