- better pthread handling in configure
- find python binary when running regression tests, even when no python
is installed
from maintainer Aleksander Piotrowski <aleksander.piotrowski at nic.com.pl>
Aleksander Piotrowski <aleksander dot piotrowski at nic dot com dot pl>
- fix MASTER_SITES
- --without-pymalloc is not needed in 2.1 and 2.2 as it is disabled by default
this will allow using it in 2.3
- some PREFIX -> LOCALBASE cleanup
- patch distributed pydoc instead of providing our own 3-liner
- some improvements on sparc64
- teach regression suite about openbsd
- regen some patch files
removes this behaviour, additionally "make clean" is now able to clean
such a port's directory and no longer fails due to missing permissions.
from Andrew Dalgleish via Xavier Santolaria
Zack Weinberg found a vulnerability in the way the exevpe() method
from the os.py module uses a temporary file name. A file which
supposedly should not exist is created in a unsafe way and the method
tries to execute it. The objective of such code is to discover what
error the operating system returns in a portable way.
By exploiting this vulnerability a local attacker can execute
arbitrary code with the privileges of the user running python code
which uses the execvpe() method.
http://python.org/sf/590294http://python.org/sf/601077
>
> Modified files:
> lang/python/2.2/patches: patch-configure_in
>
> Log message:
> fixes for shared lib support
if it's good enough for 2.2, it's good enough for 2.1
2.1.3 has very few improvements over 2.1.2, but the most important
are some thread-safety fixes that were causing heavily loaded Zope
sites to keel over.
size is not adequate for some of the complex processing that Zope
does, and -fPIC was aggravating that condition. Now, if we're using
shared libs, up the stack size to 128k.
Also remove some stray files that never should have been committed
in the first place.
Major changes:
- no more threads flavor, threads is now the default.
- subpackage modules that depend on other packages instead of having
largely redundant flavors (unless platform has no shared libs, then
flavors count again)
- shared libpython stuff disabled until someone can figure out why
it makes Zope crash
