Time to cut new rc2 release candidates - expat DoS fix is in
The fixes for the expat hash randomization DoS are in and working - http://bugs.python.org/issue14234. New stable and security fix rc2 release candidates should be created for 2.6, 2.7, 3.1 and 3.2.
Barry and MvL agreed that this weekend should work for them to creating release builds.
-gps
2012/3/14 Gregory P. Smith <greg@krypto.org>:
The fixes for the expat hash randomization DoS are in and working - http://bugs.python.org/issue14234. New stable and security fix rc2 release candidates should be created for 2.6, 2.7, 3.1 and 3.2.
Okay. Can you tell me the commits I need to transplant to the 2.7 release branch?
-- Regards, Benjamin
On Wed, Mar 14, 2012 at 6:35 PM, Benjamin Peterson <benjamin@python.org>wrote:
2012/3/14 Gregory P. Smith <greg@krypto.org>:
The fixes for the expat hash randomization DoS are in and working - http://bugs.python.org/issue14234. New stable and security fix rc2 release candidates should be created for 2.6, 2.7, 3.1 and 3.2.
Okay. Can you tell me the commits I need to transplant to the 2.7 release branch?
For 2.7: http://hg.python.org/cpython/rev/b54f5849013c http://hg.python.org/cpython/rev/cb72aa8a8008
For 2.6: http://hg.python.org/cpython/rev/9c8d066013ea
For 3.2: http://hg.python.org/cpython/rev/d6c197edd99b http://hg.python.org/cpython/rev/b2d4a6a9463e
For 3.1: http://hg.python.org/cpython/rev/7b5bc1719477
2.6 and 3.1 only need to transplant one commit as they don't support --with-system-expat.
On 15.03.2012 02:39, Gregory P. Smith wrote:
On Wed, Mar 14, 2012 at 6:35 PM, Benjamin Peterson <benjamin@python.org <mailto:benjamin@python.org>> wrote:
2012/3/14 Gregory P. Smith <greg@krypto.org <mailto:greg@krypto.org>>: > The fixes for the expat hash randomization DoS are in and working - > http://bugs.python.org/issue14234. New stable and security fix rc2 release > candidates should be created for 2.6, 2.7, 3.1 and 3.2. Okay. Can you tell me the commits I need to transplant to the 2.7 release branch?
For 2.7: http://hg.python.org/cpython/rev/b54f5849013c http://hg.python.org/cpython/rev/cb72aa8a8008
For 2.6: http://hg.python.org/cpython/rev/9c8d066013ea
For 3.2: http://hg.python.org/cpython/rev/d6c197edd99b http://hg.python.org/cpython/rev/b2d4a6a9463e
Thanks. I will do the tagging and packaging on Saturday.
Georg
2012/3/15 Barry Warsaw <barry@python.org>:
On Mar 15, 2012, at 08:32 AM, Georg Brandl wrote:
Thanks. I will do the tagging and packaging on Saturday.
I'll do the same for 2.6.
I'm traveling this weekend, so I'll probably tag today or tomorrow.
-- Regards, Benjamin
participants (4)
-
Barry Warsaw
-
Benjamin Peterson
-
Georg Brandl
-
Gregory P. Smith