python-2.7.9

[Fernando de Oliveira]

​https://www.python.org/ftp/python/2.7.9/Python-2.7.9.tar.xz

What's New in Python 2.7.9?
===========================

*Release date: 2014-12-10*

Library
-------

- Issue #22959: Remove the *check_hostname* parameter of
  httplib.HTTPSConnection. The *context* parameter should be used instead.

- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
  will return. This resolves CVE-2013-1753.

- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting
  the call to readline().  Original patch by Christian Heimes.

- Issue #16041: In poplib, limit maximum line length read from the server to
  prevent CVE-2013-1752.

- Issue #22960: Add a context argument to xmlrpclib.ServerProxy.

Build
-----

- Issue #22935: Allow the ssl module to be compiled if openssl doesn't support
  SSL 3.

- Issue #17128: Use private version of OpenSSL for 2.7.9 OS X 10.5+ installer.

​https://www.python.org/downloads/release/python-279/

Release Date: 2014-12-10

Python 2.7.9 is a bugfix version for the Python 2.7 release series. Python
2.7.9 includes several significant changes unprecedented in a "bugfix" release:

    The entirety of Python 3.4's ssl module has been backported for Python
    2.7.9. See PEP 466 for justification.
    HTTPS certificate validation using the system's certificate store is now
    enabled by default. See PEP 476 for details.
    SSLv3 has been disabled by default in httplib and its reverse dependencies
    due to the POODLE attack.
    The ensurepip module module has been backported, which provides the pip
    package manager in every Python 2.7 installation. See PEP 477.

[Fernando de Oliveira]

Fixed at r15194.