summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version bump for 3.4.9rc1.v3.4.9rc1Larry Hastings2018-07-192-6/+6
|
* PyDoc and blurb updates for 3.4.9rc1.Larry Hastings2018-07-194-6/+20
|
* [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992)Steve Dower2018-05-143-38/+95
| | | | | | | | * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Skips test to avoid crashing during the test suite * Remove invalid test
* [3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)Ned Deily2018-03-116-4/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>.
* Post-release bump for Python 3.4.8.Larry Hastings2018-02-051-1/+1
|
* Version bump for 3.4.8.v3.4.8Larry Hastings2018-02-042-5/+5
|
* Finalize blurb archive for 3.4.8 (no new blurbs).Larry Hastings2018-02-041-0/+8
|
* [3.4] [3.5] bpo-32620: Remove failing pyenv call from CI config (GH-5274) ↵larryhastings2018-02-041-0/+1
| | | | | | | | | | | | | | (#5533) * [3.5] Remove failing pyenv call from CI config * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library). (cherry picked from commit 4a4c2743133e195cc3725b78a895d85d69e50089) Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
* Post-release version bump for 3.4.8rc1.Larry Hastings2018-02-041-1/+1
|
* Bump version and copyright year for 3.4.8rc1.v3.4.8rc1Larry Hastings2018-01-237-15/+15
|
* blurb release and pydoc topics for 3.4.8rc1.Larry Hastings2018-01-238-93/+12924
|
* [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) (#4658)Serhiy Storchaka2018-01-223-37/+113
| | | | | | | | | | | | | | * [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) * Fixed saving bytearrays. * Identical objects will be saved only once. * Equal references will be load as identical objects. * Added support for saving and loading recursive data structures.. (cherry picked from commit a897aeeef647259a938a36cb5eb6680c86021c6a) * Fix implementation dependent assertion in test_plistlib. (#4813) It is failed with an advanced optimizer.
* bpo-29572: Update Windows build to OpenSSL 1.0.2k (GH-443) (#3445)Victor Stinner2017-12-084-4/+5
| | | (cherry picked from commit dd2000cbe475da48fdc94e8f05618e9f460077fd)
* bpo-30657: Fix CVE-2017-1000158 (#4758)Miro Hrončok2017-12-083-1/+11
| | | | | Fixes possible integer overflow in PyBytes_DecodeEscape. Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com>
* [3.4] bpo-31170: Fix inclusion of expat in Windows build projects (#3785)Victor Stinner2017-11-297-43/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bpo-31170: Fix inclusion of expat in Windows build projects Co-Authored-By: Steve Dower <steve.dower@microsoft.com> * expat: Fix compilation on Visual Studio 2010 The standard header stdbool.h is not available with old Visual Studio compilers Cherry-picked from libexpat commit b4b89c2ab0cc5325a41360c25ef9d2ccbe617e5c. expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Expat: fix preprocessor defines in VS projects Remove the following defines: * BYTEORDER=1234 * HAVE_MEMMOVE * USE_PYEXPAT_CAPI * XML_CONTEXT_BYTES=1024 * XML_DTD * XML_NS * XML_STATIC * PCbuild/pyexpat.vcxproj: define _CRT_SECURE_NO_WARNINGS
* Backport Doc build venv fixes (#3979)Ned Deily2017-10-122-6/+12
|
* Remove retired and security branches from active docs (#3883)3.4Ned Deily2017-10-042-7/+5
|
* [3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353)Victor Stinner2017-09-2423-153/+1289
| | | | | | | | | | | | | * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat
* bpo-29169: Update zlib to 1.2.11 (#3107)Victor Stinner2017-08-1629-1176/+2106
| | | | | Python 3.4 backport: convert the Misc/NEWS entry using blurb. (cherry picked from commit 34e7e2ecb1741850190e78f42875480693d3537b)
* Post-release bump for 3.4.7 final.Larry Hastings2017-08-091-1/+1
|
* Version bump for 3.4.7 final.v3.4.7Larry Hastings2017-08-092-5/+5
|
* Blurb release and pydoc topics for 3.4.7 final.Larry Hastings2017-08-093-12865/+86
|
* [3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb ↵Ned Deily2017-07-281-1/+13
| | | | | (#2874) (#2926) (cherry picked from commit 3de144890ad3bc50694368a1b33be6d7f3a780b3)
* [3.4] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal ↵Dong-hee Na2017-07-273-1/+9
| | | | command (#1214) (#2893)
* Post-release bump for 3.4.7rc1.Larry Hastings2017-07-251-1/+1
|
* Version bump and copyright year fixes for 3.4.7rc1.v3.4.7rc1Larry Hastings2017-07-244-9/+10
|
* Update pydoc topics and susp-ignored for 3.4.7rc1.Larry Hastings2017-07-242-79/+12864
|
* blurb release for 3.4.7rc1.Larry Hastings2017-07-2410-30/+99
|
* Switch to using blurb to manage Misc/NEWS!Larry Hastings2017-07-2439-10645/+32268
|
* [3.4] Backport CI config from master (#2475)Victor Stinner2017-07-226-15/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Issues #23808, #25911: Trying to fix walk tests on Windows. On Windows a symlink can has the FILE_ATTRIBUTE_DIRECTORY flag. (cherry picked from commit 388b90f28e029daaf06aae8026b596e2f20a1cd3) * bpo-30231: Remove skipped test_imaplib tests (#1419) (#2193) The public cyrus.andrew.cmu.edu IMAP server (port 993) doesn't accept TLS connection using our self-signed x509 certificate. Remove the two tests which are already skipped. (cherry picked from commit 7895a0585b4b6a1c8082d17227307c6ce2c8bb8b) * Backport CI config from master * Add .travis.yml for Travis CI * Add .github/ for AppVeyor and CodeCov. * Travis CI: remove "make regen-all" check The regen-all Makefile rule doesn't exist in Python 3.4, only since Python 3.5 and newer (and 2.7). * appveyor: replace --slowest with --slow * Travis CI: remove the GCC coverage job * Travis CI: remove tzdata resource from regrtest tzdata resource doesn't exist in Python 3.4. * Travis CI: remove the doc job Fixing Sphinx warnings requires to backport huge intrusive changes like: - commit d97b7dc94b19063f0589d401bdc4aaadc7030762 - commit 5c6793394066b012b9674681b0815667938ce4d9 * appveyor: set version to 3.4.6+ * bpo-30730: Fix test_os tests. Fix test_invalid_cmd() and test_invalid_env(), TypeError is raised on Python 3.4. (cherry picked from commit 5e22721e586344b547194f0f7ea67fd425f94e72)
* bpo-30939: Avoid Sphinx deprecation warning in docs build. (#2721) (#2724)Ned Deily2017-07-221-1/+1
| | | (cherry picked from commit 50f58163a69abe2f35e91044d1df165ee7bdbb42)
* [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. ↵Serhiy Storchaka2017-07-223-12/+22
| | | | | | | | | (#2695) * [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. (cherry picked from commit 8f657c35b978b681e6e919f08358992e1aed7dc1) * Rewrite a NEWS entry as a NEWS.d entry.
* bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782)Victor Stinner2017-07-123-3/+25
| | | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a)
* bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2291)Victor Stinner2017-07-124-13/+45
| | | | | | | | | The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``. (cherry picked from commit 90e01e50ef8a9e6c91f30d965563c378a4ad26de)
* [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) ↵Victor Stinner2017-07-1218-610/+1388
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#2203) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619)
* [3.4] [3.5] bpo-27945: Fixed various segfaults with dict. (GH-1657) ↵Serhiy Storchaka2017-07-114-30/+143
| | | | | | | (GH-1678) (#2248) Based on patches by Duane Griffin and Tim Mitchell. (cherry picked from commit 753bca3934a7618a4fa96e107ad1c5c18633a683). (cherry picked from commit 2f7f533cf6fb57fcedcbc7bd454ac59fbaf2c655)
* [security][3.4] bpo-30730: Prevent environment variables injection in ↵Serhiy Storchaka2017-07-115-8/+71
| | | | | | | | | | | subprocess on Windows. (GH-2325) (#2362) * [3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700) * Update NEWS
* Add "Misc/NEWS.d" directory tree for "blurb". GH-2331larryhastings2017-06-2211-0/+11
| | | | | | | | | | CPython workflow is changing! We're going to start using "blurb" to manage Misc/NEWS entries: https://github.com/python/core-workflow (This will be a big win for release managers, honest.) This checkin simply populates the "Misc/NEWS.d" subdirectory tree so that people can start putting their news entries in there. No other changes (yet).
* Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Victor Stinner2017-03-103-15/+29
| | | | | | | ChaCha20 Poly1305. (#224) Backport: replace 3.5.3 with 3.4.7 in the doc versionchanged. (cherry picked from commit 03d13c0cbfe912eb0f9b9a02987b9e569f25fe19)
* bpo-25008: Deprecate smtpd and point to aiosmtpd (#274) (#280)Barry Warsaw2017-02-242-0/+12
|
* Post-release updates for 3.4.6.Larry Hastings2017-01-172-2/+14
|
* Added tag v3.4.6 for changeset b662f4776921Larry Hastings2017-01-161-0/+1
|
* Version bump for Python 3.4.6.v3.4.6Larry Hastings2017-01-163-10/+6
|
* Merge Python 3.4.6rc1 changes back into main branch.Larry Hastings2017-01-031-1/+1
|\
| * merge 3.3Ned Deily2017-01-021-1/+1
| |\
| | * ring IDLE.app into 2017, tooNed Deily2017-01-021-1/+1
| | |
* | | Post-release fixups for Python 3.4.6rc1.Larry Hastings2017-01-032-1/+13
| | |
* | | Added tag v3.4.6rc1 for changeset e199a272ccdaLarry Hastings2017-01-021-0/+1
| | |
* | | Version bump for 3.4.6rc1.v3.4.6rc1Larry Hastings2017-01-023-7/+7
| | |
* | | Regenerated pydoc topics for 3.4.6rc1. (Also fixed doc error, improved build.)Larry Hastings2017-01-023-5/+5
|/ /
generated by cgit v0.12 at 2026-01-08 07:22:47 (GMT)