summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version bump for 3.5.7 final.v3.5.7Larry Hastings2019-03-172-5/+5
|
* Blurb release and pydoc-topics for 3.5.7 final.Larry Hastings2019-03-175-11/+33
|
* [3.5] bpo-35121: prefix dot in domain for proper subdomain validation ↵Xtreak2019-03-173-2/+45
| | | | | | | | (GH-10258) (#12281) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com>
* bpo-35647: Fix path check in cookiejar (#11436) (#12277)Xtreak2019-03-163-5/+38
| | | | | | | | | | | | | * Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)
* bpo-36216: Add check for characters in netloc that normalize to separators ↵Steve Dower2019-03-114-0/+61
| | | | (GH-12201) (#12223)
* Post-release verison bump for 3.5.7rc1.Larry Hastings2019-03-041-1/+1
|
* Version bump & copyright year update for 3.5.7rc1.v3.5.7rc1Larry Hastings2019-03-047-17/+17
|
* PyDoc and blurb updates for 3.5.7rc1.Larry Hastings2019-03-047-13098/+127
|
* [3.5] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) ↵Cheryl Sabella2019-03-042-6/+9
| | | | | | | | | | | | (#12144) Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom is commonly used to select all signals for blocking with `pthread_sigmask`. So we ignore the sigaddset() return value until we expose sigfillset() to provide a better idiom. (cherry picked from commit 25038ec) Co-authored-by: Antoine Pitrou <pitrou@free.fr>
* [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)Alex Viscreanu2019-03-012-8/+18
| | | | | | | | | | | | * bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-34791: xml package obeys ignore env flags (GH-9544) (#11871)Victor Stinner2019-02-263-2/+7
| | | | | | | | The xml.sax and xml.dom.domreg modules now obey sys.flags.ignore_environment. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 223e501fb9c2b6ae21b96054e20c4c31d94a5d96)
* closes bpo-34656: Avoid relying on signed overflow in _pickle memos. ↵Victor Stinner2019-02-261-31/+32
| | | | | (GH-9261) (#11869) (cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd)
* bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)Victor Stinner2019-02-264-0/+52
| | | | | | | | | | | | Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
* bpo-35411: Skip test_urllib2net FTP tests on Travis CI (GH-10907) (#11874)Victor Stinner2019-02-251-0/+12
| | | | | | On Travis CI, FTP tests of test_urllib2net randomly fail with "425 Security: Bad IP connecting". (cherry picked from commit c11b3b19a5b022c6c229043d37f9a9fd06f22500)
* [3.5] bpo-34623: Use XML_SetHashSalt in _elementtree (#9933)stratakis2019-02-254-1/+15
| | | | | | | | | | | | | * bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue34623 (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) Co-authored-by: Christian Heimes <christian@python.org>
* Post-release version bump for 3.5.6.Larry Hastings2018-08-021-1/+1
|
* Version bump for 3.5.6 final.v3.5.6Larry Hastings2018-08-022-5/+5
|
* Add Blurb entry for 3.5.6 final.Larry Hastings2018-08-021-0/+8
|
* Post-release version bump for 3.5.6rc1.Larry Hastings2018-07-201-1/+1
|
* Version bump for 3.5.6rc1.v3.5.6rc1Larry Hastings2018-07-202-6/+6
|
* PyDoc topics refresh & blurb release for 3.5.6rc1.Larry Hastings2018-07-205-8/+30
|
* bpo-33216: Clarify the documentation for CALL_FUNCTION_* (#8338)larryhastings2018-07-192-22/+72
| | | Clarify the documentation for the CALL_FUNCTION_* bytecodes. They changed in 3.5 in subtle ways and the documentation has never been correct, much less clear.
* Doc: Backport language switcher (bpo-33700, bpo-31045) (#8048)Julien Palard2018-07-025-74/+160
|
* Backport 3.7.0 final changesNed Deily2018-06-272-2/+2
|
* [3.5] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5991)Steve Dower2018-05-143-38/+97
| | | | | | * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Remove invalid test
* [3.5] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6034)Ned Deily2018-03-116-4/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>. (cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac)
* Post-release bump for Python 3.5.5.Larry Hastings2018-02-051-1/+1
|
* Version bump for 3.5.5.v3.5.5Larry Hastings2018-02-042-5/+5
|
* Finalize blurb archive for 3.5.5 (no new blurbs).Larry Hastings2018-02-041-0/+8
|
* Merge branch '3.5' of github.com:python/cpython into 3.5Larry Hastings2018-02-042-2/+4
|\
| * Update docs template for 3.8Ned Deily2018-02-012-2/+4
| |
* | Post-release version bump for 3.5.5rc1.Larry Hastings2018-02-041-1/+1
| |
* | Whoops, missed checking in version bump.v3.5.5rc1Larry Hastings2018-01-231-4/+4
| |
* | Bump version and copyright year for 3.5.5rc1.Larry Hastings2018-01-236-14/+14
| |
* | blurb release and pydoc topics for 3.5.5rc1.Larry Hastings2018-01-238-106/+13161
|/
* [3.5] bpo-32072: Fix issues with binary plists. (GH-4455) (#4656)Serhiy Storchaka2018-01-233-37/+114
| | | | | | | | | | | | | | * [3.5] bpo-32072: Fix issues with binary plists. (GH-4455) * Fixed saving bytearrays. * Identical objects will be saved only once. * Equal references will be load as identical objects. * Added support for saving and loading recursive data structures. (cherry picked from commit a897aee) * Fix implementation dependent assertion in test_plistlib. (#4813) It is failed with an advanced optimizer.
* [3.5] bpo-32551: Consistently configure sys.path[0] (#5197)Nick Coghlan2018-01-233-28/+124
| | | | | | | | | | | | | | | | | | | | | | | | Directory and zipfile execution previously added the parent directory of the directory or zipfile as sys.path[0] and then subsequently overwrote it with the directory or zipfile itself. This caused problems in isolated mode, as it overwrote the "stdlib as a zip archive" entry in sys.path, as the parent directory was never added. The attempted fix to that issue in bpo-29319 created the opposite problem in *non*-isolated mode, by potentially leaving the parent directory on sys.path instead of overwriting it. This change fixes the root cause of the problem by removing the whole "add-and-overwrite" dance for sys.path[0], and instead simply never adds the parent directory to sys.path in the first place. (cherry picked from commit d2977a3ae2cc6802921b1e3b6e9d13fcfbda872d)
* [3.5] bpo-32563: Get expat to compile under C89 (#5201)Nick Coghlan2018-01-231-8/+12
| | | | | | | | | | | | | | | | * [3.5] bpo-32563: Get expat to compile under C89 expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library). * Don't configure a nonexistent Python
* [3.5] bpo-32620: Remove failing pyenv call from CI config (#5274)Nick Coghlan2018-01-232-3/+1
| | | | | | | | | | * [3.5] Remove failing pyenv call from CI config * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library).
* bpo-30657: Fix CVE-2017-1000158 (#4664)Miro Hrončok2017-12-083-1/+11
| | | | | Fixes possible integer overflow in PyBytes_DecodeEscape. Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com>
* Exclude VENVDIR in Doc builds (#3977)Ned Deily2017-10-122-2/+3
|
* Remove retired and security branches from active docs (#3882)3.5Ned Deily2017-10-041-2/+0
|
* bpo-31095: fix potential crash during GC (GH-2974) (#3196)INADA Naoki2017-09-2614-14/+60
| | | (cherry picked from commit a6296d34a478b4f697ea9db798146195075d496c)
* [3.5] bpo-31170: Fix inclusion of expat in Windows build projects. (#3751)Steve Dower2017-09-264-1/+15
| | | | | | * bpo-31170: Fix inclusion of expat in Windows build projects. * Fixes line endings
* [3.5][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3354)Victor Stinner2017-09-2523-153/+1289
| | | | | | | | | | | | | * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat
* bpo-31568, Travis CI: Fix python3.5 (#3737)Victor Stinner2017-09-241-0/+3
| | | | Works around Travis CI bug about the python3.5 binary: https://github.com/travis-ci/travis-ci/issues/8363
* [3.5] Fix broken `Show Source` links on documentation pages (GH-3113) (#3126)Mariatta2017-09-081-1/+1
| | | | | | The `Show Source` was broken because of a change made in sphinx 1.5.1 In Sphinx 1.4.9, the sourcename was "index.txt". In Sphinx 1.5.1+, it is now "index.rst.txt". (cherry picked from commit b9ff498793611d1c6a9b99df464812931a1e2d69)
* [3.5] bpo-31036: Allow sphinx and blurb to be found automatically (GH-3440)Ned Deily2017-09-081-7/+14
| | | | | | | | | Rather than requiring the path to blurb and/or sphinx-build to be specified to the make rule, enhance the Doc/Makefile to look for each first in a virtual environment created by make venv and, if not found, look on the normal process PATH. This allows the Doc/Makefile to take advantage of an installed spinx-build or blurb and, thus, do the right thing most of the time. Also, make the directory for the venv be configurable and document the `make venv` target.
* Merge 3.5.4 release into main 3.5 branch.Larry Hastings2017-08-082-3/+1
|\
| * Remove .mention-bot (GH-2923) (GH-2971)Mariatta2017-08-011-3/+0
| | | | | | (cherry picked from commit e1e60bd95c376f9b18cbaf9481364281c6cc1bc7)
generated by cgit v0.12 at 2026-01-17 18:04:12 (GMT)