| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-102508) (GH-104575) (GH-104592) (#104593)
gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508)
`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595.
This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329).
I simplified the docs by eliding the state of the world explanatory
paragraph in this security release only backport. (people will see
that in the mainline /3/ docs)
(cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10)
(cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941)
(cherry picked from commit f48a96a28012d28ae37a2f4587a780a5eb779946)
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
|
| |
|
|
|
|
| |
(GH-102953) (#104382)
Backport of c8c3956d905e019101038b018129a4c90c9c9b8f
|
| |
|
|
|
|
|
|
|
| |
(GH-102630) (GH-102666)
(cherry picked from commit 61479d46848bc7a7f9b571b0b09c4a4b4436d839)
Co-authored-by: Blind4Basics <32236948+Blind4Basics@users.noreply.github.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
|
| |
|
|
|
|
| |
Windows (GH-101286) (#101709)
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Steve Dower <steve.dower@microsoft.com>
|
| |
|
|
|
| |
(cherry picked from commit ea232716d3de1675478db3a302629ba43194c967)
Co-authored-by: Owain Davies <116417456+OTheDev@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(cherry picked from commit 1cf3d78c92eb07dc09d15cc2e773b0b1b9436825)
(cherry picked from commit 88fe8d701af3316c8869ea18ea1c7acec6f68c04)
Co-authored-by: Jeremy Paige <ucodery@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
| |
(cherry picked from commit cb60b6131bc2bb11c48a15f808914d8b242b9fc5)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-100002) (#100032)
* gh-100001: Omit control characters in http.server stderr logs. (GH-100002)
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* also escape \s (backport of PR #100038).
* add versionadded and remove extra 'to'
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
| |
(GH-91993) (#98190)
gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
(cherry picked from commit b9509ba7a9c668b984dab876c7926fe1dc5aa0ba)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
| |
|
|
|
|
|
|
| |
(#98054)
Revert params note in urllib.parse.urlparse table
(cherry picked from commit eed80458e8e776d15fa862da71dcce58c47e2ca7)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
(#96874) (#96877)
When ValueError is raised if an integer is larger than the limit,
mention sys.set_int_max_str_digits() in the error message.
(cherry picked from commit e841ffc915e82e5ea6e3b473205417d63494808d)
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
|
|
|
|
| |
(GH-97688)
This documents the behavior that has always been the case since timeout
support was introduced in Python 3.3.
(cherry picked from commit b05dd796492160c37c9e15e3882f699f411b3461)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
| |
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-94416) (GH-94494)
(cherry picked from commit 80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf)
Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
|
| |
|
|
|
|
| |
(cherry picked from commit 2cdd57f119e3b85f1bfd28c7ff040e0d9bcaf115)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Martin Fischer <martin@push-f.com>
|
| |
|
|
|
|
| |
Py>=3 (GH-92502) (GH-92964)
(cherry picked from commit 97b9c1096feff77a564787ef520cc7d4e1d1c45f)
|
| |
|
|
|
|
|
| |
notices (GH-92612)
(cherry picked from commit 9f68dab3d327335b938046c50b4f09944e993cc8)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
|
| | |
|
| |
|
|
|
|
|
| |
__future__ import annotations" (GH-92568). (#92726)
(cherry picked from commit 6582c96454ddb731eb412c2a473300172225fdb9)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-92631) (GH-92661)
(cherry picked from commit 38486ca212c0827d54e7b0d0b1e2c1ccc2bdad33)
Co-authored-by: Mikhail Terekhov <termim@gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
|
|
|
|
| |
& features (GH-92529) (GH-92610)
(cherry picked from commit f1bbcba74f77eff2a4c0881f3d529f3bf0664d40)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
| |
(cherry picked from commit c56e2bb9949c95ec8911cd5554b07044a564796f)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
|
| |
|
|
|
|
|
| |
Python versions (GH-92419)
(cherry picked from commit f4e317b304c7f86e48885b4b74c7a8826648922c)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Some handlers were wrongly described as text-encoding only, but actually they can also be used in text-decoding.
* Add more description to each handler.
* Add two REPL examples.
* Add indexes for Error Handler's name.
Co-authored-by: Kyle Stanley <aeros167@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 5bc2390229bbcb4f13359e867fd8a140a1d5496b)
Co-authored-by: Ma Lin <animalize@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
see https://github.com/gotcha/ipdb/issues/172
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 2888b1107fd0b43cc800987a00155bdbeacdb23a)
Co-authored-by: Godefroid Chapelle <gotcha@bubblenet.be>
|
| |
|
|
|
|
|
| |
(GH-92425)
(cherry picked from commit 318c4e91ef166bcd5d513bb42b9156d54d423d4a)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
versions (GH-92422) (GH-92466)
(cherry picked from commit bc098cfdb756f207d8fa84793e8ad91a2f263efb)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit 8f293180791f2836570bdfc29aadba04a538d435)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-92423) (GH-92474)
Given that 2.7 has now been end-of-life for two and a half years,
I don't think we need such a detailed explanation here anymore of
the differences between Python 2 and Python 3.
(cherry picked from commit 8efda1e7c6343b1671d93837bf2c146e4cf77bbf)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
|
| |
all supported Python versions (GH-92418)
(cherry picked from commit e5b4bd4d60aaf0292c5b9d628512145b8987b3c6)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit d1b2e989be2bc5128d6602e4f370d0ee6f5ac476)
Co-authored-by: Sebastian Rittau <srittau@rittau.biz>
|
| |
|
|
|
|
| |
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>.
(cherry picked from commit 27e366571590e9e98f61dccf69dbeaa88ee66737)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
| |
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>.
(cherry picked from commit cc6ae4f4835f9e76a34f24cd1f666c1cc0fecfa3)
Co-authored-by: Meer Suri <46469858+meersuri@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 32e4f450af3fbcc5c7e186f83ff74e2efe164136)
Co-authored-by: Yassir Karroum <ukarroum17@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit e9f66aedf44ccc3be27975cfb070a44ce6a6bd13)
Co-authored-by: E-Paine <63801254+E-Paine@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 4b297a9ffd4a1d420c1a8016f4ed2c7f1d298469)
Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
|
| |
|
|
|
|
|
| |
sentence (GH-91614)
(cherry picked from commit b9ab6cea0819bd498063f0934cb5bb0bb5a6a2d4)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
| |
Remove a confusion for read method in asyncio-subprocess doc for stderr StreamReader instance
(cherry picked from commit bb857a96ef368ba9de1da2db12b1a1f1870606ac)
Co-authored-by: Harsh <65716674+Harsh-br0@users.noreply.github.com>
|
| |
|
|
|
|
| |
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit b25352a5c039d95e019dd8ca111f6f77c43ca1f7)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 9166ace805d915c8a918cd89fff0e58b65e3327c)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 1066ecb97042b8e89de554e6f9dc2e3d634208c0)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
| |
Fixes python/typingGH-424
(cherry picked from commit 9588f880a286a8cc5597188f6ab44108c8f18761)
Co-authored-by: Sam Bull <aa6bs0@sambull.org>
|
| |
|
|
|
|
|
|
|
|
| |
example.com is reserved by the IANA as special-use domain name for documentation
purposes. The domain names are used widely in books, tutorials, sample network
configurations, and generally as examples for the use of domain name.
On the other hand, mydomain.com is real Domain Name Registration service.
(cherry picked from commit ea392467829d6e93f824bde8eb87bdb31d9e4c62)
Co-authored-by: Motoki Naruse <motoki@naru.se>
|
| |
|
|
|
| |
(cherry picked from commit 567be058b403db9689af45bf831d4c732c8b1105)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit d7eb1ffbe8f913693e4c9ffa1b32edccac987ab6)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 3a8e2b6e65fea1252477f6e29a384fa9a492ed06)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
redirected requests (GH-30708) (#92005)
(cherry picked from commit f348154c8f8a9c254503306c59d6779d4d09b3a9)
Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
|
| |
|
|
|
|
| |
GH-84459
(cherry picked from commit 161dff7e10eeb7eaf6d418b91e993aaf84770a5c)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
