| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-102508) (GH-104575) (GH-104592) (#104593)
gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508)
`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595.
This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329).
I simplified the docs by eliding the state of the world explanatory
paragraph in this security release only backport. (people will see
that in the mainline /3/ docs)
(cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10)
(cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941)
(cherry picked from commit f48a96a28012d28ae37a2f4587a780a5eb779946)
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
|
|
|
|
|
|
| |
(GH-102953) (#104382)
Backport of c8c3956d905e019101038b018129a4c90c9c9b8f
|
|
|
|
|
|
|
|
|
| |
(GH-102630) (GH-102666)
(cherry picked from commit 61479d46848bc7a7f9b571b0b09c4a4b4436d839)
Co-authored-by: Blind4Basics <32236948+Blind4Basics@users.noreply.github.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
|
|
|
|
|
|
| |
Windows (GH-101286) (#101709)
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Steve Dower <steve.dower@microsoft.com>
|
|
|
|
|
| |
(cherry picked from commit ea232716d3de1675478db3a302629ba43194c967)
Co-authored-by: Owain Davies <116417456+OTheDev@users.noreply.github.com>
|
|
|
|
|
|
|
| |
(cherry picked from commit 1cf3d78c92eb07dc09d15cc2e773b0b1b9436825)
(cherry picked from commit 88fe8d701af3316c8869ea18ea1c7acec6f68c04)
Co-authored-by: Jeremy Paige <ucodery@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
|
|
|
|
|
|
|
|
|
| |
* [3.9] Update copyright years to 2023. (gh-100848).
(cherry picked from commit 11f99323c2ae0ec428c370a335695e3d8d4afc1d)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
* Update additional copyright years to 2023.
Co-authored-by: Ned Deily <nad@python.org>
|
|
|
|
|
| |
(cherry picked from commit cb60b6131bc2bb11c48a15f808914d8b242b9fc5)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-100002) (#100032)
* gh-100001: Omit control characters in http.server stderr logs. (GH-100002)
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* also escape \s (backport of PR #100038).
* add versionadded and remove extra 'to'
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
|
|
|
|
|
|
|
| |
(GH-91993) (#98190)
gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
(cherry picked from commit b9509ba7a9c668b984dab876c7926fe1dc5aa0ba)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
|
|
|
|
|
|
|
| |
(#98054)
Revert params note in urllib.parse.urlparse table
(cherry picked from commit eed80458e8e776d15fa862da71dcce58c47e2ca7)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
| |
(#96874) (#96877)
When ValueError is raised if an integer is larger than the limit,
mention sys.set_int_max_str_digits() in the error message.
(cherry picked from commit e841ffc915e82e5ea6e3b473205417d63494808d)
Co-authored-by: Ned Deily <nad@python.org>
|
|
|
|
|
|
|
|
|
| |
(GH-97688)
This documents the behavior that has always been the case since timeout
support was introduced in Python 3.3.
(cherry picked from commit b05dd796492160c37c9e15e3882f699f411b3461)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
|
|
| |
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
|
|
|
|
|
|
| |
Co-authored-by: roy reznik <royreznik@gmail.com>
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>.
(cherry picked from commit df81d2892eed3a256eb61ce59304f2173fb0c945)
|
|
|
|
|
| |
(cherry picked from commit 07374cce52abb7fd39729dc1b646ca3029b64c64)
Co-authored-by: Dong-hee Na <donghee.na@python.org>
|
|
|
|
|
|
|
| |
(GH-94416) (GH-94494)
(cherry picked from commit 80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf)
Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
|
|
|
|
|
| |
(cherry picked from commit 56b5daf15970be449d44e91f08db84c698ac5506)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
|
|
|
|
|
| |
(cherry picked from commit 2cdd57f119e3b85f1bfd28c7ff040e0d9bcaf115)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Martin Fischer <martin@push-f.com>
|
|
|
|
|
|
|
| |
(GH-92967)
(cherry picked from commit fb082c2fc5a925085b179e63ca10b7f60b356d2f)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
|
|
|
|
|
| |
Py>=3 (GH-92502) (GH-92964)
(cherry picked from commit 97b9c1096feff77a564787ef520cc7d4e1d1c45f)
|
|
|
|
|
| |
(cherry picked from commit 549567c6e70da4846c105a18a1a89e7dd09680d7)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
|
|
|
|
| |
(cherry picked from commit 3ed1cae9ed9d1f0dd9d68da4b30b731fdf6be768)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
|
|
|
|
|
|
| |
notices (GH-92612)
(cherry picked from commit 9f68dab3d327335b938046c50b4f09944e993cc8)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
|
|
|
|
|
|
|
|
|
| |
It fixes 252 errors from a Sphinx nitpicky run (sphinx-build -n). But
there's 8182 errors left.
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
(cherry picked from commit 664aa94b570a4a8f3535efb2e3d638a4ab655943)
Co-authored-by: Julien Palard <julien@palard.fr>
|
| |
|
|
|
|
|
|
|
| |
__future__ import annotations" (GH-92568). (#92726)
(cherry picked from commit 6582c96454ddb731eb412c2a473300172225fdb9)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
(GH-92631) (GH-92661)
(cherry picked from commit 38486ca212c0827d54e7b0d0b1e2c1ccc2bdad33)
Co-authored-by: Mikhail Terekhov <termim@gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
|
|
|
|
|
| |
& features (GH-92529) (GH-92610)
(cherry picked from commit f1bbcba74f77eff2a4c0881f3d529f3bf0664d40)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
| |
(cherry picked from commit c56e2bb9949c95ec8911cd5554b07044a564796f)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
|
|
|
|
|
|
| |
See: https://mail.python.org/archives/list/docs@python.org/thread/KDVFGNGGUGGPVRZT7WZYHHWXCRS2GEN7/
(cherry picked from commit b77a95f44a024d1afab28e380252aa6d9c4efb1c)
Co-authored-by: Julien Palard <julien@palard.fr>
|
|
|
|
|
|
|
| |
Python versions (GH-92419)
(cherry picked from commit f4e317b304c7f86e48885b4b74c7a8826648922c)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Some handlers were wrongly described as text-encoding only, but actually they can also be used in text-decoding.
* Add more description to each handler.
* Add two REPL examples.
* Add indexes for Error Handler's name.
Co-authored-by: Kyle Stanley <aeros167@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 5bc2390229bbcb4f13359e867fd8a140a1d5496b)
Co-authored-by: Ma Lin <animalize@users.noreply.github.com>
|
|
|
|
|
|
|
|
| |
see https://github.com/gotcha/ipdb/issues/172
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 2888b1107fd0b43cc800987a00155bdbeacdb23a)
Co-authored-by: Godefroid Chapelle <gotcha@bubblenet.be>
|
|
|
|
|
|
| |
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 859250cc55711f4d62b65922d3f7537826c3801e)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
|
|
|
|
|
|
| |
(GH-92425)
(cherry picked from commit 318c4e91ef166bcd5d513bb42b9156d54d423d4a)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
versions (GH-92422) (GH-92466)
(cherry picked from commit bc098cfdb756f207d8fa84793e8ad91a2f263efb)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove redundant footnote ref: the footnote has been removed
* Fix footnote ref to match footnote
* Convert footnotes into reST footnotes: will error if missing
(cherry picked from commit 788ef54bc94b0a7aa2a93f626e4067ab8561424c)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 8f293180791f2836570bdfc29aadba04a538d435)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-92423) (GH-92474)
Given that 2.7 has now been end-of-life for two and a half years,
I don't think we need such a detailed explanation here anymore of
the differences between Python 2 and Python 3.
(cherry picked from commit 8efda1e7c6343b1671d93837bf2c146e4cf77bbf)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
|
|
| |
all supported Python versions (GH-92418)
(cherry picked from commit e5b4bd4d60aaf0292c5b9d628512145b8987b3c6)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
|
|
|
| |
(GH-92449). (GH-92458)
|
|
|
|
|
|
| |
* Fix missing possessive apostrophe
(cherry picked from commit a79001ee16b3ea8b5d0fad595c969d9e1b7627f3)
Co-authored-by: gophra <105054704+gophra@users.noreply.github.com>
|
|
|
|
|
|
|
| |
(cherry picked from commit 43b135f94ebf3e6e84ddb0f75ed8510b96a610e4)
Co-authored-by: Robert Howlett <robert@howletts.org.uk>
Co-authored-by: Robert Howlett <robert@howletts.org.uk>
|
|
|
|
|
|
| |
The current wording implied this, but didn't state it explicitly.
(cherry picked from commit 740da8d37a84638f4a8893bee3648f36fc6beb0f)
Co-authored-by: Matt Wozniski <godlygeek@gmail.com>
|
|
|
|
|
| |
(cherry picked from commit d1b2e989be2bc5128d6602e4f370d0ee6f5ac476)
Co-authored-by: Sebastian Rittau <srittau@rittau.biz>
|
|
|
|
|
|
| |
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>.
(cherry picked from commit 27e366571590e9e98f61dccf69dbeaa88ee66737)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
|
|
|
|
| |
(cherry picked from commit ee2205b208389611e8a278ac1bc74b34f4994fd2)
Co-authored-by: Robert Yang <35813883+robert861212@users.noreply.github.com>
|