| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
email.parseaddr() (GH-111116) (#123769)
Detect email address parsing errors and return empty tuple to
indicate the parsing error (old API). Add an optional 'strict'
parameter to getaddresses() and parseaddr() functions. Patch by
Thomas Dwyer.
(cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-Authored-By: Thomas Dwyer <github@tomd.tel>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-122233) (#122610)
Per RFC 2047:
> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects
It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.
This should fail for custom fold() implementations that aren't careful
about newlines.
(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
| |
(GH-122120)
|
| |
|
| |
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-113179) (GH-113186) (GH-118177) (GH-118472)
The _private_networks variables, used by various is_private
implementations, were missing some ranges and at the same time had
overly strict ranges (where there are more specific ranges considered
globally reachable by the IANA registries).
This patch updates the ranges with what was missing or otherwise
incorrect.
100.64.0.0/10 is left alone, for now, as it's been made special in [1].
The _address_exclude_many() call returns 8 networks for IPv4, 121
networks for IPv6.
[1] https://github.com/python/cpython/issues/61602
In 3.10 and below, is_private checks whether the network and broadcast
address are both private.
In later versions (where the test wss backported from), it checks
whether they both are in the same private network.
For 0.0.0.0/0, both 0.0.0.0 and 255.225.255.255 are private,
but one is in 0.0.0.0/8 ("This network") and the other in
255.255.255.255/32 ("Limited broadcast").
---------
Co-authored-by: Jakub Stasiak <jakub@stasiak.at>
|
| |
|
|
|
|
|
| |
(GH-117996) (GH-118005)
(cherry picked from commit a4b44d39cd6941cc03590fee7538776728bdfd0a)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-115623) (GH-116272)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`
Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .
Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
| |
(GH-115400) (GH-115763)
Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce46e7335a5dbaf48a3aa841be22d7302ba)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
|
| |
|
| |
Pin theme to fix code snippets
|
| |
|
|
|
|
|
| |
(GH-114022) (GH-114039)
(cherry picked from commit 94b1d1fa38ada8cf7d196184a04a195c152eed75)
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
|
| |
|
|
|
| |
Alabaster is Sphinx's dependency. Alabaster 0.7.14 released on 2024-01-08 dropped support for Sphinx 3.3 and earlier.
https://alabaster.readthedocs.io/en/latest/changelog.html
|
| |
|
|
|
|
|
|
|
|
| |
(#108274)
(cherry picked from commit acbd3f9c5c5f23e95267714e41236140d84fe962)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Lumír 'Frenzy' Balhar <frenzy.madness@gmail.com>
|
| |
|
|
|
|
|
| |
docs gh-105269 (GH-105468) (#105477)
(cherry picked from commit acf3916e84158308660ed07c474a564e045d6884)
Co-authored-by: Federico Caselli <CaselIT@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
checked with PyErr_Occurred (GH-105185) (#105221)
(cherry picked from commit ee26ca13a129da8cf549409d0a1b2e892ff2b4ec)
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-102508) (GH-104575) (GH-104592) (#104593)
gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508)
`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595.
This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329).
I simplified the docs by eliding the state of the world explanatory
paragraph in this security release only backport. (people will see
that in the mainline /3/ docs)
(cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10)
(cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941)
(cherry picked from commit f48a96a28012d28ae37a2f4587a780a5eb779946)
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
|
| |
|
|
|
|
| |
(GH-102953) (#104382)
Backport of c8c3956d905e019101038b018129a4c90c9c9b8f
|
| |
|
|
|
|
|
|
|
| |
(GH-102630) (GH-102666)
(cherry picked from commit 61479d46848bc7a7f9b571b0b09c4a4b4436d839)
Co-authored-by: Blind4Basics <32236948+Blind4Basics@users.noreply.github.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
|
| |
|
|
|
|
| |
Windows (GH-101286) (#101709)
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Steve Dower <steve.dower@microsoft.com>
|
| |
|
|
|
| |
(cherry picked from commit ea232716d3de1675478db3a302629ba43194c967)
Co-authored-by: Owain Davies <116417456+OTheDev@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(cherry picked from commit 1cf3d78c92eb07dc09d15cc2e773b0b1b9436825)
(cherry picked from commit 88fe8d701af3316c8869ea18ea1c7acec6f68c04)
Co-authored-by: Jeremy Paige <ucodery@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
|
|
| |
* [3.9] Update copyright years to 2023. (gh-100848).
(cherry picked from commit 11f99323c2ae0ec428c370a335695e3d8d4afc1d)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
* Update additional copyright years to 2023.
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
| |
(cherry picked from commit cb60b6131bc2bb11c48a15f808914d8b242b9fc5)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-100002) (#100032)
* gh-100001: Omit control characters in http.server stderr logs. (GH-100002)
Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
(cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* also escape \s (backport of PR #100038).
* add versionadded and remove extra 'to'
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
| |
(GH-91993) (#98190)
gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
(cherry picked from commit b9509ba7a9c668b984dab876c7926fe1dc5aa0ba)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
| |
|
|
|
|
|
|
| |
(#98054)
Revert params note in urllib.parse.urlparse table
(cherry picked from commit eed80458e8e776d15fa862da71dcce58c47e2ca7)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
(#96874) (#96877)
When ValueError is raised if an integer is larger than the limit,
mention sys.set_int_max_str_digits() in the error message.
(cherry picked from commit e841ffc915e82e5ea6e3b473205417d63494808d)
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
|
|
|
|
| |
(GH-97688)
This documents the behavior that has always been the case since timeout
support was introduced in Python 3.3.
(cherry picked from commit b05dd796492160c37c9e15e3882f699f411b3461)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
| |
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
| |
Co-authored-by: roy reznik <royreznik@gmail.com>
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>.
(cherry picked from commit df81d2892eed3a256eb61ce59304f2173fb0c945)
|
| |
|
|
|
| |
(cherry picked from commit 07374cce52abb7fd39729dc1b646ca3029b64c64)
Co-authored-by: Dong-hee Na <donghee.na@python.org>
|
| |
|
|
|
|
|
| |
(GH-94416) (GH-94494)
(cherry picked from commit 80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf)
Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 56b5daf15970be449d44e91f08db84c698ac5506)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
| |
(cherry picked from commit 2cdd57f119e3b85f1bfd28c7ff040e0d9bcaf115)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Martin Fischer <martin@push-f.com>
|
| |
|
|
|
|
|
| |
(GH-92967)
(cherry picked from commit fb082c2fc5a925085b179e63ca10b7f60b356d2f)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
|
| |
Py>=3 (GH-92502) (GH-92964)
(cherry picked from commit 97b9c1096feff77a564787ef520cc7d4e1d1c45f)
|
| |
|
|
|
| |
(cherry picked from commit 549567c6e70da4846c105a18a1a89e7dd09680d7)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 3ed1cae9ed9d1f0dd9d68da4b30b731fdf6be768)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
notices (GH-92612)
(cherry picked from commit 9f68dab3d327335b938046c50b4f09944e993cc8)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
|
| |
|
|
|
|
|
|
|
| |
It fixes 252 errors from a Sphinx nitpicky run (sphinx-build -n). But
there's 8182 errors left.
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
(cherry picked from commit 664aa94b570a4a8f3535efb2e3d638a4ab655943)
Co-authored-by: Julien Palard <julien@palard.fr>
|
| | |
|
| |
|
|
|
|
|
| |
__future__ import annotations" (GH-92568). (#92726)
(cherry picked from commit 6582c96454ddb731eb412c2a473300172225fdb9)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-92631) (GH-92661)
(cherry picked from commit 38486ca212c0827d54e7b0d0b1e2c1ccc2bdad33)
Co-authored-by: Mikhail Terekhov <termim@gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
|
|
|
|
| |
& features (GH-92529) (GH-92610)
(cherry picked from commit f1bbcba74f77eff2a4c0881f3d529f3bf0664d40)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
| |
(cherry picked from commit c56e2bb9949c95ec8911cd5554b07044a564796f)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
|
| |
|
|
|
|
| |
See: https://mail.python.org/archives/list/docs@python.org/thread/KDVFGNGGUGGPVRZT7WZYHHWXCRS2GEN7/
(cherry picked from commit b77a95f44a024d1afab28e380252aa6d9c4efb1c)
Co-authored-by: Julien Palard <julien@palard.fr>
|
| |
|
|
|
|
|
| |
Python versions (GH-92419)
(cherry picked from commit f4e317b304c7f86e48885b4b74c7a8826648922c)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Some handlers were wrongly described as text-encoding only, but actually they can also be used in text-decoding.
* Add more description to each handler.
* Add two REPL examples.
* Add indexes for Error Handler's name.
Co-authored-by: Kyle Stanley <aeros167@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 5bc2390229bbcb4f13359e867fd8a140a1d5496b)
Co-authored-by: Ma Lin <animalize@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
see https://github.com/gotcha/ipdb/issues/172
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 2888b1107fd0b43cc800987a00155bdbeacdb23a)
Co-authored-by: Godefroid Chapelle <gotcha@bubblenet.be>
|
