| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
* bpo-33001: Minimal fix to prevent buffer overrun in os.symlink
* Skips test to avoid crashing during the test suite
* Remove invalid test
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Prevent low-grade poplib REDOS (CVE-2018-1060)
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.
Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.
A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.
Replace it with a similar non-vulnerable regex.
The new regex is RFC compliant.
The old regex was non-compliant in edge cases.
* Prevent difflib REDOS (CVE-2018-1061)
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.
Also introduce unit and REDOS tests for difflib.
Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#5533)
* [3.5] Remove failing pyenv call from CI config
* Backport XML RPC test skip to 3.5
The buildbot service upgrade removed the XML-RPC
interface, so this test no longer works (through no
fault of the standard library).
(cherry picked from commit 4a4c2743133e195cc3725b78a895d85d69e50089)
Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* [3.4] bpo-32072: Fix issues with binary plists. (GH-4455)
* Fixed saving bytearrays.
* Identical objects will be saved only once.
* Equal references will be load as identical objects.
* Added support for saving and loading recursive data structures..
(cherry picked from commit a897aeeef647259a938a36cb5eb6680c86021c6a)
* Fix implementation dependent assertion in test_plistlib. (#4813)
It is failed with an advanced optimizer.
|
| |
|
|
| |
command (#1214) (#2893)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Issues #23808, #25911: Trying to fix walk tests on Windows.
On Windows a symlink can has the FILE_ATTRIBUTE_DIRECTORY flag.
(cherry picked from commit 388b90f28e029daaf06aae8026b596e2f20a1cd3)
* bpo-30231: Remove skipped test_imaplib tests (#1419) (#2193)
The public cyrus.andrew.cmu.edu IMAP server (port 993) doesn't accept
TLS connection using our self-signed x509 certificate. Remove the two
tests which are already skipped.
(cherry picked from commit 7895a0585b4b6a1c8082d17227307c6ce2c8bb8b)
* Backport CI config from master
* Add .travis.yml for Travis CI
* Add .github/ for AppVeyor and CodeCov.
* Travis CI: remove "make regen-all" check
The regen-all Makefile rule doesn't exist in Python 3.4, only since
Python 3.5 and newer (and 2.7).
* appveyor: replace --slowest with --slow
* Travis CI: remove the GCC coverage job
* Travis CI: remove tzdata resource from regrtest
tzdata resource doesn't exist in Python 3.4.
* Travis CI: remove the doc job
Fixing Sphinx warnings requires to backport huge intrusive changes
like:
- commit d97b7dc94b19063f0589d401bdc4aaadc7030762
- commit 5c6793394066b012b9674681b0815667938ce4d9
* appveyor: set version to 3.4.6+
* bpo-30730: Fix test_os tests.
Fix test_invalid_cmd() and test_invalid_env(), TypeError is raised on
Python 3.4.
(cherry picked from commit 5e22721e586344b547194f0f7ea67fd425f94e72)
|
| |
|
|
|
|
|
|
|
| |
(#2695)
* [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks.
(cherry picked from commit 8f657c35b978b681e6e919f08358992e1aed7dc1)
* Rewrite a NEWS entry as a NEWS.d entry.
|
| |
|
|
|
|
| |
Based on patch by Philipp Hagemeister. This fixes a regression caused by
revision f4377699fd47.
(cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a)
|
| |
|
|
|
|
|
|
|
| |
The current regex based splitting produces a wrong result. For example::
http://abc#@def
Web browsers parse that URL as ``http://abc/#@def``, that is, the host
is ``abc``, the path is ``/``, and the fragment is ``#@def``.
(cherry picked from commit 90e01e50ef8a9e6c91f30d965563c378a4ad26de)
|
| |
|
|
|
|
|
| |
(GH-1678) (#2248)
Based on patches by Duane Griffin and Tim Mitchell.
(cherry picked from commit 753bca3934a7618a4fa96e107ad1c5c18633a683).
(cherry picked from commit 2f7f533cf6fb57fcedcbc7bd454ac59fbaf2c655)
|
| |
|
|
|
|
|
|
|
|
|
| |
subprocess on Windows. (GH-2325) (#2362)
* [3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325)
Prevent passing other invalid environment variables and command arguments..
(cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700)
* Update NEWS
|
| | |
|
| |\
| |
| |
| | |
non-integer numbers. Django tests depend on this.
|
| | |
| |
| |
| | |
non-integer numbers. Django tests depend on this.
|
| |\ \
| |/
| |
| |
| | |
plural form selections in the gettext module. The expression parser now
supports exact syntax supported by GNU gettext.
|
| | |
| |
| |
| |
| | |
plural form selections in the gettext module. The expression parser now
supports exact syntax supported by GNU gettext.
|
| | |
| |
| |
| | |
(Backported to 3.4 as this bug might be exploited to for DoS)
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
|
| | |
| |
| |
| |
| |
| |
| | |
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
|
| |\ \
| |/ |
|
| | |\ |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This backports the fix from #16611, per discussion with the release
manager.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
These added a path attribute to pathlib.Path objects, and docs.
Instead, we're going to use PEP 519.
(Starting in the 3.4 branch and merging forward from there since that's what I did originally.)
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
On Windows a symlink can has the FILE_ATTRIBUTE_DIRECTORY flag.
|
| | | |
| | |
| | |
| | | |
(closes #26478)
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
"certificate verify failed " and "CERTIFICATE_VERIFY_FAILED " as
some SSL libraries use different text than OpenSSL.
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.
The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).
Added the new self-signed certificate to capath with the following commands:
cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0}
The new server responds with "No route to host" when connecting to port 444.
|
| | | |
| | |
| | |
| | |
| | | |
The svn.python.org server recently changed root certificate, causing the test
to fail. This backports revision 4985375db40f.
|
| | | |
| | |
| | |
| | | |
Patch by Марк Коренберг.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fix issues #24120 and #26012.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
pathlib.Path.[r]glob().
|
| | | | |
|
| | | | |
|
