summaryrefslogtreecommitdiffstats
path: root/Lib
Commit message (Collapse)AuthorAgeFilesLines
* Blurb release and pydoc-topics for 3.5.7 final.Larry Hastings2019-03-171-1/+1
|
* [3.5] bpo-35121: prefix dot in domain for proper subdomain validation ↵Xtreak2019-03-172-2/+41
| | | | | | | | (GH-10258) (#12281) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com>
* bpo-35647: Fix path check in cookiejar (#11436) (#12277)Xtreak2019-03-162-5/+35
| | | | | | | | | | | | | * Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)
* bpo-36216: Add check for characters in netloc that normalize to separators ↵Steve Dower2019-03-112-0/+40
| | | | (GH-12201) (#12223)
* PyDoc and blurb updates for 3.5.7rc1.Larry Hastings2019-03-041-13087/+78
|
* bpo-34791: xml package obeys ignore env flags (GH-9544) (#11871)Victor Stinner2019-02-262-2/+4
| | | | | | | | The xml.sax and xml.dom.domreg modules now obey sys.flags.ignore_environment. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 223e501fb9c2b6ae21b96054e20c4c31d94a5d96)
* bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)Victor Stinner2019-02-262-0/+44
| | | | | | | | | | | | Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
* bpo-35411: Skip test_urllib2net FTP tests on Travis CI (GH-10907) (#11874)Victor Stinner2019-02-251-0/+12
| | | | | | On Travis CI, FTP tests of test_urllib2net randomly fail with "425 Security: Bad IP connecting". (cherry picked from commit c11b3b19a5b022c6c229043d37f9a9fd06f22500)
* PyDoc topics refresh & blurb release for 3.5.6rc1.Larry Hastings2018-07-201-1/+1
|
* [3.5] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5991)Steve Dower2018-05-141-0/+40
| | | | | | * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Remove invalid test
* [3.5] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6034)Ned Deily2018-03-114-4/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>. (cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac)
* blurb release and pydoc topics for 3.5.5rc1.Larry Hastings2018-01-231-78/+13087
|
* [3.5] bpo-32072: Fix issues with binary plists. (GH-4455) (#4656)Serhiy Storchaka2018-01-232-37/+108
| | | | | | | | | | | | | | * [3.5] bpo-32072: Fix issues with binary plists. (GH-4455) * Fixed saving bytearrays. * Identical objects will be saved only once. * Equal references will be load as identical objects. * Added support for saving and loading recursive data structures. (cherry picked from commit a897aee) * Fix implementation dependent assertion in test_plistlib. (#4813) It is failed with an advanced optimizer.
* [3.5] bpo-32551: Consistently configure sys.path[0] (#5197)Nick Coghlan2018-01-231-0/+67
| | | | | | | | | | | | | | | | | | | | | | | | Directory and zipfile execution previously added the parent directory of the directory or zipfile as sys.path[0] and then subsequently overwrote it with the directory or zipfile itself. This caused problems in isolated mode, as it overwrote the "stdlib as a zip archive" entry in sys.path, as the parent directory was never added. The attempted fix to that issue in bpo-29319 created the opposite problem in *non*-isolated mode, by potentially leaving the parent directory on sys.path instead of overwriting it. This change fixes the root cause of the problem by removing the whole "add-and-overwrite" dance for sys.path[0], and instead simply never adds the parent directory to sys.path in the first place. (cherry picked from commit d2977a3ae2cc6802921b1e3b6e9d13fcfbda872d)
* [3.5] bpo-32620: Remove failing pyenv call from CI config (#5274)Nick Coghlan2018-01-231-0/+1
| | | | | | | | | | * [3.5] Remove failing pyenv call from CI config * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library).
* Blurb release and pydoc topics for 3.5.4 final.Larry Hastings2017-08-071-13087/+78
|
* [3.5] [security] bpo-30119: fix ftplib.FTP.putline() to throw an error for a ↵Dong-hee Na2017-07-262-1/+7
| | | | illegal command (#1214) (#2887)
* Merge main 3.5 branch into 3.5.4rc1.Larry Hastings2017-07-251-0/+1
|\
| * bpo-30908: Fix dangling thread in test_os.TestSendfile (#2680) (#2845)Victor Stinner2017-07-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | tearDown() now clears explicitly the self.server variable to make sure that the thread is completely cleared when tearDownClass() checks if all threads have been cleaned up. Fix the following warning: $ ./python -m test --fail-env-changed -m test.test_os.TestSendfile.test_keywords -R 3:1 test_os (...) Warning -- threading_cleanup() failed to cleanup 0 threads after 3 sec (count: 0, dangling: 2) (...) Tests result: ENV CHANGED (cherry picked from commit d1cc037d1442cc35d1b194ec8e50901514360949)
* | Updated pydoc-topics for 3.5.4rc1.Larry Hastings2017-07-241-78/+13087
|/
* [3.5] Backport bpo-30876 (GH-2639), bpo-18018 and bpo-26367. (#2677)Serhiy Storchaka2017-07-236-9/+31
| | | | | | | | | | | | | | | | * bpo-30876: Relative import from unloaded package now reimports the package instead of failing with SystemError. Relative import from non-package now fails with ImportError rather than SystemError. (cherry picked from commit 8a9cd20edca7d01b68292036029ae3735ce65edd) * bpo-18018: Import raises ImportError instead of SystemError if a relative import is attempted without a known parent package. * bpo-26367: importlib.__init__() raises ImportError like builtins.__import__() when ``level`` is specified but without an accompanying package specified.
* [3.5] bpo-29403: Fix mock's broken autospec behavior on method-bound builtin ↵Berker Peksag2017-07-212-1/+16
| | | | | | | | | | | | | | | | | | | | | functions (GH-3) Cython will, in the right circumstances, offer a MethodType instance where im_func is a builtin function. Any instance of MethodType is automatically assumed to be a Python-defined function (more specifically, a function that has an inspectable signature), but _set_signature was still conservative in its assumptions. As a result _set_signature would return early with None instead of a mock since the im_func had no inspectable signature. This causes problems deeper inside mock, as _set_signature is assumed to _always_ return a mock, and nothing checked its return value. In similar corner cases, autospec will simply not check the spec of the function, so _set_signature is amended to now return early with the original, not-wrapped mock object. Patch by Aaron Gallagher. (cherry picked from commit 856cbcc12f2e4cca93af5dc7ed6bcea4dd942f10)
* bpo-30822: regrtest: remove tzdata (#2782)Victor Stinner2017-07-203-11/+3
| | | | | * Oops, tzdata was introduced in Python 3.6: remove it from regrtest * Remove also Lib/test/libregrtest/__init__.py file: add by mistake on a backport.
* bpo-30822: Exclude tzdata from regrtest --all (#2775) (#2781)Victor Stinner2017-07-203-4/+29
| | | | | | | | | | | | | | When running the test suite using --use=all / -u all, exclude tzdata since it makes test_datetime too slow (15-20 min on some buildbots) which then times out on some buildbots. -u tzdata must now be enabled explicitly, -u tzdata or -u all,tzdata, to run all test_datetime tests. Fix also regrtest command line parser to allow passing -u extralargefile to run test_zipfile64. Travis CI: remove -tzdata. Replace -u all,-tzdata,-cpu with -u all,-cpu since tzdata is now excluded from -u all. (cherry picked from commit 5b392bbaeb9d9b1db961ecfc7315d8c8662c27f6)
* [3.5] bpo-30883: Use pythontest.net instead of debian.org in test_urllib2net ↵Ammar Askar2017-07-201-3/+3
| | | | (GH-2755)
* [3.5] bpo-30936: Fix a reference leak in json when fail to sort keys. ↵Serhiy Storchaka2017-07-161-0/+4
| | | | | (GH-2712). (#2728) (cherry picked from commit 49f6449ef4b81537c19b82329caaf60596c516c2)
* [3.5] bpo-30911: Add tests for bad boolean arguments for accelerated json ↵Serhiy Storchaka2017-07-131-0/+22
| | | | | | (GH-2690) (#2693) encoder and decoder. (cherry picked from commit d3aaa2f)
* [3.5] bpo-30879: os.listdir() and os.scandir() now emit bytes names when ↵Serhiy Storchaka2017-07-112-3/+33
| | | | | | | (GH-2634) (#2657) called with bytes-like argument. (cherry picked from commit 1180e5a51871fa53ca6892e83fd2e69dc2600447)
* bpo-30886: Fix multiprocessing.Queue.join_thread() (#2642) (#2644)Victor Stinner2017-07-101-8/+1
| | | | | | | | | | | multiprocessing.Queue.join_thread() now waits until the thread completes, even if the thread was started by the same process which created the queue. Fix the following warning which occurs randomly when running test_handle_called_with_mp_queue of test_logging.QueueListenerTest: Warning -- threading_cleanup() failed to cleanup -1 threads after 4 sec (count: 0, dangling: 1) (cherry picked from commit 3b69d911c57ef591ac0c0f47a66dbcad8337f33a)
* [3.5] bpo-29854: Fix segfault in call_readline() (GH-728)Nir Soffer2017-07-091-3/+47
| | | | | | | | | | | | If history-length is set in .inputrc, and the history file is double the history size (or more), history_get(N) returns NULL, and python segfaults. Fix that by checking for NULL return value. It seems that the root cause is incorrect handling of bigger history in readline, but Python should not segfault even if readline returns unexpected value. This issue affects only GNU readline. When using libedit emulation system history size option does not work.
* bpo-30532: Fix whitespace folding in certain cases (#2592)Joel Hillacre2017-07-062-3/+13
| | | Leading whitespace was incorrectly dropped during folding of certain lines in the _header_value_parser's folding algorithm. This makes the whitespace handling code consistent.
* Fix trivial typo in json module docstring (GH-2274) (GH-2431)Mariatta2017-07-061-1/+1
| | | (cherry picked from commit 76c567ee27342d76f631a35c8291b715b2a61f3e)
* [3.5] bpo-30855: Trying to fix test_use on Windows. (#2585)Victor Stinner2017-07-052-5/+5
| | | | | | | | | | | | | * bpo-30855: Trying to fix test_use on Windows. Avoid possible weird behavior of WideInt convertion. "winfo id" always returns string hexadecimal representation. (cherry picked from commit b9d672491d5082c541bf267eb7bb99fdc6529324) * bpo-30855: Trying to fix test_use on Windows. (cherry picked from commit 29a2f7c6b38e5a6ed891aa72af38974a1ff2d372)
* [3.5] bpo-30441: Fix bug when modifying os.environ while iterating over it ↵Serhiy Storchaka2017-07-042-1/+27
| | | | | (GH-2409). (#2557) (cherry picked from commit 8a8d28501fc8ce25926d168f1c657656c809fd4c)
* [3.5] bpo-29512, bpo-30764, bpo-30776: Backport regrtest enhancements from ↵Victor Stinner2017-07-032-10/+173
| | | | | | | | | | | | | | | | | | | | | | | | | | | 3.6 to 3.5 (#2540) * [3.6] bpo-29512, bpo-30776: Backport regrtest enhancements from master to 3.6 (#2513) * bpo-29512: Add test.bisect, bisect failing tests (#2452) Add a new "python3 -m test.bisect" tool to bisect failing tests. It can be used to find which test method(s) leak references, leak files, etc. (cherry picked from commit 84d9d14a1fa395fbd21262ba195490be25a7b3bc) * bpo-30776: regrtest: reduce memleak false positive (#2484) Only report a leak if each run leaks at least one memory block. (cherry picked from commit beeca6e1e5fd01531b1db7059498b13d07dca525) (cherry picked from commit a3ca94d0504157a112a1f89bfe8be1307116fc73) * bpo-30764: Fix regrtest --fail-env-changed --forever (#2536) (#2539) --forever now stops if a fail changes the environment. (cherry picked from commit 5e87592fd12e0b7c41edc11d4885ed7298d5063b) (cherry picked from commit 4132adb4b8f90893d8f19ff46edff56f189faca0)
* bpo-30280: Cleanup threads in ayncio tests (#2501) (#2512)Victor Stinner2017-06-302-5/+9
| | | | | | | | | | | | | | | | | * bpo-30280: asyncio now cleans up threads asyncio base TestCase now uses threading_setup() and threading_cleanup() of test.support to cleanup threads. * asyncio: Fix TestBaseSelectorEventLoop cleanup bpo-30280: TestBaseSelectorEventLoop of test.test_asyncio.test_selector_events now correctly closes the event loop: cleanup its executor to not leak threads. Don't override the close() method of the event loop, only override the_close_self_pipe() method. (cherry picked from commit b9030674624c181d6e9047cdb14ad65bb6c84c66)
* bpo-30813: Fix unittest when hunting refleaks (#2502) (#2506)Victor Stinner2017-06-301-0/+6
| | | | | | | bpo-11798, bpo-16662, bpo-16935, bpo-30813: Skip test_discover_with_module_that_raises_SkipTest_on_import() and test_discover_with_init_module_that_raises_SkipTest_on_import() of test_unittest when hunting reference leaks using regrtest. (cherry picked from commit e4f9a2d2be42d5a2cdd624f8ed7cdf5028c5fbc3)
* [3.5] bpo-30807: signal.setitimer() may disable the timer by mistake ↵Antoine Pitrou2017-06-301-0/+9
| | | | | | | | (GH-2493) (#2498) * bpo-30807: signal.setitimer() may disable the timer by mistake * Add NEWS blurb (cherry picked from commit 729780a810bbcb12b245a1b652302a601fc9f6fd)
* [3.5] Clear potential ref cycle between Process and Process target (GH-2470) ↵Antoine Pitrou2017-06-282-0/+21
| | | | | | | | | | | (#2472) * Clear potential ref cycle between Process and Process target Besides Process.join() not being called, this was an indirect cause of bpo-30775. The threading module already does this. * Add issue reference. (cherry picked from commit 79d37ae979a65ada0b2ac820279ccc3b1cd41ba6)
* [3.5] bpo-30775: Fix refleaks in test_multiprocessing (GH-2467) (#2469)Antoine Pitrou2017-06-281-2/+17
| | | | Forgetting to call Process.join() can keep some resources alive. (cherry picked from commit a79f8faccf5e26f55e8b9496ad49d2071b5e299c)
* [3.5] bpo-13617: Reject embedded null characters in wchar* strings. ↵Serhiy Storchaka2017-06-288-1/+37
| | | | | | | | | | (GH-2302) (#2463) Based on patch by Victor Stinner. Add private C API function _PyUnicode_AsUnicode() which is similar to PyUnicode_AsUnicode(), but checks for null characters.. (cherry picked from commit f7eae0adfcd4c50034281b2c69f461b43b68db84)
* [3.5] bpo-30708: Add private C API function _PyUnicode_AsWideCharString(). ↵Serhiy Storchaka2017-06-271-2/+2
| | | | | | | | | | (GH-2285) (GH-2443) (#2448) And use it instead of PyUnicode_AsWideCharString() if appropriate. _PyUnicode_AsWideCharString(unicode) is like PyUnicode_AsWideCharString(unicode, NULL), but raises a ValueError if the wchar_t* string contains null characters. (cherry picked from commit e613e6add5f07ff6aad5802924596b631b707d2a). (cherry picked from commit 0edffa3073b551ffeca34952529e7b292f1bd350)
* [3.5] bpo-30523, bpo-30764, bpo-30776: Sync regrtest from master (#2442)Victor Stinner2017-06-273-31/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bpo-30523: regrtest --list-cases --match (#2401) * regrtest --list-cases now supports --match and --match-file options. Example: ./python -m test --list-cases -m FileTests test_os * --list-cases now also sets support.verbose to False to prevent messages to stdout when loading test modules. * Add support._match_test() private function. (cherry picked from commit ace56d583664f855d89d1219ece7c21c2fddcf30) * bpo-30764: regrtest: add --fail-env-changed option (#2402) * bpo-30764: regrtest: change exit code on failure * Exit code 2 if failed tests ("bad") * Exit code 3 if interrupted * bpo-30764: regrtest: add --fail-env-changed option If the option is set, mark a test as failed if it alters the environment, for example if it creates a file without removing it. (cherry picked from commit 63f54c68936d648c70ca411661e4208329edcf26) * bpo-30776: reduce regrtest -R false positives (#2422) * Change the regrtest --huntrleaks checker to decide if a test file leaks or not. Require that each run leaks at least 1 reference. * Warmup runs are now completely ignored: ignored in the checker test and not used anymore to compute the sum. * Add an unit test for a reference leak. Example of reference differences previously considered a failure (leak) and now considered as success (success, no leak): [3, 0, 0] [0, 1, 0] [8, -8, 1] (cherry picked from commit 48b5c422ffb03affb00c184b9a99e5537be92732)
* bpo-30764: test_subprocess uses SuppressCrashReport (#2405) (#2411)Victor Stinner2017-06-261-26/+25
| | | | | | bpo-30764, bpo-29335: test_child_terminated_in_stopped_state() of test_subprocess now uses support.SuppressCrashReport() to prevent the creation of a core dump on FreeBSD. (cherry picked from commit cdee3f14f7f4c995e7eedb0bf6a67e260c739f7d)
* [3.5] bpo-30746: Prohibited the '=' character in environment variable names ↵Serhiy Storchaka2017-06-252-0/+92
| | | | | | | (GH-2382) (#2392) in `os.putenv()` and `os.spawn*()`.. (cherry picked from commit 77703942c5997dff00c48f10df1b29b11645624c)
* [3.5] Fix a typo in a comment in coroutines.py (GH-2267) (GH-2371)Mariatta2017-06-241-1/+1
| | | | defiend -> defined (cherry picked from commit cab469245d7635447c5e04fa6ed860b067dfc26b)
* [3.5] bpo-30645: don't append to an inner loop path in imp.load_package() ↵Brett Cannon2017-06-231-2/+3
| | | | | | | | (GH-2268) (GH-2365) Bug didn't manifest itself when importing a module with source as .py files are always the first on the search path. The issue only showed up in bytecode-only packages where the calculated file path would be ``__init__.py/__init__.pyc``. Patch by Alexandru Ardelean. (cherry picked from commit c38e32a10061a7c6d54e7e53ffabf7af7998f045)
* [3.5] bpo-30730: Prevent environment variables injection in subprocess on ↵Serhiy Storchaka2017-06-232-2/+46
| | | | | | Windows. (GH-2325) (#2361) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700)
* [3.5] bpo-30727: Fix a race condition in test_threading. (GH-2334) (#2352)Serhiy Storchaka2017-06-231-5/+14
| | | (cherry picked from commit 32cb968)
* [3.5] bpo-29755: Fixed the lgettext() family of functions in the gettext ↵Serhiy Storchaka2017-06-202-26/+146
| | | | | | | | module. (GH-2266) (#2298) They now always return bytes. Updated the gettext documentation. (cherry picked from commit 26cb465)