summaryrefslogtreecommitdiffstats
path: root/Lib
Commit message (Collapse)AuthorAgeFilesLines
* 3.7.10v3.7.10Ned Deily2021-02-161-1/+1
|
* [3.7] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24531)Senthil Kumaran2021-02-154-41/+98
| | | | | | | | | | | | | | bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com> (cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
* [3.7] closes bpo-42938: Replace snprintf with Python unicode formatting in ↵Benjamin Peterson2021-01-181-0/+43
| | | | | | | ctypes param reprs. (GH-24249) (cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) Co-authored-by: Benjamin Peterson <benjamin@python.org>
* bpo-42794: Update test_nntplib to use offical group name for testing ↵Miss Islington (bot)2021-01-011-3/+7
| | | | | | | (GH-24037) (GH-24041) (cherry picked from commit ec3165320e81ac87edcb85c86c452528ddbaec1c) Co-authored-by: Dong-hee Na <donghee.na@python.org>
* [3.7] bpo-42103: Improve validation of Plist files. (GH-22882) (#23117)Serhiy Storchaka2020-11-102-67/+362
| | | | | | | | | | | * Prevent some possible DoS attacks via providing invalid Plist files with extremely large number of objects or collection sizes. * Raise InvalidFileException for too large bytes and string size instead of returning garbage. * Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN). * Raise InvalidFileException instead of TypeError for non-hashable dict keys. * Add more tests for invalid Plist files.. (cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-41944: No longer call eval() on content received via HTTP in the CJK ↵Miss Skeleton (bot)2020-10-201-14/+8
| | | | | | | codec tests (GH-22566) (GH-22578) (cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-42051: Reject XML entity declarations in plist files (#22760) (GH-22801)Ned Deily2020-10-202-0/+25
| | | Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
* [3.7] bpo-41976: Fix the fallback to gcc of ctypes.util.find_library when ↵Pablo Galindo2020-10-082-8/+36
| | | | | | | using gcc>9 (GH-22598). (GH-22601) (cherry picked from commit 27ac19cca2c639caaf6fedf3632fe6beb265f24f) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
* 3.7.9v3.7.9Ned Deily2020-08-151-1/+1
|
* bpo-41100: additional fixes for testing on macOS 11 Big Sur IntelNed Deily2020-08-152-1/+6
| | | | | Note: macOS 11 is not yet released, this release of Python is not fully supported on 11.0, and not all tests pass.
* bpo-33786: Fix asynchronous generators to handle GeneratorExit in athrow() ↵Miss Islington (bot)2020-08-143-1/+79
| | | | | | | | (GH-7467) (GH-21878) (cherry picked from commit 52698c7ad9eae9feb35839fde17a7d1da8036a9b) Co-authored-by: Yury Selivanov <yury@magic.io>
* bpo-39603: Prevent header injection in http methods (GH-18485) (GH-21538)Miss Islington (bot)2020-07-192-0/+37
| | | | | | reject control chars in http method in http.client.putrequest to prevent http header injection (cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
* bpo-41304: Ensure python3x._pth is loaded on Windows (GH-21495) (#21499)Steve Dower2020-07-151-2/+34
|
* bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21484)Miss Islington (bot)2020-07-153-0/+9
| | | | | | | | Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4) Co-authored-by: Rishi <rishi_devan@mail.com>
* bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) (GH-21461)Miss Islington (bot)2020-07-131-0/+18
| | | | | | Automerge-Triggered-By: @tiran (cherry picked from commit 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.7] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface ↵Tapas Kundu2020-06-302-2/+13
| | | | | | | | | | | | | | (GH-21033) (GH-21231) CVE-2020-14422 The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation (cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) Co-authored-by: Ravi Teja P <rvteja92@gmail.com> Signed-off-by: Tapas Kundu <tkundu@vmware.com>
* [3.7] bpo-41009: fix requires_OS_version() class decorator (GH-20942) (GH-20949)Christian Heimes2020-06-251-19/+19
| | | | | | | | Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran. (cherry picked from commit bb6ec14479f18c32e71e43f2785f177aa17aabbd) Co-authored-by: Christian Heimes <christian@python.org>
* 3.7.8rc1v3.7.8rc1Ned Deily2020-06-171-475/+561
|
* bpo-38488: Upgrade bundled versions of pip & setuptools (GH-20491) (GH-20900)Miss Islington (bot)2020-06-155-7/+7
| | | | | | Co-authored-by: Xavier Fernandez <xav.fernandez@gmail.com> (cherry picked from commit e63cc2f64668bd1d4581f8efa7089af7e08863b8) Co-authored-by: Ned Deily <nad@python.org>
* bpo-40448: ensurepip: Do not use cache (GH-19812)Miss Islington (bot)2020-06-152-9/+9
| | | | | | | | | | | | | | | | | ensurepip optionally installs or upgrades 'pip' and 'setuptools' using the version of those modules bundled with Python. The internal PIP installation routine by default temporarily uses its cache, if it exists. This is undesirable as Python builds and installations may be independent of the user running the build, whilst PIP cache location is dependent on the user's environment and outside of the build environment. At the same time, there's no value in using the cache while installing bundled modules. This change disables PIP caching when used in ensurepip. (cherry picked from commit 4a3a682b12f93a03888e8b59f439bc5fe30d6055) Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com>
* [3.7] bpo-34226: fix cgi.parse_multipart without content_length (GH-8530) ↵Miss Islington (bot)2020-06-152-2/+20
| | | | | | | | | | | | | | | | | (GH-20892) In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH header, this fix remove this header as required and fix FieldStorage read_lines_to_outerboundary, by not using limit when it's negative, since by default it's -1 if not content-length and keeps substracting what was read from the file object. Also added a test case for this problem. (cherry picked from commit d8cf3514dd4682419a66f6e834bb384ee34afc95) Co-authored-by: roger <rogerduran@gmail.com> Automerge-Triggered-By: @ned-deily
* bpo-40964: disable remote IMAP tests (GH-20836)Christian Heimes2020-06-121-0/+3
| | | | | | Remote host cyrus.andrew.cmu.edu is blocking incoming connections and is causing test suite to fail. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40025: Require _generate_next_value_ to be defined before members (GH-19762)Miss Islington (bot)2020-06-112-0/+15
| | | | require `_generate_next_value_` to be defined before members (cherry picked from commit d9a43e20facdf4ad10186f820601c6580e1baa80)
* bpo-29620: iterate over a copy of sys.modules (GH-4800) (GH-20817)Miss Islington (bot)2020-06-112-1/+16
| | | | | | | | unittest.TestCase.assertWarns no longer raises a RuntimeException when accessing a module's ``__warningregistry__`` causes importation of a new module, or when a new module is imported in another thread. (cherry picked from commit 46398fba4d66ad342cf2504ef947b5fb857423b2) Co-authored-by: kernc <kerncece@gmail.com>
* Add quotes to code to be a stringMiss Islington (bot)2020-06-092-9/+18
|
* [3.7] Revert bpo-39576: Prevent memory error for overly optimistic ↵Stefan Krah2020-06-081-35/+0
| | | | | precisions (GH-20748) This reverts commit c6f95543b4832c3f0170179da39bcf99b40a7aa8.
* [3.8] bpo-40807: Backport test_codeop change [GH-19670]Miss Islington (bot)2020-06-051-4/+4
| | | | | | A tiny sliver of a 3.9 PEG parser patch needed to backport the test added by GH-20486. (cherry picked from commit a5d6aba318ead9cc756ba750a70da41f5def3f8f) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* bpo-40767: Allow pure Wayland to get default XDG web browser (GH-20382)Miss Islington (bot)2020-06-031-1/+1
| | | | | | | | | | Would be nice to backport to python 3.7+. I don't think it's worth the hassle to backport this all the way down to 3.10. But I'll let the maintainers decide. This is hard to test because the test setup already includes this [environment variable](https://github.com/python/cpython/blob/master/Lib/test/pythoninfo.pyGH-L292) Let me know if something doesn't match the PR guidelines. This is my first PR in the python source code. (cherry picked from commit c822efeda9a0afe87cf3429724732fc8e19a01fb) Co-authored-by: Jeremy Attali <jeremy.attali@gmail.com>
* bpo-39885: Make IDLE context menu cut and copy work again (GH-18951)Miss Islington (bot)2020-05-293-16/+50
| | | | | | Leave selection when right click within. This exception to clearing selections when right-clicking was omitted from the previous commit, 4ca060d. I did not realize that this completely disabled the context menu entries, and I should have merged a minimal fix immediately. An automated test should follow. (cherry picked from commit 97e4e0f53d6690db6b942678489716a30925b8af) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* [3.8] bpo-25872: Fix KeyError in linecache when multithreaded (GH-18007) ↵Miss Islington (bot)2020-05-291-3/+3
| | | | | | | | (GH-20092) Backporting to 3.8 and adding a NEWS item (I should have added one to the master branch -- oh well). (cherry picked from commit b86636bff4b29ce23c886df079715dd951f13a07) Co-authored-by: Andrew Kuchling <amk@amk.ca>
* bpo-39040: Fix parsing of email mime headers with whitespace between ↵Miss Islington (bot)2020-05-292-0/+28
| | | | | | | | | | | | | | | | | | encoded-words. (gh-17620) * bpo-39040: Fix parsing of email headers with encoded-words inside a quoted string. It is fairly common to find malformed mime headers (especially content-disposition headers) where the parameter values, instead of being encoded to RFC standards, are "encoded" by doing RFC 2047 "encoded word" encoding, and then enclosing the whole thing in quotes. The processing of these malformed headers was incorrectly leaving the spaces between encoded words in the decoded text (whitespace between adjacent encoded words is supposed to be stripped on decoding). This changeset fixes the encoded word processing inside quoted strings (bare-quoted-string) to do correct RFC 2047 decoding by stripping that whitespace. (cherry picked from commit 21017ed904f734be9f195ae1274eb81426a9e776) Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
* bpo-13097: ctypes: limit callback to 1024 arguments (GH-19914)Miss Islington (bot)2020-05-271-0/+15
| | | | | | | | | | | | | ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments. The ctypes module allocates arguments on the stack in ctypes_callproc() using alloca(), which is problematic when large numbers of arguments are passed. Instead of a stack overflow, this commit raises an ArgumentError if more than 1024 parameters are passed. (cherry picked from commit 29a1384c040d39659e7d01f1fd7b6eb71ef2634e) Co-authored-by: Sean Gillespie <sean@swgillespie.me>
* bpo-39073: validate Address parts to disallow CRLF (GH-19007)Miss Islington (bot)2020-05-272-0/+24
| | | | | | Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. (cherry picked from commit 614f17211c5fc0e5b828be1d3320661d1038fe8f) Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
* [3.8] bpo-35714: Reject null characters in struct format strings (GH-16928) ↵Miss Islington (bot)2020-05-261-0/+7
| | | | | | | | | | (GH-20419) struct.error is now raised if there is a null character in a struct format string. (cherry picked from commit 3f59b55316f4c6ab451997902579aa69020b537c) (cherry picked from commit 5ff5edfef63b3dbc1abb004b3fa4b3db87e79ff9) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
* bpo-37309: Update NEWS.txt for 3.7.8 (GH-20353)Terry Jan Reedy2020-05-241-2/+13
|
* bpo-40723: Make IDLE autocomplete test run without __main__.__file__ (GH-20311)Miss Islington (bot)2020-05-242-1/+3
| | | | | | This was the only failure running unittest.main(test.test_idle) after imports. (cherry picked from commit 905b3cd05f8d2c29e1605d109900e3e9d07af4d3) Co-authored-by: Florian Dahlitz <f2dahlitz@freenet.de>
* [3.7] bpo-40663: Correctly handle annotations with subscripts in ↵Batuhan Taskaya2020-05-221-0/+4
| | | | | | | ast_unparse.c (GH-20156). (GH-20192) (cherry picked from commit 2135e10dc717c00d10d899d232bebfc59bb25032) Co-authored-by: Batuhan Taskaya <batuhanosmantaskaya@gmail.com>
* s/wakup/wakeup (GH-20250)Miss Islington (bot)2020-05-201-1/+1
| | | | | | | | (as title) Automerge-Triggered-By: @Mariatta (cherry picked from commit f2947e354c95d246b1836ac78d4c820c420e259b) Co-authored-by: Kunal Bhalla <bhalla.kunal@gmail.com>
* bpo-40055: test_distutils leaves warnings filters unchanged (GH-20095)Miss Islington (bot)2020-05-151-0/+6
| | | | | | | | distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter. (cherry picked from commit 6e57237faf0da8904e0130a11350cae3c5062b82) Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-38872: Document exec symbol for codeop.compile_command (GH-20047) (#20099)Miss Islington (bot)2020-05-151-1/+2
| | | | | | | | | | | | * Document exec symbol for codeop.compile_command * Remove extra statements Co-authored-by: nanjekyejoannah <joannah.nanjekye@ibm.com> (cherry picked from commit 7ba1f75f3f02b4b50ac6d7e17d15e467afa36aac) Co-authored-by: Joannah Nanjekye <33177550+nanjekyejoannah@users.noreply.github.com> Co-authored-by: Joannah Nanjekye <33177550+nanjekyejoannah@users.noreply.github.com>
* bpo-40561: Add docstrings for webbrowser open functions (GH-19999)Miss Islington (bot)2020-05-111-0/+16
| | | | | | | Co-authored-by: Brad Solomon <brsolomon@deloitte.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> (cherry picked from commit ef7973a981ff8f4687ef3fdb85a69fa15aa11fe5) Co-authored-by: Brad Solomon <brad.solomon.1124@gmail.com>
* bpo-40459: Fix NameError in platform.py (GH-19855)Miss Islington (bot)2020-05-051-3/+3
| | | | | (cherry picked from commit 1e7e4519a8ddc2239101a0146d788c9161143a77) Co-authored-by: Dennis Sweeney <36520290+sweeneyde@users.noreply.github.com>
* bpo-40419: timeit CLI docs now mention 1,2,5,10,... trials instead of powers ↵Miss Islington (bot)2020-05-021-1/+2
| | | | | | | of 10 (GH-19752) (cherry picked from commit 766352320fd736e2c8ed545b4cc57563f61a0b9d) Co-authored-by: Sander <svr003@gmail.com>
* bpo-40443: Remove unused imports in idlelib (GH-19801)Miss Islington (bot)2020-04-306-6/+3
| | | | | (cherry picked from commit 6900f16d2207ca4fc252fa9d778ca0b13a3c95e0) Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-40436: Fix code parsing gdb version (GH-19792)Miss Islington (bot)2020-04-292-2/+11
| | | | | | test_gdb and test.pythoninfo now check gdb command exit code. (cherry picked from commit ec9bea4a3766bd815148a27f61eb24e7dd459ac7) Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.8] bpo-40431: Fix syntax typo in turtledemo (GH-19777) (GH-19784)Miss Islington (bot)2020-04-291-1/+1
| | | | | | | | | | | | [3.8] bpo-40431: Fix syntax typo in turtledemo (GH-19777) * Addresses a syntax typo that mistakenly used a undefined string prefix due to a missing space. (cherry picked from commit 49f70db83e2c62ad06805927f53f6c3e8f4b798e) Co-authored-by: Miro Hrončok <miro@hroncok.cz> (cherry picked from commit cc011b5190b63f0be561ddec38fc4cd9e60cbf6a) Co-authored-by: Kyle Stanley <aeros167@gmail.com>
* [3.7] bpo-38546: Backport multiprocessing tests fixes from master (GH-19689)Victor Stinner2020-04-234-2/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bpo-37421: multiprocessing tests call _run_finalizers() (GH-14527) multiprocessing tests now call explicitly _run_finalizers() to remove immediately temporary directories created by multiprocessing.util.get_temp_dir(). (cherry picked from commit 039fb49c185570ab7b02f13fbdc51c859cfd831e) Co-authored-by: Victor Stinner <vstinner@redhat.com> (cherry picked from commit 632cb36084dc9d13f1cdb31a0e7e3ba80745a51a) * bpo-37421: multiprocessing tests now stop ForkServer (GH-14601) multiprocessing tests now stop the ForkServer instance if it's running: close the "alive" file descriptor to ask the server to stop and then remove its UNIX address. (cherry picked from commit 8fbeb14312b4c1320d31ad86e69749515879d1c3) Co-authored-by: Victor Stinner <vstinner@redhat.com> (cherry picked from commit 229f6e85f8b4d57a2e742e0d3fc361c5bd15f1cb) * bpo-38546: multiprocessing tests stop the resource tracker (GH-17641) (GH-17647) Multiprocessing and concurrent.futures tests now stop the resource tracker process when tests complete. Add ResourceTracker._stop() method to multiprocessing.resource_tracker. Add _cleanup_tests() helper function to multiprocessing.util: share code between multiprocessing and concurrent.futures tests. (cherry picked from commit 9707e8e22d80ca97bf7a9812816701cecde6d226) (cherry picked from commit 35acb3597208e10a101140474adec86859d57f61) * Remove NEWS about resource tracker Python 3.7 multiprocessing does not have resource tracker. Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
* bpo-39932: Fix multiprocessing test_heap() (GH-19690)Victor Stinner2020-04-231-0/+10
| | | | | | | bpo-32759, bpo-39932: Fix multiprocessing test_heap(): a new Heap object is now created for each test run. Partial backport of commit e4679cd644aa19f9d9df9beb1326625cf2b02c15 by Antoine Pitrou.
* bpo-38360: macOS: support alternate form of -isysroot flag (GH-16480)Miss Islington (bot)2020-04-223-15/+77
| | | | | | | | | | It is possible to use either '-isysroot /some/path' (with a space) or '-isysroot/some/path' (no space in between). Support both forms in places where special handling of -isysroot is done, rather than just the first form. Co-authored-by: Ned Deily <nad@python.org> (cherry picked from commit b310700976524b4b99ee319c947ca40468716fc9) Co-authored-by: Joshua Root <jmr@macports.org>
* bpo-40138: Fix Windows os.waitpid() for large exit code (GH-19654)Miss Islington (bot)2020-04-221-5/+30
| | | | | | | | Fix the Windows implementation of os.waitpid() for exit code larger than "INT_MAX >> 8". The exit status is now interpreted as an unsigned number. (cherry picked from commit b07350901cac9197aef41855d8a4d56533636b91) Co-authored-by: Victor Stinner <vstinner@python.org>
generated by cgit v0.12 at 2026-01-04 09:13:24 (GMT)