summaryrefslogtreecommitdiffstats
path: root/Misc
Commit message (Collapse)AuthorAgeFilesLines
* version bumpv2.6.9Barry Warsaw2013-10-292-7/+3
|
* post release bumpBarry Warsaw2013-10-011-0/+12
|
* Bump to 2.6.9rc1Barry Warsaw2013-10-012-2/+2
|
* - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 toBarry Warsaw2013-09-301-0/+4
| | | | | prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen.
* Fix typo in NEWS file.Barry Warsaw2013-09-301-1/+1
|
* - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 toBarry Warsaw2013-09-301-6/+11
| | | | | prevent readline() calls from consuming too much member. Patch by Jyrki Pulliainen.
* - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when moreBarry Warsaw2013-09-291-0/+3
| | | | than 100 headers are read. Adapted from patch by Jyrki Pulliainen.
* - Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read byBarry Warsaw2013-09-251-0/+4
| | | | | | | limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola. with test fixes by Serhiy Storchaka.
* - Issue #16039: CVE-2013-1752: Change use of readline in imaplib module toBarry Warsaw2013-09-221-0/+3
| | | | limit line length. Patch by Emil Lind.
* #14984: On POSIX, enforce permissions when reading default .netrc.R David Murray2013-09-161-0/+6
| | | | | | | | Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement.
* #16042: CVE-2013-1752: Limit amount of data read by limiting the call to ↵Andrew Kuchling2013-09-151-1/+4
| | | | | | | | | | readline(). The SSLFakeFile.readline() method needs to support limiting readline() as well. It's not a full emulation of readline()'s signature, but this class is only used by smtplib's code, so it doesn't have to be. Modified version of original patch by Christian Heimes.
* - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesBarry Warsaw2013-08-231-0/+9
| | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI).
* - Issue #16248: Disable code execution from the user's home directory byBarry Warsaw2013-02-201-0/+3
| | | | tkinter when the -E flag is passed to Python. Patch by Zachary Ware.
* Post release twiddle.Barry Warsaw2012-04-101-0/+12
|
* Bump to 2.6.8v2.6.8Barry Warsaw2012-04-102-1/+9
|
* Bump to 2.6.8rc2v2.6.8rc2Barry Warsaw2012-03-171-1/+1
|
* Update Docs and NEWS for 2.6.8rc2.Barry Warsaw2012-03-171-1/+1
|
* - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hashBarry Warsaw2012-03-151-4/+19
| | | | | | table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project.
* Bump to version 2.6.8rc1.Barry Warsaw2012-02-232-3/+3
|
* Remove reST markup from --help output. Also: O(n**2) is dict construction, ↵Georg Brandl2012-02-211-1/+1
| | | | not single insertion.
* - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEEDBarry Warsaw2012-02-212-0/+34
| | | | | | environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner.
* Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServerCharles-François Natali2012-02-181-0/+3
| | | | upon malformed POST request.
* Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-0/+3
| | | | attack countermeasure.
* Replay svn r88852.Barry Warsaw2011-06-041-0/+12
|
* Replay svn r88850.v2.6.7Barry Warsaw2011-06-042-18/+6
|
* Replay changeset 70249:b571c7a8cf2e from fubar branch. Original commitBarry Warsaw2011-05-231-1/+11
| | | | | | message: Merging post 2.6.7rc2 changes from Subversion.
* Replay changeset 70248:c714e2f92f63 from fubar branch. Original commitBarry Warsaw2011-05-232-1/+20
| | | | | | message: Cross-port changes for 2.6.7rc2 from the Subversion branch.
* Replay changeset 70238:03e488b5c009 from fubar branch. Original commitBarry Warsaw2011-05-232-8/+17
| | | | | | | | message: Reconcile with the 2.6svn branch. The 2.6.7 release will be made from Subversion, but there were differences, so this brings them in sync. These changes should *not* propagate to any newer versions.
* merge 11442 NEWSMartin v. Löwis2011-04-171-0/+3
|\
| * Issue 11442: Add NEWS entry for e9724d7abbc2Martin v. Löwis2011-04-171-0/+3
| |
* | Merge issue 11662 from 2.5.Guido van Rossum2011-03-291-13/+2
|\ \ | |/
| * Add CVE number to urllib/urllib2 news item.guido@google.com2011-03-281-1/+1
| |
| * Add FTP to the allowed url schemes. Add Misc/NEWS.guido@google.com2011-03-241-0/+3
| |
| * Merge r82494 from the python2.6 branch:Matthias Klose2010-10-171-0/+3
| | | | | | | | | | Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop module, ensure that the input string length is a multiple of the frame size
| * Merged revisions 81046 from the python2.6 branch:Matthias Klose2010-10-172-0/+7
| | | | | | | | | | Issue #8674: Fix incorrect and UB-inducing overflow checks in audioop module. Thanks Tomas Hoger for the patch.
| * Post 2.5.5.Martin v. Löwis2010-01-311-0/+6
| |
| * Prepare for 2.5.5.v2.5.5Martin v. Löwis2010-01-311-0/+6
| |
| * Prepare for 2.5.5c2.v2.5.5c2Martin v. Löwis2010-01-241-2/+4
| |
| * - expat: Fix DoS via malformed XML (CVE-2009-3720).Matthias Klose2010-01-211-1/+2
| |
| * - Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).Matthias Klose2010-01-211-0/+11
| |
| * Prepare for 2.5.5c1.v2.5.5c1Martin v. Löwis2010-01-141-3/+3
| |
| * Issue #7403: logging: Fixed possible race condition in lock creation.Vinay Sajip2009-11-271-0/+2
| |
| * #6990: clear threading.local's key only after its thread state is removed:Philip Jenvey2009-09-291-0/+6
| | | | | | | | | | | | fixes local subclasses leaving old state around after a ref cycle GC which could be recycled by new locals (backported from r75123)
| * Issue #5068: Fixed the tarfile._BZ2Proxy.read() method that would loopLars Gustäbel2009-03-221-0/+14
| | | | | | | | | | | | | | | | forever on incomplete input. That caused tarfile.open() to hang when used with mode 'r' or 'r:bz2' and a fileobj argument that contained no data or partial bzip2 compressed data. (backported from r70523)
| * News for issue 5389 fix.Guido van Rossum2009-03-051-0/+3
| |
| * Prepare for 2.5.4.v2.5.4Martin v. Löwis2008-12-231-1/+1
| |
| * Revert patch for #1706039, as it can crash the interpreter.Martin v. Löwis2008-12-231-0/+2
| |
| * Backport of r67908:Martin v. Löwis2008-12-231-0/+6
| | | | | | | | | | Added test case to ensure attempts to read from a file opened for writing fail.
| * Post 2.5.3.Martin v. Löwis2008-12-201-0/+6
| |
| * Prepare for 2.5.3.v2.5.3Martin v. Löwis2008-12-191-1/+1
| |
generated by cgit v0.12 at 2025-12-27 18:18:18 (GMT)