summaryrefslogtreecommitdiffstats
path: root/Misc
Commit message (Collapse)AuthorAgeFilesLines
* Issue #27369: Don’t test error message detail that changed in Expat 2.2.03.2Martin Panter2016-07-141-0/+3
|
* Issue #22758: Move NEWS entry to Library sectionMartin Panter2016-07-141-3/+3
|
* #22758: fix regression in handling of secure cookies.R David Murray2016-07-101-0/+3
| | | | | This backports the fix from #16611, per discussion with the release manager.
* Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-141-0/+7
| | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444.
* add CVE and issue numberBenjamin Peterson2015-12-051-2/+3
|
* allow square brackets in cookie values (closes #22931)Benjamin Peterson2015-05-231-0/+5
|
* properly handle malloc failure (closes #24044)Benjamin Peterson2015-04-231-0/+3
| | | | Patch by Christian Heimes.
* remove RPM, since it's unused and unmaintainedBenjamin Peterson2015-02-183-424/+0
|
* Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. AnalysisSerhiy Storchaka2015-01-271-0/+12
| | | | and fix by Guido Vranken.
* add some overflow checks before multiplying (closes #23165)Benjamin Peterson2015-01-041-0/+3
|
* add a default limit for the amount of data xmlrpclib.gzip_decode will return ↵Benjamin Peterson2014-12-061-0/+3
| | | | (closes #16043)
* Bump to 3.2.6v3.2.6Georg Brandl2014-10-121-1/+1
|
* #16040: fix unlimited read from connection in nntplib.Georg Brandl2014-10-121-0/+4
|
* Bump to 3.2.6rc1Georg Brandl2014-10-042-2/+2
|
* Fix unicode_aswidechar() for 4b unicode and 2b wchar_t (AIX).Georg Brandl2014-10-011-0/+6
|
* Issue #19855: uuid.getnode() on Unix now looks on the PATH for theGeorg Brandl2014-09-302-0/+15
| | | | | | | | | | | | | | executables used to find the mac address, with /sbin and /usr/sbin as fallbacks. Issue #11508: Fixed uuid.getnode() and uuid.uuid1() on environment with virtual interface. Original patch by Kent Frazier. Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL, if all necessary functions are already found in libuuid. Patch by Evgeny Sologubov. Issue #16102: Make uuid._netbios_getnode() work again on Python 3.
* Issue #20939: Use www.example.com instead of www.python.org to avoid testNed Deily2014-03-271-0/+7
| | | | failures when ssl is not present.
* Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limitGeorg Brandl2014-09-301-0/+3
| | | | line length. Patch by Emil Lind.
* Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all ↵Georg Brandl2014-09-171-0/+3
| | | | interfaces.
* Lax cookie parsing in http.cookies could be a security issue when combinedAntoine Pitrou2014-09-162-0/+5
| | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
* Issue #22419: Limit the length of incoming HTTP request in wsgiref server toGeorg Brandl2014-09-302-0/+5
| | | | | 65536 bytes and send a 414 error code for higher lengths. Patch contributed by Devin Cook.
* Issue #22517: When a io.BufferedRWPair object is deallocated, clear itsGeorg Brandl2014-09-301-0/+3
| | | | weakrefs.
* Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 toGeorg Brandl2014-09-301-0/+4
| | | | | prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen.
* Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read byGeorg Brandl2014-09-301-0/+3
| | | | limiting the call to readline(). Original patch by Christian Heimes.
* Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read byGeorg Brandl2014-09-301-0/+4
| | | | | limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola.
* Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more thanGeorg Brandl2014-09-301-1/+4
| | | | 100 headers are read. Adapted from patch by Jyrki Pulliainen.
* Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesGeorg Brandl2014-09-301-0/+6
| | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).
* Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,Ned Deily2014-07-132-0/+4
| | | | broken by the fix for security issue #19435. Patch by Zach Byrne.
* url unquote the path before checking if it refers to a CGI script (closes ↵Benjamin Peterson2014-06-151-0/+3
| | | | #21766)
* in scan_once, prevent the reading of arbitrary memory when passed a negative ↵Benjamin Peterson2014-04-142-0/+4
| | | | | | index Bug reported by Guido Vranken.
* remove directory mode check from makedirs (closes #21082)Benjamin Peterson2014-04-011-0/+3
|
* add Ian BeerBenjamin Peterson2014-03-311-0/+1
|
* complain when nbytes > buflen to fix possible buffer overflow (closes #20246)Benjamin Peterson2014-01-142-0/+3
|
* Issue #12226: HTTPS is now used by default when connecting to PyPI.Antoine Pitrou2013-12-221-0/+2
|
* Backout 7d399099334d.Georg Brandl2013-11-041-3/+0
|
* Update NEWS for 265d369ad3b9.Jason R. Coombs2013-11-021-0/+3
|
* merge 3.1 (#19435)Benjamin Peterson2013-10-301-0/+2
|\
| * use the collapsed path in the run_cgi method (closes #19435)Benjamin Peterson2013-10-301-0/+2
| |
* | Merge #14984: On POSIX, enforce permissions when reading default .netrc.R David Murray2013-09-181-0/+6
|\ \ | |/
| * #14984: On POSIX, enforce permissions when reading default .netrc.R David Murray2013-09-181-0/+6
| | | | | | | | | | | | | | | | Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement.
| * Issue #16248: Disable code execution from the user's home directory by ↵Antoine Pitrou2012-12-091-0/+3
| | | | | | | | | | | | tkinter when the -E flag is passed to Python. Patch by Zachary Ware.
| * after 3.1.5Benjamin Peterson2012-04-111-0/+12
| |
| * bump to 3.1.5 finalv3.1.5Benjamin Peterson2012-04-062-2/+2
| |
| * merge headsv3.1.5rc2Benjamin Peterson2012-03-151-1/+1
| |\
| | * merge headsMatthias Klose2012-03-141-1/+1
| | |\
| | | * - rename configure.in to configure.acMatthias Klose2012-03-141-1/+1
| | | | | | | | | | | | | | | | - change references from configure.in to configure.ac
| | * | move the Misc/NEWS entry to the right section.Gregory P. Smith2012-03-141-3/+3
| | | |
| * | | bump to 3.1.5rc2Benjamin Peterson2012-03-152-1/+6
| | |/ | |/|
* | | Add a NEWS entry for b9b521efeba3.Georg Brandl2013-09-141-0/+3
| | |
* | | Add NEWS entry for c18c18774e24.Georg Brandl2013-09-141-0/+11
| | |
generated by cgit v0.12 at 2025-12-27 12:16:43 (GMT)