summaryrefslogtreecommitdiffstats
path: root/Misc
Commit message (Collapse)AuthorAgeFilesLines
* Bump to 3.3.7v3.3.7Ned Deily2017-09-191-0/+8
|
* Update NEWS.d and suspicious doc filterNed Deily2017-09-0629-6839/+20772
|
* [3.3] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3352)Victor Stinner2017-09-062-0/+5
| | | | | | | | | | | | | * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat
* [3.3] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal ↵Dong-hee Na2017-07-261-0/+3
| | | | command (#1214) (#2885)
* bpo-26657: Fix Windows directory traversal vulnerability with http.server ↵Victor Stinner2017-07-261-0/+3
| | | | | | | | | (#782) (#2860) Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a) (cherry picked from commit 6f6bc1da8aaae52664e7747e328d26eb59c0e74f)
* [3.3] bpo-22928: Disabled HTTP header injections in http.client. (#2817)Serhiy Storchaka2017-07-261-0/+2
| | | | | Original patch by Demian Brecht.. (cherry picked from commit a112a8ae47813f75aa8ad27ee8c42a7c2e937d13)
* [3.3] [3.5] bpo-27945: Fixed various segfaults with dict. (GH-1657) ↵Serhiy Storchaka2017-07-262-0/+5
| | | | | | | (GH-1678) (#2396) Based on patches by Duane Griffin and Tim Mitchell. (cherry picked from commit 753bca3934a7618a4fa96e107ad1c5c18633a683). (cherry picked from commit 2f7f533cf6fb57fcedcbc7bd454ac59fbaf2c655)
* [3.3] bpo-30500: urllib: Simplify splithost by calling into urlparse. ↵Victor Stinner2017-07-262-0/+5
| | | | | | | | | | | | | (#1849) (#2292) The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``. (cherry picked from commit 90e01e50ef8a9e6c91f30d965563c378a4ad26de) (cherry picked from commit cc54c1c0d2d05fe7404ba64c53df4b1352ed2262)
* [security][3.3] bpo-30730: Prevent environment variables injection in ↵Serhiy Storchaka2017-07-191-0/+3
| | | | subprocess on Windows. (GH-2325) (#2363)
* [3.3] bpo-30585: [security] raise an error when STARTTLS fails (#225)Victor Stinner2017-07-191-0/+3
| | | (cherry picked from commit 46b32f307c48bcb999b22eebf65ffe8ed5cca544)
* [3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) ↵Victor Stinner2017-07-161-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#2204) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619)
* Add "Misc/NEWS.d" directory tree for "blurb". GH-2332larryhastings2017-06-2211-0/+11
| | | | | | | | | | CPython workflow is changing! We're going to start using "blurb" to manage Misc/NEWS entries: https://github.com/python/core-workflow (This will be a big win for release managers, honest.) This checkin simply populates the "Misc/NEWS.d" subdirectory tree so that people can start putting their news entries in there. No other changes (yet).
* Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS XSerhiy Storchaka2016-11-121-0/+3
| | | | when decode astral characters.
* Issue #28563: Fixed possible DoS and arbitrary code execution when handleSerhiy Storchaka2016-11-081-0/+4
| | | | | plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext.
* Issue #26171: Prevent buffer overflow in get_dataBerker Peksag2016-09-141-0/+3
| | | | Backport of 01ddd608b85c.
* rearrange methodcaller_new so that the main error case does not cause ↵Benjamin Peterson2016-08-171-0/+2
| | | | uninitialized memory usage (closes #27783)
* do not decref value borrowed from list (closes #27774)Benjamin Peterson2016-08-161-0/+2
|
* fix possible integer overflow in binascii.b2a_qp (closes #27760)Benjamin Peterson2016-08-141-0/+2
| | | | Reported by Thomas E. Hybel
* check for overflow in join_append_data (closes #27758)Benjamin Peterson2016-08-141-0/+3
| | | | Reported by Thomas E. Hybel
* Prevent HTTPoxy attack (CVE-2016-1000110)Senthil Kumaran2016-07-311-0/+4
| | | | | | | Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. Issue #27568 Reported and patch contributed by Rémi Rampin.
* Issue #27369: Merge test_pyexpat from 3.2 into 3.3Martin Panter2016-07-141-0/+3
|\
| * Issue #27369: Don’t test error message detail that changed in Expat 2.2.03.2Martin Panter2016-07-141-0/+3
| |
| * Issue #22758: Move NEWS entry to Library sectionMartin Panter2016-07-141-3/+3
| |
| * #22758: fix regression in handling of secure cookies.R David Murray2016-07-101-0/+3
| | | | | | | | | | This backports the fix from #16611, per discussion with the release manager.
* | Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache.Serhiy Storchaka2015-12-021-0/+5
| |
* | Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3Martin Panter2016-01-141-0/+7
|\ \ | |/
| * Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444.
* | fix reorderingBenjamin Peterson2015-12-051-4/+4
| |
* | merge 3.2Benjamin Peterson2015-12-051-3/+4
|\ \ | |/
| * add CVE and issue numberBenjamin Peterson2015-12-051-2/+3
| |
* | protect against mutation of the dict during insertion (closes #24407)Benjamin Peterson2015-07-051-0/+2
| |
* | add issue numberBenjamin Peterson2015-06-271-1/+1
| |
* | use safe allocation and reallocation macrosBenjamin Peterson2015-06-271-0/+2
| |
* | merge 3.2 (#22931)Benjamin Peterson2015-05-231-0/+2
|\ \ | |/
| * allow square brackets in cookie values (closes #22931)Benjamin Peterson2015-05-231-0/+5
| |
* | be more robust against the filters list changing under us (closes #24096)Benjamin Peterson2015-05-031-0/+3
| |
* | just sort the items tuple directly (closes #24094)Benjamin Peterson2015-05-031-0/+3
| |
* | merge 3.2 (#24044)Benjamin Peterson2015-04-231-0/+3
|\ \ | |/
| * properly handle malloc failure (closes #24044)Benjamin Peterson2015-04-231-0/+3
| | | | | | | | Patch by Christian Heimes.
* | Issue #23998: PyImport_ReInitLock() now checks for lock allocation errorChristian Heimes2015-04-191-0/+5
| |
* | fix possible overflow bugs in unicodedata (closes #23367)Benjamin Peterson2015-03-021-0/+2
| |
* | merge 3.2Benjamin Peterson2015-02-183-424/+0
|\ \ | |/
| * remove RPM, since it's unused and unmaintainedBenjamin Peterson2015-02-183-424/+0
| |
| * Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. AnalysisSerhiy Storchaka2015-01-271-0/+12
| | | | | | | | and fix by Guido Vranken.
* | add overflow checking (closes #23361)Benjamin Peterson2015-02-101-0/+2
| |
* | check for overflows in permutations() and product() (closes #23363, closes ↵Benjamin Peterson2015-02-021-0/+4
| | | | | | | | #23364)
* | check for overflow in combinations_with_replacement (closes #23365)Benjamin Peterson2015-02-021-0/+3
| |
* | detect overflow in combinations (closes #23366)Benjamin Peterson2015-02-021-0/+2
| |
* | fix possible overflow in encode_basestring_ascii (closes #23369)Benjamin Peterson2015-02-011-0/+6
| |
* | Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. AnalysisSerhiy Storchaka2015-01-271-0/+12
| | | | | | | | and fix by Guido Vranken.
generated by cgit v0.12 at 2025-12-26 08:51:02 (GMT)