summaryrefslogtreecommitdiffstats
path: root/Misc
Commit message (Collapse)AuthorAgeFilesLines
* [3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353)Victor Stinner2017-09-242-0/+5
| | | | | | | | | | | | | * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat
* bpo-29169: Update zlib to 1.2.11 (#3107)Victor Stinner2017-08-161-0/+1
| | | | | Python 3.4 backport: convert the Misc/NEWS entry using blurb. (cherry picked from commit 34e7e2ecb1741850190e78f42875480693d3537b)
* Blurb release and pydoc topics for 3.4.7 final.Larry Hastings2017-08-092-2/+8
|
* [3.4] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal ↵Dong-hee Na2017-07-271-0/+2
| | | | command (#1214) (#2893)
* blurb release for 3.4.7rc1.Larry Hastings2017-07-2410-30/+99
|
* Switch to using blurb to manage Misc/NEWS!Larry Hastings2017-07-2437-10637/+32245
|
* [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. ↵Serhiy Storchaka2017-07-221-0/+1
| | | | | | | | | (#2695) * [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. (cherry picked from commit 8f657c35b978b681e6e919f08358992e1aed7dc1) * Rewrite a NEWS entry as a NEWS.d entry.
* bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782)Victor Stinner2017-07-121-0/+3
| | | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a)
* bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2291)Victor Stinner2017-07-122-0/+5
| | | | | | | | | The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``. (cherry picked from commit 90e01e50ef8a9e6c91f30d965563c378a4ad26de)
* [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) ↵Victor Stinner2017-07-122-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#2203) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619)
* [3.4] [3.5] bpo-27945: Fixed various segfaults with dict. (GH-1657) ↵Serhiy Storchaka2017-07-112-1/+6
| | | | | | | (GH-1678) (#2248) Based on patches by Duane Griffin and Tim Mitchell. (cherry picked from commit 753bca3934a7618a4fa96e107ad1c5c18633a683). (cherry picked from commit 2f7f533cf6fb57fcedcbc7bd454ac59fbaf2c655)
* [security][3.4] bpo-30730: Prevent environment variables injection in ↵Serhiy Storchaka2017-07-111-0/+4
| | | | | | | | | | | subprocess on Windows. (GH-2325) (#2362) * [3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700) * Update NEWS
* Add "Misc/NEWS.d" directory tree for "blurb". GH-2331larryhastings2017-06-2211-0/+11
| | | | | | | | | | CPython workflow is changing! We're going to start using "blurb" to manage Misc/NEWS entries: https://github.com/python/core-workflow (This will be a big win for release managers, honest.) This checkin simply populates the "Misc/NEWS.d" subdirectory tree so that people can start putting their news entries in there. No other changes (yet).
* Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Victor Stinner2017-03-101-0/+2
| | | | | | | ChaCha20 Poly1305. (#224) Backport: replace 3.5.3 with 3.4.7 in the doc versionchanged. (cherry picked from commit 03d13c0cbfe912eb0f9b9a02987b9e569f25fe19)
* bpo-25008: Deprecate smtpd and point to aiosmtpd (#274) (#280)Barry Warsaw2017-02-241-0/+6
|
* Post-release updates for 3.4.6.Larry Hastings2017-01-171-1/+13
|
* Version bump for Python 3.4.6.v3.4.6Larry Hastings2017-01-161-5/+1
|
* Post-release fixups for Python 3.4.6rc1.Larry Hastings2017-01-031-0/+12
|
* Version bump for 3.4.6rc1.v3.4.6rc1Larry Hastings2017-01-021-1/+1
|
* Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS XSerhiy Storchaka2016-11-121-0/+3
|\ | | | | | | when decode astral characters.
| * Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS XSerhiy Storchaka2016-11-121-0/+3
| | | | | | | | when decode astral characters.
* | Issue #28563: Fixed possible DoS and arbitrary code execution when handleSerhiy Storchaka2016-11-081-0/+4
|\ \ | |/ | | | | | | plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext.
| * Issue #28563: Fixed possible DoS and arbitrary code execution when handleSerhiy Storchaka2016-11-081-0/+4
| | | | | | | | | | plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext.
| * Issue #26171: Prevent buffer overflow in get_dataBerker Peksag2016-09-141-0/+3
| | | | | | | | Backport of 01ddd608b85c.
* | Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug ↵Serhiy Storchaka2016-10-251-0/+3
| | | | | | | | build.
* | Issue #28248: Update Windows build to use OpenSSL 1.0.2jZachary Ware2016-10-111-0/+5
| |
* | Issue #27759: Fix selectors incorrectly retain invalid file descriptors.Yury Selivanov2016-10-061-0/+3
| | | | | | | | (Backported to 3.4 as this bug might be exploited to for DoS)
* | Issue #12885: Revert commits in 3.4 branch which is security-only fixes.Jason R. Coombs2016-09-021-2/+0
| |
* | Issue #12885: Correct issue reference in NEWSJason R. Coombs2016-09-021-1/+1
| |
* | Issue #12285: Update NEWSJason R. Coombs2016-09-021-0/+2
| |
* | merge 3.3 (#27783)Benjamin Peterson2016-08-171-0/+2
|\ \ | |/
| * rearrange methodcaller_new so that the main error case does not cause ↵Benjamin Peterson2016-08-171-0/+2
| | | | | | | | uninitialized memory usage (closes #27783)
* | merge 3.3 (#27774)Benjamin Peterson2016-08-161-0/+2
|\ \ | |/
| * do not decref value borrowed from list (closes #27774)Benjamin Peterson2016-08-161-0/+2
| |
* | fail when negative values are passed to instr()Benjamin Peterson2016-08-161-2/+2
| |
* | merge 3.3 (closes #27760)Benjamin Peterson2016-08-141-0/+2
|\ \ | |/
| * fix possible integer overflow in binascii.b2a_qp (closes #27760)Benjamin Peterson2016-08-141-0/+2
| | | | | | | | Reported by Thomas E. Hybel
* | do not allow reading negative values with getstr()Benjamin Peterson2016-08-141-0/+3
| |
* | merge 3.3 (#27758)Benjamin Peterson2016-08-141-0/+3
|\ \ | |/
| * check for overflow in join_append_data (closes #27758)Benjamin Peterson2016-08-141-0/+3
| | | | | | | | Reported by Thomas E. Hybel
* | [merge from 3.3] Prevent HTTPoxy attack (CVE-2016-1000110)Senthil Kumaran2016-07-311-0/+4
|\ \ | |/ | | | | | | | | | | Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. Issue #27568 Reported and patch contributed by Rémi Rampin.
| * Prevent HTTPoxy attack (CVE-2016-1000110)Senthil Kumaran2016-07-311-0/+4
| | | | | | | | | | | | | | Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. Issue #27568 Reported and patch contributed by Rémi Rampin.
* | Issue #27369: Merge test_pyexpat from 3.3 into 3.4Martin Panter2016-07-141-0/+6
|\ \ | |/
| * Issue #27369: Merge test_pyexpat from 3.2 into 3.3Martin Panter2016-07-141-0/+3
| |\
| | * Issue #27369: Don’t test error message detail that changed in Expat 2.2.03.2Martin Panter2016-07-141-0/+3
| | |
| | * Issue #22758: Move NEWS entry to Library sectionMartin Panter2016-07-141-3/+3
| | |
| | * #22758: fix regression in handling of secure cookies.R David Murray2016-07-101-0/+3
| | | | | | | | | | | | | | | This backports the fix from #16611, per discussion with the release manager.
| * | Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache.Serhiy Storchaka2015-12-021-0/+5
| | |
* | | Post-release fixups for Python 3.4.5.Larry Hastings2016-06-271-0/+12
| | |
* | | Version bump for 3.4.5 final.v3.4.5Larry Hastings2016-06-251-0/+11
| | |
generated by cgit v0.12 at 2025-12-26 08:51:02 (GMT)