Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-03-07 13:30:47 +00:00
Code Issues Projects Releases Packages Wiki Activity
68976 commits 6 branches 649 tags 3.2 GiB
Commit graph

6659 commits

Author SHA1 Message Date
Martin Panter
2cdcaf1353 Issue #22758: Move NEWS entry to Library section 2016-07-14 01:17:03 +00:00
R David Murray
5f21f43af7 #22758: fix regression in handling of secure cookies. 
This backports the fix from #16611, per discussion with the release
manager.
 2016-07-10 13:32:43 -04:00
Martin Panter
3d81d93f34 Issue #25940: Use self-signed.pythontest.net in SSL tests 
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.

The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).

Added the new self-signed certificate to capath with the following commands:

cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0}

The new server responds with "No route to host" when connecting to port 444.
 2016-01-14 09:36:00 +00:00
Benjamin Peterson
5e621176c4 add CVE and issue number 2015-12-05 00:17:57 -08:00
Benjamin Peterson
9bd476ea57 allow square brackets in cookie values (closes #22931) 2015-05-23 10:36:48 -05:00
Benjamin Peterson
0823ffb2fb properly handle malloc failure (closes #24044) 
Patch by Christian Heimes.
 2015-04-23 17:04:36 -04:00
Benjamin Peterson
893cce921c remove RPM, since it's unused and unmaintained 2015-02-18 08:52:46 -05:00
Serhiy Storchaka
3f95292be6 Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis 
and fix by Guido Vranken.
 2015-01-27 22:18:34 +02:00
Benjamin Peterson
f18bf6fd2d add some overflow checks before multiplying (closes #23165) 2015-01-04 16:03:17 -06:00
Benjamin Peterson
4e9cefaf86 add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) 2014-12-05 20:15:15 -05:00
Georg Brandl
439d88542e Bump to 3.2.6 2014-10-12 08:50:38 +02:00
Georg Brandl
b3ac84322f #16040: fix unlimited read from connection in nntplib. 2014-10-12 08:50:11 +02:00
Georg Brandl
e800a0e1c2 Bump to 3.2.6rc1 2014-10-04 14:15:42 +02:00
Georg Brandl
ff3e5e3779 Fix unicode_aswidechar() for 4b unicode and 2b wchar_t (AIX). 2014-10-01 19:15:11 +02:00
Georg Brandl
51c116223e Issue #19855: uuid.getnode() on Unix now looks on the PATH for the 
executables used to find the mac address, with /sbin and /usr/sbin as
fallbacks.

Issue #11508: Fixed uuid.getnode() and uuid.uuid1() on environment with
virtual interface.  Original patch by Kent Frazier.

Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL,
if all necessary functions are already found in libuuid.
Patch by Evgeny Sologubov.

Issue #16102: Make uuid._netbios_getnode() work again on Python 3.
 2014-09-30 19:34:19 +02:00
Ned Deily
e558181660 Issue #20939: Use www.example.com instead of www.python.org to avoid test 
failures when ssl is not present.
 2014-03-26 23:31:39 -07:00
Georg Brandl
fd9262cf2a Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit 
line length.  Patch by Emil Lind.
 2014-09-30 16:00:09 +02:00
Georg Brandl
0840b41582 Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces. 2014-09-17 13:17:58 +08:00
Antoine Pitrou
dad182c16e Lax cookie parsing in http.cookies could be a security issue when combined 
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
 2014-09-17 00:23:55 +02:00
Georg Brandl
860c367c29 Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
 2014-09-30 14:56:46 +02:00
Georg Brandl
21bf3f942b Issue #22517: When a io.BufferedRWPair object is deallocated, clear its 
weakrefs.
 2014-09-30 14:54:39 +02:00
Georg Brandl
eaca8616ab Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
 2014-09-30 14:45:39 +02:00
Georg Brandl
210ee47e33 Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Christian Heimes.
 2014-09-30 14:18:02 +02:00
Georg Brandl
c9cb18d3f7 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
 2014-09-30 14:12:24 +02:00
Georg Brandl
f0746ca463 Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 
100 headers are read.  Adapted from patch by Jyrki Pulliainen.
 2014-09-30 14:08:04 +02:00
Georg Brandl
ec3c103520 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
 2014-09-30 14:04:51 +02:00
Ned Deily
915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, 
broken by the fix for security issue #19435.  Patch by Zach Byrne.
 2014-07-12 22:06:26 -07:00
Benjamin Peterson
73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
Benjamin Peterson
99b5afab74 in scan_once, prevent the reading of arbitrary memory when passed a negative index 
Bug reported by Guido Vranken.
 2014-04-13 22:10:38 -04:00
Benjamin Peterson
ee5f1c13d1 remove directory mode check from makedirs (closes #21082) 2014-04-01 19:13:18 -04:00
Benjamin Peterson
8aef28a5d0 add Ian Beer 2014-03-30 20:33:47 -04:00
Benjamin Peterson
fbf648ebba complain when nbytes > buflen to fix possible buffer overflow (closes #20246) 2014-01-13 22:59:38 -05:00
Antoine Pitrou
f60b7df9f8 Issue #12226: HTTPS is now used by default when connecting to PyPI. 2013-12-22 01:35:53 +01:00
Georg Brandl
ee7f3fc586 Backout 7d399099334d. 2013-11-04 07:44:29 +01:00
Jason R. Coombs
32bf5e1273 Update NEWS for 265d369ad3b9. 2013-11-02 13:00:01 -04:00
Benjamin Peterson
35aca89617 merge 3.1 (#19435) 2013-10-30 12:48:59 -04:00
Benjamin Peterson
04e9de40f3 use the collapsed path in the run_cgi method (closes #19435) 2013-10-30 12:43:09 -04:00
R David Murray
8270a2c209 Merge #14984: On POSIX, enforce permissions when reading default .netrc. 2013-09-17 20:32:54 -04:00
R David Murray
104aab956f #14984: On POSIX, enforce permissions when reading default .netrc. 
Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.
 2013-09-17 20:30:02 -04:00
Georg Brandl
bc75046bb3 Add a NEWS entry for b9b521efeba3. 2013-09-14 09:10:21 +02:00
Georg Brandl
c5884d8930 Add NEWS entry for c18c18774e24. 2013-09-14 09:09:18 +02:00
Antoine Pitrou
86d53cadda Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Georg Brandl
bfe36ec1f5 Bump to version 3.2.5. 2013-05-12 12:28:20 +02:00
Georg Brandl
c502df4e3e Issue #17915: Fix interoperability of xml.sax with file objects returned by 
codecs.open().
 2013-05-12 11:41:12 +02:00
Georg Brandl
93b061bc3e Issue #1159051: Back out a fix for handling corrupted gzip files that 
broke backwards compatibility.
 2013-05-12 11:29:27 +02:00
Serhiy Storchaka
a9217a42e6 Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, 
such as was shipped with Centos 5 and Mac OS X 10.4.
 2013-04-28 14:10:27 +03:00
Georg Brandl
ba2f8be4c6 Issue #17843: Remove bz2 test data that triggers antivirus warnings. 2013-05-12 11:11:51 +02:00
Georg Brandl
ce654f48aa Issue #15535: Fix pickling of named tuples. 2013-05-12 11:09:11 +02:00
Serhiy Storchaka
a6df938fef Close #17666: Fix reading gzip files with an extra field. 2013-04-08 22:35:02 +03:00
Gregory P. Smith
cf86d9441e news entry 2013-04-30 00:57:18 -07:00