290df2c | Barry Warsaw | 01 October 2013, 00:31:56 UTC | Regenerate pydoc_topics.py | 01 October 2013, 00:31:56 UTC |
42faa55 | Barry Warsaw | 30 September 2013, 22:35:15 UTC | - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen. | 30 September 2013, 22:35:15 UTC |
e763a91 | Barry Warsaw | 30 September 2013, 20:45:40 UTC | Fix typo in NEWS file. | 30 September 2013, 20:45:40 UTC |
c545a5e | Barry Warsaw | 30 September 2013, 19:56:29 UTC | - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much member. Patch by Jyrki Pulliainen. | 30 September 2013, 19:56:29 UTC |
6c1bb7b | Barry Warsaw | 29 September 2013, 17:59:06 UTC | - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 100 headers are read. Adapted from patch by Jyrki Pulliainen. | 29 September 2013, 17:59:06 UTC |
d6fddf3 | Barry Warsaw | 25 September 2013, 13:36:58 UTC | - Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola. with test fixes by Serhiy Storchaka. | 25 September 2013, 13:36:58 UTC |
4e95d60 | Barry Warsaw | 22 September 2013, 20:07:09 UTC | - Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit line length. Patch by Emil Lind. | 22 September 2013, 20:07:09 UTC |
9e27eda | R David Murray | 18 September 2013, 12:49:25 UTC | #14984: only import pwd on POSIX. | 18 September 2013, 12:49:25 UTC |
137b572 | R David Murray | 18 September 2013, 00:08:09 UTC | Add versionchanged for #14984, remove extra blank from string. | 18 September 2013, 00:08:09 UTC |
4189b67 | R David Murray | 16 September 2013, 17:48:44 UTC | #14984: On POSIX, enforce permissions when reading default .netrc. Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement. | 16 September 2013, 17:48:44 UTC |
503baf9 | Andrew Kuchling | 15 September 2013, 17:11:47 UTC | #16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline(). The SSLFakeFile.readline() method needs to support limiting readline() as well. It's not a full emulation of readline()'s signature, but this class is only used by smtplib's code, so it doesn't have to be. Modified version of original patch by Christian Heimes. | 15 September 2013, 17:11:47 UTC |
ed9884b | Christian Heimes | 05 September 2013, 14:04:35 UTC | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case | 05 September 2013, 14:04:35 UTC |
bde2985 | Christian Heimes | 03 September 2013, 12:47:00 UTC | Python 2.6's ssl module has neither OPENSSL_VERSION_INFO nor _OPENSSL_API_VERSION | 03 September 2013, 12:47:00 UTC |
8f65ef8 | Christian Heimes | 25 August 2013, 12:12:41 UTC | Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger | 25 August 2013, 12:12:41 UTC |
82f8828 | Barry Warsaw | 23 August 2013, 17:26:49 UTC | - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI). | 23 August 2013, 17:26:49 UTC |
f880e5d | Barry Warsaw | 21 August 2013, 00:35:20 UTC | Fix UnboundLocalError regression due to previous incorrect fix for issue 16248. | 21 August 2013, 00:35:20 UTC |
f25d957 | Barry Warsaw | 20 February 2013, 23:19:55 UTC | - Issue #16248: Disable code execution from the user's home directory by tkinter when the -E flag is passed to Python. Patch by Zachary Ware. | 20 February 2013, 23:19:55 UTC |
55f23c4 | Georg Brandl | 28 October 2012, 07:04:38 UTC | #8040: port versionswitcher patch to 2.6. | 28 October 2012, 07:04:38 UTC |
cca96f0 | Barry Warsaw | 10 April 2012, 18:50:39 UTC | Post release twiddle. | 10 April 2012, 18:50:39 UTC |
27509ce | Barry Warsaw | 10 April 2012, 15:18:47 UTC | Added tag v2.6.8 for changeset c9910fd022fc | 10 April 2012, 15:18:47 UTC |
a12d0cc | Barry Warsaw | 10 April 2012, 14:59:35 UTC | Bump to 2.6.8 | 10 April 2012, 14:59:35 UTC |
75076b4 | Barry Warsaw | 10 April 2012, 14:56:26 UTC | update docs | 10 April 2012, 14:56:26 UTC |
222ac8c | Georg Brandl | 18 March 2012, 06:31:17 UTC | Remove duplicate hgtags entries for 2.6.8rc{1,2}. | 18 March 2012, 06:31:17 UTC |
9636e46 | Barry Warsaw | 17 March 2012, 22:34:05 UTC | Added tag v2.6.8rc2 for changeset bd9e1a02e3e3 | 17 March 2012, 22:34:05 UTC |
b1abc08 | Barry Warsaw | 17 March 2012, 22:19:42 UTC | Added tag v2.6.8rc2 for changeset 1d1b7b9fad48 | 17 March 2012, 22:19:42 UTC |
bd371a4 | Barry Warsaw | 17 March 2012, 22:19:15 UTC | Bump to 2.6.8rc2 | 17 March 2012, 22:19:15 UTC |
2875b5b | Barry Warsaw | 17 March 2012, 22:16:58 UTC | Update Docs and NEWS for 2.6.8rc2. | 17 March 2012, 22:16:58 UTC |
e9bc2f7 | Barry Warsaw | 15 March 2012, 00:10:41 UTC | - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. | 15 March 2012, 00:10:41 UTC |
6707826 | Barry Warsaw | 23 February 2012, 16:10:31 UTC | Added tag v2.6.8rc1 for changeset 5356b6c7fd66 | 23 February 2012, 16:10:31 UTC |
2593eac | Barry Warsaw | 23 February 2012, 15:59:50 UTC | Added tag v2.6.8rc1 for changeset caab08cd2b3e | 23 February 2012, 15:59:50 UTC |
74f4bd5 | Barry Warsaw | 23 February 2012, 15:59:38 UTC | Bump some more copyright years (as per PEP 101), since this is the first release of 2.6 for 2012. | 23 February 2012, 15:59:38 UTC |
1fbc16d | Barry Warsaw | 23 February 2012, 15:55:57 UTC | Bump to version 2.6.8rc1. | 23 February 2012, 15:55:57 UTC |
b383e80 | Barry Warsaw | 22 February 2012, 22:26:50 UTC | Back port from 2.7: http://hg.python.org/cpython/rev/48705250232c changeset: 75187:48705250232c branch: 2.7 parent: 75184:9a1d902714ae user: Antoine Pitrou <solipsis@pitrou.net> date: Wed Feb 22 22:16:25 2012 +0100 | 22 February 2012, 22:26:50 UTC |
56fd661 | Barry Warsaw | 22 February 2012, 18:50:04 UTC | Backport from 2.7: changeset: 75153:9b7c6dd19e25 branch: 2.7 parent: 75151:b1a02c17b327 user: Antoine Pitrou <solipsis@pitrou.net> date: Tue Feb 21 22:02:04 2012 +0100 files: Lib/test/test_os.py | 22 February 2012, 18:50:04 UTC |
6a9005b | Barry Warsaw | 22 February 2012, 18:34:18 UTC | Backport from 2.7 branch. changeset: 75165:780008020c40 user: Antoine Pitrou <solipsis@pitrou.net> date: Wed Feb 22 03:33:56 2012 +0100 summary: Fix (presumably) test_hash under big-endian systems (PPC). | 22 February 2012, 18:34:18 UTC |
3aec568 | Georg Brandl | 21 February 2012, 21:36:27 UTC | Remove reST markup from --help output. Also: O(n**2) is dict construction, not single insertion. | 21 February 2012, 21:36:27 UTC |
4e171d1 | Benjamin Peterson | 21 February 2012, 20:08:51 UTC | don't need this hack anymore | 21 February 2012, 20:08:51 UTC |
776af40 | Antoine Pitrou | 21 February 2012, 19:42:48 UTC | Fix crash at startup with -W options. | 21 February 2012, 19:42:48 UTC |
876e789 | Benjamin Peterson | 21 February 2012, 16:23:21 UTC | merge heads | 21 February 2012, 16:23:21 UTC |
8757cad | Barry Warsaw | 21 February 2012, 16:16:06 UTC | Backport fix from default branch for ./python -R -Wd where hash('d') would not have gotten randomized. | 21 February 2012, 16:16:06 UTC |
26da920 | Benjamin Peterson | 21 February 2012, 16:08:50 UTC | ensure no one tries to hash things before the random seed is found | 21 February 2012, 16:08:50 UTC |
b69fa1f | Barry Warsaw | 21 February 2012, 15:22:34 UTC | Let's sort the keys so that this test passes even with random hashes. | 21 February 2012, 15:22:34 UTC |
b19fb24 | Barry Warsaw | 21 February 2012, 01:44:15 UTC | Whitespace normalization | 21 February 2012, 01:44:15 UTC |
1e13eb0 | Barry Warsaw | 21 February 2012, 01:42:21 UTC | - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner. | 21 February 2012, 01:42:21 UTC |
f5a5beb | Barry Warsaw | 20 February 2012, 19:43:22 UTC | Back port Python 2.7 fix for test_invalid_redirect() in test_urllib.py. | 20 February 2012, 19:43:22 UTC |
66f3cc6 | Charles-François Natali | 18 February 2012, 13:15:38 UTC | Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request. | 18 February 2012, 13:15:38 UTC |
d358e05 | Antoine Pitrou | 27 January 2012, 08:42:45 UTC | Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. | 27 January 2012, 08:42:45 UTC |
141e770 | Martin v. Löwis | 31 October 2011, 11:39:25 UTC | merge closing of 2.5 branch | 31 October 2011, 11:39:25 UTC |
e5b9bff | Martin v. Löwis | 31 October 2011, 11:38:50 UTC | 2.5 is no longer maintained | 31 October 2011, 11:38:50 UTC |
345fff3 | Éric Araujo | 28 July 2011, 20:27:28 UTC | Remove mentions of previous license in profile module (#12417 followup) | 28 July 2011, 20:27:28 UTC |
5ac56d2 | Benjamin Peterson | 29 June 2011, 02:57:21 UTC | fix ws | 29 June 2011, 02:57:21 UTC |
1105f34 | Benjamin Peterson | 27 June 2011, 14:14:34 UTC | update profile license (closes #12417) | 27 June 2011, 14:14:34 UTC |
d0366e8 | Barry Warsaw | 04 June 2011, 00:05:48 UTC | Replay svn r88852. | 04 June 2011, 00:05:48 UTC |
16ec24a | Barry Warsaw | 04 June 2011, 00:02:47 UTC | Replay svn r88850. | 04 June 2011, 00:02:47 UTC |
9c53584 | Martin v. Löwis | 28 May 2011, 12:13:32 UTC | Nearly null-merge 2.5.6 | 28 May 2011, 12:13:32 UTC |
228516c | Martin v. Löwis | 28 May 2011, 12:06:55 UTC | merge 2.5.6c1 tag | 28 May 2011, 12:06:55 UTC |
dcdf032 | Martin v. Löwis | 28 May 2011, 12:05:31 UTC | Added tag v2.5.6c1 for changeset a87c7b96672b | 28 May 2011, 12:05:31 UTC |
4ca9d48 | Martin v. Löwis | 28 May 2011, 12:00:37 UTC | Added tag v2.5.6 for changeset de34c7b097e8 | 28 May 2011, 12:00:37 UTC |
11a859d | Martin v. Löwis | 28 May 2011, 11:58:36 UTC | r88840: Prepare for 2.5.6. | 28 May 2011, 11:58:36 UTC |
e81c485 | Martin v. Löwis | 28 May 2011, 11:57:28 UTC | r88828: Fix year. | 28 May 2011, 11:57:28 UTC |
cf60858 | Martin v. Löwis | 28 May 2011, 11:56:22 UTC | r88824: Prepare for 2.5.6c1. | 28 May 2011, 11:56:22 UTC |
32140f8 | Barry Warsaw | 23 May 2011, 19:27:52 UTC | Replay changeset 70249:b571c7a8cf2e from fubar branch. Original commit message: Merging post 2.6.7rc2 changes from Subversion. | 23 May 2011, 19:27:52 UTC |
3428926 | Barry Warsaw | 23 May 2011, 19:26:11 UTC | Replay changeset 70248:c714e2f92f63 from fubar branch. Original commit message: Cross-port changes for 2.6.7rc2 from the Subversion branch. | 23 May 2011, 19:26:11 UTC |
cf0d8ab | Barry Warsaw | 23 May 2011, 19:22:56 UTC | Replay changeset 70238:03e488b5c009 from fubar branch. Original commit message: Reconcile with the 2.6svn branch. The 2.6.7 release will be made from Subversion, but there were differences, so this brings them in sync. These changes should *not* propagate to any newer versions. | 23 May 2011, 19:22:56 UTC |
e26bc10 | Barry Warsaw | 23 May 2011, 01:16:55 UTC | These files have Windows line endings in 2.6. | 23 May 2011, 01:16:55 UTC |
22108f1 | Łukasz Langa | 28 April 2011, 15:27:59 UTC | Closes #11786: ConfigParser.[Raw]ConfigParser optionxform(). | 28 April 2011, 15:27:59 UTC |
31e1b1f | Martin v. Löwis | 17 April 2011, 20:56:19 UTC | merge 11442 NEWS | 17 April 2011, 20:56:19 UTC |
2d253dd | Martin v. Löwis | 17 April 2011, 20:29:40 UTC | Issue 11442: Add NEWS entry for e9724d7abbc2 | 17 April 2011, 20:29:40 UTC |
8c850bf | Guido van Rossum | 29 March 2011, 20:03:10 UTC | Merge cleanup. | 29 March 2011, 20:03:10 UTC |
079381d | Guido van Rossum | 29 March 2011, 19:51:16 UTC | Merge issue 11662 from 2.5. | 29 March 2011, 19:51:16 UTC |
9a9fdfa | guido@google.com | 29 March 2011, 17:48:23 UTC | Merge urllib/urllib2 security fix from 2.5 branch. | 29 March 2011, 17:48:23 UTC |
92ecb87 | guido@google.com | 29 March 2011, 16:53:33 UTC | Adding .hgignore (copied from default branch). | 29 March 2011, 16:53:33 UTC |
af1fee0 | Vinay Sajip | 29 March 2011, 00:07:50 UTC | Issue #11639: Configuration function documentation referred to logging.XXX rather than logging.config.XXX. | 29 March 2011, 00:07:50 UTC |
db3080e | guido@google.com | 28 March 2011, 20:53:40 UTC | Add CVE number to urllib/urllib2 news item. | 28 March 2011, 20:53:40 UTC |
f150930 | guido@google.com | 28 March 2011, 20:47:01 UTC | Add tests for the urllib[2] vulnerability. Change to raise exceptions. | 28 March 2011, 20:47:01 UTC |
2bc23b8 | guido@google.com | 24 March 2011, 17:44:17 UTC | Add FTP to the allowed url schemes. Add Misc/NEWS. | 24 March 2011, 17:44:17 UTC |
60a4a90 | guido@google.com | 24 March 2011, 15:07:45 UTC | Issue 22663: fix redirect vulnerability in urllib/urllib2. | 24 March 2011, 15:07:45 UTC |
f23c515 | Martin v. Löwis | 21 March 2011, 09:31:44 UTC | null merge | 21 March 2011, 09:31:44 UTC |
ce5d0e2 | Martin v. Löwis | 21 March 2011, 09:30:07 UTC | Set subversion version identification to empty strings if this is not a subversion checkout (but a mercurial one). Closes #11579. Closes #11421. Patch by Senthil Kumaran. | 21 March 2011, 09:30:07 UTC |
d7bed77 | Guido van Rossum | 19 March 2011, 23:20:39 UTC | Whoops. The copyright should be two lines (merge from 2.5). | 19 March 2011, 23:20:39 UTC |
197f7f6 | Guido van Rossum | 19 March 2011, 23:20:06 UTC | Whoops. The copyright should be two lines. | 19 March 2011, 23:20:06 UTC |
54b76d4 | Guido van Rossum | 19 March 2011, 23:17:14 UTC | Test commit. Add 2011 to copyright line (merge from 2.5). | 19 March 2011, 23:17:14 UTC |
deeb71e | Guido van Rossum | 19 March 2011, 23:14:44 UTC | Test commit. Add 2011 to copyright line. | 19 March 2011, 23:14:44 UTC |
dfd1579 | Senthil Kumaran | 17 March 2011, 06:23:24 UTC | merge from 2.5 branch. | 17 March 2011, 06:23:24 UTC |
3853586 | Senthil Kumaran | 17 March 2011, 04:34:18 UTC | Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks. Patch by Tom N. (Backported from py3k codeline). | 17 March 2011, 04:34:18 UTC |
3ae8113 | Vinay Sajip | 11 March 2011, 18:44:10 UTC | Reverted bug fixes for #11444 (fc4d045e3170) and #11424 (b9d76846bb1c), which should not have been made in this branch. | 11 March 2011, 18:44:10 UTC |
f4d0af4 | Vinay Sajip | 08 March 2011, 22:39:55 UTC | Issue #11444: Lock handlers while flushing/closing during shutdown. | 08 March 2011, 22:39:55 UTC |
8dd2a40 | Vinay Sajip | 07 March 2011, 15:02:11 UTC | Issue #11424: Fix bug in determining child loggers. | 07 March 2011, 15:02:11 UTC |
df8e75e | Georg Brandl | 05 March 2011, 19:40:50 UTC | Merge tags from 2.5. | 05 March 2011, 19:40:50 UTC |
6e0a8b8 | Georg Brandl | 05 March 2011, 19:38:24 UTC | Add tags from the closed branches. | 05 March 2011, 19:38:24 UTC |
ae2af38 | Georg Brandl | 05 March 2011, 14:13:50 UTC | Dummy-merge 2.5 branch into 2.6 branch. | 05 March 2011, 14:13:50 UTC |
b5c93e9 | Georg Brandl | 05 March 2011, 14:04:01 UTC | Add .hgeol file and fix newlines in the 2.6 branch. | 05 March 2011, 14:04:01 UTC |
6feb900 | Georg Brandl | 05 March 2011, 14:03:31 UTC | Fix tag references in 2.6 branch. | 05 March 2011, 14:03:31 UTC |
4db2c25 | Georg Brandl | 05 March 2011, 14:02:28 UTC | Add .hgeol file and fix newlines in the 2.5 branch. | 05 March 2011, 14:02:28 UTC |
2af945c | Georg Brandl | 05 March 2011, 14:01:01 UTC | Fix tag references in 2.5 branch. | 05 March 2011, 14:01:01 UTC |
41769a7 | Alexander Belopolsky | 02 January 2011, 23:26:12 UTC | Merged revisions 87663 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/release27-maint ................ r87663 | alexander.belopolsky | 2011-01-02 18:23:54 -0500 (Sun, 02 Jan 2011) | 13 lines Merged revisions 87648,87656 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87648 | alexander.belopolsky | 2011-01-02 15:48:22 -0500 (Sun, 02 Jan 2011) | 1 line Issue #8013: Fixed time.asctime segfault when OS's asctime fails ........ r87656 | alexander.belopolsky | 2011-01-02 17:16:10 -0500 (Sun, 02 Jan 2011) | 1 line Issue #8013: Fixed test ........ ................ | 02 January 2011, 23:26:12 UTC |
893c354 | Alexander Belopolsky | 28 December 2010, 16:15:08 UTC | Merged revisions 87541,87543 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/release27-maint ................ r87541 | alexander.belopolsky | 2010-12-28 10:47:56 -0500 (Tue, 28 Dec 2010) | 9 lines Merged revisions 87442 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87442 | alexander.belopolsky | 2010-12-22 21:27:37 -0500 (Wed, 22 Dec 2010) | 1 line Issue #10254: Fixed a crash and a regression introduced by the implementation of PRI 29. ........ ................ r87543 | alexander.belopolsky | 2010-12-28 11:04:06 -0500 (Tue, 28 Dec 2010) | 1 line fixed issue 10254 test ................ | 28 December 2010, 16:15:08 UTC |
8497f0a | Giampaolo Rodolà | 07 December 2010, 18:54:43 UTC | backporting security fix of issue 9129 (smtpd module vulnerable to DoS attacks in case of connection bashing) | 07 December 2010, 18:54:43 UTC |
b7180a8 | Matthias Klose | 17 October 2010, 10:48:14 UTC | Merge r82494 from the python2.6 branch: Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop module, ensure that the input string length is a multiple of the frame size | 17 October 2010, 10:48:14 UTC |
d4367c2 | Matthias Klose | 17 October 2010, 10:34:40 UTC | Merge r81080 from the python2.6 branch: Issue #8674: fix another bogus overflow check in audioop module. | 17 October 2010, 10:34:40 UTC |