Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Revision b9e5547f5814962964c4a5bd5cd36a2af8fbf974 authored by Miss Islington (bot) on 22 November 2019, 23:36:38 UTC, committed by GitHub on 22 November 2019, 23:36:38 UTC
* fix HTTP Digest handling in request.py There is a bug triggered when server replies to a request with `WWW-Authenticate: Digest` where `qop="auth,auth-int"` rather than mere `qop="auth"`. Having both `auth` and `auth-int` is legitimate according to the `qop-options` rule in §3.2.1 of [[https://www.ietf.org/rfc/rfc2617.txt|RFC 2617]]: > qop-options = "qop" "=" <"> 1GH-qop-value <"> > qop-value = "auth" | "auth-int" | token > **qop-options**: [...] If present, it is a quoted string **of one or more** tokens indicating the "quality of protection" values supported by the server. The value `"auth"` indicates authentication; the value `"auth-int"` indicates authentication with integrity protection This is description confirmed by the definition of the [//n//]`GH-`[//m//]//rule// extended-BNF pattern defined in §2.1 of [[https://www.ietf.org/rfc/rfc2616.txt|RFC 2616]] as 'a comma-separated list of //rule// with at least //n// and at most //m// items'. When this reply is parsed by `get_authorization`, request.py only tests for identity with `'auth'`, failing to recognize it as one of the supported modes the server announced, and claims that `"qop 'auth,auth-int' is not supported"`. * 📜🤖 Added by blurb_it. * bpo-38686 review fix: remember why. * fix trailing space in Lib/urllib/request.py Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com> (cherry picked from commit 14a89c47983f2fb9e7fdf33c769e622eefd3a14a) Co-authored-by: PypeBros <PypeBros@users.noreply.github.com>
1 parent ca5fafc
Tip revision: b9e5547f5814962964c4a5bd5cd36a2af8fbf974 authored by Miss Islington (bot) on 22 November 2019, 23:36:38 UTC
bpo-38686: fix HTTP Digest handling in request.py (GH-17045)
bpo-38686: fix HTTP Digest handling in request.py (GH-17045)
Tip revision: b9e5547
.gitignore
#####
# First, rules intended to apply in all subdirectories.
# These contain no slash, or only a trailing slash.
*.cover
*.iml
*.o
*.a
*.so*
*.dylib
*.dll
*.orig
*.pyc
*.pyd
*.pyo
*.rej
*.swp
*~
*.gc??
*.profclang?
*.profraw
*.dyn
.gdb_history
.purify
__pycache__
.hg/
.svn/
.idea/
tags
TAGS
.vs/
.vscode/
gmon.out
.coverage
.mypy_cache/
*.exe
!Lib/distutils/command/*.exe
# Ignore core dumps... but not Tools/msi/core/ or the like.
core
!core/
#####
# Then, rules meant for a specific location relative to the repo root.
# These must contain a non-trailing slash (and may also have a trailing slash.)
Doc/build/
Doc/venv/
Doc/.venv/
Doc/env/
Doc/.env/
Include/pydtrace_probes.h
Lib/distutils/command/*.pdb
Lib/lib2to3/*.pickle
Lib/test/data/*
!Lib/test/data/README
/Makefile
/Makefile.pre
Misc/python.pc
Misc/python-embed.pc
Misc/python-config.sh
Modules/Setup.config
Modules/Setup.local
Modules/config.c
Modules/ld_so_aix
Programs/_freeze_importlib
Programs/_testembed
PC/python_nt*.h
PC/pythonnt_rc*.h
PC/*/*.exp
PC/*/*.lib
PC/*/*.bsc
PC/*/*.dll
PC/*/*.pdb
PC/*/*.user
PC/*/*.ncb
PC/*/*.suo
PC/*/Win32-temp-*
PC/*/x64-temp-*
PC/*/amd64
PCbuild/*.user
PCbuild/*.suo
PCbuild/*.*sdf
PCbuild/*-pgi
PCbuild/*-pgo
PCbuild/*.VC.db
PCbuild/*.VC.opendb
PCbuild/amd64/
PCbuild/arm32/
PCbuild/arm64/
PCbuild/obj/
PCbuild/win32/
/autom4te.cache
/build/
/config.cache
/config.log
/config.status
/config.status.lineno
/platform
/pybuilddir.txt
/pyconfig.h
/python-config
/python-config.py
/python.bat
/python-gdb.py
/python.exe-gdb.py
/reflog.txt
/coverage/
/externals/
/htmlcov/
Tools/msi/obj
Tools/ssl/amd64
Tools/ssl/win32
# Two-trick pony for OSX and other case insensitive file systems:
# Ignore ./python binary on Unix but still look into ./Python/ directory.
/python
!/Python/
Computing file changes ...
