69003fe | Ned Deily | 06 September 2017, 06:19:21 UTC | Update NEWS.d and suspicious doc filter | 06 September 2017, 06:19:21 UTC |
297516e | Victor Stinner | 06 September 2017, 00:57:36 UTC | [3.3] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3352) * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat | 06 September 2017, 00:57:36 UTC |
d6203d9 | Ned Deily | 04 September 2017, 06:07:02 UTC | Fix doc role typos in argparse.rst. | 04 September 2017, 06:07:02 UTC |
a4e774f | Dong-hee Na | 26 July 2017, 04:58:22 UTC | [3.3] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) (#2885) | 26 July 2017, 04:58:22 UTC |
7b92f9f | Victor Stinner | 26 July 2017, 04:06:18 UTC | bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782) (#2860) Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a) (cherry picked from commit 6f6bc1da8aaae52664e7747e328d26eb59c0e74f) | 26 July 2017, 04:06:18 UTC |
8e88f6b | Serhiy Storchaka | 26 July 2017, 03:54:31 UTC | [3.3] bpo-22928: Disabled HTTP header injections in http.client. (#2817) Original patch by Demian Brecht.. (cherry picked from commit a112a8ae47813f75aa8ad27ee8c42a7c2e937d13) | 26 July 2017, 03:54:31 UTC |
8fbdab5 | Serhiy Storchaka | 26 July 2017, 03:07:30 UTC | [3.3] [3.5] bpo-27945: Fixed various segfaults with dict. (GH-1657) (GH-1678) (#2396) Based on patches by Duane Griffin and Tim Mitchell. (cherry picked from commit 753bca3934a7618a4fa96e107ad1c5c18633a683). (cherry picked from commit 2f7f533cf6fb57fcedcbc7bd454ac59fbaf2c655) | 26 July 2017, 03:07:30 UTC |
052f9d6 | Victor Stinner | 26 July 2017, 02:43:52 UTC | [3.3] bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2292) The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``. (cherry picked from commit 90e01e50ef8a9e6c91f30d965563c378a4ad26de) (cherry picked from commit cc54c1c0d2d05fe7404ba64c53df4b1352ed2262) | 26 July 2017, 02:43:52 UTC |
b5f20ea | Victor Stinner | 20 July 2017, 18:04:49 UTC | [3.3] Backport CI config from master and remove skipped imaplib tests (#2481) * Backport Travis CI config from master Add .travis.yml for Travis CI. * bpo-30231: Remove skipped test_imaplib tests (#1419) (#2193) The public cyrus.andrew.cmu.edu IMAP server (port 993) doesn't accept TLS connection using our self-signed x509 certificate. Remove the two tests which are already skipped. (cherry picked from commit 7895a0585b4b6a1c8082d17227307c6ce2c8bb8b) | 20 July 2017, 18:04:49 UTC |
e46f1c1 | Serhiy Storchaka | 19 July 2017, 02:40:10 UTC | [security][3.3] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) (#2363) | 19 July 2017, 02:40:10 UTC |
3625f7f | Victor Stinner | 19 July 2017, 00:44:38 UTC | [3.3] bpo-30585: [security] raise an error when STARTTLS fails (#225) (cherry picked from commit 46b32f307c48bcb999b22eebf65ffe8ed5cca544) | 19 July 2017, 00:44:38 UTC |
4956dd2 | Segev Finer | 11 July 2017, 19:47:03 UTC | Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2670) (cherry picked from commit f52325598e7a9683787d76a42009fc16790a0089) | 16 July 2017, 08:51:00 UTC |
ab90986 | Victor Stinner | 16 July 2017, 08:48:03 UTC | [3.3] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2204) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619) | 16 July 2017, 08:48:03 UTC |
b52c007 | Ned Deily | 16 July 2017, 07:57:47 UTC | bpo-23844: Fix test_dh_params failure | 16 July 2017, 07:57:47 UTC |
8fb577e | Ned Deily | 16 July 2017, 07:34:27 UTC | Fix test_site test_license_exists_at_url | 16 July 2017, 07:34:27 UTC |
b0c0898 | Ned Deily | 16 July 2017, 06:58:48 UTC | Fix distutils test_upload failure | 16 July 2017, 06:58:48 UTC |
5caddea | Ned Deily | 16 July 2017, 05:51:01 UTC | Bump PY_VERSION to 3.3.6+ | 16 July 2017, 05:51:01 UTC |
87700f1 | larryhastings | 22 June 2017, 23:00:32 UTC | Add "Misc/NEWS.d" directory tree for "blurb". GH-2332 CPython workflow is changing! We're going to start using "blurb" to manage Misc/NEWS entries: https://github.com/python/core-workflow (This will be a big win for release managers, honest.) This checkin simply populates the "Misc/NEWS.d" subdirectory tree so that people can start putting their news entries in there. No other changes (yet). | 22 June 2017, 23:00:32 UTC |
c276ffa | Ned Deily | 02 January 2017, 07:46:09 UTC | ring IDLE.app into 2017, too | 02 January 2017, 07:46:09 UTC |
e527dd3 | Benjamin Peterson | 02 January 2017, 04:04:13 UTC | ring in 2017 for Python | 02 January 2017, 04:04:13 UTC |
60ac989 | Serhiy Storchaka | 14 November 2016, 17:22:12 UTC | Issue #28563: Make plural form selection more lenient and accepting non-integer numbers. Django tests depend on this. | 14 November 2016, 17:22:12 UTC |
b626643 | Serhiy Storchaka | 12 November 2016, 12:28:06 UTC | Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X when decode astral characters. | 12 November 2016, 12:28:06 UTC |
07bcf05 | Serhiy Storchaka | 08 November 2016, 19:17:46 UTC | Issue #28563: Fixed possible DoS and arbitrary code execution when handle plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext. | 08 November 2016, 19:17:46 UTC |
d751040 | Berker Peksag | 14 September 2016, 05:37:28 UTC | Issue #26171: Prevent buffer overflow in get_data Backport of 01ddd608b85c. | 14 September 2016, 05:37:28 UTC |
1f0e7c9 | Benjamin Peterson | 17 August 2016, 06:35:35 UTC | rearrange methodcaller_new so that the main error case does not cause uninitialized memory usage (closes #27783) | 17 August 2016, 06:35:35 UTC |
3a27b08 | Benjamin Peterson | 16 August 2016, 05:01:41 UTC | do not decref value borrowed from list (closes #27774) | 16 August 2016, 05:01:41 UTC |
4f97651 | Benjamin Peterson | 14 August 2016, 01:33:33 UTC | fix possible integer overflow in binascii.b2a_qp (closes #27760) Reported by Thomas E. Hybel | 14 August 2016, 01:33:33 UTC |
6e01d90 | Benjamin Peterson | 14 August 2016, 00:17:06 UTC | check for overflow in join_append_data (closes #27758) Reported by Thomas E. Hybel | 14 August 2016, 00:17:06 UTC |
6f25003 | Vinay Sajip | 05 August 2016, 20:24:27 UTC | Issue #20160: Handled passing of large structs to callbacks correctly. | 05 August 2016, 20:24:27 UTC |
fb79290 | Donald Stufft | 03 August 2016, 22:43:38 UTC | Switch upload.pypi.io to upload.pypi.org | 03 August 2016, 22:43:38 UTC |
4cbb23f | Senthil Kumaran | 31 July 2016, 06:24:16 UTC | Prevent HTTPoxy attack (CVE-2016-1000110) Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. Issue #27568 Reported and patch contributed by Rémi Rampin. | 31 July 2016, 06:24:16 UTC |
d27a7c1 | Martin Panter | 14 July 2016, 01:42:53 UTC | Issue #27369: Merge test_pyexpat from 3.2 into 3.3 | 14 July 2016, 01:42:53 UTC |
076ca6c | Martin Panter | 14 July 2016, 01:31:46 UTC | Issue #27369: Don’t test error message detail that changed in Expat 2.2.0 | 14 July 2016, 01:31:46 UTC |
2cdcaf1 | Martin Panter | 14 July 2016, 01:17:03 UTC | Issue #22758: Move NEWS entry to Library section | 14 July 2016, 01:17:03 UTC |
e363894 | R David Murray | 10 July 2016, 18:10:08 UTC | #22758 null merge | 10 July 2016, 18:10:08 UTC |
5f21f43 | R David Murray | 10 July 2016, 17:32:43 UTC | #22758: fix regression in handling of secure cookies. This backports the fix from #16611, per discussion with the release manager. | 10 July 2016, 17:32:43 UTC |
188c118 | Donald Stufft | 06 July 2016, 19:27:35 UTC | Switch to the new upload url for PyPI | 06 July 2016, 19:27:35 UTC |
035583b | Martin Panter | 15 January 2016, 01:16:41 UTC | Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUT | 15 January 2016, 01:16:41 UTC |
3d81d93 | Martin Panter | 14 January 2016, 09:36:00 UTC | Issue #25940: Use self-signed.pythontest.net in SSL tests This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444. | 14 January 2016, 09:36:00 UTC |
31b9410 | Serhiy Storchaka | 02 December 2015, 23:02:03 UTC | Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache. | 02 December 2015, 23:02:03 UTC |
fab75d9 | Martin Panter | 15 January 2016, 02:08:13 UTC | Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3 | 15 January 2016, 02:08:13 UTC |
73f5507 | Martin Panter | 14 January 2016, 12:21:02 UTC | Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3 | 14 January 2016, 12:21:02 UTC |
0e617e2 | Benjamin Peterson | 01 January 2016, 17:53:47 UTC | remove some copyright notices supserseded by the toplevel ones | 01 January 2016, 17:53:47 UTC |
f1dcdd9 | Benjamin Peterson | 01 January 2016, 17:53:14 UTC | add 2015 and 2016 | 01 January 2016, 17:53:14 UTC |
16b347b | Benjamin Peterson | 01 January 2016, 17:12:44 UTC | reflow | 01 January 2016, 17:12:44 UTC |
75e3630 | Benjamin Peterson | 01 January 2016, 16:23:45 UTC | 2016 will be another year of writing copyrighted code | 01 January 2016, 16:23:45 UTC |
14b2c82 | Benjamin Peterson | 05 December 2015, 08:27:11 UTC | fix reordering | 05 December 2015, 08:27:11 UTC |
2deaea3 | Benjamin Peterson | 05 December 2015, 08:21:12 UTC | merge 3.2 | 05 December 2015, 08:21:12 UTC |
5e62117 | Benjamin Peterson | 05 December 2015, 08:17:57 UTC | add CVE and issue number | 05 December 2015, 08:17:57 UTC |
102764a | Kristján Valur Jónsson | 12 September 2015, 15:20:54 UTC | Issue #25021: Correctly make sure that product.__setstate__ does not access invalid memory. | 12 September 2015, 15:20:54 UTC |
a82f77f | Benjamin Peterson | 05 July 2015, 00:55:16 UTC | protect against mutation of the dict during insertion (closes #24407) | 05 July 2015, 00:55:16 UTC |
dac3ab8 | Benjamin Peterson | 27 June 2015, 19:25:50 UTC | add issue number | 27 June 2015, 19:25:50 UTC |
59b08c1 | Benjamin Peterson | 27 June 2015, 18:41:33 UTC | use safe allocation and reallocation macros | 27 June 2015, 18:41:33 UTC |
614bfcc | Yury Selivanov | 02 June 2015, 22:53:46 UTC | Issue 24366: Indent code (thanks to li4ick for reporting). | 02 June 2015, 22:53:46 UTC |
86c3a3b | Benjamin Peterson | 26 May 2015, 02:24:26 UTC | merge 3.2 | 26 May 2015, 02:24:26 UTC |
b03856a | Benjamin Peterson | 26 May 2015, 02:24:00 UTC | keep distutils version in sync with python version automatically | 26 May 2015, 02:24:00 UTC |
d504f20 | Benjamin Peterson | 23 May 2015, 15:38:48 UTC | merge 3.2 (#22931) | 23 May 2015, 15:38:48 UTC |
9bd476e | Benjamin Peterson | 23 May 2015, 15:36:48 UTC | allow square brackets in cookie values (closes #22931) | 23 May 2015, 15:36:48 UTC |
deff2b7 | Benjamin Peterson | 03 May 2015, 15:23:37 UTC | be more robust against the filters list changing under us (closes #24096) | 03 May 2015, 15:23:37 UTC |
501182a | Benjamin Peterson | 03 May 2015, 02:28:04 UTC | just sort the items tuple directly (closes #24094) | 03 May 2015, 02:28:04 UTC |
51454a6 | Benjamin Peterson | 23 April 2015, 21:05:07 UTC | merge 3.2 (#24044) | 23 April 2015, 21:05:07 UTC |
0823ffb | Benjamin Peterson | 23 April 2015, 21:04:36 UTC | properly handle malloc failure (closes #24044) Patch by Christian Heimes. | 23 April 2015, 21:04:36 UTC |
418fd74 | Christian Heimes | 19 April 2015, 19:08:42 UTC | Issue #23998: PyImport_ReInitLock() now checks for lock allocation error | 19 April 2015, 19:08:42 UTC |
e5a853c | Benjamin Peterson | 02 March 2015, 18:23:25 UTC | use PyMem_NEW to detect overflow (closes #23362) | 02 March 2015, 18:23:25 UTC |
b779bfb | Benjamin Peterson | 02 March 2015, 16:17:05 UTC | fix possible overflow bugs in unicodedata (closes #23367) | 02 March 2015, 16:17:05 UTC |
03f8612 | Benjamin Peterson | 18 February 2015, 13:54:22 UTC | merge 3.2 | 18 February 2015, 13:54:22 UTC |
893cce9 | Benjamin Peterson | 18 February 2015, 13:52:46 UTC | remove RPM, since it's unused and unmaintained | 18 February 2015, 13:52:46 UTC |
8ce6806 | Benjamin Peterson | 10 February 2015, 01:58:12 UTC | add overflow checking (closes #23361) | 10 February 2015, 01:58:12 UTC |
dee948b | Serhiy Storchaka | 02 February 2015, 23:34:09 UTC | Issues #23363, #23364, #23365, #23366: Fixed itertools overflow tests. Used PyMem_New to check overflow. | 02 February 2015, 23:34:09 UTC |
1572944 | Benjamin Peterson | 02 February 2015, 22:47:07 UTC | reduce memory usage of test (closes #23369) | 02 February 2015, 22:47:07 UTC |
0eaabf1 | Benjamin Peterson | 02 February 2015, 02:34:07 UTC | check for overflows in permutations() and product() (closes #23363, closes #23364) | 02 February 2015, 02:34:07 UTC |
6f08229 | Benjamin Peterson | 02 February 2015, 02:10:47 UTC | check for overflow in combinations_with_replacement (closes #23365) | 02 February 2015, 02:10:47 UTC |
4b40eeb | Benjamin Peterson | 02 February 2015, 01:59:00 UTC | detect overflow in combinations (closes #23366) | 02 February 2015, 01:59:00 UTC |
68389ea | Benjamin Peterson | 01 February 2015, 23:02:09 UTC | remove extra ws | 01 February 2015, 23:02:09 UTC |
e3bfe19 | Benjamin Peterson | 01 February 2015, 22:53:53 UTC | fix possible overflow in encode_basestring_ascii (closes #23369) | 01 February 2015, 22:53:53 UTC |
aed1984 | Serhiy Storchaka | 30 January 2015, 23:15:48 UTC | Issue #23055: Fixed read-past-the-end error in PyUnicode_FromFormatV. | 30 January 2015, 23:15:48 UTC |
4dbc305 | Serhiy Storchaka | 27 January 2015, 20:18:46 UTC | Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis and fix by Guido Vranken. | 27 January 2015, 20:18:46 UTC |
3f95292 | Serhiy Storchaka | 27 January 2015, 20:18:34 UTC | Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis and fix by Guido Vranken. | 27 January 2015, 20:18:34 UTC |
119479f | Ethan Furman | 15 January 2015, 05:56:10 UTC | Issue20467: clarify __init__'s role | 15 January 2015, 05:56:10 UTC |
72c2a0f | Benjamin Peterson | 04 January 2015, 22:03:59 UTC | merge 3.2 (closes #23165) | 04 January 2015, 22:03:59 UTC |
f18bf6f | Benjamin Peterson | 04 January 2015, 22:03:17 UTC | add some overflow checks before multiplying (closes #23165) | 04 January 2015, 22:03:17 UTC |
7919acb | Benjamin Peterson | 01 January 2015, 00:10:13 UTC | merge 3.2 | 01 January 2015, 00:10:13 UTC |
47e782a | Benjamin Peterson | 01 January 2015, 00:09:36 UTC | update for copyright for 2015 | 01 January 2015, 00:09:36 UTC |
9582b33 | Benjamin Peterson | 30 December 2014, 16:08:52 UTC | merge 3.2 (#23130) | 30 December 2014, 16:08:52 UTC |
44e4b98 | Benjamin Peterson | 30 December 2014, 16:08:16 UTC | delete old ftpmirror script, which now has security bugs (closes #23130) | 30 December 2014, 16:08:16 UTC |
81b7374 | Benjamin Peterson | 06 December 2014, 01:30:54 UTC | merge 3.2 (#16043) | 06 December 2014, 01:30:54 UTC |
4e9cefa | Benjamin Peterson | 06 December 2014, 01:15:15 UTC | add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) | 06 December 2014, 01:15:15 UTC |
89644d0 | Georg Brandl | 05 November 2014, 19:37:40 UTC | Issue #25940: Backport self-signed.pythontest.net testing for test_httplib The svn.python.org server recently changed root certificate, causing the test to fail. This backports revision 4985375db40f. | 05 November 2014, 19:37:40 UTC |
e71abcc | Benjamin Peterson | 05 November 2014, 16:29:39 UTC | merge 3.2 | 05 November 2014, 16:29:39 UTC |
258f3f0 | Benjamin Peterson | 05 November 2014, 16:27:14 UTC | use pythontest.net for url fragment test | 05 November 2014, 16:27:14 UTC |
97751fa | Benjamin Peterson | 03 November 2014, 20:11:53 UTC | merge 3.2 | 03 November 2014, 20:11:53 UTC |
863c962 | Benjamin Peterson | 03 November 2014, 20:10:47 UTC | move idna test domain to pythontest.net | 03 November 2014, 20:10:47 UTC |
9fc59c9 | Benjamin Peterson | 19 October 2014, 14:47:49 UTC | make plural s lowercase | 19 October 2014, 14:47:49 UTC |
b6dc9b7 | Antoine Pitrou | 15 October 2014, 21:14:53 UTC | Fixed signed/unsigned comparison warning | 15 October 2014, 21:14:53 UTC |
4d85689 | Benjamin Peterson | 15 October 2014, 17:39:46 UTC | test is cpython only | 15 October 2014, 17:39:46 UTC |
1e211ff | Benjamin Peterson | 15 October 2014, 16:17:21 UTC | it suffices to check for PY_SSIZE_T_MAX overflow (#22643) | 15 October 2014, 16:17:21 UTC |
c0e64f5 | Benjamin Peterson | 15 October 2014, 15:51:05 UTC | make sure length is unsigned | 15 October 2014, 15:51:05 UTC |
e1bd38c | Benjamin Peterson | 15 October 2014, 15:47:36 UTC | fix integer overflow in unicode case operations (closes #22643) | 15 October 2014, 15:47:36 UTC |
77a75b3 | Benjamin Peterson | 13 October 2014, 15:54:50 UTC | note xmlrpclib doesn't verify certs (yet) | 13 October 2014, 15:54:50 UTC |
5e7b542 | Georg Brandl | 12 October 2014, 07:29:19 UTC | Merge 3.2 into 3.3. | 12 October 2014, 07:29:19 UTC |