mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-26 10:19:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
68943 commits 7 branches 625 tags 3.7 GiB
Commit graph

68943 commits

This branch
This branch
All branches
Author SHA1 Message Date
Antoine Pitrou
dad182c16e Lax cookie parsing in http.cookies could be a security issue when combined 
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
 2014-09-17 00:23:55 +02:00
Georg Brandl
860c367c29 Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
 2014-09-30 14:56:46 +02:00
Georg Brandl
21bf3f942b Issue #22517: When a io.BufferedRWPair object is deallocated, clear its 
weakrefs.
 2014-09-30 14:54:39 +02:00
Georg Brandl
eaca8616ab Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
 2014-09-30 14:45:39 +02:00
Georg Brandl
210ee47e33 Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Christian Heimes.
 2014-09-30 14:18:02 +02:00
Christian Heimes
70088f14ad Issue #18747: document issue with OpenSSL's CPRNG state and fork 2013-10-29 21:08:56 +01:00
Georg Brandl
c9cb18d3f7 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
 2014-09-30 14:12:24 +02:00
Georg Brandl
f0746ca463 Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 
100 headers are read.  Adapted from patch by Jyrki Pulliainen.
 2014-09-30 14:08:04 +02:00
Georg Brandl
ec3c103520 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
 2014-09-30 14:04:51 +02:00
Jason R. Coombs
79690ac1d0 Issue #13540: Update references to Action class to match syntax used for other classes in this file. 2014-08-03 14:54:11 -04:00
Jason R. Coombs
eb0ef415d5 Issue #13540: Removed redundant documentation about Action instance attributes. Updated example and documentation per recommendations by Steven Bethard in msg149524. 2014-07-20 10:52:46 -04:00
Jason R. Coombs
f28cf7abcf Issue #13540: Expanded argparse documents to clarify the action API 2011-12-13 23:36:45 -05:00
Ned Deily
915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, 
broken by the fix for security issue #19435.  Patch by Zach Byrne.
 2014-07-12 22:06:26 -07:00
Benjamin Peterson
314dc126ce expect the correct platform-dependent linesep 2014-06-16 23:15:50 -07:00
Benjamin Peterson
73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
Benjamin Peterson
49991deb6e fix poor spelling 2014-04-14 12:15:28 -04:00
Benjamin Peterson
6ef2b36afa disallow a negative idx parameter 2014-04-14 11:45:21 -04:00
Benjamin Peterson
99b5afab74 in scan_once, prevent the reading of arbitrary memory when passed a negative index 
Bug reported by Guido Vranken.
 2014-04-13 22:10:38 -04:00
Benjamin Peterson
80e6af1f61 fix versionchanged version 2014-04-04 09:50:35 -04:00
Benjamin Peterson
ee5f1c13d1 remove directory mode check from makedirs (closes #21082) 2014-04-01 19:13:18 -04:00
Benjamin Peterson
b4be376d16 use https docs url (#21115) 2014-03-31 13:44:53 -04:00
Benjamin Peterson
8aef28a5d0 add Ian Beer 2014-03-30 20:33:47 -04:00
Benjamin Peterson
23cf403ca1 fix expandtabs overflow detection to be consistent and not rely on signed overflow 2014-03-30 19:47:57 -04:00
Benjamin Peterson
cf25c5caae use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896) 2014-03-12 18:05:53 -05:00
Stefan Krah
d9bed99fcb Issue #20246: Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts. 2014-01-21 22:58:40 +01:00
Benjamin Peterson
1b94030b37 update logo url (#20695) 2014-02-19 22:55:16 -05:00
Benjamin Peterson
f6218a2191 open retrieved file in binary mode, since it's now compressed 2014-02-19 22:56:35 -05:00
Benjamin Peterson
fbf648ebba complain when nbytes > buflen to fix possible buffer overflow (closes #20246) 2014-01-13 22:59:38 -05:00
Antoine Pitrou
f60b7df9f8 Issue #12226: HTTPS is now used by default when connecting to PyPI. 2013-12-22 01:35:53 +01:00
Georg Brandl
ee7f3fc586 Backout 7d399099334d. 2013-11-04 07:44:29 +01:00
Georg Brandl
7b5d6adb28 Backout 265d369ad3b9. 2013-11-04 07:43:41 +01:00
Georg Brandl
7ec3e56bb8 Backout d80207d15294. 2013-11-04 07:43:32 +01:00
Jason R. Coombs
32bf5e1273 Update NEWS for 265d369ad3b9. 2013-11-02 13:00:01 -04:00
Jason R. Coombs
bd26d86d74 Issue #19286: [distutils] Only match files in build_py.find_data_files. 2013-11-02 11:07:35 -04:00
Jason R. Coombs
93912b9e54 Issue #19286: Adding test demonstrating the failure when a directory is found in the package_data globs. 2013-11-02 11:29:33 -04:00
Benjamin Peterson
35aca89617 merge 3.1 (#19435) 2013-10-30 12:48:59 -04:00
Benjamin Peterson
04e9de40f3 use the collapsed path in the run_cgi method (closes #19435) 2013-10-30 12:43:09 -04:00
R David Murray
58bf8d2a68 Merge #14984: only import pwd on POSIX. 2013-09-18 08:53:26 -04:00
R David Murray
505be2146f #14984: only import pwd on POSIX. 2013-09-18 08:52:38 -04:00
R David Murray
8270a2c209 Merge #14984: On POSIX, enforce permissions when reading default .netrc. 2013-09-17 20:32:54 -04:00
R David Murray
104aab956f #14984: On POSIX, enforce permissions when reading default .netrc. 
Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.
 2013-09-17 20:30:02 -04:00
Tim Peters
945a251e4a Null merge of 3.1 into 3.2 
Changeset c39f42f46a05 left a dangling head on 3.1.
 2013-09-15 15:37:25 -05:00
Georg Brandl
bc75046bb3 Add a NEWS entry for b9b521efeba3. 2013-09-14 09:10:21 +02:00
Georg Brandl
c5884d8930 Add NEWS entry for c18c18774e24. 2013-09-14 09:09:18 +02:00
Georg Brandl
c17a8dfaca Fix tkinter regression introduced by the security fix in #16248. 2013-09-14 09:08:09 +02:00
Georg Brandl
db4309e19a Fix tkinter regression introduced by the security fix in #16248. 2013-09-14 09:08:09 +02:00
Antoine Pitrou
86d53cadda Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Georg Brandl
8833c3bcd1 Added tag v3.2.5 for changeset cef745775b65 2013-05-12 12:28:30 +02:00
Georg Brandl
bfe36ec1f5 Bump to version 3.2.5. 2013-05-12 12:28:20 +02:00
Georg Brandl
c502df4e3e Issue #17915: Fix interoperability of xml.sax with file objects returned by 
codecs.open().
 2013-05-12 11:41:12 +02:00