mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-10 11:00:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
78491 commits 6 branches 640 tags 2.6 GiB
Commit graph

13911 commits

Author SHA1 Message Date
Benjamin Peterson
0eaabf1c05 check for overflows in permutations() and product() (closes #23363, closes #23364) 2015-02-01 21:34:07 -05:00
Benjamin Peterson
6f082297b2 check for overflow in combinations_with_replacement (closes #23365) 2015-02-01 21:10:47 -05:00
Benjamin Peterson
4b40eeb339 detect overflow in combinations (closes #23366) 2015-02-01 20:59:00 -05:00
Benjamin Peterson
e3bfe19358 fix possible overflow in encode_basestring_ascii (closes #23369) 2015-02-01 17:53:53 -05:00
Serhiy Storchaka
4dbc305002 Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis 
and fix by Guido Vranken.
 2015-01-27 22:18:46 +02:00
Benjamin Peterson
72c2a0f60a merge 3.2 (closes #23165) 2015-01-04 16:03:59 -06:00
Benjamin Peterson
f18bf6fd2d add some overflow checks before multiplying (closes #23165) 2015-01-04 16:03:17 -06:00
Benjamin Peterson
81b7374fbe merge 3.2 (#16043) 2014-12-05 20:30:54 -05:00
Benjamin Peterson
4e9cefaf86 add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) 2014-12-05 20:15:15 -05:00
Benjamin Peterson
e1bd38c03c fix integer overflow in unicode case operations (closes #22643) 2014-10-15 11:47:36 -04:00
Georg Brandl
18e897250a Bump to 3.3.6 2014-10-12 09:03:40 +02:00
Georg Brandl
439d88542e Bump to 3.2.6 2014-10-12 08:50:38 +02:00
Georg Brandl
b3ac84322f #16040: fix unlimited read from connection in nntplib. 2014-10-12 08:50:11 +02:00
Georg Brandl
e800a0e1c2 Bump to 3.2.6rc1 2014-10-04 14:15:42 +02:00
Serhiy Storchaka
4b1681832b Issue #22518: Fixed integer overflow issues in "backslashreplace", 
"xmlcharrefreplace", and "surrogatepass" error handlers.
 2014-10-04 14:15:49 +03:00
Georg Brandl
76e73f85a3 Bump to 3.3.6rc1 2014-10-04 14:22:11 +02:00
Georg Brandl
ff3e5e3779 Fix unicode_aswidechar() for 4b unicode and 2b wchar_t (AIX). 2014-10-01 19:15:11 +02:00
Georg Brandl
51c116223e Issue #19855: uuid.getnode() on Unix now looks on the PATH for the 
executables used to find the mac address, with /sbin and /usr/sbin as
fallbacks.

Issue #11508: Fixed uuid.getnode() and uuid.uuid1() on environment with
virtual interface.  Original patch by Kent Frazier.

Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL,
if all necessary functions are already found in libuuid.
Patch by Evgeny Sologubov.

Issue #16102: Make uuid._netbios_getnode() work again on Python 3.
 2014-09-30 19:34:19 +02:00
Benjamin Peterson
736b8012b4 prevent overflow in unicode_repr (closes #22520) 2014-09-29 23:02:15 -04:00
Benjamin Peterson
bbd0a323ae clear BufferedRWPair weakrefs on deallocation (closes #22517) 2014-09-29 22:46:57 -04:00
Benjamin Peterson
42ff105539 fix overflow checking in PyBytes_Repr (closes #22519) 2014-09-29 19:01:18 -04:00
Benjamin Peterson
3bbb2e4844 NEWS issue for #22518 2014-09-29 18:42:35 -04:00
Senthil Kumaran
e025b52db0 Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes. 2014-09-17 16:29:29 +08:00
Antoine Pitrou
7d0b8f95e7 Lax cookie parsing in http.cookies could be a security issue when combined 
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
 2014-09-17 00:23:55 +02:00
Ned Deily
217f4cd7ee Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, 
broken by the fix for security issue #19435.  Patch by Zach Byrne.
 2014-07-12 22:12:39 -07:00
Ned Deily
915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, 
broken by the fix for security issue #19435.  Patch by Zach Byrne.
 2014-07-12 22:06:26 -07:00
Benjamin Peterson
6cd1954c5c merge 3.2 (#21766) 2014-06-14 18:40:10 -07:00
Benjamin Peterson
73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
doko@ubuntu.com
8577e5ae09 - Issue #17752: Fix distutils tests when run from the installed location. 2014-05-07 04:44:42 +02:00
Benjamin Peterson
156285c35f merge 3.2 2014-04-13 22:28:16 -04:00
Benjamin Peterson
99b5afab74 in scan_once, prevent the reading of arbitrary memory when passed a negative index 
Bug reported by Guido Vranken.
 2014-04-13 22:10:38 -04:00
Benjamin Peterson
4717e2112b merge 3.2 (#21082) 2014-04-01 19:17:57 -04:00
Benjamin Peterson
ee5f1c13d1 remove directory mode check from makedirs (closes #21082) 2014-04-01 19:13:18 -04:00
Benjamin Peterson
aa2d085d29 merge 3.2 2014-03-30 20:34:05 -04:00
Benjamin Peterson
8aef28a5d0 add Ian Beer 2014-03-30 20:33:47 -04:00
Ned Deily
e558181660 Issue #20939: Use www.example.com instead of www.python.org to avoid test 
failures when ssl is not present.
 2014-03-26 23:31:39 -07:00
Georg Brandl
fd9262cf2a Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit 
line length.  Patch by Emil Lind.
 2014-09-30 16:00:09 +02:00
Georg Brandl
0840b41582 Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces. 2014-09-17 13:17:58 +08:00
Antoine Pitrou
dad182c16e Lax cookie parsing in http.cookies could be a security issue when combined 
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
 2014-09-17 00:23:55 +02:00
Georg Brandl
860c367c29 Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
 2014-09-30 14:56:46 +02:00
Georg Brandl
21bf3f942b Issue #22517: When a io.BufferedRWPair object is deallocated, clear its 
weakrefs.
 2014-09-30 14:54:39 +02:00
Georg Brandl
eaca8616ab Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
 2014-09-30 14:45:39 +02:00
Georg Brandl
210ee47e33 Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Christian Heimes.
 2014-09-30 14:18:02 +02:00
Richard Oudkerk
3e952d56ea Issue #20633: Replace relative import by absolute import. 2014-03-23 12:42:28 +00:00
Benjamin Peterson
fda33559dc fix ctypes test alignment assumptions (closes #20946) 
Patch by Andreas Schwab.
 2014-03-16 10:07:26 +01:00
Ned Deily
b454742c64 Issue #20939: Fix test_geturl failure in test_urllibnet due to 
new redirect of http://www.python.org/ to https://www.python.org.
 2014-03-15 13:15:31 -07:00
Éric Araujo
45fc8713bd Make distutils error messages more helpful (#11599). 
When running external programs such as a C compiler and getting an
error code, distutils only prints the program name.  With this change,
one can get the full command line by setting the DISTUTILS_DEBUG
environment variable.

This should have no compatibility issues, unless there are tools
that depend on the exact format of distutils debug messages.
 2014-03-13 04:55:35 -04:00
Benjamin Peterson
f993399c40 add Sean Rodman 2014-03-12 15:08:43 -05:00
Éric Araujo
fc773a2d4b Avoid “error: None” messages from distutils (#4931). 
Thanks to Amaury Forgeot d’Arc and Philip J. Eby.
 2014-03-12 03:34:02 -04:00
Ned Deily
6120739f0c Issue #20875: Prevent possible gzip "'read' is not defined" NameError. 
Patch by Claudiu Popa.
 2014-03-09 14:44:34 -07:00