mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
68940 commits 6 branches 641 tags 4 GiB
Commit graph

6638 commits

Author SHA1 Message Date
Georg Brandl
eaca8616ab Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
 2014-09-30 14:45:39 +02:00
Georg Brandl
210ee47e33 Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Christian Heimes.
 2014-09-30 14:18:02 +02:00
Georg Brandl
c9cb18d3f7 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
 2014-09-30 14:12:24 +02:00
Georg Brandl
f0746ca463 Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 
100 headers are read.  Adapted from patch by Jyrki Pulliainen.
 2014-09-30 14:08:04 +02:00
Georg Brandl
ec3c103520 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
 2014-09-30 14:04:51 +02:00
Ned Deily
915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, 
broken by the fix for security issue #19435.  Patch by Zach Byrne.
 2014-07-12 22:06:26 -07:00
Benjamin Peterson
73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
Benjamin Peterson
99b5afab74 in scan_once, prevent the reading of arbitrary memory when passed a negative index 
Bug reported by Guido Vranken.
 2014-04-13 22:10:38 -04:00
Benjamin Peterson
ee5f1c13d1 remove directory mode check from makedirs (closes #21082) 2014-04-01 19:13:18 -04:00
Benjamin Peterson
8aef28a5d0 add Ian Beer 2014-03-30 20:33:47 -04:00
Benjamin Peterson
fbf648ebba complain when nbytes > buflen to fix possible buffer overflow (closes #20246) 2014-01-13 22:59:38 -05:00
Antoine Pitrou
f60b7df9f8 Issue #12226: HTTPS is now used by default when connecting to PyPI. 2013-12-22 01:35:53 +01:00
Georg Brandl
ee7f3fc586 Backout 7d399099334d. 2013-11-04 07:44:29 +01:00
Jason R. Coombs
32bf5e1273 Update NEWS for 265d369ad3b9. 2013-11-02 13:00:01 -04:00
Benjamin Peterson
35aca89617 merge 3.1 (#19435) 2013-10-30 12:48:59 -04:00
Benjamin Peterson
04e9de40f3 use the collapsed path in the run_cgi method (closes #19435) 2013-10-30 12:43:09 -04:00
R David Murray
8270a2c209 Merge #14984: On POSIX, enforce permissions when reading default .netrc. 2013-09-17 20:32:54 -04:00
R David Murray
104aab956f #14984: On POSIX, enforce permissions when reading default .netrc. 
Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.
 2013-09-17 20:30:02 -04:00
Georg Brandl
bc75046bb3 Add a NEWS entry for b9b521efeba3. 2013-09-14 09:10:21 +02:00
Georg Brandl
c5884d8930 Add NEWS entry for c18c18774e24. 2013-09-14 09:09:18 +02:00
Antoine Pitrou
86d53cadda Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Georg Brandl
bfe36ec1f5 Bump to version 3.2.5. 2013-05-12 12:28:20 +02:00
Georg Brandl
c502df4e3e Issue #17915: Fix interoperability of xml.sax with file objects returned by 
codecs.open().
 2013-05-12 11:41:12 +02:00
Georg Brandl
93b061bc3e Issue #1159051: Back out a fix for handling corrupted gzip files that 
broke backwards compatibility.
 2013-05-12 11:29:27 +02:00
Serhiy Storchaka
a9217a42e6 Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, 
such as was shipped with Centos 5 and Mac OS X 10.4.
 2013-04-28 14:10:27 +03:00
Georg Brandl
ba2f8be4c6 Issue #17843: Remove bz2 test data that triggers antivirus warnings. 2013-05-12 11:11:51 +02:00
Georg Brandl
ce654f48aa Issue #15535: Fix pickling of named tuples. 2013-05-12 11:09:11 +02:00
Serhiy Storchaka
a6df938fef Close #17666: Fix reading gzip files with an extra field. 2013-04-08 22:35:02 +03:00
Gregory P. Smith
cf86d9441e news entry 2013-04-30 00:57:18 -07:00
Georg Brandl
8bc7e31529 Bump to 3.2.4. 2013-04-06 09:36:20 +02:00
Benjamin Peterson
7684fa8a38 close search and replace dialog after it is used (closes #17625) 2013-04-03 22:35:12 -04:00
Christian Heimes
1df04e88ae Issue 17538: Document XML vulnerabilties 2013-03-26 17:35:55 +01:00
Georg Brandl
4eb5f1a567 merge with main repo 3.2 branch 2013-03-25 06:56:31 +01:00
Martin v. Loewis
5be6d74a0d Issue #17425: Build with openssl 1.0.0k on Windows. 2013-03-24 22:03:30 +01:00
Gregory P. Smith
a1ed539268 Fixes issue #17488: Change the subprocess.Popen bufsize parameter default value 
from unbuffered (0) to buffering (-1) to match the behavior existing code
expects and match the behavior of the subprocess module in Python 2 to avoid
introducing hard to track down bugs.
 2013-03-23 11:44:25 -07:00
Georg Brandl
b673d99698 Bump to 3.2.4rc1. 2013-03-23 16:02:08 +01:00
Vinay Sajip
68b4cc87cd Issue #17521: Corrected non-enabling of logger following two calls to fileConfig(). 2013-03-23 11:18:45 +00:00
Vinay Sajip
a4cfd60f3d Updated Misc/NEWS with #17508. 2013-03-23 10:57:47 +00:00
doko@ubuntu.com
d5537d071c - Issue #16754: Fix the incorrect shared library extension on linux. Introduce 
two makefile macros SHLIB_SUFFIX and EXT_SUFFIX. SO now has the value of
  SHLIB_SUFFIX again (as in 2.x and 3.1). The SO macro is removed in 3.4.
 2013-03-21 13:21:49 -07:00
R David Murray
d312c740f1 #5713: Handle 421 error codes during sendmail by closing the socket. 
This is a partial fix to the issue of servers disconnecting unexpectedly; in
this case the 421 says they are disconnecting, so we close the socket and
return the 421 in the appropriate error context.

Original patch by Mark Sapiro, updated by Kushal Das, with additional
tests by me.
 2013-03-20 20:36:14 -04:00
Gregory P. Smith
dd35162894 merge heads in 3.2 2013-03-19 15:03:26 -07:00
R David Murray
f5d7cc239e #8862: Fix curses cleanup with getchar is interrupted by a signal. 
I have no idea how one would write a test for this.

Patch by July Tikhonov.
 2013-03-19 16:23:09 -04:00
R David Murray
fcb6d6a3b3 #17443: Fix buffering in IMAP4_stream. 
In Python2 Popen uses *FILE objects, which wind up buffering even though
subprocess defaults to no buffering.  In Python3, subprocess streams really
are unbuffered by default, but the imaplib code assumes read is buffered.  This
patch uses the default buffer size from the io module to get buffered streams
from Popen.

Much debugging work and patch by Diane Trout.

The imap protocol is too complicated to write a test for this simple
change with our current level of test infrastructure.
 2013-03-19 13:52:33 -04:00
R David Murray
9929bc543a #17476: make allmethods actually return all methods. 
This fixes a regression relative to Python2.  (In 2, methods on a class were
unbound methods and matched the inspect queries being done, in 3 they are just
functions and so were missed).

This is an undocumented function that pydoc itself does not use, but
I found that numpy at least uses it in its documentation generator.

Original patch by Matt Bachmann.
 2013-03-19 02:31:06 -04:00
Gregory P. Smith
029273fc90 Fixes issue #17192: Update the ctypes module's libffi to v3.0.13. This 
specifically addresses a stack misalignment issue on x86 and issues on
some more recent platforms.
 2013-03-18 17:11:20 -07:00
R David Murray
a846f5ace8 #17448: Make test_sax skip if there are no xml parsers. 
Patch by Rafael Santos.
 2013-03-18 00:18:12 -04:00
Serhiy Storchaka
a99dfd1ab6 Issue #16389: Fixed an issue number in previos commit. 2013-03-16 22:59:27 +02:00
Serhiy Storchaka
0f606a636a Issue #16564: Fixed a performance regression relative to Python 3.1 in the 
caching of compiled regular expressions.
 2013-03-16 22:52:09 +02:00
Ezio Melotti
c28f6fa505 #11420: make test suite pass with -B/DONTWRITEBYTECODE set. Initial patch by Thomas Wouters. 2013-03-16 19:48:51 +02:00
Terry Jan Reedy
58e1e50be1 typo 2013-03-16 02:53:09 -04:00