summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Post-release version bump for 3.4.10.3.43.4Larry Hastings2019-05-071-1/+1
|
* Version bump for 3.4.10.v3.4.10Larry Hastings2019-03-182-5/+24
|
* Blurb release and pydoc-topics for 3.4.10 final.Larry Hastings2019-03-185-88/+12537
|
* Minor doc ReST fixes.Larry Hastings2019-03-184-4/+4
|
* [3.4] bpo-35121: prefix dot in domain for proper subdomain validation ↵Xtreak2019-03-163-2/+45
| | | | | | | | (GH-10258) (#12279) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com>
* bpo-35647: Fix path check in cookiejar (#11436) (#12278)Xtreak2019-03-163-5/+38
| | | | | | | | | | | | | * Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)
* bpo-36216: Add check for characters in netloc that normalize to separators ↵Steve Dower2019-03-104-0/+61
| | | | (GH-12201) (#12224)
* Post-release version bump for 3.4.10rc1.Larry Hastings2019-03-041-1/+1
|
* Version bump & copyright year update for 3.4.10rc1.v3.4.10rc1Larry Hastings2019-03-037-20/+20
|
* PyDoc and blurb updates for 3.4.10rc1.Larry Hastings2019-03-036-12873/+118
|
* [3.4] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) ↵Cheryl Sabella2019-03-032-6/+9
| | | | | | | | | | | | (#12145) Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom is commonly used to select all signals for blocking with `pthread_sigmask`. So we ignore the sigaddset() return value until we expose sigfillset() to provide a better idiom. (cherry picked from commit 25038ec) Co-authored-by: Antoine Pitrou <pitrou@free.fr>
* bpo-34791: xml package obeys ignore env flags (GH-9544) (#11872)Victor Stinner2019-02-253-2/+7
| | | | | | | | The xml.sax and xml.dom.domreg modules now obey sys.flags.ignore_environment. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 223e501fb9c2b6ae21b96054e20c4c31d94a5d96)
* [3.4] bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) ↵Victor Stinner2019-02-251-28/+33
| | | | | | | (#11870) * bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) (cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd)
* bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868)Victor Stinner2019-02-254-0/+52
| | | | | | | | | | | | Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
* [3.4] bpo-34623: Use XML_SetHashSalt in _elementtree (#9953)stratakis2019-02-254-1/+15
| | | | | | | | | | | | | * bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue34623 (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) Co-authored-by: Christian Heimes <christian@python.org>
* Post-release version bump for 3.4.9.Larry Hastings2018-08-021-1/+1
|
* Version bump for 3.4.9 final.v3.4.9Larry Hastings2018-08-022-5/+5
|
* Add Blurb entry for 3.4.9 final.Larry Hastings2018-08-021-0/+8
|
* Post-release version bump for 3.4.9rc1.Larry Hastings2018-07-191-1/+1
|
* Version bump for 3.4.9rc1.v3.4.9rc1Larry Hastings2018-07-192-6/+6
|
* PyDoc and blurb updates for 3.4.9rc1.Larry Hastings2018-07-194-6/+20
|
* [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992)Steve Dower2018-05-143-38/+95
| | | | | | | | * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Skips test to avoid crashing during the test suite * Remove invalid test
* [3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035)Ned Deily2018-03-116-4/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>.
* Post-release bump for Python 3.4.8.Larry Hastings2018-02-041-1/+1
|
* Version bump for 3.4.8.v3.4.8Larry Hastings2018-02-042-5/+5
|
* Finalize blurb archive for 3.4.8 (no new blurbs).Larry Hastings2018-02-041-0/+8
|
* [3.4] [3.5] bpo-32620: Remove failing pyenv call from CI config (GH-5274) ↵larryhastings2018-02-041-0/+1
| | | | | | | | | | | | | | (#5533) * [3.5] Remove failing pyenv call from CI config * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library). (cherry picked from commit 4a4c2743133e195cc3725b78a895d85d69e50089) Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
* Post-release version bump for 3.4.8rc1.Larry Hastings2018-02-041-1/+1
|
* Bump version and copyright year for 3.4.8rc1.v3.4.8rc1Larry Hastings2018-01-237-15/+15
|
* blurb release and pydoc topics for 3.4.8rc1.Larry Hastings2018-01-238-93/+12924
|
* [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) (#4658)Serhiy Storchaka2018-01-223-37/+113
| | | | | | | | | | | | | | * [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) * Fixed saving bytearrays. * Identical objects will be saved only once. * Equal references will be load as identical objects. * Added support for saving and loading recursive data structures.. (cherry picked from commit a897aeeef647259a938a36cb5eb6680c86021c6a) * Fix implementation dependent assertion in test_plistlib. (#4813) It is failed with an advanced optimizer.
* bpo-29572: Update Windows build to OpenSSL 1.0.2k (GH-443) (#3445)Victor Stinner2017-12-084-4/+5
| | | (cherry picked from commit dd2000cbe475da48fdc94e8f05618e9f460077fd)
* bpo-30657: Fix CVE-2017-1000158 (#4758)Miro Hrončok2017-12-083-1/+11
| | | | | Fixes possible integer overflow in PyBytes_DecodeEscape. Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com>
* [3.4] bpo-31170: Fix inclusion of expat in Windows build projects (#3785)Victor Stinner2017-11-297-43/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bpo-31170: Fix inclusion of expat in Windows build projects Co-Authored-By: Steve Dower <steve.dower@microsoft.com> * expat: Fix compilation on Visual Studio 2010 The standard header stdbool.h is not available with old Visual Studio compilers Cherry-picked from libexpat commit b4b89c2ab0cc5325a41360c25ef9d2ccbe617e5c. expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Expat: fix preprocessor defines in VS projects Remove the following defines: * BYTEORDER=1234 * HAVE_MEMMOVE * USE_PYEXPAT_CAPI * XML_CONTEXT_BYTES=1024 * XML_DTD * XML_NS * XML_STATIC * PCbuild/pyexpat.vcxproj: define _CRT_SECURE_NO_WARNINGS
* Backport Doc build venv fixes (#3979)Ned Deily2017-10-122-6/+12
|
* Remove retired and security branches from active docs (#3883)Ned Deily2017-10-032-7/+5
|
* [3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353)Victor Stinner2017-09-2423-153/+1289
| | | | | | | | | | | | | * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat
* bpo-29169: Update zlib to 1.2.11 (#3107)Victor Stinner2017-08-1629-1176/+2106
| | | | | Python 3.4 backport: convert the Misc/NEWS entry using blurb. (cherry picked from commit 34e7e2ecb1741850190e78f42875480693d3537b)
* Post-release bump for 3.4.7 final.Larry Hastings2017-08-091-1/+1
|
* Version bump for 3.4.7 final.v3.4.7Larry Hastings2017-08-092-5/+5
|
* Blurb release and pydoc topics for 3.4.7 final.Larry Hastings2017-08-093-12865/+86
|
* [3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb ↵Ned Deily2017-07-281-1/+13
| | | | | (#2874) (#2926) (cherry picked from commit 3de144890ad3bc50694368a1b33be6d7f3a780b3)
* [3.4] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal ↵Dong-hee Na2017-07-273-1/+9
| | | | command (#1214) (#2893)
* Post-release bump for 3.4.7rc1.Larry Hastings2017-07-251-1/+1
|
* Version bump and copyright year fixes for 3.4.7rc1.v3.4.7rc1Larry Hastings2017-07-234-9/+10
|
* Update pydoc topics and susp-ignored for 3.4.7rc1.Larry Hastings2017-07-232-79/+12864
|
* blurb release for 3.4.7rc1.Larry Hastings2017-07-2310-30/+99
|
* Switch to using blurb to manage Misc/NEWS!Larry Hastings2017-07-2339-10645/+32268
|
* [3.4] Backport CI config from master (#2475)Victor Stinner2017-07-226-15/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Issues #23808, #25911: Trying to fix walk tests on Windows. On Windows a symlink can has the FILE_ATTRIBUTE_DIRECTORY flag. (cherry picked from commit 388b90f28e029daaf06aae8026b596e2f20a1cd3) * bpo-30231: Remove skipped test_imaplib tests (#1419) (#2193) The public cyrus.andrew.cmu.edu IMAP server (port 993) doesn't accept TLS connection using our self-signed x509 certificate. Remove the two tests which are already skipped. (cherry picked from commit 7895a0585b4b6a1c8082d17227307c6ce2c8bb8b) * Backport CI config from master * Add .travis.yml for Travis CI * Add .github/ for AppVeyor and CodeCov. * Travis CI: remove "make regen-all" check The regen-all Makefile rule doesn't exist in Python 3.4, only since Python 3.5 and newer (and 2.7). * appveyor: replace --slowest with --slow * Travis CI: remove the GCC coverage job * Travis CI: remove tzdata resource from regrtest tzdata resource doesn't exist in Python 3.4. * Travis CI: remove the doc job Fixing Sphinx warnings requires to backport huge intrusive changes like: - commit d97b7dc94b19063f0589d401bdc4aaadc7030762 - commit 5c6793394066b012b9674681b0815667938ce4d9 * appveyor: set version to 3.4.6+ * bpo-30730: Fix test_os tests. Fix test_invalid_cmd() and test_invalid_env(), TypeError is raised on Python 3.4. (cherry picked from commit 5e22721e586344b547194f0f7ea67fd425f94e72)
* bpo-30939: Avoid Sphinx deprecation warning in docs build. (#2721) (#2724)Ned Deily2017-07-221-1/+1
| | | (cherry picked from commit 50f58163a69abe2f35e91044d1df165ee7bdbb42)
View Lorry Controller Status