summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* [3.6] Fix Zope URL (GH-16880) (GH-16904)Miss Skeleton (bot)2019-10-231-1/+1
| | | | | (cherry picked from commit dfe726b1ace03f206f45253b93ed7610473ae20f) Co-authored-by: Kyle Stanley <aeros167@gmail.com>
* Update doc switcher list for 3.8.0 (GH-16809) (GH-16812)Miss Islington (bot)2019-10-151-1/+1
| | | | | (cherry picked from commit 3f36043db22361500f52634f2b8de49dde0e7da9) Co-authored-by: Ned Deily <nad@python.org>
* Doc: 3.8 is now stable. (GH-16790) (GH-16793)Miss Islington (bot)2019-10-141-1/+1
| | | | | (cherry picked from commit 4504b4500d2a1a80c26b27b0bfff8b624d5ce06c) Co-authored-by: Julien Palard <julien@palard.fr>
* [3.6] bpo-38216, bpo-36274: Allow subclasses to separately override ↵Jason R. Coombs2019-09-283-10/+51
| | | | | | | validation and encoding behavior (GH-16448) (GH-16462) (cherry picked from commit 7774d7831e8809795c64ce27f7df52674581d298) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441)Victor Stinner2019-09-283-1/+21
| | | | | | Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. (cherry picked from commit e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa)
* [3.6] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16410)Benjamin Peterson2019-09-2524-4842/+3973
| | | | Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.. (cherry picked from commit 52b940803860e37bcc3f6096b2d24e7c20a0e807)
* [3.6] bpo-37461: Fix typo (inifite -> infinite) (#15432)GeeTransit2019-08-241-1/+1
|
* bpo-34155: Dont parse domains containing @ (GH-13079) (GH-14826)Miss Islington (bot)2019-08-095-1/+37
| | | | | | | | | | | | | | | | | | | | | | Before: >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses (Address(display_name='', username='a', domain='malicious.org'),) >>> parseaddr('a@malicious.org@important.com') ('', 'a@malicious.org') After: >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses (Address(display_name='', username='', domain=''),) >>> parseaddr('a@malicious.org@important.com') ('', 'a@') https://bugs.python.org/issue34155 (cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9) Co-authored-by: jpic <jpic@users.noreply.github.com>
* bpo-37461: Fix infinite loop in parsing of specially crafted email headers ↵Miss Islington (bot)2019-08-013-0/+12
| | | | | | | | | | | (GH-14794) (GH-14817) Some crafted email header would cause the get_parameter method to run in an infinite loop causing a DoS attack surface when parsing those headers. This patch fixes that by making sure the DQUOTE character is handled to prevent going into an infinite loop. (cherry picked from commit a4a994bd3e619cbaff97610a1cee8ffa87c672f5) Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
* Fix infinite loop in email folding logic (GH-12732) (GH-14799)Miss Islington (bot)2019-07-214-6/+35
| | | | | | | | | | | | | As far as I can tell, this infinite loop would be triggered if: 1. The value being folded contains a single word (no spaces) longer than max_line_length 2. The max_line_length is shorter than the encoding's name + 9 characters. bpo-36564: https://bugs.python.org/issue36564 (cherry picked from commit f69d5c61981ea97d251db515c7ff280fcc17182d) Co-authored-by: Paul Ganssle <pganssle@users.noreply.github.com>
* bpo-37149: Replace dead link for online Tkinter reference (GH-14616)Ned Deily2019-07-081-2/+2
| | | | | | Also fix a name misspelling. Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* Fix 3.6 documentation build for sphinx<1.6 (GH-14576)Anthony Sottile2019-07-031-1/+7
|
* Post release updatesNed Deily2019-07-022-3/+3
|
* 3.6.9v3.6.9Ned Deily2019-07-024-6/+20
|
* bpo-34602: Avoid failures setting macOS stack resource limit (GH-14546) ↵Miss Islington (bot)2019-07-024-16/+16
| | | | | | | | | | | | | | | | | | | | | | (GH-14549) Under some conditions the earlier fix for bpo-18075, "Infinite recursion tests triggering a segfault on Mac OS X", now causes failures on macOS when attempting to change stack limit with resource.setrlimit resource.RLIMIT_STACK, like regrtest does when running the test suite. The reverted change had specified a non-default stack size when linking the python executable on macOS. As of macOS 10.14.4, the previous code causes a hard failure when running tests, although similar failures had been seen under some conditions under some earlier systems. Reverting the change to the interpreter stack size at link time helped for release builds but caused some tests to fail when built --with-pydebug. Try the opposite approach: continue to build the interpreter with an increased stack size on macOS and remove the failing setrlimit call in regrtest initialization. This will definitely avoid the resource.RLIMIT_STACK error and should have no, or fewer, side effects. (cherry picked from commit 5bbbc733e6cc0804f19b071944af8d4719e26ae6) Co-authored-by: Ned Deily <nad@python.org>
* Put pyexpatns.h include back. bpo-37437 (GH-14542)Miss Islington (bot)2019-07-011-0/+4
| | | | | (cherry picked from commit 2cd07920bb7d2d319999394092190f37935dc421) Co-authored-by: Benjamin Peterson <benjamin@python.org>
* bpo-37437: Pass -Wno-unreachable-code when compiling expat. (GH-14470) ↵Miss Islington (bot)2019-06-291-2/+2
| | | | | | | (GH-14472) (cherry picked from commit 95da310078a9364bae9ab3f2ad9c71e34306a70c) Co-authored-by: Benjamin Peterson <benjamin@python.org>
* closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436)Miss Islington (bot)2019-06-277-32/+22
| | | | | (cherry picked from commit 3b03b09fc94425915c5b1225e9200a3a95bc827b) Co-authored-by: Benjamin Peterson <benjamin@python.org>
* Post release updatesNed Deily2019-06-182-3/+3
|
* 3.6.9rc1v3.6.9rc1Ned Deily2019-06-1820-52/+185
|
* bpo-33529, email: Fix infinite loop in email header encoding (GH-12020) ↵Victor Stinner2019-06-174-14/+27
| | | | | (GH-14162) (cherry picked from commit c1f5667be1e3ec5871560c677402c1252c6018a6)
* Doc: Remove an ugly space before a dot. (GH-14123) (GH-14130)Miss Islington (bot)2019-06-161-1/+1
| | | | | (cherry picked from commit 552951563cd5968d25e95306362e41f07d661a88) Co-authored-by: Julien Palard <julien@palard.fr>
* [3.6] Doc: Add an optional obsolete header. (GH-13638). (GH-13657)Julien Palard2019-06-152-0/+20
| | | | | (cherry picked from commit 46ed90dd014010703c7a3b2a61c4927644fa8210) Co-authored-by: Julien Palard <julien@palard.fr>
* [3.6] Doc fix: duplicate object description of email.message (GH-13742) ↵Ned Deily2019-06-131-0/+1
| | | | (GH-14041)
* Stop using deprecated logging API in Sphinx suspicious checker (GH-9875) ↵Miss Islington (bot)2019-06-081-4/+6
| | | | | | | (GH-13923) (cherry picked from commit ee171a26c1169abfae534b08acc0d95c6e45a22a) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
* Doc: Python 3.9 in sidebar and version switcher. (GH-13824) (GH-13827)Miss Islington (bot)2019-06-042-2/+4
| | | | | (cherry picked from commit 59e7bbcaa4d0d556591f774c5ea4869c41fa95b0) Co-authored-by: Julien Palard <julien@palard.fr>
* bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) ↵Miss Islington (bot)2019-06-042-8/+9
| | | | | | | (GH-13814) (cherry picked from commit 8d0ef0b5edeae52960c7ed05ae8a12388324f87e) Co-authored-by: Steve Dower <steve.dower@python.org>
* bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13513)Victor Stinner2019-05-283-1/+22
| | | | | | | | | CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. Co-Authored-By: SH <push0ebp@gmail.com> (cherry picked from commit 0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587) (cherry picked from commit 34bab215596671d0dec2066ae7d7450cd73f638b)
* [3.6] bpo-35925: Skip SSL tests that fail due to weak external certs or old ↵Gregory P. Smith2019-05-283-8/+66
| | | | | | | | | | | | | | | | | | | | | | | TLS (GH-13124) (GH-13252) * [3.6] bpo-35925: Skip SSL tests that fail due to weak external certs. (GH-13124) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue.. (cherry picked from commit 2cc0223f43a1ffd59c887a73e2b0ce5202f3be90) Co-authored-by: Gregory P. Smith <greg@krypto.org> * Also skip ssl tests that fail when the system rejects TLSv1. * Remove the test_httplib change; server was updated. self-signed.pythontest.net was updated so the test_httplib change is no longer necessary.
* bpo-32947: test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-11612)Victor Stinner2019-05-282-0/+16
| | | | | | | Backport partially commit 529525fb5a8fd9b96ab4021311a598c77588b918: complete the previous partial backport (commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826. Co-Authored-By: Christian Heimes <christian@python.org>
* [3.6] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) ↵Gregory P. Smith2019-05-082-14/+33
| | | | | | | | | | | | (GH-13198) We updated the server, our testsuite must match. https://bugs.python.org/issue36816 ✈️ CLE -> DEN ✈️ GH-pycon2019 (cherry picked from commit 6bd81734de0b73f1431880d6a75fb71bcbc65fa1) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* bpo-30458: Disallow control chars in http URLs. (GH-12755) (GH-13155)Miro Hrončok2019-05-084-1/+75
| | | | | | | | | | Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected. Disable https related urllib tests on a build without ssl (GH-13032) These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures. Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044) Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
* bpo-36742: Fixes handling of pre-normalization characters in urlsplit() ↵Miss Islington (bot)2019-05-023-4/+14
| | | | | | | (GH-13017) (GH-13024) (cherry picked from commit d537ab0ff9767ef024f26246899728f0116b1ec3) Co-authored-by: Steve Dower <steve.dower@python.org>
* bpo-9194: Fix the bounds checking in winreg.c's fixupMultiSZ() (GH-12687) ↵Miss Islington (bot)2019-05-021-1/+1
| | | | | | | (GH-12910) (cherry picked from commit 56ed86490cb8221c874d432461d77702437f63e5) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
* bpo-34602: Avoid failures setting macOS stack resource limit (GH-13011) ↵Miss Islington (bot)2019-04-293-12/+3
| | | | | | | | | | | | | | | | | (GH-13014) Under some conditions the earlier fix for bpo-18075, "Infinite recursion tests triggering a segfault on Mac OS X", now causes failures on macOS when attempting to change stack limit with resource.setrlimit resource.RLIMIT_STACK, like regrtest does when running the test suite. The reverted change had specified a non-default stack size when linking the python executable on macOS. As of macOS 10.14.4, the previous code causes a hard failure when running tests, although similar failures had been seen under some conditions under some earlier systems. For now, revert the original change and resume using the default stack size when linking the interpreter. (cherry picked from commit 883dfc668f9730b00928730035b5dbd24b9da2a0) Co-authored-by: Ned Deily <nad@python.org>
* [3.6] bpo-35564: add master_doc='contents' to conf.py (GH-11290). (GH-12461)Julien Palard2019-03-202-0/+3
| | | | | (cherry picked from commit fc8284e22074af8154e9865c8391b955f13a308b) Co-authored-by: Jean-François B <jfbu@free.fr>
* Fix "catchs" typos in NEWS entries (GH-12366)Harmon2019-03-171-2/+2
|
* bpo-36195: Remove the ThreadPoolExecutor documentation mentioning the ↵Harmandeep Singh2019-03-171-6/+0
| | | | initializer feature added in Python 3.7 (GH-12182)
* [3.6] bpo-36216: Add check for characters in netloc that normalize to ↵Steve Dower2019-03-124-0/+61
| | | | separators (GH-12201) (GH-12215)
* bpo-35647: Fix path check in cookiejar (GH-11436) (GH-12268)Miss Islington (bot)2019-03-123-5/+36
| | | Co-authored-by: Xtreak <tir.karthi@gmail.com>
* bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) ↵Miss Islington (bot)2019-03-093-2/+45
| | | | | | | | (GH-12260) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com>
* Document the surprising sideeffect PyErr_Print(). (GH-12081) (GH-12084)Miss Islington (bot)2019-02-271-2/+6
| | | | | (cherry picked from commit 4173772031747a9b249be4100b4aa9eda805ea23) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* bpo-27313: Avoid test_ttk_guionly ComboboxTest fail with macOS Cocoa Tk ↵Miss Islington (bot)2019-02-242-1/+7
| | | | | | | (GH-12011) (GH-12013) (cherry picked from commit aeca373b339e0ea9739536ce6b43bd90f3b89873) Co-authored-by: Ned Deily <nad@python.org>
* bpo-35746: Credit Colin Read and Nicolas Edet (GH-11865)Victor Stinner2019-02-161-1/+2
| | | | Add credit for the cert parser vulnerability. Mention also Cisco TALOS-2018-0758 identifier.
* Doc sidebar: 3.6 has moved to security-fix mode. (GH-11810) (GH-11812)Miss Islington (bot)2019-02-101-1/+1
| | | | | (cherry picked from commit 9db56fb8faaa3cd66e7fe82740a4ae4d786bb27f) Co-authored-by: Julien Palard <julien@palard.fr>
* [3.6] bpo-35605: Fix documentation build for sphinx<1.6 (GH-11368)Anthony Sottile2019-02-033-2/+10
|
* bpo-35486: Note Py3.6 import system API requirement change (GH-11540) (GH-11588)Miss Islington (bot)2019-01-172-1/+13
| | | | | | | | | | | While the introduction of ModuleNotFoundError was fully backwards compatible on the import API consumer side, folks providing alternative implementations of `__import__` need to make an update to be forward compatible with clients that start relying on the new subclass. https://bugs.python.org/issue35486 (cherry picked from commit cee29b46a19116261b083dc803217aa754c7df40) Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
* bpo-35525: Correct the argument name for NNTP.starttls() (GH-11310) (GH-11417)Miss Islington (bot)2019-01-171-2/+2
| | | | | (cherry picked from commit e9a044ec16989bd4b39763c0588c17200a925350) Co-authored-by: Harmandeep Singh <harmandeep3091@gmail.com>
* Make sure file object is close if socket.create_connection fails (GH-11334) ↵Miss Islington (bot)2019-01-171-5/+4
| | | | | | | | (GH-11351) The problem affects _testWithTimeoutTriggeredSend in test_socket.py. (cherry picked from commit 1f511e1af060e98fb789319a96076c06e7f98135) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
* bpo-35601: Alleviate race condition when waiting for SIGALRM in test_asyncio ↵Miss Islington (bot)2019-01-171-1/+3
| | | | | | | | | (GH-11337) (GH-11348) There is a race condition regarding signal delivery in test_signal_handling_args for test_asyncio.test_events.KqueueEventLoopTests. The signal can be received at any moment outside the time window provided in the test. The fix is to wait for the signal to be received instead with a bigger timeout. (cherry picked from commit 5471420faa84519530f29b08f2b042b2288e3e96) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
View Lorry Controller Status