Commit Graph

5670 Commits

Author SHA1 Message Date
Gregory P. Smith 99576c04f1 Fixes Issue 14234: fix for the previous commit, keep compilation when
using --with-system-expat working when the system expat does not have
salted hash support.
2012-03-14 18:12:23 -07:00
Gregory P. Smith d0e1a5b241 Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 15:28:10 -07:00
Georg Brandl 66e565ee48 merge with 2.6 2012-02-21 22:38:31 +01:00
Georg Brandl 3aec568e6e Remove reST markup from --help output. Also: O(n**2) is dict construction, not single insertion. 2012-02-21 22:36:27 +01:00
Benjamin Peterson 6647113419 merge 2.6 2012-02-21 15:09:08 -05:00
Benjamin Peterson 4e171d12da don't need this hack anymore 2012-02-21 15:08:51 -05:00
Antoine Pitrou 776af4002b Fix crash at startup with -W options. 2012-02-21 20:42:48 +01:00
Antoine Pitrou cc3fa88a9c Fix crash at startup with -W options. 2012-02-21 20:42:48 +01:00
Barry Warsaw 8757cad394 Backport fix from default branch for ./python -R -Wd where hash('d') would not
have gotten randomized.
2012-02-21 11:16:06 -05:00
Petri Lehtinen 4ab701b2d3 sqlite3: Fix 64-bit integer handling in user functions on 32-bit architectures
Closes #8033.
2012-02-21 14:04:46 +02:00
Benjamin Peterson 9be6c3ddf0 kill interned strings computed before random initialization 2012-02-21 00:40:14 -05:00
Benjamin Peterson aee9dfba4a merge 2.6 with hash randomization fix 2012-02-20 21:44:56 -05:00
Barry Warsaw 1e13eb084f - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
environment variable, to provide an opt-in way to protect against denial of
  service attacks due to hash collisions within the dict and set types.  Patch
  by David Malcolm, based on work by Victor Stinner.
2012-02-20 20:42:21 -05:00
Antoine Pitrou dd7e071b23 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou c39cd783fb Issue #13015: Fix a possible reference leak in defaultdict.__repr__.
Patch by Suman Saha.
2012-02-15 02:42:46 +01:00
Petri Lehtinen c7fd523ac5 Issue #10811: Fix recursive usage of cursors. Instead of crashing, raise a ProgrammingError now. 2012-02-06 22:04:00 +02:00
Charles-François Natali e0e88b0483 Issue #13817: After fork(), reinit the ad-hoc TLS implementation earlier to fix
a random deadlock when fork() is called in a multithreaded process in debug
mode, and make PyOS_AfterFork() more robust.
2012-02-02 19:57:19 +01:00
Petri Lehtinen 0518f470b1 sqlite3: Handle strings with embedded zeros correctly
Closes #13676.
2012-02-01 22:20:13 +02:00
Antoine Pitrou 88c51e8cb1 Issue #13806: The size check in audioop decompression functions was too strict and could reject valid compressed data.
Patch by Oleg Plakhotnyuk.
2012-01-28 22:01:59 +01:00
Antoine Pitrou 374b4ea9da Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:44:08 +01:00
Antoine Pitrou d358e0554b Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:42:45 +01:00
Nadeem Vawda d7664dee0c Issue #13781: Fix GzipFile to work with os.fdopen()'d file objects. 2012-01-19 00:40:46 +02:00
Jesus Cea 2ab4a91f43 Berkeley DB: Erratic behaviour of "DBEnv->rep_elect()" because a typo 2012-01-16 23:57:34 +01:00
Amaury Forgeot d'Arc dee76e627d Issue #13774: json: Fix a SystemError when a bogus encoding is passed to
json.loads().
2012-01-13 22:53:25 +01:00
Charles-François Natali 3aa59e327c Issue #9975: socket: Fix incorrect use of flowinfo and scope_id. Patch by
Vilmos Nebehaj.
2012-01-02 15:38:27 +01:00
Charles-François Natali b275e2d5e5 Issue #4028: Make multiprocessing build on SunOS. 2011-12-14 18:35:55 +01:00
Raymond Hettinger f537702732 Issue #13573: The csv.writer now uses the repr() for floats rather than str(). 2011-12-11 22:31:09 -08:00
Florent Xicluna b918bdc92c Fix docstring typo. 2011-12-09 23:40:27 +01:00
Victor Stinner 9f915d9c20 Issue #13093: Fix _testcapi.unicode_encodedecimal()
_testcapimodule.c is not "ssize_t" safe in Python 2.7: the length argument type
is int, not Py_ssize_t.
2011-11-29 00:53:09 +01:00
Charles-François Natali 93a1175bac Issue #13415: Test in configure if unsetenv() has a return value or not. 2011-11-27 13:01:35 +01:00
Benjamin Peterson 42d96dc07d no python objects to manage here 2011-11-22 23:56:06 -06:00
Benjamin Peterson fde82169e1 plug refleak 2011-11-22 23:12:49 -06:00
Antoine Pitrou aa1c967f93 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
Patch by Robert Xiao.
2011-11-23 01:39:19 +01:00
Victor Stinner 53853c3fa9 Issue #13415: os.unsetenv() doesn't ignore errors anymore. 2011-11-22 22:20:13 +01:00
Victor Stinner 975134e2a2 Issue #13093: Fix error handling on PyUnicode_EncodeDecimal()
Add tests for PyUnicode_EncodeDecimal()
2011-11-22 01:54:19 +01:00
Antoine Pitrou 5aa7df320f Issue #13322: Fix BufferedWriter.write() to ensure that BlockingIOError is
raised when the wrapped raw file is non-blocking and the write would block.
Previous code assumed that the raw write() would raise BlockingIOError, but
RawIOBase.write() is defined to returned None when the call would block.
Patch by sbt.
2011-11-21 20:16:44 +01:00
Florent Xicluna 0965ee213e Issue #2892: preserve iterparse events in case of SyntaxError 2011-11-01 23:34:41 +01:00
Florent Xicluna 67d5d0ed44 Closes #7334: close source files on ElementTree.parse and iterparse (partial backport of issue #10093 from 3.2). 2011-10-29 03:38:56 +02:00
Antoine Pitrou 5a77fe92bd Issue #1548891: The cStringIO.StringIO() constructor now encodes unicode
arguments with the system default encoding just like the write() method
does, instead of converting it to a raw buffer.
2011-10-22 21:26:01 +02:00
Senthil Kumaran d583068e7d Fix Issue 12604 - Use a proper no-op macro expansion for VTRACE macro in _sre.c 2011-10-20 02:13:23 +08:00
Benjamin Peterson a7b0976c3e PyEval_CallObject requires a tuple of args (closes #13186) 2011-10-15 13:43:21 -04:00
Nadeem Vawda 36248154a9 Issue #13159: Replace FileIO's quadratic-time buffer growth algorithm with a linear-time one.
Also fix the builtin file class and the bz2 module, which used the same algorithm.
2011-10-13 13:52:46 +02:00
Charles-François Natali 46180751e9 Merge. 2011-10-12 21:10:02 +02:00
Charles-François Natali 1f3ff7bc3f Issue #13156: revert changeset f6feed6ec3f9, which was only relevant for native
TLS implementations, and fails with the ad-hoc TLS implementation when a thread
doesn't have an auto thread state (e.g. a thread created outside of Python
calling into a subinterpreter).
2011-10-12 21:07:54 +02:00
Charles-François Natali 9ffcbf71a5 Issue #13070: Fix a crash when a TextIOWrapper caught in a reference cycle
would be finalized after the reference to its underlying BufferedRWPair's
writer got cleared by the GC.
2011-10-06 19:09:45 +02:00
Antoine Pitrou 44b3b5457a Remove all other uses of the C tolower()/toupper() which could break with a Turkish locale.
(except in the strop module, which is deprecated anyway)
2011-10-04 13:55:37 +02:00
Antoine Pitrou ace2ccf387 Issue #13099: Fix sqlite3.Cursor.lastrowid under a Turkish locale.
Reported and diagnosed by Thomas Kluyver.
2011-10-04 13:38:04 +02:00
Antoine Pitrou 561a821e93 Issue #7689: Allow pickling of dynamically created classes when their
metaclass is registered with copyreg.  Patch by Nicolas M. Thiéry and
Craig Citro.
2011-10-04 09:34:48 +02:00
Meador Inge ad349a190e Issue #12881: ctypes: Fix segfault with large structure field names. 2011-10-03 21:34:04 -05:00
Antoine Pitrou f06eb46918 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:30:58 +02:00