Commit Graph

6633 Commits

Author SHA1 Message Date
Ned Deily 915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435.  Patch by Zach Byrne.
2014-07-12 22:06:26 -07:00
Benjamin Peterson 73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
Benjamin Peterson 99b5afab74 in scan_once, prevent the reading of arbitrary memory when passed a negative index
Bug reported by Guido Vranken.
2014-04-13 22:10:38 -04:00
Benjamin Peterson ee5f1c13d1 remove directory mode check from makedirs (closes #21082) 2014-04-01 19:13:18 -04:00
Benjamin Peterson 8aef28a5d0 add Ian Beer 2014-03-30 20:33:47 -04:00
Benjamin Peterson fbf648ebba complain when nbytes > buflen to fix possible buffer overflow (closes #20246) 2014-01-13 22:59:38 -05:00
Antoine Pitrou f60b7df9f8 Issue #12226: HTTPS is now used by default when connecting to PyPI. 2013-12-22 01:35:53 +01:00
Georg Brandl ee7f3fc586 Backout 7d399099334d. 2013-11-04 07:44:29 +01:00
Jason R. Coombs 32bf5e1273 Update NEWS for 265d369ad3b9. 2013-11-02 13:00:01 -04:00
Benjamin Peterson 35aca89617 merge 3.1 (#19435) 2013-10-30 12:48:59 -04:00
Benjamin Peterson 04e9de40f3 use the collapsed path in the run_cgi method (closes #19435) 2013-10-30 12:43:09 -04:00
R David Murray 8270a2c209 Merge #14984: On POSIX, enforce permissions when reading default .netrc. 2013-09-17 20:32:54 -04:00
R David Murray 104aab956f #14984: On POSIX, enforce permissions when reading default .netrc.
Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.
2013-09-17 20:30:02 -04:00
Georg Brandl bc75046bb3 Add a NEWS entry for b9b521efeba3. 2013-09-14 09:10:21 +02:00
Georg Brandl c5884d8930 Add NEWS entry for c18c18774e24. 2013-09-14 09:09:18 +02:00
Antoine Pitrou 86d53cadda Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Georg Brandl bfe36ec1f5 Bump to version 3.2.5. 2013-05-12 12:28:20 +02:00
Georg Brandl c502df4e3e Issue #17915: Fix interoperability of xml.sax with file objects returned by
codecs.open().
2013-05-12 11:41:12 +02:00
Georg Brandl 93b061bc3e Issue #1159051: Back out a fix for handling corrupted gzip files that
broke backwards compatibility.
2013-05-12 11:29:27 +02:00
Serhiy Storchaka a9217a42e6 Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3,
such as was shipped with Centos 5 and Mac OS X 10.4.
2013-04-28 14:10:27 +03:00
Georg Brandl ba2f8be4c6 Issue #17843: Remove bz2 test data that triggers antivirus warnings. 2013-05-12 11:11:51 +02:00
Georg Brandl ce654f48aa Issue #15535: Fix pickling of named tuples. 2013-05-12 11:09:11 +02:00
Serhiy Storchaka a6df938fef Close #17666: Fix reading gzip files with an extra field. 2013-04-08 22:35:02 +03:00
Gregory P. Smith cf86d9441e news entry 2013-04-30 00:57:18 -07:00
Georg Brandl 8bc7e31529 Bump to 3.2.4. 2013-04-06 09:36:20 +02:00
Benjamin Peterson 7684fa8a38 close search and replace dialog after it is used (closes #17625) 2013-04-03 22:35:12 -04:00
Christian Heimes 1df04e88ae Issue 17538: Document XML vulnerabilties 2013-03-26 17:35:55 +01:00
Georg Brandl 4eb5f1a567 merge with main repo 3.2 branch 2013-03-25 06:56:31 +01:00
Martin v. Loewis 5be6d74a0d Issue #17425: Build with openssl 1.0.0k on Windows. 2013-03-24 22:03:30 +01:00
Gregory P. Smith a1ed539268 Fixes issue #17488: Change the subprocess.Popen bufsize parameter default value
from unbuffered (0) to buffering (-1) to match the behavior existing code
expects and match the behavior of the subprocess module in Python 2 to avoid
introducing hard to track down bugs.
2013-03-23 11:44:25 -07:00
Georg Brandl b673d99698 Bump to 3.2.4rc1. 2013-03-23 16:02:08 +01:00
Vinay Sajip 68b4cc87cd Issue #17521: Corrected non-enabling of logger following two calls to fileConfig(). 2013-03-23 11:18:45 +00:00
Vinay Sajip a4cfd60f3d Updated Misc/NEWS with #17508. 2013-03-23 10:57:47 +00:00
doko@ubuntu.com d5537d071c - Issue #16754: Fix the incorrect shared library extension on linux. Introduce
two makefile macros SHLIB_SUFFIX and EXT_SUFFIX. SO now has the value of
  SHLIB_SUFFIX again (as in 2.x and 3.1). The SO macro is removed in 3.4.
2013-03-21 13:21:49 -07:00
R David Murray d312c740f1 #5713: Handle 421 error codes during sendmail by closing the socket.
This is a partial fix to the issue of servers disconnecting unexpectedly; in
this case the 421 says they are disconnecting, so we close the socket and
return the 421 in the appropriate error context.

Original patch by Mark Sapiro, updated by Kushal Das, with additional
tests by me.
2013-03-20 20:36:14 -04:00
Gregory P. Smith dd35162894 merge heads in 3.2 2013-03-19 15:03:26 -07:00
R David Murray f5d7cc239e #8862: Fix curses cleanup with getchar is interrupted by a signal.
I have no idea how one would write a test for this.

Patch by July Tikhonov.
2013-03-19 16:23:09 -04:00
R David Murray fcb6d6a3b3 #17443: Fix buffering in IMAP4_stream.
In Python2 Popen uses *FILE objects, which wind up buffering even though
subprocess defaults to no buffering.  In Python3, subprocess streams really
are unbuffered by default, but the imaplib code assumes read is buffered.  This
patch uses the default buffer size from the io module to get buffered streams
from Popen.

Much debugging work and patch by Diane Trout.

The imap protocol is too complicated to write a test for this simple
change with our current level of test infrastructure.
2013-03-19 13:52:33 -04:00
R David Murray 9929bc543a #17476: make allmethods actually return all methods.
This fixes a regression relative to Python2.  (In 2, methods on a class were
unbound methods and matched the inspect queries being done, in 3 they are just
functions and so were missed).

This is an undocumented function that pydoc itself does not use, but
I found that numpy at least uses it in its documentation generator.

Original patch by Matt Bachmann.
2013-03-19 02:31:06 -04:00
Gregory P. Smith 029273fc90 Fixes issue #17192: Update the ctypes module's libffi to v3.0.13. This
specifically addresses a stack misalignment issue on x86 and issues on
some more recent platforms.
2013-03-18 17:11:20 -07:00
R David Murray a846f5ace8 #17448: Make test_sax skip if there are no xml parsers.
Patch by Rafael Santos.
2013-03-18 00:18:12 -04:00
Serhiy Storchaka a99dfd1ab6 Issue #16389: Fixed an issue number in previos commit. 2013-03-16 22:59:27 +02:00
Serhiy Storchaka 0f606a636a Issue #16564: Fixed a performance regression relative to Python 3.1 in the
caching of compiled regular expressions.
2013-03-16 22:52:09 +02:00
Ezio Melotti c28f6fa505 #11420: make test suite pass with -B/DONTWRITEBYTECODE set. Initial patch by Thomas Wouters. 2013-03-16 19:48:51 +02:00
Terry Jan Reedy 58e1e50be1 typo 2013-03-16 02:53:09 -04:00
Terry Jan Reedy 743c85a32e Issue # 10652: make tcl/tk tests run after __all__ test, patch by Zachary Ware. 2013-03-16 02:37:06 -04:00
R David Murray 612528d95d #17431: Fix missing import of BytesFeedParser in email.parser.
Initial patch contributed by Edmond Burnett.
2013-03-15 20:38:15 -04:00
Terry Jan Reedy 4b3975b944 Issue #17047: Add news entry 2013-03-15 03:33:11 -04:00
Serhiy Storchaka 8ea4616f16 Issue #1285086: Get rid of the refcounting hack and speed up
urllib.parse.unquote() and urllib.parse.unquote_to_bytes().
2013-03-14 21:31:37 +02:00
Ezio Melotti a7d64a6f4c #17368: Fix an off-by-one error in the Python JSON decoder that caused a failure while decoding empty object literals when object_pairs_hook was specified. 2013-03-13 01:52:34 +02:00