Ned Deily
915a30fb0d
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:06:26 -07:00
Benjamin Peterson
73b8b1cdb8
url unquote the path before checking if it refers to a CGI script ( closes #21766 )
2014-06-14 18:36:29 -07:00
Benjamin Peterson
99b5afab74
in scan_once, prevent the reading of arbitrary memory when passed a negative index
...
Bug reported by Guido Vranken.
2014-04-13 22:10:38 -04:00
Benjamin Peterson
ee5f1c13d1
remove directory mode check from makedirs ( closes #21082 )
2014-04-01 19:13:18 -04:00
Benjamin Peterson
8aef28a5d0
add Ian Beer
2014-03-30 20:33:47 -04:00
Benjamin Peterson
fbf648ebba
complain when nbytes > buflen to fix possible buffer overflow ( closes #20246 )
2014-01-13 22:59:38 -05:00
Antoine Pitrou
f60b7df9f8
Issue #12226 : HTTPS is now used by default when connecting to PyPI.
2013-12-22 01:35:53 +01:00
Georg Brandl
ee7f3fc586
Backout 7d399099334d.
2013-11-04 07:44:29 +01:00
Jason R. Coombs
32bf5e1273
Update NEWS for 265d369ad3b9.
2013-11-02 13:00:01 -04:00
Benjamin Peterson
35aca89617
merge 3.1 ( #19435 )
2013-10-30 12:48:59 -04:00
Benjamin Peterson
04e9de40f3
use the collapsed path in the run_cgi method ( closes #19435 )
2013-10-30 12:43:09 -04:00
R David Murray
8270a2c209
Merge #14984 : On POSIX, enforce permissions when reading default .netrc.
2013-09-17 20:32:54 -04:00
R David Murray
104aab956f
#14984 : On POSIX, enforce permissions when reading default .netrc.
...
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
2013-09-17 20:30:02 -04:00
Georg Brandl
bc75046bb3
Add a NEWS entry for b9b521efeba3.
2013-09-14 09:10:21 +02:00
Georg Brandl
c5884d8930
Add NEWS entry for c18c18774e24.
2013-09-14 09:09:18 +02:00
Antoine Pitrou
86d53cadda
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:56:42 +02:00
Georg Brandl
bfe36ec1f5
Bump to version 3.2.5.
2013-05-12 12:28:20 +02:00
Georg Brandl
c502df4e3e
Issue #17915 : Fix interoperability of xml.sax with file objects returned by
...
codecs.open().
2013-05-12 11:41:12 +02:00
Georg Brandl
93b061bc3e
Issue #1159051 : Back out a fix for handling corrupted gzip files that
...
broke backwards compatibility.
2013-05-12 11:29:27 +02:00
Serhiy Storchaka
a9217a42e6
Issue #17857 : Prevent build failures with pre-3.5.0 versions of sqlite3,
...
such as was shipped with Centos 5 and Mac OS X 10.4.
2013-04-28 14:10:27 +03:00
Georg Brandl
ba2f8be4c6
Issue #17843 : Remove bz2 test data that triggers antivirus warnings.
2013-05-12 11:11:51 +02:00
Georg Brandl
ce654f48aa
Issue #15535 : Fix pickling of named tuples.
2013-05-12 11:09:11 +02:00
Serhiy Storchaka
a6df938fef
Close #17666 : Fix reading gzip files with an extra field.
2013-04-08 22:35:02 +03:00
Gregory P. Smith
cf86d9441e
news entry
2013-04-30 00:57:18 -07:00
Georg Brandl
8bc7e31529
Bump to 3.2.4.
2013-04-06 09:36:20 +02:00
Benjamin Peterson
7684fa8a38
close search and replace dialog after it is used ( closes #17625 )
2013-04-03 22:35:12 -04:00
Christian Heimes
1df04e88ae
Issue 17538: Document XML vulnerabilties
2013-03-26 17:35:55 +01:00
Georg Brandl
4eb5f1a567
merge with main repo 3.2 branch
2013-03-25 06:56:31 +01:00
Martin v. Loewis
5be6d74a0d
Issue #17425 : Build with openssl 1.0.0k on Windows.
2013-03-24 22:03:30 +01:00
Gregory P. Smith
a1ed539268
Fixes issue #17488 : Change the subprocess.Popen bufsize parameter default value
...
from unbuffered (0) to buffering (-1) to match the behavior existing code
expects and match the behavior of the subprocess module in Python 2 to avoid
introducing hard to track down bugs.
2013-03-23 11:44:25 -07:00
Georg Brandl
b673d99698
Bump to 3.2.4rc1.
2013-03-23 16:02:08 +01:00
Vinay Sajip
68b4cc87cd
Issue #17521 : Corrected non-enabling of logger following two calls to fileConfig().
2013-03-23 11:18:45 +00:00
Vinay Sajip
a4cfd60f3d
Updated Misc/NEWS with #17508 .
2013-03-23 10:57:47 +00:00
doko@ubuntu.com
d5537d071c
- Issue #16754 : Fix the incorrect shared library extension on linux. Introduce
...
two makefile macros SHLIB_SUFFIX and EXT_SUFFIX. SO now has the value of
SHLIB_SUFFIX again (as in 2.x and 3.1). The SO macro is removed in 3.4.
2013-03-21 13:21:49 -07:00
R David Murray
d312c740f1
#5713 : Handle 421 error codes during sendmail by closing the socket.
...
This is a partial fix to the issue of servers disconnecting unexpectedly; in
this case the 421 says they are disconnecting, so we close the socket and
return the 421 in the appropriate error context.
Original patch by Mark Sapiro, updated by Kushal Das, with additional
tests by me.
2013-03-20 20:36:14 -04:00
Gregory P. Smith
dd35162894
merge heads in 3.2
2013-03-19 15:03:26 -07:00
R David Murray
f5d7cc239e
#8862 : Fix curses cleanup with getchar is interrupted by a signal.
...
I have no idea how one would write a test for this.
Patch by July Tikhonov.
2013-03-19 16:23:09 -04:00
R David Murray
fcb6d6a3b3
#17443 : Fix buffering in IMAP4_stream.
...
In Python2 Popen uses *FILE objects, which wind up buffering even though
subprocess defaults to no buffering. In Python3, subprocess streams really
are unbuffered by default, but the imaplib code assumes read is buffered. This
patch uses the default buffer size from the io module to get buffered streams
from Popen.
Much debugging work and patch by Diane Trout.
The imap protocol is too complicated to write a test for this simple
change with our current level of test infrastructure.
2013-03-19 13:52:33 -04:00
R David Murray
9929bc543a
#17476 : make allmethods actually return all methods.
...
This fixes a regression relative to Python2. (In 2, methods on a class were
unbound methods and matched the inspect queries being done, in 3 they are just
functions and so were missed).
This is an undocumented function that pydoc itself does not use, but
I found that numpy at least uses it in its documentation generator.
Original patch by Matt Bachmann.
2013-03-19 02:31:06 -04:00
Gregory P. Smith
029273fc90
Fixes issue #17192 : Update the ctypes module's libffi to v3.0.13. This
...
specifically addresses a stack misalignment issue on x86 and issues on
some more recent platforms.
2013-03-18 17:11:20 -07:00
R David Murray
a846f5ace8
#17448 : Make test_sax skip if there are no xml parsers.
...
Patch by Rafael Santos.
2013-03-18 00:18:12 -04:00
Serhiy Storchaka
a99dfd1ab6
Issue #16389 : Fixed an issue number in previos commit.
2013-03-16 22:59:27 +02:00
Serhiy Storchaka
0f606a636a
Issue #16564 : Fixed a performance regression relative to Python 3.1 in the
...
caching of compiled regular expressions.
2013-03-16 22:52:09 +02:00
Ezio Melotti
c28f6fa505
#11420 : make test suite pass with -B/DONTWRITEBYTECODE set. Initial patch by Thomas Wouters.
2013-03-16 19:48:51 +02:00
Terry Jan Reedy
58e1e50be1
typo
2013-03-16 02:53:09 -04:00
Terry Jan Reedy
743c85a32e
Issue # 10652: make tcl/tk tests run after __all__ test, patch by Zachary Ware.
2013-03-16 02:37:06 -04:00
R David Murray
612528d95d
#17431 : Fix missing import of BytesFeedParser in email.parser.
...
Initial patch contributed by Edmond Burnett.
2013-03-15 20:38:15 -04:00
Terry Jan Reedy
4b3975b944
Issue #17047 : Add news entry
2013-03-15 03:33:11 -04:00
Serhiy Storchaka
8ea4616f16
Issue #1285086 : Get rid of the refcounting hack and speed up
...
urllib.parse.unquote() and urllib.parse.unquote_to_bytes().
2013-03-14 21:31:37 +02:00
Ezio Melotti
a7d64a6f4c
#17368 : Fix an off-by-one error in the Python JSON decoder that caused a failure while decoding empty object literals when object_pairs_hook was specified.
2013-03-13 01:52:34 +02:00