Commit Graph

13643 Commits

Author SHA1 Message Date
Georg Brandl b3acaccf27 Transplant of rev 544b654d000c: directory traversal attack in CGIHttpRequestHandler. 2013-11-11 06:10:23 +01:00
Ned Deily 85b8be1ac8 Issue #15663: Revert OS X installer built-in Tcl/Tk support for 3.3.3.
Some third-party projects, such as matplotlib and PIL/Pillow,
depended on being able to build with Tcl and Tk frameworks in
/Library/Frameworks.  They were unable to build with the built-in
Tcl/Tk and/or execute correctly.
2013-11-05 02:44:17 -08:00
Georg Brandl 9b513bf6ca Add news entry for 3.3.3 final. 2013-10-28 08:06:50 +01:00
Georg Brandl 2d34f41bee Bump to 3.3.3rc1. 2013-10-27 09:22:59 +01:00
Georg Brandl 81be27d53e Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
2013-10-27 07:56:11 +01:00
Georg Brandl bf3f8eb960 Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read.  Adapted from patch by Jyrki Pulliainen.
2013-10-27 07:34:48 +01:00
Georg Brandl 28e78414f9 Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
2013-10-27 07:29:47 +01:00
Georg Brandl 7e27abbb39 Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
2013-10-27 07:23:53 +01:00
Georg Brandl 72c98d3a76 Issue #17997: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,
for security reasons.  It now doesn't match multiple wildcards nor wildcards
inside IDN fragments.
2013-10-27 07:16:53 +01:00
Georg Brandl ca580f4ec1 Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit
line length.  Patch by Emil Lind.
2013-10-27 06:52:14 +01:00
Benjamin Peterson 89d8cd943b just return toplevel symbol table rather than all blocks (closes #19393) 2013-10-26 13:13:51 -04:00
Victor Stinner 2ff68dd526 Close #19339: telnetlib module is now using time.monotonic() when available to
compute timeout.
2013-10-26 09:16:29 +02:00
Ned Deily 3d2f68d242 Issue #19400: Prevent extension module build failures with Xcode 5 on OS X
10.8+ when using a universal Python that included a PPC architecture,
such as with a python.org 32-bit-only binary installer.
2013-10-25 16:03:35 -07:00
Brett Cannon 6fd25c39c4 Issue #19392: Document that imp.reload() now relies on __loader__
being defined on top of __name__.
2013-10-25 13:46:15 -04:00
Ned Deily 4b7a023149 Issue #19019: Change the OS X installer build script to use CFLAGS instead
of OPT for special build options.  By setting OPT, some compiler-specific
options like -fwrapv were overridden and thus not used, which could result
in broken interpreters when building with clang.
2013-10-25 00:46:02 -07:00
Ned Deily 5b3582c919 Issue #15663: Tcl/Tk 8.5.15 is now included with the OS X 10.6+
64-bit/32-bit installer for 10.6+.  It is no longer necessary
to install a third-party version of Tcl/Tk 8.5 to work around the
problems in the Apple-supplied Tcl/Tk 8.5 shipped in OS X 10.6
and later releases.
2013-10-25 00:41:46 -07:00
Ned Deily 65657c27fa Issue #1584: Provide options to override default search paths for Tcl and Tk
when building _tkinter.  configure has two new options; if used, both must
be specified:

  ./configure \
      --with-tcltk-includes="-I/opt/local/include" \
      --with-tcltk-libs="-L/opt/local/lib -ltcl8.5 -ltk8.5"

In addition, the options can be overridden with make:

   make \
       TCLTK_INCLUDES="-I/opt/local/include" \
       TCLTK_LIBS="-L/opt/local/lib -ltcl8.6 -ltk8.6"
2013-10-25 00:34:44 -07:00
Serhiy Storchaka 7d6392c517 Issue #19288: Fixed the "in" operator of dbm.gnu databases for string
argument.  Original patch by Arfrever Frehtes Taifersar Arahesis.
2013-10-25 00:06:52 +03:00
Serhiy Storchaka 9da33ab193 Issue #19287: Fixed the "in" operator of dbm.ndbm databases for string
argument.  Original patch by Arfrever Frehtes Taifersar Arahesis.
2013-10-24 23:59:28 +03:00
Serhiy Storchaka be80fc9a84 Issue #19327: Fixed the working of regular expressions with too big charset. 2013-10-24 22:02:58 +03:00
Senthil Kumaran b82a3dc240 Increase the coverage of macurl2path. Patch by Colin Williams. 2013-10-23 21:50:56 -07:00
Antoine Pitrou 09fcb72048 Issue #19356: Avoid using a C variabled named "_self", it's a reserved word in some C compilers. 2013-10-23 19:20:21 +02:00
Antoine Pitrou d5d0bc35ad Issue #19352: Fix unittest discovery when a module can be reached through several paths (e.g. under Debian/Ubuntu with virtualenv). 2013-10-23 19:11:29 +02:00
Antoine Pitrou dde25c4851 Issue #19340: Fix test_sysconfig when Python is built with an empty prefix.
Patch by Sunny K.
2013-10-23 19:07:40 +02:00
Tim Golden 27a856495e Issue #15207: Fix mimetypes to read from correct area in Windows registry (Original patch by Dave Chambers) 2013-10-22 19:27:34 +01:00
Christian Heimes 49e61806f5 Issue #18603: Ensure that PyOS_mystricmp and PyOS_mystrnicmp are in the
Python executable and not removed by the linker's optimizer.
2013-10-22 10:22:29 +02:00
Ezio Melotti f076f53386 #8964: fix platform._sys_version to handle IronPython 2.6+. 2013-10-21 03:03:32 +03:00
Serhiy Storchaka c30b178cbc Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2013-10-20 16:58:27 +03:00
Antoine Pitrou 0abb21884c Issue #18235: Fix the sysconfig variables LDSHARED and BLDSHARED under AIX.
Patch by David Edelsohn.
2013-10-19 22:05:05 +02:00
Serhiy Storchaka 35804e4c63 Issue #19279: UTF-7 decoder no more produces illegal strings. 2013-10-19 20:38:19 +03:00
Serhiy Storchaka 90b41f0281 Remove redundant empty lines. 2013-10-18 17:16:40 +03:00
Serhiy Storchaka d3b750516f Issue #19276: Fixed the wave module on 64-bit big-endian platforms. 2013-10-17 23:04:04 +03:00
Antoine Pitrou 9816a1e643 Issue #14407: Fix unittest test discovery in test_concurrent_futures. 2013-10-15 23:23:32 +02:00
Serhiy Storchaka bfdcd436f0 Issue #18758: Fixed and improved cross-references. 2013-10-13 23:09:14 +03:00
Antoine Pitrou 24201d497c Issue #18776: atexit callbacks now display their full traceback when they raise an exception. 2013-10-13 21:53:13 +02:00
Serhiy Storchaka 8362006132 Merge heads 2013-10-13 18:11:05 +03:00
Serhiy Storchaka 1b80e63d70 Issue #18919: Unified and extended tests for audio modules: aifc, sunau and
wave.
2013-10-13 17:55:07 +03:00
Nick Coghlan 6cb2b5b1e1 Issue #17827: Document codecs.encode and codecs.decode 2013-10-14 00:22:13 +10:00
Ned Deily 5d4121a631 Issue #18458: Prevent crashes with newer versions of libedit. Its readline
emulation has changed from 0-based indexing to 1-based like gnu readline.
Original patch by Ronald Oussoren.
2013-10-12 15:47:58 -07:00
Serhiy Storchaka e23b2d06c7 Issue #18919: If the close() method of a writer in the sunau or wave module
failed, second invocation of close() and destructor no more raise an
exception.
2013-10-12 21:36:10 +03:00
Serhiy Storchaka 4b5325963b Issue #19131: The aifc module now correctly reads and writes sampwidth of
compressed streams.
2013-10-12 18:21:33 +03:00
Tim Peters 3415fa3c6e Repair format of NEWS entry. 2013-10-09 13:27:36 -05:00
Tim Peters cbd4d08880 Issue 19158: a rare race in BoundedSemaphore could allow .release() too often. 2013-10-09 13:19:21 -05:00
Antoine Pitrou 59c900d3bf Fix macro expansion of _PyErr_OCCURRED(), and make sure to use it in at least one place so as to avoid regressions. 2013-10-07 20:38:51 +02:00
Georg Brandl c377fe2b96 Closes #1215: document better why it is not a good idea to catch e.g. SIGSEGV and refer to faulthandler.
Patch by Martin Pool.
2013-10-06 21:22:42 +02:00
Eric Snow 5c4b4c530f [issue19152] Revert 832579dbafd6. 2013-10-03 15:03:29 -06:00
Eric Snow 48b42ecd0f Fix typo. 2013-10-03 14:37:55 -06:00
Eric Snow af8566c847 [issue19152] Add ExtensionFileLoader.get_filename(). 2013-10-03 12:08:55 -06:00
Eric Snow efbc475278 [issue19151] Fix docstring and use of _get_suppported_file_loaders() to reflect 2-tuples. 2013-10-03 12:08:55 -06:00
Antoine Pitrou 60b183407c Issue #19014: memoryview.cast() is now allowed on zero-length views. 2013-10-03 19:55:41 +02:00