Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
86,928 Commits 6 Branches 593 Tags 2.5 GiB
Commit Graph

16353 Commits

Author SHA1 Message Date
Larry Hastings d12551fe71 Version bump for 3.4.6rc1. 2017-01-01 22:12:36 -08:00
Serhiy Storchaka 84293aff9f Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X 
when decode astral characters.
 2016-11-12 14:29:48 +02:00
Serhiy Storchaka b626643734 Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X 
when decode astral characters.
 2016-11-12 14:28:06 +02:00
Serhiy Storchaka 1c3fdd900d Issue #28563: Fixed possible DoS and arbitrary code execution when handle 
plural form selections in the gettext module.  The expression parser now
supports exact syntax supported by GNU gettext.
 2016-11-08 21:20:09 +02:00
Serhiy Storchaka 07bcf05fcf Issue #28563: Fixed possible DoS and arbitrary code execution when handle 
plural form selections in the gettext module.  The expression parser now
supports exact syntax supported by GNU gettext.
 2016-11-08 21:17:46 +02:00
Serhiy Storchaka 77eede35fc Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug build. 2016-10-25 10:07:51 +03:00
Zachary Ware 068534ab03 Issue #28248: Update Windows build to use OpenSSL 1.0.2j 2016-10-10 21:57:20 -05:00
Yury Selivanov cb9424f643 Issue #27759: Fix selectors incorrectly retain invalid file descriptors. 
(Backported to 3.4 as this bug might be exploited to for DoS)
 2016-10-06 14:03:03 -04:00
Berker Peksag d751040b1a Issue #26171: Prevent buffer overflow in get_data 
Backport of 01ddd608b85c.
 2016-09-14 08:37:28 +03:00
Jason R. Coombs 79ae9671ff Issue #12885: Revert commits in 3.4 branch which is security-only fixes. 2016-09-01 23:27:45 -04:00
Jason R. Coombs 6f5d3fd4d1 Issue #12885: Correct issue reference in NEWS 2016-09-01 22:08:25 -04:00
Jason R. Coombs 97eda155f8 Issue #12285: Update NEWS 2016-09-01 21:12:17 -04:00
Benjamin Peterson 1f0e7c9933 rearrange methodcaller_new so that the main error case does not cause uninitialized memory usage (closes #27783) 2016-08-16 23:35:35 -07:00
Benjamin Peterson 3a27b0857e do not decref value borrowed from list (closes #27774) 2016-08-15 22:01:41 -07:00
Benjamin Peterson 4f976513ef fix possible integer overflow in binascii.b2a_qp (closes #27760) 
Reported by Thomas E. Hybel
 2016-08-13 18:33:33 -07:00
Benjamin Peterson 6e01d90cc8 check for overflow in join_append_data (closes #27758) 
Reported by Thomas E. Hybel
 2016-08-13 17:17:06 -07:00
Senthil Kumaran 4cbb23f8f2 Prevent HTTPoxy attack (CVE-2016-1000110) 
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
 2016-07-30 23:24:16 -07:00
Martin Panter d27a7c1f22 Issue #27369: Merge test_pyexpat from 3.2 into 3.3 2016-07-14 01:42:53 +00:00
Martin Panter 076ca6c3c8 Issue #27369: Don’t test error message detail that changed in Expat 2.2.0 2016-07-14 01:31:46 +00:00
Martin Panter 2cdcaf1353 Issue #22758: Move NEWS entry to Library section 2016-07-14 01:17:03 +00:00
R David Murray 5f21f43af7 #22758: fix regression in handling of secure cookies. 
This backports the fix from #16611, per discussion with the release
manager.
 2016-07-10 13:32:43 -04:00
Martin Panter 3d81d93f34 Issue #25940: Use self-signed.pythontest.net in SSL tests 
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.

The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).

Added the new self-signed certificate to capath with the following commands:

cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0}

The new server responds with "No route to host" when connecting to port 444.
 2016-01-14 09:36:00 +00:00
Serhiy Storchaka 31b9410654 Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache. 2015-12-03 01:02:03 +02:00
Martin Panter 73f55076f6 Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3 2016-01-14 12:21:02 +00:00
Benjamin Peterson 14b2c82855 fix reordering 2015-12-05 00:27:11 -08:00
Benjamin Peterson 2deaea3119 merge 3.2 2015-12-05 00:21:12 -08:00
Benjamin Peterson 5e621176c4 add CVE and issue number 2015-12-05 00:17:57 -08:00
Benjamin Peterson a12d92bec1 merge 3.3 (#27783) 2016-08-16 23:36:20 -07:00
Benjamin Peterson 10bc0f6edf merge 3.3 (#27774) 2016-08-15 22:03:44 -07:00
Benjamin Peterson 432ea4ff37 fail when negative values are passed to instr() 2016-08-15 21:40:14 -07:00
Benjamin Peterson 5295532adb merge 3.3 (closes #27760) 2016-08-13 18:36:55 -07:00
Benjamin Peterson 40a77c3381 do not allow reading negative values with getstr() 2016-08-13 18:15:28 -07:00
Benjamin Peterson 59b6abd38c merge 3.3 (#27758) 2016-08-13 17:21:22 -07:00
Senthil Kumaran 436fe5a447 [merge from 3.3] Prevent HTTPoxy attack (CVE-2016-1000110) 
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
 2016-07-30 23:34:34 -07:00
Martin Panter b7b5d35545 Issue #27369: Merge test_pyexpat from 3.3 into 3.4 2016-07-14 02:09:17 +00:00
Larry Hastings ea684921c2 Post-release fixups for Python 3.4.5. 2016-06-26 19:41:21 -07:00
Larry Hastings 98be9d500e Version bump for 3.4.5 final. 2016-06-25 14:44:30 -07:00
Larry Hastings 463c3f3eef Release bump for 3.4.5rc1. 2016-06-11 22:24:03 -07:00
Benjamin Peterson 196d7db395 upgrade expt to 2.1.1 (closes #26556) 2016-06-11 13:28:56 -07:00
Benjamin Peterson 46b32f307c raise an error when STARTTLS fails 2016-06-11 13:16:42 -07:00
Guido van Rossum 3d4d01f614 Back out 7e9605697dfc, 2e3c31ab586a, 759b2cecc289. 
These added a path attribute to pathlib.Path objects, and docs.
Instead, we're going to use PEP 519.

(Starting in the 3.4 branch and merging forward from there since that's what I did originally.)
 2016-05-19 13:00:21 -07:00
Benjamin Peterson b9869dfe35 remove useless $ keyword (closes #17167) 2016-03-21 22:31:02 -07:00
Benjamin Peterson f11b25b081 properly use the ObjArgs variant of CallMethod in dictview binary operations (closes #26478) 2016-03-03 22:05:36 -08:00
Ezio Melotti 90ba2ca68a #26246: update copybutton.js after JQuery update. Patch by Liang-Bo Wang. 2016-02-27 08:39:36 +02:00
Benjamin Peterson 9491272751 open the cert store readonly 
Patch from Chi Hsuan Yen.
 2016-02-17 22:13:19 -08:00
Benjamin Peterson c4032da201 prevent buffer overflow in get_data (closes #26171) 2016-01-20 22:23:44 -08:00
Martin Panter 514bb0711f Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4 2016-01-14 12:46:49 +00:00
Yury Selivanov d9d0e864b9 Issue #26050: Add asyncio.StreamReader.readuntil() method. 
Patch by Марк Коренберг.
 2016-01-11 12:28:19 -05:00
Andrew Svetlov c07b16b40f Sync with asyncio repo 2016-01-11 08:42:49 +02:00
Guido van Rossum e428231539 Issue #22570: Add 'path' attribute to pathlib.Path objects. 2016-01-06 11:01:42 -08:00