* "Return true/false" is replaced with "Return ``True``/``False``"
if the function actually returns a bool.
* Fixed formatting of some True and False literals (now in monospace).
* Replaced "True/False" with "true/false" if it can be not only bool.
* Replaced some 1/0 with True/False if it corresponds the code.
* "Returns <bool>" is replaced with "Return <bool>".
* Prevent low-grade poplib REDOS (CVE-2018-1060)
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.
Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.
A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.
Replace it with a similar non-vulnerable regex.
The new regex is RFC compliant.
The old regex was non-compliant in edge cases.
* Prevent difflib REDOS (CVE-2018-1061)
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.
Also introduce unit and REDOS tests for difflib.
Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>
This changes the main documentation, doc strings, source code comments, and a
couple error messages in the test suite. In some cases the word was removed
or edited some other way to fix the grammar.
Raise PendingDeprecationWarning when generator raises StopIteration
and no __future__ import is used. Fix offenders in the stdlib
and tests.
See also issue 22906.
Thanks to Nick Coghlan and Berker Peksag for reviews.
Some applications (e.g. traditional Unix diff, version control
systems) neither know nor care about the encodings of the files they
are comparing. They are textual, but to the diff utility they are just
bytes. This worked fine under Python 2, because all of the hardcoded
strings in difflib.py are ASCII, so could safely be combined with
old-style u'' strings. But it stopped working in 3.x.
The solution is to use surrogate escapes for a lossless
bytes->str->bytes roundtrip. That means {unified,context}_diff() can
continue to just handle strings without worrying about bytes. Callers
who have to deal with bytes will need to change to using diff_bytes().
Use case: Mercurial's test runner uses difflib to compare current hg
output with known good output. But Mercurial's output is just bytes,
since it can contain:
* file contents (arbitrary unknown encoding)
* filenames (arbitrary unknown encoding)
* usernames and commit messages (usually UTF-8, but not guaranteed
because old versions of Mercurial did not enforce it)
* user messages (locale encoding)
Since the output of any given hg command can include text in multiple
encodings, it is hopeless to try to treat it as decodable Unicode
text. It's just bytes, all the way down.
This is an elaboration of a patch by Terry Reedy.
requires them. Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface. Fixed
shebang lines in the unittestgui and checkpip scripts.
requires them. Disable executable bits and shebang lines in test and
benchmark files in order to prevent using a random system python, and in
source files of modules which don't provide command line interface. Fixed
shebang line to use python3 executable in the unittestgui script.
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80004 | r.david.murray | 2010-04-12 12:35:19 -0400 (Mon, 12 Apr 2010) | 13 lines
Issue #7585: use tab between components in unified and context diff headers.
Instead of spaces between the filename and date (or whatever the string
is that follows the filename, if any) use tabs. This is what the unix
'diff' command does, for example, and difflib was intended to follow
the 'standard' way of doing diffs. This improves compatibility with
patch tools. The docs and examples are also changed to recommended that
the date format used be the ISO 8601 format, which is what modern diff
tools emit by default.
Patch by Anatoly Techtonik.
........
svn+ssh://pythondev@svn.python.org/python/trunk
........
r59887 | neal.norwitz | 2008-01-10 06:42:58 +0100 (Thu, 10 Jan 2008) | 1 line
Reword entry, not sure I made it much better though.
........
r59888 | andrew.kuchling | 2008-01-10 14:37:12 +0100 (Thu, 10 Jan 2008) | 1 line
Check for fd of -1 to save fsync() and fstat() call
........
r59891 | thomas.heller | 2008-01-10 19:45:40 +0100 (Thu, 10 Jan 2008) | 1 line
Reflow a paragraph, and fix a typo.
........
r59892 | raymond.hettinger | 2008-01-10 20:15:10 +0100 (Thu, 10 Jan 2008) | 1 line
Examples for named tuple subclassing should include __slots__
........
r59895 | raymond.hettinger | 2008-01-10 21:37:12 +0100 (Thu, 10 Jan 2008) | 1 line
Clarify how to add a field to a named tuple.
........
r59896 | amaury.forgeotdarc | 2008-01-10 22:59:42 +0100 (Thu, 10 Jan 2008) | 12 lines
Closing issue1761.
Surprising behaviour of the "$" regexp: it matches the
end of the string, AND just before the newline at the end
of the string::
re.sub('$', '#', 'foo\n') == 'foo#\n#'
Python is consistent with Perl and the pcre library, so
we just document it.
Guido prefers "\Z" to match only the end of the string.
........
r59898 | raymond.hettinger | 2008-01-11 00:00:01 +0100 (Fri, 11 Jan 2008) | 1 line
Neaten-up the named tuple docs
........
r59900 | raymond.hettinger | 2008-01-11 01:23:13 +0100 (Fri, 11 Jan 2008) | 1 line
Run doctests on the collections module
........
r59903 | raymond.hettinger | 2008-01-11 02:25:54 +0100 (Fri, 11 Jan 2008) | 1 line
Doctest results return a named tuple for readability
........
r59904 | raymond.hettinger | 2008-01-11 03:12:33 +0100 (Fri, 11 Jan 2008) | 1 line
Comment-out missing constant (from rev 59819)
........
r59905 | raymond.hettinger | 2008-01-11 03:24:13 +0100 (Fri, 11 Jan 2008) | 1 line
Have Decimal.as_tuple return a named tuple.
........
r59906 | raymond.hettinger | 2008-01-11 04:04:50 +0100 (Fri, 11 Jan 2008) | 1 line
Let most inspect functions return named tuples
........
r59907 | raymond.hettinger | 2008-01-11 04:20:54 +0100 (Fri, 11 Jan 2008) | 1 line
Improve usability of the SequenceMatcher by returning named tuples describing match ranges.
........
r59909 | thomas.heller | 2008-01-11 09:04:03 +0100 (Fri, 11 Jan 2008) | 1 line
Add an important missing blank.
........
r59910 | georg.brandl | 2008-01-11 10:19:11 +0100 (Fri, 11 Jan 2008) | 2 lines
Guard definition of TIPC_SUB_CANCEL with an #ifdef.
........
r59911 | georg.brandl | 2008-01-11 10:20:58 +0100 (Fri, 11 Jan 2008) | 2 lines
News entries for rev. 5990[567].
........
r59912 | georg.brandl | 2008-01-11 10:55:53 +0100 (Fri, 11 Jan 2008) | 2 lines
Documentation for r5990[3567].
........
r59913 | thomas.heller | 2008-01-11 13:41:39 +0100 (Fri, 11 Jan 2008) | 4 lines
The sqlite3 dll, when compiled in debug mode, must be linked with /MDd
to use the debug runtime library. Further, the dll will be named
sqlite3_d.dll.
........
r59919 | thomas.heller | 2008-01-11 16:38:46 +0100 (Fri, 11 Jan 2008) | 6 lines
Revert revision 59913, because it was wrong:
The sqlite3 dll, when compiled in debug mode, must be linked with
/MDd to use the debug runtime library. Further, the dll will be
named sqlite3_d.dll.
........
r59920 | christian.heimes | 2008-01-11 16:42:29 +0100 (Fri, 11 Jan 2008) | 1 line
Removed unused variable
........
Simon de Vlieger
Christian Clauss
Nikita Sobolev
lrjball
Ethan Smith
Serhiy Storchaka
Anthony Sottile
Xtreak
Raymond Hettinger
Jamie Davis
R David Murray
Martin Panter
Yury Selivanov
Greg Ward
Berker Peksag
Raymond Hettinger
Victor Stinner
Andrew Kuchling
Ezio Melotti
Terry Jan Reedy
Philip Jenvey
Florent Xicluna
Benjamin Peterson
Senthil Kumaran
Mark Dickinson
Christian Heimes