Commit Graph

5911 Commits

Author SHA1 Message Date
Gregory P. Smith 2522771e47 Fixes Issue 14234: fix for the previous commit, keep compilation when
using --with-system-expat working when the system expat does not have
salted hash support.
2012-03-14 18:10:37 -07:00
Gregory P. Smith 373c740924 Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 14:41:00 -07:00
Gregory P. Smith 8e91cf6a5e Fixes issue #14234: CVE-2012-0876: Randomize hashes of xml attributes
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 14:26:55 -07:00
Benjamin Peterson 2354a7593f fix indentation 2012-03-13 16:13:09 -05:00
Benjamin Peterson e48944b69c keep the buffer object around while we're using it (closes #14212) 2012-03-07 14:50:25 -06:00
Stefan Krah 2201ecbbfc Issue #14125: backport refleak fix (d4adbf908983). 2012-02-27 17:34:17 +01:00
Éric Araujo fab976624d Fix typo in “seperat{or,ion}” 2012-02-26 02:14:08 +01:00
Georg Brandl 7ef825fdab merge with 3.2 2012-02-21 22:36:37 +01:00
Georg Brandl c9a42070a6 Remove reST markup from --help output. Also: O(n**2) is dict construction, not single insertion. 2012-02-21 22:36:27 +01:00
Antoine Pitrou 86838b02f0 Fix test failure in test_cmd_line by initializing the hash secret at the earliest point. 2012-02-21 19:03:47 +01:00
Benjamin Peterson e249dcab7a merge 3.2 2012-02-21 11:09:13 -05:00
Benjamin Peterson 69e9727657 ensure no one tries to hash things before the random seed is found 2012-02-21 11:08:50 -05:00
Petri Lehtinen 4fe85abab9 sqlite3: Fix 64-bit integer handling in user functions on 32-bit architectures
Closes #8033.
2012-02-21 13:49:50 +02:00
Georg Brandl 09a7c72cad Merge from 3.1: Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.

The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
2012-02-20 21:31:46 +01:00
Georg Brandl 2daf6ae249 Issue #13703: add a way to randomize the hash values of basic types (str, bytes, datetime)
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.

The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
2012-02-20 19:54:16 +01:00
Antoine Pitrou 2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou f5f1fe0cb5 Issue #13015: Fix a possible reference leak in defaultdict.__repr__.
Patch by Suman Saha.
2012-02-15 02:42:46 +01:00
Petri Lehtinen 4a84f58143 Issue #10811: Fix recursive usage of cursors. Instead of crashing, raise a ProgrammingError now. 2012-02-06 22:04:18 +02:00
Charles-François Natali 6d0d24e359 Issue #13817: After fork(), reinit the ad-hoc TLS implementation earlier to fix
a random deadlock when fork() is called in a multithreaded process in debug
mode, and make PyOS_AfterFork() more robust.
2012-02-02 20:31:42 +01:00
Petri Lehtinen 023fe334bb sqlite3: Handle strings with embedded zeros correctly
Closes #13676.
2012-02-01 22:18:35 +02:00
Gregory P. Smith ab32066e65 Fix zip_import.c's read_directory() to use appropriate types for the values
being read from the header vs the values being used by fseek and ftell
(Py_ssize_t for those) and how they are computed.  Py_ssize_t is used for
actual file offsets so that files greater than 2gigs could be supported.
Updates the Py_BuildValue format string to match (including several existing
wrong 'i's that should have been 'l's).
2012-01-30 15:17:33 -08:00
Antoine Pitrou 1334884ff2 Issue #13848: open() and the FileIO constructor now check for NUL characters in the file name.
Patch by Hynek Schlawack.
2012-01-29 18:36:34 +01:00
Antoine Pitrou 75ff65ef96 Issue #13806: The size check in audioop decompression functions was too strict and could reject valid compressed data.
Patch by Oleg Plakhotnyuk.
2012-01-28 22:01:59 +01:00
Antoine Pitrou 3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Meador Inge 65992c1c01 - Issue #13840: Fix ctypes.create_string_buffer exception message and docs. 2012-01-26 08:44:00 -06:00
Benjamin Peterson 7fa5a99b06 merge heads 2012-01-24 09:07:06 -05:00
Antoine Pitrou 5311c1d7ab Issue #13772: In os.symlink() under Windows, do not try to guess the link
target's type (file or directory).  The detection was buggy and made the
call non-atomic (therefore prone to race conditions).
2012-01-24 08:59:28 +01:00
Benjamin Peterson 91eef984fd fix declaration style 2012-01-22 20:04:46 -05:00
Gregory P. Smith 4842efcf97 Fix FreeBSD, NetBSD and OpenBSD behavior of the issue #8052 fix. 2012-01-21 21:01:24 -08:00
Gregory P. Smith e9b7cab1da Another issue #8052 bugfix (related to previous commit).
"oops" while rearranging the #defines.
2012-01-21 15:19:11 -08:00
Gregory P. Smith e3f7848bc5 Bugfix for issue #8052 fix on *BSD variants.
Many lack readdir64, use readdir.  Only use readdir64 on solaris where
it is required to work around a solaris bug.
2012-01-21 15:16:17 -08:00
Gregory P. Smith 8facece99a Fixes issue #8052: The posix subprocess module's close_fds behavior was
suboptimal by closing all possible file descriptors rather than just
the open ones in the child process before exec().

It now closes only the open fds when it is possible to safely determine what
those are.
2012-01-21 14:01:08 -08:00
Gregory P. Smith 12fdca59bb Avoid the compiler warning about the unused return value. 2012-01-21 12:31:25 -08:00
Antoine Pitrou fc1b6f0078 Fix the _io module leaking references when a sub-interpreter is created. 2012-01-18 16:13:56 +01:00
Ezio Melotti acd5f7bceb #13665: s/string/bytes/ in error message. 2012-01-18 05:42:39 +02:00
Antoine Pitrou 2f828f2c88 Test running of code in a sub-interpreter
(prelude to issue #6531).
2012-01-18 00:21:11 +01:00
Charles-François Natali 366999a011 Issue #9975: socket: Fix incorrect use of flowinfo and scope_id. Patch by
Vilmos Nebehaj.
2012-01-02 15:47:29 +01:00
Ross Lagerwall 667d75d059 Don't redefine _GNU_SOURCE if it's already defined. 2011-12-22 09:45:53 +02:00
Ross Lagerwall 031bf95d32 Issue #11006: Don't issue low level warning in subprocess when pipe2() fails. 2011-12-22 09:07:30 +02:00
Victor Stinner bd206e27a4 Handle correctly _Py_fopen() error: don't replace the exception 2011-12-18 21:04:17 +01:00
Victor Stinner e83f899364 Issue #13530: Document os.lseek() result
Patch written by Jérémy Anger.
2011-12-17 23:15:09 +01:00
Victor Stinner 136ea49b39 Issue #10951: Fix a compiler warning in timemodule.c 2011-12-17 22:37:18 +01:00
Victor Stinner 94ba691ed3 main() now displays an error message before exiting if a command line argument
cannot be decoded
2011-12-16 23:48:31 +01:00
Antoine Pitrou c345ce1a69 Issue #10350: Read and save errno before calling a function which might overwrite it.
Original patch by Hallvard B Furuseth.
2011-12-16 12:28:32 +01:00
Charles-François Natali 10db4dec61 Issue #4028: Make multiprocessing build on SunOS. 2011-12-14 18:39:09 +01:00
Alexandre Vassalotti 3bfc65a25b Issue #13505: Make pickling of bytes object compatible with Python 2.
Initial patch by sbt.
2011-12-13 13:08:09 -05:00
Florent Xicluna 0e686cbb7d Fix docstring typo. 2011-12-09 23:41:19 +01:00
Victor Stinner 720f34a3e8 Issue #5905: time.strftime() is now using the locale encoding, instead of
UTF-8, if the wcsftime() function is not available.
2011-12-09 20:19:24 +01:00
Charles-François Natali 6613c18ea2 Issue #13415: Test in configure if unsetenv() has a return value or not. 2011-11-27 12:41:06 +01:00