Gregory P. Smith
2522771e47
Fixes Issue 14234: fix for the previous commit, keep compilation when
...
using --with-system-expat working when the system expat does not have
salted hash support.
2012-03-14 18:10:37 -07:00
Gregory P. Smith
373c740924
Fixes Issue #14234 : CVE-2012-0876: Randomize hashes of xml attributes
...
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 14:41:00 -07:00
Gregory P. Smith
8e91cf6a5e
Fixes issue #14234 : CVE-2012-0876: Randomize hashes of xml attributes
...
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 14:26:55 -07:00
Benjamin Peterson
2354a7593f
fix indentation
2012-03-13 16:13:09 -05:00
Benjamin Peterson
e48944b69c
keep the buffer object around while we're using it ( closes #14212 )
2012-03-07 14:50:25 -06:00
Stefan Krah
2201ecbbfc
Issue #14125 : backport refleak fix (d4adbf908983).
2012-02-27 17:34:17 +01:00
Éric Araujo
fab976624d
Fix typo in “seperat{or,ion}”
2012-02-26 02:14:08 +01:00
Georg Brandl
7ef825fdab
merge with 3.2
2012-02-21 22:36:37 +01:00
Georg Brandl
c9a42070a6
Remove reST markup from --help output. Also: O(n**2) is dict construction, not single insertion.
2012-02-21 22:36:27 +01:00
Antoine Pitrou
86838b02f0
Fix test failure in test_cmd_line by initializing the hash secret at the earliest point.
2012-02-21 19:03:47 +01:00
Benjamin Peterson
e249dcab7a
merge 3.2
2012-02-21 11:09:13 -05:00
Benjamin Peterson
69e9727657
ensure no one tries to hash things before the random seed is found
2012-02-21 11:08:50 -05:00
Petri Lehtinen
4fe85abab9
sqlite3: Fix 64-bit integer handling in user functions on 32-bit architectures
...
Closes #8033 .
2012-02-21 13:49:50 +02:00
Georg Brandl
09a7c72cad
Merge from 3.1: Issue #13703 : add a way to randomize the hash values of basic types (str, bytes, datetime)
...
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.
The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
2012-02-20 21:31:46 +01:00
Georg Brandl
2daf6ae249
Issue #13703 : add a way to randomize the hash values of basic types (str, bytes, datetime)
...
in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated.
The environment variable PYTHONHASHSEED and the new command line flag -R control this
behavior.
2012-02-20 19:54:16 +01:00
Antoine Pitrou
2f5a163dfc
Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().
2012-02-15 22:25:27 +01:00
Antoine Pitrou
f5f1fe0cb5
Issue #13015 : Fix a possible reference leak in defaultdict.__repr__.
...
Patch by Suman Saha.
2012-02-15 02:42:46 +01:00
Petri Lehtinen
4a84f58143
Issue #10811 : Fix recursive usage of cursors. Instead of crashing, raise a ProgrammingError now.
2012-02-06 22:04:18 +02:00
Charles-François Natali
6d0d24e359
Issue #13817 : After fork(), reinit the ad-hoc TLS implementation earlier to fix
...
a random deadlock when fork() is called in a multithreaded process in debug
mode, and make PyOS_AfterFork() more robust.
2012-02-02 20:31:42 +01:00
Petri Lehtinen
023fe334bb
sqlite3: Handle strings with embedded zeros correctly
...
Closes #13676 .
2012-02-01 22:18:35 +02:00
Gregory P. Smith
ab32066e65
Fix zip_import.c's read_directory() to use appropriate types for the values
...
being read from the header vs the values being used by fseek and ftell
(Py_ssize_t for those) and how they are computed. Py_ssize_t is used for
actual file offsets so that files greater than 2gigs could be supported.
Updates the Py_BuildValue format string to match (including several existing
wrong 'i's that should have been 'l's).
2012-01-30 15:17:33 -08:00
Antoine Pitrou
1334884ff2
Issue #13848 : open() and the FileIO constructor now check for NUL characters in the file name.
...
Patch by Hynek Schlawack.
2012-01-29 18:36:34 +01:00
Antoine Pitrou
75ff65ef96
Issue #13806 : The size check in audioop decompression functions was too strict and could reject valid compressed data.
...
Patch by Oleg Plakhotnyuk.
2012-01-28 22:01:59 +01:00
Antoine Pitrou
3f366314e8
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:50:45 +01:00
Antoine Pitrou
f2bf8a6ac5
Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.
2012-01-27 09:48:47 +01:00
Meador Inge
65992c1c01
- Issue #13840 : Fix ctypes.create_string_buffer exception message and docs.
2012-01-26 08:44:00 -06:00
Benjamin Peterson
7fa5a99b06
merge heads
2012-01-24 09:07:06 -05:00
Antoine Pitrou
5311c1d7ab
Issue #13772 : In os.symlink() under Windows, do not try to guess the link
...
target's type (file or directory). The detection was buggy and made the
call non-atomic (therefore prone to race conditions).
2012-01-24 08:59:28 +01:00
Benjamin Peterson
91eef984fd
fix declaration style
2012-01-22 20:04:46 -05:00
Gregory P. Smith
4842efcf97
Fix FreeBSD, NetBSD and OpenBSD behavior of the issue #8052 fix.
2012-01-21 21:01:24 -08:00
Gregory P. Smith
e9b7cab1da
Another issue #8052 bugfix (related to previous commit).
...
"oops" while rearranging the #defines.
2012-01-21 15:19:11 -08:00
Gregory P. Smith
e3f7848bc5
Bugfix for issue #8052 fix on *BSD variants.
...
Many lack readdir64, use readdir. Only use readdir64 on solaris where
it is required to work around a solaris bug.
2012-01-21 15:16:17 -08:00
Gregory P. Smith
8facece99a
Fixes issue #8052 : The posix subprocess module's close_fds behavior was
...
suboptimal by closing all possible file descriptors rather than just
the open ones in the child process before exec().
It now closes only the open fds when it is possible to safely determine what
those are.
2012-01-21 14:01:08 -08:00
Gregory P. Smith
12fdca59bb
Avoid the compiler warning about the unused return value.
2012-01-21 12:31:25 -08:00
Antoine Pitrou
fc1b6f0078
Fix the _io module leaking references when a sub-interpreter is created.
2012-01-18 16:13:56 +01:00
Ezio Melotti
acd5f7bceb
#13665 : s/string/bytes/ in error message.
2012-01-18 05:42:39 +02:00
Antoine Pitrou
2f828f2c88
Test running of code in a sub-interpreter
...
(prelude to issue #6531 ).
2012-01-18 00:21:11 +01:00
Charles-François Natali
366999a011
Issue #9975 : socket: Fix incorrect use of flowinfo and scope_id. Patch by
...
Vilmos Nebehaj.
2012-01-02 15:47:29 +01:00
Ross Lagerwall
667d75d059
Don't redefine _GNU_SOURCE if it's already defined.
2011-12-22 09:45:53 +02:00
Ross Lagerwall
031bf95d32
Issue #11006 : Don't issue low level warning in subprocess when pipe2() fails.
2011-12-22 09:07:30 +02:00
Victor Stinner
bd206e27a4
Handle correctly _Py_fopen() error: don't replace the exception
2011-12-18 21:04:17 +01:00
Victor Stinner
e83f899364
Issue #13530 : Document os.lseek() result
...
Patch written by Jérémy Anger.
2011-12-17 23:15:09 +01:00
Victor Stinner
136ea49b39
Issue #10951 : Fix a compiler warning in timemodule.c
2011-12-17 22:37:18 +01:00
Victor Stinner
94ba691ed3
main() now displays an error message before exiting if a command line argument
...
cannot be decoded
2011-12-16 23:48:31 +01:00
Antoine Pitrou
c345ce1a69
Issue #10350 : Read and save errno before calling a function which might overwrite it.
...
Original patch by Hallvard B Furuseth.
2011-12-16 12:28:32 +01:00
Charles-François Natali
10db4dec61
Issue #4028 : Make multiprocessing build on SunOS.
2011-12-14 18:39:09 +01:00
Alexandre Vassalotti
3bfc65a25b
Issue #13505 : Make pickling of bytes object compatible with Python 2.
...
Initial patch by sbt.
2011-12-13 13:08:09 -05:00
Florent Xicluna
0e686cbb7d
Fix docstring typo.
2011-12-09 23:41:19 +01:00
Victor Stinner
720f34a3e8
Issue #5905 : time.strftime() is now using the locale encoding, instead of
...
UTF-8, if the wcsftime() function is not available.
2011-12-09 20:19:24 +01:00
Charles-François Natali
6613c18ea2
Issue #13415 : Test in configure if unsetenv() has a return value or not.
2011-11-27 12:41:06 +01:00