traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
68,963 Commits 9 Branches 456 Tags 1.7 GiB
Commit Graph

5351 Commits

Author SHA1 Message Date
Benjamin Peterson 4e9cefaf86 add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) 2014-12-05 20:15:15 -05:00
Georg Brandl b3ac84322f #16040: fix unlimited read from connection in nntplib. 2014-10-12 08:50:11 +02:00
Georg Brandl e800a0e1c2 Bump to 3.2.6rc1 2014-10-04 14:15:42 +02:00
Georg Brandl ff3e5e3779 Fix unicode_aswidechar() for 4b unicode and 2b wchar_t (AIX). 2014-10-01 19:15:11 +02:00
Georg Brandl 51c116223e Issue #19855: uuid.getnode() on Unix now looks on the PATH for the 
executables used to find the mac address, with /sbin and /usr/sbin as
fallbacks.

Issue #11508: Fixed uuid.getnode() and uuid.uuid1() on environment with
virtual interface.  Original patch by Kent Frazier.

Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL,
if all necessary functions are already found in libuuid.
Patch by Evgeny Sologubov.

Issue #16102: Make uuid._netbios_getnode() work again on Python 3.
 2014-09-30 19:34:19 +02:00
Ned Deily e558181660 Issue #20939: Use www.example.com instead of www.python.org to avoid test 
failures when ssl is not present.
 2014-03-26 23:31:39 -07:00
Georg Brandl fd9262cf2a Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit 
line length.  Patch by Emil Lind.
 2014-09-30 16:00:09 +02:00
Georg Brandl 0840b41582 Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces. 2014-09-17 13:17:58 +08:00
Antoine Pitrou dad182c16e Lax cookie parsing in http.cookies could be a security issue when combined 
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
 2014-09-17 00:23:55 +02:00
Georg Brandl 860c367c29 Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
 2014-09-30 14:56:46 +02:00
Georg Brandl 21bf3f942b Issue #22517: When a io.BufferedRWPair object is deallocated, clear its 
weakrefs.
 2014-09-30 14:54:39 +02:00
Georg Brandl eaca8616ab Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
 2014-09-30 14:45:39 +02:00
Georg Brandl 210ee47e33 Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Christian Heimes.
 2014-09-30 14:18:02 +02:00
Georg Brandl c9cb18d3f7 Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Michał
Jastrzębski and Giampaolo Rodola.
 2014-09-30 14:12:24 +02:00
Georg Brandl f0746ca463 Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 
100 headers are read.  Adapted from patch by Jyrki Pulliainen.
 2014-09-30 14:08:04 +02:00
Georg Brandl ec3c103520 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
 2014-09-30 14:04:51 +02:00
Ned Deily 915a30fb0d Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, 
broken by the fix for security issue #19435.  Patch by Zach Byrne.
 2014-07-12 22:06:26 -07:00
Benjamin Peterson 73b8b1cdb8 url unquote the path before checking if it refers to a CGI script (closes #21766) 2014-06-14 18:36:29 -07:00
Benjamin Peterson 99b5afab74 in scan_once, prevent the reading of arbitrary memory when passed a negative index 
Bug reported by Guido Vranken.
 2014-04-13 22:10:38 -04:00
Benjamin Peterson ee5f1c13d1 remove directory mode check from makedirs (closes #21082) 2014-04-01 19:13:18 -04:00
Benjamin Peterson fbf648ebba complain when nbytes > buflen to fix possible buffer overflow (closes #20246) 2014-01-13 22:59:38 -05:00
Antoine Pitrou f60b7df9f8 Issue #12226: HTTPS is now used by default when connecting to PyPI. 2013-12-22 01:35:53 +01:00
Georg Brandl ee7f3fc586 Backout 7d399099334d. 2013-11-04 07:44:29 +01:00
Jason R. Coombs 32bf5e1273 Update NEWS for 265d369ad3b9. 2013-11-02 13:00:01 -04:00
Benjamin Peterson 35aca89617 merge 3.1 (#19435) 2013-10-30 12:48:59 -04:00
Benjamin Peterson 04e9de40f3 use the collapsed path in the run_cgi method (closes #19435) 2013-10-30 12:43:09 -04:00
R David Murray 8270a2c209 Merge #14984: On POSIX, enforce permissions when reading default .netrc. 2013-09-17 20:32:54 -04:00
R David Murray 104aab956f #14984: On POSIX, enforce permissions when reading default .netrc. 
Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.
 2013-09-17 20:30:02 -04:00
Georg Brandl bc75046bb3 Add a NEWS entry for b9b521efeba3. 2013-09-14 09:10:21 +02:00
Georg Brandl c5884d8930 Add NEWS entry for c18c18774e24. 2013-09-14 09:09:18 +02:00
Antoine Pitrou 86d53cadda Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Georg Brandl bfe36ec1f5 Bump to version 3.2.5. 2013-05-12 12:28:20 +02:00
Georg Brandl c502df4e3e Issue #17915: Fix interoperability of xml.sax with file objects returned by 
codecs.open().
 2013-05-12 11:41:12 +02:00
Georg Brandl 93b061bc3e Issue #1159051: Back out a fix for handling corrupted gzip files that 
broke backwards compatibility.
 2013-05-12 11:29:27 +02:00
Serhiy Storchaka a9217a42e6 Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, 
such as was shipped with Centos 5 and Mac OS X 10.4.
 2013-04-28 14:10:27 +03:00
Georg Brandl ba2f8be4c6 Issue #17843: Remove bz2 test data that triggers antivirus warnings. 2013-05-12 11:11:51 +02:00
Georg Brandl ce654f48aa Issue #15535: Fix pickling of named tuples. 2013-05-12 11:09:11 +02:00
Serhiy Storchaka a6df938fef Close #17666: Fix reading gzip files with an extra field. 2013-04-08 22:35:02 +03:00
Gregory P. Smith cf86d9441e news entry 2013-04-30 00:57:18 -07:00
Georg Brandl 8bc7e31529 Bump to 3.2.4. 2013-04-06 09:36:20 +02:00
Benjamin Peterson 7684fa8a38 close search and replace dialog after it is used (closes #17625) 2013-04-03 22:35:12 -04:00
Christian Heimes 1df04e88ae Issue 17538: Document XML vulnerabilties 2013-03-26 17:35:55 +01:00
Georg Brandl 4eb5f1a567 merge with main repo 3.2 branch 2013-03-25 06:56:31 +01:00
Martin v. Loewis 5be6d74a0d Issue #17425: Build with openssl 1.0.0k on Windows. 2013-03-24 22:03:30 +01:00
Gregory P. Smith a1ed539268 Fixes issue #17488: Change the subprocess.Popen bufsize parameter default value 
from unbuffered (0) to buffering (-1) to match the behavior existing code
expects and match the behavior of the subprocess module in Python 2 to avoid
introducing hard to track down bugs.
 2013-03-23 11:44:25 -07:00
Georg Brandl b673d99698 Bump to 3.2.4rc1. 2013-03-23 16:02:08 +01:00
Vinay Sajip 68b4cc87cd Issue #17521: Corrected non-enabling of logger following two calls to fileConfig(). 2013-03-23 11:18:45 +00:00
Vinay Sajip a4cfd60f3d Updated Misc/NEWS with #17508. 2013-03-23 10:57:47 +00:00
doko@ubuntu.com d5537d071c - Issue #16754: Fix the incorrect shared library extension on linux. Introduce 
two makefile macros SHLIB_SUFFIX and EXT_SUFFIX. SO now has the value of
  SHLIB_SUFFIX again (as in 2.x and 3.1). The SO macro is removed in 3.4.
 2013-03-21 13:21:49 -07:00
R David Murray d312c740f1 #5713: Handle 421 error codes during sendmail by closing the socket. 
This is a partial fix to the issue of servers disconnecting unexpectedly; in
this case the 421 says they are disconnecting, so we close the socket and
return the 421 in the appropriate error context.

Original patch by Mark Sapiro, updated by Kushal Das, with additional
tests by me.
 2013-03-20 20:36:14 -04:00