svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines
#5871: protect against header injection attacks.
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header. Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks. (As far as we know this has never been exploited.)
Thanks to Jakub Wilk for reporting this vulnerability.
........
........
r87840 | r.david.murray | 2011-01-07 18:25:30 -0500 (Fri, 07 Jan 2011) | 6 lines
#10686: recode non-ASCII headers to 'unknown-8bit' instead of ?s.
This applies only when generating strings from non-RFC compliant binary
input; it makes the existing recoding behavior more consistent (ie:
now no data is lost when recoding).
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87834 | antoine.pitrou | 2011-01-07 22:43:59 +0100 (ven., 07 janv. 2011) | 5 lines
Issue #8020: Avoid a crash where the small objects allocator would read
non-Python managed memory while it is being modified by another thread.
Patch by Matt Bandy.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87802 | antoine.pitrou | 2011-01-06 19:25:55 +0100 (jeu., 06 janv. 2011) | 6 lines
Issue #7858: Raise an error properly when os.utime() fails under Windows
on an existing file.
(this does not seem to be easily testable)
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87796 | david.malcolm | 2011-01-06 12:01:36 -0500 (Thu, 06 Jan 2011) | 6 lines
Issue #10655: Fix the build on PowerPC on Linux with GCC when building with
timestamp profiling (--with-tsc): the preprocessor test for the PowerPC
support now looks for "__powerpc__" as well as "__ppc__": the latter seems to
only be present on OS X; the former is the correct one for Linux with GCC.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87797 | antoine.pitrou | 2011-01-06 18:17:04 +0100 (jeu., 06 janv. 2011) | 4 lines
Issue #3839: wsgiref should not override a Content-Length header set by
the application. Initial patch by Clovis Fabricio.
........
........
r87750 | r.david.murray | 2011-01-04 20:39:32 -0500 (Tue, 04 Jan 2011) | 5 lines
#10790: make append work when output codec is different from input codec
There's still a bug here (the encode call shouldn't use the 'errors'
paramter), but I'll fix that later.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87710 | gregory.p.smith | 2011-01-03 13:06:12 -0800 (Mon, 03 Jan 2011) | 4 lines
issue6643 - Two locks held within the threading module on each thread instance
needed to be reinitialized after fork(). Adds tests to confirm that they are
and that a potential deadlock and crasher bug are fixed (platform dependant).
........
This required a bit more fiddling for 2.x as __block and __started are __
private as well as the __started Event's __cond. A new "private"
_reset_internal_locks() method is added to Thread and _Event objects to
address this.
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87704 | antoine.pitrou | 2011-01-03 21:38:52 +0100 (lun., 03 janv. 2011) | 5 lines
Issue #6293: Have regrtest.py echo back sys.flags. This is done by default
in whole runs and enabled selectively using `--header` when running an
explicit list of tests. Original patch by Collin Winter.
........
r87705 | antoine.pitrou | 2011-01-03 21:40:07 +0100 (lun., 03 janv. 2011) | 3 lines
Mention --randseed in option list
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87698 | antoine.pitrou | 2011-01-03 19:53:50 +0100 (lun., 03 janv. 2011) | 4 lines
Issue #7716: Under Solaris, don't assume existence of /usr/xpg4/bin/grep in
the configure script but use $GREP instead. Patch by Fabian Groffen.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87695 | antoine.pitrou | 2011-01-03 19:23:55 +0100 (lun., 03 janv. 2011) | 5 lines
Issue #10806, issue #9905: Fix subprocess pipes when some of the standard
file descriptors (0, 1, 2) are closed in the parent process. Initial
patch by Ross Lagerwall.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87666 | amaury.forgeotdarc | 2011-01-03 01:19:11 +0100 (lun., 03 janv. 2011) | 4 lines
#8278: In the Windows implementation of stat() and utime(),
use time_t instead of int. This gives support for dates after 2038,
at least when compiled with VS2003 or later, where time_t is 64bit.
........
Backport r87594 r87611 and r87612 so that OrderedDict subclassing behavior
better matches dict subclassing (i.e. adding __missing__ works and
extending/overriding the update() methods doesn't break __init__()).
........
r87567 | r.david.murray | 2010-12-29 11:57:24 -0500 (Wed, 29 Dec 2010) | 2 lines
Fix a comment typo and update another comment to match Python3 reality
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87550 | r.david.murray | 2010-12-28 13:54:13 -0500 (Tue, 28 Dec 2010) | 8 lines
#9824: encode , and ; in cookie values so that browsers don't split on them
There is a small chance of backward incompatibility here, but only for
non-SimpleCookie applications reading SimpleCookie generated cookies. Even
then, any such ap is likely to be handling escaped values already, and it would
take a fairly perverse implementation of unescaping to fail to unescape these
newly escaped chars, so the risk seems minimal.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87442 | alexander.belopolsky | 2010-12-22 21:27:37 -0500 (Wed, 22 Dec 2010) | 1 line
Issue #10254: Fixed a crash and a regression introduced by the implementation of PRI 29.
........
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87508 | r.david.murray | 2010-12-26 23:31:48 -0500 (Sun, 26 Dec 2010) | 5 lines
Skip test that does not raise an error on Windows.
I'm assuming that the putative path from the malformed
pth file is simply not found and therefore ignored.
........
Georg Brandl
R. David Murray
Raymond Hettinger
Antoine Pitrou
David Malcolm
Daniel Stutzbach
Gregory P. Smith
Victor Stinner
Éric Araujo
Alexander Belopolsky
Amaury Forgeot d'Arc
Benjamin Peterson
Terry Reedy
Senthil Kumaran