70088f14ad
Issue #18747 : document issue with OpenSSL's CPRNG state and fork
2013-10-29 21:08:56 +01:00
c9cb18d3f7
Issue #16038 : CVE-2013-1752: ftplib: Limit amount of data read by
...
limiting the call to readline(). Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2014-09-30 14:12:24 +02:00
f0746ca463
Issue #16037 : HTTPMessage.readheaders() raises an HTTPException when more than
...
100 headers are read. Adapted from patch by Jyrki Pulliainen.
2014-09-30 14:08:04 +02:00
ec3c103520
Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes
...
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
2014-09-30 14:04:51 +02:00
79690ac1d0
Issue #13540 : Update references to Action class to match syntax used for other classes in this file.
2014-08-03 14:54:11 -04:00
eb0ef415d5
Issue #13540 : Removed redundant documentation about Action instance attributes. Updated example and documentation per recommendations by Steven Bethard in msg149524.
2014-07-20 10:52:46 -04:00
f28cf7abcf
Issue #13540 : Expanded argparse documents to clarify the action API
2011-12-13 23:36:45 -05:00
915a30fb0d
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:06:26 -07:00
314dc126ce
expect the correct platform-dependent linesep
2014-06-16 23:15:50 -07:00
73b8b1cdb8
url unquote the path before checking if it refers to a CGI script ( closes #21766 )
2014-06-14 18:36:29 -07:00
49991deb6e
fix poor spelling
2014-04-14 12:15:28 -04:00
6ef2b36afa
disallow a negative idx parameter
2014-04-14 11:45:21 -04:00
99b5afab74
in scan_once, prevent the reading of arbitrary memory when passed a negative index
...
Bug reported by Guido Vranken.
2014-04-13 22:10:38 -04:00
80e6af1f61
fix versionchanged version
2014-04-04 09:50:35 -04:00
ee5f1c13d1
remove directory mode check from makedirs ( closes #21082 )
2014-04-01 19:13:18 -04:00
b4be376d16
use https docs url ( #21115 )
2014-03-31 13:44:53 -04:00
8aef28a5d0
add Ian Beer
2014-03-30 20:33:47 -04:00
23cf403ca1
fix expandtabs overflow detection to be consistent and not rely on signed overflow
2014-03-30 19:47:57 -04:00
cf25c5caae
use ssl.PROTOCOL_SSLv23 for maximum compatibility ( closes #20896 )
2014-03-12 18:05:53 -05:00
d9bed99fcb
Issue #20246 : Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts.
2014-01-21 22:58:40 +01:00
1b94030b37
update logo url ( #20695 )
2014-02-19 22:55:16 -05:00
f6218a2191
open retrieved file in binary mode, since it's now compressed
2014-02-19 22:56:35 -05:00
fbf648ebba
complain when nbytes > buflen to fix possible buffer overflow ( closes #20246 )
2014-01-13 22:59:38 -05:00
f60b7df9f8
Issue #12226 : HTTPS is now used by default when connecting to PyPI.
2013-12-22 01:35:53 +01:00
ee7f3fc586
Backout 7d399099334d.
2013-11-04 07:44:29 +01:00
7b5d6adb28
Backout 265d369ad3b9.
2013-11-04 07:43:41 +01:00
7ec3e56bb8
Backout d80207d15294.
2013-11-04 07:43:32 +01:00
32bf5e1273
Update NEWS for 265d369ad3b9.
2013-11-02 13:00:01 -04:00
bd26d86d74
Issue #19286 : [distutils] Only match files in build_py.find_data_files.
2013-11-02 11:07:35 -04:00
93912b9e54
Issue #19286 : Adding test demonstrating the failure when a directory is found in the package_data globs.
2013-11-02 11:29:33 -04:00
35aca89617
merge 3.1 ( #19435 )
2013-10-30 12:48:59 -04:00
04e9de40f3
use the collapsed path in the run_cgi method ( closes #19435 )
2013-10-30 12:43:09 -04:00
58bf8d2a68
Merge #14984 : only import pwd on POSIX.
2013-09-18 08:53:26 -04:00
505be2146f
#14984 : only import pwd on POSIX.
2013-09-18 08:52:38 -04:00
8270a2c209
Merge #14984 : On POSIX, enforce permissions when reading default .netrc.
2013-09-17 20:32:54 -04:00
104aab956f
#14984 : On POSIX, enforce permissions when reading default .netrc.
...
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
2013-09-17 20:30:02 -04:00
945a251e4a
Null merge of 3.1 into 3.2
...
Changeset c39f42f46a05 left a dangling head on 3.1.
2013-09-15 15:37:25 -05:00
bc75046bb3
Add a NEWS entry for b9b521efeba3.
2013-09-14 09:10:21 +02:00
c5884d8930
Add NEWS entry for c18c18774e24.
2013-09-14 09:09:18 +02:00
c17a8dfaca
Fix tkinter regression introduced by the security fix in #16248 .
2013-09-14 09:08:09 +02:00
db4309e19a
Fix tkinter regression introduced by the security fix in #16248 .
2013-09-14 09:08:09 +02:00
86d53cadda
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:56:42 +02:00
8833c3bcd1
Added tag v3.2.5 for changeset cef745775b65
2013-05-12 12:28:30 +02:00
bfe36ec1f5
Bump to version 3.2.5.
2013-05-12 12:28:20 +02:00
c502df4e3e
Issue #17915 : Fix interoperability of xml.sax with file objects returned by
...
codecs.open().
2013-05-12 11:41:12 +02:00
93b061bc3e
Issue #1159051 : Back out a fix for handling corrupted gzip files that
...
broke backwards compatibility.
2013-05-12 11:29:27 +02:00
a9217a42e6
Issue #17857 : Prevent build failures with pre-3.5.0 versions of sqlite3,
...
such as was shipped with Centos 5 and Mac OS X 10.4.
2013-04-28 14:10:27 +03:00
ba2f8be4c6
Issue #17843 : Remove bz2 test data that triggers antivirus warnings.
2013-05-12 11:11:51 +02:00
ce654f48aa
Issue #15535 : Fix pickling of named tuples.
2013-05-12 11:09:11 +02:00
a6df938fef
Close #17666 : Fix reading gzip files with an extra field.
2013-04-08 22:35:02 +03:00
Christian Heimes
Georg Brandl
Jason R. Coombs
Ned Deily
Benjamin Peterson
Stefan Krah
Antoine Pitrou
R David Murray
Tim Peters
Serhiy Storchaka