Commit Graph

43808 Commits

Author SHA1 Message Date
Barry Warsaw 82f8828317 - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
  GENERAL_NAME_print() function to get the string represention of ASN.1
  strings for `rfc822Name` (email), `dNSName` (DNS) and
  `uniformResourceIdentifier` (URI).
2013-08-23 13:26:49 -04:00
Barry Warsaw f880e5d5ea Fix UnboundLocalError regression due to previous incorrect fix for
issue 16248.
2013-08-20 20:35:20 -04:00
Barry Warsaw f25d95732c - Issue #16248: Disable code execution from the user's home directory by
tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
2013-02-20 18:19:55 -05:00
Georg Brandl 55f23c4233 #8040: port versionswitcher patch to 2.6. 2012-10-28 08:04:38 +01:00
Barry Warsaw cca96f09d3 Post release twiddle. 2012-04-10 14:50:39 -04:00
Barry Warsaw 27509ce8d9 Added tag v2.6.8 for changeset c9910fd022fc 2012-04-10 11:18:47 -04:00
Barry Warsaw a12d0ccfbe Bump to 2.6.8 2012-04-10 10:59:35 -04:00
Barry Warsaw 75076b4971 update docs 2012-04-10 10:56:26 -04:00
Georg Brandl 222ac8c98f Remove duplicate hgtags entries for 2.6.8rc{1,2}. 2012-03-18 07:31:17 +01:00
Barry Warsaw 9636e462d8 Added tag v2.6.8rc2 for changeset bd9e1a02e3e3 2012-03-17 18:34:05 -04:00
Barry Warsaw b1abc08a29 Added tag v2.6.8rc2 for changeset 1d1b7b9fad48 2012-03-17 18:19:42 -04:00
Barry Warsaw bd371a4cbb Bump to 2.6.8rc2 2012-03-17 18:19:15 -04:00
Barry Warsaw 2875b5b294 Update Docs and NEWS for 2.6.8rc2. 2012-03-17 18:16:58 -04:00
Barry Warsaw e9bc2f773f - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
table internal to the pyexpat module's copy of the expat library to avoid a
  denial of service due to hash collisions.  Patch by David Malcolm with some
  modifications by the expat project.
2012-03-14 17:10:41 -07:00
Barry Warsaw 6707826c66 Added tag v2.6.8rc1 for changeset 5356b6c7fd66 2012-02-23 11:10:31 -05:00
Barry Warsaw 2593eac34e Added tag v2.6.8rc1 for changeset caab08cd2b3e 2012-02-23 10:59:50 -05:00
Barry Warsaw 74f4bd53e0 Bump some more copyright years (as per PEP 101), since this is the first
release of 2.6 for 2012.
2012-02-23 10:59:38 -05:00
Barry Warsaw 1fbc16d050 Bump to version 2.6.8rc1. 2012-02-23 10:55:57 -05:00
Barry Warsaw b383e806b6 Back port from 2.7:
http://hg.python.org/cpython/rev/48705250232c
    changeset:   75187:48705250232c
    branch:      2.7
    parent:      75184:9a1d902714ae
    user:        Antoine Pitrou <solipsis@pitrou.net>
    date:        Wed Feb 22 22:16:25 2012 +0100
2012-02-22 17:26:50 -05:00
Barry Warsaw 56fd6617b5 Backport from 2.7:
changeset:   75153:9b7c6dd19e25
    branch:      2.7
    parent:      75151:b1a02c17b327
    user:        Antoine Pitrou <solipsis@pitrou.net>
    date:        Tue Feb 21 22:02:04 2012 +0100
    files:       Lib/test/test_os.py
2012-02-22 13:50:04 -05:00
Barry Warsaw 6a9005b4eb Backport from 2.7 branch.
changeset:   75165:780008020c40
    user:        Antoine Pitrou <solipsis@pitrou.net>
    date:        Wed Feb 22 03:33:56 2012 +0100
    summary:     Fix (presumably) test_hash under big-endian systems (PPC).
2012-02-22 13:34:18 -05:00
Georg Brandl 3aec568e6e Remove reST markup from --help output. Also: O(n**2) is dict construction, not single insertion. 2012-02-21 22:36:27 +01:00
Benjamin Peterson 4e171d12da don't need this hack anymore 2012-02-21 15:08:51 -05:00
Antoine Pitrou 776af4002b Fix crash at startup with -W options. 2012-02-21 20:42:48 +01:00
Benjamin Peterson 876e789f65 merge heads 2012-02-21 11:23:21 -05:00
Barry Warsaw 8757cad394 Backport fix from default branch for ./python -R -Wd where hash('d') would not
have gotten randomized.
2012-02-21 11:16:06 -05:00
Benjamin Peterson 26da920001 ensure no one tries to hash things before the random seed is found 2012-02-21 11:08:50 -05:00
Barry Warsaw b69fa1f8b7 Let's sort the keys so that this test passes even with random hashes. 2012-02-21 10:22:34 -05:00
Barry Warsaw b19fb2462e Whitespace normalization 2012-02-20 20:44:15 -05:00
Barry Warsaw 1e13eb084f - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
environment variable, to provide an opt-in way to protect against denial of
  service attacks due to hash collisions within the dict and set types.  Patch
  by David Malcolm, based on work by Victor Stinner.
2012-02-20 20:42:21 -05:00
Barry Warsaw f5a5beb339 Back port Python 2.7 fix for test_invalid_redirect() in test_urllib.py. 2012-02-20 14:43:22 -05:00
Charles-François Natali 66f3cc6f8d Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
2012-02-18 14:15:38 +01:00
Antoine Pitrou d358e0554b Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:42:45 +01:00
Martin v. Löwis 141e770e8f merge closing of 2.5 branch 2011-10-31 12:39:25 +01:00
Martin v. Löwis e5b9bff214 2.5 is no longer maintained 2011-10-31 12:38:50 +01:00
Éric Araujo 345fff3de8 Remove mentions of previous license in profile module (#12417 followup) 2011-07-28 22:27:28 +02:00
Benjamin Peterson 5ac56d275d fix ws 2011-06-28 21:57:21 -05:00
Benjamin Peterson 1105f34a2b update profile license (closes #12417) 2011-06-27 09:14:34 -05:00
Barry Warsaw d0366e862a Replay svn r88852. 2011-06-03 20:05:48 -04:00
Barry Warsaw 16ec24a192 Replay svn r88850. 2011-06-03 20:02:47 -04:00
Martin v. Löwis 9c53584ebd Nearly null-merge 2.5.6 2011-05-28 14:13:32 +02:00
Martin v. Löwis 228516c3f8 merge 2.5.6c1 tag 2011-05-28 14:06:55 +02:00
Martin v. Löwis dcdf0320c0 Added tag v2.5.6c1 for changeset a87c7b96672b 2011-05-28 14:05:31 +02:00
Martin v. Löwis 4ca9d48a04 Added tag v2.5.6 for changeset de34c7b097e8 2011-05-28 14:00:37 +02:00
Martin v. Löwis 11a859d70d r88840: Prepare for 2.5.6. 2011-05-28 13:58:36 +02:00
Martin v. Löwis e81c485e57 r88828: Fix year. 2011-05-28 13:57:28 +02:00
Martin v. Löwis cf60858b55 r88824: Prepare for 2.5.6c1. 2011-05-28 13:56:22 +02:00
Barry Warsaw 32140f8955 Replay changeset 70249:b571c7a8cf2e from fubar branch. Original commit
message:

Merging post 2.6.7rc2 changes from Subversion.
2011-05-23 15:27:52 -04:00
Barry Warsaw 34289260da Replay changeset 70248:c714e2f92f63 from fubar branch. Original commit
message:

Cross-port changes for 2.6.7rc2 from the Subversion branch.
2011-05-23 15:26:11 -04:00
Barry Warsaw cf0d8ab818 Replay changeset 70238:03e488b5c009 from fubar branch. Original commit
message:

Reconcile with the 2.6svn branch.  The 2.6.7 release will be made from
Subversion, but there were differences, so this brings them in sync.  These
changes should *not* propagate to any newer versions.
2011-05-23 15:22:56 -04:00