Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Issue #27369: Don?t test error message detail that changed in Expat 2.2.03.2 | Martin Panter | 2016-07-14 | 2 | -4/+5 |
| | |||||
* | Issue #22758: Move NEWS entry to Library section | Martin Panter | 2016-07-14 | 1 | -3/+3 |
| | |||||
* | #22758: fix regression in handling of secure cookies. | R David Murray | 2016-07-10 | 3 | -11/+61 |
| | | | | | This backports the fix from #16611, per discussion with the release manager. | ||||
* | Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUT | Martin Panter | 2016-01-15 | 1 | -1/+3 |
| | |||||
* | Issue #25940: Use self-signed.pythontest.net in SSL tests | Martin Panter | 2016-01-14 | 6 | -96/+97 |
| | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444. | ||||
* | Issue #25940: Backport self-signed.pythontest.net testing for test_httplib | Georg Brandl | 2014-11-05 | 2 | -7/+24 |
| | | | | | The svn.python.org server recently changed root certificate, causing the test to fail. This backports revision 4985375db40f. | ||||
* | add CVE and issue number | Benjamin Peterson | 2015-12-05 | 1 | -2/+3 |
| | |||||
* | keep distutils version in sync with python version automatically | Benjamin Peterson | 2015-05-25 | 1 | -7/+3 |
| | |||||
* | allow square brackets in cookie values (closes #22931) | Benjamin Peterson | 2015-05-23 | 3 | -3/+23 |
| | |||||
* | properly handle malloc failure (closes #24044) | Benjamin Peterson | 2015-04-23 | 2 | -2/+7 |
| | | | | Patch by Christian Heimes. | ||||
* | remove RPM, since it's unused and unmaintained | Benjamin Peterson | 2015-02-18 | 3 | -424/+0 |
| | |||||
* | Issue #23055: Fixed read-past-the-end error in PyUnicode_FromFormatV. | Serhiy Storchaka | 2015-01-31 | 1 | -0/+2 |
| | |||||
* | Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis | Serhiy Storchaka | 2015-01-27 | 3 | -33/+161 |
| | | | | and fix by Guido Vranken. | ||||
* | add some overflow checks before multiplying (closes #23165) | Benjamin Peterson | 2015-01-04 | 2 | -3/+16 |
| | |||||
* | update for copyright for 2015 | Benjamin Peterson | 2014-12-31 | 6 | -7/+7 |
| | |||||
* | delete old ftpmirror script, which now has security bugs (closes #23130) | Benjamin Peterson | 2014-12-30 | 1 | -405/+0 |
| | |||||
* | add a default limit for the amount of data xmlrpclib.gzip_decode will return ↵ | Benjamin Peterson | 2014-12-05 | 3 | -3/+36 |
| | | | | (closes #16043) | ||||
* | use pythontest.net for url fragment test | Benjamin Peterson | 2014-11-05 | 1 | -2/+2 |
| | |||||
* | move idna test domain to pythontest.net | Benjamin Peterson | 2014-11-03 | 1 | -3/+4 |
| | |||||
* | Added tag v3.2.6 for changeset 0bd5f4f14de9 | Georg Brandl | 2014-10-12 | 0 | -0/+0 |
| | |||||
* | Bump to 3.2.6v3.2.6 | Georg Brandl | 2014-10-12 | 5 | -8/+8 |
| | |||||
* | #16040: fix unlimited read from connection in nntplib. | Georg Brandl | 2014-10-12 | 3 | -1/+24 |
| | |||||
* | Added tag v3.2.6rc1 for changeset 51382a5598ec | Georg Brandl | 2014-10-04 | 0 | -0/+0 |
| | |||||
* | Copyright year update, add version to licenses.v3.2.6rc1 | Georg Brandl | 2014-10-04 | 5 | -5/+11 |
| | |||||
* | Bump to 3.2.6rc1 | Georg Brandl | 2014-10-04 | 6 | -11/+11 |
| | |||||
* | ref #19855: skip uuid test_find_mac on non-Posix as in later branches | Georg Brandl | 2014-10-01 | 1 | -2/+3 |
| | |||||
* | Fix unicode_aswidechar() for 4b unicode and 2b wchar_t (AIX). | Georg Brandl | 2014-10-01 | 2 | -1/+7 |
| | |||||
* | Issue #19855: uuid.getnode() on Unix now looks on the PATH for the | Georg Brandl | 2014-09-30 | 4 | -16/+67 |
| | | | | | | | | | | | | | | executables used to find the mac address, with /sbin and /usr/sbin as fallbacks. Issue #11508: Fixed uuid.getnode() and uuid.uuid1() on environment with virtual interface. Original patch by Kent Frazier. Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL, if all necessary functions are already found in libuuid. Patch by Evgeny Sologubov. Issue #16102: Make uuid._netbios_getnode() work again on Python 3. | ||||
* | Backport b533cc11d114 to fix intermittent test_urllibnet failures. | Georg Brandl | 2014-09-30 | 1 | -1/+1 |
| | |||||
* | Add a dummy "touch" target to the Makefile so that the custom buildbots can ↵ | Georg Brandl | 2014-09-30 | 1 | -1/+4 |
| | | | | test this branch. | ||||
* | Fix-up for 0f362676460d: add missing size argument to ↵ | Georg Brandl | 2014-09-30 | 1 | -1/+5 |
| | | | | SSLFakeFile.readline(), as in 2.6 backport 8a6def3add5b | ||||
* | Issue #20939: Use www.example.com instead of www.python.org to avoid test | Ned Deily | 2014-03-26 | 3 | -18/+25 |
| | | | | failures when ssl is not present. | ||||
* | Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit | Georg Brandl | 2014-09-30 | 3 | -1/+27 |
| | | | | line length. Patch by Emil Lind. | ||||
* | Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all ↵ | Georg Brandl | 2014-09-17 | 3 | -2/+7 |
| | | | | interfaces. | ||||
* | Lax cookie parsing in http.cookies could be a security issue when combined | Antoine Pitrou | 2014-09-17 | 4 | -1/+16 |
| | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov. | ||||
* | Issue #22419: Limit the length of incoming HTTP request in wsgiref server to | Georg Brandl | 2014-09-30 | 4 | -1/+18 |
| | | | | | 65536 bytes and send a 414 error code for higher lengths. Patch contributed by Devin Cook. | ||||
* | Issue #22517: When a io.BufferedRWPair object is deallocated, clear its | Georg Brandl | 2014-09-30 | 3 | -0/+11 |
| | | | | weakrefs. | ||||
* | Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to | Georg Brandl | 2014-09-30 | 3 | -2/+19 |
| | | | | | prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen. | ||||
* | Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by | Georg Brandl | 2014-09-30 | 4 | -4/+43 |
| | | | | limiting the call to readline(). Original patch by Christian Heimes. | ||||
* | Issue #18747: document issue with OpenSSL's CPRNG state and fork | Christian Heimes | 2013-10-29 | 2 | -0/+12 |
| | |||||
* | Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by | Georg Brandl | 2014-09-30 | 3 | -6/+43 |
| | | | | | limiting the call to readline(). Original patch by Micha? Jastrz?bski and Giampaolo Rodola. | ||||
* | Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than | Georg Brandl | 2014-09-30 | 4 | -2/+18 |
| | | | | 100 headers are read. Adapted from patch by Jyrki Pulliainen. | ||||
* | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes | Georg Brandl | 2014-09-30 | 4 | -6/+185 |
| | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI). | ||||
* | Issue #13540: Update references to Action class to match syntax used for ↵ | Jason R. Coombs | 2014-08-03 | 1 | -2/+2 |
| | | | | other classes in this file. | ||||
* | Issue #13540: Removed redundant documentation about Action instance ↵ | Jason R. Coombs | 2014-07-20 | 1 | -49/+26 |
| | | | | attributes. Updated example and documentation per recommendations by Steven Bethard in msg149524. | ||||
* | Issue #13540: Expanded argparse documents to clarify the action API | Jason R. Coombs | 2011-12-13 | 1 | -19/+76 |
| | |||||
* | Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, | Ned Deily | 2014-07-12 | 4 | -5/+25 |
| | | | | broken by the fix for security issue #19435. Patch by Zach Byrne. | ||||
* | expect the correct platform-dependent linesep | Benjamin Peterson | 2014-06-16 | 1 | -1/+1 |
| | |||||
* | url unquote the path before checking if it refers to a CGI script (closes ↵ | Benjamin Peterson | 2014-06-14 | 3 | -1/+9 |
| | | | | #21766) | ||||
* | fix poor spelling | Benjamin Peterson | 2014-04-14 | 1 | -1/+1 |
| |