[merge from 3.5] - Prevent HTTPoxy attack (CVE-2016-1000110)

author Senthil Kumaran <senthil@uthcode.com>

Sun, 31 Jul 2016 06:51:13 +0000 (23:51 -0700)

committer Senthil Kumaran <senthil@uthcode.com>

Sun, 31 Jul 2016 06:51:13 +0000 (23:51 -0700)
author Senthil Kumaran <senthil@uthcode.com>
Sun, 31 Jul 2016 06:51:13 +0000 (23:51 -0700)
committer Senthil Kumaran <senthil@uthcode.com>
Sun, 31 Jul 2016 06:51:13 +0000 (23:51 -0700)
diff --cc Lib/urllib/request.py
Simple merge
diff --cc Misc/ACKS

index b9af7265f918223fe88d2bdf99599dca45006e13,150d37a3a322fabf6ac966a89c87fb1d250eff05..926cdaedbb5791f11009bacd946dc4ffd171a79a
--- 1/Misc/ACKS
--- 2/Misc/ACKS
+++ b/Misc/ACKS
@@@ -1204,6 -1191,6 +1204,7 @@@ Shorya Ra
   Jeff Ramnani
   Varpu Rantala
   Brodie Rao
++Rémi Rampin
   Senko Rasic
   Antti Rasinen
   Nikolaus Rath
diff --cc Misc/NEWS

index a6bc778d3a116afa83298e5ee07827f86d113813,ffd647113e48b7ebf87db38b532cf9bcc8c5a952..d2650385108758f42b6706e28d2568bb5d0d261c
--- 1/Misc/NEWS
--- 2/Misc/NEWS
+++ b/Misc/NEWS
@@@ -38,9 -34,10 +38,13 @@@ Core and Builtin
   Library
   -------
   
+ - Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
+   HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
+   that the script is in CGI mode.
+ 
+ +- Issue #7063: Remove dead code from the "array" module's slice handling.
+ +  Patch by Chuck.
+ +
   - Issue #27656: Do not assume sched.h defines any SCHED_* constants.
   
   - Issue #27130: In the "zlib" module, fix handling of large buffers
author	Senthil Kumaran <senthil@uthcode.com>
	Sun, 31 Jul 2016 06:51:13 +0000 (23:51 -0700)
committer	Senthil Kumaran <senthil@uthcode.com>
	Sun, 31 Jul 2016 06:51:13 +0000 (23:51 -0700)
		1	2
Lib/urllib/request.py	patch \|	diff1 \|	diff2 \|	blob \| history
Misc/ACKS	patch \|	diff1 \|	diff2 \|	blob \| history
Misc/NEWS	patch \|	diff1 \|	diff2 \|	blob \| history