]>
granicus.if.org Git - python/log
Larry Hastings [Mon, 2 Jan 2017 05:49:09 +0000 (21:49 -0800)]
Fix test failure so it's no longer dependent on example.com.
Benjamin Peterson [Mon, 2 Jan 2017 04:07:37 +0000 (22:07 -0600)]
merge 3.3
Benjamin Peterson [Mon, 2 Jan 2017 04:04:13 +0000 (22:04 -0600)]
ring in 2017 for Python
Donald Stufft [Wed, 16 Nov 2016 02:17:43 +0000 (21:17 -0500)]
Upgrade pip to 9.0.1 and setuptools to 28.8.0
Serhiy Storchaka [Mon, 14 Nov 2016 17:25:56 +0000 (19:25 +0200)]
Issue #28563: Make plural form selection more lenient and accepting
non-integer numbers. Django tests depend on this.
Serhiy Storchaka [Mon, 14 Nov 2016 17:22:12 +0000 (19:22 +0200)]
Issue #28563: Make plural form selection more lenient and accepting
non-integer numbers. Django tests depend on this.
Serhiy Storchaka [Sat, 12 Nov 2016 12:29:48 +0000 (14:29 +0200)]
Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X
when decode astral characters.
Serhiy Storchaka [Sat, 12 Nov 2016 12:28:06 +0000 (14:28 +0200)]
Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X
when decode astral characters.
Serhiy Storchaka [Tue, 8 Nov 2016 19:20:09 +0000 (21:20 +0200)]
Issue #28563: Fixed possible DoS and arbitrary code execution when handle
plural form selections in the gettext module. The expression parser now
supports exact syntax supported by GNU gettext.
Serhiy Storchaka [Tue, 8 Nov 2016 19:17:46 +0000 (21:17 +0200)]
Issue #28563: Fixed possible DoS and arbitrary code execution when handle
plural form selections in the gettext module. The expression parser now
supports exact syntax supported by GNU gettext.
Donald Stufft [Wed, 2 Nov 2016 19:42:49 +0000 (15:42 -0400)]
Upgrade pip to 9.0 and setuptools to 28.7.1
Serhiy Storchaka [Tue, 25 Oct 2016 07:07:51 +0000 (10:07 +0300)]
Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug build.
Zachary Ware [Tue, 11 Oct 2016 02:57:20 +0000 (21:57 -0500)]
Issue #28248: Update Windows build to use OpenSSL 1.0.2j
Yury Selivanov [Thu, 6 Oct 2016 18:03:03 +0000 (14:03 -0400)]
Issue #27759: Fix selectors incorrectly retain invalid file descriptors.
(Backported to 3.4 as this bug might be exploited to for DoS)
Benjamin Peterson [Mon, 19 Sep 2016 06:41:11 +0000 (23:41 -0700)]
properly handle the single null-byte file (closes #24022)
Berker Peksag [Wed, 14 Sep 2016 05:38:36 +0000 (08:38 +0300)]
Issue #26171: Null merge
Berker Peksag [Wed, 14 Sep 2016 05:37:28 +0000 (08:37 +0300)]
Issue #26171: Prevent buffer overflow in get_data
Backport of
01ddd608b85c .
Donald Stufft [Fri, 9 Sep 2016 16:08:53 +0000 (12:08 -0400)]
Upgrade setuptools to 27.1.2
Donald Stufft [Fri, 9 Sep 2016 15:35:02 +0000 (11:35 -0400)]
Upgrade setuptools to 27.1.1
Jason R. Coombs [Tue, 6 Sep 2016 02:24:01 +0000 (22:24 -0400)]
Issue #27960: Revert state to
675e20c38fdac6 , backing out all changes by developed for Issue #12885.
Jason R. Coombs [Fri, 2 Sep 2016 03:27:45 +0000 (23:27 -0400)]
Issue #12885: Revert commits in 3.4 branch which is security-only fixes.
Jason R. Coombs [Fri, 2 Sep 2016 02:08:25 +0000 (22:08 -0400)]
Issue #12885: Correct issue reference in NEWS
Jason R. Coombs [Fri, 2 Sep 2016 01:55:22 +0000 (21:55 -0400)]
Backed out changeset
cc86e9e102e8
Jason R. Coombs [Fri, 2 Sep 2016 01:12:17 +0000 (21:12 -0400)]
Issue #12285: Update NEWS
Benjamin Peterson [Wed, 17 Aug 2016 06:35:35 +0000 (23:35 -0700)]
rearrange methodcaller_new so that the main error case does not cause uninitialized memory usage (closes #27783)
Benjamin Peterson [Tue, 16 Aug 2016 05:01:41 +0000 (22:01 -0700)]
do not decref value borrowed from list (closes #27774)
Benjamin Peterson [Sun, 14 Aug 2016 01:33:33 +0000 (18:33 -0700)]
fix possible integer overflow in binascii.b2a_qp (closes #27760)
Reported by Thomas E. Hybel
Benjamin Peterson [Sun, 14 Aug 2016 00:17:06 +0000 (17:17 -0700)]
check for overflow in join_append_data (closes #27758)
Reported by Thomas E. Hybel
Vinay Sajip [Fri, 5 Aug 2016 20:24:27 +0000 (21:24 +0100)]
Issue #20160: Handled passing of large structs to callbacks correctly.
Donald Stufft [Wed, 3 Aug 2016 22:43:38 +0000 (18:43 -0400)]
Switch upload.pypi.io to upload.pypi.org
Senthil Kumaran [Sun, 31 Jul 2016 06:24:16 +0000 (23:24 -0700)]
Prevent HTTPoxy attack (CVE-2016-
1000110 )
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
Martin Panter [Thu, 14 Jul 2016 01:42:53 +0000 (01:42 +0000)]
Issue #27369: Merge test_pyexpat from 3.2 into 3.3
Martin Panter [Thu, 14 Jul 2016 01:31:46 +0000 (01:31 +0000)]
Issue #27369: Don’t test error message detail that changed in Expat 2.2.0
Martin Panter [Thu, 14 Jul 2016 01:17:03 +0000 (01:17 +0000)]
Issue #22758: Move NEWS entry to Library section
R David Murray [Sun, 10 Jul 2016 18:10:08 +0000 (14:10 -0400)]
#22758 null merge
R David Murray [Sun, 10 Jul 2016 17:32:43 +0000 (13:32 -0400)]
#22758: fix regression in handling of secure cookies.
This backports the fix from #16611, per discussion with the release
manager.
Donald Stufft [Wed, 6 Jul 2016 19:27:35 +0000 (15:27 -0400)]
Switch to the new upload url for PyPI
Martin Panter [Fri, 15 Jan 2016 01:16:41 +0000 (01:16 +0000)]
Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUT
Martin Panter [Thu, 14 Jan 2016 09:36:00 +0000 (09:36 +0000)]
Issue #25940: Use self-signed.pythontest.net in SSL tests
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.
The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).
Added the new self-signed certificate to capath with the following commands:
cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,
0e4015b9 .0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,
ce7b8643 .0}
The new server responds with "No route to host" when connecting to port 444.
Serhiy Storchaka [Wed, 2 Dec 2015 23:02:03 +0000 (01:02 +0200)]
Issue #25709: Fixed problem with in-place string concatenation and utf-8 cache.
Martin Panter [Fri, 15 Jan 2016 02:08:13 +0000 (02:08 +0000)]
Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3
Martin Panter [Thu, 14 Jan 2016 12:21:02 +0000 (12:21 +0000)]
Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3
Benjamin Peterson [Fri, 1 Jan 2016 17:53:47 +0000 (11:53 -0600)]
remove some copyright notices supserseded by the toplevel ones
Benjamin Peterson [Fri, 1 Jan 2016 17:53:14 +0000 (11:53 -0600)]
add 2015 and 2016
Benjamin Peterson [Fri, 1 Jan 2016 17:12:44 +0000 (11:12 -0600)]
reflow
Benjamin Peterson [Fri, 1 Jan 2016 16:23:45 +0000 (10:23 -0600)]
2016 will be another year of writing copyrighted code
Benjamin Peterson [Sat, 5 Dec 2015 08:27:11 +0000 (00:27 -0800)]
fix reordering
Benjamin Peterson [Sat, 5 Dec 2015 08:21:12 +0000 (00:21 -0800)]
merge 3.2
Benjamin Peterson [Sat, 5 Dec 2015 08:17:57 +0000 (00:17 -0800)]
add CVE and issue number
Jason R. Coombs [Sat, 19 Sep 2015 16:12:15 +0000 (18:12 +0200)]
Issue #12285: Replace implementation of findall with implementation from Setuptools
7ce820d524db .
Kristján Valur Jónsson [Sat, 12 Sep 2015 15:20:54 +0000 (15:20 +0000)]
Issue #25021: Correctly make sure that product.__setstate__ does not access
invalid memory.
Jason R. Coombs [Sun, 30 Aug 2015 18:05:58 +0000 (14:05 -0400)]
Sort result to avoid spurious errors due to order.
Jason R. Coombs [Sat, 19 Sep 2015 15:32:51 +0000 (17:32 +0200)]
Add docstring and additional test revealing nuances of the implementation as found in setuptools.
Jason R. Coombs [Sun, 30 Aug 2015 17:26:48 +0000 (13:26 -0400)]
Add another test capturing the basic discovery expectation.
Jason R. Coombs [Sun, 30 Aug 2015 17:22:56 +0000 (13:22 -0400)]
Issue #12285: Add test capturing failure.
Jason R. Coombs [Sun, 30 Aug 2015 17:13:11 +0000 (13:13 -0400)]
Use modern mechanism for test discovery
Benjamin Peterson [Wed, 17 Aug 2016 06:36:20 +0000 (23:36 -0700)]
merge 3.3 (#27783)
Benjamin Peterson [Tue, 16 Aug 2016 05:03:44 +0000 (22:03 -0700)]
merge 3.3 (#27774)
Benjamin Peterson [Tue, 16 Aug 2016 04:40:14 +0000 (21:40 -0700)]
fail when negative values are passed to instr()
Donald Stufft [Sun, 14 Aug 2016 20:09:56 +0000 (16:09 -0400)]
Update setuptools/pip to 25.2.0/8.1.2
Benjamin Peterson [Sun, 14 Aug 2016 01:36:55 +0000 (18:36 -0700)]
merge 3.3 (closes #27760)
Benjamin Peterson [Sun, 14 Aug 2016 01:15:28 +0000 (18:15 -0700)]
do not allow reading negative values with getstr()
Benjamin Peterson [Sun, 14 Aug 2016 00:21:22 +0000 (17:21 -0700)]
merge 3.3 (#27758)
Vinay Sajip [Fri, 5 Aug 2016 20:43:25 +0000 (21:43 +0100)]
Issue #20160: Merged fix from 3.3.
Donald Stufft [Wed, 3 Aug 2016 22:48:17 +0000 (18:48 -0400)]
Merge 3.3
Senthil Kumaran [Sun, 31 Jul 2016 06:34:34 +0000 (23:34 -0700)]
[merge from 3.3] Prevent HTTPoxy attack (CVE-2016-
1000110 )
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.
Issue #27568 Reported and patch contributed by Rémi Rampin.
Martin Panter [Thu, 14 Jul 2016 02:09:17 +0000 (02:09 +0000)]
Issue #27369: Merge test_pyexpat from 3.3 into 3.4
R David Murray [Sun, 10 Jul 2016 18:10:56 +0000 (14:10 -0400)]
#22758 null merge
Benjamin Peterson [Wed, 6 Jul 2016 21:04:11 +0000 (14:04 -0700)]
merge 3.3
Donald Stufft [Wed, 6 Jul 2016 20:18:39 +0000 (16:18 -0400)]
Switch to the new upload url for PyPI
Larry Hastings [Mon, 27 Jun 2016 02:43:00 +0000 (19:43 -0700)]
Merge.
Larry Hastings [Mon, 27 Jun 2016 02:41:21 +0000 (19:41 -0700)]
Post-release fixups for Python 3.4.5.
Larry Hastings [Sat, 25 Jun 2016 21:44:49 +0000 (14:44 -0700)]
Added tag v3.4.5 for changeset
619b61e505d0
Larry Hastings [Sat, 25 Jun 2016 21:44:30 +0000 (14:44 -0700)]
Version bump for 3.4.5 final.
Larry Hastings [Sat, 25 Jun 2016 21:42:04 +0000 (14:42 -0700)]
Regenerate pydoc topics for 3.4.5 final.
Georg Brandl [Wed, 15 Jun 2016 06:57:32 +0000 (08:57 +0200)]
Docs: add html-stable autobuild variant
Benjamin Peterson [Tue, 14 Jun 2016 06:41:19 +0000 (23:41 -0700)]
sync ordering of stddef.h includes with expat 2.1.1
Matthias Klose [Mon, 13 Jun 2016 06:40:00 +0000 (23:40 -0700)]
Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test.
Larry Hastings [Sun, 12 Jun 2016 05:25:43 +0000 (22:25 -0700)]
Added tag v3.4.5rc1 for changeset
3631bb4a2490
Larry Hastings [Sun, 12 Jun 2016 05:24:03 +0000 (22:24 -0700)]
Release bump for 3.4.5rc1.
Larry Hastings [Sun, 12 Jun 2016 05:22:07 +0000 (22:22 -0700)]
Regenerate pydoc topics for 3.4.5rc1.
Benjamin Peterson [Sat, 11 Jun 2016 20:28:56 +0000 (13:28 -0700)]
upgrade expt to 2.1.1 (closes #26556)
Benjamin Peterson [Sat, 11 Jun 2016 20:16:42 +0000 (13:16 -0700)]
raise an error when STARTTLS fails
Guido van Rossum [Thu, 19 May 2016 20:00:21 +0000 (13:00 -0700)]
Back out
7e9605697dfc ,
2e3c31ab586a ,
759b2cecc289 .
These added a path attribute to pathlib.Path objects, and docs.
Instead, we're going to use PEP 519.
(Starting in the 3.4 branch and merging forward from there since that's what I did originally.)
Donald Stufft [Mon, 2 May 2016 11:03:46 +0000 (07:03 -0400)]
Upgrade ensurepip bundled setuptools to 20.10.1
Ethan Furman [Thu, 14 Apr 2016 06:52:09 +0000 (23:52 -0700)]
Issue26748: Enum classes should evaluate as True
Benjamin Peterson [Tue, 22 Mar 2016 05:31:02 +0000 (22:31 -0700)]
remove useless $ keyword (closes #17167)
Donald Stufft [Thu, 17 Mar 2016 15:00:08 +0000 (11:00 -0400)]
Upgrade ensurepip._bundled pip to 8.1.1 and setuptools to 20.3
Serhiy Storchaka [Tue, 8 Mar 2016 19:13:35 +0000 (21:13 +0200)]
Backed out changeset
19a3e0e664af
Serhiy Storchaka [Tue, 8 Mar 2016 14:11:26 +0000 (16:11 +0200)]
Issues #23808, #25911: Trying to fix walk tests on Windows.
On Windows a symlink can has the FILE_ATTRIBUTE_DIRECTORY flag.
Benjamin Peterson [Fri, 4 Mar 2016 06:05:36 +0000 (22:05 -0800)]
properly use the ObjArgs variant of CallMethod in dictview binary operations (closes #26478)
Berker Peksag [Wed, 2 Mar 2016 17:40:08 +0000 (19:40 +0200)]
Issue #26246: Set initial value of the hidden attr when creating copy button.
Patch by Liang-Bo Wang.
Yury Selivanov [Wed, 2 Mar 2016 15:33:22 +0000 (10:33 -0500)]
asyncio: Update 3.4 asyncio/test_tasks to upstream version
Ezio Melotti [Sat, 27 Feb 2016 06:39:36 +0000 (08:39 +0200)]
#26246: update copybutton.js after JQuery update. Patch by Liang-Bo Wang.
Benjamin Peterson [Thu, 18 Feb 2016 06:13:19 +0000 (22:13 -0800)]
open the cert store readonly
Patch from Chi Hsuan Yen.
Benjamin Peterson [Fri, 22 Jan 2016 06:02:46 +0000 (22:02 -0800)]
reject negative data_size
Donald Stufft [Fri, 22 Jan 2016 02:55:32 +0000 (21:55 -0500)]
Upgrade pip to 8.0.2
Benjamin Peterson [Thu, 21 Jan 2016 06:23:44 +0000 (22:23 -0800)]
prevent buffer overflow in get_data (closes #26171)
Benjamin Peterson [Thu, 21 Jan 2016 06:06:43 +0000 (22:06 -0800)]
fix refleak in error condition
Benjamin Peterson [Thu, 21 Jan 2016 06:02:30 +0000 (22:02 -0800)]
remove script from epub (closes #26172)