Georg Brandl [Tue, 30 Sep 2014 12:45:39 +0000 (14:45 +0200)]
Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
Georg Brandl [Tue, 30 Sep 2014 12:12:24 +0000 (14:12 +0200)]
Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by
limiting the call to readline(). Original patch by Michał
Jastrzębski and Giampaolo Rodola.
Georg Brandl [Tue, 30 Sep 2014 12:04:51 +0000 (14:04 +0200)]
Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
Jason R. Coombs [Sun, 20 Jul 2014 14:52:46 +0000 (10:52 -0400)]
Issue #13540: Removed redundant documentation about Action instance attributes. Updated example and documentation per recommendations by Steven Bethard in msg149524.
R David Murray [Wed, 18 Sep 2013 00:30:02 +0000 (20:30 -0400)]
#14984: On POSIX, enforce permissions when reading default .netrc.
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
Gregory P. Smith [Tue, 30 Apr 2013 07:05:25 +0000 (00:05 -0700)]
This local change was lost during the fixing of issue17192 to update
libffi to 3.0.13. (i'm not sure if it is needed anymore but see
issue 10309 for details which makes no mention of upstream; this
change is already in 3.3 and 3.4 but may need reapplying to 2.7
as done here)
Gregory P. Smith [Tue, 30 Apr 2013 06:45:38 +0000 (23:45 -0700)]
* Fix issue 17192 for 3.2 - reapply the issue11729 patch that was undone
in the merge fun from upstream which already had it in 3.0.13.
* Add the missing update to libffi.info.
Gregory P. Smith [Sat, 23 Mar 2013 18:44:25 +0000 (11:44 -0700)]
Fixes issue #17488: Change the subprocess.Popen bufsize parameter default value
from unbuffered (0) to buffering (-1) to match the behavior existing code
expects and match the behavior of the subprocess module in Python 2 to avoid
introducing hard to track down bugs.
doko@ubuntu.com [Thu, 21 Mar 2013 20:21:49 +0000 (13:21 -0700)]
- Issue #16754: Fix the incorrect shared library extension on linux. Introduce
two makefile macros SHLIB_SUFFIX and EXT_SUFFIX. SO now has the value of
SHLIB_SUFFIX again (as in 2.x and 3.1). The SO macro is removed in 3.4.
R David Murray [Thu, 21 Mar 2013 00:36:14 +0000 (20:36 -0400)]
#5713: Handle 421 error codes during sendmail by closing the socket.
This is a partial fix to the issue of servers disconnecting unexpectedly; in
this case the 421 says they are disconnecting, so we close the socket and
return the 421 in the appropriate error context.
Original patch by Mark Sapiro, updated by Kushal Das, with additional
tests by me.
R David Murray [Tue, 19 Mar 2013 17:52:33 +0000 (13:52 -0400)]
#17443: Fix buffering in IMAP4_stream.
In Python2 Popen uses *FILE objects, which wind up buffering even though
subprocess defaults to no buffering. In Python3, subprocess streams really
are unbuffered by default, but the imaplib code assumes read is buffered. This
patch uses the default buffer size from the io module to get buffered streams
from Popen.
Much debugging work and patch by Diane Trout.
The imap protocol is too complicated to write a test for this simple
change with our current level of test infrastructure.
R David Murray [Tue, 19 Mar 2013 06:31:06 +0000 (02:31 -0400)]
#17476: make allmethods actually return all methods.
This fixes a regression relative to Python2. (In 2, methods on a class were
unbound methods and matched the inspect queries being done, in 3 they are just
functions and so were missed).
This is an undocumented function that pydoc itself does not use, but
I found that numpy at least uses it in its documentation generator.
Gregory P. Smith [Tue, 19 Mar 2013 00:11:20 +0000 (17:11 -0700)]
Fixes issue #17192: Update the ctypes module's libffi to v3.0.13. This
specifically addresses a stack misalignment issue on x86 and issues on
some more recent platforms.