Antoine Pitrou
dad182c16e
Lax cookie parsing in http.cookies could be a security issue when combined
...
with non-standard cookie handling in some Web browsers.
Reported by Sergey Bobrov.
2014-09-17 00:23:55 +02:00
Georg Brandl
860c367c29
Issue #22419 : Limit the length of incoming HTTP request in wsgiref server to
...
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
2014-09-30 14:56:46 +02:00
Georg Brandl
21bf3f942b
Issue #22517 : When a io.BufferedRWPair object is deallocated, clear its
...
weakrefs.
2014-09-30 14:54:39 +02:00
Georg Brandl
eaca8616ab
Issue #16041 : CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
...
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
2014-09-30 14:45:39 +02:00
Georg Brandl
210ee47e33
Issue #16042 : CVE-2013-1752: smtplib: Limit amount of data read by
...
limiting the call to readline(). Original patch by Christian Heimes.
2014-09-30 14:18:02 +02:00
Georg Brandl
c9cb18d3f7
Issue #16038 : CVE-2013-1752: ftplib: Limit amount of data read by
...
limiting the call to readline(). Original patch by Michał
Jastrzębski and Giampaolo Rodola.
2014-09-30 14:12:24 +02:00
Georg Brandl
f0746ca463
Issue #16037 : HTTPMessage.readheaders() raises an HTTPException when more than
...
100 headers are read. Adapted from patch by Jyrki Pulliainen.
2014-09-30 14:08:04 +02:00
Georg Brandl
ec3c103520
Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes
...
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
2014-09-30 14:04:51 +02:00
Ned Deily
915a30fb0d
Issue #21323 : Fix http.server to again handle scripts in CGI subdirectories,
...
broken by the fix for security issue #19435 . Patch by Zach Byrne.
2014-07-12 22:06:26 -07:00
Benjamin Peterson
314dc126ce
expect the correct platform-dependent linesep
2014-06-16 23:15:50 -07:00
Benjamin Peterson
73b8b1cdb8
url unquote the path before checking if it refers to a CGI script ( closes #21766 )
2014-06-14 18:36:29 -07:00
Benjamin Peterson
99b5afab74
in scan_once, prevent the reading of arbitrary memory when passed a negative index
...
Bug reported by Guido Vranken.
2014-04-13 22:10:38 -04:00
Benjamin Peterson
ee5f1c13d1
remove directory mode check from makedirs ( closes #21082 )
2014-04-01 19:13:18 -04:00
Benjamin Peterson
b4be376d16
use https docs url ( #21115 )
2014-03-31 13:44:53 -04:00
Benjamin Peterson
cf25c5caae
use ssl.PROTOCOL_SSLv23 for maximum compatibility ( closes #20896 )
2014-03-12 18:05:53 -05:00
Stefan Krah
d9bed99fcb
Issue #20246 : Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts.
2014-01-21 22:58:40 +01:00
Benjamin Peterson
1b94030b37
update logo url ( #20695 )
2014-02-19 22:55:16 -05:00
Benjamin Peterson
f6218a2191
open retrieved file in binary mode, since it's now compressed
2014-02-19 22:56:35 -05:00
Benjamin Peterson
fbf648ebba
complain when nbytes > buflen to fix possible buffer overflow ( closes #20246 )
2014-01-13 22:59:38 -05:00
Benjamin Peterson
35aca89617
merge 3.1 ( #19435 )
2013-10-30 12:48:59 -04:00
Benjamin Peterson
04e9de40f3
use the collapsed path in the run_cgi method ( closes #19435 )
2013-10-30 12:43:09 -04:00
R David Murray
8270a2c209
Merge #14984 : On POSIX, enforce permissions when reading default .netrc.
2013-09-17 20:32:54 -04:00
R David Murray
104aab956f
#14984 : On POSIX, enforce permissions when reading default .netrc.
...
Initial patch by Bruno Piguet.
This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it. Fixing that issue will be an enhancement.
2013-09-17 20:30:02 -04:00
Antoine Pitrou
86d53cadda
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:56:42 +02:00
Georg Brandl
c502df4e3e
Issue #17915 : Fix interoperability of xml.sax with file objects returned by
...
codecs.open().
2013-05-12 11:41:12 +02:00
Georg Brandl
93b061bc3e
Issue #1159051 : Back out a fix for handling corrupted gzip files that
...
broke backwards compatibility.
2013-05-12 11:29:27 +02:00
Georg Brandl
ba2f8be4c6
Issue #17843 : Remove bz2 test data that triggers antivirus warnings.
2013-05-12 11:11:51 +02:00
Georg Brandl
ce654f48aa
Issue #15535 : Fix pickling of named tuples.
2013-05-12 11:09:11 +02:00
Serhiy Storchaka
a6df938fef
Close #17666 : Fix reading gzip files with an extra field.
2013-04-08 22:35:02 +03:00
Ezio Melotti
656c80809c
Clean up references to threads in test_queue.
2013-03-23 23:35:06 +02:00
Gregory P. Smith
a1ed539268
Fixes issue #17488 : Change the subprocess.Popen bufsize parameter default value
...
from unbuffered (0) to buffering (-1) to match the behavior existing code
expects and match the behavior of the subprocess module in Python 2 to avoid
introducing hard to track down bugs.
2013-03-23 11:44:25 -07:00
Vinay Sajip
68b4cc87cd
Issue #17521 : Corrected non-enabling of logger following two calls to fileConfig().
2013-03-23 11:18:45 +00:00
Vinay Sajip
3f885b5432
Issue #17508 : Handled out-of-order handler configuration correctly.
2013-03-22 15:19:54 +00:00
R David Murray
03b0116c78
#5712 : Preemptively fix some other possible timing issues.
2013-03-20 22:11:40 -04:00
R David Murray
853c0f9d60
#5713 : fix timing issue in smtplib tests.
2013-03-20 21:54:05 -04:00
R David Murray
d312c740f1
#5713 : Handle 421 error codes during sendmail by closing the socket.
...
This is a partial fix to the issue of servers disconnecting unexpectedly; in
this case the 421 says they are disconnecting, so we close the socket and
return the 421 in the appropriate error context.
Original patch by Mark Sapiro, updated by Kushal Das, with additional
tests by me.
2013-03-20 20:36:14 -04:00
Ezio Melotti
958f7ae865
#17493 : re-enable a test on Windows. Patch by Zachary Ware.
2013-03-20 18:14:48 +02:00
Senthil Kumaran
2a4d24510a
#17471 - Increasing the urllib.error test coverage. Bringing it to 100%. Based on patch contributed by Daniel Wozniak
2013-03-19 16:11:07 -07:00
Senthil Kumaran
843fae9312
#17471 - Improve urllib2 test coverage. Patch contributed by Daniel Wozniak
2013-03-19 13:43:42 -07:00
R David Murray
9929bc543a
#17476 : make allmethods actually return all methods.
...
This fixes a regression relative to Python2. (In 2, methods on a class were
unbound methods and matched the inspect queries being done, in 3 they are just
functions and so were missed).
This is an undocumented function that pydoc itself does not use, but
I found that numpy at least uses it in its documentation generator.
Original patch by Matt Bachmann.
2013-03-19 02:31:06 -04:00
R David Murray
a846f5ace8
#17448 : Make test_sax skip if there are no xml parsers.
...
Patch by Rafael Santos.
2013-03-18 00:18:12 -04:00
Ezio Melotti
c28f6fa505
#11420 : make test suite pass with -B/DONTWRITEBYTECODE set. Initial patch by Thomas Wouters.
2013-03-16 19:48:51 +02:00
Terry Jan Reedy
743c85a32e
Issue # 10652: make tcl/tk tests run after __all__ test, patch by Zachary Ware.
2013-03-16 02:37:06 -04:00
Ezio Melotti
a7d64a6f4c
#17368 : Fix an off-by-one error in the Python JSON decoder that caused a failure while decoding empty object literals when object_pairs_hook was specified.
2013-03-13 01:52:34 +02:00
Terry Jan Reedy
c30b7b16ea
Issue #17047 : remove doubled words found in 2.7 to 3.4 Lib/*,
...
as reported by Serhiy Storchaka and Matthew Barnett.
2013-03-11 17:57:08 -04:00
Ezio Melotti
42a541bd49
#11963 : remove human verification from test_parser and test_subprocess.
2013-03-11 05:53:34 +02:00
Ezio Melotti
e7c329954c
#11963 : fix Windows buildbots.
2013-03-10 03:25:45 +02:00
Ezio Melotti
3919184014
#11963 : avoid printing messages in test_parser. Initial patch by Éric Araujo.
2013-03-09 22:17:33 +02:00
Ezio Melotti
1f38621a33
#11732 : add a new suppress_crash_popup() context manager to test.support that disables crash popups on Windows and use it in test_ctypes.
2013-03-07 18:44:29 +02:00
Antoine Pitrou
44d5214927
Issue #17278 : Fix a crash in heapq.heappush() and heapq.heappop() when the list is being resized concurrently.
2013-03-04 20:30:01 +01:00