- 09 Mar, 2018 1 commit
-
-
Steven M. Vascellaro authored
Replace example result of "5 through 9" with complete list: "5, 6, 7, 8, 9". This format is more consistent with the surrounding examples.
-
- 08 Mar, 2018 3 commits
-
-
Alexey Izbyshev authored
-
Xiang Zhang authored
-
Xiang Zhang authored
* fix a typo: documention -> documentation * fix the type of IPv?Network.hostmask * add documentation about IPv?Network.netmask * fix IPv6Network constructor doc that extended netmasks are not supported
-
- 07 Mar, 2018 2 commits
-
-
INADA Naoki authored
-
Xiang Zhang authored
-
- 06 Mar, 2018 3 commits
-
-
Yury Selivanov authored
-
Victor Stinner authored
Fix a crash on fork when using a custom memory allocator (ex: using PYTHONMALLOC env var). _PyGILState_Reinit() and _PyInterpreterState_Enable() now use the default RAW memory allocator to allocate a new interpreters mutex on fork.
-
Siddhesh Poyarekar authored
The length in strncpy is one char too short and as a result it leads to a build warning with gcc 8. Comment out the strncpy since the interpreter aborts immediately after anyway.
-
- 05 Mar, 2018 4 commits
-
-
Jason R. Coombs authored
* bpo-32991: Add test capturing expectation. DocTestFinder.find should return an empty list for doctests in a namespace package. * bpo-32991: Restore expectation that inspect.getfile on a namespace package raises TypeError.
-
Steve Dower authored
-
Barry Warsaw authored
-
Terry Jan Reedy authored
Like Python, IDLE optionally runs one startup file in the Shell window before presenting the first interactive input prompt. For IDLE, option -s runs a file named in environmental variable IDLESTARTUP or PYTHONSTARTUP; -r file runs file. Python sets __file__ to the startup file name before running the file and unsets it before the first prompt. IDLE now does the same when run normally, without the -n option.
-
- 04 Mar, 2018 4 commits
-
-
Cheryl Sabella authored
-
Cheryl Sabella authored
-
Thomas Nyberg authored
-
Jamie Davis authored
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>
-
- 03 Mar, 2018 1 commit
-
-
Joongi Kim authored
-
- 02 Mar, 2018 1 commit
-
-
Serhiy Storchaka authored
-
- 01 Mar, 2018 3 commits
-
-
Jon Wayne Parrott authored
-
Eric V. Smith authored
-
Alexey Izbyshev authored
-
- 28 Feb, 2018 4 commits
-
-
James Walker authored
-
Cheryl Sabella authored
The new code also runs faster.
-
Ned Deily authored
-
Steve Dower authored
-
- 27 Feb, 2018 12 commits
-
-
Terry Jan Reedy authored
-
Serhiy Storchaka authored
* Revert "bpo-31961: subprocess now accepts path-like args (GH-4329)" This reverts commit dd42cb71.
-
Ned Deily authored
-
Ned Deily authored
-
Antoine Pitrou authored
The long build queues that plagued macOS builds on Travis seem to be a thing of the past now.
-
Paul Ganssle authored
* Add What's New entry for addition of datetime.timezone to the C API Closes bpo-10381 * Add what's new entry for date and datetime optimizations Closes bpo-32403
-
Christian Heimes authored
OpenSSL 1.1 has introduced a new API to set the minimum and maximum supported protocol version. The API is easier to use than the old OP_NO_TLS1 option flags, too. Since OpenSSL has no call to set minimum version to highest supported, the implementation emulate maximum_version = MINIMUM_SUPPORTED and minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and maximum supported version at compile time. Signed-off-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
Direct instantiation of SSLSocket and SSLObject objects is now prohibited. The constructors were never documented, tested, or designed as public constructors. The SSLSocket constructor had limitations. For example it was not possible to enabled hostname verification except was ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED. SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is also deprecated. The only test case for direct instantiation was added a couple of days ago for IDNA testing. Signed-off-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
The ssl module function ssl.wrap_socket() has been de-emphasized and deprecated in favor of the more secure and efficient SSLContext.wrap_socket() method. Signed-off-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by default. Some test cases only apply to TLS 1.2. Other tests currently fail because the threaded or async test servers stop after failure. I'm going to address these issues when OpenSSL 1.1.1 reaches beta. OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS 1.3. The feature is enabled by default for maximum compatibility with broken middle boxes. Users should be able to disable the hack and CPython's test suite needs it to verify default options. Signed-off-by: Christian Heimes <christian@python.org>
-
Eric V. Smith authored
bpo-32960: For dataclasses, disallow inheriting frozen from non-frozen classes and vice-versa, (GH-5919) This restriction will be relaxed at a future date.
-
Joffrey F authored
-
- 26 Feb, 2018 2 commits
-
-
Tobotimus authored
-
Nitish Chandra authored
When comprehensions switched to using a nested scope, the old code for generating a temporary name to hold the accumulation target became redundant, but was never actually removed. Patch by Nitish Chandra.
-