- 24 Mar, 2018 2 commits
-
-
Christian Heimes authored
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 4ca0739c) Co-authored-by: Christian Heimes <christian@python.org>
-
scoder authored
bpo-31544: Avoid calling "PyObject_GetAttrString()" (and potentially executing user code) with a live exception set. (GH-3992)
-
- 22 Mar, 2018 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit d93b5161) Co-authored-by: Donald Stufft <donald@stufft.io>
-
- 21 Mar, 2018 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit 9308dea3) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
-
- 17 Mar, 2018 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit 7f81bb2a) Co-authored-by: Donald Stufft <donald@stufft.io>
-
- 13 Mar, 2018 1 commit
-
-
xdegaye authored
(cherry picked from commit e32bbaf376a09c149fa7c7f2919d7c9ce4e2a055)
-
- 11 Mar, 2018 1 commit
-
-
Miss Islington (bot) authored
[2.7] bpo-33026: Fix jumping out of "with" block by setting f_lineno. (GH-6026). (GH-6074) (GH-6076) (cherry picked from commit 26c9f565) (cherry picked from commit 04aadf23eac51fec2e436c5960c1362bbb7d03de) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-
- 09 Mar, 2018 1 commit
-
-
Xiang Zhang authored
-
- 06 Mar, 2018 1 commit
-
-
Jamie Davis authored
The regex to decode a number in fpformat is susceptible to catastrophic backtracking. This is a potential DOS vector if a server is using fpformat on untrusted number strings. Replace it with an equivalent non-vulnerable regex. The match behavior of the new regex is slightly different. It captures the whole integer part of the number in one group, Leading zeros are stripped off later.
-
- 04 Mar, 2018 1 commit
-
-
Benjamin Peterson authored
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>. (cherry picked from commit 0e6c8ee2)
-
- 02 Mar, 2018 1 commit
-
-
Brett Cannon authored
-
- 01 Mar, 2018 1 commit
-
-
Alexey Izbyshev authored
(cherry picked from commit 3e197c7a) Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
-
- 26 Feb, 2018 1 commit
-
- 25 Feb, 2018 10 commits
-
-
Miss Islington (bot) authored
Dropped the part that says: "For objects that do not provide sequence protocol". (cherry picked from commit 7a1e1786) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
-
Cheryl Sabella authored
By default `print` adds spaces between its arguments. (cherry picked from commit 84c4b0cc)
-
Miss Islington (bot) authored
(cherry picked from commit fbee8824) Co-authored-by: Mario Corchero <mariocj89@gmail.com>
-
Miss Islington (bot) authored
This code never did anything correct or useful. The class attribute will never be affected, and the condition will never be true. (cherry picked from commit 5fb632e8) Co-authored-by: Aaron Gallagher <habnabit@users.noreply.github.com>
-
Christian Heimes authored
Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 29eab553) Co-authored-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
Signed-off-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
The ctypes module used to depend on indirect linking for dlopen. The shared extension is now explicitly linked against libdl on platforms with dl. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 5bb96925) Co-authored-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
The ssl module now detects missing NPN support in LibreSSL. Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org> Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 6cdb7954) Co-authored-by: Christian Heimes <christian@python.org>
-
Miss Islington (bot) authored
The SSL module no longer sends IP addresses in SNI TLS extension on platforms with OpenSSL 1.0.2+ or inet_pton. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit e9370a47389903bb72badc95032ec84a0ebbf8cc) Co-authored-by: Christian Heimes <christian@python.org>
-
Christian Heimes authored
SSLContext.load_dh_params() now supports non-ASCII path. Signed-off-by: Christian Heimes <christian@python.org>
-
- 24 Feb, 2018 1 commit
-
-
Christian Heimes authored
Debian Unstable has disabled TLS 1.0 and 1.1 for SSLv23_METHOD(). Change TLS/SSL protocol of some tests to PROTOCOL_TLS or PROTOCOL_TLSv1_2 to make them pass on Debian. Signed-off-by: Christian Heimes <christian@python.org>
-
- 23 Feb, 2018 2 commits
-
-
Miss Islington (bot) authored
`whilst` and `while` are both english words, `whilst` is not as commonly used. This can be confusing to readers whose primary language is not english. (cherry picked from commit 98f42aac) Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>
-
Anselm Kruis authored
Make test.support.temp_cwd() fork-safe. The context manager test.support.temp_cwd() no longer removes the temporary directory when executing in a process other than the parent it entered from. If a forked child exits the context manager it won't do the cleanup.. (cherry picked from commit 33dddac0) Co-authored-by: Anselm Kruis <a.kruis@science-computing.de>
-
- 21 Feb, 2018 2 commits
-
-
Miss Islington (bot) authored
[2.7] bpo-31848: Fix broken error handling in Aifc_read.initfp() when the SSND chunk is not found (GH-5240) (GH-5781) Initialize self._ssnd_chunk so that aifc.Error is raised as intended, not AttributeError. (cherry picked from commit 80d20b91) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
-
Benjamin Peterson authored
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right protocol default, so let's not pass anyway.. (cherry picked from commit e9edee0b)
-
- 19 Feb, 2018 2 commits
-
-
Raymond Hettinger authored
-
Éric Araujo authored
(cherry picked from commit 08a6926b) Co-authored-by: Éric Araujo <merwok@netwok.org>
-
- 18 Feb, 2018 1 commit
-
-
Zachary Ware authored
(cherry picked from commit 7eb3f822)
-
- 17 Feb, 2018 1 commit
-
-
Miss Islington (bot) authored
Adapt documentation for `copyright` and `credits` to reality. Previously, the documentation implied that all each of `copyright`, `credits`, and `license`, would print a message to call the object in order to see the full text. In reality, only `license` exhibits this behaviour, and `copyright` and `credit` print their full text either when printed, displayed, or called. (cherry picked from commit 243d6d71) Co-authored-by: Gerrit Holl <gerrit.holl@gmail.com>
-
- 14 Feb, 2018 3 commits
-
-
Miss Islington (bot) authored
A closing parentheses was missing. Signed-off-by: Ngie Cooper <yaneurabeya@gmail.com> (cherry picked from commit 7745ec4e) Co-authored-by: ngie-eign <1574099+ngie-eign@users.noreply.github.com>
-
Miss Islington (bot) authored
Remove pkg_add -r python from FreeBSD installation section. Moved to OpenBSD. (cherry picked from commit 3384d38d) Co-authored-by: Eitan Adler <grimreaper@users.noreply.github.com>
-
Benjamin Peterson authored
(cherry picked from commit 2b86f4cb)
-
- 12 Feb, 2018 2 commits
-
-
Serhiy Storchaka authored
It now processes files as binary streams. This also fixes "make reindent".
-
Miss Islington (bot) authored
It now reads: ...be aware that Python has no control over... (cherry picked from commit 517da1e5) Co-authored-by: Alexey <forestbiiird@gmail.com>
-
- 11 Feb, 2018 3 commits
-
-
Miss Islington (bot) authored
(cherry picked from commit 6ea20fc7)
-
Zachary Ware authored
(cherry picked from commit 28607e0d)
-
Miss Islington (bot) authored
The new link is given in a red box on the old page. (cherry picked from commit 8d1f2f40) Co-authored-by: sblondon <sblondon@users.noreply.github.com>
-