Skip to content
Permalink
Branch: 3.5
Commits on Nov 2, 2019
Commits on Nov 1, 2019
Commits on Oct 29, 2019
  1. bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441)…

    vstinner authored and larryhastings committed Oct 29, 2019
    … (#16516)
    
    Escape the server title of xmlrpc.server.DocXMLRPCServer
    when rendering the document page as HTML.
    
    (cherry picked from commit e8650a4)
Commits on Oct 12, 2019
Commits on Oct 9, 2019
Commits on Oct 8, 2019
  1. [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override v…

    jaraco authored and larryhastings committed Oct 8, 2019
    …alidation and encoding behavior (GH-16448) (#16475)
    
    * [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448)
  2. [3.7] Doc: Bump sphinx. (GH-10676) (GH-10803) (#16522)

    vstinner authored and larryhastings committed Oct 8, 2019
    (cherry picked from commit 2db96ae)
    
    Co-authored-by: Julien Palard <julien@palard.fr>
    (cherry picked from commit 23a98ab)
Commits on Sep 9, 2019
Commits on Sep 7, 2019
  1. [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted em…

    2 people authored and larryhastings committed Sep 7, 2019
    …ail headers (GH-14794) (#15446)
    
    * [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)
    
    Some crafted email header would cause the get_parameter method to run in an
    infinite loop causing a DoS attack surface when parsing those headers. This
    patch fixes that by making sure the DQUOTE character is handled to prevent
    going into an infinite loop.
    (cherry picked from commit a4a994b)
    
    Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
    Co-Authored-By: Ashwin Ramaswami <aramaswamis@gmail.com>
  2. bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812)…

    vstinner authored and larryhastings committed Sep 7, 2019
    … (GH-13814) (#14772)
    
    (cherry picked from commit 8d0ef0b)
    
    Co-authored-by: Steve Dower <steve.dower@python.org>
    (cherry picked from commit fd1771d)
  3. bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL …

    vstinner authored and larryhastings committed Sep 7, 2019
    …1.1.1 (#12694)
    
    Some test_ssl and test_asyncio tests were written for OpenSSL 1.0 and TLS 1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.  Fixing these requires backporting new ssl flags like ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION, which is inappropriate at this stage in Python 3.5's lifetime. Moreover, it's not really worth it: the code works fine, the problem is just in the tests.  This patch disables those problematic tests when Python 3.5 is built using newer versions of OpenSSL.
  4. [3.5] bpo-34155: Dont parse domains containing @ (GH-13079) (#15317)

    2 people authored and larryhastings committed Sep 7, 2019
    https://bugs.python.org/issue34155
    (cherry picked from commit 8cb65d1)
    
    Co-authored-by: jpic <jpic@users.noreply.github.com>
Commits on Jul 14, 2019
  1. bpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207)

    hroncok authored and larryhastings committed Jul 14, 2019
    Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
    
    Disable https related urllib tests on a build without ssl (GH-13032)
    These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.
    
    Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)
    
    Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
  2. bpo-36742: Fixes handling of pre-normalization characters in urlsplit…

    zooba authored and larryhastings committed Jul 14, 2019
    …() (GH-13017) (#13042)
  3. bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474

    2 people authored and larryhastings committed Jul 14, 2019
    …) (GH-13505) (#13510)
    
    CVE-2019-9948: Avoid file reading by disallowing local-file:// and
    local_file:// URL schemes in URLopener().open() and
    URLopener().retrieve() of urllib.request.
    
    Co-Authored-By: SH <push0ebp@gmail.com>
Commits on Jul 13, 2019
  1. Fix compatibility with ISO C89 needed by "gnu89" standard of GCC 4.8:…

    asottile authored and larryhastings committed Jul 13, 2019
    … use C89 for loops in backported pickle patch (#12622)
  2. [3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (

    gpshead authored and larryhastings committed Jul 13, 2019
    #13200)
    
    * [3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192)
    
    We updated the server, our testsuite must match.
    
    https://bugs.python.org/issue36816
    
    ✈️ CLE -> DEN ✈️ GH-pycon2019
    (cherry picked from commit 6bd8173)
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
  3. [3.5] Doc: Add an optional obsolete header. (GH-13638). (#13658)

    JulienPalard authored and larryhastings committed Jul 13, 2019
    * [3.5] Doc: Add an optional obsolete header. (GH-13638).
    (cherry picked from commit 46ed90d)
    
    Co-authored-by: Julien Palard <julien@palard.fr>
Commits on Mar 19, 2019
  1. Post-release version bump for 3.5.7.

    larryhastings committed Mar 19, 2019
Commits on Mar 17, 2019
  1. Version bump for 3.5.7 final.

    larryhastings committed Mar 17, 2019
  2. [3.5] bpo-35121: prefix dot in domain for proper subdomain validation (

    tirkarthi authored and larryhastings committed Mar 17, 2019
    …GH-10258) (#12281)
    
    Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy.  Patch by Karthikeyan Singaravelan.
    (cherry picked from commit ca7fe50)
    
    Co-authored-by: Xtreak <tir.karthi@gmail.com>
Commits on Mar 16, 2019
  1. bpo-35647: Fix path check in cookiejar (#11436) (#12277)

    tirkarthi authored and larryhastings committed Mar 16, 2019
    * Refactor cookie path check as per RFC 6265
    
    * Add tests for prefix match of path
    
    * Add news entry
    
    * Fix set_ok_path and refactor tests
    
    * Use slice for last letter
    
    (cherry picked from commit 0e1f1f0)
Commits on Mar 11, 2019
  1. bpo-36216: Add check for characters in netloc that normalize to separ…

    zooba authored and larryhastings committed Mar 11, 2019
    …ators (GH-12201) (#12223)
Commits on Mar 4, 2019
  1. Post-release verison bump for 3.5.7rc1.

    larryhastings committed Mar 4, 2019
  2. Version bump & copyright year update for 3.5.7rc1.

    larryhastings committed Mar 4, 2019
Older
You can’t perform that action at this time.