Branch: 3.5
-
Post-release update for 3.5.9 final.
larryhastings committedNov 2, 2019
-
larryhastings committed
Nov 1, 2019 -
Blurb release and pydoc topics for 3.5.9 final.
larryhastings committedNov 1, 2019
-
Post release updates for 3.5.8 final.
larryhastings committedOct 29, 2019 -
larryhastings committed
Oct 29, 2019 -
Blurb release and pydoc topics for 3.5.8 final.
larryhastings committedOct 29, 2019
-
Post-release update for 3.5.8rc2.
larryhastings committedOct 12, 2019 -
larryhastings committed
Oct 12, 2019 -
Fix docs, blurb release, pydoc-topics for 3.5.8rc2.
larryhastings committedOct 12, 2019
-
closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#…
…16434) Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.
-
Sphinx 1.8 is now preferred for building 3.5 docs.
larryhastings committedSep 9, 2019 -
larryhastings committed
Sep 9, 2019 -
Blurb release and pydoc-topics for 3.5.8rc1.
larryhastings committedSep 9, 2019
-
[3.5] bpo-37461: Fix infinite loop in parsing of specially crafted em…
…ail headers (GH-14794) (#15446) * [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794) Some crafted email header would cause the get_parameter method to run in an infinite loop causing a DoS attack surface when parsing those headers. This patch fixes that by making sure the DQUOTE character is handled to prevent going into an infinite loop. (cherry picked from commit a4a994b) Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com> Co-Authored-By: Ashwin Ramaswami <aramaswamis@gmail.com>
-
bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL …
…1.1.1 (#12694) Some test_ssl and test_asyncio tests were written for OpenSSL 1.0 and TLS 1.0, but fail with OpenSSL 1.1.1 and TLS 1.3. Fixing these requires backporting new ssl flags like ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION, which is inappropriate at this stage in Python 3.5's lifetime. Moreover, it's not really worth it: the code works fine, the problem is just in the tests. This patch disables those problematic tests when Python 3.5 is built using newer versions of OpenSSL.
-
[3.5] bpo-34155: Dont parse domains containing @ (GH-13079) (#15317)
https://bugs.python.org/issue34155 (cherry picked from commit 8cb65d1) Co-authored-by: jpic <jpic@users.noreply.github.com>
-
bpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207)
Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected. Disable https related urllib tests on a build without ssl (GH-13032) These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures. Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044) Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
-
Fix compatibility with ISO C89 needed by "gnu89" standard of GCC 4.8:…
… use C89 for loops in backported pickle patch (#12622)
-
[3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (
#13200) * [3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) We updated the server, our testsuite must match. https://bugs.python.org/issue36816
✈️ CLE -> DEN✈️ GH-pycon2019 (cherry picked from commit 6bd8173) Co-authored-by: Gregory P. Smith <greg@krypto.org>
-
-
Blurb release and pydoc-topics for 3.5.7 final.
larryhastings committedMar 17, 2019 -
[3.5] bpo-35121: prefix dot in domain for proper subdomain validation (…
…GH-10258) (#12281) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>