ada/cpython
0
0
Fork 0
mirror of https://github.com/AdaCore/cpython.git synced 2026-02-12 12:57:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
43,833 Commits 66 Branches 323 Tags
2.6
Commit Graph

6368 Commits

Author SHA1 Message Date
Barry Warsaw
42faa55124 - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much memory.  Patch by Jyrki
  Pulliainen.
 2013-09-30 18:35:15 -04:00
Barry Warsaw
c545a5ebd6 - Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to 
prevent readline() calls from consuming too much member.  Patch by Jyrki
  Pulliainen.
 2013-09-30 15:56:29 -04:00
Barry Warsaw
6c1bb7b4e3 - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more 
than 100 headers are read.  Adapted from patch by Jyrki Pulliainen.
 2013-09-29 13:59:06 -04:00
Barry Warsaw
d6fddf3d15 - Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by 
limiting the call to readline().  Original patch by Michał
  Jastrzębski and Giampaolo Rodola.

with test fixes by Serhiy Storchaka.
 2013-09-25 09:36:58 -04:00
Barry Warsaw
4e95d60191 - Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to 
limit line length.  Patch by Emil Lind.
 2013-09-22 16:07:09 -04:00
R David Murray
4189b67a66 #14984: On POSIX, enforce permissions when reading default .netrc. 
Initial patch by Bruno Piguet.

This is implemented as if a useful .netrc file could exist without passwords,
which is possible in the general case; but in fact our netrc implementation
does not support it.  Fixing that issue will be an enhancement.
 2013-09-16 13:48:44 -04:00
Andrew Kuchling
503baf9ecd #16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline(). 
The SSLFakeFile.readline() method needs to support limiting readline() as
well.  It's not a full emulation of readline()'s signature, but this class
is only used by smtplib's code, so it doesn't have to be.

Modified version of original patch by Christian Heimes.
 2013-09-15 13:11:47 -04:00
Christian Heimes
bde2985f1d Python 2.6's ssl module has neither OPENSSL_VERSION_INFO nor _OPENSSL_API_VERSION 2013-09-03 14:47:00 +02:00
Christian Heimes
8f65ef8853 Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger 2013-08-25 14:12:41 +02:00
Barry Warsaw
82f8828317 - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
  GENERAL_NAME_print() function to get the string represention of ASN.1
  strings for `rfc822Name` (email), `dNSName` (DNS) and
  `uniformResourceIdentifier` (URI).
 2013-08-23 13:26:49 -04:00
Barry Warsaw
b383e806b6 Back port from 2.7: 
http://hg.python.org/cpython/rev/48705250232c
    changeset:   75187:48705250232c
    branch:      2.7
    parent:      75184:9a1d902714ae
    user:        Antoine Pitrou <solipsis@pitrou.net>
    date:        Wed Feb 22 22:16:25 2012 +0100
 2012-02-22 17:26:50 -05:00
Barry Warsaw
56fd6617b5 Backport from 2.7: 
changeset:   75153:9b7c6dd19e25
    branch:      2.7
    parent:      75151:b1a02c17b327
    user:        Antoine Pitrou <solipsis@pitrou.net>
    date:        Tue Feb 21 22:02:04 2012 +0100
    files:       Lib/test/test_os.py
 2012-02-22 13:50:04 -05:00
Barry Warsaw
6a9005b4eb Backport from 2.7 branch. 
changeset:   75165:780008020c40
    user:        Antoine Pitrou <solipsis@pitrou.net>
    date:        Wed Feb 22 03:33:56 2012 +0100
    summary:     Fix (presumably) test_hash under big-endian systems (PPC).
 2012-02-22 13:34:18 -05:00
Barry Warsaw
b19fb2462e Whitespace normalization 2012-02-20 20:44:15 -05:00
Barry Warsaw
1e13eb084f - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED 
environment variable, to provide an opt-in way to protect against denial of
  service attacks due to hash collisions within the dict and set types.  Patch
  by David Malcolm, based on work by Victor Stinner.
 2012-02-20 20:42:21 -05:00
Barry Warsaw
f5a5beb339 Back port Python 2.7 fix for test_invalid_redirect() in test_urllib.py. 2012-02-20 14:43:22 -05:00
Guido van Rossum
079381d236 Merge issue 11662 from 2.5. 2011-03-29 12:51:16 -07:00
guido@google.com
f1509306d2 Add tests for the urllib[2] vulnerability. Change to raise exceptions. 2011-03-28 13:47:01 -07:00
Vinay Sajip
3ae81137c8 Reverted bug fixes for #11444 (fc4d045e3170) and #11424 (b9d76846bb1c), which should not have been made in this branch. 2011-03-11 18:44:10 +00:00
Vinay Sajip
8dd2a40bc7 Issue #11424: Fix bug in determining child loggers. 2011-03-07 15:02:11 +00:00
Georg Brandl
4db2c257d6 Add .hgeol file and fix newlines in the 2.5 branch. 2011-03-05 15:02:28 +01:00
Alexander Belopolsky
41769a7513 Merged revisions 87663 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/release27-maint

................
  r87663 | alexander.belopolsky | 2011-01-02 18:23:54 -0500 (Sun, 02 Jan 2011) | 13 lines

  Merged revisions 87648,87656 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r87648 | alexander.belopolsky | 2011-01-02 15:48:22 -0500 (Sun, 02 Jan 2011) | 1 line

    Issue #8013: Fixed time.asctime segfault when OS's asctime fails
  ........
    r87656 | alexander.belopolsky | 2011-01-02 17:16:10 -0500 (Sun, 02 Jan 2011) | 1 line

    Issue #8013: Fixed test
  ........
................
 2011-01-02 23:26:12 +00:00
Alexander Belopolsky
893c354a55 Merged revisions 87541,87543 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/release27-maint

................
  r87541 | alexander.belopolsky | 2010-12-28 10:47:56 -0500 (Tue, 28 Dec 2010) | 9 lines

  Merged revisions 87442 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r87442 | alexander.belopolsky | 2010-12-22 21:27:37 -0500 (Wed, 22 Dec 2010) | 1 line

    Issue #10254: Fixed a crash and a regression introduced by the implementation of PRI 29.
  ........
................
  r87543 | alexander.belopolsky | 2010-12-28 11:04:06 -0500 (Tue, 28 Dec 2010) | 1 line

  fixed issue 10254 test
................
 2010-12-28 16:15:08 +00:00
Florent Xicluna
29a66bdcb5 Merged revisions 84100 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/release27-maint

................
  r84100 | florent.xicluna | 2010-08-16 21:22:18 +0200 (lun., 16 août 2010) | 13 lines

  Merged revisions 84097,84099 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r84097 | florent.xicluna | 2010-08-16 20:41:19 +0200 (lun., 16 août 2010) | 1 line

    Use test.support and unittest features.  Fix duplicated test (bad merge in r79033).  Fix comment for issue #7902.
  ........
    r84099 | florent.xicluna | 2010-08-16 21:03:05 +0200 (lun., 16 août 2010) | 1 line

    I get it wrong in r84097: s/relative/absolute/
  ........
................
 2010-08-16 19:26:54 +00:00
Florent Xicluna
0261d2e361 Merged revisions 82529 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/release27-maint

........
  r82529 | florent.xicluna | 2010-07-04 16:24:40 +0200 (dim., 04 juil. 2010) | 1 line

  Issue #9145: Fix a regression due to r79539
........
 2010-08-16 16:08:12 +00:00