| 076ca6c | Martin Panter | 14 July 2016, 01:31:46 UTC | Issue #27369: Don’t test error message detail that changed in Expat 2.2.0 | 14 July 2016, 01:31:46 UTC |
| 2cdcaf1 | Martin Panter | 14 July 2016, 01:17:03 UTC | Issue #22758: Move NEWS entry to Library section | 14 July 2016, 01:17:03 UTC |
| 5f21f43 | R David Murray | 10 July 2016, 17:32:43 UTC | #22758: fix regression in handling of secure cookies. This backports the fix from #16611, per discussion with the release manager. | 10 July 2016, 17:32:43 UTC |
| 035583b | Martin Panter | 15 January 2016, 01:16:41 UTC | Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUT | 15 January 2016, 01:16:41 UTC |
| 3d81d93 | Martin Panter | 14 January 2016, 09:36:00 UTC | Issue #25940: Use self-signed.pythontest.net in SSL tests This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444. | 14 January 2016, 09:36:00 UTC |
| 89644d0 | Georg Brandl | 05 November 2014, 19:37:40 UTC | Issue #25940: Backport self-signed.pythontest.net testing for test_httplib The svn.python.org server recently changed root certificate, causing the test to fail. This backports revision 4985375db40f. | 05 November 2014, 19:37:40 UTC |
| 5e62117 | Benjamin Peterson | 05 December 2015, 08:17:57 UTC | add CVE and issue number | 05 December 2015, 08:17:57 UTC |
| b03856a | Benjamin Peterson | 26 May 2015, 02:24:00 UTC | keep distutils version in sync with python version automatically | 26 May 2015, 02:24:00 UTC |
| 9bd476e | Benjamin Peterson | 23 May 2015, 15:36:48 UTC | allow square brackets in cookie values (closes #22931) | 23 May 2015, 15:36:48 UTC |
| 0823ffb | Benjamin Peterson | 23 April 2015, 21:04:36 UTC | properly handle malloc failure (closes #24044) Patch by Christian Heimes. | 23 April 2015, 21:04:36 UTC |
| 893cce9 | Benjamin Peterson | 18 February 2015, 13:52:46 UTC | remove RPM, since it's unused and unmaintained | 18 February 2015, 13:52:46 UTC |
| aed1984 | Serhiy Storchaka | 30 January 2015, 23:15:48 UTC | Issue #23055: Fixed read-past-the-end error in PyUnicode_FromFormatV. | 30 January 2015, 23:15:48 UTC |
| 3f95292 | Serhiy Storchaka | 27 January 2015, 20:18:34 UTC | Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis and fix by Guido Vranken. | 27 January 2015, 20:18:34 UTC |
| f18bf6f | Benjamin Peterson | 04 January 2015, 22:03:17 UTC | add some overflow checks before multiplying (closes #23165) | 04 January 2015, 22:03:17 UTC |
| 47e782a | Benjamin Peterson | 01 January 2015, 00:09:36 UTC | update for copyright for 2015 | 01 January 2015, 00:09:36 UTC |
| 44e4b98 | Benjamin Peterson | 30 December 2014, 16:08:16 UTC | delete old ftpmirror script, which now has security bugs (closes #23130) | 30 December 2014, 16:08:16 UTC |
| 4e9cefa | Benjamin Peterson | 06 December 2014, 01:15:15 UTC | add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) | 06 December 2014, 01:15:15 UTC |
| 258f3f0 | Benjamin Peterson | 05 November 2014, 16:27:14 UTC | use pythontest.net for url fragment test | 05 November 2014, 16:27:14 UTC |
| 863c962 | Benjamin Peterson | 03 November 2014, 20:10:47 UTC | move idna test domain to pythontest.net | 03 November 2014, 20:10:47 UTC |
| 6f1abda | Georg Brandl | 12 October 2014, 06:51:30 UTC | Added tag v3.2.6 for changeset 0bd5f4f14de9 | 12 October 2014, 06:51:30 UTC |
| 439d885 | Georg Brandl | 12 October 2014, 06:50:38 UTC | Bump to 3.2.6 | 12 October 2014, 06:50:38 UTC |
| b3ac843 | Georg Brandl | 12 October 2014, 06:50:11 UTC | #16040: fix unlimited read from connection in nntplib. | 12 October 2014, 06:50:11 UTC |
| f84422d | Georg Brandl | 04 October 2014, 12:17:10 UTC | Added tag v3.2.6rc1 for changeset 51382a5598ec | 04 October 2014, 12:17:10 UTC |
| edc3cba | Georg Brandl | 04 October 2014, 12:16:59 UTC | Copyright year update, add version to licenses. | 04 October 2014, 12:16:59 UTC |
| e800a0e | Georg Brandl | 04 October 2014, 12:15:42 UTC | Bump to 3.2.6rc1 | 04 October 2014, 12:15:42 UTC |
| 4480d30 | Georg Brandl | 01 October 2014, 20:31:04 UTC | ref #19855: skip uuid test_find_mac on non-Posix as in later branches | 01 October 2014, 20:31:04 UTC |
| ff3e5e3 | Georg Brandl | 01 October 2014, 17:15:11 UTC | Fix unicode_aswidechar() for 4b unicode and 2b wchar_t (AIX). | 01 October 2014, 17:15:11 UTC |
| 51c1162 | Georg Brandl | 30 September 2014, 17:34:19 UTC | Issue #19855: uuid.getnode() on Unix now looks on the PATH for the executables used to find the mac address, with /sbin and /usr/sbin as fallbacks. Issue #11508: Fixed uuid.getnode() and uuid.uuid1() on environment with virtual interface. Original patch by Kent Frazier. Issue #18784: The uuid module no more attempts to load libc via ctypes.CDLL, if all necessary functions are already found in libuuid. Patch by Evgeny Sologubov. Issue #16102: Make uuid._netbios_getnode() work again on Python 3. | 30 September 2014, 17:34:19 UTC |
| 3bc3567 | Georg Brandl | 30 September 2014, 15:30:18 UTC | Backport b533cc11d114 to fix intermittent test_urllibnet failures. | 30 September 2014, 15:30:18 UTC |
| 4615076 | Georg Brandl | 30 September 2014, 14:41:11 UTC | Add a dummy "touch" target to the Makefile so that the custom buildbots can test this branch. | 30 September 2014, 14:41:11 UTC |
| 786c8e7 | Georg Brandl | 30 September 2014, 14:31:21 UTC | Fix-up for 0f362676460d: add missing size argument to SSLFakeFile.readline(), as in 2.6 backport 8a6def3add5b | 30 September 2014, 14:31:21 UTC |
| e558181 | Ned Deily | 27 March 2014, 06:31:39 UTC | Issue #20939: Use www.example.com instead of www.python.org to avoid test failures when ssl is not present. | 27 March 2014, 06:31:39 UTC |
| fd9262c | Georg Brandl | 30 September 2014, 14:00:09 UTC | Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit line length. Patch by Emil Lind. | 30 September 2014, 14:00:09 UTC |
| 0840b41 | Georg Brandl | 17 September 2014, 05:17:58 UTC | Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces. | 17 September 2014, 05:17:58 UTC |
| dad182c | Antoine Pitrou | 16 September 2014, 22:23:55 UTC | Lax cookie parsing in http.cookies could be a security issue when combined with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov. | 16 September 2014, 22:23:55 UTC |
| 860c367 | Georg Brandl | 30 September 2014, 12:56:46 UTC | Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes and send a 414 error code for higher lengths. Patch contributed by Devin Cook. | 30 September 2014, 12:56:46 UTC |
| 21bf3f9 | Georg Brandl | 30 September 2014, 12:54:39 UTC | Issue #22517: When a io.BufferedRWPair object is deallocated, clear its weakrefs. | 30 September 2014, 12:54:39 UTC |
| eaca861 | Georg Brandl | 30 September 2014, 12:45:39 UTC | Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen. | 30 September 2014, 12:45:39 UTC |
| 210ee47 | Georg Brandl | 30 September 2014, 12:18:02 UTC | Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting the call to readline(). Original patch by Christian Heimes. | 30 September 2014, 12:18:02 UTC |
| 70088f1 | Christian Heimes | 29 October 2013, 20:08:56 UTC | Issue #18747: document issue with OpenSSL's CPRNG state and fork | 29 October 2013, 20:08:56 UTC |
| c9cb18d | Georg Brandl | 30 September 2014, 12:12:24 UTC | Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by limiting the call to readline(). Original patch by Michał Jastrzębski and Giampaolo Rodola. | 30 September 2014, 12:12:24 UTC |
| f0746ca | Georg Brandl | 30 September 2014, 12:08:04 UTC | Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 100 headers are read. Adapted from patch by Jyrki Pulliainen. | 30 September 2014, 12:08:04 UTC |
| ec3c103 | Georg Brandl | 30 September 2014, 12:04:51 UTC | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI). | 30 September 2014, 12:04:51 UTC |
| 79690ac | Jason R. Coombs | 03 August 2014, 18:54:11 UTC | Issue #13540: Update references to Action class to match syntax used for other classes in this file. | 03 August 2014, 18:54:11 UTC |
| eb0ef41 | Jason R. Coombs | 20 July 2014, 14:52:46 UTC | Issue #13540: Removed redundant documentation about Action instance attributes. Updated example and documentation per recommendations by Steven Bethard in msg149524. | 20 July 2014, 14:52:46 UTC |
| f28cf7a | Jason R. Coombs | 14 December 2011, 04:36:45 UTC | Issue #13540: Expanded argparse documents to clarify the action API | 14 December 2011, 04:36:45 UTC |
| 915a30f | Ned Deily | 13 July 2014, 05:06:26 UTC | Issue #21323: Fix http.server to again handle scripts in CGI subdirectories, broken by the fix for security issue #19435. Patch by Zach Byrne. | 13 July 2014, 05:06:26 UTC |
| 314dc12 | Benjamin Peterson | 17 June 2014, 06:15:50 UTC | expect the correct platform-dependent linesep | 17 June 2014, 06:15:50 UTC |
| 73b8b1c | Benjamin Peterson | 15 June 2014, 01:36:29 UTC | url unquote the path before checking if it refers to a CGI script (closes #21766) | 15 June 2014, 01:36:29 UTC |
| 49991de | Benjamin Peterson | 14 April 2014, 16:15:28 UTC | fix poor spelling | 14 April 2014, 16:15:28 UTC |
| 6ef2b36 | Benjamin Peterson | 14 April 2014, 15:45:21 UTC | disallow a negative idx parameter | 14 April 2014, 15:45:21 UTC |
| 99b5afa | Benjamin Peterson | 14 April 2014, 02:10:38 UTC | in scan_once, prevent the reading of arbitrary memory when passed a negative index Bug reported by Guido Vranken. | 14 April 2014, 02:10:38 UTC |
| 80e6af1 | Benjamin Peterson | 04 April 2014, 13:50:35 UTC | fix versionchanged version | 04 April 2014, 13:50:35 UTC |
| ee5f1c1 | Benjamin Peterson | 01 April 2014, 23:13:18 UTC | remove directory mode check from makedirs (closes #21082) | 01 April 2014, 23:13:18 UTC |
| b4be376 | Benjamin Peterson | 31 March 2014, 17:44:53 UTC | use https docs url (#21115) | 31 March 2014, 17:44:53 UTC |
| 8aef28a | Benjamin Peterson | 31 March 2014, 00:33:47 UTC | add Ian Beer | 31 March 2014, 00:33:47 UTC |
| 23cf403 | Benjamin Peterson | 30 March 2014, 23:47:57 UTC | fix expandtabs overflow detection to be consistent and not rely on signed overflow | 30 March 2014, 23:47:57 UTC |
| cf25c5c | Benjamin Peterson | 12 March 2014, 23:05:53 UTC | use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896) | 12 March 2014, 23:05:53 UTC |
| d9bed99 | Stefan Krah | 21 January 2014, 21:58:40 UTC | Issue #20246: Fix test failures on FreeBSD. Patch by Ryan Smith-Roberts. | 21 January 2014, 21:58:40 UTC |
| 1b94030 | Benjamin Peterson | 20 February 2014, 03:55:16 UTC | update logo url (#20695) | 20 February 2014, 03:55:16 UTC |
| f6218a2 | Benjamin Peterson | 20 February 2014, 03:56:35 UTC | open retrieved file in binary mode, since it's now compressed | 20 February 2014, 03:56:35 UTC |
| fbf648e | Benjamin Peterson | 14 January 2014, 03:59:38 UTC | complain when nbytes > buflen to fix possible buffer overflow (closes #20246) | 14 January 2014, 03:59:38 UTC |
| f60b7df | Antoine Pitrou | 22 December 2013, 00:35:53 UTC | Issue #12226: HTTPS is now used by default when connecting to PyPI. | 22 December 2013, 00:35:53 UTC |
| ee7f3fc | Georg Brandl | 04 November 2013, 06:44:29 UTC | Backout 7d399099334d. | 04 November 2013, 06:44:29 UTC |
| 7b5d6ad | Georg Brandl | 04 November 2013, 06:43:41 UTC | Backout 265d369ad3b9. | 04 November 2013, 06:43:41 UTC |
| 7ec3e56 | Georg Brandl | 04 November 2013, 06:43:32 UTC | Backout d80207d15294. | 04 November 2013, 06:43:32 UTC |
| 32bf5e1 | Jason R. Coombs | 02 November 2013, 17:00:01 UTC | Update NEWS for 265d369ad3b9. | 02 November 2013, 17:00:01 UTC |
| bd26d86 | Jason R. Coombs | 02 November 2013, 15:07:35 UTC | Issue #19286: [distutils] Only match files in build_py.find_data_files. | 02 November 2013, 15:07:35 UTC |
| 93912b9 | Jason R. Coombs | 02 November 2013, 15:29:33 UTC | Issue #19286: Adding test demonstrating the failure when a directory is found in the package_data globs. | 02 November 2013, 15:29:33 UTC |
| 35aca89 | Benjamin Peterson | 30 October 2013, 16:48:59 UTC | merge 3.1 (#19435) | 30 October 2013, 16:48:59 UTC |
| 04e9de4 | Benjamin Peterson | 30 October 2013, 16:43:09 UTC | use the collapsed path in the run_cgi method (closes #19435) | 30 October 2013, 16:43:09 UTC |
| 58bf8d2 | R David Murray | 18 September 2013, 12:53:26 UTC | Merge #14984: only import pwd on POSIX. | 18 September 2013, 12:53:26 UTC |
| 505be21 | R David Murray | 18 September 2013, 12:52:38 UTC | #14984: only import pwd on POSIX. | 18 September 2013, 12:52:38 UTC |
| 8270a2c | R David Murray | 18 September 2013, 00:32:54 UTC | Merge #14984: On POSIX, enforce permissions when reading default .netrc. | 18 September 2013, 00:32:54 UTC |
| 104aab9 | R David Murray | 18 September 2013, 00:30:02 UTC | #14984: On POSIX, enforce permissions when reading default .netrc. Initial patch by Bruno Piguet. This is implemented as if a useful .netrc file could exist without passwords, which is possible in the general case; but in fact our netrc implementation does not support it. Fixing that issue will be an enhancement. | 18 September 2013, 00:30:02 UTC |
| 945a251 | Tim Peters | 15 September 2013, 20:37:25 UTC | Null merge of 3.1 into 3.2 Changeset c39f42f46a05 left a dangling head on 3.1. | 15 September 2013, 20:37:25 UTC |
| bc75046 | Georg Brandl | 14 September 2013, 07:10:21 UTC | Add a NEWS entry for b9b521efeba3. | 14 September 2013, 07:10:21 UTC |
| c5884d8 | Georg Brandl | 14 September 2013, 07:09:18 UTC | Add NEWS entry for c18c18774e24. | 14 September 2013, 07:09:18 UTC |
| c17a8df | Georg Brandl | 14 September 2013, 07:08:09 UTC | Fix tkinter regression introduced by the security fix in #16248. | 14 September 2013, 07:08:09 UTC |
| db4309e | Georg Brandl | 14 September 2013, 07:08:09 UTC | Fix tkinter regression introduced by the security fix in #16248. | 14 September 2013, 07:08:09 UTC |
| 86d53ca | Antoine Pitrou | 18 May 2013, 15:56:42 UTC | Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). | 18 May 2013, 15:56:42 UTC |
| 8833c3b | Georg Brandl | 12 May 2013, 10:28:30 UTC | Added tag v3.2.5 for changeset cef745775b65 | 12 May 2013, 10:28:30 UTC |
| bfe36ec | Georg Brandl | 12 May 2013, 10:28:20 UTC | Bump to version 3.2.5. | 12 May 2013, 10:28:20 UTC |
| c502df4 | Georg Brandl | 12 May 2013, 09:41:12 UTC | Issue #17915: Fix interoperability of xml.sax with file objects returned by codecs.open(). | 12 May 2013, 09:41:12 UTC |
| 93b061b | Georg Brandl | 12 May 2013, 09:29:27 UTC | Issue #1159051: Back out a fix for handling corrupted gzip files that broke backwards compatibility. | 12 May 2013, 09:29:27 UTC |
| a9217a4 | Serhiy Storchaka | 28 April 2013, 11:10:27 UTC | Issue #17857: Prevent build failures with pre-3.5.0 versions of sqlite3, such as was shipped with Centos 5 and Mac OS X 10.4. | 28 April 2013, 11:10:27 UTC |
| ba2f8be | Georg Brandl | 12 May 2013, 09:11:51 UTC | Issue #17843: Remove bz2 test data that triggers antivirus warnings. | 12 May 2013, 09:11:51 UTC |
| ce654f4 | Georg Brandl | 12 May 2013, 09:09:11 UTC | Issue #15535: Fix pickling of named tuples. | 12 May 2013, 09:09:11 UTC |
| a6df938 | Serhiy Storchaka | 08 April 2013, 19:35:02 UTC | Close #17666: Fix reading gzip files with an extra field. | 08 April 2013, 19:35:02 UTC |
| cf86d94 | Gregory P. Smith | 30 April 2013, 07:57:18 UTC | news entry | 30 April 2013, 07:57:18 UTC |
| 910bfb7 | Gregory P. Smith | 30 April 2013, 07:05:25 UTC | This local change was lost during the fixing of issue17192 to update libffi to 3.0.13. (i'm not sure if it is needed anymore but see issue 10309 for details which makes no mention of upstream; this change is already in 3.3 and 3.4 but may need reapplying to 2.7 as done here) | 30 April 2013, 07:05:25 UTC |
| 9330597 | Gregory P. Smith | 30 April 2013, 06:45:38 UTC | * Fix issue 17192 for 3.2 - reapply the issue11729 patch that was undone in the merge fun from upstream which already had it in 3.0.13. * Add the missing update to libffi.info. | 30 April 2013, 06:45:38 UTC |
| 11692ac | Georg Brandl | 06 April 2013, 07:37:53 UTC | Added tag v3.2.4 for changeset 1e10bdeabe3d | 06 April 2013, 07:37:53 UTC |
| 8bc7e31 | Georg Brandl | 06 April 2013, 07:36:20 UTC | Bump to 3.2.4. | 06 April 2013, 07:36:20 UTC |
| 7684fa8 | Benjamin Peterson | 04 April 2013, 02:35:12 UTC | close search and replace dialog after it is used (closes #17625) | 04 April 2013, 02:35:12 UTC |
| ef0faa5 | Georg Brandl | 02 April 2013, 09:07:27 UTC | merge | 02 April 2013, 09:07:27 UTC |
| b147aae | Martin v. Löwis | 30 March 2013, 12:06:57 UTC | Add 3.2.4 UUIDs | 30 March 2013, 12:06:57 UTC |
| 6f18a86 | Georg Brandl | 28 March 2013, 08:02:18 UTC | Fix XML vulnerability link references. | 28 March 2013, 08:02:18 UTC |
| f5390fc | Georg Brandl | 28 March 2013, 07:57:50 UTC | merge with last upstream doc changes in 3.2 | 28 March 2013, 07:57:50 UTC |
| fd4365a | Ezio Melotti | 28 March 2013, 02:31:53 UTC | Update suspicious ignore file. | 28 March 2013, 02:31:53 UTC |
