| e76cbc7 | Larry Hastings | 18 March 2019, 16:51:26 UTC | Version bump for 3.4.10. | 18 March 2019, 16:51:26 UTC |
| 8daddae | Larry Hastings | 18 March 2019, 16:24:13 UTC | Blurb release and pydoc-topics for 3.4.10 final. | 18 March 2019, 16:24:13 UTC |
| d2eb677 | Larry Hastings | 18 March 2019, 16:14:05 UTC | Minor doc ReST fixes. | 18 March 2019, 16:14:05 UTC |
| 42ad410 | Xtreak | 16 March 2019, 22:56:34 UTC | [3.4] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (#12279) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com> | 16 March 2019, 22:56:34 UTC |
| e260f09 | Xtreak | 16 March 2019, 22:54:03 UTC | bpo-35647: Fix path check in cookiejar (#11436) (#12278) * Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c) | 16 March 2019, 22:54:03 UTC |
| 62d3654 | Steve Dower | 11 March 2019, 04:58:47 UTC | bpo-36216: Add check for characters in netloc that normalize to separators (GH-12201) (#12224) | 11 March 2019, 04:58:47 UTC |
| 0d9d810 | Larry Hastings | 04 March 2019, 09:35:32 UTC | Post-release version bump for 3.4.10rc1. | 04 March 2019, 09:35:32 UTC |
| 14bb5cb | Larry Hastings | 04 March 2019, 02:06:04 UTC | Version bump & copyright year update for 3.4.10rc1. | 04 March 2019, 02:06:04 UTC |
| 17ebd26 | Larry Hastings | 04 March 2019, 02:00:11 UTC | PyDoc and blurb updates for 3.4.10rc1. | 04 March 2019, 02:00:11 UTC |
| 2226139 | Cheryl Sabella | 04 March 2019, 00:01:39 UTC | [3.4] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) (#12145) Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom is commonly used to select all signals for blocking with `pthread_sigmask`. So we ignore the sigaddset() return value until we expose sigfillset() to provide a better idiom. (cherry picked from commit 25038ec) Co-authored-by: Antoine Pitrou <pitrou@free.fr> | 04 March 2019, 00:01:39 UTC |
| 765d333 | Victor Stinner | 25 February 2019, 23:32:13 UTC | bpo-34791: xml package obeys ignore env flags (GH-9544) (#11872) The xml.sax and xml.dom.domreg modules now obey sys.flags.ignore_environment. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 223e501fb9c2b6ae21b96054e20c4c31d94a5d96) | 25 February 2019, 23:32:13 UTC |
| 4b42d57 | Victor Stinner | 25 February 2019, 22:44:13 UTC | [3.4] bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) (#11870) * bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) (cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd) | 25 February 2019, 22:44:13 UTC |
| 6c655ce | Victor Stinner | 25 February 2019, 21:28:36 UTC | bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868) Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) | 25 February 2019, 21:28:36 UTC |
| d16eaf3 | stratakis | 25 February 2019, 21:02:17 UTC | [3.4] bpo-34623: Use XML_SetHashSalt in _elementtree (#9953) * bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue34623 (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) Co-authored-by: Christian Heimes <christian@python.org> | 25 February 2019, 21:02:17 UTC |
| cd1d5c5 | Larry Hastings | 02 August 2018, 13:51:48 UTC | Post-release version bump for 3.4.9. | 02 August 2018, 13:51:48 UTC |
| 0a5a5af | Larry Hastings | 02 August 2018, 09:18:47 UTC | Version bump for 3.4.9 final. | 02 August 2018, 09:18:47 UTC |
| 804d8b3 | Larry Hastings | 02 August 2018, 09:16:41 UTC | Add Blurb entry for 3.4.9 final. | 02 August 2018, 09:16:41 UTC |
| 57b85d3 | Larry Hastings | 20 July 2018, 02:31:08 UTC | Post-release version bump for 3.4.9rc1. | 20 July 2018, 02:31:08 UTC |
| c126fdc | Larry Hastings | 19 July 2018, 12:12:59 UTC | Version bump for 3.4.9rc1. | 19 July 2018, 12:12:59 UTC |
| 9a6c8e9 | Larry Hastings | 19 July 2018, 12:10:12 UTC | PyDoc and blurb updates for 3.4.9rc1. | 19 July 2018, 12:10:12 UTC |
| 77c02cd | Steve Dower | 14 May 2018, 17:26:36 UTC | [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992) * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Skips test to avoid crashing during the test suite * Remove invalid test | 14 May 2018, 17:26:36 UTC |
| 942cc04 | Ned Deily | 11 March 2018, 18:28:53 UTC | [3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035) * Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>. | 11 March 2018, 18:28:53 UTC |
| f584ecd | Larry Hastings | 05 February 2018, 00:37:45 UTC | Post-release bump for Python 3.4.8. | 05 February 2018, 00:37:45 UTC |
| a61d7f2 | Larry Hastings | 04 February 2018, 23:40:38 UTC | Version bump for 3.4.8. | 04 February 2018, 23:40:38 UTC |
| 2a5da97 | Larry Hastings | 04 February 2018, 23:38:39 UTC | Finalize blurb archive for 3.4.8 (no new blurbs). | 04 February 2018, 23:38:39 UTC |
| 71b94e3 | larryhastings | 04 February 2018, 19:37:08 UTC | [3.4] [3.5] bpo-32620: Remove failing pyenv call from CI config (GH-5274) (#5533) * [3.5] Remove failing pyenv call from CI config * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library). (cherry picked from commit 4a4c2743133e195cc3725b78a895d85d69e50089) Co-authored-by: Nick Coghlan <ncoghlan@gmail.com> | 04 February 2018, 19:37:08 UTC |
| 24396c0 | Larry Hastings | 04 February 2018, 16:17:20 UTC | Post-release version bump for 3.4.8rc1. | 04 February 2018, 16:17:20 UTC |
| d5af78b | Larry Hastings | 23 January 2018, 12:32:09 UTC | Bump version and copyright year for 3.4.8rc1. | 23 January 2018, 12:32:09 UTC |
| 68485f7 | Larry Hastings | 23 January 2018, 12:24:55 UTC | blurb release and pydoc topics for 3.4.8rc1. | 23 January 2018, 12:24:55 UTC |
| c59731d | Serhiy Storchaka | 22 January 2018, 10:18:00 UTC | [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) (#4658) * [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) * Fixed saving bytearrays. * Identical objects will be saved only once. * Equal references will be load as identical objects. * Added support for saving and loading recursive data structures.. (cherry picked from commit a897aeeef647259a938a36cb5eb6680c86021c6a) * Fix implementation dependent assertion in test_plistlib. (#4813) It is failed with an advanced optimizer. | 22 January 2018, 10:18:00 UTC |
| 092db6c | Victor Stinner | 08 December 2017, 22:48:37 UTC | bpo-29572: Update Windows build to OpenSSL 1.0.2k (GH-443) (#3445) (cherry picked from commit dd2000cbe475da48fdc94e8f05618e9f460077fd) | 08 December 2017, 22:48:37 UTC |
| 6c004b4 | Miro Hrončok | 08 December 2017, 21:34:44 UTC | bpo-30657: Fix CVE-2017-1000158 (#4758) Fixes possible integer overflow in PyBytes_DecodeEscape. Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com> | 08 December 2017, 21:34:44 UTC |
| 8b11e8d | Victor Stinner | 29 November 2017, 18:50:42 UTC | [3.4] bpo-31170: Fix inclusion of expat in Windows build projects (#3785) * bpo-31170: Fix inclusion of expat in Windows build projects Co-Authored-By: Steve Dower <steve.dower@microsoft.com> * expat: Fix compilation on Visual Studio 2010 The standard header stdbool.h is not available with old Visual Studio compilers Cherry-picked from libexpat commit b4b89c2ab0cc5325a41360c25ef9d2ccbe617e5c. expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Expat: fix preprocessor defines in VS projects Remove the following defines: * BYTEORDER=1234 * HAVE_MEMMOVE * USE_PYEXPAT_CAPI * XML_CONTEXT_BYTES=1024 * XML_DTD * XML_NS * XML_STATIC * PCbuild/pyexpat.vcxproj: define _CRT_SECURE_NO_WARNINGS | 29 November 2017, 18:50:42 UTC |
| 5d7fc42 | Ned Deily | 12 October 2017, 21:06:51 UTC | Backport Doc build venv fixes (#3979) | 12 October 2017, 21:06:51 UTC |
| 727f419 | Ned Deily | 04 October 2017, 03:33:54 UTC | Remove retired and security branches from active docs (#3883) | 04 October 2017, 03:33:54 UTC |
| 86a713c | Victor Stinner | 24 September 2017, 08:04:53 UTC | [3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353) * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat | 24 September 2017, 08:04:53 UTC |
| d0e61bd | Victor Stinner | 16 August 2017, 16:05:57 UTC | bpo-29169: Update zlib to 1.2.11 (#3107) Python 3.4 backport: convert the Misc/NEWS entry using blurb. (cherry picked from commit 34e7e2ecb1741850190e78f42875480693d3537b) | 16 August 2017, 16:05:57 UTC |
| ed51967 | Larry Hastings | 09 August 2017, 07:36:14 UTC | Post-release bump for 3.4.7 final. | 09 August 2017, 07:36:14 UTC |
| 7dc3838 | Larry Hastings | 09 August 2017, 07:08:33 UTC | Version bump for 3.4.7 final. | 09 August 2017, 07:08:33 UTC |
| 67dc125 | Larry Hastings | 09 August 2017, 07:06:48 UTC | Blurb release and pydoc topics for 3.4.7 final. | 09 August 2017, 07:06:48 UTC |
| 362e9fb | Ned Deily | 28 July 2017, 05:02:05 UTC | [3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb (#2874) (#2926) (cherry picked from commit 3de144890ad3bc50694368a1b33be6d7f3a780b3) | 28 July 2017, 05:02:05 UTC |
| 2a5a26c | Dong-hee Na | 27 July 2017, 19:47:46 UTC | [3.4] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) (#2893) | 27 July 2017, 19:47:46 UTC |
| 5c673dd | Larry Hastings | 25 July 2017, 08:58:59 UTC | Post-release bump for 3.4.7rc1. | 25 July 2017, 08:58:59 UTC |
| c912af8 | Larry Hastings | 24 July 2017, 01:16:33 UTC | Version bump and copyright year fixes for 3.4.7rc1. | 24 July 2017, 01:16:33 UTC |
| 961168d | Larry Hastings | 24 July 2017, 01:11:33 UTC | Update pydoc topics and susp-ignored for 3.4.7rc1. | 24 July 2017, 01:11:33 UTC |
| e9a74c4 | Larry Hastings | 24 July 2017, 00:59:56 UTC | blurb release for 3.4.7rc1. | 24 July 2017, 00:59:56 UTC |
| f067f7e | Larry Hastings | 24 July 2017, 00:55:09 UTC | Switch to using blurb to manage Misc/NEWS! | 24 July 2017, 00:55:09 UTC |
| b154917 | Victor Stinner | 22 July 2017, 19:22:31 UTC | [3.4] Backport CI config from master (#2475) * Issues #23808, #25911: Trying to fix walk tests on Windows. On Windows a symlink can has the FILE_ATTRIBUTE_DIRECTORY flag. (cherry picked from commit 388b90f28e029daaf06aae8026b596e2f20a1cd3) * bpo-30231: Remove skipped test_imaplib tests (#1419) (#2193) The public cyrus.andrew.cmu.edu IMAP server (port 993) doesn't accept TLS connection using our self-signed x509 certificate. Remove the two tests which are already skipped. (cherry picked from commit 7895a0585b4b6a1c8082d17227307c6ce2c8bb8b) * Backport CI config from master * Add .travis.yml for Travis CI * Add .github/ for AppVeyor and CodeCov. * Travis CI: remove "make regen-all" check The regen-all Makefile rule doesn't exist in Python 3.4, only since Python 3.5 and newer (and 2.7). * appveyor: replace --slowest with --slow * Travis CI: remove the GCC coverage job * Travis CI: remove tzdata resource from regrtest tzdata resource doesn't exist in Python 3.4. * Travis CI: remove the doc job Fixing Sphinx warnings requires to backport huge intrusive changes like: - commit d97b7dc94b19063f0589d401bdc4aaadc7030762 - commit 5c6793394066b012b9674681b0815667938ce4d9 * appveyor: set version to 3.4.6+ * bpo-30730: Fix test_os tests. Fix test_invalid_cmd() and test_invalid_env(), TypeError is raised on Python 3.4. (cherry picked from commit 5e22721e586344b547194f0f7ea67fd425f94e72) | 22 July 2017, 19:22:31 UTC |
| 3b3a5a5 | Ned Deily | 22 July 2017, 19:18:44 UTC | bpo-30939: Avoid Sphinx deprecation warning in docs build. (#2721) (#2724) (cherry picked from commit 50f58163a69abe2f35e91044d1df165ee7bdbb42) | 22 July 2017, 19:18:44 UTC |
| 34fae03 | Serhiy Storchaka | 22 July 2017, 19:07:10 UTC | [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. (#2695) * [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. (cherry picked from commit 8f657c35b978b681e6e919f08358992e1aed7dc1) * Rewrite a NEWS entry as a NEWS.d entry. | 22 July 2017, 19:07:10 UTC |
| 6f6bc1d | Victor Stinner | 12 July 2017, 12:52:04 UTC | bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782) Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47. (cherry picked from commit d274b3f1f1e2d8811733fb952c9f18d7da3a376a) | 12 July 2017, 12:52:04 UTC |
| cc54c1c | Victor Stinner | 12 July 2017, 12:51:46 UTC | bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2291) The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``. (cherry picked from commit 90e01e50ef8a9e6c91f30d965563c378a4ad26de) | 12 July 2017, 12:51:46 UTC |
| 71572bb | Victor Stinner | 12 July 2017, 12:41:34 UTC | [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619) | 12 July 2017, 12:41:34 UTC |
| f734479 | Serhiy Storchaka | 11 July 2017, 13:30:21 UTC | [3.4] [3.5] bpo-27945: Fixed various segfaults with dict. (GH-1657) (GH-1678) (#2248) Based on patches by Duane Griffin and Tim Mitchell. (cherry picked from commit 753bca3934a7618a4fa96e107ad1c5c18633a683). (cherry picked from commit 2f7f533cf6fb57fcedcbc7bd454ac59fbaf2c655) | 11 July 2017, 13:30:21 UTC |
| fe82c46 | Serhiy Storchaka | 11 July 2017, 10:24:10 UTC | [security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) (#2362) * [3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700) * Update NEWS | 11 July 2017, 10:24:10 UTC |
| ad1fb81 | larryhastings | 22 June 2017, 23:00:46 UTC | Add "Misc/NEWS.d" directory tree for "blurb". GH-2331 CPython workflow is changing! We're going to start using "blurb" to manage Misc/NEWS entries: https://github.com/python/core-workflow (This will be a big win for release managers, honest.) This checkin simply populates the "Misc/NEWS.d" subdirectory tree so that people can start putting their news entries in there. No other changes (yet). | 22 June 2017, 23:00:46 UTC |
| fa53dbd | Victor Stinner | 10 March 2017, 00:49:11 UTC | Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305. (#224) Backport: replace 3.5.3 with 3.4.7 in the doc versionchanged. (cherry picked from commit 03d13c0cbfe912eb0f9b9a02987b9e569f25fe19) | 10 March 2017, 00:49:11 UTC |
| f37b0cb | Barry Warsaw | 24 February 2017, 20:31:48 UTC | bpo-25008: Deprecate smtpd and point to aiosmtpd (#274) (#280) | 24 February 2017, 20:31:48 UTC |
| a52b0a4 | Larry Hastings | 17 January 2017, 08:49:13 UTC | Post-release updates for 3.4.6. | 17 January 2017, 08:49:13 UTC |
| db413f2 | Larry Hastings | 16 January 2017, 08:20:40 UTC | Added tag v3.4.6 for changeset b662f4776921 | 16 January 2017, 08:20:40 UTC |
| 7f10ede | Larry Hastings | 16 January 2017, 08:19:54 UTC | Version bump for Python 3.4.6. | 16 January 2017, 08:19:54 UTC |
| aa772e3 | Larry Hastings | 03 January 2017, 02:30:26 UTC | Merge Python 3.4.6rc1 changes back into main branch. | 03 January 2017, 02:30:26 UTC |
| a7aa988 | Larry Hastings | 03 January 2017, 02:29:26 UTC | Post-release fixups for Python 3.4.6rc1. | 03 January 2017, 02:29:26 UTC |
| 0717564 | Ned Deily | 02 January 2017, 07:47:35 UTC | merge 3.3 | 02 January 2017, 07:47:35 UTC |
| c276ffa | Ned Deily | 02 January 2017, 07:46:09 UTC | ring IDLE.app into 2017, too | 02 January 2017, 07:46:09 UTC |
| af17a2b | Larry Hastings | 02 January 2017, 06:13:29 UTC | Added tag v3.4.6rc1 for changeset e199a272ccda | 02 January 2017, 06:13:29 UTC |
| d12551f | Larry Hastings | 02 January 2017, 06:12:36 UTC | Version bump for 3.4.6rc1. | 02 January 2017, 06:12:36 UTC |
| 8f24f66 | Larry Hastings | 02 January 2017, 06:09:46 UTC | Regenerated pydoc topics for 3.4.6rc1. (Also fixed doc error, improved build.) | 02 January 2017, 06:09:46 UTC |
| 03fdeb7 | Larry Hastings | 02 January 2017, 05:49:09 UTC | Fix test failure so it's no longer dependent on example.com. | 02 January 2017, 05:49:09 UTC |
| b6e2142 | Benjamin Peterson | 02 January 2017, 04:07:37 UTC | merge 3.3 | 02 January 2017, 04:07:37 UTC |
| e527dd3 | Benjamin Peterson | 02 January 2017, 04:04:13 UTC | ring in 2017 for Python | 02 January 2017, 04:04:13 UTC |
| dd5c73b | Donald Stufft | 16 November 2016, 02:17:43 UTC | Upgrade pip to 9.0.1 and setuptools to 28.8.0 | 16 November 2016, 02:17:43 UTC |
| 5ca92ab | Serhiy Storchaka | 14 November 2016, 17:25:56 UTC | Issue #28563: Make plural form selection more lenient and accepting non-integer numbers. Django tests depend on this. | 14 November 2016, 17:25:56 UTC |
| 60ac989 | Serhiy Storchaka | 14 November 2016, 17:22:12 UTC | Issue #28563: Make plural form selection more lenient and accepting non-integer numbers. Django tests depend on this. | 14 November 2016, 17:22:12 UTC |
| 84293af | Serhiy Storchaka | 12 November 2016, 12:29:48 UTC | Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X when decode astral characters. | 12 November 2016, 12:29:48 UTC |
| b626643 | Serhiy Storchaka | 12 November 2016, 12:28:06 UTC | Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X when decode astral characters. | 12 November 2016, 12:28:06 UTC |
| 1c3fdd9 | Serhiy Storchaka | 08 November 2016, 19:20:09 UTC | Issue #28563: Fixed possible DoS and arbitrary code execution when handle plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext. | 08 November 2016, 19:20:09 UTC |
| 07bcf05 | Serhiy Storchaka | 08 November 2016, 19:17:46 UTC | Issue #28563: Fixed possible DoS and arbitrary code execution when handle plural form selections in the gettext module. The expression parser now supports exact syntax supported by GNU gettext. | 08 November 2016, 19:17:46 UTC |
| 20a587b | Donald Stufft | 02 November 2016, 19:42:49 UTC | Upgrade pip to 9.0 and setuptools to 28.7.1 | 02 November 2016, 19:42:49 UTC |
| 77eede3 | Serhiy Storchaka | 25 October 2016, 07:07:51 UTC | Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug build. | 25 October 2016, 07:07:51 UTC |
| 068534a | Zachary Ware | 11 October 2016, 02:57:20 UTC | Issue #28248: Update Windows build to use OpenSSL 1.0.2j | 11 October 2016, 02:57:20 UTC |
| cb9424f | Yury Selivanov | 06 October 2016, 18:03:03 UTC | Issue #27759: Fix selectors incorrectly retain invalid file descriptors. (Backported to 3.4 as this bug might be exploited to for DoS) | 06 October 2016, 18:03:03 UTC |
| 26d998c | Benjamin Peterson | 19 September 2016, 06:41:11 UTC | properly handle the single null-byte file (closes #24022) | 19 September 2016, 06:41:11 UTC |
| 354c2f9 | Berker Peksag | 14 September 2016, 05:38:36 UTC | Issue #26171: Null merge | 14 September 2016, 05:38:36 UTC |
| d751040 | Berker Peksag | 14 September 2016, 05:37:28 UTC | Issue #26171: Prevent buffer overflow in get_data Backport of 01ddd608b85c. | 14 September 2016, 05:37:28 UTC |
| 16d7d59 | Donald Stufft | 09 September 2016, 16:08:53 UTC | Upgrade setuptools to 27.1.2 | 09 September 2016, 16:08:53 UTC |
| d25d9dc | Donald Stufft | 09 September 2016, 15:35:02 UTC | Upgrade setuptools to 27.1.1 | 09 September 2016, 15:35:02 UTC |
| 1f5fd64 | Jason R. Coombs | 06 September 2016, 02:24:01 UTC | Issue #27960: Revert state to 675e20c38fdac6, backing out all changes by developed for Issue #12885. | 06 September 2016, 02:24:01 UTC |
| 79ae967 | Jason R. Coombs | 02 September 2016, 03:27:45 UTC | Issue #12885: Revert commits in 3.4 branch which is security-only fixes. | 02 September 2016, 03:27:45 UTC |
| 6f5d3fd | Jason R. Coombs | 02 September 2016, 02:08:25 UTC | Issue #12885: Correct issue reference in NEWS | 02 September 2016, 02:08:25 UTC |
| 8ac147d | Jason R. Coombs | 02 September 2016, 01:55:22 UTC | Backed out changeset cc86e9e102e8 | 02 September 2016, 01:55:22 UTC |
| 97eda15 | Jason R. Coombs | 02 September 2016, 01:12:17 UTC | Issue #12285: Update NEWS | 02 September 2016, 01:12:17 UTC |
| 1f0e7c9 | Benjamin Peterson | 17 August 2016, 06:35:35 UTC | rearrange methodcaller_new so that the main error case does not cause uninitialized memory usage (closes #27783) | 17 August 2016, 06:35:35 UTC |
| 3a27b08 | Benjamin Peterson | 16 August 2016, 05:01:41 UTC | do not decref value borrowed from list (closes #27774) | 16 August 2016, 05:01:41 UTC |
| 4f97651 | Benjamin Peterson | 14 August 2016, 01:33:33 UTC | fix possible integer overflow in binascii.b2a_qp (closes #27760) Reported by Thomas E. Hybel | 14 August 2016, 01:33:33 UTC |
| 6e01d90 | Benjamin Peterson | 14 August 2016, 00:17:06 UTC | check for overflow in join_append_data (closes #27758) Reported by Thomas E. Hybel | 14 August 2016, 00:17:06 UTC |
| 6f25003 | Vinay Sajip | 05 August 2016, 20:24:27 UTC | Issue #20160: Handled passing of large structs to callbacks correctly. | 05 August 2016, 20:24:27 UTC |
| fb79290 | Donald Stufft | 03 August 2016, 22:43:38 UTC | Switch upload.pypi.io to upload.pypi.org | 03 August 2016, 22:43:38 UTC |
| 4cbb23f | Senthil Kumaran | 31 July 2016, 06:24:16 UTC | Prevent HTTPoxy attack (CVE-2016-1000110) Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates that the script is in CGI mode. Issue #27568 Reported and patch contributed by Rémi Rampin. | 31 July 2016, 06:24:16 UTC |
| d27a7c1 | Martin Panter | 14 July 2016, 01:42:53 UTC | Issue #27369: Merge test_pyexpat from 3.2 into 3.3 | 14 July 2016, 01:42:53 UTC |
