Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Post release updates3.7Ned Deily2021-02-162-3/+3
|
* 3.7.10v3.7.10Ned Deily2021-02-1514-23/+103
|
* Add a warning block around the get_referrers() documentation (GH-24511) ↵Miss Islington (bot)2021-02-151-4/+5
| | | | | | | (GH-24544) (cherry picked from commit 813db24f7c2c536d587d1832c3c52b44fa9e242e) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
* [3.7] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24531)Senthil Kumaran2021-02-159-46/+152
| | | | | | | | | | | | | | bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com> (cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
* [3.7] closes bpo-42938: Replace snprintf with Python unicode formatting in ↵Benjamin Peterson2021-01-183-34/+66
| | | | | | | ctypes param reprs. (GH-24249) (cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) Co-authored-by: Benjamin Peterson <benjamin@python.org>
* Bring Python into the new year. (GH-24036) (GH-24052)Miss Islington (bot)2021-01-019-10/+10
| | | | | (cherry picked from commit de6f20a6de48d63066b2cf5b317f50629f01d74a) Co-authored-by: Dong-hee Na <donghee.na@python.org>
* bpo-42794: Update test_nntplib to use offical group name for testing ↵Miss Islington (bot)2021-01-012-3/+9
| | | | | | | (GH-24037) (GH-24041) (cherry picked from commit ec3165320e81ac87edcb85c86c452528ddbaec1c) Co-authored-by: Dong-hee Na <donghee.na@python.org>
* bpo-17140: Document multiprocessing's ThreadPool (GH-23812) (GH-23836)Miss Islington (bot)2020-12-182-0/+41
| | | | | | | | Up until now, the `multiprocessing.pool.ThreadPool` class has gone undocumented, despite being a public class in multiprocessing that is included in `multiprocessing.pool.__all__`. (cherry picked from commit 84ebcf271a2cc8bfd1762acb279502b8b6ef236e) Co-authored-by: Matt Wozniski <mwozniski@bloomberg.net>
* [3.7] Bumps [actions/cache](https://github.com/actions/cache) from v1 to ↵Benjamin Peterson2020-12-012-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | v2.1.3. (GH-23596) * build(deps): bump actions/cache from v2.1.2 to v2.1.3 (23582) Bumps [actions/cache](https://github.com/actions/cache) from v2.1.2 to v2.1.3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2.1.2...0781355a23dac32fd3bac414512f4b903437991a) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit a43fea88577c460eed7cc92a37b5fce787d6aab1) * [3.7] build(deps): bump actions/cache from v2.1.2 to v2.1.3 (23582) Bumps [actions/cache](https://github.com/actions/cache) from v2.1.2 to v2.1.3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2.1.2...0781355a23dac32fd3bac414512f4b903437991a) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>. (cherry picked from commit a43fea88577c460eed7cc92a37b5fce787d6aab1) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* bpo-40791: Make compare_digest more constant-time. (GH-23438)Miss Islington (bot)2020-11-222-1/+2
| | | | | | | | The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization. (This is change GH-1 from https://bugs.python.org/issue40791 .) (cherry picked from commit 31729366e2bc09632e78f3896dbce0ae64914f28) Co-authored-by: Devin Jeanpierre <jeanpierreda@google.com>
* [3.7] bpo-42336: Improve PCbuild batch files (GH-23325) (GH-23373)Steve Dower2020-11-187-14/+47
| | | | | * bpo-42336: Improve PCbuild batch files (GH-23325) * Remove ARM platforms
* [3.7] bpo-42103: Improve validation of Plist files. (GH-22882) (#23117)Serhiy Storchaka2020-11-104-67/+367
| | | | | | | | | | | * Prevent some possible DoS attacks via providing invalid Plist files with extremely large number of objects or collection sizes. * Raise InvalidFileException for too large bytes and string size instead of returning garbage. * Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN). * Raise InvalidFileException instead of TypeError for non-hashable dict keys. * Add more tests for invalid Plist files.. (cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.7] Remove 3.5 from Doc version switcher in master. (GH-22886) (#22890)larryhastings2020-10-222-2/+0
| | | (cherry picked from commit 283f9a253b4ff4df728558205629b3bb3af6e47f)
* bpo-41944: No longer call eval() on content received via HTTP in the CJK ↵Miss Skeleton (bot)2020-10-192-14/+9
| | | | | | | codec tests (GH-22566) (GH-22578) (cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-42051: Reject XML entity declarations in plist files (#22760) (GH-22801)Ned Deily2020-10-193-0/+28
| | | Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
* [3.7] bpo-41976: Fix the fallback to gcc of ctypes.util.find_library when ↵Pablo Galindo2020-10-083-8/+39
| | | | | | | using gcc>9 (GH-22598). (GH-22601) (cherry picked from commit 27ac19cca2c639caaf6fedf3632fe6beb265f24f) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
* Post release updatesNed Deily2020-08-172-3/+3
|
* 3.7.9v3.7.9Ned Deily2020-08-1513-19/+95
|
* bpo-41100: additional fixes for testing on macOS 11 Big Sur IntelNed Deily2020-08-156-5/+15
| | | | | Note: macOS 11 is not yet released, this release of Python is not fully supported on 11.0, and not all tests pass.
* bpo-33786: Fix asynchronous generators to handle GeneratorExit in athrow() ↵Miss Islington (bot)2020-08-145-9/+87
| | | | | | | | (GH-7467) (GH-21878) (cherry picked from commit 52698c7ad9eae9feb35839fde17a7d1da8036a9b) Co-authored-by: Yury Selivanov <yury@magic.io>
* bpo-41455: Provide a link to how the third generation is collected in the GC ↵Miss Islington (bot)2020-08-121-3/+3
| | | | | | | | docs (GH-21703) (GH-21788) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> (cherry picked from commit 82ca8fada15b121866530f2cdac1b7055be4a244) Co-authored-by: Yaroslav Pankovych <31005942+P-Alban@users.noreply.github.com>
* bpo-41475: Fix note in "What's new in 3.7" (GH-21733) (GH-21835)Miss Islington (bot)2020-08-121-1/+1
| | | | | (cherry picked from commit 76643c10ede2813ca921464fe839e81caee21a84) Co-authored-by: Ram Rachum <ram@rachum.com>
* bpo-39603: Prevent header injection in http methods (GH-18485) (GH-21538)Miss Islington (bot)2020-07-193-0/+39
| | | | | | reject control chars in http method in http.client.putrequest to prevent http header injection (cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
* bpo-41304: Update NEWS to include CVE-2020-15801 reference (GH-21521) (GH-21524)Miss Islington (bot)2020-07-181-1/+1
| | | | | (cherry picked from commit 164b04c47e61bd35d55e61bc74f9fd646eba81bb) Co-authored-by: Steve Dower <steve.dower@python.org>
* bpo-41304: Ensure python3x._pth is loaded on Windows (GH-21495) (#21499)Steve Dower2020-07-153-3/+36
|
* bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21484)Miss Islington (bot)2020-07-154-0/+10
| | | | | | | | Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4) Co-authored-by: Rishi <rishi_devan@mail.com>
* bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) (GH-21461)Miss Islington (bot)2020-07-133-8/+41
| | | | | | Automerge-Triggered-By: @tiran (cherry picked from commit 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* closes bpo-41235: Fix the error handling in SSLContext.load_dh_params() ↵Miss Islington (bot)2020-07-072-2/+5
| | | | | | | (GH-21389) (cherry picked from commit aebc0495572c5bb85d2bd97d27cf93ab038b5a6a) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
* [3.7] bpo-29778: Ensure python3.dll is loaded from correct locations when ↵Steve Dower2020-07-065-72/+81
| | | | | | | Python is embedded (GH-21297) (#21298) * bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded. * Add CVE number
* [3.7] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface ↵Tapas Kundu2020-06-303-2/+14
| | | | | | | | | | | | | | (GH-21033) (GH-21231) CVE-2020-14422 The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation (cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) Co-authored-by: Ravi Teja P <rvteja92@gmail.com> Signed-off-by: Tapas Kundu <tkundu@vmware.com>
* Post release updatesNed Deily2020-06-282-3/+3
|
* 3.7.8v3.7.8Ned Deily2020-06-275-8/+26
|
* BPO-41100: Support macOS 11 when building (GH-21113) (GH-21155)Miss Islington (bot)2020-06-253-2/+3
| | | | | | (cherry picked from commit 8ea6353f60625c96ce96588c70ff24a77f8c71f9) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
* [3.7] bpo-41009: fix requires_OS_version() class decorator (GH-20942) (GH-20949)Christian Heimes2020-06-252-19/+21
| | | | | | | | Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran. (cherry picked from commit bb6ec14479f18c32e71e43f2785f177aa17aabbd) Co-authored-by: Christian Heimes <christian@python.org>
* Update macOS installer reader for 3.7.8Ned Deily2020-06-251-5/+25
|
* Fix macOS installer build typosNed Deily2020-06-252-3/+2
|
* Post release updateNed Deily2020-06-172-3/+3
|
* 3.7.8rc1v3.7.8rc1Ned Deily2020-06-1797-660/+1490
|
* bpo-40204: Pin Sphinx version to 2.3.1 in Doc/MakefileNed Deily2020-06-172-2/+2
|
* Update missed Python.app copyright.Ned Deily2020-06-171-2/+2
|
* Update macOS Python Launcher defaults to python3.Ned Deily2020-06-171-15/+9
|
* bpo-39580: add check for CLI installation on macOSNed Deily2020-06-172-1/+4
| | | | Adds a simple check for whether or not the package is being installed in the GUI or using installer on the command line. This addresses an issue where CLI-based software management tools (such as Munki) unexpectedly open Finder windows into a GUI session during installation runs.
* Update the macOS installer build scriptsNed Deily2020-06-174-230/+128
| | | | | Change includes to fix building with Python 3.x and to build correctly on newer macOS systems with SIP.
* Synchronize macOS installer with 3.9Ned Deily2020-06-161-14/+37
|
* bpo-38488: Upgrade bundled versions of pip & setuptools (GH-20491) (GH-20900)Miss Islington (bot)2020-06-156-7/+8
| | | | | | Co-authored-by: Xavier Fernandez <xav.fernandez@gmail.com> (cherry picked from commit e63cc2f64668bd1d4581f8efa7089af7e08863b8) Co-authored-by: Ned Deily <nad@python.org>
* bpo-40448: ensurepip: Do not use cache (GH-19812)Miss Islington (bot)2020-06-154-9/+12
| | | | | | | | | | | | | | | | | ensurepip optionally installs or upgrades 'pip' and 'setuptools' using the version of those modules bundled with Python. The internal PIP installation routine by default temporarily uses its cache, if it exists. This is undesirable as Python builds and installations may be independent of the user running the build, whilst PIP cache location is dependent on the user's environment and outside of the build environment. At the same time, there's no value in using the cache while installing bundled modules. This change disables PIP caching when used in ensurepip. (cherry picked from commit 4a3a682b12f93a03888e8b59f439bc5fe30d6055) Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com>
* [3.7] bpo-34226: fix cgi.parse_multipart without content_length (GH-8530) ↵Miss Islington (bot)2020-06-153-2/+21
| | | | | | | | | | | | | | | | | (GH-20892) In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH header, this fix remove this header as required and fix FieldStorage read_lines_to_outerboundary, by not using limit when it's negative, since by default it's -1 if not content-length and keeps substracting what was read from the file object. Also added a test case for this problem. (cherry picked from commit d8cf3514dd4682419a66f6e834bb384ee34afc95) Co-authored-by: roger <rogerduran@gmail.com> Automerge-Triggered-By: @ned-deily
* [3.7] bpo-37674: Tweak imp module deprecation note in the docs (GH-20480) ↵Miss Islington (bot)2020-06-131-1/+1
| | | | | | | | | | (GH-20861) (cherry picked from commit dea3223740127ac13f984c1d38f127ab6701af44) Co-authored-by: Zackery Spytz <zspytz@gmail.com> Automerge-Triggered-By: @brettcannon
* bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834)Steve Dower2020-06-125-8/+9
| | | Co-authored-by: Srinivas Reddy Thatiparthy (శ్రీనివాస్ రెడ్డి తాటిపర్తి) <thatiparthysreenivas@gmail.com>
* bpo-40964: disable remote IMAP tests (GH-20836)Christian Heimes2020-06-122-0/+5
| | | | | | Remote host cyrus.andrew.cmu.edu is blocking incoming connections and is causing test suite to fail. Signed-off-by: Christian Heimes <christian@python.org>