Permalink
Checking mergeability…
Don’t worry, you can still create the pull request.
Comparing changes
Open a pull request
53
contributors
This comparison is big! We’re only showing the most recent
250
commits
Commits on May 14, 2017
(cherry picked from commit 9977629)
Commits on May 16, 2017
Commits on May 17, 2017
test_thread: setUp() now uses support.threading_setup() and support.threading_cleanup() to wait until threads complete to avoid random side effects on following tests. Co-Authored-By: Grzegorz Grzywacz <[email protected]> (cherry picked from commit 79ef7f8)
…1627) Under *spawn* and *forkserver* start methods, SimpleQueue.empty() could raise AttributeError due to not setting _poll in __setstate__.
test_is_alive_after_fork() now joins directly the thread to avoid the following warning added by bpo-30357: Warning -- threading_cleanup() failed to cleanup 0 threads after 2 sec (count: 0, dangling: 21) Use also a different exit code to catch generic exit code 1. (cherry picked from commit f8d05b3)
Commits on May 20, 2017
Based on patches by Duane Griffin and Tim Mitchell. (cherry picked from commit 753bca3)
Commits on May 21, 2017
(cherry picked from commit 8175547)
Commits on May 23, 2017
Ran the docstrings through spell checker, and fixed spelling issues.
Commits on May 24, 2017
Commits on May 25, 2017
…oop on exc (GH-1683) (#1816) * bpo-30414: multiprocesing.Queue._feed do not break from main loop on exc Queue background running thread was not handling exceptions correctly. Any exception occurred inside thread (putting unpickable object) cause feeder to finish running. After that every message put into queue is silently ignored. * bpo-30414: multiprocesing.Queue._feed do not break from main loop on exc Queue background running thread was not handling exceptions correctly. Any exception occurred inside thread (putting unpickable object) cause feeder to finish running. After that every message put into queue is silently ignored. (cherry picked from commit bc50f03)
Commits on May 27, 2017
Also document that some attributes may be None. (cherry picked from commit 12d6b5d)
Commits on May 29, 2017
Commits on May 30, 2017
…1869) The data model section of the language reference was written well before the zero-argument form of super() was added. To avoid giving the impression that they're doing something unusual, this updates the description of `__new__` and `__init__` to use the zero-argument form. Patch by Cheryl Sabella. (cherry picked from commit 12b1c18)
Commits on May 31, 2017
(cherry picked from commit a5aa72a)
Commits on Jun 01, 2017
Commits on Jun 02, 2017
Commits on Jun 03, 2017
Initially the macOS builds are allowed to fail until such time that they can be determined to be stable and not add an unacceptable amount of time to the overall Travis-passing process. (cherry picked from commit 21c2dd7)
Commits on Jun 04, 2017
Commits on Jun 05, 2017
Commits on Jun 08, 2017
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults. (cherry picked from commit 65ece7c)
Commits on Jun 10, 2017
…H-2053) This will allow for centralized management of the Codecov config to prevent skew as well as easier management going forward. Closes python/core-workflowGH-81. (cherry picked from commit 11ffb45)
…e with certain servers (GH-409) (#2063) * bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers (#409) (cherry picked from commit a608d2d) * [3.5] bpo-29406: asyncio SSL contexts leak sockets after calling close with certain servers (GH-409) * asyncio SSL contexts leak sockets after calling close with certain servers * cleanup _shutdown_timeout_handle on _fatal_error. (cherry picked from commit a608d2d)
Commits on Jun 11, 2017
Commits on Jun 13, 2017
Add a test to check the current MAGIC_NUMBER against the expected number for the release if the current release is at candidate or final level. On test failure, describe to the developer the procedure for changing the magic number. This ensures that pre-merge CI will automatically pick up on magic number changes in maintenance releases (and explain why those are problematic), rather than relying on all core developers to be aware of the implications of such changes.
Commits on Jun 14, 2017
Commits on Jun 15, 2017
* bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b5)
* Rewrite code to pass slaveargs from the master process to worker processes: reuse the same code of the Python master branch * Move code to initialize tests in a new setup_tests() function, similar change was done in the master branch * In a worker process, call setup_tests() with the namespace built from slaveargs to initialize correctly tests Before this change, warm_caches() was not called in worker processes because the setup was done before rebuilding the namespace from slaveargs. As a consequence, the huntrleaks feature was unstable. For example, test_zipfile reported randomly false positive on reference leaks.
Commits on Jun 16, 2017
…to regrtest (#2250) * bpo-30540: regrtest: add --matchfile option * Add a new option taking a filename to get a list of test names to filter tests. * support.match_tests becomes a list. * Modify run_unittest() to accept to match the whole test identifier, not just a part of a test identifier. For example, the following command only runs test_access() of the FileTests class of test_os: $ ./python -m test -v -m test.test_os.FileTests.test_access test_os * bpo-30523: regrtest: Add --list-cases option * Add --list-cases option to regrtest * Add get_abs_module() function, use it in list_cases() * Add ns mandatory positional argument to runtest() and runtest_inner() * Add file optional parameter to printlist() Co-Authored-By: Louie Lu <[email protected]>
Commits on Jun 19, 2017
…m master to 3.5 (#2279) * bpo-30383: regrtest: prepend testdir to sys.path * bpo-30383: Backport test_regrtest * regrtest: rename --slow option to --slowest The old --slow syntax is still accepted. * regrtest: add a single oneliner summary Example: "Tests result: SUCCESS" * test_regrtest: add test_coverage() regrtest now also displays the number of successful tests when coverage is used. * test_regrtest: add test_crashed() Handle correctly crashing test: account the crash has a failed test, but continue to run other tests. * regrtest: backport --list-tests feature * regrtest: backport --fromfile enhancements * regrtest: backport displaying progress enhancements * test_regrtest: backport test_randseed() * regrtest: Fix --coverage on Windows Don't ignore any directory anymore. Change backported from master.
Commits on Jun 20, 2017
…) (#2272) * [3.5] bpo-29887: Test normalization now fails if download fails (GH-905) * test_normalization fails if download fails bpo-29887. The test is still skipped if "-u urlfetch" option is not passed to regrtest (python3 -m test -u urlfetch test_normalization). * Fix ResourceWarning in test_normalization bpo-29887: Fix ResourceWarning in test_normalization if tests are interrupted by CTRL+c. (cherry picked from commit 722a3af) * bpo-29887: test_normalization handles PermissionError (#1196) Skip test_normalization.test_main() if download raises a permission error. (cherry picked from commit d13d547) * no f-strings :(
Commits on Jun 21, 2017
Commits on Jun 22, 2017
CPython workflow is changing! We're going to start using "blurb"
to manage Misc/NEWS entries:
https://github.com/python/core-workflow
(This will be a big win for release managers, honest.)
This checkin simply populates the "Misc/NEWS.d" subdirectory tree
so that people can start putting their news entries in there.
No other changes (yet).
Commits on Jun 23, 2017
… (#2350) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <[email protected]> (cherry picked from commit c8fb58b) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c6555)
…ge() (GH-2268) (GH-2365) Bug didn't manifest itself when importing a module with source as .py files are always the first on the search path. The issue only showed up in bytecode-only packages where the calculated file path would be ``__init__.py/__init__.pyc``. Patch by Alexandru Ardelean. (cherry picked from commit c38e32a)
Commits on Jun 24, 2017
Commits on Jun 26, 2017
… not to (GH-2403) (#2419) * bpo-30765: Avoid blocking when PyThread_acquire_lock() is asked not to lock This is especially important if PyThread_acquire_lock() is called reentrantly (for example from a signal handler). * Update 2017-06-26-14-29-50.bpo-30765.Q5iBmf.rst * Avoid core logic when taking the mutex failed. (cherry picked from commit f84ac42)
Commits on Jun 27, 2017
* bpo-30523: regrtest --list-cases --match (#2401) * regrtest --list-cases now supports --match and --match-file options. Example: ./python -m test --list-cases -m FileTests test_os * --list-cases now also sets support.verbose to False to prevent messages to stdout when loading test modules. * Add support._match_test() private function. (cherry picked from commit ace56d5) * bpo-30764: regrtest: add --fail-env-changed option (#2402) * bpo-30764: regrtest: change exit code on failure * Exit code 2 if failed tests ("bad") * Exit code 3 if interrupted * bpo-30764: regrtest: add --fail-env-changed option If the option is set, mark a test as failed if it alters the environment, for example if it creates a file without removing it. (cherry picked from commit 63f54c6) * bpo-30776: reduce regrtest -R false positives (#2422) * Change the regrtest --huntrleaks checker to decide if a test file leaks or not. Require that each run leaks at least 1 reference. * Warmup runs are now completely ignored: ignored in the checker test and not used anymore to compute the sum. * Add an unit test for a reference leak. Example of reference differences previously considered a failure (leak) and now considered as success (success, no leak): [3, 0, 0] [0, 1, 0] [8, -8, 1] (cherry picked from commit 48b5c42)
…ng(). (GH-2285) (GH-2443) (#2448) And use it instead of PyUnicode_AsWideCharString() if appropriate. _PyUnicode_AsWideCharString(unicode) is like PyUnicode_AsWideCharString(unicode, NULL), but raises a ValueError if the wchar_t* string contains null characters. (cherry picked from commit e613e6a). (cherry picked from commit 0edffa3)
Commits on Jun 28, 2017
Clarify that the break statement breaks out of the innermost enclosing for or while loop. (cherry picked from commit 36fc896)
Commits on Jun 30, 2017
* bpo-30280: asyncio now cleans up threads asyncio base TestCase now uses threading_setup() and threading_cleanup() of test.support to cleanup threads. * asyncio: Fix TestBaseSelectorEventLoop cleanup bpo-30280: TestBaseSelectorEventLoop of test.test_asyncio.test_selector_events now correctly closes the event loop: cleanup its executor to not leak threads. Don't override the close() method of the event loop, only override the_close_self_pipe() method. (cherry picked from commit b903067)
Commits on Jul 02, 2017
Commits on Jul 03, 2017
… from 3.6 to 3.5 (#2540) * [3.6] bpo-29512, bpo-30776: Backport regrtest enhancements from master to 3.6 (#2513) * bpo-29512: Add test.bisect, bisect failing tests (#2452) Add a new "python3 -m test.bisect" tool to bisect failing tests. It can be used to find which test method(s) leak references, leak files, etc. (cherry picked from commit 84d9d14) * bpo-30776: regrtest: reduce memleak false positive (#2484) Only report a leak if each run leaks at least one memory block. (cherry picked from commit beeca6e) (cherry picked from commit a3ca94d) * bpo-30764: Fix regrtest --fail-env-changed --forever (#2536) (#2539) --forever now stops if a fail changes the environment. (cherry picked from commit 5e87592) (cherry picked from commit 4132adb)
Commits on Jul 04, 2017
FXpy doesn't have a Python 3 port and it only supports Python 2.2 and older versions. Reported by Alex Walters on [email protected]. (cherry picked from commit d3ed287)
(cherry picked from commit 7526cad)
Commits on Jul 05, 2017
Commits on Jul 06, 2017
(cherry picked from commit be5ebe5)
Commits on Jul 09, 2017
If history-length is set in .inputrc, and the history file is double the history size (or more), history_get(N) returns NULL, and python segfaults. Fix that by checking for NULL return value. It seems that the root cause is incorrect handling of bigger history in readline, but Python should not segfault even if readline returns unexpected value. This issue affects only GNU readline. When using libedit emulation system history size option does not work.
Commits on Jul 10, 2017
multiprocessing.Queue.join_thread() now waits until the thread completes, even if the thread was started by the same process which created the queue. Fix the following warning which occurs randomly when running test_handle_called_with_mp_queue of test_logging.QueueListenerTest: Warning -- threading_cleanup() failed to cleanup -1 threads after 4 sec (count: 0, dangling: 1) (cherry picked from commit 3b69d91)
Commits on Jul 13, 2017
Commits on Jul 16, 2017
Commits on Jul 18, 2017
Commits on Jul 20, 2017
…lib2net (GH-2755)
When running the test suite using --use=all / -u all, exclude tzdata since it makes test_datetime too slow (15-20 min on some buildbots) which then times out on some buildbots. -u tzdata must now be enabled explicitly, -u tzdata or -u all,tzdata, to run all test_datetime tests. Fix also regrtest command line parser to allow passing -u extralargefile to run test_zipfile64. Travis CI: remove -tzdata. Replace -u all,-tzdata,-cpu with -u all,-cpu since tzdata is now excluded from -u all. (cherry picked from commit 5b392bb)
Commits on Jul 21, 2017
…builtin functions (GH-3) Cython will, in the right circumstances, offer a MethodType instance where im_func is a builtin function. Any instance of MethodType is automatically assumed to be a Python-defined function (more specifically, a function that has an inspectable signature), but _set_signature was still conservative in its assumptions. As a result _set_signature would return early with None instead of a mock since the im_func had no inspectable signature. This causes problems deeper inside mock, as _set_signature is assumed to _always_ return a mock, and nothing checked its return value. In similar corner cases, autospec will simply not check the spec of the function, so _set_signature is amended to now return early with the original, not-wrapped mock object. Patch by Aaron Gallagher. (cherry picked from commit 856cbcc)
Commits on Jul 23, 2017
* bpo-30876: Relative import from unloaded package now reimports the package instead of failing with SystemError. Relative import from non-package now fails with ImportError rather than SystemError. (cherry picked from commit 8a9cd20) * bpo-18018: Import raises ImportError instead of SystemError if a relative import is attempted without a known parent package. * bpo-26367: importlib.__init__() raises ImportError like builtins.__import__() when ``level`` is specified but without an accompanying package specified.
Commits on Jul 24, 2017
tearDown() now clears explicitly the self.server variable to make sure that the thread is completely cleared when tearDownClass() checks if all threads have been cleaned up. Fix the following warning: $ ./python -m test --fail-env-changed -m test.test_os.TestSendfile.test_keywords -R 3:1 test_os (...) Warning -- threading_cleanup() failed to cleanup 0 threads after 3 sec (count: 0, dangling: 2) (...) Tests result: ENV CHANGED (cherry picked from commit d1cc037)
Commits on Jul 25, 2017
Commits on Jul 27, 2017
Commits on Aug 01, 2017
Use the copy provided in https://bugs.python.org/issue25910GH-msg295200 (cherry picked from commit 8474d87)
Commits on Aug 07, 2017
Use the copy provided in https://bugs.python.org/issue25910GH-msg295200 (cherry picked from commit 8474d87) (cherry picked from commit f6306e7)
Commits on Sep 08, 2017
…-3440) Rather than requiring the path to blurb and/or sphinx-build to be specified to the make rule, enhance the Doc/Makefile to look for each first in a virtual environment created by make venv and, if not found, look on the normal process PATH. This allows the Doc/Makefile to take advantage of an installed spinx-build or blurb and, thus, do the right thing most of the time. Also, make the directory for the venv be configurable and document the `make venv` target.
Commits on Sep 24, 2017
Works around Travis CI bug about the python3.5 binary: travis-ci/travis-ci#8363
Commits on Sep 25, 2017
#3354) * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): libexpat/libexpat#115 * Define XML_POOR_ENTROPY when compiling expat
Commits on Dec 08, 2017
Fixes possible integer overflow in PyBytes_DecodeEscape. Co-Authored-By: Jay Bosamiya <[email protected]>
Commits on Jan 23, 2018
* [3.5] Remove failing pyenv call from CI config * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library).
* [3.5] bpo-32563: Get expat to compile under C89 expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library). * Don't configure a nonexistent Python
Directory and zipfile execution previously added the parent directory of the directory or zipfile as sys.path[0] and then subsequently overwrote it with the directory or zipfile itself. This caused problems in isolated mode, as it overwrote the "stdlib as a zip archive" entry in sys.path, as the parent directory was never added. The attempted fix to that issue in bpo-29319 created the opposite problem in *non*-isolated mode, by potentially leaving the parent directory on sys.path instead of overwriting it. This change fixes the root cause of the problem by removing the whole "add-and-overwrite" dance for sys.path[0], and instead simply never adds the parent directory to sys.path in the first place. (cherry picked from commit d2977a3)
* [3.5] bpo-32072: Fix issues with binary plists. (GH-4455) * Fixed saving bytearrays. * Identical objects will be saved only once. * Equal references will be load as identical objects. * Added support for saving and loading recursive data structures. (cherry picked from commit a897aee) * Fix implementation dependent assertion in test_plistlib. (#4813) It is failed with an advanced optimizer.
Commits on Feb 04, 2018
Commits on Feb 05, 2018
Commits on Mar 11, 2018
* Prevent low-grade poplib REDOS (CVE-2018-1060) The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. A 2KB evil response from the mail server would result in small slowdowns (milliseconds vs. microseconds) accumulated over many apop calls. This is a potential DOS vector via accumulated slowdowns. Replace it with a similar non-vulnerable regex. The new regex is RFC compliant. The old regex was non-compliant in edge cases. * Prevent difflib REDOS (CVE-2018-1061) The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Also introduce unit and REDOS tests for difflib. Co-authored-by: Tim Peters <[email protected]> Co-authored-by: Christian Heimes <[email protected]>. (cherry picked from commit 0e6c8ee)
Commits on May 14, 2018
* bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Remove invalid test
Commits on Jul 02, 2018
Commits on Jul 19, 2018
Clarify the documentation for the CALL_FUNCTION_* bytecodes. They changed in 3.5 in subtle ways and the documentation has never been correct, much less clear.
Commits on Feb 25, 2019
* bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG. Signed-off-by: Christian Heimes <[email protected]> https://bugs.python.org/issue34623 (cherry picked from commit cb5778f) Co-authored-by: Christian Heimes <[email protected]>
Commits on Feb 26, 2019
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <[email protected]> (cherry picked from commit a37f524)
The xml.sax and xml.dom.domreg modules now obey sys.flags.ignore_environment. Signed-off-by: Christian Heimes <[email protected]> (cherry picked from commit 223e501)
Commits on Mar 01, 2019
…0994) * bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <[email protected]>
Commits on Mar 04, 2019
) (#12144) Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom is commonly used to select all signals for blocking with `pthread_sigmask`. So we ignore the sigaddset() return value until we expose sigfillset() to provide a better idiom. (cherry picked from commit 25038ec) Co-authored-by: Antoine Pitrou <[email protected]>
Commits on Mar 11, 2019
Commits on Mar 16, 2019
* Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f0)
Commits on Mar 17, 2019
…GH-10258) (#12281) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <[email protected]>
Commits on Mar 19, 2019
Commits on Jul 13, 2019
* [3.5] Doc: Add an optional obsolete header. (GH-13638). (cherry picked from commit 46ed90d) Co-authored-by: Julien Palard <[email protected]>
#13200) * [3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) We updated the server, our testsuite must match. https://bugs.python.org/issue36816✈️ CLE -> DEN✈️ GH-pycon2019 (cherry picked from commit 6bd8173) Co-authored-by: Gregory P. Smith <[email protected]>
… use C89 for loops in backported pickle patch (#12622)
Commits on Jul 14, 2019
…) (GH-13505) (#13510) CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. Co-Authored-By: SH <[email protected]>
Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected. Disable https related urllib tests on a build without ssl (GH-13032) These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures. Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044) Co-Authored-By: Miro Hrončok <[email protected]>
Commits on Sep 07, 2019
https://bugs.python.org/issue34155 (cherry picked from commit 8cb65d1) Co-authored-by: jpic <[email protected]>
…1.1.1 (#12694) Some test_ssl and test_asyncio tests were written for OpenSSL 1.0 and TLS 1.0, but fail with OpenSSL 1.1.1 and TLS 1.3. Fixing these requires backporting new ssl flags like ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION, which is inappropriate at this stage in Python 3.5's lifetime. Moreover, it's not really worth it: the code works fine, the problem is just in the tests. This patch disables those problematic tests when Python 3.5 is built using newer versions of OpenSSL.
… (GH-13814) (#14772) (cherry picked from commit 8d0ef0b) Co-authored-by: Steve Dower <[email protected]> (cherry picked from commit fd1771d)
…ail headers (GH-14794) (#15446) * [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794) Some crafted email header would cause the get_parameter method to run in an infinite loop causing a DoS attack surface when parsing those headers. This patch fixes that by making sure the DQUOTE character is handled to prevent going into an infinite loop. (cherry picked from commit a4a994b) Co-authored-by: Abhilash Raj <[email protected]> Co-Authored-By: Ashwin Ramaswami <[email protected]>
Commits on Oct 08, 2019
(cherry picked from commit 2db96ae) Co-authored-by: Julien Palard <[email protected]> (cherry picked from commit 23a98ab)
Commits on Oct 09, 2019
…16434) Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.
Commits on Oct 29, 2019
Commits on Nov 02, 2019
This file was deleted.