Matti Picus pushed to branch branch/py3.6 at PyPy / pypy
Commits: 70de54d0 by Michał Górny at 2020-09-10T10:53:59+02:00 prevent header injection in http methods (bpo-39603) Port the patch from Python 3.6 (f02de961b9) to our stdlib: reject control chars in http method in http.client.putrequest to prevent http header injection. --HG-- branch : py3.6 - - - - - 49a96f40 by Matti Picus at 2020-09-10T12:07:19+03:00 test, implement easy part of PyMemoryView_GetContiguous --HG-- branch : py3.6 - - - - - 28d9e895 by Michał Górny at 2020-09-10T11:28:03+02:00 fix regex in AbstractBasicAuthHandler (CVE-2020-8492 / bpo-39503) Port the patch from Python 3.6 (69cdeeb93e) to our stdlib: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. --HG-- branch : py3.6 - - - - - 92978c45 by Matti Picus at 2020-09-10T23:25:18+03:00 Merge fixes for bpo-39603 --HG-- branch : py3.6 - - - - - 99f5151f by Matti Picus at 2020-09-10T23:25:57+03:00 merge fixes for bpo-39503 --HG-- branch : py3.6 - - - - - 7 changed files: - lib-python/3/http/client.py - lib-python/3/test/test_httplib.py - lib-python/3/test/test_urllib2.py - lib-python/3/urllib/request.py - pypy/module/cpyext/api.py - pypy/module/cpyext/memoryobject.py - pypy/module/cpyext/test/test_memoryobject.py View it on GitLab: https://foss.heptapod.net/pypy/pypy/-/compare/813e238978c4efa8c7f0bb80768a2eba59472000...99f5151fe748806acdd1039a54bacf68440ccae7 -- View it on Heptapod: https://foss.heptapod.net/pypy/pypy/-/compare/813e238978c4efa8c7f0bb80768a2eba59472000...99f5151fe748806acdd1039a54bacf68440ccae7 You're receiving this email because of your account on foss.heptapod.net.
_______________________________________________ pypy-commit mailing list [email protected] https://mail.python.org/mailman/listinfo/pypy-commit
