Matti Picus pushed to branch branch/py3.6 at PyPy / pypy
Commits: ccc6278e by Michał Górny at 2020-09-10T23:08:27+02:00 sync http.client module with py3.6 to fix CVE-2019-18348 Sync http.client module as well as test_httplib and test_urllib to include better CVE-2019-18348 protection via validating hostname for control characters. This also includes refactoring of path validation that makes it possible to override it. --HG-- branch : py3.6 - - - - - b1a2c935 by Michał Górny at 2020-09-10T23:12:16+02:00 sync email.headerregistry with py3.6 to fix bpo-39073 Sync email.headerregistry module and the relevant test to CPython 3.6 branch. The only change is disallowing CR/LF in email.headerregistry.Address that aims to prevent header injection. --HG-- branch : py3.6 - - - - - b5c7c9d5 by Michał Górny at 2020-09-10T23:15:18+02:00 sync asyncio.base_events with py3.6 to fix bpo-37228 Sync asyncio.base_events and the matching test with CPython 3.6 branch to fix bpo-37228. This includes the change banning reuse_address parameter to loop.create_datagram_endpoint() because of security concerns with doing that. --HG-- branch : py3.6 - - - - - 66df0127 by Michał Górny at 2020-09-10T23:18:03+02:00 sync uu to py3.6 to fix bpo-38945 Sync uu, encodings.uu_codec and relevant tests to CPython 3.6 branch to fix bpo-38945. This is a fix preventing newline in filename from corrupting the output format. --HG-- branch : py3.6 - - - - - a3d3a77b by Michał Górny at 2020-09-10T23:20:30+02:00 sync cookiejar to py3.6 to fix bpo-38804 Sync cookiejar and matching tests to CPython 3.6 branch to fix bpo-38804 or REDoS in cookiejar. --HG-- branch : py3.6 - - - - - 11180268 by Michał Górny at 2020-09-10T23:23:15+02:00 sync xmlrpc.server to py3.6 to fix bpo-38243 Sync xmlrpc.server and the matching tset to CPython 3.6 branch to fix bpo-38243, that is escape the server title when rendering as HTML. --HG-- branch : py3.6 - - - - - 5a721904 by Michał Górny at 2020-09-10T23:29:33+02:00 sync email to py3.6 to fix bpo-37461 and bpo-34155 Sync email._header_value_parser, email._parseaddr and their respective tests to include fixes for bpo-37461 and bpo-34155. The former is DoS via infinite loop while parsing specially crafted email headers, the latter is accepting domains containing '@'. --HG-- branch : py3.6 - - - - - 6d21fd2f by Matti Picus at 2020-09-11T11:45:16+03:00 merge stdlib fixes to py3.6 --HG-- branch : py3.6 - - - - - 18 changed files: - lib-python/3/asyncio/base_events.py - lib-python/3/email/_header_value_parser.py - lib-python/3/email/_parseaddr.py - lib-python/3/email/headerregistry.py - lib-python/3/encodings/uu_codec.py - lib-python/3/http/client.py - lib-python/3/http/cookiejar.py - lib-python/3/test/test_asyncio/test_base_events.py - lib-python/3/test/test_docxmlrpc.py - lib-python/3/test/test_email/test__header_value_parser.py - lib-python/3/test/test_email/test_email.py - lib-python/3/test/test_email/test_headerregistry.py - lib-python/3/test/test_http_cookiejar.py - lib-python/3/test/test_httplib.py - lib-python/3/test/test_urllib.py - lib-python/3/test/test_uu.py - lib-python/3/uu.py - lib-python/3/xmlrpc/server.py View it on GitLab: https://foss.heptapod.net/pypy/pypy/-/compare/ba16be06ab616cc8ba740c3067b105a3d0011909...6d21fd2f74b36fb4dc2f0638b34d75d4b9aebfdd -- View it on Heptapod: https://foss.heptapod.net/pypy/pypy/-/compare/ba16be06ab616cc8ba740c3067b105a3d0011909...6d21fd2f74b36fb4dc2f0638b34d75d4b9aebfdd You're receiving this email because of your account on foss.heptapod.net.
_______________________________________________ pypy-commit mailing list [email protected] https://mail.python.org/mailman/listinfo/pypy-commit
