Matti Picus pushed to branch branch/release-pypy3.6-v7.x at PyPy / pypy
Commits: 72bac5e9 by Matti Picus at 2020-09-06T16:21:02+03:00 fix some documentation build warnings and errors, comment out hpy from release - - - - - cea16152 by Matti Picus at 2020-09-06T16:24:07+03:00 change all http to https, fix some broken links - - - - - dbb5c4b6 by Ronan Lamy at 2020-09-08T17:10:47+01:00 Use rffi.ptradd() instead of a weird cast - - - - - 8e89b9a3 by Matti Picus at 2020-09-08T19:44:04+03:00 Added tag release-pypy3.6-v7.3.2rc1 for changeset 3d817608d63b - - - - - 70fd1164 by Matti Picus at 2020-09-08T19:44:19+03:00 Added tag release-pypy3.7-v7.3.2rc1 for changeset 55adbaed6eda - - - - - 27dd7e9a by Matti Picus at 2020-09-08T19:44:41+03:00 Added tag release-pypy2.7-v7.3.2rc1 for changeset 9d418ec24144 - - - - - 84c31c50 by [email protected] at 2020-09-08T15:25:11-06:00 Respect system PKG_CONFIG environment variable Many cross-compilation setups use custom pkg-config wrappers to ensure that the proper version of libraries get linked against. The conventional way to specify such a wrapper is via the PKG_CONFIG environment variable, so change the default pkg_config logic to use the contents of that variable if available. --HG-- branch : cross_compilation_fixes - - - - - 948a417e by [email protected] at 2020-09-08T15:30:57-06:00 Only set CC variable if otherwise unspecified This probing logic tests for the existence of `gcc` and sets the value of the 'CC' variable based on the results of that test, but many build pipelines already define a value for 'CC' that they don't want overridden. Change this probing logic to only set 'CC' if the environment variable doesn't already have a specified value. --HG-- branch : cross_compilation_fixes - - - - - 71141863 by Matti Picus at 2020-09-09T11:56:46+03:00 update release process - - - - - 18d9c67f by Matti Picus at 2020-09-09T11:57:21+03:00 backport fix for bpo-39017 - - - - - ea4f3875 by Matti Picus at 2020-09-09T11:58:33+03:00 merge default into branch --HG-- branch : py3.6 - - - - - dbb28e81 by Matti Picus at 2020-09-09T12:00:24+03:00 fix for bpo-39017 --HG-- branch : py3.6 - - - - - 93b559e1 by Matti Picus at 2020-09-09T12:15:52+03:00 fix bpo 41004 --HG-- branch : py3.6 - - - - - d52d46ac by Matti Picus at 2020-09-09T13:30:52+03:00 add sphinx-affiliates which allows searching across other sphinx sites - - - - - cdb4d846 by Matti Picus at 2020-09-09T16:15:15+03:00 add the extension to rpython as well - - - - - bd337d33 by Armin Rigo at 2020-09-09T15:02:16+00:00 Merge branch 'branch/cross_compilation_fixes' into 'branch/default' Cross-compilation cleanups See merge request pypy/pypy!750 - - - - - 029a00da by Armin Rigo at 2020-09-09T17:45:30+02:00 A fix for a corner case (shown by test_ztranslation in branch 'hpy'). A non-fix as a skipped test for a similar, even-more-obscure case. - - - - - 30ddf8f9 by Armin Rigo at 2020-09-09T22:47:47+02:00 next similar issue (73e7c4e0b67d) - - - - - e7e2dead by Matti Picus at 2020-09-10T07:35:59+03:00 typo, update whatsnew - - - - - 8f27f38a by Matti Picus at 2020-09-10T07:40:25+03:00 add test file - - - - - 865defcb by Matti Picus at 2020-09-10T07:40:56+03:00 add test file --HG-- branch : py3.6 - - - - - 813e2389 by Matti Picus at 2020-09-10T09:27:03+03:00 revert changes merged from default in 8f8ff88976cb: py3.6 threading is different --HG-- branch : py3.6 - - - - - f74adc2e by Michał Górny at 2020-09-10T10:44:19+02:00 prevent header injection in http methods (bpo-39603) Port the patch from Python 3.6 (f02de961b9) to our stdlib: reject control chars in http method in http.client.putrequest to prevent http header injection. --HG-- branch : release-pypy3.6-v7.x - - - - - 70de54d0 by Michał Górny at 2020-09-10T10:53:59+02:00 prevent header injection in http methods (bpo-39603) Port the patch from Python 3.6 (f02de961b9) to our stdlib: reject control chars in http method in http.client.putrequest to prevent http header injection. --HG-- branch : py3.6 - - - - - b6da8a63 by Matti Picus at 2020-09-10T12:07:19+03:00 test, implement easy part of PyMemoryView_GetContiguous - - - - - 49a96f40 by Matti Picus at 2020-09-10T12:07:19+03:00 test, implement easy part of PyMemoryView_GetContiguous --HG-- branch : py3.6 - - - - - 28d9e895 by Michał Górny at 2020-09-10T11:28:03+02:00 fix regex in AbstractBasicAuthHandler (CVE-2020-8492 / bpo-39503) Port the patch from Python 3.6 (69cdeeb93e) to our stdlib: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. --HG-- branch : py3.6 - - - - - 85a16ef3 by Michał Górny at 2020-09-10T15:55:03+02:00 sync httplib2 and urllib2 to cpython 2.7 git with security backports Sync httplib and urllib2 stdlib modules and the respective tests to the current state of CPython 2.7 git (EOL-ed) + two patches backported from 3.6 that are present in the Gentoo patchset. This has only trivial changes compared to backporting the four relevant patches and should make it easier to apply a final stdlib update post-release. The Gentoo patches can be found as the two top patches on https://gitweb.gentoo.org/fork/cpython.git/log/?h=gentoo-2.7.18-r2 - - - - - 50c53a77 by Armin Rigo at 2020-09-10T17:07:02+02:00 Issue #3297 A corner case that produces a bogus loop containing getarrayitem_gc with index -1, or with whatever index is given in the initial value of 'pos'. Negative values would segfault; positive values would allocate '8 * pos' bytes of memory however large the value is. Try to fix all these cases. - - - - - dd9cdb9e by Armin Rigo at 2020-09-10T18:00:01+02:00 A test that fails on some backends, will fix - - - - - a837a163 by Armin Rigo at 2020-09-10T18:06:18+02:00 fix aarch64 for 3495b2305437 - - - - - e47fa51e by Armin Rigo at 2020-09-10T18:11:50+02:00 fix arm for 3495b2305437 (probably, it's like aarch64, but not tested) - - - - - b2a983a3 by Matti Picus at 2020-09-10T20:14:56+00:00 Merge branch 'topic/default/py27-backport-secfixes' into 'branch/default' sync httplib2 and urllib2 to cpython 2.7 git with security backports See merge request pypy/pypy!754 - - - - - 92978c45 by Matti Picus at 2020-09-10T23:25:18+03:00 Merge fixes for bpo-39603 --HG-- branch : py3.6 - - - - - 99f5151f by Matti Picus at 2020-09-10T23:25:57+03:00 merge fixes for bpo-39503 --HG-- branch : py3.6 - - - - - a246d030 by Matti Picus at 2020-09-10T23:45:40+03:00 add latest changes to release note - - - - - ccc6278e by Michał Górny at 2020-09-10T23:08:27+02:00 sync http.client module with py3.6 to fix CVE-2019-18348 Sync http.client module as well as test_httplib and test_urllib to include better CVE-2019-18348 protection via validating hostname for control characters. This also includes refactoring of path validation that makes it possible to override it. --HG-- branch : py3.6 - - - - - b1a2c935 by Michał Górny at 2020-09-10T23:12:16+02:00 sync email.headerregistry with py3.6 to fix bpo-39073 Sync email.headerregistry module and the relevant test to CPython 3.6 branch. The only change is disallowing CR/LF in email.headerregistry.Address that aims to prevent header injection. --HG-- branch : py3.6 - - - - - b5c7c9d5 by Michał Górny at 2020-09-10T23:15:18+02:00 sync asyncio.base_events with py3.6 to fix bpo-37228 Sync asyncio.base_events and the matching test with CPython 3.6 branch to fix bpo-37228. This includes the change banning reuse_address parameter to loop.create_datagram_endpoint() because of security concerns with doing that. --HG-- branch : py3.6 - - - - - 66df0127 by Michał Górny at 2020-09-10T23:18:03+02:00 sync uu to py3.6 to fix bpo-38945 Sync uu, encodings.uu_codec and relevant tests to CPython 3.6 branch to fix bpo-38945. This is a fix preventing newline in filename from corrupting the output format. --HG-- branch : py3.6 - - - - - a3d3a77b by Michał Górny at 2020-09-10T23:20:30+02:00 sync cookiejar to py3.6 to fix bpo-38804 Sync cookiejar and matching tests to CPython 3.6 branch to fix bpo-38804 or REDoS in cookiejar. --HG-- branch : py3.6 - - - - - 11180268 by Michał Górny at 2020-09-10T23:23:15+02:00 sync xmlrpc.server to py3.6 to fix bpo-38243 Sync xmlrpc.server and the matching tset to CPython 3.6 branch to fix bpo-38243, that is escape the server title when rendering as HTML. --HG-- branch : py3.6 - - - - - 5a721904 by Michał Górny at 2020-09-10T23:29:33+02:00 sync email to py3.6 to fix bpo-37461 and bpo-34155 Sync email._header_value_parser, email._parseaddr and their respective tests to include fixes for bpo-37461 and bpo-34155. The former is DoS via infinite loop while parsing specially crafted email headers, the latter is accepting domains containing '@'. --HG-- branch : py3.6 - - - - - ba16be06 by Matti Picus at 2020-09-11T10:50:40+03:00 fix translation --HG-- branch : py3.6 - - - - - cd731cf0 by Matti Picus at 2020-09-11T10:50:40+03:00 fix translation - - - - - 6d21fd2f by Matti Picus at 2020-09-11T11:45:16+03:00 merge stdlib fixes to py3.6 --HG-- branch : py3.6 - - - - - 16161f05 by Armin Rigo at 2020-09-11T14:44:38+02:00 oops sorry, fix - - - - - 50e2497e by Armin Rigo at 2020-09-11T14:51:35+02:00 Fix this test for 32-bit - - - - - 8795a5a6 by Armin Rigo at 2020-09-11T15:03:40+02:00 Test fix: workaround for limited length of UNIXAddresses - - - - - 9c36f683 by Armin Rigo at 2020-09-12T10:02:35+02:00 backport bpo-38243 because it is classified as a CVE - - - - - 3145a409 by Matti Picus at 2020-09-13T00:27:13+03:00 test, implement PyNumber_ToBase - - - - - c0c6af4f by Matti Picus at 2020-09-13T00:30:33+03:00 merge default into py3.6 --HG-- branch : py3.6 - - - - - d21d8b8e by Matti Picus at 2020-09-13T07:06:10+03:00 fix translation --HG-- branch : py3.6 - - - - - 2241887a by Matti Picus at 2020-09-13T07:43:08+03:00 fix untranslated test --HG-- branch : py3.6 - - - - - 1e9b3172 by Matti Picus at 2020-09-13T11:39:24+03:00 skip test that crashes uptranslated - - - - - 84352e45 by Matti Picus at 2020-09-13T18:30:30+03:00 refactor force-builds script - - - - - 28615e94 by Matti Picus at 2020-09-13T23:59:08+03:00 use win32_14x or win64_14x branch name for exernals - - - - - af67d261 by Matti Picus at 2020-09-14T18:32:55+03:00 update release note, add note about release status - - - - - 697577b2 by Matti Picus at 2020-09-14T20:48:57+03:00 merge default into py3.6 --HG-- branch : py3.6 - - - - - 0bc036b3 by Matti Picus at 2020-09-14T20:53:05+03:00 merge py3.6 into release-3.6.x --HG-- branch : release-pypy3.6-v7.x - - - - - 30 changed files: - .hgtags - + lib-python/2.7/test/recursion.tar - lib-python/3/asyncio/base_events.py - lib-python/3/email/_header_value_parser.py - lib-python/3/email/_parseaddr.py - lib-python/3/email/headerregistry.py - lib-python/3/encodings/uu_codec.py - lib-python/3/http/client.py - lib-python/3/http/cookiejar.py - lib-python/3/ipaddress.py - lib-python/3/tarfile.py - + lib-python/3/test/recursion.tar - lib-python/3/test/test_asyncio/test_base_events.py - lib-python/3/test/test_docxmlrpc.py - lib-python/3/test/test_email/test__header_value_parser.py - lib-python/3/test/test_email/test_email.py - lib-python/3/test/test_email/test_headerregistry.py - lib-python/3/test/test_http_cookiejar.py - lib-python/3/test/test_httplib.py - lib-python/3/test/test_ipaddress.py - lib-python/3/test/test_tarfile.py - lib-python/3/test/test_urllib.py - lib-python/3/test/test_urllib2.py - lib-python/3/test/test_uu.py - lib-python/3/urllib/request.py - lib-python/3/uu.py - lib-python/3/xmlrpc/server.py - pypy/doc/architecture.rst - pypy/doc/build.rst - pypy/doc/coding-guide.rst View it on GitLab: https://foss.heptapod.net/pypy/pypy/-/compare/6ca6a89ae23be1cfa60bf93893e8eb7a18e549d8...0bc036b3528a131f51dbaa07b7a96b4f5558ec50 -- View it on Heptapod: https://foss.heptapod.net/pypy/pypy/-/compare/6ca6a89ae23be1cfa60bf93893e8eb7a18e549d8...0bc036b3528a131f51dbaa07b7a96b4f5558ec50 You're receiving this email because of your account on foss.heptapod.net.
_______________________________________________ pypy-commit mailing list [email protected] https://mail.python.org/mailman/listinfo/pypy-commit
