Permalink
Commits on Sep 29, 2021
Commits on Sep 23, 2021
Commits on Sep 7, 2021
Commits on Sep 3, 2021
Commits on Aug 30, 2021
-
-
-
bpo-44689: ctypes.util.find_library() now finds macOS 11+ system libr…
…aries when built on older macOS systems (GH-27251) (GH-28054) Previously, when built on older macOS systems, `find_library` was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored. (cherry picked from commit 71853a7) Co-authored-by: Tobias Bergkvist <tobias@bergkv.ist>
Commits on Aug 29, 2021
-
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28033)
Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 3fc5d84) Co-authored-by: Victor Stinner <vstinner@python.org>
-
bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktem…
Commits on Aug 27, 2021
Commits on Aug 26, 2021
-
bpo-45001: Make email date parsing more robust against malformed input (
GH-27946) (GH-27974) Various date parsing utilities in the email module, such as email.utils.parsedate(), are supposed to gracefully handle invalid input, typically by raising an appropriate exception or by returning None. The internal email._parseaddr._parsedate_tz() helper used by some of these date parsing routines tries to be robust against malformed input, but unfortunately it can still crash ungracefully when a non-empty but whitespace-only input is passed. This manifests as an unexpected IndexError. In practice, this can happen when parsing an email with only a newline inside a ‘Date:’ header, which unfortunately happens occasionally in the real world. Here's a minimal example: $ python Python 3.9.6 (default, Jun 30 2021, 10:22:16) [GCC 11.1.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import email.utils >>> email.utils.parsedate('foo') >>> email.utils.parsedate(' ') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate t = parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz res = _parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz if data[0].endswith(',') or data[0].lower() in _daynames: IndexError: list index out of range The fix is rather straight-forward: guard against empty lists, after splitting on whitespace, but before accessing the first element. (cherry picked from commit 989f6a3) Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
Commits on Aug 17, 2021
Commits on Aug 12, 2021
Commits on Aug 10, 2021
Commits on Aug 7, 2021
Commits on Jul 28, 2021
Commits on Jul 21, 2021
Commits on Jul 12, 2021
Commits on Jun 28, 2021
Commits on Jun 24, 2021
Commits on Jun 12, 2021
Commits on May 12, 2021
Commits on May 7, 2021
-
bpo-40297: Fix test_socket.CANTest.testSendFrame (GH-19548) (#25957)
The address tuple for CAN_RAW no longer returns the address family after the introduction of CAN ISO-TP support in a30f6d4. However, updating test_socket.CANTest.testSendFrame was missed as part of the change, so the test incorrectly attempts to index past the last tuple item to retrieve the address family. This removes the now-redundant check for equality against socket.AF_CAN, as the tuple will not contain the address family. (cherry picked from commit 355bae8) Co-authored-by: karl ding <karlding@users.noreply.github.com>
