Don't use things after they're freed...duh #709
Merged
Conversation
Codecov Report
@@ Coverage Diff @@
## master #709 +/- ##
==========================================
+ Coverage 97.01% 97.02% +<.01%
==========================================
Files 16 16
Lines 5631 5647 +16
Branches 391 392 +1
==========================================
+ Hits 5463 5479 +16
Misses 112 112
Partials 56 56
Continue to review full report at Codecov.
|
CHANGELOG.rst
Outdated
|
||
- Corrected a use-after-free with some uses of the ``X509`` API. |
reaperhulk
Nov 20, 2017
Member
Should we add a sentence here to state that referencing a previously obtained issuer/subject after a subsequent set call will now raise an exception?
Should we add a sentence here to state that referencing a previously obtained issuer/subject after a subsequent set call will now raise an exception?
bors-fusion bot
added a commit
to fusionapp/fusion-index
that referenced
this pull request
Nov 27, 2017
169: Scheduled weekly dependency update for week 48 r=mithrandi a=pyup-bot ## Updates Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need. <table align="center"> <tr> <td><b>hypothesis</b></td> <td align="center">3.38.0</td> <td align="center">»</td> <td align="center">3.38.5</td> <td> <a href="https://pypi.python.org/pypi/hypothesis">PyPI</a> | <a href="https://pyup.io/changelogs/hypothesis/">Changelog</a> | <a href="https://github.com/HypothesisWorks/hypothesis/issues">Repo</a> </td> <tr> <td><b>pyasn1-modules</b></td> <td align="center">0.1.5</td> <td align="center">»</td> <td align="center">0.2.1</td> <td> <a href="https://pypi.python.org/pypi/pyasn1-modules">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1-modules/">Changelog</a> | <a href="https://github.com/etingof/pyasn1-modules">Repo</a> </td> <tr> <td><b>pyasn1</b></td> <td align="center">0.3.7</td> <td align="center">»</td> <td align="center">0.4.2</td> <td> <a href="https://pypi.python.org/pypi/pyasn1">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1/">Changelog</a> | <a href="https://github.com/etingof/pyasn1">Repo</a> </td> <tr> <td><b>pyopenssl</b></td> <td align="center">17.3.0</td> <td align="center">»</td> <td align="center">17.4.0</td> <td> <a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a> </td> <tr> <td><b>pyrsistent</b></td> <td align="center">0.14.0</td> <td align="center">»</td> <td align="center">0.14.1</td> <td> <a href="https://pypi.python.org/pypi/pyrsistent">PyPI</a> | <a href="https://pyup.io/changelogs/pyrsistent/">Changelog</a> | <a href="http://github.com/tobgu/pyrsistent/">Repo</a> </td> </tr> </table> ## Changelogs ### hypothesis 3.38.0 -> 3.38.5 >### 3.38.5 >------------------- >This fixes the repr of strategies using lambda that are defined inside >decorators to include the lambda source. >This would mostly have been visible when using the >:ref:`statistics <statistics>` functionality - lambdas used for e.g. filtering >would have shown up with a ``<unknown>`` as their body. This can still happen, >but it should happen less often now. >------------------- >### 3.38.4 >------------------- >This release updates the reported :ref:`statistics <statistics>` so that they >show approximately what fraction of your test run time is spent in data >generation (as opposed to test execution). >This work was funded by `Smarkets <https://smarkets.com/>`_. >------------------- >### 3.38.3 >------------------- >This is a documentation release, which ensures code examples are up to date >by running them as doctests in CI (:issue:`711`). >------------------- >### 3.38.2 >------------------- >This release changes the behaviour of the :attr:`~hypothesis.settings.deadline` >setting when used with :func:`~hypothesis.strategies.data`: Time spent inside >calls to ``data.draw`` will no longer be counted towards the deadline time. >As a side effect of some refactoring required for this work, the way flaky >tests are handled has changed slightly. You are unlikely to see much difference >from this, but some error messages will have changed. >This work was funded by `Smarkets <https://smarkets.com/>`_. >------------------- >### 3.38.1 >------------------- >This patch has a variety of non-user-visible refactorings, removing various >minor warts ranging from indirect imports to typos in comments. >------------------- ### pyopenssl 17.3.0 -> 17.4.0 >### 17.4.0 >------------------- >Backward-incompatible changes: >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >*none* >Deprecations: >^^^^^^^^^^^^^ >*none* >Changes: >^^^^^^^^ >- Re-added a subset of the ``OpenSSL.rand`` module. > This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. > `708 <https://github.com/pyca/pyopenssl/pull/708>`_ >- Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated. > `709 <https://github.com/pyca/pyopenssl/pull/709>`_ >---- ### pyrsistent 0.14.0 -> 0.14.1 >### 0.14.1 > * Equality check performance improvements for pvectors and pmaps. Thanks dtomas for this! > * Avoid calling factories multiple times for fields that do not change, see PR 120 for for > details. Thanks teepark for this! That's it for now! Happy merging!🤖
bors-fusion bot
added a commit
to fusionapp/entropy
that referenced
this pull request
Nov 27, 2017
162: Scheduled weekly dependency update for week 48 r=mithrandi a=pyup-bot ## Updates Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need. <table align="center"> <tr> <td><b>pyasn1-modules</b></td> <td align="center">0.1.5</td> <td align="center">»</td> <td align="center">0.2.1</td> <td> <a href="https://pypi.python.org/pypi/pyasn1-modules">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1-modules/">Changelog</a> | <a href="https://github.com/etingof/pyasn1-modules">Repo</a> </td> <tr> <td><b>pyasn1</b></td> <td align="center">0.3.7</td> <td align="center">»</td> <td align="center">0.4.2</td> <td> <a href="https://pypi.python.org/pypi/pyasn1">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1/">Changelog</a> | <a href="https://github.com/etingof/pyasn1">Repo</a> </td> <tr> <td><b>pyopenssl</b></td> <td align="center">17.3.0</td> <td align="center">»</td> <td align="center">17.4.0</td> <td> <a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a> </td> <tr> <td><b>pyrsistent</b></td> <td align="center">0.14.0</td> <td align="center">»</td> <td align="center">0.14.1</td> <td> <a href="https://pypi.python.org/pypi/pyrsistent">PyPI</a> | <a href="https://pyup.io/changelogs/pyrsistent/">Changelog</a> | <a href="http://github.com/tobgu/pyrsistent/">Repo</a> </td> </tr> </table> ## Changelogs ### pyopenssl 17.3.0 -> 17.4.0 >### 17.4.0 >------------------- >Backward-incompatible changes: >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >*none* >Deprecations: >^^^^^^^^^^^^^ >*none* >Changes: >^^^^^^^^ >- Re-added a subset of the ``OpenSSL.rand`` module. > This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. > `708 <https://github.com/pyca/pyopenssl/pull/708>`_ >- Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated. > `709 <https://github.com/pyca/pyopenssl/pull/709>`_ >---- ### pyrsistent 0.14.0 -> 0.14.1 >### 0.14.1 > * Equality check performance improvements for pvectors and pmaps. Thanks dtomas for this! > * Avoid calling factories multiple times for fields that do not change, see PR 120 for for > details. Thanks teepark for this! That's it for now! Happy merging!🤖
bors-fusion bot
added a commit
to fusionapp/documint
that referenced
this pull request
Nov 27, 2017
120: Scheduled weekly dependency update for week 48 r=mithrandi a=pyup-bot ## Updates Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need. <table align="center"> <tr> <td><b>pyasn1-modules</b></td> <td align="center">0.1.5</td> <td align="center">»</td> <td align="center">0.2.1</td> <td> <a href="https://pypi.python.org/pypi/pyasn1-modules">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1-modules/">Changelog</a> | <a href="https://github.com/etingof/pyasn1-modules">Repo</a> </td> <tr> <td><b>pyasn1</b></td> <td align="center">0.3.7</td> <td align="center">»</td> <td align="center">0.4.2</td> <td> <a href="https://pypi.python.org/pypi/pyasn1">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1/">Changelog</a> | <a href="https://github.com/etingof/pyasn1">Repo</a> </td> <tr> <td><b>pyopenssl</b></td> <td align="center">17.3.0</td> <td align="center">»</td> <td align="center">17.4.0</td> <td> <a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a> </td> </tr> </table> ## Changelogs ### pyopenssl 17.3.0 -> 17.4.0 >### 17.4.0 >------------------- >Backward-incompatible changes: >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >*none* >Deprecations: >^^^^^^^^^^^^^ >*none* >Changes: >^^^^^^^^ >- Re-added a subset of the ``OpenSSL.rand`` module. > This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. > `708 <https://github.com/pyca/pyopenssl/pull/708>`_ >- Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated. > `709 <https://github.com/pyca/pyopenssl/pull/709>`_ >---- That's it for now! Happy merging!🤖
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
No description provided.