Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: python/cpython Loading
base: v3.9.15
Choose a base ref
...
head repository: python/cpython Loading
compare: v3.9.16
Choose a head ref
  • 10 commits
  • 21 files changed
  • 6 contributors

Commits on Oct 11, 2022

  1. Post 3.9.15

    ambv committed Oct 11, 2022
    Configuration menu
    Copy the full SHA
    bd4e532 View commit details
    Browse the repository at this point in the history
  2. [3.9] gh-68966: Make mailcap refuse to match unsafe filenames/types/p…

    …arams (GH-91993) (#98190)
    
    gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
    (cherry picked from commit b9509ba)
    
    Co-authored-by: Petr Viktorin <encukou@gmail.com>
    miss-islington and encukou committed Oct 11, 2022
    Configuration menu
    Copy the full SHA
    c59a16e View commit details
    Browse the repository at this point in the history
  3. [3.9] gh-96710: Make the test timing more lenient for the int/str DoS…

    … regression test. (GH-96717) (#98196)
    
    gh-96710: Make the test timing more lenient for the int/str DoS regression test. (GH-96717)
    
    A regression would still absolutely fail and even a flaky pass isn't
    harmful as it'd fail most of the time across our N system test runs.
    
    Windows has a low resolution timer and CI systems are prone to odd
    timing so this just gives more leeway to avoid flakiness.
    (cherry picked from commit 11e3548)
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    miss-islington and gpshead committed Oct 11, 2022
    Configuration menu
    Copy the full SHA
    157a8b8 View commit details
    Browse the repository at this point in the history

Commits on Oct 28, 2022

  1. [3.9] gh-98739: Update libexpat from 2.4.9 to 2.5.0 (GH-98742) (#98786)

    Update libexpat from 2.4.9 to 2.5.0 to address CVE-2022-43680.
    
    Co-authored-by: Shaun Walbridge <shaun.walbridge@gmail.com>
    (cherry picked from commit 3e07f82)
    miss-islington committed Oct 28, 2022
    Configuration menu
    Copy the full SHA
    71a075a View commit details
    Browse the repository at this point in the history
  2. [3.9] gh-98517: Fix buffer overflows in _sha3 module (GH-98519) (#98526)

    This is a port of the applicable part of XKCP's fix [1] for
    CVE-2022-37454 and avoids the segmentation fault and the infinite
    loop in the test cases published in [2].
    
    [1]: XKCP/XKCP@fdc6fef
    [2]: https://mouha.be/sha-3-buffer-overflow/
    
    Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
    (cherry picked from commit 0e4e058)
    
    Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
    miss-islington and botovq committed Oct 28, 2022
    Configuration menu
    Copy the full SHA
    857efee View commit details
    Browse the repository at this point in the history
  3. [3.9] gh-97514: Don't use Linux abstract sockets for multiprocessing (G…

    …H-98501) (#98504)
    
    Linux abstract sockets are insecure as they lack any form of filesystem
    permissions so their use allows anyone on the system to inject code into
    the process.
    
    This removes the default preference for abstract sockets in
    multiprocessing introduced in Python 3.9+ via
    #18866 while fixing
    #84031.
    
    Explicit use of an abstract socket by a user now generates a
    RuntimeWarning.  If we choose to keep this warning, it should be
    backported to the 3.7 and 3.8 branches.
    (cherry picked from commit 49f6106)
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    miss-islington and gpshead committed Oct 28, 2022
    Configuration menu
    Copy the full SHA
    b43496c View commit details
    Browse the repository at this point in the history

Commits on Nov 10, 2022

  1. [3.9] gh-98433: Fix quadratic time idna decoding. (GH-99092) (GH-99222)…

    … (#99230)
    
    There was an unnecessary quadratic loop in idna decoding. This restores
    the behavior to linear.
    
    (cherry picked from commit d315722)
    (cherry picked from commit a6f6c3a)
    
    Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    miss-islington and gpshead committed Nov 10, 2022
    Configuration menu
    Copy the full SHA
    c09dba5 View commit details
    Browse the repository at this point in the history

Commits on Nov 21, 2022

  1. [3.9] gh-87604: Avoid publishing list of active per-interpreter audit…

    … hooks via the gc module (GH-99373) (GH-99493)
    zooba committed Nov 21, 2022
    Configuration menu
    Copy the full SHA
    7b98207 View commit details
    Browse the repository at this point in the history

Commits on Dec 6, 2022

  1. [3.9] gh-100001: Omit control characters in http.server stderr logs. (G…

    …H-100002) (#100032)
    
    * gh-100001: Omit control characters in http.server stderr logs. (GH-100002)
    
    Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
    (cherry picked from commit d8ab0a4)
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    
    * also escape \s (backport of PR #100038).
    
    * add versionadded and remove extra 'to'
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    miss-islington and gpshead committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    3b81c13 View commit details
    Browse the repository at this point in the history
  2. Python 3.9.16

    ambv committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    595f9cc View commit details
    Browse the repository at this point in the history
Loading