Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: python/cpython
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: refs/pull/123426/head
Choose a base ref
...
head repository: python/cpython
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: refs/pull/123694/head
Choose a head ref
  • 11 commits
  • 26 files changed
  • 11 contributors

Commits on Sep 3, 2024

  1. [3.10] gh-121285: Remove backtracking when parsing tarfile headers (G… 

    …H-121286) (#123640)

* Remove backtracking when parsing tarfile headers
* Rewrite PAX header parsing to be stricter
* Optimize parsing of GNU extended sparse headers v0.0

(cherry picked from commit 34ddb64)

Co-authored-by: Kirill Podoprigora <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
    @sethmlarson @Eclips4 @gpshead
    3 people authored Sep 3, 2024
    Configuration menu
    Copy the full SHA
    743acbe View commit details
    Browse the repository at this point in the history

Commits on Sep 4, 2024

  1. [3.10] gh-121650: Encode newlines in headers, and verify headers are … 

    …sound (GH-122233) (#122609)

Per RFC 2047:

> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects

It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.

This should fail for custom fold() implementations that aren't careful
about newlines.

(cherry picked from commit 0976339)

Co-authored-by: Petr Viktorin <[email protected]>
Co-authored-by: Bas Bloemsaat <[email protected]>
Co-authored-by: Serhiy Storchaka <[email protected]>
    @ambv @encukou
    @basbloemsaat @serhiy-storchaka
    4 people authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    06f28dc View commit details
    Browse the repository at this point in the history

  2. [3.10] gh-67693: Fix urlunparse() and urlunsplit() for URIs with path… 

    … starting with multiple slashes and no authority (GH-113563) (#119026)

(cherry picked from commit e237b25)
    @serhiy-storchaka
    serhiy-storchaka authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    2fa5d70 View commit details
    Browse the repository at this point in the history

  3. [3.10] gh-123067: Fix quadratic complexity in parsing "-quoted cookie… 

    … values with backslashes (GH-123075) (#123106)

This fixes CVE-2024-7592.
(cherry picked from commit 44e4583)

Co-authored-by: Serhiy Storchaka <[email protected]>
    @miss-islington @serhiy-storchaka
    miss-islington and serhiy-storchaka authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    b2f11ca View commit details
    Browse the repository at this point in the history

  4. [3.10] gh-119690: Fixes buffer type confusion in _winapi.CreateFile a… 

    …nd _winapi.CreateNamedPipe audit events (#119735)

gh-119690: Fixes buffer type confusion in _winapi.CreateFile and _winapi.CreateNamedPipe audit events
    @zooba
    zooba authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    2e861ac View commit details
    Browse the repository at this point in the history

  5. [3.10] gh-112275: Fix HEAD_LOCK deadlock in child process after fork (G… 

    …H-112336) (#123687)

HEAD_LOCK is called from _PyEval_ReInitThreads->_PyThreadState_DeleteExcept before _PyRuntimeState_ReInitThreads reinit runtime->interpreters.mutex which might be locked before fork.

(cherry picked from commit 522799a)

Co-authored-by: ChuBoning <[email protected]>
Co-authored-by: Łukasz Langa <[email protected]>
    @miss-islington @ChuBoning @ambv
    3 people authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    d3f39ce View commit details
    Browse the repository at this point in the history

  6. [3.10] gh-123693: When computing the zipfile.Path.name, use PurePosix… 

    …Path for platform-agnostic behavior.

Aligns with Python 3.9 and 3.11 behavor and fixes failing tests.
    @jaraco
    jaraco committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    7990bf9 View commit details
    Browse the repository at this point in the history

  7. Remove unused import

    @jaraco
    jaraco committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    9f1dac0 View commit details
    Browse the repository at this point in the history

  8. [3.10] gh-123270: Replaced SanitizedNames with a more surgical fix. (G… 

    …H-123354) (#123426)

Applies changes from zipp 3.20.1 and jaraco/zippGH-124
(cherry picked from commit 2231286)
(cherry picked from commit 17b77bb)

Co-authored-by: Jason R. Coombs <[email protected]>
    @jaraco
    jaraco authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    0aa1ee2 View commit details
    Browse the repository at this point in the history

  9. Merge branch '3.10' into gh-123693/platform-agnostic-name

    @jaraco
    jaraco authored Sep 4, 2024
    Configuration menu
    Copy the full SHA
    d7d5cad View commit details
    Browse the repository at this point in the history

  10. Remove unused import

    @jaraco
    jaraco committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    0df599f View commit details
    Browse the repository at this point in the history
Loading