| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix race in PyThread_release_lock that was leading to memory corruption and
deadlocks. The fix applies to POSIX systems where Python locks are implemented
with mutex and condition variable because POSIX semaphores are either not
provided, or are known to be broken. One particular example of such system is
macOS.
On Darwin, even though this is considered as POSIX, Python uses
mutex+condition variable to implement its lock, and, as of 2019-08-28, Py2.7
implementation, even though similar issue was fixed for Py3 in 2012, contains
synchronization bug: the condition is signalled after mutex unlock while the
correct protocol is to signal condition from under mutex:
https://github.com/python/cpython/blob/v2.7.16-127-g0229b56d8c0/Python/thread_pthread.h#L486-L506
https://github.com/python/cpython/commit/187aa545165d (py3 fix)
PyPy has the same bug for both pypy2 and pypy3:
https://bitbucket.org/pypy/pypy/src/578667b3fef9/rpython/translator/c/src/thread_pthread.c#lines-443:465
https://bitbucket.org/pypy/pypy/src/5b42890d48c3/rpython/translator/c/src/thread_pthread.c#lines-443:465
Signalling condition outside of corresponding mutex is considered OK by
POSIX, but in Python context it can lead to at least memory corruption if we
consider the whole lifetime of python level lock. For example the following
logical scenario:
T1 T2
sema = Lock()
sema.acquire()
sema.release()
sema.acquire()
free(sema)
...
can translate to the next C-level calls:
T1 T2
# sema = Lock()
sema = malloc(...)
sema.locked = 0
pthread_mutex_init(&sema.mut)
pthread_cond_init (&sema.lock_released)
# sema.acquire()
pthread_mutex_lock(&sema.mut)
# sees sema.locked == 0
sema.locked = 1
pthread_mutex_unlock(&sema.mut)
# sema.release()
pthread_mutex_lock(&sema.mut)
sema.locked = 0
pthread_mutex_unlock(&sema.mut)
# OS scheduler gets in and relinquishes control from T2
# to another process
...
# second sema.acquire()
pthread_mutex_lock(&sema.mut)
# sees sema.locked == 0
sema.locked = 1
pthread_mutex_unlock(&sema.mut)
# free(sema)
pthread_mutex_destroy(&sema.mut)
pthread_cond_destroy (&sema.lock_released)
free(sema)
# ...
e.g. malloc() which returns memory where sema was
...
# OS scheduler returns control to T2
# sema.release() continues
#
# BUT sema was already freed and writing to anywhere
# inside sema block CORRUPTS MEMORY. In particular if
# _another_ python-level lock was allocated where sema
# block was, writing into the memory can have effect on
# further synchronization correctness and in particular
# lead to deadlock on lock that was next allocated.
pthread_cond_signal(&sema.lock_released)
Note that T2.pthread_cond_signal(&sema.lock_released) CORRUPTS MEMORY as it
is called when sema memory was already freed and is potentially
reallocated for another object.
The fix is to move pthread_cond_signal to be done under corresponding mutex:
# sema.release()
pthread_mutex_lock(&sema.mut)
sema.locked = 0
pthread_cond_signal(&sema.lock_released)
pthread_mutex_unlock(&sema.mut)
To do so this patch cherry-picks thread_pthread.h part of the following 3.2 commit:
commit 187aa545165d8d5eac222ecce29c8a77e0282dd4
Author: Kristján Valur Jónsson <kristjan@ccpgames.com>
Date: Tue Jun 5 22:17:42 2012 +0000
Signal condition variables with the mutex held. Destroy condition variables
before their mutexes.
Python/ceval_gil.h | 9 +++++----
Python/thread_pthread.h | 15 +++++++++------
2 files changed, 14 insertions(+), 10 deletions(-)
(ceval_gil.h is Python3 specific and does not apply to Python2.7)
The bug was there since 1994 - since at least [1]. It was discussed in 2001
with original code author[2], but the code was still considered to be
race-free. In 2010 the place where pthread_cond_signal should be - before or
after pthread_mutex_unlock - was discussed with the rationale to avoid
threads bouncing[3,4,5], and in 2012 pthread_cond_signal was moved to be
called from under mutex, but only for CPython3[6,7].
In 2019 the bug was (re-)discovered while testing Pygolang[8] on macOS with
CPython2 and PyPy2 and PyPy3.
[1] https://github.com/python/cpython/commit/2c8cb9f3d240
[2] https://bugs.python.org/issue433625
[3] https://bugs.python.org/issue8299#msg103224
[4] https://bugs.python.org/issue8410#msg103313
[5] https://bugs.python.org/issue8411#msg113301
[6] https://bugs.python.org/issue15038#msg163187
[7] https://github.com/python/cpython/commit/187aa545165d
[8] https://pypi.org/project/pygolang
(cherry picked from commit 187aa545165d8d5eac222ecce29c8a77e0282dd4)
Co-Authored-By: Kristján Valur Jónsson <kristjan@ccpgames.com>
|
| |
|
|
|
|
|
| |
test.pythoninfo now logs environment variables used by OpenSSL and
Python ssl modules, and logs attributes of 3 SSL contexts
(SSLContext, default HTTPS context, stdlib context).
(cherry picked from commit 1df1c2f8df53d005ff47af81aa02c58752b84e20)
|
| |
|
|
| |
Escape the server title of DocXMLRPCServer.DocXMLRPCServer
when rendering the document page as HTML.
|
| |
|
|
|
|
|
| |
(GH-16446). (#16454)
(cherry picked from commit 52d1b86bde2b772a76919c76991c326384954bf1)
Co-authored-by: Jesús Cea <jcea@jcea.es>
|
| | |
|
| |
|
|
|
|
| |
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes..
(cherry picked from commit 52b940803860e37bcc3f6096b2d24e7c20a0e807)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 4346bad3321699d49a45e3446270b57726ab5c8f)
Co-authored-by: Hai Shi <shihai1992@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
A little change on first paragraph of python tutorial to be more clearly
https://bugs.python.org/issue37904
Automerge-Triggered-By: @ericvsmith
(cherry picked from commit b57481318e3e3cbacd398b898f9849ec8f2d7eec)
Co-authored-by: Diego Alberto Barriga Martínez <diegobarriga@protonmail.com>
|
| |
|
|
|
|
| |
(GH-16155). (GH-16215)
(cherry picked from commit 8debfa50407107ff2329d01081cdc12d359f1d12)
|
| |
|
|
|
|
|
|
| |
``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``.
https://bugs.python.org/issue33936
(cherry picked from commit 724f1a57231f9287c37255adf0e4364d12cf693d)
Co-authored-by: Christian Heimes <christian@python.org>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
(GH-16136) (GH-16176)
(cherry picked from commit 56a4514)
Co-authored-by: Hai Shi shihai1992@gmail.com
https://bugs.python.org/issue38168
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address.
(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
Excludes changes to Lib/email/_header_value_parser.py, which did not
exist in 2.7.
Co-authored-by: jpic <jpic@users.noreply.github.com>
https://bugs.python.org/issue34155
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a build error with OpenSSL 1.1.0. There is already code in the
`_ssl.c` that handles all the weird cases of the NPN config macros (with
various OpenSSL & LibreSSL versions).
That code will provide a HAVE_NPN variable, which should be used in the
rest of the code to check whether (or what) to compile regarding NPN.
This change adds HAVE_NPN in the remaining places where it should have been
placed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
https://bugs.python.org/issue35264
|
| |
|
|
| |
Lib/email/test/test_email_renamed.py. (GH-14800)
|
| | |
|
| |
|
|
|
|
|
|
| |
(GH-15822)
If FormatMessageW() is passed the FORMAT_MESSAGE_FROM_SYSTEM flag
without FORMAT_MESSAGE_IGNORE_INSERTS, it will fail if there are
insert sequences in the message definition.
(cherry picked from commit a656365)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-15808)
The link we have points to the version from Unicode 6.0.0, dated 2010.
There have been numerous updates to it since then:
https://www.unicode.org/reports/tr44/GH-Modifications
Change the link to one that points to the current version. Also, use HTTPS..
(cherry picked from commit 64c6ac74e254d31f93fcc74bf02b3daa7d3e3f25)
Co-authored-by: Greg Price <gnprice@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-15625) (GH-15740)
RuntimeError is now raised in this case.
(cherry picked from commit 526a01467b3277f9fcf7f91e66c23321caa1245d)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-15560)
https://bugs.python.org/issue37965
https://bugs.python.org/issue37965
Automerge-Triggered-By: @benjaminp
(cherry picked from commit 55aabee07501e1468082b3237620e4ecd75c5da6)
Co-authored-by: Anonymous Maarten <madebr@users.noreply.github.com>
|
| |
|
|
| |
Fix file descriptors transfer in multiprocessing on FreeBSD: use
CMSG_SPACE() rather than CMSG_LEN(); see RFC 3542.
|
| |
|
| |
(cherry picked from commit d0b10a64351069aa9246d40cb8bd207cc9209cee)
|
| |
|
|
|
|
| |
Fixed wrong link to Telnet.open() method in telnetlib documentation.
(cherry picked from commit e0b6117e2723327d6741d0aa599408514add5b30)
Co-authored-by: Michael Anckaert <michael.anckaert@sinax.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If this service had thoroughly vanished, we could just ignore the
test until someone gets around to either recreating such a service
or redesigning the test to somehow work locally. The
`support.transient_internet` mechanism catches the failure to
resolve the domain name, and skips the test.
But in fact the domain snakebite.net does still exist, as do its
nameservers -- and they can be quite slow to reply. As a result
this test can easily take 20-30s before it gets auto-skipped.
So, skip the test explicitly up front.
(cherry picked from commit 5b95a1507e349da5adae6d2ab57deac3bdd12f15)
Co-authored-by: Greg Price <gnprice@gmail.com>
|
| |
|
|
|
|
|
|
| |
in docs. (GH-15062). (GH-15133)
(cherry picked from commit ed5e8e06cbf766e89d6c58a882ee024abb5b2ed7)
Co-authored-by: David H <dheiberg@mozilla.com>
|
| |
|
|
|
|
|
| |
rather than listdir. (14942)
(cherry picked from commit 93e8aa62cfd0a61efed4a61a2ffc2283ae986ef2)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
| |
|
|
|
|
|
| |
positional-only (GH-9499)
(cherry picked from commit 79042ac4348ccc09344014f20dd49401579f8795)
Co-authored-by: Tal Einat <taleinat@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 2a3d4d9c53dd4831c3ecf56bc7c4a289c33030d6)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
| |
|
|
|
| |
(cherry picked from commit f6cdd3ff687ebbf8209d793a18a042ea495c4aeb)
Co-authored-by: Hai Shi <shihai1992@gmail.com>
|
| |
|
|
|
|
| |
0 is a legal index.
(cherry picked from commit f8709e804d16ec5d44b1d2f00d59a0f78df7b792)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
| |
Also fix a name misspelling.
(cherry picked from commit 45bc61b97178b27ae05bd3eb95481bf0325795bb)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
| |
(cherry picked from commit 2cd07920bb7d2d319999394092190f37935dc421)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
When building 2.7 on macOS without system header files installed in
``/usr/include``, a few extension modules dependent on system-supplied
third-party libraries were not being built, most notably zlib.
This situation arose in the past when building without the Command
Line Tools and the option to install header files in the traditional
system locations (like /usr/include). As of macOS 10.14, the
header files are only available in an SDK so the problem addressed
here affects most 2.7 builds.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-14475)
* Added documentation for textwrap.dedent behavior.
(cherry picked from commit eb97b9211e7c99841d6cae8c63893b3525d5a401)
Co-authored-by: tmblweed <tmblweed@users.noreply.github.com>
https://bugs.python.org/issue30754
|
| |
|
|
|
| |
_PyWarnings_Init() only allocates memory once at startup but it is
not released at exit. Ignore this issue to be able to catch other
bugs more easily.
|
| |
|
|
|
| |
(cherry picked from commit 3b03b09fc94425915c5b1225e9200a3a95bc827b)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix test_wsgiref.testEnviron() to no longer depend on the environment
variables (don't fail if "X" variable is set).
testEnviron() now overrides os.environ to get a deterministic
environment. Test full TestHandler.environ content: not only a few
selected variables.
(cherry picked from commit 5150d327924959639215ed0a78feffc0d88258da)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
|
| |
|
|
| |
Add $(PyDebugExt) in "Killing any running python$(PyDebugExt).exe
instances...".
|
| | |
|
| |
|
| |
(cherry picked from commit c0295dba259accc4b247beb22a0b2cc2f31d9850)
|
| |
|
|
|
|
|
| |
* regrtest: Add --cleanup option to remove "test_python_*" directories
of previous failed test jobs.
* Add "make cleantest" to run "python -m test --cleanup".
(cherry picked from commit 47fbc4e45b35b3111e2d947a66490a43ac21d363)
|
| |
|
|
|
|
| |
Rephrase and clarify that "the entire Python program exits when only daemon threads are left". This matches the documentation at https://docs.python.org/3/library/threading.htmlGH-thread-objects.
(cherry picked from commit bb110cc2ed81447fb48805f31146cf31323a8fc3)
Co-authored-by: mbarkhau <mbarkhau@gmail.com>
|
| |
|
|
|
|
|
| |
test_gdb no longer fails if it gets an "unexpected" message on
stderr: it now ignores stderr. The purpose of test_gdb is to test
that python-gdb.py commands work as expected, not to test gdb.
(cherry picked from commit e56a123fd0acaa295a28b98d2e46d956b97d1263)
|
| | |
|
| |
|
|
| |
'\0' is the NUL byte not NULL..
(cherry picked from commit 7821b4c6d29933511d50bb42255e39790c6abf00)
|
| | |
|
| | |
|
| | |
|
| | |
|
