summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Python 3.10.13v3.10.13Pablo Galindo2023-08-248-18/+48
|
* [3.10] gh-108342: Make ssl TestPreHandshakeClose more reliable (GH-108370) ↵Łukasz Langa2023-08-241-31/+72
| | | | | | | | | | | | | | | | | | | | | | (#108406) * In preauth tests of test_ssl, explicitly break reference cycles invoving SingleConnectionTestServerThread to make sure that the thread is deleted. Otherwise, the test marks the environment as altered because the threading module sees a "dangling thread" (SingleConnectionTestServerThread). This test leak was introduced by the test added for the fix of issue gh-108310. * Use support.SHORT_TIMEOUT instead of hardcoded 1.0 or 2.0 seconds timeout. * SingleConnectionTestServerThread.run() catchs TimeoutError * Fix a race condition (missing synchronization) in test_preauth_data_to_tls_client(): the server now waits until the client connect() completed in call_after_accept(). * test_https_client_non_tls_response_ignored() calls server.join() explicitly. * Replace "localhost" with server.listener.getsockname()[0]. (cherry picked from commit 592bacb6fc0833336c0453e818e9b95016e9fd47) Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.10] gh-108342: Break ref cycle in SSLSocket._create() exc (GH-108344) ↵Miss Islington (bot)2023-08-231-1/+5
| | | | | | | | | | | | | (#108350) Explicitly break a reference cycle when SSLSocket._create() raises an exception. Clear the variable storing the exception, since the exception traceback contains the variables and so creates a reference cycle. This test leak was introduced by the test added for the fix of GH-108310. (cherry picked from commit 64f99350351bc46e016b2286f36ba7cd669b79e3) Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.10] gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data ↵Miss Islington (bot)2023-08-224-1/+95
| | | | | | | | | | (GH-99613) (GH-107224) (#107230) Previously *consumed was not set in this case. (cherry picked from commit b8b3e6afc0a48c3cbb7c36d2f73e332edcd6058c) (cherry picked from commit f08e52ccb027f6f703302b8c1a82db9fd3934270) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close ↵Łukasz Langa2023-08-223-1/+252
| | | | | | | | | | | | | | | | | | flaw (#108318) gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
* [3.10] gh-107845: Fix symlink handling for tarfile.data_filter (GH-107846) ↵Miss Islington (bot)2023-08-224-9/+154
| | | | (#108210)
* [3.10] gh-107565: Update multissltests and GitHub CI workflows to use ↵Ned Deily2023-08-183-5/+7
| | | | | OpenSSL 1.1.1v, 3.0.10, and 3.1.2. (GH-108120) (cherry picked from commit 441797d4ffb12acda257370b9e5e19ed8d6e8a71)
* [3.10] gh-98154: Clarify Usage of "Reference Count" In the Docs (#107754)Eric Snow2023-08-1114-79/+120
|
* [3.10] Revert "[3.10] gh-107077: Raise SSLCertVerificationError even if the ↵Pablo Galindo Salgado2023-08-032-10/+0
| | | | error is set via SSL_ERROR_SYSCALL (GH-107586) (#107589)" (#107602)
* [3.10] gh-107077: Raise SSLCertVerificationError even if the error is set ↵Miss Islington (bot)2023-08-032-0/+10
| | | | | | | via SSL_ERROR_SYSCALL (GH-107586) (#107589) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com> Co-authored-by: T. Wouters <thomas@python.org>
* [3.10] gh-105090: Replace incorrect TLSv1.2 with TLSv1.3 (GH-105404) (#107039)Miss Islington (bot)2023-07-221-1/+1
| | | | Co-authored-by: Jocelyn Castellano <admin@malwarefight.gq>
* [3.10] gh-105993: Add possible `None` return type to ↵Miss Islington (bot)2023-07-051-0/+3
| | | | | | | `asyncio.EventLoop.start_tls` docs (GH-105995) (#106190) (cherry picked from commit 6b52a581c151914e59c8c367a03bc7309713a73b) Co-authored-by: Sam Bull <git@sambull.org>
* [3.10] CI: Bump macOS build to use OpenSSL v3.0 (GH-105538) (#105869)Miss Islington (bot)2023-07-051-2/+2
| | | | | (cherry picked from commit 34e93d3998bab8acd651c50724eb1977f4860a08) Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
* [3.10] [3.11] Add single value `agen.athrow(value)` signature to the 3.11 ↵Miss Islington (bot)2023-07-051-1/+2
| | | | | | | docs gh-105269 (GH-105468) (#105480) (cherry picked from commit acf3916e84158308660ed07c474a564e045d6884) Co-authored-by: Federico Caselli <CaselIT@users.noreply.github.com>
* [3.10] Clarify the supported cases in the tokenize module (GH-105569) (#105575)Miss Islington (bot)2023-06-091-0/+9
| | | | Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
* Post 3.10.12Pablo Galindo2023-06-061-1/+1
|
* Python 3.10.12v3.10.12Pablo Galindo2023-06-0612-24/+87
|
* [3.10] gh-89412: Add missing attributes (added in 3.10) to traceback module ↵Miss Islington (bot)2023-06-053-2/+18
| | | | | | | docs (GH-105046) (#105329) (cherry picked from commit a4f72fa39a9d391c7b931ba1906d81da4ae01949) Co-authored-by: Jakub Kuczys <me@jacken.men>
* [3.10] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) ↵Gregory P. Smith2023-06-0511-18/+186
| | | | | | | | | | | | | | | | | | | | (GH-105200) (#105204) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af). (cherry picked from commit a5d2b546c1b0b73d0695b98838a3ddd497382999) (cherry picked from commit f90d3f68db720bd6d0deda8cc0030339ccd43858) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-105184: document that marshal functions can fail and need to be ↵Miss Islington (bot)2023-06-052-0/+8
| | | | | | | checked with PyErr_Occurred (GH-105185) (#105220) (cherry picked from commit ee26ca13a129da8cf549409d0a1b2e892ff2b4ec) Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
* [3.10] Update GitHub CI workflow for macOS. (GH-105304)Ned Deily2023-06-051-3/+2
|
* [3.10] Skip test_sundry on Windows APPX tests (GH-104944)Steve Dower2023-05-251-1/+1
|
* [3.10] Improves the Windows MSI test run on PR (GH-104929)Steve Dower2023-05-252-26/+20
| | | | Correctly set the exit code when builds fail Also build docs as part of the test
* [3.10] gh-104472: Skip `test_subprocess.ProcessTestCase.test_empty_env` if ↵Miss Islington (bot)2023-05-191-0/+3
| | | | | | | | | | ASAN is enabled (GH-104667) (#104669) gh-104472: Skip `test_subprocess.ProcessTestCase.test_empty_env` if ASAN is enabled (GH-104667) Skip test_subprocess.ProcessTestCase.test_empty_env if ASAN is enabled. (cherry picked from commit c3f43bfb4bec39ff8f2c36d861a3c3a243bcb3af) Co-authored-by: chgnrdv <52372310+chgnrdv@users.noreply.github.com>
* [3.10] [3.11] gh-102153: Start stripping C0 control and space chars in ↵Miss Islington (bot)2023-05-174-3/+111
| | | | | | | | | | | | | | | | | | | | | | `urlsplit` (GH-102508) (GH-104575) (#104592) gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). I simplified the docs by eliding the state of the world explanatory paragraph in this security release only backport. (people will see that in the mainline /3/ docs) --------- (cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10) (cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Illia Volochii <illia.volochii@gmail.com> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
* [3.10] gh-102950: Implement PEP 706 – Filter for tarfile.extractall ↵Matěj Cepl2023-05-108-97/+1788
| | | | | | | | | | | (GH-102953) (GH-104128) - Backport b52ad18a766700be14382ba222033b2d75a33521 - Backport c8c3956d905e019101038b018129a4c90c9c9b8f - Remove the DeprecationWarning - Adjust docs - Remove new `__all__` entries Co-authored-by: Petr Viktorin <encukou@gmail.com>
* [3.10] gh-99889: Fix directory traversal security flaw in uu.decode() ↵Miss Islington (bot)2023-05-093-1/+38
| | | | | | | | | | | | | | | | | | (GH-104096) (#104330) gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) * Fix directory traversal security flaw in uu.decode() * also check absolute paths and os.altsep * Add a regression test. --------- (cherry picked from commit 0aeda297931820436a50b78f4f7f0597274b5df4) [Google] Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>
* [3.10] gh-104049: do not expose on-disk location from ↵Miss Islington (bot)2023-05-093-1/+11
| | | | | | | | | | | | | | | SimpleHTTPRequestHandler (GH-104067) (#104119) gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- (cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a) Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* gh-103935: Use `io.open_code()` when executing code in trace and profile ↵Steve Dower2023-04-274-3/+7
| | | | | modules (GH-103947) Co-authored-by: Tian Gao <gaogaotiantian@hotmail.com>
* [3.10] gh-103207: Fix Welcome formatting issues when macOS Installer is run ↵Ned Deily2023-04-061-30/+22
| | | | in dark mode. (GH-103304)
* gh-103262: Fixes Windows installer build to work with latest compilers ↵Steve Dower2023-04-052-2/+3
| | | | (GH-103281)
* gh-102899: Fix doc link for getting filesystem error handler (GH-102901)Miss Islington (bot)2023-04-051-1/+1
| | | | | (cherry picked from commit fdd0fff277a55c010a4da0a7af0e986e38560545) Co-authored-by: Olivier Gayot <olivier.gayot@sigexec.com>
* gh-81762: Clarify and simplify description of print's flush param (GH-103264)Miss Islington (bot)2023-04-051-2/+3
| | | | | (cherry picked from commit c396b6ddf3da784349bac9ebf7f28c55bde016ea) Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
* Merge remote-tracking branch 'upstream/3.10' into 3.10Pablo Galindo2023-04-051-4/+4
|\
| * Improve some grammar in the socket docs (GH-103254)Miss Islington (bot)2023-04-041-4/+4
| | | | | | | | | | (cherry picked from commit bceb9e00ad2998e5193ad5b477e92a114dd31024) Co-authored-by: Tim Burke <tim.burke@gmail.com>
* | Post 3.10.11Pablo Galindo2023-04-051-1/+1
| |
* | Python 3.10.11v3.10.11Pablo Galindo2023-04-0440-135/+432
|/
* [3.10] gh-103207: Add instructions to the macOS installer welcome display on ↵Ned Deily2023-04-042-6/+39
| | | | how to workaround the macOS 13 Ventura “The installer encountered an error” failure. (GH-103253)
* gh-103109: Document ignore_warnings() test support helper (GH-103110)Miss Islington (bot)2023-04-022-1/+16
| | | | | | (cherry picked from commit 32937d6aa414ec7db5c63ef277f21db1880b3af4) Co-authored-by: Charlie Zhao <zhaoyu_hit@qq.com> Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
* Minor docs improvements fix for `codeop` (GH-103123)Miss Islington (bot)2023-03-301-7/+7
| | | | | (cherry picked from commit c1e71ce56fdb3eab62ad3190d09130f800e54610) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com>
* gh-103099: Link mypy docs from typing.rst (GH-103100)Miss Islington (bot)2023-03-301-0/+8
| | | | | (cherry picked from commit fda95aa19447fe444ac2670afbf98ec42aca0c6f) Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
* [3.10] gh-103112: Add http.client.HTTPResponse.read docstring and fix pydoc ↵Miss Islington (bot)2023-03-292-0/+2
| | | | | | | | | | output (GH-103113) (#103120) (cherry picked from commit d052a383f1a0c599c176a12c73a761ca00436d8b) Co-authored-by: Bernhard Wagner <github.comNotification20120125@xmlizer.net> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> Co-authored-by: Éric <merwok@netwok.org>
* gh-103097: Add workaround for Windows ARM64 compiler bug (GH-103098)Steve Dower2023-03-291-0/+9
| | | See https://developercommunity.visualstudio.com/t/Regression-in-MSVC-1433-1434-ARM64-co/10224361 for details of the issue. It only applies to version 14.34.
* [3.10] gh-102582: Fix invalid JSON in Doc/howto/logging-cookbook.rst ↵Miss Islington (bot)2023-03-291-10/+14
| | | | | | (GH-102635) (GH-103107) (cherry picked from commit d835b3f05de7e2d800138e5969eeb9656b0ed860) Co-authored-by: Matěj Cepl <mcepl@cepl.eu>
* [3.10] GH-87235: Make sure "python /dev/fd/9 9</path/to/script.py" works on ↵Miss Islington (bot)2023-03-284-540/+566
| | | | | | | | | | | | | | | | | | | | | | | macOS (GH-99768) (#99817) On macOS all file descriptors for a particular file in /dev/fd share the same file offset, that is ``open("/dev/fd/9", "r")`` behaves more like ``dup(9)`` than a regular open. This causes problems when a user tries to run "/dev/fd/9" as a script because zipimport changes the file offset to try to read a zipfile directory. Therefore change zipimport to reset the file offset after trying to read the zipfile directory. (cherry picked from commit d08fb257698e3475d6f69bb808211d39e344e5b2) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> * Regen zipimport --------- Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] GH-102711: Fix warnings found by clang (GH-102712) (#103076)Miss Islington (bot)2023-03-282-2/+3
| | | | | | | | | | | | | | | | | | | | There are some warnings if build python via clang: Parser/pegen.c:812:31: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] _PyPegen_clear_memo_statistics() ^ void Parser/pegen.c:820:29: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] _PyPegen_get_memo_statistics() ^ void Fix it to make clang happy. (cherry picked from commit 7703def37e4fa7d25c3d23756de8f527daa4e165) Signed-off-by: Chenxi Mao <chenxi.mao@suse.com> Co-authored-by: Chenxi Mao <chenxi.mao@suse.com>
* [3.10] gh-88233: zipfile: handle extras after a zip64 extra (GH-96161) (#102087)Miss Islington (bot)2023-03-283-0/+66
| | | | | | | | | | Previously, any data _after_ the zip64 extra would be removed. With many new tests. Fixes GH-88233 (cherry picked from commit 59e86caca812fc993c5eb7dc8ccd1508ffccba86) Co-authored-by: Tim Hatch <tim@timhatch.com>
* [3.10] gh-101997: Update bundled pip version to 23.0.1 (GH-101998). (#102241)Pradyun Gedam2023-03-283-1/+2
| | | (cherry picked from commit 89d9ff0f48c51a85920c7372a7df4a2204e32ea5)
* [3.10] GH-95494: Fix transport EOF handling in OpenSSL 3.0 (GH-95495) (#103007)Miss Islington (bot)2023-03-273-7/+32
| | | | | | | | | | | | | | | | | | | | | | | GH-25309 enabled SSL_OP_IGNORE_UNEXPECTED_EOF by default, with a comment that it restores OpenSSL 1.1.1 behavior, but this wasn't quite right. That option causes OpenSSL to treat transport EOF as the same as close_notify (i.e. SSL_ERROR_ZERO_RETURN), whereas Python actually has distinct SSLEOFError and SSLZeroReturnError exceptions. (The latter is usually mapped to a zero return from read.) In OpenSSL 1.1.1, the ssl module would raise them for transport EOF and close_notify, respectively. In OpenSSL 3.0, both act like close_notify. Fix this by, instead, just detecting SSL_R_UNEXPECTED_EOF_WHILE_READING and mapping that to the other exception type. There doesn't seem to have been any unit test of this error, so fill in the missing one. This had to be done with the BIO path because it's actually slightly tricky to simulate a transport EOF with Python's fd based APIs. (If you instruct the server to close the socket, it gets confused, probably because the server's SSL object is still referencing the now dead fd?) (cherry picked from commit 420bbb783b43216cc897dc8914851899db37a31d) Co-authored-by: David Benjamin <davidben@google.com>
* Update pdb docs for arguments (GH-102965)Miss Islington (bot)2023-03-251-21/+21
| | | | | (cherry picked from commit 027223db96b0464c49a74513f82a1bf25aa510bd) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com>
generated by cgit v0.12 at 2025-02-17 11:33:17 (GMT)