summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Python 3.10.16v3.10.16Pablo Galindo2024-12-0310-17/+64
|
* [3.10] gh-122792: Make IPv4-mapped IPv6 address properties consistent with ↵Miss Islington (bot)2024-12-033-5/+49
| | | | | | | | | IPv4 (GH-122793) (GH-123819) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d18312712baed4699fe7333abb050ec9b7) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] gh-126623: Update libexpat to 2.6.4, make future updates easier ↵Seth Michael Larson2024-12-025-11/+80
| | | | | (GH-126792) (GH-126799) (cherry picked from commit 3c9996909402fadc98e6ca2a64e75a71a7427352)
* [3.10] gh-103848: Adds checks to ensure that bracketed hosts found by ↵Victor Stinner2024-12-023-1/+43
| | | | | | | | urlsplit are of IPv6 or IPvFuture format (#103849) (#126975) Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit 29f348e232e82938ba2165843c448c2b291504c5) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>
* [3.10] gh-127359: Pin Tcl/Tk to 8 (8.6) for testing macOS (GH-127365) (#127408)Hugo van Kemenade2024-11-301-1/+4
|
* [3.10] gh-113027: Fix test_variable_tzname in test_email (GH-113821) (#126438)Petr Viktorin2024-11-051-0/+2
|
* [3.10] gh-124651: Quote template strings in `venv` activation scripts ↵Victor Stinner2024-11-047-20/+134
| | | | | (GH-124712) (GH-126185) (GH-126269) (GH-126300) (cherry picked from commit ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97)
* [3.10] gh-125529: Avoid f-strings in the metagrammar (#125582)Petr Viktorin2024-10-222-2/+2
| | | | | | | | | | | | | Grammar actions need to be valid Python tokens and the accepted tokens need to be listed in the actions mini-grammar). In Python 3.12+ (PEP 701), f-strings are no longer STRING tokens, so pegen fails to regenerate the metaparser on this Python version, as in: PYTHON_FOR_REGEN=python3.12 make regen-pegen-metaparser Use `+` and plain strings rather than f-strings. Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
* [3.10] gh-125041: gh-90781: test_zlib: For s390x HW acceleration, skip ↵Petr Viktorin2024-10-222-2/+22
| | | | | | | | | | | | checking the compressed bytes (GH-125042) (#125585) gh-125041: gh-90781: test_zlib: For s390x HW acceleration, skip checking the compressed bytes (GH-125042) This backports two commits: - GH-31096 skipped the tests unconditionally - GH-125042 skips only the possibly-failing assertion (cherry picked from commit cc5a225cdc2a5d4e035dd08d59cef39182c10a6c)
* [3.10] gh-107902: gh-108948: Don't test setting suid/sgid/sticky on systems ↵Petr Viktorin2024-10-221-15/+39
| | | | | | | | | | | | | | that don't support them (GH-108368) (GH-109697) (#125255) * gh-107902: Don't test setting suid/sgid on systems that don't support them (GH-108368) * gh-108948: Skip test_tarfile.test_modes() on EFTYPE error (#109697) On FreeBSD, regular users cannot set the sticky bit. Skip the test if chmod() fails with EFTYPE error. --------- Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.10] gh-100005: Skip test_script_as_dev_fd() on FreeBSD (GH-100006) (#125109)Miss Islington (bot)2024-10-222-1/+4
| | | | | | | | | | gh-100005: Skip test_script_as_dev_fd() on FreeBSD (GH-100006) On FreeBSD, skip test_script_as_dev_fd() of test_cmd_line_script if fdescfs is not mounted (at /dev/fd). (cherry picked from commit 038b151963d9d4a5f4c852544fb5b0402ffcb218) Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Petr Viktorin <encukou@gmail.com>
* [3.10] gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) ↵Miss Islington (bot)2024-10-222-3/+10
| | | | | | | | | | | | | | | | (#125106) [3.11] gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) (GH-109427) gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode (GH-109423) Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. (cherry picked from commit e091b9f20fa8e409003af79f3c468b8225e6dcd3) (cherry picked from commit f7bfac4b3dd30920f97a542fd78c355ce62aa267) Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Petr Viktorin <encukou@gmail.com>
* [3.10] gh-89452: GHA: Set --with-dbmliborder to avoid issues with homebrew's ↵Petr Viktorin2024-10-081-1/+3
| | | | | | | | | | | | gdbm 1.24 (#125112) Per https://github.com/python/cpython/issues/89452#issuecomment-1116329316, the issue is fixed in configure for 3.11+, and > For older Python versions, the workaround is to build with: > > ./configure --with-dbmliborder=gdbm:ndbm We need this workaround in GitHub Actions, otherwise the tests fail.
* Post 3.10.15Pablo Galindo2024-09-071-1/+1
|
* Python 3.10.15v3.10.15Pablo Galindo2024-09-0724-61/+222
|
* [3.10] [CVE-2023-27043] gh-102988: Reject malformed addresses in ↵Petr Viktorin2024-09-065-21/+371
| | | | | | | | | | | | | | email.parseaddr() (GH-111116) (#123768) Detect email address parsing errors and return empty tuple to indicate the parsing error (old API). Add an optional 'strict' parameter to getaddresses() and parseaddr() functions. Patch by Thomas Dwyer. (cherry picked from commit 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19) Co-authored-by: Victor Stinner <vstinner@python.org> Co-Authored-By: Thomas Dwyer <github@tomd.tel>
* [3.10] gh-123678: Upgrade libexpat 2.6.3 (#123710)Seth Michael Larson2024-09-054-15/+36
| | | (cherry picked from commit fdc04ad75a410ed3af99edfc32c38b5fc3375f52)
* [3.10] gh-123693: Use platform-agnostic semantics when processing ↵Jason R. Coombs2024-09-053-4/+2
| | | | | | | | | | zipfile.Path.name. (#123694) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286d78d328c2f575e0b05b16fe447d1656d6) (cherry picked from commit 17b77bb) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* [3.10] gh-123270: Replaced SanitizedNames with a more surgical fix. ↵Jason R. Coombs2024-09-043-67/+81
| | | | | | | | | | (GH-123354) (#123426) Applies changes from zipp 3.20.1 and jaraco/zippGH-124 (cherry picked from commit 2231286d78d328c2f575e0b05b16fe447d1656d6) (cherry picked from commit 17b77bb) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* [3.10] gh-112275: Fix HEAD_LOCK deadlock in child process after fork ↵Miss Islington (bot)2024-09-042-5/+8
| | | | | | | | | | (GH-112336) (#123687) HEAD_LOCK is called from _PyEval_ReInitThreads->_PyThreadState_DeleteExcept before _PyRuntimeState_ReInitThreads reinit runtime->interpreters.mutex which might be locked before fork. (cherry picked from commit 522799a05e3e820339718151ac055af6d864d463) Co-authored-by: ChuBoning <102216855+ChuBoning@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] gh-119690: Fixes buffer type confusion in _winapi.CreateFile and ↵Steve Dower2024-09-042-2/+4
| | | | | _winapi.CreateNamedPipe audit events (#119735) gh-119690: Fixes buffer type confusion in _winapi.CreateFile and _winapi.CreateNamedPipe audit events
* [3.10] gh-123067: Fix quadratic complexity in parsing "-quoted cookie values ↵Miss Islington (bot)2024-09-043-26/+47
| | | | | | | | with backslashes (GH-123075) (#123106) This fixes CVE-2024-7592. (cherry picked from commit 44e458357fca05ca0ae2658d62c8c595b048b5ef) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.10] gh-67693: Fix urlunparse() and urlunsplit() for URIs with path ↵Serhiy Storchaka2024-09-043-4/+70
| | | | | starting with multiple slashes and no authority (GH-113563) (#119026) (cherry picked from commit e237b25a4fa5626fcd1b1848aa03f725f892e40e)
* [3.10] gh-121650: Encode newlines in headers, and verify headers are sound ↵Łukasz Langa2024-09-0410-4/+162
| | | | | | | | | | | | | | | | | | | | | | | | (GH-122233) (#122609) Per RFC 2047: > [...] these encoding schemes allow the > encoding of arbitrary octet values, mail readers that implement this > decoding should also ensure that display of the decoded data on the > recipient's terminal will not cause unwanted side-effects It seems that the "quoted-word" scheme is a valid way to include a newline character in a header value, just like we already allow undecodable bytes or control characters. They do need to be properly quoted when serialized to text, though. This should fail for custom fold() implementations that aren't careful about newlines. (cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384) Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.10] gh-121285: Remove backtracking when parsing tarfile headers ↵Seth Michael Larson2024-09-033-38/+111
| | | | | | | | | | | | (GH-121286) (#123640) * Remove backtracking when parsing tarfile headers * Rewrite PAX header parsing to be stricter * Optimize parsing of GNU extended sparse headers v0.0 (cherry picked from commit 34ddb64d088dd7ccc321f6103d23153256caa5d4) Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru> Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (#123160)Jason R. Coombs2024-08-223-1/+78
| | | | | | | | | | | | | | | | [3.10] [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (GH-122925) * gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) * [3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) Ported from zipp 3.19.1; ref jaraco/zippGH-119. (cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932) (cherry picked from commit 795f2597a4be988e2bb19b69ff9958e981cb894e)
* [3.10] gh-122133: Rework pure Python socketpair tests to avoid use of ↵Miss Islington (bot)2024-08-022-77/+64
| | | | | | | | importlib.reload. (GH-122493) (GH-122507) (cherry picked from commit f071f01b7b7e19d7d6b3a4b0ec62f820ecb14660) Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-122133: Authenticate socket connection for `socket.socketpair()` ↵Miss Islington (bot)2024-07-303-3/+147
| | | | | | | | | | fallback (GH-122134) (#122427) Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion). (cherry picked from commit 78df1043dbdce5c989600616f9f87b4ee72944e5) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-121957: Emit audit events for python -i and python -m asyncio ↵Łukasz Langa2024-07-225-0/+23
| | | | (GH-122119)
* [3.10] gh-112769: test_zlib: test_zlib: Fix comparison of ↵Ned Deily2024-05-282-12/+18
| | | | | | | | | | ZLIB_RUNTIME_VERSION with non-int suffix (GH-112771) (#119565) [3.10] gh-112769: test_zlib: test_zlib: Fix comparison of ZLIB_RUNTIME_VERSION with non-int suffix zlib-ng defines the version as "1.3.0.zlib-ng". (cherry picked from commit d384813) Co-authored-by: Miro Hrončok miro@hroncok.cz
* [3.10] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (GH-118740)Steve Dower2024-05-246-3/+107
| | | Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] gh-100454: Fix running SSL tests with OpenSSL 3.1+ (GH-100456) ↵Dimitri John Ledkov2024-05-072-4/+5
| | | | | | | (GH-118262) This fixes Ubuntu pipeline with OpenSSL 3.1+ Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
* [3.10] gh-113171: gh-65056: Fix "private" (non-global) IP address ranges ↵Petr Viktorin2024-05-075-22/+184
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (GH-113179) (GH-113186) (GH-118177) (GH-118229) The _private_networks variables, used by various is_private implementations, were missing some ranges and at the same time had overly strict ranges (where there are more specific ranges considered globally reachable by the IANA registries). This patch updates the ranges with what was missing or otherwise incorrect. 100.64.0.0/10 is left alone, for now, as it's been made special in [1]. The _address_exclude_many() call returns 8 networks for IPv4, 121 networks for IPv6. [1] https://github.com/python/cpython/issues/61602 In 3.10 and below, is_private checks whether the network and broadcast address are both private. In later versions (where the test wss backported from), it checks whether they both are in the same private network. For 0.0.0.0/0, both 0.0.0.0 and 255.225.255.255 are private, but one is in 0.0.0.0/8 ("This network") and the other in 255.255.255.255/32 ("Limited broadcast"). --------- Co-authored-by: Jakub Stasiak <jakub@stasiak.at>
* [3.10] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118186)Seth Michael Larson2024-05-074-16/+37
| | | (cherry picked from commit c9829eec0883a8991ea4d319d965e123a3cf6c20)
* [3.10] gh-114539: Clarify implicit launching of shells by subprocess ↵Miss Islington (bot)2024-05-071-2/+10
| | | | | | | (GH-117996) (GH-118004) (cherry picked from commit a4b44d39cd6941cc03590fee7538776728bdfd0a) Co-authored-by: Steve Dower <steve.dower@python.org>
* [3.10] gh-116773: Fix overlapped memory corruption crash (GH-116774) (GH-117079)jkriegshauser2024-03-274-12/+71
| | | Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] gh-117187: Fix XML tests for vanilla Expat <2.6.0 (GH-117203) (GH-117246)Miss Islington (bot)2024-03-273-9/+9
| | | | | This fixes XML unittest fallout from the https://github.com/python/cpython/issues/115398 security fix. When configured using `--with-system-expat` on systems with older pre 2.6.0 versions of libexpat, our unittests were failing. Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
* Post 3.10.14Łukasz Langa2024-03-191-1/+1
|
* Python 3.10.14v3.10.14Łukasz Langa2024-03-1918-39/+151
|
* [3.10] gh-115197: Stop resolving host in urllib.request proxy bypass ↵Miss Islington (bot)2024-03-193-44/+64
| | | | | | | | (GH-115210) (GH-116070) Use of a proxy is intended to defer DNS for the hosts to the proxy itself, rather than a potential for information leak of the host doing DNS resolution itself for any reason. Proxy bypass lists are strictly name based. Most implementations of proxy support agree. (cherry picked from commit c43b26d02eaa103756c250e8d36829d388c5f3be) Co-authored-by: Weii Wang <weii.wang@canonical.com>
* [3.10] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) ↵Sebastian Pipping2024-03-0614-19/+435
| | | | | | | | | | | | | | | | | | (GH-115623) (GH-116270) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-115399: Document CVE-2023-52425 under "XML vulnerabilities" ↵Miss Islington (bot)2024-02-212-0/+14
| | | | | | | | (GH-115400) (GH-115762) Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities" (cherry picked from commit fbd40ce46e7335a5dbaf48a3aa841be22d7302ba) Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
* [3.10] gh-114572: Fix locking in cert_store_stats and get_ca_certs ↵Miss Islington (bot)2024-02-202-5/+64
| | | | | | | | | | | | | | | | | | | | | | | | (GH-114573) (#115548) gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573) * gh-114572: Fix locking in cert_store_stats and get_ca_certs cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with X509_STORE_get0_objects, but reading the result requires a lock. See https://github.com/openssl/openssl/pull/23224 for details. Instead, use X509_STORE_get1_objects, newly added in that PR. X509_STORE_get1_objects does not exist in current OpenSSLs, but we can polyfill it with X509_STORE_lock and X509_STORE_unlock. * Work around const-correctness problem * Add missing X509_STORE_get1_objects failure check * Add blurb (cherry picked from commit bce693111bff906ccf9281c22371331aaff766ab) Co-authored-by: David Benjamin <davidben@google.com>
* [3.10] Upgrade bundled libexpat to 2.6.0 (GH-115399) (GH-115468) (#115473)Miss Islington (bot)2024-02-1913-262/+403
| | | | | | Manual backport due to code differences. (cherry picked from commit e071b0d558b2f5cddd5a9fc6afadb4ba109ec77e) Co-authored-by: Seth Michael Larson <seth@python.org>
* [3.10] gh-97032: avoid test_squeezer crash on macOS buildbots (#115508)Ned Deily2024-02-191-0/+1
| | | avoid test_squeezer crash on macOS buildbots
* [3.10] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) ↵Miss Islington (bot)2024-02-192-22/+38
| | | | | | | | | | | (#115525) gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. (cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.10] gh-105821: Use a raw f-string in test_httpservers.py (GH-105822) ↵Miss Islington (bot)2024-02-161-2/+2
| | | | (#115519)
* [3.10] Add missing sections to blurbs (GH-114553) (#115338)Miss Islington (bot)2024-02-143-0/+3
|
* [3.10] gh-46968: Fix invalid reference to Sound eXchange (SoX) 12.17.7 ↵Łukasz Langa2024-02-062-47/+48
| | | | | | | license (GH-115094) (GH-115096) (cherry picked from commit b39119916c0daaf5e5fdfec63e18ad97f29e2e72) Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) (#115079)Miss Islington (bot)2024-02-063-2/+3
| | | | | | gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) (cherry picked from commit 618d7256e78da8200f6e2c6235094a1ef885dca4) Co-authored-by: Zachary Ware <zach@python.org>
generated by cgit v0.12 at 2026-04-05 08:06:49 (GMT)