summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* 3.7.6rc1v3.7.6rc1Ned Deily2019-12-1160-204/+726
|
* bpo-37228: Fix loop.create_datagram_endpoint()'s usage of SO_REUSEADDR ↵Ned Deily2019-12-114-29/+67
| | | | | | | (GH-17311) (GH-17570) (cherry picked from commit ab513a38c98695f271e448fe2cb7c5e39eeaaaaf) Co-authored-by: Kyle Stanley <aeros167@gmail.com>
* bpo-38943: Fix IDLE autocomplete window not always appearing (GH-17416)Miss Islington (bot)2019-12-103-0/+6
| | | | | | This has happened on some versions of Ubuntu. (cherry picked from commit bbc4162bafe018f07bab0b624b37974cc33daad9) Co-authored-by: JohnnyNajera <58344607+JohnnyNajera@users.noreply.github.com>
* bpo-38944: Escape key now closes IDLE completion windows. (GH-17419)Miss Islington (bot)2019-12-093-1/+5
| | | | | (cherry picked from commit 232689b40d8fcbbac27c8705607ff482ea5b46f8) Co-authored-by: JohnnyNajera <58344607+JohnnyNajera@users.noreply.github.com>
* bpo-34776: Fix dataclasses to support __future__ "annotations" mode ↵Miss Islington (bot)2019-12-094-34/+78
| | | | | | | (GH-9518) (#17532) (cherry picked from commit d219cc4180e7589807ebbef7421879f095e72a98) Co-authored-by: Yury Selivanov <yury@magic.io>
* bpo-39006: Fix asyncio when the ssl module is missing (GH-17524)Miss Islington (bot)2019-12-092-10/+12
| | | | | | | Fix asyncio when the ssl module is missing: only check for ssl.SSLSocket instance if the ssl module is available. (cherry picked from commit 82b4950b5e92bec343a436b3f9c116400b66e1b9) Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-38916: Document array.array deprecation (GH-17523)Miss Islington (bot)2019-12-091-0/+4
| | | | | | | array.array: Document that tostring() and fromstring() deprecated aliases will be removed in Python 3.9. (cherry picked from commit 0381ea79ac2da03179c8512c581cac588b69cff9) Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-38673: dont switch to ps2 if the line starts with comment or whitespace ↵Miss Islington (bot)2019-12-092-0/+7
| | | | | | | | (GH-17421) (GH-17522) https://bugs.python.org/issue38673 (cherry picked from commit 109fc2792a490ee5cd8a423e17d415fbdedec5c8) Co-authored-by: Batuhan Taşkaya <47358913+isidentical@users.noreply.github.com>
* bpo-38547: Fix test_pty if the process is the session leader (GH-17519)Miss Islington (bot)2019-12-092-3/+19
| | | | | | | | Fix test_pty: if the process is the session leader, closing the master file descriptor raises a SIGHUP signal: simply ignore SIGHUP when running the tests. (cherry picked from commit a1838ec2592e5082c75c77888f2a7a3eb21133e5) Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-38669: patch.object now raises a helpful error (GH17511)Miss Islington (bot)2019-12-093-0/+9
| | | | | | This means a clearer message is now shown when patch.object is called with two string arguments, rather than a class and a string argument. (cherry picked from commit cd90a52983db34896a6335a572d55bdda274778f) Co-authored-by: Elena Oat <oat.elena@gmail.com>
* bpo-38979: fix ContextVar "__class_getitem__" method (GH-17497)Miss Islington (bot)2019-12-083-6/+9
| | | | | | | | | | now contextvars.ContextVar "__class_getitem__" method returns ContextVar class, not None. https://bugs.python.org/issue38979 Automerge-Triggered-By: @asvetlov (cherry picked from commit 28c91631c24e53713ad0e8a2bbae716373f5e53d) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
* [3.7] bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190) (GH-17500)Miss Islington (bot)2019-12-074-7/+59
| | | | | | | | | | | | | | | | | | | | | test_openssl_version now accepts version 3.0.0. getpeercert() no longer returns IPv6 addresses with a trailing new line. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38820 (cherry picked from commit 2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244) Co-authored-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38820 Automerge-Triggered-By: @tiran
* bpo-37404: Raising value error if an SSLSocket is passed to asyncio ↵Miss Islington (bot)2019-12-072-0/+12
| | | | | | | | functions (GH-16457) https://bugs.python.org/issue37404 (cherry picked from commit 892f9e0777f262d366d4747a54c33a1c15a49da6) Co-authored-by: idomic <michael.ido@gmail.com>
* [3.7] Make repr of C accelerated TaskWakeupMethWrapper the same as of pure ↵Andrew Svetlov2019-12-072-0/+18
| | | | | | | Python version (GH-17484) (GH-17494) (cherry picked from commit 969ae7aca809a8dacafee04c261110eea0ac1945) Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
* bpo-36820: Break unnecessary cycle in socket.py, codeop.py and dyld.py ↵Miss Islington (bot)2019-12-064-5/+17
| | | | | | | | | | | | (GH-13135) Break cycle generated when saving an exception in socket.py, codeop.py and dyld.py as they keep alive not only the exception but user objects through the ``__traceback__`` attribute. https://bugs.python.org/issue36820 Automerge-Triggered-By: @pablogsal (cherry picked from commit b64334cb93d0ddbb551c8cd712942bab2fc72772) Co-authored-by: Mario Corchero <mcorcherojim@bloomberg.net>
* bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 (GH-17467)Miss Islington (bot)2019-12-042-10/+9
| | | | | | | Use the "volatile" keyword to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. (cherry picked from commit 8b787964e0a647caa0558b7c29ae501470d727d9) Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-33684: json.tool: Use utf-8 for infile and outfile. (GH-17460)Inada Naoki2019-12-043-5/+22
| | | | | (cherry picked from commit 808769f3a4cbdc47cf1a5708dd61b1787bb192d4) Co-authored-by: Inada Naoki <songofacandy@gmail.com>
* bpo-27873: Update docstring for multiprocessing.Pool.map (GH-17436)Miss Islington (bot)2019-12-031-1/+2
| | | | | | | | | | Update docstring for `multiprocessing.Pool.map` to mention `pool.starmap()`. Prev PR: https://github.com/python/cpython/pull/17367 @aeros https://bugs.python.org/issue27873 (cherry picked from commit eb48a451e3844185b9a8751c9badffbddc89689d) Co-authored-by: An Long <aisk@users.noreply.github.com>
* bpo-38945: UU Encoding: Don't let newline in filename corrupt the output ↵Miss Islington (bot)2019-12-024-0/+21
| | | | | | | format (GH-17418) (cherry picked from commit a62ad4730c9b575f140f24074656c0257c86a09a) Co-authored-by: Matthew Rollings <1211162+stealthcopter@users.noreply.github.com>
* bpo-38815: Accept TLSv3 default in min max test (GH-NNNN) (GH-17437)Miss Islington (bot)2019-12-021-2/+8
| | | | | | | | | Make ssl tests less strict and also accept TLSv3 as the default maximum version. This change unbreaks test_min_max_version on Fedora 32. https://bugs.python.org/issue38815 (cherry picked from commit 34864d1cffdbfc620f8517dab9a68ae9a37b8c53) Co-authored-by: torsava <torsava@redhat.com>
* bpo-38449: Add URL delimiters test cases (GH-16729)Miss Islington (bot)2019-12-011-0/+15
| | | | | | | | * bpo-38449: Add tricky test cases * bpo-38449: Reflect codereview (cherry picked from commit 2fe4c48917c2d1b40cf063c6ed22ae2e71f4cb62) Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* document threading.Lock.locked() (GH-17427)Miss Islington (bot)2019-12-011-0/+4
| | | | | (cherry picked from commit fdafa1d0ed0a8930b52ee81e57c931cc4d5c2388) Co-authored-by: idomic <michael.ido@gmail.com>
* bpo-38524: clarify example a bit and improve formatting (GH-17406)Miss Islington (bot)2019-11-281-5/+8
| | | | | (cherry picked from commit 02519f75d15b063914a11351da30178ca4ceb54b) Co-authored-by: Tal Einat <taleinat+github@gmail.com>
* bpo-26730: Fix SpooledTemporaryFile data corruption (GH-17400)Inada Naoki2019-11-284-16/+23
| | | | | | | SpooledTemporaryFile.rollback() might cause data corruption when it is in text mode. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>. (cherry picked from commit ea9835c5d154ab6a54eed627958473b6768b28cc)
* bpo-38524: document implicit and explicit calling of descriptors' ↵Miss Islington (bot)2019-11-271-1/+12
| | | | | | | __set_name__ (GH-17364) (cherry picked from commit 1bddf890e595a865414645c6041733043c4081f8) Co-authored-by: Florian Dahlitz <f2dahlitz@freenet.de>
* [3.7] bpo-38862: IDLE Strip Trailing Whitespace fixes end newlines ↵Terry Jan Reedy2019-11-277-41/+69
| | | | | | | | (GH-17366) (#17379) Extra newlines are removed at the end of non-shell files. If the file only has newlines after stripping other trailing whitespace, all are removed, as is done by patchcheck.py. (cherry picked from commit 6bf644ec82f14cceae68278dc35bafb00875efae) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* bpo-21063: Improve module synopsis for distutils (GH-17363) (#17381)Miss Islington (bot)2019-11-265-9/+9
| | | | | (cherry picked from commit f8a6316778faff3991144c3aec4fa92d7b30a72b) Co-authored-by: Sanchit Khurana <54467174+GeniusLearner@users.noreply.github.com>
* Remove use of deprecated `array.fromstring` method (GH-17332)Miss Islington (bot)2019-11-262-3/+3
| | | | | (cherry picked from commit 386d00cc341b549800776b906bfc6b20ea40c7db) Co-authored-by: David Coles <coles.david@gmail.com>
* bpo-38686: fix HTTP Digest handling in request.py (GH-17045)Miss Islington (bot)2019-11-222-2/+5
| | | | | | | | | | | | | | | | | | | | | | | * fix HTTP Digest handling in request.py There is a bug triggered when server replies to a request with `WWW-Authenticate: Digest` where `qop="auth,auth-int"` rather than mere `qop="auth"`. Having both `auth` and `auth-int` is legitimate according to the `qop-options` rule in §3.2.1 of [[https://www.ietf.org/rfc/rfc2617.txt|RFC 2617]]: > qop-options = "qop" "=" <"> 1GH-qop-value <"> > qop-value = "auth" | "auth-int" | token > **qop-options**: [...] If present, it is a quoted string **of one or more** tokens indicating the "quality of protection" values supported by the server. The value `"auth"` indicates authentication; the value `"auth-int"` indicates authentication with integrity protection This is description confirmed by the definition of the [//n//]`GH-`[//m//]//rule// extended-BNF pattern defined in §2.1 of [[https://www.ietf.org/rfc/rfc2616.txt|RFC 2616]] as 'a comma-separated list of //rule// with at least //n// and at most //m// items'. When this reply is parsed by `get_authorization`, request.py only tests for identity with `'auth'`, failing to recognize it as one of the supported modes the server announced, and claims that `"qop 'auth,auth-int' is not supported"`. * 📜🤖 Added by blurb_it. * bpo-38686 review fix: remember why. * fix trailing space in Lib/urllib/request.py Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com> (cherry picked from commit 14a89c47983f2fb9e7fdf33c769e622eefd3a14a) Co-authored-by: PypeBros <PypeBros@users.noreply.github.com>
* closes bpo-29275: Remove Y2K reference from time module docs (GH-17321)Miss Islington (bot)2019-11-221-10/+5
| | | | | | | | | The Y2K reference is not needed as it only points out that Python's use of C standard functions doesn't generally suffer from Y2K issues; the point regarding conventions for conversion of 2-digit years in :func:`strptime` is still valid. (cherry picked from commit 42bc60ead39c7be9f6bb7329977826e962f601eb) Co-authored-by: Callum Ward <wards.callum@gmail.com>
* bpo-38804: Fix REDoS in http.cookiejar (GH-17157)Miss Islington (bot)2019-11-224-6/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular expression denial of service (REDoS). LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar to parse Set-Cookie headers returned by a server. Processing a response from a malicious HTTP server can lead to extreme CPU usage and execution will be blocked for a long time. The regex contained multiple overlapping \s* capture groups. Ignoring the ?-optional capture groups the regex could be simplified to \d+-\w+-\d+(\s*\s*\s*)$ Therefore, a long sequence of spaces can trigger bad performance. Matching a malicious string such as LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!") caused catastrophic backtracking. The fix removes ambiguity about which \s* should match a particular space. You can create a malicious server which responds with Set-Cookie headers to attack all python programs which access it e.g. from http.server import BaseHTTPRequestHandler, HTTPServer def make_set_cookie_value(n_spaces): spaces = " " * n_spaces expiry = f"1-c-1{spaces}!" return f"b;Expires={expiry}" class Handler(BaseHTTPRequestHandler): def do_GET(self): self.log_request(204) self.send_response_only(204) GH- Don't bother sending Server and Date n_spaces = ( int(self.path[1:]) GH- Can GET e.g. /100 to test shorter sequences if len(self.path) > 1 else 65506 GH- Max header line length 65536 ) value = make_set_cookie_value(n_spaces) for i in range(99): GH- Not necessary, but we can have up to 100 header lines self.send_header("Set-Cookie", value) self.end_headers() if __name__ == "__main__": HTTPServer(("", 44020), Handler).serve_forever() This server returns 99 Set-Cookie headers. Each has 65506 spaces. Extracting the cookies will pretty much never complete. Vulnerable client using the example at the bottom of https://docs.python.org/3/library/http.cookiejar.html : import http.cookiejar, urllib.request cj = http.cookiejar.CookieJar() opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj)) r = opener.open("http://localhost:44020/") The popular requests library was also vulnerable without any additional options (as it uses http.cookiejar by default): import requests requests.get("http://localhost:44020/") * Regression test for http.cookiejar REDoS If we regress, this test will take a very long time. * Improve performance of http.cookiejar.ISO_DATE_RE A string like "444444" + (" " * 2000) + "A" could cause poor performance due to the 2 overlapping \s* groups, although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was. (cherry picked from commit 1b779bfb8593739b11cbb988ef82a883ec9d077e) Co-authored-by: bcaller <bcaller@users.noreply.github.com>
* bpo-22367: Update test_fcntl.py for spawn process mode (GH-17154) (GH-17253)Miss Islington (bot)2019-11-221-9/+19
| | | | | (cherry picked from commit 9960230f76eb555d6dfbe8a324efed35610c85f9) Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* bpo-36854: Fix reference counter in PyInit__testcapi() (GH-17338)Miss Islington (bot)2019-11-221-2/+5
| | | | | | | Increment properly Py_True/Py_False reference counter for _testcapi.WITH_PYMALLOC variable. (cherry picked from commit 84c36c152a2bdf98f9cc7ce0e1db98e1f442a05e) Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.7] bpo-16576: Add checks for bitfields passed by value to functions. ↵Miss Islington (bot)2019-11-213-7/+145
| | | | | (GH-17097) (GH-17224) (cherry picked from commit 106271568c58cfebae58f0c52b640dbe716ba2ce)
* bpo-37838: get_type_hints for wrapped functions with forward reference ↵Miss Islington (bot)2019-11-214-1/+28
| | | | | | | | (GH-17126) https://bugs.python.org/issue37838 (cherry picked from commit 0aca3a3a1e68b4ca2d334ab5255dfc267719096e) Co-authored-by: benedwards14 <53377856+benedwards14@users.noreply.github.com>
* bpo-36277: Add document for pdb debug and retval commands (GH-12872)Miss Islington (bot)2019-11-211-0/+8
| | | | | | | | https://bugs.python.org/issue36277 Automerge-Triggered-By: @csabella (cherry picked from commit 9391f6c3ef24f7962c534c42ccb792debdbef509) Co-authored-by: Dave Nguyen <dv@dvnguyen.com>
* Fixed an incorrect sentence in the docs (GH-17205)Miss Islington (bot)2019-11-211-2/+1
| | | | | | | | | | | Fixed an incorrect sentence in Doc/c-api/mapping.rst I fell on while translating the file. skip issue Automerge-Triggered-By: @csabella (cherry picked from commit 06ca2a2be9374ac390e9407685ccce941ab9ffa2) Co-authored-by: Aveheuzed <a.masson555@ntymail.com>
* bpo-38821: Fix crash in argparse when using gettext (GH-17192)Miss Islington (bot)2019-11-202-2/+4
| | | | | (cherry picked from commit be5c79e0338005d675a64ba6e5b137e850d556d1) Co-authored-by: Federico Bond <federicobond@gmail.com>
* bpo-38823: Fix refleak in _tracemalloc init error handling (GH-17235)Miss Islington (bot)2019-11-201-1/+3
| | | | | (cherry picked from commit d51a363a4379385fdfe9c09a56324631465ede29) Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
* bpo-38823: Fix refleak in marshal init error path (GH-17260)Miss Islington (bot)2019-11-201-1/+4
| | | | | (cherry picked from commit 33b671e72450bf4b5a946ce0dde6b7fe21150108) Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
* bpo-38636: Fix IDLE tab toggle and file indent width (GH-17008)Miss Islington (bot)2019-11-205-6/+48
| | | | | | | These Format menu functions (default shortcuts Alt-T and Alt-U) were mistakenly disabled in 3.7.5 and 3.8.0. (cherry picked from commit b8462477bfd01ff21461065d5063e6b0238ca809) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* bpo-38823: Fix refleaks in faulthandler init error path on Windows (GH-17250)Miss Islington (bot)2019-11-191-10/+21
| | | | | (cherry picked from commit ac2235432c607ce2c0faf6dff5d9b2534d2f6652) Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
* bpo-35409: Ignore GeneratorExit in async_gen_athrow_throw (GH-14755)Miss Islington (bot)2019-11-193-0/+40
| | | | | | | | Ignore `GeneratorExit` exceptions when throwing an exception into the `aclose` coroutine of an asynchronous generator. https://bugs.python.org/issue35409 (cherry picked from commit 8e0de2a4808d7c2f4adedabff89ee64e0338790a) Co-authored-by: Vincent Michel <vxgmichel@gmail.com>
* bpo-38809: Windows build scripts use python.exe from virtual envs (GH-17164)Miss Islington (bot)2019-11-182-0/+5
| | | | | | https://bugs.python.org/issue38809 (cherry picked from commit ee703cbb418b7458bebb1d26a5e19d6b55280b28) Co-authored-by: Tal Einat <taleinat+github@gmail.com>
* Correct the description of the 3.7 change in urllib.parse.quote (GH-17065)Miss Islington (bot)2019-11-181-1/+1
| | | | | | `~` is now treated as an unreserved character (i.e. it doesn't get quoted), not a reserved one. (cherry picked from commit f49f6baa6bf7916ac039194c24b59d2eff5b180a) Co-authored-by: Роман Донченко <dpb@corrigendum.ru>
* bpo-38823: Clean up refleaks in _tkinter initialization. (GH-17206)Miss Islington (bot)2019-11-181-0/+2
| | | | | | https://bugs.python.org/issue38823 (cherry picked from commit 289cf0fbf78c4f38c38ac71ac8b772be7ec2672f) Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
* [3.7] bpo-38830: Correct slot signature in Qt example. (GH-17220) (GH-17222)Vinay Sajip2019-11-181-0/+396
| | | (cherry picked from commit 5383956583bb758f3828513bcdd011871f24a0e8)
* bpo-38678: Improve argparse example in tutorial (GH-17207) (GH-17213)Miss Islington (bot)2019-11-182-16/+20
| | | | | (cherry picked from commit 04c79d6088a22d467f04dbe438050c26de22fa85) Co-authored-by: Raymond Hettinger <rhettinger@users.noreply.github.com>
* bpo-25866: Minor cleanups to "sequence" in docs (GH-17177) (GH-17209)Miss Islington (bot)2019-11-171-5/+9
| | | | | (cherry picked from commit 4544e78ec4558b75bf95e5b7dfc1b5bbb07ae5f0) Co-authored-by: alclarks <57201106+alclarks@users.noreply.github.com>
* bpo-38823: Clean up refleaks in _contextvars initialization. (GH-17198)Miss Islington (bot)2019-11-171-0/+3
| | | | | | https://bugs.python.org/issue38823 (cherry picked from commit 143a97f64128070386b12a0ee589bdaad5e51f40) Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
generated by cgit v0.12 at 2026-01-08 07:23:52 (GMT)