| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
& features (GH-92529) (GH-92610)
(cherry picked from commit f1bbcba74f77eff2a4c0881f3d529f3bf0664d40)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
| |
See: https://mail.python.org/archives/list/docs@python.org/thread/KDVFGNGGUGGPVRZT7WZYHHWXCRS2GEN7/
(cherry picked from commit b77a95f44a024d1afab28e380252aa6d9c4efb1c)
Co-authored-by: Julien Palard <julien@palard.fr>
|
| |
|
|
|
|
|
| |
(GH-29383)
(cherry picked from commit 1ecfe3d5ae4ddec4e73a6cfc93fed6df43fe0be5)
Co-authored-by: Christian Clauss <cclauss@me.com>
|
| |
|
|
|
| |
(cherry picked from commit 9a0d941df4c3e1efb8b3017cd2c2de17e582fd5c)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
| |
Co-authored-by: ImgBotApp <ImgBotHelp@gmail.com>
(cherry picked from commit ba650af7d660084e08859dd1ee1917cccee24e88)
Co-authored-by: Manish Kumar ⛄ <manishprivet@protonmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 4f05f15d7b25ef8b690cb94fdc4c8cb5521a4e27)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Replace old names when they refer to actual versions of macOS.
Keep historical names in references to older versions.
Co-authored-by: Patrick Reader <_@pxeger.com>
(cherry picked from commit 36122e18148c5b6c78ebce1d36d514fd7cf250f5)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit d28b34695301ec99a9334ad8d69b6092f4f703d5)
Co-authored-by: Andre Delfino <adelfino@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This lease on this domain has lapsed. This not only makes these dead links, but a potential attack vector for readers of python.org as the domain can be obtained by an untrustworthy party.
I considered redirecting these links to http://mingw-w64.org/ which is a maintained fork of mingw, but beyond my unfamiliarity with the exact level of compatibility, at the time of this PR that site had an expired cert and so is not much of a vulnerability fix.
Automerge-Triggered-By: GH:Mariatta
(cherry picked from commit 743932d50815edbe4ffd530ae091c53ae47dd34b)
Co-authored-by: Jeremy Paige <ucodery@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 1ba08a121a25fcf7c947d8d37e72e46dae59168c)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 3584d4b64a5373440f78237eac734831cfd83f79)
Co-authored-by: Andre Delfino <adelfino@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit db68544122f5a0c7b80f69c0e643049efa6699c6)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
| |
(GH-22113) (GH-23232)
It was added in 3.9, not 3.8.
|
| |
|
|
|
| |
(cherry picked from commit ff1ae3dd334faa2006394c2318db385cdc42030a)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
|
| |
(cherry picked from commit ebc8c3828779374b9be4fae5c8ffc0059d36ac8c)
Co-authored-by: Saiyang Gou <gousaiyang@163.com>
|
| |
|
|
|
|
|
| |
(GH-20605) (GH-20725)
(cherry picked from commit 8f023a2f664f902a3d0b7a6f64d63afc0d1c15ae)
Co-authored-by: Sandro Mani <manisandro@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit c8966667bbdb284c3780ef6cec8a3870935a6bb7)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit ef16958d17e83723334a51428f410f726d6492a7)
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
|
| |
|
|
|
|
| |
(cherry picked from commit 7864f11cdf12807555d62c7a132c191eb41ecc02)
Co-authored-by: Andre Delfino <adelfino@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Rename PyConfig.use_peg to _use_peg_parser
* Document PyConfig._use_peg_parser and mark it a deprecated
* Mark -X oldparser option and PYTHONOLDPARSER env var as deprecated
in the documentation.
* Add use_old_parser() and skip_if_new_parser() to test.support
* Remove sys.flags.use_peg: use_old_parser() uses
_testinternalcapi.get_configs() instead.
* Enhance test_embed tests
* subprocess._args_from_interpreter_flags() copies -X oldparser
|
| |
|
|
| |
Co-authored-by: Guido van Rossum <guido@python.org>
Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
|
| | |
|
| |
|
|
| |
Fix typo in cmdline.rst
Add space between the `-m` option and the module name (`timeit`).
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove:
* COUNT_ALLOCS macro
* sys.getcounts() function
* SHOW_ALLOC_COUNT code in listobject.c
* SHOW_TRACK_COUNT code in tupleobject.c
* PyConfig.show_alloc_count field
* -X showalloccount command line option
* @test.support.requires_type_collecting decorator
|
| |
|
| |
Co-Authored-By: Kyle Stanley <aeros167@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-17359)
The previously documented use of `.` is considered deprecated (https://fishshell.com/docs/current/commands.html#source).
https://bugs.python.org/issue38899
Automerge-Triggered-By: @brettcannon
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Attempt to make isolated mode easier to discover via additional inline documentation.
Co-Authored-By: Julien Palard <julien@palard.fr>
|
| |
|
|
| |
(GH-15269)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Move the Editors and IDE section out of the Unix section, to its own section.
https://bugs.python.org/issue37610
|
| | |
|
| |
|
| |
Add a versionadded for PS Core and note that `.venv` is a common virtual environment name.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
In development mode and in debug build, encoding and errors arguments
are now checked on string encoding and decoding operations. Examples:
open(), str.encode() and bytes.decode().
By default, for best performances, the errors argument is only
checked at the first encoding/decoding error, and the encoding
argument is sometimes ignored for empty strings.
|
| |
|
|
|
|
|
| |
Add --upgrade-deps to venv module
- This allows for pip + setuptools to be automatically upgraded to the latest version on PyPI
- Update documentation to represent this change
bpo-34556: Add --upgrade to venv module
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
highlightlang is deprecated since April 2018 in Sphinx.
See https://github.com/sphinx-doc/sphinx/pull/4845
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release build and debug build are now ABI compatible: the Py_DEBUG
define no longer implies Py_TRACE_REFS define which introduces the
only ABI incompatibility.
A new "./configure --with-trace-refs" build option is now required to
get Py_TRACE_REFS define which adds sys.getobjects() function and
PYTHONDUMPREFS environment variable.
Changes:
* Add ./configure --with-trace-refs
* Py_DEBUG no longer implies Py_TRACE_REFS
|
| |
|
|
|
| |
(GH-7849)
Since bpo-30291 it is possible to specify the architecture of Python when using the launcher
|
| |
|
|
|
| |
In development mode (-X dev) and in debug build, the io.IOBase
destructor now logs close() exceptions. These exceptions are silent
by default in release mode.
|
| |
|
| |
Document usage of the existing `--prompt` option in the command line help.
|
