| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 56b5daf15970be449d44e91f08db84c698ac5506)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 3ed1cae9ed9d1f0dd9d68da4b30b731fdf6be768)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
It fixes 252 errors from a Sphinx nitpicky run (sphinx-build -n). But
there's 8182 errors left.
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
(cherry picked from commit 664aa94b570a4a8f3535efb2e3d638a4ab655943)
Co-authored-by: Julien Palard <julien@palard.fr>
|
| |
|
|
|
| |
(cherry picked from commit 29624e769c5c3c1e59c6acc8b69383ead53e8a9f)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
| |
(cherry picked from commit cef91ca80c41749824eca1d4b2c99731e3d5f64c)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
| |
(cherry picked from commit 7cf285d82ec722d4225297366013e924805171f2)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
| |
The PyType_HasFeature() change has been reverted: the static inline
function access directly the PyTypeObject.tp_flags member.
(cherry picked from commit 99c7e9853fa13af414168f179213e3d2fae03a45)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 4f05f15d7b25ef8b690cb94fdc4c8cb5521a4e27)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 0fd66e46b2f472d0d206a185dc8892f4f0347cb6)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
| |
|
|
|
| |
* [3.9] bpo-43882 - Mention urllib.parse changes in Whats new section.
* Add the missing section.
|
| |
|
|
|
| |
(cherry picked from commit 87109f4d85c93a870ee8aa0d2b394547d4636b17)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-25099) (GH-25815)
Reverts commit e653d4d8e820a7a004ad399530af0135b45db27a and makes
parsing even more strict. Like socket.inet_pton() any leading zero
is now treated as invalid input.
Signed-off-by: Christian Heimes <christian@python.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 60ce8f0be6354ad565393ab449d8de5d713f35bc)
|
| |
|
|
|
|
|
|
|
| |
(GH-23096) (GH-25659)
(cherry picked from commit 32980fb669a6857276da18895fcc0cb6f6fbb544)
Co-authored-by: Hai Shi <shihai1992@gmail.com>
Co-authored-by: Hai Shi <shihai1992@gmail.com>
|
| |
|
|
|
|
|
| |
section (GH-22608)
(cherry picked from commit 660592f67c0d825b06eb4a38ccc04b34a1f01f00)
Co-authored-by: Saiyang Gou <gousaiyang@163.com>
|
| |
|
|
| |
since 3.9 (GH-25231) (GH-25233)
|
| |
|
| |
Covers the ftplib security fix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776)
* [3.9] bpo-42967: only use '&' as a query string separator (GH-24297)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl().
urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator.
Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit 1867b462de427bcb8dfbcd256028410aea6ae929)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit aa3a3521cef3998d4f9e7f7ff721163b6e3e5f39)
Co-authored-by: Quentin Hibon <qh.public@yahoo.com>
|
| |
|
|
|
|
|
|
|
| |
* Whatsnew entry in 3.9 same as the one in 3.10.
* versionchanged for typing.Literal docs
Needs backport to 3.9.
(cherry picked from commit e1dc0db8c7cb8c4d7343e051ba85146b375bb8e0)
Co-authored-by: kj <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 7feb54a6348f6220b27986777786c812f110b53d)
Co-authored-by: Dong-hee Na <donghee.na@python.org>
|
| | |
|
| |
|
|
|
|
| |
(cherry picked from commit 67f04878debbcec60191cddbddf9c83e8b9b36fe)
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
|
| | |
|
| |\
| |
| |
| | |
Python 3.9.0
|
| | | |
|
| | |
| |
| |
| | |
(cherry picked from commit 27201cddf3b25be7df25bbe36966531539757d60)
|
| | |
| |
| |
| | |
(cherry picked from commit 1c5d1d7304a119040fd3118128bdb412f0cce6a6)
|
| | |
| |
| |
| |
| | |
(cherry picked from commit 22b7616f26694ac707fd53ece500febfad665426)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| | |
| |
| |
| |
| | |
(cherry picked from commit a33f2c2bae759fc9d06e1c032fd2026135f2df45)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| | |
| |
| |
| |
| | |
(cherry picked from commit 22b7616f26694ac707fd53ece500febfad665426)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| | |
| |
| |
| |
| | |
(cherry picked from commit 9c4eac7f02ddcf32fc1cdaf7c08c37fe9718c1fb)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| | |
| |
| |
| | |
(cherry picked from commit 27201cddf3b25be7df25bbe36966531539757d60)
|
| | |
| |
| |
| | |
(cherry picked from commit 1c5d1d7304a119040fd3118128bdb412f0cce6a6)
|
| |/
|
|
|
| |
(cherry picked from commit a33f2c2bae759fc9d06e1c032fd2026135f2df45)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-40204: Allow pre-Sphinx 3 syntax in the doc (GH-21844)
Enable Sphinx 3.2 "c_allow_pre_v3" option and disable the
c_warn_on_allowed_pre_v3 option to make the documentation compatible
with Sphinx 2 and Sphinx 3.
(cherry picked from commit 423e77d6de497931585d1883805a9e3fa4096b0b)
* bpo-40204: Fix Sphinx sytanx in howto/instrumentation.rst (GH-21858)
Use generic '.. object::' to declare markers, rather than abusing
'.. c:function::' which fails on Sphinx 3.
(cherry picked from commit 43577c01a2ab49122db696e9eaec6cb31d11cc81)
* bpo-40204: Fix duplicates in the documentation (GH-21857)
Fix two Sphinx 3 issues:
Doc/c-api/buffer.rst:304: WARNING: Duplicate C declaration, also defined in 'c-api/buffer'.
Declaration is 'PyBUF_ND'.
Doc/c-api/unicode.rst:1603: WARNING: Duplicate C declaration, also defined in 'c-api/unicode'.
Declaration is 'PyObject* PyUnicode_Translate(PyObject *str, PyObject *table, const char *errors)'.
(cherry picked from commit 46d10b1237c67ff8347f533eda6a5468d098f7eb)
* bpo-40204: Add :noindex: in the documentation (GH-21859)
Add :noindex: to duplicated documentation to fix "duplicate object
description" errors.
For example, fix this Sphinx 3 issue:
Doc/library/configparser.rst:1146: WARNING: duplicate object
description of configparser.ConfigParser.optionxform, other instance
in library/configparser, use :noindex: for one of them
(cherry picked from commit d3ded080482beae578faa704b13534a62d066f9f)
* bpo-40204, doc: Fix syntax of C variables (GH-21846)
For example, fix the following Sphinx 3 errors:
Doc/c-api/buffer.rst:102: WARNING: Error in declarator or parameters
Invalid C declaration: Expected identifier in nested name. [error at 5]
void \*obj
-----^
Doc/c-api/arg.rst:130: WARNING: Unparseable C cross-reference: 'PyObject*'
Invalid C declaration: Expected end of definition. [error at 8]
PyObject*
--------^
The modified documentation is compatible with Sphinx 2 and Sphinx 3.
(cherry picked from commit 474652fe9346382dbf793f20b671eb74668bebde)
* bpo-40204: Fix reference to terms in the doc (GH-21865)
Sphinx 3 requires to refer to terms with the exact case.
For example, fix the Sphinx 3 warning:
Doc/library/pkgutil.rst:71: WARNING: term Loader not found in case
sensitive match.made a reference to loader instead.
(cherry picked from commit bb0b08540cc93e56f3f1bde1b39ce086d9e35fe1)
* bpo-40204: Fix duplicated productionlist names in the doc (GH-21900)
Sphinx 3 disallows having more than one productionlist markup with
the same name. Simply remove names in this case, since names are not
shown anyway. For example, fix the Sphinx 3 warning:
Doc/reference/introduction.rst:96: duplicate token description
of *:name, other instance in reference/expressions
(cherry picked from commit 1abeda80f760134b4233608e2c288790f955b95a)
|
| |
|
|
|
| |
(cherry picked from commit 76643c10ede2813ca921464fe839e81caee21a84)
Co-authored-by: Ram Rachum <ram@rachum.com>
|
| |
|
|
|
| |
(cherry picked from commit af3a6a8caefc2b202c831ab908677c1a4371cc27)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-21474)
GH-msg373510
[bpo-32528]()/GH-13528 changed `asyncio.CancelledError` such that it no longer inherits from `concurrent.futures.CancelledError`. As this affects existing code, specifically when catching the latter instead of the former in exception handling, it should be documented in the "What's new in 3.8?" document.
Automerge-Triggered-By: @1st1
(cherry picked from commit 2a5181829af394b82e8e8c917183c709ee72a2b7)
Co-authored-by: JustAnotherArchivist <JustAnotherArchivist@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit b4a9263)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
|
| |
|
|
|
|
|
| |
asyncio.Task.all_tasks() (GH-20874)
(cherry picked from commit 004e64e8059fe68a72890314673282f2e60d5ce1)
Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
|
| |
|
| |
Automerge-Triggered-By: @pablogsal
|
| | |
|
| |
|
|
|
| |
Co-authored-by: Kyle Stanley <aeros167@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit 2c4928d37edc5e4aeec3c0b79fa3460b1ec9b60d)
|
| |
|
|
|
|
|
|
| |
(GH-20117) (GH-20780)
* Revert "bpo-36543: Remove the xml.etree.cElementTree module. (GH-19108)"
This reverts commit b33e52511a59c6da7132c226b7f7489b092a33eb.
(cherry picked from commit ec88e1bca81a167e6d5c0ac635e22f84298cb1df)
|
| |
|
|
|
| |
(cherry picked from commit 337d3103a2344e1fec75985e85fabcbdedac7d26)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* bpo-40630: Add tracemalloc.reset_peak (GH-20102, cherrypick 8b62644)
The reset_peak function sets the peak memory size to the current size,
representing a resetting of that metric. This allows for recording the
peak of specific sections of code, ignoring other code that may have
had a higher peak (since the most recent `tracemalloc.start()` or
tracemalloc.clear_traces()` call).
* Adjust docs to point to 3.9
|
