summaryrefslogtreecommitdiffstats
path: root/Include
Commit message (Collapse)AuthorAgeFilesLines
* Python 3.11.13v3.11.13Pablo Galindo2025-06-031-2/+2
|
* [3.11] gh-133767: Fix use-after-free in the unicode-escape decoder with an ↵Serhiy Storchaka2025-06-022-0/+17
| | | | | | | | | | | | | | | | | | | error handler (GH-129648) (GH-133944) (GH-134341) If the error handler is used, a new bytes object is created to set as the object attribute of UnicodeDecodeError, and that bytes object then replaces the original data. A pointer to the decoded data will became invalid after destroying that temporary bytes object. So we need other way to return the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). _PyBytes_DecodeEscape() does not have such issue, because it does not use the error handlers registry, but it should be changed for compatibility with _PyUnicode_DecodeUnicodeEscapeInternal(). (cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) (cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) (cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Post 3.11.12Pablo Galindo2025-04-081-1/+1
|
* Python 3.11.12v3.11.12Pablo Galindo2025-04-081-2/+2
|
* Post 3.11.11Pablo Galindo2024-12-031-1/+1
|
* Python 3.11.11v3.11.11Pablo Galindo2024-12-031-2/+2
|
* Post 3.11.10Pablo Galindo2024-09-071-1/+1
|
* Python 3.11.10v3.11.10Pablo Galindo2024-09-071-2/+2
|
* Post 3.11.9Pablo Galindo2024-04-021-1/+1
|
* Python 3.11.9v3.11.9Pablo Galindo2024-04-021-2/+2
|
* [3.11] gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows ↵Serhiy Storchaka2024-03-212-5/+22
| | | | | | | | 64-bit platforms (GH-117064) (GH-117070) (GH-117075) (cherry picked from commit da2f9d1417a7d28df6e1ced87d64ecf28acb0a5f) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 519b2ae22b54760475bbf62b9558d453c703f9c6)
* [3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) ↵Sebastian Pipping2024-03-061-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | (GH-115623) (#116268) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from #115138 (comment) . - Please treat as a security fix related to CVE-2023-52425. (cherry picked from commit 6a95676) (cherry picked from commit 73807eb) (cherry picked from commit eda2963) --------- Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>
* Post 3.11.8Pablo Galindo2024-02-061-1/+1
|
* Python 3.11.8v3.11.8Pablo Galindo2024-02-061-2/+2
|
* [3.11] gh-106905: Use separate structs to track recursion depth in each ↵Serhiy Storchaka2023-12-251-2/+2
| | | | | | | | | PyAST_mod2obj call. (GH-113035) (GH-113472) (GH-113476) (cherry picked from commit 48c49739f5502fc7aa82f247ab2e4d7b55bdca62) (cherry picked from commit d58a5f453f59f44ccf09b1a9b11a0b879ac6f35b) Co-authored-by: Yilei Yang <yileiyang@google.com> Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
* Post 3.11.7Pablo Galindo2023-12-041-1/+1
|
* Python 3.11.7v3.11.7Pablo Galindo2023-12-041-2/+2
|
* [3.11] gh-107450: Check for overflow in the tokenizer and fix overflow test ↵Lysandros Nikolaou2023-10-171-19/+20
| | | | | | | | (GH-110832) (#110939) (cherry picked from commit a1ac5590e0f8fe008e5562d22edab65d0c1c5507) Co-authored-by: Filipe Laíns <lains@riseup.net> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Post 3.11.6Pablo Galindo2023-10-021-1/+1
|
* Python 3.11.6v3.11.6Pablo Galindo2023-10-021-2/+2
|
* [3.11] gh-108987: Fix _thread.start_new_thread() race condition (#109135) ↵Victor Stinner2023-09-111-0/+2
| | | | | | | | | | | | | | | | | | | (#109272) gh-108987: Fix _thread.start_new_thread() race condition (#109135) Fix _thread.start_new_thread() race condition. If a thread is created during Python finalization, the newly spawned thread now exits immediately instead of trying to access freed memory and lead to a crash. thread_run() calls PyEval_AcquireThread() which checks if the thread must exit. The problem was that tstate was dereferenced earlier in _PyThreadState_Bind() which leads to a crash most of the time. Move _PyThreadState_CheckConsistency() from thread_run() to _PyThreadState_Bind(). (cherry picked from commit 517cd82ea7d01b344804413ef05610934a43a241)
* [3.11] gh-104690: thread_run() checks for tstate dangling pointer (#109056) ↵Victor Stinner2023-09-081-0/+4
| | | | | | | | | | | | | | (#109134) gh-104690: thread_run() checks for tstate dangling pointer (#109056) thread_run() of _threadmodule.c now calls _PyThreadState_CheckConsistency() to check if tstate is a dangling pointer when Python is built in debug mode. Rename ceval_gil.c is_tstate_valid() to _PyThreadState_CheckConsistency() to reuse it in _threadmodule.c. (cherry picked from commit f63d37877ad166041489a968233b57540f8456e8)
* [3.11] [3.12] gh-63760: Don't declare gethostname() on Solaris (GH-108817) ↵Miss Islington (bot)2023-09-031-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | (GH-108824) (#108832) [3.12] gh-63760: Don't declare gethostname() on Solaris (GH-108817) (GH-108824) gh-63760: Don't declare gethostname() on Solaris (GH-108817) Since 2005, Solaris defines gethostname(). socketmodule.c no longer has to define gethostname() for Solaris. Oracle Solaris and OpenSolaris have patches to remove the gethostname() definition in Python: * https://github.com/oracle/solaris-userland/blob/master/components/python/python37/patches/15-gethostname.patch * https://github.com/OpenIndiana/oi-userland/blob/oi/hipster/components/python/python37/patches/15-gethostname.patch * https://github.com/omniosorg/omnios-build/blob/master/build/python27/patches/24-gethostname.patch (cherry picked from commit 7269916cd7b89b5e6f20bfe83ebe1038bda56b4b) Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Jakub Kulík <Kulikjak@gmail.com> (cherry picked from commit 0e6d582b3b73a88e71cae04327b31a1ee203722c) Co-authored-by: Victor Stinner <vstinner@python.org>
* Post 3.11.5Pablo Galindo2023-08-241-1/+1
|
* Python 3.11.5v3.11.5Pablo Galindo2023-08-241-2/+2
|
* [3.11] gh-106242: Fix path truncation in os.path.normpath (GH-106816) (#107982)Steve Dower2023-08-151-1/+2
| | | Co-authored-by: Finn Womack <flan313@gmail.com>
* [3.11] gh-107226: PyModule_AddObjectRef() should only be in the limited API ↵Miss Islington (bot)2023-07-251-0/+2
| | | | | | | 3.10 (GH-107227) (GH-107261) (cherry picked from commit 698b01513550798886add5e06a1c3f9a89d7dfc6) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.11] gh-86493: Fix possible leaks in some modules initialization ↵Serhiy Storchaka2023-07-191-0/+1
| | | | | | | | | (GH-106768) (GH-106855) (GH-106863) [3.11] [3.12] gh-86493: Fix possible leaks in some modules initialization (GH-106768) (GH-106855) Fix _ssl, _stat, _testinternalcapi, _threadmodule, cmath, math, posix, time. (cherry picked from commit 3e65baee72131b49f4ce8ca2da568a6f2001ce93). (cherry picked from commit a423ddbdeada8a2fd8657453b9e9f58ba0dd921d)
* Post 3.11.4Pablo Galindo2023-06-071-1/+1
|
* Python 3.11.4v3.11.4Pablo Galindo2023-06-061-2/+2
|
* [3.11] gh-96670: Raise SyntaxError when parsing NULL bytes (GH-97594) (#104195)Lysandros Nikolaou2023-05-071-0/+1
|
* [3.11] gh-104018: remove unused format "z" handling in string formatfloat() ↵Miss Islington (bot)2023-05-071-2/+0
| | | | | | | | | | (GH-104107) (#104260) gh-104018: remove unused format "z" handling in string formatfloat() (GH-104107) This is a cleanup overlooked in PR GH-104033. (cherry picked from commit 69621d1b09c996e43a1e13d2fa4c317d3dd4d738) Co-authored-by: John Belmonte <john@neggie.net>
* gh-99069: Consolidate checks for static_assert (GH-94766)Miss Islington (bot)2023-04-051-13/+16
| | | | | | | | | | | | | | | | | | | | | | | Several platforms don't define the static_assert macro despite having compiler support for the _Static_assert keyword. The macro needs to be defined since it is used unconditionally in the Python code. So it should always be safe to define it if undefined and not in C++11 (or later) mode. Hence, remove the checks for particular platforms or libc versions, and just define static_assert anytime it needs to be defined but isn't. That way, all platforms that need the fix will get it, regardless of whether someone specifically thought of them. Also document that certain macOS versions are among the platforms that need this. The C2x draft (currently expected to become C23) makes static_assert a keyword to match C++. So only define the macro for up to C17. (cherry picked from commit 96e1901a59ed3bb6188743d60395666969a3ba42) Co-authored-by: Joshua Root <jmr@macports.org> Co-authored-by: Victor Stinner <vstinner@python.org>
* Post 3.11.3Pablo Galindo2023-04-051-1/+1
|
* Python 3.11.3v3.11.3Pablo Galindo2023-04-041-2/+2
|
* Post 3.11.2Pablo Galindo2023-02-081-1/+1
|
* Python 3.11.2v3.11.2Pablo Galindo2023-02-071-2/+2
|
* [3.11] gh-101037: Fix potential memory underallocation for zeros of int ↵Miss Islington (bot)2023-01-211-0/+3
| | | | | | | | | | | | | | subtypes (GH-101038) (#101219) gh-101037: Fix potential memory underallocation for zeros of int subtypes (GH-101038) This PR fixes object allocation in long_subtype_new to ensure that there's at least one digit in all cases, and makes sure that the value of that digit is copied over from the source long. Needs backport to 3.11, but not any further: the change to require at least one digit was only introduced for Python 3.11. Fixes GH-101037. (cherry picked from commit 401fdf9c851eb61229250ebffa942adca99b36d1) Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
* [3.11] gh-99110: Initialize frame->previous in init_frame to fix ↵Bill Fisher2022-12-241-1/+4
| | | | | | | segmentation fault (GH-100182) (#100478) (cherry picked from commit 88d565f32a709140664444c6dea20ecd35a10e94) Co-authored-by: Bill Fisher <william.w.fisher@gmail.com>
* Post 3.11.1Pablo Galindo2022-12-061-1/+1
|
* Python 3.11.1v3.11.1Pablo Galindo2022-12-061-2/+2
|
* [3.11] Revert "[3.11] gh-98724: Fix Py_CLEAR() macro side effects (#99100)" ↵Victor Stinner2022-11-212-36/+27
| | | | | | | (#99573) Revert "gh-98724: Fix Py_CLEAR() macro side effects (#99100) (#99288)" This reverts commit 108289085719db8b227d65ce945e806f91be8f80.
* gh-98724: Fix Py_CLEAR() macro side effects (#99100) (#99288)Victor Stinner2022-11-092-27/+36
| | | | | | | | | The Py_CLEAR(), Py_SETREF() and Py_XSETREF() macros now only evaluate their argument once. If an argument has side effects, these side effects are no longer duplicated. Add test_py_clear() and test_py_setref() unit tests to _testcapi. (cherry picked from commit c03e05c2e72f3ea5e797389e7d1042eef85ad37a)
* [3.11] Fix v3.11.0 release merge problems (GH-98622)Pablo Galindo Salgado2022-10-241-1/+1
| | | | | When merging the v3.11.0 tag into 3.11, some files were incorrectly updated and some others were not properly deleted. Automerge-Triggered-By: GH:pablogsal
* Merge tag 'v3.11.0' into 3.11Pablo Galindo2022-10-241-2/+2
|\ | | | | | | Python 3.11.0
| * Python 3.11.0v3.11.0Pablo Galindo2022-10-241-3/+3
| |
| * Post 3.11.0rc2Pablo Galindo2022-10-221-1/+1
| |
* | gh-96959: Update HTTP links which are redirected to HTTPS (GH-96961)Miss Islington (bot)2022-09-251-2/+2
| | | | | | | | | | (cherry picked from commit db39050396a104c73d0da473a2f00a62f9dfdfaa) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* | Post 3.11.0rc2Pablo Galindo2022-09-121-1/+1
|/
* Python 3.11.0rc2v3.11.0rc2Pablo Galindo2022-09-111-2/+2
|
generated by cgit v0.12 at 2026-03-23 17:52:06 (GMT)