| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#108406)
* In preauth tests of test_ssl, explicitly break reference cycles
invoving SingleConnectionTestServerThread to make sure that the
thread is deleted. Otherwise, the test marks the environment as
altered because the threading module sees a "dangling thread"
(SingleConnectionTestServerThread). This test leak was introduced
by the test added for the fix of issue gh-108310.
* Use support.SHORT_TIMEOUT instead of hardcoded 1.0 or 2.0 seconds
timeout.
* SingleConnectionTestServerThread.run() catchs TimeoutError
* Fix a race condition (missing synchronization) in
test_preauth_data_to_tls_client(): the server now waits until the
client connect() completed in call_after_accept().
* test_https_client_non_tls_response_ignored() calls server.join()
explicitly.
* Replace "localhost" with server.listener.getsockname()[0].
(cherry picked from commit 592bacb6fc0833336c0453e818e9b95016e9fd47)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-99613) (GH-107224) (#107230)
Previously *consumed was not set in this case.
(cherry picked from commit b8b3e6afc0a48c3cbb7c36d2f73e332edcd6058c)
(cherry picked from commit f08e52ccb027f6f703302b8c1a82db9fd3934270)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
flaw (#108318)
gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw
Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
|
| |
|
|
| |
(#108210)
|
| |
|
|
|
|
|
|
|
|
| |
ASAN is enabled (GH-104667) (#104669)
gh-104472: Skip `test_subprocess.ProcessTestCase.test_empty_env` if ASAN is enabled (GH-104667)
Skip test_subprocess.ProcessTestCase.test_empty_env if ASAN is enabled.
(cherry picked from commit c3f43bfb4bec39ff8f2c36d861a3c3a243bcb3af)
Co-authored-by: chgnrdv <52372310+chgnrdv@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`urlsplit` (GH-102508) (GH-104575) (#104592)
gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508)
`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595.
This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329).
I simplified the docs by eliding the state of the world explanatory
paragraph in this security release only backport. (people will see
that in the mainline /3/ docs)
---------
(cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10)
(cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941)
Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-102953) (GH-104128)
- Backport b52ad18a766700be14382ba222033b2d75a33521
- Backport c8c3956d905e019101038b018129a4c90c9c9b8f
- Remove the DeprecationWarning
- Adjust docs
- Remove new `__all__` entries
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-104096) (#104330)
gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096)
* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.
---------
(cherry picked from commit 0aeda297931820436a50b78f4f7f0597274b5df4)
[Google]
Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SimpleHTTPRequestHandler (GH-104067) (#104119)
gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067)
Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure)
---------
(cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a)
Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
| |
(cherry picked from commit 32937d6aa414ec7db5c63ef277f21db1880b3af4)
Co-authored-by: Charlie Zhao <zhaoyu_hit@qq.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
macOS (GH-99768) (#99817)
On macOS all file descriptors for a particular file in /dev/fd
share the same file offset, that is ``open("/dev/fd/9", "r")`` behaves
more like ``dup(9)`` than a regular open.
This causes problems when a user tries to run "/dev/fd/9" as a script
because zipimport changes the file offset to try to read a zipfile
directory. Therefore change zipimport to reset the file offset after
trying to read the zipfile directory.
(cherry picked from commit d08fb257698e3475d6f69bb808211d39e344e5b2)
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
* Regen zipimport
---------
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
| |
|
|
|
|
|
|
|
|
| |
Previously, any data _after_ the zip64 extra would be removed.
With many new tests.
Fixes GH-88233
(cherry picked from commit 59e86caca812fc993c5eb7dc8ccd1508ffccba86)
Co-authored-by: Tim Hatch <tim@timhatch.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GH-25309 enabled SSL_OP_IGNORE_UNEXPECTED_EOF by default, with a comment
that it restores OpenSSL 1.1.1 behavior, but this wasn't quite right.
That option causes OpenSSL to treat transport EOF as the same as
close_notify (i.e. SSL_ERROR_ZERO_RETURN), whereas Python actually has
distinct SSLEOFError and SSLZeroReturnError exceptions. (The latter is
usually mapped to a zero return from read.) In OpenSSL 1.1.1, the ssl
module would raise them for transport EOF and close_notify,
respectively. In OpenSSL 3.0, both act like close_notify.
Fix this by, instead, just detecting SSL_R_UNEXPECTED_EOF_WHILE_READING
and mapping that to the other exception type.
There doesn't seem to have been any unit test of this error, so fill in
the missing one. This had to be done with the BIO path because it's
actually slightly tricky to simulate a transport EOF with Python's fd
based APIs. (If you instruct the server to close the socket, it gets
confused, probably because the server's SSL object is still referencing
the now dead fd?)
(cherry picked from commit 420bbb783b43216cc897dc8914851899db37a31d)
Co-authored-by: David Benjamin <davidben@google.com>
|
| |
|
|
|
| |
(cherry picked from commit ded9a7fc194a1d5c0e38f475a45f8f77dbe9c6bc)
Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com>
|
| |
|
|
|
|
|
|
| |
(GH-96932) (#102919)
gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers (GH-96932)
(cherry picked from commit af9c34f6ef8dceb21871206eb3e4d350f6e3d3dc)
Co-authored-by: Benjamin Fogle <benfogle@gmail.com>
|
| |
|
|
| |
non-dataclass (#102948) (#102954)
|
| |
|
|
|
|
|
| |
`_collections_abc._CallableGenericAlias` (GH-102790)
This is a manual backport of https://github.com/python/cpython/pull/102722 but without `typing.py` changes and without `TypeVarTuple` case, because it was added in 3.11
Automerge-Triggered-By: GH:AlexWaygood
|
| |
|
|
|
|
|
|
| |
Fix an issue of concurrent.futures ProcessPoolExecutor shutdown hanging.
(cherry picked from commit 2dc94634b50f0e5e207787e5ac1d56c68b22c3ae)
Co-authored-by: yonatanp <yonatan.perry@gmail.com>
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
|
| |
|
|
|
|
|
|
|
| |
---------
(cherry picked from commit 5e0865f22eed9f3f3f0e912c4ada196effbd8ce0)
Co-authored-by: Andre Hora <andrehora@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
|
|
| |
longlist (#101674) (#102633)
GH-101673: Fix pdb bug where local variable changes are lost after longlist (#101674)
(cherry picked from commit 5d677c556f03a34d1c2d86e4cc96025870c20c12)
Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 9a8b66b58c74236959a01d579e2c156d9c2e7cb3)
Co-authored-by: 谭九鼎 <109224573@qq.com>
|
| |
|
|
|
|
|
|
| |
It is possible but unlikely for the `python_tzpath_context` function to fail between the start of the `try` block and the point where `os.environ.get` succeeds, in which case `old_env` will be undefined. In this case, we want to take no action.
Practically speaking this will really only happen in an error condition anyway, so it doesn't really matter, but we should probably do it right anyway.
(cherry picked from commit 64bde502cf89963bc7382b03ea9e1c0967d22e35)
Co-authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
`isinstance()` checks on `typing.runtime_checkable` protocols (GH-102449)
(cherry picked from commit 5ffdaf748d98da6065158534720f1996a45a0072)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
Co-authored-by: Carl Meyer <carl@oddbird.net>
|
| |
|
|
|
|
|
|
|
| |
(GH-102399) (#102527)
GH-102397: Fix segfault from race condition in signal handling (GH-102399)
(cherry picked from commit 1a84cc007e207f2dd61f86a7fc3d86632fdce72f)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
| |
(#102445) (#102452)
(cherry picked from commit 96e1022)
|
| |
|
|
|
|
| |
(cherry picked from commit 32220543e2db36c6146ff2704ed1714a6adecc1b)
Co-authored-by: Partha P. Mukherjee <ppm.floss@gmail.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
| |
As part of investigation issue https://github.com/python/cpython/issues/102433, I discovered what I believe to be an error where two classes `CI` and `DI` are not being used. The assertions beneath them act on `C` and `D`, duplicating existing assertions in this test.
(cherry picked from commit 7894bbe94ba319eb650f383cb5196424c77b2cfd)
Co-authored-by: JosephSBoyle <48555120+JosephSBoyle@users.noreply.github.com>
Automerge-Triggered-By: GH:AlexWaygood
|
| |
|
|
|
|
|
| |
add_argument() were dropped (GH-102318)
(cherry picked from commit 9a478be1a4314734c697dda7a7b0e633a6fb0751)
Co-authored-by: Yeojin Kim <yeojin.dev@gmail.com>
|
| |
|
|
|
|
| |
Add thrashcan macros to the deallocator of the filter objects to protect against deeply nested destruction of chains of nested filters.
(cherry picked from commit 66aa78cbe604a7c5731f074b869f92174a8e3b64)
Co-authored-by: Marta Gómez Macías <mgmacias@google.com>
|
| |
|
|
|
|
|
|
|
| |
(#102419)
* gh-102179: Fix `os.dup2` error reporting for negative fds (GH-102180)
(cherry picked from commit c2bd55d26f8eb2850eb9f9026b5d7f0ed1420b65)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
the iterator (GH-101896) (#102422)
gh-101892: Fix `SystemError` when a callable iterator call exhausts the iterator (#101896)
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
(cherry picked from commit 705487c6557c3d8866622b4d32528bf7fc2e4204)
Co-authored-by: Raj <51259329+workingpayload@users.noreply.github.com>
|
| |
|
|
|
|
| |
Add tests for conversion from bool to complex.
(cherry picked from commit 41970436373f4be813fe8f5a07b6da04d5f4c80e)
Co-authored-by: Eclips4 <80244920+Eclips4@users.noreply.github.com>
|
| |
|
|
|
|
| |
when internal access of `builtins.__dict__` exhausts the iterator (GH-101769) (#102229)
(cherry picked from commit 54dfa14c5a94b893b67a4d9e9e403ff538ce9023)
|
| |
|
|
|
|
|
|
| |
(gh-102230)
gh-95675: fix uid and gid at test_add_dir_getmember (gh-102207)
(cherry picked from commit 56e93c8020e89e1712aa238574bca2076a225028)
Co-authored-by: Seonkyo Ok <seonkyo.ok@linecorp.com>
|
| |
|
|
|
|
|
|
| |
---------
(cherry picked from commit 9f3ecd1aa3566947648a053bd9716ed67dd9a718)
Co-authored-by: Eclips4 <80244920+Eclips4@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
|
| |
io.BytesIO (gh-102100) (#102118)
gh-101936: Update the default value of fp from io.StringIO to io.BytesIO (gh-102100)
(cherry picked from commit 0d4c7fcd4f078708a5ac6499af378ce5ee8eb211)
Co-authored-by: Long Vo <long.vo@linecorp.com>
|
| |
|
|
|
|
| |
gh-95672 fix typo SkitTest to SkipTest (gh-102119)
(cherry picked from commit d5c7954d0c3ff874d2d27d33dcc207bb7356f328)
Co-authored-by: HyunKyun Moon <hyunkyun.moon@linecorp.com>
|
| |
|
|
|
|
|
|
| |
for the binary mode (gh-102068) (#102099)
gh-101961 fileinput.hookcompressed should not set the encoding value for the binary mode (gh-102068)
(cherry picked from commit 6f25657b83d7a680a97849490f6e973b3a695e1a)
Co-authored-by: Gihwan Kim <gihwan.kim@linecorp.com>
|
| |
|
|
|
|
|
| |
(cherry picked from commit 36854bbb240e417c0df6f0014924fcc899388186)
Includes the bugfix only.
Automerge-Triggered-By: GH:jaraco
|
| |
|
|
|
| |
(cherry picked from commit 366b94905869d680b3f1d4801fb497e78811e511)
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
(GH-100934) (#101687)
Items checked by this test are always `str` and `dict` instances.
(cherry picked from commit eb49d32b9af0b3b01a5588626179187f11d145c9)
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
|
| |
|
|
|
|
|
|
| |
That causes the test to fail when run using a high UID as that ancient format
cannot represent it. The current default (PAX) and the old default (GNU) both
support high UIDs.
(cherry picked from commit ffcb8220d7a8c8ca169b467d9e4a752874f68af2)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
| |
(gh-101448)
|
| |
|
|
|
| |
(cherry picked from commit 28db978d7f134edf6c86f21c42e15003511e7e9b)
Co-authored-by: Eclips4 <80244920+Eclips4@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-96194) (#99456)
gh-96192: fix os.ismount() to use a path that is str or bytes (GH-96194)
(cherry picked from commit 367f552129341796d75fc4cc40edb49405235a2b)
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
Co-authored-by: Christoph Anton Mitterer <calestyo@scientia.org>
Co-authored-by: Eryk Sun <eryksun@gmail.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
positional (GH-101179) (GH-101182)
The zipfile.Path open() and read_text() encoding parameter can be supplied as a positional argument without causing a TypeError again. 3.10.0b1 included a regression that made it keyword only.
Documentation update included as users writing code to be compatible with a wide range of versions will need to consider this for some time..
(cherry picked from commit 5927013e47a8c63b70e104152351f3447baa819c)
(cherry picked from commit efe3a389cabd7295e6e0938767cdc4055c871e3c)
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
Automerge-Triggered-By: GH:gpshead
|
| |
|
|
|
| |
(cherry picked from commit 94fc7706b7bc3d57cdd6d15bf8e8c4499ae53a69)
Co-authored-by: Raymond Hettinger <rhettinger@users.noreply.github.com>
|
| |
|
|
|
|
| |
(Windows) (GH-100959) (#101020)
(cherry picked from commit 1bc7a736837272b15ad3a7aa472977bc720d1033)
|
| |
|
|
|
|
|
|
|
| |
asyncio.get_event_loop() (GH-100412) (GH-100970)
Some deprecation warnings will reappear (in a slightly different form) in 3.12.
Co-authored-by: Guido van Rossum <guido@python.org>.
(cherry picked from commit 1b2459dc64b1c3eea89312ea9bf422f8d7c75bb2)
|
| |
|
|
|
|
|
|
|
| |
(GH-100978)
(cherry picked from commit 8795ad1bd0d6ee031543fcaf5a86a60b37950714)
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
Automerge-Triggered-By: GH:AlexWaygood
|
