| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Note: macOS 11 is not yet released, this release of Python is not
fully supported on 11.0, and not all tests pass.
|
| |
|
|
|
|
|
|
| |
(GH-7467) (GH-21878)
(cherry picked from commit 52698c7ad9eae9feb35839fde17a7d1da8036a9b)
Co-authored-by: Yury Selivanov <yury@magic.io>
|
| |
|
|
|
|
| |
reject control chars in http method in http.client.putrequest to prevent http header injection
(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e)
Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4)
Co-authored-by: Rishi <rishi_devan@mail.com>
|
| |
|
|
|
|
| |
Automerge-Triggered-By: @tiran
(cherry picked from commit 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-21033) (GH-21231)
CVE-2020-14422
The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation
(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
Signed-off-by: Tapas Kundu <tkundu@vmware.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: @tiran.
(cherry picked from commit bb6ec14479f18c32e71e43f2785f177aa17aabbd)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
| |
Co-authored-by: Xavier Fernandez <xav.fernandez@gmail.com>
(cherry picked from commit e63cc2f64668bd1d4581f8efa7089af7e08863b8)
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ensurepip optionally installs or upgrades 'pip' and 'setuptools' using
the version of those modules bundled with Python. The internal PIP
installation routine by default temporarily uses its cache, if it
exists. This is undesirable as Python builds and installations may be
independent of the user running the build, whilst PIP cache location
is dependent on the user's environment and outside of the build
environment.
At the same time, there's no value in using the cache while installing
bundled modules.
This change disables PIP caching when used in ensurepip.
(cherry picked from commit 4a3a682b12f93a03888e8b59f439bc5fe30d6055)
Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-20892)
In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.
Also added a test case for this problem.
(cherry picked from commit d8cf3514dd4682419a66f6e834bb384ee34afc95)
Co-authored-by: roger <rogerduran@gmail.com>
Automerge-Triggered-By: @ned-deily
|
| |
|
|
|
|
| |
Remote host cyrus.andrew.cmu.edu is blocking incoming connections and is
causing test suite to fail.
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
| |
require `_generate_next_value_` to be defined before members
(cherry picked from commit d9a43e20facdf4ad10186f820601c6580e1baa80)
|
| | |
|
| |
|
|
|
| |
precisions (GH-20748)
This reverts commit c6f95543b4832c3f0170179da39bcf99b40a7aa8.
|
| |
|
|
|
|
| |
A tiny sliver of a 3.9 PEG parser patch needed to backport the test added by GH-20486.
(cherry picked from commit a5d6aba318ead9cc756ba750a70da41f5def3f8f)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
encoded-words. (gh-17620)
* bpo-39040: Fix parsing of email headers with encoded-words inside a quoted string.
It is fairly common to find malformed mime headers (especially content-disposition
headers) where the parameter values, instead of being encoded to RFC
standards, are "encoded" by doing RFC 2047 "encoded word" encoding, and
then enclosing the whole thing in quotes. The processing of these malformed
headers was incorrectly leaving the spaces between encoded words in the decoded
text (whitespace between adjacent encoded words is supposed to be stripped on
decoding). This changeset fixes the encoded word processing inside quoted strings
(bare-quoted-string) to do correct RFC 2047 decoding by stripping that
whitespace.
(cherry picked from commit 21017ed904f734be9f195ae1274eb81426a9e776)
Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
|
| |
|
|
|
|
| |
Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
(cherry picked from commit 614f17211c5fc0e5b828be1d3320661d1038fe8f)
Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-20419)
struct.error is now raised if there is a null character in a struct
format string.
(cherry picked from commit 3f59b55316f4c6ab451997902579aa69020b537c)
(cherry picked from commit 5ff5edfef63b3dbc1abb004b3fa4b3db87e79ff9)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
|
|
| |
ast_unparse.c (GH-20156). (GH-20192)
(cherry picked from commit 2135e10dc717c00d10d899d232bebfc59bb25032)
Co-authored-by: Batuhan Taskaya <batuhanosmantaskaya@gmail.com>
|
| |
|
|
|
|
| |
test_gdb and test.pythoninfo now check gdb command exit code.
(cherry picked from commit ec9bea4a3766bd815148a27f61eb24e7dd459ac7)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-37421: multiprocessing tests call _run_finalizers() (GH-14527)
multiprocessing tests now call explicitly _run_finalizers() to remove
immediately temporary directories created by
multiprocessing.util.get_temp_dir().
(cherry picked from commit 039fb49c185570ab7b02f13fbdc51c859cfd831e)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
(cherry picked from commit 632cb36084dc9d13f1cdb31a0e7e3ba80745a51a)
* bpo-37421: multiprocessing tests now stop ForkServer (GH-14601)
multiprocessing tests now stop the ForkServer instance if it's
running: close the "alive" file descriptor to ask the server to stop
and then remove its UNIX address.
(cherry picked from commit 8fbeb14312b4c1320d31ad86e69749515879d1c3)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
(cherry picked from commit 229f6e85f8b4d57a2e742e0d3fc361c5bd15f1cb)
* bpo-38546: multiprocessing tests stop the resource tracker (GH-17641) (GH-17647)
Multiprocessing and concurrent.futures tests now stop the resource
tracker process when tests complete.
Add ResourceTracker._stop() method to
multiprocessing.resource_tracker.
Add _cleanup_tests() helper function to multiprocessing.util: share
code between multiprocessing and concurrent.futures tests.
(cherry picked from commit 9707e8e22d80ca97bf7a9812816701cecde6d226)
(cherry picked from commit 35acb3597208e10a101140474adec86859d57f61)
* Remove NEWS about resource tracker
Python 3.7 multiprocessing does not have resource tracker.
Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
bpo-32759, bpo-39932: Fix multiprocessing test_heap():
a new Heap object is now created for each test run.
Partial backport of commit e4679cd644aa19f9d9df9beb1326625cf2b02c15
by Antoine Pitrou.
|
| |
|
|
|
|
|
|
|
|
| |
It is possible to use either '-isysroot /some/path' (with a space) or
'-isysroot/some/path' (no space in between). Support both forms in
places where special handling of -isysroot is done, rather than just
the first form.
Co-authored-by: Ned Deily <nad@python.org>
(cherry picked from commit b310700976524b4b99ee319c947ca40468716fc9)
Co-authored-by: Joshua Root <jmr@macports.org>
|
| |
|
|
|
|
|
|
| |
Fix the Windows implementation of os.waitpid() for exit code
larger than "INT_MAX >> 8". The exit status is now interpreted as an
unsigned number.
(cherry picked from commit b07350901cac9197aef41855d8a4d56533636b91)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
| |
https://bugs.python.org/issue39942
(cherry picked from commit a25a04fea5446b1712cde0cff556574be139285a)
Co-authored-by: HongWeipeng <hongweichen8888@sina.com>
|
| |
|
|
|
|
|
| |
(GH-19584)
Co-authored-by: Ammar Askar <ammar@ammaraskar.com>
(cherry picked from commit 12446e6a605f066d837d3a595d0a73e4f3b43b65)
|
| |
|
|
|
|
| |
It has not returned the file position after the seek.
(cherry picked from commit 485e715cb1ff92bc9882cd51ec32589f9cb30503)
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
|
| |
|
|
|
|
| |
(cherry picked from commit 5565c30f0b25996a0e73477fc0e1e1aced52b926)
Co-authored-by: Batuhan Taşkaya <batuhanosmantaskaya@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-36670: regrtest bug fixes (GH-16537)
* Fix TestWorkerProcess.__repr__(): start_time is only valid
if _popen is not None.
* Fix _kill(): don't set _killed to True if _popen is None.
* _run_process(): only set _killed to False after calling
run_test_in_subprocess().
(cherry picked from commit 2ea71a07d0a720707094ee55f78fd232c40724bc)
* [3.8] Update libregrtest from master (GH-19516)
* bpo-37531: regrtest now catchs ProcessLookupError (GH-16827)
Fix a warning on a race condition on TestWorkerProcess.kill(): ignore
silently ProcessLookupError rather than logging an useless warning.
(cherry picked from commit a661392f8fb5ac4fc095aa1845d1eb7a25c4e9be)
* bpo-38502: regrtest uses process groups if available (GH-16829)
test.regrtest now uses process groups in the multiprocessing mode
(-jN command line option) if process groups are available: if
os.setsid() and os.killpg() functions are available.
(cherry picked from commit ecb035cd14c11521276343397151929a94018a22)
* bpo-37957: Allow regrtest to receive a file with test (and subtests) to ignore (GH-16989)
When building Python in some uncommon platforms there are some known tests that will fail. Right now, the test suite has the ability to ignore entire tests using the -x option and to receive a filter file using the --matchfile filter. The problem with the --matchfile option is that it receives a file with patterns to accept and when you want to ignore a couple of tests and subtests, is too cumbersome to lists ALL tests that are not the ones that you want to accept and he problem with -x is that is not easy to ignore just a subtests that fail and the whole test needs to be ignored.
For these reasons, add a new option to allow to ignore a list of test and subtests for these situations.
(cherry picked from commit e0cd8aa70a3ce19c3d3712568940aa0cbd9aa97b)
* regrtest: log timeout at startup (GH-19514)
Reduce also worker timeout.
(cherry picked from commit 4cf65a630a8d45bad3fe5cdc4c2632ec64e7ba27)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
(cherry picked from commit 67b8a1f0f0f78ec38b8626fa9f5b2f5a55c17e15)
* bpo-36842: Fix reference leak in tests by running out-of-proc (GH-13556)
(cherry picked from commit 9ddc416e9f6635376312c3615193f19480ac772a)
* Backport libregrtest changes from master
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 96515e9f6785328c52ebc5d4ce60e0087a9adc2d)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
| |
_elementtree.XMLParser object (GH-3997) (GH-19487)
(cherry picked from commit 402e1cdb132f384e4dcde7a3d7ec7ea1fc7ab527)
|
| |
|
|
|
|
|
| |
variables (GH-19391)
(cherry picked from commit 799d7d61a91eb0ad3256ef9a45a90029cef93b7c)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-19316) (GH-19318)
test_builtin.PtyTests now registers an handler for SIGHUP signal.
Closing the PTY file descriptor can emit a SIGHUP signal: just ignore
it.
run_child() now also closes the PTY file descriptor before waiting
for the process completition, otherwise the test hangs on AIX.
(cherry picked from commit 7a51a7e19f0143f75f8fc9ff68f93ed40937aec6)
(cherry picked from commit 745bd91bab8e57c52d63a2d541465551d7551f78)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The AbstractBasicAuthHandler class of the urllib.request module uses
an inefficient regular expression which can be exploited by an
attacker to cause a denial of service. Fix the regex to prevent the
catastrophic backtracking. Vulnerability reported by Ben Caller
and Matt Schwager.
AbstractBasicAuthHandler of urllib.request now parses all
WWW-Authenticate HTTP headers and accepts multiple challenges per
header: use the realm of the first Basic challenge.
Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
|
| |
|
|
|
|
|
|
|
|
| |
Running `test_socket` or anything that depends on it (like python -m
test.pythoninfo) crashes if IOCTL_VM_SOCKETS_GET_LOCAL_CID does not
exist in the socket module.
Automerge-Triggered-By: @pablogsal
(cherry picked from commit 6eb9619c88612565b424be14196a8adae6d51978)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
| |
test_gdb now skips tests if it detects that gdb failed to read debug
information because the Python binary is optimized.
(cherry picked from commit 7bf069b6110278102c8f4719975a5eb5a5af25f9)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
| |
whose loader has a get_data method (GH-17385)
This pull request fixes the newline conversion bug originally reported in bpo-1812. When that issue was originally submitted, the open builtin did not default to universal newline mode; now it does, which makes the issue fix simpler, since the only code path that needs to be changed is the one in doctest._load_testfile where the file is loaded from a package whose loader has a get_data method.
(cherry picked from commit e0b8101492f6c61dee831425b4d3dae39a953599)
Co-authored-by: Peter Donis <peterdonis@alum.mit.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-9516) (GH-19111)
* bpo-22490: Remove "__PYVENV_LAUNCHER__" from the shell environment on macOS
This changeset removes the environment varialbe "__PYVENV_LAUNCHER__"
during interpreter launch as it is only needed to communicate between
the stub executable in framework installs and the actual interpreter.
Leaving the environment variable present may lead to misbehaviour when
launching other scripts.
* Actually commit the changes for issue 22490...
* Correct typo
Co-Authored-By: Nicola Soranzo <nicola.soranzo@gmail.com>
* Run make patchcheck
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Co-authored-by: Nicola Soranzo <nicola.soranzo@gmail.com>.
(cherry picked from commit 044cf94f610e831464a69a8e713dad89878824ce)
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-19060) (GH-19090)
test_site.test_startup_imports() is now skipped if a path of sys.path
contains a .pth file.
Sort test_site imports.
(cherry picked from commit ba26bf30940f4347fedcf8ebc374c6e2dc375afa)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
| |
Add host validation for control characters for more CVE-2019-18348 protection.
(cherry picked from commit 9165addc22d05e776a54319a8531ebd0b2fe01ef)
Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-18806) (GH-18990)
In math_2(), the first PyFloat_AsDouble() call should be checked
for failure before the second call.
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>.
(cherry picked from commit 5208b4b37953a406db0ed6a9db545c2948dde989)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
|
| |
- When casting to _Bool, arrays should only contain zeros or ones.
(cherry picked from commit 1ae9cde4b2323235b5f9ff4bc76e4175a2257172)
Co-authored-by: Stefan Krah <skrah@bytereef.org>
|
| |
|
|
|
|
| |
is called with invalid base. (GH-18863). (GH-18955)
(cherry picked from commit e5ccc94bbb153431698b2391df625e8d47a93276)
|
| |
|
|
|
| |
(cherry picked from commit 185903de12de8837bf0dc0008a16e5e56c66a019)
Co-authored-by: Batuhan Taşkaya <47358913+isidentical@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(cherry picked from commit 700cb587303461d5a96456c56902cfdd8ad50e2d)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
Automerge-Triggered-By: @vstinner
|
| |
|
|
|
| |
(GH-18866) (GH-18877)
(cherry picked from commit 6012f30beff7fa8396718dfb198ccafc333c565b)
|
| |
|
|
|
|
|
|
| |
insufficient permissions (GH-18815)
Co-authored-by: Matt Wozniski <mwozniski@bloomberg.net>
(cherry picked from commit eb7560a73d46800e4ade4a8869139b48e6c92811)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
| |
(cherry picked from commit c4928fc1a853f3f84e2b4ec1253d0349137745e5)
(cherry picked from commit 92b72788ecf2ee5dfac780c7dfb5ee5350fc641d)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* bpo-39389: gzip: fix compression level metadata (GH-18077)
As described in RFC 1952, section 2.3.1, the XFL (eXtra FLags) byte of a
gzip member header should indicate whether the DEFLATE algorithm was
tuned for speed or compression ratio. Prior to this patch, archives
emitted by the `gzip` module always indicated maximum compression.
(cherry picked from commit eab3b3f1c60afecfb4db3c3619109684cb04bd60)
Co-authored-by: William Chargin <wchargin@gmail.com>
|
