| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
(GH-25554) (GH-25556)
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit b9ad88be0304136c3fe5959c65a5d2c75490cd80)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
Also replace if-then and and-or with conditional expressions.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit 702a0885ba3636959d4c176797814937c497b986)
Co-authored-by: E-Paine <63801254+E-Paine@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
invalid filename (GH-25529)
(cherry picked from commit 4696f1285d83dd7b69f459c63e14080b1f87f797)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
sys.getwindowsversion() (GH-25500)
The sys module uses the kernel32.dll version number, which can vary from the "actual" Windows version.
Since the best option for getting the version is WMI (which is expensive), we switch back to launching cmd.exe (which is also expensive, but a lot less code on our part).
sys.getwindowsversion() is not updated to avoid launching executables from that module.
(cherry picked from commit 2a3f4899c63806439e5bcea0c30f7e6a6295a763)
Co-authored-by: Shreyan Avigyan <shreyan.avigyan@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 76beadb8ff86eb2bb248bf918bfb20c4069932f4)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
(GH-25452)
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.
(cherry picked from commit 330b49e397168df789fd0dd20cfe7e81b8e47258)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#25345)
* coerce bytes separator to string
* Add news
* Update Misc/NEWS.d/next/Library/2021-03-11-00-31-41.bpo-42967.2PeQRw.rst
(cherry picked from commit b38601d49675d90e1ee6faa47f7adaeca992d02d)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-25437) (GH-25440)
Fix a race condition in the SMTP test of test_logging. Don't close a
file descriptor (socket) from a different thread while
asyncore.loop() is polling the file descriptor.
(cherry picked from commit 75ec103b3adbb7c619a0e22fa60f3d34c5a9e603)
(cherry picked from commit e1903e11a3d42512effe336026e0c67f602e5848)
|
| |
|
|
|
|
|
| |
released (GH-25350). (GH-25369)
(cherry picked from commit 8c14f5a787b21d5a1eae5d5ee981431d1c0e055f)
Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
|
| |
|
|
|
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 3447750073aff229b049e4ccd6217db2811dcfd1)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
| |
objects from file locations (GH-25121)
|
| |
|
|
|
|
| |
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-25308)
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 5151d642004c59cce58d669be85d9a5e987f51d3)
Co-authored-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: GH:tiran
|
| |
|
|
|
|
| |
The deprecation originally slated for 3.9 was deferred to 3.10
(bpo-39674, GH-18545) and the documentation on the 3.8 release was
updated accordingly (GH-18748). However the deprecation notice in
the code was left as is, and still indicates deprecation with 3.9.
|
| | |
|
| |
|
| |
Co-authored-by: Barney Gale <barney.gale@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
(cherry picked from commit 7215d1ae25525c92b026166f9d5cac85fb1defe1)
Co-authored-by: Yeting Li <liyt@ios.ac.cn>
|
| |
|
|
|
|
|
|
| |
When a dataclass inherits from an empty base, all immutability checks are omitted. This PR fixes this and adds tests for it.
Automerge-Triggered-By: GH:ericvsmith
(cherry picked from commit 376ffc6ac491da74920aed1b8e35bc371cb766ac)
Co-authored-by: Iurii Kemaev <6885137+hbq1@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
values (GH-20867) (GH-25201)
Co-Authored-By: Claudiu Popa <pcmanticore@gmail.com>
Automerge-Triggered-By: GH:ericvsmith
(cherry picked from commit 75220674c07abfc90c2cd7862d04cfa2e2354450)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 4e2ef7084185d2220003b4b5538e3d8190b2dcd6)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |\
| |
| |
| | |
Python 3.8.9
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
* bpo-26053: Fix args echoed by pdb run command (GH-22033)
(cherry picked from commit 652bfdee9495dca241d48278742fe035b7a82bdb)
* bpo-26053: Fix test_pdb.test_issue26053() (GH-25139)
(cherry picked from commit bd4ab8e73906a4f12d5353f567228b7c7497baf7)
(cherry picked from commit 7ad56e254519047aeb9c669b9ea2f2bf0acfd401)
Co-authored-by: Irit Katriel <iritkatriel@yahoo.com>
|
| |
|
|
|
|
| |
Skip the test if setlocale() fails.
(cherry picked from commit f3ab670fea75ebe177e3412a5ebe39263cd428e3)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
| |
1. Bad IP masquerade rules can prevent startup.
2. X cannot handle some complex colored chars.
(cherry picked from commit 1b4a9c7956d5dc64f8002f62bf0faae2d1892f90)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
| |
(cherry picked from commit 51a85ddce8b336addcb61b96f04c9c5edef07296)
Co-authored-by: Alex Prengère <2138730+alexprengere@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
sys.stderr (GH-25075)
(cherry picked from commit 09b90a037d18f5d4acdf1b14082e57bda78e85d3)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
| |
This test checks result code of the connection directly, so it never raises an exception that can be suppressed by `support.transient_internet`. Directly support skipping the test in case of unreachable network.
(cherry picked from commit 29c451c6989c3c94fa0a9facf187c24f3cbf2420)
Co-authored-by: Carl Meyer <carl@oddbird.net>
Co-authored-by: Carl Meyer <carl@oddbird.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-24906)
Python no longer fails at startup with a fatal error if a command
line argument contains an invalid Unicode character.
The Py_DecodeLocale() function now escapes byte sequences which would
be decoded as Unicode characters outside the [U+0000; U+10ffff]
range.
Use MAX_UNICODE constant in unicodeobject.c.
(cherry picked from commit 9976834f807ea63ca51bc4f89be457d734148682)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
| |
curses.update_lines_cols() is only defined when the curses library
provides either resizeterm() or resize_term() functions which are optional
and are not provided on AIX.
(cherry picked from commit c8b5738810516df5722caf049003e9b319427bec)
Co-authored-by: Michael Felt <aixtools@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
reference cycles (GH-24995) (#25071)
Before: https://lists.es.python.org/pipermail/general/attachments/20201229/0c14bc58/attachment-0002.png
After: https://lists.es.python.org/pipermail/general/attachments/20201229/0c14bc58/attachment-0003.png
(cherry picked from commit 32430aadadf6e012e39167d3c18a24e49fb84874)
Co-authored-by: Jesús Cea <jcea@jcea.es>
Co-authored-by: Jesús Cea <jcea@jcea.es>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python
modules can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
(cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-24957)
OpenSSL copies the internal message callback from SSL_CTX->msg_callback to
SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback
to use the callback value of the new context.
PySSL_set_context() now resets the callback and _PySSL_msg_callback()
resets thread state in error path.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 77cde5042a2f1eae489c11a67540afaf43cd5cdf)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level
2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow
TLS 1.0 and 1.1 on security level 2.
See:
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit f6c6b5821bff815bdc810de53992fd1fbdb2edd4)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
| |
representation of logging level. (GH-24693) (#24825)
(cherry picked from commit bbba28212ce0f58096a4043f32442c6e727b74fc)
Automerge-Triggered-By: GH:vsajip
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bpo-43285: Make ftplib not trust the PASV response.
The IPv4 address value returned from the server in response to the PASV command
should not be trusted. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the client network.
Instead of using the returned address, we use the IP address we're
already connected to. This is the strategy other ftp clients adopted,
and matches the only strategy available for the modern IPv6 EPSV command
where the server response must return a port number and nothing else.
For the rare user who _wants_ this ugly behavior, set a `trust_server_pasv_ipv4_address`
attribute on your `ftplib.FTP` instance to True..
(cherry picked from commit 0ab152c6b5d95caa2dc1a30fa96e10258b5f188e)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
| |
(cherry picked from commit b6884ad2688451dd3cbc5984b23da5840e1b6df8)
Co-authored-by: Géry Ogam <gery.ogam@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118)
* Fix auth_login logic (bpo-27820)
* Also fix a longstanding bug in the SimSMTPChannel.found_terminator() method that causes inability to test
SMTP AUTH with initial_response_ok=False.
(cherry picked from commit 7591d9455eb37525c832da3d65e1a7b3e6dbf613)
* Set timeout to 15 directly.
Co-authored-by: Pandu E POLUAN <pepoluan@gmail.com>
|
| |
|
|
|
|
|
|
| |
Check to make sure stdout and stderr are not empty before selecting an item from them in Windows subprocess._communicate.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit b4fc44bb2d209182390b4f9fdf074a46b0165a2f)
Co-authored-by: Chris Griffith <chris@cdgriffith.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix a race condition of test_stress_modifying_handlers() of
test_signal: only raise signals while we are in the
catch_unraisable_exception() context manager.
Moreover, don't check if we received at least one
signal if at least one signal got ignored.
(cherry picked from commit 1fa17e8cc62775a2e34b158135ce8589f9394f03)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
| |
(cherry picked from commit b4f9089d4aa787c5b74134c98e5f0f11d9e63095)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
| |
tries to execute a non-Python signal handler (GH-24756) (GH-24762)
We can receive signals (at the C level, in `trip_signal()` in signalmodule.c) while `signal.signal` is being called to modify the corresponding handler. Later when `PyErr_CheckSignals()` is called to handle the given signal, the handler may be a non-callable object and would raise a cryptic asynchronous exception..
(cherry picked from commit 68245b7a1030287294c65c298975ab9026543fd2)
Co-authored-by: Antoine Pitrou <antoine@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-23127) (GH-24749)
This reverts commit aca67da4fe68d5420401ac1782203d302875eb27.
(cherry picked from commit b5711c940f70af89f2b4cf081a3fcd83924f3ae7)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Automerge-Triggered-By: GH:jaraco
|
| |
|
|
|
|
|
|
| |
* Fail fast in shutil.move() to avoid creating destination directories on failure.
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
(cherry picked from commit 132131b404e06ee1a19b040a1f96cd1118abed0c)
Co-authored-by: Winson Luk <winson.luk@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 9525a18b5bb317d9fb206c992ab62aa41559b0c8)
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
|
| |
|
|
|
|
|
| |
Exit code is now 1 instead of 0. A message is printed to stderr instead of stdout. This is
the proper behaviour for a tool that can be used in scripts.
(cherry picked from commit cc3df6368d4f3f6c9c9b716876c7e7b79c7abf3f)
Co-authored-by: Ruben Vorderman <r.h.p.vorderman@lumc.nl>
|
| | |
|
| |
|
|
|
|
|
| |
Printing to IDLE's Shell is often slower than printing to a system
terminal, but it can be made faster by pre-formatting a single
string before printing.
(cherry picked from commit 2827e8a177c2a6584fada594bca6829c53a2872f)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
|
|
| |
When very large data remains in TextIOWrapper, flush() may fail forever.
So prevent that data larger than chunk_size is remained in TextIOWrapper internal
buffer.
Co-Authored-By: Eryk Sun.
(cherry picked from commit 01806d5beba3d208bb56adba6829097d803bf54f)
|
| |
|
|
|
|
|
| |
In the Running User Code section, gather together paragraphs about two
processes and the sys.stdstream replacements, preparing to add another.
(cherry picked from commit 4cf7bb8e22bf37e6d65bf4cb5618d09c4a8ad612)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
