| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
regression test. (GH-96717) (#98196)
gh-96710: Make the test timing more lenient for the int/str DoS regression test. (GH-96717)
A regression would still absolutely fail and even a flaky pass isn't
harmful as it'd fail most of the time across our N system test runs.
Windows has a low resolution timer and CI systems are prone to odd
timing so this just gives more leeway to avoid flakiness.
(cherry picked from commit 11e3548fd1d3445ccde971d613633b58d73c3016)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
| |
(GH-91993) (#98190)
gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
(cherry picked from commit b9509ba7a9c668b984dab876c7926fe1dc5aa0ba)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
| | |
|
| |
|
| |
Otherwise, buildbot builds would fail since there's no TLS 1.0/1.1 support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-97944) (#97968)
The macOS 13 SDK includes support for the `mkfifoat` and `mknodat` system calls.
Using the `dir_fd` option with either `os.mkfifo` or `os.mknod` could result in a
segfault if cpython is built with the macOS 13 SDK but run on an earlier
version of macOS. Prevent this by adding runtime support for detection of
these system calls ("weaklinking") as is done for other newer syscalls on
macOS.
(cherry picked from commit 6d0a0191a4e5477bd843e62c24d7f3bcad4fd5fc)
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
gh-96848: Fix -X int_max_str_digits option parsing (GH-96988)
Fix command line parsing: reject "-X int_max_str_digits" option with
no value (invalid) when the PYTHONINTMAXSTRDIGITS environment
variable is set to a valid limit.
(cherry picked from commit 41351662bcd21672d8ccfa62fe44d72027e6bcf8)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
gh-97616: list_resize() checks for integer overflow (GH-97617)
Fix multiplying a list by an integer (list *= int): detect the
integer overflow when the new allocated length is close to the
maximum size. Issue reported by Jordan Limor.
list_resize() now checks for integer overflow before multiplying the
new allocated length by the list item size (sizeof(PyObject*)).
(cherry picked from commit a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-95282) (GH-95323)
(cherry picked from commit 565403038b75eb64ea483b2757ba30769246d853)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
(GH-95312)
Three test cases were failing on FreeBSD with latest OpenSSL.
(cherry picked from commit 1bc86c26253befa006c0f52eebb6ed633c7d1e5c)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When binding a unix socket to an empty address on Linux, the socket is
automatically bound to an available address in the abstract namespace.
>>> s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
>>> s.bind("")
>>> s.getsockname()
b'\x0075499'
Since python 3.9, the socket is bound to the one address:
>>> s.getsockname()
b'\x00'
And trying to bind multiple sockets will fail with:
Traceback (most recent call last):
File "/home/nsoffer/src/cpython/Lib/test/test_socket.py", line 5553, in testAutobind
s2.bind("")
OSError: [Errno 98] Address already in use
Added 2 tests:
- Auto binding empty address on Linux
- Failing to bind an empty address on other platforms
Fixes f6b3a07b7df6 (bpo-44493: Add missing terminated NUL in sockaddr_un's length (GH-26866)
(cherry picked from commit c22f134211743cd5ad14cec1dd4f527bee542b4c)
Co-authored-by: Nir Soffer <nsoffer@redhat.com>
|
| |
|
|
|
|
|
| |
Co-authored-by: Carter Dodd <carter.dodd@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c8556bcf6c0b05ac46bd74880626a2853e7c99a1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-94093)
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
encoding='unicode' (GH-93426) (GH-93791)
Suppress writing an XML declaration in open files in ElementTree.write()
with encoding='unicode' and xml_declaration=None.
If file patch is passed to ElementTree.write() with encoding='unicode',
always open a new file in UTF-8.
(cherry picked from commit d7db9dc3cc5b44d0b4ce000571fecf58089a01ec)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(#93147)
Also while there, clarify a few things about why we reduce the hash to 32 bits.
Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c1f5c903a7e4ed27190488f4e33b00d3c3d952e5)
|
| | |
|
| |
|
|
|
|
|
| |
(GH-92372)
(cherry picked from commit 85354ed78c0edb6d81a2bd53cabc85e547b8b26e)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
|
| |
|
|
|
|
|
| |
(GH-17643) (GH-32256)
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-92748)
The `utc_to_seconds` call can fail, here's a minimal reproducer on
Linux:
TZ=UTC python -c "from datetime import *; datetime.fromtimestamp(253402300799 + 1)"
The old behavior still raised an error in a similar way, but only
because subsequent calculations happened to fail as well. Better to fail
fast.
This also refactors the tests to split out the `fromtimestamp` and
`utcfromtimestamp` tests, and to get us closer to the actual desired
limits of the functions. As part of this, we also changed the way we
detect platforms where the same limits don't necessarily apply (e.g.
Windows).
As part of refactoring the tests to hit this condition explicitly (even
though the user-facing behvior doesn't change in any way we plan to
guarantee), I noticed that there was a difference in the places that
`datetime.utcfromtimestamp` fails in the C and pure Python versions, which
was fixed by skipping the "probe for fold" logic for UTC specifically —
since UTC doesn't have any folds or gaps, we were never going to find a
fold value anyway. This should prevent some failures in the pure python
`utcfromtimestamp` method on timestamps close to 0001-01-01.
There are two separate news entries for this because one is a
potentially user-facing change, the other is an internal code
correctness change that, if anything, changes some error messages. The
two happen to be coupled because of the test refactoring, but they are
probably best thought of as independent changes.
Fixes GH-91581
(cherry picked from commit 83c0247d47b99f4571e35ea95361436e1d2a61cd)
Co-authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
threading.Condition.notify (GH-92534) (GH-92831)
If Condition.notify() was interrupted just after it released the waiter lock,
but before removing it from the queue, the following calls of notify() failed
with RuntimeError: cannot release un-acquired lock.
(cherry picked from commit 70af994fee7c0850ae859727d9468a5f29375a38)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit b69297ea23c0ab9866ae8bd26a347a9b5df567a6)
Co-authored-by: 狂男风 <CrazyBoyFeng@Live.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
declaration (GH-91903) (GH-92665)
ElementTree method write() and function tostring() now use the text file's
encoding ("UTF-8" if not available) instead of locale encoding in XML
declaration when encoding="unicode" is specified.
(cherry picked from commit 707839b0fe02ba2c891a40f40e7a869d84c2c9c5)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
| |
(cherry picked from commit c56e2bb9949c95ec8911cd5554b07044a564796f)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
|
| |
|
|
|
|
| |
* [3.9] bpo-46785: Fix race condition between os.stat() and unlink on Windows (GH-31858).
(cherry picked from commit 39e6b8ae6a5b49bb23746fdcc354d148ff2d98e3)
Co-authored-by: Itai Steinherz <itaisteinherz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-91598) (GH-92497) (#92499)
Do not spawn ProcessPool workers on demand when they spawn via fork.
This avoids potential deadlocks in the child processes due to forking from
a multithreaded process..
(cherry picked from commit ebb37fc3fdcb03db4e206db017eeef7aaffbae84)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit b795376a628ae7cc354addbb926d724ebe364fec)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit 8f293180791f2836570bdfc29aadba04a538d435)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
Automerge-Triggered-By: GH:serhiy-storchaka
|
| |
|
|
|
|
|
| |
(cherry picked from commit d707d073be5ecacb7ad341a1c1716f4998907d6b)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#92278)
* [3.9] gh-80254: Disallow recursive usage of cursors in `sqlite3` converters
(cherry picked from commit c908dc5b4798c311981bd7e1f7d92fb623ee448b)
Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* Fix ref leak in pysqlite_cursor_iternext
* Explicitly free resources at test tearDown()
|
| |
|
|
|
|
|
| |
collection and explicit close (GH-31913)
(cherry picked from commit dfb1b9da8a4becaeaed3d9cffcaac41bcaf746f4)
Co-authored-by: Géry Ogam <gery.ogam@gmail.com>
|
| |
|
|
|
|
| |
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit b295a92c50b128e494f47c28f12b8e9eac2927ea)
Co-authored-by: Humbled Drugman <humbled.drugman@gmail.com>
|
| |
|
|
|
|
|
|
| |
The function fetch_server_certificate is replaced by get_server_certificate in the module. I reflected the change in the module docstrings.
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit feca9bbd1f6489f2b6d2783bfc22fdb96e45b69f)
Co-authored-by: Kossi GLOKPOR <83467320+glk0@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ipaddress.ip_{address,network,interface} helper functions (GH-30642)
`IPv*Network` and `IPv*Interface` constructors accept a 2-tuple of
(address description, netmask) as the address parameter.
When the tuple-based address is used errors are not propagated
correctly through the `ipaddress.ip_*` helper because of the %-formatting now expecting several arguments:
In [7]: ipaddress.ip_network(("192.168.100.0", "fooo"))
...
TypeError: not all arguments converted during string formatting
Compared to:
In [8]: ipaddress.IPv4Network(("192.168.100.0", "foo"))
...
NetmaskValueError: 'foo' is not a valid netmask
Use an f-string to make sure the error is always properly formatted.
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 52dc9c3066bcdc67a7a45d41cf158ecb1434d5f3)
Co-authored-by: Thomas Cellerier <thomascellerier@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 81fb3548be5a18bf40a6f4505a02cc7fb72c9c34)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
| |
Do not store `ProcessPoolExecutor` work item exception traceback that prevents
exception frame locals from being garbage collected.
(cherry picked from commit 9c204b148fad9742ed19b3bce173073cdec79819)
Co-authored-by: themylogin <themylogin@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit e9f66aedf44ccc3be27975cfb070a44ce6a6bd13)
Co-authored-by: E-Paine <63801254+E-Paine@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit b11243e85e020ed2f524bdd83c339faf11ef03d4)
Co-authored-by: Yiannis Hadjicharalambous <hadjicharalambous.yiannis@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d773e09a2719e69aeaa925d5abb7ba0c068)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
| |
(GH-92070) (GH-92073) (GH-92102)
Previously, pickling did not fail, but the result could not be unpickled.
(cherry picked from commit 6d0d547033e295f91f05030322acfbb0e280fc1f)
(cherry picked from commit e8ff3c92f69b475aa20ba7c08efccbc329f9b42e)
|
| |
|
|
|
|
|
|
| |
It was raised if the charset itself contains characters not encodable
in UTF-8 (in particular \udcxx characters representing non-decodable
bytes in the source).
(cherry picked from commit e91dee87edcf6dee5dd78053004d76e5f05456d4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
| |
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
(cherry picked from commit 117836f123a1c65d9ba50401822b883f11f0a347)
Co-authored-by: Humbled Drugman <humbled.drugman@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
GH- Adding 'required' to names in Lib.argparse.Action
gh-91832:
Added 'required' to the list `names` in `Lib.argparse.Action`.
Changed constant strings that test the Action object.
Automerge-Triggered-By: GH:merwok
(cherry picked from commit 4ed3900041c688a02dca1eb3323083d720dd0d93)
Co-authored-by: Abhigyan Bose <abhigyandeepbose@gmail.com>
|
| |
|
|
|
|
| |
(GH-91989). (GH-91994)
(cherry picked from commit f60b4c3d74f241775f80affe60dcba6448634fe3)
|
| |
|
|
|
| |
(cherry picked from commit f882d33778ee2625ab32d90e28edb6878fb8af93)
Co-authored-by: Alexander Shadchin <alexandr.shadchin@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit f41c16bf512778fca4bfabca887c4c303cc21896)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If use a non-builtin codec, partially implemented in Python
(e.g. ISO-8859-15), a new RecursionError (with empty error message)
can be raised while handle a RecursionError.
Testing for error message was needed to distinguish
a recursion error from arbitrary RuntimeError. After introducing
RecursionError, it became unnecessary.
(cherry picked from commit a568585069174cec35ce26cdf4d4862c634d9f6d)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 6b45076bd62407103433daea8acf085a99e6cb7e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
version (GH-91580). (GH-91661) (GH-91837)
(cherry picked from commit 1c2fcebf3c5e2ab41d376bb481834445617c8f3c)
(cherry picked from commit 1748816e80b23744667e239b49b477c0e283d201)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-91702) (GH-91831) (GH-91836)
In expression (?(group)...) an appropriate re.error is now
raised if the group number refers to not defined group.
Previously it raised RuntimeError: invalid SRE code.
(cherry picked from commit 48ec61a89a959071206549819448405c2cea61b0)
(cherry picked from commit 080781cd49b13da4a73db87b6f5e0c7aeec83e92)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
