| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ensurepip optionally installs or upgrades 'pip' and 'setuptools' using
the version of those modules bundled with Python. The internal PIP
installation routine by default temporarily uses its cache, if it
exists. This is undesirable as Python builds and installations may be
independent of the user running the build, whilst PIP cache location
is dependent on the user's environment and outside of the build
environment.
At the same time, there's no value in using the cache while installing
bundled modules.
This change disables PIP caching when used in ensurepip.
(cherry picked from commit 4a3a682b12f93a03888e8b59f439bc5fe30d6055)
Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com>
|
| |
|
| |
require `_generate_next_value_` to be defined before members
|
| |
|
|
|
|
|
| |
(cherry picked from commit 289842a)
Co-authored-by: Shantanu <hauntsaninja@users.noreply.github.com>
Automerge-Triggered-By: @pitrou
|
| |
|
|
|
|
|
|
| |
whose loader has a get_data method (GH-17385)
This pull request fixes the newline conversion bug originally reported in bpo-1812. When that issue was originally submitted, the open builtin did not default to universal newline mode; now it does, which makes the issue fix simpler, since the only code path that needs to be changed is the one in doctest._load_testfile where the file is loaded from a package whose loader has a get_data method.
(cherry picked from commit e0b8101492f6c61dee831425b4d3dae39a953599)
Co-authored-by: Peter Donis <peterdonis@alum.mit.edu>
|
| |
|
|
|
|
| |
Co-authored-by: furkanonder <furkantahaonder@gmail.com>
(cherry picked from commit 59c644eaa72b0cc48302f59d66852c4ea8332eba)
Co-authored-by: Lahfa Samy <lahfa121999@gmail.com>
|
| |
|
|
|
|
|
| |
Automerge-Triggered-By: @pablogsal.
(cherry picked from commit 217dce9ee6e3cf27a0cedbe1e4a6455776373ec2)
Co-authored-by: Hakan Çelik <hakancelik96@outlook.com>
|
| |
|
|
|
|
|
| |
Hold reference of __bases__ tuple until tuple item is done with, because by
dropping the reference the item may be destroyed.
(cherry picked from commit 1c56f8ffad44478b4214a2bf8eb7cf51c28a347a)
Co-authored-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
prefix_chars (GH-18337) (GH-18543)
When `allow_abbrev` was first added, disabling the abbreviation of
long options broke the grouping of short flags ([bpo-26967](https://bugs.python.org/issue26967)). As a fix,
b1e4d1b603 (contained in v3.8) ignores `allow_abbrev=False` for a
given argument string if the string does _not_ start with "--"
(i.e. it doesn't look like a long option).
This fix, however, doesn't take into account that long options can
start with alternative characters specified via `prefix_chars`,
introducing a regression: `allow_abbrev=False` has no effect on long
options that start with an alternative prefix character.
The most minimal fix would be to replace the "starts with --" check
with a "starts with two prefix_chars characters". But
`_get_option_tuples` already distinguishes between long and short
options, so let's instead piggyback off of that check by moving the
`allow_abbrev` condition into `_get_option_tuples`.
https://bugs.python.org/issue39546
(cherry picked from commit 8edfc47baec7ff4cb1b9db83dd35c8ffc1d498a4)
Co-authored-by: Kyle Meyer <kyle@kyleam.com>
https://bugs.python.org/issue39546
Automerge-Triggered-By: @encukou
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit c18b805ac6a2d22176240ca93982fa1fb6559ec7)
Co-authored-by: Tim Gates <tim.gates@iress.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On most platforms, the `environ` symbol is accessible everywhere.
In a dylib on OSX, it's not easily accessible, you need to find it with
_NSGetEnviron.
The code was caching the *value* of environ. But a setenv() can change the value,
leaving garbage at the old value. Fix: don't cache the value of environ, just
read it every time.
(cherry picked from commit 723f71abf7ab0a7be394f9f7b2daa9ecdf6fb1eb)
Co-authored-by: Benoit Hudson <benoit@imgspc.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).
LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.
The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to
\d+-\w+-\d+(\s*\s*\s*)$
Therefore, a long sequence of spaces can trigger bad performance.
Matching a malicious string such as
LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")
caused catastrophic backtracking.
The fix removes ambiguity about which \s* should match a particular
space.
You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.
from http.server import BaseHTTPRequestHandler, HTTPServer
def make_set_cookie_value(n_spaces):
spaces = " " * n_spaces
expiry = f"1-c-1{spaces}!"
return f"b;Expires={expiry}"
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
self.log_request(204)
self.send_response_only(204) GH- Don't bother sending Server and Date
n_spaces = (
int(self.path[1:]) GH- Can GET e.g. /100 to test shorter sequences
if len(self.path) > 1 else
65506 GH- Max header line length 65536
)
value = make_set_cookie_value(n_spaces)
for i in range(99): GH- Not necessary, but we can have up to 100 header lines
self.send_header("Set-Cookie", value)
self.end_headers()
if __name__ == "__main__":
HTTPServer(("", 44020), Handler).serve_forever()
This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.
Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :
import http.cookiejar, urllib.request
cj = http.cookiejar.CookieJar()
opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
r = opener.open("http://localhost:44020/")
The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):
import requests
requests.get("http://localhost:44020/")
* Regression test for http.cookiejar REDoS
If we regress, this test will take a very long time.
* Improve performance of http.cookiejar.ISO_DATE_RE
A string like
"444444" + (" " * 2000) + "A"
could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.
(cherry picked from commit 1b779bfb8593739b11cbb988ef82a883ec9d077e)
Co-authored-by: bcaller <bcaller@users.noreply.github.com>
|
| |
|
|
|
|
| |
Contributions on bpo-26467 and bpo-29302.
(cherry picked from commit d6d6e2aa0249bb661541705335ddbb97a53d64c8)
Co-authored-by: Ilya Kulakov <kulakov.ilya@gmail.com>
|
| |
|
|
|
|
| |
Clarify execution in try-return-finally-return case.
(cherry picked from commit 0cc27417f2cd399c432d7dda9aeca1d81af76936)
Co-authored-by: toonarmycaptain <toonarmycaptain@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relative imports use resolve_name to get the absolute target name,
which first seeks the current module's absolute package name from the globals:
If __package__ (and __spec__.parent) are missing then
import uses __name__, truncating the last segment if
the module is a submodule rather than a package __init__.py
(which it guesses from whether __path__ is defined).
The __name__ attempt should fail if there is no parent package (top level modules),
if __name__ is '__main__' (-m entry points), or both (scripts).
That is, if both __name__ has no subcomponents and the module does not seem
to be a package __init__ module then import should fail..
(cherry picked from commit 92420b3e679959a7d0ce875875601a4cee45231e)
Co-authored-by: Ben Lewis <benjimin@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit e4810b2a6c1d0db1a27ad046831b8fa3b57967a4)
Co-authored-by: Raymond Hettinger <rhettinger@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
Modify the wheel event handler so it can also be used for module, path, and stack browsers.
Patch by George Zhang.
(cherry picked from commit 2cd902585815582eb059e3b40e014ebe4e7fdee7)
Co-authored-by: GeeTransit <geetransit@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-15239) (GH-15686)
Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either:
- a case without trailing whitespace
- an invalid encoded word
https://bugs.python.org/issue37764
This fix should also be backported to 3.7 and 3.8
https://bugs.python.org/issue37764
(cherry picked from commit c5b242f87f31286ad38991bc3868cf4cfbf2b681)
Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
|
| |
|
|
|
|
|
| |
seconds>=24. (GH-14307)
(cherry picked from commit 122376df550b71dd3bec0513c7483cc1714212fa)
Co-authored-by: Justin Blanchard <UncombedCoconut@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-13138) (GH-15557)
(cherry picked from commit 2a16eea71f56c2d8f38c295c8ce71a9a9a140aff)
Co-authored-by: Daniel Fortunov <asqui@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes an inconsistency between the Python and C implementations of
the datetime module. The pure python version of the code was not
accepting offsets greater than 23:59 but less than 24:00. This is an
accidental legacy of the original implementation, which was put in place
before tzinfo allowed sub-minute time zone offsets.
GH-14878
(cherry picked from commit 92c7e30adf5c81a54d6e5e555a6bdfaa60157a0d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD implementation of poll(2) restricts the timeout argument to be
either zero, or positive, or equal to INFTIM (-1).
Unless otherwise overridden, socket timeout defaults to -1. This value
is then converted to milliseconds (-1000) and used as argument to the
poll syscall. poll returns EINVAL (22), and the connection fails.
This bug was discovered during the EINTR handling testing, and the
reproduction code can be found in
https://bugs.python.org/issue23618 (see connect_eintr.py,
attached). On GNU/Linux, the example runs as expected.
This change is trivial:
If the supplied timeout value is negative, truncate it to -1.
(cherry picked from commit 28146206578ebe1b84b48e6f255738a227058c04)
Co-authored-by: Artem Khramov <akhramov@pm.me>
|
| |
|
|
|
|
|
|
|
|
| |
BPO -16970: Adding error message for invalid args
Applied the patch argparse-v2 patch issue 16970, ran patch check and the test suite, test_argparse with 0 errors
https://bugs.python.org/issue16970
(cherry picked from commit 4b3e97592376d5f8a3b75192b399a2da1be642cb)
Co-authored-by: tmblweed <tmblweed@users.noreply.github.com>
|
| |
|
|
|
|
| |
Improve performance of sre_parse._uniq function.
(cherry picked from commit 9f55551f3df238e58315e724e50cb0d574d75b94)
Co-authored-by: yannvgn <hi@yannvgn.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expose the CAN_BCM SocketCAN constants used in the bcm_msg_head struct
flags (provided by <linux/can/bcm.h>) under the socket library.
This adds the following constants with a CAN_BCM prefix:
* SETTIMER
* STARTTIMER
* TX_COUNTEVT
* TX_ANNOUNCE
* TX_CP_CAN_ID
* RX_FILTER_ID
* RX_CHECK_DLC
* RX_NO_AUTOTIMER
* RX_ANNOUNCE_RESUME
* TX_RESET_MULTI_IDX
* RX_RTR_FRAME
* CAN_FD_FRAME
The CAN_FD_FRAME flag was introduced in the 4.8 kernel, while the other
ones were present since SocketCAN drivers were mainlined in 2.6.25. As
such, it is probably unnecessary to guard against these constants being
missing.
(cherry picked from commit 31c4fd2a10d90beaa37d630e5f74a471e14e089d)
Co-authored-by: karl ding <karlding@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 4214f1ec3b3c73badd639229eff81eb5e57b82ec)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The `allow_abbrev` option for ArgumentParser is documented and intended to disable support for unique prefixes of --options, which may sometimes be ambiguous due to deferred parsing.
However, the initial implementation also broke parsing of grouped short flags, such as `-ab` meaning `-a -b` (or `-a=b`). Checking the argument for a leading `--` before rejecting it fixes this.
This was prompted by pytest-dev/pytestGH-5469, so a backport to at least 3.8 would be great :smile:
And this is my first PR to CPython, so please let me know if I've missed anything!
https://bugs.python.org/issue26967
(cherry picked from commit dffca9e925ee5c3072663cbe8d4d4768406d5307)
Co-authored-by: Zac Hatfield-Dodds <Zac-HD@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mailbox.Maildir (GH-1163)
Hi,
I've faced an issue w/ `mailbox.Maildir()`. The case is following:
1. I create a folder with `tempfile.TemporaryDirectory()`, so it's empty
2. I pass that folder path as an argument when instantiating `mailbox.Maildir()`
3. Then I receive an exception happening because "there's no such file or directory" (namely `cur`, `tmp` or `new`) during interaction with Maildir
**Expected result:** subdirs are created during `Maildir()` instance creation.
**Actual result:** subdirs are assumed as existing which leads to exceptions during use.
**Workaround:** remove the actual dir before passing the path to `Maildir()`. It will be created automatically with all subdirs needed.
**Fix:** This PR. Basically it adds creation of subdirs regardless of whether the base dir existed before.
https://bugs.python.org/issue30088
(cherry picked from commit e44184749c2fd0921867ea5cd20b8e226c2146c2)
Co-authored-by: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
|
| |
|
|
|
| |
(cherry picked from commit b9a0376b0dedf16a2f82fa43d851119d1f7a2707)
Co-authored-by: gescheit <gescheit@yandex-team.ru>
|
| |
|
|
|
|
|
|
| |
Nested BinOp instances (e.g. a+b+c) had a wrong col_offset for the
second BinOp (e.g. 2 instead of 0 in the example). Fix it by using the
correct st node to copy the line and col_offset from in ast.c.
(cherry picked from commit 110a47c4f42cf4db88edc1876899fff8f05190fb)
Co-authored-by: Carl Friedrich Bolz-Tereick <cfbolz@gmx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-13545)
* bpo-37014: Update docstring and Documentation of fileinput.FileInput()
* Explain the behavior of fileinput.FileInput() when reading stdin.
* Update blurb.
* bpo-37014: Fix typo in the docstring and documentation.
|
| |
|
|
|
| |
handled (GH-7778)
``_thread.interrupt_main()`` now avoids setting the Python error status if the ``SIGINT`` signal is ignored or not handled by Python.
|
| |
|
|
|
| |
GH-13238 made extra text after a # type: ignore accepted by the parser.
This finishes the job and actually plumbs the extra text through the
parser and makes it available in the AST.
|
| |
|
|
| |
In order to support typing checks calling hex(), oct() and bin() on user-defined classes, a SupportIndex protocol is required. The ability to check these at runtime would be good to add for completeness sake. This is pretty much just a copy of SupportsInt with the names tweaked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-36929: Modify io/re tests to allow for missing mod name
For a vanishingly small number of internal types, CPython sets the
tp_name slot to mod_name.type_name, either in the PyTypeObject or the
PyType_Spec. There are a few minor places where this surfaces:
* Custom repr functions for those types (some of which ignore the
tp_name in favor of using a string literal, such as _io.TextIOWrapper)
* Pickling error messages
The test suite only tests the former. This commit modifies the test
suite to allow Python implementations to omit the module prefix.
https://bugs.python.org/issue36929
|
| |
|
| |
https://bugs.python.org/issue23896
|
| | |
|
| |
|
|
|
|
|
|
| |
(GH-11553)
This slightly expands an existing test case `test_popen_error` to trigger a `ResourceWarning` and fixes it.
https://bugs.python.org/issue35721
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the PyDateTimeAPI. (#13088)
* created a c API wrapper for pyDate_FromDate and added the test
* 📜🤖 Added by blurb_it.
* fixed auto-alignment by vscode
* made changes as per PEP7
* Update 2019-05-04-21-25-19.bpo-36782.h3oPIb.rst
* Refactored code as per requested changes
* Remove Whitespace to Fix failed travis build
* Update 2019-05-04-21-25-19.bpo-36782.h3oPIb.rst
* Add a new line at end of ACKS
* Added C API function for PyDateTime_FromDateAndTime
* Added a test for the C API wrapper of PyDateTime_FromDateAndTime
* Added C API function for PyDateTime_FromDateAndTime
* Added a test for the C API wrapper of PyDateTime_FromDateAndTimeAndFold
* Remove Whitespace using patchcheck
* Added a C API function for PyTime_FromTime
* Added a test for the C API wrapper of PyTime_FromTime
* Added a C API function for PyTime_FromTimeAndFold
* Added a test for the C API wrapper of PyTime_FromTimeAndFold
* Added a C API function for PyDelta_FromDSU
* Added a test for the C API wrapper of PyDelta_FromDSU
* Refactor code, re-edit lines longer than 80 chars
* Fix Whitespace issues in DatetimeTester
* List all tests that were added in this PR
* Update 2019-05-04-21-25-19.bpo-36782.h3oPIb.rst
* Reformat code as per PEP7 guidelines
* Remove unused varibles from another function
* Added specific tests for the Fold Attribute
* Update 2019-05-04-21-25-19.bpo-36782.h3oPIb.rst
* Reformat code according to requested changes
* Reformat code to PEP7 Guidelines
* Reformat code to PEP7 Guidelines
* Re-add name to blurb
* Added a backtick to blurb file
* Update 2019-05-04-21-25-19.bpo-36782.h3oPIb.rst
* Remove the need to initialize mandatory parameters
* Make the macro parameter mandatory
* Re-arrange the order of unit-test args
* Removed the need to initialize macro
change all the int macro = 0 to int macro; now that macro is required
Co-Authored-By: Paul Ganssle <pganssle@users.noreply.github.com>
* Removed the need to initialize macro
change all the `int macro = 0` to `int macro`; now that macro is required
Co-Authored-By: Paul Ganssle <pganssle@users.noreply.github.com>
* Removed the need to initialize macro
change all the `int macro = 0` to `int macro`; now that macro is required
Co-Authored-By: Paul Ganssle <pganssle@users.noreply.github.com>
* Removed the need to initialize macro
change all the `int macro = 0` to `int macro`; now that macro is required
Co-Authored-By: Paul Ganssle <pganssle@users.noreply.github.com>
* Removed the need to initialize macro
change all the `int macro = 0` to `int macro`; now that macro is required
Co-Authored-By: Paul Ganssle <pganssle@users.noreply.github.com>
* Removed the need to initialize macro
change all the `int macro = 0` to `int macro`; now that macro is required
Co-Authored-By: Paul Ganssle <pganssle@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Plistlib currently throws an exception when asked to decode a valid
.plist file that was generated by Apple's NSKeyedArchiver. Specifically,
this is caused by a byte 0x80 (signifying a UID) not being understood.
This fixes the problem by enabling the binary plist reader and writer
to read and write plistlib.UID objects.
|
| |
|
|
| |
(GH-13298)
|
| |
|
|
|
|
|
|
| |
files. (PR-13212)
Extended attributes can only be set on user-writeable files, but shutil previously
first chmod()ed the destination file to the source's permissions and then tried to
copy xattrs. This will cause failures if attempting to copy read-only files with
xattrs, as occurs with Git clones on Lustre FS.
|
| |
|
|
| |
* Fix typo in test_cyclic_gc subtest
* Improve test coverage for xml.etree.ElementTree
|
| |
|
|
|
| |
(GH-12822)
Remove left-over references to Python 3.0 as the future in Fraction class docstrings.
|
| |
|
|
|
| |
(GH-7849)
Since bpo-30291 it is possible to specify the architecture of Python when using the launcher
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Properly handle SyntaxErrors in Python source files.
SyntaxErrors in the target module will rise normally, while SyntaxErrors in dependencies will be added to badmodules. This includes a new regression test.
* Fix name collision bug.
This fixes an issue where a "fromlist" import with the same name as a previously failed import would be incorrectly added to badmodules. This includes a new regression test.
* Replace mutable default values.
Bound empty lists have been replaced with the "if param is None" idiom.
* Replace deprecated imp usage.
Constants imported from imp have been moved to private module-level constants, and ModuleFinder.find_module has been refactored to use importlib. Other than an improvement on how frozen builtin imports are reported (as the frozen imports they are, rather than the stdlib modules they *may* have originated from), these changes maintain complete compatibility with past versions... including odd behavior for returning relative (below current directory, but not a C extension) vs. absolute (above current directory, or a C extension) paths.
Patch by Brandt Bucher.
|
| | |
|
| | |
|
