summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d/next/Library
Commit message (Collapse)AuthorAgeFilesLines
* Python 3.8.13Łukasz Langa2022-03-158-16/+0
|
* bpo-46985: Upgrade bundled pip to 22.0.4 (GH-31819) (GH-31851)Ned Deily2022-03-151-0/+1
| | | | | (cherry picked from commit d87f1b787ed38dfd307d82452f2efe9dc5b93942) Co-authored-by: Pradyun Gedam <pgedam@bloomberg.net>
* bpo-46784: Add newly exported expat symbols to the namespace. (GH-31397) ↵Miss Islington (bot)2022-03-081-0/+1
| | | | | | | | | | | | | | | | | | | | (GH-31419) The libexpat 2.4.1 upgrade from introduced the following new exported symbols: * `testingAccountingGetCountBytesDirect` * `testingAccountingGetCountBytesIndirect` * `unsignedCharToPrintable` * `XML_SetBillionLaughsAttackProtectionActivationThreshold` * `XML_SetBillionLaughsAttackProtectionMaximumAmplification` We need to adjust [Modules/expat/pyexpatns.h](https://github.com/python/cpython/blob/master/Modules/expat/pyexpatns.h) (The newer libexpat upgrade has no new symbols). Automerge-Triggered-By: GH:gpshead (cherry picked from commit 6312c1052c0186b4596fc45c42fd3ade9f8f5911) Co-authored-by: Yilei "Dolee" Yang <yileiyang@google.com>
* bpo-46932: Update bundled libexpat to 2.4.7 (GH-31736) (GH-31740)Miss Islington (bot)2022-03-081-0/+1
| | | | | (cherry picked from commit 176835c3d5c70f4c1b152cc2062b549144e37094) Co-authored-by: Steve Dower <steve.dower@python.org>
* bpo-46756: Fix authorization check in urllib.request (GH-31353) (GH-31572)Miss Islington (bot)2022-03-021-0/+5
| | | | | | | | | | | Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI "example.org/foobar" was allowed if the user was authorized for URI "example.org/foo". (cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)Sebastian Pipping2022-02-221-0/+1
| | | | | | | | | | | | | | | | | | | | Curly brackets were never allowed in namespace URIs according to RFC 3986, and so-called namespace-validating XML parsers have the right to reject them a invalid URIs. libexpat >=2.4.5 has become strcter in that regard due to related security issues; with ET.XML instantiating a namespace-aware parser under the hood, this test has no future in CPython. References: - https://datatracker.ietf.org/doc/html/rfc3968 - https://www.w3.org/TR/xml-names/ Also, test_minidom.py: Support Expat >=2.4.5 (cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e) Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
* bpo-46400: Update libexpat from 2.4.1 to 2.4.4 (GH-31022) (GH-31297)Dong-hee Na2022-02-211-0/+1
| | | Co-authored-by: Cyril Jouve <jv.cyril@gmail.com>
* [3.8] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with ↵Jason R. Coombs2022-02-141-0/+2
| | | | | | | importlib_metadata 4.10.1) (GH-30803). (#30829) (cherry picked from commit 51c3e28c8a163e58dc753765e3cc51d5a717e70d) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* bpo-44849: Fix os.set_inheritable() on FreeBSD 14 with O_PATH (GH-27623) ↵Miss Islington (bot)2021-10-191-0/+4
| | | | | | | | | | (GH-28978) Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. (cherry picked from commit c24896c0e3b32c8a9f614ef51366007b67d5c665) Co-authored-by: Victor Stinner <vstinner@python.org>
* Python 3.8.12v3.8.12Łukasz Langa2021-08-301-2/+0
|
* bpo-45001: Make email date parsing more robust against malformed input ↵Miss Islington (bot)2021-08-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (GH-27946) (GH-27974) Various date parsing utilities in the email module, such as email.utils.parsedate(), are supposed to gracefully handle invalid input, typically by raising an appropriate exception or by returning None. The internal email._parseaddr._parsedate_tz() helper used by some of these date parsing routines tries to be robust against malformed input, but unfortunately it can still crash ungracefully when a non-empty but whitespace-only input is passed. This manifests as an unexpected IndexError. In practice, this can happen when parsing an email with only a newline inside a ‘Date:’ header, which unfortunately happens occasionally in the real world. Here's a minimal example: $ python Python 3.9.6 (default, Jun 30 2021, 10:22:16) [GCC 11.1.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import email.utils >>> email.utils.parsedate('foo') >>> email.utils.parsedate(' ') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate t = parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz res = _parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz if data[0].endswith(',') or data[0].lower() in _daynames: IndexError: list index out of range The fix is rather straight-forward: guard against empty lists, after splitting on whitespace, but before accessing the first element. (cherry picked from commit 989f6a3800f06b2bd31cfef7c3269a443ad94fac) Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
* Python 3.8.11v3.8.11Łukasz Langa2021-06-281-2/+0
|
* [3.8] bpo-44061: Fix pkgutil.iter_modules regression when passed a ↵Łukasz Langa2021-05-121-0/+2
| | | | | | | pathlib.Path object (GH-25964). (GH-26056) (cherry picked from commit e9d7f88d5643f7e6387bf994c130503766d7eb92) Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
* Python 3.8.10v3.8.10Łukasz Langa2021-05-0322-41/+0
|
* bpo-32745: Fix a regression in the handling of ctypes' c_wchar_p type ↵Miss Islington (bot)2021-05-021-0/+3
| | | | | | | | | | (GH-8721) (#25811) Embedded nulls would cause a ValueError to be raised. Thanks go to Eryk Sun for their analysis. Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 73766b0341674f3920f4ea86a6f8288b801960f9) Co-authored-by: Zackery Spytz <zspytz@gmail.com>
* [3.8] bpo-43993: Update vendored pip to 21.1.1 (GH-25761). (GH-25783)Stéphane Bidoul2021-05-011-0/+1
|
* [3.8] bpo-28577: Special case added to IP v4 and v6 hosts for /32 and /128 ↵Pete Wicken2021-04-261-0/+1
| | | | | | | | networks (GH-18757) (#25536) The `.hosts()` method now returns the single address present in a /32 or /128 network.. (cherry picked from commit 8e9c47a947954c997d4b725f4551d50a1d896722) Co-authored-by: Pete Wicken <2273100+JamoBox@users.noreply.github.com>
* Fix thread locks in zlib module may go wrong in rare case (#22132)Ma Lin2021-04-261-0/+1
| | | Setting `next_in` before acquiring the thread lock may mix up compress/decompress state in other threads.
* [3.8] bpo-34463: Make python tracebacks identical to C tracebacks for (#23899)Irit Katriel2021-04-261-0/+1
| | | | | | | | | | | | | | * [3.8] bpo-34463: Make python tracebacks identical to C tracebacks for SyntaxErrors without a lineno (GH-23427) (cherry picked from commit 069560b1171eb6385121ff3b6331e8814a4e7454) Co-authored-by: Irit Katriel <iritkatriel@yahoo.com> * 📜🤖 Added by blurb_it. * added missing newline in test Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
* bpo-43534: Fix the turtle module working with multiple root windows GH-25594Miss Islington (bot)2021-04-261-0/+1
| | | | | (cherry picked from commit 8af929fc76f21fb123f6a47cb3ebcf4e5b758dea) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.9] bpo-43655: Tkinter and IDLE dialog windows are now recognized as ↵Miss Islington (bot)2021-04-251-0/+2
| | | | | | | | dialogs by window managers on macOS and X Window (GH-25187). (GH-25588) (GH-25592) (cherry picked from commit 3bb3fb3be09d472a43cdc3d9d9578bd49f3dfb8c) (cherry picked from commit 9a165399aec930f27639dd173426ccc33586662b) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-43534: Make dialogs in turtle.textinput() and turtle.numinput() ↵Miss Islington (bot)2021-04-251-0/+2
| | | | | | | transitient again (GH-24923) (cherry picked from commit b5adc8a7e5c13d175b4d3e53b37bc61de35b1457) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.8] bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0 ↵Stéphane Bidoul2021-04-241-0/+1
| | | | | | | | (GH-25576) (GH-25579) Update bundled pip to 21.1 and setuptools to 56.0.0. (cherry picked from commit 196983563d05e32d2dcf217e955a919f9e0c25e1) Co-authored-by: Stéphane Bidoul <stephane.bidoul@acsone.eu>
* bpo-43607: Fix urllib handling of Windows paths with \\?\ prefix (GH-25539)Miss Islington (bot)2021-04-231-0/+2
| | | | | (cherry picked from commit 3513d55a617012002c3f82dbf3cec7ec1abd7090) Co-authored-by: Steve Dower <steve.dower@python.org>
* [3.8] bpo-43920: Make load_verify_locations(cadata) error message consistent ↵Christian Heimes2021-04-231-0/+2
| | | | | | | | (GH-25554) (GH-25556) Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit b9ad88be0304136c3fe5959c65a5d2c75490cd80) Co-authored-by: Christian Heimes <christian@python.org>
* bpo-43284: Update platform.win32_ver to use _syscmd_ver instead of ↵Miss Islington (bot)2021-04-221-0/+6
| | | | | | | | | | sys.getwindowsversion() (GH-25500) The sys module uses the kernel32.dll version number, which can vary from the "actual" Windows version. Since the best option for getting the version is WMI (which is expensive), we switch back to launching cmd.exe (which is also expensive, but a lot less code on our part). sys.getwindowsversion() is not updated to avoid launching executables from that module. (cherry picked from commit 2a3f4899c63806439e5bcea0c30f7e6a6295a763) Co-authored-by: Shreyan Avigyan <shreyan.avigyan@gmail.com>
* [3.8] bpo-43522: Fix SSLContext.hostname_checks_common_name (GH-24899) ↵Christian Heimes2021-04-171-0/+1
| | | | | | | | (GH-25452) Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not copy hostflags from *struct SSL_CTX* to *struct SSL*. (cherry picked from commit 330b49e397168df789fd0dd20cfe7e81b8e47258)
* bpo-42967: coerce bytes separator to string in urllib.parse_qs(l) (GH-24818) ↵Miss Islington (bot)2021-04-161-0/+3
| | | | | | | | | | | | | | (#25345) * coerce bytes separator to string * Add news * Update Misc/NEWS.d/next/Library/2021-03-11-00-31-41.bpo-42967.2PeQRw.rst (cherry picked from commit b38601d49675d90e1ee6faa47f7adaeca992d02d) Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
* [3.8] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) ↵Christian Heimes2021-04-131-0/+2
| | | | | | (GH-25383) Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit a4833883c9b81b6b272cc7c5b67fa1658b65304c)
* [3.8] bpo-42248: [Enum] ensure exceptions raised in ``_missing_`` are ↵Ethan Furman2021-04-121-0/+1
| | | | | | | released (GH-25350). (GH-25369) (cherry picked from commit 8c14f5a787b21d5a1eae5d5ee981431d1c0e055f) Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
* [3.8] bpo-43788: Generate version specific _ssl_data.h (GH-25300) (GH-25311)Christian Heimes2021-04-091-0/+4
| | | | | (cherry picked from commit 150af7543214e1541fa582374502ac1cd70e8eb4) Co-authored-by: Christian Heimes <christian@python.org>
* bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309)Miss Islington (bot)2021-04-091-0/+1
| | | | | | Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 6f37ebc61e9e0d13bcb1a2ddb7fc9723c04b6372) Co-authored-by: Christian Heimes <christian@python.org>
* [3.8] bpo-43789: OpenSSL 3.0.0 Don't call passwd callback again in error ↵Miss Islington (bot)2021-04-091-0/+2
| | | | | | | case (GH-25303) (GH-25306) (cherry picked from commit d3b73f32ef7c693a6ae8c54eb0e62df3b5315caf) Co-authored-by: Christian Heimes <christian@python.org>
* [3.8] Fix blurb for bpo-43176. (GH-25215) (GH-25218)Miss Islington (bot)2021-04-061-1/+1
| | | | | | | | (cherry picked from commit 1744c96ebc98b240f2564f75191097704b37244f) Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com> Automerge-Triggered-By: GH:ericvsmith
* bpo-43176: Fix processing of empty dataclasses (GH-24484)Miss Islington (bot)2021-04-061-0/+1
| | | | | | | | When a dataclass inherits from an empty base, all immutability checks are omitted. This PR fixes this and adds tests for it. Automerge-Triggered-By: GH:ericvsmith (cherry picked from commit 376ffc6ac491da74920aed1b8e35bc371cb766ac) Co-authored-by: Iurii Kemaev <6885137+hbq1@users.noreply.github.com>
* bpo-36470: Allow dataclasses.replace() to handle InitVars with default ↵Miss Islington (bot)2021-04-051-0/+2
| | | | | | | | | | | | values (GH-20867) (GH-25201) Co-Authored-By: Claudiu Popa <pcmanticore@gmail.com> Automerge-Triggered-By: GH:ericvsmith (cherry picked from commit 75220674c07abfc90c2cd7862d04cfa2e2354450) Co-authored-by: Zackery Spytz <zspytz@gmail.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com>
* Merge tag 'v3.8.9' into 3.8Łukasz Langa2021-04-029-24/+0
|\ | | | | | | Python 3.8.9
| * Python 3.8.9v3.8.9Łukasz Langa2021-04-029-24/+0
| |
* | [3.9] bpo-26053: Fix args echoed by pdb run command (GH-25149)Miss Islington (bot)2021-04-021-0/+1
|/ | | | | | | | | | | | * bpo-26053: Fix args echoed by pdb run command (GH-22033) (cherry picked from commit 652bfdee9495dca241d48278742fe035b7a82bdb) * bpo-26053: Fix test_pdb.test_issue26053() (GH-25139) (cherry picked from commit bd4ab8e73906a4f12d5353f567228b7c7497baf7) (cherry picked from commit 7ad56e254519047aeb9c669b9ea2f2bf0acfd401) Co-authored-by: Irit Katriel <iritkatriel@yahoo.com>
* bpo-43399: Fix ElementTree.extend not working on iterators (GH-24751)Miss Islington (bot)2021-03-301-0/+2
| | | | | (cherry picked from commit 51a85ddce8b336addcb61b96f04c9c5edef07296) Co-authored-by: Alex Prengère <2138730+alexprengere@users.noreply.github.com>
* bpo-35930: Raising an exception raised in a "future" instance will create ↵Miss Islington (bot)2021-03-291-0/+2
| | | | | | | | | | | | reference cycles (GH-24995) (#25071) Before: https://lists.es.python.org/pipermail/general/attachments/20201229/0c14bc58/attachment-0002.png After: https://lists.es.python.org/pipermail/general/attachments/20201229/0c14bc58/attachment-0003.png (cherry picked from commit 32430aadadf6e012e39167d3c18a24e49fb84874) Co-authored-by: Jesús Cea <jcea@jcea.es> Co-authored-by: Jesús Cea <jcea@jcea.es>
* bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback ↵Miss Islington (bot)2021-03-211-0/+1
| | | | | | | | | | | | | | | (GH-24957) OpenSSL copies the internal message callback from SSL_CTX->msg_callback to SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback to use the callback value of the new context. PySSL_set_context() now resets the callback and _PySSL_msg_callback() resets thread state in error path. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 77cde5042a2f1eae489c11a67540afaf43cd5cdf) Co-authored-by: Christian Heimes <christian@python.org>
* [3.8] bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118) (#24833)Senthil Kumaran2021-03-131-0/+8
| | | | | | | | | | | | | | * bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118) * Fix auth_login logic (bpo-27820) * Also fix a longstanding bug in the SimSMTPChannel.found_terminator() method that causes inability to test SMTP AUTH with initial_response_ok=False. (cherry picked from commit 7591d9455eb37525c832da3d65e1a7b3e6dbf613) * Set timeout to 15 directly. Co-authored-by: Pandu E POLUAN <pepoluan@gmail.com>
* bpo-43423 Fix IndexError in subprocess _communicate function (GH-24777)Miss Islington (bot)2021-03-121-0/+2
| | | | | | | | Check to make sure stdout and stderr are not empty before selecting an item from them in Windows subprocess._communicate. Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit b4fc44bb2d209182390b4f9fdf074a46b0165a2f) Co-authored-by: Chris Griffith <chris@cdgriffith.com>
* [3.8] bpo-37193: Remove thread objects which finished process its request ↵Miss Islington (bot)2021-03-041-0/+2
| | | | | | | | | | | (GH-23127) (GH-24749) This reverts commit aca67da4fe68d5420401ac1782203d302875eb27. (cherry picked from commit b5711c940f70af89f2b4cf081a3fcd83924f3ae7) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> Automerge-Triggered-By: GH:jaraco
* bpo-42782: Fail fast for permission errors in shutil.move() (GH-24001)Miss Islington (bot)2021-03-031-0/+2
| | | | | | | | * Fail fast in shutil.move() to avoid creating destination directories on failure. Co-authored-by: Zackery Spytz <zspytz@gmail.com> (cherry picked from commit 132131b404e06ee1a19b040a1f96cd1118abed0c) Co-authored-by: Winson Luk <winson.luk@gmail.com>
* bpo-43316: gzip: CLI uses non-zero return code on error. (GH-24647)Miss Islington (bot)2021-02-251-0/+3
| | | | | | | Exit code is now 1 instead of 0. A message is printed to stderr instead of stdout. This is the proper behaviour for a tool that can be used in scripts. (cherry picked from commit cc3df6368d4f3f6c9c9b716876c7e7b79c7abf3f) Co-authored-by: Ruben Vorderman <r.h.p.vorderman@lumc.nl>
* bpo-43260: io: Prevent large data remains in textio buffer. (GH-24592)Inada Naoki2021-02-221-0/+2
| | | | | | | | | When very large data remains in TextIOWrapper, flush() may fail forever. So prevent that data larger than chunk_size is remained in TextIOWrapper internal buffer. Co-Authored-By: Eryk Sun. (cherry picked from commit 01806d5beba3d208bb56adba6829097d803bf54f)
* Python 3.8.8rc1v3.8.8rc1Łukasz Langa2021-02-1617-29/+0
|
* bpo-43108: Fix a reference leak in the curses module (GH-24420) (GH-24429)Miss Islington (bot)2021-02-151-0/+1
| | | | | | | (cherry picked from commit bb739ec922c6992a2be38f9fd3c544c2cc322dde) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
generated by cgit v0.12 at 2024-11-02 13:37:21 (GMT)