| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
(cherry picked from commit 50a70a083d34305a52fac4f5901bff2ead152d68)
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
| |
(cherry picked from commit 88a7f661ca02c0eb76b8f19234b8293b70f171e2)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
| |
Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
(cherry picked from commit aa3b4cf779b3dddb84e094879b91703354910d8c)
|
| | |
|
| |
|
|
|
|
|
| |
(GH-96353)
(cherry picked from commit b9634ac776c24bc4d4a57859d884a94cdfe16043)
Co-authored-by: philg314 <110174000+philg314@users.noreply.github.com>
|
| |
|
|
|
|
| |
(GH-25619) (#96556)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
|
| |
|
| |
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fix the faulthandler implementation of faulthandler.register(signal,
chain=True) if the sigaction() function is not available: don't call
the previous signal handler if it's NULL.
(cherry picked from commit c580a81af91af4b9df85e466f8b48c3c9c86c3df)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
| |
This makes tokenizer.c:valid_utf8 match stringlib/codecs.h:decode_utf8.
It also fixes an off-by-one error introduced in 3.10 for the line number when the tokenizer reports bad UTF8.
(cherry picked from commit 8bc356a7dd50cbdb46d10b8c7e457832431f5d9e)
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 4114bcc9ef7595a07196bcecf9c7d6d39f57f64d)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 2fd7246e97c8cc09b4e3f22933693f9d68f08163)
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
|
| |
|
|
|
| |
(cherry picked from commit 05692c67c51b78a5a5a7bb61d646519025e38015)
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 67444902a0f10419a557d0a2d3b8675c31b075a9)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(#96617)
(cherry picked from commit 95e271b2266b8f2e7b60ede86ccf3ede4a7f83eb)
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-96593)
This doesn't happen naturally, but is allowed by the ASDL and compiler.
We don't want to change ASDL for backward compatibility reasons
(GH-57645, GH-92987)
(cherry picked from commit 200c9a8da0e2b892c476807e986009c01327e781)
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
and adds What's New section (GH-96595)
(cherry picked from commit 80a9bd2e94b1759a7669fa811ed3526eb137c92d)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit b126196838bbaf5f4d35120e0e6bcde435b0b480)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
| |
accross -> across
(cherry picked from commit 6adb89f50a0b032e0264cb3cd400a71c0fe6e0f8)
Co-authored-by: Ikko Ashimine <eltociear@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.
This PR comes fresh from a pile of work done in our private PSRT security response team repo.
This backports https://github.com/python/cpython/pull/96499 aka 511ca9452033ef95bc7d7fc404b8161068226002
Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
|
| |
|
|
|
|
|
|
|
| |
(#96395)
(cherry picked from commit e5b2453e61ba5376831093236d598ef5f9f1de61)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
(GH-96323) (#96344)
(cherry picked from commit e860e521ec0d84e175269aeb15cf24bd6053ad17)
Co-authored-by: Kirill <iam@python273.pw>
Co-authored-by: Kirill <iam@python273.pw>
|
| |
|
|
|
|
|
| |
(cherry picked from commit 75177358a62afeabd1d3aa0e9f395c2b9d4495ca)
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
|
| |
|
|
|
| |
(cherry picked from commit 873554ef84011773618911ffa698cea181cec9fd)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The previous wording of this entry suggests that CPython
won't work if optional compiler features are enabled.
That's not the case. The change is that we require C11 rather
than C89.
Note that PEP 7 does say "Python 3.11 and newer versions use C11
without optional features." It is correct there: that's
not a guide for users who compile Python, but for CPython devs
who must avoid the features.
|
| |
|
|
|
|
|
|
|
|
|
| |
find_unused_port() has an inherent race condition, but we can't use
bind_port() as that uses .getsockname() which this test is exercising.
Try binding to unused ports a few times before failing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
(cherry picked from commit df110126971d0271a977ce10779083b3e335b4da)
Co-authored-by: Ross Burton <ross.burton@arm.com>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-96176)
X-Ref: https://github.com/python/typeshed/pull/8590GH-discussion_r951473977
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 58f6953d6d3fe20d972bfa2f6e982206adcf1353)
Co-authored-by: Kevin Kirsche <Kev.Kirsche+GitHub@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-96188)
(cherry picked from commit 16ebae4cd4029205d932751f26c719c6cb8a6e92)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
| |
logging.TimedRotat… (GH-96182) (GH-96196)
Co-authored-by: Duncan Grisby <duncan-github@grisby.org>
|
| |
|
|
|
| |
(cherry picked from commit 53e6a9a7254bdcd0538580ba7d799cd453e2dca5)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
Automerge-Triggered-By: GH:tiran
(cherry picked from commit 822955c16654c22c10a993f5a94bbb68b857a150)
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
docs (GH-96112)
Clearly link concurrent.futures from threading & multiprocessing docs
Also link directly to asyncio from the beginning of the threading docs.
(cherry picked from commit bcc4cb0c7d5e0590928e74cae86b0a7938c0f74b)
Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
|
| |
|
|
|
|
|
|
| |
Alternative of GH-96107
(cherry picked from commit e0d54a4a799dae4ebdd72a16bcf287ed62ae2972)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
_MASK_UTF_FILENAME flags in bpo-28080 (GH-96072)
Automerge-Triggered-By: GH:pablogsal
(cherry picked from commit 9d066e2aa621125cd141b14df79955d74b7f258e)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
| |
(#96042)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
| |
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
(cherry picked from commit ab4d72954f3c3fe4bdf51dc6a9cf0ed38f210a68)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a task catches CancelledError and raises some other error,
the other error should not silently be suppressed.
Any scenario where a task crashes in cleanup upon cancellation
will now result in an ExceptionGroup wrapping the crash(es)
instead of propagating CancelledError and ignoring the side errors.
NOTE: This represents a change in behavior (hence the need to
change several tests). But it is only an edge case.
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
(cherry picked from commit f51f54f39d384da63be622bcdc9cf4cfb43bad3d)
Co-authored-by: Guido van Rossum <guido@python.org>
|
| |
|
|
|
|
|
|
| |
(#96003)
(cherry picked from commit 914f6367a0d015986dafa7a9d542e24192753b6b)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If kernel fips is enabled, we get permission error upon doing
`import crypt`. So, if kernel fips is enabled, disable the
unallowed hashing methods.
Python 3.9.1 (default, May 10 2022, 11:36:26)
[GCC 10.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/crypt.py", line 117, in <module>
_add_method('MD5', '1', 8, 34)
File "/usr/lib/python3.9/crypt.py", line 94, in _add_method
result = crypt('', salt)
File "/usr/lib/python3.9/crypt.py", line 82, in crypt
return _crypt.crypt(word, salt)
PermissionError: [Errno 1] Operation not permitted
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
(cherry picked from commit 2fa03b1b0708d5d74630c351ec9abd2aac7550da)
Co-authored-by: Shreenidhi Shedi <53473811+sshedi@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(cherry picked from commit 1b46d118e6e72daa64b98cafddb406c68b419efa)
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
|
|
| |
(GH-94997)
(cherry picked from commit b5e3ea286289fcad12be78480daf3756e350f69f)
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
(GH-95665) (GH-95858)
This PR fixes the error message from float(s) in the case where s contains only whitespace.
(cherry picked from commit 97e9cfa75a80b54a0630b7371f35e368a12749d1)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit b4c857d0fd74abb1ede6fe083c4fa3ca728b2b83)
Co-authored-by: Christian Heimes <christian@python.org>
|
| | |
|
| |
|
|
|
|
|
|
| |
(GH-95705)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 3a9e1fda7ab30e04545d3eceea1f2ccd37fa1f15)
Co-authored-by: Fantix King <fantix.king@gmail.com>
|
| |
|
|
|
|
|
|
| |
File name extensions may or may not be shown for the current name
and are added in an OS-dependent manner if not given for the new
name.
(cherry picked from commit 9890f86ae2001d19e7a18fee5b13aa0dd6069aef)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
|
| |
|
|
|
| |
(cherry picked from commit 6a5104f4fa83ed08fe31f712757dddabfede394c)
Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@protonmail.com>
|
| |
|
|
|
|
|
| |
(GH-95631)
(cherry picked from commit 5b6acbaa20aa8c80c0f10986bf6c755608664023)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
|
| |
(GH-95602)
Co-authored-by: Guido van Rossum <guido@python.org>
(cherry picked from commit 2fef27589e44c91042c2598b5cad6c6ad0516d93)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 42b102bbf9a9ae6fae8f6710202fb7afeeac277c)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
