summaryrefslogtreecommitdiffstats
path: root/Misc
Commit message (Collapse)AuthorAgeFilesLines
* Python 3.10.13v3.10.13Pablo Galindo2023-08-245-14/+44
|
* [3.10] gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data ↵Miss Islington (bot)2023-08-221-0/+2
| | | | | | | | | | (GH-99613) (GH-107224) (#107230) Previously *consumed was not set in this case. (cherry picked from commit b8b3e6afc0a48c3cbb7c36d2f73e332edcd6058c) (cherry picked from commit f08e52ccb027f6f703302b8c1a82db9fd3934270) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close ↵Łukasz Langa2023-08-221-0/+7
| | | | | | | | | | | | | | | | | | flaw (#108318) gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
* [3.10] gh-107845: Fix symlink handling for tarfile.data_filter (GH-107846) ↵Miss Islington (bot)2023-08-221-0/+3
| | | | (#108210)
* [3.10] gh-107565: Update multissltests and GitHub CI workflows to use ↵Ned Deily2023-08-181-0/+2
| | | | | OpenSSL 1.1.1v, 3.0.10, and 3.1.2. (GH-108120) (cherry picked from commit 441797d4ffb12acda257370b9e5e19ed8d6e8a71)
* [3.10] Revert "[3.10] gh-107077: Raise SSLCertVerificationError even if the ↵Pablo Galindo Salgado2023-08-031-6/+0
| | | | error is set via SSL_ERROR_SYSCALL (GH-107586) (#107589)" (#107602)
* [3.10] gh-107077: Raise SSLCertVerificationError even if the error is set ↵Miss Islington (bot)2023-08-031-0/+6
| | | | | | | via SSL_ERROR_SYSCALL (GH-107586) (#107589) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com> Co-authored-by: T. Wouters <thomas@python.org>
* Python 3.10.12v3.10.12Pablo Galindo2023-06-069-17/+80
|
* [3.10] gh-89412: Add missing attributes (added in 3.10) to traceback module ↵Miss Islington (bot)2023-06-051-0/+2
| | | | | | | docs (GH-105046) (#105329) (cherry picked from commit a4f72fa39a9d391c7b931ba1906d81da4ae01949) Co-authored-by: Jakub Kuczys <me@jacken.men>
* [3.10] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) ↵Gregory P. Smith2023-06-051-0/+2
| | | | | | | | | | | | | | | | | | | | (GH-105200) (#105204) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af). (cherry picked from commit a5d2b546c1b0b73d0695b98838a3ddd497382999) (cherry picked from commit f90d3f68db720bd6d0deda8cc0030339ccd43858) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] [3.11] gh-102153: Start stripping C0 control and space chars in ↵Miss Islington (bot)2023-05-171-0/+3
| | | | | | | | | | | | | | | | | | | | | | `urlsplit` (GH-102508) (GH-104575) (#104592) gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). I simplified the docs by eliding the state of the world explanatory paragraph in this security release only backport. (people will see that in the mainline /3/ docs) --------- (cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10) (cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Illia Volochii <illia.volochii@gmail.com> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
* [3.10] gh-102950: Implement PEP 706 – Filter for tarfile.extractall ↵Matěj Cepl2023-05-101-0/+4
| | | | | | | | | | | (GH-102953) (GH-104128) - Backport b52ad18a766700be14382ba222033b2d75a33521 - Backport c8c3956d905e019101038b018129a4c90c9c9b8f - Remove the DeprecationWarning - Adjust docs - Remove new `__all__` entries Co-authored-by: Petr Viktorin <encukou@gmail.com>
* [3.10] gh-99889: Fix directory traversal security flaw in uu.decode() ↵Miss Islington (bot)2023-05-091-0/+2
| | | | | | | | | | | | | | | | | | (GH-104096) (#104330) gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) * Fix directory traversal security flaw in uu.decode() * also check absolute paths and os.altsep * Add a regression test. --------- (cherry picked from commit 0aeda297931820436a50b78f4f7f0597274b5df4) [Google] Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>
* [3.10] gh-104049: do not expose on-disk location from ↵Miss Islington (bot)2023-05-091-0/+2
| | | | | | | | | | | | | | | SimpleHTTPRequestHandler (GH-104067) (#104119) gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- (cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a) Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* gh-103935: Use `io.open_code()` when executing code in trace and profile ↵Steve Dower2023-04-271-0/+1
| | | | | modules (GH-103947) Co-authored-by: Tian Gao <gaogaotiantian@hotmail.com>
* gh-103262: Fixes Windows installer build to work with latest compilers ↵Steve Dower2023-04-051-0/+1
| | | | (GH-103281)
* Python 3.10.11v3.10.11Pablo Galindo2023-04-0437-64/+359
|
* [3.10] gh-103207: Add instructions to the macOS installer welcome display on ↵Ned Deily2023-04-041-0/+2
| | | | how to workaround the macOS 13 Ventura “The installer encountered an error” failure. (GH-103253)
* [3.10] gh-103112: Add http.client.HTTPResponse.read docstring and fix pydoc ↵Miss Islington (bot)2023-03-291-0/+1
| | | | | | | | | | output (GH-103113) (#103120) (cherry picked from commit d052a383f1a0c599c176a12c73a761ca00436d8b) Co-authored-by: Bernhard Wagner <github.comNotification20120125@xmlizer.net> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> Co-authored-by: Éric <merwok@netwok.org>
* [3.10] GH-87235: Make sure "python /dev/fd/9 9</path/to/script.py" works on ↵Miss Islington (bot)2023-03-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | macOS (GH-99768) (#99817) On macOS all file descriptors for a particular file in /dev/fd share the same file offset, that is ``open("/dev/fd/9", "r")`` behaves more like ``dup(9)`` than a regular open. This causes problems when a user tries to run "/dev/fd/9" as a script because zipimport changes the file offset to try to read a zipfile directory. Therefore change zipimport to reset the file offset after trying to read the zipfile directory. (cherry picked from commit d08fb257698e3475d6f69bb808211d39e344e5b2) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> * Regen zipimport --------- Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
* [3.10] GH-102711: Fix warnings found by clang (GH-102712) (#103076)Miss Islington (bot)2023-03-281-0/+1
| | | | | | | | | | | | | | | | | | | | There are some warnings if build python via clang: Parser/pegen.c:812:31: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] _PyPegen_clear_memo_statistics() ^ void Parser/pegen.c:820:29: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] _PyPegen_get_memo_statistics() ^ void Fix it to make clang happy. (cherry picked from commit 7703def37e4fa7d25c3d23756de8f527daa4e165) Signed-off-by: Chenxi Mao <chenxi.mao@suse.com> Co-authored-by: Chenxi Mao <chenxi.mao@suse.com>
* [3.10] gh-88233: zipfile: handle extras after a zip64 extra (GH-96161) (#102087)Miss Islington (bot)2023-03-281-0/+2
| | | | | | | | | | Previously, any data _after_ the zip64 extra would be removed. With many new tests. Fixes GH-88233 (cherry picked from commit 59e86caca812fc993c5eb7dc8ccd1508ffccba86) Co-authored-by: Tim Hatch <tim@timhatch.com>
* [3.10] gh-101997: Update bundled pip version to 23.0.1 (GH-101998). (#102241)Pradyun Gedam2023-03-281-0/+1
| | | (cherry picked from commit 89d9ff0f48c51a85920c7372a7df4a2204e32ea5)
* [3.10] GH-95494: Fix transport EOF handling in OpenSSL 3.0 (GH-95495) (#103007)Miss Islington (bot)2023-03-271-0/+7
| | | | | | | | | | | | | | | | | | | | | | | GH-25309 enabled SSL_OP_IGNORE_UNEXPECTED_EOF by default, with a comment that it restores OpenSSL 1.1.1 behavior, but this wasn't quite right. That option causes OpenSSL to treat transport EOF as the same as close_notify (i.e. SSL_ERROR_ZERO_RETURN), whereas Python actually has distinct SSLEOFError and SSLZeroReturnError exceptions. (The latter is usually mapped to a zero return from read.) In OpenSSL 1.1.1, the ssl module would raise them for transport EOF and close_notify, respectively. In OpenSSL 3.0, both act like close_notify. Fix this by, instead, just detecting SSL_R_UNEXPECTED_EOF_WHILE_READING and mapping that to the other exception type. There doesn't seem to have been any unit test of this error, so fill in the missing one. This had to be done with the BIO path because it's actually slightly tricky to simulate a transport EOF with Python's fd based APIs. (If you instruct the server to close the socket, it gets confused, probably because the server's SSL object is still referencing the now dead fd?) (cherry picked from commit 420bbb783b43216cc897dc8914851899db37a31d) Co-authored-by: David Benjamin <davidben@google.com>
* gh-102980: Add tests for pdf's display, alias and where commands (GH-102981)Miss Islington (bot)2023-03-241-0/+1
| | | | | (cherry picked from commit ded9a7fc194a1d5c0e38f475a45f8f77dbe9c6bc) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com>
* [3.10] gh-102027: Fix macro name (GH-102124) (#102917)Miss Islington (bot)2023-03-241-0/+2
| | | | | | | | | | gh-102027: Fix macro name (GH-102124) This fixes the ssse3 / sse2 detection when sse4 is available. (cherry picked from commit ea93bde4ece139d4152a59f2c38aa6568559447c) Co-authored-by: Max Bachmann <kontakt@maxbachmann.de> Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
* [3.10] gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers ↵Miss Islington (bot)2023-03-241-0/+1
| | | | | | | | (GH-96932) (#102919) gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers (GH-96932) (cherry picked from commit af9c34f6ef8dceb21871206eb3e4d350f6e3d3dc) Co-authored-by: Benjamin Fogle <benfogle@gmail.com>
* [3.10] gh-102947: Improve traceback when calling `fields()` on a ↵Alex Waygood2023-03-231-0/+2
| | | | non-dataclass (#102948) (#102954)
* gh-94440: Fix issue of ProcessPoolExecutor shutdown hanging (GH-94468)Miss Islington (bot)2023-03-162-0/+3
| | | | | | | | Fix an issue of concurrent.futures ProcessPoolExecutor shutdown hanging. (cherry picked from commit 2dc94634b50f0e5e207787e5ac1d56c68b22c3ae) Co-authored-by: yonatanp <yonatan.perry@gmail.com> Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
* gh-101377: improving test_locale_calendar_formatweekday of calendar (GH-101378)Miss Islington (bot)2023-03-151-0/+1
| | | | | | | | | --------- (cherry picked from commit 5e0865f22eed9f3f3f0e912c4ada196effbd8ce0) Co-authored-by: Andre Hora <andrehora@users.noreply.github.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* [3.10] GH-101673: Fix pdb bug where local variable changes are lost after ↵Irit Katriel2023-03-131-0/+1
| | | | | | | | | longlist (#101674) (#102633) GH-101673: Fix pdb bug where local variable changes are lost after longlist (#101674) (cherry picked from commit 5d677c556f03a34d1c2d86e4cc96025870c20c12) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com>
* GH-102537: Handle check for PYTHONTZPATH failing in zoneinfo test (GH-102538)Miss Islington (bot)2023-03-131-0/+2
| | | | | | | | It is possible but unlikely for the `python_tzpath_context` function to fail between the start of the `try` block and the point where `os.environ.get` succeeds, in which case `old_env` will be undefined. In this case, we want to take no action. Practically speaking this will really only happen in an error condition anyway, so it doesn't really matter, but we should probably do it right anyway. (cherry picked from commit 64bde502cf89963bc7382b03ea9e1c0967d22e35) Co-authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com>
* [3.10] GH-102397: Fix segfault from race condition in signal handling ↵Miss Islington (bot)2023-03-081-0/+2
| | | | | | | | | (GH-102399) (#102527) GH-102397: Fix segfault from race condition in signal handling (GH-102399) (cherry picked from commit 1a84cc007e207f2dd61f86a7fc3d86632fdce72f) Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-102416: Do not memoize incorrectly loop rules in the parser ↵Pablo Galindo Salgado2023-03-061-0/+1
| | | | (GH-102467). (#102474)
* gh-101979: argparse: fix a bug where parentheses in metavar argument of ↵Miss Islington (bot)2023-03-051-0/+2
| | | | | | | add_argument() were dropped (GH-102318) (cherry picked from commit 9a478be1a4314734c697dda7a7b0e633a6fb0751) Co-authored-by: Yeojin Kim <yeojin.dev@gmail.com>
* gh-102356: Add thrashcan macros to filter object dealloc (GH-102426)Miss Islington (bot)2023-03-052-0/+3
| | | | | | Add thrashcan macros to the deallocator of the filter objects to protect against deeply nested destruction of chains of nested filters. (cherry picked from commit 66aa78cbe604a7c5731f074b869f92174a8e3b64) Co-authored-by: Marta Gómez Macías <mgmacias@google.com>
* [3.10] gh-102179: Fix `os.dup2` error reporting for negative fds (GH-102180) ↵Miss Islington (bot)2023-03-041-0/+1
| | | | | | | | | (#102419) * gh-102179: Fix `os.dup2` error reporting for negative fds (GH-102180) (cherry picked from commit c2bd55d26f8eb2850eb9f9026b5d7f0ed1420b65) Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru> Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
* [3.10] gh-101892: Fix `SystemError` when a callable iterator call exhausts ↵Oleg Iarygin2023-03-041-0/+3
| | | | | | | | | | the iterator (GH-101896) (#102422) gh-101892: Fix `SystemError` when a callable iterator call exhausts the iterator (#101896) Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net> (cherry picked from commit 705487c6557c3d8866622b4d32528bf7fc2e4204) Co-authored-by: Raj <51259329+workingpayload@users.noreply.github.com>
* [3.10] GH-102126: fix deadlock at shutdown when clearing thread state… ↵Kumar Aditya2023-03-031-0/+1
| | | | | | (#102235) [3.10] GH-102126: fix deadlock at shutdown when clearing thread states (GH-102222). (cherry picked from commit 5f11478ce7fda826d399530af4c5ca96c592f144)
* [3.10] gh-97786: Fix compiler warnings in pytime.c (GH-101826) (#102150)Mark Dickinson2023-02-261-0/+2
| | | | | | | | | | | | | | * [3.10] gh-97786: Fix compiler warnings in pytime.c (GH-101826) Fixes compiler warnings in pytime.c.. (cherry picked from commit b1b375e2670a58fc37cb4c2629ed73b045159918) Co-authored-by: Mark Dickinson <dickinsm@gmail.com> * Add comment about the casts --------- Co-authored-by: Gregory P. Smith <greg@krypto.org>
* [3.10] gh-85417: Clarify behaviour on branch cuts in cmath module ↵Miss Islington (bot)2023-02-261-0/+1
| | | | | | | | | | | | | (GH-102046) (#102275) gh-85417: Clarify behaviour on branch cuts in cmath module (GH-102046) This PR updates the cmath module documentation to reflect the reality that Python is almost always (and as far as I can tell, that "almost" can be omitted) running on a machine whose C double supports signed zeros. * Removes misleading references to functions being continuous from above / below / the left / the right at branch cuts * Expands the note on branch cuts at the top of the module documentation to explain the double-sided sign-of-zero-based behaviour (cherry picked from commit b513c46d998344dc07eb6d510782c2e23d2b859e) Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
* [3.10] gh-101765: Fix SystemError / segmentation fault in iter `__reduce__` ↵Ionite2023-02-251-0/+1
| | | | | | when internal access of `builtins.__dict__` exhausts the iterator (GH-101769) (#102229) (cherry picked from commit 54dfa14c5a94b893b67a4d9e9e403ff538ce9023)
* [3.10] gh-95675: fix uid and gid at test_add_dir_getmember (gh-102207) ↵Miss Islington (bot)2023-02-251-0/+1
| | | | | | | | (gh-102230) gh-95675: fix uid and gid at test_add_dir_getmember (gh-102207) (cherry picked from commit 56e93c8020e89e1712aa238574bca2076a225028) Co-authored-by: Seonkyo Ok <seonkyo.ok@linecorp.com>
* [3.10] gh-101936: Update the default value of fp from io.StringIO to ↵Miss Islington (bot)2023-02-222-0/+3
| | | | | | | | io.BytesIO (gh-102100) (#102118) gh-101936: Update the default value of fp from io.StringIO to io.BytesIO (gh-102100) (cherry picked from commit 0d4c7fcd4f078708a5ac6499af378ce5ee8eb211) Co-authored-by: Long Vo <long.vo@linecorp.com>
* [3.10] gh-95672 fix typo SkitTest to SkipTest (gh-102119) (gh-102122)Miss Islington (bot)2023-02-221-0/+1
| | | | | | gh-95672 fix typo SkitTest to SkipTest (gh-102119) (cherry picked from commit d5c7954d0c3ff874d2d27d33dcc207bb7356f328) Co-authored-by: HyunKyun Moon <hyunkyun.moon@linecorp.com>
* [3.10] gh-101961 fileinput.hookcompressed should not set the encoding value ↵Miss Islington (bot)2023-02-212-0/+3
| | | | | | | | for the binary mode (gh-102068) (#102099) gh-101961 fileinput.hookcompressed should not set the encoding value for the binary mode (gh-102068) (cherry picked from commit 6f25657b83d7a680a97849490f6e973b3a695e1a) Co-authored-by: Gihwan Kim <gihwan.kim@linecorp.com>
* [3.10] gh-101566: Sync with zipp 3.14. (GH-102018). (GH-102091)Jason R. Coombs2023-02-201-0/+3
| | | | | | | (cherry picked from commit 36854bbb240e417c0df6f0014924fcc899388186) Includes the bugfix only. Automerge-Triggered-By: GH:jaraco
* gh-101967: add a missing error check (GH-101968)Miss Islington (bot)2023-02-181-0/+1
| | | | | (cherry picked from commit 89413bbccb9261b72190e275eefe4b0d49671477) Co-authored-by: Eclips4 <80244920+Eclips4@users.noreply.github.com>
* [3.10] gh-101759: Update Windows installer to SQLite 3.40.1 (GH-101762) ↵Erlend E. Aasland2023-02-101-0/+1
| | | | | (#101792) (cherry picked from commit 5d15224011217487e1a174c144af0e5f5826c17c)
* gh-101517: make bdb avoid looking up in linecache with lineno=None (GH-101787)Miss Islington (bot)2023-02-101-0/+1
| | | | | (cherry picked from commit 366b94905869d680b3f1d4801fb497e78811e511) Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
generated by cgit v0.12 at 2025-04-11 07:25:34 (GMT)