| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
| |
(GH-95313)
Three test cases were failing on FreeBSD with latest OpenSSL.
(cherry picked from commit 1bc86c26253befa006c0f52eebb6ed633c7d1e5c)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
| |
Co-authored-by: Carter Dodd <carter.dodd@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c8556bcf6c0b05ac46bd74880626a2853e7c99a1)
|
| |
|
|
|
|
|
|
|
| |
(GH-31885) (GH-94124)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
(cherry picked from commit d36954b7ead06daead3dcf9b0dd9f8002eab508f)
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-94094)
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
| |
|
|
|
| |
(cherry picked from commit 2985feac4e02d590bb78bcce9e30864be53280ac)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-93066) (#93148)
Also while there, clarify a few things about why we reduce the hash to 32 bits.
Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c1f5c903a7e4ed27190488f4e33b00d3c3d952e5)
|
| |
|
|
|
|
|
|
|
| |
(#92333)
(cherry picked from commit c908dc5b4798c311981bd7e1f7d92fb623ee448b)
Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-32241) (GH-32250)
(cherry picked from commit 6066739ff7794e54c98c08b953a699cbc961cd28)
Co-authored-by: Zachary Ware <zach@python.org>
|
| |
|
|
|
|
|
|
| |
(GH-92605)
(cherry picked from commit 45e1721d100bab09510ccf9da49f14ca5cc268f4)
Co-authored-by: Dong-hee Na <donghee.na@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gh-91888: Add a :gh: role to the documentation (GH-91889).
* [3.8] gh-91888: add a `:gh:` role to the documentation (GH-91889)
* Add a new :gh:`...` role for GitHub issues.
* Fix a GitHub id to use the :gh: role.
* Add Misc/NEWS entry.
* Refactoring and rephrasing.
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>.
(cherry picked from commit f7641a2ffec243e5f600028a84debe9028a9ee44)
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
* Fix use of the default role in NEWS entry
|
| |
|
|
|
| |
(GH-32109)
Co-authored-by: Ned Deily <nad@python.org>
|
| | |
|
| |
|
|
|
|
|
| |
OpenSSL 1.1.1n. (GH-31912)
* bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.
* Revert inadvertent sqlite downgrade
|
| |
|
|
|
| |
(cherry picked from commit d87f1b787ed38dfd307d82452f2efe9dc5b93942)
Co-authored-by: Pradyun Gedam <pgedam@bloomberg.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
recent versions of clang. (GH-28845) (GH-31889)
Change the configure logic to function properly on macOS when the compiler
outputs a platform triplet for option --print-multiarch.
The Apple Clang included with Xcode 13.3 now supports --print-multiarch
causing configure to fail without this change.
Co-authored-by: Ned Deily <nad@python.org>
(cherry picked from commit 9c4766772cda67648184f8ddba546a5fc0167f91)
Co-authored-by: David Bohman <debohman@gmail.com>
Automerge-Triggered-By: GH:ned-deily
(cherry picked from commit 9901d153c201d852d27dc9d3074e283c26468f6d)
Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-31419)
The libexpat 2.4.1 upgrade from introduced the following new exported symbols:
* `testingAccountingGetCountBytesDirect`
* `testingAccountingGetCountBytesIndirect`
* `unsignedCharToPrintable`
* `XML_SetBillionLaughsAttackProtectionActivationThreshold`
* `XML_SetBillionLaughsAttackProtectionMaximumAmplification`
We need to adjust [Modules/expat/pyexpatns.h](https://github.com/python/cpython/blob/master/Modules/expat/pyexpatns.h)
(The newer libexpat upgrade has no new symbols).
Automerge-Triggered-By: GH:gpshead
(cherry picked from commit 6312c1052c0186b4596fc45c42fd3ade9f8f5911)
Co-authored-by: Yilei "Dolee" Yang <yileiyang@google.com>
|
| |
|
|
| |
and CVE-2019-12900 (GH-31732) (GH-31734)
|
| |
|
|
| |
uses the install path during repair (GH-31729)
|
| |
|
|
|
| |
(cherry picked from commit 176835c3d5c70f4c1b152cc2062b549144e37094)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI "example.org/foobar"
was allowed if the user was authorized for URI "example.org/foo".
(cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 1935e1cc284942bec8006287c939e295e1a7bf13)
Co-authored-by: Dong-hee Na <donghee.na@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating
XML parsers have the right to reject them a invalid URIs.
libexpat >=2.4.5 has become strcter in that regard due to
related security issues; with ET.XML instantiating a
namespace-aware parser under the hood, this test has no
future in CPython.
References:
- https://datatracker.ietf.org/doc/html/rfc3968
- https://www.w3.org/TR/xml-names/
Also, test_minidom.py: Support Expat >=2.4.5
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
|
| |
|
| |
Co-authored-by: Cyril Jouve <jv.cyril@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit ee2549c2ba8bae00f2b2fea8a39c6dfbd1d06520)
Co-authored-by: Julien Palard <julien@palard.fr>
|
| |
|
|
|
| |
(cherry picked from commit 6fb62b42f4db56ed5efe0ca4c1059049276c1083)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
| |
importlib_metadata 4.10.1) (GH-30803). (#30829)
(cherry picked from commit 51c3e28c8a163e58dc753765e3cc51d5a717e70d)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
|
| |
|
|
|
|
|
|
|
| |
(GH-29279)
when using the Tk 8.6.11 provided by python.org macOS installers.
Patch by Marc Culler of the Tk project.
(cherry picked from commit be8318be05e1a874215fa75b8845ede74b2c69b6)
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-28978)
Fix the os.set_inheritable() function on FreeBSD 14 for file
descriptor opened with the O_PATH flag: ignore the EBADF error on
ioctl(), fallback on the fcntl() implementation.
(cherry picked from commit c24896c0e3b32c8a9f614ef51366007b67d5c665)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
| |
Fix test_readline.test_nonascii(): sometimes, the newline character
is not written at the end, so don't expect it in the output.
(cherry picked from commit 797c8eb9ef511f0c25f10a453b35c4d2fe383c30)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
| |
building (GH-28393) (GH-28622)
(cherry picked from commit f4b94b1f57827083990272b5f282aa1493ae2bf4)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| | |
|
| |
|
|
|
|
|
| |
(GH-28059)
(cherry picked from commit 94b2639fad50d7ff8acd12c11e5fe5f9a6e1da5c)
Co-authored-by: Ned Deily <nad@python.org>
|
| |
|
|
|
|
|
|
| |
when built on older macOS systems (GH-27251) (GH-28054)
Previously, when built on older macOS systems, `find_library` was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.
(cherry picked from commit 71853a73024a98aa38a3c0444fe364dbd9709134)
Co-authored-by: Tobias Bergkvist <tobias@bergkv.ist>
|
| |
|
|
|
|
|
|
| |
(GH-28041)
(cherry picked from commit d3bdbbf9a4352a24fc2bfc7a63a024b244b61aba)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
| |
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 0897253f426068ea6a6fbe0ada01689af9ef1019)
Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
is most used on Windows and macOS.
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
| |
pydoc (GH-23200) (GH-28026)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c9227df5a9d8e958a2324cf0deba8524d1ded26a)
Co-authored-by: E-Paine <63801254+E-Paine@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-27946) (GH-27974)
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.
The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.
In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.
Here's a minimal example:
$ python
Python 3.9.6 (default, Jun 30 2021, 10:22:16)
[GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import email.utils
>>> email.utils.parsedate('foo')
>>> email.utils.parsedate(' ')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
t = parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
res = _parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
if data[0].endswith(',') or data[0].lower() in _daynames:
IndexError: list index out of range
The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit 989f6a3800f06b2bd31cfef7c3269a443ad94fac)
Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
|
| |
|
|
| |
(GH-27825)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-25099) (GH-27801)
Reverts commit e653d4d8e820a7a004ad399530af0135b45db27a and makes
parsing even more strict. Like socket.inet_pton() any leading zero
is now treated as invalid input.
Signed-off-by: Christian Heimes <christian@python.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
| |
|
|
|
|
|
| |
objects (GH-27678) (GH-27721)
(cherry picked from commit bfc2d5a5c4550ab3a2fadeb9459b4bd948ff61a2)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| | |
|
| |
|
|
|
|
|
| |
__build_class__ (GH-27647) (GH-27652)
(cherry picked from commit a40675c659cd8c0699f85ee9ac31660f93f8c2f5)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
| |
(#27276)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 64f54b7ccd49764b0304e076bfd79b5482988f53)
Co-authored-by: andrei kulakov <andrei.avk@gmail.com>
|
| | |
|
| |
|
|
|
|
|
| |
pathlib.Path object (GH-25964). (GH-26056)
(cherry picked from commit e9d7f88d5643f7e6387bf994c130503766d7eb92)
Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
|
| |
|
|
| |
extension modules (GH-26025) (#26028)
|
| |
|
|
|
|
|
|
|
|
| |
Continue (GH-25916) (#25933)
Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit 47895e31b6f626bc6ce47d175fe9d43c1098909d)
Co-authored-by: Gen Xu <xgbarry@gmail.com>
|
