Commit Graph

8620 Commits

Author SHA1 Message Date
William Woodruff 0876b921b2
gh-107361: strengthen default SSL context flags (#112389)
This adds `VERIFY_X509_STRICT` to make the default
SSL context perform stricter (per RFC 5280) validation, as well
as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant
path-building behavior.

As part of this changeset, I had to tweak `make_ssl_certs.py`
slightly to emit 5280-conforming CA certs. This changeset includes
the regenerated certificates after that change.

Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Victor Stinner <vstinner@python.org>
2024-03-06 13:44:58 -08:00
Jason Zhang ce0ae1d784
gh-115957: Close coroutine if TaskGroup.create_task() raises an error (#116009) 2024-03-06 12:20:26 -08:00
Ken Jin 7114cf20c0
gh-116381: Specialize CONTAINS_OP (GH-116385)
* Specialize CONTAINS_OP

* 📜🤖 Added by blurb_it.

* Add PyAPI_FUNC for JIT

---------

Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
2024-03-07 03:30:11 +08:00
Itamar Oren 02ee475ee3
gh-116143: Fix race condition in pydoc _start_server (#116144) 2024-03-06 07:39:51 -07:00
Prince Roshan e800265aa1
gh-107625: configparser: Raise error if a missing value is continued (GH-107651)
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
2024-03-06 14:05:54 +00:00
Serhiy Storchaka bdba8ef42b
gh-74668: Fix support of bytes in urllib.parse.parse_qsl() (GH-115771)
urllib.parse functions parse_qs() and parse_qsl() now support bytes
arguments containing raw and percent-encoded non-ASCII data.
2024-03-05 17:49:50 +02:00
Serhiy Storchaka f97f25ef5d
gh-76511: Fix email.Message.as_string() for non-ASCII message with ASCII charset (GH-116125) 2024-03-05 17:49:01 +02:00
Nikita Sobolev a29998a06b
gh-116325: Raise `SyntaxError` rather than `IndexError` on ForwardRef with empty string arg (#116341) 2024-03-05 09:14:18 +00:00
Brett Cannon 7af063d1d8
GH-116313: get WASI builds to run under wasmtime 18 w/ WASI 0.2/preview2 primitives (#116327)
* GH-116313: get WASI builds to run under wasmtime 18 w/ WASI 0.2/preview2 primitives

* Add the configure changes

* Update `wasm_build.py`
2024-03-05 09:18:53 +01:00
Tobias Rautenkranz 60743a9a7e
gh-57141: Add dircmp shallow option (GH-109499)
Co-authored-by: Steve Ward <planet36@gmail.com>
Co-authored-by: Sanyam Khurana <8039608+CuriousLearner@users.noreply.github.com>
2024-03-04 17:27:43 +00:00
Yuriy Chernyshov 9b9e819b51
gh-116116: Backport blake2 change to fix building with clang-cl on windows-i686 (GH-116117) 2024-03-04 16:59:57 +00:00
pan324 0dfa7ce346
gh-115256: Remove refcycles from tarfile writing (GH-115257) 2024-03-04 13:26:32 +00:00
Gregory P. Smith eda2963378
gh-115398: Increment PyExpat_CAPI_MAGIC for SetReparseDeferralEnabled addition (GH-116301)
* Increment PyExpat_CAPI_MAGIC due to SetReparseDeferralEnabled addition.

This is a followup to git commit
6a95676bb5 from Github PR #115623.

* RESTify news API list.
2024-03-04 10:36:27 +00:00
Erlend E. Aasland 17c4849981
gh-116296: Fix refleak in reduce_newobj() corner case (#116297)
Co-authored-by: Brandt Bucher <brandtbucher@microsoft.com>
2024-03-04 09:46:18 +00:00
Serhiy Storchaka 87faec28c7
gh-115809: Improve TimedRotatingFileHandler.getFilesToDelete() (GH-115812)
Improve algorithm for computing which rolled-over log files to delete
in logging.TimedRotatingFileHandler. It is now reliable for handlers
without namer and with arbitrary deterministic namer that leaves
the datetime part in the file name unmodified.
2024-03-03 09:42:08 +02:00
Marco Trevisan 140d9ec4bc
gh-85644: webbrowser: Use $XDG_CURRENT_DESKTOP to check desktop (GH-21731)
Usage of $GNOME_DESKTOP_SESSION_ID env variable is deprecated since
GNOME 3.30.0 [1], so should not be used, while the standard
XDG_CURRENT_DESKTOP should be instead preferred.

[1] https://gitlab.gnome.org/GNOME/gnome-session/-/commit/00e0e6226371d53f65
2024-03-02 12:48:24 +00:00
Brett Cannon 5dc8c84d39
GH-115978: Disable `*readv()` and `*writev()` on WASI (GH-116228)
Wasmtime doesn't implement these functions in a way to pass test_posix (https://github.com/bytecodealliance/wasmtime/issues/7830).
2024-03-01 16:52:12 -08:00
Rémi Lapeyre b5949eac62
gh-84995: Run sys.__interactivehook__() on asyncio REPL startup (#20517)
This makes the asyncio REPL (`python -m asyncio`) more usable
and similar to the regular REPL.

This exposes register_readline() as a top-level function in site.py,
but it's intentionally undocumented. 

Co-authored-by: Carol Willing <carolcode@willingconsulting.com>
Co-authored-by: Itamar Oren <itamarost@gmail.com>
2024-03-01 11:39:16 -08:00
Nikita Sobolev a7549b03ce
gh-112281: Allow `Union` with unhashable `Annotated` metadata (#112283)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
2024-03-01 16:19:24 +00:00
Serhiy Storchaka fee86fd9a4
gh-88352: Fix logging.TimedRotatingFileHandler (GH-116191)
* Do not overwrite already rolled over files. It happened at midnight or
  during the DST change and caused the loss of data.
* computeRollover() now always return the timestamp larger than the
  specified time.
* Fix computation of the rollover time during the DST change.
2024-03-01 17:50:08 +02:00
Steve Dower 9b7f253b55
gh-115554: Improved logic for handling multiple existing py.exe launcher installs (GH-115793) 2024-03-01 12:58:27 +00:00
Serhiy Storchaka 59167c962e
gh-101293: Fix support of custom callables and types in inspect.Signature.from_callable() (GH-115530)
Support callables with the __call__() method and types with
__new__() and __init__() methods set to class methods, static
methods, bound methods, partial functions, and other types of
methods and descriptors.

Add tests for numerous types of callables and descriptors.
2024-03-01 13:32:16 +02:00
Serhiy Storchaka 0704166f9a
gh-65824: Improve the "less" prompt in pydoc (GH-116050)
Output the line number, the percentage and the help about how to get help
or quit the pager.

Inspired by the GNU man.
2024-03-01 10:03:32 +02:00
Tian Gao 7895a61168
gh-116098: Revert "gh-107674: Improve performance of `sys.settrace` (GH-114986)" (GH-116178)
Revert "gh-107674: Improve performance of `sys.settrace` (GH-114986)"

This reverts commit 0a61e23700.
2024-03-01 07:46:33 +01:00
AN Long ca56c3a172
gh-103092: Add a mutex to make the PRNG state of rotatingtree concurrent-safe (#115301) 2024-03-01 00:04:16 +01:00
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
2024-02-29 14:52:50 -08:00
Malcolm Smith fa1d675309
gh-71052: Fix several Android build issues (#115955)
This change is part of the work on PEP-738: Adding Android as a 
supported platform.

* Remove the "1.0" suffix from libpython's filename on Android, which 
  would prevent Gradle from packaging it into an app. 
* Simplify the build command in the Makefile so that libpython always 
  gets given an SONAME with the `-Wl-h` argument, even if the SONAME is
  identical to the actual filename.
* Disable a number of functions on Android which can be compiled and 
  linked against, but always fail at runtime. As a result, the native
  _multiprocessing module is no longer built for Android.
* gh-115390 (bee7bb331) added some pre-determined results to the 
  configure script for things that can't be autodetected when
  cross-compiling; this change adds Android to these where appropriate.
* Add a couple more pre-determined results for Android, and making them 
  cover iOS as well. This means the --enable-ipv6 configure option will 
  no longer be required on either platform.
2024-02-29 22:58:20 +01:00
Tian Gao ccfc042bbf
gh-87115: Set `__main__.__spec__` to `None` in pdb (#116141) 2024-02-29 21:39:50 +00:00
Malcolm Smith 41d5391c55
gh-71052: Add test exclusions to support running the test suite on Android (#115918) 2024-02-29 22:32:50 +01:00
Erlend E. Aasland dbe44f150c
Docs: mark up NotImplemented using the :data: role throughout the docs (#116135) 2024-02-29 20:46:12 +00:00
Ethan Furman 3ea78fd5bc
gh-115821: [Enum] better error message for calling super().__new__() (GH-116063)
docs now state to not call super().__new__
if super().__new__ is called, a better error message is now used
2024-02-28 15:17:49 -08:00
Weii Wang c43b26d02e
gh-115197: Stop resolving host in urllib.request proxy bypass (GH-115210)
Use of a proxy is intended to defer DNS for the hosts to the proxy itself, rather than a potential for information leak of the host doing DNS resolution itself for any reason.  Proxy bypass lists are strictly name based.  Most implementations of proxy support agree.
2024-02-28 12:15:52 -08:00
Tian Gao 0a61e23700
gh-107674: Improve performance of `sys.settrace` (GH-114986) 2024-02-28 15:21:42 +00:00
Steve Dower 9578288a3e
gh-116012: Preserve GetLastError() across calls to TlsGetValue on Windows (GH-116014) 2024-02-28 13:58:25 +00:00
Jelle Zijlstra ed4dfd8825
gh-105858: Improve AST node constructors (#105880)
Demonstration:

>>> ast.FunctionDef.__annotations__
{'name': <class 'str'>, 'args': <class 'ast.arguments'>, 'body': list[ast.stmt], 'decorator_list': list[ast.expr], 'returns': ast.expr | None, 'type_comment': str | None, 'type_params': list[ast.type_param]}
>>> ast.FunctionDef()
<stdin>:1: DeprecationWarning: FunctionDef.__init__ missing 1 required positional argument: 'name'. This will become an error in Python 3.15.
<stdin>:1: DeprecationWarning: FunctionDef.__init__ missing 1 required positional argument: 'args'. This will become an error in Python 3.15.
<ast.FunctionDef object at 0x101959460>
>>> node = ast.FunctionDef(name="foo", args=ast.arguments())
>>> node.decorator_list
[]
>>> ast.FunctionDef(whatever="you want", name="x", args=ast.arguments())
<stdin>:1: DeprecationWarning: FunctionDef.__init__ got an unexpected keyword argument 'whatever'. Support for arbitrary keyword arguments is deprecated and will be removed in Python 3.15.
<ast.FunctionDef object at 0x1019581f0>
2024-02-27 18:13:03 -08:00
Pierre Ossman (ThinLinc team) 5a1559d949
gh-112997: Don't log arguments in asyncio unless debugging (#115667)
Nothing else in Python generally logs the contents of variables, so this
can be very unexpected for developers and could leak sensitive
information in to terminals and log files.
2024-02-27 17:39:08 -08:00
Pierre Ossman (ThinLinc team) a355f60b03
gh-114914: Avoid keeping dead StreamWriter alive (#115661)
In some cases we might cause a StreamWriter to stay alive even when the
application has dropped all references to it. This prevents us from
doing automatical cleanup, and complaining that the StreamWriter wasn't
properly closed.

Fortunately, the extra reference was never actually used for anything so
we can just drop it.
2024-02-27 17:27:44 -08:00
Miguel Brito 686ec17f50
bpo-43952: Fix multiprocessing Listener authkey bug (GH-25845)
Listener.accept() no longer hangs when authkey is an empty bytes object.
2024-02-27 14:57:59 +00:00
Petr Viktorin af5f9d682c
gh-115720: Show number of leaks in huntrleaks progress reports (GH-115726)
Instead of showing a dot for each iteration, show:
- '.' for zero (on negative) leaks
- number of leaks for 1-9
- 'X' if there are more leaks

This allows more rapid iteration: when bisecting, I don't need
to wait for the final report to see if the test still leaks.

Also, show the full result if there are any non-zero entries.
This shows negative entries, for the unfortunate cases where
a reference is created and cleaned up in different runs.

Test *failure* is still determined by the existing heuristic.
2024-02-27 09:51:17 +01:00
Jérémie Detrey 6087315926
bpo-44865: Fix yet one missing translations in argparse (GH-27668) 2024-02-26 22:05:01 +00:00
Kien Dang de2a73dc46
bpo-45101: Add consistency in usage message IO between 2 versions of python-config (GH-28162)
On --help output to stdout.
On error output to stderr.
2024-02-26 22:04:44 +02:00
Emmanuel Arias da382aaf52
gh-77956: Add the words 'default' and 'version' help text localizable (GH-12711)
Co-authored-by: paul.j3
Co-authored-by: Jérémie Detrey <jdetrey@users.noreply.github.com>
2024-02-26 19:20:39 +00:00
Steve Dower 37a13b9413
gh-115582: Make default PC/pyconfig.h work for free-threaded builds with manual /DPy_GIL_DISABLED (GH-115850) 2024-02-26 19:14:14 +00:00
Serhiy Storchaka 72cff8d8e5
gh-113942: Show functions implemented as builtin methods (GH-115306)
Pydoc no longer skips global functions implemented as builtin methods,
such as MethodDescriptorType and WrapperDescriptorType.
2024-02-26 20:29:49 +02:00
Serhiy Storchaka 68c79d21fa
gh-112006: Fix inspect.unwrap() for types where __wrapped__ is a data descriptor (GH-115540)
This also fixes inspect.Signature.from_callable() for builtins classmethod()
and staticmethod().
2024-02-26 20:07:41 +02:00
Yuriy Chernyshov 96c10c6485
gh-115882: Reference Unknwn.h for ctypes on Windows (GH-115350)
This allows the module to be compiled with WIN32_LEAN_AND_MEAN enabled
2024-02-26 17:21:55 +00:00
Pablo Galindo Salgado 015b97d19a
gh-115823: Calculate correctly error locations when dealing with implicit encodings (#115824) 2024-02-26 12:57:09 +00:00
Alex Waygood 7a3518e43a
gh-115881: Ensure `ast.parse()` parses conditional context managers even with low `feature_version` passed (#115920) 2024-02-26 09:22:09 +00:00
Russell Keith-Magee bee7bb3310
gh-114099: Add configure and Makefile targets to support iOS compilation. (GH-115390) 2024-02-25 20:21:10 -05:00
Raymond Hettinger 6d34eb0e36
gh-115532: Add kernel density estimation to the statistics module (gh-115863) 2024-02-25 17:46:47 -06:00