Commit Graph

114488 Commits

Author SHA1 Message Date
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
2022-09-02 09:35:08 -07:00
Raymond Hettinger 656167db81
Allow whitespace around a slash in fraction string inputs (GH-96496) 2022-09-02 11:10:58 -05:00
Erlend E. Aasland 91f40f3f78
gh-96168: Improve sqlite3 dict_factory example (#96457)
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
2022-09-01 23:47:59 +02:00
Irit Katriel 4c72517cad
gh-93554: Conditional jump opcodes only jump forward (GH-96318) 2022-09-01 21:36:47 +01:00
Irit Katriel a91f25577c
gh-96455: update example in exception_handling_notes.txt to the 3.11RC bytecode (GH-96456) 2022-09-01 14:21:39 +01:00
Irit Katriel 894cafd9a5
gh-93678: apply remove_redundant_jumps in optimize_cfg (GH-96274) 2022-09-01 11:03:52 +01:00
Gregory P. Smith e93d1bda77
gh-96143: subprocess API %s/universal_newlines=/text=/g. (GH-96468)
minor missed test cleanup to use the modern API from the big review.

Automerge-Triggered-By: GH:gpshead
2022-09-01 02:47:40 -07:00
Anh71me 0cd33e11fe
GH-96079 Fix missing field name for _AnnotatedAlias (#96080) 2022-08-31 16:02:24 -07:00
Piotr Kaznowski 615537e62f
gh-96408: Document difference between set-like view and sets. (GH-96439) 2022-08-31 16:23:52 -05:00
Vinay Sajip 29f1b0bb1f
gh-89258: Add a getChildren() method to logging.Logger. (GH-96444)
Co-authored-by: Éric <merwok@netwok.org>
2022-08-31 10:50:29 +01:00
Erlend E. Aasland f7e7bf161a
gh-96414: Inline code examples in sqlite3 docs (#96442) 2022-08-31 07:54:54 +02:00
Dennis Sweeney 8ba22b90ca
gh-95865: Speed up urllib.parse.quote_from_bytes() (GH-95872) 2022-08-30 21:39:51 -04:00
Brandt Bucher 88671a9d69
Remove the binary_subscr_dict_error label (GH-96443) 2022-08-30 15:45:24 -07:00
Filip Łajszczak 02dbb362d3
gh-96408: Test set operation on items dict view. (GH-96438) 2022-08-30 17:43:23 -05:00
Erlend E. Aasland 7b01ce7953
Docs: normalise sqlite3 placeholder how-to heading (#96413) 2022-08-30 22:44:14 +02:00
Pablo Galindo Salgado f49dd54b72
gh-96143: Add some comments and minor fixes missed in the original PR (#96433)
* gh-96132: Add some comments and minor fixes missed in the original PR

* Update Doc/using/cmdline.rst

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
2022-08-30 19:37:22 +01:00
Ezio Melotti 45fd3685aa
Automatically update more GitHub projects. (#94921)
* Automatically update the `asyncio` GitHub project.

* Use a matrix to add issues to projects.

* Remove trailing whitespace.

Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>

Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2022-08-30 20:12:55 +02:00
Alexandru Mărășteanu 0ed778835d
gh-95149: Enhance `http.HTTPStatus` with properties that indicate the HTTP status category (GH-95453) 2022-08-30 11:11:44 -07:00
Kumar Aditya 13c309f110
Fix regeneration of global objects through the Windows build files (GH-96394) 2022-08-30 18:41:27 +01:00
Nikita Sobolev 4217393aee
gh-95987: Fix `repr` of `Any` type subclasses (#96412) 2022-08-30 10:36:16 -07:00
Pablo Galindo Salgado 6d791a9736
gh-96143: Allow Linux perf profiler to see Python calls (GH-96123)
⚠️  ⚠️ Note for reviewers, hackers and fellow systems/low-level/compiler engineers ⚠️ ⚠️ 

If you have a lot of experience with this kind of shenanigans and want to improve the **first** version, **please make a PR against my branch** or **reach out by email** or **suggest code changes directly on GitHub**. 

If you have any **refinements or optimizations** please, wait until the first version is merged before starting hacking or proposing those so we can keep this PR productive.
2022-08-30 10:11:18 -07:00
Mark Shannon 0f733fffe8
GH-95245: Document use of `MANAGED` flags instead of offsets. (GH-96044) 2022-08-30 16:26:08 +01:00
Adrian Garcia Badaracco 07f12b5c15
gh-95337: update TypeVarTuple example (#95338)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
2022-08-30 07:57:03 -07:00
Daniel Giger 22ed5233b7
gh-96349: fix minor performance regression initializing threading.Event (gh-96350) 2022-08-30 21:10:02 +09:00
partev b17aae8bbd
gh-95413: Remove references to deprecated CGI library (#95414) 2022-08-30 13:14:08 +02:00
Tim Burke 860fa35145
Docs: Improve clarity for bytes.hex() (#95257) 2022-08-30 13:09:56 +02:00
da-woods 9625de6fab
Doc: Update Py_TPFLAGS_HAVE_FINALIZE in docs (GH-96273)
It is now deprecated and the docs should reflect that.
2022-08-30 17:31:14 +09:00
Nikita Sobolev 75177358a6
gh-96385: Correctly raise error on `[*T, *V]` substitution (GH-96386) 2022-08-30 10:34:55 +03:00
Matthias Görgens d21d2f0793
gh-46845: clean up unused DK_IXSIZE (GH-96405) 2022-08-30 16:03:30 +09:00
Christian Heimes 2eb9008d72
gh-95853: Improve WASM build script (GH-96389)
- pre-build Emscripten ports and system libraries
- check for broken EMSDK versions
- use EMSDK's node for wasm32-emscripten
- warn when PKG_CONFIG_PATH is set
- add support level information
2022-08-30 07:56:26 +02:00
Christian Heimes d0b3d235db
gh-96320: WASI socket fixes (#96388)
* gh-96320: WASI socket fixes

- ignore missing functions in ``socket.__repr__``
- bundle network files with assets

* blurb
2022-08-30 06:36:11 +02:00
Erlend E. Aasland 6d403e264a
Docs: normalize SQL style in sqlite3 docs (#96403) 2022-08-30 00:50:42 +02:00
Vinay Sajip 6324b135ac
gh-91305: Add a note about DatagramHandler and DNS latency. (GH-96380) 2022-08-29 22:29:22 +01:00
Kumar Aditya e5b2453e61
GH-74116: Allow multiple drain waiters for asyncio.StreamWriter (GH-94705) 2022-08-29 11:31:11 -07:00
Raymond Hettinger 3d180e3ab2
Improve accuracy for Spearman's rank correlation coefficient. (#96392) 2022-08-29 12:19:48 -05:00
Christian Heimes 873554ef84
gh-94682: Build and test with OpenSSL 1.1.1q (gh-94683) 2022-08-29 18:19:15 +02:00
Anthony Sottile 9c2b9348e2
ast.parse: check `feature_version` common case first (GH-94640) 2022-08-29 17:05:24 +03:00
Victor Stinner 026ab6f4e5
Fix Py_INCREF() statistics in limited C API 3.10 (#96120)
In the limited C API with a debug build, Py_INCREF() is implemented
by calling _Py_IncRef() which calls Py_INCREF(). Only call
_Py_INCREF_STAT_INC() once.
2022-08-29 14:55:46 +02:00
Petr Viktorin b2714f05c5
gh-90814: Correct NEWS wording re. optional C11 features (GH-96309)
The previous wording of this entry suggests that CPython
won't work if optional compiler features are enabled.
That's not the case. The change is that we require C11 rather
than C89.

Note that PEP 7 does say "Python 3.11 and newer versions use C11
without optional features." It is correct there: that's
not a guide for users who compile Python, but for CPython devs
who must avoid the features.
2022-08-29 13:10:52 +02:00
Erlend E. Aasland bf9259776d
gh-95432: Add doctests for the sqlite3 docs (#96225)
As a consequence of the added test, this commit also includes
fixes for broken examples.

- Add separate namespace for trace tests bco. module level callback
- Move more backup and cursor examples under separate namespaces
2022-08-29 10:52:39 +02:00
Dong-hee Na af368a7db4
gh-96191: Update the configure file to use GitHub issue (gh-96211) 2022-08-29 14:01:37 +09:00
Raymond Hettinger d8d55d13fc
Prepare private _rank() function to be made public. (#96372) 2022-08-28 23:41:58 -05:00
Nikita Sobolev 675e3470cc
gh-96357: Improve `typing.get_overloads` coverage (#96358) 2022-08-28 17:45:24 -07:00
Nikita Sobolev 1c01bd28a0
gh-95950: Add a test for both `csv.Dialect` and `kwargs` (#95951) 2022-08-28 17:43:32 -07:00
Jonathan Oberländer 3d3a86ed40
GH-96359: Fix docs that claim int(0|1) doesn't match False (GH-96361) 2022-08-28 15:48:51 -07:00
TW 023c51d9d8
gh-69142: add %:z strftime format code (gh-95983)
datetime.isoformat generates the tzoffset with colons, but there
was no format code to make strftime output the same format.

for simplicity and consistency the %:z formatting behaves mostly
as %z, with the exception of adding colons. this includes the
dynamic behaviour of adding seconds and microseconds only when
needed (when not 0).

this fixes the still open "generate" part of this issue:

https://github.com/python/cpython/issues/69142

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
2022-08-28 14:27:42 -07:00
Kirill e860e521ec
gh-90467: StreamReaderProtocol - add strong reference to created task (#96323) 2022-08-27 12:32:01 -07:00
Vinay Sajip 6fbd889d6e
gh-89047: Fix msecs computation so you never end up with 1000 msecs. (GH-96340) 2022-08-27 13:33:24 +01:00
Vinay Sajip 013e659e49
gh-92007: Handle elevation errors in NTEventLogHandler more grace… (GH-96322) 2022-08-27 12:13:19 +01:00
Ansab Gillani 0ace820bec
fixes gh-96292: Fix Trivial Typo in cpython/Modules/atexitmodule.c (#96327) 2022-08-26 22:33:29 -07:00