Commit Graph

2786 Commits

Author SHA1 Message Date
toonarmycaptain dd117c33a8 Update 3.9.0a2.rst - correct small typos (GH-17665)
Small typo/formatting corrections.
`whethen` -> `whether` 
`exaustion' -> `exhaustion`
Assorted appending periods `.` and slight reformattings to place `Path contributed by` on the same line as description, matching the majority of document.

NB Some of these might need to be backported, as I saw the first error in the [changelog for 3.8.1](https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1)
2019-12-25 03:25:36 -08:00
Andrew Svetlov 025eeaa196
Fix import path for asyncio.TimeoutError (#17691) 2019-12-24 12:46:42 +02:00
Jürgen Gmach 9f9dac0a4e bpo-38914 Do not require email field in setup.py. (GH-17388)
When checking `setup.py` and when the `author` field was provided, but
the `author_email` field was missing, erroneously a warning message was
displayed that the `author_email` field is required.

The specs do not require the `author_email`field:
https://packaging.python.org/specifications/core-metadata/#author

The same is valid for `maintainer` and `maintainer_email`.

The warning message has been adjusted.

modified:   Doc/distutils/examples.rst
modified:   Lib/distutils/command/check.py


https://bugs.python.org/issue38914
2019-12-23 06:53:18 -08:00
Bar Harel eae87e3e4e bpo-38878: Fix os.PathLike __subclasshook__ (GH-17336)
Quick subclasshook fix using the same method is being used in collections.abc (up to a certain degree).
2019-12-22 09:57:27 +00:00
Parth Sharma f522a6ddb6 bpo-38918: Add __module__ entry for function & method type in inspect docs table (GH-17408)
Adds` __module__ ` entries for function & method types in inspect docs table.





https://bugs.python.org/issue38918
2019-12-20 11:18:33 -08:00
Łukasz Langa 6202d856d6
Python 3.9.0a2 2019-12-18 22:09:19 +01:00
Victor Stinner 673c39331f
bpo-38546: Fix concurrent.futures test_ressources_gced_in_workers() (GH-17652)
Fix test_ressources_gced_in_workers() of test_concurrent_futures:
explicitly stop the manager to prevent leaking a child process
running in the background after the test completes.
2019-12-18 15:50:04 +01:00
Sebastian Berg 75bb07e92b bpo-39028: Performance enhancement in keyword extraction (GH-17576)
All keywords should first be checked for pointer identity. Only
after that failed for all keywords (unlikely) should unicode
equality be used.
The original code would call unicode equality on any non-matching
keyword argument. Meaning calling it often e.g. when a function
has many kwargs but only the last one is provided.
2019-12-18 15:51:22 +09:00
Lysandros Nikolaou 50d4f12958 bpo-39080: Starred Expression's column offset fix when inside a CALL (GH-17645)
Co-Authored-By: Pablo Galindo <Pablogsal@gmail.com>
2019-12-18 00:20:55 +00:00
Anthony Shaw 9e36589d49 bpo-36500: Add --regen option to PCbuild/build.bat so Windows users can regen grammar, opcodes, tokens and symbols (GH-12654) 2019-12-17 13:21:20 -08:00
Victor Stinner 9707e8e22d
bpo-38546: multiprocessing tests stop the resource tracker (GH-17641)
Multiprocessing and concurrent.futures tests now stop the resource
tracker process when tests complete.

Add ResourceTracker._stop() method to
multiprocessing.resource_tracker.

Add _cleanup_tests() helper function to multiprocessing.util: share
code between multiprocessing and concurrent.futures tests.
2019-12-17 18:37:26 +01:00
Victor Stinner 630c8df5cf
bpo-38858: Small integer per interpreter (GH-17315)
Each Python subinterpreter now has its own "small integer
singletons": numbers in [-5; 257] range.

It is no longer possible to change the number of small integers at
build time by overriding NSMALLNEGINTS and NSMALLPOSINTS macros:
macros should now be modified manually in pycore_pystate.h header
file.

For now, continue to share _PyLong_Zero and _PyLong_One singletons
between all subinterpreters.
2019-12-17 13:02:18 +01:00
Batuhan Taşkaya 814d687c7d bpo-38348: Extend command line options of ast parsing tool (GH-16540)
Add -i and --indent (indentation level), and --no-type-comments
(type comments) command line options to ast parsing tool.
2019-12-16 19:23:27 +01:00
Toke Høiland-Jørgensen 092435e932 bpo-38811: Check for presence of os.link method in pathlib (GH-17225)
Commit 6b5b013bcc ("bpo-26978: Implement pathlib.Path.link_to (Using
os.link) (GH-12990)") introduced a new link_to method in pathlib. However,
this makes pathlib crash when the 'os' module is missing a 'link' method.

Fix this by checking for the presence of the 'link' method on pathlib
module import, and if it's not present, turn it into a runtime error like
those emitted when there is no lchmod() or symlink().

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
2019-12-16 13:23:55 +01:00
Xtreak 79f02fee1a bpo-39033: Fix NameError in zipimport during hash validation (GH-17588)
Patch by Karthikeyan Singaravelan.
2019-12-16 09:34:12 +10:00
Batuhan Taşkaya cb8b946ac1 bpo-38629: implement __floor__ and __ceil__ for float type (GH-16985) 2019-12-15 23:00:28 +01:00
Michael Felt 39afa2d314 bpo-38021: Modify AIX platform_tag so it covers PEP 425 needs (GH-17303)
Provides a richer platform tag for AIX that we expect to be sufficient for PEP 425
binary distribution identification. Any backports to earlier Python versions will be
handled via setuptools.

Patch by Michael Felt.
2019-12-16 00:17:53 +10:00
Xtreak 8289e27393 bpo-36406: Handle namespace packages in doctest (GH-12520) 2019-12-13 10:06:53 -08:00
Lysandros Nikolaou 025a602af7 bpo-39031: Include elif keyword when producing lineno/col-offset info for if_stmt (GH-17582)
When parsing an "elif" node, lineno and col_offset of the node now point to the "elif" keyword and not to its condition, making it consistent with the "if" node.


https://bugs.python.org/issue39031



Automerge-Triggered-By: @pablogsal
2019-12-12 13:40:21 -08:00
Victor Stinner 0d63bacefd
bpo-38614: Use test.support.SHORT_TIMEOUT constant (GH-17566)
Replace hardcoded timeout constants in tests with SHORT_TIMEOUT of
test.support, so it's easier to ajdust this timeout for all tests at
once.

SHORT_TIMEOUT is 30 seconds by default, but it can be longer
depending on --timeout command line option.

The change makes almost all timeouts longer, except
test_reap_children() of test_support which is made 2x shorter:
SHORT_TIMEOUT should be enough. If this test starts to fail,
LONG_TIMEOUT should be used instead.

Uniformize also "from test import support" import in some test files.
2019-12-11 11:30:03 +01:00
Jason R. Coombs b7a0109cd2
bpo-39022, bpo-38594: Sync with importlib_metadata 1.3 (GH-17568)
* bpo-39022, bpo-38594: Sync with importlib_metadata 1.3 including improved docs for custom finders and better serialization support in EntryPoints.

* 📜🤖 Added by blurb_it.

* Correct module reference
2019-12-10 20:05:10 -05:00
Victor Stinner 07871b256c
bpo-38614: Use test.support.LOOPBACK_TIMEOUT constant (GH-17554)
Replace hardcoded timeout constants in tests with LOOPBACK_TIMEOUT of
test.support, so it's easier to ajdust this timeout for all tests at
once.
2019-12-10 20:32:59 +01:00
Pablo Galindo 680068c288
Minor fixes to the NEWS entries (GH-17556) 2019-12-10 16:09:58 +00:00
JohnnyNajera bbc4162baf bpo-38943: Fix IDLE autocomplete window not always appearing (GH-17416)
This has happened on some versions of Ubuntu.
2019-12-09 19:30:01 -05:00
JohnnyNajera 232689b40d bpo-38944: Escape key now closes IDLE completion windows. (GH-17419) 2019-12-09 18:22:16 -05:00
Steve Dower ee17e37356
bpo-39007: Add auditing events to functions in winreg (GH-17541)
Also allows winreg.CloseKey() to accept same types as other functions.
2019-12-09 11:18:12 -08:00
Steve Dower b8cbe74c34
bpo-39008: Require Py_ssize_t for PySys_Audit formats rather than raise a deprecation warning (GH-17540) 2019-12-09 11:05:39 -08:00
Tim Gates c18b805ac6 bpo-39002: Fix simple typo: tranlation -> translation (GH-17517) 2019-12-09 09:42:17 -08:00
Victor Stinner a1a99b4bb7
bpo-20443: No longer make sys.argv[0] absolute for script (GH-17534)
In Python 3.9.0a1, sys.argv[0] was made an asolute path if a filename
was specified on the command line. Revert this change, since most
users expect sys.argv to be unmodified.
2019-12-09 17:34:02 +01:00
Yury Selivanov d219cc4180 bpo-34776: Fix dataclasses to support __future__ "annotations" mode (#9518) 2019-12-09 15:54:20 +01:00
Mark Dickinson bba873e633
bpo-38992: avoid fsum test failure from constant-folding (GH-17513)
* Issue 38992: avoid fsum test failure

* Add NEWS entry
2019-12-09 08:36:34 -06:00
Kyle Stanley ab513a38c9 bpo-37228: Fix loop.create_datagram_endpoint()'s usage of SO_REUSEADDR (#17311) 2019-12-09 15:21:10 +01:00
Victor Stinner 82b4950b5e
bpo-39006: Fix asyncio when the ssl module is missing (GH-17524)
Fix asyncio when the ssl module is missing: only check for
ssl.SSLSocket instance if the ssl module is available.
2019-12-09 15:02:03 +01:00
Victor Stinner 0131aba5ae
bpo-38916: array.array: remove fromstring() and tostring() (GH-17487)
array.array: Remove tostring() and fromstring() methods.  They were
aliases to tobytes() and frombytes(), deprecated since Python 3.2.
2019-12-09 14:09:14 +01:00
Victor Stinner a1838ec259
bpo-38547: Fix test_pty if the process is the session leader (GH-17519)
Fix test_pty: if the process is the session leader, closing the
master file descriptor raises a SIGHUP signal: simply ignore SIGHUP
when running the tests.
2019-12-09 11:57:05 +01:00
Batuhan Taşkaya 109fc2792a bpo-38673: dont switch to ps2 if the line starts with comment or whitespace (GH-17421)
https://bugs.python.org/issue38673
2019-12-08 20:36:27 -08:00
Abhilash Raj 3ae4ea1931
bpo-38708: email: Fix a potential IndexError when parsing Message-ID (GH-17504)
Fix a potential IndexError when passing an empty value to the message-id
parser. Instead, HeaderParseError should be raised.
2019-12-08 17:37:34 -08:00
Abhilash Raj 68157da8b4
bpo-38698: Add a new InvalidMessageID token to email header parser. (GH-17503)
This adds a new InvalidMessageID token to the email header parser which can be
used to represent invalid message-id headers in the parse tree.
2019-12-08 17:35:38 -08:00
Batuhan Taşkaya 526606baf7 bpo-38994: Implement __class_getitem__ for PathLike (GH-17498)
https://bugs.python.org/issue38994
2019-12-08 12:31:15 -08:00
Elena Oat cd90a52983 bpo-38669: patch.object now raises a helpful error (GH17034)
This means a clearer message is now shown when patch.object is called with two string arguments, rather than a class and a string argument.
2019-12-08 20:14:38 +00:00
AMIR 28c91631c2 bpo-38979: fix ContextVar "__class_getitem__" method (GH-17497)
now contextvars.ContextVar "__class_getitem__" method returns ContextVar class, not None. 


https://bugs.python.org/issue38979



Automerge-Triggered-By: @asvetlov
2019-12-08 03:35:59 -08:00
xdegaye 00ada2c1d5 bpo-38852: Set thread stack size to 8 Mb for debug builds on android platforms (GH-17337) 2019-12-08 08:40:14 +01:00
Victor Stinner 6cac113666
bpo-38991: Remove test.support.strip_python_stderr() (GH-17490)
test.support: run_python_until_end(), assert_python_ok() and
assert_python_failure() functions no longer strip whitespaces from
stderr.
2019-12-08 08:38:16 +01:00
Christian Heimes 2b7de6696b bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190)
test_openssl_version now accepts version 3.0.0.

getpeercert() no longer returns IPv6 addresses with a trailing new line.

Signed-off-by: Christian Heimes <christian@python.org>


https://bugs.python.org/issue38820
2019-12-07 08:59:36 -08:00
idomic 892f9e0777 bpo-37404: Raising value error if an SSLSocket is passed to asyncio functions (GH-16457)
https://bugs.python.org/issue37404
2019-12-07 03:52:35 -08:00
Andrew Svetlov 969ae7aca8
Make repr of C accelerated TaskWakeupMethWrapper the same as of pure Python version (GH-17484) 2019-12-07 13:23:21 +02:00
Andrew Svetlov 7ddcd0caa4
bpo-38529: Fix asyncio stream warning (GH-17474) 2019-12-07 13:22:00 +02:00
Batuhan Taşkaya dec367261e bpo-38978: Implement __class_getitem__ for asyncio objects (GH-17491)
https://bugs.python.org/issue38978
2019-12-07 03:05:07 -08:00
Benoit Hudson 723f71abf7 bpo-37931: Fix crash on OSX re-initializing os.environ (GH-15428)
On most platforms, the `environ` symbol is accessible everywhere.

In a dylib on OSX, it's not easily accessible, you need to find it with
_NSGetEnviron.

The code was caching the *value* of environ. But a setenv() can change the value,
leaving garbage at the old value. Fix: don't cache the value of environ, just
read it every time.
2019-12-06 20:15:03 +01:00
Victor Stinner e76ee1a72b
bpo-38982: Fix asyncio PidfdChildWatcher on waitpid() error (GH-17477)
If waitpid() is called elsewhere, waitpid() call fails with
ChildProcessError: use return code 255 in this case, and log a
warning. It ensure that the pidfd file descriptor is closed if this
error occurs.
2019-12-06 16:32:41 +01:00
Mario Corchero b64334cb93 bpo-36820: Break unnecessary cycle in socket.py, codeop.py and dyld.py (GH-13135)
Break cycle generated when saving an exception in socket.py, codeop.py and dyld.py as they keep alive not only the exception but user objects through the ``__traceback__`` attribute.


https://bugs.python.org/issue36820



Automerge-Triggered-By: @pablogsal
2019-12-06 06:27:38 -08:00
wim glenn efefe25443 bpo-27413: json.tool: Add --no-ensure-ascii option. (GH-17472) 2019-12-06 15:44:01 +09:00
Claudiu Popa bb815499af bpo-38698: Prevent UnboundLocalError to pop up in parse_message_id (GH-17277)
parse_message_id() was improperly using a token defined inside an exception
handler, which was raising `UnboundLocalError` on parsing an invalid value.




https://bugs.python.org/issue38698
2019-12-04 19:14:26 -08:00
Victor Stinner 8b787964e0
bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 (GH-17467)
Use the "volatile" keyword to prevent tail call optimization
on any compiler, rather than relying on compiler specific pragma.
2019-12-04 21:10:06 +01:00
serge-sans-paille 7105319ada bpo-38634: Allow non-apple build to cope with libedit (GH-16986)
The readline module now detects if Python is linked to libedit at runtime
on all platforms.  Previously, the check was only done on macOS.

If Python is used as a library by a binary linking to libedit, the linker
resolves the rl_initialize symbol required by the readline module against
libedit instead of libreadline, which leads to a segfault.

Take advantage of the existing supporting code to have readline module being
compatible with both situations.
2019-12-04 17:02:57 +01:00
Inada Naoki 808769f3a4
bpo-33684: json.tool: Use utf-8 for infile and outfile. (GH-17460) 2019-12-04 18:39:31 +09:00
Daniel Himmelstein 03257949bc bpo-29636: Add --(no-)indent arguments to json.tool (GH-345) 2019-12-04 15:15:19 +09:00
Matthew Rollings a62ad4730c bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (#17418) 2019-12-02 14:25:21 -08:00
Daniel Hillier 8d62df60d8 bpo-37523: Raise ValueError for I/O operations on a closed zipfile.ZipExtFile. (GH-14658)
Raises ValueError when calling the following on a closed zipfile.ZipExtFile: read, readable, seek, seekable, tell.
2019-11-30 10:30:47 +02:00
Steve Dower bea33f5e1d
bpo-38920: Add audit hooks for when sys.excepthook and sys.unraisable hooks are invoked (GH-17392)
Also fixes some potential segfaults in unraisable hook handling.
2019-11-28 08:46:11 -08:00
Tzu-ping Chung d9aa216d49 bpo-38927: Use python -m pip to upgrade venv deps (GH-17403)
I suggest you add `bpo-NNNNN: ` as a prefix for the first commit for future PRs. Thanks!
2019-11-27 20:25:23 +00:00
Tzu-ping Chung 045d4e243d bpo-38928: Fix versionadded for venv's upgrade_deps function (GH-17404) 2019-11-27 20:21:48 +00:00
Inada Naoki ea9835c5d1
bpo-26730: Fix SpooledTemporaryFile data corruption (GH-17400)
SpooledTemporaryFile.rollback() might cause data corruption
when it is in text mode.

Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
2019-11-27 22:22:06 +09:00
Bruno P. Kinoshita 9bbcbc9f6d bpo-38688, shutil.copytree: consume iterator and create list of entries to prevent infinite recursion (GH-17098) 2019-11-27 09:10:37 +08:00
Steve Dower c7c01ab1e5
bpo-38922: Raise code.__new__ audit event when code object replace() is called (GH-17394) 2019-11-26 16:27:50 -08:00
HongWeipeng 0b41a922f9 bpo-38045: Improve the performance of _decompose() in enum.py (GH-16483)
* Improve the performance of _decompose() in enum.py

Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com>
2019-11-26 14:36:02 -08:00
Terry Jan Reedy e563a155be bpo-38892: Improve docs for audit event (GH-17361) 2019-11-26 09:07:48 -08:00
Karl Dubost bc441ed7c1 bpo-22377: Fixes documentation for %Z in datetime (GH-16507)
This fixes the issue discussed in https://bugs.python.org/issue22377
and fixes it according to the comments made by Paul Ganssle @pganssle

* It clarifies which values are acceptable in the table
* It extends the note with a clearer information on the valid values


https://bugs.python.org/issue22377
2019-11-26 08:38:41 -08:00
HongWeipeng 036fe85bd3 bpo-27145: small_ints[x] could be returned in long_add and long_sub (GH-15716) 2019-11-26 16:54:49 +09:00
Brandt Bucher 6dd9b64770 bpo-38328: Speed up the creation time of constant list and set display. (GH-17114) 2019-11-26 15:16:53 +09:00
Stefan Behnel c6a7bdb356
bpo-20928: support base-URL and recursive includes in etree.ElementInclude (#5723)
* bpo-20928: bring elementtree's XInclude support en-par with the implementation in lxml by adding support for recursive includes and a base-URL.

* bpo-20928: Support xincluding the same file multiple times, just not recursively.

* bpo-20928: Add 'max_depth' parameter to xinclude that limits the maximum recursion depth to 6 by default.

* Add news entry for updated ElementInclude support
2019-11-25 16:36:25 +01:00
Pablo Galindo 27fc3b6f3f
bpo-38870: Expose a function to unparse an ast object in the ast module (GH-17302)
Add ast.unparse() as a function in the ast module that can be used to unparse an
ast.AST object and produce a string with code that would produce an equivalent ast.AST
object when parsed.
2019-11-24 23:02:40 +00:00
Terry Jan Reedy 6bf644ec82
bpo-38862: IDLE Strip Trailing Whitespace fixes end newlines (GH-17366)
Extra newlines are removed at the end of non-shell files. If the file only has newlines after stripping other trailing whitespace, all are removed, as is done by patchcheck.py.
2019-11-24 16:29:29 -05:00
Claudiu Popa 6f03b236c1 bpo-38876: Raise pickle.UnpicklingError when loading an item from memo for invalid input (GH-17335)
The previous code was raising a `KeyError` for both the Python and C implementation.
This was caused by the specified index of an invalid input which did not exist
in the memo structure, where the pickle stores what objects it has seen.
The malformed input would have caused either a `BINGET` or `LONG_BINGET` load
from the memo, leading to a `KeyError` as the determined index was bogus.

https://bugs.python.org/issue38876



https://bugs.python.org/issue38876
2019-11-24 11:15:08 -08:00
Zac Hatfield-Dodds 665ad3dfa9 Better runtime TypedDict (GH-17214)
This patch enables downstream projects inspecting a TypedDict subclass at runtime to tell which keys are optional.

This is essential for generating test data with Hypothesis or validating inputs with typeguard or pydantic.
2019-11-24 10:48:48 +00:00
Raymond Hettinger 041d8b48a2
bpo-38881: choices() raises ValueError when all weights are zero (GH-17362) 2019-11-23 02:22:13 -08:00
Brett Cannon 84b1ff6560 bpo-38899: virtual environment activation for fish should use `source` (GH-17359)
The previously documented use of `.` is considered deprecated (https://fishshell.com/docs/current/commands.html#source).


https://bugs.python.org/issue38899



Automerge-Triggered-By: @brettcannon
2019-11-22 23:32:27 -08:00
Victor Stinner d68b592dd6
bpo-38896: Remove PyUnicode_ClearFreeList() function (GH-17354)
Remove PyUnicode_ClearFreeList() function: the Unicode free list has
been removed in Python 3.3.
2019-11-23 02:30:32 +01:00
PypeBros 14a89c4798 bpo-38686: fix HTTP Digest handling in request.py (#17045)
* fix HTTP Digest handling in request.py

There is a bug triggered when server replies to a request with `WWW-Authenticate: Digest` where `qop="auth,auth-int"` rather than mere `qop="auth"`. Having both `auth` and `auth-int` is legitimate according to the `qop-options` rule in §3.2.1 of [[https://www.ietf.org/rfc/rfc2617.txt|RFC 2617]]:
>      qop-options       = "qop" "=" <"> 1#qop-value <">
>      qop-value         = "auth" | "auth-int" | token
> **qop-options**: [...] If present, it is a quoted string **of one or more** tokens indicating the "quality of protection" values supported by the server.  The value `"auth"` indicates authentication; the value `"auth-int"` indicates authentication with integrity protection

This is description confirmed by the definition of the [//n//]`#`[//m//]//rule// extended-BNF pattern defined in §2.1 of [[https://www.ietf.org/rfc/rfc2616.txt|RFC 2616]] as 'a comma-separated list of //rule// with at least //n// and at most //m// items'.

When this reply is parsed by `get_authorization`, request.py only tests for identity with `'auth'`, failing to recognize it as one of the supported modes the server announced, and claims that `"qop 'auth,auth-int' is not supported"`.

* 📜🤖 Added by blurb_it.

* bpo-38686 review fix: remember why.

* fix trailing space in Lib/urllib/request.py

Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com>
2019-11-22 15:19:08 -08:00
bcaller 1b779bfb85 bpo-38804: Fix REDoS in http.cookiejar (GH-17157)
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).

LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.

The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to

    \d+-\w+-\d+(\s*\s*\s*)$

Therefore, a long sequence of spaces can trigger bad performance.

Matching a malicious string such as

    LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")

caused catastrophic backtracking.

The fix removes ambiguity about which \s* should match a particular
space.

You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.

    from http.server import BaseHTTPRequestHandler, HTTPServer

    def make_set_cookie_value(n_spaces):
        spaces = " " * n_spaces
        expiry = f"1-c-1{spaces}!"
        return f"b;Expires={expiry}"

    class Handler(BaseHTTPRequestHandler):
        def do_GET(self):
            self.log_request(204)
            self.send_response_only(204)  # Don't bother sending Server and Date
            n_spaces = (
                int(self.path[1:])  # Can GET e.g. /100 to test shorter sequences
                if len(self.path) > 1 else
                65506  # Max header line length 65536
            )
            value = make_set_cookie_value(n_spaces)
            for i in range(99):  # Not necessary, but we can have up to 100 header lines
                self.send_header("Set-Cookie", value)
            self.end_headers()

    if __name__ == "__main__":
        HTTPServer(("", 44020), Handler).serve_forever()

This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.

Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :

    import http.cookiejar, urllib.request
    cj = http.cookiejar.CookieJar()
    opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
    r = opener.open("http://localhost:44020/")

The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):

    import requests
    requests.get("http://localhost:44020/")

* Regression test for http.cookiejar REDoS

If we regress, this test will take a very long time.

* Improve performance of http.cookiejar.ISO_DATE_RE

A string like

"444444" + (" " * 2000) + "A"

could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.
2019-11-22 15:22:11 +01:00
Siwon Kang 91daa9d722 bpo-38863: Improve is_cgi() in http.server (GH-17312)
is_cgi() function of http.server library does not currently handle a
cgi script if one of the cgi_directories is located at the
sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler
class separates given path into (dir, rest) based on the first seen
'/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided
into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub'
exists in cgi_directories = [..., '/sub/dir/cgi-bin'].
This patch makes the is_cgi() keep expanding dir part to the next '/'
then checking if that expanded path exists in the cgi_directories.

Signed-off-by: Siwon Kang <kkangshawn@gmail.com>





https://bugs.python.org/issue38863
2019-11-22 01:13:05 -08:00
benedwards14 0aca3a3a1e bpo-37838: get_type_hints for wrapped functions with forward reference (GH-17126)
https://bugs.python.org/issue37838
2019-11-21 17:24:58 +00:00
Victor Stinner 3ab479a2d1
bpo-38692: Skip test_posix.test_pidfd_open() on EPERM (GH-17290)
Skip the test_posix.test_pidfd_open() test if os.pidfd_open() fails
with a PermissionError. This situation can happen in a Linux sandbox
using a syscall whitelist which doesn't allow the pidfd_open()
syscall yet (like systemd-nspawn).
2019-11-21 12:54:54 +01:00
Victor Stinner 0127bb1c5c
bpo-38875: test_capi: trashcan tests require cpu resource (GH-17314)
test_capi: trashcan tests now require the test "cpu" resource.
2019-11-21 12:54:02 +01:00
Mark Shannon fee552669f
Produce cleaner bytecode for 'with' and 'async with' by generating separate code for normal and exceptional paths. (#6641)
Remove BEGIN_FINALLY, END_FINALLY, CALL_FINALLY and POP_FINALLY bytecodes. Implement finally blocks by code duplication.
Reimplement frame.lineno setter using line numbers rather than bytecode offsets.
2019-11-21 09:11:43 +00:00
Jason Fried 046442d02b bpo-38857: AsyncMock fix for awaitable values and StopIteration fix [3.8] (GH-17269) 2019-11-20 16:27:51 -08:00
xdegaye 559bad1a70 bpo-38841: Skip asyncio test_create_datagram_endpoint_existing_sock_unix (GH-17294)
on platforms lacking a functional bind() for named unix domain sockets



https://bugs.python.org/issue38841



Automerge-Triggered-By: @asvetlov
2019-11-20 12:02:07 -08:00
Steve Dower de148f263f
bpo-33125: Add support for building and releasing Windows ARM64 packages (GH-16828)
Note that the support is not actually enabled yet, and so we won't be publishing these packages. However, for those who want to build it themselves (even by reusing the Azure Pipelines definition), it's now relatively easy to enable.
2019-11-20 09:30:47 -08:00
Federico Bond be5c79e033 bpo-38821: Fix crash in argparse when using gettext (GH-17192) 2019-11-20 15:29:29 +02:00
Victor Stinner 4dedd0f0dd
bpo-37340: Remove PyMethod_ClearFreeList() and PyCFunction_ClearFreeList() (GH-17284)
Remove PyMethod_ClearFreeList() and PyCFunction_ClearFreeList()
functions: the free lists of bound method objects have been removed.

Remove also _PyMethod_Fini() and _PyCFunction_Fini() functions.
2019-11-20 12:59:12 +01:00
Victor Stinner 7247407c35
bpo-36854: Move _PyRuntimeState.gc to PyInterpreterState (GH-17287)
* Rename _PyGC_InitializeRuntime() to _PyGC_InitState()
* finalize_interp_clear() now also calls _PyGC_Fini() in
  subinterpreters (clear the GC state).
2019-11-20 12:25:50 +01:00
Victor Stinner 488d02a241
bpo-38835: Exclude PyFPE macros from the stable API (GH-17228)
Exclude PyFPE_START_PROTECT() and PyFPE_END_PROTECT() macros of
pyfpe.h from Py_LIMITED_API (stable API).
2019-11-20 12:17:09 +01:00
Terry Jan Reedy b8462477bf
bpo-38636: Fix IDLE tab toggle and file indent width (GH-17008)
These Format menu functions (default shortcuts Alt-T and Alt-U)
were mistakenly disabled in 3.7.5 and 3.8.0.
2019-11-20 01:18:39 -05:00
Benjamin Peterson 7483451577
closes bpo-38712: Add signal.pidfd_send_signal. (GH-17070)
This exposes a Linux-specific syscall for sending a signal to a process
identified by a file descriptor rather than a pid.

For simplicity, we don't support the siginfo_t parameter to the syscall. This
parameter allows implementing a pidfd version of rt_sigqueueinfo(2), which
Python also doesn't support.
2019-11-19 20:39:14 -08:00
Victor Stinner be143ec996
bpo-38835: Don't use PyFPE_START_PROTECT and PyFPE_END_PROTECT (GH-17231)
The PyFPE_START_PROTECT() and PyFPE_END_PROTECT() macros are empty:
they have been doing nothing for the last year  (since commit
735ae8d139), so stop using them.
2019-11-20 02:51:30 +01:00
Łukasz Langa 1c5a71a7dd
Merge tag 'v3.9.0a1' 2019-11-20 02:05:28 +01:00
Pablo Galindo e0cd8aa70a
bpo-37957: Allow regrtest to receive a file with test (and subtests) to ignore (GH-16989)
When building Python in some uncommon platforms there are some known tests that will fail. Right now, the test suite has the ability to ignore entire tests using the -x option and to receive a filter file using the --matchfile filter. The problem with the --matchfile option is that it receives a file with patterns to accept and when you want to ignore a couple of tests and subtests, is too cumbersome to lists ALL tests that are not the ones that you want to accept and he problem with -x is that is not easy to ignore just a subtests that fail and the whole test needs to be ignored.

For these reasons, add a new option to allow to ignore a list of test and subtests for these situations.
2019-11-19 23:46:49 +00:00
Jake Tesler c6b20be85c bpo-38707: Fix for multiprocessing.Process MainThread.native_id (GH-17088)
This PR implements a fix for `multiprocessing.Process` objects; the error occurs when Processes are created using either `fork` or `forkserver` as the `start_method`.

In these instances, the `MainThread` of the newly created `Process` object retains all attributes from its parent's `MainThread` object, including the `native_id` attribute. The resulting behavior is such that the new process' `MainThread` captures an incorrect/outdated `native_id` (the parent's instead of its own). 

This change forces the Process object to update its `native_id` attribute during the bootstrap process.

cc @vstinner





https://bugs.python.org/issue38707



Automerge-Triggered-By: @pitrou
2019-11-19 11:50:12 -08:00
Adam Johnson 892221bfa0 bpo-38839: Fix some unused functions in tests (GH-17189) 2019-11-19 11:45:20 -08:00
Vincent Michel 8e0de2a480 bpo-35409: Ignore GeneratorExit in async_gen_athrow_throw (GH-14755)
Ignore `GeneratorExit` exceptions when throwing an exception into the `aclose` coroutine of an asynchronous generator.





https://bugs.python.org/issue35409
2019-11-19 05:53:52 -08:00