``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``.
https://bugs.python.org/issue33936
(cherry picked from commit 724f1a5723)
Co-authored-by: Christian Heimes <christian@python.org>
Fixes a build error with OpenSSL 1.1.0. There is already code in the
`_ssl.c` that handles all the weird cases of the NPN config macros (with
various OpenSSL & LibreSSL versions).
That code will provide a HAVE_NPN variable, which should be used in the
rest of the code to check whether (or what) to compile regarding NPN.
This change adds HAVE_NPN in the remaining places where it should have been
placed.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
https://bugs.python.org/issue35264
If FormatMessageW() is passed the FORMAT_MESSAGE_FROM_SYSTEM flag
without FORMAT_MESSAGE_IGNORE_INSERTS, it will fail if there are
insert sequences in the message definition.
(cherry picked from commit a656365)
Fix a reference leak in _bufferedreader_read_all():
_io.BufferedIOMixin.read() leaks a reference on 'data'
when it reads the whole file content but flush() fails.
Fix a reference leak in json if parsing a floating point number fails.
If PyOS_string_to_double() fails in _match_number_str():
decrement numstr ref counter.
Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in
out-of-memory cases. Thanks to Charalampos Stratakis.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue36179.
(cherry picked from commit b7bc283ab6)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue36179
The standard math library (libm) may follow IEEE-754 recommendation to
include an implementation of sinPi(), i.e. sinPi(x):=sin(pi*x).
And this triggers a name clash, found by FreeBSD developer
Steve Kargl, who worked on putting sinpi into libm used on FreeBSD
(it has to be named "sinpi", not "sinPi", cf. e.g.
https://en.cppreference.com/w/c/experimental/fpext4).
Backport of TLS 1.3 related fixes from 3.7.
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01)
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
(cherry picked from commit 358cfd426c)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f)
Co-authored-by: Christian Heimes <christian@python.org>
"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.
In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.
In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b5356)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359d5)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
They can be exposed when some C API calls fail due to lack of
memory.
* Failed Py_BuildValue() could cause an assertion error in the
following TextIOWrapper.tell().
* initvalue could leak in StringIO.__getstate__() after failed
PyDict_Copy().
(cherry picked from commit fdb5a50ef3)
Fixes assertion failures in _datetimemodule.c
introduced in the previous fix (see bpo-31752).
Rather of trying to handle an int subclass as exact int,
let it to use overridden special methods, but check the
result of divmod().
(cherry picked from commit 3ec0f49516)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This typo doesn't affect the result because wrong bits are discarded
on implicit conversion to unsigned char, but it trips UBSan
with -fsanitize=implicit-integer-truncation.
(cherry picked from commit 7a69cf47a9)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
_io.IncrementalNewlineDecoder's initializer possibly assigns out-of-range
value to the bitwise struct field.
(cherry picked from commit b08746bfdf)
Co-authored-by: Xiang Zhang <angwerzx@126.com>
Benjamin Peterson
Miss Islington (bot)
Serhiy Storchaka
Xiang Zhang
Alexandru Ardelean
Zackery Spytz
Victor Stinner
Eric Wieser
Stéphane Wirtel
stratakis
T. Wouters
Christian Heimes
Dima Pasechnik
Alexey Izbyshev