Don't leak a reference if PyDict_Update() fails, check the
PyList_New() call in treebuilder_new(), and properly handle failures
in xmlparser().
(cherry picked from commit 9f3ed3e213)
The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34623.
(cherry picked from commit cb5778f00c)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34623
Include ``openssl/dh.h`` header file to fix implicit function declaration of ``DH_free()``.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>.
(cherry picked from commit b3a271fc0c)
Co-authored-by: Alexandru Ardelean <ardeleanalex@gmail.com>
https://bugs.python.org/issue34710
Many type object initializations labeled a field "tp_size" in the
comment, but the name of that field is tp_basicsize..
(cherry picked from commit 0e0bc4e221)
Co-authored-by: Peter Eisentraut <peter@eisentraut.org>
* Fix compilation warning in _ctypes module on Window
(cherry picked from commit 20f11fe43c)
* Fix compilation warnings on Windows 64-bit
(cherry picked from commit 725e421222)
* Fix compiler warning in unicodeobject.c
Explicitly case to Py_UNICODE to fix the warning:
Objects\unicodeobject.c(4225): warning C4244: '=' :
conversion from 'long' to 'Py_UNICODE', possible loss of data
The downcast cannot overflow since we check that value <= 0x10ffff.
Fixed bpo-29565: Corrected ctypes passing of large structs by value.
Added code and test to check that when a structure passed by value
is large enough to need to be passed by reference, a copy of the
original structure is passed. The callee updates the passed-in value,
and the test verifies that the caller's copy is unchanged. A similar
change was also added to the test added for bpo-20160 (that test was
passing, but the changes should guard against regressions).
(cherry picked from commit a86339b83f)
There was a missing check for integer overflow, several function calls
were not checked for failure, and allocated memory was not freed if an
error occurred.
Fix comparison between signed and unsigned integers. Example of fixed
warning:
Modules\_sre.c(838): warning C4018: '<' : signed/unsigned mismatch
(cherry picked from commit 1fa174a418)
Hangul composition check boundaries are wrong for the second character
([0x1161, 0x1176) instead of [0x1161, 0x1176]) and third character ((0x11A7, 0x11C3)
instead of [0x11A7, 0x11C3])..
(cherry picked from commit d134809cd3)
Co-authored-by: Wonsup Yoon <pusnow@me.com>
bpo-19418, bpo-33781: Fix the following warnings on Windows:
Modules\audioop.c(28): warning C4146: unary minus operator applied
to unsigned type, result still unsigned
Modules\audioop.c(396): warning C4146: unary minus operator applied
to unsigned type, result still unsigned
Move the floor() call into fbound() to call floor() on a double
rather than an int. The change should enhance the rounding.
Document also (int)double rounding mode.
(cherry picked from commit 45e4efba7f)
* Fixed a leak when the GC fails to add an object with __del__ into
the gc.garbage list.
* PyGC_Collect() can now be called when an exception is set and
preserves it.
(cherry picked from commit 301e3cc8a5)
This change generally splits the xmlparser creation code into an unsafe part with "rollback" error handling and a safe "object initialisation done" part with normal decref cleanup.
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.
Documentation updates and fixes for failing tests will be provided in
another patch set.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 4ca0739c9d)
Co-authored-by: Christian Heimes <christian@python.org>
The ssl module now detects missing NPN support in LibreSSL.
Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org>
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 6cdb7954b0)
Co-authored-by: Christian Heimes <christian@python.org>
The SSL module no longer sends IP addresses in SNI TLS extension on
platforms with OpenSSL 1.0.2+ or inet_pton.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit e9370a4738)
Co-authored-by: Christian Heimes <christian@python.org>
A closing parentheses was missing.
Signed-off-by: Ngie Cooper <yaneurabeya@gmail.com>
(cherry picked from commit 7745ec4e35)
Co-authored-by: ngie-eign <1574099+ngie-eign@users.noreply.github.com>
In fileio, there were 3 fstat() calls and one lseek() call that did not
release the GIL during the call. This can cause all threads to hang for
unlimited time when using io.FileIO with inaccessible NFS server.
Same issue seen in fileio exists also in fileobject, fixed in the same
way.
Modify the code to use ncurses is_pad() instead of checking WINDOW
_flags field. If your platform does not provide the is_pad(), the
existing way that checks the field will be enabled.
Note: This change does not drop support for platforms where do not
have both WINDOW _flags field and is_pad().
(cherry picked from commit 8bc7d63560)
* Fixed the layout of the kqueue_event structure on OpenBSD and NetBSD.
* Fixed the comparison of the kqueue_event objects..
(cherry picked from commit b9052a0f91)
Always pass -1, or INFTIM where defined, to the poll() system call when
a negative timeout is passed to the poll.poll([timeout]) method in the
select module. Various OSes throw an error with arbitrary negative
values..
(cherry picked from commit 6cfa927ceb)
Add a new _testcapi._read_null() function to crash Python in a
reliable way on s390x.
On s390x, ctypes.string_at(0) returns an empty string rather than
crashing.
* init commit, with initial tests for from_param and fields __set__ and __get__, and some additions to from_buffer and from_buffer_copy
* added the rest of tests and patches. probably only a first draft.
* removed trailing spaces
* replace ctype with ctypes in error messages
* change back from ctypes instance to ctype instance
(cherry picked from commit 1bea762d9e)
* bpo-29136: Add TLS 1.3 support
TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3
cipher suites don't overlap with cipher suites from TLS 1.2 and earlier.
Since Python sets its own set of permitted ciphers, TLS 1.3 handshake
will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common
AES-GCM and ChaCha20 suites.
Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with
OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3
now.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit cb5b68abde)
Fix copying of partial characters for UTF-8 input (libexpat bug 115):
https://github.com/libexpat/libexpat/issues/115
(cherry picked from commit 759e30ec47)
The standard header stdbool.h is not available
with old Visual Studio compilers
Cherry-picked from libexpat b4b89c2ab0cc5325a41360c25ef9d2ccbe617e5c.
expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation.
Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2
* bpo-31339: Rewrite time.asctime() and time.ctime()
Backport and adapt the _asctime() function from the master branch to
not depend on the implementation of asctime() and ctime() from the
external C library. This change fixes a bug when Python is run using
the musl C library.
* bound checks for time.asctime()
* bound checks for time.strftime()
The ssl and hashlib modules now call OPENSSL_add_all_algorithms_noconf() on
OpenSSL < 1.1.0. The function detects CPU features and enables optimizations
on some CPU architectures such as POWER8. Patch is based on research from
Gustavo Serra Scalet.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit c941e62)
Include sys/sysmacros.h for major(), minor(), and makedev(). GNU C libray
plans to remove the functions from sys/types.h.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 75b961869a)
* Change NPN detection:
Version breakdown, support disabled (pre-patch/post-patch):
- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined ->
False/False
- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will be defined -> True/False
Version breakdown support enabled (pre-patch/post-patch):
- pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False
- 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
- 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and
OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True
* Refine NPN guard:
- If NPN is disabled, but ALPN is available we need our callback
- Make clinic's ssl behave the same way
This created a working ssl module for me, with NPN disabled and ALPN
enabled for OpenSSL 1.1.0f.
Concerns to address:
The initial commit for NPN support into OpenSSL [1], had the
OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG
guard. The question is if that ever made it into a release.
This would need an ugly hack, something like:
GH-if defined(OPENSSL_NO_NEXTPROTONEG) && \
!defined(OPENSSL_NPN_NEGOTIATED)
GH- define OPENSSL_NPN_UNSUPPORTED 0
GH- define OPENSSL_NPN_NEGOTIATED 1
GH- define OPENSSL_NPN_NO_OVERLAP 2
GH-endif
[1] https://github.com/openssl/openssl/commit/68b33cc5c7.
(cherry picked from commit b2d096bd2a)
[2.7] bpo-10746: Fix ctypes PEP 3118 type codes for c_long, c_bool, c_int (GH-31)
Ctypes currently produces wrong pep3118 type codes for several types.
E.g. memoryview(ctypes.c_long()).format gives "<l" on 64-bit platforms,
but it should be "<q" instead for sizeof(c_long) == 8
The problem is that the '<>' endian specification in the struct syntax
also turns on the "standard size" mode, which makes type characters have
a platform-independent meaning, which does not match with the codes used
internally in ctypes. The struct module format syntax also does not
allow specifying native-size non-native-endian items.
This commit adds a converter function that maps the internal ctypes
codes to appropriate struct module standard-size codes in the pep3118
format strings. The tests are modified to check for this..
(cherry picked from commit 07f1658aa0)
The current test_child_terminated_in_stopped_state() function test
creates a child process which calls ptrace(PTRACE_TRACEME, 0, 0) and
then crash (SIGSEGV). The problem is that calling os.waitpid() in the
parent process is not enough to close the process: the child process
remains alive and so the unit test leaks a child process in a
strange state. Closing the child process requires non-trivial code,
maybe platform specific.
Remove the functional test and replaces it with an unit test which
mocks os.waitpid() using a new _testcapi.W_STOPCODE() function to
test the WIFSTOPPED() path.
(cherry picked from commit 7b7c6dcfff)
If history-length is set in .inputrc, and the history file is double the
history size (or more), history_get(N) returns NULL, and python
segfaults. Fix that by checking for NULL return value.
It seems that the root cause is incorrect handling of bigger history in
readline, but Python should not segfault even if readline returns
unexpected value.
This issue affects only GNU readline. When using libedit emulation
system history size option does not work.
This is a backport of the actual fix from master without the test, since
the test depends on new run_pty() helper which is not available in 2.7.
* Add Windows support to test.support.SuppressCrashReport: call
SetErrorMode() and CrtSetReportMode().
* _testcapi: add CrtSetReportMode() and CrtSetReportFile() functions
and CRT_xxx and CRTDBG_xxx constants needed by SuppressCrashReport.
Zackery Spytz
Serhiy Storchaka
Miss Islington (bot)
Vladimir Matveev
Christian Heimes
Benjamin Peterson
Sergey Fedoseev
Victor Stinner
Xtreak
Xiang Zhang
Antoine Pitrou
scoder
Alexey Izbyshev
Anthony Sottile
Nir Soffer
Oren Milman
Riccardo Coccioli
Victor Stinner
INADA Naoki
Pauli Virtanen
Segev Finer