Up until now, the `multiprocessing.pool.ThreadPool` class has gone
undocumented, despite being a public class in multiprocessing that is
included in `multiprocessing.pool.__all__`.
(cherry picked from commit 84ebcf271a)
Co-authored-by: Matt Wozniski <mwozniski@bloomberg.net>
The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization.
(This is change GH-1 from https://bugs.python.org/issue40791 .)
(cherry picked from commit 31729366e2)
Co-authored-by: Devin Jeanpierre <jeanpierreda@google.com>
* Prevent some possible DoS attacks via providing invalid Plist files
with extremely large number of objects or collection sizes.
* Raise InvalidFileException for too large bytes and string size instead of returning garbage.
* Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN).
* Raise InvalidFileException instead of TypeError for non-hashable dict keys.
* Add more tests for invalid Plist files..
(cherry picked from commit 34637a0ce2)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
reject control chars in http method in http.client.putrequest to prevent http header injection
(cherry picked from commit 8ca8a2e8fb)
Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121a1f)
Co-authored-by: Rishi <rishi_devan@mail.com>
CVE-2020-14422
The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation
(cherry picked from commit b30ee26e36)
Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
Signed-off-by: Tapas Kundu <tkundu@vmware.com>
Signed-off-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: @tiran.
(cherry picked from commit bb6ec14479)
Co-authored-by: Christian Heimes <christian@python.org>
Adds a simple check for whether or not the package is being installed in the GUI or using installer on the command line. This addresses an issue where CLI-based software management tools (such as Munki) unexpectedly open Finder windows into a GUI session during installation runs.
ensurepip optionally installs or upgrades 'pip' and 'setuptools' using
the version of those modules bundled with Python. The internal PIP
installation routine by default temporarily uses its cache, if it
exists. This is undesirable as Python builds and installations may be
independent of the user running the build, whilst PIP cache location
is dependent on the user's environment and outside of the build
environment.
At the same time, there's no value in using the cache while installing
bundled modules.
This change disables PIP caching when used in ensurepip.
(cherry picked from commit 4a3a682b12)
Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com>
In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.
Also added a test case for this problem.
(cherry picked from commit d8cf3514dd)
Co-authored-by: roger <rogerduran@gmail.com>
Automerge-Triggered-By: @ned-deily
Remote host cyrus.andrew.cmu.edu is blocking incoming connections and is
causing test suite to fail.
Signed-off-by: Christian Heimes <christian@python.org>
unittest.TestCase.assertWarns no longer raises a RuntimeException
when accessing a module's ``__warningregistry__`` causes importation of a new
module, or when a new module is imported in another thread.
(cherry picked from commit 46398fba4d)
Co-authored-by: kernc <kerncece@gmail.com>
The doccumentation at https://docs.python.org/3.10/library/weakref.html cautions that the `WeakKeyDictionary` and `WeakValueDictionary` are susceptible to the problem of dictionary mutation during iteration.
These notes present the user with a problem that has no easy solution.
I dug into the implementation and found that fortunately, Antoine Pitrou already addressed this challenge (10 years ago!) by introducing an `_IterationGuard` context manager to the implementation, which delays mutation while an iteration is in progress.
I asked for confirmation and @pitrou agreed that these notes could be removed:
c1baa601e2GH-commitcomment-39514438.
(cherry picked from commit 1642c0ef75)
Co-authored-by: Daniel Fortunov <asqui@users.noreply.github.com>
Automerge-Triggered-By: @pitrou
Miss Islington (bot)
Benjamin Peterson
Steve Dower
Serhiy Storchaka
larryhastings
Ned Deily
Pablo Galindo
Tapas Kundu
Christian Heimes
Antoine Pitrou
Stefan Krah