Commit Graph

20823 Commits

Author SHA1 Message Date
Miss Islington (bot) 5506d60302
bpo-32836: Remove obsolete code from symtable pass (GH-5680)
When comprehensions switched to using a nested scope, the old
code for generating a temporary name to hold the accumulation
target became redundant, but was never actually removed.

Patch by Nitish Chandra.
(cherry picked from commit 3a087beddd)

Co-authored-by: Nitish Chandra <nitishchandrachinta@gmail.com>
2018-03-10 15:11:47 -08:00
Miss Islington (bot) e8a5a92037 bpo-27645: Add support for native backup facility of SQLite (GH-4238)
(cherry picked from commit d7aed4102d)

Co-authored-by: Emanuele Gaifas <lelegaifax@gmail.com>
2018-03-11 01:29:19 +03:00
Miss Islington (bot) bf0d116517 bpo-33037: Skip sending/receiving after SSL transport closing (GH-6044) (GH-6057)
* Skip write()/data_received() if sslpipe is destroyed
(cherry picked from commit 5e80a71ab6)

Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
2018-03-10 18:27:01 +02:00
Miss Islington (bot) 3c39beb65d
bpo-32517: fix test_read_pty_output() hangs on macOS 10.13.2+ (GH-6037)
test_asyncio hangs indefinitely on macOS 10.13.2+ on `read_pty_output()`
using the KqueueSelector. Closing `proto.transport` (as is done in
`write_pty_output()`) seems to fix it.
(cherry picked from commit 12f74d8608)

Co-authored-by: Nathan Henrie <n8henrie@users.noreply.github.com>
2018-03-09 10:14:14 -08:00
Miss Islington (bot) 8c163bbf37
bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (GH-6010)
(cherry picked from commit 3b20d3454e)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-03-08 08:26:43 -08:00
Miss Islington (bot) d824b4e4af
bpo-32999: Fix ABC.__subclasscheck__ crash (GH-6002)
(cherry picked from commit fc7df0e664)

Co-authored-by: INADA Naoki <methane@users.noreply.github.com>
2018-03-06 23:47:40 -08:00
Miss Islington (bot) c4d77a6611
bpo-32969: Expose some missing constants in zlib and fix the doc (GH-5988)
(cherry picked from commit bc3f2289b9)

Co-authored-by: Xiang Zhang <angwerzx@126.com>
2018-03-06 21:26:19 -08:00
Miss Islington (bot) 112f799666
bpo-33009: Fix inspect.signature() for single-parameter partialmethods. (GH-6004)
(cherry picked from commit 8a387219bd)

Co-authored-by: Yury Selivanov <yury@magic.io>
2018-03-06 10:23:48 -08:00
Miss Islington (bot) 31e2b76f7b
bpo-33005: Fix _PyGILState_Reinit() (GH-6001)
Fix a crash on fork when using a custom memory allocator (ex: using
PYTHONMALLOC env var).

_PyGILState_Reinit() and _PyInterpreterState_Enable() now use the
default RAW memory allocator to allocate a new interpreters mutex on
fork.
(cherry picked from commit 5d92647102)

Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
2018-03-06 05:52:27 -08:00
Miss Islington (bot) 96fdbacb77
bpo-33001: Prevent buffer overrun in os.symlink (GH-5989)
(cherry picked from commit 6921e73e33)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-03-05 15:12:56 -08:00
Miss Islington (bot) fd340bf9e3
bpo-32984: IDLE - set __file__ for startup files (GH-5981)
Like Python, IDLE optionally runs one startup file in the Shell window
before presenting the first interactive input prompt.  For IDLE,
option -s runs a file named in environmental variable IDLESTARTUP or
PYTHONSTARTUP; -r file runs file.  Python sets __file__ to the startup
file name before running the file and unsets it before the first
prompt.  IDLE now does the same when run normally, without the -n
option.
(cherry picked from commit 22c82be5df)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2018-03-05 08:49:15 -08:00
Miss Islington (bot) a5303dd9c2
bpo-32857: Raise error when tkinter after_cancel() is called with None. (GH-5701)
(cherry picked from commit 74382a3f17)

Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
2018-03-04 04:00:33 -08:00
Miss Islington (bot) 0902a2d6b2 bpo-32981: Fix catastrophic backtracking vulns (GH-5955)
* Prevent low-grade poplib REDOS (CVE-2018-1060)

The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.

Replace it with a similar non-vulnerable regex.

The new regex is RFC compliant.
The old regex was non-compliant in edge cases.

* Prevent difflib REDOS (CVE-2018-1061)

The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.

Replace it with an equivalent non-vulnerable regex.

Also introduce unit and REDOS tests for difflib.

Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Jamie Davis <davisjam@vt.edu>
(cherry picked from commit 0e6c8ee235)
2018-03-03 21:55:07 -08:00
Miss Islington (bot) 6ae75d9d12 bpo-32903: Fix a memory leak in os.chdir() on Windows (GH-5801) (#5945)
(cherry picked from commit 3e197c7a67)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-03-01 18:28:41 +08:00
Miss Islington (bot) 7e5763469e
bpo-32940: IDLE: Simplify StringTranslatePseudoMapping in pyparse (GH-5862)
The new code also runs faster.
(cherry picked from commit f0daa880a4)

Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
2018-02-28 15:08:21 -08:00
Ned Deily b0ef5c979b Update NEWS, docs, and patchlevel for 3.7.0b2 2018-02-27 19:49:18 -05:00
Miss Islington (bot) b7dcae358e Revert "bpo-31961: subprocess now accepts path-like args (GH-4329)" (GH-5912) (GH-5931)
* Revert "bpo-31961: subprocess now accepts path-like args (GH-4329)"

This reverts commit dd42cb71f2.
(cherry picked from commit be50a7b627)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-02-27 18:30:30 -05:00
Ned Deily a7edca7122 bpo-32901: update macOS 10.9+ installer to Tcl/Tk 8.6.8 2018-02-27 17:43:53 -05:00
Miss Islington (bot) 4c842b0920
bpo-31453: Add setter for min/max protocol version (GH-5259)
OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.

Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 698dde16f6)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 03:41:04 -08:00
Christian Heimes 89c2051a55
[3.7] bpo-32951: Disable SSLSocket/SSLObject constructor (GH-5864) (#5925)
Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
The constructors were never documented, tested, or designed as public
constructors. The SSLSocket constructor had limitations. For example it was
not possible to enabled hostname verification except was
ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.

SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
also deprecated.

The only test case for direct instantiation was added a couple of days
ago for IDNA testing.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 9d50ab563d)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 11:17:32 +01:00
Miss Islington (bot) 102d5204ad
bpo-28124: deprecate ssl.wrap_socket() (GH-5888)
The ssl module function ssl.wrap_socket() has been de-emphasized
and deprecated in favor of the more secure and efficient
SSLContext.wrap_socket() method.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 90f05a527c)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 01:45:31 -08:00
Miss Islington (bot) 2614ed4c6e
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (GH-5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 05d9fe32a1)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 00:17:49 -08:00
Miss Islington (bot) a93e3dc236 bpo-32960: For dataclasses, disallow inheriting frozen from non-frozen classes and vice-versa, (GH-5919) (GH-5920)
This restriction will be relaxed at a future date.
(cherry picked from commit 2fa6b9eae0)

Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
2018-02-26 20:59:55 -05:00
Miss Islington (bot) a9a8a9814a
bpo-32713: Fix tarfile.itn for large/negative float values. (GH-5434)
(cherry picked from commit 72d9b2be36)

Co-authored-by: Joffrey F <f.joffrey@gmail.com>
2018-02-26 16:50:09 -08:00
Miss Islington (bot) 51d95ffc2f
bpo-32222: Fix pygettext skipping docstrings for funcs with arg typehints (GH-4745)
(cherry picked from commit eee72d4778)

Co-authored-by: Tobotimus <Tobotimus@users.noreply.github.com>
2018-02-26 15:23:26 -08:00
Miss Islington (bot) 53d3f8a899
bpo-32394: Remove some TCP options on old version Windows. (GH-5523)
(cherry picked from commit 19e7d48ce8)

Co-authored-by: animalize <animalize@users.noreply.github.com>
2018-02-26 10:36:17 -08:00
Miss Islington (bot) a9e0b070b3
bpo-32922: dbm.open() now encodes filename with the filesystem encoding. (GH-5832)
(cherry picked from commit 6f600ff173)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-02-26 06:25:40 -08:00
Miss Islington (bot) 4cffe2f66b bpo-32929: Dataclasses: Change the tri-state hash parameter to the boolean unsafe_hash. (GH-5891) (GH-5902)
unsafe_hash=False is now the default. It is the same behavior as the old hash=None parameter. unsafe_hash=True will try to add __hash__. If it already exists, TypeError is raised.
(cherry picked from commit dbf9cff48a)

Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
2018-02-26 04:43:35 -05:00
Miss Islington (bot) 632c1cb571
bpo-32622: Native sendfile on windows (GH-5565)
* Support sendfile on Windows Proactor event loop naively.
(cherry picked from commit a19fb3c6aa)

Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
2018-02-25 09:10:58 -08:00
Miss Islington (bot) 4cb373359d [3.7] bpo-32647: Link ctypes extension with libdl. (GH-5550) (#5874)
The ctypes module used to depend on indirect linking for dlopen. The shared
extension is now explicitly linked against libdl on platforms with dl.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 5bb9692575)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-25 13:07:24 +01:00
Miss Islington (bot) ff7528f089 [3.7] bpo-31809: test secp ECDH curves (GH-4036) (#5872)
Add tests to verify connection with secp384r1 ECDH curves.
(cherry picked from commit b7b9225831)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-25 10:56:11 +01:00
Miss Islington (bot) b5655f3d18
bpo-17232: Clarify docs for -O and -OO command line options (GH-5839)
The 'optimization' is for space in the executable file, not for run time.
(cherry picked from commit 186b606d8a)

Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
2018-02-24 19:24:08 -08:00
Miss Islington (bot) 01d9c23e47 [3.7] bpo-30622: Improve NPN support detection (GH-5859) (#5860)
The ssl module now detects missing NPN support in LibreSSL.

Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org>
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 6cdb7954b0)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 23:04:27 +01:00
Miss Islington (bot) 8fa8478dde [3.7] bpo-24334: Cleanup SSLSocket (GH-5252) (#5857)
* The SSLSocket is no longer implemented on top of SSLObject to
  avoid an extra level of indirection.
* Owner and session are now handled in the internal constructor.
* _ssl._SSLSocket now uses the same method names as SSLSocket and
  SSLObject.
* Channel binding type check is now handled in C code. Channel binding
  is always available.

The patch also changes the signature of SSLObject.__init__(). In my
opinion it's fine. A SSLObject is not a user-constructable object.
SSLContext.wrap_bio() is the only valid factory.
(cherry picked from commit 141c5e8c24)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 21:51:56 +01:00
Miss Islington (bot) e49bf0f353
bpo-31966: Fixed WindowsConsoleIO.write() for writing empty data. (GH-5754)
(cherry picked from commit 42c35d9c0c)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-02-24 09:39:18 -08:00
Miss Islington (bot) 46632f4d3c [3.7] bpo-32819: Simplify and improve ssl.match_hostname (GH-5620) (#5847)
ssl.match_hostname() has been simplified and no longer depends on re and
ipaddress module for wildcard and IP addresses. Error reporting for invalid
wildcards has been improved.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit aef1283ba4)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 15:06:46 +01:00
Miss Islington (bot) 1c37e27719 [bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128) (GH-5843)
Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.

After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
(cherry picked from commit 11a1493bc4)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-23 19:18:28 -08:00
Miss Islington (bot) f409c9988e
bpo-32916: IDLE: Change `str` to `code` in pyparse (GH-5830)
Adjust tests and user modules to match.
(cherry picked from commit c29c03a34a)

Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
2018-02-23 18:59:53 -08:00
Miss Islington (bot) 74b7364259
bpo-32901: Update Tcl and Tk versions to 8.6.8 (GH-5823)
(cherry picked from commit efa6c76226)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-02-23 08:44:27 -08:00
Miss Islington (bot) 694c5e0e1f
bpo-30028: make test.support.temp_cwd() fork-safe (GH-1066)
Make test.support.temp_cwd() fork-safe. The context manager test.support.temp_cwd() no longer removes the temporary directory when executing in a process other than the parent it entered from.
If a forked child exits the context manager it won't do the cleanup.
(cherry picked from commit 33dddac00b)

Co-authored-by: Anselm Kruis <a.kruis@science-computing.de>
2018-02-22 21:39:02 -08:00
Miss Islington (bot) e5a9b3574c
bpo-32457: Improves handling of denormalized executable path when launching Python (GH-5756)
(cherry picked from commit 48e8c82fc6)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-02-22 11:15:16 -08:00
Miss Islington (bot) 01dd52fb29
bpo-32556: nt._getfinalpathname, nt._getvolumepathname and nt._getdiskusage now correctly convert from bytes. (GH-5761)
(cherry picked from commit 23ad6d0d1a)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-02-22 11:02:12 -08:00
Miss Islington (bot) dfa1144582
bpo-32905: IDLE - remove unused code in pyparse module (GH-5807)
dump is similar to print but less flexible.  lastopenbracketpos is now always initialized in _study2, as was stmt_bracketing, so the class settings are not needed.  get_last_open_bracket_pos is never called.
(cherry picked from commit 451d1edaf4)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2018-02-21 22:41:41 -08:00
Miss Islington (bot) bc2e110469
closes bpo-32898: Fix debug build crash with COUNT_ALLOCS (GH-5800)
(cherry picked from commit 745dc65b17)

Co-authored-by: Eddie Elizondo <eduardo.elizondorueda@gmail.com>
2018-02-21 21:44:08 -08:00
Miss Islington (bot) c59bc98fb2
bpo-32874: IDLE: add tests for pyparse (GH-5755)
There are no code changes other than comments and docstrings.
(cherry picked from commit c84cf6c03f)

Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
2018-02-21 20:09:39 -08:00
Miss Islington (bot) 69607b4ecf
bpo-32889: update valgrind suppressions (GH-5779)
Py_ADDRESS_IN_RANGE was renamed address_in_range in 3.6
(commit 3924f93794).
(cherry picked from commit ba518804bf)

Co-authored-by: Paul Price <price@astro.princeton.edu>
2018-02-20 22:27:38 -08:00
Miss Islington (bot) 1d927d4feb
bpo-31848: Fix broken error handling in Aifc_read.initfp() when the SSND chunk is not found (GH-5240)
Initialize self._ssnd_chunk so that aifc.Error is raised as intended,
not AttributeError.
(cherry picked from commit 80d20b918b)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-02-20 14:06:58 -08:00
Miss Islington (bot) bab4fe320a closes bpo-32859: Don't retry dup3() if it is not available at runtime (GH-5708)
os.dup2() tests for dup3() system call availability at runtime,
but doesn't remember the result across calls, repeating
the test on each call with inheritable=False.

Since the caller of os.dup2() is expected to hold the GIL,
fix this by making the variable holding the test result static.
(cherry picked from commit b3caf388a0)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-02-19 23:46:47 -08:00
Miss Islington (bot) a3d6c1b23b bpo-32409: Ensures activate.bat can handle Unicode contents (GH-5765)
(cherry picked from commit 6240917b77)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-02-19 17:45:02 -08:00
Miss Islington (bot) 2072c80d06
Improve error message for "setup.py upload" without dist files (GH-21060)
(cherry picked from commit 08a6926b25)

Co-authored-by: Éric Araujo <merwok@netwok.org>
2018-02-18 19:57:17 -08:00