It appears standard that moving the text insert cursor away from a selection clears the
selection. Clearing prevents accidental deletion of a possibly off-screen bit of text.
The update is for Ln and Col on the status bar.
(cherry picked from commit 2522db11df)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
`list(sys.modules.items())` was apparently not immune to "dictionary
changed size during iteration" errors.
Tested internally using an integration test that has run into this a couple of times in the past two years. With this patch applied, the test is no longer flaky.
(cherry picked from commit 85cf1d514b)
Co-authored-by: Gregory P. Smith <gps@google.com>
Objects do not own weak references to them directly through the __weakref__ list so these
do not need to be traversed by the GC.
(cherry picked from commit 0c2b509)
Open issue in the BPO indicated a desire to make the implementation of
codecs.open() at parity with io.open(), which implements a try/except to
assure file stream gets closed before an exception is raised.
(cherry picked from commit 2565edec2c)
Co-authored-by: Chris A <christopher.aporta@gmail.com>
_PyEval_SetAsyncGenFinalizer() and _PyEval_SetAsyncGenFirstiter()
didn't include proper error handling for their PySys_Audit() calls.
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Fix compileall.compile_dir() ddir= behavior on sub-packages.
Fixes compileall.compile_dir's ddir parameter and compileall command
line flag `-d` to no longer write the wrong pathname to the generated
pyc file for submodules beneath the root of the directory tree being
compiled. This fixes a regression introduced with Python 3.5.
Tests backported from GH 02673352b5, the
implementation is different due to intervening code changes. But still
quiet simple.
Why was the bug ever introduced? The refactoring to add parallel
execution kept the ddir -> dfile computations but discarded the results
instead of sending them to compile_file(). This fixes that. Lack of tests
meant this went unnoticed.
* bpo-39548: Fix handling of 'WWW-Authenticate' header for Digest authentication
- The 'qop' value in the 'WWW-Authenticate' header is optional. The
presence of 'qop' in the header should be checked before its value
is parsed with 'split'.
Signed-off-by: Stephen Balousek <stephen@balousek.net>
* bpo-39548: Fix handling of 'WWW-Authenticate' header for Digest authentication
- Add NEWS item
Signed-off-by: Stephen Balousek <stephen@balousek.net>
* Update Misc/NEWS.d/next/Library/2020-02-06-05-33-52.bpo-39548.DF4FFe.rst
Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com>
Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
(cherry picked from commit 5e260e0fde)
Co-authored-by: Stephen Balousek <sbalousek@users.noreply.github.com>
Previously, the button-up part of selecting with a mouse was treated as a click
that meant 'jump' to this line, which modified the context and undid the selection
(cherry picked from commit c705fd1e89)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Trying to decode an invalid string with the punycode codec
shoud raise UnicodeError.
(cherry picked from commit ba22e8f174)
Co-authored-by: Berker Peksag <berker.peksag@gmail.com>
Appears to be obsolete since 75bb54c3d8.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit 4015d1cda3)
Co-authored-by: Daniel Hahler <git@thequod.de>
Full nested function and class info makes it a module browser.
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit aea045adb8)
Co-authored-by: Hakan Çelik <hakancelik96@outlook.com>
Fix a regression where the C pickle module wouldn't allow unpickling from a
file-like object that doesn't expose a readinto() method.
(cherry picked from commit 9f37872e30)
Co-authored-by: Antoine Pitrou <antoine@python.org>
Co-authored-by: Antoine Pitrou <pitrou@free.fr>
The language reference now specifies restrictions on class namespaces. Adapted from a patch by Ethan Furman.
(cherry picked from commit fbe2e0bb8a)
Co-authored-by: ananthan-123 <ananthakrishnan15.2001@gmail.com>
Hold reference of __bases__ tuple until tuple item is done with, because by
dropping the reference the item may be destroyed.
(cherry picked from commit 1c56f8ffad)
Co-authored-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
Make it export the correct init symbol also on Windows.
https://bugs.python.org/issue39432
(cherry picked from commit 9538bc9185)
Co-authored-by: Stefan Behnel <stefan_ml@behnel.de>
When `allow_abbrev` was first added, disabling the abbreviation of
long options broke the grouping of short flags ([bpo-26967](https://bugs.python.org/issue26967)). As a fix,
b1e4d1b603 (contained in v3.8) ignores `allow_abbrev=False` for a
given argument string if the string does _not_ start with "--"
(i.e. it doesn't look like a long option).
This fix, however, doesn't take into account that long options can
start with alternative characters specified via `prefix_chars`,
introducing a regression: `allow_abbrev=False` has no effect on long
options that start with an alternative prefix character.
The most minimal fix would be to replace the "starts with --" check
with a "starts with two prefix_chars characters". But
`_get_option_tuples` already distinguishes between long and short
options, so let's instead piggyback off of that check by moving the
`allow_abbrev` condition into `_get_option_tuples`.
https://bugs.python.org/issue39546
(cherry picked from commit 8edfc47bae)
Co-authored-by: Kyle Meyer <kyle@kyleam.com>
https://bugs.python.org/issue39546
Automerge-Triggered-By: @encukou
Test when find_good_parse_start should return 0.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit ffda25f6b8)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
This reverts commit 0f3187c1ce.
The change broke the backwards compatibility of parsing behavior in a
patch release of Python (3.8.1). A decision was taken to revert this
patch in 3.8.2.
In https://bugs.python.org/issue27657 it was decided that the previous
behavior like
>>> urlparse('localhost:8080')
ParseResult(scheme='', netloc='', path='localhost:8080', params='', query='', fragment='')
>>> urlparse('undefined:8080')
ParseResult(scheme='', netloc='', path='undefined:8080', params='', query='', fragment='')
needs to be preserved in patch releases as number of users rely upon it.
Explicitly mention the releases involved with the revert in NEWS.
Adopt the wording suggested by @ned-deily.
Setting `-D_XOPEN_SOURCE=700` on HP-UX causes system functions such as chroot to be undefined. This change stops `_XOPEN_SOURCE` begin set on HP-UX
Co-authored-by: Benjamin Peterson <benjamin@python.org>
(cherry picked from commit a9edf44a2d)
Co-authored-by: Ian Norton <inorton@gmail.com>
The fix for [bpo-39386](https://bugs.python.org/issue39386) attempted to make it so you couldn't reuse a
agen.aclose() coroutine object. It accidentally also prevented you
from calling aclose() at all on an async generator that was already
closed or exhausted. This commit fixes it so we're only blocking the
actually illegal cases, while allowing the legal cases.
The new tests failed before this patch. Also confirmed that this fixes
the test failures we were seeing in Trio with Python dev builds:
https://github.com/python-trio/trio/pull/1396https://bugs.python.org/issue39606
(cherry picked from commit 925dc7fb1d)
Co-authored-by: Nathaniel J. Smith <njs@pobox.com>
https://bugs.python.org/issue39606
Automerge-Triggered-By: @njsmith
bpo-21016, bpo-1294959: The pydoc and trace modules now use the
sysconfig module to get the path to the Python standard library, to
support uncommon installation path like /usr/lib64/python3.9/ on
Fedora.
Co-Authored-By: Jan Matějek <jmatejek@suse.com>
(cherry picked from commit 4fac7ed43e)
Co-authored-by: Victor Stinner <vstinner@python.org>
* Always set the text attribute.
* Correct the offset attribute for non-ascii sources.
(cherry picked from commit 0cc6b5e559)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Improve zipfile.Path performance on zipfiles with a large number of entries.
* 📜🤖 Added by blurb_it.
* Add bpo to blurb
* Sync with importlib_metadata 1.5 (6fe70ca)
* Update blurb.
* Remove compatibility code
* Add stubs module, omitted from earlier commit
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
(cherry picked from commit e5bd73632e)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
In the font configuration window, remove duplicated font names.
(cherry picked from commit ed335cf53b)
Co-authored-by: Victor Stinner <vstinner@python.org>
Some numerator types used (specifically NumPy) decides to not
return a Python boolean for the "a != b" operation. Using the equivalent
call to bool() guarantees a bool return also for such types.
(cherry picked from commit 427c84f13f)
Co-authored-by: Sebastian Berg <sebastian@sipsolutions.net>
When called on a closed object, readinto() segfaults on account
of a write to a freed buffer:
==220553== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==220553== Access not within mapped region at address 0x2A
==220553== at 0x48408A0: memmove (vg_replace_strmem.c:1272)
==220553== by 0x58DB0C: _buffered_readinto_generic (bufferedio.c:972)
==220553== by 0x58DCBA: _io__Buffered_readinto_impl (bufferedio.c:1053)
==220553== by 0x58DCBA: _io__Buffered_readinto (bufferedio.c.h:253)
Reproducer:
reader = open ("/dev/zero", "rb")
_void = reader.read (42)
reader.close ()
reader.readinto (bytearray (42)) GH-GH-GH- BANG!
The problem exists since 2012 when commit dc469454ec added code
to free the read buffer on close().
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
(cherry picked from commit cb1c0746f2)
Co-authored-by: Philipp Gesang <phg@phi-gamma.net>
Previously, a calltip might be left after SyntaxError, KeyboardInterrupt, or Shell Restart.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Tal Einat <taleinat+github@gmail.com>
(cherry picked from commit bfdeaa37b3)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Skip test_zipfile.test_add_file_after_2107() if time.localtime()
fails with OverflowError. It is the case on AIX 6.1 for example.
(cherry picked from commit c232c9110c)
Co-authored-by: Victor Stinner <vstinner@python.org>
Replace check for whether something is a method in the mock module. The
previous version fails on PyPy, because there no method wrappers exist
(everything looks like a regular Python-defined function). Thus the
isinstance(getattr(result, '__get__', None), MethodWrapperTypes) check
returns True for any descriptor, not just methods.
This condition could also return erroneously True in CPython for
C-defined descriptors.
Instead to decide whether something is a method, just check directly
whether it's a function defined on the class. This passes all tests on
CPython and fixes the bug on PyPy.
(cherry picked from commit a327677905)
Co-authored-by: Carl Friedrich Bolz-Tereick <cfbolz@gmx.de>
Co-authored-by: Carl Friedrich Bolz-Tereick <cfbolz@gmx.de>
Some of the *SetItem methods in the C API steal a reference to the
given value. This annotates the better behaved ones to assure the
reader that these are not the ones with the inconsistent behaviour.
* 📜🤖 Added by blurb_it.
* make docs consistent with signature
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
(cherry picked from commit e1e80002e2)
Co-authored-by: Joannah Nanjekye <33177550+nanjekyejoannah@users.noreply.github.com>
In bpo-36264 os.path.expanduser was changed to ignore HOME on Windows.
Path.expanduser/home still honored HOME despite being documented as behaving the same
as os.path.expanduser. This makes them also ignore HOME so that both implementations
behave the same way again.
(cherry picked from commit c45a2aa9e2)
Co-authored-by: Christoph Reiter <reiter.christoph@gmail.com>
Whether or not overlap regions for self-intersecting polygons
or multiple shapes are filled depends on the operating system graphics,
typeof overlap, and number of overlaps.
(cherry picked from commit 2824c45a0a)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Expose dialog buttons to test code and complete their test coverage.
Complete test coverage for highlights and keys tabs.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit dd023ad161)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
If an autospecced object is attached using attach_mock the
child would be a function with mock object as attribute from
which signature has to be derived.
(cherry picked from commit 66b00a9d3a)
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
Use `from ... import ...` to ensure module is fully loaded before accessing its attributes.
(cherry picked from commit 9017e0bd5e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
When communicate() is called in a loop, it crashes when the child process
has already closed any piped standard stream, but still continues to be running
Co-authored-by: Andriy Maletsky <andriy.maletsky@gmail.com>.
(cherry picked from commit d3ae95e1e9)
Co-authored-by: Alex Rebert <alex@forallsecure.com>
https://bugs.python.org/issue35182
* bpo-39421: Fix posible crash in heapq with custom comparison operators
* fixup! bpo-39421: Fix posible crash in heapq with custom comparison operators
* fixup! fixup! bpo-39421: Fix posible crash in heapq with custom comparison operators
(cherry picked from commit 79f89e6e5a)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
As described in RFC 1952, section 2.3.1, the XFL (eXtra FLags) byte of a
gzip member header should indicate whether the DEFLATE algorithm was
tuned for speed or compression ratio. Prior to this patch, archives
emitted by the `gzip` module always indicated maximum compression.
(cherry picked from commit eab3b3f1c6)
Co-authored-by: William Chargin <wchargin@gmail.com>
Fix comments and add tests for editor newline_and_indent_event method.
Remove unused None default for function parameter of pyparse find_good_parse_start method
and code triggered by that default.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit ec64640a2c)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
Mention that the function implicitly creates new event loop only if called from the main thread.
(cherry picked from commit 2c49becc69)
Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
Copying property objects results in a TypeError. Steps to reproduce:
```
>>> import copy
>>> obj = property()
>>> copy.copy(obj)
````
This affects both shallow and deep copying.
My idea for a fix is to add property objects to the list of "atomic" objects in the copy module.
These already include types like functions and type objects.
I also added property objects to the unit tests test_copy_atomic and test_deepcopy_atomic. This is my first PR, and it's highly likely I've made some mistake, so please be kind :)
https://bugs.python.org/issue38293
(cherry picked from commit 9f3fc6c5b4)
Co-authored-by: Guðni Natan Gunnarsson <1493259+GudniNatan@users.noreply.github.com>
* bpo-39297: Update for importlib_metadata 1.4. Includes performance updates.
* 📜🤖 Added by blurb_it.
* Update blurb
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
(cherry picked from commit 136735c1a2)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
The fix changes copy_location() to require an extra node from which to extract the end location, and fixing all 5 call sites.
https://bugs.python.org/issue39235
(cherry picked from commit a796d8ef9d)
Co-authored-by: Guido van Rossum <guido@python.org>
Correctly parenthesize filter-based statements that contain lambda
expressions in lib2to3.
(cherry picked from commit b821173b54)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
tkinter.ttk.Scale().configure([name]) now returns a configuration tuple for name
or a list thereof for all options. Based on patch Giovanni Lombardo.
(cherry picked from commit 5ea7bb25e3)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Ignore leading dots and no longer ignore a trailing newline.
(cherry picked from commit 6a265f0d0c)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.8] bpo-38588: Fix possible crashes in dict and list when calling PyObject_RichCompareBool (GH-17734)
Take strong references before calling PyObject_RichCompareBool to protect against the case
where the object dies during the call.
(cherry picked from commit 2d5bf568ea)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* Update Objects/listobject.c
@methane's suggestion
Co-Authored-By: Inada Naoki <songofacandy@gmail.com>
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
Tag memoryview, range, and tuple as classes, the same as list, etcetera, in
the library manual built-in functions list.
(cherry picked from commit ee9ff05ec2)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Hold strong references to list elements while calling PyObject_RichCompareBool().
(cherry picked from commit d9e561d23d)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Fix test_ressources_gced_in_workers() of test_concurrent_futures:
explicitly stop the manager to prevent leaking a child process
running in the background after the test completes.
(cherry picked from commit 673c39331f)
Multiprocessing and concurrent.futures tests now stop the resource
tracker process when tests complete.
Add ResourceTracker._stop() method to
multiprocessing.resource_tracker.
Add _cleanup_tests() helper function to multiprocessing.util: share
code between multiprocessing and concurrent.futures tests.
(cherry picked from commit 9707e8e22d)
Commit 6b5b013bcc ("bpo-26978: Implement pathlib.Path.link_to (Using
os.link) (GH-12990)") introduced a new link_to method in pathlib. However,
this makes pathlib crash when the 'os' module is missing a 'link' method.
Fix this by checking for the presence of the 'link' method on pathlib
module import, and if it's not present, turn it into a runtime error like
those emitted when there is no lchmod() or symlink().
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
(cherry picked from commit 092435e932)
Co-authored-by: Toke Høiland-Jørgensen <toke@redhat.com>
When parsing an "elif" node, lineno and col_offset of the node now point to the "elif" keyword and not to its condition, making it consistent with the "if" node.
https://bugs.python.org/issue39031
Automerge-Triggered-By: @pablogsal
(cherry picked from commit 025a602af7)
Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
* bpo-39022, bpo-38594: Sync with importlib_metadata 1.3 including improved docs for custom finders and better serialization support in EntryPoints.
* 📜🤖 Added by blurb_it.
* Correct module reference
(cherry picked from commit b7a0109cd2)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
This has happened on some versions of Ubuntu.
(cherry picked from commit bbc4162baf)
Co-authored-by: JohnnyNajera <58344607+JohnnyNajera@users.noreply.github.com>
Also allows winreg.CloseKey() to accept same types as other functions.
(cherry picked from commit ee17e37356)
Co-authored-by: Steve Dower <steve.dower@python.org>
Fix asyncio when the ssl module is missing: only check for
ssl.SSLSocket instance if the ssl module is available.
(cherry picked from commit 82b4950b5e)
Co-authored-by: Victor Stinner <vstinner@python.org>
Fix test_pty: if the process is the session leader, closing the
master file descriptor raises a SIGHUP signal: simply ignore SIGHUP
when running the tests.
(cherry picked from commit a1838ec259)
Co-authored-by: Victor Stinner <vstinner@python.org>
This means a clearer message is now shown when patch.object is called with two string arguments, rather than a class and a string argument.
(cherry picked from commit cd90a52983)
Co-authored-by: Elena Oat <oat.elena@gmail.com>
Fix a potential IndexError when passing an empty value to the message-id
parser. Instead, HeaderParseError should be raised.
(cherry picked from commit 3ae4ea1931)
Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
This adds a new InvalidMessageID token to the email header parser which can be
used to represent invalid message-id headers in the parse tree.
(cherry picked from commit 68157da8b4)
Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
now contextvars.ContextVar "__class_getitem__" method returns ContextVar class, not None.
https://bugs.python.org/issue38979
Automerge-Triggered-By: @asvetlov
(cherry picked from commit 28c91631c2)
Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>
test_openssl_version now accepts version 3.0.0.
getpeercert() no longer returns IPv6 addresses with a trailing new line.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
(cherry picked from commit 2b7de6696b)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38820
Automerge-Triggered-By: @tiran
On most platforms, the `environ` symbol is accessible everywhere.
In a dylib on OSX, it's not easily accessible, you need to find it with
_NSGetEnviron.
The code was caching the *value* of environ. But a setenv() can change the value,
leaving garbage at the old value. Fix: don't cache the value of environ, just
read it every time.
(cherry picked from commit 723f71abf7)
Co-authored-by: Benoit Hudson <benoit@imgspc.com>
Note that the support is not actually enabled yet, and so we won't be publishing these packages. However, for those who want to build it themselves (even by reusing the Azure Pipelines definition), it's now relatively easy to enable.
Break cycle generated when saving an exception in socket.py, codeop.py and dyld.py as they keep alive not only the exception but user objects through the ``__traceback__`` attribute.
https://bugs.python.org/issue36820
Automerge-Triggered-By: @pablogsal
(cherry picked from commit b64334cb93)
Co-authored-by: Mario Corchero <mcorcherojim@bloomberg.net>
parse_message_id() was improperly using a token defined inside an exception
handler, which was raising `UnboundLocalError` on parsing an invalid value.
https://bugs.python.org/issue38698
(cherry picked from commit bb815499af)
Co-authored-by: Claudiu Popa <pcmanticore@gmail.com>
Use the "volatile" keyword to prevent tail call optimization
on any compiler, rather than relying on compiler specific pragma.
(cherry picked from commit 8b787964e0)
Co-authored-by: Victor Stinner <vstinner@python.org>
The readline module now detects if Python is linked to libedit at runtime
on all platforms. Previously, the check was only done on macOS.
If Python is used as a library by a binary linking to libedit, the linker
resolves the rl_initialize symbol required by the readline module against
libedit instead of libreadline, which leads to a segfault.
Take advantage of the existing supporting code to have readline module being
compatible with both situations.
(cherry picked from commit 7105319ada)
Co-authored-by: serge-sans-paille <serge.guelton@telecom-bretagne.eu>
SpooledTemporaryFile.rollback() might cause data corruption
when it is in text mode.
Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit ea9835c5d1)
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
Extra newlines are removed at the end of non-shell files. If the file only has newlines after stripping other trailing whitespace, all are removed, as is done by patchcheck.py.
(cherry picked from commit 6bf644ec82)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* fix HTTP Digest handling in request.py
There is a bug triggered when server replies to a request with `WWW-Authenticate: Digest` where `qop="auth,auth-int"` rather than mere `qop="auth"`. Having both `auth` and `auth-int` is legitimate according to the `qop-options` rule in §3.2.1 of [[https://www.ietf.org/rfc/rfc2617.txt|RFC 2617]]:
> qop-options = "qop" "=" <"> 1GH-qop-value <">
> qop-value = "auth" | "auth-int" | token
> **qop-options**: [...] If present, it is a quoted string **of one or more** tokens indicating the "quality of protection" values supported by the server. The value `"auth"` indicates authentication; the value `"auth-int"` indicates authentication with integrity protection
This is description confirmed by the definition of the [//n//]`GH-`[//m//]//rule// extended-BNF pattern defined in §2.1 of [[https://www.ietf.org/rfc/rfc2616.txt|RFC 2616]] as 'a comma-separated list of //rule// with at least //n// and at most //m// items'.
When this reply is parsed by `get_authorization`, request.py only tests for identity with `'auth'`, failing to recognize it as one of the supported modes the server announced, and claims that `"qop 'auth,auth-int' is not supported"`.
* 📜🤖 Added by blurb_it.
* bpo-38686 review fix: remember why.
* fix trailing space in Lib/urllib/request.py
Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com>
(cherry picked from commit 14a89c4798)
Co-authored-by: PypeBros <PypeBros@users.noreply.github.com>
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).
LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.
The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to
\d+-\w+-\d+(\s*\s*\s*)$
Therefore, a long sequence of spaces can trigger bad performance.
Matching a malicious string such as
LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")
caused catastrophic backtracking.
The fix removes ambiguity about which \s* should match a particular
space.
You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.
from http.server import BaseHTTPRequestHandler, HTTPServer
def make_set_cookie_value(n_spaces):
spaces = " " * n_spaces
expiry = f"1-c-1{spaces}!"
return f"b;Expires={expiry}"
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
self.log_request(204)
self.send_response_only(204) GH- Don't bother sending Server and Date
n_spaces = (
int(self.path[1:]) GH- Can GET e.g. /100 to test shorter sequences
if len(self.path) > 1 else
65506 GH- Max header line length 65536
)
value = make_set_cookie_value(n_spaces)
for i in range(99): GH- Not necessary, but we can have up to 100 header lines
self.send_header("Set-Cookie", value)
self.end_headers()
if __name__ == "__main__":
HTTPServer(("", 44020), Handler).serve_forever()
This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.
Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :
import http.cookiejar, urllib.request
cj = http.cookiejar.CookieJar()
opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
r = opener.open("http://localhost:44020/")
The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):
import requests
requests.get("http://localhost:44020/")
* Regression test for http.cookiejar REDoS
If we regress, this test will take a very long time.
* Improve performance of http.cookiejar.ISO_DATE_RE
A string like
"444444" + (" " * 2000) + "A"
could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.
(cherry picked from commit 1b779bfb85)
Co-authored-by: bcaller <bcaller@users.noreply.github.com>
test_capi: trashcan tests now require the test "cpu" resource.
(cherry picked from commit 0127bb1c5c)
Co-authored-by: Victor Stinner <vstinner@python.org>
on platforms lacking a functional bind() for named unix domain sockets
https://bugs.python.org/issue38841
Automerge-Triggered-By: @asvetlov
(cherry picked from commit 559bad1a70)
Co-authored-by: xdegaye <xdegaye@gmail.com>
These Format menu functions (default shortcuts Alt-T and Alt-U)
were mistakenly disabled in 3.7.5 and 3.8.0.
(cherry picked from commit b8462477bf)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
This PR implements a fix for `multiprocessing.Process` objects; the error occurs when Processes are created using either `fork` or `forkserver` as the `start_method`.
In these instances, the `MainThread` of the newly created `Process` object retains all attributes from its parent's `MainThread` object, including the `native_id` attribute. The resulting behavior is such that the new process' `MainThread` captures an incorrect/outdated `native_id` (the parent's instead of its own).
This change forces the Process object to update its `native_id` attribute during the bootstrap process.
cc @vstinner
https://bugs.python.org/issue38707
Automerge-Triggered-By: @pitrou
(cherry picked from commit c6b20be85c)
Co-authored-by: Jake Tesler <jake.tesler@gmail.com>
Ignore `GeneratorExit` exceptions when throwing an exception into the `aclose` coroutine of an asynchronous generator.
https://bugs.python.org/issue35409
(cherry picked from commit 8e0de2a480)
Co-authored-by: Vincent Michel <vxgmichel@gmail.com>
Ensure isabs() is always True for \\?\ prefixed paths
Avoid unnecessary usage of readlink() to avoid resolving broken links incorrectly
Ensure shutil tests run in test directory
Small docs update for [bpo-34651](https://bugs.python.org/issue34651).
Other references to fork (e.g. the PyOS.*Fork functions or discussions of fork() when embedding Python) point back to os.fork, so I don't think any other updates are needed.
https://bugs.python.org/issue38778
Automerge-Triggered-By: @ericsnowcurrently
(cherry picked from commit b22030073b)
Co-authored-by: Phil Connell <pconnell@gmail.com>
The C-API docs are a bit sparse on the interplay between C `fork()` and the CPython runtime. This change adds some more information on the subject.
https://bugs.python.org/issue38816
(cherry picked from commit 73cdb0c6b2)
Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com>
if parent `__init__` is not called from a constructor of object derived from `asyncio.Future`
https://bugs.python.org/issue38785
(cherry picked from commit dad6be5ffe)
Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
This immediately toggles shell, editor, and output windows, but does not affect other input widgets.
(cherry picked from commit 9c2844927d)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
This change, which follows the behavior of C stdio's fdopen and Python 2's file object, allows pipes to be opened in append mode..
(cherry picked from commit 74fa9f723f)
Whenever I use `path.suffix` I have to check again whether it includes the dot or not. I decided to add it to the docstring so I won't have to keep checking.
https://bugs.python.org/issue38422
Automerge-Triggered-By: @pitrou
(cherry picked from commit 8d4fef4ee2)
Co-authored-by: Ram Rachum <ram@rachum.com>
These are valid even in python 2.7
https://bugs.python.org/issue33348
Automerge-Triggered-By: @gpshead
(cherry picked from commit 96b06aefe2)
Co-authored-by: Zsolt Dollenstein <zsol.zsol@gmail.com>
bpo-34679, bpo-38563: asyncio.ProactorEventLoop.close() now only calls
signal.set_wakeup_fd() in the main thread.
(cherry picked from commit 1b53a24fb4)
Co-authored-by: Victor Stinner <vstinner@python.org>
Fix stdatomic.h header check for ICC compiler: the ICC implementation
lacks atomic_uintptr_t type which is needed by Python.
Test:
* atomic_int and atomic_uintptr_t types
* atomic_load_explicit() and atomic_store_explicit()
* memory_order_relaxed and memory_order_seq_cst constants
But don't test ATOMIC_VAR_INIT(): it's not used in Python.
(cherry picked from commit 028f7349a0)
Co-authored-by: Victor Stinner <vstinner@python.org>
The reverse iterator for empty dictionaries was not handling correctly shared-key dictionaries.
(cherry picked from commit 24dc2f8c56)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* bpo-27657: Fix urlparse() with numeric paths
Revert parsing decision from bpo-754016 in favor of the documented
consensus in bpo-16932 of how to treat strings without a // to
designate the netloc.
* bpo-22891: Remove urlsplit() optimization for 'http' prefixed inputs.
(cherry picked from commit 5a88d50ff0)
Co-authored-by: Tim Graham <timograham@gmail.com>
Also updates the documentation to clarify the situation surrounding
the digestmod parameter that is required despite its position in the
argument list as of 3.8.0 as well as removing old python2 era
references to "binary strings".
We indavertently had this raise ValueError in 3.8.0 for the missing
arg. This is not considered an API change as no reasonable code would
be catching this missing argument error in order to handle it.
(cherry picked from commit f33c57d5c7)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
main() is now responsible to send the ANSWER, rather than
ServerProto. main() now waits until it got the HELLO before sending
the ANSWER over the new transport.
Previously, there was a race condition between main() replacing the
protocol and the protocol sending the ANSWER once it gets the HELLO.
TLSv1.3 was disabled for the test: reenable it.
(cherry picked from commit fab4ef2df0)
Co-authored-by: Victor Stinner <vstinner@python.org>
* bpo-36389: _PyObject_CheckConsistency() available in release mode (GH-16612)
bpo-36389, bpo-38376: The _PyObject_CheckConsistency() function is
now also available in release mode. For example, it can be used to
debug a crash in the visit_decref() function of the GC.
Modify the following functions to also work in release mode:
* _PyDict_CheckConsistency()
* _PyObject_CheckConsistency()
* _PyType_CheckConsistency()
* _PyUnicode_CheckConsistency()
Other changes:
* _PyMem_IsPtrFreed(ptr) now also returns 1 if ptr is NULL
(equals to 0).
* _PyBytesWriter_CheckConsistency() now returns 1 and is only used
with assert().
* Reorder _PyObject_Dump() to write safe fields first, and only
attempt to render repr() at the end.
(cherry picked from commit 6876257eaa)
* bpo-36389: Fix _PyBytesWriter in release mode (GH-16624)
Fix _PyBytesWriter API when Python is built in release mode with
assertions.
(cherry picked from commit 60ec6efd96)
* bpo-38070: Enhance visit_decref() debug trace (GH-16631)
subtract_refs() now pass the parent object to visit_decref() which
pass it to _PyObject_ASSERT(). So if the "is freed" assertion fails,
the parent is used in debug trace, rather than the freed object. The
parent object is more likely to contain useful information. Freed
objects cannot be inspected are are displayed as "<object at xxx is
freed>" with no other detail.
(cherry picked from commit 4d5f94b8cd)
* Fix also a typo in PYMEM_DEADBYTE macro comment
* bpo-36389: Add newline to _PyObject_AssertFailed() (GH-16629)
Add a newline between the verbose object dump and the Py_FatalError()
logs for readability.
(cherry picked from commit 7775349895)
The symbol table handing of PEP572's assignment expressions is not resolving correctly the scope of some variables in presence of global/nonlocal keywords in conjunction with comprehensions.
(cherry picked from commit fd5c414880)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
KeyError should cause a failure in parsing the encoded word and should be caught and raised as a _InvalidEWError instead.
(cherry picked from commit 65dcc8a8dc)
Co-authored-by: Andrei Troie <andreitroie90@gmail.com>
This reverts commit 87bd2071c7.
The reason for revert is a regression caused by the change in 3.8.0rc1, see bpo-38449 for more details.
https://bugs.python.org/issue38449
(cherry picked from commit 19a3d87300)
Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
Add SMTPNotSupportedError in the exports of smtplib
Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com>
(cherry picked from commit 3faf826e58)
Co-authored-by: nde <denayer.norman@gmail.com>
pathfix.py: Assume all files that end on '.py' are Python scripts when working recursively.
(cherry picked from commit 2b7dc40b2a)
Co-authored-by: Ruediger Pluem <r.pluem@gmx.de>
Add missing stat.S_IFDOOR, stat.S_IFPORT, stat.S_IFWHT,
stat.S_ISDOOR, stat.S_ISPORT, and stat.S_ISWHT values to
the Python implementation of the stat module.
(cherry picked from commit 7bb14316b8)
Co-authored-by: Ronan Lamy <ronan.lamy@gmail.com>
* [bpo-38379](https://bugs.python.org/issue38379): when a finalizer resurrects an object,
nothing is actually collected in this run of gc.
Change the stats to relect that truth.
(cherry picked from commit ecbf35f933)
Co-authored-by: Tim Peters <tim.peters@gmail.com>
https://bugs.python.org/issue38379
Automerge-Triggered-By: @pablogsal
bpo-37531, bpo-38207: On timeout, regrtest no longer attempts to call
`popen.communicate() again: it can hang until all child processes
using stdout and stderr pipes completes. Kill the worker process and
ignores its output.
Reenable test_regrtest.test_multiprocessing_timeout().
bpo-37531: Change also the faulthandler timeout of the main process
from 1 minute to 5 minutes, for Python slowest buildbots.
(cherry picked from commit 0ec618af98)
Co-authored-by: Victor Stinner <vstinner@python.org>
The implementation of weakref.proxy's methods call back into the Python
API using a borrowed references of the weakly referenced object
(acquired via PyWeakref_GET_OBJECT). This API call may delete the last
reference to the object (either directly or via GC), leaving a dangling
pointer, which can be subsequently dereferenced.
To fix this, claim a temporary ownership of the referenced object when
calling the appropriate method. Some functions because at the moment they
do not need to access the borrowed referent, but to protect against
future changes to these functions, ownership need to be fixed in
all potentially affected methods..
(cherry picked from commit 10cd00a9e3)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
Valgrind emits "Conditional jump or move depends on uninitialised
value(s)" false alarms on GCC builtin strcmp() function. The GCC code
is correct.
Valgrind bug: https://bugs.kde.org/show_bug.cgi?id=264936
(cherry picked from commit 03ab6b4fc6)
Co-authored-by: Victor Stinner <vstinner@python.org>
It now escapes them with a backslash, as the regular Python interpreter.
Added the "errors" field to the standard streams.
(cherry picked from commit b690a2759e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Prior to 3.7, re.escape escaped many characters that don't have
special meaning in Python, but that use to require escaping in other
tools and languages. This commit aims to make it clear which characters
were, but are no longer escaped.
(cherry picked from commit 15ae75d660)
Co-authored-by: Ricardo Bánffy <rbanffy@gmail.com>
On Windows use UTF-16 (or UTF-32 for 32-bit Tcl_UniChar) with the
"surrogatepass" error handler for converting to/from Tcl Unicode objects.
On Linux use UTF-8 with the "surrogateescape" error handler for converting
to/from Tcl String objects.
Converting strings from Tcl to Python and back now never fails
(except MemoryError).
(cherry picked from commit 06cb94bc84)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
For now, we'll rely on the fact that the config structures aren't covered by the stable ABI.
We may revisit this in the future if we further explore the idea of offering a stable embedding API.
Fix a bug due to the interaction of weakrefs and the cyclic garbage
collector. We must clear any weakrefs in garbage in order to prevent
their callbacks from executing and causing a crash.
(cherry picked from commit bcda460baf)
Co-authored-by: Neil Schemenauer <nas-github@arctrix.com>
Fix warnings options priority: PyConfig.warnoptions has the highest
priority, as stated in the PEP 587.
* Document options order in PyConfig.warnoptions documentation.
* Make PyWideStringList_INIT macro private: replace "Py" prefix
with "_Py".
* test_embed: add test_init_warnoptions().
(cherry picked from commit fb4ae152a9)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
Document that lnotab can contain invalid bytecode offsets (because of
terrible reasons that are difficult to fix). Make dis.findlinestarts()
ignore invalid offsets in lnotab. All other uses of lnotab in CPython
(various reimplementations of addr2line or line2addr in Python, C and gdb)
already ignore this, because they take an address to look for, instead.
Add tests for the result of dis.findlinestarts() on wacky constructs in
test_peepholer.py, because it's the easiest place to add them.
(cherry picked from commit c8165036f3)
* bpo-38216: Allow bypassing input validation
* bpo-36274: Also allow the URL encoding to be overridden.
* bpo-38216, bpo-36274: Add tests demonstrating a hook for overriding validation, test demonstrating override encoding, and a test to capture expectation of the interface for the URL.
* Call with skip_host to avoid tripping on the host checking in the URL.
* Remove obsolete comment.
* Make _prepare_path_encoding its own attr.
This makes overriding just that simpler.
Also, don't use the := operator to make backporting easier.
* Add a news entry.
* _prepare_path_encoding -> _encode_prepared_path()
* Once again separate the path validation and request encoding, drastically simplifying the behavior. Drop the guarantee that all processing happens in _prepare_path.
(cherry picked from commit 7774d7831e)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Add a new struct_size field to PyPreConfig and PyConfig structures to
allow to modify these structures in the future without breaking the
backward compatibility.
* Replace private _config_version field with public struct_size field
in PyPreConfig and PyConfig.
* Public PyPreConfig_InitIsolatedConfig() and
PyPreConfig_InitPythonConfig()
return type becomes PyStatus, instead of void.
* Internal _PyConfig_InitCompatConfig(),
_PyPreConfig_InitCompatConfig(), _PyPreConfig_InitFromConfig(),
_PyPreConfig_InitFromPreConfig() return type becomes PyStatus,
instead of void.
* Remove _Py_CONFIG_VERSION
* Update the Initialization Configuration documentation.
(cherry picked from commit 441b10cf28)
Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.
(cherry picked from commit e8650a4f8c)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
test_ssl now handles disabled TLS/SSL versions better. OpenSSL's crypto
policy and run-time settings are recognized and tests for disabled versions
are skipped.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38275
(cherry picked from commit df6ac7e2b8)
* bpo-38234: Py_SetPath() uses the program full path (GH-16357)
Py_SetPath() now sets sys.executable to the program full path
(Py_GetProgramFullPath()), rather than to the program name
(Py_GetProgramName()).
Fix also memory leaks in pathconfig_set_from_config().
(cherry picked from commit 1ce152a42e)
* bpo-38234: Add tests for Python init path config (GH-16358)
(cherry picked from commit bb6bf7d342)
* bpo-38234: test_embed: test pyvenv.cfg and pybuilddir.txt (GH-16366)
Add test_init_pybuilddir() and test_init_pyvenv_cfg() to test_embed
to test pyvenv.cfg and pybuilddir.txt configuration files.
Fix sysconfig._generate_posix_vars(): pybuilddir.txt uses UTF-8
encoding, not ASCII.
(cherry picked from commit 52ad33abbf)
* bpo-38234: Cleanup getpath.c (GH-16367)
* search_for_prefix() directly calls reduce() if found is greater
than 0.
* Add calculate_pybuilddir() subfunction.
* search_for_prefix(): add path string buffer for readability.
* Fix some error handling code paths: release resources on error.
* calculate_read_pyenv(): rename tmpbuffer to filename.
* test.pythoninfo now also logs windows.dll_path
(cherry picked from commit 221fd84703)
* bpo-38234: Fix test_embed pathconfig tests (GH-16390)
bpo-38234: On macOS and FreeBSD, the temporary directory can be
symbolic link. For example, /tmp can be a symbolic link to /var/tmp.
Call realpath() to resolve all symbolic links.
(cherry picked from commit 00508a7407)
* bpo-38234: Add test_init_setpath_config() to test_embed (GH-16402)
* Add test_embed.test_init_setpath_config(): test Py_SetPath()
with PyConfig.
* test_init_setpath() and test_init_setpythonhome() no longer call
Py_SetProgramName(), but use the default program name.
* _PyPathConfig: isolated, site_import and base_executable
fields are now only available on Windows.
* If executable is set explicitly in the configuration, ignore
calculated base_executable: _PyConfig_InitPathConfig() copies
executable to base_executable.
* Complete path config documentation.
(cherry picked from commit 8bf39b606e)
* bpo-38234: Complete init config documentation (GH-16404)
(cherry picked from commit 88feaecd46)
* bpo-38234: Fix test_embed.test_init_setpath_config() on FreeBSD (GH-16406)
Explicitly preinitializes with a Python preconfiguration to avoid
Py_SetPath() implicit preinitialization with a compat
preconfiguration.
Fix also test_init_setpath() and test_init_setpythonhome() on macOS:
use self.test_exe as the executable (and base_executable), rather
than shutil.which('python3').
(cherry picked from commit 49d99f01e6)
* bpo-38234: Py_Initialize() sets global path configuration (GH-16421)
* Py_InitializeFromConfig() now writes PyConfig path configuration to
the global path configuration (_Py_path_config).
* Add test_embed.test_get_pathconfig().
* Fix typo in _PyWideStringList_Join().
(cherry picked from commit 12f2f177fc)
The private keys for test_ssl were encrypted with 3DES in traditional
PKCSGH-5 format. 3DES and the digest algorithm of PKCSGH-5 are blocked by
some strict crypto policies. Use PKCSGH-8 format with AES256 encryption
instead.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38271
Automerge-Triggered-By: @tiran
(cherry picked from commit bfd0c963d8)
Co-authored-by: Christian Heimes <christian@python.org>
Make it easier to run and test Python on systems with restrict crypto policies:
* add requires_hashdigest to test.support to check if a hash digest algorithm is available and working
* avoid MD5 in test_hmac
* replace MD5 with SHA256 in test_tarfile
* mark network tests that require MD5 for MD5-based digest auth or CRAM-MD5
https://bugs.python.org/issue38270
(cherry picked from commit c64a1a61e6)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38270
Automerge-Triggered-By: @tiran
* bpo-37064: Add option -k to Tools/scripts/pathfix.py (GH-15548)
Add flag -k to pathscript.py script: preserve shebang flags.
(cherry picked from commit 50254ac4c1)
* bpo-37064: Add option -a to pathfix.py tool (GH-15717)
Add option -a to Tools/Scripts/pathfix.py script: add flags.
(cherry picked from commit 1dc1acbd73)
Miss Islington (bot)
Serhiy Storchaka
Stefan Krah
Pablo Galindo
Gregory P. Smith
Łukasz Langa
Dong-hee Na
Senthil Kumaran
Steve Dower
Lysandros Nikolaou
Antoine Pitrou
mbarkhau
Matthew Kokotovich
Alex Rebert
Karthikeyan Singaravelan
toonarmycaptain
Andrew Svetlov
Éric Araujo
Bar Harel
Victor Stinner
Ned Deily
Bruno P. Kinoshita
Terry Jan Reedy
Lisa Roach
Benjamin Peterson
Senthil Kumaran
Abhilash Raj
Victor Stinner
Yury Selivanov
Christian Heimes
Michael Felt