Commit Graph

1985 Commits

Author SHA1 Message Date
Yonatan Goldschmidt 1c56f8ffad
bpo-39382: Avoid dangling object use in abstract_issubclass() (GH-18530)
Hold reference of __bases__ tuple until tuple item is done with, because by
dropping the reference the item may be destroyed.
2020-02-22 15:11:48 +02:00
Christopher Hunt c2ac4cf040
bpo-35727: Use exit code 0 on sys.exit() in multiprocessing.Process. (GH-11538) 2020-02-21 10:33:04 +01:00
alclarks d4331c56b4
bpo-9495: avoid confusing chained exception in argparse test (GH-17120) 2020-02-21 10:48:36 +02:00
ananthan-123 f2ee21d858
bpo-39479:Add math.lcm() function: Least Common Multiple (#18547)
* Update math.rst

* Update math.rst

* updated whats new

* Update test_math.py

* Update mathmodule.c

* Update mathmodule.c.h

* Update ACKS

* 📜🤖 Added by blurb_it.

* Update 3.9.rst

* Update 2020-02-18-12-37-16.bpo-39479.j3UcCq.rst

* Update math.rst

* Update 2020-02-18-12-37-16.bpo-39479.j3UcCq.rst

* Update test_math.py

* Update ACKS

* Update mathmodule.c.h

* Update mathmodule.c

* Update mathmodule.c.h

* Update mathmodule.c.h

Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
2020-02-19 18:21:37 +00:00
Kyle Meyer 8edfc47bae
bpo-39546: argparse: Honor allow_abbrev=False for specified prefix_chars (GH-18337)
When `allow_abbrev` was first added, disabling the abbreviation of
long options broke the grouping of short flags ([bpo-26967](https://bugs.python.org/issue26967)).  As a fix,
b1e4d1b603 (contained in v3.8) ignores `allow_abbrev=False` for a
given argument string if the string does _not_ start with "--"
(i.e. it doesn't look like a long option).

This fix, however, doesn't take into account that long options can
start with alternative characters specified via `prefix_chars`,
introducing a regression: `allow_abbrev=False` has no effect on long
options that start with an alternative prefix character.

The most minimal fix would be to replace the "starts with --" check
with a "starts with two prefix_chars characters".  But
`_get_option_tuples` already distinguishes between long and short
options, so let's instead piggyback off of that check by moving the
`allow_abbrev` condition into `_get_option_tuples`.





https://bugs.python.org/issue39546
2020-02-18 01:48:57 -08:00
William Chargin 674935b8ca
bpo-18819: tarfile: only set device fields for device files (GH-18080)
The GNU docs describe the `devmajor` and `devminor` fields of the tar
header struct only in the context of character and block special files,
suggesting that in other cases they are not populated. Typical utilities
behave accordingly; this patch teaches `tarfile` to do the same.
2020-02-12 11:56:02 -08:00
Hugo van Kemenade 29b3fc0a18
bpo-39586: Deprecate distutils bdist_msi command (GH-18415) 2020-02-10 14:26:40 +01:00
Bruce Merry d07d9f4c43
bpo-36051: Drop GIL during large bytes.join() (GH-17757)
Improve multi-threaded performance by dropping the GIL in the fast path
of bytes.join. To avoid increasing overhead for small joins, it is only
done if the output size exceeds a threshold.
2020-01-29 16:09:24 +09:00
William Woodruff dd754caf14 bpo-29435: Allow is_tarfile to take a filelike obj (GH-18090)
`is_tarfile()` now supports `name` being a file or file-like object.
2020-01-22 18:24:16 -08:00
Géry Ogam 1d1b97ae64 bpo-39048: Look up __aenter__ before __aexit__ in async with (GH-17609)
* Reorder the __aenter__ and __aexit__ checks for async with
* Add assertions for async with body being skipped
* Swap __aexit__ and __aenter__ loading in the documentation
2020-01-14 21:58:29 +10:00
Jendrik Seipp 5b9077134c bpo-13601: always use line-buffering for sys.stderr (GH-17646) 2020-01-01 23:21:43 +01:00
Oleg Höfling cbd0408b54 links in importlib.metadata.rst replaced with sphinx references (GH-17730)
The importlib.metadata documentation uses hardcoded links to internal
pages. This results in minor rendering issues. This change replaces
the hardcoded links with suitable Sphinx roles.

Signed-off-by: Oleg Höfling <oleg.hoefling@gmail.com>
2019-12-29 12:26:35 -05:00
Éric Araujo 3c75f31bb2
Add comment to avoid ACKS losing order (GH-17678) 2019-12-23 12:03:30 -05:00
Éric Araujo dd1a20f324
reorder entries in Misc/ACKS (#17663) 2019-12-20 09:53:33 -05:00
Xtreak 79f02fee1a bpo-39033: Fix NameError in zipimport during hash validation (GH-17588)
Patch by Karthikeyan Singaravelan.
2019-12-16 09:34:12 +10:00
Tim Gates c18b805ac6 bpo-39002: Fix simple typo: tranlation -> translation (GH-17517) 2019-12-09 09:42:17 -08:00
Anj-A 4443450fda bpo-38652: Remove provisional note for asyncio.BufferedProtocol (GH-17047)
https://bugs.python.org/issue38652
2019-12-07 04:53:12 -08:00
Benoit Hudson 723f71abf7 bpo-37931: Fix crash on OSX re-initializing os.environ (GH-15428)
On most platforms, the `environ` symbol is accessible everywhere.

In a dylib on OSX, it's not easily accessible, you need to find it with
_NSGetEnviron.

The code was caching the *value* of environ. But a setenv() can change the value,
leaving garbage at the old value. Fix: don't cache the value of environ, just
read it every time.
2019-12-06 20:15:03 +01:00
bcaller 1b779bfb85 bpo-38804: Fix REDoS in http.cookiejar (GH-17157)
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).

LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.

The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to

    \d+-\w+-\d+(\s*\s*\s*)$

Therefore, a long sequence of spaces can trigger bad performance.

Matching a malicious string such as

    LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")

caused catastrophic backtracking.

The fix removes ambiguity about which \s* should match a particular
space.

You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.

    from http.server import BaseHTTPRequestHandler, HTTPServer

    def make_set_cookie_value(n_spaces):
        spaces = " " * n_spaces
        expiry = f"1-c-1{spaces}!"
        return f"b;Expires={expiry}"

    class Handler(BaseHTTPRequestHandler):
        def do_GET(self):
            self.log_request(204)
            self.send_response_only(204)  # Don't bother sending Server and Date
            n_spaces = (
                int(self.path[1:])  # Can GET e.g. /100 to test shorter sequences
                if len(self.path) > 1 else
                65506  # Max header line length 65536
            )
            value = make_set_cookie_value(n_spaces)
            for i in range(99):  # Not necessary, but we can have up to 100 header lines
                self.send_header("Set-Cookie", value)
            self.end_headers()

    if __name__ == "__main__":
        HTTPServer(("", 44020), Handler).serve_forever()

This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.

Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :

    import http.cookiejar, urllib.request
    cj = http.cookiejar.CookieJar()
    opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
    r = opener.open("http://localhost:44020/")

The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):

    import requests
    requests.get("http://localhost:44020/")

* Regression test for http.cookiejar REDoS

If we regress, this test will take a very long time.

* Improve performance of http.cookiejar.ISO_DATE_RE

A string like

"444444" + (" " * 2000) + "A"

could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.
2019-11-22 15:22:11 +01:00
Ilya Kulakov d6d6e2aa02 Add Ilya Kulakov to Misc/ACKS. (GH-17130)
Contributions on bpo-26467 and bpo-29302.
2019-11-12 18:33:04 -08:00
Tyler Kieft f548a3e4a2 bpo-38303: Make audioop extension module PEP-384 compatible (GH-16497)
https://bugs.python.org/issue38303



Automerge-Triggered-By: @encukou
2019-10-22 06:07:03 -07:00
Samuel Colvin 822922af90 bpo-35800: Deprecate smtpd.MailmanProxy (GH-11675)
Since `smtpd.MailmanProxy` is already broken, it is not formally deprecated in 3.9. It will be removed in 3.10.


https://bugs.python.org/issue35800
2019-10-12 10:24:26 -07:00
Elizabeth Uselton d6a9d17d8b bpo-37555: Update _CallList.__contains__ to respect ANY (#14700)
* Flip equality to use mock calls' __eq__

* bpo-37555: Regression test demonstrating assert_has_calls not working with ANY and spec_set

Co-authored-by: Neal Finne <neal@nealfinne.com>

* Revert "Flip equality to use mock calls' __eq__"

This reverts commit 94ddf54c5a.

* bpo-37555: Add regression tests for mock ANY ordering issues

Add regression tests for whether __eq__ is order agnostic on _Call and _CallList, which is useful for comparisons involving ANY, especially if the ANY comparison is to a class not defaulting __eq__ to NotImplemented.

Co-authored-by: Neal Finne <neal@nealfinne.com>

* bpo-37555: Fix _CallList and _Call order sensitivity

_Call and _CallList depend on ordering to correctly process that an object being compared to ANY with __eq__ should return True. This fix updates the comparison to check both a == b and b == a and return True if either condition is met, fixing situations from the tests in the previous two commits where assertEqual would not be commutative if checking _Call or _CallList objects. This seems like a reasonable fix considering that the Python data model specifies that if an object doesn't know how to compare itself to another object it should return NotImplemented, and that on getting NotImplemented from a == b, it should try b == a, implying that good behavior for __eq__ is commutative. This also flips the order of comparison in _CallList's __contains__ method, guaranteeing ANY will be on the left and have it's __eq__ called for equality checking, fixing the interaction between assert_has_calls and ANY.

Co-author: Neal Finne <neal@neal.finne.com>

* bpo-37555: Ensure _call_matcher returns _Call object

* Adding ACK and news entry

* bpo-37555: Replacing __eq__ with == to sidestep NotImplemented

bool(NotImplemented) returns True, so it's necessary to use ==
instead of __eq__ in this comparison.

* bpo-37555: cleaning up changes unnecessary to the final product

* bpo-37555: Fixed call on bound arguments to respect args and kwargs

* Revert "bpo-37555: Add regression tests for mock ANY ordering issues"

This reverts commit 49c5310ad4.

* Revert "bpo-37555: cleaning up changes unnecessary to the final product"

This reverts commit 18e964ba01.

* Revert "bpo-37555: Replacing __eq__ with == to sidestep NotImplemented"

This reverts commit f295eaca5b.

* Revert "bpo-37555: Fix _CallList and _Call order sensitivity"

This reverts commit 874fb697b8.

* Updated NEWS.d

* bpo-37555: Add tests checking every function using _call_matcher both with and without spec

* bpo-37555: Ensure all assert methods using _call_matcher are actually passing calls

* Remove AnyCompare and use call objects everywhere.

* Revert "Remove AnyCompare and use call objects everywhere."

This reverts commit 24973c0b32.

* Check for exception in assert_any_await
2019-09-13 16:54:32 +01:00
toonarmycaptain 0cc27417f2 Improve clarity of try-return-finally-return (GH-15677)
Clarify execution in try-return-finally-return case.
2019-09-11 17:37:13 +02:00
Ben Lewis 92420b3e67 bpo-37409: fix relative import with no parent (#14956)
Relative imports use resolve_name to get the absolute target name,
which first seeks the current module's absolute package name from the globals:
If __package__ (and __spec__.parent) are missing then
import uses __name__, truncating the last segment if
the module is a submodule rather than a package __init__.py
(which it guesses from whether __path__ is defined).

The __name__ attempt should fail if there is no parent package (top level modules),
if __name__ is '__main__' (-m entry points), or both (scripts).
That is, if both __name__ has no subcomponents and the module does not seem
to be a package __init__ module then import should fail.
2019-09-11 11:09:47 +01:00
Raymond Hettinger e4810b2a6c
bpo-36324: Apply review comments from Allen Downey (GH-15693) 2019-09-05 00:18:47 -07:00
GeeTransit 2cd9025858 bpo-37902: IDLE: Add scrolling for IDLE browsers. (#15368)
Modify the wheel event handler so it can also be used for module, path, and stack browsers.
Patch by George Zhang.
2019-09-04 21:33:33 -04:00
Ashwin Ramaswami c5b242f87f bpo-37764: Fix infinite loop when parsing unstructured email headers. (GH-15239)
Fixes a case in which email._header_value_parser.get_unstructured hangs the system for some invalid headers. This covers the cases in which the header contains either:
- a case without trailing whitespace
- an invalid encoded word

https://bugs.python.org/issue37764

This fix should also be backported to 3.7 and 3.8


https://bugs.python.org/issue37764
2019-08-31 08:25:35 -07:00
Justin Blanchard 122376df55 bpo-37372: Fix error unpickling datetime.time objects from Python 2 with seconds>=24. (GH-14307) 2019-08-29 10:36:15 +03:00
Daniel Fortunov 2a16eea71f bpo-36582: Make collections.UserString.encode() return bytes, not str (GH-13138) 2019-08-27 21:38:09 -07:00
Ethan Furman 3224e1a6bb
Add Florian Ernst to ACKS (GH-15524) 2019-08-27 14:18:05 -07:00
Antoine d3c8d73514 Minor documentation fixes on library/enum (GH-15234)
* Minor documentation fixes on library/enum
2019-08-19 18:41:31 -07:00
Artem Khramov 2814620657 bpo-37811: FreeBSD, OSX: fix poll(2) usage in sockets module (GH-15202)
FreeBSD implementation of poll(2) restricts the timeout argument to be
either zero, or positive, or equal to INFTIM (-1).

Unless otherwise overridden, socket timeout defaults to -1. This value
is then converted to milliseconds (-1000) and used as argument to the
poll syscall. poll returns EINVAL (22), and the connection fails.

This bug was discovered during the EINTR handling testing, and the
reproduction code can be found in
https://bugs.python.org/issue23618 (see connect_eintr.py,
attached). On GNU/Linux, the example runs as expected.

This change is trivial:
If the supplied timeout value is negative, truncate it to -1.
2019-08-14 23:21:48 +02:00
Ngalim Siregar 92c7e30adf bpo-37642: Update acceptable offsets in timezone (GH-14878)
This fixes an inconsistency between the Python and C implementations of
the datetime module. The pure python version of the code was not
accepting offsets greater than 23:59 but less than 24:00. This is an
accidental legacy of the original implementation, which was put in place
before tzinfo allowed sub-minute time zone offsets.

GH-14878
2019-08-09 10:22:16 -04:00
Timothy Hopper d748a80855 Adds Tim Hopper and Dan Lidral-Porter to ACKS (GH-15101)
Tim and Dan were authors for GH-11847
2019-08-04 14:23:29 -07:00
tmblweed 4b3e975923 bpo-16970: Adding error message for invalid args (GH-14844)
BPO -16970: Adding error message for invalid args

Applied the patch argparse-v2 patch issue 16970, ran patch check and the test suite, test_argparse with 0 errors


https://bugs.python.org/issue16970
2019-08-01 21:57:13 -07:00
yannvgn 9f55551f3d bpo-37723: Fix performance regression on regular expression parsing. (GH-15030)
Improve performance of sre_parse._uniq function.
2019-07-31 21:50:39 +03:00
karl ding 31c4fd2a10 bpo-37085: Expose SocketCAN bcm_msg_head flags (#13646)
Expose the CAN_BCM SocketCAN constants used in the bcm_msg_head struct
flags (provided by <linux/can/bcm.h>) under the socket library.

This adds the following constants with a CAN_BCM prefix:

  * SETTIMER
  * STARTTIMER
  * TX_COUNTEVT
  * TX_ANNOUNCE
  * TX_CP_CAN_ID
  * RX_FILTER_ID
  * RX_CHECK_DLC
  * RX_NO_AUTOTIMER
  * RX_ANNOUNCE_RESUME
  * TX_RESET_MULTI_IDX
  * RX_RTR_FRAME
  * CAN_FD_FRAME

The CAN_FD_FRAME flag was introduced in the 4.8 kernel, while the other
ones were present since SocketCAN drivers were mainlined in 2.6.25. As
such, it is probably unnecessary to guard against these constants being
missing.
2019-07-31 10:47:16 +02:00
Flavian Hautbois 76b645124b bpo-29446: tkinter 'import *' only imports what it should (GH-14864)
Add __all__ to tkinter.__init__ and submodules.  Replace 'import *'
with explicit imports in some submodules.
2019-07-25 21:30:33 -04:00
Terry Jan Reedy 4214f1ec3b
bpo-37627: Add acknowledgment (#14883) 2019-07-21 16:26:24 -04:00
Zac Hatfield-Dodds dffca9e925 bpo-26967: fix flag grouping with allow_abbrev=False (GH-14316)
The `allow_abbrev` option for ArgumentParser is documented and intended to disable support for unique prefixes of --options, which may sometimes be ambiguous due to deferred parsing.

However, the initial implementation also broke parsing of grouped short flags, such as `-ab` meaning `-a -b` (or `-a=b`).  Checking the argument for a leading `--` before rejecting it fixes this.

This was prompted by pytest-dev/pytest#5469, so a backport to at least 3.8 would be great 😄  
And this is my first PR to CPython, so please let me know if I've missed anything!


https://bugs.python.org/issue26967
2019-07-13 22:35:58 -07:00
Sviatoslav Sydorenko e44184749c bpo-30088: Document that existing dir structure isn't verified by mailbox.Maildir (GH-1163)
Hi,

I've faced an issue w/ `mailbox.Maildir()`. The case is following:
1. I create a folder with `tempfile.TemporaryDirectory()`, so it's empty
2. I pass that folder path as an argument when instantiating `mailbox.Maildir()`
3. Then I receive an exception happening because "there's no such file or directory" (namely `cur`, `tmp` or `new`) during interaction with Maildir

**Expected result:** subdirs are created during `Maildir()` instance creation.

**Actual result:** subdirs are assumed as existing which leads to exceptions during use.

**Workaround:** remove the actual dir before passing the path to `Maildir()`. It will be created automatically with all subdirs needed.

**Fix:** This PR. Basically it adds creation of subdirs regardless of whether the base dir existed before.


https://bugs.python.org/issue30088
2019-07-13 07:47:14 -07:00
Giovanni Cappellotto dc3f99fa77 bpo-37548: Document range of atan, acos and asin (GH-14717) 2019-07-13 14:59:55 +01:00
gescheit b9a0376b0d closes bpo-37347: Fix refcount problem in sqlite3. (GH-14268) 2019-07-12 20:15:48 -07:00
Carl Friedrich Bolz-Tereick 110a47c4f4 bpo-18374: fix wrong col_offset of some ast.BinOp instances (GH-14607)
Nested BinOp instances (e.g. a+b+c) had a wrong col_offset for the
second BinOp (e.g. 2 instead of 0 in the example). Fix it by using the
correct st node to copy the line and col_offset from in ast.c.
2019-07-08 22:17:56 +01:00
thatneat 2f19e82fbe bpo-37479: on Enum subclasses with mixins, __format__ uses overridden __str__ (GH-14545)
* bpo-37479: on Enum subclasses with mixins, __format__ uses overridden __str__
2019-07-04 11:28:37 -07:00
Kyle Stanley 56ec4f1fde bpo-19696: Replace deprecated method in "test_import_pkg.py" (GH-14466)
Replacing the deprecated method "random.choose" to "random.choice" was technically not part of the original issue. However, it was discussed in the talk page and involved one of the files being moved. I assumed this was too minor to justify the creation of a separate issue. 

Also, I added my name to the contributors list in Misc/ACKS. This will be my third PR to cpython, forgot to do it in the previous ones. 



https://bugs.python.org/issue19696
2019-07-03 11:22:40 -07:00
Carl Bordum Hansen 06a8916cf4 bpo-37376: pprint support for SimpleNamespace (GH-14318)
https://bugs.python.org/issue37376
2019-06-26 16:13:18 -07:00
Paul Ganssle d287215df5
Add pganssle to CODEOWNERS and ACKS (GH-14138)
Also adds abalkin to CODEOWNERS for date and time related files.
2019-06-18 19:57:45 +01:00
Michele Angrisano aca273e240 bpo-37014: Update docstring and Documentation of fileinput.FileInput(). (GH-13545)
* bpo-37014: Update docstring and Documentation of fileinput.FileInput()

* Explain the behavior of fileinput.FileInput() when reading stdin.

* Update blurb.

* bpo-37014: Fix typo in the docstring and documentation.
2019-06-02 23:01:49 +02:00