Avoids an integer underflow in the time module's year handling code.
(cherry picked from commit 76be0fffff)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Also, propagate the error from PyNumber_AsSsize_t() because we don't care
only about OverflowError which is not reported if the second argument is NULL.
Reported by Svace static analyzer.
(cherry picked from commit 7ecae3ca0b)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
The current C implementations **crash** if the input includes a surrogate
Unicode code point, which is not possible to encode in UTF-8.
Important notes:
1. It is possible to pass a non-UTF-8 string as a separator to the
`.isoformat()` methods.
2. The pure-Python `datetime.fromisoformat()` implementation accepts
strings with a surrogate as the separator.
In `datetime.fromisoformat()`, in the special case of non-UTF-8 separators,
this implementation will take a performance hit by making a copy of the
input string and replacing the separator with 'T'.
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
Co-authored-by: Paul Ganssle <paul@ganssle.io>
(cherry picked from commit 096329f0b2)
Co-authored-by: Paul Ganssle <pganssle@users.noreply.github.com>
bpo-34170, bpo-34207: pymain_read_conf() now sets Py_UTF8Mode to
config->utf8_mode. pymain_read_conf() calls indirectly
Py_DecodeLocale() and Py_EncodeLocale() which depend on Py_UTF8Mode.
(cherry picked from commit 89487f51b8)
The missing NULL check was reported by Svace static analyzer.
(cherry picked from commit cdbf50cba1)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
If a globals dictionary without a '__builtins__' key is passed to
eval(), a '__builtins__' key will be inserted to the dictionary:
>>> eval("print('__builtins__' in globals())", {})
True
(As a result of this behavior, we can use the builtins
print() and globals() even if we passed a dictionary without a
'__builtins__' key to eval().)
(cherry picked from commit 225b055480)
Co-authored-by: Berker Peksag <berker.peksag@gmail.com>
The http_response() and https_response() methods of the HTTPErrorProcessor
class have two required parameters, 'request' and 'response'.
(cherry picked from commit c53aaec793)
Co-authored-by: Sebastian Rittau <srittau@rittau.org>
Read from data socket to avoid "[SSL] shutdown while in init" exception
during shutdown of the dummy server.
Signed-off-by: Christian Heimes <christian@python.org>
<!-- issue-number: [bpo-34391](https://www.bugs.python.org/issue34391) -->
https://bugs.python.org/issue34391
<!-- /issue-number -->
(cherry picked from commit 1590c39336)
Co-authored-by: Christian Heimes <christian@python.org>
Downstream vendors have started to deprecate weak keys. Update all RSA keys
and DH params to use at least 2048 bits.
Finite field DH param file use RFC 7919 values, generated with
certtool --get-dh-params --sec-param=high
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 88bfd0bce0)
Co-authored-by: Christian Heimes <christian@python.org>
Valgrind isn't seeing PyObject_Free/PyObject_Realloc, but using _PyObject_Free/_PyObject_Realloc works.
(cherry picked from commit db6075ab3a)
Co-authored-by: Paul Price <price@astro.princeton.edu>
The main cause of this bug was fixed as part of bpo-31908.
(cherry picked from commit c8b0dbc492)
Co-authored-by: Berker Peksag <berker.peksag@gmail.com>
In the documentation, the `env` directory is specified when we execute
the `make venv` command. But in the code, `make venv` will create the
virtualenv inside the `venv` directory (defined by `VENVDIR`)
(cherry picked from commit 599bfa18f8)
Co-authored-by: Stéphane Wirtel <stephane@wirtel.be>
Alexey Izbyshev
Miss Islington (bot)
Victor Stinner