gmon.out is generated when profiling turned on
Full Configuration:
./configure --prefix=$PWD/install --enable-profiling --enable-big-digits=30
--with-pydebug --with-assertions --with-valgrind.
(cherry picked from commit 95ad3822a2)
Co-authored-by: Neeraj Badlani <neerajbadlani@gmail.com>
Allow ttk.Treeview.insert to insert iid that has a false boolean value.
Note iid=0 and iid=False would be same.
(cherry picked from commit 3ab44c0783)
Co-authored-by: Garvit Khatri <garvitdelhi@gmail.com>
This change generally splits the xmlparser creation code into an unsafe part with "rollback" error handling and a safe "object initialisation done" part with normal decref cleanup.
Passing True as the `bind_and_activate` *do* immediately opening and binding to their socket.
(cherry picked from commit e6223579c8)
Co-authored-by: cocoatomo <cocoatomo77@gmail.com>
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.
Documentation updates and fixes for failing tests will be provided in
another patch set.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 4ca0739c9d)
Co-authored-by: Christian Heimes <christian@python.org>
The regex to decode a number in fpformat is susceptible to catastrophic backtracking. This is a potential DOS vector if a server is using fpformat on untrusted number strings.
Replace it with an equivalent non-vulnerable regex. The match behavior of the new regex is slightly different. It captures the whole integer part of the number in one group, Leading zeros are stripped off later.
* Prevent low-grade poplib REDOS (CVE-2018-1060)
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.
Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.
A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.
Replace it with a similar non-vulnerable regex.
The new regex is RFC compliant.
The old regex was non-compliant in edge cases.
* Prevent difflib REDOS (CVE-2018-1061)
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.
Also introduce unit and REDOS tests for difflib.
Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 0e6c8ee235)
Dropped the part that says: "For objects that do not provide sequence protocol".
(cherry picked from commit 7a1e1786f9)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
This code never did anything correct or useful. The class attribute will never be affected, and the condition will never be true.
(cherry picked from commit 5fb632e831)
Co-authored-by: Aaron Gallagher <habnabit@users.noreply.github.com>
The ctypes module used to depend on indirect linking for dlopen. The shared
extension is now explicitly linked against libdl on platforms with dl.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 5bb9692575)
Co-authored-by: Christian Heimes <christian@python.org>
The ssl module now detects missing NPN support in LibreSSL.
Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org>
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 6cdb7954b0)
Co-authored-by: Christian Heimes <christian@python.org>
The SSL module no longer sends IP addresses in SNI TLS extension on
platforms with OpenSSL 1.0.2+ or inet_pton.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit e9370a4738)
Co-authored-by: Christian Heimes <christian@python.org>
Debian Unstable has disabled TLS 1.0 and 1.1 for SSLv23_METHOD(). Change
TLS/SSL protocol of some tests to PROTOCOL_TLS or PROTOCOL_TLSv1_2 to
make them pass on Debian.
Signed-off-by: Christian Heimes <christian@python.org>
`whilst` and `while` are both english words, `whilst` is not as commonly used.
This can be confusing to readers whose primary language is not english.
(cherry picked from commit 98f42aac23)
Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>
Make test.support.temp_cwd() fork-safe. The context manager test.support.temp_cwd() no longer removes the temporary directory when executing in a process other than the parent it entered from.
If a forked child exits the context manager it won't do the cleanup..
(cherry picked from commit 33dddac00b)
Co-authored-by: Anselm Kruis <a.kruis@science-computing.de>
Initialize self._ssnd_chunk so that aifc.Error is raised as intended,
not AttributeError.
(cherry picked from commit 80d20b918b)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway..
(cherry picked from commit e9edee0b65)
Adapt documentation for `copyright` and `credits` to reality. Previously, the documentation implied that all each of `copyright`,
`credits`, and `license`, would print a message to call the object in order to see the full text. In reality, only `license` exhibits this
behaviour, and `copyright` and `credit` print their full text either when printed, displayed, or called.
(cherry picked from commit 243d6d7126)
Co-authored-by: Gerrit Holl <gerrit.holl@gmail.com>
A closing parentheses was missing.
Signed-off-by: Ngie Cooper <yaneurabeya@gmail.com>
(cherry picked from commit 7745ec4e35)
Co-authored-by: ngie-eign <1574099+ngie-eign@users.noreply.github.com>
Remove pkg_add -r python from FreeBSD installation section.
Moved to OpenBSD.
(cherry picked from commit 3384d38d51)
Co-authored-by: Eitan Adler <grimreaper@users.noreply.github.com>
The new link is given in a red box on the old page.
(cherry picked from commit 8d1f2f4038)
Co-authored-by: sblondon <sblondon@users.noreply.github.com>
Serhiy Storchaka
scoder
Miss Islington (bot)
Christian Heimes
xdegaye
Xiang Zhang
Jamie Davis
Benjamin Peterson
Brett Cannon
Alexey Izbyshev
bennorth
Cheryl Sabella
Anselm Kruis
Raymond Hettinger
Éric Araujo
Zachary Ware
Stéphane Wirtel
INADA Naoki