Commit Graph

101340 Commits

Author SHA1 Message Date
Berker Peksag 7280a4eef5
bpo-27645: Skip test_bad_target_in_transaction if SQLite == 3.8.7.1 (GH-6067) 2018-03-11 03:38:50 +03:00
Emanuele Gaifas d7aed4102d bpo-27645: Add support for native backup facility of SQLite (GH-4238) 2018-03-11 01:08:31 +03:00
Xiang Zhang c10b288f34
bpo-30249: Improve struct.unpack_from() error messages (GH-6059) 2018-03-11 02:58:52 +08:00
Serhiy Storchaka 67ee07795b
bpo-33041: Add missed error checks when compile "async for" (#6053)
and remove redundant code.
2018-03-10 18:49:26 +02:00
Serhiy Storchaka 24d3201eb7
bpo-33041: Fixed bytecode generation for "async for" with a complex target. (#6052)
A StopAsyncIteration raised on assigning or unpacking will be now propagated
instead of stopping the iteration.
2018-03-10 18:22:34 +02:00
Andrew Svetlov 5e80a71ab6
bpo-33037: Skip sending/receiving after SSL transport closing (GH-6044)
* Skip write()/data_received() if sslpipe is destroyed
2018-03-10 17:48:35 +02:00
Serhiy Storchaka 496431ffb6
bpo-26701: Improve documentation for the rounding special methods. (#6054) 2018-03-10 17:18:32 +02:00
Eric Appelt 308eab979d bpo-26701: Add documentation for __trunc__ (GH-6022)
`int` fails back to `__trunc__` is `__int__` isn't defined, so cover
that in the docs.
2018-03-10 18:44:12 +10:00
Brett Cannon 10485ebd40
Warn that dbm.dumb.open() can crash Python (GH-6047) 2018-03-09 15:58:40 -08:00
Brett Cannon f7a6ff6fca
Warn that compile() can crash when compiling to an AST object (GH-6043) 2018-03-09 13:13:32 -08:00
Brett Cannon 7a7f100eb3
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault the interpreter (GH-5960) 2018-03-09 12:03:22 -08:00
Steven M. Vascellaro 83d7062d2d controlflow: Use full example for "5 through 9" (GH-5907)
Replace example result of "5 through 9" with complete list: "5, 6, 7, 8, 9".
This format is more consistent with the surrounding examples.
2018-03-09 11:57:21 -08:00
Alexey Izbyshev 3b20d3454e bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (#6010) 2018-03-08 08:03:25 -08:00
Xiang Zhang 3c7ac7ea20
Add two missing error checks in hamt.c (GH-5851) 2018-03-08 13:59:46 +08:00
Xiang Zhang e405096ea9
Fix some ipaddress documentation errors (GH-6021)
* fix a typo: documention -> documentation
* fix the type of IPv?Network.hostmask
* add documentation about IPv?Network.netmask
* fix IPv6Network constructor doc that extended netmasks are not supported
2018-03-08 12:24:36 +08:00
INADA Naoki fc7df0e664
bpo-32999: Fix ABC.__subclasscheck__ crash (GH-6002) 2018-03-07 16:27:01 +09:00
Xiang Zhang bc3f2289b9
bpo-32969: Expose some missing constants in zlib and fix the doc (GH-5988) 2018-03-07 13:05:37 +08:00
Yury Selivanov 8a387219bd
bpo-33009: Fix inspect.signature() for single-parameter partialmethods. (GH-6004) 2018-03-06 12:59:45 -05:00
Victor Stinner 5d92647102
bpo-33005: Fix _PyGILState_Reinit() (#6001)
Fix a crash on fork when using a custom memory allocator (ex: using
PYTHONMALLOC env var).

_PyGILState_Reinit() and _PyInterpreterState_Enable() now use the
default RAW memory allocator to allocate a new interpreters mutex on
fork.
2018-03-06 14:31:37 +01:00
Siddhesh Poyarekar efd2bac156 Fix strncpy warning with gcc 8 (#5840)
The length in strncpy is one char too short and as a result it leads
to a build warning with gcc 8.  Comment out the strncpy since the
interpreter aborts immediately after anyway.
2018-03-06 18:34:35 +08:00
Jason R. Coombs b9650a04a8
bpo-32991: Restore expectation that inspect.getfile raises TypeError on namespace package (GH-5980)
* bpo-32991: Add test capturing expectation.

DocTestFinder.find should return an empty list for doctests in a namespace package.

* bpo-32991: Restore expectation that inspect.getfile on a namespace package raises TypeError.
2018-03-05 18:29:08 -05:00
Steve Dower 6921e73e33
bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) 2018-03-05 14:26:08 -08:00
Barry Warsaw 4c19b95734
Add What's New for issues 32303 and 32305 (GH-5994) 2018-03-05 12:37:12 -08:00
Terry Jan Reedy 22c82be5df
bpo-32984: IDLE - set __file__ for startup files (GH-5981)
Like Python, IDLE optionally runs one startup file in the Shell window
before presenting the first interactive input prompt.  For IDLE,
option -s runs a file named in environmental variable IDLESTARTUP or
PYTHONSTARTUP; -r file runs file.  Python sets __file__ to the startup
file name before running the file and unsets it before the first
prompt.  IDLE now does the same when run normally, without the -n
option.
2018-03-05 11:02:46 -05:00
Cheryl Sabella 18fd892463 bpo-30147: Add re.escape changes to 3.7 What's New (GH-5978) 2018-03-04 18:06:57 -05:00
Cheryl Sabella 74382a3f17 bpo-32857: Raise error when tkinter after_cancel() is called with None. (GH-5701) 2018-03-04 12:41:47 +02:00
Thomas Nyberg 7023644e0c closes bpo-32980 Remove _PyFrame_Init (GH-5965) 2018-03-03 22:06:01 -08:00
Jamie Davis 0e6c8ee235 bpo-32981: Fix catastrophic backtracking vulns (#5955)
* Prevent low-grade poplib REDOS (CVE-2018-1060)

The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.

Replace it with a similar non-vulnerable regex.

The new regex is RFC compliant.
The old regex was non-compliant in edge cases.

* Prevent difflib REDOS (CVE-2018-1061)

The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.

Replace it with an equivalent non-vulnerable regex.

Also introduce unit and REDOS tests for difflib.

Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>
2018-03-03 21:33:32 -08:00
Joongi Kim 13cfd57dcf Fix missing coroutine declaration in the asyncio documentation. (#5964) 2018-03-03 18:43:54 +02:00
Serhiy Storchaka b21d155f57
bpo-32964: Reuse a testing implementation of the path protocol in tests. (#5930) 2018-03-02 11:53:51 +02:00
Jon Wayne Parrott bf63e8d55f bpo-30607: Use external python-doc-theme (GH-2017) 2018-03-01 16:02:50 -05:00
Eric V. Smith 5da8cfb838
Fixed incorrect default value for dataclass unsafe_hash. (GH-5949) 2018-03-01 08:01:41 -05:00
Alexey Izbyshev 3e197c7a67 bpo-32903: Fix a memory leak in os.chdir() on Windows (GH-5801) 2018-03-01 17:13:56 +08:00
James Walker 982c723384 Fix typo in logging doc: picked -> pickled (GH-5942) 2018-02-28 15:46:35 -08:00
Cheryl Sabella f0daa880a4 bpo-32940: IDLE: Simplify StringTranslatePseudoMapping in pyparse (GH-5862)
The new code also runs faster.
2018-02-28 17:23:58 -05:00
Ned Deily 45ab51c142 Fix 3.8 whatsnew changelog link 2018-02-28 13:58:38 -05:00
Steve Dower 881323db71
Minor improvements to the Windows build/release process (GH-5935) 2018-02-27 22:09:27 -08:00
Terry Jan Reedy 0954c9e9c8
bpo-30928: Update idlelib/NEWS.txt, possibly for 3.7.0b2 (GH-5932) 2018-02-27 18:36:21 -05:00
Serhiy Storchaka be50a7b627 Revert "bpo-31961: subprocess now accepts path-like args (GH-4329)" (#5912)
* Revert "bpo-31961: subprocess now accepts path-like args (GH-4329)"

This reverts commit dd42cb71f2.
2018-02-27 18:03:46 -05:00
Ned Deily cc5ac04c07 Update macOS installer resources 2018-02-27 17:39:50 -05:00
Ned Deily 9189e95d9c bpo-32901: update macOS 10.9+ installer to Tcl/Tk 8.6.8 2018-02-27 17:36:12 -05:00
Antoine Pitrou d7687eb4b6
bpo-31355: Travis-CI: re-enable macOS job (#5858)
The long build queues that plagued macOS builds on Travis seem to be
a thing of the past now.
2018-02-27 21:40:37 +01:00
Paul Ganssle 5bd04f964b bpo-10381, bpo-32403: What's new entries for changes to datetime (gh-5814)
* Add What's New entry for addition of datetime.timezone to the C API

Closes bpo-10381

* Add what's new entry for date and datetime optimizations

Closes bpo-32403
2018-02-27 14:41:30 -05:00
Christian Heimes 698dde16f6
bpo-31453: Add setter for min/max protocol version (#5259)
OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.

Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 11:54:43 +01:00
Christian Heimes 9d50ab563d
bpo-32951: Disable SSLSocket/SSLObject constructor (#5864)
Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
The constructors were never documented, tested, or designed as public
constructors. The SSLSocket constructor had limitations. For example it was
not possible to enabled hostname verification except was
ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.

SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
also deprecated.

The only test case for direct instantiation was added a couple of days
ago for IDNA testing.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 10:17:30 +01:00
Christian Heimes 90f05a527c
bpo-28124: deprecate ssl.wrap_socket() (#5888)
The ssl module function ssl.wrap_socket() has been de-emphasized
and deprecated in favor of the more secure and efficient
SSLContext.wrap_socket() method.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 09:21:34 +01:00
Christian Heimes 05d9fe32a1
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 08:55:39 +01:00
Eric V. Smith 2fa6b9eae0
bpo-32960: For dataclasses, disallow inheriting frozen from non-frozen classes and vice-versa, (GH-5919)
This restriction will be relaxed at a future date.
2018-02-26 20:38:33 -05:00
Joffrey F 72d9b2be36 bpo-32713: Fix tarfile.itn for large/negative float values. (GH-5434) 2018-02-27 02:02:21 +02:00
Tobotimus eee72d4778 bpo-32222: Fix pygettext skipping docstrings for funcs with arg typehints (GH-4745) 2018-02-27 00:48:14 +02:00