The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239.
(cherry picked from commit 17b1d5d4e3)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue17239
Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.
Signed-off-by: Christian Heimes <christian@python.org>q
https://bugs.python.org/issue34670.
(cherry picked from commit 9fb051f032)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34670
A couple of fixes here to make this more PEP-8:
* Avoid multiple statements on one line with `;` statement separator -- this is very rare in Python and is "generally discouraged" in PEP 8 (and if used, per PEP 8 there shouldn't be a space before the `;`)
* Add output for the first "Formatted String Literals" example. (Side note: are the doctests for this being run? If so, why didn't it fail?)
* Avoid space before `!r`. I have generally not seen spaces before the `!`, and this also matches the style used in the docs here: https://docs.python.org/3/library/string.htmlGH-format-string-syntaxhttps://bugs.python.org/issue34712
(cherry picked from commit 3705b98620)
Co-authored-by: Ben Hoyt <benhoyt@gmail.com>
The `gather` method requires to close the parenthesis, but it is being closed twice.
(cherry picked from commit 9c53fa6ad9)
Co-authored-by: Miguel Ángel García <magmax@users.noreply.github.com>
* bpo-34589: Make _PyCoreConfig.coerce_c_locale private (GH-9371)
_PyCoreConfig:
* Rename coerce_c_locale to _coerce_c_locale
* Rename coerce_c_locale_warn to _coerce_c_locale_warn
These fields are now private (name prefixed by "_").
(cherry picked from commit 188ebfa475)
* bpo-34589: C locale coercion off by default (GH-9073)
Py_Initialize() and Py_Main() cannot enable the C locale coercion
(PEP 538) anymore: it is always disabled. It can now only be enabled
by the Python program ("python3).
test_embed: get_filesystem_encoding() doesn't have to set PYTHONUTF8
nor PYTHONCOERCECLOCALE, these variables are already set in the
parent.
(cherry picked from commit 7a0791b699)
* bpo-34589: Add -X coerce_c_locale command line option (GH-9378)
Add a new -X coerce_c_locale command line option to control C locale
coercion (PEP 538).
(cherry picked from commit dbdee0073c)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
(cherry picked from commit ad8a000420)
Co-authored-by: Tony Flury <anthony.flury@btinternet.com>
Returning EINTR from pthread semaphore or lock acquisition is an optional POSIX
feature. musl does not provide this feature, so some threadsignal tests fail
when Python is built against it.
There's no good way to test for musl, so we skip if we're on Linux and not using
glibc pthreads.
Also, hedge in the threading documentation about when we can provide interrupts
from lock acquisition.
(cherry picked from commit 5b10d5111d)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
Mention the implicit cache in struct.Struct() docs.
Consistent with the re.compile documentation note.
(cherry picked from commit 3666b3c1f6)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Remove ellipsis that look like continuation prompts,
has a side benefit of putting rest of error message in proper text color.
(cherry picked from commit f019579828)
Co-authored-by: Lew Kurtz <37632626+lew18@users.noreply.github.com>
Some methods of the SMTP class use mutable default arguments. Specially
`send_message` is affected as it mutates one of the args by appending items
to it, which has side effects on further calls.
(cherry picked from commit d5fbe9b1a3)
Co-authored-by: Pablo Aguiar <scorphus@gmail.com>
... by removing a superfluous "either".
Reported by Никита Люшненко on docs@.
(cherry picked from commit 98b976a2f8)
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
If a globals dictionary without a '__builtins__' key is passed to
eval(), a '__builtins__' key will be inserted to the dictionary:
>>> eval("print('__builtins__' in globals())", {})
True
(As a result of this behavior, we can use the builtins
print() and globals() even if we passed a dictionary without a
'__builtins__' key to eval().)
(cherry picked from commit 225b055480)
Co-authored-by: Berker Peksag <berker.peksag@gmail.com>
The http_response() and https_response() methods of the HTTPErrorProcessor
class have two required parameters, 'request' and 'response'.
(cherry picked from commit c53aaec793)
Co-authored-by: Sebastian Rittau <srittau@rittau.org>
In the documentation, the `env` directory is specified when we execute
the `make venv` command. But in the code, `make venv` will create the
virtualenv inside the `venv` directory (defined by `VENVDIR`)
(cherry picked from commit 599bfa18f8)
Co-authored-by: Stéphane Wirtel <stephane@wirtel.be>
* bpo-34273: Change 'Fixed point' to 'Fixed-point notation'.
The change in the mini language floating point and decimal table
is consistent with 'Exponential notation' and clarifies that we
are referring to the output notation, not an object type.
* Update string.rst
* Update string.rst
* Update string.rst
* Update string.rst
(cherry picked from commit 28c7f8c8ce)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
In the documentation for the traceback module, the definitions of functions
extract_tb(), format_list() and classmethod StackSummary.from_list()
mention the old style 4-tuples that these functions used to return or accept.
Since Python 3.5, however, they return or accept a FrameSummary object
instead of a 4-tuple, or a StackSummary object instead of a list of 4-tuples.
Co-authored-by: torsava <torsava@redhat.com>
Co-Authored-By: Berker Peksag <berker.peksag@gmail.com>
(cherry picked from commit f394ee5eaf)
* help(hashlib) didn't work because of incorrect module name in blake2b and
blake2s classes.
* Constructors blake2*(), sha3_*(), shake_*() and keccak_*() incorrectly
accepted keyword argument "string" for binary data, but documented as
accepting the "data" keyword argument. Now this parameter is positional-only.
* Keyword-only parameters in blake2b() and blake2s() were not documented as
keyword-only.
* Default value for some parameters of blake2b() and blake2s() was None,
which is not acceptable value.
* The length argument for shake_*.digest() was wrapped out to 32 bits.
* The argument for shake_128.digest() and shake_128.hexdigest() was not
positional-only as intended.
* TypeError messages for incorrect arguments in all constructors sha3_*(),
shake_*() and keccak_*() incorrectly referred to sha3_224.
Also made the following enhancements:
* More accurately specified input and result types for strings, bytes and
bytes-like objects.
* Unified positional parameter names for update() and constructors.
* Improved formatting.
(cherry picked from commit f1d36d8efa)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Mathematically, bitwise operations on integers behave as if there were an
infinite number of sign bits. Pragmatically, that gives the same answer as
using one extra sign bit for the bitwise logical operations.
(cherry picked from commit b4bc5cab82)
Co-authored-by: Sanyam Khurana <8039608+CuriousLearner@users.noreply.github.com>
Clarify how to bind to all interfaces using socket
(cherry picked from commit 95dfb9c3ae)
Co-authored-by: johnthagen <johnthagen@users.noreply.github.com>
Also, update the list of exceptions that may raised by PyMarshal_*
functions. We usually don't document exceptions raised by a
function, but in this case most of them were already documented
in C API and standard library documentation.
(cherry picked from commit defcffdf86)
Co-authored-by: Berker Peksag <berker.peksag@gmail.com>
The script will exit with the number 0 (zero), instead of the letter O.
(cherry picked from commit 95d34c2a37)
Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>
Many users won't realise the implications the OpenSSL 1.0.2
minimum version requirement has when it comes to Ubuntu
14.04 and Debian 8, so expand on that in the platform support
section.
Also explicitly note the non-ASCII-based locale requirement for
full Unicode text handling support on non-Windows systems.
(cherry picked from commit 5fe7c98a54)
Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
Include a more easily understood example for nullcontext
(cherry picked from commit c287545d62)
Co-authored-by: Daniel Porteous <danielporteous1@gmail.com>
The 'output formatting' section of the tutorial talks a lot about manual formatting with things like .rjust() and .zfill(), with only a passing reference to 3.6's new f-strings.
This doesn't drop all of the old material, but it does rearrange the topics into a more modern order: f-strings first, discussing formatting specifiers a bit; then calling .format(); finally manual formatting with .ljust().
(cherry picked from commit ced350b195)
Co-authored-by: Andrew Kuchling <amk@amk.ca>
Make the change where discussing the CPython implementation of lists and dicts.
(cherry picked from commit 8d41278045)
Co-authored-by: Andrés Delfino <adelfino@gmail.com>
The line is speaking of a list of commands, not the list command.
(cherry picked from commit 7943c5e8b5)
Co-authored-by: Julien Palard <julien@palard.fr>
The line-length limit is not needed because the pages appear in a separate app rather
than on a browser tab. It can also interact badly with the DPI setting.
(cherry picked from commit d824ca7f4d)
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
* `flags` is indeed deprecated, but there is a validation on its value for
backwards compatibility reasons. This adds mention of this in the docs.
* The docs say that `sizehint` is deprecated and ignored, but it is still
used when `epoll_create1()` is unavailable. This adds mention of this in
the docs.
* `sizehint=-1` is acceptable again, and is replaced with `FD_SETSIZE-1`.
This is needed to have a default value available at the Python level,
since `FD_SETSIZE` is not exposed to Python. (see: bpo-31938)
* Reject `sizehint=0` since it is invalid to pass on to `epoll_create()`.
The relevant tests have also been updated.
(cherry picked from commit 0cdf5f4289)
Co-authored-by: Tal Einat <taleinat+github@gmail.com>
it's better to refer to PEP with `pep` role in reStructuredText. It also links to the PEP page.
(cherry picked from commit df748c20da)
Co-authored-by: Behzad B. Mokhtari <35877268+perplexionist@users.noreply.github.com>
Adds references to info about file modes, `time.strftime()`, string formatting
syntaxes, and logging levels.
(cherry picked from commit a8ddf85a84)
Co-authored-by: Andrés Delfino <adelfino@gmail.com>
Mention that it can be triggered by triple quotes and after specifying decorators.
(cherry picked from commit 6868003514)
Co-authored-by: Andrés Delfino <adelfino@gmail.com>
Update the the signature in the code example to make `_cache` a keyword-only parameter.
(cherry picked from commit 2707e41a5c)
Co-authored-by: Noah Haasis <haasis_noah@yahoo.de>
'expresson list' refers to the grammar term 'expression_list' in the subscription production.
(cherry picked from commit 4fddd4e406)
Co-authored-by: Andrés Delfino <adelfino@gmail.com>
string.Formatter auto-numbering feature was added in 3.4 and there
is no versionchanged note in its documentation, making the documentation
ambiguous about which version the feature is available.
(cherry picked from commit b9d8ad5130)
Co-authored-by: Xiang Zhang <angwerzx@126.com>
When attempting to base64-decode a payload of invalid length (1 mod 4),
properly recognize and handle it. The given data will be returned as-is,
i.e. not decoded, along with a new defect, InvalidBase64LengthDefect.
(cherry picked from commit c3f55be7dd)
Co-authored-by: Tal Einat <taleinat+github@gmail.com>
The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
(cherry picked from commit ef24b6c54d)
Co-authored-by: Christian Heimes <christian@python.org>
On Windows 8.1+ or 10, with DPI compatibility properties of the Python binary
unchanged, and a monitor resolution greater than 96 DPI, this should
make text and lines sharper. It should otherwise have no effect.
Using a magnifier, I determined that the improvement comes from horizontal and
lines being better lined up with the monitor pixels. I checked that this call causes
no problem on any Windows buildbot, including the Win7 buildbots. Unlike most
IDLE patches, this one can be easily reverted by users by removing a few lines,
at the top of idlelib/pyshell.py.
(cherry picked from commit 800415e3df)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
The docs claimed that a list of EmailMessage objects could be
passed to set_content(), but this was never implemented.
(cherry picked from commit 2c071cebe6)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
A datetime object d is aware if d.tzinfo is not None and
d.tzinfo.utcoffset(d) does not return None. If d.tzinfo is None,
or if d.tzinfo is not None but d.tzinfo.utcoffset(d) returns None,
d is naive.
This commit ensures that instances with non-None d.tzinfo, but
d.tzinfo.utcoffset(d) returning None are treated as naive.
In addition, C acceleration code will raise TypeError if
d.tzinfo.utcoffset(d) returns an object with the type other than
timedelta.
* Updated the documentation.
Assume that the term "naive" is defined elsewhere and remove the
not entirely correct clarification. Thanks, Tim.
(cherry picked from commit 877b23202b)
Co-authored-by: Alexander Belopolsky <abalkin@users.noreply.github.com>
While locale coercion and UTF-8 mode turned out to
be complementary ideas rather than competing ones,
it isn't immediately obvious why it's useful to
have both, or how they interact at runtime.
This updates both the Python 3.7 What's New doc
and the PYTHONCOERCECLOCALE and PYTHONUTF8
documentation in an attempt to clarify that
relationship:
- in the respective What's New sections, add a closing paragraph
explaining which problem each one solves, and pointing to the
other PEP's section for the specific aspects it relies on the other
PEP to solve
- use "locale-aware mode" as a more descriptive term for the
default non-UTF-8 mode
- improve wording conistenccy between the PYTHONCOERCECLOCALE
and PYTHONUTF8 docs when they cover the same thing (mostly
related to legacy locale detection and setting the standard
stream error handler)
- improve the description of the locale coercion trigger conditions
(including pointing out that setting LC_ALL turns off locale coercion)
- port the full description of the UTF-8 mode behaviour changes
from PEP 540 into the PYTHONUTF8 documentation
- be explicit that PYTHONIOENCODING still overrides the settings
for the standard streams
- mention concrete examples of things that do and don't get their
text encoding assumptions adjusted by the two text encoding
assumption override techniques
(cherry picked from commit 1bcb8a6368)
Co-authored-by: Nick Coghlan <ncoghlan@gmail.com>
A few wording improvements to dict ordering documentation.
(cherry picked from commit d3ed67d14e)
Co-authored-by: Neil Schemenauer <nas-github@arctrix.com>
Document that the default value of repeat changed from 3 to 5 in
Python 3.7.
(cherry picked from commit 3ef769fcd3)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
* Fix AttributeError (not all SSL exceptions have 'errno' attribute)
* Increase default handshake timeout from 10 to 60 seconds
* Make sure start_tls can be cancelled correctly
* Make sure any error in SSLProtocol gets propagated (instead of just being logged)
(cherry picked from commit 9602643120)
Co-authored-by: Yury Selivanov <yury@magic.io>
This is a simple grammatical fix correcting "...object whose `__self__` attributes is ..." to "...object whose `__self__` attribute is ...".
(cherry picked from commit 00818c8ffd)
Co-authored-by: Zach Mitchell <zmitchell@users.noreply.github.com>
* bpo-23859: Document that asyncio.wait() does not cancel its futures (GH-7217)
Unlike `asyncio.wait_for()`, `asyncio.wait()` does not cancel the passed
futures when a timeout accurs.
(cherry picked from commit f9aeca2085)
Co-authored-by: Elvis Pranskevichus <elvis@magic.io>
* Update asyncio-task.rst
* [3.7] bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195).
(cherry picked from commit 1cee216cf3)
* Fix whatsnew entry about ThreadedHTTPServer. (GH-7220)
(cherry picked from commit a34e424bdb)
Currently, asyncio.wait_for(fut), upon reaching the timeout deadline,
cancels the future and returns immediately. This is problematic for
when *fut* is a Task, because it will be left running for an arbitrary
amount of time. This behavior is iself surprising and may lead to
related bugs such as the one described in bpo-33638:
condition = asyncio.Condition()
async with condition:
await asyncio.wait_for(condition.wait(), timeout=0.5)
Currently, instead of raising a TimeoutError, the above code will fail
with `RuntimeError: cannot wait on un-acquired lock`, because
`__aexit__` is reached _before_ `condition.wait()` finishes its
cancellation and re-acquires the condition lock.
To resolve this, make `wait_for` await for the task cancellation.
The tradeoff here is that the `timeout` promise may be broken if the
task decides to handle its cancellation in a slow way. This represents
a behavior change and should probably not be back-patched to 3.6 and
earlier.
(cherry picked from commit e2b340ab41)
Co-authored-by: Elvis Pranskevichus <elvis@magic.io>
Remove the docstring attribute of AST types and restore docstring
expression as a first stmt in their body.
Co-authored-by: INADA Naoki <methane@users.noreply.github.com>