Add host validation for control characters for more CVE-2019-18348 protection.
(cherry picked from commit 9165addc22)
Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com>
In math_2(), the first PyFloat_AsDouble() call should be checked
for failure before the second call.
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>.
(cherry picked from commit 5208b4b379)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
- When casting to _Bool, arrays should only contain zeros or ones.
(cherry picked from commit 1ae9cde4b2)
Co-authored-by: Stefan Krah <skrah@bytereef.org>
The 32-bit (49-day) TickCount relied on in EnterNonRecursiveMutex can overflow
in the gap between the 'target' time and the 'now' time WaitForSingleObjectEx
returns, causing the loop to think it needs to wait another 49 days. This is
most likely to happen when the machine is hibernated during
WaitForSingleObjectEx.
This makes acquiring a lock/event/etc from the _thread or threading module
appear to never timeout.
Replace with GetTickCount64 - this is OK now Python no longer supports XP which
lacks it, and is in use for time.monotonic().
Co-authored-by: And Clover <and.clover@bromium.com>
(cherry picked from commit 64838ce)
Co-authored-by: bobince <and+github@doxdesk.com>
_PyMethodDef_RawFastCallDict() and _PyMethodDef_RawFastCallKeywords()
now include the method name in the SystemError "bad call flags" error
message to ease debug.
(cherry picked from commit c7d2d69d95)
`<tt>` is not allowed.
Co-authored-by: Kyle Stanley <aeros167@gmail.com>
(cherry picked from commit 39c34933fc)
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
The ensurepip module now invokes pip via the runpy module.
Hence it is no longer tightly coupled with the internal API of the bundled
pip version, allowing easier updates to a newer pip version both
internally and for distributors.
This way, any changes to the internal pip API won't mean ensurepip needs to be
changed as well. Also, distributors can update their pip wheels independent on
CPython release schedule.
Co-Authored-By: Pradyun Gedam <pradyunsg@gmail.com>
Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
(cherry picked from commit 88f82b2b9e)
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
I've used this recipe a couple times and the filename editing has always
been less than useful and something I've removed. This is because many
modules end up losing which package they are located in, e.g. `util/date.py`.
(cherry picked from commit d06eec218e)
Co-authored-by: Adam Johnson <me@adamj.eu>
Fix typo in cmdline.rst
Add space between the `-m` option and the module name (`timeit`).
(cherry picked from commit c580981ba0)
Co-authored-by: Julin S <48789920+ju-sh@users.noreply.github.com>
Eliminate repeat of 'Options', reported by Jules Lasne, and improve wording elsewhere.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit ce305d6410)
Co-authored-by: Jules Lasne (jlasne) <jules.lasne@gmail.com>
`list(sys.modules.items())` was apparently not immune to "dictionary
changed size during iteration" errors.
Tested internally using an integration test that has run into this a couple of times in the past two years. With this patch applied, the test is no longer flaky.
(cherry picked from commit 85cf1d514b)
Co-authored-by: Gregory P. Smith <gps@google.com>
Replace tkinter tkSimpleDialog.askinteger with a standard IDLE query dialog.
The new box checks for positivity before returning.
(cherry picked from commit 363fab83b8)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
python-gdb.py now checks for "take_gil" function name to check if a
frame tries to acquire the GIL, instead of checking for
"pthread_cond_timedwait" which is specific to Linux and can be a
different condition than the GIL.
(cherry picked from commit 6d0ee60740)
Co-authored-by: Victor Stinner <vstinner@python.org>
Move required blanking of error text to non-overridden entry_ok().
(Omit news item.)
(cherry picked from commit e53a3932cb)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Since clicking to get an IDLE context menu moves the cursor,
any text selection should be and now is cleared.
(cherry picked from commit 4ca060d8ad)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
It appears standard that moving the text insert cursor away from a selection clears the
selection. Clearing prevents accidental deletion of a possibly off-screen bit of text.
The update is for Ln and Col on the status bar.
(cherry picked from commit 2522db11df)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Fix typo in cmdline.rst
Add space between the `-m` option and the module name (`timeit`).
(cherry picked from commit c580981ba0)
Co-authored-by: Julin S <48789920+ju-sh@users.noreply.github.com>
Eliminate repeat of 'Options', reported by Jules Lasne, and improve wording elsewhere.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit ce305d6410)
Co-authored-by: Jules Lasne (jlasne) <jules.lasne@gmail.com>
`list(sys.modules.items())` was apparently not immune to "dictionary
changed size during iteration" errors.
Tested internally using an integration test that has run into this a couple of times in the past two years. With this patch applied, the test is no longer flaky.
(cherry picked from commit 85cf1d514b)
Co-authored-by: Gregory P. Smith <gps@google.com>
Miss Islington (bot)
Mark Dickinson
Steve Dower
bobince
Victor Stinner
Serhiy Storchaka
Dong-hee Na
Ned Deily
Pablo Galindo