Commit Graph

6401 Commits

Author SHA1 Message Date
Benjamin Peterson f32bcf8c27
[2.7] bpo-38730: Fix -Wstringop-truncation warnings. (GH-17075) 2019-11-07 07:06:28 -08:00
Benjamin Peterson 089e5f52a3
bpo-37731: Squish another _POSIX_C_SOURCE redefinition problem in expat. (GH-17077) 2019-11-06 21:29:43 -08:00
Miss Islington (bot) 30114c7119
bpo-37731: Reorder includes in xmltok.c to avoid redefinition of _POSIX_C_SOURCE (GH-16733)
(cherry picked from commit 8177404d52)

Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
2019-11-06 21:10:05 -08:00
Benjamin Peterson e73b93ab3e
[2.7] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16408)
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes..
(cherry picked from commit 52b9408038)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-09-25 21:49:04 -07:00
Serhiy Storchaka be257bcad1
[2.7] bpo-38175: Fix a memory leak in comparison of sqlite3.Row objects. (GH-16155). (GH-16215)
(cherry picked from commit 8debfa5040)
2019-09-17 09:56:27 +03:00
Miss Islington (bot) 5d55d52b61
bpo-33936: Don't call obsolete init methods with OpenSSL 1.1.0+ (GH-16140)
``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``.

https://bugs.python.org/issue33936
(cherry picked from commit 724f1a5723)

Co-authored-by: Christian Heimes <christian@python.org>
2019-09-16 12:48:21 -07:00
Xiang Zhang 68d8c12297
[2.7] bpo-38168: Fix a possbile refleak in setint() of mmapmodule.c (GH-16136) (GH-16176)
(cherry picked from commit 56a4514)

Co-authored-by: Hai Shi shihai1992@gmail.com

https://bugs.python.org/issue38168
2019-09-16 15:07:32 +08:00
Alexandru Ardelean 0d63669e52 [2.7] bpo-35264: Modules/_ssl.c: fix build with OpenSSL 1.1.0 (GH-10570)
Fixes a build error with OpenSSL 1.1.0. There is already code in the
`_ssl.c` that handles all the weird cases of the NPN config macros (with
various OpenSSL & LibreSSL versions).
That code will provide a HAVE_NPN variable, which should be used in the
rest of the code to check whether (or what) to compile regarding NPN.

This change adds HAVE_NPN in the remaining places where it should have been
placed.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>


https://bugs.python.org/issue35264
2019-09-11 10:23:28 -07:00
Zackery Spytz 289c5ea773 bpo-37445: Include FORMAT_MESSAGE_IGNORE_INSERTS in FormatMessageW() calls (GH-15822)
If FormatMessageW() is passed the FORMAT_MESSAGE_FROM_SYSTEM flag
without FORMAT_MESSAGE_IGNORE_INSERTS, it will fail if there are
insert sequences in the message definition.
(cherry picked from commit a656365)
2019-09-11 10:39:34 +01:00
Serhiy Storchaka 2fb6921ab2
[2.7] bpo-34410: Fix a crash in the tee iterator when re-enter it. (GH-15625) (GH-15740)
RuntimeError is now raised in this case.
(cherry picked from commit 526a01467b)
2019-09-09 12:38:05 +03:00
Victor Stinner c364221909
bpo-34521: Fix FD transfer in multiprocessing on FreeBSD (GH-15422)
Fix file descriptors transfer in multiprocessing on FreeBSD: use
CMSG_SPACE() rather than CMSG_LEN(); see RFC 3542.
2019-08-23 14:00:38 +01:00
Miss Islington (bot) 03b0128082
Put pyexpatns.h include back. bpo-37437 (GH-14539)
(cherry picked from commit 2cd07920bb)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-07-01 22:38:31 -07:00
Miss Islington (bot) 4397c68663
closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436)
(cherry picked from commit 3b03b09fc9)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-06-27 21:24:52 -07:00
Benjamin Peterson 598c756459
[2.7] Fix name of '\0'. (GH-14225)
'\0' is the NUL byte not NULL..
(cherry picked from commit 7821b4c6d2)
2019-06-18 23:03:35 -07:00
Eric Wieser 48f190f79c [2.7] bpo-37188: Fix a divide-by-zero in arrays of size-0 objects (#13906) 2019-06-08 11:19:24 +02:00
Zackery Spytz 2bfc2dc214 [2.7] bpo-37170: Fix the cast on error in PyLong_AsUnsignedLongLongMask() (GH-13860) (GH-13898)
(cherry picked from commit dc2476500d)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2019-06-07 18:22:56 +02:00
Zackery Spytz fd83a823a6 bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660) (GH-12678)
(cherry picked from commit 487b73ab39)
2019-04-03 21:59:51 +03:00
Zackery Spytz a110817c08 bpo-36150: Fix possible assertion failures due to _ctypes.c's PyCData_reduce(). (GH-12106) (GH-12643)
(cherry picked from commit 5f2c50810a)
2019-03-31 20:14:16 +03:00
Miss Islington (bot) c0dce6aa2c bpo-36430: Fix a possible reference leak in itertools.count(). (GH-12551) (GH-12554)
(cherry picked from commit 0523c39e77)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2019-03-26 00:55:35 -07:00
Zackery Spytz 0516f81828 [2.7] bpo-36421: Fix ref counting bugs in _ctypes.c's PyCArrayType_new(). (GH-12534)
Add missing Py_DECREF()s.
2019-03-25 16:15:36 +02:00
Stéphane Wirtel f70b884ad7 bpo-36337: socket.send()/sendall() use Py_ssize_t (GH-12397)
Fix buffer overflow in send() and sendall() methods of socket.socket
for data larger than 2 GiB.
2019-03-19 02:56:28 +01:00
stratakis 2dd6e079ae [2.7] bpo-36289: Fix a possible reference leak in the io module (GH-12329)
Fix a reference leak in _bufferedreader_read_all():
_io.BufferedIOMixin.read() leaks a reference on 'data'
when it reads the whole file content but flush() fails.
2019-03-14 16:35:40 +01:00
stratakis fb3336acfd [2.7] bpo-36291: Fix a possible reference leak in the json module (GH-12330)
Fix a reference leak in json if parsing a floating point number fails.

If PyOS_string_to_double() fails in _match_number_str():
decrement numstr ref counter.
2019-03-14 16:22:46 +01:00
stratakis 2832ad5335 [2.7] bpo-36212: Fix two possible reference leaks in the hotshot module (GH-12327)
Fix reference leaks in _hotshot.LogReaderType on PyTuple_New() failure.
2019-03-14 16:10:58 +01:00
stratakis 098b139816 bpo-36147: Fix a memory leak in ctypes s_get() (GH-12102)
The s_get() function leaks the result variable on low memory.
Partially backport commit 19b52545df
to fix it.
2019-03-06 15:14:06 +01:00
stratakis b2aefd77e1 [2.7] bpo-36186: Fix linuxaudiodev.linux_audio_device() error handling (GH-12163)
Fix linuxaudiodev.linux_audio_device() error handling:
close the internal file descriptor if it fails to open the device.
2019-03-06 15:11:56 +01:00
T. Wouters d9bf7f4198
[2.7] bpo-36149 Fix potential use of uninitialized memory in cPickle (#12105)
Fix off-by-one bug in cPickle that caused it to use uninitialised memory on truncated pickles read from FILE*s.
2019-03-04 10:52:07 -08:00
Christian Heimes 84b5ac9ba6 [2.7] bpo-36179: Fix ref leaks in _hashopenssl (GH-12158) (GH-12166)
Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in
out-of-memory cases. Thanks to Charalampos Stratakis.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue36179.
(cherry picked from commit b7bc283ab6)

Co-authored-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue36179
2019-03-04 09:10:45 -08:00
stratakis 710dcfd2f4 [2.7] bpo-13096: Fix memory leak in ctypes POINTER handling of large values (GH-12100) 2019-03-04 16:40:25 +01:00
Dima Pasechnik b545ba0a50 [2.7] bpo-36106: resolve sinpi name clash with libm (IEEE-754 violation). (GH-12027) (GH-12050)
The standard math library (libm) may follow IEEE-754 recommendation to
include an implementation of sinPi(), i.e. sinPi(x):=sin(pi*x).
And this triggers a name clash, found by FreeBSD developer
Steve Kargl, who worked on putting sinpi into libm used on FreeBSD
(it has to be named "sinpi", not "sinPi", cf. e.g.
https://en.cppreference.com/w/c/experimental/fpext4).
2019-02-26 12:41:15 +02:00
stratakis 2149a9ad7a [2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876)
Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01)
2019-02-15 18:27:44 +01:00
stratakis b8eaec697a [2.7] bpo-28043: improved default settings for SSLContext (GH-10608)
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).

(cherry picked from commit 358cfd426c)
2019-02-15 15:24:11 +01:00
Miss Islington (bot) 06b15424b0
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f)

Co-authored-by: Christian Heimes <christian@python.org>
2019-01-15 15:11:52 -08:00
Serhiy Storchaka 1462234baf
[2.7] bpo-8765: Deprecate writing unicode to binary streams in Py3k mode. (GH-11127) 2019-01-15 14:34:48 +02:00
Zackery Spytz f347c6eb75 bpo-35504: Fix segfaults and SystemErrors when deleting certain attrs. (GH-11175) (GH-11249)
(cherry picked from commit 842acaab13)
2018-12-20 19:38:52 +02:00
Miss Islington (bot) 3752bc96c0
bpo-35529: Fix a reference counting bug in PyCFuncPtr_FromDll(). (GH-11229)
"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-12-20 00:51:52 -08:00
Serhiy Storchaka 89b5ea297d
[2.7] bpo-35441: Remove dead and buggy code related to PyList_SetItem(). (GH-11033) (GH-11234)
In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.

In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.

In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b5356)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-12-19 17:11:02 +02:00
Zackery Spytz 838645dc41 bpo-10320: Use PY_FORMAT_LONG_LONG in ctypes' PyCArg_repr(). (GH-11230) 2018-12-19 08:01:38 +02:00
Miss Islington (bot) 53e2248a94
bpo-10320: Replace nonstandard sprintf() length modifier in ctypes' PyCArg_repr(). (GH-10853)
Use "ll" instead of the nonstandard "q".
(cherry picked from commit 062cbb6772)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-12-18 15:51:04 -08:00
Victor Stinner 2632df4c3f
[2.7] bpo-31374: Include pyconfig.h earlier in expat (GH-11078)
Include <pyconfig.h> ealier in Modules/expat/xmlparse.c to define
properly _POSIX_C_SOURCE and _XOPEN_SOURCE.
2018-12-10 16:01:03 +01:00
Miss Islington (bot) 7bbf7b02ab
bpo-31374: Include pyconfig.h earlier in expat (GH-11064)
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359d5)

Co-authored-by: Victor Stinner <vstinner@redhat.com>
2018-12-10 03:38:55 -08:00
Serhiy Storchaka fff8fab1ce
[2.7] bpo-34052: Prevent SQLite functions from setting callbacks on exceptions. (GH-8113). (GH-10946) (GH-10955)
(cherry picked from commit 5b25f1d031)
(cherry picked from commit 1de91a0032)

Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>.
2018-12-06 00:21:40 +02:00
Serhiy Storchaka 93d7918f77
[2.7] bpo-16865: Support arrays >=2GB in ctypes. (GH-3006). (GH-7441)
(cherry picked from commit 735abadd5b)

Co-Authored-By: Segev Finer <segev208@gmail.com>
2018-12-04 12:38:07 +02:00
Serhiy Storchaka eab421bff9
[2.7] bpo-25862: Fix several bugs in the _io module. (GH-8026) (GH-8033)
They can be exposed when some C API calls fail due to lack of
memory.

* Failed Py_BuildValue() could cause an assertion error in the
  following TextIOWrapper.tell().
* initvalue could leak in StringIO.__getstate__() after failed
  PyDict_Copy().
(cherry picked from commit fdb5a50ef3)
2018-12-04 12:02:48 +02:00
Miss Islington (bot) f3fe21a3ca
bpo-35356: Fix a possible reference leak in nis.maps(). (GH-10808)
(cherry picked from commit a2e3585e79)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-11-30 00:04:43 -08:00
Serhiy Storchaka 40fdf47193
[2.7] bpo-35021: Fix assertion failures in _datetimemodule.c. (GH-10039) (GH-10617)
Fixes assertion failures in _datetimemodule.c
introduced in the previous fix (see bpo-31752).

Rather of trying to handle an int subclass as exact int,
let it to use overridden special methods, but check the
result of divmod().
(cherry picked from commit 3ec0f49516)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-11-20 21:56:34 +02:00
Miss Islington (bot) 2907d93889
Fix a possible reference leak in _socket.getaddrinfo(). (GH-10543)
"single" needs to be decrefed if PyList_Append() fails.
(cherry picked from commit 4c596d54aa)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-11-15 01:25:58 -08:00
Alexey Izbyshev 0d165262d9 [2.7] bpo-35194: Fix a wrong constant in cp932 codec. (GH-10420) (GH-10433)
This typo doesn't affect the result because wrong bits are discarded
on implicit conversion to unsigned char, but it trips UBSan
with -fsanitize=implicit-integer-truncation.
(cherry picked from commit 7a69cf47a9)

Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
2018-11-10 07:47:12 +02:00
Benjamin Peterson a614cc9208
[2.7] closes bpo-35139: The `pyexpat` module's macros in `Modules/Setup` now match `setup.py` (GH-10293)
This could cause compile errors on macOS or other platforms..
(cherry picked from commit 318ab63c01)

Co-authored-by: Max Bélanger <aeromax@gmail.com>
2018-11-01 20:28:34 -07:00
Miss Islington (bot) 05acd44ad6
bpo-35062: Fix parsing _io.IncrementalNewlineDecoder's *translate* argument. (GH-10217)
_io.IncrementalNewlineDecoder's initializer possibly assigns out-of-range
value to the bitwise struct field.
(cherry picked from commit b08746bfdf)

Co-authored-by: Xiang Zhang <angwerzx@126.com>
2018-10-31 05:37:06 -07:00