Per POSIX, `nice(3)` requires `unistd.h` and `exit(3)` requires `stdlib.h`.
Fixing the test will prevent false positives with pedantic compilers like clang.
(cherry picked from commit 90c6facebd)
Co-authored-by: ngie-eign <1574099+ngie-eign@users.noreply.github.com>
Backport of TLS 1.3 related fixes from 3.7.
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01)
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
(cherry picked from commit 358cfd426c)
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.
Also update multissltests to test with latest OpenSSL.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 3e630c541b)
Co-authored-by: Christian Heimes <christian@python.org>
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f)
Co-authored-by: Christian Heimes <christian@python.org>
This reverts commit aa58050843.
Due to regressions found with using Tk 8.6.9.1, build the python.org
macOS installers with Tcl/Tk 8.6.8 as used in previous releases.
This addresses C extension build errors related to an undefined _hypot
symbol when building with the Microsoft Visual C++ Compiler for Python
2.7 [1] or MinGWPy [2]. It also addresses errors when building a C++
extension with MinGWPy and C++11 from cmath, 'error "::hypot' has not
been declared'
[1] https://www.microsoft.com/en-us/download/details.aspx?id=44266
[2] https://mingwpy.github.io/
"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.
In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.
In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b5356)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
check_environ() of distutils.utils now catchs KeyError on calling
pwd.getpwuid(): don't create the HOME environment variable in this
case.
(cherry picked from commit 17d0c0595e)
bpo-34279, bpo-35412: support.run_unittest() no longer raises
TestDidNotRun if a test result contains skipped tests. The
exception is now only raised if no test have been run and no test
have been skipped.
(cherry picked from commit 3a8f4fef4a)
* bpo-16039: CVE-2013-1752: Change use of readline() in
imaplib.IMAP4_SSL to limit line length. Remove IMAP4_SSL.readline()
and IMAP4_SSL.read() to inherit safe IMAP4 implementation.
* bpo-20118: reenable test_linetoolong() of test_imaplib
on ThreadedNetworkedTests and ThreadedNetworkedTestsSSL.
The test now sets the _MAXLINE limit to 10 characters.
Benjamin Peterson
Miss Islington (bot)
Ned Deily
Alan Grgic
Stéphane Wirtel
Tzu-ping Chung
Steve Dower
stratakis
Victor Stinner
Mariatta
Serhiy Storchaka
Senthil Kumaran
Sanyam Khurana
Matt McCormick
Myles Borins
Zackery Spytz