Commit Graph

80857 Commits

Author SHA1 Message Date
stratakis c49f63c176 [2.7] bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976) (GH-8760) (GH-10607)
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.

Also update multissltests to test with latest OpenSSL.

Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 3e630c541b)
Co-authored-by: Christian Heimes <christian@python.org>
2019-02-15 14:17:12 +01:00
Victor Stinner 826a8b7081
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11866)
Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.
2019-02-15 12:34:17 +01:00
Miss Islington (bot) 2f1a317d5f
Doc sidebar: 3.6 has moved to security-fix mode. (GH-11810)
(cherry picked from commit 9db56fb8fa)

Co-authored-by: Julien Palard <julien@palard.fr>
2019-02-10 13:43:52 -08:00
Mariatta 8fe830d374 [2.7] Fix url to core-mentorship mailing list (GH-11775). (GH-11778)
(cherry picked from commit e9bc4172d1)

Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>
2019-02-06 14:02:45 -08:00
Miss Islington (bot) 40a101df8c bpo-25592: Improve documentation of distutils data_files (GH-9767) (GH-11734)
(cherry picked from commit 598e15d4fe)

Co-authored-by: jdemeyer <J.Demeyer@UGent.be>
2019-02-02 11:16:09 +01:00
Miss Islington (bot) 06b15424b0
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f)

Co-authored-by: Christian Heimes <christian@python.org>
2019-01-15 15:11:52 -08:00
Serhiy Storchaka 1462234baf
[2.7] bpo-8765: Deprecate writing unicode to binary streams in Py3k mode. (GH-11127) 2019-01-15 14:34:48 +02:00
Miss Islington (bot) 77b80c956f
bpo-34512: Document platform-specific strftime() behavior for non-ASCII format strings (GH-8948)
(cherry picked from commit 1cffd0eed3)

Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
2019-01-12 09:28:06 -08:00
Serhiy Storchaka 555755ecff
[2.7] bpo-35552: Fix reading past the end in PyString_FromFormat(). (GH-11276) (GH-11534)
Format character "%s" in PyString_FromFormat() no longer read memory
past the limit if precision is specified.
(cherry picked from commit d586ccb04f)
2019-01-12 11:20:50 +02:00
Serhiy Storchaka 08a81df050
bpo-33817: Fix _PyString_Resize() and _PyUnicode_Resize() for empty strings. (GH-11515) 2019-01-12 09:22:52 +02:00
Senthil Kumaran 0167c08163
bpo-24746: Fix doctest failures when running the testsuite with -R (#11501) (#11512) 2019-01-10 12:55:08 -08:00
Miss Islington (bot) c0a1d73c64 Update bugs.rst (GH-11487)
(cherry picked from commit 91c6158dbc)

Co-authored-by: Andre Delfino <adelfino@gmail.com>
2019-01-09 16:00:48 -07:00
Sanyam Khurana 02e33d9567 [2.7] bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff (#11482)
* bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff

* [2.7] bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff (GH-10639).
(cherry picked from commit cbb1645993)

Co-authored-by: Sanyam Khurana <8039608+CuriousLearner@users.noreply.github.com>
2019-01-09 11:03:03 -08:00
Benjamin Peterson 112e4afd58
Remove README.rst inadvertandly "backported" from 3.x in 5a89c71580. (GH-11409) 2019-01-02 09:14:30 -08:00
Benjamin Peterson 5a89c71580
[2.7] Bump copyright years to 2019. (GH-11408)
(cherry picked from commit 9a69ae8a78)
2019-01-02 08:43:32 -08:00
Ned Deily befe3f7afd macOS installer build: mitigate hdiutil resource busy bug 2018-12-27 15:21:35 -05:00
Ned Deily c540c4ec61 Revert "bpo-35402: Update macOS installer to use Tcl 8.6.9 / Tk 8.6.9.1 (GH-11101)"
This reverts commit aa58050843.

Due to regressions found with using Tk 8.6.9.1, build the python.org
macOS installers with Tcl/Tk 8.6.8 as used in previous releases.
2018-12-27 15:18:51 -05:00
Matt McCormick 000b8093a1 bpo-11566: Remove hypot -> _hypot macro for very old compilers (GH-11283)
This addresses C extension build errors related to an undefined _hypot
symbol when building with the Microsoft Visual C++ Compiler for Python
2.7 [1] or MinGWPy [2]. It also addresses errors when building a C++
extension with MinGWPy and C++11 from cmath, 'error "::hypot' has not
been declared'

[1] https://www.microsoft.com/en-us/download/details.aspx?id=44266
[2] https://mingwpy.github.io/
2018-12-22 10:41:36 +09:00
Myles Borins d9a2aca839 [2.7] bpo-31715 Add mimetype for extension .mjs (GH-3908) (GH-10978)
(cherry picked from 0854b92cd2)
2018-12-20 15:29:34 -05:00
Zackery Spytz f347c6eb75 bpo-35504: Fix segfaults and SystemErrors when deleting certain attrs. (GH-11175) (GH-11249)
(cherry picked from commit 842acaab13)
2018-12-20 19:38:52 +02:00
Miss Islington (bot) 3752bc96c0
bpo-35529: Fix a reference counting bug in PyCFuncPtr_FromDll(). (GH-11229)
"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-12-20 00:51:52 -08:00
Serhiy Storchaka 89b5ea297d
[2.7] bpo-35441: Remove dead and buggy code related to PyList_SetItem(). (GH-11033) (GH-11234)
In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.

In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.

In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b5356)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-12-19 17:11:02 +02:00
Zackery Spytz 838645dc41 bpo-10320: Use PY_FORMAT_LONG_LONG in ctypes' PyCArg_repr(). (GH-11230) 2018-12-19 08:01:38 +02:00
Miss Islington (bot) 53e2248a94
bpo-10320: Replace nonstandard sprintf() length modifier in ctypes' PyCArg_repr(). (GH-10853)
Use "ll" instead of the nonstandard "q".
(cherry picked from commit 062cbb6772)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-12-18 15:51:04 -08:00
Victor Stinner ea6b322829
bpo-10496: distutils check_environ() handles getpwuid() error (GH-10931) (GH-11213)
check_environ() of distutils.utils now catchs KeyError on calling
pwd.getpwuid(): don't create the HOME environment variable in this
case.

(cherry picked from commit 17d0c0595e)
2018-12-18 17:34:51 +01:00
Victor Stinner 34b7c438b8
bpo-34279: regrtest consider that skipped tests are ran (GH-11132) (GH-11158)
bpo-34279, bpo-35412: support.run_unittest() no longer raises
TestDidNotRun if a test result contains skipped tests. The
exception is now only raised if no test have been run and no test
have been skipped.

(cherry picked from commit 3a8f4fef4a)
2018-12-14 13:44:08 +01:00
Victor Stinner 16d63202af
bpo-16039: CVE-2013-1752: Limit imaplib.IMAP4_SSL.readline() (GH-11120)
* bpo-16039: CVE-2013-1752: Change use of readline() in
  imaplib.IMAP4_SSL to limit line length. Remove IMAP4_SSL.readline()
  and IMAP4_SSL.read() to inherit safe IMAP4 implementation.
* bpo-20118: reenable test_linetoolong() of test_imaplib
  on ThreadedNetworkedTests and ThreadedNetworkedTestsSSL.
  The test now sets the _MAXLINE limit to 10 characters.
2018-12-12 12:05:59 +01:00
Victor Stinner d336b1c8a4
bpo-11617: Try to strengthen test_httpservers (GH-11121)
(cherry picked from commit cb342182ee)
2018-12-11 17:08:02 +01:00
Ned Deily d0d09b511d
[2.7] bpo-15663: the 10.6+ macOS installers for 3.6/2.7 now provide a private Tcl/Tk 8.6 (GH-11110) 2018-12-11 04:33:56 -05:00
Miss Islington (bot) aa58050843
bpo-35402: Update macOS installer to use Tcl 8.6.9 / Tk 8.6.9.1 (GH-11101)
(cherry picked from commit 7cf3d8e251)

Co-authored-by: Ned Deily <nad@python.org>
2018-12-10 22:39:34 -08:00
Miss Islington (bot) 55076cc0ff
[3.6] bpo-35401: Update macOS installer to OpenSSL 1.0.2q (GH-11095)
https://bugs.python.org/issue35401
(cherry picked from commit 419b5ffc2c)

Co-authored-by: Ned Deily <nad@python.org>
2018-12-10 21:54:04 -08:00
Steve Dower 3c8bd22b8f
bpo-35401: Updates Windows build to OpenSSL 1.0.2q (GH-11089) 2018-12-10 20:26:33 -08:00
Victor Stinner 2632df4c3f
[2.7] bpo-31374: Include pyconfig.h earlier in expat (GH-11078)
Include <pyconfig.h> ealier in Modules/expat/xmlparse.c to define
properly _POSIX_C_SOURCE and _XOPEN_SOURCE.
2018-12-10 16:01:03 +01:00
Victor Stinner 1fd93ff18c
ceval.c: mark debug 'filename' variable as unused (GH-11074)
Use GCC __attribute__((unused)) to mark the debug variable 'filename'
as unused in Python/ceval.c.
2018-12-10 13:53:38 +01:00
Miss Islington (bot) 7bbf7b02ab
bpo-31374: Include pyconfig.h earlier in expat (GH-11064)
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359d5)

Co-authored-by: Victor Stinner <vstinner@redhat.com>
2018-12-10 03:38:55 -08:00
Victor Stinner cecf313d1e
bpo-35052: Fix handler on xml.dom.minidom.cloneNode() (GH-11061) (GH-11068)
Fix xml.dom.minidom cloneNode() on a document with an entity: pass
the correct arguments to the user data handler of an entity (fix an
old copy/paste mistake).

Bug spotted and fix proposed by Charalampos Stratakis, initial
reproducer written by Petr Viktorin.

Co-Authored-By: Charalampos Stratakis <cstratak@redhat.com>
Co-Authored-By: Petr Viktorin <encukou@gmail.com>
(cherry picked from commit 8e04186889)
2018-12-10 11:56:54 +01:00
Serhiy Storchaka 324e179009
[2.7] bpo-33023: Fix NotImplemented to NotImplementedError. (GH-10934). (GH-11001) (GH-11008)
(cherry picked from commit 42b1d6127b)
(cherry picked from commit 7a2cf1e7d3)
2018-12-07 08:02:33 +02:00
Miss Islington (bot) 107b27eee0
Add missing period in distutils.dep_util.newer_group doc (GH-11003)
(cherry picked from commit c9566b8c45)

Co-authored-by: Andre Delfino <adelfino@gmail.com>
2018-12-06 13:34:15 -08:00
Victor Stinner 49cedc51a6
bpo-35359: Add _CRT_SECURE_NO_WARNINGS to pythoncore project (GH-10819)
Define _CRT_SECURE_NO_WARNINGS in the Visual Studio pythoncore
project to make quiet security warnings when building zlib C files
(Modules\zlib\ subdirectory).
2018-12-06 11:56:00 +01:00
native-api 29a4cbff92 [2.7] bpo-33709: test_ntpath and test_posixpath fail in Windows with ACP!=1252. (GH-7278) (GH-7279) 2018-12-06 11:43:37 +02:00
Andre Delfino 46aa472a8f [2.7] Correct a couple of unbalanced parenthesis. (GH-10779). (GH-10963)
(cherry picked from commit 55f41e45b4)
2018-12-06 11:19:23 +02:00
Victor Stinner 358fc87f53
Revert "[2.7] bpo-34172: multiprocessing.Pool leaks resources after being deleted (GH-9686)" (GH-10970)
This reverts commit 4a7dd30f58.
2018-12-06 01:49:41 +01:00
Miss Islington (bot) 40ef5b73c2
Fix typo in xml.dom.minidom documentation (GH-10956)
Escape the \t and \n.
Follow up from https://github.com/python/cpython/pull/10814.
(cherry picked from commit 2d8f976cde)

Co-authored-by: E Kawashima <e-kwsm@users.noreply.github.com>
2018-12-05 14:31:11 -08:00
Serhiy Storchaka fff8fab1ce
[2.7] bpo-34052: Prevent SQLite functions from setting callbacks on exceptions. (GH-8113). (GH-10946) (GH-10955)
(cherry picked from commit 5b25f1d031)
(cherry picked from commit 1de91a0032)

Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>.
2018-12-06 00:21:40 +02:00
Serhiy Storchaka b2742ba5f9
[2.7] bpo-34738: Add directory entries in ZIP files created by distutils. (GH-9419). (GH-10950)
(cherry picked from commit 67a93b3a0b)
2018-12-06 00:02:10 +02:00
Serhiy Storchaka abe74feb91
[2.7] bpo-35250: Correct argument name "num" -> "btn" in turtle docs. (GH-10565). (GH-10943)
(cherry picked from commit 4edeaeac4c)

Co-authored-by: Srinivas  Thatiparthy (శ్రీనివాస్  తాటిపర్తి) <thatiparthysreenivas@gmail.com>
2018-12-05 23:10:36 +02:00
Andre Delfino c6639cda51 [2.7] Move __missing__ after __delitem__ in Data model. (GH-10923). (GH-10944)
(cherry picked from commit 1ce853f377)

Co-authored-by: Andre Delfino <adelfino@gmail.com>
2018-12-05 23:09:25 +02:00
Victor Stinner b50b33b4ac
bpo-10496: posixpath.expanduser() catchs pwd.getpwuid() error (GH-10919) (GH-10930)
* posixpath.expanduser() now returns the input path unchanged if
  the HOME environment variable is not set and pwd.getpwuid() raises
  KeyError (the current user identifier doesn't exist in the password
  database).
* Add test_no_home_directory() to test_site.

(cherry picked from commit f2f4555d82)
2018-12-05 21:56:24 +01:00
Miss Islington (bot) bacc272afc
bpo-34185: Fix test module collision in test_bdb when ran as script. (GH-8537)
When running test_bdb.py as a script, `import test_module` would be
importing the existing Lib/test/test_modules.py instead of the
tempcwd/test_module.py module which was dynamically created by
test_bdb.py itself.
(cherry picked from commit 54fd45505b)

Co-authored-by: Alex H <1884912+lajarre@users.noreply.github.com>
2018-12-05 12:04:57 -08:00
Miss Islington (bot) c7976da5c2
bpo-35411: Skip test_urllib2net FTP tests on Travis CI (GH-10907)
On Travis CI, FTP tests of test_urllib2net randomly fail with "425
Security: Bad IP connecting".

test.pythoninfo now also logs TRAVIS environment variable.
(cherry picked from commit c11b3b19a5)

Co-authored-by: Victor Stinner <vstinner@redhat.com>
2018-12-04 17:22:02 -08:00