CGIHTTPRequestHandler of http.server now logs the CGI script exit
code, rather than the CGI script exit status of os.waitpid().
For example, if the script is killed by signal 11, it now logs:
"CGI script exit code -11."
The AbstractBasicAuthHandler class of the urllib.request module uses
an inefficient regular expression which can be exploited by an
attacker to cause a denial of service. Fix the regex to prevent the
catastrophic backtracking. Vulnerability reported by Ben Caller
and Matt Schwager.
AbstractBasicAuthHandler of urllib.request now parses all
WWW-Authenticate HTTP headers and accepts multiple challenges per
header: use the realm of the first Basic challenge.
Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
Add os.waitstatus_to_exitcode() function to convert a wait status to an
exitcode.
Suggest waitstatus_to_exitcode() usage in the documentation when
appropriate.
Use waitstatus_to_exitcode() in:
* multiprocessing, os, subprocess and _bootsubprocess modules;
* test.support.wait_process();
* setup.py: run_command();
* and many tests.
On Solaris, the regular "grep" command may be an old version that fails to search a binary file. We need to use the correct command (ggrep, in our case), which is found by the configure script earlier.
Automerge-Triggered-By: @pablogsal
Changes on 7dd549eb08 made _functools compatible with
PEP-489 and we could have multiple modules instances loaded.
But, right now there is no way to make `kwd_mark` global into
a per module instance variable. kwd_mark is used on lru_cache_new
which does not have a reference to a PyModule*, necessary to use
PyModule_GetState.
PEP-573 will solve this problem and will allow us to move the global
state to per-module data and properly clear the state when unloading
a module instance.
This change temporarily disable cleaning of kwd_mark to avoid NULL
pointer dereference if we clear kwd_mark and other module instances
still alive use it.
Running `test_socket` or anything that depends on it (like python -m
test.pythoninfo) crashes if IOCTL_VM_SOCKETS_GET_LOCAL_CID does not
exist in the socket module.
Automerge-Triggered-By: @pablogsal
* Add _waitstatus_to_exitcode() helper function to _bootsubprocess.
* Enhance check_output() error message if the command fails.
_bootsubprocess no longer handles WIFSTOPPED() case: it now raises a
ValueError.
* Rewrite test_thread.test_forkinthread() to use
support.wait_process() and wait for the child process in the main
thread, not in the spawned thread.
* test_threading now uses support.wait_process() and checks the child
process exit code to detect crashes.
* test_fork1: remove duplicated wait_impl() method: reuse
fork_wait.py implementation instead.
* Use exit code different than 0 to ensure that we executed the
expected code path.
Moreover, the following tests now check the child process exit code:
* test_os.PtyTests
* test_mailbox.test_lock_conflict()
* test_tempfile.test_process_awareness()
* test_uuid.testIssue8621()
* multiprocessing resource tracker tests
The _PyErr_WarnUnawaitedCoroutine() fallback now also sets the
coroutine object as the source of the warning, as done by the Python
implementation warnings._warn_unawaited_coroutine().
Moreover, don't truncate the coroutine name: Python supports
arbitrary string length to format the message.
Fix a leak and subsequent crash in parsetok.c caused by realloc misuse on a rare codepath.
Realloc returns a null pointer on failure, and then growable_comment_array_deallocate crashes later when it dereferences it.
Replace statically allocated types with heap allocated types:
use PyType_FromSpec().
Add a module state to store the _abc_data_type.
Add traverse, clear and free functions to the module.
Speed up calls to list() by using the PEP 590 vectorcall
calling convention. Patch by Mark Shannon.
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
Change 0/1 assignments to 'executing', 'canceled', 'reading', 'endoffile'.
These are not used outside of pyshell. Other bools already use False/True.
Add comment about int needed for Windows call.
Remove self.more, unused in idlelib and code.InteractiveInterpreter.
The latter uses 'more' as a local.
Remove daemon threads from :mod:`concurrent.futures` by adding
an internal `threading._register_atexit()`, which calls registered functions
prior to joining all non-daemon threads. This allows for compatibility
with subinterpreters, which don't support daemon threads.
If fork was not called by a thread spawned by threading.Thread,
threading._after_fork() now creates a _MainThread instance for
_main_thread, instead of a _DummyThread instance.
Kyle Stanley
Victor Stinner
Dong-hee Na
Pablo Galindo
Arnon Yaari
Paulo Henrique Silva
Barney Gale
Zackery Spytz
Serhiy Storchaka
Steve Dower
Benjamin Peterson
Mathieu Dupuy
Alexander Riccio
Andy Lester
Curtis Bucher
Petr Viktorin
Ashwin Ramaswami
Batuhan Taşkaya
Terry Jan Reedy
Furkan Önder
Miro Hrončok
Javad Mokhtari
Ammar Askar