Commit Graph

10529 Commits

Author SHA1 Message Date
Miss Islington (bot) 2dd885eaa0 [3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit d02ac25ab0)

Co-authored-by: Christian Heimes <christian@python.org>
2018-03-25 13:28:20 +02:00
Miss Islington (bot) 42bd62bc87 [3.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6213)
LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.

Documentation updates and fixes for failing tests will be provided in
another patch set.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 4ca0739c9d)

Co-authored-by: Christian Heimes <christian@python.org>
2018-03-24 18:37:54 +01:00
Miss Islington (bot) c71edab15d
bpo-32999: ast: Convert useless check to assert (GH-6197)
(cherry picked from commit c65bf3fe4a)

Co-authored-by: INADA Naoki <methane@users.noreply.github.com>
2018-03-23 02:43:11 -07:00
Miss Islington (bot) 5d8bb5d07b bpo-32999: Revert GH-6002 (fc7df0e6) (GH-6189) (GH-6190)
bpo-33018 (GH-5944) fixed bpo-32999 too.  So fc7df0e6 is not required
anymore.  Revert it except test case.
(cherry picked from commit f757b72b25)

Co-authored-by: INADA Naoki <methane@users.noreply.github.com>
2018-03-22 14:00:11 +00:00
Miss Islington (bot) 346964ba05
bpo-33018: Improve issubclass() error checking and message. (GH-5944)
This improves error message for situations when a non-class is
checked w.r.t. an abstract base class.
(cherry picked from commit 40472dd42d)

Co-authored-by: jab <jab@users.noreply.github.com>
2018-03-22 04:49:26 -07:00
Miss Islington (bot) 56f530ef8a
Fix typos in mmap() error messages (GH-6173)
(cherry picked from commit 9308dea3e1)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
2018-03-20 23:24:41 -07:00
Miss Islington (bot) 56cce1ca84 [3.7] bpo-33021: Release the GIL during fstat() calls (GH-6019) (GH-6159)
fstat may block for long time if the file descriptor is on a
non-responsive NFS server, hanging all threads. Most fstat() calls are
handled by _Py_fstat(), releasing the GIL internally, but but
_Py_fstat_noraise() does not release the GIL, and most calls release the
GIL explicitly around it.

This patch fixes last 2 calls to _Py_fstat_no_raise(), avoiding hangs
when calling:
- mmap.mmap()
- os.urandom()
- random.seed()
(cherry picked from commit 4484f9dca9)

Co-authored-by: Nir Soffer <nirsof@gmail.com>
2018-03-20 20:16:30 +01:00
Miss Islington (bot) 429ca448d2 bpo-27645: Fix version number in 'database in transaction' fallback (GH-6131)
It was actually fixed in SQLite 3.8.8, not 3.8.7.

(cherry picked from commit bbf7bb7a63)

Co-authored-by: Aviv Palivoda <palaviv@gmail.com>
2018-03-18 09:24:33 +03:00
Miss Islington (bot) 136905fffd
bpo-32374: m_traverse may be called with m_state=NULL (GH-5140)
Multi-phase initialized modules allow m_traverse to be called while the
module is still being initialized, so module authors may need to account
for that.
(cherry picked from commit c2b0b12d1a)

Co-authored-by: Marcel Plch <gmarcel.plch@gmail.com>
2018-03-16 23:03:56 -07:00
Miss Islington (bot) e8a5a92037 bpo-27645: Add support for native backup facility of SQLite (GH-4238)
(cherry picked from commit d7aed4102d)

Co-authored-by: Emanuele Gaifas <lelegaifax@gmail.com>
2018-03-11 01:29:19 +03:00
Miss Islington (bot) 8c163bbf37
bpo-33016: Fix potential use of uninitialized memory in nt._getfinalpathname (GH-6010)
(cherry picked from commit 3b20d3454e)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-03-08 08:26:43 -08:00
Miss Islington (bot) d824b4e4af
bpo-32999: Fix ABC.__subclasscheck__ crash (GH-6002)
(cherry picked from commit fc7df0e664)

Co-authored-by: INADA Naoki <methane@users.noreply.github.com>
2018-03-06 23:47:40 -08:00
Miss Islington (bot) c4d77a6611
bpo-32969: Expose some missing constants in zlib and fix the doc (GH-5988)
(cherry picked from commit bc3f2289b9)

Co-authored-by: Xiang Zhang <angwerzx@126.com>
2018-03-06 21:26:19 -08:00
Miss Islington (bot) 96fdbacb77
bpo-33001: Prevent buffer overrun in os.symlink (GH-5989)
(cherry picked from commit 6921e73e33)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-03-05 15:12:56 -08:00
Miss Islington (bot) 6ae75d9d12 bpo-32903: Fix a memory leak in os.chdir() on Windows (GH-5801) (#5945)
(cherry picked from commit 3e197c7a67)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-03-01 18:28:41 +08:00
Miss Islington (bot) 4c842b0920
bpo-31453: Add setter for min/max protocol version (GH-5259)
OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.

Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 698dde16f6)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 03:41:04 -08:00
Miss Islington (bot) 2614ed4c6e
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (GH-5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 05d9fe32a1)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-27 00:17:49 -08:00
Miss Islington (bot) 53d3f8a899
bpo-32394: Remove some TCP options on old version Windows. (GH-5523)
(cherry picked from commit 19e7d48ce8)

Co-authored-by: animalize <animalize@users.noreply.github.com>
2018-02-26 10:36:17 -08:00
Miss Islington (bot) a9e0b070b3
bpo-32922: dbm.open() now encodes filename with the filesystem encoding. (GH-5832)
(cherry picked from commit 6f600ff173)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-02-26 06:25:40 -08:00
Miss Islington (bot) 632c1cb571
bpo-32622: Native sendfile on windows (GH-5565)
* Support sendfile on Windows Proactor event loop naively.
(cherry picked from commit a19fb3c6aa)

Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
2018-02-25 09:10:58 -08:00
Miss Islington (bot) 961774184e [3.7] bpo-30622: Fix NPN for OpenSSL 1.1.1-pre1 (GH-5876) (#5880)
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 29eab55309)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-25 13:18:43 +01:00
Miss Islington (bot) b5655f3d18
bpo-17232: Clarify docs for -O and -OO command line options (GH-5839)
The 'optimization' is for space in the executable file, not for run time.
(cherry picked from commit 186b606d8a)

Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>
2018-02-24 19:24:08 -08:00
Miss Islington (bot) 01d9c23e47 [3.7] bpo-30622: Improve NPN support detection (GH-5859) (#5860)
The ssl module now detects missing NPN support in LibreSSL.

Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org>
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 6cdb7954b0)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 23:04:27 +01:00
Miss Islington (bot) 8fa8478dde [3.7] bpo-24334: Cleanup SSLSocket (GH-5252) (#5857)
* The SSLSocket is no longer implemented on top of SSLObject to
  avoid an extra level of indirection.
* Owner and session are now handled in the internal constructor.
* _ssl._SSLSocket now uses the same method names as SSLSocket and
  SSLObject.
* Channel binding type check is now handled in C code. Channel binding
  is always available.

The patch also changes the signature of SSLObject.__init__(). In my
opinion it's fine. A SSLObject is not a user-constructable object.
SSLContext.wrap_bio() is the only valid factory.
(cherry picked from commit 141c5e8c24)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-24 21:51:56 +01:00
Miss Islington (bot) e49bf0f353
bpo-31966: Fixed WindowsConsoleIO.write() for writing empty data. (GH-5754)
(cherry picked from commit 42c35d9c0c)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-02-24 09:39:18 -08:00
Miss Islington (bot) 1c37e27719 [bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128) (GH-5843)
Previously, the ssl module stored international domain names (IDNs)
as U-labels. This is problematic for a number of reasons -- for
example, it made it impossible for users to use a different version
of IDNA than the one built into Python.

After this change, we always convert to A-labels as soon as possible,
and use them for all internal processing. In particular, server_hostname
attribute is now an A-label, and on the server side there's a new
sni_callback that receives the SNI servername as an A-label rather than
a U-label.
(cherry picked from commit 11a1493bc4)

Co-authored-by: Christian Heimes <christian@python.org>
2018-02-23 19:18:28 -08:00
Miss Islington (bot) 24d6e3c56b Test that new_timezone can return the UTC singleton (gh-5318) (#5819)
(cherry picked from commit a049f5790e)

Co-authored-by: Paul Ganssle <pganssle@users.noreply.github.com>
2018-02-22 16:18:54 -05:00
Miss Islington (bot) 01dd52fb29
bpo-32556: nt._getfinalpathname, nt._getvolumepathname and nt._getdiskusage now correctly convert from bytes. (GH-5761)
(cherry picked from commit 23ad6d0d1a)

Co-authored-by: Steve Dower <steve.dower@microsoft.com>
2018-02-22 11:02:12 -08:00
Miss Islington (bot) eed3c7af4e bpo-32604: Swap threads only if the interpreter is different. (gh-5783)
The CPython runtime assumes that there is a one-to-one relationship (for a given interpreter) between PyThreadState and OS threads. Sending and receiving on a channel in the same interpreter was causing crashes because of this (specifically due to a check in PyThreadState_Swap()). The solution is to not switch threads if the interpreter is the same.
(cherry picked from commit f53d9f2778)

Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com>
2018-02-20 17:09:41 -07:00
Miss Islington (bot) bab4fe320a closes bpo-32859: Don't retry dup3() if it is not available at runtime (GH-5708)
os.dup2() tests for dup3() system call availability at runtime,
but doesn't remember the result across calls, repeating
the test on each call with inheritable=False.

Since the caller of os.dup2() is expected to hold the GIL,
fix this by making the variable holding the test result static.
(cherry picked from commit b3caf388a0)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-02-19 23:46:47 -08:00
Ivan Levkivskyi 0442de5ad7
bpo-25988: Emit a warning when use or import ABCs from 'collections'. (GH-5734) 2018-02-18 17:40:59 +00:00
Ivan Levkivskyi 3892899288
bpo-31333: Re-implement ABCMeta in C (GH-5733)
This adds C versions of methods used by ABCMeta that
improve performance of various ABC operations.
2018-02-18 17:39:43 +00:00
Miss Islington (bot) 3db05a3a9c bpo-32604: Clean up created subinterpreters before runtime finalization. (gh-5710)
(cherry picked from commit 4c6955e2b0)

Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com>
2018-02-16 19:15:24 -07:00
Miss Islington (bot) f0616ce137
Update comment in posixmodule.c (GH-5681)
A closing parentheses was missing.

Signed-off-by: Ngie Cooper <yaneurabeya@gmail.com>
(cherry picked from commit 7745ec4e35)

Co-authored-by: ngie-eign <1574099+ngie-eign@users.noreply.github.com>
2018-02-14 13:06:46 -08:00
Miss Islington (bot) ef20abed7f
bpo-31787: Prevent refleaks when calling __init__() more than once (GH-3995)
(cherry picked from commit d019bc8319)

Co-authored-by: Oren Milman <orenmn@gmail.com>
2018-02-13 03:32:18 -08:00
Miss Islington (bot) 74ebbaeb56
bpo-29248: Fix os.readlink() on Windows (GH-5577)
The PrintNameOffset field of the reparse data buffer
was treated as a number of characters instead of bytes.
(cherry picked from commit 3c34aad4e7)

Co-authored-by: SSE4 <tomskside@gmail.com>
2018-02-12 13:39:42 -08:00
Miss Islington (bot) 0442599961 bpo-32221: makeipaddr(): remove interface part + speedup (GH-5449) (GH-5449) (#5641)
(cherry picked from commit 7766b96ab8)

Co-authored-by: Коренберг Марк <socketpair@gmail.com>
2018-02-12 15:12:24 -05:00
Miss Islington (bot) 7df80492fc Fix some warnings produced by different compilers. (GH-5593) (GH-5600)
(cherry picked from commit bfe4fd5f2e)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2018-02-09 17:56:34 +02:00
Miss Islington (bot) 2bb0bfafb0 bpo-32777: Fix _Py_set_inheritable async-safety in subprocess (GH-5560) (GH-5562)
Fix a rare but potential pre-exec child process deadlock in subprocess on POSIX systems when marking file descriptors inheritable on exec in the child process.  This bug appears to have been introduced in 3.4 with the inheritable file descriptors support.

This also changes Python/fileutils.c `set_inheritable` to use the "slow" two `fcntl` syscall path instead of the "fast" single `ioctl` syscall path when asked to be async signal safe (by way of being asked not to raise exceptions).  `ioctl` is not a POSIX async-signal-safe approved function.

ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html
(cherry picked from commit c1e46e94de)

Co-authored-by: Alexey Izbyshev <izbyshev@users.noreply.github.com>
2018-02-05 22:31:22 -08:00
Miss Islington (bot) e86db34dd3 [3.7] bpo-32746: Fix multiple typos (GH-5144) (GH-5520)
Fix typos found by codespell in docs, docstrings, and comments.
(cherry picked from commit c3d9508ff2)

Co-authored-by: Leo Arias <leo.arias@canonical.com>
2018-02-03 20:41:43 -05:00
Miss Islington (bot) f33ecedcad bpo-32604: Fix memory leaks in the new _xxsubinterpreters module. (GH-5507)
(cherry picked from commit 4e9da0d163)

Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com>
2018-02-02 22:38:57 -07:00
Miss Islington (bot) 29fd9eae43 Revert "bpo-31356: Add context manager to temporarily disable GC GH-5495 (#5496)
This reverts commit 72a0d218dc.

The reverted commit had a few issues so it was unanimously decided
to undo it. See the bpo issue for details.
(cherry picked from commit 383b32fe10)

Co-authored-by: Yury Selivanov <yury@magic.io>
2018-02-02 10:04:32 -05:00
Victor Stinner b8d90328ad
bpo-28914: Fix compilation of select on Android (#5447)
EPOLL_CLOEXEC is not defined on Android.

Co-Authored-By: Wataru Matsumoto <sxsns243@gmail.com>
2018-01-30 12:18:54 +01:00
Stéphane Wirtel 3d86e484de bpo-32681: Fix an uninitialized variable in the C implementation of os.dup2 (GH-5346)
See https://bugs.python.org/issue32441 for where this was introduced.
2018-01-29 22:04:36 -08:00
Eric Snow 83e64c8a54
bpo-32604: NULL-terminate kwlist in channel_drop_interpreter(). (gh-5437) 2018-01-29 21:04:15 -07:00
Eric Snow 7f8bfc9b9a
bpo-32604: Expose the subinterpreters C-API in a "private" stdlib module. (gh-1748)
The module is primarily intended for internal use in the test suite.  Building the module under Windows will come in a follow-up PR.
2018-01-29 18:23:44 -07:00
Christian Heimes b6e43af669
bpo-28134: Auto-detect socket values from file descriptor (#1349)
Fix socket(fileno=fd) by auto-detecting the socket's family, type,
and proto from the file descriptor. The auto-detection can be overruled
by passing in family, type, and proto explicitly.

Without the fix, all socket except for TCP/IP over IPv4 are basically broken:

>>> s = socket.create_connection(('www.python.org', 443))
>>> s
<socket.socket fd=3, family=AddressFamily.AF_INET6, type=SocketKind.SOCK_STREAM, proto=6, laddr=('2003:58:bc4a:3b00:56ee:75ff:fe47:ca7b', 59730, 0, 0), raddr=('2a04:4e42:1b::223', 443, 0, 0)>
>>> socket.socket(fileno=s.fileno())
<socket.socket fd=3, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('2003:58:bc4a:3b00::%2550471192', 59730, 0, 2550471192), raddr=('2a04:4e42:1b:0:700c:e70b:ff7f:0%2550471192', 443, 0, 2550471192)>

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-29 22:37:58 +01:00
Pablo Galindo 72a0d218dc bpo-31356: Add context manager to temporarily disable GC (GH-4224) 2018-01-29 12:37:09 -08:00
Pablo Galindo 0cd6bca655 bpo-20104: Fix leaks and errors in new os.posix_spawn (GH-5418)
* Fix memory leaks and error handling in posix spawn
* Improve error handling when destroying the file_actions object
* Py_DECREF the result of PySequence_Fast on error
* Handle uninitialized pid
* Use OSError if file actions fails to initialize
* Move _file_actions to outer scope to avoid undefined behaviour
* Remove HAVE_POSIX_SPAWN define in Modules/posixmodule.c
* Unshadow exception and clean error message
2018-01-29 12:34:42 -08:00
Benjamin Peterson c65ef772c3
rename _imp initialization function to follow conventions (#5432)
When the C imp module became _imp in 6f44d66bc4, the initialization function should have been renamed from PyInit_imp to PyInit__imp.
2018-01-29 11:33:57 -08:00