Commit Graph

81053 Commits

Author SHA1 Message Date
Senthil Kumaran f82e59ac40
[2.7] bpo-27973 - Fix for urllib.urlretrieve() failing on second ftp transfer (#1040)
* bpo-27973: Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host.

* bpo-35411: Skip test_urllibnet FTP tests on Travis CI.
2019-12-30 21:14:56 -08:00
Benjamin Peterson 362ede2232
[2.7] Minor C API documentation improvements. (GH-17699)
(cherry picked from commit 5c7ed7550e)

Co-authored-by: William Ayd <william.ayd@icloud.com>
2019-12-24 22:34:38 -06:00
Miss Islington (bot) 5f2c1345a7
bpo-38295: prevent test_relative_path of test_py_compile failure on macOS Catalina (GH-17636)
(cherry picked from commit bf3aa1060a)

Co-authored-by: Ned Deily <nad@python.org>
2019-12-17 01:16:33 -08:00
Benjamin Peterson 052f47ef5c
bpo-38730: Replace strncpy in import.c with memcpy. (GH-17633)
In all these cases, we know the exact length we want copied, so memcpy is the right function to use.
2019-12-16 16:39:57 -08:00
Inada Naoki de4481339d
bpo-39035: travis: Don't use beta group (GH-17605) 2019-12-14 23:02:55 +09:00
Matthew Rollings a016d4e32c [2.7] bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (GH-17418). (#17452)
(cherry picked from commit a62ad4730c)

Co-authored-by: Matthew Rollings <1211162+stealthcopter@users.noreply.github.com>
2019-12-03 10:18:52 -08:00
Miss Islington (bot) 864207181d
document threading.Lock.locked() (GH-17427)
(cherry picked from commit fdafa1d0ed)

Co-authored-by: idomic <michael.ido@gmail.com>
2019-12-01 12:12:09 -08:00
Victor Stinner e649903303
bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (GH-17345)
The regex http.cookiejar.LOOSE_HTTP_DATE_RE was vulnerable to regular
expression denial of service (REDoS).

LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar
to parse Set-Cookie headers returned by a server.
Processing a response from a malicious HTTP server can lead to extreme
CPU usage and execution will be blocked for a long time.

The regex contained multiple overlapping \s* capture groups.
Ignoring the ?-optional capture groups the regex could be simplified to

    \d+-\w+-\d+(\s*\s*\s*)$

Therefore, a long sequence of spaces can trigger bad performance.

Matching a malicious string such as

    LOOSE_HTTP_DATE_RE.match("1-c-1" + (" " * 2000) + "!")

caused catastrophic backtracking.

The fix removes ambiguity about which \s* should match a particular
space.

You can create a malicious server which responds with Set-Cookie headers
to attack all python programs which access it e.g.

    from http.server import BaseHTTPRequestHandler, HTTPServer

    def make_set_cookie_value(n_spaces):
        spaces = " " * n_spaces
        expiry = f"1-c-1{spaces}!"
        return f"b;Expires={expiry}"

    class Handler(BaseHTTPRequestHandler):
        def do_GET(self):
            self.log_request(204)
            self.send_response_only(204)  # Don't bother sending Server and Date
            n_spaces = (
                int(self.path[1:])  # Can GET e.g. /100 to test shorter sequences
                if len(self.path) > 1 else
                65506  # Max header line length 65536
            )
            value = make_set_cookie_value(n_spaces)
            for i in range(99):  # Not necessary, but we can have up to 100 header lines
                self.send_header("Set-Cookie", value)
            self.end_headers()

    if __name__ == "__main__":
        HTTPServer(("", 44020), Handler).serve_forever()

This server returns 99 Set-Cookie headers. Each has 65506 spaces.
Extracting the cookies will pretty much never complete.

Vulnerable client using the example at the bottom of
https://docs.python.org/3/library/http.cookiejar.html :

    import http.cookiejar, urllib.request
    cj = http.cookiejar.CookieJar()
    opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
    r = opener.open("http://localhost:44020/")

The popular requests library was also vulnerable without any additional
options (as it uses http.cookiejar by default):

    import requests
    requests.get("http://localhost:44020/")

* Regression test for http.cookiejar REDoS

If we regress, this test will take a very long time.

* Improve performance of http.cookiejar.ISO_DATE_RE

A string like

"444444" + (" " * 2000) + "A"

could cause poor performance due to the 2 overlapping \s* groups,
although this is not as serious as the REDoS in LOOSE_HTTP_DATE_RE was.

(cherry picked from commit 1b779bfb85)
2019-11-24 16:49:23 +01:00
Benjamin Peterson 9f94e52e8d
bpo-38730: Remove usage of stpncpy as it's not supported on MSVC 2008. (GH-17081) 2019-11-07 07:27:03 -08:00
Benjamin Peterson f32bcf8c27
[2.7] bpo-38730: Fix -Wstringop-truncation warnings. (GH-17075) 2019-11-07 07:06:28 -08:00
Benjamin Peterson 089e5f52a3
bpo-37731: Squish another _POSIX_C_SOURCE redefinition problem in expat. (GH-17077) 2019-11-06 21:29:43 -08:00
Miss Islington (bot) 30114c7119
bpo-37731: Reorder includes in xmltok.c to avoid redefinition of _POSIX_C_SOURCE (GH-16733)
(cherry picked from commit 8177404d52)

Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
2019-11-06 21:10:05 -08:00
Miss Skeleton (bot) 7356e10820
bpo-38557: Improve documentation for list and tuple C API. (GH-16925)
(cherry picked from commit d898d20e8c)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2019-10-26 13:04:13 -07:00
Serhiy Storchaka 493fef60a7
[2.7] bpo-38535: Fix positions for AST nodes for calls without arguments in decorators. (GH-16861). (GH-16931)
(cherry picked from commit 26ae9f6d3d)
2019-10-26 17:30:30 +03:00
Miss Skeleton (bot) c80955cdee
Update URL in macOS installer copy of license (GH-16905)
(cherry picked from commit 01659ca62c)

Co-authored-by: Ned Deily <nad@python.org>
2019-10-23 13:15:56 -07:00
Zackery Spytz 009a692872 bpo-37025: AddRefActCtx() shouldn't be checked for failure (GH-16897)
AddRefActCtx() does not return a value.
2019-10-23 11:15:55 -07:00
Miss Skeleton (bot) 9978a9553b
Fix Zope URL (GH-16880)
(cherry picked from commit dfe726b1ac)

Co-authored-by: Kyle Stanley <aeros167@gmail.com>
2019-10-22 02:48:33 -07:00
Serhiy Storchaka ccdfeb7e96
[2.7] bpo-38540: Fix possible leak in PyArg_Parse for "es#" and "et#". (GH-16869). (GH-16877)
(cherry picked from commit 5bc6a7c06e)
2019-10-21 21:40:30 +03:00
Steve Dower c9ed34f5ad
Work around Path.glob() issue when creating nuget package (GH-16855) 2019-10-19 18:25:35 -07:00
Benjamin Peterson b02f692934 2.2.17+ 2019-10-19 13:03:22 -07:00
Benjamin Peterson c2f86d86e6 Empty blurb file for 2.7.17. 2019-10-19 11:38:44 -07:00
Benjamin Peterson 74ceb358c7 Bump version to 2.7.17 final. 2019-10-19 11:37:52 -07:00
Miss Islington (bot) 6c4f841d8c
Update doc switcher list for 3.8.0 (GH-16809)
(cherry picked from commit 3f36043db2)

Co-authored-by: Ned Deily <nad@python.org>
2019-10-19 10:52:07 -07:00
Ned Deily 4ae38ba52a
Update build docs for macOS (GH-16844) 2019-10-19 05:35:44 -04:00
Ashley Whetter dedb99acdb bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault the interpreter (GH-5960) (GH-16565)
(cherry picked from commit 7a7f100eb3)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
2019-10-18 11:00:22 +03:00
Ashley Whetter 8eb27cc354 bpo-32758: Warn that compile() can crash when compiling to an AST object (GH-6043) (GH-16566)
(cherry picked from commit f7a6ff6fca)

Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
2019-10-18 11:00:03 +03:00
Miss Islington (bot) bef8d9acda Doc: 3.8 is now stable. (GH-16790) (GH-16794)
(cherry picked from commit 4504b4500d)

Co-authored-by: Julien Palard <julien@palard.fr>
2019-10-14 18:22:18 -04:00
Ned Deily 2c9d70a229
[2.7] Update macOS installer display files for 2.7.17 (GH-16768) 2019-10-14 04:39:00 -04:00
Benjamin Peterson 0bd59d6552
[2.7] bpo-31036: Allow sphinx and blurb to be found automatically (GH-16638)
Rather than requiring the path to blurb and/or sphinx-build to be specified to the make rule, enhance the Doc/Makefile to look for each first in a virtual environment created by make venv and, if not found, look on the normal process PATH. This allows the Doc/Makefile to take advantage of an installed spinx-build or blurb and, thus, do the right thing most of the time. Also, make the directory for the venv be configurable and document the `make venv` target..
(cherry picked from commit 590665c399)

Co-authored-by: Ned Deily <nad@python.org>
2019-10-07 20:57:05 -07:00
Miss Islington (bot) e78d79c15c
bpo-35036: Remove empty log line in the suspicious.py tool (GH-10024)
Previous to commit ee171a2 the logline was working because of self.info() (now
deprecated) defaults to an empty message.
(cherry picked from commit c3f52a59ce)

Co-authored-by: Xtreak <tirkarthi@users.noreply.github.com>
2019-10-07 20:43:53 -07:00
Miss Islington (bot) d9b321692b
bpo-31589 : Build PDF using xelatex for better UTF8 support. (GH-3940)
Also addresses doc build failures documented in bpo-32200.
(cherry picked from commit 7324b5ce8e)

Co-authored-by: Julien Palard <julien@palard.fr>
2019-10-07 20:42:51 -07:00
Benjamin Peterson c9a195ec0b
[2.7] Stop using deprecated logging API in Sphinx suspicious checker (GH-16635)
(cherry picked from commit ee171a26c1)

Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
2019-10-07 20:37:45 -07:00
Ned Deily 1c7b14197b
Update macOS installer displays for 2.7.17rc1 (#16634) 2019-10-07 22:13:04 -04:00
Benjamin Peterson a6df224570 Bump version to 2.7.17rc1. 2019-10-07 19:03:32 -07:00
Benjamin Peterson 89dea46642 Roll up news for 2.7.17rc1. 2019-10-07 19:01:18 -07:00
Jason R. Coombs f5b1abbb3b [2.7] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16476)
Backporting this change, I observe a couple of things:

1. The _encode_request call is no longer meaningful because the request construction will implicitly encode the request using the default encoding when the format string is used (request = '%s %s %s'...). In order to keep the code as consistent as possible, I decided to include the call as a pass-through. I'd be just as happy to remove it entirely, but I'll leave that up to the reviewer to decide. It's okay that this functionality is disabled on Python 2 because this functionality was mainly around bpo-36274, which was mainly a concern with the transition to Python 3.
2. Because _encode_request is no longer meaningful, neither is the test for it, so I've removed that test. Therefore, the meaningful part of this test is that for bpo-38216, adding a (underscore-protected) hook to customize/disable validation.

(cherry picked from commit 7774d7831e)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
2019-10-07 19:00:01 -07:00
Benjamin Peterson e7e58fe031
[2.7] bpo-37664: Update ensurepip bundled wheels, again (GH-16633)
(cherry picked from commit 10c452b894)

Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
2019-10-07 18:54:05 -07:00
Kirill Smelkov c5abd63e94 bpo-38106: Fix race in pthread PyThread_release_lock() (GH-16047)
Fix race in PyThread_release_lock that was leading to memory corruption and
deadlocks. The fix applies to POSIX systems where Python locks are implemented
with mutex and condition variable because POSIX semaphores are either not
provided, or are known to be broken. One particular example of such system is
macOS.

On Darwin, even though this is considered as POSIX, Python uses
mutex+condition variable to implement its lock, and, as of 2019-08-28, Py2.7
implementation, even though similar issue was fixed for Py3 in 2012, contains
synchronization bug: the condition is signalled after mutex unlock while the
correct protocol is to signal condition from under mutex:

  https://github.com/python/cpython/blob/v2.7.16-127-g0229b56d8c0/Python/thread_pthread.h#L486-L506
  https://github.com/python/cpython/commit/187aa545165d (py3 fix)

PyPy has the same bug for both pypy2 and pypy3:

  https://bitbucket.org/pypy/pypy/src/578667b3fef9/rpython/translator/c/src/thread_pthread.c#lines-443:465
  https://bitbucket.org/pypy/pypy/src/5b42890d48c3/rpython/translator/c/src/thread_pthread.c#lines-443:465

Signalling condition outside of corresponding mutex is considered OK by
POSIX, but in Python context it can lead to at least memory corruption if we
consider the whole lifetime of python level lock. For example the following
logical scenario:

      T1                                          T2

  sema = Lock()
  sema.acquire()

                                              sema.release()

  sema.acquire()
  free(sema)

  ...

can translate to the next C-level calls:

      T1                                          T2

  # sema = Lock()
  sema = malloc(...)
  sema.locked = 0
  pthread_mutex_init(&sema.mut)
  pthread_cond_init (&sema.lock_released)

  # sema.acquire()
  pthread_mutex_lock(&sema.mut)
  # sees sema.locked == 0
  sema.locked = 1
  pthread_mutex_unlock(&sema.mut)

                                              # sema.release()
                                              pthread_mutex_lock(&sema.mut)
                                              sema.locked = 0
                                              pthread_mutex_unlock(&sema.mut)

                      # OS scheduler gets in and relinquishes control from T2
                      # to another process
                                              ...

  # second sema.acquire()
  pthread_mutex_lock(&sema.mut)
  # sees sema.locked == 0
  sema.locked = 1
  pthread_mutex_unlock(&sema.mut)

  # free(sema)
  pthread_mutex_destroy(&sema.mut)
  pthread_cond_destroy (&sema.lock_released)
  free(sema)

  # ...
  e.g. malloc() which returns memory where sema was

                                              ...
                      # OS scheduler returns control to T2
                      # sema.release() continues
                      #
                      # BUT sema was already freed and writing to anywhere
                      # inside sema block CORRUPTS MEMORY. In particular if
                      # _another_ python-level lock was allocated where sema
                      # block was, writing into the memory can have effect on
                      # further synchronization correctness and in particular
                      # lead to deadlock on lock that was next allocated.
                                              pthread_cond_signal(&sema.lock_released)

Note that T2.pthread_cond_signal(&sema.lock_released) CORRUPTS MEMORY as it
is called when sema memory was already freed and is potentially
reallocated for another object.

The fix is to move pthread_cond_signal to be done under corresponding mutex:

  # sema.release()
  pthread_mutex_lock(&sema.mut)
  sema.locked = 0
  pthread_cond_signal(&sema.lock_released)
  pthread_mutex_unlock(&sema.mut)

To do so this patch cherry-picks thread_pthread.h part of the following 3.2 commit:

commit 187aa54516
Author: Kristján Valur Jónsson <kristjan@ccpgames.com>
Date:   Tue Jun 5 22:17:42 2012 +0000

    Signal condition variables with the mutex held.  Destroy condition variables
    before their mutexes.

 Python/ceval_gil.h      |  9 +++++----
 Python/thread_pthread.h | 15 +++++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

(ceval_gil.h is Python3 specific and does not apply to Python2.7)

The bug was there since 1994 - since at least [1]. It was discussed in 2001
with original code author[2], but the code was still considered to be
race-free. In 2010 the place where pthread_cond_signal should be - before or
after pthread_mutex_unlock - was discussed with the rationale to avoid
threads bouncing[3,4,5], and in 2012 pthread_cond_signal was moved to be
called from under mutex, but only for CPython3[6,7].

In 2019 the bug was (re-)discovered while testing Pygolang[8] on macOS with
CPython2 and PyPy2 and PyPy3.

[1] https://github.com/python/cpython/commit/2c8cb9f3d240
[2] https://bugs.python.org/issue433625
[3] https://bugs.python.org/issue8299#msg103224
[4] https://bugs.python.org/issue8410#msg103313
[5] https://bugs.python.org/issue8411#msg113301
[6] https://bugs.python.org/issue15038#msg163187
[7] https://github.com/python/cpython/commit/187aa545165d
[8] https://pypi.org/project/pygolang

(cherry picked from commit 187aa54516)

Co-Authored-By: Kristján Valur Jónsson <kristjan@ccpgames.com>
2019-10-03 09:06:52 +02:00
Victor Stinner 403ca7ea70
[2.7] bpo-38338, test.pythoninfo: add more ssl infos (GH-16543)
test.pythoninfo now logs environment variables used by OpenSSL and
Python ssl modules, and logs attributes of 3 SSL contexts
(SSLContext, default HTTPS context, stdlib context).

(cherry picked from commit 1df1c2f8df)
2019-10-02 18:36:32 +02:00
Dong-hee Na 8eb64155ff [2.7] bpo-38243: Escape the server title of DocXMLRPCServer (GH-16447)
Escape the server title of DocXMLRPCServer.DocXMLRPCServer
when rendering the document page as HTML.
2019-10-01 12:58:00 +02:00
Jesús Cea 598f676880
[2.7] bpo-38301: In Solaris family, we must be sure to use '-D_REENTRANT' (GH-16446). (#16454)
(cherry picked from commit 52d1b86bde)

Co-authored-by: Jesús Cea <jcea@jcea.es>
2019-09-28 05:09:24 +02:00
Benjamin Peterson 90b4e49c98
bpo-38174 follow up: Remove loadlibrary.c from VS9.0. (GH-16411) 2019-09-25 22:07:09 -07:00
Benjamin Peterson e73b93ab3e
[2.7] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16408)
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes..
(cherry picked from commit 52b9408038)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
2019-09-25 21:49:04 -07:00
Miss Islington (bot) 7c65adf688
closes bpo-38253: Fix typo of Py_SET_ERANGE_IF_OVERFLOW in pyport.h. (GH-16230)
(cherry picked from commit 4346bad332)

Co-authored-by: Hai Shi <shihai1992@gmail.com>
2019-09-23 19:31:25 -07:00
Miss Islington (bot) c47c8ba296 bpo-37904: Edition on python tutorial - section 4 (GH-16169) (GH-16236)
A little change on first paragraph of python tutorial to be more clearly

https://bugs.python.org/issue37904

Automerge-Triggered-By: @ericvsmith
(cherry picked from commit b57481318e)

Co-authored-by: Diego Alberto Barriga Martínez <diegobarriga@protonmail.com>
2019-09-18 06:36:57 -04:00
Serhiy Storchaka be257bcad1
[2.7] bpo-38175: Fix a memory leak in comparison of sqlite3.Row objects. (GH-16155). (GH-16215)
(cherry picked from commit 8debfa5040)
2019-09-17 09:56:27 +03:00
Miss Islington (bot) 5d55d52b61
bpo-33936: Don't call obsolete init methods with OpenSSL 1.1.0+ (GH-16140)
``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``.

https://bugs.python.org/issue33936
(cherry picked from commit 724f1a5723)

Co-authored-by: Christian Heimes <christian@python.org>
2019-09-16 12:48:21 -07:00
Steve Dower d8903416d2
bpo-38117: Updates bundled OpenSSL to 1.0.2t (GH-16178) 2019-09-16 13:07:40 +01:00
Xiang Zhang 68d8c12297
[2.7] bpo-38168: Fix a possbile refleak in setint() of mmapmodule.c (GH-16136) (GH-16176)
(cherry picked from commit 56a4514)

Co-authored-by: Hai Shi shihai1992@gmail.com

https://bugs.python.org/issue38168
2019-09-16 15:07:32 +08:00
Ned Deily 8dd358caf0
bpo-38117: Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x. (GH-16171) 2019-09-16 04:35:55 +01:00