812245e | jkriegshauser | 27 March 2024, 15:24:34 UTC | [3.10] gh-116773: Fix overlapped memory corruption crash (GH-116774) (GH-117079) Co-authored-by: Łukasz Langa <lukasz@langa.pl> | 27 March 2024, 15:24:34 UTC |
0a263cc | Miss Islington (bot) | 27 March 2024, 13:44:58 UTC | [3.10] gh-117187: Fix XML tests for vanilla Expat <2.6.0 (GH-117203) (GH-117246) This fixes XML unittest fallout from the https://github.com/python/cpython/issues/115398 security fix. When configured using `--with-system-expat` on systems with older pre 2.6.0 versions of libexpat, our unittests were failing. Co-authored-by: Sebastian Pipping <sebastian@pipping.org> | 27 March 2024, 13:44:58 UTC |
83518b3 | Łukasz Langa | 19 March 2024, 23:40:17 UTC | Post 3.10.14 | 19 March 2024, 23:40:17 UTC |
976ea78 | Łukasz Langa | 19 March 2024, 21:42:28 UTC | Python 3.10.14 | 19 March 2024, 21:46:16 UTC |
eac1495 | Miss Islington (bot) | 19 March 2024, 10:53:33 UTC | [3.10] gh-115197: Stop resolving host in urllib.request proxy bypass (GH-115210) (GH-116070) Use of a proxy is intended to defer DNS for the hosts to the proxy itself, rather than a potential for information leak of the host doing DNS resolution itself for any reason. Proxy bypass lists are strictly name based. Most implementations of proxy support agree. (cherry picked from commit c43b26d02eaa103756c250e8d36829d388c5f3be) Co-authored-by: Weii Wang <weii.wang@canonical.com> | 19 March 2024, 10:53:33 UTC |
516a6d4 | Sebastian Pipping | 06 March 2024, 23:02:55 UTC | [3.10] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116270) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org> | 06 March 2024, 23:02:55 UTC |
b612ec6 | Miss Islington (bot) | 21 February 2024, 11:43:27 UTC | [3.10] gh-115399: Document CVE-2023-52425 under "XML vulnerabilities" (GH-115400) (GH-115762) Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities" (cherry picked from commit fbd40ce46e7335a5dbaf48a3aa841be22d7302ba) Co-authored-by: Sebastian Pipping <sebastian@pipping.org> | 21 February 2024, 11:43:27 UTC |
37324b4 | Miss Islington (bot) | 20 February 2024, 16:35:27 UTC | [3.10] gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573) (#115548) gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573) * gh-114572: Fix locking in cert_store_stats and get_ca_certs cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with X509_STORE_get0_objects, but reading the result requires a lock. See https://github.com/openssl/openssl/pull/23224 for details. Instead, use X509_STORE_get1_objects, newly added in that PR. X509_STORE_get1_objects does not exist in current OpenSSLs, but we can polyfill it with X509_STORE_lock and X509_STORE_unlock. * Work around const-correctness problem * Add missing X509_STORE_get1_objects failure check * Add blurb (cherry picked from commit bce693111bff906ccf9281c22371331aaff766ab) Co-authored-by: David Benjamin <davidben@google.com> | 20 February 2024, 16:35:27 UTC |
d0524ca | Miss Islington (bot) | 19 February 2024, 14:58:39 UTC | [3.10] Upgrade bundled libexpat to 2.6.0 (GH-115399) (GH-115468) (#115473) Manual backport due to code differences. (cherry picked from commit e071b0d558b2f5cddd5a9fc6afadb4ba109ec77e) Co-authored-by: Seth Michael Larson <seth@python.org> | 19 February 2024, 14:58:39 UTC |
17a6533 | Ned Deily | 19 February 2024, 13:43:38 UTC | [3.10] gh-97032: avoid test_squeezer crash on macOS buildbots (#115508) avoid test_squeezer crash on macOS buildbots | 19 February 2024, 13:43:38 UTC |
d9c79e1 | Miss Islington (bot) | 19 February 2024, 13:38:49 UTC | [3.10] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) (#115525) gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164) Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive. (cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 19 February 2024, 13:38:49 UTC |
6091fbd | Miss Islington (bot) | 16 February 2024, 01:06:00 UTC | [3.10] gh-105821: Use a raw f-string in test_httpservers.py (GH-105822) (#115519) | 16 February 2024, 01:06:00 UTC |
0e7ff84 | Miss Islington (bot) | 14 February 2024, 13:23:26 UTC | [3.10] Add missing sections to blurbs (GH-114553) (#115338) | 14 February 2024, 13:23:26 UTC |
c3108e1 | Łukasz Langa | 06 February 2024, 18:53:23 UTC | [3.10] gh-46968: Fix invalid reference to Sound eXchange (SoX) 12.17.7 license (GH-115094) (GH-115096) (cherry picked from commit b39119916c0daaf5e5fdfec63e18ad97f29e2e72) Co-authored-by: Łukasz Langa <lukasz@langa.pl> | 06 February 2024, 18:53:23 UTC |
806e6ec | Miss Islington (bot) | 06 February 2024, 14:40:18 UTC | [3.10] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) (#115079) gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) (cherry picked from commit 618d7256e78da8200f6e2c6235094a1ef885dca4) Co-authored-by: Zachary Ware <zach@python.org> | 06 February 2024, 14:40:18 UTC |
9afc6d1 | Miss Islington (bot) | 18 January 2024, 13:39:30 UTC | [3.10] gh-113659: Skip hidden .pth files (GH-113660) (GH-114145) Skip .pth files with names starting with a dot or hidden file attribute. (cherry picked from commit 74208ed0c440244fb809d8acc97cb9ef51e888e3) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> | 18 January 2024, 13:39:30 UTC |
1274896 | Miss Islington (bot) | 17 January 2024, 14:02:42 UTC | [3.10] gh-107888: Fix test_mmap.test_access_parameter() on macOS 14 (GH-109928) (GH-114185) (cherry picked from commit 9dbfe2dc8e7bba25e52f9470ae6969821a365297) Co-authored-by: Victor Stinner <vstinner@python.org> | 17 January 2024, 14:02:42 UTC |
6661b22 | Adam Turner | 17 January 2024, 13:50:24 UTC | [3.10] gh-114021: Pin various sphinxcontrib extensions to older versions (GH-114022) (GH-114038) (cherry picked from commit 94b1d1fa38ada8cf7d196184a04a195c152eed75) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> | 17 January 2024, 13:50:24 UTC |
30fe5d8 | Miss Islington (bot) | 17 January 2024, 13:50:10 UTC | [3.10] gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016) (GH-113914) Raise BadZipFile when try to read an entry that overlaps with other entry or central directory. (cherry picked from commit 66363b9a7b9fe7c99eba3a185b74c5fdbf842eba) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 17 January 2024, 13:50:10 UTC |
8eaeefe | Serhiy Storchaka | 17 January 2024, 13:49:56 UTC | [3.10] gh-91133: tempfile.TemporaryDirectory: fix symlink bug in cleanup (GH-99930) (GH-112840) (cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d) Co-authored-by: Søren Løvborg <sorenl@unity3d.com> | 17 January 2024, 13:49:56 UTC |
32e7acd | Miss Islington (bot) | 17 January 2024, 13:49:40 UTC | [3.10] bpo-37013: Fix the error handling in socket.if_indextoname() (GH-13503) (GH-112599) * Fix a crash when pass UINT_MAX. * Fix an integer overflow on 64-bit non-Windows platforms. (cherry picked from commit 0daf555c6fb3feba77989382135a58215e1d70a5) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 17 January 2024, 13:49:40 UTC |
b6535ea | Seth Michael Larson | 20 November 2023, 23:38:10 UTC | [3.10] gh-112160: Add 'regen-configure' make target (#112163) Add 'regen-configure' make target | 20 November 2023, 23:38:10 UTC |
6c2f34f | Łukasz Langa | 06 November 2023, 14:46:20 UTC | [3.10] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) (gh-111779) (cherry picked from commit c8faa3568afd255708096f6aa8df0afa80cf7697) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com> | 06 November 2023, 14:46:20 UTC |
dcb16c9 | Steve Dower | 10 October 2023, 11:46:16 UTC | [3.10] gh-109991: Update Windows build to use OpenSSL 1.1.1w (GH-110090) Co-authored-by: Zachary Ware <zachary.ware@gmail.com> | 10 October 2023, 11:46:16 UTC |
97ce15c | Ned Deily | 28 September 2023, 14:34:02 UTC | [3.10] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (#110007) gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (cherry picked from commit c88037d137a98d7c399c7bd74d5117b5bcae1543) | 28 September 2023, 14:34:02 UTC |
63a7f77 | Miss Islington (bot) | 06 September 2023, 18:01:13 UTC | [3.10] gh-109002: Ensure only one wheel for each vendored package (GH-109003) (#109007) Output with one wheel: ``` ❯ GITHUB_ACTIONS=true ./Tools/build/verify_ensurepip_wheels.py Verifying checksum for /Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl. Expected digest: 7ccf472345f20d35bdc9d1841ff5f313260c2c33fe417f48c30ac46cccabf5be Actual digest: 7ccf472345f20d35bdc9d1841ff5f313260c2c33fe417f48c30ac46cccabf5be ::notice file=/Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl::Successfully verified the checksum of the pip wheel. ``` Output with two wheels: ``` ❯ GITHUB_ACTIONS=true ./Tools/build/verify_ensurepip_wheels.py ::error file=/Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-22.0.4-py3-none-any.whl::Found more than one wheel for package pip. ::error file=/Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl::Found more than one wheel for package pip. ``` Output without wheels: ``` ❯ GITHUB_ACTIONS=true ./Tools/build/verify_ensurepip_wheels.py ::error file=::Could not find a pip wheel on disk. ``` (cherry picked from commit f8a047941f2e4a1848700c21d58a08c9ec6a9c68) Co-authored-by: Łukasz Langa <lukasz@langa.pl> | 06 September 2023, 18:01:13 UTC |
fc756f6 | Hugo van Kemenade | 05 September 2023, 20:39:13 UTC | [3.10] CI: Bump GitHub Actions (GH-108879) (#108892) Co-authored-by: Łukasz Langa <lukasz@langa.pl> | 05 September 2023, 20:39:13 UTC |
5970435 | Łukasz Langa | 05 September 2023, 15:08:51 UTC | [3.10] Add a dummy .rtfd.yml file to silence invalid failing webhooks (#108908) Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> | 05 September 2023, 15:08:51 UTC |
fc382d3 | Pablo Galindo | 24 August 2023, 13:21:57 UTC | Post 3.10.13 | 24 August 2023, 13:21:57 UTC |
4996560 | Pablo Galindo | 24 August 2023, 12:45:33 UTC | Python 3.10.13 | 24 August 2023, 12:46:25 UTC |
e96bddf | Łukasz Langa | 24 August 2023, 10:09:00 UTC | [3.10] gh-108342: Make ssl TestPreHandshakeClose more reliable (GH-108370) (#108406) * In preauth tests of test_ssl, explicitly break reference cycles invoving SingleConnectionTestServerThread to make sure that the thread is deleted. Otherwise, the test marks the environment as altered because the threading module sees a "dangling thread" (SingleConnectionTestServerThread). This test leak was introduced by the test added for the fix of issue gh-108310. * Use support.SHORT_TIMEOUT instead of hardcoded 1.0 or 2.0 seconds timeout. * SingleConnectionTestServerThread.run() catchs TimeoutError * Fix a race condition (missing synchronization) in test_preauth_data_to_tls_client(): the server now waits until the client connect() completed in call_after_accept(). * test_https_client_non_tls_response_ignored() calls server.join() explicitly. * Replace "localhost" with server.listener.getsockname()[0]. (cherry picked from commit 592bacb6fc0833336c0453e818e9b95016e9fd47) Co-authored-by: Victor Stinner <vstinner@python.org> | 24 August 2023, 10:09:00 UTC |
893c3b7 | Miss Islington (bot) | 23 August 2023, 10:10:14 UTC | [3.10] gh-108342: Break ref cycle in SSLSocket._create() exc (GH-108344) (#108350) Explicitly break a reference cycle when SSLSocket._create() raises an exception. Clear the variable storing the exception, since the exception traceback contains the variables and so creates a reference cycle. This test leak was introduced by the test added for the fix of GH-108310. (cherry picked from commit 64f99350351bc46e016b2286f36ba7cd669b79e3) Co-authored-by: Victor Stinner <vstinner@python.org> | 23 August 2023, 10:10:14 UTC |
1c937e5 | Miss Islington (bot) | 22 August 2023, 18:24:40 UTC | [3.10] gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data (GH-99613) (GH-107224) (#107230) Previously *consumed was not set in this case. (cherry picked from commit b8b3e6afc0a48c3cbb7c36d2f73e332edcd6058c) (cherry picked from commit f08e52ccb027f6f703302b8c1a82db9fd3934270) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 22 August 2023, 18:24:40 UTC |
37d7180 | Łukasz Langa | 22 August 2023, 17:53:23 UTC | [3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108318) gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> | 22 August 2023, 17:53:23 UTC |
7d44551 | Miss Islington (bot) | 22 August 2023, 17:02:30 UTC | [3.10] gh-107845: Fix symlink handling for tarfile.data_filter (GH-107846) (#108210) | 22 August 2023, 17:02:30 UTC |
56e8c87 | Ned Deily | 18 August 2023, 21:21:19 UTC | [3.10] gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. (GH-108120) (cherry picked from commit 441797d4ffb12acda257370b9e5e19ed8d6e8a71) | 18 August 2023, 21:21:19 UTC |
917439d | Eric Snow | 11 August 2023, 13:41:56 UTC | [3.10] gh-98154: Clarify Usage of "Reference Count" In the Docs (#107754) | 11 August 2023, 13:41:56 UTC |
c32f095 | Pablo Galindo Salgado | 03 August 2023, 20:35:42 UTC | [3.10] Revert "[3.10] gh-107077: Raise SSLCertVerificationError even if the error is set via SSL_ERROR_SYSCALL (GH-107586) (#107589)" (#107602) | 03 August 2023, 20:35:42 UTC |
24d54fe | Miss Islington (bot) | 03 August 2023, 14:09:32 UTC | [3.10] gh-107077: Raise SSLCertVerificationError even if the error is set via SSL_ERROR_SYSCALL (GH-107586) (#107589) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com> Co-authored-by: T. Wouters <thomas@python.org> | 03 August 2023, 14:09:32 UTC |
a9e5e59 | Miss Islington (bot) | 22 July 2023, 14:30:09 UTC | [3.10] gh-105090: Replace incorrect TLSv1.2 with TLSv1.3 (GH-105404) (#107039) Co-authored-by: Jocelyn Castellano <admin@malwarefight.gq> | 22 July 2023, 14:30:09 UTC |
f91dfdf | Miss Islington (bot) | 05 July 2023, 11:21:19 UTC | [3.10] gh-105993: Add possible `None` return type to `asyncio.EventLoop.start_tls` docs (GH-105995) (#106190) (cherry picked from commit 6b52a581c151914e59c8c367a03bc7309713a73b) Co-authored-by: Sam Bull <git@sambull.org> | 05 July 2023, 11:21:19 UTC |
073c660 | Miss Islington (bot) | 05 July 2023, 11:20:29 UTC | [3.10] CI: Bump macOS build to use OpenSSL v3.0 (GH-105538) (#105869) (cherry picked from commit 34e93d3998bab8acd651c50724eb1977f4860a08) Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com> | 05 July 2023, 11:20:29 UTC |
1851443 | Miss Islington (bot) | 05 July 2023, 11:18:39 UTC | [3.10] [3.11] Add single value `agen.athrow(value)` signature to the 3.11 docs gh-105269 (GH-105468) (#105480) (cherry picked from commit acf3916e84158308660ed07c474a564e045d6884) Co-authored-by: Federico Caselli <CaselIT@users.noreply.github.com> | 05 July 2023, 11:18:39 UTC |
45de31d | Miss Islington (bot) | 09 June 2023, 16:00:59 UTC | [3.10] Clarify the supported cases in the tokenize module (GH-105569) (#105575) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com> | 09 June 2023, 16:00:59 UTC |
a23ff66 | Pablo Galindo | 06 June 2023, 22:49:22 UTC | Post 3.10.12 | 06 June 2023, 22:49:22 UTC |
b4e48a4 | Pablo Galindo | 06 June 2023, 22:29:37 UTC | Python 3.10.12 | 06 June 2023, 22:30:33 UTC |
b7fd286 | Miss Islington (bot) | 05 June 2023, 17:02:31 UTC | [3.10] gh-89412: Add missing attributes (added in 3.10) to traceback module docs (GH-105046) (#105329) (cherry picked from commit a4f72fa39a9d391c7b931ba1906d81da4ae01949) Co-authored-by: Jakub Kuczys <me@jacken.men> | 05 June 2023, 17:02:31 UTC |
cb37100 | Gregory P. Smith | 05 June 2023, 16:07:30 UTC | [3.10] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) (#105204) Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). (cherry picked from commit ede89af). (cherry picked from commit a5d2b546c1b0b73d0695b98838a3ddd497382999) (cherry picked from commit f90d3f68db720bd6d0deda8cc0030339ccd43858) Co-authored-by: Gregory P. Smith <greg@krypto.org> | 05 June 2023, 16:07:30 UTC |
f12502b | Miss Islington (bot) | 05 June 2023, 16:06:43 UTC | [3.10] gh-105184: document that marshal functions can fail and need to be checked with PyErr_Occurred (GH-105185) (#105220) (cherry picked from commit ee26ca13a129da8cf549409d0a1b2e892ff2b4ec) Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com> | 05 June 2023, 16:06:43 UTC |
6cae236 | Ned Deily | 05 June 2023, 06:42:02 UTC | [3.10] Update GitHub CI workflow for macOS. (GH-105304) | 05 June 2023, 06:42:02 UTC |
2c9b0f3 | Steve Dower | 25 May 2023, 22:03:04 UTC | [3.10] Skip test_sundry on Windows APPX tests (GH-104944) | 25 May 2023, 22:03:04 UTC |
f22ddbf | Steve Dower | 25 May 2023, 16:45:47 UTC | [3.10] Improves the Windows MSI test run on PR (GH-104929) Correctly set the exit code when builds fail Also build docs as part of the test | 25 May 2023, 16:45:47 UTC |
f9d2a10 | Miss Islington (bot) | 19 May 2023, 21:22:44 UTC | [3.10] gh-104472: Skip `test_subprocess.ProcessTestCase.test_empty_env` if ASAN is enabled (GH-104667) (#104669) gh-104472: Skip `test_subprocess.ProcessTestCase.test_empty_env` if ASAN is enabled (GH-104667) Skip test_subprocess.ProcessTestCase.test_empty_env if ASAN is enabled. (cherry picked from commit c3f43bfb4bec39ff8f2c36d861a3c3a243bcb3af) Co-authored-by: chgnrdv <52372310+chgnrdv@users.noreply.github.com> | 19 May 2023, 21:22:44 UTC |
f48a96a | Miss Islington (bot) | 17 May 2023, 23:06:06 UTC | [3.10] [3.11] gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) (GH-104575) (#104592) gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). I simplified the docs by eliding the state of the world explanatory paragraph in this security release only backport. (people will see that in the mainline /3/ docs) --------- (cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10) (cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Illia Volochii <illia.volochii@gmail.com> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org> | 17 May 2023, 23:06:06 UTC |
425065b | Matěj Cepl | 10 May 2023, 11:43:00 UTC | [3.10] gh-102950: Implement PEP 706 – Filter for tarfile.extractall (GH-102953) (GH-104128) - Backport b52ad18a766700be14382ba222033b2d75a33521 - Backport c8c3956d905e019101038b018129a4c90c9c9b8f - Remove the DeprecationWarning - Adjust docs - Remove new `__all__` entries Co-authored-by: Petr Viktorin <encukou@gmail.com> | 10 May 2023, 11:43:00 UTC |
cfa4295 | Miss Islington (bot) | 09 May 2023, 16:46:47 UTC | [3.10] gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) (#104330) gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) * Fix directory traversal security flaw in uu.decode() * also check absolute paths and os.altsep * Add a regression test. --------- (cherry picked from commit 0aeda297931820436a50b78f4f7f0597274b5df4) [Google] Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com> | 09 May 2023, 16:46:47 UTC |
d77e77c | Miss Islington (bot) | 09 May 2023, 15:21:53 UTC | [3.10] gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) (#104119) gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- (cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a) Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com> | 09 May 2023, 15:21:53 UTC |
e277266 | Steve Dower | 27 April 2023, 21:44:07 UTC | gh-103935: Use `io.open_code()` when executing code in trace and profile modules (GH-103947) Co-authored-by: Tian Gao <gaogaotiantian@hotmail.com> | 27 April 2023, 21:44:07 UTC |
4075e01 | Ned Deily | 06 April 2023, 03:44:19 UTC | [3.10] gh-103207: Fix Welcome formatting issues when macOS Installer is run in dark mode. (GH-103304) | 06 April 2023, 03:44:19 UTC |
decf7a7 | Steve Dower | 05 April 2023, 16:02:04 UTC | gh-103262: Fixes Windows installer build to work with latest compilers (GH-103281) | 05 April 2023, 16:02:04 UTC |
18d825b | Miss Islington (bot) | 05 April 2023, 15:03:45 UTC | gh-102899: Fix doc link for getting filesystem error handler (GH-102901) (cherry picked from commit fdd0fff277a55c010a4da0a7af0e986e38560545) Co-authored-by: Olivier Gayot <olivier.gayot@sigexec.com> | 05 April 2023, 15:03:45 UTC |
8693ec2 | Miss Islington (bot) | 05 April 2023, 11:24:43 UTC | gh-81762: Clarify and simplify description of print's flush param (GH-103264) (cherry picked from commit c396b6ddf3da784349bac9ebf7f28c55bde016ea) Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> | 05 April 2023, 11:24:43 UTC |
8d4c9e5 | Pablo Galindo | 05 April 2023, 11:20:30 UTC | Merge remote-tracking branch 'upstream/3.10' into 3.10 | 05 April 2023, 11:20:30 UTC |
20f4222 | Pablo Galindo | 05 April 2023, 11:20:17 UTC | Post 3.10.11 | 05 April 2023, 11:20:17 UTC |
d76a5c6 | Miss Islington (bot) | 04 April 2023, 22:55:11 UTC | Improve some grammar in the socket docs (GH-103254) (cherry picked from commit bceb9e00ad2998e5193ad5b477e92a114dd31024) Co-authored-by: Tim Burke <tim.burke@gmail.com> | 04 April 2023, 22:55:11 UTC |
7d4cc5a | Pablo Galindo | 04 April 2023, 21:56:31 UTC | Python 3.10.11 | 04 April 2023, 21:57:15 UTC |
ec80ffe | Ned Deily | 04 April 2023, 18:42:10 UTC | [3.10] gh-103207: Add instructions to the macOS installer welcome display on how to workaround the macOS 13 Ventura “The installer encountered an error” failure. (GH-103253) | 04 April 2023, 18:42:10 UTC |
9a8ce95 | Miss Islington (bot) | 02 April 2023, 22:38:58 UTC | gh-103109: Document ignore_warnings() test support helper (GH-103110) (cherry picked from commit 32937d6aa414ec7db5c63ef277f21db1880b3af4) Co-authored-by: Charlie Zhao <zhaoyu_hit@qq.com> Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> | 02 April 2023, 22:38:58 UTC |
d58ff6a | Miss Islington (bot) | 30 March 2023, 22:58:36 UTC | Minor docs improvements fix for `codeop` (GH-103123) (cherry picked from commit c1e71ce56fdb3eab62ad3190d09130f800e54610) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com> | 30 March 2023, 22:58:36 UTC |
ba755a2 | Miss Islington (bot) | 30 March 2023, 08:41:04 UTC | gh-103099: Link mypy docs from typing.rst (GH-103100) (cherry picked from commit fda95aa19447fe444ac2670afbf98ec42aca0c6f) Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com> | 30 March 2023, 08:41:04 UTC |
3a27be7 | Miss Islington (bot) | 29 March 2023, 22:30:27 UTC | [3.10] gh-103112: Add http.client.HTTPResponse.read docstring and fix pydoc output (GH-103113) (#103120) (cherry picked from commit d052a383f1a0c599c176a12c73a761ca00436d8b) Co-authored-by: Bernhard Wagner <github.comNotification20120125@xmlizer.net> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> Co-authored-by: Éric <merwok@netwok.org> | 29 March 2023, 22:30:27 UTC |
4abf1f1 | Steve Dower | 29 March 2023, 14:33:39 UTC | gh-103097: Add workaround for Windows ARM64 compiler bug (GH-103098) See https://developercommunity.visualstudio.com/t/Regression-in-MSVC-1433-1434-ARM64-co/10224361 for details of the issue. It only applies to version 14.34. | 29 March 2023, 14:33:39 UTC |
473fd7b | Miss Islington (bot) | 29 March 2023, 09:05:29 UTC | [3.10] gh-102582: Fix invalid JSON in Doc/howto/logging-cookbook.rst (GH-102635) (GH-103107) (cherry picked from commit d835b3f05de7e2d800138e5969eeb9656b0ed860) Co-authored-by: Matěj Cepl <mcepl@cepl.eu> | 29 March 2023, 09:05:29 UTC |
5ae5ea8 | Miss Islington (bot) | 28 March 2023, 12:13:37 UTC | [3.10] GH-87235: Make sure "python /dev/fd/9 9</path/to/script.py" works on macOS (GH-99768) (#99817) On macOS all file descriptors for a particular file in /dev/fd share the same file offset, that is ``open("/dev/fd/9", "r")`` behaves more like ``dup(9)`` than a regular open. This causes problems when a user tries to run "/dev/fd/9" as a script because zipimport changes the file offset to try to read a zipfile directory. Therefore change zipimport to reset the file offset after trying to read the zipfile directory. (cherry picked from commit d08fb257698e3475d6f69bb808211d39e344e5b2) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> * Regen zipimport --------- Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> | 28 March 2023, 12:13:37 UTC |
aae84a0 | Miss Islington (bot) | 28 March 2023, 09:27:41 UTC | [3.10] GH-102711: Fix warnings found by clang (GH-102712) (#103076) There are some warnings if build python via clang: Parser/pegen.c:812:31: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] _PyPegen_clear_memo_statistics() ^ void Parser/pegen.c:820:29: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] _PyPegen_get_memo_statistics() ^ void Fix it to make clang happy. (cherry picked from commit 7703def37e4fa7d25c3d23756de8f527daa4e165) Signed-off-by: Chenxi Mao <chenxi.mao@suse.com> Co-authored-by: Chenxi Mao <chenxi.mao@suse.com> | 28 March 2023, 09:27:41 UTC |
d445147 | Miss Islington (bot) | 28 March 2023, 08:58:51 UTC | [3.10] gh-88233: zipfile: handle extras after a zip64 extra (GH-96161) (#102087) Previously, any data _after_ the zip64 extra would be removed. With many new tests. Fixes GH-88233 (cherry picked from commit 59e86caca812fc993c5eb7dc8ccd1508ffccba86) Co-authored-by: Tim Hatch <tim@timhatch.com> | 28 March 2023, 08:58:51 UTC |
3288923 | Pradyun Gedam | 28 March 2023, 08:57:55 UTC | [3.10] gh-101997: Update bundled pip version to 23.0.1 (GH-101998). (#102241) (cherry picked from commit 89d9ff0f48c51a85920c7372a7df4a2204e32ea5) | 28 March 2023, 08:57:55 UTC |
b5bf6c1 | Miss Islington (bot) | 27 March 2023, 14:14:24 UTC | [3.10] GH-95494: Fix transport EOF handling in OpenSSL 3.0 (GH-95495) (#103007) GH-25309 enabled SSL_OP_IGNORE_UNEXPECTED_EOF by default, with a comment that it restores OpenSSL 1.1.1 behavior, but this wasn't quite right. That option causes OpenSSL to treat transport EOF as the same as close_notify (i.e. SSL_ERROR_ZERO_RETURN), whereas Python actually has distinct SSLEOFError and SSLZeroReturnError exceptions. (The latter is usually mapped to a zero return from read.) In OpenSSL 1.1.1, the ssl module would raise them for transport EOF and close_notify, respectively. In OpenSSL 3.0, both act like close_notify. Fix this by, instead, just detecting SSL_R_UNEXPECTED_EOF_WHILE_READING and mapping that to the other exception type. There doesn't seem to have been any unit test of this error, so fill in the missing one. This had to be done with the BIO path because it's actually slightly tricky to simulate a transport EOF with Python's fd based APIs. (If you instruct the server to close the socket, it gets confused, probably because the server's SSL object is still referencing the now dead fd?) (cherry picked from commit 420bbb783b43216cc897dc8914851899db37a31d) Co-authored-by: David Benjamin <davidben@google.com> | 27 March 2023, 14:14:24 UTC |
ae8a721 | Miss Islington (bot) | 25 March 2023, 21:38:26 UTC | Update pdb docs for arguments (GH-102965) (cherry picked from commit 027223db96b0464c49a74513f82a1bf25aa510bd) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com> | 25 March 2023, 21:38:26 UTC |
db5bf52 | Miss Islington (bot) | 25 March 2023, 10:00:03 UTC | [3.10] gh-103025: fix a ctypes doc typo (GH-103026) (#103030) * gh-103025: fix two ctypes doc issues (GH-103026) (cherry picked from commit 0708437ad043657f992cb985fd5c37e1ac052f93) | 25 March 2023, 10:00:03 UTC |
7513c6b | Hugo van Kemenade | 25 March 2023, 07:44:05 UTC | [3.10] gh-101100: Document PyObject_ClearWeakRefs and gzip's name (#103002) | 25 March 2023, 07:44:05 UTC |
d3b4d3a | Miss Islington (bot) | 24 March 2023, 21:09:11 UTC | gh-102980: Add tests for pdf's display, alias and where commands (GH-102981) (cherry picked from commit ded9a7fc194a1d5c0e38f475a45f8f77dbe9c6bc) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com> | 24 March 2023, 21:09:11 UTC |
cbffc3a | Miss Islington (bot) | 24 March 2023, 15:07:46 UTC | gh-102873: logging.LogRecord docs: improve description of `msg` parameter (GH-102875) (cherry picked from commit f2e5a6ee628502d307a97f587788d7022a200229) Co-authored-by: Amin Alaee <mohammadamin.alaee@gmail.com> Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> | 24 March 2023, 15:07:46 UTC |
581dd8c | Miss Islington (bot) | 24 March 2023, 12:40:32 UTC | [3.10] gh-102027: Fix macro name (GH-102124) (#102917) gh-102027: Fix macro name (GH-102124) This fixes the ssse3 / sse2 detection when sse4 is available. (cherry picked from commit ea93bde4ece139d4152a59f2c38aa6568559447c) Co-authored-by: Max Bachmann <kontakt@maxbachmann.de> Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net> | 24 March 2023, 12:40:32 UTC |
0a2b63f | Miss Islington (bot) | 24 March 2023, 12:33:32 UTC | [3.10] gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers (GH-96932) (#102919) gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers (GH-96932) (cherry picked from commit af9c34f6ef8dceb21871206eb3e4d350f6e3d3dc) Co-authored-by: Benjamin Fogle <benfogle@gmail.com> | 24 March 2023, 12:33:32 UTC |
206c2b1 | Miss Islington (bot) | 24 March 2023, 01:10:34 UTC | GH-100989: Revert Improve the accuracy of collections.deque docstrings (GH-102979) (cherry picked from commit 7f01a11199864bcf230b243b99e8a51e9044675d) Co-authored-by: Raymond Hettinger <rhettinger@users.noreply.github.com> | 24 March 2023, 01:10:34 UTC |
77e54fe | Miss Islington (bot) | 23 March 2023, 19:41:50 UTC | gh-98239: Document that `inspect.getsource()` can raise `TypeError` (GH-101689) (cherry picked from commit b6132085ca5418f714eff6e31d1d03369d3fd1d9) Co-authored-by: Nikita Sobolev <mail@sobolevn.me> | 23 March 2023, 19:41:50 UTC |
6c667d0 | Miss Islington (bot) | 23 March 2023, 18:28:11 UTC | gh-102936: typing: document performance pitfalls of protocols decorated with `@runtime_checkable` (GH-102937) (cherry picked from commit 58d2b30c012c3a9fe5ab747ae47c96af09e0fd15) Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> | 23 March 2023, 18:28:11 UTC |
4531fd0 | Alex Waygood | 23 March 2023, 15:13:05 UTC | [3.10] gh-102947: Improve traceback when calling `fields()` on a non-dataclass (#102948) (#102954) | 23 March 2023, 15:13:05 UTC |
100da7c | Miss Islington (bot) | 22 March 2023, 12:39:45 UTC | gh-100989: Improve the accuracy of collections.deque docstrings (GH-100990) (cherry picked from commit c74073657e32b8872f91b3bbe1efa9af20adbea9) Co-authored-by: Timo Ludwig <ti.ludwig@web.de> Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> | 22 March 2023, 12:39:45 UTC |
3c2a7bb | Miss Islington (bot) | 22 March 2023, 11:59:56 UTC | Docs: improve accuracy of sqlite3.Connection.interrupt() (GH-102904) (cherry picked from commit 7b2d53daccf5a6479e179535068fd9a841db44fc) Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com> Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> | 22 March 2023, 11:59:56 UTC |
2e0505a | Miss Islington (bot) | 22 March 2023, 11:49:32 UTC | Docs: improve the accuracy of the sqlite3.connect() timeout param (GH-102900) (cherry picked from commit c24f1f1e874c283bb11d8b9fbd661536ade19fe9) Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com> Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> | 22 March 2023, 11:49:32 UTC |
00b5060 | Miss Islington (bot) | 22 March 2023, 11:41:54 UTC | Docs: improve accuracy of pdb alias example (GH-102892) (cherry picked from commit e0c63b72671bf816d3073f1a6a9107f6c171cae7) Co-authored-by: gaogaotiantian <gaogaotiantian@hotmail.com> | 22 March 2023, 11:41:54 UTC |
eaafea8 | Miss Islington (bot) | 22 March 2023, 09:32:08 UTC | gh-102595: Document `PyObject_Format` c-api function (GH-102596) (cherry picked from commit 910a64e3013bce821bfac75377cbe88bedf265de) Co-authored-by: Nikita Sobolev <mail@sobolevn.me> Def: https://github.com/python/cpython/blame/5ffdaf748d98da6065158534720f1996a45a0072/Include/abstract.hGH-L389 | 22 March 2023, 09:32:08 UTC |
21b9402 | Miss Islington (bot) | 21 March 2023, 22:05:32 UTC | Add link to `sys.exit` function documentation (GH-102805) * Add link to `sys.exit` function documentation * Update Doc/library/os.rst Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com> * Update Doc/library/os.rst Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> --------- (cherry picked from commit 41ef502d740b96ca6333a2d0202df7cce4a84e7d) Co-authored-by: David Poirier <1152277+david-poirier@users.noreply.github.com> Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com> Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM> | 21 March 2023, 22:05:32 UTC |
d5fdc3f | Miss Islington (bot) | 21 March 2023, 19:10:36 UTC | gh-98608: Fix Failure-handling in new_interpreter() (gh-102658) The error-handling code in new_interpreter() has been broken for a while. We hadn't noticed because those code mostly doesn't fail. (I noticed while working on gh-101660.) The problem is that we try to clear/delete the newly-created thread/interpreter using itself, which just failed. The solution is to switch back to the calling thread state first. (cherry picked from commit d1b883b52a99427d234c20e4a92ddfa6a1da8880) Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com> https: //github.com/python/cpython/issues/98608 | 21 March 2023, 19:10:36 UTC |
e732a85 | Nikita Sobolev | 17 March 2023, 20:11:58 UTC | [3.10] gh-102721: Improve coverage of `_collections_abc._CallableGenericAlias` (GH-102790) This is a manual backport of https://github.com/python/cpython/pull/102722 but without `typing.py` changes and without `TypeVarTuple` case, because it was added in 3.11 Automerge-Triggered-By: GH:AlexWaygood | 17 March 2023, 20:11:58 UTC |
744a41b | Steve Dower | 17 March 2023, 11:37:56 UTC | Increase stack reserve size for Windows debug builds to avoid test crashes (GH-102776) | 17 March 2023, 11:37:56 UTC |
99b38be | Miss Islington (bot) | 16 March 2023, 20:43:03 UTC | [3.10] Fix outdated note about 'int' rounding or truncating (GH-102736) (#102767) Fix outdated note about 'int' rounding or truncating (GH-102736) (cherry picked from commit 405739f9166592104a5b0b945de92e28415ae972) Co-authored-by: Mark Dickinson <dickinsm@gmail.com> | 16 March 2023, 20:43:03 UTC |
9781240 | Miss Islington (bot) | 16 March 2023, 05:08:11 UTC | gh-94440: Fix issue of ProcessPoolExecutor shutdown hanging (GH-94468) Fix an issue of concurrent.futures ProcessPoolExecutor shutdown hanging. (cherry picked from commit 2dc94634b50f0e5e207787e5ac1d56c68b22c3ae) Co-authored-by: yonatanp <yonatan.perry@gmail.com> Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> | 16 March 2023, 05:08:11 UTC |