| 1f97973 | Ned Deily | 04 September 2021, 03:49:21 UTC | 3.7.12 | 04 September 2021, 03:49:21 UTC |
| 79101b8 | Łukasz Langa | 31 August 2021, 05:11:53 UTC | [3.7] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>. (cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d) | 31 August 2021, 05:11:53 UTC |
| d2cc04c | Miss Islington (bot) | 30 August 2021, 19:16:24 UTC | [3.7] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-28037) Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 0897253f426068ea6a6fbe0ada01689af9ef1019) | 30 August 2021, 19:16:24 UTC |
| e9b85af | Miss Islington (bot) | 30 August 2021, 18:48:04 UTC | bpo-45001: Make email date parsing more robust against malformed input (GH-27946) (GH-27975) Various date parsing utilities in the email module, such as email.utils.parsedate(), are supposed to gracefully handle invalid input, typically by raising an appropriate exception or by returning None. The internal email._parseaddr._parsedate_tz() helper used by some of these date parsing routines tries to be robust against malformed input, but unfortunately it can still crash ungracefully when a non-empty but whitespace-only input is passed. This manifests as an unexpected IndexError. In practice, this can happen when parsing an email with only a newline inside a ‘Date:’ header, which unfortunately happens occasionally in the real world. Here's a minimal example: $ python Python 3.9.6 (default, Jun 30 2021, 10:22:16) [GCC 11.1.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import email.utils >>> email.utils.parsedate('foo') >>> email.utils.parsedate(' ') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate t = parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz res = _parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz if data[0].endswith(',') or data[0].lower() in _daynames: IndexError: list index out of range The fix is rather straight-forward: guard against empty lists, after splitting on whitespace, but before accessing the first element. (cherry picked from commit 989f6a3800f06b2bd31cfef7c3269a443ad94fac) Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee> | 30 August 2021, 18:48:04 UTC |
| 041bfaf | Ned Deily | 05 July 2021, 23:46:32 UTC | Fix Sphinx directive typo in 3.7.11 changelog. | 05 July 2021, 23:46:32 UTC |
| 16ef0f9 | Ned Deily | 28 June 2021, 18:33:52 UTC | Post release updates | 28 June 2021, 18:33:52 UTC |
| 9da28d2 | Ned Deily | 28 June 2021, 16:51:36 UTC | 3.7.11 | 28 June 2021, 16:51:36 UTC |
| fee9642 | Miss Islington (bot) | 03 June 2021, 04:23:40 UTC | bpo-44022: Improve the regression test. (GH-26503) (GH-26507) It wasn't actually detecting the regression due to the assertion being too lenient. (cherry picked from commit e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc) Co-authored-by: Gregory P. Smith <greg@krypto.org> | 03 June 2021, 04:23:40 UTC |
| c723d51 | Senthil Kumaran | 20 May 2021, 20:15:01 UTC | [3.7] bpo-43882 - Mention urllib.parse changes in Whats New section for 3.7.11 (GH-26267) Co-authored-by: Gregory P. Smith <greg@krypto.org> | 20 May 2021, 20:15:01 UTC |
| 1beae7e | Zachary Ware | 07 May 2021, 19:36:32 UTC | [3.7] bpo-40297: Fix test_socket.CANTest.testSendFrame (GH-25960) | 07 May 2021, 19:36:32 UTC |
| 078b146 | Miss Islington (bot) | 06 May 2021, 17:10:13 UTC | bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) (GH-25934) Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response. Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit 47895e31b6f626bc6ce47d175fe9d43c1098909d) Co-authored-by: Gen Xu <xgbarry@gmail.com> | 06 May 2021, 17:10:13 UTC |
| f4dac7e | Miss Islington (bot) | 06 May 2021, 16:52:36 UTC | [3.7] bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. (GH-25923) Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 76cd81d60310d65d01f9d7b48a8985d8ab89c8b4) Co-authored-by: Senthil Kumaran <senthil@uthcode.com> (cherry picked from commit 515a7bc4e13645d0945b46a8e1d9102b918cd407) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 06 May 2021, 16:52:36 UTC |
| ada1499 | Miss Islington (bot) | 04 May 2021, 12:46:40 UTC | bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391) (#25249) Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. (cherry picked from commit 7215d1ae25525c92b026166f9d5cac85fb1defe1) Co-authored-by: Yeting Li <liyt@ios.ac.cn> | 04 May 2021, 12:46:40 UTC |
| 512742d | Miss Islington (bot) | 03 May 2021, 20:26:18 UTC | bpo-41561: Fix testing with OpenSSL 1.0.2 (GH-25355) (GH-25858) Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 3447750073aff229b049e4ccd6217db2811dcfd1) Co-authored-by: Christian Heimes <christian@python.org> | 03 May 2021, 20:26:18 UTC |
| 64be96a | Christian Heimes | 03 May 2021, 19:58:38 UTC | [3.7] bpo-41561: Add workaround for Ubuntu's custom security level (GH-24915) (GH-24928) Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level 2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow TLS 1.0 and 1.1 on security level 2. See: See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625 Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit f6c6b5821bff815bdc810de53992fd1fbdb2edd4) Co-authored-by: Christian Heimes <christian@python.org> | 03 May 2021, 19:58:38 UTC |
| 2f01c56 | Pablo Galindo | 29 March 2021, 23:24:17 UTC | [3.7] bpo-43660: Fix crash when displaying exceptions with custom values for sys.stderr (GH-25075). (GH-25085) (cherry picked from commit 09b90a037d18f5d4acdf1b14082e57bda78e85d3) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> | 29 March 2021, 23:24:17 UTC |
| 7c2284f | Miss Islington (bot) | 29 March 2021, 15:39:05 UTC | bpo-42988: Remove the pydoc getfile feature (GH-25015) (#25066) CVE-2021-3426: Remove the "getfile" feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. (cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048) Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Victor Stinner <vstinner@python.org> | 29 March 2021, 15:39:05 UTC |
| 7937395 | Miss Islington (bot) | 16 March 2021, 21:19:55 UTC | [3.7] bpo-43285 Make ftplib not trust the PASV response. (GH-24838) (GH-24881) (GH-24883) The IPv4 address value returned from the server in response to the PASV command should not be trusted. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Instead of using the returned address, we use the IP address we're already connected to. This is the strategy other ftp clients adopted, and matches the only strategy available for the modern IPv6 EPSV command where the server response must return a port number and nothing else. For the rare user who _wants_ this ugly behavior, set a `trust_server_pasv_ipv4_address` attribute on your `ftplib.FTP` instance to True.. (cherry picked from commit 0ab152c6b5d95caa2dc1a30fa96e10258b5f188e) Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit 664d1d16274b47eea6ec92572e1ebf3939a6fa0c) | 16 March 2021, 21:19:55 UTC |
| a99860e | Miss Islington (bot) | 03 March 2021, 17:24:05 UTC | Pin test runner to Ubuntu 18 to un-break CI (GH-24715) (GH-24716) (cherry picked from commit 94894dd45e4bad6efb27eac4497b24cdc18b3e2d) Co-authored-by: Brandt Bucher <brandt@python.org> Co-authored-by: Brandt Bucher <brandt@python.org> | 03 March 2021, 17:24:05 UTC |
| 30927fa | Guanzhong Chen | 26 February 2021, 10:28:43 UTC | [3.7] bpo-43293: Doc: move note about GIL to top of threading module (GH-24622) (#24642) The note about the GIL was buried pretty deep in the threading documentation, and this made it hard for first time users to discover why their attempts at using threading to parallelizing their application did not work. In this commit, the note is moved to the top of the module documention for visibility.. (cherry picked from commit 32181be6081f6c70a1e0bd0540050805c8e88e83) Co-authored-by: Guanzhong Chen <quantum2048@gmail.com> | 26 February 2021, 10:28:43 UTC |
| 37ba753 | Ned Deily | 16 February 2021, 05:00:11 UTC | Post release updates | 16 February 2021, 05:00:11 UTC |
| 9b2dd1f | Ned Deily | 16 February 2021, 01:29:22 UTC | 3.7.10 | 16 February 2021, 01:29:22 UTC |
| b61b20d | Miss Islington (bot) | 16 February 2021, 00:58:05 UTC | Add a warning block around the get_referrers() documentation (GH-24511) (GH-24544) (cherry picked from commit 813db24f7c2c536d587d1832c3c52b44fa9e242e) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> | 16 February 2021, 00:58:05 UTC |
| d0d4d30 | Senthil Kumaran | 15 February 2021, 18:34:14 UTC | [3.7] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24531) bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com> (cherry picked from commit fcbe0cb04d35189401c0c880ebfb4311e952d776) | 15 February 2021, 18:34:14 UTC |
| d9b8f13 | Benjamin Peterson | 18 January 2021, 21:24:02 UTC | [3.7] closes bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs. (GH-24249) (cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) Co-authored-by: Benjamin Peterson <benjamin@python.org> | 18 January 2021, 21:24:02 UTC |
| 117830d | Miss Islington (bot) | 01 January 2021, 18:40:58 UTC | Bring Python into the new year. (GH-24036) (GH-24052) (cherry picked from commit de6f20a6de48d63066b2cf5b317f50629f01d74a) Co-authored-by: Dong-hee Na <donghee.na@python.org> | 01 January 2021, 18:40:58 UTC |
| 8200ee6 | Miss Islington (bot) | 01 January 2021, 18:37:35 UTC | bpo-42794: Update test_nntplib to use offical group name for testing (GH-24037) (GH-24041) (cherry picked from commit ec3165320e81ac87edcb85c86c452528ddbaec1c) Co-authored-by: Dong-hee Na <donghee.na@python.org> | 01 January 2021, 18:37:35 UTC |
| 00278d4 | Miss Islington (bot) | 18 December 2020, 18:38:49 UTC | bpo-17140: Document multiprocessing's ThreadPool (GH-23812) (GH-23836) Up until now, the `multiprocessing.pool.ThreadPool` class has gone undocumented, despite being a public class in multiprocessing that is included in `multiprocessing.pool.__all__`. (cherry picked from commit 84ebcf271a2cc8bfd1762acb279502b8b6ef236e) Co-authored-by: Matt Wozniski <mwozniski@bloomberg.net> | 18 December 2020, 18:38:49 UTC |
| 47f075d | Benjamin Peterson | 01 December 2020, 15:05:57 UTC | [3.7] Bumps [actions/cache](https://github.com/actions/cache) from v1 to v2.1.3. (GH-23596) * build(deps): bump actions/cache from v2.1.2 to v2.1.3 (23582) Bumps [actions/cache](https://github.com/actions/cache) from v2.1.2 to v2.1.3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2.1.2...0781355a23dac32fd3bac414512f4b903437991a) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit a43fea88577c460eed7cc92a37b5fce787d6aab1) * [3.7] build(deps): bump actions/cache from v2.1.2 to v2.1.3 (23582) Bumps [actions/cache](https://github.com/actions/cache) from v2.1.2 to v2.1.3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2.1.2...0781355a23dac32fd3bac414512f4b903437991a) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>. (cherry picked from commit a43fea88577c460eed7cc92a37b5fce787d6aab1) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 01 December 2020, 15:05:57 UTC |
| db95802 | Miss Islington (bot) | 22 November 2020, 17:33:09 UTC | bpo-40791: Make compare_digest more constant-time. (GH-23438) The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization. (This is change GH-1 from https://bugs.python.org/issue40791 .) (cherry picked from commit 31729366e2bc09632e78f3896dbce0ae64914f28) Co-authored-by: Devin Jeanpierre <jeanpierreda@google.com> | 22 November 2020, 17:33:09 UTC |
| 9ae1742 | Steve Dower | 18 November 2020, 18:01:52 UTC | [3.7] bpo-42336: Improve PCbuild batch files (GH-23325) (GH-23373) * bpo-42336: Improve PCbuild batch files (GH-23325) * Remove ARM platforms | 18 November 2020, 18:01:52 UTC |
| 225e365 | Serhiy Storchaka | 10 November 2020, 19:54:15 UTC | [3.7] bpo-42103: Improve validation of Plist files. (GH-22882) (#23117) * Prevent some possible DoS attacks via providing invalid Plist files with extremely large number of objects or collection sizes. * Raise InvalidFileException for too large bytes and string size instead of returning garbage. * Raise InvalidFileException instead of ValueError for specific invalid datetime (NaN). * Raise InvalidFileException instead of TypeError for non-hashable dict keys. * Add more tests for invalid Plist files.. (cherry picked from commit 34637a0ce21e7261b952fbd9d006474cc29b681f) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 10 November 2020, 19:54:15 UTC |
| dd28047 | larryhastings | 22 October 2020, 14:30:11 UTC | [3.7] Remove 3.5 from Doc version switcher in master. (GH-22886) (#22890) (cherry picked from commit 283f9a253b4ff4df728558205629b3bb3af6e47f) | 22 October 2020, 14:30:11 UTC |
| 43e5231 | Miss Skeleton (bot) | 20 October 2020, 02:38:40 UTC | bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests (GH-22566) (GH-22578) (cherry picked from commit 2ef5caa58febc8968e670e39e3d37cf8eef3cab8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 20 October 2020, 02:38:40 UTC |
| e512bc7 | Ned Deily | 20 October 2020, 02:36:27 UTC | bpo-42051: Reject XML entity declarations in plist files (#22760) (GH-22801) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> | 20 October 2020, 02:36:27 UTC |
| 9b5a023 | Pablo Galindo | 08 October 2020, 18:50:37 UTC | [3.7] bpo-41976: Fix the fallback to gcc of ctypes.util.find_library when using gcc>9 (GH-22598). (GH-22601) (cherry picked from commit 27ac19cca2c639caaf6fedf3632fe6beb265f24f) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> | 08 October 2020, 18:50:37 UTC |
| 4e02981 | Ned Deily | 17 August 2020, 22:18:11 UTC | Post release updates | 17 August 2020, 22:18:11 UTC |
| 13c9474 | Ned Deily | 15 August 2020, 05:20:16 UTC | 3.7.9 | 15 August 2020, 05:20:16 UTC |
| a0ad829 | Ned Deily | 15 August 2020, 03:48:14 UTC | bpo-41100: additional fixes for testing on macOS 11 Big Sur Intel Note: macOS 11 is not yet released, this release of Python is not fully supported on 11.0, and not all tests pass. | 15 August 2020, 05:08:56 UTC |
| cf79cbf | Miss Islington (bot) | 14 August 2020, 09:44:00 UTC | bpo-33786: Fix asynchronous generators to handle GeneratorExit in athrow() (GH-7467) (GH-21878) (cherry picked from commit 52698c7ad9eae9feb35839fde17a7d1da8036a9b) Co-authored-by: Yury Selivanov <yury@magic.io> | 14 August 2020, 09:44:00 UTC |
| f3b6f3c | Miss Islington (bot) | 12 August 2020, 10:53:13 UTC | bpo-41455: Provide a link to how the third generation is collected in the GC docs (GH-21703) (GH-21788) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> (cherry picked from commit 82ca8fada15b121866530f2cdac1b7055be4a244) Co-authored-by: Yaroslav Pankovych <31005942+P-Alban@users.noreply.github.com> | 12 August 2020, 10:53:13 UTC |
| a8ad127 | Miss Islington (bot) | 12 August 2020, 10:36:20 UTC | bpo-41475: Fix note in "What's new in 3.7" (GH-21733) (GH-21835) (cherry picked from commit 76643c10ede2813ca921464fe839e81caee21a84) Co-authored-by: Ram Rachum <ram@rachum.com> | 12 August 2020, 10:36:20 UTC |
| ca75fec | Miss Islington (bot) | 19 July 2020, 09:27:35 UTC | bpo-39603: Prevent header injection in http methods (GH-18485) (GH-21538) reject control chars in http method in http.client.putrequest to prevent http header injection (cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e) Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com> | 19 July 2020, 09:27:35 UTC |
| eb0d255 | Miss Islington (bot) | 18 July 2020, 09:00:57 UTC | bpo-41304: Update NEWS to include CVE-2020-15801 reference (GH-21521) (GH-21524) (cherry picked from commit 164b04c47e61bd35d55e61bc74f9fd646eba81bb) Co-authored-by: Steve Dower <steve.dower@python.org> | 18 July 2020, 09:00:57 UTC |
| 4bfcffe | Steve Dower | 15 July 2020, 22:24:56 UTC | bpo-41304: Ensure python3x._pth is loaded on Windows (GH-21495) (#21499) | 15 July 2020, 22:24:56 UTC |
| 79c6b60 | Miss Islington (bot) | 15 July 2020, 12:35:08 UTC | bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (GH-21484) Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). (cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4) Co-authored-by: Rishi <rishi_devan@mail.com> | 15 July 2020, 12:35:08 UTC |
| 620e276 | Miss Islington (bot) | 13 July 2020, 18:17:01 UTC | bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) (GH-21461) Automerge-Triggered-By: @tiran (cherry picked from commit 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> | 13 July 2020, 18:17:01 UTC |
| c8c818b | Miss Islington (bot) | 08 July 2020, 04:55:36 UTC | closes bpo-41235: Fix the error handling in SSLContext.load_dh_params() (GH-21389) (cherry picked from commit aebc0495572c5bb85d2bd97d27cf93ab038b5a6a) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 08 July 2020, 04:55:36 UTC |
| 110dd15 | Steve Dower | 06 July 2020, 17:24:59 UTC | [3.7] bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (GH-21297) (#21298) * bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded. * Add CVE number | 06 July 2020, 17:24:59 UTC |
| b98e779 | Tapas Kundu | 30 June 2020, 19:20:21 UTC | [3.7] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (GH-21231) CVE-2020-14422 The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation (cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) Co-authored-by: Ravi Teja P <rvteja92@gmail.com> Signed-off-by: Tapas Kundu <tkundu@vmware.com> | 30 June 2020, 19:20:21 UTC |
| 4fdc175 | Ned Deily | 28 June 2020, 11:19:53 UTC | Post release updates | 28 June 2020, 11:19:53 UTC |
| 4b47a5b | Ned Deily | 27 June 2020, 08:35:53 UTC | 3.7.8 | 27 June 2020, 08:35:53 UTC |
| cfbc759 | Miss Islington (bot) | 25 June 2020, 15:15:52 UTC | BPO-41100: Support macOS 11 when building (GH-21113) (GH-21155) (cherry picked from commit 8ea6353f60625c96ce96588c70ff24a77f8c71f9) Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> | 25 June 2020, 15:15:52 UTC |
| d3798ed | Christian Heimes | 25 June 2020, 12:11:13 UTC | [3.7] bpo-41009: fix requires_OS_version() class decorator (GH-20942) (GH-20949) Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran. (cherry picked from commit bb6ec14479f18c32e71e43f2785f177aa17aabbd) Co-authored-by: Christian Heimes <christian@python.org> | 25 June 2020, 12:11:13 UTC |
| 934c1fa | Ned Deily | 25 June 2020, 10:27:57 UTC | Update macOS installer reader for 3.7.8 | 25 June 2020, 10:27:57 UTC |
| e41eced | Ned Deily | 25 June 2020, 07:41:19 UTC | Fix macOS installer build typos | 25 June 2020, 07:47:27 UTC |
| febe382 | Ned Deily | 18 June 2020, 03:49:37 UTC | Post release update | 18 June 2020, 03:49:37 UTC |
| 5f3933d | Ned Deily | 17 June 2020, 08:48:12 UTC | 3.7.8rc1 | 17 June 2020, 08:48:12 UTC |
| 0d70a98 | Ned Deily | 17 June 2020, 08:27:55 UTC | bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile | 17 June 2020, 08:27:55 UTC |
| 95b208f | Ned Deily | 17 June 2020, 07:49:24 UTC | Update missed Python.app copyright. | 17 June 2020, 07:49:24 UTC |
| 26e228a | Ned Deily | 17 June 2020, 07:33:05 UTC | Update macOS Python Launcher defaults to python3. | 17 June 2020, 07:33:05 UTC |
| 966036a | Ned Deily | 17 June 2020, 07:18:55 UTC | bpo-39580: add check for CLI installation on macOS Adds a simple check for whether or not the package is being installed in the GUI or using installer on the command line. This addresses an issue where CLI-based software management tools (such as Munki) unexpectedly open Finder windows into a GUI session during installation runs. | 17 June 2020, 07:18:55 UTC |
| 9f4eec0 | Ned Deily | 17 June 2020, 04:19:32 UTC | Update the macOS installer build scripts Change includes to fix building with Python 3.x and to build correctly on newer macOS systems with SIP. | 17 June 2020, 04:55:54 UTC |
| 62855d5 | Ned Deily | 17 June 2020, 01:57:09 UTC | Synchronize macOS installer with 3.9 | 17 June 2020, 01:57:09 UTC |
| 678ffc4 | Miss Islington (bot) | 15 June 2020, 22:01:19 UTC | bpo-38488: Upgrade bundled versions of pip & setuptools (GH-20491) (GH-20900) Co-authored-by: Xavier Fernandez <xav.fernandez@gmail.com> (cherry picked from commit e63cc2f64668bd1d4581f8efa7089af7e08863b8) Co-authored-by: Ned Deily <nad@python.org> | 15 June 2020, 22:01:19 UTC |
| b46beb2 | Miss Islington (bot) | 15 June 2020, 17:44:34 UTC | bpo-40448: ensurepip: Do not use cache (GH-19812) ensurepip optionally installs or upgrades 'pip' and 'setuptools' using the version of those modules bundled with Python. The internal PIP installation routine by default temporarily uses its cache, if it exists. This is undesirable as Python builds and installations may be independent of the user running the build, whilst PIP cache location is dependent on the user's environment and outside of the build environment. At the same time, there's no value in using the cache while installing bundled modules. This change disables PIP caching when used in ensurepip. (cherry picked from commit 4a3a682b12f93a03888e8b59f439bc5fe30d6055) Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com> | 15 June 2020, 17:44:34 UTC |
| aa83935 | Miss Islington (bot) | 15 June 2020, 15:33:32 UTC | [3.7] bpo-34226: fix cgi.parse_multipart without content_length (GH-8530) (GH-20892) In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH header, this fix remove this header as required and fix FieldStorage read_lines_to_outerboundary, by not using limit when it's negative, since by default it's -1 if not content-length and keeps substracting what was read from the file object. Also added a test case for this problem. (cherry picked from commit d8cf3514dd4682419a66f6e834bb384ee34afc95) Co-authored-by: roger <rogerduran@gmail.com> Automerge-Triggered-By: @ned-deily | 15 June 2020, 15:33:32 UTC |
| e1ca0c5 | Miss Islington (bot) | 13 June 2020, 20:56:10 UTC | [3.7] bpo-37674: Tweak imp module deprecation note in the docs (GH-20480) (GH-20861) (cherry picked from commit dea3223740127ac13f984c1d38f127ab6701af44) Co-authored-by: Zackery Spytz <zspytz@gmail.com> Automerge-Triggered-By: @brettcannon | 13 June 2020, 20:56:10 UTC |
| 617af99 | Steve Dower | 12 June 2020, 21:15:27 UTC | bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834) Co-authored-by: Srinivas Reddy Thatiparthy (శ్రీనివాస్ రెడ్డి తాటిపర్తి) <thatiparthysreenivas@gmail.com> | 12 June 2020, 21:15:27 UTC |
| 0abb70e | Christian Heimes | 12 June 2020, 18:54:03 UTC | bpo-40964: disable remote IMAP tests (GH-20836) Remote host cyrus.andrew.cmu.edu is blocking incoming connections and is causing test suite to fail. Signed-off-by: Christian Heimes <christian@python.org> | 12 June 2020, 19:10:43 UTC |
| ebd4400 | Miss Islington (bot) | 11 June 2020, 21:48:47 UTC | bpo-40025: Require _generate_next_value_ to be defined before members (GH-19762) require `_generate_next_value_` to be defined before members (cherry picked from commit d9a43e20facdf4ad10186f820601c6580e1baa80) | 11 June 2020, 21:48:47 UTC |
| f881c86 | Miss Islington (bot) | 11 June 2020, 18:34:42 UTC | bpo-29620: iterate over a copy of sys.modules (GH-4800) (GH-20817) unittest.TestCase.assertWarns no longer raises a RuntimeException when accessing a module's ``__warningregistry__`` causes importation of a new module, or when a new module is imported in another thread. (cherry picked from commit 46398fba4d66ad342cf2504ef947b5fb857423b2) Co-authored-by: kernc <kerncece@gmail.com> | 11 June 2020, 18:34:42 UTC |
| 0490398 | Antoine Pitrou | 10 June 2020, 20:37:21 UTC | [3.7] bpo-40895: Update weakref documentation to remove old warnings (GH-20687) (GH-20793) The doccumentation at https://docs.python.org/3.10/library/weakref.html cautions that the `WeakKeyDictionary` and `WeakValueDictionary` are susceptible to the problem of dictionary mutation during iteration. These notes present the user with a problem that has no easy solution. I dug into the implementation and found that fortunately, Antoine Pitrou already addressed this challenge (10 years ago!) by introducing an `_IterationGuard` context manager to the implementation, which delays mutation while an iteration is in progress. I asked for confirmation and @pitrou agreed that these notes could be removed: https://github.com/python/cpython/commit/c1baa601e2b558deb690edfdf334fceee3b03327GH-commitcomment-39514438. (cherry picked from commit 1642c0ef750f96664a98cadb09301d492098d2fb) Co-authored-by: Daniel Fortunov <asqui@users.noreply.github.com> Automerge-Triggered-By: @pitrou | 10 June 2020, 20:37:21 UTC |
| 4b378ac | Miss Islington (bot) | 09 June 2020, 12:39:01 UTC | Add quotes to code to be a string | 09 June 2020, 12:39:01 UTC |
| 22faf6a | Stefan Krah | 08 June 2020, 23:55:47 UTC | [3.7] Revert bpo-39576: Prevent memory error for overly optimistic precisions (GH-20748) This reverts commit c6f95543b4832c3f0170179da39bcf99b40a7aa8. | 08 June 2020, 23:55:47 UTC |
| 9bd8919 | Stefan Krah | 08 June 2020, 23:34:03 UTC | [3.7] Revert bpo-39576: docs: set context for decimal arbitrary precision arithmetic (GH-20746) This reverts commit 00e45877e33d32bb61aa13a2033e3bba370bda4d. | 08 June 2020, 23:34:03 UTC |
| c0b7945 | Stefan Krah | 08 June 2020, 23:22:03 UTC | [3.7] Revert bpo-39576: Clarify the word size for the 32-bit build. (GH-20744) This reverts commit 24c570bbb82a7cb70576c253a73390accfa7ed78. | 08 June 2020, 23:22:03 UTC |
| 62e7f9a | Miss Islington (bot) | 08 June 2020, 17:06:31 UTC | bpo-40861: Enable optimizations when building liblzma (GH-20724) (cherry picked from commit 3a3a30c5a4622e18be9f7e4a239dc9e0d7c8054c) Co-authored-by: Steve Dower <steve.dower@python.org> | 08 June 2020, 17:06:31 UTC |
| d5489a9 | Miss Islington (bot) | 08 June 2020, 05:07:06 UTC | bpo-22021: Update root_dir and base_dir documentation in shutil (GH-10367) Also added an example in shutil in order to make more clear how they are to be used. Initially reported by Weinan Li on bpo. (cherry picked from commit 7633371dace67aaa21eb4b86f889441571ec4167) Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com> | 08 June 2020, 05:07:06 UTC |
| d1c449a | Miss Islington (bot) | 08 June 2020, 02:42:16 UTC | bpo-40741: Update macOS installer to use SQLite 3.32.2. (GH-20705) (cherry picked from commit 37eed5a9ee7c802e7151ee9939ed604032886639) Co-authored-by: Ned Deily <nad@python.org> | 08 June 2020, 02:42:16 UTC |
| 12d3061 | Miss Islington (bot) | 05 June 2020, 03:00:47 UTC | [3.8] bpo-40807: Backport test_codeop change [GH-19670] A tiny sliver of a 3.9 PEG parser patch needed to backport the test added by GH-20486. (cherry picked from commit a5d6aba318ead9cc756ba750a70da41f5def3f8f) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> | 05 June 2020, 03:00:47 UTC |
| 6bfbe77 | Miss Islington (bot) | 04 June 2020, 20:19:51 UTC | Fix spacing in docs for tarfile (GH-20629) Before ``` content.txt is 42 bytes in size and isa regular file. folder is 420 bytes in size and isa directory. magic is 4200 bytes in size and issomething else. ``` After: ``` content.txt is 42 bytes in size and is a regular file. folder is 420 bytes in size and is a directory. magic is 4200 bytes in size and is something else. ``` Automerge-Triggered-By: @orsenthil (cherry picked from commit 7a280197f4162e5fcdde6f34701a9fa6e669190d) Co-authored-by: Harsha Laxman <HarshaLaxman@users.noreply.github.com> | 04 June 2020, 20:19:51 UTC |
| 911c35d | Miss Islington (bot) | 03 June 2020, 13:01:23 UTC | bpo-40767: Allow pure Wayland to get default XDG web browser (GH-20382) Would be nice to backport to python 3.7+. I don't think it's worth the hassle to backport this all the way down to 3.10. But I'll let the maintainers decide. This is hard to test because the test setup already includes this [environment variable](https://github.com/python/cpython/blob/master/Lib/test/pythoninfo.pyGH-L292) Let me know if something doesn't match the PR guidelines. This is my first PR in the python source code. (cherry picked from commit c822efeda9a0afe87cf3429724732fc8e19a01fb) Co-authored-by: Jeremy Attali <jeremy.attali@gmail.com> | 03 June 2020, 13:01:23 UTC |
| b640ca1 | Miss Islington (bot) | 01 June 2020, 21:23:18 UTC | Ensure correct version of Sphinx is used for Windows builds (GH-20582) (cherry picked from commit fe5dd78182dbf4937bcc2b113ca7526bfad0192b) Co-authored-by: Steve Dower <steve.dower@python.org> | 01 June 2020, 21:23:18 UTC |
| d7f2fd2 | Miss Islington (bot) | 01 June 2020, 15:53:39 UTC | bpo-40831: Remove an incorrect statement in the Windows docs (GH-20570) (cherry picked from commit c8966667bbdb284c3780ef6cec8a3870935a6bb7) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 01 June 2020, 15:53:39 UTC |
| 296db8c | Miss Islington (bot) | 01 June 2020, 07:11:51 UTC | bpo-30008: Fix OpenSSL no-deprecated compilation (GH-20397) Fix :mod:`ssl`` code to be compatible with OpenSSL 1.1.x builds that use ``no-deprecated`` and ``--api=1.1.0``. Note: Tests assume full OpenSSL API and fail with limited API. Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Mark Wright <gienah@gentoo.org> (cherry picked from commit a871f692b4a2e6c7d45579693e787edc0af1a02c) Co-authored-by: Christian Heimes <christian@python.org> | 01 June 2020, 07:11:51 UTC |
| a9dbae4 | Miss Islington (bot) | 30 May 2020, 07:52:27 UTC | bpo-40798: Generate a different message for already removed elements (GH-20483) (cherry picked from commit 735d902b363b759df9ff00e58bbf4f7e2bde78cd) Co-authored-by: Florian Dahlitz <f2dahlitz@freenet.de> | 30 May 2020, 07:52:27 UTC |
| f165647 | Miss Islington (bot) | 30 May 2020, 02:03:10 UTC | closes bpo-29017: Update the bindings for Qt information with PySide2 (GH-20149) Reference to PySide has been removed has it is for Qt 4, which has reached end of life. (cherry picked from commit 4649202ea75d48e1496e99911709824ca2d3170e) Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch> | 30 May 2020, 02:03:10 UTC |
| 80b6a05 | Miss Islington (bot) | 29 May 2020, 23:11:28 UTC | bpo-39885: Make IDLE context menu cut and copy work again (GH-18951) Leave selection when right click within. This exception to clearing selections when right-clicking was omitted from the previous commit, 4ca060d. I did not realize that this completely disabled the context menu entries, and I should have merged a minimal fix immediately. An automated test should follow. (cherry picked from commit 97e4e0f53d6690db6b942678489716a30925b8af) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> | 29 May 2020, 23:11:28 UTC |
| 5aa40e5 | Miss Islington (bot) | 29 May 2020, 19:35:21 UTC | bpo-24048: Save the live exception during import.c's remove_module() (GH-13005) Save the live exception during the course of remove_module(). (cherry picked from commit 94a64e9cd411a87514b68082c1c437eb3b49dfb9) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 29 May 2020, 19:35:21 UTC |
| 852e8a7 | Miss Islington (bot) | 29 May 2020, 12:17:42 UTC | [3.8] bpo-25872: Fix KeyError in linecache when multithreaded (GH-18007) (GH-20092) Backporting to 3.8 and adding a NEWS item (I should have added one to the master branch -- oh well). (cherry picked from commit b86636bff4b29ce23c886df079715dd951f13a07) Co-authored-by: Andrew Kuchling <amk@amk.ca> | 29 May 2020, 12:17:42 UTC |
| 5f977e0 | Miss Islington (bot) | 29 May 2020, 11:43:47 UTC | bpo-39040: Fix parsing of email mime headers with whitespace between encoded-words. (gh-17620) * bpo-39040: Fix parsing of email headers with encoded-words inside a quoted string. It is fairly common to find malformed mime headers (especially content-disposition headers) where the parameter values, instead of being encoded to RFC standards, are "encoded" by doing RFC 2047 "encoded word" encoding, and then enclosing the whole thing in quotes. The processing of these malformed headers was incorrectly leaving the spaces between encoded words in the decoded text (whitespace between adjacent encoded words is supposed to be stripped on decoding). This changeset fixes the encoded word processing inside quoted strings (bare-quoted-string) to do correct RFC 2047 decoding by stripping that whitespace. (cherry picked from commit 21017ed904f734be9f195ae1274eb81426a9e776) Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com> | 29 May 2020, 11:43:47 UTC |
| f5bd99b | Miss Islington (bot) | 28 May 2020, 01:39:19 UTC | Improve IO tutorial's "Old string formatting" section (GH-16251) * Use a more universal explanation of string interpolation rather than specifically referencing sprintf(), which depends on the reader having a C background. Co-authored-by: Kyle Stanley <aeros167@gmail.com> (cherry picked from commit eaca2aa117d663acf8160a0b4543ee2c7006fcc7) Co-authored-by: Adorilson Bezerra <adorilson@gmail.com> | 28 May 2020, 01:39:19 UTC |
| 1c4dcaf | Miss Islington (bot) | 27 May 2020, 15:51:23 UTC | bpo-13097: ctypes: limit callback to 1024 arguments (GH-19914) ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments. The ctypes module allocates arguments on the stack in ctypes_callproc() using alloca(), which is problematic when large numbers of arguments are passed. Instead of a stack overflow, this commit raises an ArgumentError if more than 1024 parameters are passed. (cherry picked from commit 29a1384c040d39659e7d01f1fd7b6eb71ef2634e) Co-authored-by: Sean Gillespie <sean@swgillespie.me> | 27 May 2020, 15:51:23 UTC |
| a93bf82 | Miss Islington (bot) | 27 May 2020, 13:38:14 UTC | bpo-39073: validate Address parts to disallow CRLF (GH-19007) Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. (cherry picked from commit 614f17211c5fc0e5b828be1d3320661d1038fe8f) Co-authored-by: Ashwin Ramaswami <aramaswamis@gmail.com> | 27 May 2020, 13:38:14 UTC |
| c8e1076 | Miss Islington (bot) | 27 May 2020, 10:29:25 UTC | Fix the link to ncurses patch download in macos installer build script (GH-20421) Reason: the link `ftp://invisible-island.net/ncurses//5.9/ncurses-5.9-20120616-patch.sh.bz2` is dead, which prevents `Mac/BuildScript/build-installer.py` from completing. Looks like the host of the FTP server was changed to `ftp.invisible-island.net`, thus this proposal. Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com> (cherry picked from commit 7da46b676aed7111de34b57c8b942a7f3bb80327) Co-authored-by: Oleg Höfling <hoefling@users.noreply.github.com> | 27 May 2020, 10:29:25 UTC |
| 3f215f3 | Tal Einat | 26 May 2020, 12:59:23 UTC | [3.7] bpo-38580: Document that select() accepts iterables, not just sequences (GH-16832) (cherry picked from commit 372ee27d4958302dac7ad6a8711f6fd04771b2e6) Co-authored-by: Jakub Stasiak <jakub@stasiak.at> | 26 May 2020, 12:59:23 UTC |
| 4ea8028 | Miss Islington (bot) | 26 May 2020, 09:16:36 UTC | [3.8] bpo-35714: Reject null characters in struct format strings (GH-16928) (GH-20419) struct.error is now raised if there is a null character in a struct format string. (cherry picked from commit 3f59b55316f4c6ab451997902579aa69020b537c) (cherry picked from commit 5ff5edfef63b3dbc1abb004b3fa4b3db87e79ff9) Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 26 May 2020, 09:16:36 UTC |
| b068d89 | Miss Islington (bot) | 26 May 2020, 08:34:04 UTC | bpo-39301: State that floor division is used for right shift operations (GH-20347) (GH-20416) * bpo-39301: State that floor division is used for right shift operations * Remove "without overflow check" (cherry picked from commit af7553ac95a96713be847dd45bc5a8aeb0a75955) Co-authored-by: Zackery Spytz <zspytz@gmail.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> | 26 May 2020, 08:34:04 UTC |
| 3269a0e | Terry Jan Reedy | 24 May 2020, 13:40:19 UTC | bpo-37309: Update NEWS.txt for 3.7.8 (GH-20353) | 24 May 2020, 13:40:19 UTC |
