- 26 Oct, 2019 2 commits
-
-
Miss Skeleton (bot) authored
(cherry picked from commit d898d20e8c228229eb68e545f544db13f246f216) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
-
Serhiy Storchaka authored
[2.7] bpo-38535: Fix positions for AST nodes for calls without arguments in decorators. (GH-16861). (GH-16931) (cherry picked from commit 26ae9f6d3d755734c9f371b9356325afe5764813)
-
- 23 Oct, 2019 2 commits
-
-
Miss Skeleton (bot) authored
(cherry picked from commit 01659ca62c4508518478a74615ac91c0009427ad) Co-authored-by: Ned Deily <nad@python.org>
-
Zackery Spytz authored
AddRefActCtx() does not return a value.
-
- 22 Oct, 2019 1 commit
-
-
Miss Skeleton (bot) authored
(cherry picked from commit dfe726b1ace03f206f45253b93ed7610473ae20f) Co-authored-by: Kyle Stanley <aeros167@gmail.com>
-
- 21 Oct, 2019 1 commit
-
-
Serhiy Storchaka authored
(cherry picked from commit 5bc6a7c06eda20ba131ecba6752be0506d310181)
-
- 20 Oct, 2019 1 commit
-
-
Steve Dower authored
-
- 19 Oct, 2019 5 commits
-
-
Benjamin Peterson authored
-
Benjamin Peterson authored
-
Benjamin Peterson authored
-
Miss Islington (bot) authored
(cherry picked from commit 3f36043db22361500f52634f2b8de49dde0e7da9) Co-authored-by: Ned Deily <nad@python.org>
-
Ned Deily authored
-
- 18 Oct, 2019 2 commits
-
-
Ashley Whetter authored
bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault the interpreter (GH-5960) (GH-16565) (cherry picked from commit 7a7f100eb352d08938ee0f5ba59c18f56dc4a7b5) Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
-
Ashley Whetter authored
(cherry picked from commit f7a6ff6fcab32a53f262ba3f8a072c27afc330d7) Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>
-
- 14 Oct, 2019 2 commits
-
-
Miss Islington (bot) authored
(cherry picked from commit 4504b4500d2a1a80c26b27b0bfff8b624d5ce06c) Co-authored-by: Julien Palard <julien@palard.fr>
-
Ned Deily authored
-
- 08 Oct, 2019 9 commits
-
-
Benjamin Peterson authored
Rather than requiring the path to blurb and/or sphinx-build to be specified to the make rule, enhance the Doc/Makefile to look for each first in a virtual environment created by make venv and, if not found, look on the normal process PATH. This allows the Doc/Makefile to take advantage of an installed spinx-build or blurb and, thus, do the right thing most of the time. Also, make the directory for the venv be configurable and document the `make venv` target.. (cherry picked from commit 590665c399fc4aa3c4a9f8e7104d43a02e9f3a0c) Co-authored-by: Ned Deily <nad@python.org>
-
Miss Islington (bot) authored
Previous to commit ee171a2 the logline was working because of self.info() (now deprecated) defaults to an empty message. (cherry picked from commit c3f52a59ce8406d9e59253ad4621e4749abdaeef) Co-authored-by: Xtreak <tirkarthi@users.noreply.github.com>
-
Miss Islington (bot) authored
Also addresses doc build failures documented in bpo-32200. (cherry picked from commit 7324b5ce8e7c031a0a3832a6a8d7c639111ae0ff) Co-authored-by: Julien Palard <julien@palard.fr>
-
Benjamin Peterson authored
(cherry picked from commit ee171a26c1169abfae534b08acc0d95c6e45a22a) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
-
Ned Deily authored
-
Benjamin Peterson authored
-
Benjamin Peterson authored
-
Jason R. Coombs authored
[2.7] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16476) Backporting this change, I observe a couple of things: 1. The _encode_request call is no longer meaningful because the request construction will implicitly encode the request using the default encoding when the format string is used (request = '%s %s %s'...). In order to keep the code as consistent as possible, I decided to include the call as a pass-through. I'd be just as happy to remove it entirely, but I'll leave that up to the reviewer to decide. It's okay that this functionality is disabled on Python 2 because this functionality was mainly around bpo-36274, which was mainly a concern with the transition to Python 3. 2. Because _encode_request is no longer meaningful, neither is the test for it, so I've removed that test. Therefore, the meaningful part of this test is that for bpo-38216, adding a (underscore-protected) hook to customize/disable validation. (cherry picked from commit 7774d7831e8809795c64ce27f7df52674581d298) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
-
Benjamin Peterson authored
(cherry picked from commit 10c452b894d95fed06056fe11e8fe8e1a2a60040) Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
-
- 03 Oct, 2019 1 commit
-
-
Kirill Smelkov authored
Fix race in PyThread_release_lock that was leading to memory corruption and deadlocks. The fix applies to POSIX systems where Python locks are implemented with mutex and condition variable because POSIX semaphores are either not provided, or are known to be broken. One particular example of such system is macOS. On Darwin, even though this is considered as POSIX, Python uses mutex+condition variable to implement its lock, and, as of 2019-08-28, Py2.7 implementation, even though similar issue was fixed for Py3 in 2012, contains synchronization bug: the condition is signalled after mutex unlock while the correct protocol is to signal condition from under mutex: https://github.com/python/cpython/blob/v2.7.16-127-g0229b56d8c0/Python/thread_pthread.h#L486-L506 https://github.com/python/cpython/commit/187aa545165d (py3 fix) PyPy has the same bug for both pypy2 and pypy3: https://bitbucket.org/pypy/pypy/src/578667b3fef9/rpython/translator/c/src/thread_pthread.c#lines-443:465 https://bitbucket.org/pypy/pypy/src/5b42890d48c3/rpython/translator/c/src/thread_pthread.c#lines-443:465 Signalling condition outside of corresponding mutex is considered OK by POSIX, but in Python context it can lead to at least memory corruption if we consider the whole lifetime of python level lock. For example the following logical scenario: T1 T2 sema = Lock() sema.acquire() sema.release() sema.acquire() free(sema) ... can translate to the next C-level calls: T1 T2 # sema = Lock() sema = malloc(...) sema.locked = 0 pthread_mutex_init(&sema.mut) pthread_cond_init (&sema.lock_released) # sema.acquire() pthread_mutex_lock(&sema.mut) # sees sema.locked == 0 sema.locked = 1 pthread_mutex_unlock(&sema.mut) # sema.release() pthread_mutex_lock(&sema.mut) sema.locked = 0 pthread_mutex_unlock(&sema.mut) # OS scheduler gets in and relinquishes control from T2 # to another process ... # second sema.acquire() pthread_mutex_lock(&sema.mut) # sees sema.locked == 0 sema.locked = 1 pthread_mutex_unlock(&sema.mut) # free(sema) pthread_mutex_destroy(&sema.mut) pthread_cond_destroy (&sema.lock_released) free(sema) # ... e.g. malloc() which returns memory where sema was ... # OS scheduler returns control to T2 # sema.release() continues # # BUT sema was already freed and writing to anywhere # inside sema block CORRUPTS MEMORY. In particular if # _another_ python-level lock was allocated where sema # block was, writing into the memory can have effect on # further synchronization correctness and in particular # lead to deadlock on lock that was next allocated. pthread_cond_signal(&sema.lock_released) Note that T2.pthread_cond_signal(&sema.lock_released) CORRUPTS MEMORY as it is called when sema memory was already freed and is potentially reallocated for another object. The fix is to move pthread_cond_signal to be done under corresponding mutex: # sema.release() pthread_mutex_lock(&sema.mut) sema.locked = 0 pthread_cond_signal(&sema.lock_released) pthread_mutex_unlock(&sema.mut) To do so this patch cherry-picks thread_pthread.h part of the following 3.2 commit: commit 187aa545 Author: Kristján Valur Jónsson <kristjan@ccpgames.com> Date: Tue Jun 5 22:17:42 2012 +0000 Signal condition variables with the mutex held. Destroy condition variables before their mutexes. Python/ceval_gil.h | 9 +++++---- Python/thread_pthread.h | 15 +++++++++------ 2 files changed, 14 insertions(+), 10 deletions(-) (ceval_gil.h is Python3 specific and does not apply to Python2.7) The bug was there since 1994 - since at least [1]. It was discussed in 2001 with original code author[2], but the code was still considered to be race-free. In 2010 the place where pthread_cond_signal should be - before or after pthread_mutex_unlock - was discussed with the rationale to avoid threads bouncing[3,4,5], and in 2012 pthread_cond_signal was moved to be called from under mutex, but only for CPython3[6,7]. In 2019 the bug was (re-)discovered while testing Pygolang[8] on macOS with CPython2 and PyPy2 and PyPy3. [1] https://github.com/python/cpython/commit/2c8cb9f3d240 [2] https://bugs.python.org/issue433625 [3] https://bugs.python.org/issue8299#msg103224 [4] https://bugs.python.org/issue8410#msg103313 [5] https://bugs.python.org/issue8411#msg113301 [6] https://bugs.python.org/issue15038#msg163187 [7] https://github.com/python/cpython/commit/187aa545165d [8] https://pypi.org/project/pygolang (cherry picked from commit 187aa545) Co-Authored-By: Kristján Valur Jónsson <kristjan@ccpgames.com>
-
- 02 Oct, 2019 1 commit
-
-
Victor Stinner authored
test.pythoninfo now logs environment variables used by OpenSSL and Python ssl modules, and logs attributes of 3 SSL contexts (SSLContext, default HTTPS context, stdlib context). (cherry picked from commit 1df1c2f8df53d005ff47af81aa02c58752b84e20)
-
- 01 Oct, 2019 1 commit
-
-
Dong-hee Na authored
Escape the server title of DocXMLRPCServer.DocXMLRPCServer when rendering the document page as HTML.
-
- 28 Sep, 2019 1 commit
-
-
Jesús Cea authored
(cherry picked from commit 52d1b86bde2b772a76919c76991c326384954bf1) Co-authored-by: Jesús Cea <jcea@jcea.es>
-
- 26 Sep, 2019 2 commits
-
-
Benjamin Peterson authored
-
Benjamin Peterson authored
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.. (cherry picked from commit 52b940803860e37bcc3f6096b2d24e7c20a0e807) Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
- 24 Sep, 2019 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit 4346bad3321699d49a45e3446270b57726ab5c8f) Co-authored-by: Hai Shi <shihai1992@gmail.com>
-
- 18 Sep, 2019 1 commit
-
-
Miss Islington (bot) authored
A little change on first paragraph of python tutorial to be more clearly https://bugs.python.org/issue37904 Automerge-Triggered-By: @ericvsmith (cherry picked from commit b57481318e3e3cbacd398b898f9849ec8f2d7eec) Co-authored-by: Diego Alberto Barriga Martínez <diegobarriga@protonmail.com>
-
- 17 Sep, 2019 1 commit
-
-
Serhiy Storchaka authored
(cherry picked from commit 8debfa50407107ff2329d01081cdc12d359f1d12)
-
- 16 Sep, 2019 4 commits
-
-
Miss Islington (bot) authored
``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``. https://bugs.python.org/issue33936 (cherry picked from commit 724f1a57231f9287c37255adf0e4364d12cf693d) Co-authored-by: Christian Heimes <christian@python.org>
-
Steve Dower authored
-
Xiang Zhang authored
(cherry picked from commit 56a4514) Co-authored-by: Hai Shi shihai1992@gmail.com https://bugs.python.org/issue38168
-
Ned Deily authored
-
- 14 Sep, 2019 1 commit
-
-
Roberto C. Sánchez authored
This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address. (cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9) Excludes changes to Lib/email/_header_value_parser.py, which did not exist in 2.7. Co-authored-by: jpic <jpic@users.noreply.github.com> https://bugs.python.org/issue34155
-
- 11 Sep, 2019 1 commit
-
-
Alexandru Ardelean authored
Fixes a build error with OpenSSL 1.1.0. There is already code in the `_ssl.c` that handles all the weird cases of the NPN config macros (with various OpenSSL & LibreSSL versions). That code will provide a HAVE_NPN variable, which should be used in the rest of the code to check whether (or what) to compile regarding NPN. This change adds HAVE_NPN in the remaining places where it should have been placed. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> https://bugs.python.org/issue35264
-