Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826)

Partial backport from cb5b68abCo-authored-by: Christian Heimes <christian@python.org>

The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).

(cherry picked from commit 358cfd42)

Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.

Also update multissltests to test with latest OpenSSL.

Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 3e630c541b35c96bfe5619165255e559f577ee71)
Co-authored-by: Christian Heimes <christian@python.org>

Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.

(cherry picked from commit 9db56fb8)
Co-authored-by: Julien Palard <julien@palard.fr>

(cherry picked from commit e9bc4172)
Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>

(cherry picked from commit 598e15d4)
Co-authored-by: jdemeyer <J.Demeyer@UGent.be>

Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue35746
(cherry picked from commit a37f5243)
Co-authored-by: Christian Heimes <christian@python.org>

(cherry picked from commit 1cffd0ee)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>

Format character "%s" in PyString_FromFormat() no longer read memory
past the limit if precision is specified.
(cherry picked from commit d586ccb0)

(cherry picked from commit 91c6158d)
Co-authored-by: Andre Delfino <adelfino@gmail.com>

* bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff

* [2.7] bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff (GH-10639).
(cherry picked from commit cbb16459)
Co-authored-by: Sanyam Khurana <8039608+CuriousLearner@users.noreply.github.com>

Remove README.rst inadvertandly "backported" from 3.x in 5a89c715. (GH-11409)

(cherry picked from commit 9a69ae8a)

This reverts commit aa580508.

Due to regressions found with using Tk 8.6.9.1, build the python.org
macOS installers with Tcl/Tk 8.6.8 as used in previous releases.

This addresses C extension build errors related to an undefined _hypot
symbol when building with the Microsoft Visual C++ Compiler for Python
2.7 [1] or MinGWPy [2]. It also addresses errors when building a C++
extension with MinGWPy and C++11 from cmath, 'error "::hypot' has not
been declared'

[1] https://www.microsoft.com/en-us/download/details.aspx?id=44266
[2] https://mingwpy.github.io/

(cherry picked from 0854b92c)

(cherry picked from commit 842acaab)

"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>

In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.

In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.

In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b53)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>

Use "ll" instead of the nonstandard "q".
(cherry picked from commit 062cbb67)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>

check_environ() of distutils.utils now catchs KeyError on calling
pwd.getpwuid(): don't create the HOME environment variable in this
case.

(cherry picked from commit 17d0c059)

bpo-34279, bpo-35412: support.run_unittest() no longer raises
TestDidNotRun if a test result contains skipped tests. The
exception is now only raised if no test have been run and no test
have been skipped.

(cherry picked from commit 3a8f4fef)

* bpo-16039: CVE-2013-1752: Change use of readline() in
  imaplib.IMAP4_SSL to limit line length. Remove IMAP4_SSL.readline()
  and IMAP4_SSL.read() to inherit safe IMAP4 implementation.
* bpo-20118: reenable test_linetoolong() of test_imaplib
  on ThreadedNetworkedTests and ThreadedNetworkedTestsSSL.
  The test now sets the _MAXLINE limit to 10 characters.

(cherry picked from commit cb342182)

(cherry picked from commit 7cf3d8e2)
Co-authored-by: Ned Deily <nad@python.org>

https://bugs.python.org/issue35401
(cherry picked from commit 419b5ffc2ca46d7adf0be6216ca3a6e40028e50f)
Co-authored-by: Ned Deily <nad@python.org>

Include <pyconfig.h> ealier in Modules/expat/xmlparse.c to define
properly _POSIX_C_SOURCE and _XOPEN_SOURCE.

Use GCC __attribute__((unused)) to mark the debug variable 'filename'
as unused in Python/ceval.c.

Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359)
Co-authored-by: Victor Stinner <vstinner@redhat.com>

Fix xml.dom.minidom cloneNode() on a document with an entity: pass
the correct arguments to the user data handler of an entity (fix an
old copy/paste mistake).

Bug spotted and fix proposed by Charalampos Stratakis, initial
reproducer written by Petr Viktorin.
Co-Authored-By: Charalampos Stratakis <cstratak@redhat.com>
Co-Authored-By: Petr Viktorin <encukou@gmail.com>
(cherry picked from commit 8e041868)

(cherry picked from commit 42b1d612)
(cherry picked from commit 7a2cf1e7d3bf300e98c702589d405734f4a8fcf8)