- 08 Oct, 2019 1 commit
-
-
Benjamin Peterson authored
(cherry picked from commit 10c452b8) Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
-
- 03 Oct, 2019 1 commit
-
-
Kirill Smelkov authored
Fix race in PyThread_release_lock that was leading to memory corruption and deadlocks. The fix applies to POSIX systems where Python locks are implemented with mutex and condition variable because POSIX semaphores are either not provided, or are known to be broken. One particular example of such system is macOS. On Darwin, even though this is considered as POSIX, Python uses mutex+condition variable to implement its lock, and, as of 2019-08-28, Py2.7 implementation, even though similar issue was fixed for Py3 in 2012, contains synchronization bug: the condition is signalled after mutex unlock while the correct protocol is to signal condition from under mutex: https://github.com/python/cpython/blob/v2.7.16-127-g0229b56d8c0/Python/thread_pthread.h#L486-L506 https://github.com/python/cpython/commit/187aa545165d (py3 fix) PyPy has the same bug for both pypy2 and pypy3: https://bitbucket.org/pypy/pypy/src/578667b3fef9/rpython/translator/c/src/thread_pthread.c#lines-443:465 https://bitbucket.org/pypy/pypy/src/5b42890d48c3/rpython/translator/c/src/thread_pthread.c#lines-443:465 Signalling condition outside of corresponding mutex is considered OK by POSIX, but in Python context it can lead to at least memory corruption if we consider the whole lifetime of python level lock. For example the following logical scenario: T1 T2 sema = Lock() sema.acquire() sema.release() sema.acquire() free(sema) ... can translate to the next C-level calls: T1 T2 # sema = Lock() sema = malloc(...) sema.locked = 0 pthread_mutex_init(&sema.mut) pthread_cond_init (&sema.lock_released) # sema.acquire() pthread_mutex_lock(&sema.mut) # sees sema.locked == 0 sema.locked = 1 pthread_mutex_unlock(&sema.mut) # sema.release() pthread_mutex_lock(&sema.mut) sema.locked = 0 pthread_mutex_unlock(&sema.mut) # OS scheduler gets in and relinquishes control from T2 # to another process ... # second sema.acquire() pthread_mutex_lock(&sema.mut) # sees sema.locked == 0 sema.locked = 1 pthread_mutex_unlock(&sema.mut) # free(sema) pthread_mutex_destroy(&sema.mut) pthread_cond_destroy (&sema.lock_released) free(sema) # ... e.g. malloc() which returns memory where sema was ... # OS scheduler returns control to T2 # sema.release() continues # # BUT sema was already freed and writing to anywhere # inside sema block CORRUPTS MEMORY. In particular if # _another_ python-level lock was allocated where sema # block was, writing into the memory can have effect on # further synchronization correctness and in particular # lead to deadlock on lock that was next allocated. pthread_cond_signal(&sema.lock_released) Note that T2.pthread_cond_signal(&sema.lock_released) CORRUPTS MEMORY as it is called when sema memory was already freed and is potentially reallocated for another object. The fix is to move pthread_cond_signal to be done under corresponding mutex: # sema.release() pthread_mutex_lock(&sema.mut) sema.locked = 0 pthread_cond_signal(&sema.lock_released) pthread_mutex_unlock(&sema.mut) To do so this patch cherry-picks thread_pthread.h part of the following 3.2 commit: commit 187aa545 Author: Kristján Valur Jónsson <kristjan@ccpgames.com> Date: Tue Jun 5 22:17:42 2012 +0000 Signal condition variables with the mutex held. Destroy condition variables before their mutexes. Python/ceval_gil.h | 9 +++++---- Python/thread_pthread.h | 15 +++++++++------ 2 files changed, 14 insertions(+), 10 deletions(-) (ceval_gil.h is Python3 specific and does not apply to Python2.7) The bug was there since 1994 - since at least [1]. It was discussed in 2001 with original code author[2], but the code was still considered to be race-free. In 2010 the place where pthread_cond_signal should be - before or after pthread_mutex_unlock - was discussed with the rationale to avoid threads bouncing[3,4,5], and in 2012 pthread_cond_signal was moved to be called from under mutex, but only for CPython3[6,7]. In 2019 the bug was (re-)discovered while testing Pygolang[8] on macOS with CPython2 and PyPy2 and PyPy3. [1] https://github.com/python/cpython/commit/2c8cb9f3d240 [2] https://bugs.python.org/issue433625 [3] https://bugs.python.org/issue8299#msg103224 [4] https://bugs.python.org/issue8410#msg103313 [5] https://bugs.python.org/issue8411#msg113301 [6] https://bugs.python.org/issue15038#msg163187 [7] https://github.com/python/cpython/commit/187aa545165d [8] https://pypi.org/project/pygolang (cherry picked from commit 187aa545) Co-Authored-By: Kristján Valur Jónsson <kristjan@ccpgames.com>
-
- 02 Oct, 2019 1 commit
-
-
Victor Stinner authored
test.pythoninfo now logs environment variables used by OpenSSL and Python ssl modules, and logs attributes of 3 SSL contexts (SSLContext, default HTTPS context, stdlib context). (cherry picked from commit 1df1c2f8df53d005ff47af81aa02c58752b84e20)
-
- 01 Oct, 2019 1 commit
-
-
Dong-hee Na authored
Escape the server title of DocXMLRPCServer.DocXMLRPCServer when rendering the document page as HTML.
-
- 28 Sep, 2019 1 commit
-
-
Jesús Cea authored
(cherry picked from commit 52d1b86b) Co-authored-by: Jesús Cea <jcea@jcea.es>
-
- 26 Sep, 2019 2 commits
-
-
Benjamin Peterson authored
-
Benjamin Peterson authored
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.. (cherry picked from commit 52b94080) Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
- 24 Sep, 2019 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit 4346bad3) Co-authored-by: Hai Shi <shihai1992@gmail.com>
-
- 18 Sep, 2019 1 commit
-
-
Miss Islington (bot) authored
A little change on first paragraph of python tutorial to be more clearly https://bugs.python.org/issue37904 Automerge-Triggered-By: @ericvsmith (cherry picked from commit b5748131) Co-authored-by: Diego Alberto Barriga Martínez <diegobarriga@protonmail.com>
-
- 17 Sep, 2019 1 commit
-
-
Serhiy Storchaka authored
(cherry picked from commit 8debfa50)
-
- 16 Sep, 2019 4 commits
-
-
Miss Islington (bot) authored
``OPENSSL_VERSION_1_1`` was never defined in ``_hashopenssl.c``. https://bugs.python.org/issue33936 (cherry picked from commit 724f1a57) Co-authored-by: Christian Heimes <christian@python.org>
-
Steve Dower authored
-
Xiang Zhang authored
(cherry picked from commit 56a45142) Co-authored-by: Hai Shi shihai1992@gmail.com https://bugs.python.org/issue38168
-
Ned Deily authored
-
- 14 Sep, 2019 1 commit
-
-
Roberto C. Sánchez authored
This change skips parsing of email addresses where domains include a "@" character, which can be maliciously used since the local part is returned as a complete address. (cherry picked from commit 8cb65d13) Excludes changes to Lib/email/_header_value_parser.py, which did not exist in 2.7. Co-authored-by: jpic <jpic@users.noreply.github.com> https://bugs.python.org/issue34155
-
- 11 Sep, 2019 4 commits
-
-
Alexandru Ardelean authored
Fixes a build error with OpenSSL 1.1.0. There is already code in the `_ssl.c` that handles all the weird cases of the NPN config macros (with various OpenSSL & LibreSSL versions). That code will provide a HAVE_NPN variable, which should be used in the rest of the code to check whether (or what) to compile regarding NPN. This change adds HAVE_NPN in the remaining places where it should have been placed. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> https://bugs.python.org/issue35264
-
Zackery Spytz authored
-
Zackery Spytz authored
-
Zackery Spytz authored
If FormatMessageW() is passed the FORMAT_MESSAGE_FROM_SYSTEM flag without FORMAT_MESSAGE_IGNORE_INSERTS, it will fail if there are insert sequences in the message definition. (cherry picked from commit a6563650)
-
- 09 Sep, 2019 2 commits
-
-
Benjamin Peterson authored
The link we have points to the version from Unicode 6.0.0, dated 2010. There have been numerous updates to it since then: https://www.unicode.org/reports/tr44/GH-Modifications Change the link to one that points to the current version. Also, use HTTPS.. (cherry picked from commit 64c6ac74) Co-authored-by: Greg Price <gnprice@gmail.com>
-
Serhiy Storchaka authored
RuntimeError is now raised in this case. (cherry picked from commit 526a0146)
-
- 28 Aug, 2019 1 commit
-
-
Miss Islington (bot) authored
https://bugs.python.org/issue37965 https://bugs.python.org/issue37965 Automerge-Triggered-By: @benjaminp (cherry picked from commit 55aabee0) Co-authored-by: Anonymous Maarten <madebr@users.noreply.github.com>
-
- 23 Aug, 2019 2 commits
-
-
Victor Stinner authored
Fix file descriptors transfer in multiprocessing on FreeBSD: use CMSG_SPACE() rather than CMSG_LEN(); see RFC 3542.
-
Victor Stinner authored
(cherry picked from commit d0b10a64)
-
- 21 Aug, 2019 2 commits
-
-
Miss Islington (bot) authored
Fixed wrong link to Telnet.open() method in telnetlib documentation. (cherry picked from commit e0b6117e) Co-authored-by: Michael Anckaert <michael.anckaert@sinax.be>
-
Miss Islington (bot) authored
If this service had thoroughly vanished, we could just ignore the test until someone gets around to either recreating such a service or redesigning the test to somehow work locally. The `support.transient_internet` mechanism catches the failure to resolve the domain name, and skips the test. But in fact the domain snakebite.net does still exist, as do its nameservers -- and they can be quite slow to reply. As a result this test can easily take 20-30s before it gets auto-skipped. So, skip the test explicitly up front. (cherry picked from commit 5b95a150) Co-authored-by: Greg Price <gnprice@gmail.com>
-
- 05 Aug, 2019 1 commit
-
-
David H authored
[2.7] bpo-37730: Fix usage of NotImplemented instead of NotImplementedError in docs. (GH-15062). (GH-15133) (cherry picked from commit ed5e8e06) Co-authored-by: David H <dheiberg@mozilla.com>
-
- 24 Jul, 2019 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit 93e8aa62) Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
- 11 Jul, 2019 2 commits
-
-
Miss Islington (bot) authored
(cherry picked from commit 79042ac4) Co-authored-by: Tal Einat <taleinat@gmail.com>
-
Miss Islington (bot) authored
(cherry picked from commit 2a3d4d9c) Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
- 07 Jul, 2019 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit f6cdd3ff) Co-authored-by: Hai Shi <shihai1992@gmail.com>
-
- 06 Jul, 2019 2 commits
-
-
Miss Islington (bot) authored
0 is a legal index. (cherry picked from commit f8709e80) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
-
Miss Islington (bot) authored
Also fix a name misspelling. (cherry picked from commit 45bc61b9) Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
-
- 02 Jul, 2019 1 commit
-
-
Miss Islington (bot) authored
(cherry picked from commit 2cd07920) Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
- 01 Jul, 2019 1 commit
-
-
Ned Deily authored
When building 2.7 on macOS without system header files installed in ``/usr/include``, a few extension modules dependent on system-supplied third-party libraries were not being built, most notably zlib. This situation arose in the past when building without the Command Line Tools and the option to install header files in the traditional system locations (like /usr/include). As of macOS 10.14, the header files are only available in an SDK so the problem addressed here affects most 2.7 builds.
-
- 30 Jun, 2019 1 commit
-
-
Miss Islington (bot) authored
* Added documentation for textwrap.dedent behavior. (cherry picked from commit eb97b921) Co-authored-by: tmblweed <tmblweed@users.noreply.github.com> https://bugs.python.org/issue30754
-
- 28 Jun, 2019 2 commits
-
-
Victor Stinner authored
_PyWarnings_Init() only allocates memory once at startup but it is not released at exit. Ignore this issue to be able to catch other bugs more easily.
-
Miss Islington (bot) authored
(cherry picked from commit 3b03b09f) Co-authored-by: Benjamin Peterson <benjamin@python.org>
-
- 26 Jun, 2019 1 commit
-
-
Miss Islington (bot) authored
Fix test_wsgiref.testEnviron() to no longer depend on the environment variables (don't fail if "X" variable is set). testEnviron() now overrides os.environ to get a deterministic environment. Test full TestHandler.environ content: not only a few selected variables. (cherry picked from commit 5150d327) Co-authored-by: Victor Stinner <vstinner@redhat.com>
-
- 25 Jun, 2019 1 commit
-
-
Victor Stinner authored
Add $(PyDebugExt) in "Killing any running python$(PyDebugExt).exe instances...".
-