Indicate that _PyGC_Head is only 8-byte aligned. (closes bpo-33374)
By spec, the "long double" in _PyGC_Head requires the union to always be 16-byte
aligned. However, obmalloc only yields 8-byte alignment. Compilers including GCC
8 are starting to use alignment information to do store-merging. So, the "long
double" needs to be changed to a simple "double" as was long ago done in Python
3 by e348c8d154cf6342c79d627ebfe89dfe9de23817. For 2.7, we need to add some
dummy padding to make sure _PyGC_Head stays the same size.
Ned Deily [Sat, 14 Apr 2018 14:37:28 +0000 (10:37 -0400)]
[2.7] Backport macOS universal build and installer fixes from 3.6. (GH-6469)
These include:
- bpo-32726: Provide an additional, more modern macOS installer variant that
supports macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied
third-party libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+
installer now supplies its own private copy of Tcl/Tk 8.6.8.
- bpo-24414: Default macOS deployment target is now set by ``configure`` to
the build system's OS version (as is done by Python 3), not ``10.4``;
override with, for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``.
- bpo-19019: All 2.7 macOS installer variants now supply their own version
of ``OpenSSL 1.0.2``; the Apple-supplied SSL libraries and root
certificates are not longer used. The ``Installer Certificate`` command
in ``/Applications/Python 2.7`` may be used to download and install a
default set of root certificates from the third-party ``certifi`` package.
- bpo-11485: python.org macOS Pythons no longer supply a default SDK value
(e.g. ``-isysroot /``) or specific compiler version default (e.g.
``gcc-4.2``) when building extension modules. Use ``CC``, ``SDKROOT``,
and ``DEVELOPER_DIR`` environment variables to override compilers or to
use an SDK. See Apple's ``xcrun`` man page for more info.
- prepare for pending Apple removal of 32-bit support in future macOS release
Allow ttk.Treeview.insert to insert iid that has a false boolean value.
Note iid=0 and iid=False would be same.
(cherry picked from commit 3ab44c0783eebdff687014f7d14d5dec59b6bd39)
scoder [Sat, 31 Mar 2018 12:23:30 +0000 (14:23 +0200)]
bpo-31544: Fix a reference leak to 'self' after the previous target error handling fixes. (GH-6318)
This change generally splits the xmlparser creation code into an unsafe part with "rollback" error handling and a safe "object initialisation done" part with normal decref cleanup.
Fix description about SimpleXMLRPCServer constructor parameter bind_and_activate. (GH-776)
Passing True as the `bind_and_activate` *do* immediately opening and binding to their socket.
(cherry picked from commit e6223579c87b93f3e60d28796f521587d88091d4)
Jamie Davis [Tue, 6 Mar 2018 05:59:02 +0000 (00:59 -0500)]
[2.7] closes bpo-32997: Fix REDOS in fpformat (GH-5984)
The regex to decode a number in fpformat is susceptible to catastrophic backtracking. This is a potential DOS vector if a server is using fpformat on untrusted number strings.
Replace it with an equivalent non-vulnerable regex. The match behavior of the new regex is slightly different. It captures the whole integer part of the number in one group, Leading zeros are stripped off later.
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.
Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.
A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.
Replace it with a similar non-vulnerable regex.
The new regex is RFC compliant.
The old regex was non-compliant in edge cases.
* Prevent difflib REDOS (CVE-2018-1061)
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.
Also introduce unit and REDOS tests for difflib.
Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac)
This code never did anything correct or useful. The class attribute will never be affected, and the condition will never be true.
(cherry picked from commit 5fb632e83136399bad9427ee23ec8b771695290a)
Christian Heimes [Sun, 25 Feb 2018 09:21:03 +0000 (10:21 +0100)]
[2.7] bpo-30622: Improve NPN support detection (GH-5859) (#5863)
The ssl module now detects missing NPN support in LibreSSL.
Co-Authored-By: Bernard Spil <brnrd@FreeBSD.org> Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 6cdb7954b0a578d899e4b78b868ea59eef08480a)
Co-authored-by: Christian Heimes <christian@python.org>
Christian Heimes [Sat, 24 Feb 2018 23:45:53 +0000 (00:45 +0100)]
bpo-31518: Change TLS protocol for Debian (#3661)
Debian Unstable has disabled TLS 1.0 and 1.1 for SSLv23_METHOD(). Change
TLS/SSL protocol of some tests to PROTOCOL_TLS or PROTOCOL_TLSv1_2 to
make them pass on Debian.
Signed-off-by: Christian Heimes <christian@python.org>
bpo-32923: Unittest doc: replace `whilst` with `while` (GH-5833)
`whilst` and `while` are both english words, `whilst` is not as commonly used.
This can be confusing to readers whose primary language is not english.
(cherry picked from commit 98f42aac23f3863973cb6e9964c5212cfd3a1d98)
Anselm Kruis [Fri, 23 Feb 2018 16:27:28 +0000 (17:27 +0100)]
[2.7] bpo-30028: make test.support.temp_cwd() fork-safe (GH-1066) (GH-5825)
Make test.support.temp_cwd() fork-safe. The context manager test.support.temp_cwd() no longer removes the temporary directory when executing in a process other than the parent it entered from.
If a forked child exits the context manager it won't do the cleanup..
(cherry picked from commit 33dddac00ba8d9b72cf21b8698504077eb3c23ad)
[2.7] closes bpo-32008: don't use PROTOCOL_TLSv1 in example (GH-5789) (#5792)
It's bad form to pin to an old version of TLS. ssl.SSLContext has the right
protocol default, so let's not pass anyway..
(cherry picked from commit e9edee0b65650c4f9db90cefc2e9a8125bad762c)
DOC: fix documentation for copyright and credits (GH-5706)
Adapt documentation for `copyright` and `credits` to reality. Previously, the documentation implied that all each of `copyright`,
`credits`, and `license`, would print a message to call the object in order to see the full text. In reality, only `license` exhibits this
behaviour, and `copyright` and `credit` print their full text either when printed, displayed, or called.
(cherry picked from commit 243d6d71265be1996a8326002deae429106a5fba)
Co-authored-by: Gerrit Holl <gerrit.holl@gmail.com>
Mariatta [Fri, 2 Feb 2018 16:23:53 +0000 (11:23 -0500)]
bpo-32674: Improve the docstring for __import__ (GH-5339) (GH-5494)
Clarify that the level argument is used to determine whether to
perform absolute or relative imports: 0 is absolute, while a positive number
is the number of parent directories to search relative to the current module..
(cherry picked from commit 461d225b195eec5269f317323b41115516144c41)
Victor Stinner [Thu, 25 Jan 2018 21:41:38 +0000 (22:41 +0100)]
bpo-32667: Fix tests when $PATH contains a file (#5324)
test_subprocess.test_leaking_fds_on_error() failed when the PATH
environment variable contains a path to an existing file. Fix the
test: ignore also ENOTDIR, not only ENOENT and EACCES.
bpo-32635: Fix a segfault when importing the crypt module with libxcrypt. (GH-5284) (#5295)
glibc is deprecating libcrypt in favor of libxcrypt, however python assumes
that crypt.h will always be included. This change makes the header inclusion
explicit when libxcrypt is present on the system.
(cherry picked from commit e768c86ef442ef89004089a8a34ce5909ffb90f2)
Zachary Ware [Sun, 7 Jan 2018 03:16:56 +0000 (21:16 -0600)]
[2.7] Kill the AppVeyor file whitelist (GH-5123)
It's more trouble than it's worth, since AppVeyor only checks the HEAD commit of a PR rather than the full diff against the base branch to decide which files changed.
(cherry picked from commit 7f7de371f947dc38e67505601927e9bc58fa268a)
coalesce GILless sections in new_buffersize (#5059)
830daae1c82ed33deef0086b7b6323e5be0b0cc8 added some new GIL-releasing to new_buffersize. This is fine, but it's better to avoid reacquiring the GIL for as long as possible. Also, it should use FILE_(BEGIN|END)_ALLOW_THREADS to avoid having the file closed from under it.
bpo-31530: fix crash when multiple threads iterate over a file, round 2 (#5060)
Multiple threads iterating over a file can corrupt the file's internal readahead
buffer resulting in crashes. To fix this, cache buffer state thread-locally for
the duration of a file_iternext call and only update the file's internal state
after reading completes.
No attempt is made to define or provide "reasonable" semantics for iterating
over a file on multiple threads. (Non-crashing) races are still
present. Duplicated, corrupt, and missing data will happen.
This was originally fixed by 6401e5671781eb217ee1afb4603cc0d1b0367ae6, which
raised an exception from seek() and next() when concurrent operations were
detected. Alas, this simpler solution breaks legitimate use cases such as
capturing the standard streams when multiple threads are logging.
bpo-32452: clarify term 'brackets' in generator tutorial (GH-5079) (#5082)
Updates documentation for generator expressions in classes tutorial: Clarify usage of ambiguous term "brackets" by replacing with "square brackets". Updated subsequent lines to respect line breaks. (GH-5079)
(cherry picked from commit f190eb59e60e2ae7a7cbd396458389a7a076e0d3)
[2.7] bpo-24960: use pkgutil.get_data in lib2to3 to read pickled grammar files (GH-4977) (#4980)
This is more complicated than it should be because we need to preserve the
useful mtime-based regeneration feature that lib2to3.pgen2.driver.load_grammar
has. We only look for the pickled grammar file with pkgutil.get_data and only if
the source file does not exist..
(cherry picked from commit 8a5877165e993afb2633cd48da5222326d3f6e0e)
projects / python / log