Nick Coghlan [Sun, 25 Mar 2018 13:43:50 +0000 (23:43 +1000)]
bpo-33053: -m now adds *starting* directory to sys.path (GH-6231) (#6236)
Historically, -m added the empty string as sys.path
zero, meaning it resolved imports against the current
working directory, the same way -c and the interactive
prompt do.
This changes the sys.path initialisation to add the
*starting* working directory as sys.path[0] instead,
such that changes to the working directory while the
program is running will have no effect on imports
when using the -m switch.
[3.7] bpo-33136: Harden ssl module against CVE-2018-8970 (GH-6229) (GH-6230)
Harden ssl module against LibreSSL CVE-2018-8970.
X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test
ensures that NULL bytes are not allowed.
- new test case for pre-initialization of sys.warnoptions and sys._xoptions
- restored ability to call these APIs prior to Py_Initialize
- updated the docs for the affected APIs to make it clear they can be
called before Py_Initialize
- also enhanced the existing embedding test cases
to check for expected settings in the sys module
(cherry picked from commit bc77eff8b96be4f035e665ab35c1d06e22f46491)
bpo-33134: dataclasses: use function dispatch table for hash, instead of a string lookup which then is tested with if tests. (GH-6222)
* Change _hash_action to be a function table lookup, instead of a list
of strings which is then tested with if statements.
(cherry picked from commit 01d618c5606a239b03ad1269541eddb6e724775d)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
- When adding a single element to a list, use .append() instead of
+= and creating a new list.
- For consistency, import the copy module, instead of just deepcopy. This
leaves only a module at the class level, instead of a function.
- Improve some comments.
- Improve some whitespace.
- Use tuples instead of lists.
- Simplify a test.
(cherry picked from commit f96ddade0094d162cb6c2fd7255c5e8a90b5c37d)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
bpo-32505: dataclasses: raise TypeError if a member variable is of type Field, but doesn't have a type annotation. (GH-6192)
If a dataclass has a member variable that's of type Field, but it doesn't have a type annotation, raise TypeError.
(cherry picked from commit 56970b8ce9d23269d20a76f13c80e670c856ba7f)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
bpo-33018: Improve issubclass() error checking and message. (GH-5944)
This improves error message for situations when a non-class is
checked w.r.t. an abstract base class.
(cherry picked from commit 40472dd42de4f7265d456458cd13ad6894d736db)
bpo-27683: Fix a regression for host() of ipaddress network objects (GH-6016)
The result of host() was not empty when the network is constructed by a tuple containing an
integer mask and only 1 bit left for addresses.
(cherry picked from commit 10b134a07c898c2fbc5fd3582503680a54ed80a2)
[3.7] bpo-33021: Release the GIL during fstat() calls (GH-6019) (GH-6159)
fstat may block for long time if the file descriptor is on a
non-responsive NFS server, hanging all threads. Most fstat() calls are
handled by _Py_fstat(), releasing the GIL internally, but but
_Py_fstat_noraise() does not release the GIL, and most calls release the
GIL explicitly around it.
This patch fixes last 2 calls to _Py_fstat_no_raise(), avoiding hangs
when calling:
- mmap.mmap()
- os.urandom()
- random.seed()
(cherry picked from commit 4484f9dca9149da135bbae035f10a50d20d1cbbb)
bpo-33100: Dataclasses now handles __slots__ and default values correctly. (GH-6152) (GH-6153)
If the class has a member that's a MemberDescriptorType, it's not a default value, it's from that member being in __slots__.
(cherry picked from commit 7389fd935c95b4b6f094312294e703ee0de18719)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
bpo-32953: Dataclasses: frozen should not be inherited for non-dataclass derived classes (GH-6147) (GH-6148)
If a non-dataclass derives from a frozen dataclass, allow attributes to be set.
Require either all of the dataclasses in a class hierarchy to be frozen, or all non-frozen.
Store `@dataclass` parameters on the class object under `__dataclass_params__`. This is needed to detect frozen base classes.
(cherry picked from commit f199bc655eb50c28e94010714629b376bbbd077b)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
bpo-32374: m_traverse may be called with m_state=NULL (GH-5140)
Multi-phase initialized modules allow m_traverse to be called while the
module is still being initialized, so module authors may need to account
for that.
(cherry picked from commit c2b0b12d1a137ada1023ab7c10b8d9a0249d95f9)
[3.7] bpo-32885: Tools/scripts/pathfix.py: Add -n option for no backup~ (GH-5772) (#6103)
Creating backup files with ~ suffix can be undesirable in some environment,
such as when building RPM packages. Instead of requiring the user to remove
those files manually, option -n was added, that simply disables this feature.
bpo-33064: lib2to3: support trailing comma after *args and **kwargs (GH-6096) (#6097)
New tests also added.
I also made the comments in line with the builtin Grammar/Grammar. PEP 306 was
withdrawn, Kees Blom's railroad program has been lost to the sands of time for
at least 16 years now (I found a python-dev post from people looking for it).
(cherry picked from commit b51f5de71163f096d2d5229ede5379cdb284f651)
bpo-31804: Fix multiprocessing.Process with broken standard streams (GH-6079) (GH-6080)
In some conditions the standard streams will be None or closed in the child process (for example if using "pythonw" instead of "python" on Windows). Avoid failing with a non-0 exit code in those conditions.
controlflow: Use full example for "5 through 9" (GH-5907)
Replace example result of "5 through 9" with complete list: "5, 6, 7, 8, 9".
This format is more consistent with the surrounding examples.
(cherry picked from commit 83d7062d2dc5eacfef578e072bca4747c346fdae)
Co-authored-by: Steven M. Vascellaro <S.Vascellaro@gmail.com>
bpo-32836: Remove obsolete code from symtable pass (GH-5680)
When comprehensions switched to using a nested scope, the old
code for generating a temporary name to hold the accumulation
target became redundant, but was never actually removed.
bpo-32517: fix test_read_pty_output() hangs on macOS 10.13.2+ (GH-6037)
test_asyncio hangs indefinitely on macOS 10.13.2+ on `read_pty_output()`
using the KqueueSelector. Closing `proto.transport` (as is done in
`write_pty_output()`) seems to fix it.
(cherry picked from commit 12f74d8608c15cacd9d5786524e2be9ca36f007e)
* fix a typo: documention -> documentation
* fix the type of IPv?Network.hostmask
* add documentation about IPv?Network.netmask
* fix IPv6Network constructor doc that extended netmasks are not supported
(cherry picked from commit e405096ea91f516d411095b6fea4eec9668eac88)
bpo-32991: Restore expectation that inspect.getfile raises TypeError on namespace package (GH-5980) (GH-5997)
* bpo-32991: Add test capturing expectation.
DocTestFinder.find should return an empty list for doctests in a namespace package.
* bpo-32991: Restore expectation that inspect.getfile on a namespace package raises TypeError.
(cherry picked from commit b9650a04a81355c8a7dcd0464c28febfb4bfc0a9)
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Fix a crash on fork when using a custom memory allocator (ex: using
PYTHONMALLOC env var).
_PyGILState_Reinit() and _PyInterpreterState_Enable() now use the
default RAW memory allocator to allocate a new interpreters mutex on
fork.
(cherry picked from commit 5d92647102fac9e116b98ab8bbc632eeed501c34)
Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
bpo-32984: IDLE - set __file__ for startup files (GH-5981)
Like Python, IDLE optionally runs one startup file in the Shell window
before presenting the first interactive input prompt. For IDLE,
option -s runs a file named in environmental variable IDLESTARTUP or
PYTHONSTARTUP; -r file runs file. Python sets __file__ to the startup
file name before running the file and unsets it before the first
prompt. IDLE now does the same when run normally, without the -n
option.
(cherry picked from commit 22c82be5df70c3d51e3f89b54fe1d4fb84728c1e)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.
Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.
A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.
Replace it with a similar non-vulnerable regex.
The new regex is RFC compliant.
The old regex was non-compliant in edge cases.
* Prevent difflib REDOS (CVE-2018-1061)
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.
Also introduce unit and REDOS tests for difflib.
Co-authored-by: Tim Peters <tim.peters@gmail.com> Co-authored-by: Christian Heimes <christian@python.org> Co-authored-by: Jamie Davis <davisjam@vt.edu>
(cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac)
bpo-31453: Add setter for min/max protocol version (GH-5259)
OpenSSL 1.1 has introduced a new API to set the minimum and maximum
supported protocol version. The API is easier to use than the old
OP_NO_TLS1 option flags, too.
Since OpenSSL has no call to set minimum version to highest supported,
the implementation emulate maximum_version = MINIMUM_SUPPORTED and
minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and
maximum supported version at compile time.
Direct instantiation of SSLSocket and SSLObject objects is now prohibited.
The constructors were never documented, tested, or designed as public
constructors. The SSLSocket constructor had limitations. For example it was
not possible to enabled hostname verification except was
ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED.
SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API
to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is
also deprecated.
The only test case for direct instantiation was added a couple of days
ago for IDNA testing.
The ssl module function ssl.wrap_socket() has been de-emphasized
and deprecated in favor of the more secure and efficient
SSLContext.wrap_socket() method.
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.
I'm going to address these issues when OpenSSL 1.1.1 reaches beta.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.
projects / python / log