]> granicus.if.org Git - python/log
python
5 years agoPost-release update for 3.5.8rc2. 3.5
Larry Hastings [Sat, 12 Oct 2019 11:50:04 +0000 (12:50 +0100)]
Post-release update for 3.5.8rc2.

5 years agoVersion bump for 3.5.8rc2. v3.5.8rc2
Larry Hastings [Sat, 12 Oct 2019 11:10:33 +0000 (12:10 +0100)]
Version bump for 3.5.8rc2.

5 years agoFix docs, blurb release, pydoc-topics for 3.5.8rc2.
Larry Hastings [Sat, 12 Oct 2019 11:07:42 +0000 (12:07 +0100)]
Fix docs, blurb release, pydoc-topics for 3.5.8rc2.

5 years agocloses bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#16434)
Victor Stinner [Wed, 9 Oct 2019 05:34:26 +0000 (07:34 +0200)]
closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#16434)

Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.

5 years ago[3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and...
Jason R. Coombs [Tue, 8 Oct 2019 17:36:44 +0000 (13:36 -0400)]
[3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448) (#16475)

* [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448)

5 years ago[3.7] Doc: Bump sphinx. (GH-10676) (GH-10803) (#16522)
Victor Stinner [Tue, 8 Oct 2019 17:12:21 +0000 (19:12 +0200)]
[3.7] Doc: Bump sphinx. (GH-10676) (GH-10803) (#16522)

(cherry picked from commit 2db96ae7444880d66d4ef65abab8a5e6ff328711)

Co-authored-by: Julien Palard <julien@palard.fr>
(cherry picked from commit 23a98abd4256f931ed89b65ec6babd4f06dbff97)

5 years agoSphinx 1.8 is now preferred for building 3.5 docs. v3.5.8rc1
Larry Hastings [Mon, 9 Sep 2019 13:39:36 +0000 (14:39 +0100)]
Sphinx 1.8 is now preferred for building 3.5 docs.

5 years agoVersion bump for 3.5.8rc1.
Larry Hastings [Mon, 9 Sep 2019 11:18:48 +0000 (12:18 +0100)]
Version bump for 3.5.8rc1.

5 years agoBlurb release and pydoc-topics for 3.5.8rc1.
Larry Hastings [Mon, 9 Sep 2019 11:16:26 +0000 (12:16 +0100)]
Blurb release and pydoc-topics for 3.5.8rc1.

5 years ago[3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers...
Abhilash Raj [Sat, 7 Sep 2019 07:08:53 +0000 (00:08 -0700)]
[3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794) (#15446)

* [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
(cherry picked from commit a4a994bd3e619cbaff97610a1cee8ffa87c672f5)

Co-authored-by: Abhilash Raj <maxking@users.noreply.github.com>
Co-Authored-By: Ashwin Ramaswami <aramaswamis@gmail.com>
5 years agobpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) (GH-13814...
Victor Stinner [Sat, 7 Sep 2019 06:33:24 +0000 (08:33 +0200)]
bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) (GH-13814) (#14772)

(cherry picked from commit 8d0ef0b5edeae52960c7ed05ae8a12388324f87e)

Co-authored-by: Steve Dower <steve.dower@python.org>
(cherry picked from commit fd1771dbdd28709716bd531580c40ae5ed814468)

5 years agobpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 (#12694)
Victor Stinner [Sat, 7 Sep 2019 06:06:27 +0000 (08:06 +0200)]
bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 (#12694)

Some test_ssl and test_asyncio tests were written for OpenSSL 1.0 and TLS 1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.  Fixing these requires backporting new ssl flags like ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION, which is inappropriate at this stage in Python 3.5's lifetime. Moreover, it's not really worth it: the code works fine, the problem is just in the tests.  This patch disables those problematic tests when Python 3.5 is built using newer versions of OpenSSL.

5 years ago[3.5] bpo-34155: Dont parse domains containing @ (GH-13079) (#15317)
Abhilash Raj [Sat, 7 Sep 2019 05:24:05 +0000 (22:24 -0700)]
[3.5] bpo-34155: Dont parse domains containing @ (GH-13079) (#15317)

https://bugs.python.org/issue34155
(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)

Co-authored-by: jpic <jpic@users.noreply.github.com>
5 years agobpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207)
Miro Hrončok [Sun, 14 Jul 2019 09:07:11 +0000 (11:07 +0200)]
bpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207)

Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
5 years agobpo-36742: Fixes handling of pre-normalization characters in urlsplit() (GH-13017...
Steve Dower [Sun, 14 Jul 2019 08:16:19 +0000 (10:16 +0200)]
bpo-36742: Fixes handling of pre-normalization characters in urlsplit() (GH-13017) (#13042)

5 years agobpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505...
Victor Stinner [Sun, 14 Jul 2019 07:04:15 +0000 (09:04 +0200)]
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505) (#13510)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
5 years agoFix compatibility with ISO C89 needed by "gnu89" standard of GCC 4.8: use C89 for...
Anthony Sottile [Sat, 13 Jul 2019 22:12:45 +0000 (15:12 -0700)]
Fix compatibility with ISO C89 needed by "gnu89" standard of GCC 4.8: use C89 for loops in backported pickle patch (#12622)

5 years ago[3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (#13200)
Gregory P. Smith [Sat, 13 Jul 2019 15:35:35 +0000 (08:35 -0700)]
[3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (#13200)

* [3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192)

We updated the server, our testsuite must match.

https://bugs.python.org/issue36816

✈️ CLE -> DEN ✈️ GH-pycon2019
(cherry picked from commit 6bd81734de0b73f1431880d6a75fb71bcbc65fa1)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
5 years ago[3.5] Doc: Add an optional obsolete header. (GH-13638). (#13658)
Julien Palard [Sat, 13 Jul 2019 14:46:56 +0000 (16:46 +0200)]
[3.5] Doc: Add an optional obsolete header. (GH-13638). (#13658)

* [3.5] Doc: Add an optional obsolete header. (GH-13638).
(cherry picked from commit 46ed90dd014010703c7a3b2a61c4927644fa8210)

Co-authored-by: Julien Palard <julien@palard.fr>
5 years agoPost-release version bump for 3.5.7.
Larry Hastings [Tue, 19 Mar 2019 15:19:22 +0000 (08:19 -0700)]
Post-release version bump for 3.5.7.

5 years agoVersion bump for 3.5.7 final. v3.5.7
Larry Hastings [Sun, 17 Mar 2019 23:47:59 +0000 (16:47 -0700)]
Version bump for 3.5.7 final.

5 years agoBlurb release and pydoc-topics for 3.5.7 final.
Larry Hastings [Sun, 17 Mar 2019 23:39:54 +0000 (16:39 -0700)]
Blurb release and pydoc-topics for 3.5.7 final.

5 years ago[3.5] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258)...
Xtreak [Sun, 17 Mar 2019 00:03:39 +0000 (05:33 +0530)]
[3.5] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (#12281)

Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy.  Patch by Karthikeyan Singaravelan.
(cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14)

Co-authored-by: Xtreak <tir.karthi@gmail.com>
5 years agobpo-35647: Fix path check in cookiejar (#11436) (#12277)
Xtreak [Sat, 16 Mar 2019 23:42:11 +0000 (05:12 +0530)]
bpo-35647: Fix path check in cookiejar (#11436) (#12277)

* Refactor cookie path check as per RFC 6265

* Add tests for prefix match of path

* Add news entry

* Fix set_ok_path and refactor tests

* Use slice for last letter

(cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)

5 years agobpo-36216: Add check for characters in netloc that normalize to separators (GH-12201...
Steve Dower [Mon, 11 Mar 2019 04:59:24 +0000 (21:59 -0700)]
bpo-36216: Add check for characters in netloc that normalize to separators (GH-12201) (#12223)

5 years agoPost-release verison bump for 3.5.7rc1.
Larry Hastings [Mon, 4 Mar 2019 09:36:14 +0000 (01:36 -0800)]
Post-release verison bump for 3.5.7rc1.

5 years agoVersion bump & copyright year update for 3.5.7rc1. v3.5.7rc1
Larry Hastings [Mon, 4 Mar 2019 02:09:45 +0000 (18:09 -0800)]
Version bump & copyright year update for 3.5.7rc1.

5 years agoPyDoc and blurb updates for 3.5.7rc1.
Larry Hastings [Mon, 4 Mar 2019 02:00:25 +0000 (18:00 -0800)]
PyDoc and blurb updates for 3.5.7rc1.

5 years ago[3.5] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) (#12144)
Cheryl Sabella [Mon, 4 Mar 2019 00:00:49 +0000 (19:00 -0500)]
[3.5] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) (#12144)

Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some
reserved signal numbers between 1 and NSIG.  The `range(1, NSIG)` idiom
is commonly used to select all signals for blocking with `pthread_sigmask`.
So we ignore the sigaddset() return value until we expose sigfillset()
to provide a better idiom.
(cherry picked from commit 25038ec)

Co-authored-by: Antoine Pitrou <pitrou@free.fr>
5 years ago[3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)
Alex Viscreanu [Fri, 1 Mar 2019 07:36:00 +0000 (08:36 +0100)]
[3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)

* bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)

LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.

Documentation updates and fixes for failing tests will be provided in
another patch set.

Signed-off-by: Christian Heimes <christian@python.org>
5 years agobpo-34791: xml package obeys ignore env flags (GH-9544) (#11871)
Victor Stinner [Tue, 26 Feb 2019 01:47:47 +0000 (02:47 +0100)]
bpo-34791: xml package obeys ignore env flags (GH-9544) (#11871)

The xml.sax and xml.dom.domreg modules now obey
sys.flags.ignore_environment.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 223e501fb9c2b6ae21b96054e20c4c31d94a5d96)

5 years agocloses bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261) (...
Victor Stinner [Tue, 26 Feb 2019 00:42:39 +0000 (01:42 +0100)]
closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261) (#11869)

(cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd)

5 years agobpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)
Victor Stinner [Tue, 26 Feb 2019 00:17:02 +0000 (01:17 +0100)]
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)

Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas
Edet of Cisco.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)

5 years agobpo-35411: Skip test_urllib2net FTP tests on Travis CI (GH-10907) (#11874)
Victor Stinner [Mon, 25 Feb 2019 23:16:36 +0000 (00:16 +0100)]
bpo-35411: Skip test_urllib2net FTP tests on Travis CI (GH-10907) (#11874)

On Travis CI, FTP tests of test_urllib2net randomly fail with "425
Security: Bad IP connecting".

(cherry picked from commit c11b3b19a5b022c6c229043d37f9a9fd06f22500)

5 years ago[3.5] bpo-34623: Use XML_SetHashSalt in _elementtree (#9933)
stratakis [Mon, 25 Feb 2019 21:04:09 +0000 (22:04 +0100)]
[3.5] bpo-34623: Use XML_SetHashSalt in _elementtree (#9933)

* bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)

The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34623
(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)

Co-authored-by: Christian Heimes <christian@python.org>
6 years agoPost-release version bump for 3.5.6.
Larry Hastings [Thu, 2 Aug 2018 13:51:56 +0000 (06:51 -0700)]
Post-release version bump for 3.5.6.

6 years agoVersion bump for 3.5.6 final. v3.5.6
Larry Hastings [Thu, 2 Aug 2018 09:19:12 +0000 (02:19 -0700)]
Version bump for 3.5.6 final.

6 years agoAdd Blurb entry for 3.5.6 final.
Larry Hastings [Thu, 2 Aug 2018 09:16:53 +0000 (02:16 -0700)]
Add Blurb entry for 3.5.6 final.

6 years agoPost-release version bump for 3.5.6rc1.
Larry Hastings [Fri, 20 Jul 2018 02:31:49 +0000 (19:31 -0700)]
Post-release version bump for 3.5.6rc1.

6 years agoVersion bump for 3.5.6rc1. v3.5.6rc1
Larry Hastings [Fri, 20 Jul 2018 00:57:25 +0000 (17:57 -0700)]
Version bump for 3.5.6rc1.

6 years agoPyDoc topics refresh & blurb release for 3.5.6rc1.
Larry Hastings [Fri, 20 Jul 2018 00:55:28 +0000 (17:55 -0700)]
PyDoc topics refresh & blurb release for 3.5.6rc1.

6 years agobpo-33216: Clarify the documentation for CALL_FUNCTION_* (#8338)
larryhastings [Thu, 19 Jul 2018 23:35:28 +0000 (16:35 -0700)]
bpo-33216: Clarify the documentation for CALL_FUNCTION_* (#8338)

Clarify the documentation for the CALL_FUNCTION_* bytecodes.  They changed in 3.5 in subtle ways and the documentation has never been correct, much less clear.

6 years agoDoc: Backport language switcher (bpo-33700, bpo-31045) (#8048)
Julien Palard [Mon, 2 Jul 2018 19:56:28 +0000 (21:56 +0200)]
Doc: Backport language switcher (bpo-33700, bpo-31045) (#8048)

6 years agoBackport 3.7.0 final changes
Ned Deily [Wed, 27 Jun 2018 22:49:31 +0000 (18:49 -0400)]
Backport 3.7.0 final changes

6 years ago[3.5] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5991)
Steve Dower [Mon, 14 May 2018 18:03:17 +0000 (14:03 -0400)]
[3.5] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5991)

* bpo-33001: Minimal fix to prevent buffer overrun in os.symlink

* Remove invalid test

6 years ago[3.5] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6034)
Ned Deily [Sun, 11 Mar 2018 18:29:05 +0000 (14:29 -0400)]
[3.5] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6034)

* Prevent low-grade poplib REDOS (CVE-2018-1060)

The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.

Replace it with a similar non-vulnerable regex.

The new regex is RFC compliant.
The old regex was non-compliant in edge cases.

* Prevent difflib REDOS (CVE-2018-1061)

The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.

Replace it with an equivalent non-vulnerable regex.

Also introduce unit and REDOS tests for difflib.

Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 0e6c8ee2358a2e23117501826c008842acb835ac)

6 years agoPost-release bump for Python 3.5.5.
Larry Hastings [Mon, 5 Feb 2018 00:38:21 +0000 (16:38 -0800)]
Post-release bump for Python 3.5.5.

6 years agoVersion bump for 3.5.5. v3.5.5
Larry Hastings [Sun, 4 Feb 2018 23:40:56 +0000 (15:40 -0800)]
Version bump for 3.5.5.

6 years agoFinalize blurb archive for 3.5.5 (no new blurbs).
Larry Hastings [Sun, 4 Feb 2018 23:39:04 +0000 (15:39 -0800)]
Finalize blurb archive for 3.5.5 (no new blurbs).

6 years agoMerge branch '3.5' of github.com:python/cpython into 3.5
Larry Hastings [Sun, 4 Feb 2018 16:28:44 +0000 (08:28 -0800)]
Merge branch '3.5' of github.com:python/cpython into 3.5

6 years agoPost-release version bump for 3.5.5rc1.
Larry Hastings [Sun, 4 Feb 2018 16:17:48 +0000 (08:17 -0800)]
Post-release version bump for 3.5.5rc1.

6 years agoUpdate docs template for 3.8
Ned Deily [Thu, 1 Feb 2018 03:11:02 +0000 (22:11 -0500)]
Update docs template for 3.8

6 years agoWhoops, missed checking in version bump. v3.5.5rc1
Larry Hastings [Tue, 23 Jan 2018 13:49:45 +0000 (05:49 -0800)]
Whoops, missed checking in version bump.

6 years agoBump version and copyright year for 3.5.5rc1.
Larry Hastings [Tue, 23 Jan 2018 12:35:33 +0000 (04:35 -0800)]
Bump version and copyright year for 3.5.5rc1.

6 years agoblurb release and pydoc topics for 3.5.5rc1.
Larry Hastings [Tue, 23 Jan 2018 12:25:28 +0000 (04:25 -0800)]
blurb release and pydoc topics for 3.5.5rc1.

6 years ago[3.5] bpo-32072: Fix issues with binary plists. (GH-4455) (#4656)
Serhiy Storchaka [Tue, 23 Jan 2018 11:21:21 +0000 (13:21 +0200)]
[3.5] bpo-32072: Fix issues with binary plists. (GH-4455) (#4656)

* [3.5] bpo-32072: Fix issues with binary plists. (GH-4455)

* Fixed saving bytearrays.
* Identical objects will be saved only once.
* Equal references will be load as identical objects.
* Added support for saving and loading recursive data structures.
(cherry picked from commit a897aee)

* Fix implementation dependent assertion in test_plistlib. (#4813)

It is failed with an advanced optimizer.

6 years ago[3.5] bpo-32551: Consistently configure sys.path[0] (#5197)
Nick Coghlan [Tue, 23 Jan 2018 10:48:11 +0000 (20:48 +1000)]
[3.5] bpo-32551: Consistently configure sys.path[0] (#5197)

Directory and zipfile execution previously added
the parent directory of the directory or zipfile
as sys.path[0] and then subsequently overwrote
it with the directory or zipfile itself.

This caused problems in isolated mode, as it
overwrote the "stdlib as a zip archive" entry
in sys.path, as the parent directory was
never added.

The attempted fix to that issue in bpo-29319
created the opposite problem in *non*-isolated
mode, by potentially leaving the parent
directory on sys.path instead of overwriting it.

This change fixes the root cause of the problem
by removing the whole "add-and-overwrite" dance
for sys.path[0], and instead simply never adds
the parent directory to sys.path in the first
place.

(cherry picked from commit d2977a3ae2cc6802921b1e3b6e9d13fcfbda872d)

6 years ago[3.5] bpo-32563: Get expat to compile under C89 (#5201)
Nick Coghlan [Tue, 23 Jan 2018 10:24:39 +0000 (20:24 +1000)]
[3.5] bpo-32563: Get expat to compile under C89 (#5201)

* [3.5] bpo-32563: Get expat to compile under C89

expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation.

Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2

* Backport XML RPC test skip to 3.5

The buildbot service upgrade removed the XML-RPC
interface, so this test no longer works (through no
fault of the standard library).

* Don't configure a nonexistent Python

6 years ago[3.5] bpo-32620: Remove failing pyenv call from CI config (#5274)
Nick Coghlan [Tue, 23 Jan 2018 09:10:43 +0000 (19:10 +1000)]
[3.5] bpo-32620: Remove failing pyenv call from CI config (#5274)

* [3.5] Remove failing pyenv call from CI config

* Backport XML RPC test skip to 3.5

The buildbot service upgrade removed the XML-RPC
interface, so this test no longer works (through no
fault of the standard library).

7 years agobpo-30657: Fix CVE-2017-1000158 (#4664)
Miro Hrončok [Fri, 8 Dec 2017 21:34:12 +0000 (22:34 +0100)]
bpo-30657: Fix CVE-2017-1000158 (#4664)

Fixes possible integer overflow in PyBytes_DecodeEscape.

Co-Authored-By: Jay Bosamiya <jaybosamiya@gmail.com>
7 years agoExclude VENVDIR in Doc builds (#3977)
Ned Deily [Thu, 12 Oct 2017 20:39:51 +0000 (16:39 -0400)]
Exclude VENVDIR in Doc builds (#3977)

7 years agoRemove retired and security branches from active docs (#3882)
Ned Deily [Wed, 4 Oct 2017 03:29:07 +0000 (23:29 -0400)]
Remove retired and security branches from active docs (#3882)

7 years agobpo-31095: fix potential crash during GC (GH-2974) (#3196)
INADA Naoki [Tue, 26 Sep 2017 21:24:16 +0000 (06:24 +0900)]
bpo-31095: fix potential crash during GC (GH-2974) (#3196)

(cherry picked from commit a6296d34a478b4f697ea9db798146195075d496c)

7 years ago[3.5] bpo-31170: Fix inclusion of expat in Windows build projects. (#3751)
Steve Dower [Tue, 26 Sep 2017 13:00:28 +0000 (06:00 -0700)]
[3.5] bpo-31170: Fix inclusion of expat in Windows build projects. (#3751)

* bpo-31170: Fix inclusion of expat in Windows build projects.

* Fixes line endings

7 years ago[3.5][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3354)
Victor Stinner [Mon, 25 Sep 2017 00:58:32 +0000 (17:58 -0700)]
[3.5][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3354)

* bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4

* Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
  fixes.

* Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
  characters for UTF-8 input (libexpat bug 115):
  https://github.com/libexpat/libexpat/issues/115

* Define XML_POOR_ENTROPY when compiling expat

7 years agobpo-31568, Travis CI: Fix python3.5 (#3737)
Victor Stinner [Sun, 24 Sep 2017 22:45:00 +0000 (15:45 -0700)]
bpo-31568, Travis CI: Fix python3.5 (#3737)

Works around Travis CI bug about the python3.5 binary:
https://github.com/travis-ci/travis-ci/issues/8363

7 years ago[3.5] Fix broken `Show Source` links on documentation pages (GH-3113) (#3126)
Mariatta [Fri, 8 Sep 2017 18:32:26 +0000 (11:32 -0700)]
[3.5] Fix broken `Show Source` links on documentation pages (GH-3113) (#3126)

The `Show Source` was broken because of a change made in sphinx 1.5.1
In Sphinx 1.4.9, the sourcename was "index.txt".
In Sphinx 1.5.1+, it is now "index.rst.txt".
(cherry picked from commit b9ff498793611d1c6a9b99df464812931a1e2d69)

7 years ago[3.5] bpo-31036: Allow sphinx and blurb to be found automatically (GH-3440)
Ned Deily [Fri, 8 Sep 2017 17:42:19 +0000 (10:42 -0700)]
[3.5] bpo-31036: Allow sphinx and blurb to be found automatically (GH-3440)

Rather than requiring the path to blurb and/or sphinx-build to be specified to
the make rule, enhance the Doc/Makefile to look for each first in a virtual
environment created by make venv and, if not found, look on the normal process
PATH. This allows the Doc/Makefile to take advantage of an installed
spinx-build or blurb and, thus, do the right thing most of the time. Also, make
the directory for the venv be configurable and document the `make venv` target.

7 years agoMerge 3.5.4 release into main 3.5 branch.
Larry Hastings [Tue, 8 Aug 2017 11:09:22 +0000 (04:09 -0700)]
Merge 3.5.4 release into main 3.5 branch.

7 years agoPost-release version bump for 3.5.4 final.
Larry Hastings [Tue, 8 Aug 2017 11:08:20 +0000 (04:08 -0700)]
Post-release version bump for 3.5.4 final.

7 years agoVersion bump for 3.5.4 final. v3.5.4
Larry Hastings [Mon, 7 Aug 2017 07:59:11 +0000 (00:59 -0700)]
Version bump for 3.5.4 final.

7 years agoBlurb release and pydoc topics for 3.5.4 final.
Larry Hastings [Mon, 7 Aug 2017 07:56:55 +0000 (00:56 -0700)]
Blurb release and pydoc topics for 3.5.4 final.

7 years agobpo-25910: Update LICENSE (GH-2873) (GH-2968)
Mariatta [Tue, 1 Aug 2017 02:53:43 +0000 (19:53 -0700)]
bpo-25910: Update LICENSE (GH-2873) (GH-2968)

Use the copy provided in https://bugs.python.org/issue25910GH-msg295200
(cherry picked from commit 8474d87165593bac2bc231287f42c4cff3fd6aaf)
(cherry picked from commit f6306e737203ac1bf1717bbf62bc58dac24b68db)

7 years agoFix trivial typo in multiprocessing documentation (GH-2930) (GH-2941)
Mariatta [Sat, 29 Jul 2017 02:56:13 +0000 (19:56 -0700)]
Fix trivial typo in multiprocessing documentation (GH-2930) (GH-2941)

(cherry picked from commit 6fcb69dad579cc9a7dc15eabead43b6c37464f8c)
(cherry picked from commit 52c41f18086f3d8b1eb3854b568f04717c724e3d)

7 years ago[3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb (#2874)
Ned Deily [Thu, 27 Jul 2017 19:50:04 +0000 (15:50 -0400)]
[3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb (#2874)

* bpo-31036: use an existing Misc/NEWS rather than trying to use blurb

* bpo-31036: avoid echoing comments

(cherry picked from commit 3de144890ad3bc50694368a1b33be6d7f3a780b3)

7 years agoRemove .mention-bot (GH-2923) (GH-2971)
Mariatta [Tue, 1 Aug 2017 04:34:47 +0000 (21:34 -0700)]
Remove .mention-bot (GH-2923) (GH-2971)

(cherry picked from commit e1e60bd95c376f9b18cbaf9481364281c6cc1bc7)

7 years agobpo-25910: Update LICENSE (GH-2873) (GH-2968)
Mariatta [Tue, 1 Aug 2017 02:53:43 +0000 (19:53 -0700)]
bpo-25910: Update LICENSE (GH-2873) (GH-2968)

Use the copy provided in https://bugs.python.org/issue25910GH-msg295200
(cherry picked from commit 8474d87165593bac2bc231287f42c4cff3fd6aaf)

7 years agoFix trivial typo in multiprocessing documentation (GH-2930) (GH-2941)
Mariatta [Sat, 29 Jul 2017 02:56:13 +0000 (19:56 -0700)]
Fix trivial typo in multiprocessing documentation (GH-2930) (GH-2941)

(cherry picked from commit 6fcb69dad579cc9a7dc15eabead43b6c37464f8c)

7 years ago[3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb (#2874)
Ned Deily [Thu, 27 Jul 2017 19:50:04 +0000 (15:50 -0400)]
[3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb (#2874)

* bpo-31036: use an existing Misc/NEWS rather than trying to use blurb

* bpo-31036: avoid echoing comments

7 years ago[3.5] bpo-30876: Add new import test files to projects. (GH-2851). (#2913)
Serhiy Storchaka [Thu, 27 Jul 2017 10:16:21 +0000 (13:16 +0300)]
[3.5] bpo-30876: Add new import test files to projects. (GH-2851). (#2913)

(cherry picked from commit d5ed47dea25e04a3a144eddf99a4ac4a29242dbc)

7 years ago[3.5] [security] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal...
Dong-hee Na [Wed, 26 Jul 2017 07:04:42 +0000 (16:04 +0900)]
[3.5] [security] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) (#2887)

7 years ago[3.5] bpo-31018: Switch to GH-pragma pack from __declspec(align) (GH-2848) (#2869)
Segev Finer [Tue, 25 Jul 2017 17:20:51 +0000 (20:20 +0300)]
[3.5] bpo-31018: Switch to GH-pragma pack from __declspec(align) (GH-2848) (#2869)

(cherry picked from commit 39243779f4c97ec6f700fa73c007ca66dfa9408e)

7 years agoPost-release version bump for 3.5.4rc1.
Larry Hastings [Tue, 25 Jul 2017 09:08:36 +0000 (02:08 -0700)]
Post-release version bump for 3.5.4rc1.

7 years agoMerge main 3.5 branch into 3.5.4rc1.
Larry Hastings [Tue, 25 Jul 2017 09:05:42 +0000 (02:05 -0700)]
Merge main 3.5 branch into 3.5.4rc1.

7 years agobpo-30908: Fix dangling thread in test_os.TestSendfile (#2680) (#2845)
Victor Stinner [Mon, 24 Jul 2017 15:40:47 +0000 (17:40 +0200)]
bpo-30908: Fix dangling thread in test_os.TestSendfile (#2680) (#2845)

tearDown() now clears explicitly the self.server variable to make
sure that the thread is completely cleared when tearDownClass()
checks if all threads have been cleaned up.

Fix the following warning:

$ ./python -m test --fail-env-changed -m test.test_os.TestSendfile.test_keywords -R 3:1 test_os
(...)
Warning -- threading_cleanup() failed to cleanup 0 threads after 3 sec (count: 0, dangling: 2)
(...)
Tests result: ENV CHANGED
(cherry picked from commit d1cc037d1442cc35d1b194ec8e50901514360949)

7 years agoBackport Mac installer fixes for git-based workflow (#2838)
Ned Deily [Mon, 24 Jul 2017 08:58:00 +0000 (04:58 -0400)]
Backport Mac installer fixes for git-based workflow (#2838)

7 years agobpo-29572: Update macOS installer build to OpenSSL 1.0.2k (#457) (#2835)
Ned Deily [Mon, 24 Jul 2017 07:47:31 +0000 (03:47 -0400)]
bpo-29572: Update macOS installer build to OpenSSL 1.0.2k (#457) (#2835)

(cherry picked from commit cfcd76777e35c83d548d8736f5d7dc92fe56d806)

7 years agoVersion bump & copyright year fixes for 3.5.4rc1. v3.5.4rc1
Larry Hastings [Mon, 24 Jul 2017 02:40:13 +0000 (19:40 -0700)]
Version bump & copyright year fixes for 3.5.4rc1.

7 years agoUpdated pydoc-topics for 3.5.4rc1.
Larry Hastings [Mon, 24 Jul 2017 02:37:38 +0000 (19:37 -0700)]
Updated pydoc-topics for 3.5.4rc1.

7 years agoBlurb release for 3.5.4rc1.
Larry Hastings [Mon, 24 Jul 2017 02:19:54 +0000 (19:19 -0700)]
Blurb release for 3.5.4rc1.

7 years agoUpdate 3.5 to use blurb!
Larry Hastings [Mon, 24 Jul 2017 02:18:13 +0000 (19:18 -0700)]
Update 3.5 to use blurb!

7 years agoMac installer build now needs venv for docs build (#2828) (#2833)
Ned Deily [Sun, 23 Jul 2017 23:39:49 +0000 (19:39 -0400)]
Mac installer build now needs venv for docs build (#2828) (#2833)

(cherry picked from commit 4c7532e96da19f2d5543bdab2b972797699c37d5)

7 years agoAdd option to pass vcs info into Mac installer build (#2832)
Ned Deily [Sun, 23 Jul 2017 22:09:14 +0000 (18:09 -0400)]
Add option to pass vcs info into Mac installer build (#2832)

(cherry picked from commit 4da52247d6ae53b8384f9753430e8cd2672ff97d)

7 years ago[3.5] Backport bpo-30876 (GH-2639), bpo-18018 and bpo-26367. (#2677)
Serhiy Storchaka [Sun, 23 Jul 2017 06:44:05 +0000 (09:44 +0300)]
[3.5] Backport bpo-30876 (GH-2639), bpo-18018 and bpo-26367. (#2677)

* bpo-30876: Relative import from unloaded package now reimports the package
instead of failing with SystemError.

Relative import from non-package now fails with ImportError rather than
SystemError.
(cherry picked from commit 8a9cd20edca7d01b68292036029ae3735ce65edd)

* bpo-18018: Import raises ImportError instead of SystemError if a relative
import is attempted without a known parent package.

* bpo-26367: importlib.__init__() raises ImportError like
builtins.__import__() when ``level`` is specified but without an accompanying
package specified.

7 years ago[3.5] bpo-29403: Fix mock's broken autospec behavior on method-bound builtin function...
Berker Peksag [Fri, 21 Jul 2017 23:27:17 +0000 (02:27 +0300)]
[3.5] bpo-29403: Fix mock's broken autospec behavior on method-bound builtin functions (GH-3)

Cython will, in the right circumstances, offer a MethodType instance
where im_func is a builtin function. Any instance of MethodType is
automatically assumed to be a Python-defined function (more
specifically, a function that has an inspectable signature), but
_set_signature was still conservative in its assumptions. As a result
_set_signature would return early with None instead of a mock since
the im_func had no inspectable signature. This causes problems
deeper inside mock, as _set_signature is assumed to _always_
return a mock, and nothing checked its return value.

In similar corner cases, autospec will simply not check the spec of the
function, so _set_signature is amended to now return early with the
original, not-wrapped mock object.

Patch by Aaron Gallagher.

(cherry picked from commit 856cbcc12f2e4cca93af5dc7ed6bcea4dd942f10)

7 years agobpo-30822: regrtest: remove tzdata (#2782)
Victor Stinner [Thu, 20 Jul 2017 16:08:54 +0000 (18:08 +0200)]
bpo-30822: regrtest: remove tzdata (#2782)

* Oops, tzdata was introduced in Python 3.6: remove it from regrtest
* Remove also Lib/test/libregrtest/__init__.py file: add by mistake
  on a backport.

7 years agobpo-30822: Exclude tzdata from regrtest --all (#2775) (#2781)
Victor Stinner [Thu, 20 Jul 2017 15:08:51 +0000 (17:08 +0200)]
bpo-30822: Exclude tzdata from regrtest --all (#2775) (#2781)

When running the test suite using --use=all / -u all, exclude tzdata
since it makes test_datetime too slow (15-20 min on some buildbots)
which then times out on some buildbots.

-u tzdata must now be enabled explicitly, -u tzdata or -u all,tzdata,
to run all test_datetime tests.

Fix also regrtest command line parser to allow passing -u
extralargefile to run test_zipfile64.

Travis CI: remove -tzdata. Replace -u all,-tzdata,-cpu with -u all,-cpu since tzdata is now excluded from -u all.
(cherry picked from commit 5b392bbaeb9d9b1db961ecfc7315d8c8662c27f6)

7 years ago[3.5] Fix typo in Turtle Docs: yingyang -> yinyang (GH-2770) (GH-2779)
Mariatta [Thu, 20 Jul 2017 14:14:18 +0000 (07:14 -0700)]
[3.5] Fix typo in Turtle Docs: yingyang -> yinyang (GH-2770) (GH-2779)

(cherry picked from commit fff2a21057b98732562098e3bdd65980551f0135)

7 years agoUpdate doc download files size estimates. (#2771) (#2773)
Ned Deily [Thu, 20 Jul 2017 08:34:16 +0000 (04:34 -0400)]
Update doc download files size estimates. (#2771) (#2773)

7 years ago[3.5] bpo-30883: Use pythontest.net instead of debian.org in test_urllib2net (GH...
Ammar Askar [Thu, 20 Jul 2017 00:20:39 +0000 (17:20 -0700)]
[3.5] bpo-30883: Use pythontest.net instead of debian.org in test_urllib2net (GH-2755)