Merge 3.8.13 #14
Merged
Merge 3.8.13 #14
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It wasn't actually detecting the regression due to the assertion being too lenient. (cherry picked from commit e60ab84) Co-authored-by: Gregory P. Smith <[email protected]>
…GH-26933) (python#27276) Co-authored-by: Łukasz Langa <[email protected]> (cherry picked from commit 64f54b7) Co-authored-by: andrei kulakov <[email protected]>
(cherry picked from commit 2ff5bb4) Co-authored-by: Dennis Sweeney <[email protected]>
…nd __build_class__ (pythonGH-27647) (pythonGH-27652) (cherry picked from commit a40675c) Co-authored-by: Pablo Galindo Salgado <[email protected]>
…ythonGH-27638) (pythonGH-27713) (cherry picked from commit c0ab59f) Co-authored-by: Łukasz Langa <[email protected]>
…d objects (pythonGH-27678) (pythonGH-27721) (cherry picked from commit bfc2d5a) Co-authored-by: Pablo Galindo Salgado <[email protected]>
bpo-33930: Fix typo in the test name. (pythonGH-27733) (cherry picked from commit f08e6d1) Co-authored-by: Benjamin Peterson <[email protected]> Co-authored-by: Benjamin Peterson <[email protected]>
…ted (pythonGH-25099) (pythonGH-27801) Reverts commit e653d4d and makes parsing even more strict. Like socket.inet_pton() any leading zero is now treated as invalid input. Signed-off-by: Christian Heimes <[email protected]> Co-authored-by: Łukasz Langa <[email protected]>
pythonGH-27946) (pythonGH-27974) Various date parsing utilities in the email module, such as email.utils.parsedate(), are supposed to gracefully handle invalid input, typically by raising an appropriate exception or by returning None. The internal email._parseaddr._parsedate_tz() helper used by some of these date parsing routines tries to be robust against malformed input, but unfortunately it can still crash ungracefully when a non-empty but whitespace-only input is passed. This manifests as an unexpected IndexError. In practice, this can happen when parsing an email with only a newline inside a ‘Date:’ header, which unfortunately happens occasionally in the real world. Here's a minimal example: $ python Python 3.9.6 (default, Jun 30 2021, 10:22:16) [GCC 11.1.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import email.utils >>> email.utils.parsedate('foo') >>> email.utils.parsedate(' ') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate t = parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz res = _parsedate_tz(data) File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz if data[0].endswith(',') or data[0].lower() in _daynames: IndexError: list index out of range The fix is rather straight-forward: guard against empty lists, after splitting on whitespace, but before accessing the first element. (cherry picked from commit 989f6a3) Co-authored-by: wouter bolsterlee <[email protected]>
…H-27979) (pythonGH-27996) Authored-by: Ronald Oussoren <[email protected]> (cherry picked from commit 2ec9428) Co-authored-by: Erlend Egeberg Aasland <[email protected]>
…GH-27993) (pythonGH-27999) (cherry picked from commit 28db1f6) Co-authored-by: Adam Dangoor <[email protected]>
…p in pydoc (pythonGH-23200) (pythonGH-28026) Co-authored-by: Łukasz Langa <[email protected]> (cherry picked from commit c9227df) Co-authored-by: E-Paine <[email protected]>
…8033) Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. Co-authored-by: Łukasz Langa <[email protected]> (cherry picked from commit 3fc5d84) Co-authored-by: Victor Stinner <[email protected]>
…pythonGH-28036) Co-authored-by: Łukasz Langa <[email protected]> (cherry picked from commit 0897253) Co-authored-by: Miguel Brito <[email protected]>
…thonGH-28009) (pythonGH-28041) (cherry picked from commit d3bdbbf) Co-authored-by: Steve Dower <[email protected]>
…aries when built on older macOS systems (pythonGH-27251) (pythonGH-28054) Previously, when built on older macOS systems, `find_library` was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored. (cherry picked from commit 71853a7) Co-authored-by: Tobias Bergkvist <[email protected]>
…nGH-28051) (pythonGH-28059) (cherry picked from commit 94b2639) Co-authored-by: Ned Deily <[email protected]>
…28044) (pythonGH-28063) This was missed while upgrading CI.. (cherry picked from commit d6cb5dd) Co-authored-by: Łukasz Langa <[email protected]> Co-authored-by: Łukasz Langa <[email protected]>
…or upcoming update (pythonGH-27982) (pythonGH-28001) Also improve the build script for libffi, which is not used as part of the regular build. (cherry picked from commit 969ae7f) Co-authored-by: Steve Dower <[email protected]>
…-28213) (cherry picked from commit fa15df7) Co-authored-by: Raymond Hettinger <[email protected]>
…ythonGH-18170) (pythonGH-28535) (cherry picked from commit af90b54) Co-authored-by: Sam Sneddon <[email protected]>
…hen building (pythonGH-28393) (pythonGH-28622) (cherry picked from commit f4b94b1) Co-authored-by: Steve Dower <[email protected]>
…) (pythonGH-28620) (cherry picked from commit 6c1154b) Co-authored-by: Pablo Galindo Salgado <[email protected]> Co-authored-by: Łukasz Langa <[email protected]>
…GH-28984) Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. (cherry picked from commit 797c8eb) Co-authored-by: Victor Stinner <[email protected]>
…GH-28979) Add a PID to names of POSIX shared memory objects to allow running multiprocessing tests (test_multiprocessing_fork, test_multiprocessing_spawn, etc) in parallel. (cherry picked from commit eb4495e) Co-authored-by: Serhiy Storchaka <[email protected]>
…pythonGH-30344) (cherry picked from commit ee2549c) Co-authored-by: Julien Palard <[email protected]>
…onGH-31297) Co-authored-by: Cyril Jouve <[email protected]>
Curly brackets were never allowed in namespace URIs according to RFC 3986, and so-called namespace-validating XML parsers have the right to reject them a invalid URIs. libexpat >=2.4.5 has become strcter in that regard due to related security issues; with ET.XML instantiating a namespace-aware parser under the hood, this test has no future in CPython. References: - https://datatracker.ietf.org/doc/html/rfc3968 - https://www.w3.org/TR/xml-names/ Also, test_minidom.py: Support Expat >=2.4.5 (cherry picked from commit 2cae938) Co-authored-by: Sebastian Pipping <[email protected]>
…ythonGH-31520) (cherry picked from commit 1935e1c) Co-authored-by: Dong-hee Na <[email protected]>
…pythonGH-31572) Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI "example.org/foobar" was allowed if the user was authorized for URI "example.org/foo". (cherry picked from commit e2e7256) Co-authored-by: Serhiy Storchaka <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]>
…H-31740) (cherry picked from commit 176835c) Co-authored-by: Steve Dower <[email protected]>
…ctly uses the install path during repair (pythonGH-31729)
Automerge-Triggered-By: GH:benjaminp (cherry picked from commit ba00f0d) Co-authored-by: Benjamin Peterson <[email protected]>
…GH-31397) (pythonGH-31419) The libexpat 2.4.1 upgrade from introduced the following new exported symbols: * `testingAccountingGetCountBytesDirect` * `testingAccountingGetCountBytesIndirect` * `unsignedCharToPrintable` * `XML_SetBillionLaughsAttackProtectionActivationThreshold` * `XML_SetBillionLaughsAttackProtectionMaximumAmplification` We need to adjust [Modules/expat/pyexpatns.h](https://github.com/python/cpython/blob/master/Modules/expat/pyexpatns.h) (The newer libexpat upgrade has no new symbols). Automerge-Triggered-By: GH:gpshead (cherry picked from commit 6312c10) Co-authored-by: Yilei "Dolee" Yang <[email protected]>
…th recent versions of clang. (pythonGH-28845) (pythonGH-31889) Change the configure logic to function properly on macOS when the compiler outputs a platform triplet for option --print-multiarch. The Apple Clang included with Xcode 13.3 now supports --print-multiarch causing configure to fail without this change. Co-authored-by: Ned Deily <[email protected]> (cherry picked from commit 9c47667) Co-authored-by: David Bohman <[email protected]> Automerge-Triggered-By: GH:ned-deily (cherry picked from commit 9901d15) Co-authored-by: Miss Islington (bot) <[email protected]>
…1851) (cherry picked from commit d87f1b7) Co-authored-by: Pradyun Gedam <[email protected]>
…se OpenSSL 1.1.1n. (pythonGH-31912) * bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n. * Revert inadvertent sqlite downgrade
…fix (pythonGH-31920) (pythonGH-31924) (cherry picked from commit 7088120) Co-authored-by: Steve Dower <[email protected]>
…onGH-31460) (pythonGH-31827) As per the comments, this mirrors the [datetime documentation](https://docs.python.org/3/library/datetime.htmlGH-datetime.datetime.fromtimestamp). ``` >>> import time >>> time.localtime(999999999999999999999) Traceback (most recent call last): File "<stdin>", line 1, in <module> OverflowError: timestamp out of range for platform time_t >>> time.localtime(-3600) Traceback (most recent call last): File "<stdin>", line 1, in <module> OSError: [Errno 22] Invalid argument ``` (cherry picked from commit c83fc9c) Co-authored-by: slateny <[email protected]>
This reverts commit e5f711f.
Python 3.8.13
carlosroman
force-pushed
the
update-to-3-8-13
branch
from
4f9b08d to
2b221d7
Compare
carlosroman
force-pushed
the
update-to-3-8-13
branch
from
2b221d7 to
444fdc2
Compare
julien-lebot
approved these changes
Jun 23, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This merges the upstream changes at v3.8.13 into the 3.8.x branch.