delta/cpython-git.git/Modules, branch 3.4 github.com: python/cpython.git [3.4] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) (#12145) 2019-03-04T00:01:39+00:00 Cheryl Sabella cheryl.sabella@gmail.com 2019-03-04T00:01:39+00:00 2226139aa2b69047cb54dbcfd79f5c2e36f98653 Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom is commonly used to select all signals for blocking with `pthread_sigmask`. So we ignore the sigaddset() return value until we expose sigfillset() to provide a better idiom. (cherry picked from commit 25038ec) Co-authored-by: Antoine Pitrou <pitrou@free.fr> 
Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some
reserved signal numbers between 1 and NSIG.  The `range(1, NSIG)` idiom
is commonly used to select all signals for blocking with `pthread_sigmask`.
So we ignore the sigaddset() return value until we expose sigfillset()
to provide a better idiom.
(cherry picked from commit 25038ec)

Co-authored-by: Antoine Pitrou <pitrou@free.fr>
 [3.4] bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) (#11870) 2019-02-25T22:44:13+00:00 Victor Stinner vstinner@redhat.com 2019-02-25T22:44:13+00:00 4b42d575bf0fb01192b3ec54b7e224b238691527 * bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) (cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd) 
* bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261)

(cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd)
 bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868) 2019-02-25T21:28:36+00:00 Victor Stinner vstinner@redhat.com 2019-02-25T21:28:36+00:00 6c655ce34ae54adb8eef22b73108e22cc381cb8d Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) 
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas
Edet of Cisco.

Signed-off-by: Christian Heimes <christian@python.org>

(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
 [3.4] bpo-34623: Use XML_SetHashSalt in _elementtree (#9953) 2019-02-25T21:02:17+00:00 stratakis cstratak@redhat.com 2019-02-25T21:02:17+00:00 d16eaf36795da48b930b80b20d3805bc27820712 * bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue34623 (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) Co-authored-by: Christian Heimes <christian@python.org> 
* bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)

The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue34623
(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)

Co-authored-by: Christian Heimes <christian@python.org>
 [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992) 2018-05-14T17:26:36+00:00 Steve Dower steve.dower@microsoft.com 2018-05-14T17:26:36+00:00 77c02cdce2d7b8360771be35b7676a4977e070c1 * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Skips test to avoid crashing during the test suite * Remove invalid test 
* bpo-33001: Minimal fix to prevent buffer overrun in os.symlink

* Skips test to avoid crashing during the test suite

* Remove invalid test
[3.4] bpo-31170: Fix inclusion of expat in Windows build projects (#3785) 2017-11-29T18:50:42+00:00 Victor Stinner victor.stinner@gmail.com 2017-11-29T18:50:42+00:00 8b11e8de7aedacfbbcc8c780f3c4097396f1d1a3 * bpo-31170: Fix inclusion of expat in Windows build projects Co-Authored-By: Steve Dower <steve.dower@microsoft.com> * expat: Fix compilation on Visual Studio 2010 The standard header stdbool.h is not available with old Visual Studio compilers Cherry-picked from libexpat commit b4b89c2ab0cc5325a41360c25ef9d2ccbe617e5c. expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Expat: fix preprocessor defines in VS projects Remove the following defines: * BYTEORDER=1234 * HAVE_MEMMOVE * USE_PYEXPAT_CAPI * XML_CONTEXT_BYTES=1024 * XML_DTD * XML_NS * XML_STATIC * PCbuild/pyexpat.vcxproj: define _CRT_SECURE_NO_WARNINGS 
* bpo-31170: Fix inclusion of expat in Windows build projects

Co-Authored-By: Steve Dower <steve.dower@microsoft.com>

* expat: Fix compilation on Visual Studio 2010

The standard header stdbool.h is not available
with old Visual Studio compilers

Cherry-picked from libexpat commit b4b89c2ab0cc5325a41360c25ef9d2ccbe617e5c.

expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation.

Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2

* Expat: fix preprocessor defines in VS projects

Remove the following defines:

* BYTEORDER=1234
* HAVE_MEMMOVE
* USE_PYEXPAT_CAPI
* XML_CONTEXT_BYTES=1024
* XML_DTD
* XML_NS
* XML_STATIC

* PCbuild/pyexpat.vcxproj: define _CRT_SECURE_NO_WARNINGS
[3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353) 2017-09-24T08:04:53+00:00 Victor Stinner victor.stinner@gmail.com 2017-09-24T08:04:53+00:00 86a713cb0c110b6798ca7f9e630fc511ee0a4028 * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat 
* bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4

* Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
  fixes.

* Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
  characters for UTF-8 input (libexpat bug 115):
  https://github.com/libexpat/libexpat/issues/115

* Define XML_POOR_ENTROPY when compiling expat
bpo-29169: Update zlib to 1.2.11 (#3107) 2017-08-16T16:05:57+00:00 Victor Stinner victor.stinner@gmail.com 2017-08-16T16:05:57+00:00 d0e61bded5256e775e470e2c0da22367a1a81970 Python 3.4 backport: convert the Misc/NEWS entry using blurb. (cherry picked from commit 34e7e2ecb1741850190e78f42875480693d3537b) 
Python 3.4 backport: convert the Misc/NEWS entry using blurb.

(cherry picked from commit 34e7e2ecb1741850190e78f42875480693d3537b)
 [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) 2017-07-12T12:41:34+00:00 Victor Stinner victor.stinner@gmail.com 2017-07-12T12:41:34+00:00 71572bbe82aa0836c036d44d41c8269ba6a321be * bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e) * bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13) * bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348) bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses a winconfig.h configuration file which already defines: * XML_NS * XML_DTD * BYTEORDER=1234 * XML_CONTEXT_BYTES=1024 * HAVE_MEMMOVE Remove these defines from PCbuild/_elementtree.vcxproj to prevent compiler warnings. Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com> (cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de) * bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319) * bpo-30726: Fix elementtree warnings on Windows Caused by usage of `getenv` which should be safe. And a few integer truncations which should also be ok. * bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream (cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619) 
* bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164)

* bpo-29591: Upgrade Modules/expat to libexpat 2.2

* bpo-29591: Restore Python changes on expat

* bpo-29591: Remove expat config of unsupported platforms

Remove the configuration (Modules/expat/*config.h) of unsupported
platforms:

* Amiga
* MacOS Classic on PPC32
* Open Watcom

* bpo-29591: Remove useless XML_HAS_SET_HASH_SALT

The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became
useless since our local expat copy was upgrade to expat 2.1 (it's now
expat 2.2.0).

(cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e)

* bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300)

New file: Modules/expat/siphash.h.
(cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13)

* bpo-30726: PCbuild _elementtree: remove duplicate defines (#2348)

bpo-30726, bpo-29591: libexpat 2.2.1 of Modules/expat/ now uses
a winconfig.h configuration file which already defines:

* XML_NS
* XML_DTD
* BYTEORDER=1234
* XML_CONTEXT_BYTES=1024
* HAVE_MEMMOVE

Remove these defines from PCbuild/_elementtree.vcxproj to prevent
compiler warnings.

Co-Authored-By: Jeremy Kloth <jeremy.kloth@gmail.com>
(cherry picked from commit c8fb58bd7917151e63398587a7fc2126db7c26de)

* bpo-30726: Fix elementtree warnings on Windows due to expat upgrade (#2319)

* bpo-30726: Fix elementtree warnings on Windows

Caused by usage of `getenv` which should be safe. And a few integer
truncations which should also be ok.

* bpo-30726: Don't ignore libexpat warnings which haypo intends to fix upstream

(cherry picked from commit 87c65550730a8f85ce339ba197bce4fb7e836619)
[security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) (#2362) 2017-07-11T10:24:10+00:00 Serhiy Storchaka storchaka@gmail.com 2017-07-11T10:24:10+00:00 fe82c46327effc124ff166e1fa1e611579e1176b * [3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700) * Update NEWS 
* [3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325)

Prevent passing other invalid environment variables and command arguments..
(cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700)

* Update NEWS