delta/cpython-git.git/Modules, branch 3.6 github.com: python/cpython.git [3.6] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) (GH-28080) 2021-08-31T06:35:31+00:00 Ned Deily nad@python.org 2021-08-31T06:35:31+00:00 910886a6448e4bf1edf49eeace4aa240b6403772 Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>. (cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d) 
Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
is most used on Windows and macOS.

Co-authored-by: Victor Stinner <vstinner@python.org>

Co-authored-by: Łukasz Langa <lukasz@langa.pl>.
(cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d)
 bpo-38965: Fix faulthandler._stack_overflow() on GCC 10 (GH-17467) (GH-28079) 2021-08-31T06:24:50+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2021-08-31T06:24:50+00:00 8934bb0c3179e4c020cd6f08dea64bccbf56ffa2 Use the "volatile" keyword to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. (cherry picked from commit 8b787964e0a647caa0558b7c29ae501470d727d9) Co-authored-by: Victor Stinner <vstinner@python.org> (cherry picked from commit 5044c889dfced2f43e2cccb673d889a4882f6b3b) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 
Use the "volatile" keyword to prevent tail call optimization
on any compiler, rather than relying on compiler specific pragma.
(cherry picked from commit 8b787964e0a647caa0558b7c29ae501470d727d9)

Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit 5044c889dfced2f43e2cccb673d889a4882f6b3b)

Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
 [3.6] closes bpo-42938: Replace snprintf with Python unicode formatting in ctypes param reprs. (GH-24250) 2021-01-18T21:11:46+00:00 Benjamin Peterson benjamin@python.org 2021-01-18T21:11:46+00:00 34df10a9a16b38d54421eeeaf73ec89828563be7 (cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) Co-authored-by: Benjamin Peterson <benjamin@python.org> 
(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
 bpo-40791: Make compare_digest more constant-time. (GH-23438) (GH-23767) 2020-12-14T17:04:57+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2020-12-14T17:04:57+00:00 8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization. (This is change GH-1 from https://bugs.python.org/issue40791 .) (cherry picked from commit 31729366e2bc09632e78f3896dbce0ae64914f28) Co-authored-by: Devin Jeanpierre <jeanpierreda@google.com> 
The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization.

(This is change GH-1 from https://bugs.python.org/issue40791 .)
(cherry picked from commit 31729366e2bc09632e78f3896dbce0ae64914f28)

Co-authored-by: Devin Jeanpierre <jeanpierreda@google.com>
bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) (GH-21462) 2020-07-13T18:18:04+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2020-07-13T18:18:04+00:00 6463cf07fef7a923a743fcaf312150c45fd81b64 Automerge-Triggered-By: @tiran (cherry picked from commit 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> 
Automerge-Triggered-By: @tiran
(cherry picked from commit 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
 closes bpo-39510: Fix use-after-free in BufferedReader.readinto() (GH-18350) 2020-02-04T22:06:42+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2020-02-04T22:06:42+00:00 c352e6c7446c894b13643f538db312092b351789 When called on a closed object, readinto() segfaults on account of a write to a freed buffer: ==220553== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==220553== Access not within mapped region at address 0x2A ==220553== at 0x48408A0: memmove (vg_replace_strmem.c:1272) ==220553== by 0x58DB0C: _buffered_readinto_generic (bufferedio.c:972) ==220553== by 0x58DCBA: _io__Buffered_readinto_impl (bufferedio.c:1053) ==220553== by 0x58DCBA: _io__Buffered_readinto (bufferedio.c.h:253) Reproducer: reader = open ("/dev/zero", "rb") _void = reader.read (42) reader.close () reader.readinto (bytearray (42)) GH-GH-GH- BANG! The problem exists since 2012 when commit dc469454ec added code to free the read buffer on close(). Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> (cherry picked from commit cb1c0746f277052e45a60d6c436a765e34722821) Co-authored-by: Philipp Gesang <phg@phi-gamma.net> Co-authored-by: Philipp Gesang <phg@phi-gamma.net> 
When called on a closed object, readinto() segfaults on account
of a write to a freed buffer:

    ==220553== Process terminating with default action of signal 11 (SIGSEGV): dumping core
    ==220553==  Access not within mapped region at address 0x2A
    ==220553==    at 0x48408A0: memmove (vg_replace_strmem.c:1272)
    ==220553==    by 0x58DB0C: _buffered_readinto_generic (bufferedio.c:972)
    ==220553==    by 0x58DCBA: _io__Buffered_readinto_impl (bufferedio.c:1053)
    ==220553==    by 0x58DCBA: _io__Buffered_readinto (bufferedio.c.h:253)

Reproducer:

    reader = open ("/dev/zero", "rb")
    _void  = reader.read (42)
    reader.close ()
    reader.readinto (bytearray (42)) GH-GH-GH- BANG!

The problem exists since 2012 when commit dc469454ec added code
to free the read buffer on close().

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
(cherry picked from commit cb1c0746f277052e45a60d6c436a765e34722821)

Co-authored-by: Philipp Gesang <phg@phi-gamma.net>

Co-authored-by: Philipp Gesang <phg@phi-gamma.net>
bpo-39421: Fix posible crash in heapq with custom comparison operators (GH-18118) (GH-18146) 2020-01-23T14:49:19+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2020-01-23T14:49:19+00:00 c563f409ea30bcb0623d785428c9257917371b76 (cherry picked from commit 79f89e6e5a659846d1068e8b1bd8e491ccdef861) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com> 
(cherry picked from commit 79f89e6e5a659846d1068e8b1bd8e491ccdef861)

Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
[3.6] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16410) 2019-09-26T05:00:26+00:00 Benjamin Peterson benjamin@python.org 2019-09-26T05:00:26+00:00 f0501630b0ba31448c230c756b1027647f4ef100 Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.. (cherry picked from commit 52b940803860e37bcc3f6096b2d24e7c20a0e807) 
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes..
(cherry picked from commit 52b940803860e37bcc3f6096b2d24e7c20a0e807)
 Put pyexpatns.h include back. bpo-37437 (GH-14542) 2019-07-02T05:48:16+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2019-07-02T05:48:16+00:00 29d6905826d4417426e70f6209ca5e0db7921685 (cherry picked from commit 2cd07920bb7d2d319999394092190f37935dc421) Co-authored-by: Benjamin Peterson <benjamin@python.org> 
(cherry picked from commit 2cd07920bb7d2d319999394092190f37935dc421)

Co-authored-by: Benjamin Peterson <benjamin@python.org>
 closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436) 2019-06-28T04:16:48+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2019-06-28T04:16:48+00:00 6632906c08e1d4de0fceba42c47886be41b7ba3d (cherry picked from commit 3b03b09fc94425915c5b1225e9200a3a95bc827b) Co-authored-by: Benjamin Peterson <benjamin@python.org> 
(cherry picked from commit 3b03b09fc94425915c5b1225e9200a3a95bc827b)

Co-authored-by: Benjamin Peterson <benjamin@python.org>