delta/cpython-git.git/Modules, branch zooba-patch-1 github.com: python/cpython.git [2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876) 2019-02-15T17:27:44+00:00 stratakis cstratak@redhat.com 2019-02-15T17:27:44+00:00 2149a9ad7a9d39d7d680ec0fb602042c91057484 Backport of TLS 1.3 related fixes from 3.7. Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by default. Some test cases only apply to TLS 1.2. OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS 1.3. The feature is enabled by default for maximum compatibility with broken middle boxes. Users should be able to disable the hack and CPython's test suite needs it to verify default options Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826) 
Backport of TLS 1.3 related fixes from 3.7.

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826)
 [2.7] bpo-28043: improved default settings for SSLContext (GH-10608) 2019-02-15T14:24:11+00:00 stratakis cstratak@redhat.com 2019-02-15T14:24:11+00:00 b8eaec697a2b5d9d2def2950a0aa50e8ffcf1059 The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2). (cherry picked from commit 358cfd426ccc0fcd6a7940d306602138e76420ae) 
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).

(cherry picked from commit 358cfd426ccc0fcd6a7940d306602138e76420ae)
 bpo-35746: Fix segfault in ssl's cert parser (GH-11569) 2019-01-15T23:11:52+00:00 Miss Islington (bot) 31488909+miss-islington@users.noreply.github.com 2019-01-15T23:11:52+00:00 06b15424b0dcacb1c551b2a36e739fffa8d0c595 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue35746 (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) Co-authored-by: Christian Heimes <christian@python.org> 
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.

Signed-off-by: Christian Heimes <christian@python.org>

https://bugs.python.org/issue35746
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)

Co-authored-by: Christian Heimes <christian@python.org>
 [2.7] bpo-8765: Deprecate writing unicode to binary streams in Py3k mode. (GH-11127) 2019-01-15T12:34:48+00:00 Serhiy Storchaka storchaka@gmail.com 2019-01-15T12:34:48+00:00 1462234baf7398a6b00c0f51905e26caa17d3c60 






bpo-35504: Fix segfaults and SystemErrors when deleting certain attrs. (GH-11175) (GH-11249)
2018-12-20T17:38:52+00:00

Zackery Spytz
zspytz@gmail.com

2018-12-20T17:38:52+00:00

f347c6eb75ca46990cd7ad3efbe02002603d8460

(cherry picked from commit 842acaab1376c5c84fd5966bb6070e289880e1ca)




(cherry picked from commit 842acaab1376c5c84fd5966bb6070e289880e1ca)






bpo-35529: Fix a reference counting bug in PyCFuncPtr_FromDll(). (GH-11229)
2018-12-20T08:51:52+00:00

Miss Islington (bot)
31488909+miss-islington@users.noreply.github.com

2018-12-20T08:51:52+00:00

3752bc96c0ea1ecf28903cc34cdcd75c658e92ce

"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1f593fe161afab97e2a3e2292ab88b9)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>




"dll" would leak if an error occurred in _validate_paramflags() or
GenericPyCData_new().
(cherry picked from commit d77d97c9a1f593fe161afab97e2a3e2292ab88b9)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>






[2.7] bpo-35441: Remove dead and buggy code related to PyList_SetItem(). (GH-11033) (GH-11234)
2018-12-19T15:11:02+00:00

Serhiy Storchaka
storchaka@gmail.com

2018-12-19T15:11:02+00:00

89b5ea297d67f5efeb8fca0b63fa3d9f7030b2f0

In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.

In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.

In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b53560b3867844472ae381fb3f858760621)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>




In _localemodule.c and selectmodule.c, remove dead code that would
cause double decrefs if run.

In addition, replace PyList_SetItem() with PyList_SET_ITEM() in cases
where a new list is populated and there is no possibility of an error.

In addition, check if the list changed size in the loop in array_array_fromlist().
(cherry picked from commit 99d56b53560b3867844472ae381fb3f858760621)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>






bpo-10320: Use PY_FORMAT_LONG_LONG in ctypes' PyCArg_repr(). (GH-11230)
2018-12-19T06:01:38+00:00

Zackery Spytz
zspytz@gmail.com

2018-12-19T06:01:38+00:00

838645dc4191c4109e2b300cf9ed9d481b55509f












bpo-10320: Replace nonstandard sprintf() length modifier in ctypes' PyCArg_repr(). (GH-10853)
2018-12-18T23:51:04+00:00

Miss Islington (bot)
31488909+miss-islington@users.noreply.github.com

2018-12-18T23:51:04+00:00

53e2248a94cd89e65326c5cfd400f74a88552d8c

Use "ll" instead of the nonstandard "q".
(cherry picked from commit 062cbb67726f26794b1b461853e40696b4a0b220)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>




Use "ll" instead of the nonstandard "q".
(cherry picked from commit 062cbb67726f26794b1b461853e40696b4a0b220)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>






[2.7] bpo-31374: Include pyconfig.h earlier in expat (GH-11078)
2018-12-10T15:01:03+00:00

Victor Stinner
vstinner@redhat.com

2018-12-10T15:01:03+00:00

2632df4c3f48f23af85a60bffc61030d52e83ee2

Include <pyconfig.h> ealier in Modules/expat/xmlparse.c to define
properly _POSIX_C_SOURCE and _XOPEN_SOURCE.




Include <pyconfig.h> ealier in Modules/expat/xmlparse.c to define
properly _POSIX_C_SOURCE and _XOPEN_SOURCE.