summaryrefslogtreecommitdiff
path: root/Modules
Commit message (Collapse)AuthorAgeFilesLines
* closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#16434)Victor Stinner2019-10-0919-5846/+4909
| | | Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.
* Fix compatibility with ISO C89 needed by "gnu89" standard of GCC 4.8: use ↵Anthony Sottile2019-07-141-4/+7
| | | | C89 for loops in backported pickle patch (#12622)
* [3.5] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) ↵Cheryl Sabella2019-03-031-6/+8
| | | | | | | | | | | | (#12144) Starting with glibc 2.27.9000-xxx, sigaddset() can return EINVAL for some reserved signal numbers between 1 and NSIG. The `range(1, NSIG)` idiom is commonly used to select all signals for blocking with `pthread_sigmask`. So we ignore the sigaddset() return value until we expose sigfillset() to provide a better idiom. (cherry picked from commit 25038ec) Co-authored-by: Antoine Pitrou <pitrou@free.fr>
* [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)Alex Viscreanu2019-02-281-8/+17
| | | | | | | | | | | | * bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <christian@python.org>
* closes bpo-34656: Avoid relying on signed overflow in _pickle memos. ↵Victor Stinner2019-02-251-31/+32
| | | | | (GH-9261) (#11869) (cherry picked from commit a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd)
* bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)Victor Stinner2019-02-251-0/+4
| | | | | | | | | | | | Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
* [3.5] bpo-34623: Use XML_SetHashSalt in _elementtree (#9933)stratakis2019-02-252-0/+10
| | | | | | | | | | | | | * bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146) The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue34623 (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b) Co-authored-by: Christian Heimes <christian@python.org>
* [3.5] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5991)Steve Dower2018-05-141-38/+56
| | | | | | * bpo-33001: Minimal fix to prevent buffer overrun in os.symlink * Remove invalid test
* [3.5] bpo-32551: Consistently configure sys.path[0] (#5197)Nick Coghlan2018-01-231-28/+44
| | | | | | | | | | | | | | | | | | | | | | | | Directory and zipfile execution previously added the parent directory of the directory or zipfile as sys.path[0] and then subsequently overwrote it with the directory or zipfile itself. This caused problems in isolated mode, as it overwrote the "stdlib as a zip archive" entry in sys.path, as the parent directory was never added. The attempted fix to that issue in bpo-29319 created the opposite problem in *non*-isolated mode, by potentially leaving the parent directory on sys.path instead of overwriting it. This change fixes the root cause of the problem by removing the whole "add-and-overwrite" dance for sys.path[0], and instead simply never adds the parent directory to sys.path in the first place. (cherry picked from commit d2977a3ae2cc6802921b1e3b6e9d13fcfbda872d)
* [3.5] bpo-32563: Get expat to compile under C89 (#5201)Nick Coghlan2018-01-231-8/+12
| | | | | | | | | | | | | | | | * [3.5] bpo-32563: Get expat to compile under C89 expat: Add artificial scopes in xmltok.c utf8_toUtf8() to fix c89 compilation. Cherry-picked from libexpat commit e0b290eb3d8f4c4b45137a7d7f4f8db812145bd2 * Backport XML RPC test skip to 3.5 The buildbot service upgrade removed the XML-RPC interface, so this test no longer works (through no fault of the standard library). * Don't configure a nonexistent Python
* bpo-31095: fix potential crash during GC (GH-2974) (#3196)INADA Naoki2017-09-267-5/+24
| | | (cherry picked from commit a6296d34a478b4f697ea9db798146195075d496c)
* [3.5][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3354)Victor Stinner2017-09-2420-153/+1281
| | | | | | | | | | | | | * bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 * Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security fixes. * Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial characters for UTF-8 input (libexpat bug 115): https://github.com/libexpat/libexpat/issues/115 * Define XML_POOR_ENTROPY when compiling expat
* [3.5] bpo-31018: Switch to GH-pragma pack from __declspec(align) (GH-2848) ↵Segev Finer2017-07-251-1/+4
| | | | | (#2869) (cherry picked from commit 39243779f4c97ec6f700fa73c007ca66dfa9408e)
* bpo-30961: Fix decrementing a borrowed reference in tracemalloc. (#2747) (#2749)Xiang Zhang2017-07-191-2/+1
| | | (cherry picked from commit 4ed5ad79ec6c6270e6018bd0a55656305ee60907)
* [3.5] bpo-30936: Fix a reference leak in json when fail to sort keys. ↵Serhiy Storchaka2017-07-161-1/+3
| | | | | (GH-2712). (#2728) (cherry picked from commit 49f6449ef4b81537c19b82329caaf60596c516c2)
* [3.5] Avoid _GNU_SOURCE redefined warning in xmlparse.c (GH-2670) (#2671)Segev Finer2017-07-121-1/+1
| | | (cherry picked from commit f52325598e7a9683787d76a42009fc16790a0089)
* [3.5] bpo-30879: os.listdir() and os.scandir() now emit bytes names when ↵Serhiy Storchaka2017-07-111-3/+3
| | | | | | | (GH-2634) (#2657) called with bytes-like argument. (cherry picked from commit 1180e5a51871fa53ca6892e83fd2e69dc2600447)
* bpo-30892: Fix _elementtree module initialization (#2647) (#2650)Victor Stinner2017-07-101-0/+5
| | | | | Handle getattr(copy, 'deepcopy') error in _elementtree module initialization. (cherry picked from commit b136f11f3a51f9282ae992bac68f170ca5563b55)
* [3.5] bpo-29854: Fix segfault in call_readline() (GH-728)Nir Soffer2017-07-091-4/+6
| | | | | | | | | | | | If history-length is set in .inputrc, and the history file is double the history size (or more), history_get(N) returns NULL, and python segfaults. Fix that by checking for NULL return value. It seems that the root cause is incorrect handling of bigger history in readline, but Python should not segfault even if readline returns unexpected value. This issue affects only GNU readline. When using libedit emulation system history size option does not work.
* [3.5] bpo-30807: signal.setitimer() may disable the timer by mistake ↵Antoine Pitrou2017-06-301-0/+4
| | | | | | | | (GH-2493) (#2498) * bpo-30807: signal.setitimer() may disable the timer by mistake * Add NEWS blurb (cherry picked from commit 729780a810bbcb12b245a1b652302a601fc9f6fd)
* [3.5] bpo-13617: Reject embedded null characters in wchar* strings. ↵Serhiy Storchaka2017-06-288-12/+37
| | | | | | | | | | (GH-2302) (#2463) Based on patch by Victor Stinner. Add private C API function _PyUnicode_AsUnicode() which is similar to PyUnicode_AsUnicode(), but checks for null characters.. (cherry picked from commit f7eae0adfcd4c50034281b2c69f461b43b68db84)
* [3.5] bpo-30708: Add private C API function _PyUnicode_AsWideCharString(). ↵Serhiy Storchaka2017-06-277-8/+8
| | | | | | | | | | (GH-2285) (GH-2443) (#2448) And use it instead of PyUnicode_AsWideCharString() if appropriate. _PyUnicode_AsWideCharString(unicode) is like PyUnicode_AsWideCharString(unicode, NULL), but raises a ValueError if the wchar_t* string contains null characters. (cherry picked from commit e613e6add5f07ff6aad5802924596b631b707d2a). (cherry picked from commit 0edffa3073b551ffeca34952529e7b292f1bd350)
* [3.5] bpo-30769: Fix reference leak introduced in 7770394 (GH-2416) (#2447)Emily Morehouse2017-06-271-0/+2
|
* [3.5] bpo-30746: Prohibited the '=' character in environment variable names ↵Serhiy Storchaka2017-06-251-6/+22
| | | | | | | (GH-2382) (#2392) in `os.putenv()` and `os.spawn*()`.. (cherry picked from commit 77703942c5997dff00c48f10df1b29b11645624c)
* [3.5] bpo-30745: Fix compiler warnings introduced in bpo-30730. (GH-2376) ↵Serhiy Storchaka2017-06-241-2/+1
| | | | | (#2379) (cherry picked from commit 0ee32c1)
* [3.5] bpo-30730: Prevent environment variables injection in subprocess on ↵Serhiy Storchaka2017-06-231-5/+21
| | | | | | Windows. (GH-2325) (#2361) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700)
* bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300) (#2314)Victor Stinner2017-06-218-158/+878
| | | | New file: Modules/expat/siphash.h. (cherry picked from commit 5ff7132313eb651107b179d20218dfe5d4e47f13)
* [3.5] bpo-30650: Fixed a syntax error: missed right parentheses (GH-2154) ↵Serhiy Storchaka2017-06-151-1/+1
| | | | | (#2216) (cherry picked from commit 0d32218)
* bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164) (#2201)Victor Stinner2017-06-1513-476/+523
| | | | | | | | | | | | | | | | | | | | | | * bpo-29591: Upgrade Modules/expat to libexpat 2.2 * bpo-29591: Restore Python changes on expat * bpo-29591: Remove expat config of unsupported platforms Remove the configuration (Modules/expat/*config.h) of unsupported platforms: * Amiga * MacOS Classic on PPC32 * Open Watcom * bpo-29591: Remove useless XML_HAS_SET_HASH_SALT The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became useless since our local expat copy was upgrade to expat 2.1 (it's now expat 2.2.0). (cherry picked from commit 23ec4b57e1359f9c539b8defc317542173ae087e)
* [3.5] bpo-28994: Fixed errors handling in atexit._run_exitfuncs(). (GH-2034) ↵Serhiy Storchaka2017-06-121-1/+1
| | | | | | (#2122) The traceback no longer displayed for SystemExit raised in a callback registered by atexit. (cherry picked from commit 3fd54d4a7e604067e2bc0f8cfd58bdbdc09fa7f4)
* [3.5] bpo-27425: Be more explicit in .gitattributes (GH-840) (GH-2084)Zachary Ware2017-06-101-111/+111
| | | Also updates checked-in line endings on some files.
* [3.5] bpo-30594: Fixed refcounting in newPySSLSocket (GH-1992) (#1993)Nathaniel J. Smith2017-06-081-2/+1
| | | | If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults. (cherry picked from commit 65ece7ca2366308fa91a39a8dfa255e6bdce3cca)
* [3.5] bpo-29960 _random.Random corrupted on exception in setstate(). … (#1288)Mariatta2017-05-271-1/+4
| | | (cherry picked from commit 9616a82e7802241a4b74cf7ae38d43c37bf66e48)
* bpo-30003: Fix handling escape characters in HZ codec (#1556) (#1718)Xiang Zhang2017-05-231-13/+12
|
* bpo-30242: resolve some undefined behaviours in struct (#1418) (#1587)Xiang Zhang2017-05-151-5/+9
|
* bpo-29990: Fix range checking in GB18030 decoder (#1495) (#1508)Xiang Zhang2017-05-091-1/+3
| | | When decoding a 4-byte GB18030 sequence, the first and third byte cannot exceed 0xFE.
* [3.5] bpo-30243: Fixed the possibility of a crash in _json. (GH-1420) (#1470)Serhiy Storchaka2017-05-051-66/+20
| | | | | | It was possible to get a core dump by using uninitialized _json objects. Now __new__ methods create initialized objects. __init__ methods are removed.. (cherry picked from commit 76a3e51a403bc84ed536921866c86dd7d07aaa7e)
* [3.5] bpo-30184: Add tests for invalid use of PyArg_ParseTupleAndKeywords. ↵Serhiy Storchaka2017-05-041-2/+2
| | | | | (GH-1316). (#1442) (cherry picked from commit 5f161fd86dd5bb936a1a2a13391b13b7e59ec201)
* Backport bpo-30205 to 3.5 (#1404)Antoine Pitrou2017-05-031-3/+3
|
* [3.5] bpo-30065: Fixed arguments validation in _posixsubprocess.fork_exec(). ↵Serhiy Storchaka2017-04-201-20/+23
| | | | | (GH-1110) (#1190) (cherry picked from commit 66bffd1)
* [3.5] bpo-30070: Fixed leaks and crashes in errors handling in the parser ↵Serhiy Storchaka2017-04-191-43/+67
| | | | | module. (GH-1131). (#1185) (cherry picked from commit a79f4c219531c05fc8f670c1e4bbf12c081935d3)
* [3.5] bpo-30061: Check if PyObject_Size()/PySequence_Size()/PyMapping_Size() ↵Serhiy Storchaka2017-04-194-28/+65
| | | | | | | | | (GH-1096) (GH-1180) (#1182) raised an error. (cherry picked from commit bf623ae8843dc30b28c574bec8d29fc14be59d86) (cherry picked from commit 680fea4067537a9b9c79aadd44a3a19e83cd2dbf)
* bpo-30068: add missing iter(self) in _io._IOBase.readlines when hint is ↵Xiang Zhang2017-04-151-8/+17
| | | | present (#1130) (#1151)
* [3.5] bpo-29738: Fix memory leak in _get_crl_dp (GH-526) (GH-1143)Mariatta2017-04-141-7/+1
| | | | | | | | | * Remove conditional on free of `dps`, since `dps` is now allocated for all versions of OpenSSL * Remove call to `x509_check_ca` since it was only used to cache the `crldp` field of the certificate CRL_DIST_POINTS_free is available in all supported versions of OpenSSL (recent 0.9.8+) and LibreSSL. (cherry picked from commit 2849cc34a8db93d448a62d69c462402347b50dcb)
* Expand the PySlice_GetIndicesEx macro. (#1023) (#1045)Serhiy Storchaka2017-04-085-25/+24
| | | (cherry picked from commit b879fe82e7e5c3f7673c9a7fa4aad42bd05445d8)
* Closes bpo-29939: suppress compiler warnings in _ctypes_test (#1039)Vinay Sajip2017-04-071-3/+3
| | | | Changed test code to suppress a compiler warning, while taking care to avoid the code being optimized out by the compiler. (cherry picked from commit 164d30eb1e66575dafee6af4fca4cbf52c7fbe6a)
* bpo-29942: Fix the use of recursion in itertools.chain.from_iterable. (#912)T. Wouters2017-03-301-24/+28
| | | | | | Fix the use of recursion in itertools.chain.from_iterable. Using recursion is unnecessary, and can easily cause stack overflows, especially when building in low optimization modes or with Py_DEBUG enabled. (cherry picked from commit 5466d4af5fe76ec0a5fbc8a05675287d9e8e9d14)
* bpo-29935: Fixed error messages in the index() method of tuple, list and ↵Serhiy Storchaka2017-03-301-2/+2
| | | | | | | deque (#887) (#907) (#909) when pass indices of wrong type. (cherry picked from commit d4edfc9abffca965e76ebc5957a92031a4d6c4d4) (cherry picked from commit bf4bb2e43030661e568d5d4b046e8b9351cc164c)
* bpo-27863: Fixed multiple crashes in ElementTree. (#765) (#904)Serhiy Storchaka2017-03-301-48/+52
| | | (cherry picked from commit 576def096ec7b64814e038f03290031f172886c3)
* faulthandler: Restore the old sigaltstack during teardown (GH-777) (GH-796)Christophe Zeitouny2017-03-241-1/+16
| | | (cherry picked from commit 20fbf8accd494fd15b0fc4c84928178c71ead4d1)
View Lorry Controller Status