gh-150368: Change Windows user group to secure identifier in test_tempfile (GH-150369)
(cherry picked from commit 9d64c355b5)
Co-authored-by: Dawid Konrad Kohnke <51542233+anytokin@users.noreply.github.com>
Update the table of Windows language code identifiers (LCIDs) to
protocol version 16.0 (2024-04-23).
(cherry picked from commit bfe6f9f590)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-151019: Fix test_os on 32-bit FreeBSD (GH-151087)
Remove references to server.handler_instance. This attribute has been
removed in 2022 by commit 3ae975f1ac.
(cherry picked from commit a9002349cb)
Co-authored-by: Victor Stinner <vstinner@python.org>
ass_subscript_slice() returned early when the computed slice length
was zero, bypassing validation performed for non-empty slices.
(cherry picked from commit fc9c4db130)
Co-authored-by: Jiseok CHOI <jiseok.dev@gmail.com>
* bpo-46943: fix[imaplib]: call Exception with string instance
Adjust the behavior of 'login' to be similar to `authenticate()`,
where self.error is called with a str() instance.
(cherry picked from commit 29805f00a1)
Co-authored-by: Florian Best <spaceone@users.noreply.github.com>
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Fixed incorrect word.
(cherry picked from commit f7e0fb60cf)
Co-authored-by: Gustaf <79180496+gostak-dd@users.noreply.github.com>
Co-authored-by: Gustaf <79180496+GGyll@users.noreply.github.com>
gh-149738: Fix segmentation fault bug in sqllite3 (#149754)
Deleting the `row_factory` or `text_factory` attribute is no longer allowed.
(cherry picked from commit 60fdb3192b)
Co-authored-by: Sepehr Rasouli <sepehrrasouli06@gmail.com>
gh-148508: Add another common pattern for iOS SSL failures to test_ssl (GH-150442)
Match also '[SSL: HTTP_REQUEST] http request (_ssl.c:1143)'.
(cherry picked from commit 540b3d0a7f)
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
gh-150436: Skip subprocess test on STATUS_DLL_INIT_FAILED (#150704)
If a subprocess spawned with CREATE_NEW_CONSOLE creation flag fails
with STATUS_DLL_INIT_FAILED return code, skip the test. It's likely a
memory allocation failure in the desktop heap memory which caused the
DLL init failure.
(cherry picked from commit e8034dd841)
* The content of elements "xmp", "iframe", "noembed", "noframes",
and "plaintext" is no longer escaped.
* The "plaintext" element no longer have the closing tag.
(cherry picked from commit c42e6d3f1a)
(cherry picked from commit bcd29e466f)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-150046: Fix `test_add_python_opts` to ignore `PYTHON*` env vars (GH-150089)
Avoid the runtime environment from affecting the tests' behaviours,
which notably checks the warning filters which can be controlled by
various PYTHON environment variables.
(cherry picked from commit ef2246f788)
Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
(cherry picked from commit 01c6d3d76b)
(cherry picked from commit 03244b9f04)
(cherry picked from commit 2a5e7d5bd0)
Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Preserve non-UTF-8 filenames when appending to a ZipFile.
---------
(cherry picked from commit 24c6bbc92b)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
It no longer emits text for comments and processing instructions.
(cherry picked from commit 7de4fcd445)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-150175: Fix ThreadingMock call_count race condition (GH-150176)
ThreadingMock._increment_mock_call() was not thread-safe.
Multiple threads calling the mock simultaneously could lose
increments due to race conditions on call_count and other
attributes.
Fix by overriding _increment_mock_call in ThreadingMixin
and wrapping it with the existing _mock_calls_events_lock.
(cherry picked from commit 388e023fe1)
Co-authored-by: saisneha196 <156835592+saisneha196@users.noreply.github.com>
This has not been observed in practice, but we cannot be 100% sure that
it will not happen with some weird gzip data.
(cherry picked from commit 28eac9a726)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Some of these docstrings read as if they were written when typing.py was
first written, and things have evolved since then.
A few motivations:
- Call protocols protocols instead of ABCs. They are also ABCs, but the fact
they are protocols is more relevant to typing.
- Avoid recommending direct use of .__annotations__ and steer users to
annotationlib instead.
- For TypedDict, mention NotRequired before total=False since it is more
general and probably more frequently useful.
- For overloads, mention runtime use first instead of stub use. I think early on
there was talk of allowing overload only in stubs, but it is now heavily used at
runtime too and that's more likely to be relevant to users.
(cherry picked from commit f159419ae2)
gh-142831: Fix use-after-free in json encoder during re-entrant mutation (gh-142851)
User callbacks invoked during JSON encoding (e.g. the `default` callback or
a custom string encoder) can mutate or clear the dict or sequence being
encoded, invalidating borrowed references to items, keys, and values. Hold
strong references unconditionally while iterating.
(cherry picked from commit 235fa7244a)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
RFC 2047 Section 6.2 requires that "any 'linear-white-space' that
separates a pair of adjacent 'encoded-word's is ignored." The modern
header value parser correctly implements that for unstructured headers,
but had missed a case in structured headers. This could cause a parsed
address header to include extraneous spaces in a display-name.
Switch to @bitdancer's fix from review feedback. Recharacterize space
between ews as fws after parsing in get_phrase.
RDM: This fix is dependent on the fact that "subsequent" atoms will never have
leading whitespace because that's been consumed already. I don't think
it's worth adding extra code for the possibility of leading whitespace
because the parser won't produce it. It's a bit of parser fragility in the
face of code changes, but I think that's a minor concern given the
parser design (which is that it consumes whitespace greedily)
(cherry picked from commit 7a4c6dfb88)
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-149648)
ftpcp() called parse227() directly and passed the source server's
self-reported PASV IPv4 address to the target server's PORT command,
bypassing the CVE-2021-4189 fix that was applied only to FTP.makepasv().
A malicious source FTP server could use this to redirect the target
server's data connection to an arbitrary host:port (SSRF).
ftpcp() now uses the source server's actual peer address, honoring the
existing trust_server_pasv_ipv4_address opt-out, the same as makepasv().
Thanks to Qi Ding at Aurascape AI for the report. (GHSA-w8c5-q2xf-gf7c)
(cherry picked from commit eac4fe3b2c)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
gh-149776: Skip UDP Lite tests if it's not supported (GH-149777)
Fix test_socket on Linux kernel 7.1 and newer: skip UDP Lite tests if
it's not supported.
(cherry picked from commit 3cfc249e11)
Co-authored-by: Victor Stinner <vstinner@python.org>
Exclude encodings like 'utf-8-sig', 'iso2022-jp' and 'hz' from the list of
supported encodings.
(cherry picked from commit fa2afa64d9)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
