This is a port of the applicable part of XKCP's fix [1] for
CVE-2022-37454 and avoids the segmentation fault and the infinite
loop in the test cases published in [2].
[1]: fdc6fef075
[2]: https://mouha.be/sha-3-buffer-overflow/
Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.
This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
https://github.com/python/cpython/issues/84031.
Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f61068f4)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Automerge-Triggered-By: GH:gpshead
Rely on the title of the linked internal page instead of putting the title. Sphinx will render with the title correctly, and this will reduce work for translators
(cherry picked from commit 52fcba6512)
Co-authored-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
Previously they were silently ignored. Now they are errors.
(cherry picked from commit e4ec8de6fa)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>.
(cherry picked from commit fa2d43e518)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
GH-97530 fixed IDLE tests possibly crashing on a Mac without a GUI.
But it resulted in IDLE not starting in 3.10.8, 3.12.0a1, and
Microsoft Python 3.10.2288.0 when test/* is not installed.
After this patch, test.* is only imported when testing on Mac.
(cherry picked from commit 35fa5d5e7f)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Signed-off-by: Christoph Hamsen <hamsen.christoph@posteo.de>
Co-authored-by: July Tikhonov <july.tikh@gmail.com>
(cherry picked from commit c9ed0327a9)
Co-authored-by: Christoph Hamsen <37963496+xopham@users.noreply.github.com>
On macOS, fix a crash in syslog.syslog() in multi-threaded
applications. On macOS, the libc syslog() function is not
thread-safe, so syslog.syslog() no longer releases the GIL to call
it.
(cherry picked from commit d4b9166385)
Co-authored-by: Victor Stinner <vstinner@python.org>
* Some formatting changes for general faq
* Use list for Python versioning
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
* New line for list, list for a/b/rc
* Line wrap for 80 chars
* More line wrap
* Remove PythonWin mention.
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
(cherry picked from commit e9569ec43e)
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
Closes GH-91856.
On Windows double quotes are sometimes better, on Unix usually
single quotes. It's not our place to explain that, so just don't.
(cherry picked from commit 5f8ca1b796)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
I'm sympathetic to the issue report, especially in case this helps
clarify to new users that Python itself does not do type checking at runtime
(cherry picked from commit ed6344eed0)
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
* Auto-cancel old builds when new commit pushed to branch
* Add a fallback
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
* Use the same group for all workflows.
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
(cherry picked from commit 75751f4aa5)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
* bpo-43564: preserve original error in args of FTP URLError
* Add NEWS blurb
Co-authored-by: Carl Meyer <carljm@instagram.com>.
(cherry picked from commit ad817cd5c4)
Co-authored-by: Carl Meyer <carl@oddbird.net>
Co-authored-by: Carl Meyer <carl@oddbird.net>
The definition of obj in the `Py_buffer` struct is as a PyObject*
ec091bd47e/Include/pybuffer.hGH-L22
PyMemoryView_GET_BASE returns `.obj` - thus its return type
should be a PyObject* (or at least a void*). It definitely
doesn't return `Py_buffer`
(cherry picked from commit c459fedf7c)
Co-authored-by: da-woods <dw-git@d-woods.co.uk>
* Fix link to Lifecycle of a Pull Request in CONTRIBUTING
* Remove trailing backslash.
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
(cherry picked from commit 3378ebb933)
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
