Pre-create the Android emulator image so that the the configuration can be
modified to use 4GB of RAM.
(cherry picked from commit a95ee3a21d)
Co-authored-by: Malcolm Smith <smith@chaquo.com>
Allows building the Android testbed for 32-bit targets, adding the target triplets
`arm-linux-androideabi` and `i686-linux-android`.
(cherry picked from commit 848bbe9ff2)
Co-authored-by: Robert Kirkman <31490854+robertkirkman@users.noreply.github.com>
Allows for cleaning a subset of targets, customization of the download cache and
cross-build directories, and modifies the build command to allow 'all', 'build'
and 'hosts' targets.
(cherry picked from commit b8470deb5d)
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
When Python is running on 32-bit ARM Android on a 64-bit ARM kernel, `os.uname().machine` is `armv8l`. Such devices run the same userspace code as `armv7l` devices, so apply the same `armeabi_v7a` Android ABI to them, which works.
(cherry picked from commit 3a2b81e919)
Co-authored-by: Robert Kirkman <31490854+robertkirkman@users.noreply.github.com>
gh-146310: Fix ensurepip to treat empty WHEEL_PKG_DIR as unset (GH-146357)
Path('') resolves to CWD, so an empty WHEEL_PKG_DIR string caused
ensurepip to search the current working directory for wheel files.
Add a truthiness check to treat empty strings the same as None.
(cherry picked from commit 73cc1fd4f4)
Co-authored-by: Imgyu Kim <kimimgo@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-145633: Fix struct.pack('f') on s390x (#146422)
Use PyFloat_Pack4() to raise OverflowError.
Add more tests on packing/unpacking floats.
(cherry picked from commit 8de70b31c5)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
* gh-142183: Cache one datachunk per tstate to prevent alloc/dealloc thrashing (GH-145789) (#145828)
Cache one datachunk per tstate to prevent alloc/dealloc thrashing when repeatedly hitting the same call depth at exactly the wrong boundary.
Move new _ts member to the end to not mess up remote debuggers' ideas of the
struct's layout. (The struct is only created by the runtime, and the new
field only used by the runtime, so it should be safe.)
(cherry picked from commit 706fd4ec08)
(cherry picked from commit 19cbcc0f85)
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
gh-146202: Create tmp_dir in regrtest worker (GH-146347)
Create tmp_dir in libregrtest.worker since the directory can be
different than the --tempdir directory.
(cherry picked from commit bcff99cb3f)
Co-authored-by: Victor Stinner <vstinner@python.org>
Base64 decoder (see binascii.a2b_base64(), base64.b64decode(), etc)
no longer ignores excess data after the first padded quad in non-strict
(default) mode. Instead, in conformance with RFC 4648, it ignores the
pad character, "=", if it is present before the end of the encoded data.
(cherry picked from commit 4561f6418a)
(cherry picked from commit e31c551216)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Weakrefs to unreachable garbage that are created during running of
finalizers need to be cleared. This avoids exposing objects that
have `tp_clear` called on them to Python-level code.
(cherry picked from commit b6b99bf7f1)
Co-authored-by: Neil Schemenauer <nas-github@arctrix.com>
Also fix a related issue in the pyatomic headers:
* Fix pseudo-code comment for _Py_atomic_store_ptr_release in
pyatomic.h.
(cherry picked from commit 1eff27f2c0)
gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (GH-145600)
Reject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.
(cherry picked from commit 57e88c1cf9)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
* gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)
Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.
---------
(cherry picked from commit eb0e8be3a7)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* Remvoe `skip_if_unlimited_stack_size` decorator
* Remove more decorators not on this branch
---------
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
gh-140814: Fix freeze_support() setting start method as side effect (GH-144608)
freeze_support() called get_start_method() without allow_none=True,
which locked in the default start method context. This caused a
subsequent set_start_method() call to raise "context has already been
set". Use allow_none=True and accept None as a matching value, since
spawn.freeze_support() independently detects spawned child processes.
Test that freeze_support() does not lock in the default start method,
which would prevent a subsequent set_start_method() call.
(cherry picked from commit ee5318025b)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* sort `--help-env` sections by environment variable name
Only needed in the first section, in 3.13 the second section was already sorted.
* regression test for --help-env & --help-xoptions sort order
Manual backport of GH-145997
gh-145801: Use gcc -fprofile-update=atomic for PGO builds (#145802)
When Python build is optimized with GCC using PGO, use
-fprofile-update=atomic option to use atomic operations when updating
profile information. This option reduces the risk of gcov Data Files
(.gcda) corruption which can cause random GCC crashes.
(cherry picked from commit 08a018ebe0)
gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910)
(cherry picked from commit 86a0756234)
Co-authored-by: Shamil <ashm.tech@proton.me>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit 2d35f9bc1c)
Includes test fix-up from GH-145788
(cherry picked from commit aa4240ebea)
Co-authored-by: Thomas Kowalski <thom.kowa@gmail.com>
Co-authored-by: Matt Van Horn <mvanhorn@users.noreply.github.com>
The cache may be cleared between the evaluation of the if statement and the
call to popitem.
(cherry picked from commit 665c1db94f)
Co-authored-by: Sam Gross <colesbury@gmail.com>
* gh-145701: Fix `__classdict__` & `__conditional_annotations__` in class-scope inlined comprehensions (GH-145702)
(cherry picked from commit 63eaaf9599)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
* Add `:oss-fuzz:` macro support
Backports part of 255e79fa95.
---------
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
* gh-145376: Fix crashes in md5module.c
Fix a possible NULL pointer dereference in `md5module.c`.
This can only occur in error paths taken when the interpreter fails to allocate memory.
(cherry-picked from c1d7768321)
* 📜🤖 Added by blurb_it.
* Update Modules/md5module.c
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-144370: Disallow usage of control characters in status in wsgiref.handlers for security (GH-144371)
Disallow usage of control characters in status in wsgiref.handlers
to prevent HTTP header injections.
(cherry picked from commit d931725bc8)
Co-authored-by: Benedikt Johannes <benedikt.johannes.hofer@gmail.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
