It is no longer changed when create a zip or tar archive.
It is still changed for custom archivers registered with shutil.register_archive_format()
if root_dir is not None.
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit fda4b2f063)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b603)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Because of the way wrap_descr_get is written, the second argument
to __get__ methods implemented through the wrapper is always
optional.
(cherry picked from commit 4e08fbcfdf)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
Classes ReferenceType, ProxyType and CallableProxyType have now correct
atrtributes __module__, __name__ and __qualname__.
It makes them (types, not instances) pickleable.
(cherry picked from commit 8352e322e8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Suppress writing an XML declaration in open files in ElementTree.write()
with encoding='unicode' and xml_declaration=None.
If file patch is passed to ElementTree.write() with encoding='unicode',
always open a new file in UTF-8.
(cherry picked from commit d7db9dc3cc)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
The fix involves using pysqlite_check_remaining_sql(), not only to check
for multiple statements, but now also to strip leading comments and
whitespace from SQL statements, so we can improve DML query detection.
pysqlite_check_remaining_sql() is renamed lstrip_sql(), to more
accurately reflect its function, and hardened to handle more SQL comment
corner cases.
(cherry picked from commit 46740073ef)
copy.copy() and copy.deepcopy() now always raise a TypeError if
__reduce__() returns a tuple with length 6 instead of silently ignore
the 6th item or produce incorrect result.
(cherry picked from commit a365dd64c2)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit f0d0be3493)
Co-authored-by: Sean Fleming
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Character ranges with upper bound less that lower bound (e.g. [c-a])
are now interpreted as empty ranges, for compatibility with other glob
pattern implementations. Previously it was re.error.
(cherry picked from commit 0902c3d8ed)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
When a `_PathParents` object has a drive or a root, the length of the
object is *one less* than than the length of `self._parts`, which resulted
in an off-by-one error when `path.parents[-n]` was fed through to
`self._parts[:-n - 1]`. In particular, `path.parents[-1]` was a malformed
path object with spooky properties.
This is addressed by adding `len(self)` to negative indices.
(cherry picked from commit f32e6b48d1)
Co-authored-by: Barney Gale <barney.gale@gmail.com>
(cherry picked from commit ee70c70aa9)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
Fix __ltrace__ debug feature if the stdout encoding is not UTF-8.
If the stdout encoding is not UTF-8, the first call to
lltrace_resume_frame() indirectly sets lltrace to 0 when calling
unicode_check_encoding_errors() which calls
encodings.search_function().
Add test_lltrace.test_lltrace() test.
test.pythoninfo no longer fails if "import socket" fails: the socket
module is now optional.
(cherry picked from commit 4a31ed8a32)
Co-authored-by: Victor Stinner <vstinner@python.org>
The code was moved out of test.support in
311110abcd (GH-20812), thus making
ResourceDenied undefined.
(cherry picked from commit 37c9a351b1)
Co-authored-by: Florian Bruhin <me@the-compiler.org>
Also while there, clarify a few things about why we reduce the hash to 32 bits.
Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c1f5c903a7)
The `utc_to_seconds` call can fail, here's a minimal reproducer on
Linux:
TZ=UTC python -c "from datetime import *; datetime.fromtimestamp(253402300799 + 1)"
The old behavior still raised an error in a similar way, but only
because subsequent calculations happened to fail as well. Better to fail
fast.
This also refactors the tests to split out the `fromtimestamp` and
`utcfromtimestamp` tests, and to get us closer to the actual desired
limits of the functions. As part of this, we also changed the way we
detect platforms where the same limits don't necessarily apply (e.g.
Windows).
As part of refactoring the tests to hit this condition explicitly (even
though the user-facing behvior doesn't change in any way we plan to
guarantee), I noticed that there was a difference in the places that
`datetime.utcfromtimestamp` fails in the C and pure Python versions, which
was fixed by skipping the "probe for fold" logic for UTC specifically —
since UTC doesn't have any folds or gaps, we were never going to find a
fold value anyway. This should prevent some failures in the pure python
`utcfromtimestamp` method on timestamps close to 0001-01-01.
There are two separate news entries for this because one is a
potentially user-facing change, the other is an internal code
correctness change that, if anything, changes some error messages. The
two happen to be coupled because of the test refactoring, but they are
probably best thought of as independent changes.
Fixes GH-91581
(cherry picked from commit 83c0247d47)
Co-authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com>
ElementTree method write() and function tostring() now use the text file's
encoding ("UTF-8" if not available) instead of locale encoding in XML
declaration when encoding="unicode" is specified.
(cherry picked from commit 707839b0fe)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
* [3.10] bpo-46785: Fix race condition between os.stat() and unlink on Windows (GH-31858).
(cherry picked from commit 39e6b8ae6a)
Co-authored-by: Itai Steinherz <itaisteinherz@gmail.com>
Do not spawn ProcessPool workers on demand when they spawn via fork.
This avoids potential deadlocks in the child processes due to forking from
a multithreaded process..
(cherry picked from commit ebb37fc3fd)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
`IPv*Network` and `IPv*Interface` constructors accept a 2-tuple of
(address description, netmask) as the address parameter.
When the tuple-based address is used errors are not propagated
correctly through the `ipaddress.ip_*` helper because of the %-formatting now expecting several arguments:
In [7]: ipaddress.ip_network(("192.168.100.0", "fooo"))
...
TypeError: not all arguments converted during string formatting
Compared to:
In [8]: ipaddress.IPv4Network(("192.168.100.0", "foo"))
...
NetmaskValueError: 'foo' is not a valid netmask
Use an f-string to make sure the error is always properly formatted.
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
(cherry picked from commit 52dc9c3066)
Co-authored-by: Thomas Cellerier <thomascellerier@gmail.com>
If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d773e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This does not alter the `_posixsubprocess.fork_exec()` private API to
avoid issues for anyone relying on that (bad idea) or for anyone who's
`subprocess.py` and `_posixsubprocess.so` upgrades may not become
visible to existing Python 3.10 processes at the same time.
Backports the concept of cd5726fe67.
Provides a fail-safe way to disable vfork for #91401.
I didn't backport the documentation as I don't actually expect this to be used and `.. versionadded: 3.10.5` always looks weird in docs. It's being done more to have a fail-safe in place for people just in case.
