Upgrade builds to OpenSSL 1.1.1u.
This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t.
The Mac/BuildScript/build-installer.py was already updated.
Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9.
Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting).
(cherry picked from commit ede89af)
gh-104719: IDLE - test existence of all tokenize references. (GH-104767)
Class editor.IndentSearcher contains all editor references to tokenize module.
Module io tokenize reference cover those other modules.
(cherry picked from commit e561c09975)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
Move all of the Python C API calls into the parent process up front
instead of doing PyLong_AsLong and PyErr_Occurred and PyTuple_GET from
the post-fork/vfork child process.
Much of this was long overdue. We shouldn't have been using PyTuple and
PyLong APIs within all of these low level functions anyways.
This is a backport of c649df6 for #104518 and the tiny adjustment in d1732fe#104697.
Backporting this allows backporting of the real bug fix that requires it.
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
Fix a race condition in the internal `multiprocessing.process` cleanup
logic that could manifest as an unintended `AttributeError` when calling
`BaseProcess.close()`.
(cherry picked from commit ef5d00a592)
Co-authored-by: Luccccifer <lukezhang764@gmail.com>
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Fixes unittest.mock.patch not enforcing function signatures for methods
decorated with @classmethod or @staticmethod when patch is called with
autospec=True.
(cherry picked from commit 59e0de4903)
Co-authored-by: Tomas R <tomas.roun8@gmail.com>
gh-101857: Allow xattr detection on musl libc (GH-101858)
Previously, we checked exclusively for `__GLIBC__` (AND'd with some other
conditions). Checking for `__linux__` instead should be fine.
This fixes using e.g. `os.listxattr()` on systems using musl libc.
Bug: https://bugs.gentoo.org/894130
(cherry picked from commit 8be8101bca)
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Utilize new functions termios.tcgetwinsize() and termios.tcsetwinsize in test_pty.py.
(cherry picked from commit da2fb92643)
Co-authored-by: Soumendra Ganguly <67527439+8vasu@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-104499: IDLE - fix completions for tk aqua 8.7 (GH-104591)
(cherry picked from commit 678bf57ed0)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
gh-104496: IDLE - fix About for mixed tcl/tk versions (GH-104585)
Print both if they are different, as may happen in the future.
(cherry picked from commit aed643baa9)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Fix Zip64 extensions not being properly applied in some cases:
Fixes an issue where adding a small file to a `ZipFile`
object while forcing zip64 extensions causes an extra Zip64 record to be
added to the zip, but doesn't update the `min_version` or file sizes in
the primary central directory header.
Also fixed an edge case in checking if zip64 extensions are required:
This fixes an issue where if data requiring zip64 extensions was added
to an unseekable stream without specifying `force_zip64=True`, zip64
extensions would not be used and a RuntimeError would not be raised when
closing the file (even though the size would be known at that point).
This would result in successfully writing corrupt zip files.
Deciding if zip64 extensions are required outside of the `FileHeader`
function means that both `FileHeader` and `_ZipWriteFile` will always be
in sync. Previously, the `FileHeader` function could enable zip64
extensions without propagating that decision to the `_ZipWriteFile`
class, which would then not correctly write the data descriptor record
or check for errors on close.
If anyone is actually using `ZipInfo.FileHeader` as a public API without
explicitly passing True or False in for zip64, their own code may still be
susceptible to that kind of bug unless they make a similar change to
where the zip64 decision happens.
Fixes GH-103861
---------
.
(cherry picked from commit 798bcaa1eb)
Co-authored-by: Carey Metcalfe <carey@cmetcalfe.ca>
gh-87474: Fix file descriptor leaks in subprocess.Popen (GH-96351)
This fixes several ways file descriptors could be leaked from `subprocess.Popen` constructor during error conditions by opening them later and using a context manager "fds to close" registration scheme to ensure they get closed before returning.
---------
(cherry picked from commit 3a4c44bb1e)
Co-authored-by: cptpcrd <31829097+cptpcrd@users.noreply.github.com>
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
gh-104494: Update certain Tkinter pack/place tests for Tk 8.7 errors (GH-104495)
(cherry picked from commit 3cba61f111)
Co-authored-by: Christopher Chavez <chrischavez@gmx.us>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
gh-75367: Fix data descriptor detection in inspect.getattr_static (GH-104517)
(cherry picked from commit 5e9f471e7d)
Co-authored-by: Furkan Onder <furkanonder@protonmail.com>
Co-authored-by: Carl Meyer <carl@oddbird.net>
gh-103204: `http.server` - Enforce that HTTP version numbers must consist only of digits (GH-103205)
Reject HTTP requests with invalid http/x.y version numbers: x or y being non-digits or too-long.
---------
(cherry picked from commit cf720acfcb)
Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Fix issue where `pathlib.Path.glob()` raised `OSError` when it encountered
a symlink to an overly long path.
(cherry picked from commit a33ce66dca)
Co-authored-by: Barney Gale <barney.gale@gmail.com>
gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (GH-103849)
* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format
---------
(cherry picked from commit 29f348e232)
Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
GH-104308: socket.getnameinfo should release the GIL (GH-104307)
* socket.getnameinfo should release the GIL
* 📜🤖 Added by blurb_it.
---------
(cherry picked from commit faf196213e)
Co-authored-by: Nathaniel J. Smith <njs@pobox.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-101640: Make argparse _print_message catch any write error (GH-101802)
* In particular, don't exit when trying to print to stderr = None.
* Add tests
(cherry picked from commit 42f54d1f92)
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067)
Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure)
---------
(cherry picked from commit c7c3a60c88)
Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
GH-103472: close response in HTTPConnection._tunnel (GH-103473)
Avoid a potential `ResourceWarning` in `http.client.HTTPConnection`
by closing the proxy / tunnel's CONNECT response explicitly.
---------
(cherry picked from commit 9de0cf20fa)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-104018: disallow "z" format specifier in %-format of byte strings (GH-104033)
PEP-0682 specified that %-formatting would not support the "z" specifier,
but it was unintentionally allowed for bytes. This PR makes use of the "z"
flag an error for %-formatting in a bytestring.
Issue: GH-104018
---------
(cherry picked from commit 3ed8c88290)
Co-authored-by: John Belmonte <john@neggie.net>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-104035: Do not ignore user-defined `__{get,set}state__` in slotted frozen dataclasses (GH-104041)
(cherry picked from commit 99aab61062)
Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
