gh-117691: Add an appropriate stacklevel for PEP-706 tarfile deprecation warnings (GH-117872)
(cherry picked from commit cff0a2db00)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
gh-117233: Detect support for several hashes at hashlib build time (GH-117234)
Detect libcrypto BLAKE2, Shake, SHA3, and Truncated-SHA512 support at hashlib build time
GH-GH- BLAKE2
While OpenSSL supports both "b" and "s" variants of the BLAKE2 hash
function, other cryptographic libraries may lack support for one or both
of the variants. This commit modifies `hashlib`'s C code to detect
whether or not the linked libcrypto supports each BLAKE2 variant, and
elides references to each variant's NID accordingly. In cases where the
underlying libcrypto doesn't fully support BLAKE2, CPython's
`./configure` script can be given the following flag to use CPython's
interned BLAKE2 implementation: `--with-builtin-hashlib-hashes=blake2`.
GH-GH- SHA3, Shake, & truncated SHA512.
Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the
OpenSSL-ish libcrypto library at build time. This helps allow hashlib's
`_hashopenssl` to be used with libraries that do not to support every
algorithm that upstream OpenSSL does. Such as AWS-LC & BoringSSL.
(cherry picked from commit b8eaad3009)
Co-authored-by: Will Childs-Klein <willck93@gmail.com>
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
gh-117534: Add checking for input parameter in iso_to_ymd (GH-117543)
Moves the validation for invalid years in the C implementation of the `datetime` module into a common location between `fromisoformat` and `fromisocalendar`, which improves the error message and fixes a failed assertion when parsing invalid ISO 8601 years using one of the "ISO weeks" formats.
---------
(cherry picked from commit d5f1139c79)
Co-authored-by: Vlad4896 <166005126+Vlad4896@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (GH-117309)
Remove extra self DECREF on ssl "no ciphers" error path.
This doesn't come up in practice because nobody links against a broken
OpenSSL library that provides nothing.
(cherry picked from commit 8cb7d7ff86)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-99108: Update and check HACL* version information (GH-117295)
(cherry picked from commit 669ef49c7d)
Co-authored-by: Seth Michael Larson <seth@python.org>
Fix parsing of the following corner cases:
* URLs with only a host name
* URLs containing a fragment
* URLs containing a query
* filenames with only a UNC sharepoint on Windows
(cherry picked from commit 9654daf793)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* gh-115122: Add --bisect option to regrtest (#115123)
* test.bisect_cmd now exit with code 0 on success, and code 1 on
failure. Before, it was the opposite.
* test.bisect_cmd now runs the test worker process with
-X faulthandler.
* regrtest RunTests: Add create_python_cmd() and bisect_cmd()
methods.
(cherry picked from commit 1e5719a663)
* gh-115720: Show number of leaks in huntrleaks progress reports (GH-115726)
Instead of showing a dot for each iteration, show:
- '.' for zero (on negative) leaks
- number of leaks for 1-9
- 'X' if there are more leaks
This allows more rapid iteration: when bisecting, I don't need
to wait for the final report to see if the test still leaks.
Also, show the full result if there are any non-zero entries.
This shows negative entries, for the unfortunate cases where
a reference is created and cleaned up in different runs.
Test *failure* is still determined by the existing heuristic.
(cherry picked from commit af5f9d682c)
* gh-83434: Disable XML in regrtest when -R option is used (#117232)
(cherry picked from commit d52bdfb19f)
---------
Co-authored-by: Petr Viktorin <encukou@gmail.com>
gh-117187: Fix XML tests for vanilla Expat <2.6.0 (GH-117203)
This fixes XML unittest fallout from the https://github.com/python/cpython/issues/115398 security fix. When configured using `--with-system-expat` on systems with older pre 2.6.0 versions of libexpat, our unittests were failing.
* sax|etree: Simplify Expat version guard where simplifiable
Idea by Matěj Cepl
* sax|etree: Fix reparse deferral tests for vanilla Expat <2.6.0
This *does not fix* the case of distros with an older version of libexpat with the 2.6.0 feature backported as a security fix. (Ubuntu is a known example of this with its libexpat1 2.5.0-2ubunutu0.1 package)
(cherry picked from commit 9f74e86c78)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
Pulls in a new update from https://github.com/hacl-star/hacl-star and fixes our C "namespacing" done by `Modules/_hacl/refresh.sh`.
Co-authored-by: Jonathan Protzenko <protz@microsoft.com>
gh-75988: Fix issues with autospec ignoring wrapped object (#115223)
* set default return value of functional types as _mock_return_value
* added test of wrapping child attributes
* added backward compatibility with explicit return
* added docs on the order of precedence
* added test to check default return_value
(cherry picked from commit 735fc2cbbc)
Starting in Python 3.12, we prevented calling fork() and starting new threads
during interpreter finalization (shutdown). This has led to a number of
regressions and flaky tests. We should not prevent starting new threads
(or `fork()`) until all non-daemon threads exit and finalization starts in
earnest.
This changes the checks to use `_PyInterpreterState_GetFinalizing(interp)`,
which is set immediately before terminating non-daemon threads.
(cherry picked from commit 60e105c1c1)
If you catch DuplicateOptionError / DuplicateSectionError when reading a
config file (the intention is to skip invalid config files) and then
attempt to use the ConfigParser instance, any values it *had* read
successfully so far, were stored as a list instead of string! Later
`get` calls would raise "AttributeError: 'list' object has no attribute
'find'" from somewhere deep in the interpolation code.
(cherry picked from commit b1bc37597f)
gh-116869: Make C API compatible with ISO C90 (GH-116950)
Make the C API compatible with -Werror=declaration-after-statement
compiler flag again.
(cherry picked from commit a9c304cf02)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-90872: Fix subprocess.Popen.wait() for negative timeout (#116989)
On Windows, subprocess.Popen.wait() no longer calls
WaitForSingleObject() with a negative timeout: pass 0 ms if the
timeout is negative.
(cherry picked from commit 27cf3ed00c)
Fix support of interval values > 1 in logging.TimedRotatingFileHandler
for when='MIDNIGHT' and when='Wx'.
(cherry picked from commit 269051d20e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.12] gh-112536: Add support for thread sanitizer (TSAN) (gh-112648)
(cherry picked from commit 88cb972000)
* Remove doc for configure option (leave it hidden in this branch)
---------
Co-authored-by: Samet YASLAN <sametyaslan@gmail.com>
Change automatically generated tkinter.Checkbutton widget names to
avoid collisions with automatically generated tkinter.ttk.Checkbutton
widget names within the same parent widget.
(cherry picked from commit c61cb507c1)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Restore support of None and other false values.
* Raise TypeError for non-zero integers and non-empty sequences.
The regressions were introduced in gh-74668
(bdba8ef42b).
(cherry picked from commit 1069a462f6)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Make MetadataPathFinder a proper classmethod.
* In PathFinder.invalidate_caches, also invoke MetadataPathFinder.invalidate_caches.
* Add blurb
(cherry picked from commit 5f52d20a93)
GH-115979: update test_importlib to work under WASI SDK 21 (GH-116754)
(cherry picked from commit 61733a2fb9)
Co-authored-by: Brett Cannon <brett@python.org>
gh-116307: Proper fix for 'mod' leaking across importlib tests (GH-116680)
(cherry picked from commit a254807761)
gh-116307: Create a new import helper 'isolated modules' and use that instead of 'Clean Import' to ensure that tests from importlib_resources don't leave modules in sys.modules.
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* and fix global flag repr
(cherry picked from commit 06e29a224f)
Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru>
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`
Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .
- Please treat as a security fix related to CVE-2023-52425.
(cherry picked from commit 6a95676bb5)
(cherry picked from commit 73807eb634)
(cherry picked from commit eda2963378)
---------
Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
