Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.
While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
(cherry picked from commit bc172ee830)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
gh-138004: Fix setting a thread name on OpenIndiana (GH-138017)
Encode Solaris/Illumos thread names to ASCII, since
OpenIndiana does not support non-ASCII names.
Add tests for setting non-ASCII name for the main thread.
(cherry picked from commit c19db1d2b8)
Co-authored-by: jadonduff <jadon_duff@icloud.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.14] gh-134698: Hold a lock when the thread state is detached in `ssl` (GH-134724)
Lock when the thread state is detached.
(cherry picked from commit e047a35b23)
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* Only lock the SSL context, not the SSL socket.
This solves a deadlock when a socket is blocked while waiting on data,
which ended up causing a major regression in 3.13.6 (see gh-137583).
---------
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
gh-137044: Support large limit values in getrlimit() and setrlimit() (GH-137338)
* Return large limit values as positive integers instead of negative integers
in resource.getrlimit().
* Accept large values and reject negative values (except RLIM_INFINITY)
for limits in resource.setrlimit().
(cherry picked from commit baefaa6cba)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-137273: Fix debug assertion failure in locale.setlocale() on Windows (GH-137300)
It happened when there were at least 16 characters after dot in the
locale name.
(cherry picked from commit 718e0c89ba)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-138779: Use the dev_t converter for st_rdev (GH-138780)
This allows to support device numbers larger than 2**63-1.
(cherry picked from commit 43013f72f0)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
fix comment reference from man 7 signal to man 7 signal-safety (GH-138554)
(cherry picked from commit 2f5ace780b)
docs: fix comment reference from man 7 signal to man 7 signal-safety
Co-authored-by: mqudah <mohghq@gmail.com>
Call backtrace() once when installing the signal handler to ensure that
libgcc is dynamically loaded outside the signal handler.
This fixes a "signal-unsafe call inside of a signal" TSan error from
test_faulthandler.test_enable_fd.
(cherry picked from commit 11a8652e25)
Co-authored-by: Sam Gross <colesbury@gmail.com>
A runtime check is needed to support cross-compiling.
Remove the _Py_NORMALIZE_CENTURY macro.
Remove _pydatetime.py's _can_support_c99.
(cherry picked from commit 719e5c3f71)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-126662: naming consistency for `signal.ItimerError` (GH-126712)
(cherry picked from commit d5fa437dfb)
Co-authored-by: Stephen Morton <git@tungol.org>
gh-138659: Typo in the gc module docstring (GH-138660)
docs(gc): fix typo in get_threshold() docstring
Removes a duplicate "the" from the docstring for the `gc.get_threshold()` function.
(cherry picked from commit c006a623e7)
Co-authored-by: Aalaap Dey <65075436+axdeyy@users.noreply.github.com>
* Add OpenSSL 3.5.2 definitions to Modules/_ssl_data_35.h (moved from Modules/_ssl_data_34.h)
* Demote OpenSSL 3.1 to "old", remove it from CI
* Update all OpenSSL versions to latest patchlevel in CI config and multissltests defaults
* Add OpenSSL 3.5.2 to CI configuration and multissltests default list
* Fix a typo in the argument parser description of multissltests.py
(cherry picked from commit 7a703c8f19)
Basic support for pyrepl in Emscripten. Limitations:
* requires JSPI
* no signal handling implemented
As followup work, it would be nice to implement a webworker variant
for when JSPI is not available and proper signal handling.
Because it requires JSPI, it doesn't work in Safari. Firefox requires
setting an experimental flag. All the Chromiums have full support since
May. Until we make it work without JSPI, let's keep the original web_example
around.
(cherry picked from commit c933a6bb32)
Co-authored-by: Hood Chatham <roberthoodchatham@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Éric <merwok@netwok.org>
This is useful for implementing proper `input()`. It requires the
JavaScript engine to support the wasm JSPI spec which is now stage 4.
It is supported on Chrome since version 137 and on Firefox and node
behind a flag.
We override the `__wasi_fd_read()` syscall with our own variant that
checks for a readAsync operation. If it has it, we use our own async
variant of `fd_read()`, otherwise we use the original `fd_read()`.
We also add a variant of `FS.createDevice()` called
`FS.createAsyncInputDevice()`.
Finally, if JSPI is available, we wrap the `main()` symbol with
`WebAssembly.promising()` so that we can stack switch from `fd_read()`.
If JSPI is not available, attempting to read from an AsyncInputDevice
will raise an `OSError`.
(cherry picked from commit 7ae4749d06)
Co-authored-by: Hood Chatham <roberthoodchatham@gmail.com>
gh-136421: Load `_datetime` static types during interpreter initialization (GH-136583)
`_datetime` is a special module, because it's the only non-builtin C extension that contains static types. As such, it would initialize static types in the module's execution function, which can run concurrently. Since static type initialization is not thread-safe, this caused crashes. This fixes it by moving the initialization of `_datetime`'s static types to interpreter startup (where all other static types are initialized), which is already properly protected through other locks.
(cherry picked from commit a10960699a)
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
gh-116738: Make grp module thread-safe (GH-135434)
Make grp module methods getgrgid() and getgrnam() thread-safe when the GIL is disabled and getgrgid_r()/getgrnam_r() C APIs are not available.
---------
(cherry picked from commit 9363703bd3)
Co-authored-by: Alper <alperyoney@fb.com>
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
gh-136476: Show the full stack in get_async_stack_trace in _remote_debugging (GH-136483)
(cherry picked from commit ea45a2f97c)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
gh-91048: Revert the memory cache removal for remote debugging (GH-136440)
(cherry picked from commit 77d25e5b16)
gh-91048: Reintroduce the memory cache for remote debugging
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
gh-136288: Fix error message in `_testcapi/vectorcall.c` (GH-136258)
Use the %N format specifier instead of %s and `PyType_GetName`.
(cherry picked from commit d1d5dce14f)
Co-authored-by: William S Fulton <wsf@fultondesigns.co.uk>
gh-135773: have pyvenv.cfg without home key anchor a venv and deduce home (GH-135831)
This is still formally undefined behaviour, but we may as well
keep the *same* undefined behaviour as previous versions.
PEP 796 proposes a cleaner and more consistent replacement for 3.15+
(cherry picked from commit 93263d4314)
Co-authored-by: Richard Levasseur <rlevasseur@google.com>
There is no need to temporary switch locale for items ALT_DIGITS and ERA
if the nl_langinfo() result is empty (most locales).
(cherry picked from commit 5c984ae35e)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-130396: Move PYOS_LOG2_STACK_MARGIN to internal headers (GH-135928)
Move PYOS_LOG2_STACK_MARGIN, PYOS_STACK_MARGIN,
PYOS_STACK_MARGIN_BYTES and PYOS_STACK_MARGIN_SHIFT macros to
pycore_pythonrun.h internal header. Add underscore (_) prefix to the
names to make them private. Rename _PYOS to _PyOS.
(cherry picked from commit 28940e8e48)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-135607: remove null checking of weakref list in dealloc of extension modules and objects (#135614)
(cherry picked from commit b1056c2a44)
Co-authored-by: Xuanteng Huang <44627253+xuantengh@users.noreply.github.com>
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
