gh-112064: Fix incorrect handling of negative read sizes in `HTTPResponse.read()` (GH-128270)
The parameter `amt` of `HTTPResponse.read()`, which could be a negative integer,
has not been handled before and led to waiting for the connection to close
for `keep-alive connections`. Now, this has been fixed, and passing negative values
to `HTTPResponse().read()` works the same as passing `None` value.
(cherry picked from commit 4d0d24f6e3)
Co-authored-by: Yury Manushkin <manushkin@gmail.com>
gh-119511: Fix a potential denial of service in imaplib (GH-119514)
The IMAP4 client could consume an arbitrary amount of memory when trying
to connect to a malicious server, because it read a "literal" data with a
single read(size) call, and BufferedReader.read() allocates the bytes
object of the specified size before reading. Now the IMAP4 client reads data
by chunks, therefore the amount of used memory is limited by the
amount of the data actually been sent by the server.
(cherry picked from commit 735f25c5e3)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-58956: Set f_trace on frames with breakpoints after setting a new breakpoint (GH-124454)
(cherry picked from commit 12eaadc0ad)
Co-authored-by: Tian Gao <gaogaotiantian@hotmail.com>
[3.13] gh-129185: Fix PyTraceMalloc_Untrack() at Python exit (#129191) (#129217)
gh-129185: Fix PyTraceMalloc_Untrack() at Python exit (#129191)
Support calling PyTraceMalloc_Track() and PyTraceMalloc_Untrack()
during late Python finalization.
* Call _PyTraceMalloc_Fini() later in Python finalization.
* Test also PyTraceMalloc_Untrack() without the GIL
* PyTraceMalloc_Untrack() now gets the GIL.
* Test also PyTraceMalloc_Untrack() in test_tracemalloc_track_race().
(cherry picked from commit 46c7e13c05)
(cherry picked from commit e3b3e01d6a)
Add a mix-in class ExtraAssertions containing the following methods:
* assertHasAttr() and assertNotHasAttr()
* assertIsSubclass() and assertNotIsSubclass()
* assertStartsWith() and assertNotStartsWith()
* assertEndsWith() and assertNotEndsWith()
(cherry picked from commit c6a566e47b)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 06cad77a5b)
gh-80222: Fix email address header folding with long quoted-string (GH-122753)
Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf416858)
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
[3.13] gh-128679: Fix tracemalloc.stop() race conditions (#128897)
tracemalloc_alloc(), tracemalloc_realloc(), PyTraceMalloc_Track(),
PyTraceMalloc_Untrack() and _PyTraceMalloc_TraceRef() now check
tracemalloc_config.tracing after calling TABLES_LOCK().
_PyTraceMalloc_Stop() now protects more code with TABLES_LOCK(),
especially setting tracemalloc_config.tracing to 1.
Add a test using PyTraceMalloc_Track() to test tracemalloc.stop()
race condition.
Call _PyTraceMalloc_Init() at Python startup.
(cherry picked from commit 6b47499510)
* Fix a deprecation warning for using importlib.resources.abc.ResourceReader.
* Fix an import warning when importing readline (if it has not yet been imported).
(cherry picked from commit 599be687ec)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
gh-109959: Skip test_glob.test_selflink() flaky test (GH-128812)
(cherry picked from commit 1153e66e20)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-125997: Increase test coverage for `time.sleep()` (GH-128751)
- Add tests for durations of invalid types.
- Add tests for `int` and `float` durations, including signed zeroes durations.
- Add tests for nonzero very small durations and durations close to the clock resolution.
---------
(cherry picked from commit b70a567575)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
There were possible conflicts if the widget class name ends with a digit.
(cherry picked from commit da8825ea95)
Co-authored-by: Zhikang Yan <2951256653@qq.com>
gh-128302: Fix bugs in xml.dom.xmlbuilder (GH-128284)
* Allow DOMParser.parse() to correctly handle DOMInputSource instances
that only have a systemId attribute set.
* Fix DOMEntityResolver.resolveEntity(), which was broken by the
Python 3.0 transition.
* Add Lib/test/test_xml_dom_xmlbuilder.py with few tests.
(cherry picked from commit 6ea04da270)
Co-authored-by: Stephen Morton <git@tungol.org>
It now supports docstrings with single quotes, escape sequences,
raw string literals, and other Python syntax.
(cherry picked from commit 474e419792)
Co-authored-by: Srinivas Reddy Thatiparthy (తాటిపర్తి శ్రీనివాస్ రెడ్డి) <thatiparthysreenivas@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-98188: Fix EmailMessage.get_payload to decode data when CTE value has extra text (GH-127547)
Up to this point message handling has been very strict with regards to content encoding values: mixed case was accepted, but trailing blanks or other text would cause decoding failure, even if the first token was a valid encoding. By Postel's Rule we should go ahead and decode as long as we can recognize that first token. We have not thought of any security or backward compatibility concerns with this fix.
This fix does introduce a new technique/pattern to the Message code: we look to see if the header has a 'cte' attribute, and if so we use that. This effectively promotes the header API exposed by HeaderRegistry to an API that any header parser "should" support. This seems like a reasonable thing to do. It is not, however, a requirement, as the string value of the header is still used if there is no cte attribute.
The full fix (ignore any trailing blanks or blank-separated trailing text) applies only to the non-compat32 API. compat32 is only fixed to the extent that it now ignores trailing spaces. Note that the HeaderRegistry parsing still records a HeaderDefect if there is extra text.
(cherry picked from commit a62ba52f14)
Co-authored-by: RanKKI <hliu86.me@gmail.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
gh-123085: _compile_importlib: Avoid copying sources before compilation (GH-124131)
(cherry picked from commit 42c8b0556c)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
gh-123085: Fix issue in inferred caller when resources package has no source.
From importlib_resources 6.4.3 (python/importlib_resourcesGH-314).
(cherry picked from commit a53812df12)
gh-127903: Fix a crash on debug builds when calling `Objects/unicodeobject::_copy_characters`` (GH-127876)
(cherry picked from commit 46cb6340d7)
Co-authored-by: Alexander Shadchin <shadchin@yandex-team.com>
Union now uses the instance checks against its parameters instead of
the subclass checks.
(cherry picked from commit b2ac70a62a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-127586: multiprocessing.Pool does not properly restore blocked signals (try 2) (GH-128011)
Correct pthread_sigmask in resource_tracker to restore old signals
Using SIG_UNBLOCK to remove blocked "ignored signals" may accidentally
cause side effects if the calling parent already had said signals
blocked to begin with and did not intend to unblock them when
creating a pool. Use SIG_SETMASK instead with the previous mask of
blocked signals to restore the original blocked set.
(cherry picked from commit aeb9b65aa2)
Co-authored-by: Stephen Hansen <stephen.paul.hansen@gmail.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-127537: Add __class_getitem__ to the python implementation of functools.partial (#127537)
(cherry picked from commit 401bba6b58)
Co-authored-by: CF Bolz-Tereick <cfbolz@gmx.de>
gh-127847: Fix position in the special-cased zipfile seek (GH-127856)
---------
(cherry picked from commit 7ed6c5c696)
Co-authored-by: Dima Ryazanov <dima@bucket.xxx>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
gh-128049: Fix type confusion bug with the return value of a custom ExceptionGroup split function (GH-128079)
(cherry picked from commit 3879ca0100)
Co-authored-by: Nico-Posada <102486290+Nico-Posada@users.noreply.github.com>
gh-126742: Avoid checking for library filename in test_ctypes (GH-128034)
Avoid checking for library filename in `dlerror()` error messages of test_ctypes.
(cherry picked from commit 335e24fb0a)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
- Add a helper to set an error from locale-encoded `char*`
- Use the helper for gdbm & dlerror messages
Co-authored-by: Victor Stinner <vstinner@python.org>
For dlsym(), a return value of NULL does not necessarily indicate
an error [1].
Therefore, to avoid using stale (or NULL) dlerror() values, we must:
1. clear the previous error state by calling dlerror()
2. call dlsym()
3. call dlerror()
If the return value of dlerror() is not NULL, an error occured.
In ctypes we choose to treat a NULL return value from dlsym()
as a "not found" error. This is the same as the fallback
message we use on Windows, Cygwin or when getting/formatting
the error reason fails.
[1]: https://man7.org/linux/man-pages/man3/dlsym.3.html
Signed-off-by: Georgios Alexopoulos <grgalex42@gmail.com>
Signed-off-by: Georgios Alexopoulos <grgalex@ba.uoa.gr>
Co-authored-by: George Alexopoulos <giorgosalexo0@gmail.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
gh-127906: Skip limited C API test_cext tests if Py_TRACE_REFS
Skip limited C API tests in test_cext and test_cppext if Python is
configured with --with-trace-refs (if the Py_TRACE_REFS macro is
defined).
This backports the *test* from GH-126938, with changed limit and exception class.
Co-authored-by: Melissa0x1f992 <70096546+Melissa0x1f992@users.noreply.github.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry-picked from d51c1444e3)
gh-127906: Test the limited C API in test_cppext (GH-127916)
(cherry picked from commit d05a4e6a0d)
Co-authored-by: Victor Stinner <vstinner@python.org>
