gh-112064: Fix incorrect handling of negative read sizes in `HTTPResponse.read()` (GH-128270)
The parameter `amt` of `HTTPResponse.read()`, which could be a negative integer,
has not been handled before and led to waiting for the connection to close
for `keep-alive connections`. Now, this has been fixed, and passing negative values
to `HTTPResponse().read()` works the same as passing `None` value.
(cherry picked from commit 4d0d24f6e3)
Co-authored-by: Yury Manushkin <manushkin@gmail.com>
gh-119511: Fix a potential denial of service in imaplib (GH-119514)
The IMAP4 client could consume an arbitrary amount of memory when trying
to connect to a malicious server, because it read a "literal" data with a
single read(size) call, and BufferedReader.read() allocates the bytes
object of the specified size before reading. Now the IMAP4 client reads data
by chunks, therefore the amount of used memory is limited by the
amount of the data actually been sent by the server.
(cherry picked from commit 735f25c5e3)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-58956: Set f_trace on frames with breakpoints after setting a new breakpoint (GH-124454)
(cherry picked from commit 12eaadc0ad)
Co-authored-by: Tian Gao <gaogaotiantian@hotmail.com>
gh-80222: Fix email address header folding with long quoted-string (GH-122753)
Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf416858)
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
[3.13] gh-128679: Fix tracemalloc.stop() race conditions (#128897)
tracemalloc_alloc(), tracemalloc_realloc(), PyTraceMalloc_Track(),
PyTraceMalloc_Untrack() and _PyTraceMalloc_TraceRef() now check
tracemalloc_config.tracing after calling TABLES_LOCK().
_PyTraceMalloc_Stop() now protects more code with TABLES_LOCK(),
especially setting tracemalloc_config.tracing to 1.
Add a test using PyTraceMalloc_Track() to test tracemalloc.stop()
race condition.
Call _PyTraceMalloc_Init() at Python startup.
(cherry picked from commit 6b47499510)
[3.12] gh-128991: Release the enter frame reference within bdb callback (GH-128992)
* Release the enter frame reference within bdb callback
* 📜🤖 Added by blurb_it.
---------
(cherry picked from commit 61b35f74aa)
Previously, `_Py_RefcntAdd` hasn't called
`_Py_INCREF_STAT_INC/_Py_INCREF_IMMORTAL_STAT_INC` which is incorrect.
Now it has been fixed.
(cherry picked from commit ab05beb8ce)
gh-128916: Do not set `SO_REUSEPORT` on non-`AF_INET*` sockets (GH-128933)
* gh-128916: Do not set `SO_REUSEPORT` on non-`AF_INET*` sockets
Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies other
than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these address
families, and the call with fail with Linux kernel 6.12.9 and newer.
* Apply suggestions from code review
---------
(cherry picked from commit 3829104ab4)
Co-authored-by: Michał Górny <mgorny@gentoo.org>
Co-authored-by: Vinay Sajip <vinay_sajip@yahoo.co.uk>
gh-67206: Document that `string.printable` is not printable in the POSIX sense (GH-128820)
(cherry picked from commit d906bde250)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
There were possible conflicts if the widget class name ends with a digit.
(cherry picked from commit da8825ea95)
Co-authored-by: Zhikang Yan <2951256653@qq.com>
gh-128302: Fix bugs in xml.dom.xmlbuilder (GH-128284)
* Allow DOMParser.parse() to correctly handle DOMInputSource instances
that only have a systemId attribute set.
* Fix DOMEntityResolver.resolveEntity(), which was broken by the
Python 3.0 transition.
* Add Lib/test/test_xml_dom_xmlbuilder.py with few tests.
(cherry picked from commit 6ea04da270)
Co-authored-by: Stephen Morton <git@tungol.org>
gh-126862: Use `Py_ssize_t` instead of `int` when processing the number of super-classes (GH-127523)
(cherry picked from commit 2fcdc8488c)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
It now supports docstrings with single quotes, escape sequences,
raw string literals, and other Python syntax.
(cherry picked from commit 474e419792)
Co-authored-by: Srinivas Reddy Thatiparthy (తాటిపర్తి శ్రీనివాస్ రెడ్డి) <thatiparthysreenivas@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-98188: Fix EmailMessage.get_payload to decode data when CTE value has extra text (GH-127547)
Up to this point message handling has been very strict with regards to content encoding values: mixed case was accepted, but trailing blanks or other text would cause decoding failure, even if the first token was a valid encoding. By Postel's Rule we should go ahead and decode as long as we can recognize that first token. We have not thought of any security or backward compatibility concerns with this fix.
This fix does introduce a new technique/pattern to the Message code: we look to see if the header has a 'cte' attribute, and if so we use that. This effectively promotes the header API exposed by HeaderRegistry to an API that any header parser "should" support. This seems like a reasonable thing to do. It is not, however, a requirement, as the string value of the header is still used if there is no cte attribute.
The full fix (ignore any trailing blanks or blank-separated trailing text) applies only to the non-compat32 API. compat32 is only fixed to the extent that it now ignores trailing spaces. Note that the HeaderRegistry parsing still records a HeaderDefect if there is extra text.
(cherry picked from commit a62ba52f14)
Co-authored-by: RanKKI <hliu86.me@gmail.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
gh-123085: Fix issue in inferred caller when resources package has no source.
From importlib_resources 6.4.3 (python/importlib_resourcesGH-314).
(cherry picked from commit a53812df12)
gh-127903: Fix a crash on debug builds when calling `Objects/unicodeobject::_copy_characters`` (GH-127876)
(cherry picked from commit 46cb6340d7)
Co-authored-by: Alexander Shadchin <shadchin@yandex-team.com>
Union now uses the instance checks against its parameters instead of
the subclass checks.
(cherry picked from commit b2ac70a62a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-127586: multiprocessing.Pool does not properly restore blocked signals (try 2) (GH-128011)
Correct pthread_sigmask in resource_tracker to restore old signals
Using SIG_UNBLOCK to remove blocked "ignored signals" may accidentally
cause side effects if the calling parent already had said signals
blocked to begin with and did not intend to unblock them when
creating a pool. Use SIG_SETMASK instead with the previous mask of
blocked signals to restore the original blocked set.
(cherry picked from commit aeb9b65aa2)
Co-authored-by: Stephen Hansen <stephen.paul.hansen@gmail.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-127537: Add __class_getitem__ to the python implementation of functools.partial (#127537)
(cherry picked from commit 401bba6b58)
Co-authored-by: CF Bolz-Tereick <cfbolz@gmx.de>
gh-127847: Fix position in the special-cased zipfile seek (GH-127856)
---------
(cherry picked from commit 7ed6c5c696)
Co-authored-by: Dima Ryazanov <dima@bucket.xxx>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
gh-128049: Fix type confusion bug with the return value of a custom ExceptionGroup split function (GH-128079)
(cherry picked from commit 3879ca0100)
Co-authored-by: Nico-Posada <102486290+Nico-Posada@users.noreply.github.com>
For dlsym(), a return value of NULL does not necessarily indicate
an error [1].
Therefore, to avoid using stale (or NULL) dlerror() values, we must:
1. clear the previous error state by calling dlerror()
2. call dlsym()
3. call dlerror()
If the return value of dlerror() is not NULL, an error occured.
In ctypes we choose to treat a NULL return value from dlsym()
as a "not found" error. This is the same as the fallback
message we use on Windows, Cygwin or when getting/formatting
the error reason fails.
[1]: https://man7.org/linux/man-pages/man3/dlsym.3.html
Signed-off-by: Georgios Alexopoulos <grgalex42@gmail.com>
Signed-off-by: Georgios Alexopoulos <grgalex@ba.uoa.gr>
Co-authored-by: George Alexopoulos <giorgosalexo0@gmail.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361)
From the ERR_raise manpage:
ERR_LIB_SYS
This "library code" indicates that a system error is
being reported. In this case, the reason code given
to `ERR_raise()` and `ERR_raise_data()` *must* be
`errno(3)`.
This PR only handles ERR_LIB_SYS for the high-lever error types
SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where
OpenSSL indicates it has some more information about the issue.
(cherry picked from commit f4b31edf2d)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
gh-127906: Test the limited C API in test_cppext (GH-127916)
(cherry picked from commit d05a4e6a0d)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-107249: Implement Py_UNUSED() for MSVC (GH-107250)
Fix warnings C4100 in Py_UNUSED() when Python is built with "cl /W4".
Example with this function included by Python.h:
static inline unsigned int
PyUnicode_IS_READY(PyObject* Py_UNUSED(op))
{ return 1; }
Without this change, building a C program with "cl /W4" which just
includes Python.h emits the warning:
Include\cpython/unicodeobject.h(199):
warning C4100: '_unused_op': unreferenced formal parameter
This change fix this warning.
(cherry picked from commit 6a43cce32b)
Co-authored-by: Victor Stinner <vstinner@python.org>
* `end_offset` is ignored in subclasses of SyntaxError
* 📜🤖 Added by blurb_it.
* Add test
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-127655: Ensure `_SelectorSocketTransport.writelines` pauses the protocol if needed (GH-127656)
Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed.
(cherry picked from commit e991ac8f20)
Co-authored-by: J. Nick Koston <nick@koston.org>
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
