(cherry picked from commit 8b7b5a9946)
(cherry picked from commit bcabbd02f6)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Pierre Le Marre <dev@wismill.eu>
gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)
In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.
Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca06)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
Lookup for CJK ideograms and Hangul syllables is now case-insensitive,
as is the case for other character names.
(cherry picked from commit e66f4a5a9c)
Co-authored-by: James <snoopjedi@gmail.com>
This was causing ucd_3_2_0.numeric() to pick up only decimal
changes between Unicode 3.2.0 and the current version.
(cherry picked from commit 3e0322ff16)
Co-authored-by: William Meehan <wmeehan@fb.com>
gh-143650: Fix importlib race condition on import failure (GH-143651)
Fix a race condition where a thread could receive a partially-initialized
module when another thread's import fails. The race occurs when:
1. Thread 1 starts importing, adds module to sys.modules
2. Thread 2 sees the module in sys.modules via the fast path
3. Thread 1's import fails, removes module from sys.modules
4. Thread 2 returns a stale module reference not in sys.modules
The fix adds verification after the "skip lock" optimization in both Python
and C code paths to check if the module is still in sys.modules. If the
module was removed (due to import failure), we retry the import so the
caller receives the actual exception from the import failure rather than
a stale module reference.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
cherry picked from ac8b5b6890
(cherry picked from commit d5cb9f6a9b)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
- generate_sbom.py: Exclude the refresh script from SBOM
- Modules/expat/refresh.sh: Expand the list of manual steps
(cherry picked from commit 51d309988b)
Modifies handling of `.gz` files in Android app payloads, and ensures that
when the Android testbed streams logs, stream flushes aren't treated as
newlines. This improves the output of test suites that use "one dot per test"
progress indicators.
(cherry picked from commit cb1dc91dcb)
Co-authored-by: Malcolm Smith <smith@chaquo.com>
gh-142555: Fix null pointer dereference in array.__setitem__ via re-entrant __index__ (GH-142713)
(cherry picked from commit 39f16a93ef)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
Fix and simplify a test of `test_repr_rlock` about multiprocessing.RLock primitive.
(cherry picked from commit a98a6bd112)
Co-authored-by: Duprat <yduprat@gmail.com>
gh-144194: Fix mmap failure check in perf_jit_trampoline.c (#143713)
mmap() returns MAP_FAILED ((void*)-1) on error, not NULL. The current
check never detects mmap failures, so jitdump initialization proceeds
even when the memory mapping fails.
(cherry picked from commit 8fe8a94a7c)
Co-authored-by: stratakis <cstratak@redhat.com>
gh-144100: Fix crash for POINTER(str) used in ctypes argtypes (#144108)
(cherry picked from commit 8f459255eb)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
gh-143935: Email preserve parens when folding comments (GH-143936)
Fix a bug in the folding of comments when flattening an email message
using a modern email policy. Comments consisting of a very long sequence of
non-foldable characters could trigger a forced line wrap that omitted the
required leading space on the continuation line, causing the remainder of
the comment to be interpreted as a new header field. This enabled header
injection with carefully crafted inputs.
(cherry picked from commit 17d1490aa9)
Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Denis Ledoux <dle@odoo.com>
gh-143237: Fix support of named pipes in the rotating logging handlers (GH-143259)
This fixes regression introduced in GH-105887.
(cherry picked from commit aa8a43d179)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-143919: Reject control characters in http cookies
(cherry picked from commit 95746b3a13)
Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
Co-authored-by: sobolevn <mail@sobolevn.me>
[3.13] gh-144023: Prevent follow_symlinks from being allowed with an fd of 0 (GH-144022)
The check was (fd > 0), should be (fd >= 0).
(cherry picked from commit fa44efa0ef)
Co-authored-by: AZero13 <gfunni234@gmail.com>
gh-143774 - Improve IDLE Format Paragraph doc (GH-143775)
Add a reminder to not rewrap code line to the Menu => Format => Reformat Paragraph entry.
In Editing and Nagivagion, add a new 'Format block' subsection that defines 'paragraph'
to better match what is dependably handled as more or less expected.
In particular, specify equal indents and that the resulting indent equals original indent.
Also mention that selections are expanded to complete lines and how to modify max length.
(Also fix a couple case errors in cross references.)
(cherry picked from commit fa3abf5a51)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
gh-143916: Reject control characters in wsgiref.headers.Headers (GH-143917)
* Add 'test.support' fixture for C0 control characters
* gh-143916: Reject control characters in wsgiref.headers.Headers
(cherry picked from commit f7fceed79c)
Co-authored-by: Seth Michael Larson <seth@python.org>
This allows to run Tkinter tests with the specified value of
tkinter.wantobjects, for example "-u wantobjects=0".
(cherry picked from commit 21ed1e2a94)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
[3.14] gh-143602: Fix duplicate buffer exports in io.BytesIO.write (#143629) (#143872)
gh-143602: Fix duplicate buffer exports in io.BytesIO.write (#143629)
Fix an inconsistency issue in io.BytesIO.write() where the buffer was exported
twice, which could lead to unexpected data overwrites and position drift when
the buffer changes between exports.
(cherry picked from commit c461aa99e2)
(cherry picked from commit 1241432150)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
Writing out an object may involve a slot lookup, which is not safe to do with
an exception raised. In debug mode an assertion failure will occur if this
happens.
(cherry picked from commit ce8f5f98c6)
Co-authored-by: Duane Griffin <duaneg@dghda.com>
The forkserver was not passing sys.argv to its main() function, causing
sys.argv to be empty during `__main__` module import in child processes. This
fixes a non-obvious regression inadvertently introduced by the gh-126631 main
preloading fix.
(cherry picked from commit 298d5440eb)
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
It was incorrect in case of mixed tabs and spaces in indentation.
(cherry picked from commit 5f28aa2f37)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
