gh-110704: Recommend `distclean` target over `clean` when source tree is not clean (GH-112610)
Recommend `distclean` target over `clean` when source tree is not clean
(cherry picked from commit 34631058f2)
Co-authored-by: James <6125322+SnoopJ@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Mia Albert <micha@2231puppy.tech>
Co-authored-by: Stan Ulbrych <stan@python.org>
Co-authored-by: Ned Batchelder <ned@nedbatchelder.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
This has not been observed in practice, but we cannot be 100% sure that
it will not happen with some weird gzip data.
(cherry picked from commit 28eac9a726)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Some of these docstrings read as if they were written when typing.py was
first written, and things have evolved since then.
A few motivations:
- Call protocols protocols instead of ABCs. They are also ABCs, but the fact
they are protocols is more relevant to typing.
- Avoid recommending direct use of .__annotations__ and steer users to
annotationlib instead.
- For TypedDict, mention NotRequired before total=False since it is more
general and probably more frequently useful.
- For overloads, mention runtime use first instead of stub use. I think early on
there was talk of allowing overload only in stubs, but it is now heavily used at
runtime too and that's more likely to be relevant to users.
(cherry picked from commit f159419ae2)
gh-142831: Fix use-after-free in json encoder during re-entrant mutation (gh-142851)
User callbacks invoked during JSON encoding (e.g. the `default` callback or
a custom string encoder) can mutate or clear the dict or sequence being
encoded, invalidating borrowed references to items, keys, and values. Hold
strong references unconditionally while iterating.
(cherry picked from commit 235fa7244a)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
`faulthandler_traverse` visits Python objects owned by `_PyRuntime`, not
by the module instance. With multi-phase init allowing multiple module
instances, each instance's GC traversal decrements `gc_refs` on the same
runtime-owned objects, driving it negative when two instances are
collected simultaneously.
(cherry picked from commit 56737483c2)
gh-95816: Fix TLS version range example in docs (GH-148574)
docs(ssl): Fix TLS version range example
(cherry picked from commit dbd8985e82)
Co-authored-by: Jan Brasna <1784648+janbrasna@users.noreply.github.com>
gh-149707: Fix compiler warning in _ctypes_test on strchr() (#149791)
Change my_strchr() return type to "const char*" (add "const").
Fix the compiler warning:
Modules/_ctypes/_ctypes_test.c: In function 'my_strchr':
Modules/_ctypes/_ctypes_test.c:451:12: warning: return discards
'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
451 | return strchr(s, c);
| ^~~~~~
When using C23, strchr(text, ch) return type is "const char*" if text
type is "const char*".
(cherry picked from commit 5465b69255)
Link to existing rules in compound_stmts.rst (GH-149811)
In gh-138418, `!` was added to links to rules that don't exist in
the docs, in order to silence broken link warnings.
However, productionlist doesn't parse the `!`, which ends up in
the rendered documentation. (It's possible that gh-127835 broke
the `!` support.)
Replace the names with ones that appear in docs:
- `star_named_expression` in the grammar corresponds to
`flexible_expression` in the docs
- `star_named_expressions` in the grammar corresponds to
`flexible_expression_list` in the docs
- `named_expression` in the grammar corresponds to
`assignment_expression` in the docs
Having two sets of names isn't great of course. Consolidating them
is tracked in (subissues of) gh-127833.
(cherry picked from commit c37529293d)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
RFC 2047 Section 6.2 requires that "any 'linear-white-space' that
separates a pair of adjacent 'encoded-word's is ignored." The modern
header value parser correctly implements that for unstructured headers,
but had missed a case in structured headers. This could cause a parsed
address header to include extraneous spaces in a display-name.
Switch to @bitdancer's fix from review feedback. Recharacterize space
between ews as fws after parsing in get_phrase.
RDM: This fix is dependent on the fact that "subsequent" atoms will never have
leading whitespace because that's been consumed already. I don't think
it's worth adding extra code for the possibility of leading whitespace
because the parser won't produce it. It's a bit of parser fragility in the
face of code changes, but I think that's a minor concern given the
parser design (which is that it consumes whitespace greedily)
(cherry picked from commit 7a4c6dfb88)
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-149648)
ftpcp() called parse227() directly and passed the source server's
self-reported PASV IPv4 address to the target server's PORT command,
bypassing the CVE-2021-4189 fix that was applied only to FTP.makepasv().
A malicious source FTP server could use this to redirect the target
server's data connection to an arbitrary host:port (SSRF).
ftpcp() now uses the source server's actual peer address, honoring the
existing trust_server_pasv_ipv4_address opt-out, the same as makepasv().
Thanks to Qi Ding at Aurascape AI for the report. (GHSA-w8c5-q2xf-gf7c)
(cherry picked from commit eac4fe3b2c)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
gh-149776: Skip UDP Lite tests if it's not supported (GH-149777)
Fix test_socket on Linux kernel 7.1 and newer: skip UDP Lite tests if
it's not supported.
(cherry picked from commit 3cfc249e11)
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] Run mypy with four worker processes and uv (GH-149726) (GH-149774)
(cherry picked from commit bb5a81a1ac)
(cherry picked from commit 6304eb1f5b)
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Exclude encodings like 'utf-8-sig', 'iso2022-jp' and 'hz' from the list of
supported encodings.
(cherry picked from commit fa2afa64d9)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* gh-112821: Fix rlcompleter failures on objects with descriptors (GH-149577)
* gh-112821: Fix rlcompleter failures on objects with descriptors
* Confirm no accesses
(cherry picked from commit f23a1837d7)
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
* Add missing import
---------
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
Co-authored-by: Michael Droettboom <mdroettboom@nvidia.com>
* gh-149486: tarfile.data_filter: validate written link target (GH-149487)
The data filter rewrote linknames with normpath() but ran the
containment check against the un-normalised value, and computed a
symlink's directory before stripping trailing slashes. Both let a
crafted archive create links pointing outside the destination. Also
reject link members that resolve to the destination directory itself,
which could otherwise replace it with a symlink and redirect all
subsequent members.
(Patch by Greg; Petr's just reviewing & merging.)
(cherry picked from commit 578411982c)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Also, use urllib.request.urlcleanup() in NetworkTestCase.
(cherry picked from commit 57ef219950)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
