gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)
We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.
(cherry picked from commit c57623c221)
gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208)
(cherry picked from commit edfbd8c062)
Co-authored-by: Adam Dangoor <adamdangoor@gmail.com>
gh-129994: update docs when using `dualstack_ipv6` in `socket.create_server` (GH-129996)
(cherry picked from commit 044a1e13d5)
Co-authored-by: Alexander Ershov <150328014+AEErshov@users.noreply.github.com>
gh-127541: Update os.walk example (GH-127765)
Update os.walk example to be more modern, skip `__pycache__` dirs rather than `CVS` dirs.
(cherry picked from commit a5949986d6)
Co-authored-by: Totosuki <116938397+totosuki@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
The bin tag is 3.0.16.1 because we rebuilt without uplink support to fix gh-131804.
This PR also prevents making calls that are now unsafe without uplink, and updates
the tests to property interpret these failures as unsupported.
gh-131807: fix ResourceWarning in test_ucn.py (GH-131808)
(cherry picked from commit adb67ed7e4)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-128446: Run Windows CI tests on each commit (GH-131702)
(cherry picked from commit 7d9442f0d5)
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764)
(cherry picked from commit 2c686a9ac2)
Co-authored-by: rialbat <47256826+rialbat@users.noreply.github.com>
gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742)
Document the behavior change between 3.11 & 3.12, where ``platform`` now correctly detects Windows 11 and Windows Server releases past Windows Server 2012.
(cherry picked from commit b9ca438daa)
Co-authored-by: Idan Noiman <idann@users.noreply.github.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Wulian <1055917385@qq.com>
gh-131670: Fix crash in `anext()` when `__anext__` is sync and raises (GH-131682)
(cherry picked from commit 929afd1d6e)
Co-authored-by: sobolevn <mail@sobolevn.me>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
The structure definition for `PyTypeObject` is in `Include/cpython/object.h`,
not in `Include/object.h`.
(cherry picked from commit a0478c9f0c)
Co-authored-by: Yuki Kobayashi <drsuaimqjgar@gmail.com>
* gh-131045: [Enum] fix flag containment checks when using values (GH-131053)
Check would fail if value would create a pseudo-member, but that member
had not yet been created. We now attempt to create a pseudo-member for
a passed-in value first.
---------
Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
[3.12] gh-131357: Add a set of asserts to test.test_capi.test_bytearray (#131554)
add a set of asserts to test.test_capi.test_bytearray
1. Assert empty bytearray object for PyByteArray_Check.
2. Assert empty bytearray object for PyByteArray_CheckExact.
3. Assert 0-size bytearray object for PyByteArray_Size.
4. Assert empty bytearray object for PyByteArray_AsString.
5. Assert concatenation of the bytearray object with itself for PyByteArray_Concat.
(cherry picked from commit f3bf304c27)
gh-131418: remove unused legacy typedefs in `{md5,sha1}module.c` (GH-131420)
- Remove legacy typedefs `MD5_INT32` and `MD5_INT64` in `Modules/md5module.c`
- Remove legacy typedefs `SHA1_INT32` and `SHA1_INT64` in `Modules/sha1module.c`.
Those legacy typedefs were used to detect whether the host platform could
correctly implement MD5 and SHA-1, but this is no longer needed as we now
fallback to HACL* implementations.
(cherry picked from commit a9a399f0ec)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* gh-70647: Better promote how to safely parse yearless dates in datetime.
Every four years people encounter this because it just isn't obvious.
This moves the footnote up to a note with a code example.
We'd love to change the default year value for datetime but doing
that could have other consequences for existing code. This documented
workaround *always* works.
* doctest code within note is bad, dedent.
The structure definition for `PyTypeObject` is in `Include/cpython/object.h`,
not in `Include/object.h`.
(cherry picked from commit a0478c9f0c)
Co-authored-by: Yuki Kobayashi <drsuaimqjgar@gmail.com>
gh-131417: Mention asyncio Future and Task in docs for generic classes list (GH-131422)
Mention asyncio Future and Task in docs for generic classes list
(cherry picked from commit 61b4b2c57c)
Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)
Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.
[Better fix from @bitdancer.]
---------
(cherry picked from commit 295b53df2a)
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
[3.13] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176)
(cherry picked from commit bb0268f60d)
(cherry picked from commit 6af54d298d)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-116666: Add "token" glossary term (GH-130888)
Add glossary entry for `token`, and link to it.
Avoid talking about tokens in the SyntaxError intro (errors.rst); at this point
tokenization is too much of a technical detail. (Even to an advanced reader,
the fact that a *single* token is highlighted isn't too relevant. Also, we don't
need to guarantee that it's a single token.)
(cherry picked from commit 30d5205849)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
gh-127667: refactor and improve `_hashopenssl.c` error branches (#131145)
Refactor `_setException()` into different helpers that can be used separately:
- set_ssl_exception_from_errcode(): set an exception from an explicit SSL error code.
- raise_ssl_error(): set an exception from the last SSL error code or use a user-defined message.
- notify_ssl_error_occurred(): same as raise_ssl_error() but with a generic default message.
(cherry-picked from commit ac50ece6ce).
gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376)
(cherry picked from commit 94f4d87aeb)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
gh-130727: Retry test_wmi on TimeoutError (GH-130832)
Use sleeping_retry() in test_wmi to retry multiple times on
TimeoutError. Wait up to LONG_TIMEOUT seconds (5 minutes by default).
(cherry picked from commit f67ff9e820)
Co-authored-by: Victor Stinner <vstinner@python.org>
- Add alignment requirement
- Mention that ob_size is unreliable if you don't control it
- Add some links for context
- basicsize should include the base type in generaly not just PyObject
- suggest Py_SIZE & Py_SET_SIZE
This adds a “by-the-way” link to `PyObject_New`, which shouldn't be
used for GC types. In order to be comfortable linking to it, I also
add a link to `PyObject_GC_New` from its docs. And the same for
`*Var` variants, while I'm here.
(cherry picked from commit ad0f618ab3)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
gh-131339: test PyBytes_Size for a zero-size bytes object (GH-131340)
(cherry picked from commit 3ae67ba97e)
Co-authored-by: Nybblista <170842536+nybblista@users.noreply.github.com>
gh-129843: fix pure Python implementation of `warnings.warn_explicit` (GH-129848)
The pure Python implementation of `warnings.warn_explicit` constructs a `WarningMessage`
with an incorrect source (it incorrectly sets the WarningMessage's line to the given `source`).
(cherry picked from commit 80e00ecc39)
Co-authored-by: Srinivas Reddy Thatiparthy (తాటిపర్తి శ్రీనివాస్ రెడ్డి) <thatiparthysreenivas@gmail.com>
