[3.14] gh-145754: Update signature retrieval in unittest.mock to use forwardref annotation format (GH-145756) (#146191)
gh-145754: Update signature retrieval in unittest.mock to use forwardref annotation format (GH-145756)
(cherry picked from commit d357a7dbf38868844415ec1d5df80379ea5a2326)
[3.14] gh-145177: Add emscripten run --test, uses test args from config.toml (GH-146160) (#146186)
This allows us to change the test arguments from the python repo rather
than having to change buildmaster-config.
(cherry picked from commit 6b5511d66bab0754d1d959cfe98947c536bf4d82)
Co-authored-by: Hood Chatham <roberthoodchatham@gmail.com> Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Adds a standalone target for building all dependencies so that the buildbot
script is independent of a specific dependency list.
(cherry picked from commit db11623694d1231323ee3a9339f7f7504a839478)
[3.14] gh-145177: Put node version into emscripten/config.toml. (GH-146156) (#146159)
Configure node version as part of the emscripten build script, and install
that node version if it isn't available.
(cherry picked from commit 91e1312b950e3a98a9e968da02500db127e06f43)
Sam Gross [Thu, 19 Mar 2026 14:49:12 +0000 (10:49 -0400)]
[3.14] gh-145779: Improve classmethod/staticmethod scaling in free-threaded build (gh-145826) (#146088)
Add special cases for classmethod and staticmethod descriptors in
_PyObject_GetMethodStackRef() to avoid calling tp_descr_get, which
avoids reference count contention on the bound method and underlying
callable. This improves scaling when calling classmethods and
staticmethods from multiple threads.
Also refactor method_vectorcall in classobject.c into a new
_PyObject_VectorcallPrepend() helper so that it can be used by
PyObject_VectorcallMethod as well.
Victor Stinner [Thu, 19 Mar 2026 11:14:33 +0000 (12:14 +0100)]
[3.14] gh-146092: Fix error handling in _BINARY_OP_ADD_FLOAT opcode (#146119)
Fix error handling in _PyFloat_FromDouble_ConsumeInputs() used by
_BINARY_OP_ADD_FLOAT, _BINARY_OP_SUBTRACT_FLOAT and
_BINARY_OP_MULTIPLY_FLOAT opcodes. PyStackRef_FromPyObjectSteal()
must not be called with a NULL pointer.
[3.14] gh-145254: Fix formatting of thread safety annotations (GH-146111) (#146163)
- Add leading space so that the spacing between the previous annotation
and the thread safety annotation looks correct.
- Remove trailing period from the link to the thread safety level.
(cherry picked from commit 580043dfae90331de15cf1504d09e2c7216182a6)
Provides a `run` command in the Emscripten build tooling, and adds
environment variable configuration for EMSDK_CACHE, CROSS_BUILD_DIR
and QUIET.
(cherry picked from commit abd5246305655fc09e4e3c668c8ca09a1b0fc638)
[3.14] gh-142183: Cache one datachunk per tstate to prevent alloc/dealloc thrashing (GH-145789) (#145828)
Cache one datachunk per tstate to prevent alloc/dealloc thrashing when repeatedly hitting the same call depth at exactly the wrong boundary.
Move new _ts member to the end to not mess up remote debuggers' ideas of the
struct's layout. (The struct is only created by the runtime, and the new
field only used by the runtime, so it should be safe.)
(cherry picked from commit 706fd4ec08acbf1b1def3630017ebe55d224adfa) Co-authored-by: T. Wouters <thomas@python.org> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Serhiy Storchaka [Tue, 17 Mar 2026 10:55:15 +0000 (12:55 +0200)]
[3.14] gh-144545: Improve handling of default values in Argument Clinic (GH-146016) (GH-146052)
* Add the c_init_default attribute which is used to initialize the C variable
if the default is not explicitly provided.
* Add the c_default_init() method which is used to derive c_default from
default if c_default is not explicitly provided.
* Explicit c_default and py_default are now almost always have precedence
over the generated value.
* Add support for bytes literals as default values.
* Improve support for str literals as default values (support non-ASCII
and non-printable characters and special characters like backslash or quotes).
* Fix support for str and bytes literals containing trigraphs, "/*" and "*/".
* Improve support for default values in converters "char" and "int(accept={str})".
* Converter "int(accept={str})" now requires 1-character string instead of
integer as default value.
* Add support for non-None default values in converter "Py_buffer": NULL,
str and bytes literals.
* Improve error handling for invalid default values.
* Rename Null to NullType for consistency.
(cherry picked from commit 99e2c5eccd2b83ac955125522a952a4ff5c7eb43)
[3.14] gh-135329: Remove flaky test_repl_eio test (gh-145932) (#146028)
The test doesn't actually test any pyrepl code (it runs Python with -S)
and has a race condition that causes intermittent timeouts on CI.
(cherry picked from commit e18abc6a1f1b60434b529d4c1ff4855acde0fd13)
[3.14] gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (GH-145600) (#146023)
gh-145599, CVE 2026-3644: Reject control characters in `http.cookies.Morsel.update()` (GH-145600)
Reject control characters in `http.cookies.Morsel.update()` and `http.cookies.BaseCookie.js_output`.
(cherry picked from commit 57e88c1cf95e1481b94ae57abe1010469d47a6b4)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Victor Stinner <victor.stinner@gmail.com>
[3.14] gh-145649: Fix man page text wrapping for -X option (GH-145656) (#146015)
gh-145649: Fix man page text wrapping for -X option (GH-145656)
Replace hardcoded space indentation with proper troff macros
(.TP, .RS/.RE, .IP) for -X sub-options so text wraps correctly
at any terminal width.
(cherry picked from commit 36b5284f04b0a946a7d915bcd656534c9b4dbd85)
Co-authored-by: Matt Van Horn <mvanhorn@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
[3.14] gh-140814: Fix freeze_support() setting start method as side effect (GH-144608) (#146008)
gh-140814: Fix freeze_support() setting start method as side effect (GH-144608)
freeze_support() called get_start_method() without allow_none=True,
which locked in the default start method context. This caused a
subsequent set_start_method() call to raise "context has already been
set". Use allow_none=True and accept None as a matching value, since
spawn.freeze_support() independently detects spawned child processes.
Test that freeze_support() does not lock in the default start method,
which would prevent a subsequent set_start_method() call.
(cherry picked from commit ee5318025b0f9f4d30d9358627df68181e0d223f)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
[3.14] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987) (#145995)
gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)
Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.
[3.14] gh-143636: fix a crash when calling ``__replace__`` on invalid `SimpleNamespace` instances (GH-143655) (#145938)
gh-143636: fix a crash when calling ``__replace__`` on invalid `SimpleNamespace` instances (GH-143655)
(cherry picked from commit 97968564b61965f2a65a9be8af731cee6913eb7a)
[3.14] Docs: except with multiple exceptions parentheses not required (GH-145848) (#145904)
Docs: except with multiple exceptions parentheses not required (GH-145848)
As of PEP 758 the except statement doesn't require parentheses anymore for exception tuples.
(cherry picked from commit 6d1e9ceed3e70ebc39953f5ad4f20702ffa32119)
[3.14] gh-145801: Use gcc -fprofile-update=atomic for PGO builds (GH-145802) (#145892)
gh-145801: Use gcc -fprofile-update=atomic for PGO builds (GH-145802)
When Python build is optimized with GCC using PGO, use
-fprofile-update=atomic option to use atomic operations when updating
profile information. This option reduces the risk of gcov Data Files
(.gcda) corruption which can cause random GCC crashes.
(cherry picked from commit 08a018ebe0d673e9c352f790d2e4604d69604188)
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910) (#145852)
gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910)
(cherry picked from commit 86a0756234df7ce42fa4731c91067cb7f2e244d5)
Modifies the Emscripten build script to allow for caching of dependencies, and
for automated installation of new EMSDK versions.
(cherry picked from commit ebb150e76ab4988fdcd5e8caa36b9014497573a5)
Co-authored-by: Hood Chatham <roberthoodchatham@gmail.com> Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Previously, component-wise relative error bound was tested. However,
such bound can't exist already for complex multiplication as one can be
used to perform subtraction of floating-point numbers, e.g. x and y for
z0=1+1j and z1=x+yj.
```pycon
>>> x, y = 1e-9+1j, 1+1j
>>> a = x*y*y.conjugate()/2;a
(1.0000000272292198e-09+1j)
>>> b = x*(y*y.conjugate()/2);b
(1e-09+1j)
>>> b == x
True
>>> (a.real-b.real)/math.ulp(b.real) 131672427.0
```
(cherry picked from commit c4333a12708a917d1cfb6418c04be45793ecc392)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Savannah Ostrowski <savannah@python.org> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Stan Ulbrych <stan@ulbrych.org>
Sam Gross [Tue, 10 Mar 2026 13:31:52 +0000 (09:31 -0400)]
[3.14] gh-145685: Stop the world when updating MRO of existing types (gh-145707) (#145715)
We already have a stop-the-world pause elsewhere in this code path
(type_set_bases) and this makes will make it easier to avoid contention
on the TYPE_LOCK when looking up names in the MRO hierarchy.
[3.14] gh-145615: Fix mimalloc page leak in the free-threaded build (gh-145626) (#145691)
Fix three issues that caused mimalloc pages to be leaked until the
owning thread exited:
1. In _PyMem_mi_page_maybe_free(), move pages out of the full queue
when relying on QSBR to defer freeing the page. Pages in the full
queue are never searched by mi_page_queue_find_free_ex(), so a page
left there is unusable for allocations.
2. Move _PyMem_mi_page_clear_qsbr() from _mi_page_free_collect() to
_mi_page_thread_free_collect() where it only fires when all blocks
on the page are free (used == 0). The previous placement was too
broad: it cleared QSBR state whenever local_free was non-NULL, but
_mi_page_free_collect() is called from non-allocation paths (e.g.,
page visiting in mi_heap_visit_blocks) where the page is not being
reused.
3. In _PyMem_mi_page_maybe_free(), use the page's heap tld to find the
correct thread state for QSBR list insertion instead of
PyThreadState_GET(). During stop-the-world pauses, the function may
process pages belonging to other threads, so the current thread
state is not necessarily the owner of the page.
[3.14] gh-145219: Add Emscripten cross-build and clean configurability (GH-145581) (#145654)
Modifies the Emscripten build script to allow for custom cross-build directory
names, and to only clean Emscripten-specific paths (optionally including the
build python).
(cherry picked from commit 015613384fea7a00bb2077760e325e5baab6814b)
Co-authored-by: Hood Chatham <roberthoodchatham@gmail.com> Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
[3.14] gh-145177: Support multiple Emscripten versions for Emscripten buildbot (GH-145180) (#145582)
Adds an `--emsdk-cache` argument to the Emscripten build script and an
emscripten_version.txt file. If the `--emsdk-cache` argument is passed, the build script
will look in `emscripten_version.txt` to get the expected emsdk version is installed in
a folder called e.g., 4.0.12 in the directory indicated by the `--emsdk-cache` argument,
and run the build with that Emscripten tooling activated.
(cherry picked from commit c3fb0d9d96902774c08b199dda0479a8d31398a5)
[3.14] gh-145376: Fix crashes in `md5module.c` and `hmacmodule.c` (GH-145422) (#145610)
gh-145376: Fix crashes in `md5module.c` and `hmacmodule.c` (GH-145422)
Fix a possible NULL pointer dereference in `md5module.c` and a double-free in `hmacmodule.c`.
Those crashes only occur in error paths taken when the interpreter fails to allocate memory.
(cherry picked from commit c1d77683213c400fca144692654845e6f5418981)
[3.14] gh-144370: Disallow usage of control characters in status in wsgiref.handlers for security (GH-144371) (#145586)
gh-144370: Disallow usage of control characters in status in wsgiref.handlers for security (GH-144371)
Disallow usage of control characters in status in wsgiref.handlers
to prevent HTTP header injections.
(cherry picked from commit d931725bc850cd096f6703bc285e885f1e015f05)
Co-authored-by: Benedikt Johannes <benedikt.johannes.hofer@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org>
projects / thirdparty / Python / cpython.git / log
