Dima Pasechnik [Tue, 26 Feb 2019 10:41:15 +0000 (10:41 +0000)]
[2.7] bpo-36106: resolve sinpi name clash with libm (IEEE-754 violation). (GH-12027) (GH-12050)
The standard math library (libm) may follow IEEE-754 recommendation to
include an implementation of sinPi(), i.e. sinPi(x):=sin(pi*x).
And this triggers a name clash, found by FreeBSD developer
Steve Kargl, who worked on putting sinpi into libm used on FreeBSD
(it has to be named "sinpi", not "sinPi", cf. e.g.
https://en.cppreference.com/w/c/experimental/fpext4).
Tzu-ping Chung [Tue, 19 Feb 2019 03:06:10 +0000 (11:06 +0800)]
[2.7] bpo-1104: msilib.SummaryInfo.GetProperty() truncates the string by one character (GH-4517) (GH-11749)
Add one char to MsiSummaryInfoGetProperty() output
Based on the patch in [bpo-1104](https://bugs.python.org/issue1104) by Anthony Tuininga (atuining) and Mark McMahon (markm)
(cherry picked from commit 2de576e16d42ce43698d384d0dd46ba6cf165424)
stratakis [Fri, 15 Feb 2019 17:27:44 +0000 (18:27 +0100)]
[2.7] bpo-32947: Fixes for TLS 1.3 and OpenSSL 1.1.1 (GH-8761) (GH-11876)
Backport of TLS 1.3 related fixes from 3.7.
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1 from git
master and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options
stratakis [Fri, 15 Feb 2019 14:24:11 +0000 (15:24 +0100)]
[2.7] bpo-28043: improved default settings for SSLContext (GH-10608)
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE,
OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except
for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3)
are set by default. The initial cipher suite list contains only
HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.
Also update multissltests to test with latest OpenSSL.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 3e630c541b35c96bfe5619165255e559f577ee71) Co-authored-by: Christian Heimes <christian@python.org>
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Serhiy Storchaka [Sat, 12 Jan 2019 09:20:50 +0000 (11:20 +0200)]
[2.7] bpo-35552: Fix reading past the end in PyString_FromFormat(). (GH-11276) (GH-11534)
Format character "%s" in PyString_FromFormat() no longer read memory
past the limit if precision is specified.
(cherry picked from commit d586ccb04f79863c819b212ec5b9d873964078e4)
Matt McCormick [Sat, 22 Dec 2018 01:41:36 +0000 (20:41 -0500)]
bpo-11566: Remove hypot -> _hypot macro for very old compilers (GH-11283)
This addresses C extension build errors related to an undefined _hypot
symbol when building with the Microsoft Visual C++ Compiler for Python
2.7 [1] or MinGWPy [2]. It also addresses errors when building a C++
extension with MinGWPy and C++11 from cmath, 'error "::hypot' has not
been declared'
Victor Stinner [Fri, 14 Dec 2018 12:44:08 +0000 (13:44 +0100)]
bpo-34279: regrtest consider that skipped tests are ran (GH-11132) (GH-11158)
bpo-34279, bpo-35412: support.run_unittest() no longer raises
TestDidNotRun if a test result contains skipped tests. The
exception is now only raised if no test have been run and no test
have been skipped.
* bpo-16039: CVE-2013-1752: Change use of readline() in
imaplib.IMAP4_SSL to limit line length. Remove IMAP4_SSL.readline()
and IMAP4_SSL.read() to inherit safe IMAP4 implementation.
* bpo-20118: reenable test_linetoolong() of test_imaplib
on ThreadedNetworkedTests and ThreadedNetworkedTestsSSL.
The test now sets the _MAXLINE limit to 10 characters.
bpo-31374: Include pyconfig.h earlier in expat (GH-11064)
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
(cherry picked from commit cf247359d5b7082044eea1fa94b5211a172b1ff6)
Co-authored-by: Victor Stinner <vstinner@redhat.com>
Victor Stinner [Mon, 10 Dec 2018 10:56:54 +0000 (11:56 +0100)]
bpo-35052: Fix handler on xml.dom.minidom.cloneNode() (GH-11061) (GH-11068)
Fix xml.dom.minidom cloneNode() on a document with an entity: pass
the correct arguments to the user data handler of an entity (fix an
old copy/paste mistake).
Bug spotted and fix proposed by Charalampos Stratakis, initial
reproducer written by Petr Viktorin.
Co-Authored-By: Charalampos Stratakis <cstratak@redhat.com> Co-Authored-By: Petr Viktorin <encukou@gmail.com>
(cherry picked from commit 8e0418688906206fe59bd26344320c0fc026849e)
Victor Stinner [Thu, 6 Dec 2018 10:56:00 +0000 (11:56 +0100)]
bpo-35359: Add _CRT_SECURE_NO_WARNINGS to pythoncore project (GH-10819)
Define _CRT_SECURE_NO_WARNINGS in the Visual Studio pythoncore
project to make quiet security warnings when building zlib C files
(Modules\zlib\ subdirectory).
* posixpath.expanduser() now returns the input path unchanged if
the HOME environment variable is not set and pwd.getpwuid() raises
KeyError (the current user identifier doesn't exist in the password
database).
* Add test_no_home_directory() to test_site.
bpo-34185: Fix test module collision in test_bdb when ran as script. (GH-8537)
When running test_bdb.py as a script, `import test_module` would be
importing the existing Lib/test/test_modules.py instead of the
tempcwd/test_module.py module which was dynamically created by
test_bdb.py itself.
(cherry picked from commit 54fd45505b3a365e6d53441e6dd7e0d1ec13b46f)
Co-authored-by: Alex H <1884912+lajarre@users.noreply.github.com>
[2.7] bpo-25862: Fix several bugs in the _io module. (GH-8026) (GH-8033)
They can be exposed when some C API calls fail due to lack of
memory.
* Failed Py_BuildValue() could cause an assertion error in the
following TextIOWrapper.tell().
* initvalue could leak in StringIO.__getstate__() after failed
PyDict_Copy().
(cherry picked from commit fdb5a50ef34f7951c3b01eb77b1359725a9ad670)
Victor Stinner [Mon, 3 Dec 2018 11:29:29 +0000 (12:29 +0100)]
bpo-35368: Make PyMem_Malloc() thread-safe in debug mode (GH-10828)
When Python is compiled in debug mode, PyMem_Malloc() uses debug
hooks, but it also uses pymalloc allocator instead of malloc().
Problem: pymalloc is not thread-safe, whereas PyMem_Malloc() is
thread-safe in release mode (it's a thin wrapper to malloc() in this
case).
Modify the debug hook to use malloc() for PyMem_Malloc().
Victor Stinner [Fri, 30 Nov 2018 17:08:02 +0000 (18:08 +0100)]
bpo-33015: Use malloc() in PyThread_start_new_thread() (GH-10829)
The pthread implementation of PyThread_start_new_thread() now uses
malloc/free rather than PyMem_Malloc/PyMem_Free, since the latters
are not thread-safe.
testAccept() and testRecv() of test_socket.NonBlockingTCPTests have a
race condition: time.sleep() is used as a weak synchronization
primitive and the tests fail randomly on slow buildbots.
Use a reliable threading.Event to fix these tests.
Other changes:
* Replace send() with sendall()
* Add a timeout to select() in testAccept() and testRecv()
* Use addCleanup() to close sockets
* Use assertRaises()
Victor Stinner [Thu, 29 Nov 2018 22:38:35 +0000 (23:38 +0100)]
bpo-34021: Windows skips test_regrtest.test_env_changed() (GH-10804)
On Windows, test_env_changed() of test_regrtest is now skipped
because it fails randomly for an unknown reason on "x86 Windows XP
VS9.0 2.7" buildbot worker.
Serhiy Storchaka [Tue, 20 Nov 2018 19:56:34 +0000 (21:56 +0200)]
[2.7] bpo-35021: Fix assertion failures in _datetimemodule.c. (GH-10039) (GH-10617)
Fixes assertion failures in _datetimemodule.c
introduced in the previous fix (see bpo-31752).
Rather of trying to handle an int subclass as exact int,
let it to use overridden special methods, but check the
result of divmod().
(cherry picked from commit 3ec0f495163da3b7a15deb2805cec48aed432f58)
Alexey Izbyshev [Sat, 10 Nov 2018 05:47:12 +0000 (08:47 +0300)]
[2.7] bpo-35194: Fix a wrong constant in cp932 codec. (GH-10420) (GH-10433)
This typo doesn't affect the result because wrong bits are discarded
on implicit conversion to unsigned char, but it trips UBSan
with -fsanitize=implicit-integer-truncation.
(cherry picked from commit 7a69cf47a9bbc95f95fd67c982bff121b2a903cb)
projects / thirdparty / Python / cpython.git / log
