[3.13] gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-149648) (#149794)
gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-149648)
ftpcp() called parse227() directly and passed the source server's
self-reported PASV IPv4 address to the target server's PORT command,
bypassing the CVE-2021-4189 fix that was applied only to FTP.makepasv().
A malicious source FTP server could use this to redirect the target
server's data connection to an arbitrary host:port (SSRF).
ftpcp() now uses the source server's actual peer address, honoring the
existing trust_server_pasv_ipv4_address opt-out, the same as makepasv().
[3.13] gh-148821: Add more strict tests for XML encodings (GH-149765) (GH-149772)
Exclude encodings like 'utf-8-sig', 'iso2022-jp' and 'hz' from the list of
supported encodings.
(cherry picked from commit fa2afa64d9467fb7362672ed603d29d8e246d240)
[3.13] gh-149486: tarfile.data_filter: validate written link target (GH-149487) (GH-149555)
* gh-149486: tarfile.data_filter: validate written link target (GH-149487)
The data filter rewrote linknames with normpath() but ran the
containment check against the un-normalised value, and computed a
symlink's directory before stripping trailing slashes. Both let a
crafted archive create links pointing outside the destination. Also
reject link members that resolve to the destination directory itself,
which could otherwise replace it with a symlink and redirect all
subsequent members.
gh-149096: Remove 'im_*' attribute reference from inspect module docstring (GH-149108)
The im_class/func/self names were removed in 3.0. The prefix appears nowhere else in inspect.py
and nowhere in inspect.rst.
(cherry picked from commit e4444538dcd60a1b655c620b4d3bba59a7830f25)
[3.13] GH-130750: Restore quoting of choices in argparse error messag… (#149386)
[3.13] GH-130750: Restore quoting of choices in argparse error messages to match documentation and improve clarity (GH-144983)
(cherry picked from commit 53a7f76501923059188922be231db855265fe9a4)
[3.13] gh-138907: Support RFC 9309 in robotparser (GH-138908) (GH-149376)
* empty lines are always ignored instead of separating groups
* the "user-agent" line after a rule starts a new group
* groups matching the same user agent are now merged
* the rule with the longest match wins instead of the first matching rule
* in case of equal matches, the “Allow” rule wins over “Disallow”
* special characters “$” and “*” are now supported in rules
* prefer full match for user agent
Avoid the phrasing ‘starting with ::FFFF/96’, which is confusing since
it seems to mix a prefix and a range. Instead, make it clear what the
actual range is, and refer to the relevant RFC.
The kind attribute of ast.Constant was not mentioned in the
documentation. It is set to 'u' for u-prefixed string literals
and None for all other constants.
[3.13] gh-148914: Fix memoization of in-band PickleBuffer in the Python implementation (GH-149052) (GH-149275)
Previously, identical PickleBuffers did not preserve identity.
Also, empty writable PickleBuffer memoized an empty bytearray object
in place of b'' which is a singleton in CPython, so the following
references to b'' were unpickled as an empty bytearray object.
(cherry picked from commit b89735625dff07005c31bdc86cbe7113ef1b59d0)
[3.13] gh-149117: Set `ImportError.name` on errors from `runpy.run_module`/`run_path` (gh-149159) (#149258)
gh-149117: Set `ImportError.name` on errors from `runpy.run_module`/`run_path` (gh-149159)
Set ImportError.name on errors from runpy.run_module/run_path
`runpy.run_module()` and `runpy.run_path()` now set the `name` attribute
of the `ImportError` they raise to the requested module name, matching
the behaviour of a regular import statement (previously `name` was
always `None`, which broke introspection).
The `name=` kwarg is gated on `issubclass(error, ImportError)` because
`_get_module_details()` is also used by `_run_module_as_main()` with
a private `_Error` sentinel class. `_Error` does not subclass
ImportError, and `BaseException.__init__` rejects unknown kwargs at
the C level, so passing `name=` unconditionally would break the
`python -m foo` codepath.
(cherry picked from commit ff35fe4633cc6d3a30f6af8281dfa641783c1d07)
[3.13] gh-148518 fix index error in local part attribute (GH-148522) (#149199)
As part of fixing bpo-27931 code was introduced to get_bare_quoted_string
that added an empty Terminal if the quoted string was empty. This isn't
the best answer in terms of the parse tree; we really want the token
list to be empty in that case. But having it be empty resulted in
local_part raising the index error. We find that same problem if we
try to parse an address consisting of a single dquote. By fixing
local_part to not raise on an empty token list, we can have the
bare_quoted_string code correctly return an empty token list for
the empty string cases (two dquotes or a single dquote as the
entire addrespec, at the end of a line).
(cherry picked from commit bdbb55c403d2ab6b4b0a3e994d21b623fee4a544)
Co-authored-by: R. David Murray <rdmurray@bitdance.com>
[3.13] bpo-39100: _header_value_parser: do not treat a Group as invalid-mailbox (GH-24872) (#149192)
When an address in an address-list has garbage at the end, the code will
currently:
1. change the mailbox in the last parsed address into invalid-mailbox by
overriding its token_type;
2. wrap the trailing garbage into another invalid-mailbox and append it
to the last parsed address.
However, that does not take into account that an address may
also contain a Group instead of a single mailbox. In that case,
overwriting token_type leads to undesirable results, e.g. parsing an
email with the following 'To' header:
unlisted-recipients:; (no To-header on input)
raises an AttributeError from trying to treat the Group as a Mailbox.
Moreover it is questionable whether the previously parsed mailbox should
be treated as invalid in addition to the trailing garbage.
Address both of the above by wrapping the trailing garbage in a new
Address with a single invalid-mailbox, and append it to the AddressList
directly.
Changes the results of the
test_get_address_list_mailboxes_invalid_addresses test, where the
address list is now parsed into 4 mailboxes instead of 3 (all but the
first one are invalid).
(cherry picked from commit b413bc7a1f0946f734d9660239b4e2e8ddc48522)
[3.13] gh-135944: Add a "Runtime Components" Section to the Execution Model Docs (gh-135945) (#139510)
* gh-135944: Add a "Runtime Components" Section to the Execution Model Docs (gh-135945)
The section provides a brief overview of the Python runtime's execution environment. It is meant to be implementation agnostic,
(cherry picked from commit 46a1f0a9ff6e7cbea111dcb35e7aced1a7a3f3dc)
Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com>
* concurrent.interpreters was added to Python 3.14
---------
Co-authored-by: Eric Snow <ericsnowcurrently@gmail.com> Co-authored-by: T. Wouters <thomas@python.org> Co-authored-by: Kumar Aditya <kumaraditya@python.org> Co-authored-by: Victor Stinner <vstinner@python.org>
[3.13] gh-148529: Minor improvements of the struct module documentation (GH-148565) (GH-149072)
* Document that 's' and 'p' accept bytes and bytearray.
* Fix some footnotes.
* Clarify that "string" is a byte string.
* Fix the module docstring.
(cherry picked from commit 3e5a3cb2bd222f97f793b01bc1c0f7bb62aefc31)
[3.13] Document that multiprocessing treats local same-user processes as trusted (GH-149001) (#149034)
Document that multiprocessing treats local same-user processes as trusted (GH-149001)
Clarify in the Authentication keys section that the authkey handshake
covers Listener/Client (addressable endpoints) only, not the anonymous
pipes behind Pipe() and Queue, and that isolation between same-user
processes must be arranged at the OS level.
(cherry picked from commit f27e91e37212f148b8fe72a3656a69b242625622)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Gregory P. Smith [Sun, 26 Apr 2026 05:55:20 +0000 (22:55 -0700)]
[3.13] gh-105936: Properly update closure cells for __setattr__ and __delattr__ in frozen dataclasses with slots (GH-144021) (GH-148476)
gh-105936: Properly update closure cells for `__setattr__` and `__delattr__` in frozen dataclasses with slots (GH-144021)
(cherry picked from commit 8a398bfbbc6769f6cabb3177702e7a506e203d61)
The cherry-pick required additional changes beyond the original commit
because 3.13 lacks the `__class__` closure cell fixup machinery that
was added in 3.14 by GH-124455 (gh-90562). Specifically:
- Backported `_update_func_cell_for__class__()` helper function and the
closure fixup loop in `_add_slots()` from GH-124455. Without these,
renaming the closure variable from `cls` to `__class__` has no effect
because nothing updates the cell when the class is recreated with slots.
- Changed `_add_slots()` to use `newcls` instead of reusing `cls` for the
recreated class, so both old and new class references are available for
the fixup loop.
- Replaced `assertNotHasAttr` with `assertFalse(hasattr(...))` in tests
(assertNotHasAttr was added in 3.14).
- Dropped `test_original_class_is_gced` additions (that test does not
exist on 3.13; it was added by GH-137047 for gh-135228 which was not
backported to 3.13).
gh-148947: dataclasses: fix error on empty __class__ cell (GH-148948)
[3.13] gh-141473: Speed up subprocess test_communicate_timeout_large_input long tail (GH-149003) (#149005)
gh-141473: Speed up subprocess test_communicate_timeout_large_input long tail (GH-149003)
gh-141473: Speed up test_communicate_timeout_large_input
Replace the slow reader's 30s sleep with a parent-driven wake over a
loopback socket so post-timeout communicate() doesn't block waiting
for the child to wake on its own. Worst-case runtime: ~30s -> <1s.
(cherry picked from commit e1384cfd25b4fba5e0f8f3e6b536930e2e6cf5cf)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
[3.13] gh-142965: Fix Concatenate documentation to reflect valid use cases (GH-143316) (#148900)
The documentation previously stated that Concatenate is only valid
when used as the first argument to Callable, but according to PEP 612,
it can also be used when instantiating user-defined generic classes
with ParamSpec parameters.
(cherry picked from commit 75ff1afcb6a1bb2b3d54899e9b222a61798fa491)
Co-authored-by: John Seong <39040639+sandole@users.noreply.github.com>
_PyRawMutex_UnlockSlow CAS-removes the waiter from the list and then
calls _PySemaphore_Wakeup, with no handshake. If _PySemaphore_Wait
returns Py_PARK_INTR, the waiter can destroy its stack-allocated
semaphore before the unlocker's Wakeup runs, causing a fatal error from
ReleaseSemaphore / sem_post.
Loop in _PyRawMutex_LockSlow until _PySemaphore_Wait returns Py_PARK_OK,
which is only signalled when a matching Wakeup has been observed.
Also include GetLastError() and the handle in the Windows fatal messages
in _PySemaphore_Init, _PySemaphore_Wait, and _PySemaphore_Wakeup to make
similar races easier to diagnose in the future.
[3.13] gh-148763: Fix paramter name in `multiprocessing.connection.send_bytes/recv_bytes_into` docs (GH-126603) (#148787)
gh-148763: Fix paramter name in `multiprocessing.connection.send_bytes/recv_bytes_into` docs (GH-126603)
(cherry picked from commit e50acef0b2c2057874a9eec98c37ca6cf8ee98e1)
Doc: Fix buf argument name in multiprocessing connection send_bytes
Co-authored-by: Matthew Davis <7035647+mdavis-xyz@users.noreply.github.com>
Forbid marshalling recursive code objects which
cannot be correctly unmarshalled.
Add multiple tests for recursive data structures.
(cherry picked from commit 2e37d836411e99cff7bb341ba14be5ea95fac08c)
Victor Stinner [Thu, 16 Apr 2026 17:50:27 +0000 (19:50 +0200)]
[3.13] gh-148535: Don't use gcc -fprofile-update=atomic flag on i686 (#148554) (#148656)
gh-148535: Don't use gcc -fprofile-update=atomic flag on i686 (#148554)
The -fprofile-update=atomic flag was added to fix a random GCC
internal error on PGO build (gh-145801) caused by corruption of
profile data (.gcda files). The problem is that it makes the PGO
build way slower (up to 47x slower) on i686. Since the GCC internal
error was not seen on i686 so far, don't use -fprofile-update=atomic
on i686.
Use negative lookahead in option regex to prevent backtracking, and to avoid changing logic outside the regexes (since people could use the regex directly).
(cherry picked from commit 7e0a0be4097f9d29d66fe23f5af86f18a34ed7dd)
[3.13] gh-148192: Fix Generator._make_boundary behavior with CRLF line endings. (GH-148193) (#148549)
The Generator._make_boundary regex did not match on boundary phrases correctly when using CRLF line endings due to re.MULTILINE not considering \r\n as a line ending.
(cherry picked from commit 4af46b4ab5af49d8df034320a9a70fcbb062f7cf)
Co-authored-by: Henry Jones <44321887+henryivesjones@users.noreply.github.com>
[3.13] gh-148508: Add resilience to SSL preauth tests on iOS (GH-148536) (#148540)
Adds handling for a test case seen in the iOS SSL tests where an SSL connection fails to
handshake correctly.
(cherry picked from commit c40e8b016a90820e4d799922903b90a505ffaf55)
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
[3.13] gh-146139: Disable `socketpair` authentication on WASI (GH-146140) (#148527)
gh-146139: Disable `socketpair` authentication on WASI (GH-146140)
Calling `connect(2)` on a non-blocking socket on WASI may leave the socket in a
"connecting" but not yet "connected" state. In the former case, calling
`getpeername(2)` on it will fail, leading to an unhandled exception in Python.
(cherry picked from commit a5b76d53bb29afd864243f44ef22968f6385dfa0)
Co-authored-by: Joel Dice <joel.dice@akamai.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Brett Cannon <brett@python.org>
[3.13] tests: use errno.EBADF instead of hardcoded number in _close_file() (GH-148345) (#148411)
tests: use errno.EBADF instead of hardcoded number in _close_file() (GH-148345)
test_interpreters: use errno.EBADF instead of hardcoded number in _close_file()
Replace the hardcoded `9` check in `Lib/test/test_interpreters/utils.py` with `errno.EBADF`.
Using `errno.EBADF` makes the helper portable across platforms with different errno numbering while preserving the intended behavior.
(cherry picked from commit cef334fd4c4c24a542ce81ad940b1426b5a7cdbd)
Ensures that the testbed's Gradle configuration uses the cross-build environment
variable, and that variable is passed to Gradle by the cross-build script.
(cherry picked from commit b29afe62f7236f7161c2670dccc24368217a7fb1)
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Malcolm Smith <smith@chaquo.com>
[3.13] gh-146313: Fix multiprocessing ResourceTracker deadlock after os.fork() (GH-146316) (#148426)
gh-146313: Fix multiprocessing ResourceTracker deadlock after os.fork() (GH-146316)
`ResourceTracker.__del__` (added in gh-88887 circa Python 3.12) calls
os.waitpid(pid, 0) which blocks indefinitely if a process created via os.fork()
still holds the tracker pipe's write end. The tracker never sees EOF, never
exits, and the parent hangs at interpreter shutdown.
Fix with two layers:
- **At-fork handler.** An os.register_at_fork(after_in_child=...)
handler closes the inherited pipe fd in the child unless a preserve
flag is set. popen_fork.Popen._launch() sets the flag before its
fork so mp.Process(fork) children keep the fd and reuse the parent's
tracker (preserving gh-80849). Raw os.fork() children close the fd,
letting the parent reap promptly.
- **Timeout safety-net.** _stop_locked() gains a wait_timeout
parameter. When called from `__del__`, it polls with WNOHANG using
exponential backoff for up to 1 second instead of blocking
indefinitely. The at-fork handler makes this unreachable in
well-behaved paths; it remains for abnormal shutdowns.
(cherry picked from commit 3a7df632c96eb6c5de12fac08d1da42df9e25334)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Itamar Oren <itamarost@gmail.com>
[3.13] gh-147965: Add shutdown() to multiprocessing.Queue excluded methods (GH-147970) (#148417)
gh-147965: Add shutdown() to multiprocessing.Queue excluded methods (GH-147970)
The multiprocessing.Queue documentation states it implements all
methods of queue.Queue except task_done() and join(). Since
queue.Queue.shutdown() was added in Python 3.13,
multiprocessing.Queue also does not implement it. Update the docs
to include shutdown() in the list of excluded methods.
(cherry picked from commit 22290ed011a8ac4060390e57f53053ab932fb3f3)
[3.13] gh-145105: Fix crash in csv.reader with re-entrant iterator (GH-145106) (#148405)
gh-145105: Fix crash in csv.reader with re-entrant iterator (GH-145106)
When a custom iterator calls next() on the same csv.reader from
within __next__, the inner iteration sets self->fields to NULL.
The outer iteration then crashes in parse_save_field() by passing
NULL to PyList_Append.
Add a guard after PyIter_Next() to detect that fields was set to
NULL by a re-entrant call, and raise csv.Error instead of crashing.
(cherry picked from commit 20994b1809f9c162e4cae01a5af08bd492ede9f9)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
decoded[:-1] only strips one character, leaving a stray \r when eol
is two characters. Fix: decoded[:-len(eol)].
(cherry picked from commit 1a0edb1fa899c067f19b09598b45cdb6e733c4ee)
Co-authored-by: Stefan Zetzsche <120379523+stefanzetzsche@users.noreply.github.com>
projects / thirdparty / Python / cpython.git / log
