[3.12] gh-89039: Call subclass constructors in datetime.*.replace (GH-114780) (GH-131239)
When replace() method is called on a subclass of datetime, date or time,
properly call derived constructor. Previously, only the base class's
constructor was called.
Also, make sure to pass non-zero fold values when creating subclasses in
various methods. Previously, fold was silently ignored.
(cherry picked from commit 46190d9ea8a878a03d95b4e1bdcdc9ed576cf3fa)
Don't pass direct references to sockaddr members since their type may
not match PyArg_ParseTuple() types. Instead, use temporary 'int' and
'unsigned char' variables, and update sockaddr members afterwards.
[3.12] gh-131736: only apply `security_level` workaround in `test_ssl` for security levels greater than 1 (GH-131739) (#131966)
gh-131736: only apply `security_level` workaround in `test_ssl` for security levels greater than 1 (GH-131739)
(cherry picked from commit 3b3720f1a26ab34377542b48eb6a6565f78ff892)
Co-authored-by: Will Childs-Klein <willck93@gmail.com>
gh-131865: Properly apply exported CFLAGS for dtrace/systemtap builds (GH-131866)
When using --with-dtrace the resulting object file could be missing
specific CFLAGS exported by the build system due to the systemtap
script using specific defaults.
Exporting the CC and CFLAGS variables before the dtrace invocation
allows us to properly apply CFLAGS exported by the build system
even when cross-compiling.
[3.12] gh-126033: fix UAF in `xml.etree.ElementTree.Element.remove` when concurrent mutations happen (GH-126124) (#131930)
gh-126033: fix UAF in `xml.etree.ElementTree.Element.remove` when concurrent mutations happen (GH-126124)
(cherry picked from commit bab1398a47f6d0cfc1be70497f306874c749ef7c)
Bénédikt Tran [Mon, 31 Mar 2025 12:47:22 +0000 (14:47 +0200)]
[3.12] gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964) (#131932)
gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)
We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.
[3.12] gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208) (#131894)
gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208)
(cherry picked from commit edfbd8c062285e83dc5f596288df2a762e68bcdc)
Co-authored-by: Adam Dangoor <adamdangoor@gmail.com>
Steve Dower [Fri, 28 Mar 2025 15:29:20 +0000 (15:29 +0000)]
gh-131423: Update to OpenSSL 3.0.16. (GH-131839)
The bin tag is 3.0.16.1 because we rebuilt without uplink support to fix gh-131804.
This PR also prevents making calls that are now unsafe without uplink, and updates
the tests to property interpret these failures as unsupported.
[3.12] gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764) (#131775)
gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764)
(cherry picked from commit 2c686a9ac243800b630d4a09622c8eb789f5b354)
[3.12] gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742) (#131768)
gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742)
Document the behavior change between 3.11 & 3.12, where ``platform`` now correctly detects Windows 11 and Windows Server releases past Windows Server 2012.
(cherry picked from commit b9ca438daab6a4e2513ab38171e94c75da03d6e3)
Co-authored-by: Idan Noiman <idann@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Wulian <1055917385@qq.com>
[3.12] Docs: Fix documentation for "PyTypeObject Definition" (GH-130936) (GH-131459)
The structure definition for `PyTypeObject` is in `Include/cpython/object.h`,
not in `Include/object.h`.
(cherry picked from commit a0478c9f0c6d6a75ca35a8dc2c74d3b58877f094)
Bénédikt Tran [Mon, 24 Mar 2025 09:31:24 +0000 (10:31 +0100)]
[3.12] gh-131045: [Enum] fix flag containment checks when using values (GH-131053) (#131232)
* gh-131045: [Enum] fix flag containment checks when using values (GH-131053)
Check would fail if value would create a pseudo-member, but that member
had not yet been created. We now attempt to create a pseudo-member for
a passed-in value first.
---------
Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
Nybblista [Sun, 23 Mar 2025 17:43:12 +0000 (20:43 +0300)]
[3.12] gh-131357: Add a set of asserts to test.test_capi.test_bytearray (GH-131554) (#131629)
[3.12] gh-131357: Add a set of asserts to test.test_capi.test_bytearray (#131554)
add a set of asserts to test.test_capi.test_bytearray
1. Assert empty bytearray object for PyByteArray_Check.
2. Assert empty bytearray object for PyByteArray_CheckExact.
3. Assert 0-size bytearray object for PyByteArray_Size.
4. Assert empty bytearray object for PyByteArray_AsString.
5. Assert concatenation of the bytearray object with itself for PyByteArray_Concat.
[3.12] gh-131418: remove unused legacy typedefs in `{md5,sha1}module.c` (GH-131420) (#131619)
gh-131418: remove unused legacy typedefs in `{md5,sha1}module.c` (GH-131420)
- Remove legacy typedefs `MD5_INT32` and `MD5_INT64` in `Modules/md5module.c`
- Remove legacy typedefs `SHA1_INT32` and `SHA1_INT64` in `Modules/sha1module.c`.
Those legacy typedefs were used to detect whether the host platform could
correctly implement MD5 and SHA-1, but this is no longer needed as we now
fallback to HACL* implementations.
(cherry picked from commit a9a399f0ecfeeff91425cc089057f1b95799853b)
luccabb [Fri, 21 Mar 2025 10:15:35 +0000 (03:15 -0700)]
[3.12] gh-88887: Cleanup `multiprocessing.resource_tracker.ResourceTracker` upon deletion (GH-130429) (#131530)
Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit f53e7de6a84a0f535efb75c3671283b801a1af0f)
Gregory P. Smith [Fri, 21 Mar 2025 04:50:10 +0000 (21:50 -0700)]
[3.12] gh-70647: update docs to mention the datetime 1900 year default 2/29 issue (#131534)
* gh-70647: Better promote how to safely parse yearless dates in datetime.
Every four years people encounter this because it just isn't obvious.
This moves the footnote up to a note with a code example.
We'd love to change the default year value for datetime but doing
that could have other consequences for existing code. This documented
workaround *always* works.
[3.12] Docs: Fix documentation for "PyTypeObject Definition" (GH-130936) (GH-131459)
The structure definition for `PyTypeObject` is in `Include/cpython/object.h`,
not in `Include/object.h`.
(cherry picked from commit a0478c9f0c6d6a75ca35a8dc2c74d3b58877f094)
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)
Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.
Co-authored-by: Mike Edmunds <medmunds@gmail.com> Co-authored-by: R David Murray <rdmurray@bitdance.com> Co-authored-by: Petr Viktorin <encukou@gmail.com>
[3.12] gh-116666: Add "token" glossary term (GH-130888) (GH-131368)
gh-116666: Add "token" glossary term (GH-130888)
Add glossary entry for `token`, and link to it.
Avoid talking about tokens in the SyntaxError intro (errors.rst); at this point
tokenization is too much of a technical detail. (Even to an advanced reader,
the fact that a *single* token is highlighted isn't too relevant. Also, we don't
need to guarantee that it's a single token.)
(cherry picked from commit 30d52058493e07fd1d3efea960482f4001bd2f86)
Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Bénédikt Tran [Tue, 18 Mar 2025 09:16:26 +0000 (10:16 +0100)]
[3.12] gh-127667: refactor and improve `_hashopenssl.c` error branches (#131145) (#131348)
gh-127667: refactor and improve `_hashopenssl.c` error branches (#131145)
Refactor `_setException()` into different helpers that can be used separately:
- set_ssl_exception_from_errcode(): set an exception from an explicit SSL error code.
- raise_ssl_error(): set an exception from the last SSL error code or use a user-defined message.
- notify_ssl_error_occurred(): same as raise_ssl_error() but with a generic default message.
[3.12] gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376) (#131378)
gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376)
(cherry picked from commit 94f4d87aeb4d2d7bddcb4c3aad4f62a727ac91ee)
[3.12] gh-130727: Retry test_wmi on TimeoutError (GH-130832) (#130840)
gh-130727: Retry test_wmi on TimeoutError (GH-130832)
Use sleeping_retry() in test_wmi to retry multiple times on
TimeoutError. Wait up to LONG_TIMEOUT seconds (5 minutes by default).
(cherry picked from commit f67ff9e82071b21c1960401aed4844b00b5bfb53)
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.12] gh-129675: Update documentation for tp_basicsize & tp_itemsize (GH-129850) (GH-131078)
- Add alignment requirement
- Mention that ob_size is unreliable if you don't control it
- Add some links for context
- basicsize should include the base type in generaly not just PyObject
- suggest Py_SIZE & Py_SET_SIZE
This adds a “by-the-way” link to `PyObject_New`, which shouldn't be
used for GC types. In order to be comfortable linking to it, I also
add a link to `PyObject_GC_New` from its docs. And the same for
`*Var` variants, while I'm here.
[3.12] gh-129843: fix pure Python implementation of `warnings.warn_explicit` (GH-129848) (#131350)
gh-129843: fix pure Python implementation of `warnings.warn_explicit` (GH-129848)
The pure Python implementation of `warnings.warn_explicit` constructs a `WarningMessage`
with an incorrect source (it incorrectly sets the WarningMessage's line to the given `source`).
(cherry picked from commit 80e00ecc399db8aeaa9f3a1c87a2cfb34517d7be)
[3.12] gh-130814: Enhance documentation for Python C API type objects (GH-130817) (#131224)
gh-130814: Enhance documentation for Python C API type objects (GH-130817)
The "Type Objects" title in `c-api/typeobj.rst`, duplicating the title of `c-api/type.rst`,
has been changed to "Type Objects Structures", thereby slightly improving Sphinx
search.
(cherry picked from commit 6b932edc5216d9766e70fef300a6b842ab33204c)
gh-130959: Reject whitespace in fractions, in pure Python `fromisoformat()` (GH-130962) (GH-131076) (#131086)
Fix the pure Python implementation of `fromisoformat()` to reject any
non-digit characters, including whitespace, in the fractional part
of time specification. This makes the behavior consistent with the C
implementation, and prevents incorrect parsing of these fractions
(e.g. `.400 ` would be misinterpreted as `.04`).
[3.12] gh-80421: Correct definitions of time (GH-130984) (#131023)
gh-80421: Correct definitions of time (GH-130984)
Based on the Wikipedia article, UTC is better said to be a successor than a renaming of GTC and language agnostic rather than an English-French compromise.
(cherry picked from commit 98fa4a49fecbac3c990a25ce5d300592dad31be0)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
[3.12] gh-123726: Document caveats of zipfile.Path around name sanitization (GH-130537) (#130987)
gh-123726: Document caveats of zipfile.Path around name sanitization (GH-130537)
Add a note to the `zipfile.Path` class documentation clarifying that it does not sanitize filenames. This emphasizes the caller's responsibility to validate or sanitize inputs, especially when handling untrusted ZIP archives, to prevent path traversal vulnerabilities. The note also references the `extract` and `extractall` methods for comparison and suggests using `os.path.abspath` and `os.path.commonpath` for safe filename resolution.
(cherry picked from commit a3990df6121880e8c67824a101bb1316de232898)
[3.12] gh-130917: update timer and workload in test_signal (GH-130918) (#130968)
The workload to advance the virtual timeout is too lightweight for some
platforms. As result the test goes in timeout as it never reaches the
end of the timer. By having a heavier workload, the virtual timer
advances rapidly and the SIGVTALRM is sent before the timeout.
(cherry picked from commit 78790811989ab47319e2ee725e0c435b3cdd21ab)
The test could deadlock trying join on the worker processes due to a
combination of behaviors:
* The use of `assertReachesEventually` did not ensure that workers
actually woken.release() because the SyncManager's Semaphore does not
implement get_value.
* This mean that the test could finish and the variable "sleeping" would
got out of scope and be collected. This unregisters the proxy leading
to failures in the worker or possibly the manager.
* The subsequent call to `p.join()` during cleanUp therefore never
finished.
This takes two approaches to fix this:
1) Use woken.acquire() to ensure that the workers actually finish
calling woken.release()
2) At the end of the test, wait until the workers are finished, while `cond`,
`sleeping`, and `woken` are still valid.
(cherry picked from commit c476410dc5ae62ffb5e32f64f9a3a622485c7d93)
Fix a race condition in test_check_output_timeout() of
test_subprocess. Don't write into stdout anymore, since there is no
reliable way to synchronize the parent and the child processes.
Change the timeout from 3 seconds to 0.1 seconds, and remove
@requires_resource('walltime') decorator.
(cherry picked from commit 67a942d4272145ccdbdf4ceff31318e176f71355)
Co-authored-by: Victor Stinner <vstinner@python.org>
projects / thirdparty / Python / cpython.git / log
