bpo-45001: Make email date parsing more robust against malformed input (GH-27946) (GH-27974)
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.
The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.
In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.
Here's a minimal example:
$ python
Python 3.9.6 (default, Jun 30 2021, 10:22:16)
[GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import email.utils
>>> email.utils.parsedate('foo')
>>> email.utils.parsedate(' ')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
t = parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
res = _parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
if data[0].endswith(',') or data[0].lower() in _daynames:
IndexError: list index out of range
The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit 989f6a3800f06b2bd31cfef7c3269a443ad94fac)
achraf-mer [Tue, 17 Aug 2021 23:46:37 +0000 (19:46 -0400)]
[3.8] bpo-36384: Leading zeros in IPv4 addresses are no longer tolerated (GH-25099) (GH-27801)
Reverts commit e653d4d8e820a7a004ad399530af0135b45db27a and makes
parsing even more strict. Like socket.inet_pton() any leading zero
is now treated as invalid input.
Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
The address tuple for CAN_RAW no longer returns the address family
after the introduction of CAN ISO-TP support in a30f6d45ac3. However,
updating test_socket.CANTest.testSendFrame was missed as part of the
change, so the test incorrectly attempts to index past the last tuple
item to retrieve the address family.
This removes the now-redundant check for equality against socket.AF_CAN,
as the tuple will not contain the address family.
(cherry picked from commit 355bae88822bee4de6092b63d69c5a5dad393a16)
Co-authored-by: karl ding <karlding@users.noreply.github.com>
bpo-42800: Add audit events for f_code and tb_frame (GH-24182)
Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name):
* PyTracebackObject: tb_frame
* PyFrameObject: f_code
* PyGenObject: gi_code, gi_frame
* PyCoroObject: cr_code, cr_frame
* PyAsyncGenObject: ag_code, ag_frame
(cherry picked from commit bb2f3ff7a8f0c3565ccc1946dba7e09a3f7dc209)
Co-authored-by: Steve Dower <steve.dower@python.org>
Ned Deily [Sun, 2 May 2021 10:55:04 +0000 (06:55 -0400)]
bpo-44009: Provide "python3.x-intel64" for Apple Silicon Macs (GH-25810)
This allows reliably forcing macOS universal2 framework builds
to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs
if needed for testing or when universal2 wheels are not yet
available.
(cherry picked from commit 0cb33da1cc9cebb9b2d67d446feb1cfd36fe7f55)
Co-authored-by: Ned Deily <nad@python.org> Automerge-Triggered-By: GH:ned-deily Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Ned Deily [Sun, 2 May 2021 09:18:58 +0000 (05:18 -0400)]
[3.8] bpo-41100: Support macOS 11 Big Sur and Apple Silicon Macs (#25806)
* bpo-41100: Support macOS 11 and Apple Silicon on Python 3.8
This is a partial backport of bpo-41100 changes `e8b1c038b14b5fc8120aab62c9bf5fb840274cb6` and `96d906b144e6e6aa96c5ffebecbcc5d38034bbda` for Python 3.8. We introduce the ability to build Python from source for `arm64` on macOS, but we do not make a promise of support. This allows us to omit support for Universal2 binaries as well as weak-linking of symbols from the macOS SDK based on the deployment target, which are larger changes much more difficult to merge.
* bpo-41116: Ensure system supplied libraries are found on macOS 11 (GH-23301) (GH-23455)
On macOS system provided libraries are in a shared library cache
and not at their usual location. This PR teaches distutils to search
in the SDK, even if there was no "-sysroot" argument in
the compiler flags.
(cherry picked from commit 404a719b5127602c1a948f8e189ab61cd3f147d8)
* bpo-42504: fix for MACOSX_DEPLOYMENT_TARGET=11 (GH-23556)
macOS releases numbering has changed as of macOS 11 Big Sur. Previously, major releases were of the form 10.x, 10.x+1, 10.x+2, etc; as of Big Sur, they are now x, x+1, etc, so, for example, 10.15, 10.15.1, ..., 10.15.7, 11, 11.0.1, 11.1, ..., 12, 12.1, etc. Allow Python to build with single-digit deployment target values. Patch provided by FX Coudert.
(cherry picked from commit 5291639e611dc3f55a34666036f2c3424648ba50)
* bpo-42504: Ensure that get_config_var('MACOSX_DEPLOYMENT_TARGET') is a string (GH-24341) (GH-24410)
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com> Co-authored-by: FX Coudert <fxcoudert@gmail.com> Co-authored-by: Max Bélanger <aeromax@gmail.com>
[3.8] bpo-42589: Change URL for 'from' link when used in a raised exc… (GH-25755)
…eption (GH-23872)
Links for 'raise Exception from x' target to 'The raise statement' (7.8) section instead of 'The import statement' (7.11) section.
There are more modified links than in the bug report because I searched some other ones which can get the same improvement..
(cherry picked from commit 2fd928c8c1328424130cb9c51fc02ad5f9a66328)
This PR is a cherry pick to python 3.8 from https://github.com/python/cpython/pull/23872. The fix was the removal of the change in the other file because the fixed section was introduced in 3.9. So the file does not need to be fixed in 3.8.
bpo-17305: Link to the third-party idna package. (GH-25208) (#25211)
So long as we don't have idna2008 in the standard library, we should at least point people to the third-party solution.
(cherry picked from commit 1d023e374cf96d143b065242131ddc9b889f9a1e)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
bpo-42924: Fix incorrect copy in bytearray_repeat (GH-24208) (#24212)
Before, using the * operator to repeat a bytearray would copy data from the start of
the internal buffer (ob_bytes) and not from the start of the actual data (ob_start).
(cherry picked from commit 61d8c54f43a7871d016f98b38f86858817d927d5)
Co-authored-by: Tobias Holl <TobiasHoll@users.noreply.github.com>
Quick pydoc update to smtplib.py (GH-22292) (GH-25616)
Fixing minor mistake in the quotes around a couple of arguments for the constructor of the class `SMTP`, in smtplib.py.
(cherry picked from commit b3dec6f9ede35fc3bf7ae1baf0aa5f2ce1b6bf9d)
Fix id of 'Internet Message Format' RFC in email doc GH-25614
Previous ID (5233) refers to "Sieve Email Filtering: Subaddress
Extension". It seems that the actual reference should be "Internet
Message Format" RFC 5322 (https://tools.ietf.org/html/rfc5322).
(The typo probably comes from commit 29d1bc0842 in which the ID of
this RFC got updated from the obsolete 2822.)
[3.9] bpo-43655: Tkinter and IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window (GH-25187). (GH-25588) (GH-25592)
bpo-38822: Fixed os.stat failing on inaccessible directories. (GH-25527)
It would just fail if the path was inaccessible and had a trailing slash. It should fall back to the parent directory's metadata.
(cherry picked from commit fe63a401a9b3ca1751b81b5d6ddb2beb7f3675c1)
Co-authored-by: Steve Dower <steve.dower@python.org>
bpo-43284: Update platform.win32_ver to use _syscmd_ver instead of sys.getwindowsversion() (GH-25500)
The sys module uses the kernel32.dll version number, which can vary from the "actual" Windows version.
Since the best option for getting the version is WMI (which is expensive), we switch back to launching cmd.exe (which is also expensive, but a lot less code on our part).
sys.getwindowsversion() is not updated to avoid launching executables from that module.
(cherry picked from commit 2a3f4899c63806439e5bcea0c30f7e6a6295a763)
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.
(cherry picked from commit 330b49e397168df789fd0dd20cfe7e81b8e47258)
Victor Stinner [Fri, 16 Apr 2021 14:37:09 +0000 (16:37 +0200)]
bpo-43842: Fix race condition in test_logging SMTP test (GH-25436) (GH-25437) (GH-25440)
Fix a race condition in the SMTP test of test_logging. Don't close a
file descriptor (socket) from a different thread while
asyncore.loop() is polling the file descriptor.
[3.8] bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360) (GH-25392)
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.
projects / thirdparty / Python / cpython.git / log
