This fixes a memory leak in the _struct module, where as soon
as a Struct object is stored in the cache, there's a cycle from
the _struct module to the cache to Struct objects to the Struct
type back to the module. If _struct.Struct is not gc-tracked, that
cycle is never collected.
gh-91172: Create a workflow for verifying bundled pip and setuptools (GH-31885) (GH-94122)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
(cherry picked from commit d36954b7ead06daead3dcf9b0dd9f8002eab508f)
gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879)
Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target. Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).
gh-93021: Fix __text_signature__ for __get__ (GH-93023) (GH-94086)
Because of the way wrap_descr_get is written, the second argument
to __get__ methods implemented through the wrapper is always
optional.
(cherry picked from commit 4e08fbcfdfa57ea94091aabdd09413708e3fb2bf)
Serhiy Storchaka [Tue, 21 Jun 2022 19:36:09 +0000 (22:36 +0300)]
[3.10] gh-79512: Fixed names and __module__ value of weakref classes (GH-93719) (GH-94071)
Classes ReferenceType, ProxyType and CallableProxyType have now correct
atrtributes __module__, __name__ and __qualname__.
It makes them (types, not instances) pickleable.
(cherry picked from commit 8352e322e87ba39c71e578b65ad8ae156ca3e0c7)
Explicitly note that transactions are only closed if there is an open
transation at `__exit__`, and that transactions are not implicitly
opened during `__enter__`.
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM> Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com> Automerge-Triggered-By: GH:erlend-aasland
(cherry picked from commit 8e0897814109765a9e463676413fff016875217b)
gh-91810: Fix regression with writing an XML declaration with encoding='unicode' (GH-93426) (GH-93790)
Suppress writing an XML declaration in open files in ElementTree.write()
with encoding='unicode' and xml_declaration=None.
If file patch is passed to ElementTree.write() with encoding='unicode',
always open a new file in UTF-8.
(cherry picked from commit d7db9dc3cc5b44d0b4ce000571fecf58089a01ec)
gh-91577: SharedMemory move imports out of methods (GH-91579)
SharedMemory.unlink() uses the unregister() function from resource_tracker. Previously it was imported in the method, but this can fail if the method is called during interpreter shutdown, for example when unlink is part of a __del__() method.
Moving the import to the top of the file, means that the unregister() method is available during interpreter shutdown.
[3.10] gh-79579: Improve DML query detection in sqlite3 (GH-93623) (#93801)
The fix involves using pysqlite_check_remaining_sql(), not only to check
for multiple statements, but now also to strip leading comments and
whitespace from SQL statements, so we can improve DML query detection.
pysqlite_check_remaining_sql() is renamed lstrip_sql(), to more
accurately reflect its function, and hardened to handle more SQL comment
corner cases.
Fix the importlib.resources.as_file() context manager to remove the
temporary file if destroyed late during Python finalization: keep a
local reference to the os.remove() function. Patch by Victor Stinner.
(cherry picked from commit 443ca731d6b1267fe2f92985e0490460c95e44a8)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-91317: Document that Path does not collapse initial `//` (GH-32193)
Documentation for `pathlib` says:
> Spurious slashes and single dots are collapsed, but double dots ('..') are not, since this would change the meaning of a path in the face of symbolic links:
However, it omits that initial double slashes also aren't collapsed.
Later, in documentation of `PurePath.drive`, `PurePath.root`, and `PurePath.name` it mentions UNC but:
- this abbreviation says nothing to a person who is unaware about existence of UNC (Wikipedia doesn't help either by [giving a disambiguation page](https://en.wikipedia.org/wiki/UNC))
- it shows up only if a person needs to use a specific property or decides to fully learn what the module provides.
gh-87961: Remove outdated notes from functions that aren't in the Limited API (GH-93581) (GH-93605)
Nowadays everything that *is* in the Limited API has a note added
automatically.
These notes could mislead people to think that these functions
could never be added to the limited API. Remove them.
gh-90494: Reject 6th element of the __reduce__() tuple (GH-93609) (GH-93632)
copy.copy() and copy.deepcopy() now always raise a TypeError if
__reduce__() returns a tuple with length 6 instead of silently ignore
the 6th item or produce incorrect result.
(cherry picked from commit a365dd64c2a1f0d142540d5031003f24986f489f)
gh-90763: Modernise xx template module initialisation (GH-93078)
Use C APIs such as PyModule_AddType instead of PyModule_AddObject.
Also remove incorrect module decrefs if module fails to initialise.
(cherry picked from commit a87c9b538fbfc42883417c4d5e69f1a5922690e3)
jacksonriley [Tue, 7 Jun 2022 21:58:43 +0000 (22:58 +0100)]
[3.10] Fix `PurePath.relative_to` links in the pathlib documentation (GH-93268) (GH-93590)
These are currently broken as they refer to :meth:`Path.relative_to` rather than :meth:`PurePath.relative_to`, and `relative_to` is a method on `PurePath`..
(cherry picked from commit 8ef7929baffd0038bcb38978a6a91ecc63bf0de2)
Co-authored-by: jacksonriley <52106215+jacksonriley@users.noreply.github.com>
Backport of #93268
Co-authored-by: Sean Fleming Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
📝 Make sure the phrase "constant-time compare" actually appears in the docs (GH-93396) (#93400)
This is purely for SEO as this is the actual generic name for this kind of method and it currently does not appear in a Google search for "python constant time compare". Not creating an issue or setting this up for backports as its trivial (I think) and not a functional change.
(cherry picked from commit 8241a6971e6051ba10040af6b50f9236faa0c892)
gh-89973: Fix re.error in the fnmatch module. (GH-93072)
Character ranges with upper bound less that lower bound (e.g. [c-a])
are now interpreted as empty ranges, for compatibility with other glob
pattern implementations. Previously it was re.error.
(cherry picked from commit 0902c3d8edf7ef67972dd95f6a21670f5d1a4251)
gh-93156 - fix negative indexing into absolute `pathlib.PurePath().parents` (GH-93273)
When a `_PathParents` object has a drive or a root, the length of the
object is *one less* than than the length of `self._parts`, which resulted
in an off-by-one error when `path.parents[-n]` was fed through to
`self._parts[:-n - 1]`. In particular, `path.parents[-1]` was a malformed
path object with spooky properties.
VOC has been archived by the BeeWare project, and they are instead
embedding CPython, rather than transpiling to Java bytecode.
(cherry picked from commit bb900712a5511ba82ef64105fe28d2a6886a8fed)
Co-authored-by: Carl Bordum Hansen <carl@bordum.dk>
"The Warnings Filter" section of the warnings module documentation
describes the message and module filters as "a string containing a
regular expression". While that is true when they are arguments to the
filterwarnings function, it is not true when they appear in -W or
$PYTHONWARNINGS where they are matched literally (after stripping any
starting/ending whitespace). Update the documentation to note when they
are matched literally. Also clarify that module matches the
"fully-qualified module name", rather than "module name" which is
ambiguous.
skip news (since this is a doc fix)
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
* bpo-42272: remove bad submodule warning filter doc
The `error:::mymodule[.*]` example in the "Describing Warning Filters"
section of the warnings module documentation does not behave as the
comment describes. Since the module portion of the filter string is
interpreted literally, it would match a module with a fully-qualified
name that is literally `mymodule[.*]`.
Unfortunately, there is not a way to match '"module" and any subpackages
of "mymodule"' as documented, since the module part of a filter string
is matched literally. Instead, update the filter and comment to match
only "mymodule".
skip news (since this is a doc fix)
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
* bpo-42272: add warning filter doc changes to NEWS
Victor Stinner [Wed, 25 May 2022 22:16:32 +0000 (00:16 +0200)]
[3.10] gh-91924: Fix __ltrace__ for non-UTF-8 stdout encoding (#93214)
Fix __ltrace__ debug feature if the stdout encoding is not UTF-8.
If the stdout encoding is not UTF-8, the first call to
lltrace_resume_frame() indirectly sets lltrace to 0 when calling
unicode_check_encoding_errors() which calls
encodings.search_function().
test.pythoninfo no longer requires socket (GH-93191)
test.pythoninfo no longer fails if "import socket" fails: the socket
module is now optional.
(cherry picked from commit 4a31ed8a32699973ae1f779022794fdab9fa08ee)
Co-authored-by: Victor Stinner <vstinner@python.org>
projects / thirdparty / Python / cpython.git / log
