[3.13] gh-131675: Fix `mi_atomic_yield` in mimalloc on 32-bit ARM (gh-131784) (gh-131954)
Use the standard `__ARM_ARCH` macro, which is supported by GCC and Clang.
The branching logic for of `__ARMEL__` has been removed so if the target
architecture supports v7+ instructions, a yield is emitted, otherwise a nop
is emitted. This covers both big and little endian scenarios.
(cherry picked from commit 03f6c8e239723637811fd8d278661f5292351197)
Signed-off-by: Vincent Fazio <vfazio@gmail.com> Co-authored-by: Vincent Fazio <vfazio@gmail.com>
gh-131865: Properly apply exported CFLAGS for dtrace/systemtap builds (GH-131866)
When using --with-dtrace the resulting object file could be missing
specific CFLAGS exported by the build system due to the systemtap
script using specific defaults.
Exporting the CC and CFLAGS variables before the dtrace invocation
allows us to properly apply CFLAGS exported by the build system
even when cross-compiling.
[3.13] gh-126033: fix UAF in `xml.etree.ElementTree.Element.remove` when concurrent mutations happen (GH-126124) (#131929)
gh-126033: fix UAF in `xml.etree.ElementTree.Element.remove` when concurrent mutations happen (GH-126124)
(cherry picked from commit bab1398a47f6d0cfc1be70497f306874c749ef7c)
Bénédikt Tran [Mon, 31 Mar 2025 12:48:42 +0000 (14:48 +0200)]
[3.13] gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when current mutations happen (#127964) (#131931)
gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)
We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.
[3.13] gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208) (#131893)
gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208)
(cherry picked from commit edfbd8c062285e83dc5f596288df2a762e68bcdc)
Co-authored-by: Adam Dangoor <adamdangoor@gmail.com>
Thomas Grainger [Sat, 29 Mar 2025 19:21:33 +0000 (19:21 +0000)]
[3.13] gh-128770: raise warnings as errors in test suite - except for test_socket which still logs warnings, and internal test warnings that are now logged (#131802)
Steve Dower [Fri, 28 Mar 2025 16:28:11 +0000 (16:28 +0000)]
gh-131423: Update to OpenSSL 3.0.16. (GH-131839)
The bin tag is 3.0.16.1 because we rebuilt without uplink support to fix gh-131804.
This PR also prevents making calls that are now unsafe without uplink, and updates
the tests to property interpret these failures as unsupported.
[3.13] gh-117174: Adapt test_multiple_statements_fail_early now that we have always source (GH-131065) (#131850)
gh-117174: Adapt test_multiple_statements_fail_early now that we have always source (GH-131065)
(cherry picked from commit 4192ce17ba643e5b0bc9d2182a429002e4cc9dfe)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
[3.13] gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764) (#131774)
gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764)
(cherry picked from commit 2c686a9ac243800b630d4a09622c8eb789f5b354)
[3.13] gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742) (#131767)
gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742)
Document the behavior change between 3.11 & 3.12, where ``platform`` now correctly detects Windows 11 and Windows Server releases past Windows Server 2012.
(cherry picked from commit b9ca438daab6a4e2513ab38171e94c75da03d6e3)
Co-authored-by: Idan Noiman <idann@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Wulian <1055917385@qq.com>
[3.13] gh-129900: Fix `SystemExit` return codes when the REPL is started from the command line (GH-129901) (#131734)
gh-129900: Fix `SystemExit` return codes when the REPL is started from the command line (GH-129901)
(cherry picked from commit 90b82f2b61219c8f94e2deddc989a4c4fe9ea7c7)
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
[3.13] gh-131045: [Enum] fix flag containment checks when using values (GH-131053) (#131167)
gh-131045: [Enum] fix flag containment checks when using values (GH-131053)
Check would fail if value would create a pseudo-member, but that member
had not yet been created. We now attempt to create a pseudo-member for
a passed-in value first.
(cherry picked from commit 17d06aeb5476099bc1acd89cd6f69e239e0f9350)
Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
[3.13] gh-131418: remove unused legacy typedefs in `{md5,sha1}module.c` (GH-131420) (#131620)
gh-131418: remove unused legacy typedefs in `{md5,sha1}module.c` (GH-131420)
- Remove legacy typedefs `MD5_INT32` and `MD5_INT64` in `Modules/md5module.c`
- Remove legacy typedefs `SHA1_INT32` and `SHA1_INT64` in `Modules/sha1module.c`.
Those legacy typedefs were used to detect whether the host platform could
correctly implement MD5 and SHA-1, but this is no longer needed as we now
fallback to HACL* implementations.
(cherry picked from commit a9a399f0ecfeeff91425cc089057f1b95799853b)
[3.13] gh-131357: Add a set of asserts to test.test_capi.test_bytearray (GH-131554) (#131601)
gh-131357: Add a set of asserts to test.test_capi.test_bytearray (GH-131554)
add a set of asserts to test.test_capi.test_bytearray
1. Assert empty bytearray object for PyByteArray_Check.
2. Assert empty bytearray object for PyByteArray_CheckExact.
3. Assert 0-size bytearray object for PyByteArray_Size.
4. Assert empty bytearray object for PyByteArray_AsString.
5. Assert concatenation of the bytearray object with itself for PyByteArray_Concat.
(cherry picked from commit f3bf304c2799c31c045033f22db7eb8766a5f939)
[3.13] gh-88887: Cleanup `multiprocessing.resource_tracker.ResourceTracker` upon deletion (GH-130429) (#131516)
gh-88887: Cleanup `multiprocessing.resource_tracker.ResourceTracker` upon deletion (GH-130429)
(cherry picked from commit f53e7de6a84a0f535efb75c3671283b801a1af0f)
Co-authored-by: luccabb <32229669+luccabb@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
[3.13] Docs: Fix documentation for "PyTypeObject Definition" (GH-130936) (GH-131458)
The structure definition for `PyTypeObject` is in `Include/cpython/object.h`,
not in `Include/object.h`.
(cherry picked from commit a0478c9f0c6d6a75ca35a8dc2c74d3b58877f094)
[3.13] gh-131117: Update tp_finalize example to use PyErr_GetRaisedException (GH-131118) (#131476)
gh-131117: Update tp_finalize example to use PyErr_GetRaisedException (GH-131118)
The tp_finalize C API doc used PyErr_Fetch() and PyErr_Restore() in
its example code. That API was deprecated in 3.12.
Update to point to the suggested replacement function
PyErr_GetRaisedException() which has a sample usage.
(cherry picked from commit a4832f6b9a62771725b159bc7cd6c49fb45e3bc8)
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)
Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.
Co-authored-by: Mike Edmunds <medmunds@gmail.com> Co-authored-by: R David Murray <rdmurray@bitdance.com> Co-authored-by: Petr Viktorin <encukou@gmail.com>
[3.13] gh-116666: Add "token" glossary term (GH-130888) (GH-131367)
gh-116666: Add "token" glossary term (GH-130888)
Add glossary entry for `token`, and link to it.
Avoid talking about tokens in the SyntaxError intro (errors.rst); at this point
tokenization is too much of a technical detail. (Even to an advanced reader,
the fact that a *single* token is highlighted isn't too relevant. Also, we don't
need to guarantee that it's a single token.)
(cherry picked from commit 30d52058493e07fd1d3efea960482f4001bd2f86)
Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Bénédikt Tran [Tue, 18 Mar 2025 09:16:49 +0000 (10:16 +0100)]
[3.13] gh-127667: refactor and improve `_hashopenssl.c` error branches (#131145) (#131347)
gh-127667: refactor and improve `_hashopenssl.c` error branches (#131145)
Refactor `_setException()` into different helpers that can be used separately:
- set_ssl_exception_from_errcode(): set an exception from an explicit SSL error code.
- raise_ssl_error(): set an exception from the last SSL error code or use a user-defined message.
- notify_ssl_error_occurred(): same as raise_ssl_error() but with a generic default message.
[3.13] gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376) (#131377)
gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376)
(cherry picked from commit 94f4d87aeb4d2d7bddcb4c3aad4f62a727ac91ee)
[3.13] gh-129675: Update documentation for tp_basicsize & tp_itemsize (GH-129850) (GH-131079)
- Add alignment requirement
- Mention that ob_size is unreliable if you don't control it
- Add some links for context
- basicsize should include the base type in generaly not just PyObject
- suggest Py_SIZE & Py_SET_SIZE
This adds a “by-the-way” link to `PyObject_New`, which shouldn't be
used for GC types. In order to be comfortable linking to it, I also
add a link to `PyObject_GC_New` from its docs. And the same for
`*Var` variants, while I'm here.
[3.13] gh-129843: fix pure Python implementation of `warnings.warn_explicit` (GH-129848) (#131349)
gh-129843: fix pure Python implementation of `warnings.warn_explicit` (GH-129848)
The pure Python implementation of `warnings.warn_explicit` constructs a `WarningMessage`
with an incorrect source (it incorrectly sets the WarningMessage's line to the given `source`).
(cherry picked from commit 80e00ecc399db8aeaa9f3a1c87a2cfb34517d7be)
[3.13] gh-130814: Enhance documentation for Python C API type objects (GH-130817) (#131225)
gh-130814: Enhance documentation for Python C API type objects (GH-130817)
The "Type Objects" title in `c-api/typeobj.rst`, duplicating the title of `c-api/type.rst`,
has been changed to "Type Objects Structures", thereby slightly improving Sphinx
search.
(cherry picked from commit 6b932edc5216d9766e70fef300a6b842ab33204c)
[3.13] gh-131113: Fix data race in dict.popitem() (gh-131115) (#131119)
The clearing of the key, hash, and value need to use atomic operations
to avoid a data race with concurrent read operations.
(cherry picked from commit c00ac578241b3213ceb79c1f32bc83ea471f02da)
Victor Stinner [Tue, 11 Mar 2025 11:39:27 +0000 (12:39 +0100)]
[3.13] gh-130959: Reject whitespace in fractions, in pure Python `fromisoformat()` (#130962) (#131076)
gh-130959: Reject whitespace in fractions, in pure Python `fromisoformat()` (#130962)
Fix the pure Python implementation of `fromisoformat()` to reject any
non-digit characters, including whitespace, in the fractional part
of time specification. This makes the behavior consistent with the C
implementation, and prevents incorrect parsing of these fractions
(e.g. `.400 ` would be misinterpreted as `.04`).
Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com>
(cherry picked from commit 33494b4d0dafc34ff4f1c118b7b3b5d8de3dd0f4)
[3.13] gh-131020: py.exe launcher does not correctly detect a BOM when searching for the shebang (GH-131021) (#131047)
gh-131020: py.exe launcher does not correctly detect a BOM when searching for the shebang (GH-131021)
(cherry picked from commit 36ef3bfe39d767e283b55fe86f34e7671b7f5d1c)
Co-authored-by: Chris Eibl <138194463+chris-eibl@users.noreply.github.com>
[3.13] gh-80421: Correct definitions of time (GH-130984) (#131022)
gh-80421: Correct definitions of time (GH-130984)
Based on the Wikipedia article, UTC is better said to be a successor than a renaming of GTC and language agnostic rather than an English-French compromise.
(cherry picked from commit 98fa4a49fecbac3c990a25ce5d300592dad31be0)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
[3.13] gh-123726: Document caveats of zipfile.Path around name sanitization (GH-130537) (#130986)
gh-123726: Document caveats of zipfile.Path around name sanitization (GH-130537)
Add a note to the `zipfile.Path` class documentation clarifying that it does not sanitize filenames. This emphasizes the caller's responsibility to validate or sanitize inputs, especially when handling untrusted ZIP archives, to prevent path traversal vulnerabilities. The note also references the `extract` and `extractall` methods for comparison and suggests using `os.path.abspath` and `os.path.commonpath` for safe filename resolution.
(cherry picked from commit a3990df6121880e8c67824a101bb1316de232898)
projects / thirdparty / Python / cpython.git / log
