Ned Deily [Sat, 13 Oct 2018 05:33:33 +0000 (01:33 -0400)]
bpo-34370: Revert to using released Tk 8.6.8 with macOS installers
For 3.7.1rc1 and 3.6.7rc1 we used a pre-release development
snapshot of Tk 8.6 to pick up some post-8.6.8 fixes for macOS.
But the snapshot introduced at least one regression (bpo-34927).
For rc2, revert to using the standard release 8.6.8 for now.
This reverts commit adf493227f1efd5d6b34f46b854142bf3b5a411c.
Serhiy Storchaka [Thu, 11 Oct 2018 04:56:06 +0000 (07:56 +0300)]
[3.6] bpo-33729: Fix issues with arguments parsing in hashlib. (GH-8346) (GH-8581) (GH-9657)
* help(hashlib) didn't work because of incorrect module name in blake2b and
blake2s classes.
* Constructors blake2*(), sha3_*(), shake_*() and keccak_*() incorrectly
accepted keyword argument "string" for binary data, but documented as
accepting the "data" keyword argument. Now this parameter is positional-only.
* Keyword-only parameters in blake2b() and blake2s() were not documented as
keyword-only.
* Default value for some parameters of blake2b() and blake2s() was None,
which is not acceptable value.
* The length argument for shake_*.digest() was wrapped out to 32 bits.
* The argument for shake_128.digest() and shake_128.hexdigest() was not
positional-only as intended.
* TypeError messages for incorrect arguments in all constructors sha3_*(),
shake_*() and keccak_*() incorrectly referred to sha3_224.
Also made the following enhancements:
* More accurately specified input and result types for strings, bytes and
bytes-like objects.
* Unified positional parameter names for update() and constructors.
* Improved formatting.
(cherry picked from commit f1d36d8efaecd5c84cb35e35119b283f37d83c40)
(cherry picked from commit 47957dab94a4efa2fee61c9a8193f78300950769)
bpo-34576 warn users on security for http.server (GH-9720)
It was proposed to add an warning for http.server regarding security
issues. The wording was provided at bpo-26005 by @orsenthil
(cherry picked from commit 1d26c72e6a9c5b28b27c158f2f196217707dbb0f)
Co-authored-by: Felipe Rodrigues <felipe@felipevr.com>
bpo-32962: Fix test_gdb failure in debug build with -mcet -fcf-protection -O0 (GH-9656)
When Python is built with the intel control-flow protection flags,
-mcet -fcf-protection, gdb is not able to read the stack without
actually jumping inside the function. This means an extra
'next' command is required to make the $pc (program counter)
enter the function and make the stack of the function exposed to gdb.
bpo-32174: Let .chm document display non-ASCII characters properly (GH-9758)
Let .chm document display non-ASCII characters properly
Escape the `body` part of .chm source file to 7-bit ASCII, to fix visual effect on some MBCS Windows systems.
(cherry picked from commit 6261ae9b01fb8429b779169f8de37ff567c144e8)
bpo-34879: Fix a possible null pointer dereference in bytesobject.c (GH-9683)
formatfloat() was not checking if PyBytes_FromStringAndSize()
failed, which could lead to a null pointer dereference in
_PyBytes_FormatEx().
(cherry picked from commit 96c593279400693226d5a560c420ae0fcf1731b9)
bpo-34172: multiprocessing.Pool leaks resources after being deleted (GH-8450) (GH-9677)
Fix a reference issue inside multiprocessing.Pool that caused the pool to remain alive if it was deleted without being closed or terminated explicitly.
(cherry picked from commit 97bfe8d3ebb0a54c8798f57555cb4152f9b2e1d0)
bpo-34521: Fix tests in test_multiprocessing_spawn to use correctly CMSG_SPACE (GH-9613)
After some failures in AMD64 FreeBSD CURRENT Debug 3.x buildbots
regarding tests in test_multiprocessing_spawn and after examining
similar failures in test_socket, some errors in the calculation of
ancillary data buffers were found in multiprocessing.reduction.
CMSG_LEN() can often be used as the buffer size for recvmsg() to
receive a single item of ancillary data, but RFC 3542 requires portable
applications to use CMSG_SPACE() and thus include space for padding,
even when the item will be the last in the buffer.
Fix tests in test_socket to use correctly CMSG_LEN (GH-9594)
After some failures in AMD64 FreeBSD CURRENT Debug 3.x buildbots
regarding tests in test_socket that are using
testFDPassSeparateMinSpace(), FreeBDS revision 337423 was pointed
out to be the reason the test started to fail.
A close examination of the manpage for cmsg_space(3) reveals that
the number of file descriptors needs to be taken into account when
using CMSG_LEN().
This commit fixes tests in test_socket to use correctly CMSG_LEN, taking
into account the number of FDs.
(cherry picked from commit 7291108d88ea31d205da4db19d202d6cbffc6d93)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
bpo-34819: Use a monotonic clock to compute timeouts in concurrent.futures (GH-9599)
Use a monotonic clock to compute timeouts in :meth:`Executor.map` and :func:`as_completed`, in order to prevent timeouts from deviating when the system clock is adjusted.
This may not be sufficient on all systems. On POSIX for example, the actual waiting (e.g. in ``sem_timedwait``) is specified to rely on the CLOCK_REALTIME clock.
(cherry picked from commit a94ee12c26aa8dd7dce01373779df8055aff765b)
Currently, the docs state that when doing `Type[X]`, X is only allowed to
be a class, a union of classes, and Any. This pull request amends
that sentence to clarify X may also be a typevar (or a union involving
classes, Any, and TypeVars).
(cherry picked from commit 130717fe58abb2ab9e7938207df0c130a2562747)
Co-authored-by: Michael Lee <michael.lee.0x2a@gmail.com>
Victor Stinner [Wed, 26 Sep 2018 14:44:45 +0000 (07:44 -0700)]
Drop confusing commented out code in pystrtod.c (GH-6072) (GH-9587)
Fix the following warning:
Python/pystrtod.c: In function 'format_float_short':
Python/pystrtod.c:1007:13: warning: 'strncpy' output truncated before terminating nul copying 3 bytes from a string of the same length [-Wstringop-truncation]
strncpy(p, "ERR", 3);
Ned Deily [Wed, 26 Sep 2018 03:38:11 +0000 (23:38 -0400)]
bpo-34370: Update Tk 8.6 used with macOS installers
Have macOS 10.9+ installer builds for 3.7.1rc and 3.6.7rc use a development
snapshot of Tk 8.6 (post-8.6.8) to mitigate certain scroller issues seen
with IDLE and tkinter apps.
Christian Heimes [Mon, 24 Sep 2018 12:38:31 +0000 (14:38 +0200)]
[3.6] bpo-17239: Disable external entities in SAX parser (GH-9217) (GH-9512)
The SAX parser no longer processes general external entities by default
to increase security. Before, the parser created network connections
to fetch remote files or loaded local files from the file system for DTD
and entities.
Christian Heimes [Sun, 23 Sep 2018 07:23:01 +0000 (09:23 +0200)]
[3.6] bpo-34670: Add TLS 1.3 post handshake auth (GH-9460) (GH-9507)
Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.
Signed-off-by: Christian Heimes <christian@python.org>q
https://bugs.python.org/issue34670.
(cherry picked from commit 9fb051f032c36b9f6086b79086b4d6b7755a3d70)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue34670
Christian Heimes [Sat, 22 Sep 2018 05:10:06 +0000 (07:10 +0200)]
[3.6] bpo-34759: Fix error handling in ssl 'unwrap()' (GH-9468) (GH-9492)
OpenSSL follows the convention that whenever you call a function, it
returns an error indicator value; and if this value is negative, then
you need to go look at the actual error code to see what happened.
Commit c6fd1c1c3a introduced a small mistake in
_ssl__SSLSocket_shutdown_impl: instead of checking whether the error
indicator was negative, it started checking whether the actual error
code was negative, and it turns out that the error codes are never
negative. So the effect was that 'unwrap()' lost the ability to raise
SSL errors.
The test tries to fill the receiver's socket buffer and expects an
error. But the RDS protocol doesn't require that. Moreover, the Linux
implementation of RDS expects that the producer of the messages
reduces its rate, it's not the role of the receiver to trigger an
error.
bpo-34200: Fix non-determinism of test_pkg (GH-9248)
This causes the tearDown code to only unimport the test modules specifically created as part of each test via the self.mkhier method rather than abusing test.support.modules_setup() and the scary test.support.modules_cleanup() code.
closes bpo-34004: Skip lock interruption tests on musl. (GH-9224)
Returning EINTR from pthread semaphore or lock acquisition is an optional POSIX
feature. musl does not provide this feature, so some threadsignal tests fail
when Python is built against it.
There's no good way to test for musl, so we skip if we're on Linux and not using
glibc pthreads.
Also, hedge in the threading documentation about when we can provide interrupts
from lock acquisition.
(cherry picked from commit 5b10d5111d7a855297654af9045f8907b7d3dd08)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
This also removes the old manual p2cread, c2pwrite, and errwrite closing logic
as inheritable flags and _close_open_fds takes care of that properly today without special treatment.
This code is within child_exec() where it is the only thread so there is no
race condition between the dup and _Py_set_inheritable_async_safe call.
(cherry picked from commit ce34410b8b67f49d8275c05d51b3ead50cf97f48)
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
projects / thirdparty / Python / cpython.git / log
