[3.13] gh-116946: fully implement GC protocol for `_curses_panel.panel` (GH-138333) (#138428)
[3.14] gh-116946: fully implement GC protocol for `_curses_panel.panel` (GH-138333)
This commit fixes possible reference loops via `panel.set_userptr`
by implementing `tp_clear` and `tp_traverse` for panel objects.
(cherry picked from commit 572df47840d910b9fc9cd951074232ae89442be1)
[3.13] gh-88375, gh-111788: Fix parsing errors and normalization in robotparser (GH-138502) (GH-138549)
* Don't fail trying to parse weird patterns.
* Don't fail trying to decode non-UTF-8 "robots.txt" files.
* No longer ignore trailing "?" in patterns and URLs.
* Distinguish raw special characters "?", "=" and "&" from the
percent-encoded ones.
* Remove tests that do nothing.
(cherry picked from commit cb7ef18d70a0bc1363799e2dfa475db457155e43)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
* Commit
* Commit
---------
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
[3.13] gh-60462: Fix locale.strxfrm() on Solaris (GH-138242) (GH-138449)
It should interpret the result of wcsxfrm() as a sequence of abstract
integers, not a sequence of Unicode code points or using other encoding
scheme that does not preserve ordering.
(cherry picked from commit 482fd0c811a366f25bd076fc73bf37ffb6b3081e)
[3.13] gh-138204: Forbid expansion of a shared anonymous mmap on Linux (GH-138220) (GH-138387)
This is a Linux kernel bug which caused a bus error.
https://bugzilla.kernel.org/show_bug.cgi?id=8691
(cherry picked from commit 33fcb0c4a054f646d9d3686c145209a893b09bb0)
[3.13] gh-138297 Point link in docs for `finally` to try/else, instead of if/else (GH-138298) (#138382)
Co-authored-by: James Parrott <80779630+JamesParrott@users.noreply.github.com> Co-authored-by: Brian Schubert <brianm.schubert@gmail.com> Co-authored-by: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Alexander Belopolsky <abalkin@users.noreply.github.com>
* Changes links to UCD 15.0.0
---------
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Alexander Belopolsky <abalkin@users.noreply.github.com>
[3.13] gh-133829: Remove some specifics from the ``zipimport`` example (GH-133835) (#138273)
Co-authored-by: R Chintan Meher <meherrihaan@gmail.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: sobolevn <mail@sobolevn.me> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
[3.13] gh-138158: Use the `"data"` tarfile extraction filter in `Tools/ssl/multissltests.py` (GH-138147) (#138263)
gh-138158: Use the `"data"` tarfile extraction filter in `Tools/ssl/multissltests.py` (GH-138147)
The `Tools/ssl/multissltests.py` script may extract a possibly untrusted tarball.
Since the script does not necessarily use Python 3.14 or later (where the `"data"`
filter became the default `tarfile` extraction filter), the user may theoretically
suffer from a path traversal attack.
Although the script should not be used in production and usually relies on downloading
trusted sources, the `"data"` extraction filter is now explicitly used wherever relevant.
(cherry picked from commit 31d3836f26096f9503ca68f4e89d927bc1e060cd)
Co-authored-by: Tommaso Bona <piergeolo@gmail.com>
[3.13] gh-138257: Fix internal `RuleCollectorVisitor` attribute name (GH-138208) (#138260)
gh-138257: Fix internal `RuleCollectorVisitor` attribute name (GH-138208)
The internal `RuleCollectorVisitor` class had an attribute named "rulses"
instead of "rules" that other `GrammarVisitor` subclasses define.
(cherry picked from commit 11217a883da324b85a290f5d78f090d8f4880f16)
[3.13] gh-137317: Fix inspect.signature() for class with wrapped __init__ or __new__ (GH-137862) (GH-138225)
Fixed several cases where __init__, __new__ or metaclass` __call__ is a descriptor
that returns a wrapped function.
(cherry picked from commit 025a2135eff848abf24f9dc52c81386eea9da397)
[3.13] gh-71679: Improve tests for repr() of bytes and bytearray (GH-138180) (GH-138183)
* Merge existing tests test_repr_str and test_to_str.
* Add more tests for non-printable and non-ASCII bytes.
* Add tests for special escape sequences ('\t\n\r').
* Add tests for slashes.
* Add more tests for quotes.
* Add tests for subclasses.
* Add test for non-ASCII class name.
* Only apply @check_bytes_warnings for str() tests.
(cherry picked from commit 0dbbf61cc2550428ff99daee367364c688031e1a)
Serhiy Storchaka [Mon, 25 Aug 2025 12:40:09 +0000 (15:40 +0300)]
[3.13] gh-137609: Update signatures of builtins in the documentation (GH-137610) (GH-138138)
Show signatures that match the actual signatures or future multisignatures
for all functions, classes and methods in the "builtins" module.
(cherry picked from commit 65fb4d11a0f3f3e4aea373bd84918e4445cbfe67)
[3.13] Lint: Create a project-wide ``.ruff.toml`` settings file (GH-133124) (#137670)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Bénédikt Tran [Sun, 24 Aug 2025 09:47:09 +0000 (11:47 +0200)]
[3.13] gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262) (#138110)
This partially reverts commit ad944b5e1f304be1a8c2cc03e9f15005bcb97108
by bringing back the CI job for testing OpenSSL 1.1.1w. Despite this
version being upstream EOL, the rationale for keeping it as follows:
- It most resembles other 1.1.1-work-a-like ssl APIs supported by important vendors.
- Python officially requires OpenSSL 1.1.1 or later, although OpenSSL 3.0 or later
is recommended for cryptographic modules. Since changing the build requirements
requires a transition period, we need to keep testing the allowed versions.
- The code base still contains calls to OpenSSL functions that are deprecated since
OpenSSL 3.0 as well as `ifdef` blocks constrained to OpenSSL 1.1.1.
Serhiy Storchaka [Sun, 24 Aug 2025 08:37:41 +0000 (11:37 +0300)]
[3.13] gh-137986: Fix and improve the csv functions docstrings (GH-137987) (GH-138108)
The csv.register_dialect() docstring no longer imply that it returns a
dialect.
All functions have now signatures.
(cherry picked from commit aa1dbd4dde32951de2e7438b56d6761001604ee2)
Specifically, clarify that ZipInfo.date_time pulls the datetime information from the central directory, and that times are interpreted as local time.
(cherry picked from commit 282e88506b1d3c2ea2a0fd2fbce6c4e27ddc1c92)
Co-authored-by: Kentaro Jay Takahashi <64148935+KentaroJay@users.noreply.github.com> Co-authored-by: Emma Smith <emma@emmatyping.dev>
[3.13] gh-137973: Add a non-parallel test plan to the iOS testbed project (GH-138018) (#138039)
Modifies the iOS testbed project to add a test plan. This simplifies the iOS
test runner, as we can now use the built-in log streaming to see test results.
It also allows for some other affordances, like providing a default LLDB config,
and using a standardized mechanism for specifying test arguments.
(cherry picked from commit 2ba2287b85eea3cc3a71d77c6bcf9eb5670ca05d)
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Serhiy Storchaka [Tue, 19 Aug 2025 17:39:08 +0000 (20:39 +0300)]
[3.13] Update the dbm documentation (GH-137919) (GH-137963)
Unify documentation for all backends, enumerate all not implemented mapping
methods, document particularities of implemented mapping methods.
(cherry picked from commit 8700404f8688d6a56279dce47a5a5802ec53ed06)
Gregory P. Smith [Sun, 17 Aug 2025 16:08:14 +0000 (09:08 -0700)]
[3.13] gh-87135: Hang non-main threads that attempt to acquire the GIL during finalization (GH-105805) (GH-137827)
* [3.13] gh-87135: Hang non-main threads that attempt to acquire the GIL during finalization (GH-105805)
Instead of surprise crashes and memory corruption, we now hang threads that attempt to re-enter the Python interpreter after Python runtime finalization has started. These are typically daemon threads (our long standing mis-feature) but could also be threads spawned by extension modules that then try to call into Python. This marks the `PyThread_exit_thread` public C API as deprecated as there is no plausible safe way to accomplish that on any supported platform in the face of things like C++ code with finalizers anywhere on a thread's stack. Doing this was the least bad option.
Co-authored-by: Jeremy Maitin-Shepard <jeremy@jeremyms.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
* state "3.13.7 and earlier"
* backport: do not add the deprecated marker
* fix Py_IsFinalizing doc ref
---------
Co-authored-by: Jeremy Maitin-Shepard <jeremy@jeremyms.com>
Bogus comments that start with "<![CDATA[" should not include the starting "!"
in its value.
(cherry picked from commit 7636a66635a0da849cfccd06a52d0a21fb692271)
[3.13] gh-135661: Fix CDATA section parsing in HTMLParser (GH-135665) (GH-137773)
"] ]>" and "]] >" no longer end the CDATA section.
Make CDATA section parsing context depending.
Add private method HTMLParser._set_support_cdata() to change the context.
If called with True, "<[CDATA[" starts a CDATA section which ends with "]]>".
If called with False, "<[CDATA[" starts a bogus comments which ends with ">".
(cherry picked from commit 0cbbfc462119b9107b373c24d2bda5a1271bed36)
Co-authored-by: Thomas Grainger <tagrain@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
projects / thirdparty / Python / cpython.git / log
