[3.14] gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843) (#144858)
gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)
In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.
Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca0671b8038831f963ed44e66cdda006a2)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
[3.14] gh-144759: Fix undefined behavior from NULL pointer arithmetic in lexer (GH-144788) (#144834)
gh-144759: Fix undefined behavior from NULL pointer arithmetic in lexer (GH-144788)
Guard against NULL pointer arithmetic in `_PyLexer_remember_fstring_buffers`
and `_PyLexer_restore_fstring_buffers`. When `start` or `multi_line_start`
are NULL (uninitialized in tok_mode_stack[0]), performing `NULL - tok->buf`
is undefined behavior. Add explicit NULL checks to store -1 as sentinel
and restore NULL accordingly.
Add test_lexer_buffer_realloc_with_null_start to test_repl.py that
exercises the code path where the lexer buffer is reallocated while
tok_mode_stack[0] has NULL start/multi_line_start pointers. This
triggers _PyLexer_remember_fstring_buffers and verifies the NULL
checks prevent undefined behavior.
(cherry picked from commit e6110efd03259acd1895cff63fbfa115ac5f16dc)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
[3.14] gh-144787: [tests] Allow TLS v1.2 to be minimum version (GH-144790) (#144791)
gh-144787: [tests] Allow TLS v1.2 to be minimum version (GH-144790)
Allow TLS v1.2 to be minimum version
Updates test_min_max_version to allow TLS v1.2 to be minimum version if
TLS 1.0 and 1.1 are disabled in OpenSSL.
(cherry picked from commit d625f7da33bf8eb57fb7e1a05deae3f68bf4d00f)
Co-authored-by: Colin McAllister <colinmca242@gmail.com>
[3.14] gh-144706: Warn against using synchronization primitives within signal handlers (GH-144736) (GH-144767)
gh-144706: Warn against using synchronization primitives within signal handlers (GH-144736)
(cherry picked from commit 945bf8ce1bf7ee3881752c2ecc129e35ab818477)
[3.14] gh-80667: Fix case-sensitivity of some Unicode literal escapes (GH-107281) (GH-144753)
Lookup for CJK ideograms and Hangul syllables is now case-insensitive,
as is the case for other character names.
(cherry picked from commit e66f4a5a9c7ce744030d6352bf5575639b1096cc)
Serhiy Storchaka [Thu, 12 Feb 2026 08:38:27 +0000 (10:38 +0200)]
[3.14] gh-84424: Use numeric_changed for UCD.numeric (GH-19457) (GH-144731)
This was causing ucd_3_2_0.numeric() to pick up only decimal
changes between Unicode 3.2.0 and the current version.
(cherry picked from commit 3e0322ff16f47caa3e273d453f007d3918b8ac80)
[3.14] gh-142518: Define lock-free and per-object lock (GH-144548) (#144704)
gh-142518: Define lock-free and per-object lock (GH-144548)
- Add definitions of lock-free and per-object lock to the glossary
- Cross-reference these from list thread safety notes
- Change admonition to rubric
(cherry picked from commit 12dbae4c02dac197330d5bfa650b495e962aba6d)
gh-143650: Fix importlib race condition on import failure (GH-143651)
Fix a race condition where a thread could receive a partially-initialized
module when another thread's import fails. The race occurs when:
1. Thread 1 starts importing, adds module to sys.modules
2. Thread 2 sees the module in sys.modules via the fast path
3. Thread 1's import fails, removes module from sys.modules
4. Thread 2 returns a stale module reference not in sys.modules
The fix adds verification after the "skip lock" optimization in both Python
and C code paths to check if the module is still in sys.modules. If the
module was removed (due to import failure), we retry the import so the
caller receives the actual exception from the import failure rather than
a stale module reference.
(cherry picked from commit ac8b5b6890006ee7254ea878866cb486ff835ecb)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
[3.14] gh-144492: Fix `process_changed_files` outputs for `reusable-{macos, wasi}.yml` (GH-144518) (#144635)
gh-144492: Fix `process_changed_files` outputs for `reusable-{macos, wasi}.yml` (GH-144518)
Fix `process_changed_files` double-processing reusable-{macos, wasi] ending up with incorrect outputs
(cherry picked from commit fd190d1fa1a34bb8d533d05263ea744a051b7529)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
[3.14] gh-134179: Use sys._clear_internal_caches() at test_cmd_line (GH-134180) (#144631)
gh-134179: Use sys._clear_internal_caches() at test_cmd_line (GH-134180)
Use sys._clear_internal_caches() instead of deprecated sys._clear_type_cache() at test_cmd_line.
(cherry picked from commit dd2da42ea479c32a4260463b47e1b58877d07bdc)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Petr Viktorin <encukou@gmail.com>
[3.14] gh-141004: Reorganize and reword the 'Useful macros' section (GH-144471) (GH-144541)
- Group the macros
- Roughly order them to put the most important ones first
- Add expansions where it makes sense; especially if there's
an equivalent in modern C or a common compiler
Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
[3.14] gh-140414: add fastpath for current running loop in `asyncio.all_tasks` (GH-140542) (#144494)
* gh-140414: add fastpath for current running loop in `asyncio.all_tasks` (GH-140542)
Optimize `asyncio.all_tasks()` for the common case where the event loop is running in the current thread by avoiding stop-the-world pauses and locking.
This optimization is already present for `asyncio.current_task()` so we do the same for `asyncio.all_tasks()`.
(cherry picked from commit 95e5d596308620acbd860ec25a40ef95c2b62eaa)
[3.14] gh-75572: Speed up test_xpickle (GH-144393) (GH-144403)
Run a long living subprocess which handles multiple requests instead of
running a new subprocess for each request.
(cherry picked from commit 29acc08c8dad664cd5713cb392e5beba65724c10)
Modifies handling of `.gz` files in Android app payloads, and ensures that
when the Android testbed streams logs, stream flushes aren't treated as
newlines. This improves the output of test suites that use "one dot per test"
progress indicators.
(cherry picked from commit cb1dc91dcb1eb6637d1c79b34a0bab728939f717)
Sam Gross [Fri, 30 Jan 2026 17:15:47 +0000 (12:15 -0500)]
[3.14] gh-144295: Fix data race in dict method lookup and global load (gh-144312) (#144346)
In `_Py_dict_lookup_threadsafe_stackref`, call `ensure_shared_on_read()` to
prevent a race between the lookup and concurrent dict resizes, which may free
the PyDictKeysObject (i.e., it ensures that the resize uses QSBR).
[3.14] gh-142387: Reduce Android testbed API level to 33 (GH-144315) (#144317)
The emulator images for API level 34 and 35 have significant issues with image size and
internet connectivity. Reverts the default API level used for testbed testing to 33.
(cherry picked from commit 6543720b63a62363de540deb5a6701f1ae431bce)
[3.14] gh-144194: Fix mmap failure check in perf_jit_trampoline.c (GH-143713) (#144301)
gh-144194: Fix mmap failure check in perf_jit_trampoline.c (GH-143713)
mmap() returns MAP_FAILED ((void*)-1) on error, not NULL. The current
check never detects mmap failures, so jitdump initialization proceeds
even when the memory mapping fails.
(cherry picked from commit 8fe8a94a7c050bc16cac9ec300f89c0f389f9a44)
The code in test_makefile was attempting to ignore any
non-interesting files, but missed some corners:
1. There is never a *file* called `__pycache__`.
2. A directory containing only a `__pycache__` subdirectory should be
ignored.
3. A directory containing only hidden files should be ignored.
[3.14] gh-143513: Remove importlib.abc documentation for removed ABCs (GH-143605) (GH-144166)
gh-143513: Remove importlib.abc documentation for removed ABCs (GH-143605)
In 3.11 ResourceReader, Traversable, & TraversableResources moved from importlib.abc to importlib.resources.abc (commit e712a5b277866a71c195f38c1b5d87d9126dba3e).
[3.14] gh-141004: Mark up docs of old PyMem macros (GH-143783) (GH-143864)
gh-141004: Mark up docs of old PyMem macros (GH-143783)
These had a docs-only deprecation notice since the first version of the docs in this repo. Nowadays we call things “soft deprecated” if there's just a note in the docs.
The deprecated directive needs a version, I went with the first one that had the notice (2.0; it's not in 1.6):
- https://docs.python.org/release/2.0/api/memoryInterface.html
- https://docs.python.org/release/1.6/api/memoryInterface.html
Since PEP 445, they are now direct aliases; there are no (additional) binary compatibility concerns over the preferred names.
(cherry picked from commit a009e78b79ec340d9ff0e1a8ad20f8178fd3257f)
[3.14] gh-143993: Document ways to disable remote debugging support (GH-143994) (#144139)
gh-143993: Document ways to disable remote debugging support (GH-143994)
Although PEP 768 mentions how to disable the mechanism of
remote debugging, it is not documented in the Python docs.
This change adds a note on how to disable remote debugging support
in a Python interpreter to the remote debugging how-to.
(cherry picked from commit 0b5f8359c52f8a5ce0fe436cde499553f3b8f5d5)
Co-authored-by: Rafael Weingartner-Ortner <38643099+RafaelWO@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
projects / thirdparty / Python / cpython.git / log
