[3.14] gh-118516: clarify that subprocess are automatically killed if transport gets garbage collected (GH-140997) (#141110)
gh-118516: clarify that subprocess are automatically killed if transport gets garbage collected (GH-140997)
(cherry picked from commit 101c9c0a2187940900f684086cb9ba0d456fda49)
[3.14] Fix a compiler warning in _randommodule.c (GH-141058) (#141063)
Fix a compiler warning in _randommodule.c (GH-141058)
The test just before the cast ensures that the cast cannot overflow.
Fix the warning on 32-bit Windows:
Modules\_randommodule.c(525,28): warning C4244: '=': conversion
from 'uint64_t' to 'Py_ssize_t', possible loss of data
(cherry picked from commit 4ac16dd10950fad2d3e58e8b0ba5f2e621af3cc1)
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] gh-139313: Improve docs on XML security (GH-139460) (GH-141065)
Clarify that:
- it takes parsing for an attack
- that some doors are closed by default
- only Expat version 2.7.2 has all the fixes
- use of the bundle depends on configuration
(cherry picked from commit baa9f338971c6a13433a8232db77cd45e6b87b77)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
[3.14] gh-141007: update string module source code link (GH-141008) (#141030)
gh-141007: update string module source code link (GH-141008)
In 3.14, the former string.py became `__init__.py` within a new `string` directory that also contains a new submodule file, `templatelib.py`.
(cherry picked from commit fa02422918ac3251cdf88a626f90af260bf5224a)
Co-authored-by: alex <30386655+alexomics@users.noreply.github.com>
RFC 2822 was obsoleted by RFC 5322 in 2008. This updates references
to use the current standard in documentation, docstrings, and comments.
It preserves RFC 2822 references in legacy API components to maintain their
historical context.
RFC 822 → RFC 2822 → RFC 5322 progression is explained where relevant.
In some places specific sections of RFC are referenced where it seems helpful.
Scout rule was applied in some places and RFC mentions format was
normalized in doc strings and comments.
(cherry picked from commit ce1bb85d286130f44b7e874430b0b12990d61dc1)
[3.14] Document that returning `sys.monitoring.DISABLE` in response to a global event raises `ValueError` (GH-140726) (GH-141014)
Document that returning `sys.monitoring.DISABLE` in response to a global event raises `ValueError` (GH-140726)
(cherry picked from commit 8a7dbb7a68b5da1f3f1805f564c028f1eea4ebc3)
Co-authored-by: Brett Cannon <brett@python.org> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
[3.14] gh-138425: Correctly partially evaluate global generics with undefined params in `ref.evaluate(format=Format.FORWARDREF)` (GH-138430) (#140927)
gh-138425: Correctly partially evaluate global generics with undefined params in `ref.evaluate(format=Format.FORWARDREF)` (GH-138430)
(cherry picked from commit e66f87ca73516efb4aec1f2f056d2a4efd73248a)
RDM: Like the change made in a earlier PR to the folder, we can/must use 'maxlen' as a stand in for 'unlimited' when computing line lengths when max_line_length is 0 or None; otherwise the computation results in a traceback.
Bénédikt Tran [Sun, 2 Nov 2025 09:33:36 +0000 (10:33 +0100)]
[3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139359)
* [3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234)
Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
[3.14] gh-137836: Support more RAWTEXT and PLAINTEXT elements in HTMLParser (GH-137837) (GH-140841)
* the "plaintext" element
* the RAWTEXT elements "xmp", "iframe", "noembed" and "noframes"
* optionally RAWTEXT (if scripting=True) element "noscript"
(cherry picked from commit a17c57eee5b5cc81390750d07e4800b19c0c3084)
[3.14] gh-131927: Do not emit PEP 765 warnings in ast.parse() (GH-139642) (GH-140786)
ast.parse() no longer emits syntax warnings for
return/break/continue in finally (see PEP-765) -- they are only
emitted during compilation.
(cherry picked from commit ad0a3f733b23e7fc69aff13055c7fac8ab9dcd66)
[3.14] gh-120057: add `os.reload_environ` to `__all__` (GH-140763) (#140773)
Co-authored-by: Guo Ci <zguoci@gmail.com> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
[3.14] gh-140082: Forward colorizing from libregrtest to unittest (GH-140083) (#140756)
gh-140082: Forward colorizing from libregrtest to unittest (GH-140083)
libregrtest redirects test output to a file as part of its operation.
When `unittest` checks to see if it should colorize with
`isatty(sys.stdout)` that fails resulting in no colorizing of the
unittest output.
Update `libregrtest` to set `FORCE_COLOR=1` when redirecting test output
so that unittest will do color printing.
(cherry picked from commit 6ff62ac4fbc3f17529823c146cc3a3f8c21eed42)
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org>
Cody Maloney [Wed, 29 Oct 2025 12:31:48 +0000 (05:31 -0700)]
[3.14] gh-140607: Validate returned byte count in RawIOBase.read (GH-140611) (#140728)
* [3.14] gh-140607: Validate returned byte count in RawIOBase.read (GH-140611)
While `RawIOBase.readinto` should return a count of bytes between 0 and
the length of the given buffer, it is not required to. Add validation
inside RawIOBase.read() that the returned byte count is valid.
(cherry picked from commit 0f0a362768aecb4c791724cce486d8317533a94d)
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com> Co-authored-by: Shamil <ashm.tech@proton.me> Co-authored-by: Victor Stinner <vstinner@python.org>
* fixup: Use older attribute name
---------
Co-authored-by: Shamil <ashm.tech@proton.me> Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] gh-140702: Add test skip for Unix Datagram tests on iOS when on Github Actions (GH-140740) (#140742)
Exposes the GITHUB_ACTIONS environment variable to iOS simulator test runs, and
uses this variable to skip a Unix Datagram socketserver test that is unreliable
in the iOS GitHub Actions environment.
(cherry picked from commit 9f8d005d2961777aa533ec330f96b50324a3446f)
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
[3.14] gh-140657: Don't rerun test_import single phase init test (GH-140712) (#140713)
gh-140657: Don't rerun test_import single phase init test (GH-140712)
test_basic_multiple_interpreters_main_no_reset() leaks memory:
import_in_subinterp() is called with postcleanup=False.
(cherry picked from commit c6d4c79c9abac5c5cc2e7b429d72946d15c5e132)
Co-authored-by: Victor Stinner <vstinner@python.org>
Mikhail Efimov [Mon, 27 Oct 2025 23:49:10 +0000 (02:49 +0300)]
[3.14] gh-140104: Set next_instr properly in the JIT during exceptions (GH-140233) (GH-140687)
Co-authored-by: Ken Jin <kenjin@python.org> Co-authored-by: devdanzin <74280297+devdanzin@users.noreply.github.com> Co-authored-by: Chris Eibl <138194463+chris-eibl@users.noreply.github.com>
[3.14] gh-140431: Fix GC crash due to partially initialized coroutines (gh-140470) (gh-140504)
The `make_gen()` function creates and tracks generator/coro objects, but
doesn't fully initialize all the fields. At a minimum, we need to
initialize all the fields that may be accessed by gen_traverse because
the call to `compute_cr_origin()` can trigger a GC.
(cherry picked from commit 574405c19e9b5de0504be46a3925027ded4495ae)
[3.14] gh-138774: use `value` to `ast.unparse` code when `str` is `None` in `ast.Interpolation` (GH-139415) (#140503)
gh-138774: use `value` to `ast.unparse` code when `str` is `None` in `ast.Interpolation` (GH-139415)
(cherry picked from commit 4d0849426f4c6862e50658c4e35341ffb5ab288b)
Co-authored-by: George Ogden <38294960+George-Ogden@users.noreply.github.com>
Mark Shannon [Thu, 23 Oct 2025 14:26:58 +0000 (15:26 +0100)]
[3.14] GH-139951: Fix major GC performance regression. Backport of GH-140262 (GH-140447)
* Count number of actually tracked objects, instead of trackable objects. This ensures that untracking tuples has the desired effect of reducing GC overhead
* Do not track most untrackable tuples during creation. This prevents large numbers of small tuples causing execessive GCs.
[3.14] gh-130317: Fix SNaN broken tests on HP PA RISC (GH-140452) (#140467)
gh-130317: Fix SNaN broken tests on HP PA RISC (GH-140452)
While looking at GH-140028, I found some unrelated test regressions in the
3.14 cycle. These seem to all come from GH-130317. From what I can tell,
that made Python more correct than it was before. According to [0], HP PA
RISC uses 1 for SNaN and thus a 0 for QNaN.
Currently, there are a few places where tp_mro could theoretically
become NULL, but do not in practice. This commit adds defensive checks for
NULL values to ensure that any changes do not introduce a crash and that
state invariants are upheld.
The assertions added in this commit are all instances where a NULL value would get passed to something not expecting a NULL, so it is better to catch an assertion failure than crash later on.
There are a few cases where it is OK for the return of lookup_tp_mro to be NULL, such as when passed to is_subtype_with_mro, which handles this explicitly.
(cherry picked from commit a8edca62fc6d44d16c7f86d49421be1a5ebea3e5)
projects / thirdparty / Python / cpython.git / log
