Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Stan Ulbrych <stanulbrych@gmail.com>
[3.12] gh-135661: Fix CDATA section parsing in HTMLParser (GH-135665) (#137774)
"] ]>" and "]] >" no longer end the CDATA section.
Make CDATA section parsing context depending.
Add private method HTMLParser._set_support_cdata() to change the context.
If called with True, "<[CDATA[" starts a CDATA section which ends with "]]>".
If called with False, "<[CDATA[" starts a bogus comments which ends with ">".
(cherry picked from commit 0cbbfc462119b9107b373c24d2bda5a1271bed36)
[3.12] gh-135661: Fix parsing start and end tags in HTMLParser according to the HTML5 standard (GH-135930) (GH-136268)
* Whitespaces no longer accepted between `</` and the tag name.
E.g. `</ script>` does not end the script section.
* Vertical tabulation (`\v`) and non-ASCII whitespaces no longer recognized
as whitespaces. The only whitespaces are `\t\n\r\f `.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now ignored,
instead of terminating after the first `>` in quoted attribute value.
E.g. `</script/foo=">"/>`.
* Multiple slashes and whitespaces between the last attribute and closing `>`
are now ignored in both start and end tags. E.g. `<a foo=bar/ //>`.
* Multiple `=` between attribute name and value are no longer collapsed.
E.g. `<a foo==bar>` produces attribute "foo" with value "=bar".
* Whitespaces between the `=` separator and attribute name or value are no
longer ignored. E.g. `<a foo =bar>` produces two attributes "foo" and
"=bar", both with value None; `<a foo= bar>` produces two attributes:
"foo" with value "" and "bar" with value None.
* Fix data loss after unclosed script or style tag (gh-86155).
Also backport test.support.subTests() (gh-135120).
[3.12] gh-135462: Fix quadratic complexity in processing special input in HTMLParser (GH-135464) (GH-135483)
End-of-file errors are now handled according to the HTML5 specs --
comments and declarations are automatically closed, tags are ignored.
(cherry picked from commit 6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41)
[3.12] gh-132415: Use shutil.which() in missing_compiler_executable() (GH-132906) (GH-135392)
Replace deprecated distutils.spawn.find_executable() with
shutil.which() in missing_compiler_executable() of test.support.
(cherry picked from commit de6482eda3a46cc9c9a03fb9ba57295ab99b4722)
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.12] gh-123409: fix `IPv6Address.reverse_pointer` for IPv4-mapped addresses (GH-123419) (GH-135086)
Fix functionality that was broken with better textual representation for IPv4-mapped addresses (gh-87799)
(cherry picked from commit 77a2fb4bf1a1b160d6ce105508288fc77f636943)
[3.12] gh-87799: Improve the textual representation of IPv4-mapped IPv6 addresses (GH-29345) (GH-135081)
Represent IPv4-mapped IPv6 address as x:x:x:x:x:x:d.d.d.d,
where the 'x's are the hexadecimal values
of the six high-order 16-bit pieces of the address,
and the 'd's are the decimal values
of the four low-order 8-bit pieces of the address
(standard IPv4 representation).
Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
Serhiy Storchaka [Mon, 26 May 2025 03:33:22 +0000 (06:33 +0300)]
[3.12] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) (#134337)
If the error handler is used, a new bytes object is created to set as
the object attribute of UnicodeDecodeError, and that bytes object then
replaces the original data. A pointer to the decoded data will became invalid
after destroying that temporary bytes object. So we need other way to return
the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal().
_PyBytes_DecodeEscape() does not have such issue, because it does not
use the error handlers registry, but it should be changed for compatibility
with _PyUnicode_DecodeUnicodeEscapeInternal().
(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e)
(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d)
Co-authored-by: Srinivas Reddy Thatiparthy (తాటిపర్తి శ్రీనివాస్ రెడ్డి) <thatiparthysreenivas@gmail.com> Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
In GH-115684, HopedForLuck noted that `datetime.date.replace()`
documentation was confusing because it looked like it would be changing
immutable objects.
This documentation change specifies that the `replace()` methods in
`datetime` return new objects. This uses similar wording to the
documentation for `datetime.combine()`, which specifies that a new
datetime is returned. This is also similar to wording for
`string.replace()`, except `string.replace()` emphasizes that a "copy"
is returned.
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
[3.12] gh-89039: Call subclass constructors in datetime.*.replace (GH-114780) (GH-131239)
When replace() method is called on a subclass of datetime, date or time,
properly call derived constructor. Previously, only the base class's
constructor was called.
Also, make sure to pass non-zero fold values when creating subclasses in
various methods. Previously, fold was silently ignored.
(cherry picked from commit 46190d9ea8a878a03d95b4e1bdcdc9ed576cf3fa)
Don't pass direct references to sockaddr members since their type may
not match PyArg_ParseTuple() types. Instead, use temporary 'int' and
'unsigned char' variables, and update sockaddr members afterwards.
[3.12] gh-131736: only apply `security_level` workaround in `test_ssl` for security levels greater than 1 (GH-131739) (#131966)
gh-131736: only apply `security_level` workaround in `test_ssl` for security levels greater than 1 (GH-131739)
(cherry picked from commit 3b3720f1a26ab34377542b48eb6a6565f78ff892)
Co-authored-by: Will Childs-Klein <willck93@gmail.com>
gh-131865: Properly apply exported CFLAGS for dtrace/systemtap builds (GH-131866)
When using --with-dtrace the resulting object file could be missing
specific CFLAGS exported by the build system due to the systemtap
script using specific defaults.
Exporting the CC and CFLAGS variables before the dtrace invocation
allows us to properly apply CFLAGS exported by the build system
even when cross-compiling.
[3.12] gh-126033: fix UAF in `xml.etree.ElementTree.Element.remove` when concurrent mutations happen (GH-126124) (#131930)
gh-126033: fix UAF in `xml.etree.ElementTree.Element.remove` when concurrent mutations happen (GH-126124)
(cherry picked from commit bab1398a47f6d0cfc1be70497f306874c749ef7c)
Bénédikt Tran [Mon, 31 Mar 2025 12:47:22 +0000 (14:47 +0200)]
[3.12] gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964) (#131932)
gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)
We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.
[3.12] gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208) (#131894)
gh-131885: Document that `dict.setdefault` and `dict.get` take no keyword arguments (GH-128208)
(cherry picked from commit edfbd8c062285e83dc5f596288df2a762e68bcdc)
Co-authored-by: Adam Dangoor <adamdangoor@gmail.com>
Steve Dower [Fri, 28 Mar 2025 15:29:20 +0000 (15:29 +0000)]
gh-131423: Update to OpenSSL 3.0.16. (GH-131839)
The bin tag is 3.0.16.1 because we rebuilt without uplink support to fix gh-131804.
This PR also prevents making calls that are now unsafe without uplink, and updates
the tests to property interpret these failures as unsupported.
[3.12] gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764) (#131775)
gh-131762: Fixed dereferencing the pointer 'parser_token->metadata' with a NULL value (GH-131764)
(cherry picked from commit 2c686a9ac243800b630d4a09622c8eb789f5b354)
[3.12] gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742) (#131768)
gh-131741: Add documentation for Windows version detection change in `platform` (GH-131742)
Document the behavior change between 3.11 & 3.12, where ``platform`` now correctly detects Windows 11 and Windows Server releases past Windows Server 2012.
(cherry picked from commit b9ca438daab6a4e2513ab38171e94c75da03d6e3)
Co-authored-by: Idan Noiman <idann@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Wulian <1055917385@qq.com>
[3.12] Docs: Fix documentation for "PyTypeObject Definition" (GH-130936) (GH-131459)
The structure definition for `PyTypeObject` is in `Include/cpython/object.h`,
not in `Include/object.h`.
(cherry picked from commit a0478c9f0c6d6a75ca35a8dc2c74d3b58877f094)
Bénédikt Tran [Mon, 24 Mar 2025 09:31:24 +0000 (10:31 +0100)]
[3.12] gh-131045: [Enum] fix flag containment checks when using values (GH-131053) (#131232)
* gh-131045: [Enum] fix flag containment checks when using values (GH-131053)
Check would fail if value would create a pseudo-member, but that member
had not yet been created. We now attempt to create a pseudo-member for
a passed-in value first.
---------
Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
Nybblista [Sun, 23 Mar 2025 17:43:12 +0000 (20:43 +0300)]
[3.12] gh-131357: Add a set of asserts to test.test_capi.test_bytearray (GH-131554) (#131629)
[3.12] gh-131357: Add a set of asserts to test.test_capi.test_bytearray (#131554)
add a set of asserts to test.test_capi.test_bytearray
1. Assert empty bytearray object for PyByteArray_Check.
2. Assert empty bytearray object for PyByteArray_CheckExact.
3. Assert 0-size bytearray object for PyByteArray_Size.
4. Assert empty bytearray object for PyByteArray_AsString.
5. Assert concatenation of the bytearray object with itself for PyByteArray_Concat.
projects / thirdparty / Python / cpython.git / log
