bpo-43562: fix test_ssl to skip on unreachable network (GH-24937) (GH-25046)
This test checks result code of the connection directly, so it never raises an exception that can be suppressed by `support.transient_internet`. Directly support skipping the test in case of unreachable network.
(cherry picked from commit 29c451c6989c3c94fa0a9facf187c24f3cbf2420)
Co-authored-by: Carl Meyer <carl@oddbird.net> Co-authored-by: Carl Meyer <carl@oddbird.net>
curses.update_lines_cols() is only defined when the curses library
provides either resizeterm() or resize_term() functions which are optional
and are not provided on AIX.
(cherry picked from commit c8b5738810516df5722caf049003e9b319427bec)
Co-authored-by: Michael Felt <aixtools@users.noreply.github.com>
bpo-42988: Remove the pydoc getfile feature (GH-25015)
CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python
modules can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
(cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048)
Co-authored-by: Victor Stinner <vstinner@python.org>
It doesn't actually affect whether match_hostname() is called (it
never is in this context any longer), but whether hostname
verification occurs in the first place.
(cherry picked from commit 9798cef92b882cd82a338d3368eaf3c4a32f5c2d)
Co-authored-by: Ville Skyttä <ville.skytta@iki.fi>
bpo-43577: Fix deadlock with SSLContext._msg_callback and sni_callback (GH-24957)
OpenSSL copies the internal message callback from SSL_CTX->msg_callback to
SSL->msg_callback. SSL_set_SSL_CTX() does not update SSL->msg_callback
to use the callback value of the new context.
PySSL_set_context() now resets the callback and _PySSL_msg_callback()
resets thread state in error path.
bpo-41654: Fix compiler warning in MemoryError_dealloc() (GH-22387) (GH-24894)
Fix warning:
Objects\exceptions.c(2324,56): warning C4098:
'MemoryError_dealloc': 'void' function returning a value
(cherry picked from commit bbeb223e9a5e9f9374df384efa386b4068a65c0e)
Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Victor Stinner <vstinner@python.org>
bpo-43285 Make ftplib not trust the PASV response. (GH-24838)
bpo-43285: Make ftplib not trust the PASV response.
The IPv4 address value returned from the server in response to the PASV command
should not be trusted. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the client network.
Instead of using the returned address, we use the IP address we're
already connected to. This is the strategy other ftp clients adopted,
and matches the only strategy available for the modern IPv6 EPSV command
where the server response must return a port number and nothing else.
For the rare user who _wants_ this ugly behavior, set a `trust_server_pasv_ipv4_address`
attribute on your `ftplib.FTP` instance to True.
(cherry picked from commit 0ab152c6b5d95caa2dc1a30fa96e10258b5f188e)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118) (#24832)
* Fix auth_login logic (bpo-27820)
* Also fix a longstanding bug in the SimSMTPChannel.found_terminator() method that causes inability to test
SMTP AUTH with initial_response_ok=False.
(cherry picked from commit 7591d9455eb37525c832da3d65e1a7b3e6dbf613)
Co-authored-by: Pandu E POLUAN <pepoluan@gmail.com>
Fix a race condition of test_stress_modifying_handlers() of
test_signal: only raise signals while we are in the
catch_unraisable_exception() context manager.
Moreover, don't check if we received at least one
signal if at least one signal got ignored.
(cherry picked from commit 1fa17e8cc62775a2e34b158135ce8589f9394f03)
Co-authored-by: Victor Stinner <vstinner@python.org> Co-authored-by: Victor Stinner <vstinner@python.org>
bpo-43332: Buffer proxy connection setup packets before sending. (GH-24780)
We now buffer the CONNECT request + tunnel HTTP headers into a single
send call. This prevents the OS from generating multiple network
packets for connection setup when not necessary, improving efficiency.
(cherry picked from commit c25910a135c2245accadb324b40dd6453015e056)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
[3.9] bpo-43406: Fix possible race condition where ``PyErr_CheckSignals`` tries to execute a non-Python signal handler (GH-24756) (GH-24761)
We can receive signals (at the C level, in `trip_signal()` in signalmodule.c) while `signal.signal` is being called to modify the corresponding handler. Later when `PyErr_CheckSignals()` is called to handle the given signal, the handler may be a non-callable object and would raise a cryptic asynchronous exception.
(cherry picked from commit 68245b7a1030287294c65c298975ab9026543fd2)
Co-authored-by: Antoine Pitrou <antoine@python.org>
bpo-43407: Clarify comparisons of time.monotonic() et al results (GH-24757)
Previous wording implied that only the result of call N and N+1 could be
meaningfully compared, whereas comparing call N and N+M is fine.
(cherry picked from commit ff5f05934db241dfafc604989b2de3487b09ca82)
Co-authored-by: Alex Willmer <alex@moreati.org.uk>
bpo-43316: gzip: CLI uses non-zero return code on error. (GH-24647)
Exit code is now 1 instead of 0. A message is printed to stderr instead of stdout. This is
the proper behaviour for a tool that can be used in scripts.
(cherry picked from commit cc3df6368d4f3f6c9c9b716876c7e7b79c7abf3f)
bpo-43293: Doc: move note about GIL to top of threading module (GH-24622)
The note about the GIL was buried pretty deep in the threading documentation,
and this made it hard for first time users to discover why their attempts
at using threading to parallelizing their application did not work.
bpo-43283: Add IDLE doc paragraph about print speed (GH-24615)
Printing to IDLE's Shell is often slower than printing to a system
terminal, but it can be made faster by pre-formatting a single
string before printing.
(cherry picked from commit 2827e8a177c2a6584fada594bca6829c53a2872f)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Unittest discovery support namespace package as start
directory. But it doesn't find namespace package in
the start directory automatically.
Otherwise, unittest discovery search into unexpected
directories like `vendor/` or `node_modules/`.
(cherry picked from commit 5a4aa4c03e27ca5007b86c9c1ee62c77ad08a120)
bpo-43283: Rearrange some IDLE doc paragraphs. (GH-24604)
In the Running User Code section, gather together paragraphs about two
processes and the sys.stdstream replacements, preparing to add another.
(cherry picked from commit 4cf7bb8e22bf37e6d65bf4cb5618d09c4a8ad612)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
This lease on this domain has lapsed. This not only makes these dead links, but a potential attack vector for readers of python.org as the domain can be obtained by an untrustworthy party.
I considered redirecting these links to http://mingw-w64.org/ which is a maintained fork of mingw, but beyond my unfamiliarity with the exact level of compatibility, at the time of this PR that site had an expired cert and so is not much of a vulnerability fix.
* [3.9] bpo-42967: only use '&' as a query string separator (GH-24297)
bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl().
urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator.
Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Adam Goldschmidt <adamgold7@gmail.com>
bpo-43200: Fix link to shutil.copy() in the shutil doc (GH-24505)
Co-authored-by: Zackery Spytz <zspytz@gmail.com> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit 762fe7deed34a1d5294bf82071d318c8427b4893)
bpo-43132: Fix incorrect handling of PyObject_RichCompareBool() in _zoneinfo (GH-24450) (GH-24457)
PyObject_RichCompareBool() returns -1 on error, but this case is
not handled by the find_in_strong_cache() function. Any exception
raised by PyObject_RichCompareBool() should be propagated.
(cherry picked from commit effaec0bb54f381db8ccfa62514bc26b00946b40)
bpo-42773: fix tests not being run on pushes (GH-24004)
There was a typo, we were checking if the "GITHUB_BASE_REF" string
literal was empty instead of the $GITHUB_BASE_REF value. When
$GITHUB_BASE_REF is empty, the action that triggered the run was not a
pull request, so we always run the full test suite.
projects / thirdparty / Python / cpython.git / log
