gh-151519: Check effective gid in `_test_all_chown_common` group-0 guard (GH-151521)
The guard that skips the "chown to gid 0 should fail" assertion used
only `os.getgroups()` (supplementary groups). The kernel also accepts
the effective/filesystem gid for chown, so when a process runs with
egid 0 and a non-zero uid (common in containers and user namespaces),
chown(-1, 0) succeeds and the assertion spuriously fails.
[3.13] gh-139837: Document attributes of objects recorded by warnings.catch_warnings (GH-139893) (GH-151473) (#151494)
[3.14] gh-139837: Document attributes of objects recorded by warnings.catch_warnings (GH-139893) (GH-151473)
* gh-139837: Document attributes of objects recorded by warnings.catch_warnings (GH-139893)
(cherry picked from commit 47b7dc788c9bcf3d5ea69a2ea0aed3d5883647a8)
[3.13] gh-101267: ProcessPoolExecutor no longer shares 1 BrokenProcessPool exception among all failed futures (GH-101268) (GH-151431) (#151435)
[3.14] gh-101267: ProcessPoolExecutor no longer shares 1 BrokenProcessPool exception among all failed futures (GH-101268) (GH-151431)
* gh-101267: ProcessPoolExecutor no longer shares 1 BrokenProcessPool exception among all failed futures (GH-101268)
(cherry picked from commit 3c00ebc2bbd902495b163def850bc931420209fc)
* Drop the abrupt-exit-code reporting from the 3.14 backport
Reporting the exit codes of processes that died without a known cause
is a new feature, not part of the gh-101267 bugfix. Keep only the
bugfix on 3.14: each failed future gets its own BrokenProcessPool
exception instead of one shared instance.
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Daniel Shields <daniel.shields@twosigma.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Victor Stinner [Wed, 10 Jun 2026 21:24:46 +0000 (23:24 +0200)]
[3.13] gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250) (#151269) (#151283) (#151287)
[3.14][3.15] gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250) (#151269) (#151283)
[3.15] gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250) (#151269)
gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250)
If "import encodings" fails at Python startup, dump the Python path
configuration to help users debugging their configuration. The
encodings module is the first module imported during Python startup.
gh-143988: Fix re-entrant mutation crashes in socket sendmsg/recvmsg_into (#143987)
Fix crashes in socket.sendmsg() and socket.recvmsg_into() that could
occur if buffer sequences are mutated re-entrantly during argument
parsing via __buffer__ protocol callbacks.
The bug occurs because:
1. PySequence_Fast() returns the original list object when the input
is already a list (not a copy).
2. During iteration, PyObject_GetBuffer() triggers __buffer__
callbacks which may clear the list.
3. Subsequent iterations access invalid memory (heap OOB read).
The fix replaces PySequence_Fast() with PySequence_Tuple() which
always creates a new tuple, ensuring the sequence cannot be mutated
during iteration.
Victor Stinner [Wed, 10 Jun 2026 17:02:34 +0000 (19:02 +0200)]
[3.13][3.14] gh-89554: Document socket.SocketType as a class (#150683) (#151245) (#151254)
[3.14] gh-89554: Document socket.SocketType as a class (#150683) (#151245)
gh-89554: Document socket.SocketType as a class (#150683)
socket.SocketType is a class (re-exported from _socket as an alias of
_socket.socket, the base class of socket.socket), but was documented with
the ".. data::" directive, so ":class:" cross-references to it cannot
resolve against a py:class target.
Switch the entry to ".. class::", correct the misleading description
(SocketType is the base class of the socket type, not "type(socket(...))"
which is socket.socket; addresses gh-88427), move it into the Socket
Objects section, and document the socket object methods and attributes
nested under the socket class, dropping the redundant "socket." prefix.
Backport to 3.13: Replace ":platform: Windows" with
".. availability:: Windows" in ioctl() method.
[3.13] gh-150988: Fix refleak in `OSError` when attrs are set before `super().__init__()` (GH-150990) (#151242)
gh-150988: Fix refleak in `OSError` when attrs are set before `super().__init__()` (GH-150990)
(cherry picked from commit f2a0f82282d6307f7fd2d4ccf52a8fd95ac3922f)
Co-authored-by: Lukas Geiger <lukas.geiger94@gmail.com> Co-authored-by: Victor Stinner <vstinner@python.org>
Stan Ulbrych [Tue, 9 Jun 2026 14:23:22 +0000 (15:23 +0100)]
[3.13] gh-90949: expose Expat API to tune exponential expansion protections (GH-139368)
Expose the XML Expat 2.7.2 APIs to tune protections against
"billion laughs" [1] attacks.
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetBillionLaughsAttackProtectionActivationThreshold(threshold)`, and
- `parser.SetBillionLaughsAttackProtectionMaximumAmplification(max_factor)`.
Update the table of Windows language code identifiers (LCIDs) to
protocol version 16.0 (2024-04-23).
(cherry picked from commit bfe6f9f590849f0d9f08a6fe94a5b4e76d8ed29f)
[3.13] gh-129011: Update docs for Raw I/O read, readinto, and write (GH-135328) (#150959)
gh-129011: Update docs for Raw I/O read, readinto, and write (GH-135328)
Update `RawIOBase` and `FileIO` documentation to match implementation
behavior around `.read`, `.readinto`, `.readall` and `.write`.
In particular:
- They may make more than one system call (PEP-475)
- Add warnings if `.write()` requires a wrapping retry loop (see: gh-126606)
- "Raw I/O" `.write`` may not write all bytes
- `buffering=0` example results in a "Raw I/O"
(cherry picked from commit e4db68b9c990ed1bb7562094bee2e73f4450d42b)
ass_subscript_slice() returned early when the computed slice length
was zero, bypassing validation performed for non-empty slices.
(cherry picked from commit fc9c4db1302f8be7527e70cf0938b629985a1d72)
[3.13] Correct Stable ABI documentation for METH_FASTCALL (GH-149593) (GH-150851)
The current documentation says:
>
> METH_FASTCALL
> Part of the Stable ABI since version 3.7.
>
> [...]
>
> Added in version 3.7.
>
> Changed in version 3.10: METH_FASTCALL is now part of the stable ABI.
so is contradictory about when it was added to the Stable ABI. Looking at the header it seems like 3.10 is right.
(cherry picked from commit 58beae7319c58d850184d621d6635de23f71a229)
[3.13] gh-91099: fix[imaplib]: call Exception with string instance (GH-31823) (#150809)
* bpo-46943: fix[imaplib]: call Exception with string instance
Adjust the behavior of 'login' to be similar to `authenticate()`,
where self.error is called with a str() instance.
(cherry picked from commit 29805f00a1b65163230d17584c30e2b955086abb)
Co-authored-by: Florian Best <spaceone@users.noreply.github.com> Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
The following classes are documented publicly as functions, and are
therefore updated internally (`__class_getitem__.__doc__`) but not in the
public docs:
- functools.partial
- itertools.chain
The following builtin types have updates to `__class_getitem__.__doc__`
but not to any documentation pages:
- union objects are now documented as "supporting class-level []",
rather than anything to do with generics.
- Templates might be generic over a single type (union, in theory) or
over a TypeVarTuple. As this is not currently fully settled, it is
marked with a comment and a mild hint that it is a single type is used
(namely, "type" is singular rather than "types", plural)
* Apply suggestions from code review
* Correct several class getitem docs
And expand the text for tuples.
* Add notes on generic typing of builtins
* Fix typo in tuple.__class_getitem__ docstring
* Typo fix: malformed refs
Fix `generic` links which weren't marked as `:ref:`.
* Strike unnecessary docs on generic-ness
* Apply suggestions from code review
These are applied at both the originally indicated locations and in the
corresponding docstring definitions.
* Update Doc/library/re.rst
* Update Objects/enumobject.c
* Remove tuple generic doc in 'stdtypes' page
This is covered in more detail in the cross-linked typing documentation.
The other copy of this documentation -- in the docstring for
`tuple.__class_getitem__` -- is left in place.
* Fix whitespace around new doc of generics
Per review, do not introduce or remove whitespace such that section
breaks are altered by the introduction of doc on various generic types.
In most cases, this is a removal of an extra line.
In one case (Arrays), it is the reintroduction of a line.
Additionally, two other minor fixes are included:
- incorrect indent on 'defaultdicts'
- make `mappingproxy.__class_getitem__.__doc__` consistent with other
mapping type generic docs
* Move placement of memoryview generic note
Previous placement was at the end of the main docstring, which is
consistent with other types but places it after a section on various
methods (which makes it read somewhat inconsistently). Moving it up
helps resolve.
* Ensure sphinxdoc does not start sentences lowercase
Lowercase class names at the start of sentences are marked out with the
`class` role. In the case of `deque`, documentation already refers to
these as `Deques`, so this form is preferred.
* Apply suggestions from code review
* Fix line endings and wrap more tightly
Line endings fixed by pre-commit ; also re-wrapped the MappingProxyType
text which was too long.
BufferedRandom does not inherit from BufferedReader and BufferedWriter
in the C implementation.
(cherry picked from commit 551bc2cb5ed4719c35ca3ea0f320167dd750389e)
Petr Viktorin [Tue, 2 Jun 2026 16:12:42 +0000 (18:12 +0200)]
[3.13] gh-149079: Fix O(n^2) canonical ordering in unicodedata.normalize() (GH-149080) (#150780)
Replace the insertion sort used for canonical ordering of combining
characters with a hybrid approach: insertion sort for short runs (< 20)
and counting sort for longer runs, reducing worst-case complexity from
O(n^2) to O(n). This prevents denial of service via crafted Unicode
strings with many combining characters in alternating CCC order.
(cherry picked from commit 991224b1e8311c85f198f6dd8208bf8cff7fc26f)
Victor Stinner [Tue, 2 Jun 2026 13:13:35 +0000 (15:13 +0200)]
[3.13] gh-89554: Document _thread.LockType as a class (#150684) (#150786)
gh-89554: Document _thread.LockType as a class (#150684)
_thread.LockType is a class (the type of lock objects), but was documented
with the ".. data::" directive, so ":class:" cross-references to it cannot
resolve against a py:class target.
Switch the entry to ".. class::", move it next to the lock methods, and
document acquire(), release() and locked() as methods of the class. Keep
the old _thread.lock.* URL fragments working with raw HTML anchors.
projects / thirdparty / Python / cpython.git / log
