Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.
Co-authored-by: Mike Edmunds <medmunds@gmail.com> Co-authored-by: R David Murray <rdmurray@bitdance.com> Co-authored-by: Petr Viktorin <encukou@gmail.com>
Victor Stinner [Thu, 3 Apr 2025 16:25:51 +0000 (18:25 +0200)]
[3.11] gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361) (GH-127905) (GH-131970)
gh-127257: ssl: Raise OSError for ERR_LIB_SYS (GH-127361)
From the ERR_raise manpage:
ERR_LIB_SYS
This "library code" indicates that a system error is
being reported. In this case, the reason code given
to `ERR_raise()` and `ERR_raise_data()` *must* be
`errno(3)`.
This PR only handles ERR_LIB_SYS for the high-lever error types
SSL_ERROR_SYSCALL and SSL_ERROR_SSL, i.e., not the ones where
OpenSSL indicates it has some more information about the issue.
Diego Russo [Tue, 11 Mar 2025 15:31:03 +0000 (15:31 +0000)]
[3.11] gh-106883 Fix deadlock in threaded application (#117332)
When using threaded applications, there is a high risk of a deadlock in
the interpreter. It's a lock ordering deadlock with HEAD_LOCK(&_PyRuntime); and the GIL.
By disabling the GC during the _PyThread_CurrentFrames() and
_PyThread_CurrentExceptions() calls fixes the issue.
[3.11] gh-119511: Fix a potential denial of service in imaplib (GH-119514) (#129357)
The IMAP4 client could consume an arbitrary amount of memory when trying
to connect to a malicious server, because it read a "literal" data with a
single read(size) call, and BufferedReader.read() allocates the bytes
object of the specified size before reading. Now the IMAP4 client reads data
by chunks, therefore the amount of used memory is limited by the
amount of the data actually been sent by the server.
(cherry picked from commit 735f25c5e3a0f74438c86468ec4dfbe219d93c91)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
[3.11] gh-80222: Fix email address header folding with long quoted-string (GH-122753) (#129009)
Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf41685834901e4ed0a40f4c055b92991a0bb5)
Co-authored-by: Mike Edmunds <medmunds@gmail.com> Co-authored-by: Petr Viktorin <encukou@gmail.com>
Fix ThreadedVSOCKSocketStreamTest: if get_cid() returns the host
address or the "any" address, use the local communication address
(loopback): VMADDR_CID_LOCAL.
On Linux 6.9, apparently, the /dev/vsock device is now available but
get_cid() returns VMADDR_CID_ANY (-1).
Make `versionchanged:: next`` expand to current (unreleased) version.
When a new CPython release is cut, the release manager will replace
all such occurences of "next" with the just-released version.
(See the issue for release-tools and devguide PRs.)
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
(cherry picked from commit 7d24ea9db3e8fdca52058629c9ba577aba3d8e5c)
gh-121277: Raise nice error on `next` as second argument to deprecated-removed (GH-124623)
Petr Viktorin [Fri, 6 Sep 2024 10:46:23 +0000 (12:46 +0200)]
[3.11] [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (GH-111116) (#123767)
Detect email address parsing errors and return empty tuple to
indicate the parsing error (old API). Add an optional 'strict'
parameter to getaddresses() and parseaddr() functions. Patch by
Thomas Dwyer.
[3.11]GH-112275: Fix HEAD_LOCK deadlock in child process after fork (#112336)
HEAD_LOCK is called from _PyEval_ReInitThreads->_PyThreadState_DeleteExcept before _PyRuntimeState_ReInitThreads reinit runtime->interpreters.mutex which might be locked before fork.
[3.11] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122608)
Per RFC 2047:
> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects
It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.
Verify that email headers are well-formed.
This should fail for custom fold() implementations that aren't careful
about newlines.
[3.11] gh-122133: Authenticate socket connection for `socket.socketpair()` fallback (GH-122134) (#122426)
Authenticate socket connection for `socket.socketpair()` fallback when the platform does not have a native `socketpair` C API. We authenticate in-process using `getsocketname` and `getpeername` (thanks to Nathaniel J Smith for that suggestion).
Serhiy Storchaka [Thu, 23 May 2024 12:09:03 +0000 (15:09 +0300)]
[3.11] gh-118643: Fix AttributeError in the email module (GH-119099) (#119393)
Fix regression introduced in gh-100884: AttributeError when re-fold a long
address list.
Also fix more cases of incorrect encoding of the address separator in the
address list missed in gh-100884.
(cherry picked from commit 858b9e85fcdd495947c9e892ce6e3734652c48f2)
[3.11] gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (GH-117309) (GH-117318)
gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (GH-117309)
Remove extra self DECREF on ssl "no ciphers" error path.
This doesn't come up in practice because nobody links against a broken
OpenSSL library that provides nothing.
(cherry picked from commit 8cb7d7ff86a1a2d41195f01ba4f218941dd7308c)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
[3.11] [3.12] gh-115538: Use isolate mode when running venv test_multiproces… (GH-117264) (#117265)
[3.12] gh-115538: Use isolate mode when running venv test_multiproces… (GH-117264)
[3.12] gh-115538: Use isolate mode when running venv test_multiprocessing_recursion() (GH-117116)
(cherry picked from commit 4ec347760f98b156c6a2d42ca397af6b0b6ecc50)
[3.11] [3.12] gh-83434: Sync libregrtest and test_regrtest with the main branch (GH-117250) (#117251)
[3.12] gh-83434: Sync libregrtest and test_regrtest with the main branch (GH-117250)
* gh-115122: Add --bisect option to regrtest (GH-115123)
* test.bisect_cmd now exit with code 0 on success, and code 1 on
failure. Before, it was the opposite.
* test.bisect_cmd now runs the test worker process with
-X faulthandler.
* regrtest RunTests: Add create_python_cmd() and bisect_cmd()
methods.
* gh-115720: Show number of leaks in huntrleaks progress reports (GH-115726)
Instead of showing a dot for each iteration, show:
- '.' for zero (on negative) leaks
- number of leaks for 1-9
- 'X' if there are more leaks
This allows more rapid iteration: when bisecting, I don't need
to wait for the final report to see if the test still leaks.
Also, show the full result if there are any non-zero entries.
This shows negative entries, for the unfortunate cases where
a reference is created and cleaned up in different runs.
Test *failure* is still determined by the existing heuristic.
[3.11] gh-117187: Fix XML tests for vanilla Expat <2.6.0 (GH-117203) (GH-117245)
gh-117187: Fix XML tests for vanilla Expat <2.6.0 (GH-117203)
This fixes XML unittest fallout from the https://github.com/python/cpython/issues/115398 security fix. When configured using `--with-system-expat` on systems with older pre 2.6.0 versions of libexpat, our unittests were failing.
* sax|etree: Simplify Expat version guard where simplifiable
Idea by Matěj Cepl
* sax|etree: Fix reparse deferral tests for vanilla Expat <2.6.0
This *does not fix* the case of distros with an older version of libexpat with the 2.6.0 feature backported as a security fix. (Ubuntu is a known example of this with its libexpat1 2.5.0-2ubunutu0.1 package)
(cherry picked from commit 9f74e86c78853c101a23e938f8e32ea838d8f62e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
Serhiy Storchaka [Tue, 19 Mar 2024 20:08:00 +0000 (22:08 +0200)]
[3.11] gh-90300: Improve the Python CLI help output (GH-115853) (GH-117022) (GH-117034)
* document equivalent command-line options for all environment variables
* document equivalent environment variables for all command-line options
* reduce the size of variable and option descriptions to minimum
* remove the ending period in single-sentence descriptions
[3.11] gh-116957: configparser: Do post-process values after DuplicateOptionError (GH-116958) (GH-117012)
If you catch DuplicateOptionError / DuplicateSectionError when reading a
config file (the intention is to skip invalid config files) and then
attempt to use the ConfigParser instance, any values it *had* read
successfully so far, were stored as a list instead of string! Later
`get` calls would raise "AttributeError: 'list' object has no attribute
'find'" from somewhere deep in the interpolation code.
projects / thirdparty / Python / cpython.git / log
