[3.15] gh-149902: Remove dead packaging docs link and add a new section for external resources (GH-150030) (#150241)
Co-authored-by: Mia Albert <micha@2231puppy.tech> Co-authored-by: Stan Ulbrych <stan@python.org> Co-authored-by: Ned Batchelder <ned@nedbatchelder.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
[3.15] gh-137571: Protect against possible UnboundLocalError in gzip._GzipReader.read() (GH-150222) (GH-150229)
This has not been observed in practice, but we cannot be 100% sure that
it will not happen with some weird gzip data.
(cherry picked from commit 28eac9a7263ad8dcfa9b536aa238549131857e0f)
[3.15] gh-149995: Update typing.py docstrings and documentation (GH-149996) (#150215)
gh-149995: Update typing.py docstrings and documentation (GH-149996)
Some of these docstrings read as if they were written when typing.py was
first written, and things have evolved since then.
A few motivations:
- Call protocols protocols instead of ABCs. They are also ABCs, but the fact
they are protocols is more relevant to typing.
- Avoid recommending direct use of .__annotations__ and steer users to
annotationlib instead.
- For TypedDict, mention NotRequired before total=False since it is more
general and probably more frequently useful.
- For overloads, mention runtime use first instead of stub use. I think early on
there was talk of allowing overload only in stubs, but it is now heavily used at
runtime too and that's more likely to be relevant to users.
(cherry picked from commit f159419ae2ef1aebbd90ce9427b55e27738c960c)
[3.15] gh-148294: Make configure find g++ correctly (GH-150212)
The `AC_PATH_TOOL` calls had included a duplicated argument, causing a "`PATH`"
consisting of `notfound` to be searched instead of `$PATH`.
(cherry picked from commit c613f72eeef83340cb369287f7c1a195e086d1d5)
[3.15] gh-149819: fix .pth and .start file processing in subprocess when inheriting PYTHONPATH (GH-150177) (#150202)
gh-149819: fix .pth and .start file processing in subprocess when inheriting PYTHONPATH (GH-150177)
* gh-149819: Fix .pth files not loaded in Python subprocesses
After PR gh-149583 (Fix double evaluation of .pth and .site files in
venvs), .pth files are no longer loaded in subprocesses started with
subprocess.run([sys.executable, ...]). The root cause: main() seeds
known_paths from removeduppaths() with all sys.path entries inherited
from the parent process. addsitedir() then skips .pth processing for
every directory already in known_paths.
Fix:
- main(): call removeduppaths() for dedup but start known_paths as a
fresh empty set, so that addsitedir() processes .pth files in every
site-packages directory regardless of inherited sys.path.
- addsitedir(): move known_paths.add() before the sys.path.append and
guard the append with 'sitedir not in sys.path' to avoid creating
duplicate entries when called with a fresh known_paths.
This preserves the gh-75723 dedup guarantee while allowing subprocesses
to load .pth files.
* Fill out the tests for GH#149888
* Extend _make_start() and _make_pth() to take an optional `basedir` which is used instead of
`site.tmpdir` if given.
* Add test_pth_processed_when_sitedir_already_on_path() to test the core GH#149819 bug: .pth files
in subprocesses aren't handled if PYTHONPATH pointing to the .pth directory is inherited.
* Similarly add test_start_processed_when_sitedir_already_on_path() to verify that .start files in
the same circumstances are also now processed.
Co-authored-by: Caleb <23644849+ctrlaltf2@users.noreply.github.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Emma Smith <emma@emmatyping.dev> Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
[3.15] gh-148260: Use at least 1 MiB stack size on musl (GH-149993) (#150150)
gh-148260: Use at least 1 MiB stack size on musl (GH-149993)
On Linux when Python is linked to the musl C library, use a thread
stack size of at least 1 MiB instead of musl default which is 128
kiB.
(cherry picked from commit df6c157e51430e8e7458012417c534ad8c33119f)
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.15] gh-150042: queue.SimpleQueue.put: fix minor refleak. (GH-150043) (GH-150127)
If queue.SimpleQueue.put can't handoff the item to a
waiting thread, and fails to allocate memory when adding
the item to a ringbuf, it would leak a reference. Fixed.
(cherry picked from commit 79088e0d82931c21fa72eadc416a18b7b0fdf9c1)
bpo-42367: Restore os.makedirs() and pathlib.mkdir() ability to apply *mode* recursively via a new parent_mode= keyword argument.
(cherry picked from commit 9770e32ce07110f0c8c7a381604ec9a490028eed)
+ Make Path.mkdir parent_mode tests umask-independent
test_mkdir_with_parent_mode, test_mkdir_parent_mode_deep_hierarchy and
test_mkdir_parent_mode_same_as_mode assert exact directory mode bits but
did not pin the process umask. On buildbots running with a restrictive
umask (e.g. 0o077) the 0o755 leaf was masked down to 0o700, failing the
assertions. Wrap them in os_helper.temp_umask(0o022), matching the
other umask-aware mkdir tests in this file.
---------
Co-authored-by: nessita <124304+nessita@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Co-authored-by: Erlend E. Aasland <erlend@python.org> Co-authored-by: Gregory P. Smith <greg@krypto.org>
[3.15] gh-146452: Improve locking granularity in pickle's batch_dict_exact and fix race condition (GH-150025) (#150039)
gh-146452: Improve locking granularity in pickle's batch_dict_exact and fix race condition (GH-150025)
Remove assertion that could fail in rare race condition.
Replace the coarse critical section wrapping the entire function with
fine-grained sections covering only PyDict_Next + Py_INCREF.
Also handle PyDict_Next returning 0 in the single-item fast path.
(cherry picked from commit 57a0e570d36f41b953a91bbaf4262a5d05d0391b)
`faulthandler_traverse` visits Python objects owned by `_PyRuntime`, not
by the module instance. With multi-phase init allowing multiple module
instances, each instance's GC traversal decrements `gc_refs` on the same
runtime-owned objects, driving it negative when two instances are
collected simultaneously.
(cherry picked from commit 56737483c2ffdaadfec648fd38d409c6b10941c0)
[3.15] gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-149648) (#149792)
gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-149648)
ftpcp() called parse227() directly and passed the source server's
self-reported PASV IPv4 address to the target server's PORT command,
bypassing the CVE-2021-4189 fix that was applied only to FTP.makepasv().
A malicious source FTP server could use this to redirect the target
server's data connection to an arbitrary host:port (SSRF).
ftpcp() now uses the source server's actual peer address, honoring the
existing trust_server_pasv_ipv4_address opt-out, the same as makepasv().
[3.15] Link to existing rules in compound_stmts.rst (GH-149811) (GH-149836)
Link to existing rules in compound_stmts.rst (GH-149811)
In gh-138418, `!` was added to links to rules that don't exist in
the docs, in order to silence broken link warnings.
However, productionlist doesn't parse the `!`, which ends up in
the rendered documentation. (It's possible that gh-127835 broke
the `!` support.)
Replace the names with ones that appear in docs:
- `star_named_expression` in the grammar corresponds to
`flexible_expression` in the docs
- `star_named_expressions` in the grammar corresponds to
`flexible_expression_list` in the docs
- `named_expression` in the grammar corresponds to
`assignment_expression` in the docs
Having two sets of names isn't great of course. Consolidating them
is tracked in (subissues of) gh-127833.
(cherry picked from commit c37529293d1e05081cb4e8668162c76583b88007)
* Add re-entrant tests for gh-149504
* Add end-to-end integration test coverage
This ensures that future whitebox internal test changes do not regress the
public surface semantics.
* Implement a state class to process .pth and .start files
By using this state class and managing implicit and explicit batching, we make it structurally
impossible to get bitten by re-entrant site startup processing.
RFC 2047 Section 6.2 requires that "any 'linear-white-space' that
separates a pair of adjacent 'encoded-word's is ignored." The modern
header value parser correctly implements that for unstructured headers,
but had missed a case in structured headers. This could cause a parsed
address header to include extraneous spaces in a display-name.
Switch to @bitdancer's fix from review feedback. Recharacterize space
between ews as fws after parsing in get_phrase.
RDM: This fix is dependent on the fact that "subsequent" atoms will never have
leading whitespace because that's been consumed already. I don't think
it's worth adding extra code for the possibility of leading whitespace
because the parser won't produce it. It's a bit of parser fragility in the
face of code changes, but I think that's a minor concern given the
parser design (which is that it consumes whitespace greedily)
(cherry picked from commit 7a4c6dfb8839eb05fb87baf70364680e45001dd4)
Co-authored-by: Mike Edmunds <medmunds@gmail.com> Co-authored-by: R David Murray <rdmurray@bitdance.com>
[3.15] gh-148821: Add more strict tests for XML encodings (GH-149765) (GH-149770)
Exclude encodings like 'utf-8-sig', 'iso2022-jp' and 'hz' from the list of
supported encodings.
(cherry picked from commit fa2afa64d9467fb7362672ed603d29d8e246d240)
[3.15] gh-149496: Fix MacOSTest.test_default regression when BROWSER env var is set (GH-149579) (#149745)
gh-149496: Fix MacOSTest.test_default regression when BROWSER env var is set (GH-149579)
gh-149496: Fix MacOSTest.test_default failing when BROWSER env var is set
MacOSTest.test_default calls webbrowser.get() and asserts it returns a
MacOS instance. When BROWSER is set in the environment (e.g. BROWSER=open,
a common macOS workaround for the old osascript-based implementation),
register_standard_browsers() registers a GenericBrowser as the preferred
browser instead, causing the assertion to fail.
This is a regression introduced in gh-137586, which added MacOSTest and
moved test_default into it from MacOSXOSAScriptTest. MacOSXOSAScriptTest
had an identical setUp() guard added in gh-131254 specifically to fix this
same failure. The guard was not carried over to MacOSTest.
Add setUp() to MacOSTest to unset BROWSER for the duration of each test,
restoring the isolation that was already established as the correct pattern
for macOS webbrowser tests.
(cherry picked from commit 45c47d26c230086163ac1ef0aa9f955f794fb69c)
Co-authored-by: Jeff Lyon <146767590+secengjeff@users.noreply.github.com>
[3.15] gh-139808: Add branch protections for aarch64 in asm_trampoline.S (GH-130864) (#149730)
gh-139808: Add branch protections for aarch64 in asm_trampoline.S (GH-130864)
Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S.
The BTI flag must be applied in assembler sources for this class
of attacks to be mitigated on newer aarch64 processors.
See also:
https://sourceware.org/annobin/annobin.html/Test-branch-protection.html
and
https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64
(cherry picked from commit da8477b25c6124c961306d4d7cd5ec7dafda6be4)
Co-authored-by: stratakis <cstratak@redhat.com> Co-authored-by: Victor Stinner <vstinner@python.org>
Sam Gross [Mon, 11 May 2026 18:23:39 +0000 (18:23 +0000)]
[3.15] gh-145235: Make dict watcher API thread-safe for free-threaded builds (gh-145233) (#149690)
In free-threaded builds, concurrent calls to PyDict_AddWatcher, PyDict_ClearWatcher, PyDict_Watch, and PyDict_Unwatch can race on the shared callback array and the per-dict watcher tags. This change adds a mutex to serialize watcher registration and removal, atomic operations for tag updates, and atomic acquire/release synchronization for callback dispatch in _PyDict_SendEvent.
[3.15] gh-149486: tarfile.data_filter: validate written link target (GH-149487) (GH-149553)
gh-149486: tarfile.data_filter: validate written link target (GH-149487)
The data filter rewrote linknames with normpath() but ran the
containment check against the un-normalised value, and computed a
symlink's directory before stripping trailing slashes. Both let a
crafted archive create links pointing outside the destination. Also
reject link members that resolve to the destination directory itself,
which could otherwise replace it with a symlink and redirect all
subsequent members.
projects / thirdparty / Python / cpython.git / log
