Reproducer depends on terminal size - the traceback occurs when there's
an option long enough so the usage line doesn't fit the terminal width.
Option order is also important for reproducibility.
Excluding empty groups (with all options suppressed) from inserts
fixes the problem.
(cherry picked from commit 5f7df88821)
Co-authored-by: Daniel Mach <daniel.mach@suse.com>
Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce46e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
(cherry picked from commit 5ea86f496a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
csv.writer() now quotes empty fields if delimiter is a space and
skipinitialspace is true and raises exception if quoting is not possible.
(cherry picked from commit 937d282150)
This allows getting source code for the __main__ module when a custom
loader is used.
(cherry picked from commit e976baba99)
Co-authored-by: Eugene Toder <eltoder@users.noreply.github.com>
gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573)
* gh-114572: Fix locking in cert_store_stats and get_ca_certs
cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with
X509_STORE_get0_objects, but reading the result requires a lock. See
https://github.com/openssl/openssl/pull/23224 for details.
Instead, use X509_STORE_get1_objects, newly added in that PR.
X509_STORE_get1_objects does not exist in current OpenSSLs, but we can
polyfill it with X509_STORE_lock and X509_STORE_unlock.
* Work around const-correctness problem
* Add missing X509_STORE_get1_objects failure check
* Add blurb
(cherry picked from commit bce693111b)
Co-authored-by: David Benjamin <davidben@google.com>
Update _get_hostport to always remove square brackets
from IPv6 addresses. Then add them if needed
in "CONNECT .." and "Host: ".
(cherry picked from commit 465db27cb9)
Co-authored-by: Derek Higgins <derekh@redhat.com>
ListSeparator should not be encoded. This could happen when a long line
pushes its separator to the next line, which would have been encoded.
(cherry picked from commit 09fab93c3d)
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
lseek() always returns 0 for character pseudo-devices like
`/dev/urandom` (for other non-regular files, e.g. `/dev/stdin`, it
always returns -1, to which CPython reacts by raising appropriate
exceptions). They are thus technically seekable despite not having seek
semantics.
When calling read() on e.g. an instance of `io.BufferedReader` that
wraps such a file, `BufferedReader` reads ahead, filling its buffer,
creating a discrepancy between the number of bytes read and the internal
`tell()` always returning 0, which previously resulted in e.g.
`BufferedReader.tell()` or `BufferedReader.seek()` being able to return
positions < 0 even though these are supposed to be always >= 0.
Invariably keep the return value non-negative by returning
max(former_return_value, 0) instead, and add some corresponding tests.
(cherry picked from commit 26800cf25a)
Co-authored-by: 6t8k <58048945+6t8k@users.noreply.github.com>
[3.12] GH-113516: don't set `LDSHARED` when building for WASI (GH-115495) (GH-115496)
(cherry picked from commit 0e4f73b8e4)
Co-authored-by: Brett Cannon <brett@python.org>
gh-115392: Fix doctest reporting incorrect line numbers for decorated functions (GH-115440)
(cherry picked from commit bb791c7728)
Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
Immediate merits:
* eliminate complex workarounds for 'z' format support
(NOTE: mpdecimal recently added 'z' support, so this becomes
efficient in the long term.)
* fix 'z' format memory leak
* fix 'z' format applied to 'F'
* fix missing 'GH-' format support
Suggested and prototyped by Stefan Krah.
Fixes gh-114563, gh-91060
(cherry picked from commit 72340d15cd)
(cherry picked from commit 09c98e4633)
Co-authored-by: Stefan Krah <skrah@bytereef.org>
Also add more tests for LoggerAdapter.
Also support stacklevel in LoggerAdapter._log().
(cherry picked from commit 225856ef3e)
(cherry picked from commit 91822018ee)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Class methods no longer have "method of builtins.type instance" note.
* Corresponding notes are now added for class and unbound methods.
* Method and function aliases now have references to the module or the
class where the origin was defined if it differs from the current.
* Bound methods are now listed in the static methods section.
* Methods of builtin classes are now supported as well as methods of
Python classes.
(cherry picked from commit 2939ad02be)
(cherry picked from commit cfb79caaab)
Setters for members with an unsigned integer type now support
the same range of valid values for objects that has a __index__()
method as for int.
Previously, Py_T_UINT, Py_T_ULONG and Py_T_ULLONG did not support
objects that has a __index__() method larger than LONG_MAX.
Py_T_ULLONG did not support negative ints. Now it supports them and
emits a RuntimeWarning.
(cherry picked from commit d9d6909697)
Trailing "**" no longer allows to match files and non-existing paths in
recursive glob().
(cherry picked from commit aeffc7f895)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Feeding the parser by too small chunks defers parsing to prevent
CVE-2023-52425. Future versions of Expat may be more reactive.
(cherry picked from commit 4a08e7b343)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.11] gh-115198: Fix test_check_metadata_deprecation in test_distutils
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
---------
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
gh-115165: Fix `typing.Annotated` for immutable types (GH-115213)
The return value from an annotated callable can raise any exception from
__setattr__ for the `__orig_class__` property.
(cherry picked from commit 564385612c)
Co-authored-by: dave-shawley <daveshawley@gmail.com>
* gh-89811: Check for valid tp_version_tag in specializer (GH-113558)
* gh-113937 Fix failures in type cache tests due to re-running (GH-113953)
* Update backported code for 3.11 specifically
* Fix a RuntimeWarning emitted when assign an integer-like value that
is not an instance of int to an attribute that corresponds to a C
struct member of type T_UINT and T_ULONG.
* Fix a double RuntimeWarning emitted when assign a negative integer value
to an attribute that corresponds to a C struct member of type T_UINT.
(cherry picked from commit 3ddc515255)
Previously, "tag_unbind(tag, sequence, funcid)" methods of Text and
Canvas widgets destroyed the current binding for "sequence", leaving
"sequence" unbound, and deleted the "funcid" command.
Now they remove only "funcid" from the binding for "sequence", keeping
other commands, and delete the "funcid" command.
They leave "sequence" unbound only if "funcid" was the last bound command.
(cherry picked from commit 7e42fddf60)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Miss Islington (bot)