Skip to content
Permalink
3.8

Commits on Aug 29, 2021

  1. [3.8] bpo-45007: Update to OpenSSL 1.1.1l in Windows build and CI (GH…

    …-28009) (GH-28041)
    
    (cherry picked from commit d3bdbbf)
    
    Co-authored-by: Steve Dower <steve.dower@python.org>
    ambv and zooba committed Aug 29, 2021
  2. [3.8] bpo-43124: Fix smtplib multiple CRLF injection (GH-25987) (GH-2…

    …8036)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    (cherry picked from commit 0897253)
    
    Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
    miss-islington and miguendes committed Aug 29, 2021
  3. bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28033)

    Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
    fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
    is most used on Windows and macOS.
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    (cherry picked from commit 3fc5d84)
    
    Co-authored-by: Victor Stinner <vstinner@python.org>
    miss-islington and vstinner committed Aug 29, 2021
  4. bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktem…

    …p in pydoc (GH-23200) (GH-28026)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    (cherry picked from commit c9227df)
    
    Co-authored-by: E-Paine <63801254+E-Paine@users.noreply.github.com>
    miss-islington and E-Paine committed Aug 29, 2021

Commits on Aug 27, 2021

  1. Fix typo in a comment in Modules/_ssl.c: s/validata/validate/ (GH-27993

    …) (GH-27999)
    
    (cherry picked from commit 28db1f6)
    
    Co-authored-by: Adam Dangoor <adamdangoor@gmail.com>
    miss-islington and adamtheturtle committed Aug 27, 2021
  2. bpo-44997: macOS does not support loadable SQLite extensions (GH-27979)…

    … (GH-27996)
    
    Authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
    (cherry picked from commit 2ec9428)
    
    Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
    miss-islington and erlend-aasland committed Aug 27, 2021

Commits on Aug 26, 2021

  1. bpo-45001: Make email date parsing more robust against malformed input (

    GH-27946) (GH-27974)
    
    Various date parsing utilities in the email module, such as
    email.utils.parsedate(), are supposed to gracefully handle invalid
    input, typically by raising an appropriate exception or by returning
    None.
    
    The internal email._parseaddr._parsedate_tz() helper used by some of
    these date parsing routines tries to be robust against malformed input,
    but unfortunately it can still crash ungracefully when a non-empty but
    whitespace-only input is passed. This manifests as an unexpected
    IndexError.
    
    In practice, this can happen when parsing an email with only a newline
    inside a ‘Date:’ header, which unfortunately happens occasionally in the
    real world.
    
    Here's a minimal example:
    
        $ python
        Python 3.9.6 (default, Jun 30 2021, 10:22:16)
        [GCC 11.1.0] on linux
        Type "help", "copyright", "credits" or "license" for more information.
        >>> import email.utils
        >>> email.utils.parsedate('foo')
        >>> email.utils.parsedate(' ')
        Traceback (most recent call last):
          File "<stdin>", line 1, in <module>
          File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
            t = parsedate_tz(data)
          File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
            res = _parsedate_tz(data)
          File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
            if data[0].endswith(',') or data[0].lower() in _daynames:
        IndexError: list index out of range
    
    The fix is rather straight-forward: guard against empty lists, after
    splitting on whitespace, but before accessing the first element.
    (cherry picked from commit 989f6a3)
    
    Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
    miss-islington and wbolster committed Aug 26, 2021

Commits on Aug 17, 2021

  1. [3.8] bpo-36384: Leading zeros in IPv4 addresses are no longer tolera…

    …ted (GH-25099) (GH-27801)
    
    Reverts commit e653d4d and makes
    parsing even more strict. Like socket.inet_pton() any leading zero
    is now treated as invalid input.
    
    Signed-off-by: Christian Heimes <christian@python.org>
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    achraf-mer and ambv committed Aug 17, 2021

Commits on Aug 12, 2021

  1. bpo-33930: Fix typo in the test name. (GH-27735)

    bpo-33930: Fix typo in the test name. (GH-27733)
    (cherry picked from commit f08e6d1)
    
    Co-authored-by: Benjamin Peterson <benjamin@python.org>
    
    Co-authored-by: Benjamin Peterson <benjamin@python.org>
    miss-islington and benjaminp committed Aug 12, 2021

Commits on Aug 11, 2021

  1. [3.8] bpo-33930: Fix segfault with deep recursion when cleaning metho…

    …d objects (GH-27678) (GH-27721)
    
    (cherry picked from commit bfc2d5a)
    
    Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
    ambv and pablogsal committed Aug 11, 2021

Commits on Aug 10, 2021

  1. bpo-44854: Add .editorconfig file to help enforce make patchcheck (G…

    …H-27638) (GH-27713)
    
    (cherry picked from commit c0ab59f)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    miss-islington and ambv committed Aug 10, 2021

Commits on Aug 7, 2021

  1. bpo-44856: Possible reference leak in error paths of update_bases() a…

    …nd __build_class__ (GH-27647) (GH-27652)
    
    (cherry picked from commit a40675c)
    
    Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
    miss-islington and pablogsal committed Aug 7, 2021

Commits on Jul 28, 2021

  1. Spell out 's.pop() or s.pop(i)' (GH-27398) (GH-27414)

    (cherry picked from commit 2ff5bb4)
    
    Co-authored-by: Dennis Sweeney <36520290+sweeneyde@users.noreply.github.com>
    miss-islington and sweeneyde committed Jul 28, 2021

Commits on Jul 21, 2021

  1. bpo-30511: Add note on thread safety to shutil.make_archive() (GH-26933

    …) (#27276)
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    (cherry picked from commit 64f54b7)
    
    Co-authored-by: andrei kulakov <andrei.avk@gmail.com>
    miss-islington and akulakov committed Jul 21, 2021

Commits on Jul 12, 2021

  1. bpo-44022: Improve the regression test. (GH-26503) (#26506)

    It wasn't actually detecting the regression due to the assertion being too lenient.
    (cherry picked from commit e60ab84)
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    miss-islington and gpshead committed Jul 12, 2021

Commits on Jun 24, 2021

  1. bpo-44229: Ignore spurious EPROTOTYPE on macOS in test_ssl (GH-26893) (

    …GH-26895)
    
    (cherry picked from commit b5a52ee)
    
    Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
    miss-islington and erlend-aasland committed Jun 24, 2021

Commits on Jun 12, 2021

  1. bpo-38323: Skip SubprocessMultiLoopWatcherTest as they can hang the t…

    …est suite (GH-26542) (GH-26670)
    
    (cherry picked from commit f171877)
    
    Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
    miss-islington and pablogsal committed Jun 12, 2021

Commits on May 12, 2021

  1. [3.8] bpo-44061: Fix pkgutil.iter_modules regression when passed a pa…

    …thlib.Path object (GH-25964). (GH-26056)
    
    (cherry picked from commit e9d7f88)
    
    Co-authored-by: Miguel Brito <5544985+miguendes@users.noreply.github.com>
    ambv and miguendes committed May 12, 2021

Commits on May 7, 2021

  1. bpo-40297: Fix test_socket.CANTest.testSendFrame (GH-19548) (#25957)

    The address tuple for CAN_RAW no longer returns the address family
    after the introduction of CAN ISO-TP support in a30f6d4. However,
    updating test_socket.CANTest.testSendFrame was missed as part of the
    change, so the test incorrectly attempts to index past the last tuple
    item to retrieve the address family.
    
    This removes the now-redundant check for equality against socket.AF_CAN,
    as the tuple will not contain the address family.
    (cherry picked from commit 355bae8)
    
    Co-authored-by: karl ding <karlding@users.noreply.github.com>
    miss-islington and karlding committed May 7, 2021

Commits on May 6, 2021

  1. bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 1…

    …00 Continue (GH-25916) (#25933)
    
    Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response.
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    (cherry picked from commit 47895e3)
    
    Co-authored-by: Gen Xu <xgbarry@gmail.com>
    miss-islington and gen-xu committed May 6, 2021

Commits on May 5, 2021

  1. [3.8] bpo-43882 - urllib.parse should sanitize urls containing ASCII …

    …newline and tabs. (GH-25595) (#25726)
    
    Co-authored-by: Gregory P. Smith <greg@krypto.org>
    Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
    (cherry picked from commit 76cd81d)
    Co-authored-by: Senthil Kumaran <senthil@uthcode.com>
    Co-authored-by: Senthil Kumaran <skumaran@gatech.edu>
    4 people committed May 5, 2021

Commits on May 3, 2021

  1. Post 3.8.10

    ambv committed May 3, 2021
  2. Merge tag 'v3.8.10' into 3.8

    Python 3.8.10
    ambv committed May 3, 2021
  3. bpo-42800: Add audit events for f_code and tb_frame (GH-24182)

    Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name):
    * PyTracebackObject: tb_frame
    * PyFrameObject: f_code
    * PyGenObject: gi_code, gi_frame
    * PyCoroObject: cr_code, cr_frame
    * PyAsyncGenObject: ag_code, ag_frame
    (cherry picked from commit bb2f3ff)
    
    Co-authored-by: Steve Dower <steve.dower@python.org>
    miss-islington and zooba committed May 3, 2021
  4. Python 3.8.10

    ambv committed May 3, 2021

Commits on May 2, 2021

  1. bpo-43434: Move sqlite3.connect audit events to sqlite3.Connection.__…

    …init__ (GH-25818)
    
    (cherry picked from commit c96cc08)
    
    Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
    erlend-aasland committed May 2, 2021
  2. bpo-32745: Fix a regression in the handling of ctypes' c_wchar_p type (

    …GH-8721) (#25811)
    
    Embedded nulls would cause a ValueError to be raised. Thanks go to Eryk Sun for their analysis.
    
    Co-authored-by: Łukasz Langa <lukasz@langa.pl>
    (cherry picked from commit 73766b0)
    
    Co-authored-by: Zackery Spytz <zspytz@gmail.com>
    miss-islington and ZackerySpytz committed May 2, 2021
  3. bpo-44009: Provide "python3.x-intel64" for Apple Silicon Macs (GH-25810)

    This allows reliably forcing macOS universal2 framework builds
    to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs
    if needed for testing or when universal2 wheels are not yet
    available.
    (cherry picked from commit 0cb33da)
    
    Co-authored-by: Ned Deily <nad@python.org>
    
    Automerge-Triggered-By: GH:ned-deily
    
    Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
    ned-deily and miss-islington committed May 2, 2021
  4. [3.8] bpo-41100: Support macOS 11 Big Sur and Apple Silicon Macs (#25806

    )
    
    * bpo-41100: Support macOS 11 and Apple Silicon on Python 3.8
    
    This is a partial backport of bpo-41100 changes `e8b1c038b14b5fc8120aab62c9bf5fb840274cb6` and `96d906b144e6e6aa96c5ffebecbcc5d38034bbda` for Python 3.8. We introduce the ability to build Python from source for `arm64` on macOS, but we do not make a promise of support. This allows us to omit support for Universal2 binaries as well as weak-linking of symbols from the macOS SDK based on the deployment target, which are larger changes much more difficult to merge.
    
    This also includes a backport of subsequent bpo-42688 change `7e729978fa08a360cbf936dc215ba7dd25a06a08` to fix build errors with external `libffi`.
    
    * bpo-41116: Ensure system supplied libraries are found on macOS 11 (GH-23301) (GH-23455)
    
    On macOS system provided libraries are in a shared library cache
    and not at their usual location. This PR teaches distutils to search
    in the SDK, even if there was no "-sysroot" argument in
    the compiler flags.
    (cherry picked from commit 404a719)
    
    * bpo-42504: fix for MACOSX_DEPLOYMENT_TARGET=11 (GH-23556)
    
    macOS releases numbering has changed as of macOS 11 Big Sur.  Previously, major releases were of the form 10.x, 10.x+1, 10.x+2, etc; as of Big Sur, they are now x, x+1, etc, so, for example, 10.15, 10.15.1, ..., 10.15.7, 11, 11.0.1, 11.1, ..., 12, 12.1, etc. Allow Python to build with single-digit deployment target values. Patch provided by FX Coudert.
    (cherry picked from commit 5291639)
    
    * bpo-42504: Ensure that get_config_var('MACOSX_DEPLOYMENT_TARGET') is a string (GH-24341) (GH-24410)
    
    * bpo-42504: Ensure that get_config_var('MACOSX_DEPLOYMENT_TARGET') is a string
    (cherry picked from commit 49926cf)
    
    Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
    Co-authored-by: FX Coudert <fxcoudert@gmail.com>
    Co-authored-by: Max Bélanger <aeromax@gmail.com>
    4 people committed May 2, 2021
Older