Represent IPv4-mapped IPv6 address as x❌x❌x❌d.d.d.d,
where the 'x's are the hexadecimal values
of the six high-order 16-bit pieces of the address,
and the 'd's are the decimal values
of the four low-order 8-bit pieces of the address
(standard IPv4 representation).
(cherry picked from commit f22bf8e3cf)
Co-authored-by: opavliuk <40970635+opavlyuk@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
gh-128840: Limit the number of parts in IPv6 address parsing (GH-128841)
GH-128840: Limit the number of parts in IPv6 address parsing
Limit length of IP address string to 39
---------
(cherry picked from commit 47f1161d3a)
Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-134062: Fix hash collisions in IPv4Network and IPv6Network (GH-134063)
(cherry picked from commit f3fc0c16e0)
gh-134062: Fix hash collisions in IPv4Network and IPv6Network
gh-134062: Add hash collision regression test
Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
If the error handler is used, a new bytes object is created to set as
the object attribute of UnicodeDecodeError, and that bytes object then
replaces the original data. A pointer to the decoded data will became invalid
after destroying that temporary bytes object. So we need other way to return
the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal().
_PyBytes_DecodeEscape() does not have such issue, because it does not
use the error handlers registry, but it should be changed for compatibility
with _PyUnicode_DecodeUnicodeEscapeInternal().
(cherry picked from commit 9f69a58623)
(cherry picked from commit 6279eb8c07)
* gh-131809: Upgrade vendored expat to 2.7.1 (GH-132192)
(cherry picked from commit c0de650024)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* make regen-sbom
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit ad6a032ceb)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
GH-107674: Avoid allocating boxed ints for `sys.settrace` line events (GH-107780)
(cherry picked from commit 37d8b904f8)
Co-authored-by: Mark Shannon <mark@hotpy.org>
Now all structure members are initialized with zeroes by default.
(cherry picked from commit 345baa77ba)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
When replace() method is called on a subclass of datetime, date or time,
properly call derived constructor. Previously, only the base class's
constructor was called.
Also, make sure to pass non-zero fold values when creating subclasses in
various methods. Previously, fold was silently ignored.
(cherry picked from commit 46190d9ea8)
Co-authored-by: Eugene Toder <eltoder@users.noreply.github.com>
[3.13] gh-111178: Fix getsockaddrarg() undefined behavior (GH-131668) (GH-131977)
gh-111178: Fix getsockaddrarg() undefined behavior (GH-131668)
Don't pass direct references to sockaddr members since their type may
not match PyArg_ParseTuple() types. Instead, use temporary 'int' and
'unsigned char' variables, and update sockaddr members afterwards.
On FreeBSD, treat BTPROTO_HCI node name as a bytes string,
not as an integer.
(cherry picked from commit c318a03b17)
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit 8cd29c2b53)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-131865: Properly apply exported CFLAGS for dtrace/systemtap builds (GH-131866)
When using --with-dtrace the resulting object file could be missing
specific CFLAGS exported by the build system due to the systemtap
script using specific defaults.
Exporting the CC and CFLAGS variables before the dtrace invocation
allows us to properly apply CFLAGS exported by the build system
even when cross-compiling.
The fix does not affect the dtrace invocation on Solaris/macOS.
(cherry picked from commit 0cd4befb02)
Co-authored-by: stratakis <cstratak@redhat.com>
gh-126037: fix UAF in `xml.etree.ElementTree.Element.find*` when concurrent mutations happen (#127964)
We fix a use-after-free in the `find`, `findtext` and `findall` methods of `xml.etree.ElementTree.Element`
objects that can be triggered when the tag to find implements an `__eq__` method that mutates the
element being queried.
(cherry picked from commit c57623c221)
The bin tag is 3.0.16.1 because we rebuilt without uplink support to fix gh-131804.
This PR also prevents making calls that are now unsafe without uplink, and updates
the tests to property interpret these failures as unsupported.
gh-131670: Fix crash in `anext()` when `__anext__` is sync and raises (GH-131682)
(cherry picked from commit 929afd1d6e)
Co-authored-by: sobolevn <mail@sobolevn.me>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* gh-131045: [Enum] fix flag containment checks when using values (GH-131053)
Check would fail if value would create a pseudo-member, but that member
had not yet been created. We now attempt to create a pseudo-member for
a passed-in value first.
---------
Co-authored-by: Ethan Furman <ethan@stoneleaf.us>
Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
gh-131417: Mention asyncio Future and Task in docs for generic classes list (GH-131422)
Mention asyncio Future and Task in docs for generic classes list
(cherry picked from commit 61b4b2c57c)
Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)
Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.
[Better fix from @bitdancer.]
---------
(cherry picked from commit 295b53df2a)
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
[3.13] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176)
(cherry picked from commit bb0268f60d)
(cherry picked from commit 6af54d298d)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
gh-131325: fix sendfile fallback implementation to drain data after writing to transport (GH-131376)
(cherry picked from commit 94f4d87aeb)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
gh-129843: fix pure Python implementation of `warnings.warn_explicit` (GH-129848)
The pure Python implementation of `warnings.warn_explicit` constructs a `WarningMessage`
with an incorrect source (it incorrectly sets the WarningMessage's line to the given `source`).
(cherry picked from commit 80e00ecc39)
Co-authored-by: Srinivas Reddy Thatiparthy (తాటిపర్తి శ్రీనివాస్ రెడ్డి) <thatiparthysreenivas@gmail.com>
gh-130814: Enhance documentation for Python C API type objects (GH-130817)
The "Type Objects" title in `c-api/typeobj.rst`, duplicating the title of `c-api/type.rst`,
has been changed to "Type Objects Structures", thereby slightly improving Sphinx
search.
(cherry picked from commit 6b932edc52)
Co-authored-by: sharktide <meherrihaan@gmail.com>
Fix the pure Python implementation of `fromisoformat()` to reject any
non-digit characters, including whitespace, in the fractional part
of time specification. This makes the behavior consistent with the C
implementation, and prevents incorrect parsing of these fractions
(e.g. `.400 ` would be misinterpreted as `.04`).
(cherry picked from commit 33494b4d0d)
(cherry picked from commit 27fd328cf6)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Michał Górny <mgorny@gentoo.org>
gh-125331: Allow the parser to activate future imports on the fly (GH-125482)
(cherry picked from commit 3bd3e09588)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
gh-130740: Move some `stdbool.h` includes after `Python.h` (#130738)
Move some `#include <stdbool.h>` after `#include "Python.h"` when `pyconfig.h` is not
included first and when we are in a platform-agnostic context. This is to avoid having
features defined by `stdbool.h` before those decided by `Python.h` (this caused some
build failures when compiling CPython with `zig cc`).
(cherry-picked from commit 214562ed4d)
---------
Co-authored-by: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
