Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
is most used on Windows and macOS.
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 3fc5d84046)
Co-authored-by: Victor Stinner <vstinner@python.org>
PyPy and potentially other implementations have different or no
contraints on the number of blocks that can be statically nested. move
the test that checks for this behaviour into a unit test and mark it as
CPython-only.
(cherry picked from commit eb263f9a35)
Co-authored-by: Carl Friedrich Bolz-Tereick <cfbolz@gmx.de>
Fixes:
Traceback (most recent call last):
File "/home/graingert/projects/asyncio-demo/demo.py", line 36, in <module>
sys.exit(main())
File "/home/graingert/projects/asyncio-demo/demo.py", line 30, in main
test_all_tasks_threading()
File "/home/graingert/projects/asyncio-demo/demo.py", line 24, in test_all_tasks_threading
results.append(f.result())
File "/usr/lib/python3.10/concurrent/futures/_base.py", line 438, in result
return self.__get_result()
File "/usr/lib/python3.10/concurrent/futures/_base.py", line 390, in __get_result
raise self._exception
File "/usr/lib/python3.10/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/lib/python3.10/asyncio/runners.py", line 47, in run
_cancel_all_tasks(loop)
File "/usr/lib/python3.10/asyncio/runners.py", line 56, in _cancel_all_tasks
to_cancel = tasks.all_tasks(loop)
File "/usr/lib/python3.10/asyncio/tasks.py", line 53, in all_tasks
tasks = list(_all_tasks)
File "/usr/lib/python3.10/_weakrefset.py", line 60, in __iter__
with _IterationGuard(self):
File "/usr/lib/python3.10/_weakrefset.py", line 33, in __exit__
w._commit_removals()
File "/usr/lib/python3.10/_weakrefset.py", line 57, in _commit_removals
discard(l.pop())
IndexError: pop from empty list
Also fixes:
Exception ignored in: weakref callback <function WeakKeyDictionary.__init__.<locals>.remove at 0x00007fe82245d2e0>
Traceback (most recent call last):
File "/usr/lib/pypy3/lib-python/3/weakref.py", line 390, in remove
del self.data[k]
KeyError: <weakref at 0x00007fe76e8d8180; dead>
Exception ignored in: weakref callback <function WeakKeyDictionary.__init__.<locals>.remove at 0x00007fe82245d2e0>
Traceback (most recent call last):
File "/usr/lib/pypy3/lib-python/3/weakref.py", line 390, in remove
del self.data[k]
KeyError: <weakref at 0x00007fe76e8d81a0; dead>
Exception ignored in: weakref callback <function WeakKeyDictionary.__init__.<locals>.remove at 0x00007fe82245d2e0>
Traceback (most recent call last):
File "/usr/lib/pypy3/lib-python/3/weakref.py", line 390, in remove
del self.data[k]
KeyError: <weakref at 0x000056548f1e24a0; dead>
See: https://github.com/agronholm/anyio/issues/362GH-issuecomment-904424310
See also: https://bugs.python.org/issue29519
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 206b21ed9f)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
Also improve the build script for libffi, which is not used as part of the regular build.
(cherry picked from commit 969ae7f735)
Co-authored-by: Steve Dower <steve.dower@python.org>
Various date parsing utilities in the email module, such as
email.utils.parsedate(), are supposed to gracefully handle invalid
input, typically by raising an appropriate exception or by returning
None.
The internal email._parseaddr._parsedate_tz() helper used by some of
these date parsing routines tries to be robust against malformed input,
but unfortunately it can still crash ungracefully when a non-empty but
whitespace-only input is passed. This manifests as an unexpected
IndexError.
In practice, this can happen when parsing an email with only a newline
inside a ‘Date:’ header, which unfortunately happens occasionally in the
real world.
Here's a minimal example:
$ python
Python 3.9.6 (default, Jun 30 2021, 10:22:16)
[GCC 11.1.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import email.utils
>>> email.utils.parsedate('foo')
>>> email.utils.parsedate(' ')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/email/_parseaddr.py", line 176, in parsedate
t = parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 50, in parsedate_tz
res = _parsedate_tz(data)
File "/usr/lib/python3.9/email/_parseaddr.py", line 72, in _parsedate_tz
if data[0].endswith(',') or data[0].lower() in _daynames:
IndexError: list index out of range
The fix is rather straight-forward: guard against empty lists, after
splitting on whitespace, but before accessing the first element.
(cherry picked from commit 989f6a3800)
Co-authored-by: wouter bolsterlee <wouter@bolsterl.ee>
Broadened scope of the document to explicitly discuss and differentiate between ``__main__.py`` in packages versus the ``__name__ == '__main__'`` expression (and the idioms that surround it), as well as ``import __main__``.
Co-authored-by: Géry Ogam <gery.ogam@gmail.com>
Co-authored-by: Éric Araujo <merwok@netwok.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit 7cba23164c)
Co-authored-by: Jack DeVries <58614260+jdevries3133@users.noreply.github.com>
- reorganized from two sections (tkinter vs. tcl/tk) into three (tkinter, tcl/tk, and books)
- main (recommended) tkinter docs have one tutorial (tkdocs) and one reference (shipman), added better descriptions
- dropped link to Tkinter page on wiki (suggestion by E. Paine; outdated, most material already linked to from python.org)
- replaced Tcl/Tk recent man pages and core dev home with single link to main Tcl/Tk page (which holds both of these)
- updated Modern Tkinter link to book page on TkDocs site (was Amazon link to old version), dropped description
- replaced Grayson book by Moore book (newer, covers ttk)
- changed Ousterhout ref to second edition, covers ttk
- dropped link to Welch book (old).
(cherry picked from commit d1049d1d6b)
Co-authored-by: Mark Roseman <mark@markroseman.com>
- move description of internal modules (_tkinter and tkinter.constants) from section intro to list of additional modules at end of section, as not most important info
- added missing ttk and tix here
- emphasized up front that most apps will need tkinter and ttk
(cherry picked from commit d5dbe8bca7)
Co-authored-by: Mark Roseman <mark@markroseman.com>
Method stopTestRun() is now always called in pair with method startTestRun()
for TestResult objects implicitly created in TestCase.run().
Previously it was not called for test methods and classes decorated with
a skipping decorator.
(cherry picked from commit a9640d7553)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
The code of the test was never executed because the test function
was unintentionally converted to a generator function.
(cherry picked from commit 585390fdd8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Because setting non-empty _name affects behavior of other code.
In most cases __name__ can be derived from __origin__.__name__.
(cherry picked from commit 4ceec49559)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
The signature of field() had an extraneous colon at the end, causing it
to appear all bold and without the module name.
(cherry picked from commit d26dbba929)
Co-authored-by: Jean-Abou-Samra <37271310+Jean-Abou-Samra@users.noreply.github.com>
Co-authored-by: Jean-Abou-Samra <37271310+Jean-Abou-Samra@users.noreply.github.com>
Additional improvements:
- messages which were compiled regular expressions aren't unpacked back into
strings for unmatched warnings;
- removed unnecessary "if tokens:" check (there's one before the for loop);
- took `endswith` calculation out of the for loop.
(cherry picked from commit 8cf07d3db3)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Enable posix_spawn() on Solaris
(cherry picked from commit b1930bf75f)
Co-authored-by: Jakub Kulík <Kulikjak@gmail.com>
Automerge-Triggered-By: GH:gpshead
