python / cpython

Note: macOS 11 is not yet released, this release of Python is not
fully supported on 11.0, and not all tests pass.

…row() (GH-7467) (GH-21878)

(cherry picked from commit 52698c7)

Co-authored-by: Yury Selivanov <yury@magic.io>

… the GC docs (GH-21703) (GH-21788)

Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
(cherry picked from commit 82ca8fa)

Co-authored-by: Yaroslav Pankovych <31005942+P-Alban@users.noreply.github.com>

(cherry picked from commit 76643c1)

Co-authored-by: Ram Rachum <ram@rachum.com>

)

reject control chars in http method in http.client.putrequest to prevent http header injection
(cherry picked from commit 8ca8a2e)

Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>

…GH-21524)

(cherry picked from commit 164b04c)

Co-authored-by: Steve Dower <steve.dower@python.org>

…1484)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121)

Co-authored-by: Rishi <rishi_devan@mail.com>

…H-21461)

Automerge-Triggered-By: @tiran
(cherry picked from commit 4f309ab)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…() (GH-21389)

(cherry picked from commit aebc049)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>

…when Python is embedded (GH-21297) (#21298)

* bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded.

* Add CVE number

…terface (GH-21033) (GH-21231)

CVE-2020-14422
The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation
(cherry picked from commit b30ee26)

Co-authored-by: Ravi Teja P <rvteja92@gmail.com>

Signed-off-by: Tapas Kundu <tkundu@vmware.com>

(cherry picked from commit 8ea6353)

Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>

…GH-20949)

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: @tiran.
(cherry picked from commit bb6ec14)

Co-authored-by: Christian Heimes <christian@python.org>

Adds a simple check for whether or not the package is being installed in the GUI or using installer on the command line. This addresses an issue where CLI-based software management tools (such as Munki) unexpectedly open Finder windows into a GUI session during installation runs.

Change includes to fix building with Python 3.x and to
build correctly on newer macOS systems with SIP.

…H-20900)

Co-authored-by: Xavier Fernandez <xav.fernandez@gmail.com>
(cherry picked from commit e63cc2f)

Co-authored-by: Ned Deily <nad@python.org>

ensurepip optionally installs or upgrades 'pip' and 'setuptools' using
the version of those modules bundled with Python.  The internal PIP
installation routine by default temporarily uses its cache, if it
exists.  This is undesirable as Python builds and installations may be
independent of the user running the build, whilst PIP cache location
is dependent on the user's environment and outside of the build
environment.

At the same time, there's no value in using the cache while installing
bundled modules.

This change disables PIP caching when used in ensurepip.
(cherry picked from commit 4a3a682)

Co-authored-by: Krzysztof Konopko <kkonopko@users.noreply.github.com>

) (GH-20892)

In Python 3.7 the behavior of parse_multipart changed requiring CONTENT-LENGTH
header, this fix remove this header as required and fix FieldStorage
read_lines_to_outerboundary, by not using limit when it's negative,
since by default it's -1 if not content-length and keeps substracting what
was read from the file object.

Also added a test case for this problem.
(cherry picked from commit d8cf351)


Co-authored-by: roger <rogerduran@gmail.com>

Automerge-Triggered-By: @ned-deily

) (GH-20861)

(cherry picked from commit dea3223)


Co-authored-by: Zackery Spytz <zspytz@gmail.com>

Automerge-Triggered-By: @brettcannon

Co-authored-by: Srinivas Reddy Thatiparthy (శ్రీనివాస్  రెడ్డి తాటిపర్తి) <thatiparthysreenivas@gmail.com>

Remote host cyrus.andrew.cmu.edu is blocking incoming connections and is
causing test suite to fail.

Signed-off-by: Christian Heimes <christian@python.org>

…GH-19762)

require `_generate_next_value_` to be defined before members
(cherry picked from commit d9a43e2)