… to gh issues (GH-96728)

Co-authored-by: roy reznik <royreznik@gmail.com>
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>

* Correctly pre-check for int-to-str conversion

Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)

The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.

The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```

In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$

From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>

…H-94834)

(cherry picked from commit 07374cc)

Co-authored-by: Dong-hee Na <donghee.na@python.org>

…94347) (GH-95313)

Three test cases were failing on FreeBSD with latest OpenSSL.
(cherry picked from commit 1bc86c2)

Co-authored-by: Christian Heimes <christian@python.org>

…H-94571)

Co-authored-by: Carter Dodd <carter.dodd@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c8556bc)

…ic links (GH-94416) (GH-94495)

(cherry picked from commit 80aaeab)

Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>

…H-31885) (GH-94124)

Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
(cherry picked from commit d36954b)

Co-authored-by: Illia Volochii <illia.volochii@gmail.com>

…3879) (GH-94094)

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b)

Co-authored-by: Gregory P. Smith <greg@krypto.org>

…3547)

(cherry picked from commit 56b5daf)

Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>

(cherry picked from commit 2985fea)

Co-authored-by: Christian Heimes <christian@python.org>

…GH-93066) (#93148)

Also while there, clarify a few things about why we reduce the hash to 32 bits.

Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>

(cherry picked from commit c1f5c90)

…ters (#92333)

(cherry picked from commit c908dc5)

Co-authored-by: Sergey Fedoseev <fedoseev.sergey@gmail.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>

GH-32241) (GH-32250)

(cherry picked from commit 6066739)

Co-authored-by: Zachary Ware <zach@python.org>

GH-92605)

(cherry picked from commit 45e1721)

Co-authored-by: Dong-hee Na <donghee.na@python.org>

* Update Sphinx bpo role to use redirect URI. (GH-32342)

* [3.8] Update Sphinx bpo role to use redirect URI. (GH-32342).
(cherry picked from commit 08cfe07)

Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>

(cherry picked from commit 17dbb6b)

Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>

Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>

…1936)

* gh-91888: Add a :gh: role to the documentation (GH-91889).

* [3.8] gh-91888: add a `:gh:` role to the documentation (GH-91889)

* Add a new :gh:`...` role for GitHub issues.

* Fix a GitHub id to use the :gh: role.

* Add Misc/NEWS entry.

* Refactoring and rephrasing.

Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>.
(cherry picked from commit f7641a2)

Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>

* Fix use of the default role in NEWS entry

…other platforms (GH-32161) (#32183)

Co-authored-by: Ned Deily <nad@python.org>

…3.0.3 (GH-32109)

Co-authored-by: Ned Deily <nad@python.org>

This reverts commit e5f711f.

…1460) (GH-31827)

As per the comments, this mirrors the [datetime documentation](https://docs.python.org/3/library/datetime.htmlGH-datetime.datetime.fromtimestamp).

```
>>> import time
>>> time.localtime(999999999999999999999)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OverflowError: timestamp out of range for platform time_t
>>> time.localtime(-3600)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 22] Invalid argument
```
(cherry picked from commit c83fc9c)

Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>

…fix (GH-31920) (GH-31924)

(cherry picked from commit 7088120)

Co-authored-by: Steve Dower <steve.dower@python.org>

…se OpenSSL 1.1.1n. (GH-31912)

* bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.

* Revert inadvertent sqlite downgrade

(cherry picked from commit d87f1b7)

Co-authored-by: Pradyun Gedam <pgedam@bloomberg.net>

…th recent versions of clang. (GH-28845) (GH-31889)

Change the configure logic to function properly on macOS when the compiler
outputs a platform triplet for option --print-multiarch.
The Apple Clang included with Xcode 13.3 now supports --print-multiarch
causing configure to fail without this change.

Co-authored-by: Ned Deily <nad@python.org>
(cherry picked from commit 9c47667)

Co-authored-by: David Bohman <debohman@gmail.com>

Automerge-Triggered-By: GH:ned-deily
(cherry picked from commit 9901d15)

Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>

…) (GH-31419)

The libexpat 2.4.1 upgrade from  introduced the following new exported symbols:

* `testingAccountingGetCountBytesDirect`
* `testingAccountingGetCountBytesIndirect`
* `unsignedCharToPrintable`
* `XML_SetBillionLaughsAttackProtectionActivationThreshold`
* `XML_SetBillionLaughsAttackProtectionMaximumAmplification`

We need to adjust [Modules/expat/pyexpatns.h](https://github.com/python/cpython/blob/master/Modules/expat/pyexpatns.h)

(The newer libexpat upgrade  has no new symbols).

Automerge-Triggered-By: GH:gpshead
(cherry picked from commit 6312c10)

Co-authored-by: Yilei "Dolee" Yang <yileiyang@google.com>

Automerge-Triggered-By: GH:benjaminp
(cherry picked from commit ba00f0d)

Co-authored-by: Benjamin Peterson <benjamin@python.org>

…16-3189 and CVE-2019-12900 (GH-31732) (GH-31734)

…ctly uses the install path during repair (GH-31729)

(cherry picked from commit 176835c)

Co-authored-by: Steve Dower <steve.dower@python.org>