Name already in use

… (#99230)

There was an unnecessary quadratic loop in idna decoding. This restores
the behavior to linear.

(cherry picked from commit d315722)
(cherry picked from commit a6f6c3a)

Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>

…H-98501) (#98504)

Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.

This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
#18866 while fixing
#84031.

Explicit use of an abstract socket by a user now generates a
RuntimeWarning.  If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f6106)

Co-authored-by: Gregory P. Smith <greg@krypto.org>

This is a port of the applicable part of XKCP's fix [1] for
CVE-2022-37454 and avoids the segmentation fault and the infinite
loop in the test cases published in [2].

[1]: XKCP/XKCP@fdc6fef
[2]: https://mouha.be/sha-3-buffer-overflow/

Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit 0e4e058)

Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>

Update libexpat from 2.4.9 to 2.5.0 to address CVE-2022-43680.

Co-authored-by: Shaun Walbridge <shaun.walbridge@gmail.com>
(cherry picked from commit 3e07f82)

… regression test. (GH-96717) (#98196)

gh-96710: Make the test timing more lenient for the int/str DoS regression test. (GH-96717)

A regression would still absolutely fail and even a flaky pass isn't
harmful as it'd fail most of the time across our N system test runs.

Windows has a low resolution timer and CI systems are prone to odd
timing so this just gives more leeway to avoid flakiness.
(cherry picked from commit 11e3548)

Co-authored-by: Gregory P. Smith <greg@krypto.org>

…arams (GH-91993) (#98190)

gh-68966: Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
(cherry picked from commit b9509ba)

Co-authored-by: Petr Viktorin <encukou@gmail.com>

…-96699) (#98054)

Revert params note in urllib.parse.urlparse table
(cherry picked from commit eed8045)

Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>

…#98037)

Otherwise, buildbot builds would fail since there's no TLS 1.0/1.1 support.

…3 SDK (GH-97944) (#97968)

The macOS 13 SDK includes support for the `mkfifoat` and `mknodat` system calls.
 Using the `dir_fd` option with either `os.mkfifo` or `os.mknod` could result in a
 segfault if cpython is built with the macOS 13 SDK but run on an earlier
 version of macOS. Prevent this by adding runtime support for detection of
 these system calls ("weaklinking") as is done for other newer syscalls on
 macOS.
(cherry picked from commit 6d0a019)

Co-authored-by: Ned Deily <nad@python.org>

…H-97574)

gh-96848: Fix -X int_max_str_digits option parsing (GH-96988)

Fix command line parsing: reject "-X int_max_str_digits" option with
no value (invalid) when the PYTHONINTMAXSTRDIGITS environment
variable is set to a valid limit.
(cherry picked from commit 4135166)

Co-authored-by: Victor Stinner <vstinner@python.org>

)

gh-96577: Fixes buffer overrun in _msi module (GH-96633)
(cherry picked from commit 4114bcc)

Co-authored-by: Steve Dower <steve.dower@python.org>

…#96874) (#96877)

When ValueError is raised if an integer is larger than the limit,
mention sys.set_int_max_str_digits() in the error message.

(cherry picked from commit e841ffc)

Co-authored-by: Ned Deily <nad@python.org>

)

gh-97005: Update libexpat from 2.4.7 to 2.4.9 (gh-97006)

Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
(cherry picked from commit 10e3d39)

Co-authored-by: Dong-hee Na <donghee.na@python.org>
Co-authored-by: Ned Deily <nad@python.org>

…H-97627)

gh-97616: list_resize() checks for integer overflow (GH-97617)

Fix multiplying a list by an integer (list *= int): detect the
integer overflow when the new allocated length is close to the
maximum size.  Issue reported by Jordan Limor.

list_resize() now checks for integer overflow before multiplying the
new allocated length by the list item size (sizeof(PyObject*)).
(cherry picked from commit a5f092f)

Co-authored-by: Victor Stinner <vstinner@python.org>

…97613) (GH-97632)

gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613)

Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no longer uses a
shell to run "openssl" commands. Issue reported and initial fix by
Caleb Shortt.

Remove the Windows code path to send "quit" on stdin to the "openssl
s_client" command: use DEVNULL on all platforms instead.

Co-authored-by: Caleb Shortt <caleb@rgauge.com>
(cherry picked from commit 83a0f44)

Co-authored-by: Victor Stinner <vstinner@python.org>

) (GH-97688)

This documents the behavior that has always been the case since timeout
support was introduced in Python 3.3.
(cherry picked from commit b05dd79)

Co-authored-by: Gregory P. Smith <greg@krypto.org>

…H-97761)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>

* Correctly pre-check for int-to-str conversion (#96537)

Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)

The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.

The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```

In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$

From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>

…5614)

Co-authored-by: roy reznik <royreznik@gmail.com>
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>.
(cherry picked from commit df81d28)

…H-95282) (GH-95323)

(cherry picked from commit 5654030)

Co-authored-by: Christian Heimes <christian@python.org>

…h-94835)

(cherry picked from commit 07374cc)

Co-authored-by: Dong-hee Na <donghee.na@python.org>

…94347) (GH-95312)

Three test cases were failing on FreeBSD with latest OpenSSL.
(cherry picked from commit 1bc86c2)

Co-authored-by: Christian Heimes <christian@python.org>

)

When binding a unix socket to an empty address on Linux, the socket is
automatically bound to an available address in the abstract namespace.

    >>> s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    >>> s.bind("")
    >>> s.getsockname()
    b'\x0075499'

Since python 3.9, the socket is bound to the one address:

    >>> s.getsockname()
    b'\x00'

And trying to bind multiple sockets will fail with:

    Traceback (most recent call last):
      File "/home/nsoffer/src/cpython/Lib/test/test_socket.py", line 5553, in testAutobind
        s2.bind("")
    OSError: [Errno 98] Address already in use

Added 2 tests:
- Auto binding empty address on Linux
- Failing to bind an empty address on other platforms

Fixes f6b3a07 (bpo-44493: Add missing terminated NUL in sockaddr_un's length (GH-26866)
(cherry picked from commit c22f134)

Co-authored-by: Nir Soffer <nsoffer@redhat.com>

…H-94570)

Co-authored-by: Carter Dodd <carter.dodd@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c8556bc)

…ks (GH-94416) (GH-94494)

(cherry picked from commit 80aaeab)

Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>

…H-31885) (GH-94123)

Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
(cherry picked from commit d36954b)

Co-authored-by: Illia Volochii <illia.volochii@gmail.com>

…3879) (GH-94093)

Fix an open redirection vulnerability in the `http.server` module when
an URI path starts with `//` that could produce a 301 Location header
with a misleading target.  Vulnerability discovered, and logic fix
proposed, by Hamza Avvan (@hamzaavvan).

Test and comments authored by Gregory P. Smith [Google].
(cherry picked from commit 4abab6b)

Co-authored-by: Gregory P. Smith <greg@krypto.org>

…g='unicode' (GH-93426) (GH-93791)

Suppress writing an XML declaration in open files in ElementTree.write()
with encoding='unicode' and xml_declaration=None.

If file patch is passed to ElementTree.write() with encoding='unicode',
always open a new file in UTF-8.
(cherry picked from commit d7db9dc)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…3546)

(cherry picked from commit 56b5daf)

Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>

…3066) (#93147)

Also while there, clarify a few things about why we reduce the hash to 32 bits.

Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>

(cherry picked from commit c1f5c90)