Merge branch 'main' into disable-sockepair-auth-on-wasi

brettcannon · web-flow · commit c1cb47252f0f · 2026-04-13T13:09:23.000-07:00
diff --git a/Doc/library/argparse.rst b/Doc/library/argparse.rst
@@ -1970,7 +1970,7 @@ FileType objects
       run and then use the :keyword:`with`-statement to manage the files.
 
    .. versionchanged:: 3.4
-      Added the *encodings* and *errors* parameters.
+      Added the *encoding* and *errors* parameters.
 
    .. deprecated:: 3.14
 
diff --git a/Include/internal/pycore_dict.h b/Include/internal/pycore_dict.h
@@ -292,7 +292,7 @@ _PyDict_NotifyEvent(PyDict_WatchEvent event,
                     PyObject *value)
 {
     assert(Py_REFCNT((PyObject*)mp) > 0);
-    int watcher_bits = FT_ATOMIC_LOAD_UINT64_RELAXED(mp->_ma_watcher_tag) & DICT_WATCHER_MASK;
+    int watcher_bits = FT_ATOMIC_LOAD_UINT64_ACQUIRE(mp->_ma_watcher_tag) & DICT_WATCHER_MASK;
     if (watcher_bits) {
         RARE_EVENT_STAT_INC(watched_dict_modification);
         _PyDict_SendEvent(watcher_bits, event, mp, key, value);
diff --git a/Include/internal/pycore_pyatomic_ft_wrappers.h b/Include/internal/pycore_pyatomic_ft_wrappers.h
@@ -49,6 +49,8 @@ extern "C" {
     _Py_atomic_load_uint16_relaxed(&value)
 #define FT_ATOMIC_LOAD_UINT32_RELAXED(value) \
     _Py_atomic_load_uint32_relaxed(&value)
+#define FT_ATOMIC_LOAD_UINT64_ACQUIRE(value) \
+    _Py_atomic_load_uint64_acquire(&value)
 #define FT_ATOMIC_LOAD_UINT64_RELAXED(value) \
     _Py_atomic_load_uint64_relaxed(&value)
 #define FT_ATOMIC_LOAD_ULONG_RELAXED(value) \
@@ -154,6 +156,7 @@ extern "C" {
 #define FT_ATOMIC_LOAD_UINT8_RELAXED(value) value
 #define FT_ATOMIC_LOAD_UINT16_RELAXED(value) value
 #define FT_ATOMIC_LOAD_UINT32_RELAXED(value) value
+#define FT_ATOMIC_LOAD_UINT64_ACQUIRE(value) value
 #define FT_ATOMIC_LOAD_UINT64_RELAXED(value) value
 #define FT_ATOMIC_LOAD_ULONG_RELAXED(value) value
 #define FT_ATOMIC_STORE_PTR_RELAXED(value, new_value) value = new_value
diff --git a/Lib/statistics.py b/Lib/statistics.py
@@ -145,6 +145,7 @@
 from collections import Counter, namedtuple, defaultdict
 
 _SQRT2 = sqrt(2.0)
+_SQRT2PI = sqrt(tau)
 _random = random
 
 ## Exceptions ##############################################################
@@ -1257,11 +1258,11 @@ def samples(self, n, *, seed=None):
 
     def pdf(self, x):
         "Probability density function.  P(x <= X < x+dx) / dx"
-        variance = self._sigma * self._sigma
-        if not variance:
+        sigma = self._sigma
+        if not sigma:
             raise StatisticsError('pdf() not defined when sigma is zero')
-        diff = x - self._mu
-        return exp(diff * diff / (-2.0 * variance)) / sqrt(tau * variance)
+        z = (x - self._mu) / sigma
+        return exp(-0.5 * z * z) / (_SQRT2PI * sigma)
 
     def cdf(self, x):
         "Cumulative distribution function.  P(X <= x)"
diff --git a/Lib/test/test_capi/test_opt.py b/Lib/test/test_capi/test_opt.py
@@ -2845,6 +2845,35 @@ def testfunc(n):
         uops = get_opnames(ex)
         self.assertNotIn("_CHECK_IS_NOT_PY_CALLABLE", uops)
 
+    def test_check_is_not_py_callable_ex(self):
+        def testfunc(n):
+            total = 0
+            xs = (1, 2, 3)
+            args = (xs,)
+            for _ in range(n):
+                total += len(*args)
+            return total
+
+        res, ex = self._run_with_optimizer(testfunc, TIER2_THRESHOLD)
+        self.assertEqual(res, 3 * TIER2_THRESHOLD)
+        self.assertIsNotNone(ex)
+        uops = get_opnames(ex)
+        self.assertNotIn("_CHECK_IS_NOT_PY_CALLABLE_EX", uops)
+
+    def test_check_is_not_py_callable_kw(self):
+        def testfunc(n):
+            total = 0
+            xs = (3, 1, 2)
+            for _ in range(n):
+                total += sorted(xs, reverse=False)[0]
+            return total
+
+        res, ex = self._run_with_optimizer(testfunc, TIER2_THRESHOLD)
+        self.assertEqual(res, TIER2_THRESHOLD)
+        self.assertIsNotNone(ex)
+        uops = get_opnames(ex)
+        self.assertNotIn("_CHECK_IS_NOT_PY_CALLABLE_KW", uops)
+
     def test_call_len_string(self):
         def testfunc(n):
             for _ in range(n):
diff --git a/Lib/test/test_webbrowser.py b/Lib/test/test_webbrowser.py
@@ -119,6 +119,15 @@ def test_open_bad_new_parameter(self):
                        arguments=[URL],
                        kw=dict(new=999))
 
+    def test_reject_action_dash_prefixes(self):
+        browser = self.browser_class(name=CMD_NAME)
+        with self.assertRaises(ValueError):
+            browser.open('%action--incognito')
+        # new=1: action is "--new-window", so "%action" itself expands to
+        # a dash-prefixed flag even with no dash in the original URL.
+        with self.assertRaises(ValueError):
+            browser.open('%action', new=1)
+
 
 class EdgeCommandTest(CommandTestMixin, unittest.TestCase):
 
diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py
@@ -274,7 +274,6 @@ def _invoke(self, args, remote, autoraise, url=None):
 
     def open(self, url, new=0, autoraise=True):
         sys.audit("webbrowser.open", url)
-        self._check_url(url)
         if new == 0:
             action = self.remote_action
         elif new == 1:
@@ -288,7 +287,9 @@ def open(self, url, new=0, autoraise=True):
             raise Error("Bad 'new' parameter to open(); "
                         f"expected 0, 1, or 2, got {new}")
 
-        args = [arg.replace("%s", url).replace("%action", action)
+        self._check_url(url.replace("%action", action))
+
+        args = [arg.replace("%action", action).replace("%s", url)
                 for arg in self.remote_args]
         args = [arg for arg in args if arg]
         success = self._invoke(args, True, autoraise, url)
diff --git a/Misc/NEWS.d/next/Security/2026-03-31-09-15-51.gh-issue-148169.EZJzz2.rst b/Misc/NEWS.d/next/Security/2026-03-31-09-15-51.gh-issue-148169.EZJzz2.rst
@@ -0,0 +1,2 @@
+A bypass in :mod:`webbrowser` allowed URLs prefixed with ``%action`` to pass
+the dash-prefix safety check.
diff --git a/Python/optimizer_bytecodes.c b/Python/optimizer_bytecodes.c
@@ -1320,6 +1320,20 @@ dummy_func(void) {
         }
     }
 
+    op(_CHECK_IS_NOT_PY_CALLABLE_EX, (func_st, unused, unused, unused -- func_st, unused, unused, unused)) {
+        PyTypeObject *type = sym_get_type(func_st);
+        if (type && type != &PyFunction_Type) {
+            ADD_OP(_NOP, 0, 0);
+        }
+    }
+
+    op(_CHECK_IS_NOT_PY_CALLABLE_KW, (callable, unused, unused[oparg], unused -- callable, unused, unused[oparg], unused)) {
+        PyTypeObject *type = sym_get_type(callable);
+        if (type && type != &PyFunction_Type && type != &PyMethod_Type) {
+            ADD_OP(_NOP, 0, 0);
+        }
+    }
+
     op(_PUSH_FRAME, (new_frame -- )) {
         SYNC_SP();
         if (!CURRENT_FRAME_IS_INIT_SHIM()) {
diff --git a/Python/optimizer_cases.c.h b/Python/optimizer_cases.c.h

Original file line number	Diff line number	Diff line change
`@@ -292,7 +292,7 @@ _PyDict_NotifyEvent(PyDict_WatchEvent event,`
`292`	`292`	`PyObject *value)`
`293`	`293`	`{`
`294`	`294`	`assert(Py_REFCNT((PyObject*)mp) > 0);`
`295`		`- int watcher_bits = FT_ATOMIC_LOAD_UINT64_RELAXED(mp->_ma_watcher_tag) & DICT_WATCHER_MASK;`
	`295`	`+ int watcher_bits = FT_ATOMIC_LOAD_UINT64_ACQUIRE(mp->_ma_watcher_tag) & DICT_WATCHER_MASK;`
`296`	`296`	`if (watcher_bits) {`
`297`	`297`	`RARE_EVENT_STAT_INC(watched_dict_modification);`
`298`	`298`	`_PyDict_SendEvent(watcher_bits, event, mp, key, value);`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+A bypass in :mod:`webbrowser` allowed URLs prefixed with ``%action`` to pass
	`2`	`+the dash-prefix safety check.`