(cherry picked from commit 9308dea3)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>

The result of host() was not empty when the network is constructed by a tuple containing an
integer mask and only 1 bit left for addresses.
(cherry picked from commit 10b134a0)
Co-authored-by: Xiang Zhang <angwerzx@126.com>

Original patch by Jon Foster and Berker Peksag.
(cherry picked from commit 5609b783)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>

(cherry picked from commit 4be79f29)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>

fstat may block for long time if the file descriptor is on a
non-responsive NFS server, hanging all threads. Most fstat() calls are
handled by _Py_fstat(), releasing the GIL internally, but but
_Py_fstat_noraise() does not release the GIL, and most calls release the
GIL explicitly around it.

This patch fixes last 2 calls to _Py_fstat_no_raise(), avoiding hangs
when calling:
- mmap.mmap()
- os.urandom()
- random.seed()
(cherry picked from commit 4484f9dc)
Co-authored-by: Nir Soffer <nirsof@gmail.com>

(cherry picked from commit 3fe33043)

(cherry picked from commit bc300ce2)

(cherry picked from commit 7f81bb2a)
Co-authored-by: Donald Stufft <donald@stufft.io>

Multi-phase initialized modules allow m_traverse to be called while the
module is still being initialized, so module authors may need to account
for that.
(cherry picked from commit c2b0b12d)
Co-authored-by: Marcel Plch <gmarcel.plch@gmail.com>

Creating backup files with ~ suffix can be undesirable in some environment,
such as when building RPM packages. Instead of requiring the user to remove
those files manually, option -n was added, that simply disables this feature.

-n was selected because 2to3 has the same option with this behavior.
(cherry picked from commit 5affd5c2)
Co-authored-by: Miro Hrončok <miro@hroncok.cz>

Fix backport a79591cf of bpo-30622 to 3.6 branch.
Signed-off-by: Christian Heimes <christian@python.org>

Backport the new 10.9+ installer variant from 3.7.  This variant features
more modern options; like 64-bit only (Apple is deprecating 32-bit support
in future macOS releases); a built-in version of Tcl/Tk 8.6.8; built with
clang rather than gcc-4.2.  For 3.6.5, the 10.9+ variant will be offered
as an additional alternative to the traditional 10.6+ variant in earlier
3.6.x releases.  Binary extension modules (including wheels) built for
earlier versions of 3.6.x with the 10.6 variant should continue to work
with either 3.6.5 variant without recompilation.

In addition, both installer variants have updated 3rd-party libraries:
OpenSSL 1.0.2m -> 1.0.2n
XZ 5.2.2 -> 5.2.3
SQLite 3.21.0 -> 3.22.0

Also the 10.6 variant now sets CC=gcc instead of CC=gcc-4.2 and does not
search for the outdated 10.6 SDK.  The variant is built with the same
compiler as before.  As before, for extension module builds, the CC can
be overridden with the CC env variable and an SDK can be specified
with the SDKROOT env variable (see man xcrun).  These minor changes
should be transparent to nearly all users.

(cherry picked from commit 74f56878)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>

(cherry picked from commit e32bbaf3)
Co-authored-by: xdegaye <xdegaye@gmail.com>

New tests also added.

I also made the comments in line with the builtin Grammar/Grammar. PEP 306 was
withdrawn, Kees Blom's railroad program has been lost to the sands of time for
at least 16 years now (I found a python-dev post from people looking for it).
(cherry picked from commit b51f5de7)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>

In some conditions the standard streams will be None or closed in the child process (for example if using "pythonw" instead of "python" on Windows).  Avoid failing with a non-0 exit code in those conditions.

Report and initial patch by poxthegreat..
(cherry picked from commit e756f66c)

[3.6] bpo-33026: Fix jumping out of "with" block by setting f_lineno. (GH-6026). (GH-6074) (GH-6075)

(cherry picked from commit 26c9f565)
(cherry picked from commit 04aadf23)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

(cherry picked from commit 9cf8c42f)
Co-authored-by: Matt Eaton <agnosticdev@gmail.com>

and remove redundant code.
(cherry picked from commit 67ee0779)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 9e94c0d3)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

* Skip write()/data_received() if sslpipe is destroyed.
(cherry picked from commit 5e80a71a)

(cherry picked from commit 496431ff)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

`int` fails back to `__trunc__` is `__int__` isn't defined, so cover
that in the docs.
(cherry picked from commit 308eab97)
Co-authored-by: Eric Appelt <eric.appelt@gmail.com>

(cherry picked from commit f7a6ff6f)
Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>

bpo-32758: Warn that ast.parse() and ast.literal_eval() can segfault the interpreter (GH-5960) (GH-6042)

(cherry picked from commit 7a7f100e)
Co-authored-by: Brett Cannon <brettcannon@users.noreply.github.com>

Replace example result of "5 through 9" with complete list: "5, 6, 7, 8, 9".
This format is more consistent with the surrounding examples.
(cherry picked from commit 83d7062d)
Co-authored-by: Steven M. Vascellaro <S.Vascellaro@gmail.com>

test_asyncio hangs indefinitely on macOS 10.13.2+ on `read_pty_output()`
using the KqueueSelector. Closing `proto.transport` (as is done in
`write_pty_output()`) seems to fix it.

(cherry picked from commit 9ba3aa4d)
Co-authored-by: Erik Bray <erik.m.bray@gmail.com>

* fix a typo: documention -> documentation
* fix the type of IPv?Network.hostmask
* add documentation about IPv?Network.netmask
* fix IPv6Network constructor doc that extended netmasks are not supported
(cherry picked from commit e405096e)
Co-authored-by: Xiang Zhang <angwerzx@126.com>

(cherry picked from commit bc3f2289)
Co-authored-by: Xiang Zhang <angwerzx@126.com>

(cherry picked from commit 8a387219)
Co-authored-by: Yury Selivanov <yury@magic.io>

Like Python, IDLE optionally runs one startup file in the Shell window
before presenting the first interactive input prompt.  For IDLE,
option -s runs a file named in environmental variable IDLESTARTUP or
PYTHONSTARTUP; -r file runs file.  Python sets __file__ to the startup
file name before running the file and unsets it before the first
prompt.  IDLE now does the same when run normally, without the -n
option.
(cherry picked from commit 22c82be5)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>

(cherry picked from commit 74382a3f)
Co-authored-by: Cheryl Sabella <cheryl.sabella@gmail.com>

* Prevent low-grade poplib REDOS (CVE-2018-1060)

The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.

Replace it with a similar non-vulnerable regex.

The new regex is RFC compliant.
The old regex was non-compliant in edge cases.

* Prevent difflib REDOS (CVE-2018-1061)

The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.

Replace it with an equivalent non-vulnerable regex.

Also introduce unit and REDOS tests for difflib.
Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>.
(cherry picked from commit 0e6c8ee2)

(cherry picked from commit 13cfd57d)
Co-authored-by: Joongi Kim <me@daybreaker.info>

(cherry picked from commit b21d155f)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>