From 6e2c7c8aa6c6ba1411bb9fdb005093246e3119da Mon Sep 17 00:00:00 2001
From: icanhasmath <marcg@activestate.com>
Date: Wed, 26 Jun 2024 15:46:37 -0500
Subject: [PATCH 1/8] Add VCRuntime to Python 2

We need to copy the vcruntime dll as it is a dependency of python2.
---
 PCbuild/pyproject.props    | 20 ++++++++++++++++++++
 PCbuild/pythoncore.vcxproj |  8 ++++++++
 2 files changed, 28 insertions(+)

diff --git a/PCbuild/pyproject.props b/PCbuild/pyproject.props
index 08565465694b74..f22dae3e7c587a 100644
--- a/PCbuild/pyproject.props
+++ b/PCbuild/pyproject.props
@@ -157,4 +157,24 @@ foreach (System.Diagnostics.Process p in System.Diagnostics.Process.GetProcesses
     <Error Text="Unable to locate signtool.exe. Set /p:SignToolPath and rebuild" Condition="'$(_SignCommand)' == ''" />
     <Exec Command='$(_SignCommand) "$(TargetPath)" || $(_SignCommand) "$(TargetPath)" || $(_SignCommand) "$(TargetPath)"' ContinueOnError="false" />
   </Target>
+
+  <Target Name="FindVCRuntime" Returns="VCRuntimeDLL">
+    <PropertyGroup Condition="$(PlatformToolset) != 'v140'">
+      <VCRedistDir>$(VCInstallDir)\Redist\MSVC\$(VCToolsRedistVersion)\</VCRedistDir>
+      <VCRedistDir Condition="$(Platform) == 'Win32'">$(VCRedistDir)x86\</VCRedistDir>
+      <VCRedistDir Condition="$(Platform) != 'Win32'">$(VCRedistDir)$(Platform)\</VCRedistDir>
+    </PropertyGroup>
+    <PropertyGroup Condition="$(PlatformToolset) == 'v140'">
+      <VCRedistDir>$(VCInstallDir)\redist\</VCRedistDir>
+      <VCRedistDir Condition="$(Platform) == 'Win32'">$(VCRedistDir)x86\</VCRedistDir>
+      <VCRedistDir Condition="$(Platform) != 'Win32'">$(VCRedistDir)$(Platform)\</VCRedistDir>
+    </PropertyGroup>
+
+    <ItemGroup Condition="$(VCInstallDir) != ''">
+      <VCRuntimeDLL Include="$(VCRedistDir)\Microsoft.VC*.CRT\vcruntime*.dll" />
+    </ItemGroup>
+
+    <Error Text="vcruntime14*.dll not found under $(VCInstallDir)" Condition="@(VCRuntimeDLL) == ''" />
+    <Message Text="VCRuntimeDLL: @(VCRuntimeDLL)" Importance="high" />
+  </Target>
 </Project>
diff --git a/PCbuild/pythoncore.vcxproj b/PCbuild/pythoncore.vcxproj
index 55c950b59fac0a..f8f59a7c37239f 100644
--- a/PCbuild/pythoncore.vcxproj
+++ b/PCbuild/pythoncore.vcxproj
@@ -406,4 +406,12 @@
   <Target Name="_WarnAboutToolset" BeforeTargets="PrepareForBuild" Condition="$(PlatformToolset) != 'v90'">
     <Warning Text="Toolset $(PlatformToolset) is not used for official builds. Your build may have errors or incompatibilities." />
   </Target>
+  <Target Name="_CopyVCRuntime" AfterTargets="Build" Inputs="@(VCRuntimeDLL)" Outputs="$(OutDir)%(Filename)%(Extension)" DependsOnTargets="FindVCRuntime">
+    <!-- bpo-38597: When we switch to another VCRuntime DLL, include vcruntime140.dll as well -->
+    <Warning Text="A copy of vcruntime140.dll is also required" Condition="!$(VCToolsRedistVersion.StartsWith(`14.`))" />
+    <Copy SourceFiles="%(VCRuntimeDLL.FullPath)" DestinationFolder="$(OutDir)" />
+  </Target>
+  <Target Name="_CleanVCRuntime" AfterTargets="Clean">
+    <Delete Files="@(VCRuntimeDLL->'$(OutDir)%(Filename)%(Extension)')" />
+  </Target>
 </Project>

From 0d37cd614d66feef8feca5ac84232c0c5cd37e51 Mon Sep 17 00:00:00 2001
From: icanhasmath <marcg@activestate.com>
Date: Wed, 26 Jun 2024 23:03:19 -0500
Subject: [PATCH 2/8] Add News

---
 Misc/NEWS.d/2.7.18.9.rst | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Misc/NEWS.d/2.7.18.9.rst b/Misc/NEWS.d/2.7.18.9.rst
index d91eb1f189dd0b..a7c32029bb71d3 100644
--- a/Misc/NEWS.d/2.7.18.9.rst
+++ b/Misc/NEWS.d/2.7.18.9.rst
@@ -1,3 +1,24 @@
+.. bpo: none
+.. date: 2024-06-26
+.. nonce:
+.. release date: 2024-06-26
+.. section: Core and Builtins
+
+Include vcruntime140.dll in Python 2.7
+
+vcruntime140.dll is now included as it is a necessary runtime dependency of Python.
+Similar to bpo: 39930
+
+.. bpo: none
+.. date: 2024-06-26
+.. nonce:
+.. release date: 2024-06-26
+.. section: Core and Builtins
+
+WSA Errors are handled on Windows
+
+We are now handling WSAE* errors on windows. These Errors were not being handled properly since updating to newer versions of MSVC.
+
 .. bpo: 32056
 .. date: 2018-03-18
 .. nonce: 

From 76f11e17a26f8cc28f8336303b26cb503710fa7d Mon Sep 17 00:00:00 2001
From: icanhasmath <marcg@activestate.com>
Date: Thu, 27 Jun 2024 13:41:47 -0500
Subject: [PATCH 3/8] Redistribute msvcp140.dll and concrt140.dll

The wildcarding of msvcp is making the assumption that the msvcp number
will end in a zero - this seems to hold currently, but may change in the
future.
---
 PCbuild/pyproject.props | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/PCbuild/pyproject.props b/PCbuild/pyproject.props
index f22dae3e7c587a..88c59d97f310d1 100644
--- a/PCbuild/pyproject.props
+++ b/PCbuild/pyproject.props
@@ -169,12 +169,13 @@ foreach (System.Diagnostics.Process p in System.Diagnostics.Process.GetProcesses
       <VCRedistDir Condition="$(Platform) == 'Win32'">$(VCRedistDir)x86\</VCRedistDir>
       <VCRedistDir Condition="$(Platform) != 'Win32'">$(VCRedistDir)$(Platform)\</VCRedistDir>
     </PropertyGroup>
-
     <ItemGroup Condition="$(VCInstallDir) != ''">
       <VCRuntimeDLL Include="$(VCRedistDir)\Microsoft.VC*.CRT\vcruntime*.dll" />
+      <VCRuntimeDLL Include="$(VCRedistDir)\Microsoft.VC*.CRT\msvcp*0.dll" />
+      <VCRuntimeDLL Include="$(VCRedistDir)\Microsoft.VC*.CRT\msvcp*0_1.dll" />
+      <VCRuntimeDLL Include="$(VCRedistDir)\Microsoft.VC*.CRT\concrt*.dll" />
     </ItemGroup>
-
-    <Error Text="vcruntime14*.dll not found under $(VCInstallDir)" Condition="@(VCRuntimeDLL) == ''" />
+    <Error Text="vcruntime*.dll, msvcp*.dll, or concrt*.dll not found under $(VCInstallDir)" Condition="@(VCRuntimeDLL) == ''" />
     <Message Text="VCRuntimeDLL: @(VCRuntimeDLL)" Importance="high" />
   </Target>
 </Project>

From ea1d3abea1e985e191db45b2cf80d438765ed0d2 Mon Sep 17 00:00:00 2001
From: Frederick Price <rprice@pricemail.ca>
Date: Mon, 24 Jun 2024 18:52:13 -0400
Subject: [PATCH 4/8] CVE-2024-0397 Fix locking in cert_store_stats and
 get_ca_certs

Backported from : [3.8] gh-114572: Fix locking in cert_store_stats and get_ca_certs #118442
---
 ...4-06-27-13-09-0.gh-issue-114572.t1QMQD.rst |  4 +
 Modules/_ssl.c                                | 93 ++++++++++++++++++-
 2 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2024-06-27-13-09-0.gh-issue-114572.t1QMQD.rst

diff --git a/Misc/NEWS.d/next/Security/2024-06-27-13-09-0.gh-issue-114572.t1QMQD.rst b/Misc/NEWS.d/next/Security/2024-06-27-13-09-0.gh-issue-114572.t1QMQD.rst
new file mode 100644
index 00000000000000..b4f9fe64db0615
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-06-27-13-09-0.gh-issue-114572.t1QMQD.rst
@@ -0,0 +1,4 @@
+:meth:`ssl.SSLContext.cert_store_stats` and
+:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
+certificate store, when the :class:`ssl.SSLContext` is shared across
+multiple threads.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 6df9f47792e4df..e28f02d128d94a 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -106,6 +106,10 @@ struct py_ssl_library_code {
 #  define PY_OPENSSL_1_1_API 1
 #endif
 
+#if (OPENSSL_VERSION_NUMBER >= 0x30300000L) && !defined(LIBRESSL_VERSION_NUMBER)
+#  define OPENSSL_VERSION_3_3 1
+#endif
+
 /* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
 #  define PY_OPENSSL_1_1_API 1
@@ -161,6 +165,16 @@ struct py_ssl_library_code {
 #define HAVE_OPENSSL_CRYPTO_LOCK
 #endif
 
+/* OpenSSL 1.1+ allows locking X509_STORE, 1.0.2 doesn't. */
+#ifdef OPENSSL_VERSION_1_1
+#define HAVE_OPENSSL_X509_STORE_LOCK
+#endif
+
+/* OpenSSL 3.3 added the X509_STORE_get1_objects API */
+#ifdef OPENSSL_VERSION_3_3
+#define HAVE_OPENSSL_X509_STORE_GET1_OBJECTS 1
+#endif
+
 #if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
 #define OPENSSL_NO_SSL2
 #endif
@@ -3504,7 +3518,15 @@ cert_store_stats(PySSLContext *self)
     int x509 = 0, crl = 0, ca = 0, i;
 
     store = SSL_CTX_get_cert_store(self->ctx);
-    objs = X509_STORE_get0_objects(store);
+    #if HAVE_OPENSSL_X509_STORE_GET1_OBJECTS
+        objs = X509_STORE_get1_objects(store);
+        if (objs == NULL) {
+            PyErr_SetString(PyExc_MemoryError, "failed to query cert store");
+            return NULL;
+        }
+    #else
+        objs = X509_STORE_get0_objects(store);
+    #endif
     for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
         obj = sk_X509_OBJECT_value(objs, i);
         switch (X509_OBJECT_get_type(obj)) {
@@ -3521,9 +3543,15 @@ cert_store_stats(PySSLContext *self)
                 /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY.
                  * As far as I can tell they are internal states and never
                  * stored in a cert store */
+                /* Ignore enrecognized types */
                 break;
         }
     }
+
+#if HAVE_OPENSSL_X509_STORE_GET1_OBJECTS
+    sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
+#endif
+
     return Py_BuildValue("{sisisi}", "x509", x509, "crl", crl,
         "x509_ca", ca);
 }
@@ -3558,9 +3586,16 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
     if ((rlist = PyList_New(0)) == NULL) {
         return NULL;
     }
-
     store = SSL_CTX_get_cert_store(self->ctx);
+#if HAVE_OPENSSL_X509_STORE_GET1_OBJECTS
+    objs = X509_STORE_get1_objects(store);
+    if (objs == NULL) {
+        PyErr_SetString(PyExc_MemoryError, "failed to query cert store");
+        return NULL;
+    }
+#else
     objs = X509_STORE_get0_objects(store);
+#endif
     for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
         X509_OBJECT *obj;
         X509 *cert;
@@ -3588,9 +3623,15 @@ get_ca_certs(PySSLContext *self, PyObject *args, PyObject *kwds)
         }
         Py_CLEAR(ci);
     }
+    #if HAVE_OPENSSL_X509_STORE_GET1_OBJECTS
+        sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
+    #endif
     return rlist;
 
   error:
+#if HAVE_OPENSSL_X509_STORE_GET1_OBJECTS
+    sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
+#endif
     Py_XDECREF(ci);
     Py_XDECREF(rlist);
     return NULL;
@@ -4642,3 +4683,51 @@ init_ssl(void)
         return;
 }
 
+/* Shim of X509_STORE_get1_objects API from OpenSSL 3.3
+ * Only available with the X509_STORE_lock() API */
+#if defined(HAVE_OPENSSL_X509_STORE_LOCK) && !defined(OPENSSL_VERSION_3_3)
+#define HAVE_OPENSSL_X509_STORE_GET1_OBJECTS 1
+
+static X509_OBJECT *x509_object_dup(const X509_OBJECT *obj)
+{
+    int ok;
+    X509_OBJECT *ret = X509_OBJECT_new();
+    if (ret == NULL) {
+        return NULL;
+    }
+    switch (X509_OBJECT_get_type(obj)) {
+        case X509_LU_X509:
+            ok = X509_OBJECT_set1_X509(ret, X509_OBJECT_get0_X509(obj));
+            break;
+        case X509_LU_CRL:
+            /* X509_OBJECT_get0_X509_CRL was not const-correct prior to 3.0.*/
+            ok = X509_OBJECT_set1_X509_CRL(
+                ret, X509_OBJECT_get0_X509_CRL((X509_OBJECT *)obj));
+            break;
+        default:
+            /* We cannot duplicate unrecognized types in a polyfill, but it is
+             * safe to leave an empty object. The caller will ignore it. */
+            ok = 1;
+            break;
+    }
+    if (!ok) {
+        X509_OBJECT_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static STACK_OF(X509_OBJECT) *
+X509_STORE_get1_objects(X509_STORE *store)
+{
+    STACK_OF(X509_OBJECT) *ret;
+    if (!X509_STORE_lock(store)) {
+        return NULL;
+    }
+    ret = sk_X509_OBJECT_deep_copy(X509_STORE_get0_objects(store),
+                                   x509_object_dup, X509_OBJECT_free);
+    X509_STORE_unlock(store);
+    return ret;
+}
+#endif
+

From f4641dffd632266c4752fda347135bd8e0aed96f Mon Sep 17 00:00:00 2001
From: Frederick Price <rprice@pricemail.ca>
Date: Wed, 26 Jun 2024 01:20:51 -0400
Subject: [PATCH 5/8] Fix import error caused by importing WSAE* error codes on
 Unix


From d3c6461bf80260177f30479af97df52b60efa2d3 Mon Sep 17 00:00:00 2001
From: icanhasmath <marcg@activestate.com>
Date: Thu, 8 Aug 2024 18:03:57 -0500
Subject: [PATCH 6/8] Add VCRUNTIME dlls to the main python folder

---
 PC/layout/support/python.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/PC/layout/support/python.props b/PC/layout/support/python.props
index 4a4ed47c08564c..75007b60056987 100644
--- a/PC/layout/support/python.props
+++ b/PC/layout/support/python.props
@@ -30,6 +30,7 @@
   <Target Name="$$PYTHON_TARGET$$" Returns="@(PythonRuntime)">
     <ItemGroup>
       <_PythonRuntimeExe Include="$(PythonHome)\python*.dll" />
+      <_PythonRuntimeExe Include="$(PythonHome)\vcruntime*.dll" />
       <_PythonRuntimeExe Include="$(PythonHome)\python*.exe" Condition="$(IncludePythonExe) == 'true'" />
       <_PythonRuntimeExe>
         <Link>%(Filename)%(Extension)</Link>

From 3efa80d546e46a4b3e340309090fd3660297aadb Mon Sep 17 00:00:00 2001
From: icanhasmath <marcg@activestate.com>
Date: Thu, 8 Aug 2024 23:43:06 -0500
Subject: [PATCH 7/8] bpo-36778: cp65001 encoding becomes an alias to utf_8
 (GH-13230)

---
 Doc/library/codecs.rst   | 2 ++
 Lib/encodings/aliases.py | 1 +
 2 files changed, 3 insertions(+)

diff --git a/Doc/library/codecs.rst b/Doc/library/codecs.rst
index 4fd0951e304a74..e1ec268066892b 100644
--- a/Doc/library/codecs.rst
+++ b/Doc/library/codecs.rst
@@ -1006,6 +1006,8 @@ particular, the following variants typically exist:
 +-----------------+--------------------------------+--------------------------------+
 | cp1258          | windows-1258                   | Vietnamese                     |
 +-----------------+--------------------------------+--------------------------------+
+| cp65001         |                                | Alias to ``utf_8`` encoding    |
++-----------------+--------------------------------+--------------------------------+
 | euc_jp          | eucjp, ujis, u-jis             | Japanese                       |
 +-----------------+--------------------------------+--------------------------------+
 | euc_jis_2004    | jisx0213, eucjis2004           | Japanese                       |
diff --git a/Lib/encodings/aliases.py b/Lib/encodings/aliases.py
index a54cf774b7b1dd..c752683fcea256 100644
--- a/Lib/encodings/aliases.py
+++ b/Lib/encodings/aliases.py
@@ -516,6 +516,7 @@
     'utf8'               : 'utf_8',
     'utf8_ucs2'          : 'utf_8',
     'utf8_ucs4'          : 'utf_8',
+    'cp65001'            : 'utf_8',
 
     # uu_codec codec
     'uu'                 : 'uu_codec',

From 813c5d115982fd407decc8eb6a660c196c719b26 Mon Sep 17 00:00:00 2001
From: icanhasmath <marcg@activestate.com>
Date: Thu, 8 Aug 2024 23:45:14 -0500
Subject: [PATCH 8/8] Release 2.7.18.10

Update News and patch level.
---
 Include/patchlevel.h      |  2 +-
 Misc/NEWS.d/2.7.18.10.rst | 43 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 Misc/NEWS.d/2.7.18.10.rst

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index d250bb8e4dcdb5..9a0c45e13d9bd0 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -27,7 +27,7 @@
 #define PY_RELEASE_SERIAL	0
 
 /* Version as a string */
-#define PY_VERSION      	"2.7.18.9"
+#define PY_VERSION      	"2.7.18.10"
 /*--end constants--*/
 
 /* Subversion Revision number of this file (not of the repository). Empty
diff --git a/Misc/NEWS.d/2.7.18.10.rst b/Misc/NEWS.d/2.7.18.10.rst
new file mode 100644
index 00000000000000..7281381f4585a2
--- /dev/null
+++ b/Misc/NEWS.d/2.7.18.10.rst
@@ -0,0 +1,43 @@
+.. bpo: none
+.. date: 2024-08-08
+.. nonce:
+.. release date: 2024-08-08
+.. section: Core and Builtins
+
+Relocate vcruntime140.dll to Python executable folder.
+
+vcruntime140.dll has been moved to the same directory as Python.exe.
+
+.. bpo: none
+.. date: 2024-08-08
+.. nonce:
+.. release date: 2024-06-26
+.. section: Core and Builtins
+
+WSA Errors are handled on Unix 
+
+We now convert WSAE* errors to unix equvalents if they are not supported.
+
+.. bpo: 36778
+.. date: 2019-05-10
+.. nonce: 
+.. release date: 2024-06-06
+.. section: Core and Builtins
+
+Handle Windows code page 65001
+
+``cp65001`` encoding (Windows code page 65001) becomes an alias to ``utf_8``
+encoding.
+
+.. gh: 114315
+.. date: 2024-06-27
+.. nonce: 
+.. release date: 2024-08-08
+.. section: Core and Builtins
+
+CVE-2024-0397 Fix locking in cert_store_stats and get_ca_certs
+
+:meth:`ssl.SSLContext.cert_store_stats` and
+:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
+certificate store, when the :class:`ssl.SSLContext` is shared across
+multiple threads.