is not supported for certificate signing requests (since the issuing
certificate authority is not known).
David von Oheimb, the OpenSSL dev that made the change, commented in:
https://github.com/openssl/openssl/issues/22966#issuecomment-1858396738 :
> This problem did not show up in older OpenSSL versions because of a bug:
> the `req` app ignored the `-extensions` option unless `-x505` is given,
> which I fixed in https://github.com/openssl/openssl/pull/16865.
(I assume `-x505` is a typo for `-x509`.)
In our `make_cert_key` function:
If `sign` is true:
- We don't pass `-x509` to `req`, so in this case it should be safe to
omit the `-extensions` argument. (Old OpenSSL ignores it, new OpenSSL
fails on it.)
- The extensions are passed to the `ca` call later in the function.
There they take effect, and `authorityKeyIdentifier` is valid.
If `sign` is false, this commit has no effect except rearranging the
CLI arguments.
Andrés Delfino [Sun, 6 Oct 2024 22:22:19 +0000 (19:22 -0300)]
Doc: Simplify the definition of 'soft deprecated' (#124988)
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com> Co-authored-by: Carol Willing <carolcode@willingconsulting.com>
morotti [Fri, 4 Oct 2024 23:51:22 +0000 (00:51 +0100)]
gh-117151: increase default buffer size of shutil.copyfileobj() to 256k. (GH-119783)
* gh-117151: increase default buffer size of shutil.copyfileobj() to 256k.
it was set to 16k in the 1990s.
it was raised to 64k in 2019. the discussion at the time mentioned another 5% improvement by raising to 128k and settled for a very conservative setting.
it's 2024 now, I think it should be revisited to match modern hardware. I am measuring 0-15% performance improvement when raising to 256k on various types of disk. there is no downside as far as I can tell.
this function is only intended for sequential copy of full files (or file like objects). it's the typical use case that benefits from larger operations.
for reference, I came across this function while trying to profile pip that is using it to copy files when installing python packages.
efimov-mikhail [Thu, 3 Oct 2024 12:58:56 +0000 (15:58 +0300)]
gh-124889: Remove redundant artificial rules in PEG parser (#124893)
Cache in C PEG-generator reworked:
we save artificial rules in cache by Node string representation as a key instead of Node object itself.
As a result total count of artificial rules in parsers.c is lowered from 283 to 170.
More natural number ordering is used for the names of artificial rules.
Auxiliary method CCallMakerVisitor._generate_artificial_rule_call is added.
Its purpose is abstracting work with artificial rules cache.
Explicit using of "is_repeat1" kwarg is added to visit_Repeat0 and visit_Repeat1 methods.
Its slightly improve code readabitily.
gh-87135: Hang non-main threads that attempt to acquire the GIL during finalization (GH-105805)
Instead of surprise crashes and memory corruption, we now hang threads that attempt to re-enter the Python interpreter after Python runtime finalization has started. These are typically daemon threads (our long standing mis-feature) but could also be threads spawned by extension modules that then try to call into Python. This marks the `PyThread_exit_thread` public C API as deprecated as there is no plausible safe way to accomplish that on any supported platform in the face of things like C++ code with finalizers anywhere on a thread's stack. Doing this was the least bad option.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Michał Górny [Wed, 2 Oct 2024 14:31:42 +0000 (16:31 +0200)]
gh-124213: Fix incorrect context manager use in in_systemd_nspawn_sync_suppressed() (#124892)
Fix the incorrect use of `os.open()` result as a context manager,
while it is actually a numeric file descriptor.
I have missed the problem, because in the original version the
`os.open()` call would always fail, and I failed to test the final
version in all possible scenarios properly.
Peter Bierma [Wed, 2 Oct 2024 14:31:23 +0000 (10:31 -0400)]
gh-120378: Fix crash caused by integer overflow in `curses` (#124555)
This is actually an upstream problem in curses, and has been reported
to them already:
https://lists.gnu.org/archive/html/bug-ncurses/2024-09/msg00101.html
This is a nice workaround in the meantime to prevent the segfault.
Mark Byrne [Wed, 2 Oct 2024 09:58:39 +0000 (11:58 +0200)]
gh-122864: Fix a ``test_funcattrs.test___builtins__`` when executing directly (#124845)
Previously when executing ``test_functattrs.test___builtins__`` directly, it failed because the fact, that ``__builtins__`` is refers to the built-in module ``builtins`` while it's expects a ``__builtins__.__dict__``. But when this test is being run from another module, then ``__builtins__`` is refers to ``builtins.__dict__``. Now this part of the behaviour is covered.
---------
Co-authored-by: Victor Stinner <vstinner@python.org>
Currently, we only use per-thread reference counting for heap type objects and
the naming reflects that. We will extend it to a few additional types in an
upcoming change to avoid scaling bottlenecks when creating nested functions.
Rename some of the files and functions in preparation for this change.
Victorien [Tue, 1 Oct 2024 13:51:51 +0000 (15:51 +0200)]
gh-118974: Add `decorator` argument to `make_dataclass` (gh-122723)
This is to allow the `dataclasses.make_dataclass` infrastructure to be used with another decorator that's compliant with `typing.dataclass_transform`. The new `decorator` argument to `dataclasses.make_dataclass` is `dataclasses.dataclass`, which used to be hard coded.
gh-116810: fix memory leak in ssl module (GH-123249)
Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Antoine Pitrou <antoine@python.org>
functools: Give up on lazy-importing types (#124736)
PR #121089 added an eager import for types.MethodType, but
still left the existing hacks for lazily importing from types.
We could also create MethodType internally in functools.py (e.g.,
by using `type(Placeholder.__repr__)`, but it feels not worth it at
this point, so instead I unlazified all the usages of types in the
module.
gh-53834: Fix support of arguments with choices in argparse (GH-124495)
Positional arguments with nargs equal to '?' or '*' no longer check
default against choices.
Optional arguments with nargs equal to '?' no longer check const
against choices.
projects / thirdparty / Python / cpython.git / log
