gh-131876: extract `_hashlib` helpers into a separate directory (#136995)
The `Modules/hashlib.h` helper file is now removed and split into multiple files:
* `Modules/_hashlib/hashlib_buffer.[ch]` -- Utilities for getting a buffer view and handling buffer inputs.
* `Modules/_hashlib/hashlib_fetch.h` -- Utilities used when fetching a message digest from a digest-like identifier.
Currently, this file only contains common error messages as the fetching API is not yet implemented.
* `Modules/_hashlib/hashlib_mutex.h` -- Utilities for managing the lock on cryptographic hash objects.
gh-132898: Add a note in `multiprocessing.Process` docs about creating a process in a REPL (GH-137118)
* Reword, expand, and clarify the limitation, highlighting the REPL case.
* Mention in the high level Process description.
* added a pointer to the GH issue from the doc note
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Barney Gale [Sun, 27 Jul 2025 11:47:15 +0000 (12:47 +0100)]
GH-128520: pathlib ABCs: tweak protocol for virtual path strings (#134104)
Adjust `pathlib._os.vfspath()` so that it doesn't try `os.fsdecode()`. I
don't know that supporting `os.PathLike` arguments is a good idea, so
it's best to leave it out for now.
gh-136992: Add "None" as valid `SameSite` value as per RFC 6265bis (#137040)
The "SameSite" attribute defined in RFC 6265bis [1] allows the "Strict", "Lax" and "None"
enforcement modes. We already documented "Strict" and "Lax" as being valid values
but "None" was missing from the list. While the RFC has not been formally approved,
modern browsers support the "None" value [2, 3] thereby making sense to document it.
gh-136912: fix handling of `OverflowError` in `hmac.digest` (#136917)
The OpenSSL and HACL* implementations of HMAC single-shot
digest computation reject keys whose length exceeds `INT_MAX`
and `UINT32_MAX` respectively. The OpenSSL implementation
also rejects messages whose length exceed `INT_MAX`.
Using such keys in `hmac.digest` previously raised an `OverflowError`
which was propagated to the caller. This commit mitigates this case by
making `hmac.digest` fall back to HMAC's pure Python implementation
which accepts arbitrary large keys or messages.
This change only affects the top-level entrypoint `hmac.digest`, leaving
`_hashopenssl.hmac_digest` and `_hmac.compute_digest` untouched.
gh-136929: ensure that `hashlib.<name>` does not raise `AttributeError` (#136933)
Previously, if OpenSSL was not present and built-in cryptographic extension modules
were disabled, requesting `hashlib.<name>` raised `AttributeError` and an ERROR log
message with the exception traceback is emitted when importing `hashlib`.
Now, the named constructor function will always be available but raises a `ValueError`
at runtime indicating that the algorithm is not supported. The log message has also
been reworded to be less verbose.
gh-136914: Fix support of cached functions and properties in DocTest's lineno computation (GH-136930)
Previously, DocTest's lineno of functions and methods decorated with
functools.cache(), functools.lru_cache() and functools.cached_property()
was not properly returned (None was returned) because the
computation relied on inspect.isfunction() which does not consider the
decorated result as a function.
We now use the more generic inspect.isroutine(), as elsewhere
in doctest's logic.
Also, added a special case for functools.cached_property().
Zachary Ware [Thu, 24 Jul 2025 20:50:01 +0000 (15:50 -0500)]
Exclude _testclinic_depr.c.h from c-analyzer (GH-137086)
_testclinic.c mocks out PY_VERSION_HEX to 3.8 before including
_testclinic_depr.c.h to avoid the errors the preprocessor would
otherwise throw due to the deprecation feature it is testing.
gh-136870: fix data races in instrumentation of bytecode (#136994)
De-instrumenting code objects modifies the thread local bytecode for all threads as such, holding the critical section on the code object is not sufficient and leads to data races. Now, the de-instrumentation is now performed under a stop the world pause as such no thread races with executing the thread local bytecode while it is being de-instrumented.
gh-124621: Emscripten: Support pyrepl in browser (GH-136931)
Basic support for pyrepl in Emscripten. Limitations:
* requires JSPI
* no signal handling implemented
As followup work, it would be nice to implement a webworker variant
for when JSPI is not available and proper signal handling.
Because it requires JSPI, it doesn't work in Safari. Firefox requires
setting an experimental flag. All the Chromiums have full support since
May. Until we make it work without JSPI, let's keep the original web_example
around.
Dave Peck [Tue, 22 Jul 2025 09:44:13 +0000 (02:44 -0700)]
gh-132661: Document t-strings and `templatelib` (#135229)
Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Loïc Simon <loic.pano@gmail.com> Co-authored-by: pauleveritt <pauleveritt@me.com>
Malcolm Smith [Tue, 22 Jul 2025 06:51:16 +0000 (07:51 +0100)]
gh-131531: Android test fixes (#136845)
Modifies the test runner script to no longer export the the HOST environment
variable, and to allow for tests that produce no Python output (output from the
Android console is still expected and required). These changes stem from
knowledge gained during developing a PR for Android support in cibuildwheel.
gh-135228: When @dataclass(slots=True) replaces a dataclass, make the original class collectible (#136893)
An interesting hack, but more localized in scope than #135230.
This may be a breaking change if people intentionally keep the original class around
when using `@dataclass(slots=True)`, and then use `__dict__` or `__weakref__` on the
original class.
The macros are identical to the corresponding `Py_BEGIN_CRITICAL_SECTION` and
`Py_BEGIN_CRITICAL_SECTION2` macros (e.g., they include braces), but they
accept a `PyMutex` instead of an object.
The new macros are still paired with the existing END macros
(`Py_END_CRITICAL_SECTION`, `Py_END_CRITICAL_SECTION2`).
gh-136870: fix data race in `PyThreadState_Clear` on `sys_tracing_threads` (#136951)
In free-threading, multiple threads can be cleared concurrently as such the modifications on `sys_tracing_threads` should be done while holding the profile lock, otherwise it can race with other threads setting up profiling.
Peter Bierma [Mon, 21 Jul 2025 17:47:26 +0000 (12:47 -0500)]
gh-136421: Load `_datetime` static types during interpreter initialization (GH-136583)
`_datetime` is a special module, because it's the only non-builtin C extension that contains static types. As such, it would initialize static types in the module's execution function, which can run concurrently. Since static type initialization is not thread-safe, this caused crashes. This fixes it by moving the initialization of `_datetime`'s static types to interpreter startup (where all other static types are initialized), which is already properly protected through other locks.
gh-116738: Make syslog module thread-safe (#136760)
Make the setlogmask() function in the syslog module thread-safe. These changes are relevant for scenarios where the GIL is disabled or when using subinterpreters.
gh-136438: Make sure `test_generated_cases` pass with all optimization levels (#136594)
Fix the `test_generated_cases` to work with `-O` or `-OO` flags.
Previously, `test_generated_cases` was catching an `AssertionError` while `Tools/cases_generator/optimizer_generator.py` used an `assert` statement. This approach semantically incorrect, no one should trying to catch an `AssertionError`!
Now the `assert` statement has been replaced with an explicit `raise ValueError(...)` and the corresponding `self.assertRaisesRegex(AssertionError, ...)` has been updated to catch a `ValueError` instead.
gh-134411: assert `PyLong_FromLong(x) != NULL` when `x` is known to be small (#134415)
Since `PyLong_From Long(PY_MONITORING_DEBUGGER_ID)` falls to `small_int` case and can't return `NULL`. Added `assert`s for extra confidence.
https://github.com/python/cpython/issues/134411#issuecomment-2897653868
UUIDv8 has been added in Python 3.14.0a2 and its construction time
has been improved in Python 3.14.0a4, but since those changes will
not be visible when comparing the latest Python 3.13 and 3.14 together,
we do not document them on the What's New page to avoid confusion.
GH-130645: Default to color help in argparse (#136809)
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> Co-authored-by: Adam Turner <9087854+aa-turner@users.noreply.github.com>
gh-134531: prefer using `_hashlib` module state instead of module object (#136865)
Some internal helper functions taking the module object to retrieve its state
under some conditions now directly take the module's state instead as those
conditions hold most of the time.
gh-136547: fix `hashlib_helper` for blocking and requesting digests (#136762)
- Fix `hashlib_helper.block_algorithm` where the dummy functions were incorrectly defined.
- Rename `hashlib_helper.HashAPI` to `hashlib_helper.HashInfo` and add more helper methods.
- Simplify `hashlib_helper.requires_*()` functions.
- Rewrite some private helpers in `hashlib_helper`.
- Remove `find_{builtin,openssl}_hashdigest_constructor()` as they are no more needed and were
not meant to be public in the first place.
- Fix some tests in `test_hashlib` when FIPS mode is on.
gh-124621: Emscripten: Add support for async input devices (GH-136822)
This is useful for implementing proper `input()`. It requires the
JavaScript engine to support the wasm JSPI spec which is now stage 4.
It is supported on Chrome since version 137 and on Firefox and node
behind a flag.
We override the `__wasi_fd_read()` syscall with our own variant that
checks for a readAsync operation. If it has it, we use our own async
variant of `fd_read()`, otherwise we use the original `fd_read()`.
We also add a variant of `FS.createDevice()` called
`FS.createAsyncInputDevice()`.
Finally, if JSPI is available, we wrap the `main()` symbol with
`WebAssembly.promising()` so that we can stack switch from `fd_read()`.
If JSPI is not available, attempting to read from an AsyncInputDevice
will raise an `OSError`.
projects / thirdparty / Python / cpython.git / log
