Victor Stinner [Wed, 6 Aug 2025 12:35:27 +0000 (14:35 +0200)]
gh-58124: Avoid CP_UTF8 in UnicodeDecodeError (#137415)
Fix name of the Python encoding in Unicode errors of the code page
codec: use "cp65000" and "cp65001" instead of "CP_UTF7" and "CP_UTF8"
which are not valid Python code names.
gh-137134: Update SQLite to 3.50.4 for binary releases (GH-137135)
* Update SQLite to 3.50.3 for binary releases.
* macOS and Windows news entries. what about Android?
* update sbom hash
* newline fix via regen-sbom
* news wording
* Update SQLite to 3.50.4 for binary releases.
* update 3.50.4.0.tar.gz hash in sbom & regen-sbom to fix whitespace
* Postpone to a separate PR the build-installer changes to support additional hash types
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Ned Deily <nad@python.org>
Zachary Ware [Tue, 5 Aug 2025 19:44:27 +0000 (14:44 -0500)]
Fix buildbot release status link in CONTRIBUTING.rst (GH-137429)
The existing link works, but includes the legacy `/all` part of the path
which causes a scary-looking banner about a misconfiguration on the
`Home` page when in reality it's the link that includes a deprecated path.
Bénédikt Tran [Tue, 5 Aug 2025 07:50:34 +0000 (09:50 +0200)]
gh-136306: fix `test_ssl.ContextTests.test_set_groups` on FIPS builds (#137405)
X25519 is not a valid curve if OpenSSL is built with FIPS mode,
and ignoring unknown groups in `SSL_CTX_set1_groups_list()`
is only supported since OpenSSL 3.3, so we use two curves that
are known to be FIPS-compliant, namely P-256 and P-384.
gh-131146: Fix month names in a "standalone form" in calendar module (GH-131147)
The calendar module displays month names in some locales using the genitive case.
This is grammatically incorrect, as the nominative case should be used when the month
is named by itself. To address this issue, this change introduces new lists
`standalone_month_name` and `standalone_month_abbr` that contain month names in
the nominative case -- or more generally, in the form that should be used to
name the month itself, rather than form a date.
The module now uses the `%OB` format specifier to get month names in this form
where available.
gh-124503: Optimize ast.literal_eval() for small input (GH-137010)
The implementation does not create anymore local functions which reduces
the overhead for small inputs. Some other calls are inlined into a
single `_convert_literal` function.
We have a gain of 10-20% for small inputs and only 1-2% for bigger
inputs.
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Ron Frederick [Mon, 28 Jul 2025 17:33:31 +0000 (10:33 -0700)]
gh-136306: Add support for getting and setting SSL groups (#136307)
Add support for getting and setting groups used for key agreement.
* `ssl.SSLSocket.group()` returns the name of the group used
for the key agreement of the current session establishment.
This feature requires Python to be built with OpenSSL 3.2 or later.
* `ssl.SSLContext.get_groups()` returns the list of names of groups
that are compatible with the TLS version of the current context.
This feature requires Python to be built with OpenSSL 3.5 or later.
* `ssl.SSLContext.set_groups()` sets the groups allowed for key agreement
for sockets created with this context. This feature is always supported.
gh-131876: extract `_hashlib` helpers into a separate directory (#136995)
The `Modules/hashlib.h` helper file is now removed and split into multiple files:
* `Modules/_hashlib/hashlib_buffer.[ch]` -- Utilities for getting a buffer view and handling buffer inputs.
* `Modules/_hashlib/hashlib_fetch.h` -- Utilities used when fetching a message digest from a digest-like identifier.
Currently, this file only contains common error messages as the fetching API is not yet implemented.
* `Modules/_hashlib/hashlib_mutex.h` -- Utilities for managing the lock on cryptographic hash objects.
gh-132898: Add a note in `multiprocessing.Process` docs about creating a process in a REPL (GH-137118)
* Reword, expand, and clarify the limitation, highlighting the REPL case.
* Mention in the high level Process description.
* added a pointer to the GH issue from the doc note
---------
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Barney Gale [Sun, 27 Jul 2025 11:47:15 +0000 (12:47 +0100)]
GH-128520: pathlib ABCs: tweak protocol for virtual path strings (#134104)
Adjust `pathlib._os.vfspath()` so that it doesn't try `os.fsdecode()`. I
don't know that supporting `os.PathLike` arguments is a good idea, so
it's best to leave it out for now.
gh-136992: Add "None" as valid `SameSite` value as per RFC 6265bis (#137040)
The "SameSite" attribute defined in RFC 6265bis [1] allows the "Strict", "Lax" and "None"
enforcement modes. We already documented "Strict" and "Lax" as being valid values
but "None" was missing from the list. While the RFC has not been formally approved,
modern browsers support the "None" value [2, 3] thereby making sense to document it.
gh-136912: fix handling of `OverflowError` in `hmac.digest` (#136917)
The OpenSSL and HACL* implementations of HMAC single-shot
digest computation reject keys whose length exceeds `INT_MAX`
and `UINT32_MAX` respectively. The OpenSSL implementation
also rejects messages whose length exceed `INT_MAX`.
Using such keys in `hmac.digest` previously raised an `OverflowError`
which was propagated to the caller. This commit mitigates this case by
making `hmac.digest` fall back to HMAC's pure Python implementation
which accepts arbitrary large keys or messages.
This change only affects the top-level entrypoint `hmac.digest`, leaving
`_hashopenssl.hmac_digest` and `_hmac.compute_digest` untouched.
gh-136929: ensure that `hashlib.<name>` does not raise `AttributeError` (#136933)
Previously, if OpenSSL was not present and built-in cryptographic extension modules
were disabled, requesting `hashlib.<name>` raised `AttributeError` and an ERROR log
message with the exception traceback is emitted when importing `hashlib`.
Now, the named constructor function will always be available but raises a `ValueError`
at runtime indicating that the algorithm is not supported. The log message has also
been reworded to be less verbose.
gh-136914: Fix support of cached functions and properties in DocTest's lineno computation (GH-136930)
Previously, DocTest's lineno of functions and methods decorated with
functools.cache(), functools.lru_cache() and functools.cached_property()
was not properly returned (None was returned) because the
computation relied on inspect.isfunction() which does not consider the
decorated result as a function.
We now use the more generic inspect.isroutine(), as elsewhere
in doctest's logic.
Also, added a special case for functools.cached_property().
Zachary Ware [Thu, 24 Jul 2025 20:50:01 +0000 (15:50 -0500)]
Exclude _testclinic_depr.c.h from c-analyzer (GH-137086)
_testclinic.c mocks out PY_VERSION_HEX to 3.8 before including
_testclinic_depr.c.h to avoid the errors the preprocessor would
otherwise throw due to the deprecation feature it is testing.
gh-136870: fix data races in instrumentation of bytecode (#136994)
De-instrumenting code objects modifies the thread local bytecode for all threads as such, holding the critical section on the code object is not sufficient and leads to data races. Now, the de-instrumentation is now performed under a stop the world pause as such no thread races with executing the thread local bytecode while it is being de-instrumented.
projects / thirdparty / Python / cpython.git / log
