| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
(cherry picked from commit 61b9ff35cbda0cc59816951a17de073968fc25c6)
Co-authored-by: Julien Palard <julien@palard.fr>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
|
|
|
|
|
|
|
|
| |
(#102698)
gh-102354: change python3 to python in docs examples (GH-102696)
(cherry picked from commit 80abd62647b2a36947a11a6a8e395061be6f0c61)
Co-authored-by: Paul Watson <paul.hermeneutic@gmail.com>
|
|
|
|
|
|
| |
The example was showing the current version, but should be pinned to 3.7 to match the example command.
(cherry picked from commit 666c0840dcac9941fa41ec619fef8d45cd849a0b)
Co-authored-by: socal-nerdtastic <37753609+socal-nerdtastic@users.noreply.github.com>
|
|
|
| |
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
|
|
|
|
|
|
| |
(GH-98466)
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Co-authored-by: Phil Elson <pelson.pub@gmail.com>
|
|
|
|
|
|
|
|
| |
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>.
(cherry picked from commit fa2d43e5184f5eaf3391844ec2400342a1b2ead4)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
|
|
|
|
|
|
|
|
| |
Remove extra spaces in custom openSSL documentation. (GH-93568)
(cherry picked from commit 4875433682ffec2694647ac43f1b21f5ad73fd25)
Co-authored-by: Xiao Chen <chenxiao_7@163.com>
Co-authored-by: Xiao Chen <chenxiao_7@163.com>
|
|
|
|
|
|
|
| |
(GH-97756)
(cherry picked from commit a120b9f25d037a1c794df731f8cc6a2898a9165e)
Co-authored-by: Ben Faulhaber <111227622+faulhaberben@users.noreply.github.com>
|
|
|
|
|
|
|
| |
Use HTTPS for documents which are available by both HTTP and HTTPS
links, but there is no redirection from HTTP to HTTPS or vice versa.
(cherry picked from commit dd53b79de0ea98af6a11481217a961daef4e9774)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.
This PR comes fresh from a pile of work done in our private PSRT security response team repo.
This backports https://github.com/python/cpython/pull/96499 aka 511ca9452033ef95bc7d7fc404b8161068226002
Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
|
|
|
|
|
|
| |
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit d25ff1f61387edd65a91b3930b12bcf4d734e8a1)
Co-authored-by: Howie Zhao <howiezhaohr@hotmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTTPS (GH-95527) (GH-95644)
If an HTTP link is redirected to a same looking HTTPS link, the latter can
be used directly without changes in readability and behavior.
It protects from a men-in-the-middle attack.
This change does not affect Python examples..
(cherry picked from commit f79547a429d5c90af83a0da821e082cba20d4712)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
|
|
|
|
|
| |
(GH-95548) (#95550)
(cherry picked from commit d2c1a9c76c001b18c14e50779b0ee41ea4ccf0b3)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
|
|
|
|
|
|
| |
detail (GH-95030)
(cherry picked from commit b1924b10069fb797845284552fb9da931b1ffdb9)
Co-authored-by: Anthony Shaw <anthony.p.shaw@gmail.com>
|
|
|
|
|
|
|
|
| |
modifiers (GH-94551) (GH-94558)
Discussion: https://discuss.python.org/t/slight-grammar-fix-throughout-adverbs-dont-need-hyphen/17021
(cherry picked from commit 3440d197a55800ecceea3e115e44b4262411359c)
Co-authored-by: Ned Batchelder <ned@nedbatchelder.com>
|
|
|
|
|
|
| |
(cherry picked from commit f62ff97f31a775cc7956adeae32c14e7c85bdc15)
Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
|
|
|
|
|
| |
(cherry picked from commit 61f24e7885bed096b5d7f75aff13c1001994b35a)
Co-authored-by: Matthias Köppe <mkoeppe@math.ucdavis.edu>
|
|
|
|
|
|
|
|
|
|
| |
& features (GH-92529) (GH-92609)
(cherry picked from commit f1bbcba74f77eff2a4c0881f3d529f3bf0664d40)
Co-authored-by: CAM Gerlach <CAM.Gerlach@Gerlach.CAM>
Automerge-Triggered-By: GH:serhiy-storchaka
|
|
|
|
|
|
| |
See: https://mail.python.org/archives/list/docs@python.org/thread/KDVFGNGGUGGPVRZT7WZYHHWXCRS2GEN7/
(cherry picked from commit b77a95f44a024d1afab28e380252aa6d9c4efb1c)
Co-authored-by: Julien Palard <julien@palard.fr>
|
|
|
|
|
|
|
| |
(GH-29383)
(cherry picked from commit 1ecfe3d5ae4ddec4e73a6cfc93fed6df43fe0be5)
Co-authored-by: Christian Clauss <cclauss@me.com>
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 9a0d941df4c3e1efb8b3017cd2c2de17e582fd5c)
Co-authored-by: slateny <46876382+slateny@users.noreply.github.com>
Automerge-Triggered-By: GH:iritkatriel
|
|
|
|
| |
Co-authored-by: ImgBotApp <ImgBotHelp@gmail.com>
(cherry picked from commit ba650af7d660084e08859dd1ee1917cccee24e88)
|
| |
|
|
|
|
|
|
|
| |
(GH-28616)
(cherry picked from commit bc4cde40339dd372960f27401d8fdaa4dab0f469)
Co-authored-by: zhanpon <pon.zhan@gmail.com>
|
|
|
|
|
| |
(cherry picked from commit 4f05f15d7b25ef8b690cb94fdc4c8cb5521a4e27)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Replace old names when they refer to actual versions of macOS.
Keep historical names in references to older versions.
Co-authored-by: Patrick Reader <_@pxeger.com>
(cherry picked from commit 36122e18148c5b6c78ebce1d36d514fd7cf250f5)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
|
|
|
|
|
|
| |
The threading debug (PYTHONTHREADDEBUG environment variable) is
deprecated in Python 3.10 and will be removed in Python 3.12. This
feature requires a debug build of Python.
(cherry picked from commit 4d77691172aae81bdcbb0ea75839d0e896c43781)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
|
|
|
|
| |
(cherry picked from commit 63f17c252ab1b9357c5f022296213c42d9629458)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ssl module now has more secure default settings. Ciphers without forward
secrecy or SHA-1 MAC are disabled by default. Security level 2 prohibits
weak RSA, DH, and ECC keys with less than 112 bits of security.
:class:`~ssl.SSLContext` defaults to minimum protocol version TLS 1.2.
Settings are based on Hynek Schlawack's research.
```
$ openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021
$ openssl ciphers -v '@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM'
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
```
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
| |
* Add also references to --with-trace-refs option.
* Move _ob_next and _ob_prev at the end, since they don't exist by
default and are related to debug.
|
|
|
| |
Enhance also the documentation of debug hooks on memory allocators.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
|
|
|
|
|
| |
The -W format is "action:message:category:module:lineno".
Update also the Python manual page.
|
| |
|
|
|
|
| |
* Elaborate PGO and LTO documentaton.
* Document MAINCC, PURIFY and LINKCC variables.
|
| |
|
|
|
|
|
|
| |
Add Doc/using/configure.rst documentation to document configure,
preprocessor, compiler and linker options.
Add a new section about the "Python debug build".
|
|
|
|
|
|
|
|
|
|
|
| |
See [PEP 597](https://www.python.org/dev/peps/pep-0597/).
* Add `-X warn_default_encoding` and `PYTHONWARNDEFAULTENCODING`.
* Add EncodingWarning
* Add io.text_encoding()
* open(), TextIOWrapper() emits EncodingWarning when encoding is omitted and warn_default_encoding is enabled.
* _pyio.TextIOWrapper() uses UTF-8 as fallback default encoding used when failed to import locale module. (used during building Python)
* bz2, configparser, gzip, lzma, pathlib, tempfile modules use io.text_encoding().
* What's new entry
|
| |
|
|
|
|
|
|
|
|
| |
This lease on this domain has lapsed. This not only makes these dead links, but a potential attack vector for readers of python.org as the domain can be obtained by an untrustworthy party.
I considered redirecting these links to http://mingw-w64.org/ which is a maintained fork of mingw, but beyond my unfamiliarity with the exact level of compatibility, at the time of this PR that site had an expired cert and so is not much of a vulnerability fix.
Automerge-Triggered-By: GH:Mariatta
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enhance the documentation of the Python startup, filesystem encoding
and error handling, locale encoding. Add a new "Python UTF-8 Mode"
section.
* Add "locale encoding" and "filesystem encoding and error handler"
to the glossary
* Remove documentation from Include/cpython/initconfig.h: move it to
Doc/c-api/init_config.rst.
* Doc/c-api/init_config.rst:
* Document command line options and environment variables
* Document default values.
* Add a new "Python UTF-8 Mode" section in Doc/library/os.rst.
* Add warnings to Py_DecodeLocale() and Py_EncodeLocale() docs.
* Document how Python selects the filesystem encoding and error
handler at a single place: PyConfig.filesystem_encoding and
PyConfig.filesystem_errors.
* PyConfig: move orig_argv member at the right place.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes incorrect Python version added for `venv` `--upgrade-deps` in #13100. This feature was added in Python 3.9 not 3.8.
Relates to:
-
- https://github.com/python/cpython/commit/1cba1c9abadf76f458ecf883a48515aa3b534dbd
Automerge-Triggered-By: @vsajip
|
| |
|
| |
|
|
|
| |
This commit removes the old parser, the deprecated parser module, the old parser compatibility flags and environment variables and all associated support code and documentation.
|