summaryrefslogtreecommitdiffstats
path: root/configure
Commit message (Collapse)AuthorAgeFilesLines
* bpo-43568: Drop support for MACOSX_DEPLOYMENT_TARGET < 10.3 (GH-25827)Ned Deily2021-05-031-13/+1
| | | | | | | | | | Only complain if the config target is >= 10.3 and the current target is < 10.3. The check was originally added to ensure that incompatible LDSHARED flags are not used, because -undefined dynamic_lookup is used when building for 10.3 and later, and is not supported on older OS versions. Apart from that, there should be no problem in general with using an older target. Authored-by: Joshua Root <jmr@macports.org>
* bpo-44009: Provide "python3.x-intel64" for Apple Silicon Macs (GH-25804)Ned Deily2021-05-021-5/+10
| | | | | | This allows reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs if needed for testing or when universal2 wheels are not yet available.
* bpo-43998: Default to TLS 1.2 and increase cipher suite security (GH-25778)Christian Heimes2021-05-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ssl module now has more secure default settings. Ciphers without forward secrecy or SHA-1 MAC are disabled by default. Security level 2 prohibits weak RSA, DH, and ECC keys with less than 112 bits of security. :class:`~ssl.SSLContext` defaults to minimum protocol version TLS 1.2. Settings are based on Hynek Schlawack's research. ``` $ openssl version OpenSSL 1.1.1k FIPS 25 Mar 2021 $ openssl ciphers -v '@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM' TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ``` Signed-off-by: Christian Heimes <christian@python.org>
* bpo-43667: Fix broken Unicode encoding in non-UTF locales on Solaris (GH-25096)Jakub Kulík2021-04-301-0/+16
|
* bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)Christian Heimes2021-04-171-7371/+5026
| | | | | | | | | | | | | | | | | | | | | | | | - Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check - Update hashopenssl to require OpenSSL 1.1.1 - multissltests only OpenSSL > 1.1.0 - ALPN is always supported - SNI is always supported - Remove deprecated NPN code. Python wrappers are no-op. - ECDH is always supported - Remove OPENSSL_VERSION_1_1 macro - Remove locking callbacks - Drop PY_OPENSSL_1_1_API macro - Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro - SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now - security level is always available now - get_num_tickets is available with TLS 1.3 - X509_V_ERR MISMATCH is always available now - Always set SSL_MODE_RELEASE_BUFFERS - X509_V_FLAG_TRUSTED_FIRST is always available - get_ciphers is always supported - SSL_CTX_set_keylog_callback is always available - Update Modules/Setup with static link example - Mention PEP in whatsnew - Drop 1.0.2 and 1.1.0 from GHA tests
* Python 3.10.0a7v3.10.0a7Pablo Galindo2021-04-051-5035/+7326
|
* bpo-43179: Generalise alignment for optimised string routines (GH-24624)Jessica Clarke2021-03-311-1/+71
| | | | | | | | | | | | | | | | | | | | | | | | | * Remove m68k-specific hack from ascii_decode On m68k, alignments of primitives is more relaxed, with 4-byte and 8-byte types only requiring 2-byte alignment, thus using sizeof(size_t) does not work. Instead, use the portable alternative. Note that this is a minimal fix that only relaxes the assertion and the condition for when to use the optimised version remains overly strict. Such issues will be fixed tree-wide in the next commit. NB: In C11 we could use _Alignof(size_t) instead, but for compatibility we use autoconf. * Optimise string routines for architectures with non-natural alignment C only requires that sizeof(x) is a multiple of alignof(x), not that the two are equal. Thus anywhere where we optimise based on alignment we should be using alignof(x) not sizeof(x). This is more annoying than it would be in C11 where we could just use _Alignof(x) (and alignof(x) in C++11), but since we still require only C99 we must plumb the information all the way from autoconf through the various typedefs and defines.
* bpo-43617: Check autoconf-archive package in configure.ac (GH-25016)Christian Heimes2021-03-271-3/+3
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-43244: Remove ast.h, asdl.h, Python-ast.h headers (GH-24933)Victor Stinner2021-03-231-1/+1
| | | | | | | | | | | | | | | | These functions were undocumented and excluded from the limited C API. Most names defined by these header files were not prefixed by "Py" and so could create names conflicts. For example, Python-ast.h defined a "Yield" macro which was conflict with the "Yield" name used by the Windows <winbase.h> header. Use the Python ast module instead. * Move Include/asdl.h to Include/internal/pycore_asdl.h. * Move Include/Python-ast.h to Include/internal/pycore_ast.h. * Remove ast.h header file. * pycore_symtable.h no longer includes Python-ast.h.
* bpo-43466: Add --with-openssl-rpath configure option (GH-24820)Christian Heimes2021-03-191-7288/+5030
|
* Remove unused suspicious rule in the docsv3.10.0a6Pablo Galindo2021-03-011-4993/+7288
|
* bpo-43103: Fix build failure with macOS framework builds. (GH-24676)Ned Deily2021-03-011-1/+1
|
* bpo-42603: Use pkg-config to get TCL/TK paths for tkinter. (GH-23721)Manolis Stamatogiannakis2021-03-011-2/+7
|
* bpo-43103: Add configure --without-static-libpython (GH-24418)Victor Stinner2021-02-171-0/+40
| | | | | | | | Add a new configure --without-static-libpython option to not build the libpythonMAJOR.MINOR.a static library and not install the python.o object file. Fix smelly.py and stable_abi.py tools when libpython3.10.a is missing.
* bpo-13501: allow choosing between readline and libedit (GH-24189)Roland Hieber2021-02-091-123/+143
| | | | | | | | | | | | | | | | | | | | | | | In contrast to macOS, libedit is available as its own include file and library on Linux systems to prevent file name clashes. So if both libraries are available on the system, readline is currently chosen by default; and if only libedit is available, it is not found at all. This patch adds a way to link against libedit by adding the following arguments to configure: --with-readline link against libreadline (the default) --with-readline=editline link against libeditline --with-readline=no disable building the readline module --without-readline (same) The runtime detection of libedit vs. readline was already done in commit 7105319ada2e66365902 (2019-12-04, serge-sans-paille: "bpo-38634: Allow non-apple build to cope with libedit (GH-16986)"). Fixes: GH-12076 ("bpo-13501 Build or disable readline with Editline") Fixes: bpo-13501 ("Make libedit support more generic; port readline / libedit to FreeBSD") Co-authored-by: Enji Cooper (ngie-eign) Co-authored-by: Martin Panter (vadmium) Co-authored-by: Robert Marshall (kellinm)
* bpo-43031: Set a timeout when running tests in PGO build (GH-24339)Victor Stinner2021-01-271-1/+1
| | | | Pass --timeout=$(TESTTIMEOUT) option to the default profile task "./python -m test --pgo" command.
* bpo-42856: Add --with-wheel-pkg-dir=PATH configure option (GH-24210)Victor Stinner2021-01-201-0/+28
| | | | | | | | | | | | | Add --with-wheel-pkg-dir=PATH option to the ./configure script. If specified, the ensurepip module looks for setuptools and pip wheel packages in this directory: if both are present, these wheel packages are used instead of ensurepip bundled wheel packages. Some Linux distribution packaging policies recommend against bundling dependencies. For example, Fedora installs wheel packages in the /usr/share/python-wheels/ directory and don't install the ensurepip._bundled package. ensurepip: Remove unused runpy import.
* bpo-42874: Remove grep -qE options for Solaris 10 compatibility (GH-24200)Paul Ganssle2021-01-121-1/+1
| | | | | | | | According to [bpo-42874](), some versions of grep do not support the `-q` and `-E` options. Although both options are used elsewhere in the configure script, this particular bit of validation can be achieved without them, so there's no real harm in using a grep call with no flags. Would be good to get some people taking advantage of the `--with-tzpath` arguments in the wild to try this out.. Local testing seems to indicate that this does the same thing, but I don't know that we have any buildbots using this option. Maybe @pablogsal? [bpo-42874]():
* bpo-27640: Add --disable-test-modules configure option (GH-23886)pxinwr2020-12-301-1/+23
| | | | | | | | | Added --disable-test-modules option to the configure script: don't build nor install test modules. Patch by Xavier de Gaye, Thomas Petazzoni and Peixing Xin. Co-Authored-By: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
* bpo-39465: Add pycore_atomic_funcs.h header (GH-20766)Victor Stinner2020-12-231-5/+7
| | | | | | Add pycore_atomic_funcs.h internal header file: similar to pycore_atomic.h but don't require to declare variables as atomic. Add _Py_atomic_size_get() and _Py_atomic_size_set() functions.
* bpo-42604: always set EXT_SUFFIX=${SOABI}${SHLIB_SUFFIX} when using ↵Matti Picus2020-12-201-7/+1
| | | | | | | | | | configure (GH-23708) Now all platforms use a value for the "EXT_SUFFIX" build variable derived from SOABI (for instance in FreeBSD, "EXT_SUFFIX" is now ".cpython-310d.so" instead of ".so"). Previously only Linux, Mac and VxWorks were using a value for "EXT_SUFFIX" that included "SOABI". Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
* bpo-31904: Enable libpython3.so shared library for VxWorks (GH-23741)pxinwr2020-12-141-2/+2
|
* bpo-42598: Fix implicit function declarations in configure (GH-23690)Joshua Root2020-12-131-6/+7
| | | | | | This is invalid in C99 and later and is an error with some compilers (e.g. clang in Xcode 12), and can thus cause configure checks to produce incorrect results.
* bpo-38443: Check that the specified universal architectures work (GH-22910)Ronald Oussoren2020-11-221-0/+25
| | | As [bpo-38443]() says the error message from configure when specifying --enable-universalsdk with a set of architectures that is not supported by the compiler is not very helpful. This PR explicitly checks if the compiler works and bails out if it doesn't.
* bpo-41625: Expose the splice() system call in the os module (GH-21947)Pablo Galindo2020-11-171-1/+1
|
* bpo-42087: Remove support for AIX 5.3 and below (GH-22830)Kevin Adler2020-11-161-15/+2
| | | | | | As AIX 5.3 and below do not support thread_cputime, it was decided in https://bugs.python.org/issue40680 to require AIX 6.1 and above. This commit removes workarounds for — and references to — older, unsupported AIX versions.
* bpo-41001: Add os.eventfd() (#20930)Christian Heimes2020-11-131-1/+32
| | | Co-authored-by: Kyle Stanley <aeros167@gmail.com>
* bpo-41100: Support macOS 11 and Apple Silicon (GH-22855)Ronald Oussoren2020-11-081-6/+39
| | | | | | | | | | | Co-authored-by: Lawrence D’Anna <lawrence_danna@apple.com> * Add support for macOS 11 and Apple Silicon (aka arm64) As a side effect of this work use the system copy of libffi on macOS, and remove the vendored copy * Support building on recent versions of macOS while deploying to older versions This allows building installers on macOS 11 while still supporting macOS 10.9.
* bpo-35823: subprocess: Use vfork() instead of fork() on Linux when safe ↵Alexey Izbyshev2020-10-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (GH-11671) * bpo-35823: subprocess: Use vfork() instead of fork() on Linux when safe When used to run a new executable image, fork() is not a good choice for process creation, especially if the parent has a large working set: fork() needs to copy page tables, which is slow, and may fail on systems where overcommit is disabled, despite that the child is not going to touch most of its address space. Currently, subprocess is capable of using posix_spawn() instead, which normally provides much better performance. However, posix_spawn() does not support many of child setup operations exposed by subprocess.Popen(). Most notably, it's not possible to express `close_fds=True`, which happens to be the default, via posix_spawn(). As a result, most users can't benefit from faster process creation, at least not without changing their code. However, Linux provides vfork() system call, which creates a new process without copying the address space of the parent, and which is actually used by C libraries to efficiently implement posix_spawn(). Due to sharing of the address space and even the stack with the parent, extreme care is required to use vfork(). At least the following restrictions must hold: * No signal handlers must execute in the child process. Otherwise, they might clobber memory shared with the parent, potentially confusing it. * Any library function called after vfork() in the child must be async-signal-safe (as for fork()), but it must also not interact with any library state in a way that might break due to address space sharing and/or lack of any preparations performed by libraries on normal fork(). POSIX.1 permits to call only execve() and _exit(), and later revisions remove vfork() specification entirely. In practice, however, almost all operations needed by subprocess.Popen() can be safely implemented on Linux. * Due to sharing of the stack with the parent, the child must be careful not to clobber local variables that are alive across vfork() call. Compilers are normally aware of this and take extra care with vfork() (and setjmp(), which has a similar problem). * In case the parent is privileged, special attention must be paid to vfork() use, because sharing an address space across different privilege domains is insecure[1]. This patch adds support for using vfork() instead of fork() on Linux when it's possible to do safely given the above. In particular: * vfork() is not used if credential switch is requested. The reverse case (simple subprocess.Popen() but another application thread switches credentials concurrently) is not possible for pure-Python apps because subprocess.Popen() and functions like os.setuid() are mutually excluded via GIL. We might also consider to add a way to opt-out of vfork() (and posix_spawn() on platforms where it might be implemented via vfork()) in a future PR. * vfork() is not used if `preexec_fn != None`. With this change, subprocess will still use posix_spawn() if possible, but will fallback to vfork() on Linux in most cases, and, failing that, to fork(). [1] https://ewontfix.com/7 Co-authored-by: Gregory P. Smith [Google LLC] <gps@google.com>
* bpo-38980: Only apply -fno-semantic-interposition if available (GH-22892)Petr Viktorin2020-10-221-0/+36
|
* bpo-38980: Add -fno-semantic-interposition when building with optimizations ↵Pablo Galindo2020-10-211-0/+8
| | | | (GH-22862)
* closes bpo-42030: Remove legacy AIX dynload support (GH-22717)Kevin Adler2020-10-161-6/+0
| | | | | | | | Since c19c5a6, AIX builds have defaulted to using dynload_shlib over dynload_aix when dlopen is available. This function has been available since AIX 4.3, which went out of support in 2003, the same year the previously referenced commit was made. It has been nearly 20 years since a version of AIX has been supported which has not used dynload_shlib so there's no reason to keep this legacy code around.
* bpo-40423: Optimization: use close_range(2) if available (GH-22651)Kyle Evans2020-10-111-2/+2
| | | | | | | close_range(2) should be preferred at all times if it's available, otherwise we'll use closefrom(2) if available with a fallback to fdwalk(3) or plain old loop over fd range in order of most efficient to least. [note that this version does check for ENOSYS, but currently ignores all other errors] Automerge-Triggered-By: @pablogsal
* bpo-41721: Add xlc options (GH-22096)Stefan Krah2020-09-041-1/+4
|
* bpo-19521: Fix parallel build race condition on AIX (GH-21997)Stefan Krah2020-08-291-9/+22
| | | | Patch by Michael Haubenwallner.
* bpo-41340: Removed fallback implementation for strdup (GH-21634)wasiher2020-07-271-13/+0
|
* BPO-41100: Support macOS 11 when building (GH-21113)Ronald Oussoren2020-06-251-1/+1
|
* bpo-40939: run autoreconf to fix configure{,.ac} disparity (GH-21152)Ned Deily2020-06-251-1/+1
|
* bpo-40939: Remove the old parser (Part 2) (GH-21005)Lysandros Nikolaou2020-06-201-1/+1
| | | Remove some remaining files and Makefile targets for the old parser
* bpo-40684: Fix make install for platlibdir=lib64 (GH-20736)Victor Stinner2020-06-091-1/+7
| | | | | | "make install" now uses the PLATLIBDIR variable for the destination lib-dynload/ directory when ./configure --with-platlibdir is used. Update --with-platlibdir comment in configure.
* Python 3.10.0a0 (GH-20198)Pablo Galindo2020-05-191-10/+10
|
* Revert "bpo-26317: Support OBJC and OBJCXX configure command line variables ↵Ned Deily2020-05-181-611/+0
| | | | | | | | | (GH-20176)" (GH-20182) This reverts commit 0da546665075aefbb476e192ed64122d340164f4. The commit is causing make failures on a FreeBSD buildbot. Due to the imminent 3.9.0b1 cutoff, revert this commit for now pending further investigation.
* bpo-26317: Support OBJC and OBJCXX configure command line variables (GH-20176)Ned Deily2020-05-181-0/+611
| | | | | | Add support to the configure script for OBJC and OBJCXX command line options so that the macOS builds can use the clang compiler for the macOS-specific Objective C source files. This allows third-party compilers, like GNU gcc, to be used to build the rest of the project since some of the Objective C system header files are not compilable by GNU gcc. Co-authored-by: Jeffrey Kintscher <websurfer@surf2c.net> Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* bpo-40503: PEP 615: Tests and implementation for zoneinfo (GH-19909)Paul Ganssle2020-05-161-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the initial implementation of PEP 615, the zoneinfo module, ported from the standalone reference implementation (see https://www.python.org/dev/peps/pep-0615/#reference-implementation for a link, which has a more detailed commit history). This includes (hopefully) all functional elements described in the PEP, but documentation is found in a separate PR. This includes: 1. A pure python implementation of the ZoneInfo class 2. A C accelerated implementation of the ZoneInfo class 3. Tests with 100% branch coverage for the Python code (though C code coverage is less than 100%). 4. A compile-time configuration option on Linux (though not on Windows) Differences from the reference implementation: - The module is arranged slightly differently: the accelerated module is `_zoneinfo` rather than `zoneinfo._czoneinfo`, which also necessitates some changes in the test support function. (Suggested by Victor Stinner and Steve Dower.) - The tests are arranged slightly differently and do not include the property tests. The tests live at test/test_zoneinfo/test_zoneinfo.py rather than test/test_zoneinfo.py or test/test_zoneinfo/__init__.py because we may do some refactoring in the future that would likely require this separation anyway; we may: - include the property tests - automatically run all the tests against both pure Python and C, rather than manually constructing C and Python test classes (similar to the way this works with test_datetime.py, which generates C and Python test cases from datetimetester.py). - This includes a compile-time configuration option on Linux (though not on Windows); added with much help from Thomas Wouters. - Integration into the CPython build system is obviously different from building a standalone zoneinfo module wheel. - This includes configuration to install the tzdata package as part of CI, though only on the coverage jobs. Introducing a PyPI dependency as part of the CI build was controversial, and this is seen as less of a major change, since the coverage jobs already depend on pip and PyPI. Additional changes that were introduced as part of this PR, most / all of which were backported to the reference implementation: - Fixed reference and memory leaks With much debugging help from Pablo Galindo - Added smoke tests ensuring that the C and Python modules are built The import machinery can be somewhat fragile, and the "seamlessly falls back to pure Python" nature of this module makes it so that a problem building the C extension or a failure to import the pure Python version might easily go unnoticed. - Adjustments to zoneinfo.__dir__ Suggested by Petr Viktorin. - Slight refactorings as suggested by Steve Dower. - Removed unnecessary if check on std_abbr Discovered this because of a missing line in branch coverage.
* bpo-40637: Add option to disable builtin hashes (GH-20121)Christian Heimes2020-05-151-0/+42
| | | | | Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-40514: Add --with-experimental-isolated-subinterpreters (GH-19926)Victor Stinner2020-05-051-0/+28
| | | | | | | Add --with-experimental-isolated-subinterpreters build option to configure: better isolate subinterpreters, experimental build mode. When used, force the usage of the libc malloc() memory allocator, since pymalloc relies on the unique global interpreter lock (GIL).
* bpo-40291: Add support for CAN_J1939 sockets (GH-19538)karl ding2020-04-291-2/+2
| | | | Add support for CAN_J1939 sockets that wrap SAE J1939 protocol functionality provided by Linux 5.4+ kernels.
* bpo-40334: Fix builds outside the source directory and regenerate autoconf ↵Pablo Galindo2020-04-231-1/+1
| | | | files (GH-19667)
* bpo-25780: Expose CAN_RAW_JOIN_FILTERS in the socket module (GH-19190)Zackery Spytz2020-04-091-0/+30
| | | Co-Authored-By: Stefan Tatschner <stefan@rumpelsepp.org>
* bpo-38527: fix configure script for Solaris (GH-16845)Arnon Yaari2020-04-011-2/+2
| | | | | On Solaris, the regular "grep" command may be an old version that fails to search a binary file. We need to use the correct command (ggrep, in our case), which is found by the configure script earlier. Automerge-Triggered-By: @pablogsal