Commit Graph

18 Commits

Author SHA1 Message Date
Furkan Onder f8f7500168
gh-123718: Fix implicit declaration of 'explicit_memset' for NetBSD 10.0 (#123719)
Fix implicit declaration of 'explicit_memset' for NetBSD 10.0 in Lib_Memzero0.c.
2024-09-06 00:09:04 +00:00
Seth Michael Larson 40bdb0deee
gh-123678: Upgrade libexpat 2.6.3 (#123689)
Upgrade libexpat 2.6.3
2024-09-04 12:57:16 -07:00
Jonathan Protzenko 325e9b8ef4
gh-99108: Add HACL* Blake2 implementation to hashlib (GH-119316)
This replaces the existing hashlib Blake2 module with a single implementation that uses HACL\*'s Blake2b/Blake2s implementations. We added support for all the modes exposed by the Python API, including tree hashing, leaf nodes, and so on. We ported and merged all of these changes upstream in HACL\*, added test vectors based on Python's existing implementation, and exposed everything needed for hashlib.

This was joint work done with @R1kM.

See the PR for much discussion and benchmarking details.   TL;DR: On many systems, 8-50% faster (!) than `libb2`, on some systems it appeared 10-20% slower than `libb2`.
2024-08-13 21:42:19 +00:00
Seth Michael Larson c9829eec08
gh-116741: Upgrade libexpat to 2.6.2 (#117296)
Upgrade libexpat to 2.6.2
2024-04-22 18:15:08 -07:00
Seth Michael Larson 669ef49c7d
gh-99108: Update and check HACL* version information (GH-117295)
* Update and check HACL* version information
2024-03-27 14:56:14 -07:00
Jonathan Protzenko 872e212378
gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237)
Pulls in a new update from https://github.com/hacl-star/hacl-star and fixes our C "namespacing" done by `Modules/_hacl/refresh.sh`.
2024-03-26 00:35:26 +00:00
Yuriy Chernyshov 9b9e819b51
gh-116116: Backport blake2 change to fix building with clang-cl on windows-i686 (GH-116117) 2024-03-04 16:59:57 +00:00
Sergey B Kirpichev 002a5948fc
gh-108562: Fix compiler warnings for libmpdec (#114751)
If awailable, enable -fstrict-overflow for libmpdec. Also
shut off false positive warnings (-Warray-bounds).

The later was backported from mpdecimal-4.0.0.
2024-03-03 08:25:39 +01:00
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
2024-02-29 14:52:50 -08:00
Seth Michael Larson 889cc43cb1
gh-112302: Move pip SBOM discovery to release-tools (#115360) 2024-02-14 12:47:15 -07:00
Seth Michael Larson 4b2d1786cc
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
Seth Michael Larson 4bf41879d0
gh-112302: Change 'licenseConcluded' field to 'NOASSERTION' (#115038) 2024-02-06 12:25:58 +02:00
Stéphane Bidoul a4c298c149
gh-114965: Updated bundled pip to 24.0 (gh-114966)
Updated bundled pip to 24.0
2024-02-03 17:45:09 +00:00
Seth Michael Larson 582d95e8bb
gh-114250: Fetch metadata for pip and its vendored dependencies from PyPI (#114450) 2024-01-26 09:48:13 +00:00
Seth Michael Larson b221e03010
gh-113257: Automatically generate pip SBOM metadata from wheel (#113295)
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
2023-12-20 17:28:20 +00:00
Seth Michael Larson 4658464e9c
gh-113257: Fix SBOM metadata for pip 23.3.2 (#113262)
Fix SBOM metadata for pip 23.3.2
2023-12-19 08:34:53 +02:00
Stéphane Bidoul 4a24bf9a13
gh-113246: Updated bundled pip to 23.3.2 (gh-113249)
Updated bundled pip to 23.3.2
2023-12-18 10:21:46 +00:00
Seth Michael Larson 21221c398f
gh-112302: Add Software Bill-of-Materials (SBOM) tracking for dependencies (#112303) 2023-12-07 18:01:58 +02:00