Commit Graph

3181 Commits

Author SHA1 Message Date
Christian Heimes e983252b51
bpo-43998: Default to TLS 1.2 and increase cipher suite security (GH-25778)
The ssl module now has more secure default settings. Ciphers without forward
secrecy or SHA-1 MAC are disabled by default. Security level 2 prohibits
weak RSA, DH, and ECC keys with less than 112 bits of security.
:class:`~ssl.SSLContext` defaults to minimum protocol version TLS 1.2.
Settings are based on Hynek Schlawack's research.

```
$ openssl version
OpenSSL 1.1.1k  FIPS 25 Mar 2021
$ openssl ciphers -v '@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
```

Signed-off-by: Christian Heimes <christian@python.org>
2021-05-01 20:53:10 +02:00
larryhastings 99f71aea5c
Noted my recent contributions in "What's New In Python 3.10". (#25771)
Noted my recent contributions in "What's New In Python 3.10".  Also made some edits clarifying "annotations" vs "type hints", and some other edits for correctness.
2021-04-30 22:55:21 -07:00
Yurii Karabas c24199184b
bpo-42269: Add slots parameter to dataclass decorator (GH-24171)
Add slots parameter to dataclass decorator and make_dataclass function.
2021-04-30 22:14:30 -04:00
Victor Stinner 3bb09947ec
bpo-43916: Add Py_TPFLAGS_DISALLOW_INSTANTIATION type flag (GH-25721)
Add a new Py_TPFLAGS_DISALLOW_INSTANTIATION type flag to disallow
creating type instances: set tp_new to NULL and don't create the
"__new__" key in the type dictionary.

The flag is set automatically on static types if tp_base is NULL or
&PyBaseObject_Type and tp_new is NULL.

Use the flag on the following types:

* _curses.ncurses_version type
* _curses_panel.panel
* _tkinter.Tcl_Obj
* _tkinter.tkapp
* _tkinter.tktimertoken
* _xxsubinterpretersmodule.ChannelID
* sys.flags type
* sys.getwindowsversion() type
* sys.version_info type

Update MyStr example in the C API documentation to use
Py_TPFLAGS_DISALLOW_INSTANTIATION.

Add _PyStructSequence_InitType() function to create a structseq type
with the Py_TPFLAGS_DISALLOW_INSTANTIATION flag set.

type_new() calls _PyType_CheckConsistency() at exit.
2021-04-30 12:46:15 +02:00
Victor Stinner abfd6388cd
bpo-43774: Enhance debug build documentation (GH-25712)
* Add also references to --with-trace-refs option.
* Move _ob_next and _ob_prev at the end, since they don't exist by
  default and are related to debug.
2021-04-29 13:06:59 +02:00
Victor Stinner 5bd0619533
bpo-43908: Document Static Types in the C API (GH-25710)
Update also PyTypeObject structure definition in the doc.
2021-04-29 10:26:34 +02:00
Inada Naoki e52ab42ced
bpo-41139: Deprecate `cgi.log()` (GH-25625) 2021-04-29 11:36:04 +09:00
scoder 3cc481b9de
bpo-28254: Add a C-API for controlling the GC state (GH-25687)
Add new C-API functions to control the state of the garbage collector:
PyGC_Enable(), PyGC_Disable(), PyGC_IsEnabled(),
corresponding to the functions in the gc module.

Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
2021-04-28 18:12:16 +02:00
Ma Lin f9bedb630e
bpo-41486: Faster bz2/lzma/zlib via new output buffering (GH-21740)
Faster bz2/lzma/zlib via new output buffering.
Also adds .readall() function to _compression.DecompressReader class
to take best advantage of this in the consume-all-output at once scenario.

Often a 5-20% speedup in common scenarios due to less data copying.

Contributed by Ma Lin.
2021-04-27 23:58:54 -07:00
Ken Jin 05ab4b60ab
bpo-43766: Implement PEP 647 (User-Defined Type Guards) in typing.py (#25282) 2021-04-27 07:31:04 -07:00
Erlend Egeberg Aasland 7244c0060d
bpo-43762: Add audit events for loading of sqlite3 extensions (GH-25246) 2021-04-27 00:16:46 +01:00
Tymoteusz Wołodźko 09aa6f914d
bpo-38490: statistics: Add covariance, Pearson's correlation, and simple linear regression (#16813)
Co-authored-by: Tymoteusz Wołodźko <twolodzko+gitkraken@gmail.com
2021-04-25 14:45:09 +03:00
Serhiy Storchaka 172c0f2752
bpo-39529: Deprecate creating new event loop in asyncio.get_event_loop() (GH-23554)
asyncio.get_event_loop() emits now a deprecation warning when it creates a new event loop.
In future releases it will became an alias of asyncio.get_running_loop().
2021-04-25 13:40:44 +03:00
Batuhan Taskaya 8cc3cfa8af
bpo-42737: annotations with complex targets no longer causes any runtime effects (GH-23952) 2021-04-25 05:31:20 +03:00
Zackery Spytz b2fac1afaa
bpo-31870: Add a timeout parameter to ssl.get_server_certificate() (GH-22270) 2021-04-23 21:46:01 -07:00
Barney Gale f24e2e5464
bpo-39950: add `pathlib.Path.hardlink_to()` method that supersedes `link_to()` (GH-18909)
The argument order of `link_to()` is reversed compared to what one may expect, so:

    a.link_to(b)

Might be expected to create *a* as a link to *b*, in fact it creates *b* as a link to *a*, making it function more like a "link from". This doesn't match `symlink_to()` nor the documentation and doesn't seem to be the original author's intent.

This PR deprecates `link_to()` and introduces `hardlink_to()`, which has the same argument order as `symlink_to()`.
2021-04-23 13:48:52 -07:00
Pablo Galindo a77aac4fca
bpo-43914: Highlight invalid ranges in SyntaxErrors (#25525)
To improve the user experience understanding what part of the error messages associated with SyntaxErrors is wrong, we can highlight the whole error range and not only place the caret at the first character. In this way:

>>> foo(x, z for z in range(10), t, w)
  File "<stdin>", line 1
    foo(x, z for z in range(10), t, w)
           ^
SyntaxError: Generator expression must be parenthesized

becomes

>>> foo(x, z for z in range(10), t, w)
  File "<stdin>", line 1
    foo(x, z for z in range(10), t, w)
           ^^^^^^^^^^^^^^^^^^^^
SyntaxError: Generator expression must be parenthesized
2021-04-23 14:27:05 +01:00
Petr Viktorin 91b69b77cf
bpo-43868: Remove PyOS_ReadlineFunctionPointer from the stable ABI list (GH-25442)
The inclusion of PyOS_ReadlineFunctionPointer in python3dll.c was a mistake.

According to PEP 384:
> functions expecting FILE* are not part of the ABI, to avoid depending
> on a specific version of the Microsoft C runtime DLL on Windows.

https://bugs.python.org/issue43868
2021-04-23 14:23:38 +02:00
Hai Shi 32980fb669
bpo-37751: Document codecs.lookup() change in What's New in Python 3.9 (GH-23096) 2021-04-23 11:10:43 +02:00
Saiyang Gou 660592f67c
bpo-28724: Doc: Move socket.send_fds and socket.recv_fds docs to right section (GH-22608) 2021-04-22 13:08:46 +09:00
Batuhan Taskaya 81fe01492c
doc: Sync some missing 3.10 changes with the What's New (GH-25503)
Automerge-Triggered-By: GH:isidentical
2021-04-21 13:44:27 -07:00
JunWei Song 18e0d32804
Fix typo in whatsnew/3.10.rst (GH-25498) 2021-04-21 18:34:05 +01:00
Pablo Galindo 56c95dfe27
bpo-43859: Improve the error message for IndentationError exceptions (GH-25431) 2021-04-21 15:28:21 +01:00
Pablo Galindo b0544ba77c
bpo-38605: Revert making 'from __future__ import annotations' the default (GH-25490)
This reverts commits 044a1048ca and 1be456ae9d, adapting the code to changes that happened after it.
2021-04-21 12:41:19 +01:00
Pablo Galindo 8bf274a500
Small changes to the section about SyntaxErrors in the 3.10 What's New document (GH-25461) 2021-04-17 22:41:46 +01:00
Christian Heimes 39258d3595
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
2021-04-17 11:36:35 +02:00
Pablo Galindo ff3d9c0f1a
Improve the section with SyntaxError message improvements to the What's New of 3.10 (GH-25428) 2021-04-16 01:28:48 +01:00
Zackery Spytz 0c4c436325
Fix typo in 3.10's What's New documentation (GH-25409)
"occured" ->  "occurred"
2021-04-14 09:16:11 -07:00
Pablo Galindo 5bf8bf2267
bpo-38530: Offer suggestions on NameError (GH-25397)
When printing NameError raised by the interpreter, PyErr_Display
will offer suggestions of simmilar variable names in the function that the exception
was raised from:

    >>> schwarzschild_black_hole = None
    >>> schwarschild_black_hole
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
    NameError: name 'schwarschild_black_hole' is not defined. Did you mean: schwarzschild_black_hole?
2021-04-14 15:10:33 +01:00
Pablo Galindo c4073a24f9
Fix typo in the What's New for 3.10 (GH-25396) 2021-04-14 14:16:47 +01:00
Inada Naoki 333d10cbb5
bpo-43712 : fileinput: Add encoding parameter (GH-25272) 2021-04-14 14:12:58 +09:00
Pablo Galindo 37494b441a
bpo-38530: Offer suggestions on AttributeError (#16856)
When printing AttributeError, PyErr_Display will offer suggestions of similar 
attribute names in the object that the exception was raised from:

>>> collections.namedtoplo
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: module 'collections' has no attribute 'namedtoplo'. Did you mean: namedtuple?
2021-04-14 02:36:07 +01:00
Lewis Gaul 11159d2c9d
bpo-43080: pprint for dataclass instances (GH-24389)
* Added pprint support for dataclass instances which don't have a custom __repr__.
2021-04-13 19:59:24 -04:00
Inada Naoki 695d47b51e
bpo-43785: Update bz2 document (GH-25351) 2021-04-14 08:22:49 +09:00
Victor Stinner 85918e4ab6
bpo-43774: Add more links to configure options (GH-25363) 2021-04-12 23:27:35 +02:00
Jelle Zijlstra 9825bdfbd5
bpo-43723: Deprecate camelCase aliases from threading (GH-25174)
The snake_case names have existed since Python 2.6, so there is
no reason to keep the old camelCase names around. One similar
method, threading.Thread.isAlive, was already removed in
Python 3.9 (bpo-37804).
2021-04-12 10:42:53 +02:00
Victor Stinner 553ee2781a
bpo-43682: Make staticmethod objects callable (GH-25117)
Static methods (@staticmethod) are now callable as regular functions.
2021-04-12 00:21:22 +02:00
Jelle Zijlstra 522433601a
bpo-43783: Add ParamSpecArgs/Kwargs (GH-25298) 2021-04-10 19:57:05 -07:00
Antti Haapala c3a478b7e5
Fix typo about line number in the 3.10 What's New document (GH-25328)
This was a typo copied from PEP 626.
2021-04-11 01:20:41 +01:00
Victor Stinner 09bbebea16
bpo-43753: Add Py_Is() and Py_IsNone() functions (GH-25227)
Add the Py_Is(x, y) function to test if the 'x' object is the 'y'
object, the same as "x is y" in Python. Add also the Py_IsNone(),
Py_IsTrue(), Py_IsFalse() functions to test if an object is,
respectively, the None singleton, the True singleton or the False
singleton.
2021-04-11 00:17:39 +02:00
Victor Stinner 507a574de3
bpo-43682: @staticmethod inherits attributes (GH-25268)
Static methods (@staticmethod) and class methods (@classmethod) now
inherit the method attributes (__module__, __name__, __qualname__,
__doc__, __annotations__) and have a new __wrapped__ attribute.

Changes:

* Add a repr() method to staticmethod and classmethod types.
* Add tests on the @classmethod decorator.
2021-04-09 17:51:22 +02:00
Victor Stinner a41782cc84
bpo-43774: Document configure options (GH-25283)
Add Doc/using/configure.rst documentation to document configure,
preprocessor, compiler and linker options.

Add a new section about the "Python debug build".
2021-04-08 22:32:21 +02:00
Saiyang Gou 0fdf11e8e9
bpo-43755: Update docs to reflect that lambda is not allowed in `comp_if` since 3.9 (GH-25231) 2021-04-06 23:15:37 +01:00
Brett Cannon 57c6cb5100
bpo-42135: Deprecate implementations of find_module() and find_loader() (GH-25169) 2021-04-06 08:56:57 -07:00
Dong-hee Na efccff9ac8
bpo-41870: Update What's News 3.10 about vectorcall (#25219)
* bpo-41870: Update What's News 3.10 about vectorcall

* update

* Update Doc/whatsnew/3.10.rst

Co-authored-by: Victor Stinner <vstinner@python.org>

Co-authored-by: Victor Stinner <vstinner@python.org>
2021-04-07 00:43:59 +09:00
Brett Cannon f97dc80068
bpo-43672: raise ImportWarning when calling find_loader() (GH-25119) 2021-04-02 12:35:32 -07:00
Zackery Spytz afd1265058
bpo-31956: Add start and stop parameters to array.index() (GH-25059)
Co-Authored-By: Anders Lorentsen <Phaqui@gmail.com>
2021-04-03 00:28:35 +09:00
Victor Stinner 3359cab038
bpo-43688: Support the limited C API in debug mode (GH-25131)
The limited C API is now supported if Python is built in debug mode
(if the Py_DEBUG macro is defined). In the limited C API, the
Py_INCREF() and Py_DECREF() functions are now implemented as opaque
function calls, rather than accessing directly the PyObject.ob_refcnt
member, if Python is built in debug mode and the Py_LIMITED_API macro
targets Python 3.10 or newer. It became possible to support the
limited C API in debug mode because the PyObject structure is the
same in release and debug mode since Python 3.8 (see bpo-36465).

The limited C API is still not supported in the --with-trace-refs
special build (Py_TRACE_REFS macro).
2021-04-02 15:45:37 +02:00
Don Kirkby 18701a0608
Fix typos in 3.10 "What's new" (GH-25104) 2021-04-01 15:00:30 +09:00
Ethan Furman b775106d94
bpo-40066: Enum: modify `repr()` and `str()` (GH-22392)
* Enum: streamline repr() and str(); improve docs

- repr() is now ``enum_class.member_name``
- stdlib global enums are ``module_name.member_name``
- str() is now ``member_name``
- add HOW-TO section for ``Enum``
- change main documentation to be an API reference
2021-03-30 21:17:26 -07:00