Commit Graph

420 Commits

Author SHA1 Message Date
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
2022-09-02 09:35:08 -07:00
Pablo Galindo Salgado f49dd54b72
gh-96143: Add some comments and minor fixes missed in the original PR (#96433)
* gh-96132: Add some comments and minor fixes missed in the original PR

* Update Doc/using/cmdline.rst

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
2022-08-30 19:37:22 +01:00
Pablo Galindo Salgado 6d791a9736
gh-96143: Allow Linux perf profiler to see Python calls (GH-96123)
⚠️  ⚠️ Note for reviewers, hackers and fellow systems/low-level/compiler engineers ⚠️ ⚠️ 

If you have a lot of experience with this kind of shenanigans and want to improve the **first** version, **please make a PR against my branch** or **reach out by email** or **suggest code changes directly on GitHub**. 

If you have any **refinements or optimizations** please, wait until the first version is merged before starting hacking or proposing those so we can keep this PR productive.
2022-08-30 10:11:18 -07:00
Dong-hee Na 6ec57e7c5a
gh-90536: Fix link syntax to LLVM-BOLT repository (gh-96141) 2022-08-21 00:11:35 +09:00
Kevin Modzelewski 214eb2cce5
gh-90536: Add support for the BOLT post-link binary optimizer (gh-95908)
* Add support for the BOLT post-link binary optimizer

Using [bolt](https://github.com/llvm/llvm-project/tree/main/bolt)
provides a fairly large speedup without any code or functionality
changes. It provides roughly a 1% speedup on pyperformance, and a
4% improvement on the Pyston web macrobenchmarks.

It is gated behind an `--enable-bolt` configure arg because not all
toolchains and environments are supported. It has been tested on a
Linux x86_64 toolchain, using llvm-bolt built from the LLVM 14.0.6
sources (their binary distribution of this version did not include bolt).

Compared to [a previous attempt](https://github.com/faster-cpython/ideas/issues/224),
this commit uses bolt's preferred "instrumentation" approach, as well as adds some non-PIE
flags which enable much better optimizations from bolt.

The effects of this change are a bit more dependent on CPU microarchitecture
than other changes, since it optimizes i-cache behavior which seems
to be a bit more variable between architectures. The 1%/4% numbers
were collected on an Intel Skylake CPU, and on an AMD Zen 3 CPU I
got a slightly larger speedup (2%/4%), and on a c6i.xlarge EC2 instance
I got a slightly lower speedup (1%/3%).

The low speedup on pyperformance is not entirely unexpected, because
BOLT improves i-cache behavior, and the benchmarks in the pyperformance
suite are small and tend to fit in i-cache.

This change uses the existing pgo profiling task (`python -m test --pgo`),
though I was able to measure about a 1% macrobenchmark improvement by
using the macrobenchmarks as the training task. I personally think that
both the PGO and BOLT tasks should be updated to use macrobenchmarks,
but for the sake of splitting up the work this PR uses the existing pgo task.

* Simplify the build flags

* Add a NEWS entry

* Update Makefile.pre.in

Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>

* Update configure.ac

Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>

* Add myself to ACKS

* Add docs

* Other review comments

* fix tab/space issue

* Make it more clear that --enable-bolt is experimental

* Add link to bolt's github page

Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
2022-08-19 06:33:54 +09:00
Howie Zhao d25ff1f613
gh-95155: Update "Using Python on a Mac" documentation (GH-95284)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
2022-08-06 18:50:28 +02:00
Victor Stinner 398ed84dc4
gh-93744: Remove configure --with-cxx-main option (#95651)
Remove the "configure --with-cxx-main" build option: it didn't work
for many years. Remove the MAINCC variable from configure and
Makefile.

The MAINCC variable was added by the issue gh-42471: commit
0f48d98b74. Previously, --with-cxx-main
was named --with-cxx.

Keep CXX and LDCXXSHARED variables, even if they are no longer used
by Python build system.
2022-08-05 13:26:58 +02:00
fluesvamp c47d09a4ac
Remove unnecessary text from documentation. (GH-95670) 2022-08-04 21:18:05 +01:00
Serhiy Storchaka f79547a429
gh-91838: Use HTTPS links in docs for resources which redirect to HTTPS (GH-95527)
If an HTTP link is redirected to a same looking HTTPS link, the latter can
be used directly without changes in readability and behavior.
It protects from a men-in-the-middle attack.

This change does not affect Python examples.
2022-08-04 10:13:49 +03:00
Steve Dower 67840edb28
gh-94399: Restore PATH search behaviour of py.exe launcher for '/usr/bin/env' shebang lines (GH-95582) 2022-08-03 22:18:51 +01:00
Steve Dower d2c1a9c76c
gh-92219: Clarify that some options to the installer may break the install (GH-95548) 2022-08-02 00:57:46 +01:00
Christian Heimes f81a6c5fc7
gh-95415: Make availability directive consistent (GH-95416) 2022-07-29 16:42:09 +02:00
Christian Heimes a566912049
gh-85454: Remove distutils documentation (#95239)
Most places now refer to setuptools or link to setuptools documentation.
Some examples like zipapp need to be updated later.
2022-07-25 15:50:46 +02:00
Anthony Shaw b1924b1006
GH-95029: Describe Windows Store package isolation and redirection in more detail (GH-95030) 2022-07-21 01:01:23 +01:00
Ned Batchelder 3440d197a5
Docs: remove redundant "adverb-adjective" hyphens from compound modifiers (GH-94551)
Discussion: https://discuss.python.org/t/slight-grammar-fix-throughout-adverbs-dont-need-hyphen/17021
2022-07-05 11:16:10 +02:00
Oleg Iarygin f62ff97f31
gh-93851: Fix all broken links in Doc/ (GH-93853) 2022-06-21 20:55:18 +02:00
Matthias Köppe 61f24e7885
gh-90539: doc: Expand on what should not go into CFLAGS, LDFLAGS (#92754) 2022-06-20 15:58:02 +02:00
Éric 8aa9d40b00
gh-90300: split --help output into separate options (#30331)
Make --help output shorter and add new help options.

--help-env, --help-xoptions and --help-all command-line options are
added to complement --help.
2022-06-01 05:50:01 -04:00
Victor Stinner c7667a2d35
gh-93103: Enhance PyConfig.parser_debug documentation (#93186)
Document that -d option and PYTHONDEBUG env var require a debug
build of Python. Also mention them in the debug build documentation.
2022-05-24 23:23:01 +02:00
CAM Gerlach f1bbcba74f
gh-76773: Update docs mentioning no-longer-supported Windows versions & features (GH-92529) 2022-05-10 09:30:32 +03:00
Gregory P. Smith 6ed7c353b8
gh-88750: Remove the PYTHONTHREADDEBUG env var support. (#92509)
Remove the `PYTHONTHREADDEBUG` env var support.
Remove no-op dprintf() macro calls.
2022-05-09 16:03:46 -07:00
Julien Palard b77a95f44a
Doc: Update py2app link. (#91585)
See: https://mail.python.org/archives/list/docs@python.org/thread/KDVFGNGGUGGPVRZT7WZYHHWXCRS2GEN7/
2022-05-09 23:10:19 +02:00
slateny e3fa60b937
gh-86019: Add table for Windows installer options (GH-91809) 2022-05-09 17:40:51 +01:00
Victor Stinner ada8b6d1b1
gh-57684: Add -P cmdline option and PYTHONSAFEPATH env var (#31542)
Add the -P command line option and the PYTHONSAFEPATH environment
variable to not prepend a potentially unsafe path to sys.path.

* Add sys.flags.safe_path flag.
* Add PyConfig.safe_path member.
* Programs/_bootstrap_python.c uses config.safe_path=0.
* Update subprocess._optim_args_from_interpreter_flags() to handle
  the -P command line option.
* Modules/getpath.py sets safe_path to 1 if a "._pth" file is
  present.
2022-05-06 01:34:11 +02:00
vainaijr ed711290a0
gh-91998: 'WebAssemby' to 'WebAssembly' (#92040) 2022-05-01 20:24:41 -05:00
Victor Stinner 87c6cf9aa7
gh-89479: Export _Py_GetSpecializationStats() internal function (#92011)
When Python is built with "./configure --enable-pystats" (if the
Py_STATS macro is defined), the _Py_GetSpecializationStats() function
must be exported, since it's used by the _opcode extension which is
built as a shared library.
2022-04-28 14:02:45 +02:00
Christian Heimes 92c1037afc
gh-84461: Add --enable-wasm-pthreads and more file systems (GH-91820) 2022-04-23 14:59:33 +02:00
Victor Stinner 364ed94092
gh-89373: _Py_Dealloc() checks tp_dealloc exception (#32357)
If Python is built in debug mode, _Py_Dealloc() now ensures that the
tp_dealloc function leaves the current exception unchanged.
2022-04-21 23:04:01 +02:00
Dennis Sweeney 37965d2fb4
gh-78607: Replace __ltrace__ with __lltrace__ (GH-91619) 2022-04-16 18:57:00 -04:00
Inada Naoki 13b17e2a0a
gh-91156: Fix `encoding="locale"` in UTF-8 mode (GH-70056) 2022-04-14 16:00:35 +09:00
Christian Heimes c9844cb8aa
bpo-40280: Add --enable-wasm-dynamic-linking (GH-32253) 2022-04-04 19:31:31 +02:00
Christian Clauss 1ecfe3d5ae
Demonstrate `py --list` in the quickstart section of the Windows doc page (GH-29383) 2022-04-04 16:35:51 +01:00
Erlend Egeberg Aasland b36d222110
bpo-45847: Port _tkinter to PY_STDLIB_MOD (GH-31698)
- Remove ``--with-tclk-*`` options from `configure`
- Use pkg-config to detect `_tkinter` dependencies (Tcl/Tk, X11)
- Manual override via environment variables `TCLTK_CFLAGS` and `TCLTK_LIBS`
2022-03-31 03:19:08 -07:00
Steve Dower bad86a621a
bpo-46566: Add new py.exe launcher implementation (GH-32062) 2022-03-29 00:21:08 +01:00
Russel Webber c62b944dfc
bpo-31582: Created a new documentation section describing sys.path initialization (GH-31082) 2022-03-23 17:29:40 +00:00
slateny 9a0d941df4
bpo-36557: Updated wording for using/windows (GH-31457) 2022-02-22 17:36:13 +00:00
Manish Kumar ⛄ ba650af7d6
Optimize images by IMGbot (GH-21348)
Co-authored-by: ImgBotApp <ImgBotHelp@gmail.com>
2022-02-04 15:49:43 +09:00
bneuburg c47c9e6589
bpo-44934: Add optional feature AppendPath to Windows MSI installer (GH-27889)
The option must be enabled from the command line
2022-01-18 00:18:44 +00:00
Mark Dickinson 025cbe7a9b
bpo-45569: Change PYLONG_BITS_IN_DIGIT default to 30 (GH-30497) 2022-01-14 18:54:56 +00:00
Mark Shannon 4506bbede1
bpo-46072: Document --enable-stats option. (GH-30139) 2021-12-16 13:40:54 +00:00
Christian Heimes eb483c46d6
bpo-45949: Pure Python freeze module for cross builds (GH-29899) 2021-12-13 20:48:46 +01:00
Pablo Galindo 3ea574f35b
Fix some false positives of documentation syntax problems 2021-12-08 22:22:55 +00:00
Christian Heimes 992565f7f7
bpo-45881: configure --with-freeze-module --with-build-python (GH-29835)
Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
Co-authored-by: Ethan Smith <ethan@ethanhs.me>
2021-11-29 17:23:29 +01:00
Christian Heimes 6ac3c8a314
bpo-40280: Emscripten systems use .wasm suffix by default (GH-29842) 2021-11-29 16:01:55 +01:00
Christian Heimes fc9b622819
bpo-45723: Add --with-pkg-config to configure (GH-29517)
Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
2021-11-10 23:02:19 +01:00
Eric Snow b9cdd0fb9c
bpo-45020: Default to using frozen modules unless running from source tree. (gh-28940)
The default was "off".  Switching it to "on" means users get the benefit of frozen stdlib modules without having to do anything.  There's a special-case for running-in-source-tree, so contributors don't get surprised when their stdlib changes don't get used.

https://bugs.python.org/issue45020
2021-10-16 13:16:08 -06:00
Inada Naoki ad970e8623
bpo-29410: Change the default hash algorithm to SipHash13. (GH-28752)
Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no>
Co-authored-by: Christian Heimes <christian@python.org>
2021-10-10 17:29:46 +09:00
Christian Clauss 241bda785a
[doc] Fix typos found using codespell (GH-28744)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
2021-10-05 23:48:44 +02:00
zhanpon bc4cde4033
bpo-45291: Explicitly set --libdir=lib when configure OpenSSL (GH-28566) 2021-09-29 12:54:59 +02:00
Serhiy Storchaka 4f05f15d7b
[docs] Improve the markup of powers (GH-28598) 2021-09-28 22:40:57 +02:00