Add random.randbytes() function and random.Random.randbytes()
method to generate random bytes.
Modify secrets.token_bytes() to use SystemRandom.randbytes()
rather than calling directly os.urandom().
Rename also genrand_int32() to genrand_uint32(), since it returns an
unsigned 32-bit integer, not a signed integer.
The _random module is now built with Py_BUILD_CORE_MODULE defined.
Add a new internal pycore_byteswap.h header file with the following
functions:
* _Py_bswap16()
* _Py_bswap32()
* _Py_bswap64()
Use these functions in _ctypes, sha256 and sha512 modules,
and also use in the UTF-32 encoder.
sha256, sha512 and _ctypes modules are now built with the internal
C API.
Add os.waitstatus_to_exitcode() function to convert a wait status to an
exitcode.
Suggest waitstatus_to_exitcode() usage in the documentation when
appropriate.
Use waitstatus_to_exitcode() in:
* multiprocessing, os, subprocess and _bootsubprocess modules;
* test.support.wait_process();
* setup.py: run_command();
* and many tests.
Add _bootsubprocess module to bootstrap Python: subprocess
implementation which only uses the os module.
On AIX, distutils.util uses _aix_support which calls
subprocess.check_output(), before the _posixsubprocess module is
built. Implement check_output() with os.system() in _bootsubprocess.
Reimplement distutils.spawn.spawn() function with the subprocess
module.
setup.py now uses a basic implementation of the subprocess module if
the subprocess module is not available: before required C extension
modules are built.
Move the dtoa.h header file to the internal C API as pycore_dtoa.h:
it only contains private functions (prefixed by "_Py").
The math and cmath modules must now be compiled with the
Py_BUILD_CORE macro defined.
* Switch to officially supported curses from 3rd-party ASIS supported ncurses
* stop saying optional modules osaudiodev and spwd are missing on AIX
Patch by M.Felt
The ssl module now can dump key material to a keylog file and trace TLS
protocol messages with a tracing callback. The default and stdlib
contexts also support SSLKEYLOGFILE env var.
The msg_callback and related enums are private members. The feature
is designed for internal debugging and not for end users.
Signed-off-by: Christian Heimes <christian@python.org>
Add a new _testinternalcapi module to test the internal C API.
Move _Py_GetConfigsAsDict() function to the internal C API:
_testembed now uses _testinternalcapi to access the function.
Change PyAPI_FUNC(type), PyAPI_DATA(type) and PyMODINIT_FUNC macros
of pyport.h when Py_BUILD_CORE_MODULE is defined.
The Py_BUILD_CORE_MODULE define must be now be used to build a C
extension as a dynamic library accessing Python internals: export the
PyInit_xxx() function in DLL exports on Windows.
Changes:
* Py_BUILD_CORE_BUILTIN and Py_BUILD_CORE_MODULE now imply
Py_BUILD_CORE directy in pyport.h.
* ceval.c compilation now fails with an error if Py_BUILD_CORE is not
defined, just to ensure that Python is build with the correct
defines.
* setup.py now compiles _pickle.c with Py_BUILD_CORE_MODULE define.
* setup.py compiles _json.c with Py_BUILD_CORE_MODULE define, rather
than Py_BUILD_CORE_BUILTIN define
* PCbuild/pythoncore.vcxproj: Add Py_BUILD_CORE_BUILTIN define.
[bpo-36146](https://bugs.python.org/issue36146) introduced another regression. In case of missing OpenSSL
libraries or headers, setup.py no longer reported _hashlib and _ssl to
be missing.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue36577
* Revert "bpo-36097: Use only public C-API in the_xxsubinterpreters module (adding as necessary). (#12003)"
This reverts commit bcfa450f21.
* Revert "bpo-33608: Simplify ceval's DISPATCH by hoisting eval_breaker ahead of time. (gh-12062)"
This reverts commit bda918bf65.
* Revert "bpo-33608: Use _Py_AddPendingCall() in _PyCrossInterpreterData_Release(). (gh-12024)"
This reverts commit b05b711a2c.
* Revert "bpo-33608: Factor out a private, per-interpreter _Py_AddPendingCall(). (GH-11617)"
This reverts commit ef4ac967e2.
Add TEST_EXTENSIONS constant to setup.py to allow to not build test
extensions like _testcapi.
Changes:
* Add add_ldflags_cppflags() subfunction
* Rename add_compiler_directories() to configure_compiler().
* Remove unused COMPILED_WITH_PYDEBUG constant.
* Use self.add() rather than accessing directly self.extensions.
* Remove module_enabled() function: check differently if curses
extension is built or not.
* Move set_compiler_flags() calls and concurrent.future hack from
module top-level to main()
* Remove unused variables 'macros' and 'libraries' from
detect_multiprocessing().
* Move SUMMARY and CLASSIFIERS constants at the top, move
set_compiler_flags() function below these constants.
* Add some empty new lines to respect PEP 8.
* Split PyBuildExt.detect_modules() huge function into subfunctions.
* Move curses, hashlib and some other code to reorganize the code.
* detect_tkinter() now returns False if the extension is missing.
* Add PyBuildExt.config_h_vars attribute
* Add PyBuildExt.srcdir atribute in setup.py: the source directory is
now always absolute.
* Add PyBuildExt.inc_dirs and PyBuildExt.lib_dirs attributes:
replace 'inc_dirs' and 'lib_dirs' local variables of
detect_modules().
* Replace "from distutils.errors import *"
with "from distutils.errors import CCompilerError, DistutilsError"
to be able to use static analyzers like pyflakes
* Reorder imports.
* Add PyBuildExt.add() which adds the extension directly to
self.extensions, rather than using a temporary 'exts' local
variable in detect_modules() and then add 'exts' to self.extensions
* Convert 'missing' local variable from detect_modules()
into PyBuildExt.missing attribute
* _detect_openssl(), _decimal_ext() and _detect_nis() now call
directly self.add(), rather than returning an extension
(or None if not found).
* Rename _decimal_ext() to _detect_decimal() for consistency with
other methods.
* Rename globals to upper case to better distinguish if a variable is
global or local:
* Rename cross_compiling to CROSS_COMPILING
* Rename host_platform to HOST_PLATFORM
* Rename disabled_module_list to DISABLED_MODULE_LIST
* Add MS_WINDOWS, CYGWIN and MACOS constants.
* Use booleans: replace "return 0" with "return False"
and replace "return 1" with "return True"
Use autoconfig to probe for shm_open() and shm_unlink(). Set SHM_NEEDS_LIBRT if we must
link with librt to get the shm_* functions. Change setup.py to use the autoconfig defines. These
changes should make it more likely that _multiprocessing/posixshmem.c gets built correctly on
different platforms.
When compiling 3rd party C extensions, the linker flags used by the
compiler for the interpreter and the stdlib modules, will get
leaked into distutils. In order to avoid that, the PY_CORE_LDFLAGS
and PY_LDFLAGS_NODIST are introduced to keep those flags separated.
* All internal header files now require Py_BUILD_CORE or
Py_BUILD_CORE_BUILTIN to be defined.
* _json.c is now compiled with Py_BUILD_CORE_BUILTIN to access
pycore_accu.h header.
* Add an example to Modules/Setup to show how to build _json
as a built-in module; it requires non trivial compiler options.
The ctypes module used to depend on indirect linking for dlopen. The shared
extension is now explicitly linked against libdl on platforms with dl.
Signed-off-by: Christian Heimes <christian@python.org>
bpo-31399: Let OpenSSL verify hostname and IP
The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.
* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name
Signed-off-by: Christian Heimes <christian@python.org>
Add https://www.gnu.org/software/autoconf-archive/ax_check_openssl.html
to auto-detect compiler flags, linker flags and libraries to compile
OpenSSL extensions. The M4 macro uses pkg-config and falls back to
manual detection.
Add autoconf magic to detect usable X509_VERIFY_PARAM_set1_host()
and related functions.
Refactor setup.py to use new config vars to compile _ssl and _hashlib
modules.
Signed-off-by: Christian Heimes <christian@python.org>