Output with one wheel:
```
❯ GITHUB_ACTIONS=true ./Tools/build/verify_ensurepip_wheels.py
Verifying checksum for /Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl.
Expected digest: 7ccf472345f20d35bdc9d1841ff5f313260c2c33fe417f48c30ac46cccabf5be
Actual digest: 7ccf472345f20d35bdc9d1841ff5f313260c2c33fe417f48c30ac46cccabf5be
::notice file=/Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl::Successfully verified the checksum of the pip wheel.
```
Output with two wheels:
```
❯ GITHUB_ACTIONS=true ./Tools/build/verify_ensurepip_wheels.py
::error file=/Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-22.0.4-py3-none-any.whl::Found more than one wheel for package pip.
::error file=/Volumes/RAMDisk/cpython/Lib/ensurepip/_bundled/pip-23.2.1-py3-none-any.whl::Found more than one wheel for package pip.
```
Output without wheels:
```
❯ GITHUB_ACTIONS=true ./Tools/build/verify_ensurepip_wheels.py
::error file=::Could not find a pip wheel on disk.
```
(cherry picked from commit f8a047941f2e4a1848700c21d58a08c9ec6a9c68)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
[3.9] gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
(cherry picked from commit 441797d4ffb12acda257370b9e5e19ed8d6e8a71)
Upgrade builds to OpenSSL 1.1.1u.
Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9.
Manual edits to the _ssl_data_300.h file prevent it from removing any
existing definitions in case those exist in some peoples builds and were
important (avoiding regressions during backporting).
(cherry picked from commit ede89af)
Co-authored-by: Ned Deily <nad@python.org>
Fixes CVE-2023-0286 (High) and a couple of Medium security issues.
https://www.openssl.org/news/secadv/20230207.txt
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Ned Deily <nad@python.org>
gh-97612: Fix shell injection in get-remote-certificate.py (GH-97613)
Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no longer uses a
shell to run "openssl" commands. Issue reported and initial fix by
Caleb Shortt.
Remove the Windows code path to send "quit" on stdin to the "openssl
s_client" command: use DEVNULL on all platforms instead.
Co-authored-by: Caleb Shortt <caleb@rgauge.com>
(cherry picked from commit 83a0f44ffd8b398673ae56c310cf5768d359c341)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
(cherry picked from commit d36954b7ead06daead3dcf9b0dd9f8002eab508f)
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Argument Clinic now generates the same efficient code as before
adding the defining_class parameter.
(cherry picked from commit a055dac0b45031878a8196a8735522de018491e3)
* fix the comparison of character and integer by using ord()
* 📜🤖 Added by blurb_it.
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
(cherry picked from commit 9300b6d72948b94c0924a75ea14c6298156522d0)
Co-authored-by: Yu Liu <yuki.liu@utexas.edu>
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>.
Co-authored-by: Christian Heimes <christian@python.org>.
Co-authored-by: Christian Heimes <christian@python.org>
Disable compiler optimization within test_peg_generator.
This speed up test_peg_generator by always disabling compiler
optimizations by using -O0 or equivalent when the test is building its
own C extensions.
A build not using --with-pydebug in order to speed up test execution
winds up with this test taking a very long time as it would do
repeated compilation of parser C code using the same optimization
flags as CPython was built with.
This speeds the test up 6-8x on gps-raspbian.
Also incorporate's GH-31017's win32 conditional and flags.
Co-authored-by: Kumar Aditya kumaraditya303.
(cherry picked from commit 164a017e13ee96bd1ea1ae79f5ac9e25fe83994e)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit f5ebec4d3e1199ec38b88920cfde8e460e5120dd)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Automerge-Triggered-By: GH:gpshead
"make regen-all" now produces the same output when run from a
directory other than the source tree: when building Python out of the
source tree.
(cherry picked from commit 253b7a0a9fef1d72a4cb87b837885576e68e917c)
(cherry picked from commit b6defde2afe656db830d6fedf74ca5f6225f5928)
There are two errors that this commit fixes:
* The parser was not correctly computing the offset and the string
source for E_LINECONT errors due to the incorrect usage of strtok().
* The parser was not correctly unwinding the call stack when a tokenizer
exception happened in rules involving optionals ('?', [...]) as we
always make them return valid results by using the comma operator. We
need to check first if we don't have an error before continuing..
(cherry picked from commit a106343f632a99c8ebb0136fa140cf189b4a6a57)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
NOTE: unlike the cherry-picked original, this commit points at a crazy location
due to a bug in the tokenizer that required a big refactor in 3.10 to fix.
We are leaving as-is for 3.9.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit cc7c6801945c6a7373553b78bd899ce09681ec0a)
Co-authored-by: Christian Heimes <christian@python.org>
This was missed while upgrading CI..
(cherry picked from commit d6cb5dd9e19210f5963ff8beadde7ca2fda71574)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Also use new make target to install FIPS provider..
(cherry picked from commit e8525567dd325527e00b3c4ce7c4ce31ff3f1a8c)
Co-authored-by: Christian Heimes <christian@python.org>
The patch from [bpo-44074]() does not account for a possibly non-English locale and blindly greps for "HEAD branch" in a possibly localized text.
Automerge-Triggered-By: GH:pitrou
(cherry picked from commit 1aa3530314d339725519f4ad95b7dea4b00b657e)
Co-authored-by: Antoine Pitrou <antoine@python.org>
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 3c586ca500854476e6eff06713236faff233d035)
Co-authored-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: GH:tiran
(cherry picked from commit e35dd556e1adb4fc8b83e5b75ac59e428a8b5460)
Co-authored-by: Steve Dower <steve.dower@python.org>
Co-authored-by: Steve Dower <steve.dower@python.org>
Signed-off-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: GH:tiran.
(cherry picked from commit a54fc683f237d8f0b6e999a63aa9b8c0a45b7fef)
Co-authored-by: Christian Heimes <christian@python.org>
On Fedora 31 gdb is using python 3.7.9, calling `proxyval` on an instance with a dictionary fails because of the `dict.iteritems` usage. This PR changes the code to be compatible with py2 and py3.
This changed seemed small enough to not need an issue and news blurb, if one is required please let me know.
Automerge-Triggered-By: GH:benjaminp
(cherry picked from commit b57ada98da0d5b0cf1ebc2c9c5502d04aa962042)
Co-authored-by: Augusto Hack <hack.augusto@gmail.com>
* Tkinter functions and constructors which need a default root window
raise now RuntimeError with descriptive message instead of obscure
AttributeError or NameError if it is not created yet or cannot
be created automatically.
* Add tests for all functions which use default root window.
* Fix import in the pynche script.
(cherry picked from commit 3d569fd6dccf9f582bafaca04d3535094cae393e)
Fix freeze.py tool to use the prope config and library directories.
(cherry picked from commit 1c653f17cb84d81df3a74ab0b42140d2bb68c5c4)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
Fix a race condition in "make regen-all" when make -jN option is used
to run jobs in parallel. The clinic.py script now only use atomic
write to write files. Moveover, generated files are now left
unchanged if the content does not change, to not change the file
modification time.
The "make regen-all" command runs "make clinic" and "make
regen-importlib" targets:
* "make regen-importlib" builds object files (ex: Modules/_weakref.o)
from source files (ex: Modules/_weakref.c) and clinic files (ex:
Modules/clinic/_weakref.c.h)
* "make clinic" always rewrites all clinic files
(ex: Modules/clinic/_weakref.c.h)
Since there is no dependency between "clinic" and "regen-importlib"
Makefile targets, these two targets can be run in parallel. Moreover,
half of clinic.py file writes are not atomic and so there is a race
condition when "make regen-all" runs jobs in parallel using make -jN
option (which can be passed in MAKEFLAGS environment variable).
Fix clinic.py to make all file writes atomic:
* Add write_file() function to ensure that all file writes are
atomic: write into a temporary file and then use os.replace().
* Moreover, write_file() doesn't recreate or modify the file if the
content does not change to avoid modifying the file modification
file.
* Update test_clinic to verify these assertions with a functional
test.
* Remove Clinic.force attribute which was no longer used, whereas
Clinic.verify remains useful.
(cherry picked from commit 8fba9523cf08029dc2e280d9f48fdd57ab178c9d)
Left-recursive rules need to check for errors explicitly, since
even if the rule returns NULL, the parsing might continue and lead
to long-distance failures.
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
(cherry picked from commit 02cdfc93f82fecdb7eae97a868d4ee222b9875d9)
Automerge-Triggered-By: GH:lysnikolaou
* Implement running the parser a second time for the errors messages
The first parser run is only responsible for detecting whether
there is a `SyntaxError` or not. If there isn't the AST gets returned.
Otherwise, the parser is run a second time with all the `invalid_*`
rules enabled so that all the customized error messages get produced.
(cherry picked from commit bca701403253379409dece03053dbd739c0bd059)
