Merge branch 'main' into fix/evil/unicode-error-str-128974

picnixz · Mar 1, 2025 · 4b77349 · 4b77349
2 parents 7a37326 + 75f38af
commit 4b77349
Show file tree

Hide file tree

Showing 658 changed files with 22,854 additions and 12,821 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -106,6 +106,7 @@ Objects/exceptions.c          @iritkatriel
 
 # Hashing & cryptographic primitives
 **/*hashlib*                  @gpshead @tiran @picnixz
+**/*hashopenssl*              @gpshead @tiran @picnixz
 **/*pyhash*                   @gpshead @tiran
 **/sha*                       @gpshead @tiran @picnixz
 Modules/md5*                  @gpshead @tiran @picnixz

diff --git a/.github/workflows/add-issue-header.yml b/.github/workflows/add-issue-header.yml
@@ -18,6 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       issues: write
+    timeout-minutes: 5
     steps:
       - uses: actions/github-script@v7
         with:

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -43,7 +43,7 @@ jobs:
     if: fromJSON(needs.build-context.outputs.run-docs)
     uses: ./.github/workflows/reusable-docs.yml
 
-  check_autoconf_regen:
+  check-autoconf-regen:
     name: 'Check if Autoconf files are up to date'
     # Don't use ubuntu-latest but a specific version to make the job
     # reproducible: to get the same tools versions (autoconf, aclocal, ...)
@@ -62,8 +62,6 @@ jobs:
         with:
           fetch-depth: 1
           persist-credentials: false
-      - name: Runner image version
-        run: echo "IMAGE_VERSION=${ImageVersion}" >> "$GITHUB_ENV"
       - name: Check Autoconf and aclocal versions
         run: |
           grep "Generated by GNU Autoconf 2.72" configure
@@ -88,7 +86,7 @@ jobs:
             exit 1
           fi
 
-  check_generated_files:
+  check-generated-files:
     name: 'Check if generated files are up to date'
     # Don't use ubuntu-latest but a specific version to make the job
     # reproducible: to get the same tools versions (autoconf, aclocal, ...)
@@ -104,14 +102,14 @@ jobs:
         with:
           python-version: '3.x'
       - name: Runner image version
-        run: echo "IMAGE_VERSION=${ImageVersion}" >> "$GITHUB_ENV"
+        run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
       - name: Restore config.cache
         uses: actions/cache@v4
         with:
           path: config.cache
           # Include env.pythonLocation in key to avoid changes in environment when setup-python updates Python
-          key: ${{ github.job }}-${{ runner.os }}-${{ env.IMAGE_VERSION }}-${{ needs.build-context.outputs.config-hash }}-${{ env.pythonLocation }}
-      - name: Install Dependencies
+          key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }}-${{ env.pythonLocation }}
+      - name: Install dependencies
         run: sudo ./.github/workflows/posix-deps-apt.sh
       - name: Add ccache to PATH
         run: echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV"
@@ -149,12 +147,12 @@ jobs:
         if: github.event_name == 'pull_request'  # $GITHUB_EVENT_NAME
         run: make check-c-globals
 
-  build_windows:
+  build-windows:
     name: >-
       Windows
       ${{ fromJSON(matrix.free-threading) && '(free-threading)' || '' }}
     needs: build-context
-    if: fromJSON(needs.build-context.outputs.run-tests)
+    if: fromJSON(needs.build-context.outputs.run-windows-tests)
     strategy:
       fail-fast: false
       matrix:
@@ -181,12 +179,13 @@ jobs:
       arch: ${{ matrix.arch }}
       free-threading: ${{ matrix.free-threading }}
 
-  build_windows_msi:
+  build-windows-msi:
     name: >-  # ${{ '' } is a hack to nest jobs under the same sidebar category
       Windows MSI${{ '' }}
     needs: build-context
     if: fromJSON(needs.build-context.outputs.run-windows-msi)
     strategy:
+      fail-fast: false
       matrix:
         arch:
         - x86
@@ -196,7 +195,7 @@ jobs:
     with:
       arch: ${{ matrix.arch }}
 
-  build_macos:
+  build-macos:
     name: >-
       macOS
       ${{ fromJSON(matrix.free-threading) && '(free-threading)' || '' }}
@@ -230,14 +229,15 @@ jobs:
       free-threading: ${{ matrix.free-threading }}
       os: ${{ matrix.os }}
 
-  build_ubuntu:
+  build-ubuntu:
     name: >-
       Ubuntu
       ${{ fromJSON(matrix.free-threading) && '(free-threading)' || '' }}
       ${{ fromJSON(matrix.bolt) && '(bolt)' || '' }}
     needs: build-context
     if: needs.build-context.outputs.run-tests == 'true'
     strategy:
+      fail-fast: false
       matrix:
         bolt:
         - false
@@ -247,13 +247,13 @@ jobs:
         - true
         os:
         - ubuntu-24.04
-        - ubuntu-22.04-arm
+        - ubuntu-24.04-arm
         exclude:
         # Do not test BOLT with free-threading, to conserve resources
         - bolt: true
           free-threading: true
         # BOLT currently crashes during instrumentation on aarch64
-        - os: ubuntu-22.04-arm
+        - os: ubuntu-24.04-arm
           bolt: true
     uses: ./.github/workflows/reusable-ubuntu.yml
     with:
@@ -262,7 +262,7 @@ jobs:
       free-threading: ${{ matrix.free-threading }}
       os: ${{ matrix.os }}
 
-  build_ubuntu_ssltests:
+  build-ubuntu-ssltests:
     name: 'Ubuntu SSL tests with OpenSSL'
     runs-on: ${{ matrix.os }}
     timeout-minutes: 60
@@ -284,15 +284,15 @@ jobs:
       with:
         persist-credentials: false
     - name: Runner image version
-      run: echo "IMAGE_VERSION=${ImageVersion}" >> "$GITHUB_ENV"
+      run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
     - name: Restore config.cache
       uses: actions/cache@v4
       with:
         path: config.cache
-        key: ${{ github.job }}-${{ runner.os }}-${{ env.IMAGE_VERSION }}-${{ needs.build-context.outputs.config-hash }}
+        key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }}
     - name: Register gcc problem matcher
       run: echo "::add-matcher::.github/problem-matchers/gcc.json"
-    - name: Install Dependencies
+    - name: Install dependencies
       run: sudo ./.github/workflows/posix-deps-apt.sh
     - name: Configure OpenSSL env vars
       run: |
@@ -324,15 +324,15 @@ jobs:
     - name: SSL tests
       run: ./python Lib/test/ssltests.py
 
-  build_wasi:
+  build-wasi:
     name: 'WASI'
     needs: build-context
     if: needs.build-context.outputs.run-tests == 'true'
     uses: ./.github/workflows/reusable-wasi.yml
     with:
       config_hash: ${{ needs.build-context.outputs.config-hash }}
 
-  test_hypothesis:
+  test-hypothesis:
     name: "Hypothesis tests on Ubuntu"
     runs-on: ubuntu-24.04
     timeout-minutes: 60
@@ -347,7 +347,7 @@ jobs:
         persist-credentials: false
     - name: Register gcc problem matcher
       run: echo "::add-matcher::.github/problem-matchers/gcc.json"
-    - name: Install Dependencies
+    - name: Install dependencies
       run: sudo ./.github/workflows/posix-deps-apt.sh
     - name: Configure OpenSSL env vars
       run: |
@@ -379,12 +379,12 @@ jobs:
     - name: Bind mount sources read-only
       run: sudo mount --bind -o ro "$GITHUB_WORKSPACE" "$CPYTHON_RO_SRCDIR"
     - name: Runner image version
-      run: echo "IMAGE_VERSION=${ImageVersion}" >> "$GITHUB_ENV"
+      run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
     - name: Restore config.cache
       uses: actions/cache@v4
       with:
         path: ${{ env.CPYTHON_BUILDDIR }}/config.cache
-        key: ${{ github.job }}-${{ runner.os }}-${{ env.IMAGE_VERSION }}-${{ needs.build-context.outputs.config-hash }}
+        key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }}
     - name: Configure CPython out-of-tree
       working-directory: ${{ env.CPYTHON_BUILDDIR }}
       run: |
@@ -447,14 +447,14 @@ jobs:
         name: hypothesis-example-db
         path: ${{ env.CPYTHON_BUILDDIR }}/.hypothesis/examples/
 
-
-  build_asan:
+  build-asan:
     name: 'Address sanitizer'
     runs-on: ${{ matrix.os }}
     timeout-minutes: 60
     needs: build-context
     if: needs.build-context.outputs.run-tests == 'true'
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-24.04]
     env:
@@ -466,15 +466,15 @@ jobs:
       with:
         persist-credentials: false
     - name: Runner image version
-      run: echo "IMAGE_VERSION=${ImageVersion}" >> "$GITHUB_ENV"
+      run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
     - name: Restore config.cache
       uses: actions/cache@v4
       with:
         path: config.cache
-        key: ${{ github.job }}-${{ runner.os }}-${{ env.IMAGE_VERSION }}-${{ needs.build-context.outputs.config-hash }}
+        key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }}
     - name: Register gcc problem matcher
       run: echo "::add-matcher::.github/problem-matchers/gcc.json"
-    - name: Install Dependencies
+    - name: Install dependencies
       run: sudo ./.github/workflows/posix-deps-apt.sh
     - name: Set up GCC-10 for ASAN
       uses: egor-tensin/setup-gcc@v1
@@ -511,13 +511,14 @@ jobs:
     - name: Tests
       run: xvfb-run make ci
 
-  build_tsan:
+  build-tsan:
     name: >-
       Thread sanitizer
       ${{ fromJSON(matrix.free-threading) && '(free-threading)' || '' }}
     needs: build-context
     if: needs.build-context.outputs.run-tests == 'true'
     strategy:
+      fail-fast: false
       matrix:
         free-threading:
         - false
@@ -530,26 +531,27 @@ jobs:
   cross-build-linux:
     name: Cross build Linux
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     needs: build-context
     if: needs.build-context.outputs.run-tests == 'true'
     steps:
       - uses: actions/checkout@v4
         with:
           persist-credentials: false
       - name: Runner image version
-        run: echo "IMAGE_VERSION=${ImageVersion}" >> "$GITHUB_ENV"
+        run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
       - name: Restore config.cache
         uses: actions/cache@v4
         with:
           path: config.cache
-          key: ${{ github.job }}-${{ runner.os }}-${{ env.IMAGE_VERSION }}-${{ needs.build-context.outputs.config-hash }}
+          key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }}
       - name: Register gcc problem matcher
         run: echo "::add-matcher::.github/problem-matchers/gcc.json"
       - name: Set build dir
         run:
           # an absolute path outside of the working directoy
           echo "BUILD_DIR=$(realpath ${{ github.workspace }}/../build)" >> "$GITHUB_ENV"
-      - name: Install Dependencies
+      - name: Install dependencies
         run: sudo ./.github/workflows/posix-deps-apt.sh
       - name: Configure host build
         run: ./configure --prefix="$BUILD_DIR/host-python"
@@ -594,8 +596,8 @@ jobs:
           output-sarif: true
           sanitizer: ${{ matrix.sanitizer }}
       - name: Upload crash
-        uses: actions/upload-artifact@v4
         if: failure() && steps.build.outcome == 'success'
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.sanitizer }}-artifacts
           path: ./out/artifacts
@@ -608,35 +610,35 @@ jobs:
 
   all-required-green:  # This job does nothing and is only used for the branch protection
     name: All required checks pass
-    if: always()
-
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
     needs:
     - build-context  # Transitive dependency, needed to access `run-tests` value
     - check-docs
-    - check_autoconf_regen
-    - check_generated_files
-    - build_macos
-    - build_ubuntu
-    - build_ubuntu_ssltests
-    - build_wasi
-    - build_windows
-    - build_windows_msi
-    - test_hypothesis
-    - build_asan
-    - build_tsan
+    - check-autoconf-regen
+    - check-generated-files
+    - build-windows
+    - build-windows-msi
+    - build-macos
+    - build-ubuntu
+    - build-ubuntu-ssltests
+    - build-wasi
+    - test-hypothesis
+    - build-asan
+    - build-tsan
+    - cross-build-linux
     - cifuzz
-
-    runs-on: ubuntu-latest
+    if: always()
 
     steps:
     - name: Check whether the needed jobs succeeded or failed
       uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
       with:
         allowed-failures: >-
-          build_ubuntu_ssltests,
-          build_windows_msi,
+          build-windows-msi,
+          build-ubuntu-ssltests,
+          test-hypothesis,
           cifuzz,
-          test_hypothesis,
         allowed-skips: >-
           ${{
             !fromJSON(needs.build-context.outputs.run-docs)
@@ -648,16 +650,23 @@ jobs:
           ${{
             needs.build-context.outputs.run-tests != 'true'
             && '
-            check_autoconf_regen,
-            check_generated_files,
-            build_macos,
-            build_ubuntu,
-            build_ubuntu_ssltests,
-            build_wasi,
-            build_windows,
-            build_asan,
-            build_tsan,
-            test_hypothesis,
+            check-autoconf-regen,
+            check-generated-files,
+            build-macos,
+            build-ubuntu,
+            build-ubuntu-ssltests,
+            build-wasi,
+            test-hypothesis,
+            build-asan,
+            build-tsan,
+            cross-build-linux,
+            '
+            || ''
+          }}
+          ${{
+            !fromJSON(needs.build-context.outputs.run-windows-tests)
+            && '
+            build-windows,
             '
             || ''
           }}

diff --git a/.github/workflows/documentation-links.yml b/.github/workflows/documentation-links.yml
@@ -19,6 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
+    timeout-minutes: 5
 
     steps:
       - uses: readthedocs/actions/preview@v1