diff --git a/graalpython/com.oracle.graal.python.bouncycastle/src/com/oracle/graal/python/bouncycastle/BouncyCastleFeature.java b/graalpython/com.oracle.graal.python.bouncycastle/src/com/oracle/graal/python/bouncycastle/BouncyCastleFeature.java index e659675a35..eeba6d3295 100644 --- a/graalpython/com.oracle.graal.python.bouncycastle/src/com/oracle/graal/python/bouncycastle/BouncyCastleFeature.java +++ b/graalpython/com.oracle.graal.python.bouncycastle/src/com/oracle/graal/python/bouncycastle/BouncyCastleFeature.java @@ -43,17 +43,15 @@ import java.security.Security; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.graalvm.nativeimage.ImageSingletons; import org.graalvm.nativeimage.hosted.Feature; -import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport; +import org.graalvm.nativeimage.hosted.RuntimeClassInitialization; public final class BouncyCastleFeature implements Feature { @Override public void afterRegistration(AfterRegistrationAccess access) { - RuntimeClassInitializationSupport support = ImageSingletons.lookup(RuntimeClassInitializationSupport.class); - support.initializeAtBuildTime("org.bouncycastle", "security provider"); - support.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$Default", "RNG"); - support.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV", "RNG"); + RuntimeClassInitialization.initializeAtBuildTime("org.bouncycastle"); + RuntimeClassInitialization.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$Default"); + RuntimeClassInitialization.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV"); if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } diff --git a/graalpython/com.oracle.graal.python.pegparser.generator/CMakeLists.txt b/graalpython/com.oracle.graal.python.pegparser.generator/CMakeLists.txt index c029f65407..d2e122430c 100644 --- a/graalpython/com.oracle.graal.python.pegparser.generator/CMakeLists.txt +++ b/graalpython/com.oracle.graal.python.pegparser.generator/CMakeLists.txt @@ -34,12 +34,12 @@ set(ASDL_STAMP "Python.asdl.stamp") add_custom_command( OUTPUT "${PARSER_TARGET}" - COMMAND ${PYTHON_EXE} "${CMAKE_CURRENT_LIST_DIR}/main_parser_gen.py" "${GRAMMAR}" "${TOKENS}" "${PARSER_TARGET}" + COMMAND "${PYTHON_EXE}" "${CMAKE_CURRENT_LIST_DIR}/main_parser_gen.py" "${GRAMMAR}" "${TOKENS}" "${PARSER_TARGET}" DEPENDS "${CMAKE_CURRENT_LIST_DIR}/main_parser_gen.py" "${GRAMMAR}" "${TOKENS}" ${PEGEN_FILES} ${PEGJAVA_FILES}) add_custom_command( OUTPUT "${ASDL_STAMP}" - COMMAND ${PYTHON_EXE} "${CMAKE_CURRENT_LIST_DIR}/main_asdl_gen.py" "${ASDL}" --sst-path "${PEGPARSER_SRC_PATH}" --ast-path "${GRAALPY_SRC_PATH}" --stamp "${ASDL_STAMP}" + COMMAND "${PYTHON_EXE}" "${CMAKE_CURRENT_LIST_DIR}/main_asdl_gen.py" "${ASDL}" --sst-path "${PEGPARSER_SRC_PATH}" --ast-path "${GRAALPY_SRC_PATH}" --stamp "${ASDL_STAMP}" DEPENDS "${CMAKE_CURRENT_LIST_DIR}/main_asdl_gen.py" "${ASDL}" ${ASDL_FILES}) add_custom_target( diff --git a/graalpython/com.oracle.graal.python.test/src/tests/cpyext/test_memoryview_fromobject_error.py b/graalpython/com.oracle.graal.python.test/src/tests/cpyext/test_memoryview_fromobject_error.py index 37edab4d09..dc0c60157a 100644 --- a/graalpython/com.oracle.graal.python.test/src/tests/cpyext/test_memoryview_fromobject_error.py +++ b/graalpython/com.oracle.graal.python.test/src/tests/cpyext/test_memoryview_fromobject_error.py @@ -69,70 +69,6 @@ def assert_script_succeeds(self, script): ) self.assertEqual(process.returncode, 0, process.stdout + process.stderr) - def test_failing_getbuffer_does_not_leak_py_buffer(self): - self.assert_script_succeeds(r""" - import gc - - import __graalpython__ - from tests.cpyext import CPyExtType - - TestType = CPyExtType( - "TestMemoryViewFailingGetBuffer", - r''' - PyAPI_FUNC(PyObject *) GraalPyPrivate_MemoryViewFromObject(PyObject *v, int flags); - - // Advertise buffer support but fail every acquisition attempt. - static int getbuffer(TestMemoryViewFailingGetBufferObject *self, Py_buffer *view, int flags) { - PyErr_SetString(PyExc_BufferError, "buffer export denied"); - return -1; - } - - static PyBufferProcs as_buffer = { - (getbufferproc)getbuffer, - 0, - }; - - // Keep the repeat loop in C so RSS reflects this native helper path, - // not Python-level memoryview or runtime overhead. - static PyObject* repeat_failing_memoryview_fromobject(PyObject* self, PyObject* args) { - Py_ssize_t count; - if (!PyArg_ParseTuple(args, "n", &count)) { - return NULL; - } - for (Py_ssize_t i = 0; i < count; i++) { - PyObject *mv = GraalPyPrivate_MemoryViewFromObject(self, PyBUF_FULL_RO); - if (mv != NULL) { - Py_DECREF(mv); - PyErr_SetString(PyExc_AssertionError, "GraalPyPrivate_MemoryViewFromObject unexpectedly succeeded"); - return NULL; - } - if (!PyErr_ExceptionMatches(PyExc_BufferError)) { - return NULL; - } - PyErr_Clear(); - } - Py_RETURN_NONE; - } - ''', - tp_as_buffer='&as_buffer', - tp_methods='{"repeat_failing_memoryview_fromobject", repeat_failing_memoryview_fromobject, METH_VARARGS, ""}', - ) - - obj = TestType() - # Warm up CPyExtType compilation and one-time runtime allocations before measuring RSS. - obj.repeat_failing_memoryview_fromobject(1_000_000) - gc.collect() - baseline = __graalpython__.get_current_rss() - - # A leaked Py_buffer is small, so use enough failed calls to make the leak visible in RSS. - obj.repeat_failing_memoryview_fromobject(150_000) - gc.collect() - growth = __graalpython__.get_current_rss() - baseline - - if growth >= 10: - raise AssertionError(f"RSS grew by {growth} MiB after failed getbuffer calls") - """) - def test_construction_failure_releases_acquired_buffer(self): self.assert_script_succeeds(r""" from tests.cpyext import CPyExtType diff --git a/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py b/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py index 47b3a22306..9432922a45 100644 --- a/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py +++ b/graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py @@ -45,6 +45,8 @@ import threading import unittest +from tests.util import skip_if_sandboxed + @unittest.skipUnless(sys.implementation.name == "graalpy" and sys.platform.startswith("linux"), "Linux GraalPy-specific test") class EntropySubprocessTests(unittest.TestCase): @@ -277,6 +279,7 @@ def test_pyexpat_parsercreate_does_not_use_additional_initrandom(self): "xmlparser", ) + @skip_if_sandboxed("Needs native extension support for sqlite3 in sandboxed runs") def test_sqlite3_import_does_not_use_additional_initrandom(self): self.assert_initrandom_bytes_used( self.HASH_SECRET_BYTES, @@ -284,6 +287,7 @@ def test_sqlite3_import_does_not_use_additional_initrandom(self): "_sqlite3", ) + @skip_if_sandboxed("Needs native extension support for sqlite3 in sandboxed runs") def test_sqlite3_randomblob_does_not_use_initrandom(self): self.assert_initrandom_bytes_used( self.HASH_SECRET_BYTES, diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java index 9d52fc10f1..8c4e666d65 100644 --- a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java +++ b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java @@ -414,7 +414,7 @@ private static MessageDigest createDigest(String name, byte[] bytes, int bytesLe } private static boolean isBouncyCastleDigest(String name) { - return name.startsWith("BLAKE2B-") || name.startsWith("BLAKE2S-"); + return name.startsWith("BLAKE2B-") || name.startsWith("BLAKE2S-") || name.equals("SHAKE128") || name.equals("SHAKE256"); } }