Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a destructor for the CRL object #690

Merged
merged 1 commit into from Sep 8, 2017
Merged

Conversation

@jeremycline
Copy link
Contributor

@jeremycline jeremycline commented Sep 7, 2017

This frees the memory allocated for the CRL object. Prior to this
commit, the following script would leak memory:

from OpenSSL.crypto import load_crl, FILETYPE_PEM

crl = """
-----BEGIN X509 CRL-----
MIIBfDCB5jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
Ak5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEP
MA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1z
ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcXDTE3MDYx
NTIxMDMwOFoXDTM3MDYxMDIxMDMwOFowFDASAgECFw0xMjA3MTUyMTE4NTJaMA0G
CSqGSIb3DQEBCwUAA4GBAGOBuDxmRFNcYP71LBsCOfFzKij00qpxM01d5/G6+0kM
WJT8oTajMQoY6oISvQDq6TkwEoKc1yl6Ld1/XTtCNOhbybzRBAVf/Lxi/nRPP1JO
qOdZs5jMLLQq1mRJz+MgKHHTDlnvpbjHMuyTss1RblFDr4iZPHMcBNKPGIj3pmpA
-----END X509 CRL-----
"""

for _ in range(0, 1000000):
    load_crl(FILETYPE_PEM, crl)

I'm happy to write tests for this change, but I didn't see any existing tests to model my tests from so any pointers would be most welcome. I did see the memoryleak directory, but it I wasn't sure if that's being used/maintained as it didn't work with Python 3.

Signed-off-by: Jeremy Cline jeremy@jcline.org

This frees the memory allocated for the CRL object. Prior to this
commit, the following script would leak memory:

```
from OpenSSL.crypto import load_crl, FILETYPE_PEM

crl = """
-----BEGIN X509 CRL-----
MIIBfDCB5jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
Ak5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEP
MA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1z
ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcXDTE3MDYx
NTIxMDMwOFoXDTM3MDYxMDIxMDMwOFowFDASAgECFw0xMjA3MTUyMTE4NTJaMA0G
CSqGSIb3DQEBCwUAA4GBAGOBuDxmRFNcYP71LBsCOfFzKij00qpxM01d5/G6+0kM
WJT8oTajMQoY6oISvQDq6TkwEoKc1yl6Ld1/XTtCNOhbybzRBAVf/Lxi/nRPP1JO
qOdZs5jMLLQq1mRJz+MgKHHTDlnvpbjHMuyTss1RblFDr4iZPHMcBNKPGIj3pmpA
-----END X509 CRL-----
"""

for _ in range(0, 1000000):
    load_crl(FILETYPE_PEM, crl)
```

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
@alex
Copy link
Member

@alex alex commented Sep 7, 2017

Nice catch!

@hynek / @reaperhulk: Does pyOpenSSL have a framework for writing memory leak tests like cryptography does, or is it cool to just merge this as is?

@codecov
Copy link

@codecov codecov bot commented Sep 7, 2017

Codecov Report

Merging #690 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #690   +/-   ##
=======================================
  Coverage   97.01%   97.01%           
=======================================
  Files          16       16           
  Lines        5630     5630           
  Branches      391      391           
=======================================
  Hits         5462     5462           
  Misses        112      112           
  Partials       56       56
Impacted Files Coverage Δ
src/OpenSSL/crypto.py 96.8% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 332848f...ad7fff8. Read the comment docs.

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Sep 8, 2017

@alex
alex approved these changes Sep 8, 2017
@alex alex merged commit 9e15eca into pyca:master Sep 8, 2017
3 checks passed
3 checks passed
codecov/patch 100% of diff hit (target 97.01%)
Details
codecov/project 97.01% (+0%) compared to 332848f
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@jeremycline jeremycline deleted the jeremycline:free-crl branch Sep 8, 2017
bors-fusion bot added a commit to fusionapp/entropy that referenced this pull request Oct 2, 2017
Merge #155
155: Scheduled weekly dependency update for week 40 r=mithrandi




## Updates
Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.
<table align="center">

<tr>
<td><b>asn1crypto</b></td>
<td align="center">0.22.0</td>
<td align="center">&raquo;</td>
<td align="center">0.23.0</td>
<td>
     <a href="https://pypi.python.org/pypi/asn1crypto">PyPI</a> | <a href="https://pyup.io/changelogs/asn1crypto/">Changelog</a> | <a href="https://github.com/wbond/asn1crypto/issues">Repo</a> 

</td>

<tr>
<td><b>cffi</b></td>
<td align="center">1.10.0</td>
<td align="center">&raquo;</td>
<td align="center">1.11.0</td>
<td>
     <a href="https://pypi.python.org/pypi/cffi">PyPI</a> | <a href="https://pyup.io/changelogs/cffi/">Changelog</a> | <a href="http://cffi.readthedocs.org">Docs</a> 

</td>

<tr>
<td><b>lxml</b></td>
<td align="center">3.8.0</td>
<td align="center">&raquo;</td>
<td align="center">4.0.0</td>
<td>
     <a href="https://pypi.python.org/pypi/lxml">PyPI</a> | <a href="https://pyup.io/changelogs/lxml/">Changelog</a> | <a href="http://lxml.de/">Homepage</a> | <a href="https://bugs.launchpad.net/lxml">Bugtracker</a> 

</td>

<tr>
<td><b>pyasn1-modules</b></td>
<td align="center">0.1.1</td>
<td align="center">&raquo;</td>
<td align="center">0.1.4</td>
<td>
     <a href="https://pypi.python.org/pypi/pyasn1-modules">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1-modules/">Changelog</a> | <a href="https://github.com/etingof/pyasn1-modules">Repo</a> 

</td>

<tr>
<td><b>pyasn1</b></td>
<td align="center">0.3.3</td>
<td align="center">&raquo;</td>
<td align="center">0.3.6</td>
<td>
     <a href="https://pypi.python.org/pypi/pyasn1">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1/">Changelog</a> | <a href="https://github.com/etingof/pyasn1">Repo</a> 

</td>

<tr>
<td><b>pyopenssl</b></td>
<td align="center">17.2.0</td>
<td align="center">&raquo;</td>
<td align="center">17.3.0</td>
<td>
     <a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a> 

</td>

<tr>
<td><b>six</b></td>
<td align="center">1.10.0</td>
<td align="center">&raquo;</td>
<td align="center">1.11.0</td>
<td>
     <a href="https://pypi.python.org/pypi/six">PyPI</a> | <a href="https://pyup.io/changelogs/six/">Changelog</a> | <a href="http://pypi.python.org/pypi/six/">Homepage</a> | <a href="http://pythonhosted.org/six/">Docs</a> 

</td>

<tr>
<td><b>twisted[conch,tls]</b></td>
<td align="center">17.5.0</td>
<td align="center">&raquo;</td>
<td align="center">17.9.0</td>
<td>
     <a href="https://pypi.python.org/pypi/twisted">PyPI</a> | <a href="https://pyup.io/changelogs/twisted/">Changelog</a> | <a href="http://twistedmatrix.com/">Homepage</a> | <a href="https://twistedmatrix.com/trac/">Bugtracker</a> 

</td>

<tr>
<td><b>zope.interface</b></td>
<td align="center">4.4.2</td>
<td align="center">&raquo;</td>
<td align="center">4.4.3</td>
<td>
     <a href="https://pypi.python.org/pypi/zope.interface">PyPI</a> | <a href="https://pyup.io/changelogs/zope.interface/">Changelog</a> | <a href="https://github.com/zopefoundation/zope.interface">Repo</a> 

</td>

</tr>
</table>



## Changelogs


### asn1crypto 0.22.0 -> 0.23.0

>### 0.23.0


> - Backwards compatibility break: the `tag_type`, `explicit_tag` and
>   `explicit_class` attributes on `core.Asn1Value` no longer exist and were
>   replaced by the `implicit` and `explicit` attributes. Field param dicts
>   may use the new `explicit` and `implicit` keys, or the old `tag_type` and
>   `tag` keys. The attribute changes will likely to have little to no impact
>   since they were primarily an implementation detail.
> - Teletex strings used inside of X.509 certificates are now interpreted
>   using Windows-1252 (a superset of ISO-8859-1). This enables compatibility
>   with certificates generated by OpenSSL. Strict parsing of Teletex strings
>   can be retained by using the `x509.strict_teletex()` context manager.
> - Added support for nested explicit tagging, supporting values that are
>   defined with explicit tagging and then added as a field of another
>   structure using explicit tagging.
> - Fixed a `UnicodeDecodeError` when trying to find the (optional) dependency
>   OpenSSL on Python 2
> - Fixed `next_update` field of `crl.TbsCertList` to be optional
> - Added the `x509.Certificate.sha256_fingerprint` property
> - `x509.Certificate.ocsp_urls` and `x509.DistributionPoint.url` will now
>   return `https://`, `ldap://` and `ldaps://` URLs in addition to `http://`.
> - Added CMS Attribute Protection definitions from RFC 6211
> - Added OIDs from RFC 6962







### cffi 1.10.0 -> 1.11.0

>### 1.11

>=====

>* Support the modern standard types ``char16_t`` and ``char32_t``.
>  These work like ``wchar_t``: they represent one unicode character, or
>  when used as ``charN_t *`` or ``charN_t[]`` they represent a unicode
>  string.  The difference with ``wchar_t`` is that they have a known,
>  fixed size.  They should work at all places that used to work with
>  ``wchar_t`` (please report an issue if I missed something).  Note
>  that with ``set_source()``, you need to make sure that these types are
>  actually defined by the C source you provide (if used in ``cdef()``).

>* Support the C99 types ``float _Complex`` and ``double _Complex``.
>  Note that libffi doesn&#39;t support them, which means that in the ABI
>  mode you still cannot call C functions that take complex numbers
>  directly as arguments or return type.

>* Fixed a rare race condition when creating multiple ``FFI`` instances
>  from multiple threads.  (Note that you aren&#39;t meant to create many
>  ``FFI`` instances: in inline mode, you should write ``ffi =
>  cffi.FFI()`` at module level just after ``import cffi``; and in
>  out-of-line mode you don&#39;t instantiate ``FFI`` explicitly at all.)

>* Windows: using callbacks can be messy because the CFFI internal error
>  messages show up to stderr---but stderr goes nowhere in many
>  applications.  This makes it particularly hard to get started with the
>  embedding mode.  (Once you get started, you can at least use
>  ``ffi.def_extern(onerror=...)`` and send the error logs where it
>  makes sense for your application, or record them in log files, and so
>  on.)  So what is new in CFFI is that now, on Windows CFFI will try to
>  open a non-modal MessageBox (in addition to sending raw messages to
>  stderr).  The MessageBox is only visible if the process stays alive:
>  typically, console applications that crash close immediately, but that
>  is also the situation where stderr should be visible anyway.

>* Progress on support for `callbacks in NetBSD`__.

>* Functions returning booleans would in some case still return 0 or 1
>  instead of False or True.  Fixed.

>* `ffi.gc()`__ now takes an optional third parameter, which gives an
>  estimate of the size (in bytes) of the object.  So far, this is only
>  used by PyPy, to make the next GC occur more quickly (`issue 320`__).
>  In the future, this might have an effect on CPython too (provided
>  the CPython `issue 31105`__ is addressed).

>* Add a note to the documentation: the ABI mode gives function objects
>  that are *slower* to call than the API mode does.  For some reason it
>  is often thought to be faster.  It is not!

>.. __: https://bitbucket.org/cffi/cffi/issues/321/cffi-191-segmentation-fault-during-self
>.. __: ref.htmlffi-gc
>.. __: https://bitbucket.org/cffi/cffi/issues/320/improve-memory_pressure-management
>.. __: http://bugs.python.org/issue31105




>### 1.10.1

>=======







### lxml 3.8.0 -> 4.0.0

>### 4.0.0

>==================

>Features added
>--------------

>* The ElementPath implementation is now compiled using Cython,
>  which speeds up the ``.find*()`` methods quite significantly.

>* The modules ``lxml.builder``, ``lxml.html.diff`` and ``lxml.html.clean``
>  are also compiled using Cython in order to speed them up.

>* ``xmlfile()`` supports async coroutines using ``async with`` and ``await``.

>* ``iterwalk()`` has a new method ``skip_subtree()`` that prevents walking into
>  the descendants of the current element.

>* ``RelaxNG.from_rnc_string()`` accepts a ``base_url`` argument to
>  allow relative resource lookups.

>* The XSLT result object has a new method ``.write_output(file)`` that serialises
>  output data into a file according to the ``&lt;xsl:output&gt;`` configuration.

>Bugs fixed
>----------

>* GH251: HTML comments were handled incorrectly by the soupparser.
>  Patch by mozbugbox.

>* LP1654544: The html5parser no longer passes the ``useChardet`` option
>  if the input is a Unicode string, unless explicitly requested.  When parsing
>  files, the default is to enable it when a URL or file path is passed (because
>  the file is then opened in binary mode), and to disable it when reading from
>  a file(-like) object.

>  Note: This is a backwards incompatible change of the default configuration.
>  If your code parses byte strings/streams and depends on character detection,
>  please pass the option ``guess_charset=True`` explicitly, which already worked
>  in older lxml versions.

>* LP1703810: ``etree.fromstring()`` failed to parse UTF-32 data with BOM.

>* LP1526522: Some RelaxNG errors were not reported in the error log.

>* LP1567526: Empty and plain text input raised a TypeError in soupparser.

>* LP1710429: Uninitialised variable usage in HTML diff.

>* LP1415643: The closing tags context manager in ``xmlfile()`` could continue
>  to output end tags even after writing failed with an exception.

>* LP1465357: ``xmlfile.write()`` now accepts and ignores None as input argument.

>* Compilation under Py3.7-pre failed due to a modified function signature.

>Other changes
>-------------

>* The main module source files were renamed from ``lxml.*.pyx`` to plain
>  ``*.pyx`` (e.g. ``etree.pyx``) to simplify their handling in the build
>  process.  Care was taken to keep the old header files as fallbacks for
>  code that compiles against the public C-API of lxml, but it might still
>  be worth validating that third-party code does not notice this change.








### pyopenssl 17.2.0 -> 17.3.0

>### 17.3.0

>-------------------


>Backward-incompatible changes:
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>- Dropped support for Python 3.3.
>  `677 &lt;https://github.com/pyca/pyopenssl/pull/677&gt;`_
>- Removed the deprecated ``OpenSSL.rand`` module.
>  This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden.
>  ``os.urandom()`` should be used instead.
>  `675 &lt;https://github.com/pyca/pyopenssl/pull/675&gt;`_


>Deprecations:
>^^^^^^^^^^^^^

>- Deprecated ``OpenSSL.tsafe``.
>  `673 &lt;https://github.com/pyca/pyopenssl/pull/673&gt;`_

>Changes:
>^^^^^^^^

>- Fixed a memory leak in ``OpenSSL.crypto.CRL``.
>  `690 &lt;https://github.com/pyca/pyopenssl/pull/690&gt;`_
>- Fixed a memory leak when verifying certificates with ``OpenSSL.crypto.X509StoreContext``.
>  `691 &lt;https://github.com/pyca/pyopenssl/pull/691&gt;`_


>----








### six 1.10.0 -> 1.11.0

>### 1.11.0

>------

>- Pull request 178: `with_metaclass` now properly proxies `__prepare__` to the
>  underlying metaclass.

>- Pull request 191: Allow `with_metaclass` to work with metaclasses implemented
>  in C.

>- Pull request 203: Add parse_http_list and parse_keqv_list to moved
>  urllib.request.

>- Pull request 172 and issue 171: Add unquote_to_bytes to moved urllib.parse.

>- Pull request 167: Add `six.moves.getoutput`.

>- Pull request 80: Add `six.moves.urllib_parse.splitvalue`.

>- Pull request 75: Add `six.moves.email_mime_image`.

>- Pull request 72: Avoid creating reference cycles through tracebacks in
>  `reraise`.







### zope.interface 4.4.2 -> 4.4.3

>### 4.4.3

>------------------

>- Avoid exceptions when the ``__annotations__`` attribute is added to
>  interface definitions with Python 3.x type hints. See `issue 98
>  &lt;https://github.com/zopefoundation/zope.interface/issues/98&gt;`_.
>- Fix the possibility of a rare crash in the C extension when
>  deallocating items. See `issue 100
>  &lt;https://github.com/zopefoundation/zope.interface/issues/100&gt;`_.











That's it for now!

Happy merging! 🤖
bors-fusion bot added a commit to fusionapp/fusion-index that referenced this pull request Oct 2, 2017
Merge #161
161: Scheduled weekly dependency update for week 40 r=mithrandi




## Updates
Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.
<table align="center">

<tr>
<td><b>asn1crypto</b></td>
<td align="center">0.22.0</td>
<td align="center">&raquo;</td>
<td align="center">0.23.0</td>
<td>
     <a href="https://pypi.python.org/pypi/asn1crypto">PyPI</a> | <a href="https://pyup.io/changelogs/asn1crypto/">Changelog</a> | <a href="https://github.com/wbond/asn1crypto/issues">Repo</a> 

</td>

<tr>
<td><b>hypothesis</b></td>
<td align="center">3.23.2</td>
<td align="center">&raquo;</td>
<td align="center">3.31.2</td>
<td>
     <a href="https://pypi.python.org/pypi/hypothesis">PyPI</a> | <a href="https://pyup.io/changelogs/hypothesis/">Changelog</a> | <a href="https://github.com/HypothesisWorks/hypothesis/issues">Repo</a> 

</td>

<tr>
<td><b>pyasn1-modules</b></td>
<td align="center">0.1.1</td>
<td align="center">&raquo;</td>
<td align="center">0.1.4</td>
<td>
     <a href="https://pypi.python.org/pypi/pyasn1-modules">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1-modules/">Changelog</a> | <a href="https://github.com/etingof/pyasn1-modules">Repo</a> 

</td>

<tr>
<td><b>pyasn1</b></td>
<td align="center">0.3.3</td>
<td align="center">&raquo;</td>
<td align="center">0.3.6</td>
<td>
     <a href="https://pypi.python.org/pypi/pyasn1">PyPI</a> | <a href="https://pyup.io/changelogs/pyasn1/">Changelog</a> | <a href="https://github.com/etingof/pyasn1">Repo</a> 

</td>

<tr>
<td><b>pyopenssl</b></td>
<td align="center">17.2.0</td>
<td align="center">&raquo;</td>
<td align="center">17.3.0</td>
<td>
     <a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a> 

</td>

<tr>
<td><b>six</b></td>
<td align="center">1.10.0</td>
<td align="center">&raquo;</td>
<td align="center">1.11.0</td>
<td>
     <a href="https://pypi.python.org/pypi/six">PyPI</a> | <a href="https://pyup.io/changelogs/six/">Changelog</a> | <a href="http://pypi.python.org/pypi/six/">Homepage</a> | <a href="http://pythonhosted.org/six/">Docs</a> 

</td>

<tr>
<td><b>twisted[tls]</b></td>
<td align="center">17.5.0</td>
<td align="center">&raquo;</td>
<td align="center">17.9.0</td>
<td>
     <a href="https://pypi.python.org/pypi/twisted">PyPI</a> | <a href="https://pyup.io/changelogs/twisted/">Changelog</a> | <a href="http://twistedmatrix.com/">Homepage</a> | <a href="https://twistedmatrix.com/trac/">Bugtracker</a> 

</td>

<tr>
<td><b>zope.interface</b></td>
<td align="center">4.4.2</td>
<td align="center">&raquo;</td>
<td align="center">4.4.3</td>
<td>
     <a href="https://pypi.python.org/pypi/zope.interface">PyPI</a> | <a href="https://pyup.io/changelogs/zope.interface/">Changelog</a> | <a href="https://github.com/zopefoundation/zope.interface">Repo</a> 

</td>

</tr>
</table>



## Changelogs


### asn1crypto 0.22.0 -> 0.23.0

>### 0.23.0


> - Backwards compatibility break: the `tag_type`, `explicit_tag` and
>   `explicit_class` attributes on `core.Asn1Value` no longer exist and were
>   replaced by the `implicit` and `explicit` attributes. Field param dicts
>   may use the new `explicit` and `implicit` keys, or the old `tag_type` and
>   `tag` keys. The attribute changes will likely to have little to no impact
>   since they were primarily an implementation detail.
> - Teletex strings used inside of X.509 certificates are now interpreted
>   using Windows-1252 (a superset of ISO-8859-1). This enables compatibility
>   with certificates generated by OpenSSL. Strict parsing of Teletex strings
>   can be retained by using the `x509.strict_teletex()` context manager.
> - Added support for nested explicit tagging, supporting values that are
>   defined with explicit tagging and then added as a field of another
>   structure using explicit tagging.
> - Fixed a `UnicodeDecodeError` when trying to find the (optional) dependency
>   OpenSSL on Python 2
> - Fixed `next_update` field of `crl.TbsCertList` to be optional
> - Added the `x509.Certificate.sha256_fingerprint` property
> - `x509.Certificate.ocsp_urls` and `x509.DistributionPoint.url` will now
>   return `https://`, `ldap://` and `ldaps://` URLs in addition to `http://`.
> - Added CMS Attribute Protection definitions from RFC 6211
> - Added OIDs from RFC 6962







### hypothesis 3.23.2 -> 3.31.2

>### 3.31.2

>-------------------

>This release fixes some formatting and small typos/grammar issues in the
>documentation, specifically the page docs/settings.rst, and the inline docs
>for the various settings.

>-------------------


>### 3.31.1

>-------------------

>This release improves the handling of deadlines so that they act better with
>the shrinking process. This fixes :issue:`892`.

>This involves two changes:

>1. The deadline is raised during the initial generation and shrinking, and then
>   lowered to the set value for final replay. This restricts our attention to
>   examples which exceed the deadline by a more significant margin, which
>   increases their reliability.
>2. When despite the above a test still becomes flaky because it is
>   significantly faster on rerun than it was on its first run, the error
>   message is now more explicit about the nature of this problem, and includes
>   both the initial test run time and the new test run time.

>In addition, this release also clarifies the documentation of the deadline
>setting slightly to be more explicit about where it applies.

>This work was funded by `Smarkets &lt;https://smarkets.com/&gt;`_.

>-------------------


>### 3.31.0

>-------------------

>This release blocks installation of Hypothesis on Python 3.3, which
>:PEP:`reached its end of life date on 2017-09-29 &lt;398&gt;`.

>This should not be of interest to anyone but downstream maintainers -
>if you are affected, migrate to a secure version of Python as soon as
>possible or at least seek commercial support.

>-------------------


>### 3.30.4

>-------------------

>This release makes several changes:

>1. It significantly improves Hypothesis&#39;s ability to use coverage information
>   to find interesting examples.
>2. It reduces the default ``max_examples`` setting from 200 to 100. This takes
>   advantage of the improved algorithm meaning fewer examples are typically
>   needed to get the same testing and is sufficiently better at covering
>   interesting behaviour, and offsets some of the performance problems of
>   running under coverage.
>3. Hypothesis will always try to start its testing with an example that is near
>   minimized.

>The new algorithm for 1 also makes some changes to Hypothesis&#39;s low level data
>generation which apply even with coverage turned off. They generally reduce the
>total amount of data generated, which should improve test performance somewhat.
>Between this and 3 you should see a noticeable reduction in test runtime (how
>much so depends on your tests and how much example size affects their
>performance. On our benchmarks, where data generation dominates, we saw up to
>a factor of two performance improvement, but it&#39;s unlikely to be that large.

>-------------------


>### 3.30.3

>-------------------

>This release fixes some formatting and small typos/grammar issues in the
>documentation, specifically the page docs/details.rst, and some inline
>docs linked from there.

>-------------------


>### 3.30.2

>-------------------

>This release changes Hypothesis&#39;s caching approach for functions in
>``hypothesis.strategies``. Previously it would have cached extremely
>aggressively and cache entries would never be evicted. Now it adopts a
>least-frequently used, least recently used key invalidation policy, and is
>somewhat more conservative about which strategies it caches.

>This should cause some workloads (anything that creates strategies based on
>dynamic values, e.g. using flatmap or composite) to see a significantly lower
>memory usage.

>-------------------


>### 3.30.1

>-------------------

>This release fixes a bug where when running with use_coverage=True inside an
>existing running instance of coverage, Hypothesis would frequently put files
>that the coveragerc excluded in the report for the enclosing coverage.

>-------------------


>### 3.30.0

>-------------------

>This release introduces two new features:

>* pytest users can specify a seed to use for ``given`` based tests by passing
>  the ``--hypothesis-seed`` command line argument.
>* When a test fails, either with a health check failure or a falsifying example,
>  Hypothesis will print out a seed that led to that failure, if the test is not
>  already running with a fixed seed. You can then recreate that failure using either
>  the ``seed`` decorator or (if you are running pytest) with ``--hypothesis-seed``.


>This work was funded by `Smarkets &lt;https://smarkets.com/&gt;`_.

>-------------------


>### 3.29.0

>-------------------

>This release makes Hypothesis coverage aware. Hypothesis now runs all test
>bodies under coverage, and uses this information to guide its testing.

>The :attr:`~hypothesis.settings.use_coverage` setting can be used to disable
>this behaviour if you want to test code that is sensitive to coverage being
>enabled (either because of performance or interaction with the trace function).

>The main benefits of this feature are:

>* Hypothesis now observes when examples it discovers cover particular lines
>  or branches and stores them in the database for later.
>* Hypothesis will make some use of this information to guide its exploration of
>  the search space and improve the examples it finds (this is currently used
>  only very lightly and will likely improve significantly in future releases).

>This also has the following side-effects:

>* Hypothesis now has an install time dependency on the coverage package.
>* Tests that are already running Hypothesis under coverage will likely get
>  faster.
>* Tests that are not running under coverage now run their test bodies under
>  coverage by default.


>This feature is only partially supported under pypy. It is significantly slower
>than on CPython and is turned off by default as a result, but it should still
>work correctly if you want to use it.

>-------------------


>### 3.28.3

>-------------------

>This release is an internal change that affects how Hypothesis handles
>calculating certain properties of strategies.

>The primary effect of this is that it fixes a bug where use of
>:func:`~hypothesis.deferred` could sometimes trigger an internal assertion
>error. However the fix for this bug involved some moderately deep changes to
>how Hypothesis handles certain constructs so you may notice some additional
>knock-on effects.

>In particular the way Hypothesis handles drawing data from strategies that
>cannot generate any values has changed to bail out sooner than it previously
>did. This may speed up certain tests, but it is unlikely to make much of a
>difference in practice for tests that were not already failing with
>Unsatisfiable.

>-------------------


>### 3.28.2

>-------------------

>This is a patch release that fixes a bug in the `hypothesis.extra.pandas` documentation where it incorrectly referred to column instead of columns.

>-------------------


>### 3.28.1

>-------------------

>This is a refactoring release. It moves a number of internal uses
>of nametuple over to using attrs based classes, and removes a couple
>of internal namedtuple classes that were no longer in use.

>It should have no user visible impact.

>-------------------


>### 3.28.0

>-------------------

>This release adds support for testing pandas via the :ref:`hypothesis.extra.pandas &lt;hypothesis-pandas&gt;`
>module.

>It also adds a dependency on attrs.

>This work was funded by `Stripe &lt;https://stripe.com/&gt;`_.

>-------------------


>### 3.27.1

>-------------------

>This release fixes some formatting and broken cross-references in the
>documentation, which includes editing docstrings - and thus a patch release.

>-------------------


>### 3.27.0

>-------------------

>This release introduces a :attr:`~hypothesis.settings.deadline`
>setting to Hypothesis.

>When set this turns slow tests into errors. By default it is unset but will
>warn if you exceed 200ms, which will become the default value in a future
>release.

>This work was funded by `Smarkets &lt;https://smarkets.com/&gt;`_.

>-------------------


>### 3.26.0

>-------------------

>Hypothesis now emits deprecation warnings if you are using the legacy
>SQLite example database format, or the tool for merging them. These were
>already documented as deprecated, so this doesn&#39;t change their deprecation
>status, only that we warn about it.

>-------------------


>### 3.25.1

>-------------------

>This release fixes a bug with generating numpy datetime and timedelta types:
>When inferring the strategy from the dtype, datetime and timedelta dtypes with
>sub-second precision would always produce examples with one second resolution.
>Inferring a strategy from a time dtype will now always produce example with the
>same precision.

>-------------------


>### 3.25.0

>-------------------

>This release changes how Hypothesis shrinks and replays examples to take into
>account that it can encounter new bugs while shrinking the bug it originally
>found. Previously it would end up replacing the originally found bug with the
>new bug and show you only that one. Now it is (often) able to recognise when
>two bugs are distinct and when it finds more than one will show both.

>-------------------


>### 3.24.2

>-------------------

>This release removes the (purely internal and no longer useful)
>``strategy_test_suite`` function and the corresponding strategytests module.

>-------------------


>### 3.24.1

>-------------------

>This release improves the reduction of examples involving floating point
>numbers to produce more human readable examples.

>It also has some general purpose changes to the way the minimizer works
>internally, which may see some improvement in quality and slow down of test
>case reduction in cases that have nothing to do with floating point numbers.

>-------------------


>### 3.24.0

>-------------------

>Hypothesis now emits deprecation warnings if you use example() inside a
>test function or strategy definition (this was never intended to be supported,
>but is sufficiently widespread that it warrants a deprecation path).

>-------------------


>### 3.23.3

>-------------------

>This is a bugfix release for :func:`~hypothesis.strategies.decimals`
>with the ``places`` argument.

>- No longer fails health checks (:issue:`725`, due to internal filtering)
>- Specifying a ``min_value`` and ``max_value`` without any decimals with
>  ``places`` places between them gives a more useful error message.
>- Works for any valid arguments, regardless of the decimal precision context.

>-------------------






### pyopenssl 17.2.0 -> 17.3.0

>### 17.3.0

>-------------------


>Backward-incompatible changes:
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>- Dropped support for Python 3.3.
>  `677 &lt;https://github.com/pyca/pyopenssl/pull/677&gt;`_
>- Removed the deprecated ``OpenSSL.rand`` module.
>  This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden.
>  ``os.urandom()`` should be used instead.
>  `675 &lt;https://github.com/pyca/pyopenssl/pull/675&gt;`_


>Deprecations:
>^^^^^^^^^^^^^

>- Deprecated ``OpenSSL.tsafe``.
>  `673 &lt;https://github.com/pyca/pyopenssl/pull/673&gt;`_

>Changes:
>^^^^^^^^

>- Fixed a memory leak in ``OpenSSL.crypto.CRL``.
>  `690 &lt;https://github.com/pyca/pyopenssl/pull/690&gt;`_
>- Fixed a memory leak when verifying certificates with ``OpenSSL.crypto.X509StoreContext``.
>  `691 &lt;https://github.com/pyca/pyopenssl/pull/691&gt;`_


>----








### six 1.10.0 -> 1.11.0

>### 1.11.0

>------

>- Pull request 178: `with_metaclass` now properly proxies `__prepare__` to the
>  underlying metaclass.

>- Pull request 191: Allow `with_metaclass` to work with metaclasses implemented
>  in C.

>- Pull request 203: Add parse_http_list and parse_keqv_list to moved
>  urllib.request.

>- Pull request 172 and issue 171: Add unquote_to_bytes to moved urllib.parse.

>- Pull request 167: Add `six.moves.getoutput`.

>- Pull request 80: Add `six.moves.urllib_parse.splitvalue`.

>- Pull request 75: Add `six.moves.email_mime_image`.

>- Pull request 72: Avoid creating reference cycles through tracebacks in
>  `reraise`.







### zope.interface 4.4.2 -> 4.4.3

>### 4.4.3

>------------------

>- Avoid exceptions when the ``__annotations__`` attribute is added to
>  interface definitions with Python 3.x type hints. See `issue 98
>  &lt;https://github.com/zopefoundation/zope.interface/issues/98&gt;`_.
>- Fix the possibility of a rare crash in the C extension when
>  deallocating items. See `issue 100
>  &lt;https://github.com/zopefoundation/zope.interface/issues/100&gt;`_.











That's it for now!

Happy merging! 🤖
bors-fusion bot added a commit to fusionapp/documint that referenced this pull request Nov 17, 2017
Merge #96
96: Update pyopenssl to 17.3.0 r=mithrandi


There's a new version of [pyopenssl](https://pypi.python.org/pypi/pyopenssl) available.
You are currently using **17.2.0**. I have updated it to **17.3.0**



These links might come in handy:  <a href="https://pypi.python.org/pypi/pyopenssl">PyPI</a> | <a href="https://pyup.io/changelogs/pyopenssl/">Changelog</a> | <a href="https://pyopenssl.org/">Homepage</a> | <a href="http://pythonhosted.org/pyOpenSSL/">Docs</a> 



### Changelog
> 
>### 17.3.0

>-------------------


>Backward-incompatible changes:
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>- Dropped support for Python 3.3.
>  `677 &lt;https://github.com/pyca/pyopenssl/pull/677&gt;`_
>- Removed the deprecated ``OpenSSL.rand`` module.
>  This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden.
>  ``os.urandom()`` should be used instead.
>  `675 &lt;https://github.com/pyca/pyopenssl/pull/675&gt;`_


>Deprecations:
>^^^^^^^^^^^^^

>- Deprecated ``OpenSSL.tsafe``.
>  `673 &lt;https://github.com/pyca/pyopenssl/pull/673&gt;`_

>Changes:
>^^^^^^^^

>- Fixed a memory leak in ``OpenSSL.crypto.CRL``.
>  `690 &lt;https://github.com/pyca/pyopenssl/pull/690&gt;`_
>- Fixed a memory leak when verifying certificates with ``OpenSSL.crypto.X509StoreContext``.
>  `691 &lt;https://github.com/pyca/pyopenssl/pull/691&gt;`_


>----








*Got merge conflicts? Close this PR and delete the branch. I'll create a new PR for you.*

Happy merging! 🤖
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.