md5 is not an approved algorithm in FIPS mode, and trying to instantiate
a hashlib.md5() will fail when the system is running in FIPS mode.
md5 is allowed when in a non-security context. There is a plan to add a
keyword parameter (usedforsecurity) to hashlib.md5() to annotate whether
or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added.
This encapsulation will pass through the usedforsecurity parameter in
the case where the parameter is supported, and strip it if it is not.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Switched the order of the checks to reduce the overhead. Async unsafe methods
are *normally* called syncrhonously, so we can avoid the overhead of checking
the environment variable in the regular path.
Elements yielded by _destruct_iterable_mapping_values are always
unpacked. Since unpacking can be done with any iterable, there is no
need to convert elements to tuples. Also, such elements can be used
directly in for loops, creating a dictionary of them is excessive.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
This improves performance of import_string() by avoiding multiple
imports for the same path.
Thanks Andrew Godwin and Keryn Knight for the implementation idea.
The "data in self.children" branch was causing data.__eq__ to be
called for each entries in "self.children" which resulted in a huge
slowdown during queryset construction.
It's purpose was to prevent queries of the form
Model.objects.filter(foo='bar').filter(foo='bar')
from resulting in
WHERE foo='bar' AND foo='bar'
but it's not covered by the suite and has arguable performance benefits
since it's not very common and SQL engines are usually very good at
folding/optimizing these.
See also #32632 for prior discussion around comparing data to the
Node's children.
Co-authored-by: Nick Pope <nick@nickpope.me.uk>
This removes unnecessary format('O') call, remove unnecessary method
calls for simple cases in TimeFormat, and simplifies time zone handling
in TimeFormat.
Address a long standing bug in a Where.add optimization to discard
equal nodes that was surfaced by implementing equality for Lookup
instances in bbf141bcdc.
Thanks Shaheed Haque for the report.
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
Deferred accessing the module-global variable __file__ because the
Python import API does not guarantee it always exists—in particular, it
does not exist in certain "frozen" environments. The following changes
advanced this goal.
Thanks to Carlton Gibson, Tom Forbes, Mariusz Felisiak, and Shreyas
Ravi for review and feedback.
Claude Paroz
Ade Lee
Nick Pope
Adam Johnson
Chenyang Yan
Mariusz Felisiak
Illia Volochii
Carlton Gibson
yujin
David Smith
Chris Jerdonek
David Smith
Keryn Knight
abhiabhi94
Shipeng Feng
Daniele Procida
Ben Wilber
Mateo Radman
David Sanders
Mohammadreza Varasteh
Moriyoshi Koizumi
Simon Charette
Hasan Ramezani
Maxim Beder
Karthikeyan Singaravelan
Florian Apolloner
pythonwood
William Schwartz