Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6
to 42.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>42.0.4 - 2024-02-20</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when
creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded
according to the
definitions in :rfc:`2633` :rfc:`3370`.
<p>.. _v42-0-3:</p>
<p>42.0.3 - 2024-02-15
</code></pre></p>
<ul>
<li>Fixed an initialization issue that caused key loading failures for
some
users.</li>
</ul>
<p>.. _v42-0-2:</p>
<p>42.0.2 - 2024-01-30</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol
objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with
``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
<p>.. _v42-0-1:</p>
<p>42.0.1 - 2024-01-24
</code></pre></p>
<ul>
<li>Fixed an issue with incorrect keyword-argument naming with
<code>EllipticCurvePrivateKey</code>
:meth:<code>~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign</code>.</li>
<li>Resolved compatibility issue with loading certain RSA public keys in
:func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>.</li>
</ul>
<p>.. _v42-0-0:</p>
<p>42.0.0 - 2024-01-22</p>
<pre><code>
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe18470f7d"><code>fe18470</code></a>
Bump for 42.0.4 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/10445">#10445</a>)</li>
<li><a
href="aaa2dd06ed"><code>aaa2dd0</code></a>
Fix ASN.1 issues in PKCS#7 and S/MIME signing (<a
href="https://redirect.github.com/pyca/cryptography/issues/10373">#10373</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10442">#10442</a>)</li>
<li><a
href="7a4d012991"><code>7a4d012</code></a>
Fixes <a
href="https://redirect.github.com/pyca/cryptography/issues/10422">#10422</a>
-- don't crash when a PKCS#12 key and cert don't match (<a
href="https://redirect.github.com/pyca/cryptography/issues/10423">#10423</a>)
...</li>
<li><a
href="df314bb182"><code>df314bb</code></a>
backport actions m1 switch to 42.0.x (<a
href="https://redirect.github.com/pyca/cryptography/issues/10415">#10415</a>)</li>
<li><a
href="c49a7a5271"><code>c49a7a5</code></a>
changelog and version bump for 42.0.3 (<a
href="https://redirect.github.com/pyca/cryptography/issues/10396">#10396</a>)</li>
<li><a
href="396bcf64c5"><code>396bcf6</code></a>
fix provider loading take two (<a
href="https://redirect.github.com/pyca/cryptography/issues/10390">#10390</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10395">#10395</a>)</li>
<li><a
href="0e0e46f5f7"><code>0e0e46f</code></a>
backport: initialize openssl's legacy provider in rust (<a
href="https://redirect.github.com/pyca/cryptography/issues/10323">#10323</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10333">#10333</a>)</li>
<li><a
href="2202123b50"><code>2202123</code></a>
changelog and version bump 42.0.2 (<a
href="https://redirect.github.com/pyca/cryptography/issues/10268">#10268</a>)</li>
<li><a
href="f7032bdd40"><code>f7032bd</code></a>
bump openssl in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/10298">#10298</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10299">#10299</a>)</li>
<li><a
href="002e886f16"><code>002e886</code></a>
Fixes <a
href="https://redirect.github.com/pyca/cryptography/issues/10294">#10294</a>
-- correct accidental change to exchange kwarg (<a
href="https://redirect.github.com/pyca/cryptography/issues/10295">#10295</a>)
(<a
href="https://redirect.github.com/pyca/cryptography/issues/10296">#10296</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/41.0.6...42.0.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/microsoft/DirectXShaderCompiler/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ShaderCompatInfo identifies compatibility for functions that could be
called from an entry point.
Currently, this checking detects compatibility problems between entry
points and internal function calls that the validator otherwise misses.
This change adds a check for ShaderCompatInfo, recursing into called
functions looking for a source of conflict when not compatible with the
current entry point properties.
Errors are emitted for the entry point and at one source of each type of
conflict that ShaderCompatInfo detects.
A function is considered the source of a conflict when it has the
conflict but none of the functions called from this function have this
conflict.
Removed early exit for ShaderFlags validation when module is a library,
since these flags should be validated for libraries, and running
CollectShaderFlagsForModule fills in the ShaderCompatInfo data we need
for validation.
Also fixed tests for illegal barrier and derivative use, as well as
replacing the ignored MaxOutputRecords with the correct MaxRecords
attribute.
Fixes#6292.
Fix barrier allowed ops and flags by shader kind
New barrier operations lacked validation and for RDAT info: had
incorrect min target and shader stage flags.
- Identify barrier DXIL operations with new `is_barrier` in `hctdb.py`
and generated `OP::IsDxilOpBarrier`.
- Identify when a barrier op requires shader stage with group
(compute-like stage), or when it requires node memory.
- Add new `OptFeatureInfo_RequiresGroup` to identify function only
compatible with a shader stage with a visible group for access to
groupshared memory or use of group sync.
- Translate to original `BarrierMode` when compatible; adds
`BarrierMode::Invalid` to identify invalid cases.
- Account for `DXIL::MemoryTypeFlags::AllMemory` being allowed and
auto-masked by driver.
- Properly set min shader model and compatible shader stage flags.
- Validate barrier for shader stage.
- Added new barriers to counters which were missing.
Adressing parts of: #6256 and #6292Fixes#6266
DXIL operations should use is_const=True for constant arguments. This
allows for convenience methods to retrieve the constant value, and could
(should, but currently doesn't) result in validation that the argument
is constant.
`BarrierByNodeRecordHandle` SemanticFlags argument must be constant.
`MetadataIdx` for both `createNodeOutputHandle` and
`CreateNodeInputRecordHandle` must be constant.
Upon further discussion, the team has agreed that in certain degenerate
cases, the current diagnostics are insufficient.
In the case that min == max in the wave size range attribute, a
defaultError warning should be emitted. Additionally, there should be an
explicit way to handle the case where 0,0,0 is passed to the wavesize
range attribute.
This PR directly handles and tests both of these cases.
Fixes#6161
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Add ShaderKind::Last_1_8 for shader mask
Add shader model comments before flag groupings in DxilConstants.h and DxilShaderFlags.
Add missing flag checks for min shader model in RDAT function info. Move ShaderCompatInfo computation into DxilModule, propagate callee info.
Move computation of shader model requirements based on flags into DxilModule. Finalize requirements for entry functions in AdjustMinimumShaderModelAndFlags.
Fixes for function level flag tracking:
- DerivativesInMeshAndAmpShaders: use flag to track deriv use, then adjust for entry functions.
- hasUAVs: based on resource use in function instead of global resources.
- WriteableMSAATextures: based on use in function instead of global resources.
- Also catch cases for dynamic res from any use by looking at create/annotate handle, not just the TextureStoreSample op.
- RaytracingTier1_1: move module-level detection to CollectShaderFlagsForModule
- Marked deriv and quad ops as being supported in node.
- Fixed SampleCmpBias to be considered gradient op.
- Update RDAT definitions to dump more useful info for testing
Fixes#6218.
#5827 first requires validation at the DXIL level. The validation will
check for functions that have incompatible node launch types, and
intrinsics that represent certain system values.
This PR implements this validation and adds some tests that exercise
this validation.
Fixes#6104
PSV0 MaximumExpectedWaveLaneCount was incorrectly set to 0 for
non-range.
Create struct for WaveSize in DxilFunctionProps.h.
Centralize encoding and validation logic there.
Use validation logic in both SemaHLSL and DxilValidation.
Remove test requiring newer shader model in CodeGenHLSL.
Add comprehensive test for compute and node, cs and lib targets, SM 6.6
and 6.8, testing ast, metadata and RDAT.
Add PSV0 tests to catch incorrect runtime data.
Update validation rules and test for more cases.
The AppVeyor subscription has now ended, so latest builds are failing
with timeouts and downloads of last-known-good are failing with download
size limits. This change removes the AppVeyor run scripts and
documentation references.
Follow-up to add new links for downloading latest build artifacts in
Issue #6175
Wave Size should be able to take a range of possible wavesizes. This PR
aims to implement what is described in this spec:
https://github.com/microsoft/hlsl-specs/pull/149/files
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This commit modifies the xml output of lit so that we always open the
file as utf-8 and also encode any invalid characters with the xml
character reference.
I was hitting an encoding error on windows for some test output because
the xml file was using the windows cp1252 encoding and it ran into some
characters that could not be encoded.
In order to test the change I added a new flag to lit
`--xml-include-test-output` which will include all test output in the
xml. That way we can still expect the lit run to pass and also validate
that the xml file is properly encoded.
The ExtractRecordStructFromArray intrinsic is left over dead code that
should be removed. This PR removes the intrinsic from existence. In the
cases where this intrinsic was used, DefaultSubscript is used instead.
Moved from #5893 to target the main branch instead.
Fixes https://github.com/microsoft/DirectXShaderCompiler/issues/5351
In parallel builds of DXC, hctgen.py in particuilar would sometimes
throw an exception from os.makedirs because the directory would already
exist. The conditional check for file existence introduces a race when
running the script in parallel. Fix this, and all other cases where such
conditional checks were done, by using the `exist_ok = True` argument.
Fix issues hit when apply format.
1. tmp diff file is not opened binary form, don't need to encode.
2. add contents write to "Check code formatting" workflow for commit and
push change.
3. put main branch to different path to avoid issue when checkout head
branch to same path.
When hit clang-format error in a pull request, edit the comment with
diff.
Add @apply-format at the beginning of the comment and Update comment.
New added "Apply code format" workflow will be triggered.
It will checkout the code from compare branch of the pull request, apply
the diff,
then commit and push it to the compare branch to fix the format issue.
The process should be getting clang-format diff comment first.
Then review the diff in the comment.
If the diff looks good, edit and add @apply-format to apply the diff.
Previously, there would be no recursion validation performed on any
function declarations in library shaders. This PR adds code that
validates that no function declarations that are found inside library
shaders are recursive. The diagnostics aren't repeated, since there's
logic to prevent the same diagnostic from being emitted by 2 similar
ancestors of the same recursive function. The PR also adjusts recursion
detection for shaders in non-library cases, and improves the original
diagnostic by adding information about the name of the function that is
recursive. The PR is meant to complete the work on issue #5789. However,
more work needs to be done for full accuracy.
The PR checks *all* function declarations in the translation unit for
the library shader case, when it should really only be checking a subset
of function declarations. This issue is filed here: #5857Fixes#5789
The default generated RUN line generated by ExtractIRForPassTest.py adds
the desired pass to the options, but forgot to add the '-', so it would
fail with difficult to diagnose error in dxopt during argument parsing.
This adds the missing '-' so the RUN line doesn't have to be fixed in
this way every time the script is used.
A few syntax errors fixed along the way:
- hcttracei.py: `print` -> `print()`, `<>` -> `!=`
- hcttest-system-values.py: `os.path.join()` close paren before
arguments
The previous PR #5881 didn't do what it meant to and had a lot of debug
code due to a mistaken commit. This reverts that commit and restores the
setting of the build type flag
A slightly complex series of events causes invocations of hctbuild after
the first to enable asserts in release builds. This sets the build type
even when it isn't needed to avoid it.
Because the build type was not being set when generating for visual
studio in hctbuild, when generating the cmake files using CMakeLists, it
would produce an alarming message saying it was defaulting to debug,
but, in fact, since it didn't care for the purposes of sln file
generation, that wasn't actually a problem, just confusing. It did set a
variable to enable asserts, but didn't do this for release variant
builds
The real problem occurs if hctbuild is invoked again, at that point,
instead of defaulting to Debug, it leaves the build type empty because
of another variable set in the cache.
Additionally, since the first invocation enabled asserts, that also
comes from the cache and so code that strips NDEBUG from all build
variants is invoked because the build type is, in fact, not debug, it's
an empty string.
1. printf format mismatch.
2. avoid cast from CComPtr<IncludeHandlerVFSOverlayForTest> to
CComPtr<IDxcIncludeHandler>.
3. fix signed unsigned mismatch.
4. fix order of fields in constructor.
5. add override for override methods.
6. port
01f4209631
7. add copy assignment operator to avoid
-Wdeprecated-copy-with-user-provided-copy
8. disable -Wignored-qualifiers for taef header WexTestClass.h.
9. remove unused fields.
10. add -clang-cl for hctbuild.
Bumps cryptography from 41.0.3 to 41.0.4.
Sourced from cryptography's changelog:
41.0.4 - 2023-09-19
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3.
fc11bce693
bump for 41.0.4
https://github.com/pyca/cryptography/pull/9629
See full diff in https://github.com/pyca/cryptography/compare/41.0.3...41.0.4
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Merge ACCESS_FLAG AccessFlags and SYNC_FLAG SyncFlags into new
BARRIER_SEMANTIC_FLAG SemanticFlags according to spec update
- Update lowering, DxilValidation, and tests
- Delete now-redundant validation tests
Fixes#5780
Update the DXIL validation for compute node compatibility, and for node
input vs launch type compatibility, to make the diagnostics more
informative, and update the validation tests accordingly.
Fixes#5348
---------
Co-authored-by: Tim Corringham <tcorring@amd.com>
Co-authored-by: Joshua Batista <jbatista@microsoft.com>
This action and scripting was written by @tru for LLVM and addresses
some of the false positives we've been seeing in our action. There is
more room for improvement, but it would be better to unify than to have
divergent approaches since we're solving the same problem.
New overloads are added for CalculateLevelOfDetail and
CalculateLevelOfDetailUnclamped. Also update validator to allow
SamplerComparisonState for shader model higher than 6.7.
Fixes https://github.com/microsoft/DirectXShaderCompiler/pull/5183
The code to structurize loop exits assumed exiting blocks always use
BranchInst and never SwitchInst. This caused a crash. This change makes
the structurizer preemptively check whether this assumption is true
before attempting.
The way taef tests were gathered and executed previously flattened the
list of arguments to a string. This allowed the weird /select: flag to
work correctly, but if any of the arguments had spaces, they were
misinterpretted having lost the implicit quotes around each.
By removing the flattening, putting a space between the flag and the
argument for /select: and removing the explicit quotes around that
argument, the command executes properly whether there are spaces or not
Additionally added a way to detect when these commands failed since they
were silently failing and skipping a large swath of testing when spaces
were present.
Fixes#5719
dependabot[bot]
Helena Kotas
Tex Riddell
Xiang Li
Joshua Batista
Natalie Chouinard
David Peixotto
Antonio Maiorano
Greg Roth
Tim Corringham
Chris B
Adam Yang
Chris Bieneman