|
| 1 | +.. date: 2022-09-28-17-09-37 |
| 2 | +.. gh-issue: 97616 |
| 3 | +.. nonce: K1e3Xs |
| 4 | +.. release date: 2022-10-24 |
| 5 | +.. section: Security |
| 6 | +
|
| 7 | +Fix multiplying a list by an integer (``list *= int``): detect the integer |
| 8 | +overflow when the new allocated length is close to the maximum size. Issue |
| 9 | +reported by Jordan Limor. Patch by Victor Stinner. |
| 10 | + |
| 11 | +.. |
| 12 | +
|
| 13 | +.. date: 2022-09-07-10-42-00 |
| 14 | +.. gh-issue: 97514 |
| 15 | +.. nonce: Yggdsl |
| 16 | +.. section: Security |
| 17 | +
|
| 18 | +On Linux the :mod:`multiprocessing` module returns to using filesystem |
| 19 | +backed unix domain sockets for communication with the *forkserver* process |
| 20 | +instead of the Linux abstract socket namespace. Only code that chooses to |
| 21 | +use the :ref:`"forkserver" start method <multiprocessing-start-methods>` is |
| 22 | +affected. |
| 23 | + |
| 24 | +Abstract sockets have no permissions and could allow any user on the system |
| 25 | +in the same `network namespace |
| 26 | +<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often |
| 27 | +the whole system) to inject code into the multiprocessing *forkserver* |
| 28 | +process. This was a potential privilege escalation. Filesystem based socket |
| 29 | +permissions restrict this to the *forkserver* process user as was the |
| 30 | +default in Python 3.8 and earlier. |
| 31 | + |
| 32 | +This prevents Linux `CVE-2022-42919 |
| 33 | +<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_. |
| 34 | + |
| 35 | +.. |
| 36 | +
|
| 37 | +.. date: 2022-10-06-02-11-34 |
| 38 | +.. gh-issue: 97002 |
| 39 | +.. nonce: Zvsk71 |
| 40 | +.. section: Core and Builtins |
| 41 | +
|
| 42 | +Fix an issue where several frame objects could be backed by the same |
| 43 | +interpreter frame, possibly leading to corrupted memory and hard crashes of |
| 44 | +the interpreter. |
| 45 | + |
| 46 | +.. |
| 47 | +
|
| 48 | +.. date: 2022-10-03-13-35-48 |
| 49 | +.. gh-issue: 97752 |
| 50 | +.. nonce: 0xTjJY |
| 51 | +.. section: Core and Builtins |
| 52 | +
|
| 53 | +Fix possible data corruption or crashes when accessing the ``f_back`` member |
| 54 | +of newly-created generator or coroutine frames. |
| 55 | + |
| 56 | +.. |
| 57 | +
|
| 58 | +.. date: 2022-09-21-16-06-37 |
| 59 | +.. gh-issue: 96975 |
| 60 | +.. nonce: BmE0XY |
| 61 | +.. section: Core and Builtins |
| 62 | +
|
| 63 | +Fix a crash occurring when :c:func:`PyEval_GetFrame` is called while the |
| 64 | +topmost Python frame is in a partially-initialized state. |
| 65 | + |
| 66 | +.. |
| 67 | +
|
| 68 | +.. date: 2022-09-21-14-38-31 |
| 69 | +.. gh-issue: 96848 |
| 70 | +.. nonce: WuoLzU |
| 71 | +.. section: Core and Builtins |
| 72 | +
|
| 73 | +Fix command line parsing: reject :option:`-X int_max_str_digits <-X>` option |
| 74 | +with no value (invalid) when the :envvar:`PYTHONINTMAXSTRDIGITS` environment |
| 75 | +variable is set to a valid limit. Patch by Victor Stinner. |
| 76 | + |
| 77 | +.. |
| 78 | +
|
| 79 | +.. date: 2022-09-18-08-47-40 |
| 80 | +.. gh-issue: 96821 |
| 81 | +.. nonce: Co2iOq |
| 82 | +.. section: Core and Builtins |
| 83 | +
|
| 84 | +Fix undefined behaviour in ``_testcapimodule.c``. |
| 85 | + |
| 86 | +.. |
| 87 | +
|
| 88 | +.. date: 2022-09-16-19-02-40 |
| 89 | +.. gh-issue: 95778 |
| 90 | +.. nonce: cJmnst |
| 91 | +.. section: Core and Builtins |
| 92 | +
|
| 93 | +When :exc:`ValueError` is raised if an integer is larger than the limit, |
| 94 | +mention the :func:`sys.set_int_max_str_digits` function in the error |
| 95 | +message. Patch by Victor Stinner. |
| 96 | + |
| 97 | +.. |
| 98 | +
|
| 99 | +.. date: 2022-09-05-19-20-44 |
| 100 | +.. gh-issue: 96587 |
| 101 | +.. nonce: bVxhX2 |
| 102 | +.. section: Core and Builtins |
| 103 | +
|
| 104 | +Correctly raise ``SyntaxError`` on exception groups (:pep:`654`) on python |
| 105 | +versions prior to 3.11 |
| 106 | + |
| 107 | +.. |
| 108 | +
|
| 109 | +.. bpo: 42316 |
| 110 | +.. date: 2020-11-15-02-08-43 |
| 111 | +.. nonce: LqdkWK |
| 112 | +.. section: Core and Builtins |
| 113 | +
|
| 114 | +Document some places where an assignment expression needs parentheses. |
| 115 | + |
| 116 | +.. |
| 117 | +
|
| 118 | +.. date: 2022-10-16-15-31-50 |
| 119 | +.. gh-issue: 98331 |
| 120 | +.. nonce: Y5kPOX |
| 121 | +.. section: Library |
| 122 | +
|
| 123 | +Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 |
| 124 | +respectively. |
| 125 | + |
| 126 | +.. |
| 127 | +
|
| 128 | +.. date: 2022-10-06-23-42-00 |
| 129 | +.. gh-issue: 90985 |
| 130 | +.. nonce: s280JY |
| 131 | +.. section: Library |
| 132 | +
|
| 133 | +Earlier in 3.11 we deprecated ``asyncio.Task.cancel("message")``. We |
| 134 | +realized we were too harsh, and have undeprecated it. |
| 135 | + |
| 136 | +.. |
| 137 | +
|
| 138 | +.. date: 2022-09-25-23-24-52 |
| 139 | +.. gh-issue: 97545 |
| 140 | +.. nonce: HZLSNt |
| 141 | +.. section: Library |
| 142 | +
|
| 143 | +Make Semaphore run faster. |
| 144 | + |
| 145 | +.. |
| 146 | +
|
| 147 | +.. date: 2022-09-24-18-56-23 |
| 148 | +.. gh-issue: 96865 |
| 149 | +.. nonce: o9WUkW |
| 150 | +.. section: Library |
| 151 | +
|
| 152 | +fix Flag to use boundary CONFORM |
| 153 | + |
| 154 | +This restores previous Flag behavior of allowing flags with non-sequential |
| 155 | +values to be combined; e.g. |
| 156 | + |
| 157 | +class Skip(Flag): TWO = 2 EIGHT = 8 |
| 158 | + |
| 159 | +Skip.TWO | Skip.EIGHT -> <Skip.TWO|EIGHT: 10> |
| 160 | + |
| 161 | +.. |
| 162 | +
|
| 163 | +.. date: 2022-05-25-15-57-39 |
| 164 | +.. gh-issue: 90155 |
| 165 | +.. nonce: YMstB5 |
| 166 | +.. section: Library |
| 167 | +
|
| 168 | +Fix broken :class:`asyncio.Semaphore` when acquire is cancelled. |
| 169 | + |
| 170 | +.. |
| 171 | +
|
| 172 | +.. date: 2022-10-02-10-58-52 |
| 173 | +.. gh-issue: 97741 |
| 174 | +.. nonce: 39l023 |
| 175 | +.. section: Documentation |
| 176 | +
|
| 177 | +Fix ``!`` in c domain ref target syntax via a ``conf.py`` patch, so it works |
| 178 | +as intended to disable ref target resolution. |
| 179 | + |
| 180 | +.. |
| 181 | +
|
| 182 | +.. date: 2022-05-20-18-42-10 |
| 183 | +.. gh-issue: 93031 |
| 184 | +.. nonce: c2RdJe |
| 185 | +.. section: Documentation |
| 186 | +
|
| 187 | +Update tutorial introduction output to use 3.10+ SyntaxError invalid range. |
| 188 | + |
| 189 | +.. |
| 190 | +
|
| 191 | +.. date: 2022-10-20-17-49-50 |
| 192 | +.. gh-issue: 95027 |
| 193 | +.. nonce: viRpJB |
| 194 | +.. section: Tests |
| 195 | +
|
| 196 | +On Windows, when the Python test suite is run with the ``-jN`` option, the |
| 197 | +ANSI code page is now used as the encoding for the stdout temporary file, |
| 198 | +rather than using UTF-8 which can lead to decoding errors. Patch by Victor |
| 199 | +Stinner. |
| 200 | + |
| 201 | +.. |
| 202 | +
|
| 203 | +.. date: 2022-09-11-14-23-49 |
| 204 | +.. gh-issue: 96729 |
| 205 | +.. nonce: W4uBWL |
| 206 | +.. section: Build |
| 207 | +
|
| 208 | +Ensure that Windows releases built with ``Tools\msi\buildrelease.bat`` are |
| 209 | +upgradable to and from official Python releases. |
| 210 | + |
| 211 | +.. |
| 212 | +
|
| 213 | +.. date: 2022-10-19-20-00-28 |
| 214 | +.. gh-issue: 98360 |
| 215 | +.. nonce: O2m6YG |
| 216 | +.. section: Windows |
| 217 | +
|
| 218 | +Fixes :mod:`multiprocessing` spawning child processes on Windows from a |
| 219 | +virtual environment to ensure that child processes that also use |
| 220 | +:mod:`multiprocessing` to spawn more children will recognize that they are |
| 221 | +in a virtual environment. |
| 222 | + |
| 223 | +.. |
| 224 | +
|
| 225 | +.. date: 2022-10-19-19-35-37 |
| 226 | +.. gh-issue: 98414 |
| 227 | +.. nonce: FbHZuS |
| 228 | +.. section: Windows |
| 229 | +
|
| 230 | +Fix :file:`py.exe` launcher handling of ``-V:<company>/`` option when |
| 231 | +default preferences have been set in environment variables or configuration |
| 232 | +files. |
| 233 | + |
| 234 | +.. |
| 235 | +
|
| 236 | +.. date: 2022-09-29-23-08-49 |
| 237 | +.. gh-issue: 90989 |
| 238 | +.. nonce: no89Q2 |
| 239 | +.. section: Windows |
| 240 | +
|
| 241 | +Clarify some text in the Windows installer. |
| 242 | + |
| 243 | +.. |
| 244 | +
|
| 245 | +.. date: 2022-10-05-15-26-58 |
| 246 | +.. gh-issue: 97897 |
| 247 | +.. nonce: Rf-C6u |
| 248 | +.. section: macOS |
| 249 | +
|
| 250 | +The macOS 13 SDK includes support for the ``mkfifoat`` and ``mknodat`` |
| 251 | +system calls. Using the ``dir_fd`` option with either :func:`os.mkfifo` or |
| 252 | +:func:`os.mknod` could result in a segfault if cpython is built with the |
| 253 | +macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding |
| 254 | +runtime support for detection of these system calls ("weaklinking") as is |
| 255 | +done for other newer syscalls on macOS. |
0 commit comments