diff options
author | Ned Deily <nad@python.org> | 2018-06-27 22:45:50 (GMT) |
---|---|---|
committer | Ned Deily <nad@python.org> | 2018-06-27 22:45:50 (GMT) |
commit | aee5df5e16ec20e94d4315701315c32edae752f5 (patch) | |
tree | e895a6a96b97cdc0650bf1949f3d8fcfbc52eaa0 /Misc/NEWS.d/3.5.5rc1.rst | |
parent | 492572715aa0f4ddab51f979f7f56465c762227c (diff) | |
download | cpython-aee5df5e16ec20e94d4315701315c32edae752f5.zip cpython-aee5df5e16ec20e94d4315701315c32edae752f5.tar.gz cpython-aee5df5e16ec20e94d4315701315c32edae752f5.tar.bz2 |
Forward port 3.7.0 final changes
Diffstat (limited to 'Misc/NEWS.d/3.5.5rc1.rst')
-rw-r--r-- | Misc/NEWS.d/3.5.5rc1.rst | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/Misc/NEWS.d/3.5.5rc1.rst b/Misc/NEWS.d/3.5.5rc1.rst new file mode 100644 index 0000000..879f6c4 --- /dev/null +++ b/Misc/NEWS.d/3.5.5rc1.rst @@ -0,0 +1,74 @@ +.. bpo: 32551 +.. date: 2018-01-16-16-05-37 +.. nonce: U0z4W- +.. release date: 2018-01-23 +.. section: Security + +The ``sys.path[0]`` initialization change for bpo-29139 caused a regression +by revealing an inconsistency in how sys.path is initialized when executing +``__main__`` from a zipfile, directory, or other import location. This is +considered a potential security issue, as it may lead to privileged +processes unexpectedly loading code from user controlled directories in +situations where that was not previously the case. + +The interpreter now consistently avoids ever adding the import location's +parent directory to ``sys.path``, and ensures no other ``sys.path`` entries +are inadvertently modified when inserting the import location named on the +command line. (Originally reported as bpo-29723 against Python 3.6rc1, but +it was missed at the time that the then upcoming Python 3.5.4 release would +also be affected) + +.. + +.. bpo: 30657 +.. date: 2017-12-01-18-51-03 +.. nonce: Fd8kId +.. section: Security + +Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158. +Original patch by Jay Bosamiya; rebased to Python 3 by Miro HronĨok. + +.. + +.. bpo: 30947 +.. date: 2017-09-05-20-34-44 +.. nonce: iNMmm4 +.. section: Security + +Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security +fixes. + +.. + +.. bpo: 31095 +.. date: 2017-08-01-18-48-30 +.. nonce: bXWZDb +.. section: Core and Builtins + +Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call +``PyObject_GC_UnTrack()``. + +.. + +.. bpo: 32072 +.. date: 2017-11-18-21-13-52 +.. nonce: nwDV8L +.. section: Library + +Fixed issues with binary plists: + +* Fixed saving bytearrays. +* Identical objects will be saved only once. +* Equal references will be load as identical objects. +* Added support for saving and loading recursive data structures. + +.. + +.. bpo: 31170 +.. date: 2017-09-05-20-35-21 +.. nonce: QGmJ1t +.. section: Library + +expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial +characters for UTF-8 input (libexpat bug 115): +https://github.com/libexpat/libexpat/issues/115 |