diff options
author | Pablo Galindo <pablogsal@gmail.com> | 2022-10-24 17:34:46 (GMT) |
---|---|---|
committer | Pablo Galindo <pablogsal@gmail.com> | 2022-10-24 17:35:39 (GMT) |
commit | deaf509e8fc6e0363bd6f26d52ad42f976ec42f2 (patch) | |
tree | f66f3bb460bea38ab49c8953d0429e4ba258987c /Misc | |
parent | 981b509784c733c54d47bd4d1ceea34fc7ebcac3 (diff) | |
download | cpython-deaf509e8fc6e0363bd6f26d52ad42f976ec42f2.zip cpython-deaf509e8fc6e0363bd6f26d52ad42f976ec42f2.tar.gz cpython-deaf509e8fc6e0363bd6f26d52ad42f976ec42f2.tar.bz2 |
Python 3.11.0v3.11.0
Diffstat (limited to 'Misc')
24 files changed, 255 insertions, 71 deletions
diff --git a/Misc/NEWS.d/3.11.0.rst b/Misc/NEWS.d/3.11.0.rst new file mode 100644 index 0000000..2e1c49d --- /dev/null +++ b/Misc/NEWS.d/3.11.0.rst @@ -0,0 +1,255 @@ +.. date: 2022-09-28-17-09-37 +.. gh-issue: 97616 +.. nonce: K1e3Xs +.. release date: 2022-10-24 +.. section: Security + +Fix multiplying a list by an integer (``list *= int``): detect the integer +overflow when the new allocated length is close to the maximum size. Issue +reported by Jordan Limor. Patch by Victor Stinner. + +.. + +.. date: 2022-09-07-10-42-00 +.. gh-issue: 97514 +.. nonce: Yggdsl +.. section: Security + +On Linux the :mod:`multiprocessing` module returns to using filesystem +backed unix domain sockets for communication with the *forkserver* process +instead of the Linux abstract socket namespace. Only code that chooses to +use the :ref:`"forkserver" start method <multiprocessing-start-methods>` is +affected. + +Abstract sockets have no permissions and could allow any user on the system +in the same `network namespace +<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often +the whole system) to inject code into the multiprocessing *forkserver* +process. This was a potential privilege escalation. Filesystem based socket +permissions restrict this to the *forkserver* process user as was the +default in Python 3.8 and earlier. + +This prevents Linux `CVE-2022-42919 +<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_. + +.. + +.. date: 2022-10-06-02-11-34 +.. gh-issue: 97002 +.. nonce: Zvsk71 +.. section: Core and Builtins + +Fix an issue where several frame objects could be backed by the same +interpreter frame, possibly leading to corrupted memory and hard crashes of +the interpreter. + +.. + +.. date: 2022-10-03-13-35-48 +.. gh-issue: 97752 +.. nonce: 0xTjJY +.. section: Core and Builtins + +Fix possible data corruption or crashes when accessing the ``f_back`` member +of newly-created generator or coroutine frames. + +.. + +.. date: 2022-09-21-16-06-37 +.. gh-issue: 96975 +.. nonce: BmE0XY +.. section: Core and Builtins + +Fix a crash occurring when :c:func:`PyEval_GetFrame` is called while the +topmost Python frame is in a partially-initialized state. + +.. + +.. date: 2022-09-21-14-38-31 +.. gh-issue: 96848 +.. nonce: WuoLzU +.. section: Core and Builtins + +Fix command line parsing: reject :option:`-X int_max_str_digits <-X>` option +with no value (invalid) when the :envvar:`PYTHONINTMAXSTRDIGITS` environment +variable is set to a valid limit. Patch by Victor Stinner. + +.. + +.. date: 2022-09-18-08-47-40 +.. gh-issue: 96821 +.. nonce: Co2iOq +.. section: Core and Builtins + +Fix undefined behaviour in ``_testcapimodule.c``. + +.. + +.. date: 2022-09-16-19-02-40 +.. gh-issue: 95778 +.. nonce: cJmnst +.. section: Core and Builtins + +When :exc:`ValueError` is raised if an integer is larger than the limit, +mention the :func:`sys.set_int_max_str_digits` function in the error +message. Patch by Victor Stinner. + +.. + +.. date: 2022-09-05-19-20-44 +.. gh-issue: 96587 +.. nonce: bVxhX2 +.. section: Core and Builtins + +Correctly raise ``SyntaxError`` on exception groups (:pep:`654`) on python +versions prior to 3.11 + +.. + +.. bpo: 42316 +.. date: 2020-11-15-02-08-43 +.. nonce: LqdkWK +.. section: Core and Builtins + +Document some places where an assignment expression needs parentheses. + +.. + +.. date: 2022-10-16-15-31-50 +.. gh-issue: 98331 +.. nonce: Y5kPOX +.. section: Library + +Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 +respectively. + +.. + +.. date: 2022-10-06-23-42-00 +.. gh-issue: 90985 +.. nonce: s280JY +.. section: Library + +Earlier in 3.11 we deprecated ``asyncio.Task.cancel("message")``. We +realized we were too harsh, and have undeprecated it. + +.. + +.. date: 2022-09-25-23-24-52 +.. gh-issue: 97545 +.. nonce: HZLSNt +.. section: Library + +Make Semaphore run faster. + +.. + +.. date: 2022-09-24-18-56-23 +.. gh-issue: 96865 +.. nonce: o9WUkW +.. section: Library + +fix Flag to use boundary CONFORM + +This restores previous Flag behavior of allowing flags with non-sequential +values to be combined; e.g. + +class Skip(Flag): TWO = 2 EIGHT = 8 + +Skip.TWO | Skip.EIGHT -> <Skip.TWO|EIGHT: 10> + +.. + +.. date: 2022-05-25-15-57-39 +.. gh-issue: 90155 +.. nonce: YMstB5 +.. section: Library + +Fix broken :class:`asyncio.Semaphore` when acquire is cancelled. + +.. + +.. date: 2022-10-02-10-58-52 +.. gh-issue: 97741 +.. nonce: 39l023 +.. section: Documentation + +Fix ``!`` in c domain ref target syntax via a ``conf.py`` patch, so it works +as intended to disable ref target resolution. + +.. + +.. date: 2022-05-20-18-42-10 +.. gh-issue: 93031 +.. nonce: c2RdJe +.. section: Documentation + +Update tutorial introduction output to use 3.10+ SyntaxError invalid range. + +.. + +.. date: 2022-10-20-17-49-50 +.. gh-issue: 95027 +.. nonce: viRpJB +.. section: Tests + +On Windows, when the Python test suite is run with the ``-jN`` option, the +ANSI code page is now used as the encoding for the stdout temporary file, +rather than using UTF-8 which can lead to decoding errors. Patch by Victor +Stinner. + +.. + +.. date: 2022-09-11-14-23-49 +.. gh-issue: 96729 +.. nonce: W4uBWL +.. section: Build + +Ensure that Windows releases built with ``Tools\msi\buildrelease.bat`` are +upgradable to and from official Python releases. + +.. + +.. date: 2022-10-19-20-00-28 +.. gh-issue: 98360 +.. nonce: O2m6YG +.. section: Windows + +Fixes :mod:`multiprocessing` spawning child processes on Windows from a +virtual environment to ensure that child processes that also use +:mod:`multiprocessing` to spawn more children will recognize that they are +in a virtual environment. + +.. + +.. date: 2022-10-19-19-35-37 +.. gh-issue: 98414 +.. nonce: FbHZuS +.. section: Windows + +Fix :file:`py.exe` launcher handling of ``-V:<company>/`` option when +default preferences have been set in environment variables or configuration +files. + +.. + +.. date: 2022-09-29-23-08-49 +.. gh-issue: 90989 +.. nonce: no89Q2 +.. section: Windows + +Clarify some text in the Windows installer. + +.. + +.. date: 2022-10-05-15-26-58 +.. gh-issue: 97897 +.. nonce: Rf-C6u +.. section: macOS + +The macOS 13 SDK includes support for the ``mkfifoat`` and ``mknodat`` +system calls. Using the ``dir_fd`` option with either :func:`os.mkfifo` or +:func:`os.mknod` could result in a segfault if cpython is built with the +macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding +runtime support for detection of these system calls ("weaklinking") as is +done for other newer syscalls on macOS. diff --git a/Misc/NEWS.d/next/Build/2022-09-11-14-23-49.gh-issue-96729.W4uBWL.rst b/Misc/NEWS.d/next/Build/2022-09-11-14-23-49.gh-issue-96729.W4uBWL.rst deleted file mode 100644 index b67cd20..0000000 --- a/Misc/NEWS.d/next/Build/2022-09-11-14-23-49.gh-issue-96729.W4uBWL.rst +++ /dev/null @@ -1,2 +0,0 @@ -Ensure that Windows releases built with ``Tools\msi\buildrelease.bat`` are -upgradable to and from official Python releases. diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-11-15-02-08-43.bpo-42316.LqdkWK.rst b/Misc/NEWS.d/next/Core and Builtins/2020-11-15-02-08-43.bpo-42316.LqdkWK.rst deleted file mode 100644 index ea99780..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2020-11-15-02-08-43.bpo-42316.LqdkWK.rst +++ /dev/null @@ -1 +0,0 @@ -Document some places where an assignment expression needs parentheses. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-05-19-20-44.gh-issue-96587.bVxhX2.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-05-19-20-44.gh-issue-96587.bVxhX2.rst deleted file mode 100644 index 37e9dcb..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-09-05-19-20-44.gh-issue-96587.bVxhX2.rst +++ /dev/null @@ -1,2 +0,0 @@ -Correctly raise ``SyntaxError`` on exception groups (:pep:`654`) on python -versions prior to 3.11 diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst deleted file mode 100644 index ebf6377..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-09-16-19-02-40.gh-issue-95778.cJmnst.rst +++ /dev/null @@ -1,3 +0,0 @@ -When :exc:`ValueError` is raised if an integer is larger than the limit, -mention the :func:`sys.set_int_max_str_digits` function in the error message. -Patch by Victor Stinner. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-18-08-47-40.gh-issue-96821.Co2iOq.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-18-08-47-40.gh-issue-96821.Co2iOq.rst deleted file mode 100644 index 4fd0532..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-09-18-08-47-40.gh-issue-96821.Co2iOq.rst +++ /dev/null @@ -1 +0,0 @@ -Fix undefined behaviour in ``_testcapimodule.c``. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-21-14-38-31.gh-issue-96848.WuoLzU.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-21-14-38-31.gh-issue-96848.WuoLzU.rst deleted file mode 100644 index a9b04ce..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-09-21-14-38-31.gh-issue-96848.WuoLzU.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix command line parsing: reject :option:`-X int_max_str_digits <-X>` option -with no value (invalid) when the :envvar:`PYTHONINTMAXSTRDIGITS` environment -variable is set to a valid limit. Patch by Victor Stinner. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-21-16-06-37.gh-issue-96975.BmE0XY.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-21-16-06-37.gh-issue-96975.BmE0XY.rst deleted file mode 100644 index e6fcb84..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-09-21-16-06-37.gh-issue-96975.BmE0XY.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix a crash occurring when :c:func:`PyEval_GetFrame` is called while the -topmost Python frame is in a partially-initialized state. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-10-03-13-35-48.gh-issue-97752.0xTjJY.rst b/Misc/NEWS.d/next/Core and Builtins/2022-10-03-13-35-48.gh-issue-97752.0xTjJY.rst deleted file mode 100644 index c656350..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-10-03-13-35-48.gh-issue-97752.0xTjJY.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix possible data corruption or crashes when accessing the ``f_back`` member -of newly-created generator or coroutine frames. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-10-06-02-11-34.gh-issue-97002.Zvsk71.rst b/Misc/NEWS.d/next/Core and Builtins/2022-10-06-02-11-34.gh-issue-97002.Zvsk71.rst deleted file mode 100644 index 1f577e0..0000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-10-06-02-11-34.gh-issue-97002.Zvsk71.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix an issue where several frame objects could be backed by the same -interpreter frame, possibly leading to corrupted memory and hard crashes of -the interpreter. diff --git a/Misc/NEWS.d/next/Documentation/2022-05-20-18-42-10.gh-issue-93031.c2RdJe.rst b/Misc/NEWS.d/next/Documentation/2022-05-20-18-42-10.gh-issue-93031.c2RdJe.rst deleted file mode 100644 index c46b45d..0000000 --- a/Misc/NEWS.d/next/Documentation/2022-05-20-18-42-10.gh-issue-93031.c2RdJe.rst +++ /dev/null @@ -1 +0,0 @@ -Update tutorial introduction output to use 3.10+ SyntaxError invalid range. diff --git a/Misc/NEWS.d/next/Documentation/2022-10-02-10-58-52.gh-issue-97741.39l023.rst b/Misc/NEWS.d/next/Documentation/2022-10-02-10-58-52.gh-issue-97741.39l023.rst deleted file mode 100644 index 8da9c92..0000000 --- a/Misc/NEWS.d/next/Documentation/2022-10-02-10-58-52.gh-issue-97741.39l023.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix ``!`` in c domain ref target syntax via a ``conf.py`` patch, so it works -as intended to disable ref target resolution. diff --git a/Misc/NEWS.d/next/Library/2022-05-25-15-57-39.gh-issue-90155.YMstB5.rst b/Misc/NEWS.d/next/Library/2022-05-25-15-57-39.gh-issue-90155.YMstB5.rst deleted file mode 100644 index 8def769..0000000 --- a/Misc/NEWS.d/next/Library/2022-05-25-15-57-39.gh-issue-90155.YMstB5.rst +++ /dev/null @@ -1 +0,0 @@ -Fix broken :class:`asyncio.Semaphore` when acquire is cancelled. diff --git a/Misc/NEWS.d/next/Library/2022-09-24-18-56-23.gh-issue-96865.o9WUkW.rst b/Misc/NEWS.d/next/Library/2022-09-24-18-56-23.gh-issue-96865.o9WUkW.rst deleted file mode 100644 index b054fde..0000000 --- a/Misc/NEWS.d/next/Library/2022-09-24-18-56-23.gh-issue-96865.o9WUkW.rst +++ /dev/null @@ -1,9 +0,0 @@ -fix Flag to use boundary CONFORM
-
-This restores previous Flag behavior of allowing flags with non-sequential values to be combined; e.g.
-
- class Skip(Flag):
- TWO = 2
- EIGHT = 8
-
- Skip.TWO | Skip.EIGHT -> <Skip.TWO|EIGHT: 10> diff --git a/Misc/NEWS.d/next/Library/2022-09-25-23-24-52.gh-issue-97545.HZLSNt.rst b/Misc/NEWS.d/next/Library/2022-09-25-23-24-52.gh-issue-97545.HZLSNt.rst deleted file mode 100644 index a53902e..0000000 --- a/Misc/NEWS.d/next/Library/2022-09-25-23-24-52.gh-issue-97545.HZLSNt.rst +++ /dev/null @@ -1 +0,0 @@ -Make Semaphore run faster. diff --git a/Misc/NEWS.d/next/Library/2022-10-06-23-42-00.gh-issue-90985.s280JY.rst b/Misc/NEWS.d/next/Library/2022-10-06-23-42-00.gh-issue-90985.s280JY.rst deleted file mode 100644 index 964aa39..0000000 --- a/Misc/NEWS.d/next/Library/2022-10-06-23-42-00.gh-issue-90985.s280JY.rst +++ /dev/null @@ -1 +0,0 @@ -Earlier in 3.11 we deprecated ``asyncio.Task.cancel("message")``. We realized we were too harsh, and have undeprecated it. diff --git a/Misc/NEWS.d/next/Library/2022-10-16-15-31-50.gh-issue-98331.Y5kPOX.rst b/Misc/NEWS.d/next/Library/2022-10-16-15-31-50.gh-issue-98331.Y5kPOX.rst deleted file mode 100644 index b4cf943..0000000 --- a/Misc/NEWS.d/next/Library/2022-10-16-15-31-50.gh-issue-98331.Y5kPOX.rst +++ /dev/null @@ -1 +0,0 @@ -Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively. diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst deleted file mode 100644 index 02d95b5..0000000 --- a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst +++ /dev/null @@ -1,15 +0,0 @@ -On Linux the :mod:`multiprocessing` module returns to using filesystem backed -unix domain sockets for communication with the *forkserver* process instead of -the Linux abstract socket namespace. Only code that chooses to use the -:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected. - -Abstract sockets have no permissions and could allow any user on the system in -the same `network namespace -<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the -whole system) to inject code into the multiprocessing *forkserver* process. -This was a potential privilege escalation. Filesystem based socket permissions -restrict this to the *forkserver* process user as was the default in Python 3.8 -and earlier. - -This prevents Linux `CVE-2022-42919 -<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_. diff --git a/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst b/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst deleted file mode 100644 index 721427f..0000000 --- a/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix multiplying a list by an integer (``list *= int``): detect the integer -overflow when the new allocated length is close to the maximum size. Issue -reported by Jordan Limor. Patch by Victor Stinner. diff --git a/Misc/NEWS.d/next/Tests/2022-10-20-17-49-50.gh-issue-95027.viRpJB.rst b/Misc/NEWS.d/next/Tests/2022-10-20-17-49-50.gh-issue-95027.viRpJB.rst deleted file mode 100644 index 8bf1a9d..0000000 --- a/Misc/NEWS.d/next/Tests/2022-10-20-17-49-50.gh-issue-95027.viRpJB.rst +++ /dev/null @@ -1,4 +0,0 @@ -On Windows, when the Python test suite is run with the ``-jN`` option, the -ANSI code page is now used as the encoding for the stdout temporary file, -rather than using UTF-8 which can lead to decoding errors. Patch by Victor -Stinner. diff --git a/Misc/NEWS.d/next/Windows/2022-09-29-23-08-49.gh-issue-90989.no89Q2.rst b/Misc/NEWS.d/next/Windows/2022-09-29-23-08-49.gh-issue-90989.no89Q2.rst deleted file mode 100644 index 34fffdf..0000000 --- a/Misc/NEWS.d/next/Windows/2022-09-29-23-08-49.gh-issue-90989.no89Q2.rst +++ /dev/null @@ -1 +0,0 @@ -Clarify some text in the Windows installer. diff --git a/Misc/NEWS.d/next/Windows/2022-10-19-19-35-37.gh-issue-98414.FbHZuS.rst b/Misc/NEWS.d/next/Windows/2022-10-19-19-35-37.gh-issue-98414.FbHZuS.rst deleted file mode 100644 index df07b7f..0000000 --- a/Misc/NEWS.d/next/Windows/2022-10-19-19-35-37.gh-issue-98414.FbHZuS.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix :file:`py.exe` launcher handling of ``-V:<company>/`` option when -default preferences have been set in environment variables or configuration -files. diff --git a/Misc/NEWS.d/next/Windows/2022-10-19-20-00-28.gh-issue-98360.O2m6YG.rst b/Misc/NEWS.d/next/Windows/2022-10-19-20-00-28.gh-issue-98360.O2m6YG.rst deleted file mode 100644 index 61c1e5e..0000000 --- a/Misc/NEWS.d/next/Windows/2022-10-19-20-00-28.gh-issue-98360.O2m6YG.rst +++ /dev/null @@ -1,4 +0,0 @@ -Fixes :mod:`multiprocessing` spawning child processes on Windows from a -virtual environment to ensure that child processes that also use -:mod:`multiprocessing` to spawn more children will recognize that they are -in a virtual environment. diff --git a/Misc/NEWS.d/next/macOS/2022-10-05-15-26-58.gh-issue-97897.Rf-C6u.rst b/Misc/NEWS.d/next/macOS/2022-10-05-15-26-58.gh-issue-97897.Rf-C6u.rst deleted file mode 100644 index 0d21e98..0000000 --- a/Misc/NEWS.d/next/macOS/2022-10-05-15-26-58.gh-issue-97897.Rf-C6u.rst +++ /dev/null @@ -1,6 +0,0 @@ -The macOS 13 SDK includes support for the ``mkfifoat`` and ``mknodat`` system calls. -Using the ``dir_fd`` option with either :func:`os.mkfifo` or :func:`os.mknod` could result in a -segfault if cpython is built with the macOS 13 SDK but run on an earlier -version of macOS. Prevent this by adding runtime support for detection of -these system calls ("weaklinking") as is done for other newer syscalls on -macOS. |