summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d
diff options
context:
space:
mode:
Diffstat (limited to 'Misc/NEWS.d')
-rw-r--r--Misc/NEWS.d/3.8.14.rst120
-rw-r--r--Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst5
-rw-r--r--Misc/NEWS.d/next/Documentation/2022-03-28-12-36-17.bpo-47138.TbLXgV.rst1
-rw-r--r--Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst1
-rw-r--r--Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst2
-rw-r--r--Misc/NEWS.d/next/Library/2022-01-03-15-07-06.bpo-46197.Z0djv6.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst3
-rw-r--r--Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst14
-rw-r--r--Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst1
-rw-r--r--Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst2
-rw-r--r--Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst2
-rw-r--r--Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst1
12 files changed, 120 insertions, 33 deletions
diff --git a/Misc/NEWS.d/3.8.14.rst b/Misc/NEWS.d/3.8.14.rst
new file mode 100644
index 0000000..f13bf32
--- /dev/null
+++ b/Misc/NEWS.d/3.8.14.rst
@@ -0,0 +1,120 @@
+.. date: 2022-08-07-16-53-38
+.. gh-issue: 95778
+.. nonce: ch010gps
+.. release date: 2022-09-06
+.. section: Security
+
+Converting between :class:`int` and :class:`str` in bases other than 2
+(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal)
+now raises a :exc:`ValueError` if the number of digits in string form is
+above a limit to avoid potential denial of service attacks due to the
+algorithmic complexity. This is a mitigation for `CVE-2020-10735
+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_.
+
+This new limit can be configured or disabled by environment variable,
+command line flag, or :mod:`sys` APIs. See the :ref:`integer string
+conversion length limitation <int_max_str_digits>` documentation. The
+default limit is 4300 digits in string form.
+
+Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with
+feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and
+Mark Dickinson.
+
+..
+
+.. date: 2022-06-15-20-09-23
+.. gh-issue: 87389
+.. nonce: QVaC3f
+.. section: Security
+
+:mod:`http.server`: Fix an open redirection vulnerability in the HTTP server
+when an URI path starts with ``//``. Vulnerability discovered, and initial
+fix proposed, by Hamza Avvan.
+
+..
+
+.. date: 2022-05-21-23-21-37
+.. gh-issue: 93065
+.. nonce: 5I18WC
+.. section: Core and Builtins
+
+Fix contextvars HAMT implementation to handle iteration over deep trees.
+
+The bug was discovered and fixed by Eli Libman. See
+`MagicStack/immutables#84
+<https://github.com/MagicStack/immutables/issues/84>`_ for more details.
+
+..
+
+.. bpo: 46197
+.. date: 2022-01-03-15-07-06
+.. nonce: Z0djv6
+.. section: Library
+
+Fix :mod:`ensurepip` environment isolation for subprocess running ``pip``.
+
+..
+
+.. bpo: 36073
+.. date: 2019-06-22-11-01-45
+.. nonce: ED8mB9
+.. section: Library
+
+Raise :exc:`~sqlite3.ProgrammingError` instead of segfaulting on recursive
+usage of cursors in :mod:`sqlite3` converters. Patch by Sergey Fedoseev.
+
+..
+
+.. date: 2022-04-24-22-09-31
+.. gh-issue: 91888
+.. nonce: kTjJLx
+.. section: Documentation
+
+Add a new ``gh`` role to the documentation to link to GitHub issues.
+
+..
+
+.. bpo: 47138
+.. date: 2022-03-28-12-36-17
+.. nonce: TbLXgV
+.. section: Documentation
+
+Pin Jinja to a version compatible with Sphinx version 2.4.4.
+
+..
+
+.. date: 2022-06-27-21-27-20
+.. gh-issue: 94208
+.. nonce: VR6HX-
+.. section: Tests
+
+``test_ssl`` is now checking for supported TLS version and protocols in more
+tests.
+
+..
+
+.. bpo: 47016
+.. date: 2022-03-14-23-28-17
+.. nonce: K-t2QX
+.. section: Tests
+
+Create a GitHub Actions workflow for verifying bundled pip and setuptools.
+Patch by Illia Volochii and Adam Turner.
+
+..
+
+.. bpo: 46114
+.. date: 2021-12-17-14-46-19
+.. nonce: 9iyZ_9
+.. section: Tests
+
+Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses ``0xMNN00PP0L``.
+
+..
+
+.. bpo: 47194
+.. date: 2022-04-01-14-57-40
+.. nonce: IB0XL4
+.. section: Windows
+
+Update ``zlib`` to v1.2.12 to resolve CVE-2018-25032.
diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst b/Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst
deleted file mode 100644
index ea80165..0000000
--- a/Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst
+++ /dev/null
@@ -1,5 +0,0 @@
-Fix contextvars HAMT implementation to handle iteration over deep trees.
-
-The bug was discovered and fixed by Eli Libman. See
-`MagicStack/immutables#84 <https://github.com/MagicStack/immutables/issues/84>`_
-for more details.
diff --git a/Misc/NEWS.d/next/Documentation/2022-03-28-12-36-17.bpo-47138.TbLXgV.rst b/Misc/NEWS.d/next/Documentation/2022-03-28-12-36-17.bpo-47138.TbLXgV.rst
deleted file mode 100644
index 9dde4de..0000000
--- a/Misc/NEWS.d/next/Documentation/2022-03-28-12-36-17.bpo-47138.TbLXgV.rst
+++ /dev/null
@@ -1 +0,0 @@
-Pin Jinja to a version compatible with Sphinx version 2.4.4.
diff --git a/Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst b/Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst
deleted file mode 100644
index 4ebca42..0000000
--- a/Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst
+++ /dev/null
@@ -1 +0,0 @@
-Add a new ``gh`` role to the documentation to link to GitHub issues.
diff --git a/Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst b/Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst
deleted file mode 100644
index 6c214d8..0000000
--- a/Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Raise :exc:`~sqlite3.ProgrammingError` instead of segfaulting on recursive
-usage of cursors in :mod:`sqlite3` converters. Patch by Sergey Fedoseev.
diff --git a/Misc/NEWS.d/next/Library/2022-01-03-15-07-06.bpo-46197.Z0djv6.rst b/Misc/NEWS.d/next/Library/2022-01-03-15-07-06.bpo-46197.Z0djv6.rst
deleted file mode 100644
index 7a3b2d5..0000000
--- a/Misc/NEWS.d/next/Library/2022-01-03-15-07-06.bpo-46197.Z0djv6.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix :mod:`ensurepip` environment isolation for subprocess running ``pip``.
diff --git a/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst b/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst
deleted file mode 100644
index 029d437..0000000
--- a/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:mod:`http.server`: Fix an open redirection vulnerability in the HTTP server
-when an URI path starts with ``//``. Vulnerability discovered, and initial
-fix proposed, by Hamza Avvan.
diff --git a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst b/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst
deleted file mode 100644
index 8eb8a34..0000000
--- a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst
+++ /dev/null
@@ -1,14 +0,0 @@
-Converting between :class:`int` and :class:`str` in bases other than 2
-(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now
-raises a :exc:`ValueError` if the number of digits in string form is above a
-limit to avoid potential denial of service attacks due to the algorithmic
-complexity. This is a mitigation for `CVE-2020-10735
-<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_.
-
-This new limit can be configured or disabled by environment variable, command
-line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion length
-limitation <int_max_str_digits>` documentation. The default limit is 4300
-digits in string form.
-
-Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback
-from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
diff --git a/Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst b/Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst
deleted file mode 100644
index 6878cea..0000000
--- a/Misc/NEWS.d/next/Tests/2021-12-17-14-46-19.bpo-46114.9iyZ_9.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses ``0xMNN00PP0L``.
diff --git a/Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst b/Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst
deleted file mode 100644
index 774bfaf..0000000
--- a/Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Create a GitHub Actions workflow for verifying bundled pip and setuptools.
-Patch by Illia Volochii and Adam Turner.
diff --git a/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst b/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst
deleted file mode 100644
index d0f970a..0000000
--- a/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-``test_ssl`` is now checking for supported TLS version and protocols in more
-tests.
diff --git a/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst b/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst
deleted file mode 100644
index 7e76add..0000000
--- a/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update ``zlib`` to v1.2.12 to resolve CVE-2018-25032.
generated by cgit v0.12 at 2024-11-17 15:13:56 (GMT)