Overview
Request 1003848 accepted
- Update to 3.11.0rc2:
- Converting between int and str in bases other than 2
(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
10 (decimal) now raises a ValueError if the number of digits
in string form is above a limit to avoid potential denial of
service attacks due to the algorithmic complexity. This is
a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment
variable, command line flag, or sys APIs. See the integer
string conversion length limitation documentation. The
default limit is 4300 digits in string form.
- Fix case of undefined behavior in ceval.c
- Do not expose KeyWrapper in _functools.
- Ensure that tracing, sys.setrace(), is turned on
immediately. In pre-release versions of 3.11, some tracing
events might have been lost when turning on tracing in a
__del__ method or interrupt.
- Fix use after free in trace refs build mode. Patch by Kumar
Aditya.
- When loading a file with invalid UTF-8 inside a multi-line
string, a correct SyntaxError is emitted.
- Make sure that incomplete frames do not show up in
tracemalloc traces.
- Remove two cases of undefined behavior, by adding NULL
checks.
- Fix possible NULL pointer dereference in
_PyThread_CurrentFrames. Patch by Kumar Aditya.
- Fix AttributeError missing name and obj attributes in
object.__getattribute__(). Patch by Philip Georgi.
- Loading a file with invalid UTF-8 will now report the broken
character at the correct location.
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes. Patch by Pablo Galindo
- Fix a deadlock in PyGILState_Ensure() when allocating new
thread state. Patch by Kumar Aditya.
- PyType_Ready() now initializes ht_cached_keys and performs
additional checks to ensure that type objects are properly
configured. This avoids crashes in 3rd party packages that
don’t use regular API to create new types.
- Skip over incomplete frames in PyThreadState_GetFrame().
- Fix format string in _PyPegen_raise_error_known_location that
can lead to memory corruption on some 64bit systems. The
function was building a tuple with i (int) instead of n
(Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- Fix incorrect error message in the io module.
- Fix the faulthandler implementation of
faulthandler.register(signal, chain=True) if the sigaction()
function is not available: don’t call the previous signal
handler if it’s NULL. Patch by Victor Stinner.
- Correct conversion of numbers.Rational’s to float.
- Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not
raised when using more than one TypeVarTuple, like [*T, *V]
in type alias substitutions.
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
reference to the created task, so that it’s not garbage
collected
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Fix incorrect condition that causes sys.thread_info.name to
be wrong on pthread platforms.
- Remove an incompatible change from bpo-28080 that caused a
regression that ignored the utf8 in ZipInfo.flag_bits. Patch
by Pablo Galindo.
- Fix asyncio.Runner to call asyncio.set_event_loop() only
once to avoid calling attach_loop() multiple times on child
watchers. Patch by Kumar Aditya.
- Fix unittest.IsolatedAsyncioTestCase to set event loop before
calling setup functions. Patch by Kumar Aditya.
- When a task catches asyncio.CancelledError and raises some
other error, the other error should generally not silently be
suppressed.
- Fail gracefully if EPERM or ENOSYS is raised when loading
crypt methods. This may happen when trying to load MD5 on a
Linux kernel with FIPS enabled.
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
by multiple tasks. Patch by Kumar Aditya.
- Fix ast.unparse() when ImportFrom.level is None
- Improve discoverability of the higher level
concurrent.futures module by providing clearer links from the
lower level threading and multiprocessing modules.
- What’s New 3.11 now has instructions for how to provide
compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7
and CentOS 7.
- Mitigate the inherent race condition from using
find_unused_port() in testSockName() by trying to find an
unused port a few times before failing. Patch by Ross Burton.
- Build and test with OpenSSL 1.1.1q
- Use support-expat-CVE-2022-25236-patched.patch from the current
version of gh#python/cpython#93900 instead of the old
support-expat-245.patch.
- Reapply fix_configure_rst.patch.
Request History
mcepl created request
- Update to 3.11.0rc2:
- Converting between int and str in bases other than 2
(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
10 (decimal) now raises a ValueError if the number of digits
in string form is above a limit to avoid potential denial of
service attacks due to the algorithmic complexity. This is
a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment
variable, command line flag, or sys APIs. See the integer
string conversion length limitation documentation. The
default limit is 4300 digits in string form.
- Fix case of undefined behavior in ceval.c
- Do not expose KeyWrapper in _functools.
- Ensure that tracing, sys.setrace(), is turned on
immediately. In pre-release versions of 3.11, some tracing
events might have been lost when turning on tracing in a
__del__ method or interrupt.
- Fix use after free in trace refs build mode. Patch by Kumar
Aditya.
- When loading a file with invalid UTF-8 inside a multi-line
string, a correct SyntaxError is emitted.
- Make sure that incomplete frames do not show up in
tracemalloc traces.
- Remove two cases of undefined behavior, by adding NULL
checks.
- Fix possible NULL pointer dereference in
_PyThread_CurrentFrames. Patch by Kumar Aditya.
- Fix AttributeError missing name and obj attributes in
object.__getattribute__(). Patch by Philip Georgi.
- Loading a file with invalid UTF-8 will now report the broken
character at the correct location.
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes. Patch by Pablo Galindo
- Fix a deadlock in PyGILState_Ensure() when allocating new
thread state. Patch by Kumar Aditya.
- PyType_Ready() now initializes ht_cached_keys and performs
additional checks to ensure that type objects are properly
configured. This avoids crashes in 3rd party packages that
don’t use regular API to create new types.
- Skip over incomplete frames in PyThreadState_GetFrame().
- Fix format string in _PyPegen_raise_error_known_location that
can lead to memory corruption on some 64bit systems. The
function was building a tuple with i (int) instead of n
(Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- Fix incorrect error message in the io module.
- Fix the faulthandler implementation of
faulthandler.register(signal, chain=True) if the sigaction()
function is not available: don’t call the previous signal
handler if it’s NULL. Patch by Victor Stinner.
- Correct conversion of numbers.Rational’s to float.
- Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not
raised when using more than one TypeVarTuple, like [*T, *V]
in type alias substitutions.
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
reference to the created task, so that it’s not garbage
collected
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Fix incorrect condition that causes sys.thread_info.name to
be wrong on pthread platforms.
- Remove an incompatible change from bpo-28080 that caused a
regression that ignored the utf8 in ZipInfo.flag_bits. Patch
by Pablo Galindo.
- Fix asyncio.Runner to call asyncio.set_event_loop() only
once to avoid calling attach_loop() multiple times on child
watchers. Patch by Kumar Aditya.
- Fix unittest.IsolatedAsyncioTestCase to set event loop before
calling setup functions. Patch by Kumar Aditya.
- When a task catches asyncio.CancelledError and raises some
other error, the other error should generally not silently be
suppressed.
- Fail gracefully if EPERM or ENOSYS is raised when loading
crypt methods. This may happen when trying to load MD5 on a
Linux kernel with FIPS enabled.
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
by multiple tasks. Patch by Kumar Aditya.
- Fix ast.unparse() when ImportFrom.level is None
- Improve discoverability of the higher level
concurrent.futures module by providing clearer links from the
lower level threading and multiprocessing modules.
- What’s New 3.11 now has instructions for how to provide
compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7
and CentOS 7.
- Mitigate the inherent race condition from using
find_unused_port() in testSockName() by trying to find an
unused port a few times before failing. Patch by Ross Burton.
- Build and test with OpenSSL 1.1.1q
- Use support-expat-CVE-2022-25236-patched.patch from the current
version of gh#python/cpython#93900 instead of the old
support-expat-245.patch.
- Reapply fix_configure_rst.patch.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar_suse added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:40"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:adi:40"
dimstar accepted review
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:adi:40 got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:adi:40 got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:adi:40 got accepted.
