- Security
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
- Core and Builtins
- gh-104432: Fix potential unaligned memory access on C APIs
involving returned sequences of char * pointers within the grp
and socket modules. These were revealed using a
-fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
- gh-77377: Ensure that multiprocessing synchronization objects
created in a fork context are not sent to a different process
created in a spawn context. This changes a segfault into an
actionable RuntimeError in the parent process.
- gh-106092: Fix a segmentation fault caused by a use-after-free
bug in frame_dealloc when the trashcan delays the deallocation
of a PyFrameObject.
- gh-106719: No longer suppress arbitrary errors in the
__annotations__ getter and setter in the type and module types.
- gh-106723: Propagate frozen_modules to multiprocessing spawned
process interpreters.
- gh-105979: Fix crash in _imp.get_frozen_object() due to improper
exception handling.
- gh-105840: Fix possible crashes when specializing function calls
with too many __defaults__.
- gh-105588: Fix an issue that could result in crashes when
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=83
