forked from pool/python310
- Update to 3.10.8:
- Fix multiplying a list by an integer (list *= int): detect
the integer overflow when the new allocated length is close
to the maximum size.
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. (originally
filed as CVE-2022-37460, later withdrawn)
- Fix command line parsing: reject -X int_max_str_digits option
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
environment variable is set to a valid limit.
- When ValueError is raised if an integer is larger than the
limit, mention the sys.set_int_max_str_digits() function in
the error message.
- The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell
commands. Instead of using such text, it will warn and act
as if a match was not found (or for test commands, as if the
test failed).
- os.sched_yield() now release the GIL while calling
sched_yield(2).
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
reference. It was returning a new reference.
- Fixed a missing incref/decref pair in
Exception.__setstate__().
- Fix overly-broad source position information for chained
comparisons used as branching conditions.
- Fix undefined behaviour in _testcapimodule.c.
- At Python exit, sometimes a thread holding the GIL can
wait forever for a thread (usually a daemon thread) which
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=61
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,114 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Update to 3.10.8:
|
||||
- Fix multiplying a list by an integer (list *= int): detect
|
||||
the integer overflow when the new allocated length is close
|
||||
to the maximum size.
|
||||
- Fix a shell code injection vulnerability in the
|
||||
get-remote-certificate.py example script. The script no
|
||||
longer uses a shell to run openssl commands. (originally
|
||||
filed as CVE-2022-37460, later withdrawn)
|
||||
- Fix command line parsing: reject -X int_max_str_digits option
|
||||
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
|
||||
environment variable is set to a valid limit.
|
||||
- When ValueError is raised if an integer is larger than the
|
||||
limit, mention the sys.set_int_max_str_digits() function in
|
||||
the error message.
|
||||
- The deprecated mailcap module now refuses to inject unsafe
|
||||
text (filenames, MIME types, parameters) into shell
|
||||
commands. Instead of using such text, it will warn and act
|
||||
as if a match was not found (or for test commands, as if the
|
||||
test failed).
|
||||
- os.sched_yield() now release the GIL while calling
|
||||
sched_yield(2).
|
||||
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
|
||||
reference. It was returning a new reference.
|
||||
- Fixed a missing incref/decref pair in
|
||||
Exception.__setstate__().
|
||||
- Fix overly-broad source position information for chained
|
||||
comparisons used as branching conditions.
|
||||
- Fix undefined behaviour in _testcapimodule.c.
|
||||
- At Python exit, sometimes a thread holding the GIL can
|
||||
wait forever for a thread (usually a daemon thread) which
|
||||
requested to drop the GIL, whereas the thread already
|
||||
exited. To fix the race condition, the thread which requested
|
||||
the GIL drop now resets its request before exiting.
|
||||
- Fix a possible assertion failure, fatal error, or SystemError
|
||||
if a line tracing event raises an exception while opcode
|
||||
tracing is enabled.
|
||||
- Fix undefined behaviour in C code of null pointer arithmetic.
|
||||
- Do not expose KeyWrapper in _functools.
|
||||
- When loading a file with invalid UTF-8 inside a multi-line
|
||||
string, a correct SyntaxError is emitted.
|
||||
- Disable incorrect pickling of the C implemented classmethod
|
||||
descriptors.
|
||||
- Fix AttributeError missing name and obj attributes in .
|
||||
object.__getattribute__() bpo-42316: Document some places .
|
||||
where an assignment expression needs parentheses .
|
||||
- Wrap network errors consistently in urllib FTP support, so
|
||||
the test suite doesn’t fail when a network is available but
|
||||
the public internet is not reachable.
|
||||
- Fixes AttributeError when subprocess.check_output() is used
|
||||
with argument input=None and either of the arguments encoding
|
||||
or errors are used.
|
||||
- Avoid spurious tracebacks from asyncio when default executor
|
||||
cleanup is delayed until after the event loop is closed (e.g.
|
||||
as the result of a keyboard interrupt).
|
||||
- Avoid a crash in the C version of
|
||||
asyncio.Future.remove_done_callback() when an evil argument
|
||||
is passed.
|
||||
- Remove tokenize.NL check from tabnanny.
|
||||
- Make Semaphore run faster.
|
||||
- Fix generation of the default name of
|
||||
tkinter.Checkbutton. Previously, checkbuttons in different
|
||||
parent widgets could have the same short name and share
|
||||
the same state if arguments “name” and “variable” are not
|
||||
specified. Now they are globally unique.
|
||||
- Update bundled libexpat to 2.4.9
|
||||
- Fix race condition in asyncio where process_exited() called
|
||||
before the pipe_data_received() leading to inconsistent
|
||||
output.
|
||||
- Fixed check in multiprocessing.resource_tracker that
|
||||
guarantees that the length of a write to a pipe is not
|
||||
greater than PIPE_BUF.
|
||||
- Corrected type annotation for dataclass attribute
|
||||
pstats.FunctionProfile.ncalls to be str.
|
||||
- Fix the faulthandler implementation of
|
||||
faulthandler.register(signal, chain=True) if the sigaction()
|
||||
function is not available: don’t call the previous signal
|
||||
handler if it’s NULL.
|
||||
- In inspect, fix overeager replacement of “typing.” in
|
||||
formatting annotations.
|
||||
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
|
||||
reference to the created task, so that it’s not garbage
|
||||
collected
|
||||
- Fix handling compiler warnings (SyntaxWarning and
|
||||
DeprecationWarning) in codeop.compile_command() when checking
|
||||
for incomplete input. Previously it emitted warnings and
|
||||
raised a SyntaxError. Now it always returns None for
|
||||
incomplete input without emitting any warnings.
|
||||
- Fixed flickering of the turtle window when the tracer is
|
||||
turned off.
|
||||
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
|
||||
by multiple tasks.
|
||||
- Fix broken asyncio.Semaphore when acquire is cancelled.
|
||||
- Fix ast.unparse() when ImportFrom.level is None
|
||||
- Improve performance of urllib.request.getproxies_environment
|
||||
when there are many environment variables
|
||||
- Fix ! in c domain ref target syntax via a conf.py patch, so
|
||||
it works as intended to disable ref target resolution.
|
||||
- Clarified the conflicting advice given in the ast
|
||||
documentation about ast.literal_eval() being “safe” for use
|
||||
on untrusted input while at the same time warning that it
|
||||
can crash the process. The latter statement is true and is
|
||||
deemed unfixable without a large amount of work unsuitable
|
||||
for a bugfix. So we keep the warning and no longer claim that
|
||||
literal_eval is safe.
|
||||
- Update tutorial introduction output to use 3.10+ SyntaxError
|
||||
invalid range.
|
||||
- Remove upstreamed test-int-timing.patch.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user