1.. date: 2022-09-28-17-09-37
2.. gh-issue: 97616
3.. nonce: K1e3Xs
4.. release date: 2022-10-24
5.. section: Security
6
7Fix multiplying a list by an integer (``list *= int``): detect the integer
8overflow when the new allocated length is close to the maximum size. Issue
9reported by Jordan Limor.  Patch by Victor Stinner.
10
11..
12
13.. date: 2022-09-07-10-42-00
14.. gh-issue: 97514
15.. nonce: Yggdsl
16.. section: Security
17
18On Linux the :mod:`multiprocessing` module returns to using filesystem
19backed unix domain sockets for communication with the *forkserver* process
20instead of the Linux abstract socket namespace.  Only code that chooses to
21use the :ref:`"forkserver" start method <multiprocessing-start-methods>` is
22affected.
23
24Abstract sockets have no permissions and could allow any user on the system
25in the same `network namespace
26<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often
27the whole system) to inject code into the multiprocessing *forkserver*
28process. This was a potential privilege escalation. Filesystem based socket
29permissions restrict this to the *forkserver* process user as was the
30default in Python 3.8 and earlier.
31
32This prevents Linux `CVE-2022-42919
33<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
34
35..
36
37.. date: 2022-10-06-02-11-34
38.. gh-issue: 97002
39.. nonce: Zvsk71
40.. section: Core and Builtins
41
42Fix an issue where several frame objects could be backed by the same
43interpreter frame, possibly leading to corrupted memory and hard crashes of
44the interpreter.
45
46..
47
48.. date: 2022-10-03-13-35-48
49.. gh-issue: 97752
50.. nonce: 0xTjJY
51.. section: Core and Builtins
52
53Fix possible data corruption or crashes when accessing the ``f_back`` member
54of newly-created generator or coroutine frames.
55
56..
57
58.. date: 2022-09-21-16-06-37
59.. gh-issue: 96975
60.. nonce: BmE0XY
61.. section: Core and Builtins
62
63Fix a crash occurring when :c:func:`PyEval_GetFrame` is called while the
64topmost Python frame is in a partially-initialized state.
65
66..
67
68.. date: 2022-09-21-14-38-31
69.. gh-issue: 96848
70.. nonce: WuoLzU
71.. section: Core and Builtins
72
73Fix command line parsing: reject :option:`-X int_max_str_digits <-X>` option
74with no value (invalid) when the :envvar:`PYTHONINTMAXSTRDIGITS` environment
75variable is set to a valid limit. Patch by Victor Stinner.
76
77..
78
79.. date: 2022-09-18-08-47-40
80.. gh-issue: 96821
81.. nonce: Co2iOq
82.. section: Core and Builtins
83
84Fix undefined behaviour in ``_testcapimodule.c``.
85
86..
87
88.. date: 2022-09-16-19-02-40
89.. gh-issue: 95778
90.. nonce: cJmnst
91.. section: Core and Builtins
92
93When :exc:`ValueError` is raised if an integer is larger than the limit,
94mention the :func:`sys.set_int_max_str_digits` function in the error
95message. Patch by Victor Stinner.
96
97..
98
99.. date: 2022-09-05-19-20-44
100.. gh-issue: 96587
101.. nonce: bVxhX2
102.. section: Core and Builtins
103
104Correctly raise ``SyntaxError`` on exception groups (:pep:`654`) on python
105versions prior to 3.11
106
107..
108
109.. bpo: 42316
110.. date: 2020-11-15-02-08-43
111.. nonce: LqdkWK
112.. section: Core and Builtins
113
114Document some places where an assignment expression needs parentheses.
115
116..
117
118.. date: 2022-10-16-15-31-50
119.. gh-issue: 98331
120.. nonce: Y5kPOX
121.. section: Library
122
123Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0
124respectively.
125
126..
127
128.. date: 2022-10-06-23-42-00
129.. gh-issue: 90985
130.. nonce: s280JY
131.. section: Library
132
133Earlier in 3.11 we deprecated ``asyncio.Task.cancel("message")``. We
134realized we were too harsh, and have undeprecated it.
135
136..
137
138.. date: 2022-09-25-23-24-52
139.. gh-issue: 97545
140.. nonce: HZLSNt
141.. section: Library
142
143Make Semaphore run faster.
144
145..
146
147.. date: 2022-09-24-18-56-23
148.. gh-issue: 96865
149.. nonce: o9WUkW
150.. section: Library
151
152fix Flag to use boundary CONFORM
153
154This restores previous Flag behavior of allowing flags with non-sequential
155values to be combined; e.g.
156
157class Skip(Flag):         TWO = 2         EIGHT = 8
158
159Skip.TWO | Skip.EIGHT -> <Skip.TWO|EIGHT: 10>
160
161..
162
163.. date: 2022-05-25-15-57-39
164.. gh-issue: 90155
165.. nonce: YMstB5
166.. section: Library
167
168Fix broken :class:`asyncio.Semaphore` when acquire is cancelled.
169
170..
171
172.. date: 2022-10-02-10-58-52
173.. gh-issue: 97741
174.. nonce: 39l023
175.. section: Documentation
176
177Fix ``!`` in c domain ref target syntax via a ``conf.py`` patch, so it works
178as intended to disable ref target resolution.
179
180..
181
182.. date: 2022-05-20-18-42-10
183.. gh-issue: 93031
184.. nonce: c2RdJe
185.. section: Documentation
186
187Update tutorial introduction output to use 3.10+ SyntaxError invalid range.
188
189..
190
191.. date: 2022-10-20-17-49-50
192.. gh-issue: 95027
193.. nonce: viRpJB
194.. section: Tests
195
196On Windows, when the Python test suite is run with the ``-jN`` option, the
197ANSI code page is now used as the encoding for the stdout temporary file,
198rather than using UTF-8 which can lead to decoding errors. Patch by Victor
199Stinner.
200
201..
202
203.. date: 2022-09-11-14-23-49
204.. gh-issue: 96729
205.. nonce: W4uBWL
206.. section: Build
207
208Ensure that Windows releases built with ``Tools\msi\buildrelease.bat`` are
209upgradable to and from official Python releases.
210
211..
212
213.. date: 2022-10-19-20-00-28
214.. gh-issue: 98360
215.. nonce: O2m6YG
216.. section: Windows
217
218Fixes :mod:`multiprocessing` spawning child processes on Windows from a
219virtual environment to ensure that child processes that also use
220:mod:`multiprocessing` to spawn more children will recognize that they are
221in a virtual environment.
222
223..
224
225.. date: 2022-10-19-19-35-37
226.. gh-issue: 98414
227.. nonce: FbHZuS
228.. section: Windows
229
230Fix :file:`py.exe` launcher handling of ``-V:<company>/`` option when
231default preferences have been set in environment variables or configuration
232files.
233
234..
235
236.. date: 2022-09-29-23-08-49
237.. gh-issue: 90989
238.. nonce: no89Q2
239.. section: Windows
240
241Clarify some text in the Windows installer.
242
243..
244
245.. date: 2022-10-05-15-26-58
246.. gh-issue: 97897
247.. nonce: Rf-C6u
248.. section: macOS
249
250The macOS 13 SDK includes support for the ``mkfifoat`` and ``mknodat``
251system calls. Using the ``dir_fd`` option with either :func:`os.mkfifo` or
252:func:`os.mknod` could result in a segfault if cpython is built with the
253macOS 13 SDK but run on an earlier version of macOS. Prevent this by adding
254runtime support for detection of these system calls ("weaklinking") as is
255done for other newer syscalls on macOS.
256