1.. date: 2022-08-07-16-53-38
2.. gh-issue: 95778
3.. nonce: ch010gps
4.. release date: 2022-09-11
5.. section: Security
6
7Converting between :class:`int` and :class:`str` in bases other than 2
8(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal)
9now raises a :exc:`ValueError` if the number of digits in string form is
10above a limit to avoid potential denial of service attacks due to the
11algorithmic complexity. This is a mitigation for `CVE-2020-10735
12<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_.
13
14This new limit can be configured or disabled by environment variable,
15command line flag, or :mod:`sys` APIs. See the :ref:`integer string
16conversion length limitation <int_max_str_digits>` documentation.  The
17default limit is 4300 digits in string form.
18
19Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with
20feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and
21Mark Dickinson.
22
23..
24
25.. date: 2022-09-09-13-13-27
26.. gh-issue: 96678
27.. nonce: vMxi9F
28.. section: Core and Builtins
29
30Fix case of undefined behavior in ceval.c
31
32..
33
34.. date: 2022-09-07-13-38-37
35.. gh-issue: 96641
36.. nonce: wky0Fc
37.. section: Core and Builtins
38
39Do not expose ``KeyWrapper`` in :mod:`_functools`.
40
41..
42
43.. date: 2022-09-07-12-02-11
44.. gh-issue: 96636
45.. nonce: YvN-K6
46.. section: Core and Builtins
47
48Ensure that tracing, ``sys.setrace()``, is turned on immediately. In
49pre-release versions of 3.11, some tracing events might have been lost when
50turning on tracing in a ``__del__`` method or interrupt.
51
52..
53
54.. date: 2022-09-06-16-54-49
55.. gh-issue: 96572
56.. nonce: 8DRsaW
57.. section: Core and Builtins
58
59Fix use after free in trace refs build mode. Patch by Kumar Aditya.
60
61..
62
63.. date: 2022-09-06-16-22-13
64.. gh-issue: 96611
65.. nonce: 14wIX8
66.. section: Core and Builtins
67
68When loading a file with invalid UTF-8 inside a multi-line string, a correct
69SyntaxError is emitted.
70
71..
72
73.. date: 2022-09-06-14-26-36
74.. gh-issue: 96612
75.. nonce: P4ZbeY
76.. section: Core and Builtins
77
78Make sure that incomplete frames do not show up in tracemalloc traces.
79
80..
81
82.. date: 2022-09-05-16-43-44
83.. gh-issue: 96569
84.. nonce: 9lmTCC
85.. section: Core and Builtins
86
87Remove two cases of undefined behavior, by adding NULL checks.
88
89..
90
91.. date: 2022-09-05-15-07-25
92.. gh-issue: 96582
93.. nonce: HEsL5s
94.. section: Core and Builtins
95
96Fix possible ``NULL`` pointer dereference in ``_PyThread_CurrentFrames``.
97Patch by Kumar Aditya.
98
99..
100
101.. date: 2022-08-28-10-51-19
102.. gh-issue: 96352
103.. nonce: jTLD2d
104.. section: Core and Builtins
105
106Fix :exc:`AttributeError` missing ``name`` and ``obj`` attributes in
107:meth:`object.__getattribute__`. Patch by Philip Georgi.
108
109..
110
111.. date: 2022-08-25-10-19-34
112.. gh-issue: 96268
113.. nonce: AbYrLB
114.. section: Core and Builtins
115
116Loading a file with invalid UTF-8 will now report the broken character at
117the correct location.
118
119..
120
121.. date: 2022-08-22-21-33-28
122.. gh-issue: 96187
123.. nonce: W_6SRG
124.. section: Core and Builtins
125
126Fixed a bug that caused ``_PyCode_GetExtra`` to return garbage for negative
127indexes. Patch by Pablo Galindo
128
129..
130
131.. date: 2022-08-19-06-51-17
132.. gh-issue: 96071
133.. nonce: mVgPAo
134.. section: Core and Builtins
135
136Fix a deadlock in :c:func:`PyGILState_Ensure` when allocating new thread
137state. Patch by Kumar Aditya.
138
139..
140
141.. date: 2022-08-18-13-47-59
142.. gh-issue: 96046
143.. nonce: 5Hqbka
144.. section: Core and Builtins
145
146:c:func:`PyType_Ready` now initializes ``ht_cached_keys`` and performs
147additional checks to ensure that type objects are properly configured. This
148avoids crashes in 3rd party packages that don't use regular API to create
149new types.
150
151..
152
153.. date: 2022-08-11-11-01-56
154.. gh-issue: 95818
155.. nonce: iClLdl
156.. section: Core and Builtins
157
158Skip over incomplete frames in :c:func:`PyThreadState_GetFrame`.
159
160..
161
162.. date: 2022-08-11-09-19-55
163.. gh-issue: 95876
164.. nonce: YpQfoV
165.. section: Core and Builtins
166
167Fix format string in ``_PyPegen_raise_error_known_location`` that can lead
168to memory corruption on some 64bit systems. The function was building a
169tuple with ``i`` (int) instead of ``n`` (Py_ssize_t) for Py_ssize_t
170arguments.
171
172..
173
174.. date: 2022-08-04-18-46-54
175.. gh-issue: 95605
176.. nonce: FbpCoG
177.. section: Core and Builtins
178
179Fix misleading contents of error message when converting an all-whitespace
180string to :class:`float`.
181
182..
183
184.. date: 2022-07-19-04-34-56
185.. gh-issue: 94996
186.. nonce: dV564A
187.. section: Core and Builtins
188
189:func:`ast.parse` will no longer parse function definitions with
190positional-only params when passed ``feature_version`` less than ``(3, 8)``.
191Patch by Shantanu Jain.
192
193..
194
195.. date: 2022-09-08-23-23-24
196.. gh-issue: 96700
197.. nonce: J0MQGK
198.. section: Library
199
200Fix incorrect error message in the :mod:`io` module.
201
202..
203
204.. date: 2022-09-07-22-49-37
205.. gh-issue: 96652
206.. nonce: YqOKxI
207.. section: Library
208
209Fix the faulthandler implementation of ``faulthandler.register(signal,
210chain=True)`` if the ``sigaction()`` function is not available: don't call
211the previous signal handler if it's NULL. Patch by Victor Stinner.
212
213..
214
215.. date: 2022-09-04-12-32-52
216.. gh-issue: 68163
217.. nonce: h6TJCc
218.. section: Library
219
220Correct conversion of :class:`numbers.Rational`'s to :class:`float`.
221
222..
223
224.. date: 2022-08-29-15-28-39
225.. gh-issue: 96385
226.. nonce: uLRTsf
227.. section: Library
228
229Fix ``TypeVarTuple.__typing_prepare_subst__``. ``TypeError`` was not raised
230when using more than one ``TypeVarTuple``, like ``[*T, *V]`` in type alias
231substitutions.
232
233..
234
235.. date: 2022-08-27-14-38-49
236.. gh-issue: 90467
237.. nonce: VOOB0p
238.. section: Library
239
240Fix :class:`asyncio.streams.StreamReaderProtocol` to keep a strong reference
241to the created task, so that it's not garbage collected
242
243..
244
245.. date: 2022-08-22-18-42-17
246.. gh-issue: 96159
247.. nonce: 3bFU39
248.. section: Library
249
250Fix a performance regression in logging TimedRotatingFileHandler. Only check
251for special files when the rollover time has passed.
252
253..
254
255.. date: 2022-08-22-13-54-20
256.. gh-issue: 96175
257.. nonce: bH7zGU
258.. section: Library
259
260Fix unused ``localName`` parameter in the ``Attr`` class in
261:mod:`xml.dom.minidom`.
262
263..
264
265.. date: 2022-08-19-18-21-01
266.. gh-issue: 96125
267.. nonce: ODcF1Y
268.. section: Library
269
270Fix incorrect condition that causes ``sys.thread_info.name`` to be wrong on
271pthread platforms.
272
273..
274
275.. date: 2022-08-18-14-53-53
276.. gh-issue: 95463
277.. nonce: GpP05c
278.. section: Library
279
280Remove an incompatible change from :issue:`28080` that caused a regression
281that ignored the utf8 in ``ZipInfo.flag_bits``. Patch by Pablo Galindo.
282
283..
284
285.. date: 2022-08-11-18-52-17
286.. gh-issue: 95899
287.. nonce: _Bi4uG
288.. section: Library
289
290Fix :class:`asyncio.Runner` to call :func:`asyncio.set_event_loop` only once
291to avoid calling :meth:`~asyncio.AbstractChildWatcher.attach_loop` multiple
292times on child watchers. Patch by Kumar Aditya.
293
294..
295
296.. date: 2022-08-11-18-22-29
297.. gh-issue: 95736
298.. nonce: LzRZXe
299.. section: Library
300
301Fix :class:`unittest.IsolatedAsyncioTestCase` to set event loop before
302calling setup functions. Patch by Kumar Aditya.
303
304..
305
306.. date: 2022-08-08-01-42-11
307.. gh-issue: 95704
308.. nonce: MOPFfX
309.. section: Library
310
311When a task catches :exc:`asyncio.CancelledError` and raises some other
312error, the other error should generally not silently be suppressed.
313
314..
315
316.. date: 2022-07-25-15-45-06
317.. gh-issue: 95231
318.. nonce: i807-g
319.. section: Library
320
321Fail gracefully if :data:`~errno.EPERM` or :data:`~errno.ENOSYS` is raised
322when loading :mod:`crypt` methods. This may happen when trying to load
323``MD5`` on a Linux kernel with :abbr:`FIPS (Federal Information Processing
324Standard)` enabled.
325
326..
327
328.. date: 2022-07-09-08-55-04
329.. gh-issue: 74116
330.. nonce: 0XwYC1
331.. section: Library
332
333Allow :meth:`asyncio.StreamWriter.drain` to be awaited concurrently by
334multiple tasks. Patch by Kumar Aditya.
335
336..
337
338.. date: 2022-05-19-22-34-42
339.. gh-issue: 92986
340.. nonce: e6uKxj
341.. section: Library
342
343Fix :func:`ast.unparse` when ``ImportFrom.level`` is None
344
345..
346
347.. date: 2022-08-19-17-07-45
348.. gh-issue: 96098
349.. nonce: nDp43u
350.. section: Documentation
351
352Improve discoverability of the higher level concurrent.futures module by
353providing clearer links from the lower level threading and multiprocessing
354modules.
355
356..
357
358.. date: 2022-08-13-20-34-51
359.. gh-issue: 95957
360.. nonce: W9ZZAx
361.. section: Documentation
362
363What's New 3.11 now has instructions for how to provide compiler and linker
364flags for Tcl/Tk and OpenSSL on RHEL 7 and CentOS 7.
365
366..
367
368.. date: 2022-08-22-14-59-42
369.. gh-issue: 95243
370.. nonce: DeD66V
371.. section: Tests
372
373Mitigate the inherent race condition from using find_unused_port() in
374testSockName() by trying to find an unused port a few times before failing.
375Patch by Ross Burton.
376
377..
378
379.. date: 2022-07-08-10-28-23
380.. gh-issue: 94682
381.. nonce: ZtGt_0
382.. section: Build
383
384Build and test with OpenSSL 1.1.1q
385
386..
387
388.. date: 2022-09-07-00-11-33
389.. gh-issue: 96577
390.. nonce: kV4K_1
391.. section: Windows
392
393Fixes a potential buffer overrun in :mod:`msilib`.
394
395..
396
397.. date: 2022-09-05-18-32-47
398.. gh-issue: 96559
399.. nonce: 561sUd
400.. section: Windows
401
402Fixes the Windows launcher not using the compatible interpretation of
403default tags found in configuration files when no tag was passed to the
404command.
405