Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-95913: Forward-port int/str security change to 3.11 What's New in main #98344

Merged
merged 1 commit into from
Oct 17, 2022
Merged

gh-95913: Forward-port int/str security change to 3.11 What's New in main #98344

merged 1 commit into from
Oct 17, 2022

Conversation

CAM-Gerlach
Copy link
Member

@CAM-Gerlach CAM-Gerlach commented Oct 16, 2022
edited
Loading

Part of #95913
Forward port of #96500, which was a backport of #96499, to resolve #95778

This adds the What's New entry for the int/str conversion security change. As @gpshead was author of the original changes, I added him as a co-author to the commit.

This addition to the Python 3.11 What's New document were only made to the Python 3.11 branch during the backport process, and not added to the version in main. Forward-porting it ensures the docs retain these additions for the future, rather than being lost in a legacy Python versions, allows it to be be edited as part of #95913 , and avoids merge conflicts with routine back-ports of PRs touching it.

I've pulled in the addition exactly as-is with no modifications; any editing will be done in future PRs (and therefore can be reviewed and backported accordingly).

The one other such addition is forward-ported in PR #98345

@bedevere-bot bedevere-bot added awaiting review docs Documentation in the Doc dir skip news labels Oct 16, 2022
@CAM-Gerlach CAM-Gerlach mentioned this pull request Oct 16, 2022
Merged
@CAM-Gerlach CAM-Gerlach added 3.11 only security fixes needs backport to 3.11 only security fixes and removed needs backport to 3.11 only security fixes labels Oct 16, 2022
@CAM-Gerlach CAM-Gerlach mentioned this pull request Oct 16, 2022
Closed
33 tasks
@gpshead gpshead merged commit bb38b39 into python:main Oct 17, 2022
miss-islington pushed a commit that referenced this pull request Oct 17, 2022
@CAM-Gerlach
gh-95913: Move subinterpreter exper removal to 3.11 WhatsNew (GH-98345)
5fe0431 
Part of #95913
Forward port of #93306, which was a backport of #93185, to address #84694

This adds the What's New entry for the removal of the subinterpreter-related env variable, build-time flag, etc. As @ericsnowcurrently  was author of the original changes, I added him as a co-author to the commit.

This addition to the Python 3.11 What's New document were only made to the Python 3.11 branch during the backport process, and not added to the version in `main`. Forward-porting it ensures the docs retain these additions for the future, rather than being lost in a legacy Python versions, allows it to be be edited as part of #95913 , and avoids merge conflicts with routine back-ports of PRs touching it.

I've pulled in the addition exactly as-is with no modifications; any editing will be done in future PRs (and therefore can be reviewed and backported accordingly).

The one other such addition is forward-ported in #98344
carljm added a commit to carljm/cpython that referenced this pull request Oct 17, 2022
@carljm
Merge branch 'main' into typewatch
cdbe93b 
* main: (31 commits)
  pythongh-95913: Move subinterpreter exper removal to 3.11 WhatsNew (pythonGH-98345)
  pythongh-95914: Add What's New item describing PEP 670 changes (python#98315)
  Remove unused arrange_output_buffer function from zlibmodule.c. (pythonGH-98358)
  pythongh-98174: Handle EPROTOTYPE under macOS in test_sendfile_fallback_close_peer_in_the_middle_of_receiving (python#98316)
  pythonGH-98327: Reduce scope of catch_warnings() in _make_subprocess_transport (python#98333)
  pythongh-93691: Compiler's code-gen passes location around instead of holding it on the global compiler state (pythonGH-98001)
  pythongh-97669: Create Tools/build/ directory (python#97963)
  pythongh-95534: Improve gzip reading speed by 10% (python#97664)
  pythongh-95913: Forward-port int/str security change to 3.11 What's New in main (python#98344)
  pythonGH-91415: Mention alphabetical sort ordering in the Sorting HOWTO (pythonGH-98336)
  pythongh-97930: Merge with importlib_resources 5.9 (pythonGH-97929)
  pythongh-85525: Remove extra row in doc (python#98337)
  pythongh-85299: Add note warning about entry point guard for asyncio example (python#93457)
  pythongh-97527: IDLE - fix buggy macosx patch (python#98313)
  pythongh-98307: Add docstring and documentation for SysLogHandler.createSocket (pythonGH-98319)
  pythongh-94808: Cover `PyFunction_GetCode`, `PyFunction_GetGlobals`, `PyFunction_GetModule` (python#98158)
  pythonGH-94597: Deprecate child watcher getters and setters (python#98215)
  pythongh-98254: Include stdlib module names in error messages for NameErrors (python#98255)
  Improve speed. Reduce auxiliary memory to 16.6% of the main array. (pythonGH-98294)
  [doc] Update logging cookbook with an example of custom handling of levels. (pythonGH-98290)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead gpshead approved these changes

@tiran tiran Awaiting requested review from tiran

@ezio-melotti ezio-melotti Awaiting requested review from ezio-melotti

Assignees
No one assigned
Labels
3.11 only security fixes docs Documentation in the Doc dir skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2020-10735: Prevent DoS by large int<->str conversions
3 participants
@CAM-Gerlach @gpshead @bedevere-bot