diff --git a/Include/patchlevel.h b/Include/patchlevel.h index 4060b9ac45f30a3e8192ce11fab0261e02816aac..379930fd7aa0c9c43c408a4e5bc1621068b6ec1c 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -18,12 +18,12 @@ /*--start constants--*/ #define PY_MAJOR_VERSION 3 #define PY_MINOR_VERSION 7 -#define PY_MICRO_VERSION 13 +#define PY_MICRO_VERSION 14 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL #define PY_RELEASE_SERIAL 0 /* Version as a string */ -#define PY_VERSION "3.7.13+" +#define PY_VERSION "3.7.14" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py index b532fec0d1b54786e39e45287160e7531ad19e42..9a7c705f230fbf05309c73fca404180e95809e20 100644 --- a/Lib/pydoc_data/topics.py +++ b/Lib/pydoc_data/topics.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Autogenerated by Sphinx on Wed Mar 16 09:24:05 2022 +# Autogenerated by Sphinx on Tue Sep 6 02:37:38 2022 topics = {'assert': 'The "assert" statement\n' '**********************\n' '\n' @@ -7799,31 +7799,7 @@ ' still alive. Example:\n' '\n' ' >>> int.__subclasses__()\n' - " [<class 'bool'>]\n" - '\n' - '-[ Footnotes ]-\n' - '\n' - '[1] Additional information on these special methods may be ' - 'found in\n' - ' the Python Reference Manual (Basic customization).\n' - '\n' - '[2] As a consequence, the list "[1, 2]" is considered equal ' - 'to "[1.0,\n' - ' 2.0]", and similarly for tuples.\n' - '\n' - '[3] They must have since the parser can’t tell the type of ' - 'the\n' - ' operands.\n' - '\n' - '[4] Cased characters are those with general category ' - 'property being\n' - ' one of “Lu” (Letter, uppercase), “Ll” (Letter, ' - 'lowercase), or “Lt”\n' - ' (Letter, titlecase).\n' - '\n' - '[5] To format only a tuple you should therefore provide a ' - 'singleton\n' - ' tuple whose only element is the tuple to be formatted.\n', + " [<class 'bool'>]\n", 'specialnames': 'Special method names\n' '********************\n' '\n' diff --git a/Misc/NEWS.d/3.7.14.rst b/Misc/NEWS.d/3.7.14.rst new file mode 100644 index 0000000000000000000000000000000000000000..b5f00afca07c08873952566ddd9d6c13be11931a --- /dev/null +++ b/Misc/NEWS.d/3.7.14.rst @@ -0,0 +1,112 @@ +.. date: 2022-08-07-16-53-38 +.. gh-issue: 95778 +.. nonce: ch010gps +.. release date: 2022-09-06 +.. section: Security + +Converting between :class:`int` and :class:`str` in bases other than 2 +(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) +now raises a :exc:`ValueError` if the number of digits in string form is +above a limit to avoid potential denial of service attacks due to the +algorithmic complexity. This is a mitigation for `CVE-2020-10735 +<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_. + +This new limit can be configured or disabled by environment variable, +command line flag, or :mod:`sys` APIs. See the :ref:`integer string +conversion length limitation <int_max_str_digits>` documentation. The +default limit is 4300 digits in string form. + +Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with +feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and +Mark Dickinson. + +.. + +.. date: 2022-06-15-20-09-23 +.. gh-issue: 87389 +.. nonce: QVaC3f +.. section: Security + +:mod:`http.server`: Fix an open redirection vulnerability in the HTTP server +when an URI path starts with ``//``. Vulnerability discovered, and initial +fix proposed, by Hamza Avvan. + +.. + +.. date: 2022-05-21-23-21-37 +.. gh-issue: 93065 +.. nonce: 5I18WC +.. section: Core and Builtins + +Fix contextvars HAMT implementation to handle iteration over deep trees. + +The bug was discovered and fixed by Eli Libman. See +`MagicStack/immutables#84 +<https://github.com/MagicStack/immutables/issues/84>`_ for more details. + +.. + +.. bpo: 36073 +.. date: 2019-06-22-11-01-45 +.. nonce: ED8mB9 +.. section: Library + +Raise :exc:`~sqlite3.ProgrammingError` instead of segfaulting on recursive +usage of cursors in :mod:`sqlite3` converters. Patch by Sergey Fedoseev. + +.. + +.. date: 2022-04-24-22-09-31 +.. gh-issue: 91888 +.. nonce: kTjJLx +.. section: Documentation + +Add a new ``gh`` role to the documentation to link to GitHub issues. + +.. + +.. bpo: 47138 +.. date: 2022-03-28-12-39-20 +.. nonce: TEZRwC +.. section: Documentation + +Pin Jinja to a version compatible with Sphinx version 2.3.1. + +.. + +.. date: 2022-06-27-21-27-20 +.. gh-issue: 94208 +.. nonce: VR6HX- +.. section: Tests + +``test_ssl`` is now checking for supported TLS version and protocols in more +tests. + +.. + +.. bpo: 47016 +.. date: 2022-03-14-23-28-17 +.. nonce: K-t2QX +.. section: Tests + +Create a GitHub Actions workflow for verifying bundled pip and setuptools. +Patch by Illia Volochii and Adam Turner. + +.. + +.. bpo: 41306 +.. date: 2020-08-03-13-44-37 +.. nonce: VDoWXI +.. section: Tests + +Fixed a failure in ``test_tk.test_widgets.ScaleTest`` happening when +executing the test with Tk 8.6.10. + +.. + +.. bpo: 47194 +.. date: 2022-04-01-14-57-40 +.. nonce: IB0XL4 +.. section: Windows + +Update ``zlib`` to v1.2.12 to resolve CVE-2018-25032. diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst b/Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst deleted file mode 100644 index ea801653f75025c6747f09518800da59d72ff0da..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Core and Builtins/2022-05-21-23-21-37.gh-issue-93065.5I18WC.rst +++ /dev/null @@ -1,5 +0,0 @@ -Fix contextvars HAMT implementation to handle iteration over deep trees. - -The bug was discovered and fixed by Eli Libman. See -`MagicStack/immutables#84 <https://github.com/MagicStack/immutables/issues/84>`_ -for more details. diff --git a/Misc/NEWS.d/next/Documentation/2022-03-28-12-39-20.bpo-47138.TEZRwC.rst b/Misc/NEWS.d/next/Documentation/2022-03-28-12-39-20.bpo-47138.TEZRwC.rst deleted file mode 100644 index aa3ed79d5e29c78196c14af00a9d6cb42a6e2463..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Documentation/2022-03-28-12-39-20.bpo-47138.TEZRwC.rst +++ /dev/null @@ -1 +0,0 @@ -Pin Jinja to a version compatible with Sphinx version 2.3.1. diff --git a/Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst b/Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst deleted file mode 100644 index 4ebca42a7fec5b782f861e2892f085c6c990d5fd..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Documentation/2022-04-24-22-09-31.gh-issue-91888.kTjJLx.rst +++ /dev/null @@ -1 +0,0 @@ -Add a new ``gh`` role to the documentation to link to GitHub issues. diff --git a/Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst b/Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst deleted file mode 100644 index 6c214d8191601c3271a9410b256dd0479cb7b395..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Library/2019-06-22-11-01-45.bpo-36073.ED8mB9.rst +++ /dev/null @@ -1,2 +0,0 @@ -Raise :exc:`~sqlite3.ProgrammingError` instead of segfaulting on recursive -usage of cursors in :mod:`sqlite3` converters. Patch by Sergey Fedoseev. diff --git a/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst b/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst deleted file mode 100644 index 029d437190deb5b0b8dedfa537f957ec40379e28..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst +++ /dev/null @@ -1,3 +0,0 @@ -:mod:`http.server`: Fix an open redirection vulnerability in the HTTP server -when an URI path starts with ``//``. Vulnerability discovered, and initial -fix proposed, by Hamza Avvan. diff --git a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst b/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst deleted file mode 100644 index 8eb8a34884dcedd80033560990fe83d41c493f35..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst +++ /dev/null @@ -1,14 +0,0 @@ -Converting between :class:`int` and :class:`str` in bases other than 2 -(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now -raises a :exc:`ValueError` if the number of digits in string form is above a -limit to avoid potential denial of service attacks due to the algorithmic -complexity. This is a mitigation for `CVE-2020-10735 -<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_. - -This new limit can be configured or disabled by environment variable, command -line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion length -limitation <int_max_str_digits>` documentation. The default limit is 4300 -digits in string form. - -Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback -from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson. diff --git a/Misc/NEWS.d/next/Tests/2020-08-03-13-44-37.bpo-41306.VDoWXI.rst b/Misc/NEWS.d/next/Tests/2020-08-03-13-44-37.bpo-41306.VDoWXI.rst deleted file mode 100644 index 5e9ba2d8a27417e71a23268a60b445d95ed4f1e3..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Tests/2020-08-03-13-44-37.bpo-41306.VDoWXI.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed a failure in ``test_tk.test_widgets.ScaleTest`` happening when executing the test with Tk 8.6.10. diff --git a/Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst b/Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst deleted file mode 100644 index 774bfafc021efc03bcc0ed1a65f382a9c3a7ab3d..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Tests/2022-03-14-23-28-17.bpo-47016.K-t2QX.rst +++ /dev/null @@ -1,2 +0,0 @@ -Create a GitHub Actions workflow for verifying bundled pip and setuptools. -Patch by Illia Volochii and Adam Turner. diff --git a/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst b/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst deleted file mode 100644 index d0f970ad286b1d0e678c7bfc5a50cba75bc2c6a6..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst +++ /dev/null @@ -1,2 +0,0 @@ -``test_ssl`` is now checking for supported TLS version and protocols in more -tests. diff --git a/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst b/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst deleted file mode 100644 index 7e76add45fa953bd7620a1df55eb043d18f8c9d6..0000000000000000000000000000000000000000 --- a/Misc/NEWS.d/next/Windows/2022-04-01-14-57-40.bpo-47194.IB0XL4.rst +++ /dev/null @@ -1 +0,0 @@ -Update ``zlib`` to v1.2.12 to resolve CVE-2018-25032. diff --git a/README.rst b/README.rst index 7524816bda1b818ad6933d8cb3631043a072d5e0..090d65bee0dbe02c07bf7077affbf5d136204561 100644 --- a/README.rst +++ b/README.rst @@ -1,5 +1,5 @@ -This is Python version 3.7.13+ -============================== +This is Python version 3.7.14 +============================= .. image:: https://travis-ci.org/python/cpython.svg?branch=3.7 :alt: CPython build status on Travis CI @@ -24,7 +24,7 @@ General Information - Website: https://www.python.org - Source code: https://github.com/python/cpython -- Issue tracker: https://bugs.python.org +- Issue tracker: https://github.com/python/cpython/issues/ - Documentation: https://docs.python.org - Developer's Guide: https://devguide.python.org/ @@ -185,7 +185,7 @@ example, if ``test_os`` and ``test_gdb`` failed, you can run:: make test TESTOPTS="-v test_os test_gdb" If the failure persists and appears to be a problem with Python rather than -your environment, you can `file a bug report <https://bugs.python.org>`_ and +your environment, you can `file a bug report <https://github.com/python/cpython/issues/>`_ and include relevant output from that command to show the issue. See `Running & Writing Tests <https://devguide.python.org/runtests/>`_ @@ -214,7 +214,7 @@ Issue Tracker and Mailing List ------------------------------ Bug reports are welcome! You can use the `issue tracker -<https://bugs.python.org>`_ to report bugs, and/or submit pull requests `on +<https://github.com/python/cpython/issues/>`_ to report bugs, and/or submit pull requests `on GitHub <https://github.com/python/cpython>`_. You can also follow development discussion on the `python-dev mailing list diff --git a/configure b/configure index 455481bc5005c3bb186ddebc8fbd067f92748058..f56a9c5b8a30d22d4f23d016f50b71cf8f73f642 100755 --- a/configure +++ b/configure @@ -2,7 +2,7 @@ # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for python 3.7. # -# Report bugs to <https://bugs.python.org/>. +# Report bugs to <https://github.com/python/cpython/issues/>. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -267,7 +267,7 @@ fi $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and -$0: https://bugs.python.org/ about your system, including +$0: https://github.com/python/cpython/issues/ about your system, including $0: any error possibly output before this message. Then $0: install a modern shell, or manually run the script $0: under such a shell if you do have one." @@ -582,7 +582,7 @@ PACKAGE_NAME='python' PACKAGE_TARNAME='python' PACKAGE_VERSION='3.7' PACKAGE_STRING='python 3.7' -PACKAGE_BUGREPORT='https://bugs.python.org/' +PACKAGE_BUGREPORT='https://github.com/python/cpython/issues/' PACKAGE_URL='' ac_unique_file="Include/object.h" @@ -1568,7 +1568,7 @@ Some influential environment variables: Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. -Report bugs to <https://bugs.python.org/>. +Report bugs to <https://github.com/python/cpython/issues/>. _ACEOF ac_status=$? fi @@ -1837,7 +1837,7 @@ $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" > { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## --------------------------------------- ## -## Report this to https://bugs.python.org/ ## +## Report this to https://github.com/python/cpython/issues/ ## ## --------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; @@ -17941,7 +17941,7 @@ $config_files Configuration headers: $config_headers -Report bugs to <https://bugs.python.org/>." +Report bugs to <https://github.com/python/cpython/issues/>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 diff --git a/configure.ac b/configure.ac index 1afcba3307ade9727ce807acc1d2dfd34ddc84c0..edd2051c9e8d0f600c62edc0f3bb899649dcc834 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ m4_define(PYTHON_VERSION, 3.7) AC_PREREQ(2.65) -AC_INIT(python, PYTHON_VERSION, https://bugs.python.org/) +AC_INIT(python, PYTHON_VERSION, https://github.com/python/cpython/issues/) AC_CONFIG_MACRO_DIR(m4)