From: Pablo Galindo Date: Tue, 3 Jun 2025 18:37:18 +0000 (+0100) Subject: Python 3.11.13 X-Git-Tag: v3.11.13^0 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=498b971ea3673012a1d4b21860b229d55fc6e575;p=thirdparty%2FPython%2Fcpython.git Python 3.11.13 --- diff --git a/Doc/library/os.path.rst b/Doc/library/os.path.rst index f08c1fe1aff3..38f5f73eb257 100644 --- a/Doc/library/os.path.rst +++ b/Doc/library/os.path.rst @@ -390,7 +390,7 @@ the :mod:`glob` module.) .. versionchanged:: 3.10 The *strict* parameter was added. - .. versionchanged:: next + .. versionchanged:: 3.11.13 The :py:data:`~os.path.ALLOW_MISSING` value for the *strict* parameter was added. @@ -398,7 +398,7 @@ the :mod:`glob` module.) Special value used for the *strict* argument in :func:`realpath`. - .. versionadded:: next + .. versionadded:: 3.11.13 .. function:: relpath(path, start=os.curdir) diff --git a/Doc/library/tarfile.rst b/Doc/library/tarfile.rst index f3907cc69f26..f1410a0bd9f3 100644 --- a/Doc/library/tarfile.rst +++ b/Doc/library/tarfile.rst @@ -246,7 +246,7 @@ The :mod:`tarfile` module defines the following exceptions: The exception that was raised to reject the replacement member is available as :attr:`!BaseException.__context__`. - .. versionadded:: next + .. versionadded:: 3.11.13 The following constants are available at the module level: @@ -1080,7 +1080,7 @@ reused in custom filters: Return the modified ``TarInfo`` member. - .. versionchanged:: next + .. versionchanged:: 3.11.13 Link targets are now normalized. diff --git a/Include/patchlevel.h b/Include/patchlevel.h index cc19379d757b..8603d0634cb5 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -18,12 +18,12 @@ /*--start constants--*/ #define PY_MAJOR_VERSION 3 #define PY_MINOR_VERSION 11 -#define PY_MICRO_VERSION 12 +#define PY_MICRO_VERSION 13 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL #define PY_RELEASE_SERIAL 0 /* Version as a string */ -#define PY_VERSION "3.11.12+" +#define PY_VERSION "3.11.13" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py index 5923317295ad..0edb31b1d27a 100644 --- a/Lib/pydoc_data/topics.py +++ b/Lib/pydoc_data/topics.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Autogenerated by Sphinx on Tue Apr 8 15:15:17 2025 +# Autogenerated by Sphinx on Tue Jun 3 19:38:08 2025 # as part of the release process. topics = {'assert': 'The "assert" statement\n' '**********************\n' diff --git a/Misc/NEWS.d/3.11.13.rst b/Misc/NEWS.d/3.11.13.rst new file mode 100644 index 000000000000..e3494c2554a2 --- /dev/null +++ b/Misc/NEWS.d/3.11.13.rst @@ -0,0 +1,72 @@ +.. date: 2025-06-02-11-32-23 +.. gh-issue: 135034 +.. nonce: RLGjbp +.. release date: 2025-06-03 +.. section: Security + +Fixes multiple issues that allowed ``tarfile`` extraction filters +(``filter="data"`` and ``filter="tar"``) to be bypassed using crafted +symlinks and hard links. + +Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517. + +.. + +.. date: 2025-05-09-20-22-54 +.. gh-issue: 133767 +.. nonce: kN2i3Q +.. section: Security + +Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error +handler. + +.. + +.. date: 2025-01-14-11-19-07 +.. gh-issue: 128840 +.. nonce: M1doZW +.. section: Security + +Short-circuit the processing of long IPv6 addresses early in +:mod:`ipaddress` to prevent excessive memory consumption and a minor +denial-of-service. + +.. + +.. date: 2025-05-28-15-53-27 +.. gh-issue: 128840 +.. nonce: Nur2pB +.. section: Library + +Fix parsing long IPv6 addresses with embedded IPv4 address. + +.. + +.. date: 2025-05-15-14-27-01 +.. gh-issue: 134062 +.. nonce: fRbJet +.. section: Library + +:mod:`ipaddress`: fix collisions in :meth:`~object.__hash__` for +:class:`~ipaddress.IPv4Network` and :class:`~ipaddress.IPv6Network` objects. + +.. + +.. date: 2024-08-28-13-03-36 +.. gh-issue: 123409 +.. nonce: lW0YF- +.. section: Library + +Fix :attr:`ipaddress.IPv6Address.reverse_pointer` output according to +:rfc:`RFC 3596, §2.5 <3596#section-2.5>`. Patch by Bénédikt Tran. + +.. + +.. bpo: 43633 +.. date: 2021-10-31-16-06-28 +.. nonce: vflwXv +.. section: Library + +Improve the textual representation of IPv4-mapped IPv6 addresses +(:rfc:`4291` Sections 2.2, 2.5.5.2) in :mod:`ipaddress`. Patch by Oleksandr +Pavliuk. diff --git a/Misc/NEWS.d/next/Library/2021-10-31-16-06-28.bpo-43633.vflwXv.rst b/Misc/NEWS.d/next/Library/2021-10-31-16-06-28.bpo-43633.vflwXv.rst deleted file mode 100644 index 025de1e1a7d6..000000000000 --- a/Misc/NEWS.d/next/Library/2021-10-31-16-06-28.bpo-43633.vflwXv.rst +++ /dev/null @@ -1 +0,0 @@ -Improve the textual representation of IPv4-mapped IPv6 addresses (:rfc:`4291` Sections 2.2, 2.5.5.2) in :mod:`ipaddress`. Patch by Oleksandr Pavliuk. diff --git a/Misc/NEWS.d/next/Library/2024-08-28-13-03-36.gh-issue-123409.lW0YF-.rst b/Misc/NEWS.d/next/Library/2024-08-28-13-03-36.gh-issue-123409.lW0YF-.rst deleted file mode 100644 index 7c6aab632b67..000000000000 --- a/Misc/NEWS.d/next/Library/2024-08-28-13-03-36.gh-issue-123409.lW0YF-.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix :attr:`ipaddress.IPv6Address.reverse_pointer` output according to -:rfc:`RFC 3596, §2.5 <3596#section-2.5>`. Patch by Bénédikt Tran. diff --git a/Misc/NEWS.d/next/Library/2025-05-15-14-27-01.gh-issue-134062.fRbJet.rst b/Misc/NEWS.d/next/Library/2025-05-15-14-27-01.gh-issue-134062.fRbJet.rst deleted file mode 100644 index f62a3ec48019..000000000000 --- a/Misc/NEWS.d/next/Library/2025-05-15-14-27-01.gh-issue-134062.fRbJet.rst +++ /dev/null @@ -1,3 +0,0 @@ -:mod:`ipaddress`: fix collisions in :meth:`~object.__hash__` for -:class:`~ipaddress.IPv4Network` and :class:`~ipaddress.IPv6Network` -objects. diff --git a/Misc/NEWS.d/next/Library/2025-05-28-15-53-27.gh-issue-128840.Nur2pB.rst b/Misc/NEWS.d/next/Library/2025-05-28-15-53-27.gh-issue-128840.Nur2pB.rst deleted file mode 100644 index faff433aa4b8..000000000000 --- a/Misc/NEWS.d/next/Library/2025-05-28-15-53-27.gh-issue-128840.Nur2pB.rst +++ /dev/null @@ -1 +0,0 @@ -Fix parsing long IPv6 addresses with embedded IPv4 address. diff --git a/Misc/NEWS.d/next/Security/2025-01-14-11-19-07.gh-issue-128840.M1doZW.rst b/Misc/NEWS.d/next/Security/2025-01-14-11-19-07.gh-issue-128840.M1doZW.rst deleted file mode 100644 index b57ec3e70dcc..000000000000 --- a/Misc/NEWS.d/next/Security/2025-01-14-11-19-07.gh-issue-128840.M1doZW.rst +++ /dev/null @@ -1,2 +0,0 @@ -Short-circuit the processing of long IPv6 addresses early in :mod:`ipaddress` to prevent excessive -memory consumption and a minor denial-of-service. diff --git a/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst b/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst deleted file mode 100644 index 39d2f1e1a892..000000000000 --- a/Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst +++ /dev/null @@ -1,2 +0,0 @@ -Fix use-after-free in the "unicode-escape" decoder with a non-"strict" error -handler. diff --git a/Misc/NEWS.d/next/Security/2025-06-02-11-32-23.gh-issue-135034.RLGjbp.rst b/Misc/NEWS.d/next/Security/2025-06-02-11-32-23.gh-issue-135034.RLGjbp.rst deleted file mode 100644 index e3f984afc215..000000000000 --- a/Misc/NEWS.d/next/Security/2025-06-02-11-32-23.gh-issue-135034.RLGjbp.rst +++ /dev/null @@ -1,6 +0,0 @@ -Fixes multiple issues that allowed ``tarfile`` extraction filters -(``filter="data"`` and ``filter="tar"``) to be bypassed using crafted -symlinks and hard links. - -Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517. - diff --git a/README.rst b/README.rst index 208af9002cec..410ebf091de3 100644 --- a/README.rst +++ b/README.rst @@ -1,4 +1,4 @@ -This is Python version 3.11.12 +This is Python version 3.11.13 ============================== .. image:: https://github.com/python/cpython/workflows/Tests/badge.svg