mirror of
https://github.com/python/cpython.git
synced 2024-11-28 12:31:14 +08:00
137be34180
Having multiple paragraphs in a few news entry lead to inconsistent spacing while rendered in HTML by mixing "visually compact lists" (when no entry of the whole list contains multiple paragraphs) and "sparse lists" (when at least one do).
73 lines
2.0 KiB
ReStructuredText
73 lines
2.0 KiB
ReStructuredText
.. bpo: 32551
|
|
.. date: 2018-01-16-16-05-37
|
|
.. nonce: U0z4W-
|
|
.. release date: 2018-01-23
|
|
.. section: Security
|
|
|
|
The ``sys.path[0]`` initialization change for bpo-29139 caused a regression
|
|
by revealing an inconsistency in how sys.path is initialized when executing
|
|
``__main__`` from a zipfile, directory, or other import location. This is
|
|
considered a potential security issue, as it may lead to privileged
|
|
processes unexpectedly loading code from user controlled directories in
|
|
situations where that was not previously the case.
|
|
The interpreter now consistently avoids ever adding the import location's
|
|
parent directory to ``sys.path``, and ensures no other ``sys.path`` entries
|
|
are inadvertently modified when inserting the import location named on the
|
|
command line. (Originally reported as bpo-29723 against Python 3.6rc1, but
|
|
it was missed at the time that the then upcoming Python 3.5.4 release would
|
|
also be affected)
|
|
|
|
..
|
|
|
|
.. bpo: 30657
|
|
.. date: 2017-12-01-18-51-03
|
|
.. nonce: Fd8kId
|
|
.. section: Security
|
|
|
|
Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
|
|
Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
|
|
|
|
..
|
|
|
|
.. bpo: 30947
|
|
.. date: 2017-09-05-20-34-44
|
|
.. nonce: iNMmm4
|
|
.. section: Security
|
|
|
|
Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
|
|
fixes.
|
|
|
|
..
|
|
|
|
.. bpo: 31095
|
|
.. date: 2017-08-01-18-48-30
|
|
.. nonce: bXWZDb
|
|
.. section: Core and Builtins
|
|
|
|
Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call
|
|
``PyObject_GC_UnTrack()``.
|
|
|
|
..
|
|
|
|
.. bpo: 32072
|
|
.. date: 2017-11-18-21-13-52
|
|
.. nonce: nwDV8L
|
|
.. section: Library
|
|
|
|
Fixed issues with binary plists:
|
|
Fixed saving bytearrays.
|
|
Identical objects will be saved only once.
|
|
Equal references will be load as identical objects.
|
|
Added support for saving and loading recursive data structures.
|
|
|
|
..
|
|
|
|
.. bpo: 31170
|
|
.. date: 2017-09-05-20-35-21
|
|
.. nonce: QGmJ1t
|
|
.. section: Library
|
|
|
|
expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
|
|
characters for UTF-8 input (libexpat bug 115):
|
|
https://github.com/libexpat/libexpat/issues/115
|