summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorŁukasz Langa <lukasz@langa.pl>2024-03-19 22:42:28 +0100
committerŁukasz Langa <lukasz@langa.pl>2024-03-19 22:46:16 +0100
commit976ea78599d71f22e9c0fefc2dc37c1d9fc835a4 (patch)
tree39c8807578b1f944e66befaba1f75514d4f88982
parent[3.10] gh-115197: Stop resolving host in urllib.request proxy bypass (GH-1152... (diff)
downloadcpython-3.10.14.tar.gz
cpython-3.10.14.tar.bz2
cpython-3.10.14.zip
Python 3.10.14v3.10.14
-rw-r--r--Include/patchlevel.h4
-rw-r--r--Lib/pydoc_data/topics.py2
-rw-r--r--Misc/NEWS.d/3.10.14.rst147
-rw-r--r--Misc/NEWS.d/next/Core and Builtins/2023-10-27-19-38-33.gh-issue-102388.vd5YUZ.rst1
-rw-r--r--Misc/NEWS.d/next/Documentation/2024-02-14-20-17-04.gh-issue-115399.fb9a0R.rst1
-rw-r--r--Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst2
-rw-r--r--Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst3
-rw-r--r--Misc/NEWS.d/next/Library/2023-12-01-16-09-59.gh-issue-81194.FFad1c.rst3
-rw-r--r--Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst2
-rw-r--r--Misc/NEWS.d/next/Library/2024-02-09-19-41-48.gh-issue-115197.20wkWH.rst2
-rw-r--r--Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2024-01-26-22-14-09.gh-issue-114572.t1QMQD.rst4
-rw-r--r--Misc/NEWS.d/next/Security/2024-02-13-15-14-39.gh-issue-115399.xT-scP.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2024-02-18-03-14-40.gh-issue-115398.tzvxH8.rst8
-rw-r--r--Misc/NEWS.d/next/Tools-Demos/2023-09-27-23-31-54.gh-issue-109991.sUUYY8.rst2
-rw-r--r--Misc/NEWS.d/next/Windows/2023-09-29-10-35-29.gh-issue-109991.GmuzGZ.rst4
-rw-r--r--Misc/NEWS.d/next/Windows/2024-02-01-14-35-05.gh-issue-111239.SO7SUF.rst1
-rw-r--r--README.rst2
18 files changed, 151 insertions, 39 deletions
diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 41680bce7ab..61bf1c087db 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
/*--start constants--*/
#define PY_MAJOR_VERSION 3
#define PY_MINOR_VERSION 10
-#define PY_MICRO_VERSION 13
+#define PY_MICRO_VERSION 14
#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL
#define PY_RELEASE_SERIAL 0
/* Version as a string */
-#define PY_VERSION "3.10.13+"
+#define PY_VERSION "3.10.14"
/*--end constants--*/
/* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index b32b3200c0e..f09f28b2c43 100644
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Thu Aug 24 13:45:52 2023
+# Autogenerated by Sphinx on Tue Mar 19 22:44:19 2024
topics = {'assert': 'The "assert" statement\n'
'**********************\n'
'\n'
diff --git a/Misc/NEWS.d/3.10.14.rst b/Misc/NEWS.d/3.10.14.rst
new file mode 100644
index 00000000000..916bd6aa252
--- /dev/null
+++ b/Misc/NEWS.d/3.10.14.rst
@@ -0,0 +1,147 @@
+.. date: 2024-02-18-03-14-40
+.. gh-issue: 115398
+.. nonce: tzvxH8
+.. release date: 2024-03-19
+.. section: Security
+
+Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding
+five new methods:
+
+* :meth:`xml.etree.ElementTree.XMLParser.flush`
+* :meth:`xml.etree.ElementTree.XMLPullParser.flush`
+* :meth:`xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
+* :meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
+* :meth:`xml.sax.expatreader.ExpatParser.flush`
+
+..
+
+.. date: 2024-02-13-15-14-39
+.. gh-issue: 115399
+.. nonce: xT-scP
+.. section: Security
+
+Update bundled libexpat to 2.6.0
+
+..
+
+.. date: 2024-01-26-22-14-09
+.. gh-issue: 114572
+.. nonce: t1QMQD
+.. section: Security
+
+:meth:`ssl.SSLContext.cert_store_stats` and
+:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
+certificate store, when the :class:`ssl.SSLContext` is shared across
+multiple threads.
+
+..
+
+.. date: 2024-01-02-19-52-23
+.. gh-issue: 113659
+.. nonce: DkmnQc
+.. section: Security
+
+Skip ``.pth`` files with names starting with a dot or hidden file attribute.
+
+..
+
+.. date: 2023-10-27-19-38-33
+.. gh-issue: 102388
+.. nonce: vd5YUZ
+.. section: Core and Builtins
+
+Fix a bug where ``iso2022_jp_3`` and ``iso2022_jp_2004`` codecs read out of
+bounds
+
+..
+
+.. date: 2024-02-09-19-41-48
+.. gh-issue: 115197
+.. nonce: 20wkWH
+.. section: Library
+
+``urllib.request`` no longer resolves the hostname before checking it
+against the system's proxy bypass list on macOS and Windows.
+
+..
+
+.. date: 2024-02-08-14-21-28
+.. gh-issue: 115133
+.. nonce: ycl4ko
+.. section: Library
+
+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
+2.6.0.
+
+..
+
+.. date: 2023-12-01-16-09-59
+.. gh-issue: 81194
+.. nonce: FFad1c
+.. section: Library
+
+Fix a crash in :func:`socket.if_indextoname` with specific value (UINT_MAX).
+Fix an integer overflow in :func:`socket.if_indextoname` on 64-bit
+non-Windows platforms.
+
+..
+
+.. date: 2023-09-28-13-15-51
+.. gh-issue: 109858
+.. nonce: 43e2dg
+.. section: Library
+
+Protect :mod:`zipfile` from "quoted-overlap" zipbomb. It now raises
+BadZipFile when try to read an entry that overlaps with other entry or
+central directory.
+
+..
+
+.. date: 2022-12-01-16-57-44
+.. gh-issue: 91133
+.. nonce: LKMVCV
+.. section: Library
+
+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no
+longer dereferences symlinks when working around file system permission
+errors.
+
+..
+
+.. date: 2024-02-14-20-17-04
+.. gh-issue: 115399
+.. nonce: fb9a0R
+.. section: Documentation
+
+Document CVE-2023-52425 of Expat <2.6.0 under "XML vulnerabilities".
+
+..
+
+.. date: 2024-02-01-14-35-05
+.. gh-issue: 111239
+.. nonce: SO7SUF
+.. section: Windows
+
+Update Windows builds to use zlib v1.3.1.
+
+..
+
+.. date: 2023-09-29-10-35-29
+.. gh-issue: 109991
+.. nonce: GmuzGZ
+.. section: Windows
+
+Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its
+end of life and no future fixes will be made, and this version of Python is
+no longer receiving maintenance fixes and will not be updated to OpenSSL
+3.0.
+
+..
+
+.. date: 2023-09-27-23-31-54
+.. gh-issue: 109991
+.. nonce: sUUYY8
+.. section: Tools/Demos
+
+Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use
+1.1.1w, 3.0.11, and 3.1.3.
diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-10-27-19-38-33.gh-issue-102388.vd5YUZ.rst b/Misc/NEWS.d/next/Core and Builtins/2023-10-27-19-38-33.gh-issue-102388.vd5YUZ.rst
deleted file mode 100644
index 268a3d310f2..00000000000
--- a/Misc/NEWS.d/next/Core and Builtins/2023-10-27-19-38-33.gh-issue-102388.vd5YUZ.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix a bug where ``iso2022_jp_3`` and ``iso2022_jp_2004`` codecs read out of bounds
diff --git a/Misc/NEWS.d/next/Documentation/2024-02-14-20-17-04.gh-issue-115399.fb9a0R.rst b/Misc/NEWS.d/next/Documentation/2024-02-14-20-17-04.gh-issue-115399.fb9a0R.rst
deleted file mode 100644
index 587aea80216..00000000000
--- a/Misc/NEWS.d/next/Documentation/2024-02-14-20-17-04.gh-issue-115399.fb9a0R.rst
+++ /dev/null
@@ -1 +0,0 @@
-Document CVE-2023-52425 of Expat <2.6.0 under "XML vulnerabilities".
diff --git a/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
deleted file mode 100644
index 7991048fc48..00000000000
--- a/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer
-dereferences symlinks when working around file system permission errors.
diff --git a/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst b/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
deleted file mode 100644
index be279caffc4..00000000000
--- a/Misc/NEWS.d/next/Library/2023-09-28-13-15-51.gh-issue-109858.43e2dg.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Protect :mod:`zipfile` from "quoted-overlap" zipbomb. It now raises
-BadZipFile when try to read an entry that overlaps with other entry or
-central directory.
diff --git a/Misc/NEWS.d/next/Library/2023-12-01-16-09-59.gh-issue-81194.FFad1c.rst b/Misc/NEWS.d/next/Library/2023-12-01-16-09-59.gh-issue-81194.FFad1c.rst
deleted file mode 100644
index feb7a8643b9..00000000000
--- a/Misc/NEWS.d/next/Library/2023-12-01-16-09-59.gh-issue-81194.FFad1c.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix a crash in :func:`socket.if_indextoname` with specific value (UINT_MAX).
-Fix an integer overflow in :func:`socket.if_indextoname` on 64-bit
-non-Windows platforms.
diff --git a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst b/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
deleted file mode 100644
index 6f1015235cc..00000000000
--- a/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
-2.6.0.
diff --git a/Misc/NEWS.d/next/Library/2024-02-09-19-41-48.gh-issue-115197.20wkWH.rst b/Misc/NEWS.d/next/Library/2024-02-09-19-41-48.gh-issue-115197.20wkWH.rst
deleted file mode 100644
index e6ca3cc525d..00000000000
--- a/Misc/NEWS.d/next/Library/2024-02-09-19-41-48.gh-issue-115197.20wkWH.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-``urllib.request`` no longer resolves the hostname before checking it
-against the system's proxy bypass list on macOS and Windows.
diff --git a/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst b/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst
deleted file mode 100644
index 744687e7232..00000000000
--- a/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst
+++ /dev/null
@@ -1 +0,0 @@
-Skip ``.pth`` files with names starting with a dot or hidden file attribute.
diff --git a/Misc/NEWS.d/next/Security/2024-01-26-22-14-09.gh-issue-114572.t1QMQD.rst b/Misc/NEWS.d/next/Security/2024-01-26-22-14-09.gh-issue-114572.t1QMQD.rst
deleted file mode 100644
index b4f9fe64db0..00000000000
--- a/Misc/NEWS.d/next/Security/2024-01-26-22-14-09.gh-issue-114572.t1QMQD.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-:meth:`ssl.SSLContext.cert_store_stats` and
-:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
-certificate store, when the :class:`ssl.SSLContext` is shared across
-multiple threads.
diff --git a/Misc/NEWS.d/next/Security/2024-02-13-15-14-39.gh-issue-115399.xT-scP.rst b/Misc/NEWS.d/next/Security/2024-02-13-15-14-39.gh-issue-115399.xT-scP.rst
deleted file mode 100644
index e8163b6f29c..00000000000
--- a/Misc/NEWS.d/next/Security/2024-02-13-15-14-39.gh-issue-115399.xT-scP.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update bundled libexpat to 2.6.0
diff --git a/Misc/NEWS.d/next/Security/2024-02-18-03-14-40.gh-issue-115398.tzvxH8.rst b/Misc/NEWS.d/next/Security/2024-02-18-03-14-40.gh-issue-115398.tzvxH8.rst
deleted file mode 100644
index a40fcd35ef9..00000000000
--- a/Misc/NEWS.d/next/Security/2024-02-18-03-14-40.gh-issue-115398.tzvxH8.rst
+++ /dev/null
@@ -1,8 +0,0 @@
-Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding
-five new methods:
-
-* :meth:`xml.etree.ElementTree.XMLParser.flush`
-* :meth:`xml.etree.ElementTree.XMLPullParser.flush`
-* :meth:`xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
-* :meth:`xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
-* :meth:`xml.sax.expatreader.ExpatParser.flush`
diff --git a/Misc/NEWS.d/next/Tools-Demos/2023-09-27-23-31-54.gh-issue-109991.sUUYY8.rst b/Misc/NEWS.d/next/Tools-Demos/2023-09-27-23-31-54.gh-issue-109991.sUUYY8.rst
deleted file mode 100644
index 13c1163ab53..00000000000
--- a/Misc/NEWS.d/next/Tools-Demos/2023-09-27-23-31-54.gh-issue-109991.sUUYY8.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use
-1.1.1w, 3.0.11, and 3.1.3.
diff --git a/Misc/NEWS.d/next/Windows/2023-09-29-10-35-29.gh-issue-109991.GmuzGZ.rst b/Misc/NEWS.d/next/Windows/2023-09-29-10-35-29.gh-issue-109991.GmuzGZ.rst
deleted file mode 100644
index e5b4b46630e..00000000000
--- a/Misc/NEWS.d/next/Windows/2023-09-29-10-35-29.gh-issue-109991.GmuzGZ.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its
-end of life and no future fixes will be made, and this version of Python is
-no longer receiving maintenance fixes and will not be updated to OpenSSL
-3.0.
diff --git a/Misc/NEWS.d/next/Windows/2024-02-01-14-35-05.gh-issue-111239.SO7SUF.rst b/Misc/NEWS.d/next/Windows/2024-02-01-14-35-05.gh-issue-111239.SO7SUF.rst
deleted file mode 100644
index ea82c3b941f..00000000000
--- a/Misc/NEWS.d/next/Windows/2024-02-01-14-35-05.gh-issue-111239.SO7SUF.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update Windows builds to use zlib v1.3.1.
diff --git a/README.rst b/README.rst
index db87a71698f..cf64d7dbc1a 100644
--- a/README.rst
+++ b/README.rst
@@ -1,4 +1,4 @@
-This is Python version 3.10.13
+This is Python version 3.10.14
==============================
.. image:: https://travis-ci.com/python/cpython.svg?branch=master