From 34de67c094776bdc719d87f8810e053a2acc915a Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith" Date: Mon, 19 Sep 2022 16:43:11 -0700 Subject: [PATCH] gh-96512: Update int_max_str docs to say 3.11 (#96942) It was unknown if it'd be before 3.11.0 when creating the original changes. It's in 3.11rc2, so 3.11 it is. --- Doc/library/functions.rst | 2 +- Doc/library/json.rst | 2 +- Doc/library/stdtypes.rst | 4 ++-- Doc/library/sys.rst | 8 ++++---- Doc/library/test.rst | 2 +- Doc/using/cmdline.rst | 4 ++-- Doc/whatsnew/3.12.rst | 11 ----------- ...2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst | 14 -------------- 8 files changed, 11 insertions(+), 36 deletions(-) delete mode 100644 Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst diff --git a/Doc/library/functions.rst b/Doc/library/functions.rst index b9cf02e87eb614..ccb691dd9f009f 100644 --- a/Doc/library/functions.rst +++ b/Doc/library/functions.rst @@ -910,7 +910,7 @@ are always available. They are listed here in alphabetical order. .. versionchanged:: 3.11 The delegation to :meth:`__trunc__` is deprecated. - .. versionchanged:: 3.12 + .. versionchanged:: 3.11 :class:`int` string inputs and string representations can be limited to help avoid denial of service attacks. A :exc:`ValueError` is raised when the limit is exceeded while converting a string *x* to an :class:`int` or diff --git a/Doc/library/json.rst b/Doc/library/json.rst index d05d62e78cc71e..de02be850544e2 100644 --- a/Doc/library/json.rst +++ b/Doc/library/json.rst @@ -258,7 +258,7 @@ Basic Usage be used to use another datatype or parser for JSON integers (e.g. :class:`float`). - .. versionchanged:: 3.12 + .. versionchanged:: 3.11 The default *parse_int* of :func:`int` now limits the maximum length of the integer string via the interpreter's :ref:`integer string conversion length limitation ` to help avoid denial diff --git a/Doc/library/stdtypes.rst b/Doc/library/stdtypes.rst index be092364047852..ad4b90bf21d801 100644 --- a/Doc/library/stdtypes.rst +++ b/Doc/library/stdtypes.rst @@ -5523,7 +5523,7 @@ Verification: ... '571186405732').to_bytes(53, 'big') ... -.. versionadded:: 3.12 +.. versionadded:: 3.11 Affected APIs ------------- @@ -5578,7 +5578,7 @@ Information about the default and minimum can be found in :attr:`sys.int_info`: * :data:`sys.int_info.str_digits_check_threshold ` is the lowest accepted value for the limit (other than 0 which disables it). -.. versionadded:: 3.12 +.. versionadded:: 3.11 .. caution:: diff --git a/Doc/library/sys.rst b/Doc/library/sys.rst index c6be12c14b550a..aab3f6aa83fced 100644 --- a/Doc/library/sys.rst +++ b/Doc/library/sys.rst @@ -544,7 +544,7 @@ always available. .. versionchanged:: 3.11 Added the ``safe_path`` attribute for :option:`-P` option. - .. versionchanged:: 3.12 + .. versionchanged:: 3.11 Added the ``int_max_str_digits`` attribute. @@ -732,7 +732,7 @@ always available. Returns the current value for the :ref:`integer string conversion length limitation `. See also :func:`set_int_max_str_digits`. - .. versionadded:: 3.12 + .. versionadded:: 3.11 .. function:: getrefcount(object) @@ -1029,7 +1029,7 @@ always available. .. versionadded:: 3.1 - .. versionchanged:: 3.12 + .. versionchanged:: 3.11 Added ``default_max_str_digits`` and ``str_digits_check_threshold``. @@ -1337,7 +1337,7 @@ always available. ` used by this interpreter. See also :func:`get_int_max_str_digits`. - .. versionadded:: 3.12 + .. versionadded:: 3.11 .. function:: setprofile(profilefunc) diff --git a/Doc/library/test.rst b/Doc/library/test.rst index eff375132318a9..53bcd7c178f947 100644 --- a/Doc/library/test.rst +++ b/Doc/library/test.rst @@ -1018,7 +1018,7 @@ The :mod:`test.support` module defines the following functions: context to allow execution of test code that needs a different limit on the number of digits when converting between an integer and string. - .. versionadded:: 3.12 + .. versionadded:: 3.11 The :mod:`test.support` module defines the following classes: diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst index 6a33d98a059a09..02c9f3095b4090 100644 --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -585,7 +585,7 @@ Miscellaneous options .. versionadded:: 3.11 The ``-X frozen_modules`` option. - .. versionadded:: 3.12 + .. versionadded:: 3.11 The ``-X int_max_str_digits`` option. .. versionadded:: 3.12 @@ -775,7 +775,7 @@ conflict. interpreter's global :ref:`integer string conversion length limitation `. - .. versionadded:: 3.12 + .. versionadded:: 3.11 .. envvar:: PYTHONIOENCODING diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst index 3e21127ca18ff7..3fbc7b63370a3e 100644 --- a/Doc/whatsnew/3.12.rst +++ b/Doc/whatsnew/3.12.rst @@ -83,17 +83,6 @@ Other Language Changes mapping is hashable. (Contributed by Serhiy Storchaka in :gh:`87995`.) -* Converting between :class:`int` and :class:`str` in bases other than 2 - (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) - now raises a :exc:`ValueError` if the number of digits in string form is - above a limit to avoid potential denial of service attacks due to the - algorithmic complexity. This is a mitigation for `CVE-2020-10735 - `_. - This limit can be configured or disabled by environment variable, command - line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion - length limitation ` documentation. The default limit - is 4300 digits in string form. - * :class:`memoryview` now supports the half-float type (the "e" format code). (Contributed by Dong-hee Na and Antoine Pitrou in :gh:`90751`.) diff --git a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst b/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst deleted file mode 100644 index 8eb8a34884dced..00000000000000 --- a/Misc/NEWS.d/next/Security/2022-08-07-16-53-38.gh-issue-95778.ch010gps.rst +++ /dev/null @@ -1,14 +0,0 @@ -Converting between :class:`int` and :class:`str` in bases other than 2 -(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now -raises a :exc:`ValueError` if the number of digits in string form is above a -limit to avoid potential denial of service attacks due to the algorithmic -complexity. This is a mitigation for `CVE-2020-10735 -`_. - -This new limit can be configured or disabled by environment variable, command -line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion length -limitation ` documentation. The default limit is 4300 -digits in string form. - -Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback -from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.