- Update to 3.11.5 (bsc#1214692):
* Security
* gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
Gregory P. Smith.
* Core and Builtins
* gh-104432: Fix potential unaligned memory access on C APIs
involving returned sequences of char * pointers within the grp
and socket modules. These were revealed using a
-fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
* gh-77377: Ensure that multiprocessing synchronization objects
created in a fork context are not sent to a different process
created in a spawn context. This changes a segfault into an
actionable RuntimeError in the parent process.
* gh-106092: Fix a segmentation fault caused by a use-after-free
bug in frame_dealloc when the trashcan delays the deallocation
of a PyFrameObject.
* gh-106719: No longer suppress arbitrary errors in the
__annotations__ getter and setter in the type and module types.
* gh-106723: Propagate frozen_modules to multiprocessing spawned
process interpreters.
* gh-105979: Fix crash in _imp.get_frozen_object() due to improper
exception handling.
* gh-105840: Fix possible crashes when specializing function calls
with too many __defaults__.
* gh-105588: Fix an issue that could result in crashes when