Sourced from pyo3's releases.
PyO3 0.22.4
This release is a security fix for PyO3 0.22.0 through 0.22.3.
The
PyWeakrefMethodstrait functions for reading borrowed values from Python weak references have been identified as unsound, because they did not account for the possibility the last strong reference could be cleared at any time, leading the borrowed value to be dangling and risk of use-after-free.PyO3 0.22.4 protects against this issue by making these methods permanently leak strong references. The methods are also marked deprecated and will be removed in PyO3 0.23. Users should switch to use the use
PyWeakrefMethodsfunctions which return owned references (the deprecation messages indicate the appropriate upgrade paths).These functions were added in PyO3 0.22.0; all versions from 0.22.0 through 0.22.3 have been yanked.
Aside from the security fix, PyO3 0.22.4 contains a number of other bugfixes, including:
- A fix for cases where
__traverse__functions of base types were not called when using#[pyclass(extends = ...)]- A fix for a regression in 0.22.3 where PyO3 generated code would trigger compile failures with crates using
#![forbid(unsafe_code)]Thank you to the following contributors for the improvements:
@davidhewitt@ngoldbaum@exg@IcxoluPyO3 0.22.3
This release contains a number of quality improvements building upon PyO3 0.22.2.
Python function calls (using
.call0(),.call1(args)and.call(args, kwargs)) will now make use of the "vectorcall" calling conventions where possible, which can reduce overheads in many cases.There have been several fix-ups to PyO3's FFI definitions. A new
pyo3::ffi::compatnamespace has been added which offers some backwards-compatible implementations of Python APIs otherwise normally only available on recent Pythons.There have been numerous other bug-fixes and minor tweaks to improve user experience.
Thank you to the following contributors for the improvements:
@birkenfeld@ChayimFriedman2@csernazs@davidhewitt@Icxolu@jakelishman@LilyFoote@ngoldbaum@Zyell
Sourced from pyo3's changelog.
[0.22.4] - 2024-10-12
Added
- Add FFI definition
PyWeakref_GetRefandcompat::PyWeakref_GetRef. #4528Changed
- Deprecate
_borrowedmethods onPyWeakRefandPyWeakrefProxy(just use the owning forms). #4590Fixed
- Revert removal of private FFI function
_PyLong_NumBitson Python 3.13 and later. #4450- Fix
__traverse__functions for base classes not being called by subclasses created with#[pyclass(extends = ...)]. #4563- Fix regression in 0.22.3 failing compiles under
#![forbid(unsafe_code)]. #4574- Fix
create_exceptionmacro triggering lint and compile errors due to interaction withgil-refsfeature. #4589- Workaround possible use-after-free in
_borrowedmethods onPyWeakRefandPyWeakrefProxyby leaking their contents. #4590- Fix crash calling
PyType_GetSloton static types before Python 3.10. #4599[0.22.3] - 2024-09-15
Added
- Add
pyo3::ffi::compatnamespace with compatibility shims for C API functions added in recent versions of Python.- Add FFI definition
PyDict_GetItemRefon Python 3.13 and newer, andcompat::PyDict_GetItemReffor all versions. #4355- Add FFI definition
PyList_GetItemRefon Python 3.13 and newer, andpyo3_ffi::compat::PyList_GetItemReffor all versions. #4410- Add FFI definitions
compat::Py_NewRefandcompat::Py_XNewRef. #4445- Add FFI definitions
compat::PyObject_CallNoArgsandcompat::PyObject_CallMethodNoArgs. #4461- Add
GilOnceCell<Py<T>>::clone_ref. #4511Changed
- Improve error messages for
#[pyfunction]defined inside#[pymethods]. #4349- Improve performance of calls to Python by using the vectorcall calling convention where possible. #4456
- Mention the type name in the exception message when trying to instantiate a class with no constructor defined. #4481
Removed
- Remove private FFI definition
_Py_PackageContext. #4420Fixed
- Fix compile failure in declarative
#[pymodule]under presence of#![no_implicit_prelude]. #4328- Fix use of borrowed reference in
PyDict::get_item(unsafe in free-threaded Python). #4355- Fix
#[pyclass(eq)]macro hygiene issues for structs and enums. #4359- Fix hygiene/span issues of
#[pyfunction]and#[pymethods]generated code which affected expansion inmacro_rulescontext. #4382- Fix
unsafe_codelint error in#[pyclass]generated code. #4396- Fix async functions returning a tuple only returning the first element to Python. #4407
- Fix use of borrowed reference in
PyList::get_item(unsafe in free-threaded Python). #4410
... (truncated)
dff9723 release: 0.22.43330bf2 fix garbage collection in inheritance cases (#4563)8b23397 ci: pypy 3.7 macos on x64 stillce63713 ci: run benchmarks on ubuntu 22.04 (#4609)b1173f5 ci: fix more ubuntu-24.04 failures (#4610)7371028 ci: move more jobs to macOS arm (#4600)8e3dc45 avoid calling PyType_GetSlot on static types before Python 3.10 (#4599)969300d leak references for safety in PyWeakRefMethods::upgrade_borrowed (#4590)d01fbab fix case of gil-refs feature breaking create_exception! macro (#4589)9a641f7 fix unintentional unsafe_code trigger (#4574)