Python 3.8.5

Contains security fixes for CVE-2019-20907, CVE-2020-15801, and BPO-39603.
2020-07-20 15:01:32 +02:00 · 2020-07-20 15:01:32 +02:00 · 580fbb018f
parent f526d10267
commit 580fbb018f
13 changed files with 92 additions and 19 deletions
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        8
-#define PY_MICRO_VERSION        4
+#define PY_MICRO_VERSION        5
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0

 /* Version as a string */
-#define PY_VERSION              "3.8.4+"
+#define PY_VERSION              "3.8.5"
 /*--end constants--*/

 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Mon Jul 13 13:47:56 2020
+# Autogenerated by Sphinx on Mon Jul 20 14:14:54 2020
 topics = {'assert': 'The "assert" statement\n'
           '**********************\n'
           '\n'
--- a/Misc/NEWS.d/3.8.5.rst
+++ b/Misc/NEWS.d/3.8.5.rst
@ -0,0 +1,88 @@
+.. bpo: 41304
+.. date: 2020-07-15-20-15-08
+.. nonce: vNEeYA
+.. release date: 2020-07-20
+.. section: Security
+
+Fixes `python3x._pth` being ignored on Windows, caused by the fix for
+:issue:`29778` (CVE-2020-15801).
+
+..
+
+.. bpo: 39603
+.. date: 2020-02-12-14-17-39
+.. nonce: Gt3RSg
+.. section: Security
+
+Prevent http header injection by rejecting control characters in
+http.client.putrequest(...).
+
+..
+
+.. bpo: 41295
+.. date: 2020-07-18-08-15-32
+.. nonce: pu8Ezo
+.. section: Core and Builtins
+
+Resolve a regression in CPython 3.8.4 where defining "__setattr__" in a
+multi-inheritance setup and calling up the hierarchy chain could fail if
+builtins/extension types were involved in the base types.
+
+..
+
+.. bpo: 41288
+.. date: 2020-07-13-15-06-35
+.. nonce: 8mn5P-
+.. section: Library
+
+Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
+UnpicklingError instead of crashing.
+
+..
+
+.. bpo: 39017
+.. date: 2020-07-12-22-16-58
+.. nonce: x3Cg-9
+.. section: Library
+
+Avoid infinite loop when reading specially crafted TAR files using the
+tarfile module (CVE-2019-20907).
+
+..
+
+.. bpo: 37703
+.. date: 2019-08-16-20-25-42
+.. nonce: Qm_l_H
+.. section: Documentation
+
+Updated Documentation to comprehensively elaborate on the behaviour of
+gather.cancel()
+
+..
+
+.. bpo: 41302
+.. date: 2020-07-15-17-56-32
+.. nonce: S3o-x9
+.. section: Build
+
+Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux
+distributions. Patch by Felix Yan.
+
+..
+
+.. bpo: 40741
+.. date: 2020-06-19-14-19-08
+.. nonce: L7yTbm
+.. section: macOS
+
+Update macOS installer to use SQLite 3.32.3.
+
+..
+
+.. bpo: 41300
+.. date: 2020-07-16-17-39-06
+.. nonce: wRixNb
+.. section: IDLE
+
+Save files with non-ascii chars. Fix regression released in 3.9.0b4 and
+3.8.4.
--- a/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
+++ b/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
@ -1 +0,0 @@
-Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
--- a/Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst
+++ b/Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst
@ -1,3 +0,0 @@
-Resolve a regression in CPython 3.8.4 where defining "__setattr__" in a
-multi-inheritance setup and calling up the hierarchy chain could fail
-if builtins/extension types were involved in the base types.
--- a/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
+++ b/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
@ -1,2 +0,0 @@
-Updated Documentation to comprehensively elaborate on the behaviour of
-gather.cancel()
--- a/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
+++ b/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
@ -1,2 +0,0 @@
-Save files with non-ascii chars. Fix regression released in 3.9.0b4 and
-3.8.4.
--- a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
+++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
@ -1 +0,0 @@
-Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
--- a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
+++ b/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
@ -1,2 +0,0 @@
-Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
-UnpicklingError instead of crashing.
--- a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
+++ b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
@ -1,2 +0,0 @@
-Prevent http header injection by rejecting control characters in
-http.client.putrequest(...).
--- a/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
+++ b/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
@ -1 +0,0 @@
-Fixes `python3x._pth` being ignored on Windows, caused by the fix for :issue:`29778` (CVE-2020-15801).
--- a/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst
+++ b/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst
@ -1 +0,0 @@
-Update macOS installer to use SQLite 3.32.3.
--- a/README.rst
+++ b/README.rst
@ -1,4 +1,4 @@
-This is Python version 3.8.4
+This is Python version 3.8.5
 ============================

 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.8
				`@ -1 +0,0 @@`
				`Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.`
				`@ -1 +0,0 @@`
				`Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).`
				`@ -1 +0,0 @@`
				Fixes `python3x._pth` being ignored on Windows, caused by the fix for :issue:`29778` (CVE-2020-15801).
				`@ -1 +0,0 @@`
				`Update macOS installer to use SQLite 3.32.3.`