From 580fbb018fd0844806119614d752b41fc69660f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Langa?= <lukasz@langa.pl>
Date: Mon, 20 Jul 2020 15:01:32 +0200
Subject: [PATCH] Python 3.8.5

Contains security fixes for CVE-2019-20907, CVE-2020-15801, and BPO-39603.
---
 Include/patchlevel.h                          |  4 +-
 Lib/pydoc_data/topics.py                      |  2 +-
 Misc/NEWS.d/3.8.5.rst                         | 88 +++++++++++++++++++
 .../2020-07-15-17-56-32.bpo-41302.S3o-x9.rst  |  1 -
 .../2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst  |  3 -
 .../2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst  |  2 -
 .../2020-07-16-17-39-06.bpo-41300.wRixNb.rst  |  2 -
 .../2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst  |  1 -
 .../2020-07-13-15-06-35.bpo-41288.8mn5P-.rst  |  2 -
 .../2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst  |  2 -
 .../2020-07-15-20-15-08.bpo-41304.vNEeYA.rst  |  1 -
 .../2020-06-19-14-19-08.bpo-40741.L7yTbm.rst  |  1 -
 README.rst                                    |  2 +-
 13 files changed, 92 insertions(+), 19 deletions(-)
 create mode 100644 Misc/NEWS.d/3.8.5.rst
 delete mode 100644 Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
 delete mode 100644 Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst
 delete mode 100644 Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
 delete mode 100644 Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
 delete mode 100644 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 delete mode 100644 Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
 delete mode 100644 Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
 delete mode 100644 Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
 delete mode 100644 Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 93bedc221ec..25fc2d3a7ad 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        8
-#define PY_MICRO_VERSION        4
+#define PY_MICRO_VERSION        5
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.8.4+"
+#define PY_VERSION              "3.8.5"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index d4473aaa6e6..68346572bc3 100644
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Mon Jul 13 13:47:56 2020
+# Autogenerated by Sphinx on Mon Jul 20 14:14:54 2020
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'
diff --git a/Misc/NEWS.d/3.8.5.rst b/Misc/NEWS.d/3.8.5.rst
new file mode 100644
index 00000000000..e7ca48385ac
--- /dev/null
+++ b/Misc/NEWS.d/3.8.5.rst
@@ -0,0 +1,88 @@
+.. bpo: 41304
+.. date: 2020-07-15-20-15-08
+.. nonce: vNEeYA
+.. release date: 2020-07-20
+.. section: Security
+
+Fixes `python3x._pth` being ignored on Windows, caused by the fix for
+:issue:`29778` (CVE-2020-15801).
+
+..
+
+.. bpo: 39603
+.. date: 2020-02-12-14-17-39
+.. nonce: Gt3RSg
+.. section: Security
+
+Prevent http header injection by rejecting control characters in
+http.client.putrequest(...).
+
+..
+
+.. bpo: 41295
+.. date: 2020-07-18-08-15-32
+.. nonce: pu8Ezo
+.. section: Core and Builtins
+
+Resolve a regression in CPython 3.8.4 where defining "__setattr__" in a
+multi-inheritance setup and calling up the hierarchy chain could fail if
+builtins/extension types were involved in the base types.
+
+..
+
+.. bpo: 41288
+.. date: 2020-07-13-15-06-35
+.. nonce: 8mn5P-
+.. section: Library
+
+Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
+UnpicklingError instead of crashing.
+
+..
+
+.. bpo: 39017
+.. date: 2020-07-12-22-16-58
+.. nonce: x3Cg-9
+.. section: Library
+
+Avoid infinite loop when reading specially crafted TAR files using the
+tarfile module (CVE-2019-20907).
+
+..
+
+.. bpo: 37703
+.. date: 2019-08-16-20-25-42
+.. nonce: Qm_l_H
+.. section: Documentation
+
+Updated Documentation to comprehensively elaborate on the behaviour of
+gather.cancel()
+
+..
+
+.. bpo: 41302
+.. date: 2020-07-15-17-56-32
+.. nonce: S3o-x9
+.. section: Build
+
+Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux
+distributions. Patch by Felix Yan.
+
+..
+
+.. bpo: 40741
+.. date: 2020-06-19-14-19-08
+.. nonce: L7yTbm
+.. section: macOS
+
+Update macOS installer to use SQLite 3.32.3.
+
+..
+
+.. bpo: 41300
+.. date: 2020-07-16-17-39-06
+.. nonce: wRixNb
+.. section: IDLE
+
+Save files with non-ascii chars. Fix regression released in 3.9.0b4 and
+3.8.4.
diff --git a/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst b/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
deleted file mode 100644
index 2f1301740e7..00000000000
--- a/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
+++ /dev/null
@@ -1 +0,0 @@
-Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
\ No newline at end of file
diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst b/Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst
deleted file mode 100644
index d61fd8f0a29..00000000000
--- a/Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst	
+++ /dev/null
@@ -1,3 +0,0 @@
-Resolve a regression in CPython 3.8.4 where defining "__setattr__" in a
-multi-inheritance setup and calling up the hierarchy chain could fail
-if builtins/extension types were involved in the base types.
diff --git a/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst b/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
deleted file mode 100644
index a1a1c354b16..00000000000
--- a/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Updated Documentation to comprehensively elaborate on the behaviour of
-gather.cancel()
diff --git a/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst b/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
deleted file mode 100644
index 080775f7d7a..00000000000
--- a/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Save files with non-ascii chars. Fix regression released in 3.9.0b4 and
-3.8.4.
diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
deleted file mode 100644
index ad26676f8b8..00000000000
--- a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
+++ /dev/null
@@ -1 +0,0 @@
-Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
diff --git a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst b/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
deleted file mode 100644
index 3c3adbabf16..00000000000
--- a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
-UnpicklingError instead of crashing.
diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
deleted file mode 100644
index 990affc3edd..00000000000
--- a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Prevent http header injection by rejecting control characters in
-http.client.putrequest(...).
diff --git a/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst b/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
deleted file mode 100644
index 8cc4bb8d280..00000000000
--- a/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fixes `python3x._pth` being ignored on Windows, caused by the fix for :issue:`29778` (CVE-2020-15801).
diff --git a/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst b/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst
deleted file mode 100644
index 78a21b76c2f..00000000000
--- a/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update macOS installer to use SQLite 3.32.3.
diff --git a/README.rst b/README.rst
index 51a053025f6..862a24d5efc 100644
--- a/README.rst
+++ b/README.rst
@@ -1,4 +1,4 @@
-This is Python version 3.8.4
+This is Python version 3.8.5
 ============================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.8