diff options
author | Ned Deily <nad@python.org> | 2021-02-15 20:30:33 -0500 |
---|---|---|
committer | Ned Deily <nad@python.org> | 2021-02-15 20:30:33 -0500 |
commit | aa73e1722eb9835dc99fd8983885a141112ee4ab (patch) | |
tree | 3688f4062c7376ee755afd5b266850c4b0d6e155 | |
parent | [3.6] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24532) (diff) | |
download | cpython-aa73e1722eb9835dc99fd8983885a141112ee4ab.tar.gz cpython-aa73e1722eb9835dc99fd8983885a141112ee4ab.tar.bz2 cpython-aa73e1722eb9835dc99fd8983885a141112ee4ab.zip |
3.6.13v3.6.13
13 files changed, 95 insertions, 23 deletions
diff --git a/Include/patchlevel.h b/Include/patchlevel.h index 88d308c4f0a..4b45ac01043 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -18,12 +18,12 @@ /*--start constants--*/ #define PY_MAJOR_VERSION 3 #define PY_MINOR_VERSION 6 -#define PY_MICRO_VERSION 12 +#define PY_MICRO_VERSION 13 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL #define PY_RELEASE_SERIAL 0 /* Version as a string */ -#define PY_VERSION "3.6.12+" +#define PY_VERSION "3.6.13" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py index 4b53f76969f..b34cbbc2dc6 100644 --- a/Lib/pydoc_data/topics.py +++ b/Lib/pydoc_data/topics.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Autogenerated by Sphinx on Sat Aug 15 02:33:47 2020 +# Autogenerated by Sphinx on Mon Feb 15 20:10:09 2021 topics = {'assert': 'The "assert" statement\n' '**********************\n' '\n' diff --git a/Misc/NEWS.d/3.6.13.rst b/Misc/NEWS.d/3.6.13.rst new file mode 100644 index 00000000000..2689897ebf9 --- /dev/null +++ b/Misc/NEWS.d/3.6.13.rst @@ -0,0 +1,90 @@ +.. bpo: 42967 +.. date: 2021-02-14-15-59-16 +.. nonce: YApqDS +.. release date: 2021-02-15 +.. section: Security + +Fix web cache poisoning vulnerability by defaulting the query args separator +to ``&``, and allowing the user to choose a custom separator. + +.. + +.. bpo: 42938 +.. date: 2021-01-18-09-27-31 +.. nonce: 4Zn4Mp +.. section: Security + +Avoid static buffers when computing the repr of :class:`ctypes.c_double` and +:class:`ctypes.c_longdouble` values. + +.. + +.. bpo: 42103 +.. date: 2020-10-23-19-19-30 +.. nonce: cILT66 +.. section: Security + +Prevented potential DoS attack via CPU and RAM exhaustion when processing +malformed Apple Property List files in binary format. + +.. + +.. bpo: 42051 +.. date: 2020-10-19-10-56-27 +.. nonce: EU_B7u +.. section: Security + +The :mod:`plistlib` module no longer accepts entity declarations in XML +plist files to avoid XML vulnerabilities. This should not affect users as +entity declarations are not used in regular plist files. + +.. + +.. bpo: 40791 +.. date: 2020-05-28-06-06-47 +.. nonce: QGZClX +.. section: Security + +Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``, +making constant-time-defeating optimizations less likely. + +.. + +.. bpo: 35560 +.. date: 2018-12-22-22-19-51 +.. nonce: 9vMWSP +.. section: Core and Builtins + +Fix an assertion error in :func:`format` in debug build for floating point +formatting with "n" format, zero padding and small width. Release build is +not impacted. Patch by Karthikeyan Singaravelan. + +.. + +.. bpo: 42103 +.. date: 2020-10-23-19-20-14 +.. nonce: C5obK2 +.. section: Library + +:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now the +only errors caused by loading malformed binary Plist file (previously +ValueError and TypeError could be raised in some specific cases). + +.. + +.. bpo: 42794 +.. date: 2021-01-01-08-52-36 +.. nonce: -7-XGz +.. section: Tests + +Update test_nntplib to use offical group name of news.aioe.org for testing. +Patch by Dong-hee Na. + +.. + +.. bpo: 41944 +.. date: 2020-10-05-17-43-46 +.. nonce: rf1dYb +.. section: Tests + +Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst b/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst deleted file mode 100644 index 01458f11088..00000000000 --- a/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix an assertion error in :func:`format` in debug build for floating point -formatting with "n" format, zero padding and small width. Release build is -not impacted. Patch by Karthikeyan Singaravelan. diff --git a/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst b/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst deleted file mode 100644 index 4eb694c16a0..00000000000 --- a/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst +++ /dev/null @@ -1,3 +0,0 @@ -:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now -the only errors caused by loading malformed binary Plist file (previously -ValueError and TypeError could be raised in some specific cases). diff --git a/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst b/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst deleted file mode 100644 index 69b9de1beae..00000000000 --- a/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst +++ /dev/null @@ -1 +0,0 @@ -Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``, making constant-time-defeating optimizations less likely.
\ No newline at end of file diff --git a/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst b/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst deleted file mode 100644 index e865ed12a03..00000000000 --- a/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst +++ /dev/null @@ -1,3 +0,0 @@ -The :mod:`plistlib` module no longer accepts entity declarations in XML -plist files to avoid XML vulnerabilities. This should not affect users as -entity declarations are not used in regular plist files. diff --git a/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst b/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst deleted file mode 100644 index 15d7b6549ed..00000000000 --- a/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst +++ /dev/null @@ -1,2 +0,0 @@ -Prevented potential DoS attack via CPU and RAM exhaustion when processing -malformed Apple Property List files in binary format. diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst deleted file mode 100644 index 7df65a156fe..00000000000 --- a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst +++ /dev/null @@ -1,2 +0,0 @@ -Avoid static buffers when computing the repr of :class:`ctypes.c_double` and -:class:`ctypes.c_longdouble` values. diff --git a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst deleted file mode 100644 index f08489b4149..00000000000 --- a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst +++ /dev/null @@ -1 +0,0 @@ -Fix web cache poisoning vulnerability by defaulting the query args separator to ``&``, and allowing the user to choose a custom separator. diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst deleted file mode 100644 index 4f9782f1c85..00000000000 --- a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst +++ /dev/null @@ -1 +0,0 @@ -Tests for CJK codecs no longer call ``eval()`` on content received via HTTP. diff --git a/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst b/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst deleted file mode 100644 index 577f2259e1f..00000000000 --- a/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst +++ /dev/null @@ -1,2 +0,0 @@ -Update test_nntplib to use offical group name of news.aioe.org for testing. -Patch by Dong-hee Na. diff --git a/README.rst b/README.rst index 4bed1d47ce4..3551a17b7fc 100644 --- a/README.rst +++ b/README.rst @@ -1,5 +1,5 @@ -This is Python version 3.6.12+ -============================== +This is Python version 3.6.13 +============================= .. image:: https://travis-ci.org/python/cpython.svg?branch=3.6 :alt: CPython build status on Travis CI |