Python 3.8.5v3.8.5

Contains security fixes for CVE-2019-20907, CVE-2020-15801, and BPO-39603.

10 files changed, 88 insertions, 15 deletions

diff --git a/Misc/NEWS.d/3.8.5.rst b/Misc/NEWS.d/3.8.5.rst
new file mode 100644
index 0000000..e7ca483
--- /dev/null
+++ b/Misc/NEWS.d/3.8.5.rst
@@ -0,0 +1,88 @@
+.. bpo: 41304
+.. date: 2020-07-15-20-15-08
+.. nonce: vNEeYA
+.. release date: 2020-07-20
+.. section: Security
+
+Fixes `python3x._pth` being ignored on Windows, caused by the fix for
+:issue:`29778` (CVE-2020-15801).
+
+..
+
+.. bpo: 39603
+.. date: 2020-02-12-14-17-39
+.. nonce: Gt3RSg
+.. section: Security
+
+Prevent http header injection by rejecting control characters in
+http.client.putrequest(...).
+
+..
+
+.. bpo: 41295
+.. date: 2020-07-18-08-15-32
+.. nonce: pu8Ezo
+.. section: Core and Builtins
+
+Resolve a regression in CPython 3.8.4 where defining "__setattr__" in a
+multi-inheritance setup and calling up the hierarchy chain could fail if
+builtins/extension types were involved in the base types.
+
+..
+
+.. bpo: 41288
+.. date: 2020-07-13-15-06-35
+.. nonce: 8mn5P-
+.. section: Library
+
+Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
+UnpicklingError instead of crashing.
+
+..
+
+.. bpo: 39017
+.. date: 2020-07-12-22-16-58
+.. nonce: x3Cg-9
+.. section: Library
+
+Avoid infinite loop when reading specially crafted TAR files using the
+tarfile module (CVE-2019-20907).
+
+..
+
+.. bpo: 37703
+.. date: 2019-08-16-20-25-42
+.. nonce: Qm_l_H
+.. section: Documentation
+
+Updated Documentation to comprehensively elaborate on the behaviour of
+gather.cancel()
+
+..
+
+.. bpo: 41302
+.. date: 2020-07-15-17-56-32
+.. nonce: S3o-x9
+.. section: Build
+
+Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux
+distributions. Patch by Felix Yan.
+
+..
+
+.. bpo: 40741
+.. date: 2020-06-19-14-19-08
+.. nonce: L7yTbm
+.. section: macOS
+
+Update macOS installer to use SQLite 3.32.3.
+
+..
+
+.. bpo: 41300
+.. date: 2020-07-16-17-39-06
+.. nonce: wRixNb
+.. section: IDLE
+
+Save files with non-ascii chars. Fix regression released in 3.9.0b4 and
+3.8.4.
diff --git a/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst b/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
deleted file mode 100644
index 2f13017..0000000
--- a/Misc/NEWS.d/next/Build/2020-07-15-17-56-32.bpo-41302.S3o-x9.rst
+++ /dev/null
@@ -1 +0,0 @@
-Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
\ No newline at end of file
diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst b/Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst
deleted file mode 100644
index d61fd8f..0000000
--- a/Misc/NEWS.d/next/Core and Builtins/2020-07-18-08-15-32.bpo-41295.pu8Ezo.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Resolve a regression in CPython 3.8.4 where defining "__setattr__" in a
-multi-inheritance setup and calling up the hierarchy chain could fail
-if builtins/extension types were involved in the base types.
diff --git a/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst b/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
deleted file mode 100644
index a1a1c35..0000000
--- a/Misc/NEWS.d/next/Documentation/2019-08-16-20-25-42.bpo-37703.Qm_l_H.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Updated Documentation to comprehensively elaborate on the behaviour of
-gather.cancel()
diff --git a/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst b/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
deleted file mode 100644
index 080775f..0000000
--- a/Misc/NEWS.d/next/IDLE/2020-07-16-17-39-06.bpo-41300.wRixNb.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Save files with non-ascii chars. Fix regression released in 3.9.0b4 and
-3.8.4.
diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
deleted file mode 100644
index ad26676..0000000
--- a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
+++ /dev/null
@@ -1 +0,0 @@
-Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
diff --git a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst b/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
deleted file mode 100644
index 3c3adba..0000000
--- a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now
-UnpicklingError instead of crashing.
diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
deleted file mode 100644
index 990affc..0000000
--- a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Prevent http header injection by rejecting control characters in
-http.client.putrequest(...).
diff --git a/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst b/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
deleted file mode 100644
index 8cc4bb8..0000000
--- a/Misc/NEWS.d/next/Security/2020-07-15-20-15-08.bpo-41304.vNEeYA.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fixes `python3x._pth` being ignored on Windows, caused by the fix for :issue:`29778` (CVE-2020-15801).
diff --git a/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst b/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst
deleted file mode 100644
index 78a21b7..0000000
--- a/Misc/NEWS.d/next/macOS/2020-06-19-14-19-08.bpo-40741.L7yTbm.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update macOS installer to use SQLite 3.32.3.