From c0a9afe2ac1820409e6173bd1893ebee2cf50270 Mon Sep 17 00:00:00 2001 From: Ned Deily Date: Sat, 15 Aug 2020 02:43:26 -0400 Subject: 3.6.12 --- Include/patchlevel.h | 4 +- Lib/pydoc_data/topics.py | 2 +- Misc/NEWS.d/3.6.12.rst | 51 ++++++++++++++++++++++ .../2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst | 1 - .../2020-07-13-15-06-35.bpo-41288.8mn5P-.rst | 2 - .../2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst | 2 - .../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 - .../2020-07-03-17-21-37.bpo-29778.cR_fGS.rst | 2 - README.rst | 4 +- 9 files changed, 56 insertions(+), 13 deletions(-) create mode 100644 Misc/NEWS.d/3.6.12.rst delete mode 100644 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst delete mode 100644 Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst delete mode 100644 Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst delete mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst delete mode 100644 Misc/NEWS.d/next/Security/2020-07-03-17-21-37.bpo-29778.cR_fGS.rst diff --git a/Include/patchlevel.h b/Include/patchlevel.h index 1f41950..7478a6b 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -18,12 +18,12 @@ /*--start constants--*/ #define PY_MAJOR_VERSION 3 #define PY_MINOR_VERSION 6 -#define PY_MICRO_VERSION 11 +#define PY_MICRO_VERSION 12 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL #define PY_RELEASE_SERIAL 0 /* Version as a string */ -#define PY_VERSION "3.6.11+" +#define PY_VERSION "3.6.12" /*--end constants--*/ /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2. diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py index 69bf815..4b53f76 100644 --- a/Lib/pydoc_data/topics.py +++ b/Lib/pydoc_data/topics.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Autogenerated by Sphinx on Wed Jun 17 06:55:37 2020 +# Autogenerated by Sphinx on Sat Aug 15 02:33:47 2020 topics = {'assert': 'The "assert" statement\n' '**********************\n' '\n' diff --git a/Misc/NEWS.d/3.6.12.rst b/Misc/NEWS.d/3.6.12.rst new file mode 100644 index 0000000..277b3fe --- /dev/null +++ b/Misc/NEWS.d/3.6.12.rst @@ -0,0 +1,51 @@ +.. bpo: 29778 +.. date: 2020-07-03-17-21-37 +.. nonce: cR_fGS +.. release date: 2020-08-15 +.. section: Security + +Ensure :file:`python3.dll` is loaded from correct locations when Python is +embedded (CVE-2020-15523). + +.. + +.. bpo: 41004 +.. date: 2020-06-29-16-02-29 +.. nonce: ovF0KZ +.. section: Security + +CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and +ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and +128 respectively. This resulted in always causing hash collisions. The fix +uses hash() to generate hash values for the tuple of (address, mask length, +network address). + +.. + +.. bpo: 39603 +.. date: 2020-02-12-14-17-39 +.. nonce: Gt3RSg +.. section: Security + +Prevent http header injection by rejecting control characters in +http.client.putrequest(...). + +.. + +.. bpo: 41288 +.. date: 2020-07-13-15-06-35 +.. nonce: 8mn5P- +.. section: Library + +Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now +UnpicklingError instead of crashing. + +.. + +.. bpo: 39017 +.. date: 2020-07-12-22-16-58 +.. nonce: x3Cg-9 +.. section: Library + +Avoid infinite loop when reading specially crafted TAR files using the +tarfile module (CVE-2019-20907). diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst deleted file mode 100644 index ad26676..0000000 --- a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst +++ /dev/null @@ -1 +0,0 @@ -Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907). diff --git a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst b/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst deleted file mode 100644 index 3c3adba..0000000 --- a/Misc/NEWS.d/next/Library/2020-07-13-15-06-35.bpo-41288.8mn5P-.rst +++ /dev/null @@ -1,2 +0,0 @@ -Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now -UnpicklingError instead of crashing. diff --git a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst b/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst deleted file mode 100644 index 990affc..0000000 --- a/Misc/NEWS.d/next/Security/2020-02-12-14-17-39.bpo-39603.Gt3RSg.rst +++ /dev/null @@ -1,2 +0,0 @@ -Prevent http header injection by rejecting control characters in -http.client.putrequest(...). diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst deleted file mode 100644 index f5a9db5..0000000 --- a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +++ /dev/null @@ -1 +0,0 @@ -CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). diff --git a/Misc/NEWS.d/next/Security/2020-07-03-17-21-37.bpo-29778.cR_fGS.rst b/Misc/NEWS.d/next/Security/2020-07-03-17-21-37.bpo-29778.cR_fGS.rst deleted file mode 100644 index 998ffb1..0000000 --- a/Misc/NEWS.d/next/Security/2020-07-03-17-21-37.bpo-29778.cR_fGS.rst +++ /dev/null @@ -1,2 +0,0 @@ -Ensure :file:`python3.dll` is loaded from correct locations when Python is -embedded (CVE-2020-15523). diff --git a/README.rst b/README.rst index c6602bb..fdcbb3e 100644 --- a/README.rst +++ b/README.rst @@ -1,5 +1,5 @@ -This is Python version 3.6.11+ -============================== +This is Python version 3.6.12 +============================= .. image:: https://travis-ci.org/python/cpython.svg?branch=3.6 :alt: CPython build status on Travis CI -- cgit v0.12