Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNed Deily <nad@python.org>2021-06-28 12:51:36 -0400
committerNed Deily <nad@python.org>2021-06-28 12:51:36 -0400
commit9da28d2b3429d1bb30e082e4c9cb544d81fdae20 (patch)
treeceb20f25d9629514923481f3b3857ec800a3f754
parentbpo-44022: Improve the regression test. (GH-26503) (GH-26507) (diff)
downloadcpython-3.7.11.tar.gz
cpython-3.7.11.tar.bz2
cpython-3.7.11.zip
3.7.11v3.7.11
Diffstat
-rw-r--r--Include/patchlevel.h4
-rw-r--r--Lib/pydoc_data/topics.py6
-rw-r--r--Misc/NEWS.d/3.7.11.rst84
-rw-r--r--Misc/NEWS.d/next/Core and Builtins/2021-03-29-19-50-34.bpo-43660.scTgag.rst3
-rw-r--r--Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst8
-rw-r--r--Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst4
-rw-r--r--Misc/NEWS.d/next/Security/2021-04-25-07-46-37.bpo-43882.Jpwx85.rst6
-rw-r--r--Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst2
-rw-r--r--Misc/NEWS.d/next/Tests/2021-03-18-10-34-42.bpo-41561.pDg4w-.rst1
-rw-r--r--README.rst4
11 files changed, 91 insertions, 32 deletions
diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 308ef0af10..bc0b97aef2 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
/*--start constants--*/
#define PY_MAJOR_VERSION 3
#define PY_MINOR_VERSION 7
-#define PY_MICRO_VERSION 10
+#define PY_MICRO_VERSION 11
#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL
#define PY_RELEASE_SERIAL 0
/* Version as a string */
-#define PY_VERSION "3.7.10+"
+#define PY_VERSION "3.7.11"
/*--end constants--*/
/* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index 98c9efd942..108e492ee7 100644
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Mon Feb 15 20:10:03 2021
+# Autogenerated by Sphinx on Mon Jun 28 12:37:39 2021
topics = {'assert': 'The "assert" statement\n'
'**********************\n'
'\n'
@@ -5118,7 +5118,7 @@ topics = {'assert': 'The "assert" statement\n'
'character that can be any character and defaults to a space '
'if\n'
'omitted. It is not possible to use a literal curly brace '
- '(“"{"” or\n'
+ '(”"{"” or\n'
'“"}"”) as the *fill* character in a formatted string '
'literal or when\n'
'using the "str.format()" method. However, it is possible '
@@ -6742,7 +6742,7 @@ topics = {'assert': 'The "assert" statement\n'
'\n'
'Note that numeric literals do not include a sign; a phrase like '
'"-1"\n'
- 'is actually an expression composed of the unary operator ‘"-"‘ '
+ 'is actually an expression composed of the unary operator ‘"-"’ '
'and the\n'
'literal "1".\n',
'numeric-types': 'Emulating numeric types\n'
diff --git a/Misc/NEWS.d/3.7.11.rst b/Misc/NEWS.d/3.7.11.rst
new file mode 100644
index 0000000000..be63cd164a
--- /dev/null
+++ b/Misc/NEWS.d/3.7.11.rst
@@ -0,0 +1,84 @@
+.. bpo: 44022
+.. date: 2021-05-05-17-37-04
+.. nonce: bS3XJ9
+.. release date: 2021-06-28
+.. section: Security
+
+mod:`http.client` now avoids infinitely reading potential HTTP headers after
+a ``100 Continue`` status response from the server.
+
+..
+
+.. bpo: 43882
+.. date: 2021-04-25-07-46-37
+.. nonce: Jpwx85
+.. section: Security
+
+The presence of newline or tab characters in parts of a URL could allow some
+forms of attacks.
+
+Following the controlling specification for URLs defined by WHATWG
+:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
+preventing such attacks.
+
+..
+
+.. bpo: 42988
+.. date: 2021-03-24-14-16-56
+.. nonce: P2aNco
+.. section: Security
+
+CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module
+which could be abused to read arbitrary files on the disk (directory
+traversal vulnerability). Moreover, even source code of Python modules can
+contain sensitive data like passwords. Vulnerability reported by David
+Schwörer.
+
+..
+
+.. bpo: 43285
+.. date: 2021-03-13-03-48-14
+.. nonce: g-Hah3
+.. section: Security
+
+:mod:`ftplib` no longer trusts the IP address value returned from the server
+in response to the PASV command by default. This prevents a malicious FTP
+server from using the response to probe IPv4 address and port combinations
+on the client network.
+
+Code that requires the former vulnerable behavior may set a
+``trust_server_pasv_ipv4_address`` attribute on their :class:`ftplib.FTP`
+instances to ``True`` to re-enable it.
+
+..
+
+.. bpo: 43075
+.. date: 2021-01-31-05-28-14
+.. nonce: DoAXqO
+.. section: Security
+
+Fix Regular Expression Denial of Service (ReDoS) vulnerability in
+:class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable
+regex has quadratic worst-case complexity and it allows cause a denial of
+service when identifying crafted invalid RFCs. This ReDoS issue is on the
+client side and needs remote attackers to control the HTTP server.
+
+..
+
+.. bpo: 43660
+.. date: 2021-03-29-19-50-34
+.. nonce: scTgag
+.. section: Core and Builtins
+
+Fix crash that happens when replacing ``sys.stderr`` with a callable that
+can remove the object while an exception is being printed. Patch by Pablo
+Galindo.
+
+..
+
+.. bpo: 41561
+.. date: 2021-03-18-10-34-42
+.. nonce: pDg4w-
+.. section: Tests
+
+Add workaround for Ubuntu's custom OpenSSL security level policy.
diff --git a/Misc/NEWS.d/next/Core and Builtins/2021-03-29-19-50-34.bpo-43660.scTgag.rst b/Misc/NEWS.d/next/Core and Builtins/2021-03-29-19-50-34.bpo-43660.scTgag.rst
deleted file mode 100644
index 98419501d9..0000000000
--- a/Misc/NEWS.d/next/Core and Builtins/2021-03-29-19-50-34.bpo-43660.scTgag.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix crash that happens when replacing ``sys.stderr`` with a callable that
-can remove the object while an exception is being printed. Patch by Pablo
-Galindo.
diff --git a/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst b/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
deleted file mode 100644
index 1c9f727e96..0000000000
--- a/Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
diff --git a/Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst b/Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst
deleted file mode 100644
index 8312b7e885..0000000000
--- a/Misc/NEWS.d/next/Security/2021-03-13-03-48-14.bpo-43285.g-Hah3.rst
+++ /dev/null
@@ -1,8 +0,0 @@
-:mod:`ftplib` no longer trusts the IP address value returned from the server
-in response to the PASV command by default. This prevents a malicious FTP
-server from using the response to probe IPv4 address and port combinations
-on the client network.
-
-Code that requires the former vulnerable behavior may set a
-``trust_server_pasv_ipv4_address`` attribute on their
-:class:`ftplib.FTP` instances to ``True`` to re-enable it.
diff --git a/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst b/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
deleted file mode 100644
index 4b42dd0530..0000000000
--- a/Misc/NEWS.d/next/Security/2021-03-24-14-16-56.bpo-42988.P2aNco.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-CVE-2021-3426: Remove the ``getfile`` feature of the :mod:`pydoc` module which
-could be abused to read arbitrary files on the disk (directory traversal
-vulnerability). Moreover, even source code of Python modules can contain
-sensitive data like passwords. Vulnerability reported by David Schwörer.
diff --git a/Misc/NEWS.d/next/Security/2021-04-25-07-46-37.bpo-43882.Jpwx85.rst b/Misc/NEWS.d/next/Security/2021-04-25-07-46-37.bpo-43882.Jpwx85.rst
deleted file mode 100644
index a326d079df..0000000000
--- a/Misc/NEWS.d/next/Security/2021-04-25-07-46-37.bpo-43882.Jpwx85.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-The presence of newline or tab characters in parts of a URL could allow
-some forms of attacks.
-
-Following the controlling specification for URLs defined by WHATWG
-:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
-preventing such attacks.
diff --git a/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
deleted file mode 100644
index cf6b63e396..0000000000
--- a/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-mod:`http.client` now avoids infinitely reading potential HTTP headers after a
-``100 Continue`` status response from the server.
diff --git a/Misc/NEWS.d/next/Tests/2021-03-18-10-34-42.bpo-41561.pDg4w-.rst b/Misc/NEWS.d/next/Tests/2021-03-18-10-34-42.bpo-41561.pDg4w-.rst
deleted file mode 100644
index 214350729b..0000000000
--- a/Misc/NEWS.d/next/Tests/2021-03-18-10-34-42.bpo-41561.pDg4w-.rst
+++ /dev/null
@@ -1 +0,0 @@
-Add workaround for Ubuntu's custom OpenSSL security level policy.
diff --git a/README.rst b/README.rst
index 05f56a9f06..6797764b78 100644
--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,5 @@
-This is Python version 3.7.10+
-==============================
+This is Python version 3.7.11
+=============================
.. image:: https://travis-ci.org/python/cpython.svg?branch=3.7
:alt: CPython build status on Travis CI