Lib/_osx_support.py | 2 1 + 1 - 0 !
Lib/test/pythoninfo.py | 3 0 + 3 - 0 !
Lib/test/test__osx_support.py | 2 1 + 1 - 0 !
Makefile.pre.in | 25 9 + 16 - 0 !
configure.ac | 3 1 + 2 - 0 !
setup.py | 15 5 + 10 - 0 !
6 files changed, 17 insertions(+), 33 deletions(-)

---

setup.py | 13 5 + 8 - 0 !
1 file changed, 5 insertions(+), 8 deletions(-)

---

Lib/pydoc.py | 4 4 + 0 - 0 !
Misc/python.man | 2 1 + 1 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

---

Lib/distutils/command/install.py | 43 42 + 1 - 0 !
Lib/distutils/command/install_egg_info.py | 30 25 + 5 - 0 !
Lib/distutils/sysconfig.py | 7 7 + 0 - 0 !
Lib/distutils/tests/test_bdist_dumb.py | 2 1 + 1 - 0 !
Lib/distutils/tests/test_install.py | 4 2 + 2 - 0 !
Lib/pydoc.py | 1 1 + 0 - 0 !
Lib/site.py | 23 20 + 3 - 0 !
Lib/test/test_site.py | 6 3 + 3 - 0 !
8 files changed, 101 insertions(+), 15 deletions(-)

---

Lib/locale.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---

Lib/distutils/unixccompiler.py | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

---

Lib/distutils/sysconfig.py | 15 13 + 2 - 0 !
1 file changed, 13 insertions(+), 2 deletions(-)

---

Lib/tkinter/__init__.py | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

---

Lib/dbm/gnu.py | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

---

configure.ac | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---

Modules/Setup.dist | 11 5 + 6 - 0 !
1 file changed, 5 insertions(+), 6 deletions(-)

---

Lib/platform.py | 25 24 + 1 - 0 !
1 file changed, 24 insertions(+), 1 deletion(-)

---

Lib/distutils/command/bdist_wininst.py | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---

Makefile.pre.in | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

---

Lib/gettext.py | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 support alternative gettext tree in
# DP: /usr/share/locale-langpack; if a file is present in both trees,
# DP: prefer the newer one
# DP: Upstream status: Ubuntu-Specific

configure.ac | 18 14 + 4 - 0 !
1 file changed, 14 insertions(+), 4 deletions(-)

---

Lib/argparse.py | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

---

Lib/ctypes/util.py | 15 13 + 2 - 0 !
1 file changed, 13 insertions(+), 2 deletions(-)

---

Makefile.pre.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---

Lib/distutils/sysconfig.py | 3 3 + 0 - 0 !
Lib/sysconfig.py | 6 6 + 0 - 0 !
Makefile.pre.in | 3 2 + 1 - 0 !
3 files changed, 11 insertions(+), 1 deletion(-)

---

Lib/lib2to3/pgen2/driver.py | 5 4 + 1 - 0 !
Lib/lib2to3/tests/test_parser.py | 77 0 + 77 - 0 !
2 files changed, 4 insertions(+), 78 deletions(-)

---

Lib/distutils/command/build_ext.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---

Tools/scripts/run_tests.py | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---

Lib/distutils/command/install.py | 3 3 + 0 - 0 !
Lib/distutils/command/install_lib.py | 4 4 + 0 - 0 !
Lib/distutils/dir_util.py | 13 13 + 0 - 0 !
3 files changed, 20 insertions(+)

---

Lib/tempfile.py | 145 142 + 3 - 0 !
1 file changed, 142 insertions(+), 3 deletions(-)

---

Lib/distutils/tests/test_build_ext.py | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---

Lib/ensurepip/__init__.py | 74 52 + 22 - 0 !
1 file changed, 52 insertions(+), 22 deletions(-)

---

Lib/ensurepip/__init__.py | 33 33 + 0 - 0 !
Lib/venv/__init__.py | 23 22 + 1 - 0 !
2 files changed, 55 insertions(+), 1 deletion(-)

---

Lib/distutils/sysconfig.py | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

---

Makefile.pre.in | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---

Lib/pydoc.py | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---

Doc/tools/templates/layout.html | 2 1 + 1 - 0 !
Lib/idlelib/help.html | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---

Doc/Makefile | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add the option to build texinfo-format documentation.

Makefile.pre.in | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

---

Lib/test/test_asyncio/test_sslproto.py | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

---

Modules/_sha3/sha3module.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 use aligned access for _sha3 module on arm.

Lib/http/client.py | 15 15 + 0 - 0 !
Lib/test/test_urllib.py | 53 53 + 0 - 0 !
Lib/test/test_xmlrpc.py | 7 6 + 1 - 0 !
3 files changed, 74 insertions(+), 1 deletion(-)

 [patch] bpo-30458: disallow control chars in http urls. (gh-12755)
 (GH-13154)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Backport Co-Authored-By: Miro Hronok <miro@hroncok.cz>

Lib/test/test_urllib.py | 18 18 + 0 - 0 !
Lib/urllib/request.py | 2 1 + 1 - 0 !
2 files changed, 19 insertions(+), 1 deletion(-)

 [patch] bpo-35907, cve-2019-9948: urllib rejects local_file:// scheme
 (GH-13474) (GH-13505)

CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587)

Lib/test/test_urlparse.py | 6 6 + 0 - 0 !
Lib/urllib/parse.py | 11 7 + 4 - 0 !
2 files changed, 13 insertions(+), 4 deletions(-)

 [patch] bpo-36742: fixes handling of pre-normalization characters in
 urlsplit() (GH-13017)

(cherry picked from commit d537ab0ff9767ef024f26246899728f0116b1ec3)

Co-authored-by: Steve Dower <steve.dower@python.org>

Lib/test/test_urlparse.py | 11 6 + 5 - 0 !
Lib/urllib/parse.py | 6 3 + 3 - 0 !
2 files changed, 9 insertions(+), 8 deletions(-)

 [patch] bpo-36742: corrects fix to handle decomposition in usernames
 (GH-13812)

(cherry picked from commit 8d0ef0b5edeae52960c7ed05ae8a12388324f87e)

Co-authored-by: Steve Dower <steve.dower@python.org>

Lib/email/_header_value_parser.py | 2 2 + 0 - 0 !
Lib/email/_parseaddr.py | 11 10 + 1 - 0 !
Lib/test/test_email/test__header_value_parser.py | 10 10 + 0 - 0 !
Lib/test/test_email/test_email.py | 14 14 + 0 - 0 !
4 files changed, 36 insertions(+), 1 deletion(-)

 [patch] bpo-34155: dont parse domains containing @ (gh-13079)

Before:

Lib/test/test_docxmlrpc.py | 16 16 + 0 - 0 !
Lib/xmlrpc/server.py | 3 2 + 1 - 0 !
2 files changed, 18 insertions(+), 1 deletion(-)

 [patch] bpo-38243, xmlrpc.server: escape the server_title (gh-16373)

Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.
(cherry picked from commit e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa)

Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>

Lib/tarfile.py | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] bpo-39017: avoid infinite loop in the tarfile module
 (GH-21454) (GH-21484)

Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
(cherry picked from commit 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4)

Co-authored-by: Rishi <rishi_devan@mail.com>

Lib/ipaddress.py | 4 2 + 2 - 0 !
Lib/test/test_ipaddress.py | 11 11 + 0 - 0 !
2 files changed, 13 insertions(+), 2 deletions(-)

 [patch] [3.7] bpo-41004: resolve hash collisions for ipv4interface
 and IPv6Interface (GH-21033) (GH-21231)

CVE-2020-14422
The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation
(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)

Co-authored-by: Ravi Teja P <rvteja92@gmail.com>

Signed-off-by: Tapas Kundu <tkundu@vmware.com>

Lib/urllib/request.py | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

---

Lib/http/client.py | 16 16 + 0 - 0 !
Lib/test/test_httplib.py | 22 22 + 0 - 0 !
2 files changed, 38 insertions(+)

 [patch] bpo-39603: prevent header injection in http methods
 (GH-18485) (GH-21538)

reject control chars in http method in http.client.putrequest to prevent http header injection
(cherry picked from commit 8ca8a2e8fb068863c1138f07e3098478ef8be12e)

Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>

Lib/ctypes/test/test_parameters.py | 43 43 + 0 - 0 !
Modules/_ctypes/callproc.c | 55 21 + 34 - 0 !
2 files changed, 64 insertions(+), 34 deletions(-)

 [patch] [3.7] closes bpo-42938: replace snprintf with python unicode
 formatting in ctypes param reprs. (GH-24249)

(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)

Co-authored-by: Benjamin Peterson <benjamin@python.org>