3.6.13v3.6.13

13 files changed, 95 insertions, 23 deletions

diff --git a/Include/patchlevel.h b/Include/patchlevel.h
index 88d308c4f0..4b45ac0104 100644
--- a/Include/patchlevel.h
+++ b/Include/patchlevel.h
@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION	3
 #define PY_MINOR_VERSION	6
-#define PY_MICRO_VERSION	12
+#define PY_MICRO_VERSION	13
 #define PY_RELEASE_LEVEL	PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL	0
 
 /* Version as a string */
-#define PY_VERSION      	"3.6.12+"
+#define PY_VERSION      	"3.6.13"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.
diff --git a/Lib/pydoc_data/topics.py b/Lib/pydoc_data/topics.py
index 4b53f76969..b34cbbc2dc 100644
--- a/Lib/pydoc_data/topics.py
+++ b/Lib/pydoc_data/topics.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Sat Aug 15 02:33:47 2020
+# Autogenerated by Sphinx on Mon Feb 15 20:10:09 2021
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'
diff --git a/Misc/NEWS.d/3.6.13.rst b/Misc/NEWS.d/3.6.13.rst
new file mode 100644
index 0000000000..2689897ebf
--- /dev/null
+++ b/Misc/NEWS.d/3.6.13.rst
@@ -0,0 +1,90 @@
+.. bpo: 42967
+.. date: 2021-02-14-15-59-16
+.. nonce: YApqDS
+.. release date: 2021-02-15
+.. section: Security
+
+Fix web cache poisoning vulnerability by defaulting the query args separator
+to ``&``, and allowing the user to choose a custom separator.
+
+..
+
+.. bpo: 42938
+.. date: 2021-01-18-09-27-31
+.. nonce: 4Zn4Mp
+.. section: Security
+
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+:class:`ctypes.c_longdouble` values.
+
+..
+
+.. bpo: 42103
+.. date: 2020-10-23-19-19-30
+.. nonce: cILT66
+.. section: Security
+
+Prevented potential DoS attack via CPU and RAM exhaustion when processing
+malformed Apple Property List files in binary format.
+
+..
+
+.. bpo: 42051
+.. date: 2020-10-19-10-56-27
+.. nonce: EU_B7u
+.. section: Security
+
+The :mod:`plistlib` module no longer accepts entity declarations in XML
+plist files to avoid XML vulnerabilities. This should not affect users as
+entity declarations are not used in regular plist files.
+
+..
+
+.. bpo: 40791
+.. date: 2020-05-28-06-06-47
+.. nonce: QGZClX
+.. section: Security
+
+Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``,
+making constant-time-defeating optimizations less likely.
+
+..
+
+.. bpo: 35560
+.. date: 2018-12-22-22-19-51
+.. nonce: 9vMWSP
+.. section: Core and Builtins
+
+Fix an assertion error in :func:`format` in debug build for floating point
+formatting with "n" format, zero padding and small width. Release build is
+not impacted. Patch by Karthikeyan Singaravelan.
+
+..
+
+.. bpo: 42103
+.. date: 2020-10-23-19-20-14
+.. nonce: C5obK2
+.. section: Library
+
+:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now the
+only errors caused by loading malformed binary Plist file (previously
+ValueError and TypeError could be raised in some specific cases).
+
+..
+
+.. bpo: 42794
+.. date: 2021-01-01-08-52-36
+.. nonce: -7-XGz
+.. section: Tests
+
+Update test_nntplib to use offical group name of news.aioe.org for testing.
+Patch by Dong-hee Na.
+
+..
+
+.. bpo: 41944
+.. date: 2020-10-05-17-43-46
+.. nonce: rf1dYb
+.. section: Tests
+
+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst b/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst
deleted file mode 100644
index 01458f1108..0000000000
--- a/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix an assertion error in :func:`format` in debug build for floating point
-formatting with "n" format, zero padding and small width. Release build is
-not impacted. Patch by Karthikeyan Singaravelan.
diff --git a/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst b/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst
deleted file mode 100644
index 4eb694c16a..0000000000
--- a/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now
-the only errors caused by loading malformed binary Plist file (previously
-ValueError and TypeError could be raised in some specific cases).
diff --git a/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst b/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst
deleted file mode 100644
index 69b9de1bea..0000000000
--- a/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst
+++ /dev/null
@@ -1 +0,0 @@
-Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``, making constant-time-defeating optimizations less likely.
\ No newline at end of file
diff --git a/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst b/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst
deleted file mode 100644
index e865ed12a0..0000000000
--- a/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-The :mod:`plistlib` module no longer accepts entity declarations in XML
-plist files to avoid XML vulnerabilities. This should not affect users as
-entity declarations are not used in regular plist files.
diff --git a/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst b/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst
deleted file mode 100644
index 15d7b6549e..0000000000
--- a/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Prevented potential DoS attack via CPU and RAM exhaustion when processing
-malformed Apple Property List files in binary format.
diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
deleted file mode 100644
index 7df65a156f..0000000000
--- a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
-:class:`ctypes.c_longdouble` values.
diff --git a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
deleted file mode 100644
index f08489b414..0000000000
--- a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix web cache poisoning vulnerability by defaulting the query args separator to ``&``, and allowing the user to choose a custom separator.
diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
deleted file mode 100644
index 4f9782f1c8..0000000000
--- a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+++ /dev/null
@@ -1 +0,0 @@
-Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst b/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst
deleted file mode 100644
index 577f2259e1..0000000000
--- a/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Update test_nntplib to use offical group name of news.aioe.org for testing.
-Patch by Dong-hee Na.
diff --git a/README.rst b/README.rst
index 4bed1d47ce..3551a17b7f 100644
--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,5 @@
-This is Python version 3.6.12+
-==============================
+This is Python version 3.6.13
+=============================
 
 .. image:: https://travis-ci.org/python/cpython.svg?branch=3.6
    :alt: CPython build status on Travis CI