mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Lib
History
Miss Islington (bot) 71fa8eb823
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144) 
Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2025-12-01 15:50:28 +00:00
..
__phello__
_pyrepl [3.13] gh-139246: zero-width word paste can be wrong in default repl (GH-139254) (GH-141166) 2025-11-07 13:51:03 +01:00
asyncio [3.13] gh-103847: fix cancellation safety of asyncio.create_subprocess_exec (GH-140805) (#141447) 2025-11-13 17:05:01 +05:30
collections [3.13] gh-140911: Ensure that UserString.index() and UserString.rindex() accept UserString as argument (GH-140945) (GH-141945) 2025-11-25 13:50:30 +00:00
concurrent [3.13] gh-132969: Fix error/hang when shutdown(wait=False) and task exited abnormally (GH-133222) (GH-135343) 2025-06-16 14:08:03 +02:00
ctypes [3.13] gh-140041: Fix import of ctypes on Android and Cygwin when ABI flags are present (GH-140178) (#140181) 2025-10-15 22:03:25 +00:00
curses
dbm [3.13] gh-135386: Fix "unable to open database file" errors on readonly DB (GH-135566) (GH-138057) 2025-08-22 11:35:21 +00:00
email [3.13] gh-136063: fix quadratic-complexity parsing in email.message._parseparam (GH-136072) (#140828) 2025-11-30 14:34:22 +02:00
encodings [3.13] gh-135069: Fix exception message in encodings.idna module (GH-135071) (#136236) 2025-07-03 10:31:43 +00:00
ensurepip [3.13] gh-140874: Upgrade bundled pip to 25.3 (GH-140876) (gh-140880) 2025-11-01 12:42:15 +00:00
html [3.13] gh-140875: Fix handling of unclosed charrefs before EOF in HTMLParser (GH-140904) (GH-141746) 2025-11-19 12:17:54 +00:00
http [3.13] gh-119452: Fix a potential virtual memory allocation denial of service in http.server (GH-119455) (GH-142130) 2025-12-01 14:22:10 +00:00
idlelib [3.13] Minor fixes to idle.rst and regenerate help.html (GH-140037) (#141122) 2025-11-06 12:11:50 +00:00
importlib [3.13] gh-140633: AppleFrameworkLoader: Ignore AttributeError when setting __file__ (GH-140635) (GH-140659) 2025-10-27 14:08:09 +01:00
json [3.13] gh-140793: Improve documentatation and tests for the ensure_ascii option in the json module (GH-140906) (GH-141228) 2025-11-08 10:30:15 +00:00
logging [3.13] gh-138162: Fix logging.LoggerAdapter with merge_extra=True and without the extra argument (GH-140511) (GH-140785) 2025-10-30 11:31:54 +00:00
multiprocessing [3.13] gh-98896: resource_tracker: use json&base64 to allow arbitrary shared memory names (GH-138473) (GH-142014) 2025-11-28 11:57:51 +01:00
pathlib [3.13] GH-125069: Fix inconsistent joining in WindowsPath(PosixPath(...)) (GH-125156) (#125409) 2024-10-13 18:12:57 +00:00
pydoc_data Python 3.13.9 2025-10-14 15:52:31 +02:00
re [3.13] gh-140797: Forbid capturing groups in re.Scanner lexicon patterns (GH-140944) (GH-140983) 2025-11-04 11:17:29 +00:00
site-packages
sqlite3 [3.13] gh-133439: Fix dot commands with trailing spaces are mistaken for multi-line sqlite statements in the sqlite3 command-line interface (GH-133440) (GH-133765) 2025-06-13 20:40:24 +03:00
sysconfig [3.13] Synced docs and docstring for sysconfig.get_platform (GH-135530) (#138975) 2025-09-17 13:22:36 +00:00
test [3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144) 2025-12-01 15:50:28 +00:00
tkinter [3.13] gh-126008: Improve docstrings for Tkinter cget and configure methods (GH-133303) (GH-137661) 2025-08-12 05:17:24 +00:00
tomllib [3.13] gh-133117: Enable stricter mypy checks for tomllib (GH-133206) (#133343) 2025-05-03 14:20:34 +00:00
turtledemo [3.13] gh-128062: Fix the font size and shortcut display of the turtledemo menu (GH-128063) (#128101) 2024-12-19 20:47:24 +00:00
unittest [3.13] gh-136442: Fix unittest to return exit code 5 when setUpClass raises an exception (GH-136487) (#141577) 2025-11-15 01:23:03 +00:00
urllib [3.13] gh-140691: urllib.request: Close FTP control socket if data socket can't connect (GH-140835) (GH-141657) 2025-11-18 13:34:40 +01:00
venv [3.13] gh-124651: Quote template strings in venv activation scripts (GH-124712) (GH-125813) 2024-10-22 16:49:20 +01:00
wsgiref
xml [3.13] gh-135640: Adds more type checking to ElementTree (GH-135643) (GH-136226) 2025-07-03 08:12:21 +00:00
xmlrpc
zipfile [3.13] gh-139700: Check consistency of the zip64 end of central directory record (GH-139702) (GH-139708) 2025-10-07 17:55:44 +00:00
zoneinfo [3.13] GH-137841: Open tzdata/zones file with UTF-8 encoding (GH-137872) (#141608) 2025-11-20 18:23:26 +02:00
__future__.py
__hello__.py
_aix_support.py
_android_support.py [3.13] Make Android streams respect the unbuffered (-u) option (GH-138806) (#139110) 2025-09-18 12:45:03 +01:00
_apple_support.py [3.13] gh-126925: Modify how iOS test results are gathered (GH-127592) (#127754) 2024-12-09 14:39:11 +08:00
_collections_abc.py [3.13] gh-118803: Fixup a few references in the 3.13 branch to the intended removal date for ByteString (#139171) 2025-09-19 18:51:39 +01:00
_colorize.py [3.13] gh-141570: can_colorize: Expect fileno() to raise OSError, as documented (#141716) (#141748) 2025-11-19 14:28:31 +00:00
_compat_pickle.py
_compression.py
_ios_support.py [3.13] gh-119253: use ImportError in _ios_support (GH-119254) (#119265) 2024-05-20 22:21:28 +00:00
_markupbase.py
_opcode_metadata.py
_osx_support.py
_py_abc.py
_pydatetime.py [3.13] gh-135956: Remove duplicate word in _pydatetime docstring (GH-135957) (#135963) 2025-06-26 04:08:17 +00:00
_pydecimal.py [3.13] gh-102431: Clarify constraints on operands of Decimal logical operations (GH-102836) (#140106) 2025-10-14 15:45:02 +02:00
_pyio.py [3.13] gh-140607: Validate returned byte count in RawIOBase.read (GH-140611) (#140730) 2025-10-29 13:31:57 +01:00
_pylong.py gh-118610: Centralize power caching in _pylong.py (#118611) 2024-05-07 19:09:09 -05:00
_sitebuiltins.py
_strptime.py [3.13] gh-136028: Fix parsing month names containing "İ" (U+0130) in strptime() (GH-136029) (GH-136038) 2025-06-27 14:10:51 +00:00
_threading_local.py [3.13] gh-107006: Move threading.local docstring to docs (GH-131840) (#133432) 2025-05-05 16:18:00 +03:00
_weakrefset.py
abc.py
antigravity.py
argparse.py [3.13] gh-134109: Fix showing comments in pydoc output for argparse (GH-134110) (GH-134113) 2025-05-16 20:52:42 +00:00
ast.py [3.13] gh-134718: Fix ast.dump() for empty non-default values (GH-134926) (GH-134936) 2025-05-30 15:48:48 +00:00
base64.py [3.13] gh-138775: fix handle python -m base64 stdin correct with EOF signal (GH-138776) (#141433) 2025-11-12 00:10:07 +00:00
bdb.py [3.13] gh-136057: Allow step and next to step over for loops (GH-136160) (#141641) 2025-11-16 22:23:03 +00:00
bisect.py
bz2.py
calendar.py [3.13] gh-126476: Raise IllegalMonthError for calendar.formatmonth() when the input month is not correct (GH-126484) (GH-126879) 2024-11-15 15:20:25 -08:00
cmd.py
code.py [3.13] gh-125666: Avoid PyREPL exiting when a null byte is in input (GH-125732) (#126023) 2024-12-02 15:04:51 +01:00
codecs.py [3.13] gh-52876: Implement missing parameter in codecs.StreamReaderWriter functions (GH-136498) (#136515) 2025-07-10 18:06:34 +02:00
codeop.py [3.13] gh-124960: Fixed barry_as_FLUFL future flag does not work in new REPL (#124999) (#125475) 2024-10-14 20:00:45 +02:00
colorsys.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
compileall.py
configparser.py [3.13] gh-130941: Fix configparser parsing values with allow_no_value and interpolation set (GH-130949) (#132588) 2025-04-16 14:19:46 +02:00
contextlib.py
contextvars.py [3.13] gh-126451: Revert backports of ABC registrations for contextvars.Context and multiprocessing proxies (#126734) 2024-11-12 12:29:13 +00:00
copy.py [3.13] gh-121300: Add replace to copy.__all__ (GH-121302) (#121337) 2024-07-03 15:28:57 +00:00
copyreg.py
cProfile.py
csv.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
dataclasses.py [3.13] gh-123935: Fix typo in _get_slots in dataclasses.py (GH-123941) (#123991) 2024-12-03 17:17:25 +01:00
datetime.py
decimal.py [3.13] gh-123339: Fix cases of inconsistency of __module__ and __firstlineno__ in classes (GH-123613) (#124735) 2024-09-29 21:21:40 -07:00
difflib.py [3.13] gh-128051: Fix tests if sys.float_repr_style is 'legacy' (#135908) (#136026) 2025-06-30 11:40:06 +02:00
dis.py [3.13] gh-127637: add tests for dis command-line interface (#127759) (#127781) 2024-12-10 12:32:32 +00:00
doctest.py [3.13] gh-136914: Fix support of cached functions and properties in DocTest's lineno computation (GH-136930) (GH-137615) 2025-08-10 20:05:28 +00:00
enum.py [3.13] gh-136764: improve comment in enum.verify.__call__ (GH-136774) (GH-136842) 2025-07-19 12:01:42 -07:00
filecmp.py [3.13] gh-122400: Handle ValueError in filecmp (GH-122401) (GH-122441) 2024-07-30 09:17:35 +00:00
fileinput.py
fnmatch.py
fractions.py [3.13] gh-130664: Treat '0' fill character with align '=' as zero-padding for Fraction's (GH-131067) (GH-136242) 2025-07-03 11:20:49 +00:00
ftplib.py
functools.py [3.13] gh-140873: Fix the singledispatchmethod documentation (GH-141523) (GH-141710) 2025-11-18 11:38:38 +00:00
genericpath.py [3.13] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) (GH-135064) 2025-06-03 15:59:54 +02:00
getopt.py
getpass.py
gettext.py
glob.py [3.13] docs: be clearer that glob results are unordered (GH-140184) (#140340) 2025-10-20 07:32:05 +03:00
graphlib.py [3.13] gh-129892: Doc: Remove unnecessary role directive in graphlib.py (GH-129896) (#129904) 2025-02-09 15:47:10 +00:00
gzip.py [3.13] gh-131492, gh-131461: handle exceptions in GzipFile constructor while owning resources (GH-131462) (#131518) 2025-03-21 11:20:52 +01:00
hashlib.py [3.13] gh-134696: align OpenSSL and HACL*-based hash functions constructors AC signatures (GH-134713) (#134962) 2025-06-01 10:27:02 +02:00
heapq.py
hmac.py
imaplib.py [3.13] gh-78319: Fix implementation of IMAP APPEND UTF8 (GH-9436) (GH-139407) 2025-09-29 06:25:51 +00:00
inspect.py [3.13] gh-139783: Fix inspect.getsourcelines() for the case when a decorator is followed by a comment or an empty line (GH-139836) (GH-139890) 2025-10-14 15:47:20 +02:00
io.py
ipaddress.py [3.13] gh-141497: Make ipaddress.IP{v4,v6}Network.hosts() always returning an iterator (GH-141547) (GH-141695) 2025-11-18 11:43:15 +02:00
keyword.py
linecache.py [3.13] gh-117174: Fix reference leak and gdb tests (GH-131095) (#131120) 2025-03-11 23:43:07 +00:00
locale.py [3.13] gh-133967: Do not normalize locale name 'C.UTF-8' to 'en_US.UTF-8' (GH-135347) (GH-135350) 2025-06-11 12:43:38 +03:00
lzma.py
mailbox.py
mimetypes.py gh-128703: Fix mimetypes.guess_type for empty Content-Type in registry (GH-128854) 2025-02-17 15:36:49 +00:00
modulefinder.py
netrc.py [3.13] gh-135815: skip netrc security checks if os.getuid is missing (GH-135816) (#135826) 2025-06-22 20:12:20 +00:00
ntpath.py [3.13] gh-136065: Fix quadratic complexity in os.path.expandvars() (GH-134952) (GH-140845) 2025-10-31 17:58:09 +01:00
nturl2path.py [3.13] GH-127078: url2pathname(): handle extra slash before UNC drive in URL path (GH-127132) (#127135) 2024-11-22 04:37:30 +00:00
numbers.py [3.13] gh-122450: Expand documentation for `Rational and Fraction` (#136800) (#137367) 2025-08-05 14:54:31 +01:00
opcode.py
operator.py
optparse.py
os.py [3.13] gh-136087: Remove \r from documented os.linesep values (GH-136088) (#136112) 2025-06-30 10:44:38 +03:00
pdb.py [3.13] gh-139289: Lazy import rlcompleter to fix the refleak (GH-139305) (#139357) 2025-09-26 22:50:33 +08:00
pickle.py [3.13] gh-126489: Do not call persistent_id() for a persistent id in Python pickle (GH-126490) (GH-126514) 2024-11-06 22:54:48 +02:00
pickletools.py [3.13] gh-139646: fix typo in pickletools error message (GH-139647) (GH-139650) 2025-10-07 20:19:24 +02:00
pkgutil.py
platform.py gh-127732: Add Windows Server 2025 detection to platform module (GH-127733) 2024-12-09 12:50:34 +00:00
plistlib.py [3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144) 2025-12-01 15:50:28 +00:00
poplib.py [3.13] gh-130637: Add validation for numeric response data in stat() method (GH-130646) (#130763) 2025-03-02 20:28:56 +00:00
posixpath.py [3.13] gh-136065: Fix quadratic complexity in os.path.expandvars() (GH-134952) (GH-140845) 2025-10-31 17:58:09 +01:00
pprint.py
profile.py
pstats.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
pty.py
py_compile.py
pyclbr.py
pydoc.py [3.13] gh-139076: Fix regression in pydoc not showing extension functions (GH-139077) (GH-139161) 2025-09-19 16:38:20 +03:00
queue.py [3.13] Fix Queue.shutdown docs for condition to unblock a join (gh-137088) (gh-137102) 2025-07-25 08:48:28 -06:00
quopri.py
random.py [3.13] gh-130285: Fix handling of zero or empty counts in random.sample() (gh-130291) (gh-130416) 2025-02-21 17:56:51 +00:00
reprlib.py [3.13] gh-135487: fix reprlib.Repr.repr_int when given very large integers (GH-135506) (#135886) 2025-06-24 12:00:14 +00:00
rlcompleter.py [3.13] gh-113978: Ignore warnings on text completion inside REPL (GH-113979) (#119429) 2024-05-22 23:13:32 +02:00
runpy.py
sched.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
secrets.py
selectors.py
shelve.py
shlex.py
shutil.py [3.13] gh-127001: Fix PATHEXT issues in shutil.which() on Windows (GH-127035) (GH-127156) 2024-11-22 16:18:44 +00:00
signal.py
site.py [3.13] gh-138993: Dedent credits text (GH-138994) (#140087) 2025-10-15 14:05:53 +03:00
smtplib.py [3.13] gh-139434: Update selected RFC 2822 references to RFC 5322 (GH-139435) (#141024) 2025-11-04 16:22:31 -05:00
socket.py [3.13] gh-128916: Do not set SO_REUSEPORT on non-AF_INET* sockets (GH-128933) (#128969) 2025-01-18 03:45:42 +00:00
socketserver.py [3.13] gh-128916: Do not set SO_REUSEPORT on non-AF_INET* sockets (GH-128933) (#128969) 2025-01-18 03:45:42 +00:00
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py [3.13] gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740) (#122768) 2024-09-02 12:53:59 +02:00
stat.py [3.13] gh-120417: Remove unused imports in the stdlib (GH-120420) (#120429) 2024-06-12 19:27:32 +00:00
statistics.py [3.13] gh-140938: Raise ValueError for infinite inputs to stdev/pstdev (GH-141531) (#141584) 2025-11-15 04:45:28 +00:00
string.py
stringprep.py
struct.py
subprocess.py [3.13] gh-74389: gh-70560: subprocess.Popen.communicate() now ignores stdin.flush error when closed (GH-142061) (#142065) 2025-11-28 23:33:47 -08:00
symtable.py [3.13] gh-119698: fix a special case in symtable.Class.get_methods (GH-121802) (#121909) 2024-07-17 13:54:40 +00:00
tabnanny.py [3.13] gh-120495: Fix incorrect exception handling in Tab Nanny (GH-120498) (#120548) 2024-06-15 11:28:28 +00:00
tarfile.py [3.13] gh-75989: TarFile.extractall and TarFile.extract now overwrite symlinks when extracting hardlinks (GH-137316) (GH-139771) 2025-10-09 12:54:14 +02:00
tempfile.py [3.13] gh-132124: improve safety nets for creating AF_UNIX socket files (GH-134085) (#134448) 2025-08-04 07:38:49 -07:00
textwrap.py [3.13] gh-139065: Fix trailing space before long word in textwrap (GH-139070) (GH-139903) 2025-10-10 13:51:41 +00:00
this.py
threading.py [3.13] gh-114827: clarify threading.Event.wait timeout behavior (GH-114834) (#140099) 2025-10-14 14:13:31 +00:00
timeit.py
token.py [3.13] gh-127303: Add docs for token.EXACT_TOKEN_TYPES (GH-127304) (#127390) 2024-11-30 08:13:13 +00:00
tokenize.py [3.13] gh-125553: Fix backslash continuation in untokenize (GH-126010) (#129153) 2025-01-21 21:04:55 +00:00
trace.py [3.13] gh-103956: Fix trace output in case of missing source line (GH-103958) (GH-118834) 2024-05-09 13:05:37 +00:00
traceback.py [3.13] gh-137576: Fix for Basic REPL showing incorrect code in tracebacks with PYTHONSTARTUP (GH-137625) (#137778) 2025-08-15 12:10:39 +03:00
tracemalloc.py
tty.py
turtle.py [3.13] gh-138772: Fix and improve documentation for turtle color functions (GH-139325) (GH-140048) 2025-10-13 15:56:31 +00:00
types.py
typing.py [3.13] gh-138859: Account for ParamSpec defaults that are not lists … (GH-138868) (#140208) 2025-10-16 13:26:24 -07:00
uuid.py [3.13] gh-135244: generate UUID random Node ID with a CSPRNG as per RFC 9562, §6.10.3 (GH-135226) (#137408) 2025-08-05 09:01:07 +00:00
warnings.py [3.13] gh-138010: Fix __init_subclass__ forwarding by warnings.deprecated (GH-138210) (#138564) 2025-09-05 14:21:19 -07:00
wave.py [3.13] gh-136523: Fix wave.Wave_write emitting an unraisable when open raises (GH-136529) (GH-136607) 2025-07-13 06:13:01 +00:00
weakref.py
webbrowser.py [3.13] gh-108172: do not override OS preferred browser if it is a super-string of a known browser (GH-113011) (#123527) 2024-09-02 13:18:27 +02:00
zipapp.py [3.13] gh-130379: Fix incorrect zipapp logic to avoid including the target in itself (gh-130509) (gh-130791) 2025-03-03 15:20:05 +00:00
zipimport.py [3.13] gh-121735: Fix module-adjacent references in zip files (GH-123037) (#123986) 2024-09-29 18:17:16 -07:00