Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-02-19 22:01:14 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Lib
History
Miss Islington (bot) 5829f7bf70
[3.13] gh-119511: Fix a potential denial of service in imaplib (GH-119514) (GH-129355) 
gh-119511: Fix a potential denial of service in imaplib (GH-119514)

The IMAP4 client could consume an arbitrary amount of memory when trying
to connect to a malicious server, because it read a "literal" data with a
single read(size) call, and BufferedReader.read() allocates the bytes
object of the specified size before reading. Now the IMAP4 client reads data
by chunks, therefore the amount of used memory is limited by the
amount of the data actually been sent by the server.
(cherry picked from commit 735f25c5e3)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2025-01-27 14:05:59 -08:00
..
__phello__
_pyrepl [3.13] gh-118878: Pyrepl: show completions menu below the current line (GH-118939) (#129161) 2025-01-23 22:15:27 +01:00
asyncio [3.13] gh-128479: fix asyncio staggered race leaking tasks, and logging unhandled exception.append exception (GH-128475) (#129227) 2025-01-23 22:16:02 +01:00
collections [3.13] gh-125245: Fix race condition when importing collections.abc (GH-125415) (GH-125944) 2024-10-24 22:38:45 +00:00
concurrent [3.13] gh-88110: Clear concurrent.futures.thread._threads_queues after fork to avoid joining parent process' threads (GH-126098) (GH-127163) 2024-11-22 17:08:18 +00:00
ctypes [3.13] gh-105733: Soft-deprecate ctypes.ARRAY, rather than hard-deprecating it. (GH-122281) (GH-122440) 2024-07-30 08:05:09 +00:00
curses gh-60436: fix curses textbox backspace/del (#103783) 2023-04-26 22:54:07 +02:00
dbm [3.13] gh-120417: Remove unused imports in the stdlib (GH-120420) (#120429) 2024-06-12 19:27:32 +00:00
email [3.13] gh-80222: Fix email address header folding with long quoted-string (GH-122753) (#129007) 2025-01-19 16:06:28 -05:00
encodings gh-85287: Change codecs to raise precise UnicodeEncodeError and UnicodeDecodeError (#113674) 2024-03-17 04:58:42 +00:00
ensurepip [3.13] gh-126188: Update bundled pip to 24.3.1 (gh-126805) (#126806) 2024-11-13 21:51:57 +00:00
html
http [3.13] gh-123401: Fix http.cookies module to support obsolete RFC 850 date format (GH-123405) (#127828) 2024-12-11 15:38:09 +00:00
idlelib [3.13] gh-71339: Use new assertion methods in test_idle (#129314) 2025-01-26 09:42:08 +00:00
importlib [3.13] gh-123987: Fix NotADirectoryError in NamespaceReader when sentinel present (GH-124018) (#129319) 2025-01-26 12:04:09 -05:00
json [3.13] gh-125660: Reject invalid unicode escapes for Python implementation of JSON decoder (GH-125683) (GH-125694) 2024-10-21 16:07:56 +03:00
logging [3.13] gh-124653: Relax (again) detection of queue API for logging handlers (GH-124897) (GH-125059) 2024-10-08 07:23:40 +01:00
multiprocessing [3.13] gh-127586: multiprocessing.Pool does not properly restore blocked signals (try 2) (GH-128011) (#128298) 2024-12-29 11:02:53 -08:00
pathlib [3.13] GH-125069: Fix inconsistent joining in WindowsPath(PosixPath(...)) (GH-125156) (#125409) 2024-10-13 18:12:57 +00:00
pydoc_data Python 3.13.1 2024-12-03 18:59:52 +01:00
re [3.13] gh-126505: Fix bugs in compiling case-insensitive character classes (GH-126557) (GH-126689) 2024-11-11 16:54:57 +00:00
site-packages
sqlite3 gh-118221: Always use the default row factory in sqlite3.iterdump() (#118223) 2024-04-25 10:11:45 +02:00
sysconfig [3.13] gh-128978: Fix a NameError in sysconfig.expand_makefile_vars (GH-128979) (#129065) 2025-01-20 13:54:48 +00:00
test [3.13] gh-119511: Fix a potential denial of service in imaplib (GH-119514) (GH-129355) 2025-01-27 14:05:59 -08:00
tkinter [3.13] gh-128562: Fix generation of the tkinter widget names (GH-128604) (GH-128791) 2025-01-13 18:23:33 +02:00
tomllib
turtledemo [3.13] gh-128062: Fix the font size and shortcut display of the turtledemo menu (GH-128063) (#128101) 2024-12-19 20:47:24 +00:00
unittest [3.13] gh-104745: Limit starting a patcher more than once without stopping it (GH-126649) (#126772) 2024-11-13 08:46:12 +00:00
urllib [3.13] Explicitly import urllib.error in urllib.robotparser (GH-128737) (#128793) 2025-01-13 17:45:15 +01:00
venv [3.13] gh-124651: Quote template strings in venv activation scripts (GH-124712) (GH-125813) 2024-10-22 16:49:20 +01:00
wsgiref gh-111768: Add wsgiref.util.is_hop_by_hop to __all__ (#111770) 2023-11-08 15:29:47 +00:00
xml [3.13] gh-128302: Fix bugs in xml.dom.xmlbuilder (GH-128284) (#128582) 2025-01-11 13:31:04 +02:00
xmlrpc xmlrpc.client uses datetime.datetime.isoformat() (#105741) 2023-06-14 17:00:40 +02:00
zipfile [3.13] GH-128131: Completely support random read access of uncompressed unencrypted files in ZipFile (GH-128143) (#129091) 2025-01-20 18:28:52 +00:00
zoneinfo gh-106233: Fix stacklevel in zoneinfo.InvalidTZPathWarning (GH-106234) 2024-02-06 15:08:56 +02:00
__future__.py
__hello__.py
_aix_support.py
_android_support.py [3.13] Fix typo in Lib/_android_support.py (GH-127699) (#127703) 2024-12-06 18:14:12 +00:00
_apple_support.py [3.13] gh-126925: Modify how iOS test results are gathered (GH-127592) (#127754) 2024-12-09 14:39:11 +08:00
_collections_abc.py [3.13] gh-116938: Clarify documentation of dict and dict.update regarding the positional argument they accept (GH-125213) (#125336) 2024-10-11 23:29:01 +00:00
_colorize.py [3.13] gh-129061: Fix FORCE_COLOR and NO_COLOR when empty strings (GH-129140) (#129360) 2025-01-27 14:48:05 +00:00
_compat_pickle.py gh-75552: Remove deprecated tkinter.tix module (GH-104902) 2023-05-27 12:34:19 -05:00
_compression.py
_ios_support.py [3.13] gh-119253: use ImportError in _ios_support (GH-119254) (#119265) 2024-05-20 22:21:28 +00:00
_markupbase.py
_opcode_metadata.py GH-118095: Use broader specializations of CALL in tier 1, for better tier 2 support of calls. (GH-118322) 2024-05-04 12:11:11 +01:00
_osx_support.py gh-102362: Fix macOS version number in result of sysconfig.get_platform() (GH-112942) 2023-12-18 18:51:58 -05:00
_py_abc.py
_pydatetime.py [3.13] gh-127553: Remove outdated TODO comment in _pydatetime (GH-127564) (#128500) 2025-01-04 23:01:03 +00:00
_pydecimal.py [3.13] Fix typos in Lib/_pydecimal.py (GH-127700) (#127887) 2024-12-12 20:49:09 +00:00
_pyio.py gh-95782: Fix io.BufferedReader.tell() etc. being able to return offsets < 0 (GH-99709) 2024-02-17 11:16:06 +00:00
_pylong.py gh-118610: Centralize power caching in _pylong.py (#118611) 2024-05-07 19:09:09 -05:00
_sitebuiltins.py
_strptime.py [3.13] gh-127552: Remove comment questioning 4-digit restriction for ‘Y’ in datetime.strptime patterns (GH-127590) GH-127650) 2024-12-06 09:17:32 -08:00
_threading_local.py
_weakrefset.py
abc.py
antigravity.py
argparse.py [3.13] gh-125355: Rewrite parse_intermixed_args() in argparse (GH-125356) (GH-125834) 2024-10-22 15:58:05 +03:00
ast.py gh-116126: Implement PEP 696 (#116129) 2024-05-03 06:17:32 -07:00
base64.py [3.13] Clarify base64.a85encode docs: *wrapcols* doesn't count the newline (GH-119409) (GH-119483) 2024-05-28 16:55:37 +02:00
bdb.py [3.13] gh-128991: Release the enter frame reference within bdb callba… (#129002) 2025-01-18 17:21:23 -05:00
bisect.py
bz2.py gh-115961: Add name and mode attributes for compressed file-like objects (GH-116036) 2024-04-21 11:46:39 +03:00
calendar.py [3.13] gh-126476: Raise IllegalMonthError for calendar.formatmonth() when the input month is not correct (GH-126484) (GH-126879) 2024-11-15 15:20:25 -08:00
cmd.py gh-52161: Enhance Cmd support for docstrings (#110987) 2024-01-03 19:37:34 +00:00
code.py [3.13] gh-125666: Avoid PyREPL exiting when a null byte is in input (GH-125732) (#126023) 2024-12-02 15:04:51 +01:00
codecs.py gh-66143: Allow copying and pickling of CodecInfo object (GH-109235) 2023-09-29 20:07:09 +03:00
codeop.py [3.13] gh-124960: Fixed barry_as_FLUFL future flag does not work in new REPL (#124999) (#125475) 2024-10-14 20:00:45 +02:00
colorsys.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
compileall.py gh-117205: Increase chunksize when compiling pyc in parallel (#117206) 2024-04-03 15:24:24 -07:00
configparser.py gh-117348: restore import time performance of configparser (#117703) 2024-04-14 11:10:09 +00:00
contextlib.py gh-103791: handle BaseExceptionGroup in contextlib.suppress() (#111910) 2023-11-10 13:32:36 +00:00
contextvars.py [3.13] gh-126451: Revert backports of ABC registrations for contextvars.Context and multiprocessing proxies (#126734) 2024-11-12 12:29:13 +00:00
copy.py [3.13] gh-121300: Add replace to copy.__all__ (GH-121302) (#121337) 2024-07-03 15:28:57 +00:00
copyreg.py
cProfile.py gh-69990: Make Profile.print_stats support sorting by multiple values (GH-104590) 2024-02-16 12:03:46 +00:00
csv.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
dataclasses.py [3.13] gh-123935: Fix typo in _get_slots in dataclasses.py (GH-123941) (#123991) 2024-12-03 17:17:25 +01:00
datetime.py gh-84976: Add back UTC to datetime.__all__ (#104920) 2023-05-25 11:18:56 -04:00
decimal.py [3.13] gh-123339: Fix cases of inconsistency of __module__ and __firstlineno__ in classes (GH-123613) (#124735) 2024-09-29 21:21:40 -07:00
difflib.py
dis.py [3.13] gh-127637: add tests for dis command-line interface (#127759) (#127781) 2024-12-10 12:32:32 +00:00
doctest.py [3.13] gh-128595: Default to stdout isatty for colour detection instead of stderr (GH-128498) (#129057) 2025-01-21 18:14:24 +02:00
enum.py [3.13] gh-112328: Make EnumDict usable on its own and document it (GH-123669) (GH-128142) 2024-12-24 10:50:23 -08:00
filecmp.py [3.13] gh-122400: Handle ValueError in filecmp (GH-122401) (GH-122441) 2024-07-30 09:17:35 +00:00
fileinput.py Use bool in fileinput.input() docstring and tests for the inplace argument (GH-111998) 2024-01-27 23:47:55 +02:00
fnmatch.py GH-72904: Add glob.translate() function (#106703) 2023-11-13 17:15:56 +00:00
fractions.py [3.13] gh-119189: Fix the power operator for Fraction (GH-119242) (GH-119836) 2024-07-16 10:44:23 +03:00
ftplib.py gh-114241: Fix and improve the ftplib CLI (GH-114242) 2024-01-21 22:16:45 +02:00
functools.py [3.13] gh-127537: Add __class_getitem__ to the python implementation of functools.partial (GH-127537) (#128281) 2024-12-27 01:25:56 +00:00
genericpath.py gh-117114: Make os.path.isdevdrive available on all platforms (GH-117115) 2024-03-25 22:55:11 +00:00
getopt.py
getpass.py gh-76912: Raise OSError from any failure in getpass.getuser() (#29739) 2023-11-27 10:05:55 -08:00
gettext.py gh-88434: Emit deprecation warnings for non-integer numbers in gettext if translation not found (GH-110574) 2023-10-14 09:07:02 +03:00
glob.py [3.13] GH-119169: Implement pathlib.Path.walk() using os.walk() (GH-119573) (#119750) 2024-05-29 21:24:42 +00:00
graphlib.py
gzip.py [3.13] gh-112346: Always set OS byte to 255, simpler gzip.compress function. (GH-120486) (#120563) 2024-06-15 19:10:50 +00:00
hashlib.py
heapq.py
hmac.py gh-112999: Replace the outdated "deprecated" directives with "versionchanged" (GH-113000) 2023-12-12 18:31:04 +02:00
imaplib.py [3.13] gh-119511: Fix a potential denial of service in imaplib (GH-119514) (GH-129355) 2025-01-27 14:05:59 -08:00
inspect.py [3.13] gh-70764: inspect.getclosurevars now identifies global variables with LOAD_GLOBAL (GH-120143) (#126459) 2024-11-06 00:18:32 +00:00
io.py gh-111356: io: Add missing documented objects to io.__all__ (#111370) 2023-11-10 16:18:52 +09:00
ipaddress.py [3.13] gh-122792: Make IPv4-mapped IPv6 address properties consistent with IPv4 (GH-122793) (GH-123815) 2024-12-03 17:12:36 +01:00
keyword.py gh-103763: Implement PEP 695 (#103764) 2023-05-15 20:36:23 -07:00
linecache.py [3.13] gh-126775: make linecache.checkcache threadsafe and GC re-entrency safe (GH-126776) (#127778) 2024-12-10 08:06:26 +00:00
locale.py gh-91565: Replace bugs.python.org links with Devguide/GitHub ones (GH-91568) 2024-04-01 13:02:07 +00:00
lzma.py gh-115961: Add name and mode attributes for compressed file-like objects (GH-116036) 2024-04-21 11:46:39 +03:00
mailbox.py gh-117467: Add preserving of mailbox owner on flush (GH-117510) 2024-04-04 13:32:53 +03:00
mimetypes.py gh-66543: Add mimetypes.guess_file_type() (GH-117258) 2024-05-06 15:50:52 +03:00
modulefinder.py gh-114099 - Add iOS framework loading machinery. (GH-116454) 2024-03-19 08:36:19 -04:00
netrc.py
ntpath.py gh-119826: Improved fallback for ntpath.abspath() on Windows (GH-119938) 2024-12-02 20:11:16 +00:00
nturl2path.py [3.13] GH-127078: url2pathname(): handle extra slash before UNC drive in URL path (GH-127132) (#127135) 2024-11-22 04:37:30 +00:00
numbers.py
opcode.py gh-116381: Specialize CONTAINS_OP (GH-116385) 2024-03-07 03:30:11 +08:00
operator.py gh-118285: Fix signatures of operator.{attrgetter,itemgetter,methodcaller} instances (GH-118316) 2024-04-29 19:30:48 +03:00
optparse.py
os.py [3.13] GH-89727: Fix FD leak on os.fwalk() generator finalization. (GH-119766) (#119767) 2024-05-30 04:40:21 +00:00
pdb.py [3.13] gh-58956: Fix a frame refleak in bdb (GH-128190) (#128947) 2025-01-17 12:49:15 -05:00
pickle.py [3.13] gh-126489: Do not call persistent_id() for a persistent id in Python pickle (GH-126490) (GH-126514) 2024-11-06 22:54:48 +02:00
pickletools.py [3.13] gh-126997: Fix support of non-ASCII strings in pickletools (GH-127062) (GH-127094) 2024-11-21 11:40:52 +00:00
pkgutil.py gh-97850: Deprecate find_loader and get_loader in pkgutil (GH-98520) 2023-05-03 16:11:54 -07:00
platform.py gh-127732: Add Windows Server 2025 detection to platform module (GH-127733) 2024-12-09 12:50:34 +00:00
plistlib.py gh-111803: Support loading more deeply nested lists in binary plist format (GH-114024) 2024-01-13 15:26:55 +02:00
poplib.py [3.13] Give poplib.POP3.rpop a proper docstring (GH-127370) (#127721) 2024-12-07 16:41:23 +00:00
posixpath.py [3.13] GH-118289: Fix handling of non-directories in posixpath.realpath() (GH-120127) (#126815) 2024-11-13 23:32:56 +00:00
pprint.py [pprint]: Add docstring about PrettyPrinter.underscore_numbers parameter (#112963) 2023-12-13 12:04:17 +00:00
profile.py gh-69990: Make Profile.print_stats support sorting by multiple values (GH-104590) 2024-02-16 12:03:46 +00:00
pstats.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
pty.py gh-96522: Fix deadlock in pty.spawn (#96639) 2023-05-19 13:22:43 +00:00
py_compile.py
pyclbr.py
pydoc.py [3.13] gh-41872: Fix quick extraction of module docstrings from a file in pydoc (GH-127520) (GH-128620) 2025-01-08 14:21:15 +02:00
queue.py gh-117531: Unblock getters after non-immediate queue shutdown (#117532) 2024-04-10 08:01:42 -07:00
quopri.py
random.py [3.13] gh-123968: Fix lower bound for python -m random --float (GH-123971) (#124009) 2024-09-23 16:25:51 -07:00
reprlib.py [3.13] gh-113570: reprlib.repr does not use builtin __repr__ for reshadowed builtins (GH-113577) (GH-125654) 2024-10-17 17:04:02 +00:00
rlcompleter.py [3.13] gh-113978: Ignore warnings on text completion inside REPL (GH-113979) (#119429) 2024-05-22 23:13:32 +02:00
runpy.py gh-99437: runpy: decode path-like objects before setting globals 2024-01-15 16:58:50 +00:00
sched.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
secrets.py
selectors.py gh-110038: KqueueSelector must count all read/write events (#110039) 2023-09-28 17:25:10 +00:00
shelve.py gh-107089: Improve Shelf.clear method performance (gh-107090) 2023-07-29 09:08:11 +09:00
shlex.py
shutil.py [3.13] gh-127001: Fix PATHEXT issues in shutil.which() on Windows (GH-127035) (GH-127156) 2024-11-22 16:18:44 +00:00
signal.py gh-112559: Avoid unnecessary conversion attempts to enum_klass in signal.py (#113040) 2023-12-23 17:07:52 -08:00
site.py [3.13] gh-122273: Support PyREPL history on Windows (#127141) (#127289) 2024-11-26 11:17:13 +00:00
smtplib.py gh-65495: Use lowercase mail from and rcpt to in smtplib.SMTP (#107019) 2023-07-22 16:46:59 +02:00
socket.py [3.13] gh-128916: Do not set SO_REUSEPORT on non-AF_INET* sockets (GH-128933) (#128969) 2025-01-18 03:45:42 +00:00
socketserver.py [3.13] gh-128916: Do not set SO_REUSEPORT on non-AF_INET* sockets (GH-128933) (#128969) 2025-01-18 03:45:42 +00:00
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py [3.13] gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740) (#122768) 2024-09-02 12:53:59 +02:00
stat.py [3.13] gh-120417: Remove unused imports in the stdlib (GH-120420) (#120429) 2024-06-12 19:27:32 +00:00
statistics.py [3.13] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122012) 2024-07-19 09:13:08 +00:00
string.py
stringprep.py
struct.py
subprocess.py [3.13] gh-128342: Specify timeout unit in subprocess docstrings (GH-128343) (#128365) 2024-12-30 21:15:44 +00:00
symtable.py [3.13] gh-119698: fix a special case in symtable.Class.get_methods (GH-121802) (#121909) 2024-07-17 13:54:40 +00:00
tabnanny.py [3.13] gh-120495: Fix incorrect exception handling in Tab Nanny (GH-120498) (#120548) 2024-06-15 11:28:28 +00:00
tarfile.py [3.13] gh-121285: Remove backtracking when parsing tarfile headers (GH-121286) (#123542) 2024-09-02 13:19:11 +02:00
tempfile.py gh-59616: Support os.chmod(follow_symlinks=True) and os.lchmod() on Windows (GH-113049) 2023-12-14 13:28:37 +02:00
textwrap.py gh-107369: optimize textwrap.indent() (#107374) 2023-07-29 06:37:23 +00:00
this.py
threading.py [3.13] gh-121474: Add threading.Barrier parties arg sanity check. (GH-121480) (GH-122444) 2024-07-30 09:24:35 +00:00
timeit.py gh-105052:update timeit function's description (#105060) 2023-08-27 03:22:27 -04:00
token.py [3.13] gh-127303: Add docs for token.EXACT_TOKEN_TYPES (GH-127304) (#127390) 2024-11-30 08:13:13 +00:00
tokenize.py [3.13] gh-125553: Fix backslash continuation in untokenize (GH-126010) (#129153) 2025-01-21 21:04:55 +00:00
trace.py [3.13] gh-103956: Fix trace output in case of missing source line (GH-103958) (GH-118834) 2024-05-09 13:05:37 +00:00
traceback.py [3.13] gh-128894: Fix TracebackException._format_syntax_error on custom SyntaxError metadata (GH-128946) (#129178) 2025-01-22 13:12:39 +00:00
tracemalloc.py
tty.py gh-114328: tty cbreak mode should not alter ICRNL (#114335) 2024-01-21 15:25:52 -08:00
turtle.py [3.13] Fix print usage in turtle doctests (GH-122940) (#122977) 2024-08-13 17:03:36 +00:00
types.py gh-109599: Add types.CapsuleType (#109600) 2023-09-25 19:50:39 +02:00
typing.py [3.13] gh-88834: Unify the instance check for typing.Union and types.UnionType (GH-128363) (GH-128370) 2024-12-31 18:45:03 +00:00
uuid.py gh-113308: Remove some internal parts of uuid module (#115934) 2024-03-14 13:01:41 +03:00
warnings.py [3.13] gh-122088: Copy the coroutine status of the underlying callable in @warnings.deprecated (GH-122086) (#122156) 2024-07-23 10:24:07 +00:00
wave.py gh-105096: Deprecate wave getmarkers() method (#105098) 2023-05-31 12:09:41 +00:00
weakref.py
webbrowser.py [3.13] gh-108172: do not override OS preferred browser if it is a super-string of a known browser (GH-113011) (#123527) 2024-09-02 13:18:27 +02:00
zipapp.py gh-104527: zippapp will now avoid appending an archive to itself. (gh-106076) 2023-06-26 10:09:08 +01:00
zipimport.py [3.13] gh-121735: Fix module-adjacent references in zip files (GH-123037) (#123986) 2024-09-29 18:17:16 -07:00