cpython/Lib
Victor Stinner 34bab21559
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505)
CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3943)
2019-05-22 23:28:28 +02:00
..
asyncio bpo-35721: Close socket pair if Popen in _UnixSubprocessTransport fails (GH-11553) 2019-05-20 05:35:56 -07:00
collections bpo-27141: Fix collections.UserList and UserDict shallow copy. (GH-4094) 2019-05-19 07:26:35 -07:00
concurrent [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
ctypes bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) 2019-05-17 00:33:10 -07:00
curses [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
dbm
distutils bpo-28552: Fix distutils.sysconfig for empty sys.executable (GH-12875) (GH-12948) 2019-04-25 13:15:47 +02:00
email bpo-33524: Fix the folding of email header when max_line_length is 0 or None (GH-13391) 2019-05-17 13:47:12 -07:00
encodings bpo-32943: Fix confusing error message for rot13 codec (GH-5869) 2018-03-24 21:30:39 -07:00
ensurepip bpo-35807: Upgrade ensurepip bundled pip and setuptools (GH-12189) 2019-03-08 13:44:39 -08:00
html
http bpo-30458: Disallow control chars in http URLs. (GH-12755) (GH-13154) 2019-05-07 11:28:47 -04:00
idlelib bpo-36958: In IDLE, print exit message (GH-13435) 2019-05-20 00:16:53 -07:00
importlib bpo-35133: Fix mistakes when concatenate string literals on different lines. (GH-10284) 2018-11-05 06:52:58 -08:00
json bpo-30877: Fix clearing a cache in the the JSON decoder. (GH-7048) 2018-05-22 06:03:10 -07:00
lib2to3 [3.7] bpo-36766: Typos in docs and code comments (GH-13116). (GH-13136) 2019-05-06 13:55:19 -07:00
logging bpo-36015: Handle StreamHandler representaton of stream with an integer name (GH-11908) (GH-13183) 2019-05-15 19:06:29 +01:00
msilib bpo-34251: Restore msilib.Win64 to preserve compatibility (GH-8510) 2018-07-28 17:14:44 -07:00
multiprocessing [3.7] bpo-36766: Typos in docs and code comments (GH-13116). (GH-13136) 2019-05-06 13:55:19 -07:00
pydoc_data 3.7.3rc1 2019-03-12 15:14:21 -04:00
site-packages
sqlite3 bpo-35504: Fix segfaults and SystemErrors when deleting certain attrs. (GH-11175) 2018-12-17 07:10:20 -08:00
test bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505) 2019-05-22 23:28:28 +02:00
tkinter bpo-27313: Avoid test_ttk_guionly ComboboxTest fail with macOS Cocoa Tk (GH-12011) 2019-02-23 23:46:20 -08:00
turtledemo bpo-14117: Make minor tweaks to turtledemo (GH-8002) 2018-06-28 22:30:44 -07:00
unittest bpo-31855: unittest.mock.mock_open() results now respects the argument of read([size]) (GH-11521) (#13152) 2019-05-07 13:34:48 +01:00
urllib bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505) 2019-05-22 23:28:28 +02:00
venv bpo-34144: Fix of venv acvtivate.bat for win 10 (GH-8321) 2019-05-21 08:41:44 -07:00
wsgiref bpo-29183: Fix double exceptions in wsgiref.handlers.BaseHandler (GH-12914) 2019-05-19 19:28:38 +03:00
xml bpo-35052: Fix handler on xml.dom.minidom.cloneNode() (GH-11061) (GH-11066) 2018-12-10 11:56:48 +01:00
xmlrpc bpo-33911: Fixed deprecation warning in xmlrpc.server (GH-7847) (GH-8294) 2018-07-16 11:02:23 +02:00
__future__.py String annotations [PEP 563] (#4390) 2018-01-26 08:20:18 -08:00
__phello__.foo.py
_bootlocale.py
_collections_abc.py bpo-32467: Let collections.abc.ValuesView inherit from Collection (#5152) 2018-01-11 21:53:49 -08:00
_compat_pickle.py
_compression.py
_dummy_thread.py
_markupbase.py
_osx_support.py bpo-35257: Avoid leaking LTO linker flags into distutils (GH-10900) (GH-11264) 2018-12-23 15:45:10 -05:00
_py_abc.py bpo-33018: Improve issubclass() error checking and message. (GH-5944) 2018-03-22 04:49:26 -07:00
_pydecimal.py bpo-35133: Fix mistakes when concatenate string literals on different lines. (GH-10284) 2018-11-05 06:52:58 -08:00
_pyio.py bpo-36523: Add docstring to io.IOBase.writelines (GH-12683) 2019-04-22 21:08:24 +09:00
_sitebuiltins.py
_strptime.py Spelling fixes to docs, docstrings, and comments (GH-6374) 2018-04-20 14:00:41 -07:00
_threading_local.py Delete a broken threading.local example (GH-5870) 2018-02-25 07:23:25 -08:00
_weakrefset.py
abc.py bpo-31333: Re-implement ABCMeta in C (GH-5733) 2018-02-18 17:39:43 +00:00
aifc.py bpo-32056: Improve exceptions in aifc, wave and sunau. (GH-5951) 2018-03-18 13:50:41 -07:00
antigravity.py Change the xkcd link in comment over https. (GH-9293) 2018-09-14 09:28:07 -07:00
argparse.py bpo-11874: fix assertion failure in argparse metavar handling (GH-1826) 2018-06-08 04:33:50 -07:00
ast.py bpo-33851: Fix ast.get_docstring() for a node that lacks a docstring. (GH-7682) 2018-06-15 01:25:13 -07:00
asynchat.py
asyncore.py
base64.py bpo-34164: Fix handling of incorrect padding in base64.b32decode(). (GH-8351) (GH-8435) 2018-07-24 13:53:39 +03:00
bdb.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
binhex.py
bisect.py
bz2.py
cProfile.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
calendar.py
cgi.py bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973) 2018-10-23 03:54:52 -07:00
cgitb.py bpo-33256: Replace angle brackets around python object repr to display it in html (GH-6442) 2018-04-29 12:10:12 -07:00
chunk.py
cmd.py
code.py
codecs.py [3.7] bpo-33482: fix codecs.StreamRecoder.writelines (GH-6779) (GH-13502) 2019-05-22 09:28:38 -07:00
codeop.py
colorsys.py
compileall.py bpo-34022: Stop forcing of hash-based invalidation with SOURCE_DATE_EPOCH (GH-9607) 2018-11-28 09:45:36 -08:00
configparser.py bpo-27351: Fix ConfigParser.read() documentation and docstring (GH-8123) 2018-09-29 10:33:05 -06:00
contextlib.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
contextvars.py bpo-32436: Implement PEP 567 (#5027) 2018-01-22 19:11:18 -05:00
copy.py
copyreg.py
crypt.py
csv.py bpo-30157: Fix csv.Sniffer.sniff() regex pattern. (GH-5601) (GH-5602) 2018-02-10 00:00:48 +02:00
dataclasses.py bpo-35960: Fix dataclasses.field throwing away empty metadata. (GH-11815) (GH-11826) 2019-02-12 07:11:48 -05:00
datetime.py [3.7] bpo-22005: Fixed unpickling instances of datetime classes pickled by Python 2. (GH-11017) (GH-11022) 2018-12-07 14:56:02 +02:00
decimal.py
difflib.py bpo-33224: PEP 479 fix for difflib.mdiff() (GH-6381) (GH-6390) 2018-04-05 11:45:33 -07:00
dis.py
doctest.py bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff (GH-10639) 2019-01-09 05:56:40 -08:00
dummy_threading.py
enum.py bpo-35899: Fix Enum handling of empty and weird strings (GH-11891) 2019-03-08 13:44:21 -08:00
filecmp.py
fileinput.py
fnmatch.py bpo-32775: Fix regular expression warnings in fnmatch. (GH-5583) (GH-5596) 2018-02-09 13:56:50 +02:00
formatter.py
fractions.py
ftplib.py [3.7] bpo-35128: Fix spacing issues in warning.warn() messages. (GH-10268). (GH-10280) 2018-11-01 14:19:23 +02:00
functools.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
genericpath.py
getopt.py
getpass.py
gettext.py
glob.py
gzip.py
hashlib.py [3.7] bpo-33729: Fix issues with arguments parsing in hashlib. (GH-8346) (GH-8581) 2018-07-31 10:22:44 +03:00
heapq.py
hmac.py bpo-33604: Remove Pending from hmac Deprecation warning. (GH-7062) 2018-05-22 16:40:44 -07:00
imaplib.py [3.7] bpo-35128: Fix spacing issues in warning.warn() messages. (GH-10268). (GH-10280) 2018-11-01 14:19:23 +02:00
imghdr.py
imp.py closes bpo-34056: Always return bytes from _HackedGetData.get_data(). (GH-8130) 2018-07-06 21:00:45 -07:00
inspect.py bpo-33594: Add deprecation info in inspect.py module (GH-7036) 2018-10-19 17:05:49 -07:00
io.py
ipaddress.py bpo-36845: validate integer network prefix when constructing IP networks (GH-13298) 2019-05-14 20:00:16 +09:00
keyword.py
linecache.py
locale.py [3.7] bpo-20087: Update locale alias mapping with glibc 2.27 supported locales. (GH-6708) (GH-6713) 2018-05-06 10:20:12 +03:00
lzma.py
macpath.py bpo-31802: Fix importing native path module before importing os. (#4017) 2018-01-07 17:54:31 +02:00
mailbox.py
mailcap.py
mimetypes.py [3.7] bpo-31715 Add mimetype for extension .mjs (GH-3908) (GH-10977) 2018-12-23 15:46:40 -05:00
modulefinder.py
netrc.py
nntplib.py
ntpath.py [3.7] bpo-31047: Fix ntpath.abspath to trim ending separator (GH-10082) 2018-10-25 13:46:23 -04:00
nturl2path.py
numbers.py
opcode.py [3.7] bpo-32746: Fix multiple typos (GH-5144) (GH-5520) 2018-02-03 20:41:43 -05:00
operator.py
optparse.py
os.py bpo-32297: Few misspellings found in Python source code comments. (#4803) 2017-12-14 13:04:53 +02:00
pathlib.py [3.7] bpo-36035: fix Path.rglob for broken links (GH-11988) (GH-13469) 2019-05-21 12:05:08 -07:00
pdb.py bpo-36969: Make PDB args command display keyword only arguments (GH-13452) 2019-05-20 15:34:23 -07:00
pickle.py bpo-32503: Avoid creating too small frames in pickles. (#5127) 2018-01-20 16:42:44 +02:00
pickletools.py Fix pickletools doc for NEWFALSE. (GH-9432) 2018-09-25 22:19:08 -07:00
pipes.py
pkgutil.py
platform.py [3.7] bpo-36766: Typos in docs and code comments (GH-13116). (GH-13136) 2019-05-06 13:55:19 -07:00
plistlib.py
poplib.py [3.7] bpo-35128: Fix spacing issues in warning.warn() messages. (GH-10268). (GH-10280) 2018-11-01 14:19:23 +02:00
posixpath.py [3.7] bpo-35755: shutil.which() uses os.confstr("CS_PATH") (GH-12862) 2019-04-17 18:38:06 +02:00
pprint.py bpo-35513, unittest: TextTestRunner uses time.perf_counter() (GH-11180) 2018-12-17 02:49:22 -08:00
profile.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
pstats.py [3.7] bpo-36766: Typos in docs and code comments (GH-13116). (GH-13136) 2019-05-06 13:55:19 -07:00
pty.py
py_compile.py bpo-34022: Stop forcing of hash-based invalidation with SOURCE_DATE_EPOCH (GH-9607) 2018-11-28 09:45:36 -08:00
pyclbr.py
pydoc.py bpo-35513: Replace time.time() with time.monotonic() in tests (GH-11182) 2018-12-17 01:03:04 -08:00
queue.py bpo-14976: Reentrant simple queue (#3346) 2018-01-16 00:27:16 +01:00
quopri.py
random.py bpo-35513, unittest: TextTestRunner uses time.perf_counter() (GH-11180) 2018-12-17 02:49:22 -08:00
re.py bpo-32338: OrderedDict import is no longer needed in re. (GH-4891) 2018-03-10 23:01:58 -08:00
reprlib.py
rlcompleter.py
runpy.py
sched.py
secrets.py
selectors.py
shelve.py Fix misleading docsting of shelve.open(). (GH-6427) 2018-04-09 07:57:31 -07:00
shlex.py
shutil.py bpo-24538: Fix bug in shutil involving the copying of xattrs to read-only files. (PR-13212) (#13234) 2019-05-14 13:30:22 +08:00
signal.py
site.py bpo-35872 and bpo-35873: Clears __PYVENV_LAUNCHER__ variable (GH-11745) 2019-02-04 07:20:19 -08:00
smtpd.py
smtplib.py [3.7] bpo-35128: Fix spacing issues in warning.warn() messages. (GH-10268). (GH-10280) 2018-11-01 14:19:23 +02:00
sndhdr.py
socket.py bpo-28134: Auto-detect socket values from file descriptor (#1349) 2018-01-29 22:37:58 +01:00
socketserver.py Fix typo in socketserver docstring (GH-11252) 2018-12-21 15:01:34 -08:00
sre_compile.py
sre_constants.py
sre_parse.py
ssl.py Simplify SSLSocket / SSLObject doc string (GH-9972) (GH-13384) 2019-05-17 13:29:35 +02:00
stat.py
statistics.py
string.py bpo-31672: Restore the former behavior when override flags in Template. (#5099) 2018-01-04 19:20:11 +02:00
stringprep.py
struct.py
subprocess.py bpo-34812: subprocess._args_from_interpreter_flags(): add isolated (GH-10675) 2018-11-23 09:13:32 -08:00
sunau.py bpo-32056: Improve exceptions in aifc, wave and sunau. (GH-5951) 2018-03-18 13:50:41 -07:00
symbol.py
symtable.py
sysconfig.py bpo-35299: Fixed sysconfig and distutils during PGO profiling (GH-11744) 2019-02-04 17:54:59 -08:00
tabnanny.py
tarfile.py bpo-34010: Fix tarfile read performance regression (GH-8020) 2018-07-04 01:32:41 -07:00
telnetlib.py
tempfile.py bpo-33522: Enable CI builds on Visual Studio Team Services (GH-6865) (GH-6926) 2018-05-17 08:49:01 -04:00
textwrap.py
this.py
threading.py Fix typos and improve grammar in threading.Barrier docstrings (GH-12210) 2019-03-09 09:56:40 -08:00
timeit.py bpo-28240: timeit: Update repeat() doc (GH-7419) (GH-7457) 2018-06-06 19:05:46 +02:00
token.py bpo-33260: Regenerate token.py after removing ASYNC and AWAIT. (GH-6447) 2018-04-11 10:07:23 -07:00
tokenize.py [3.7] bpo-36766: Typos in docs and code comments (GH-13116). (GH-13136) 2019-05-06 13:55:19 -07:00
trace.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
traceback.py bpo-34588: Fix an off-by-one error in traceback formatting. (GH-9077) 2018-09-10 09:00:08 -07:00
tracemalloc.py
tty.py
turtle.py [3.7] bpo-36766: Typos in docs and code comments (GH-13116). (GH-13136) 2019-05-06 13:55:19 -07:00
types.py bpo-36091: Remove reference to async generator in Lib/types.py. (GH-11996) 2019-03-03 06:54:39 -08:00
typing.py bpo-35341: Add generic version of OrderedDict to typing (GH-10850) 2018-12-02 08:14:44 -08:00
uu.py bpo-33687: Fix call to os.chmod() in uu.decode() (GH-7282) 2019-01-17 17:32:59 +03:00
uuid.py [3.7] bpo-34621: fix uuid.UUID (un)pickling compatbility with older Python versions (<3.7) (GH-9133) 2018-09-10 18:47:29 +03:00
warnings.py bpo-35178: Fix warnings._formatwarnmsg() (GH-12033) 2019-03-01 09:40:10 -08:00
wave.py bpo-32056: Improve exceptions in aifc, wave and sunau. (GH-5951) 2018-03-18 13:50:41 -07:00
weakref.py [3.7] bpo-36492: Fix passing special keyword arguments to some functions. (GH-12637) (GH-12645) 2019-04-01 10:59:24 +03:00
webbrowser.py bpo-35308: Fix regression where BROWSER env var is not respected. (GH-10693) 2018-11-26 13:49:28 -08:00
xdrlib.py
zipapp.py
zipfile.py bpo-36434: Properly handle writing errors in ZIP files. (GH-12559) (GH-12628) 2019-03-30 15:52:16 +02:00