Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`
Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .
- Please treat as a security fix related to CVE-2023-52425.
(cherry picked from commit 6a95676bb5)
(cherry picked from commit 73807eb634)
(cherry picked from commit eda2963378)
---------
Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Amend wording after gh-116019 was merged.
(cherry picked from commit e205c5cd8f)
Co-authored-by: Kerim Kabirov <39376984+Privat33r-dev@users.noreply.github.com>
gh-116281: Remove wrong '\' from '\*' in some doc signatures (GH-116282)
(cherry picked from commit 4859ecb860)
Co-authored-by: HarryLHW <123lhw321@gmail.com>
This mostly restores information removed in c12240ed28 (GH-114749).
(cherry picked from commit 05b04903a1)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Fix rendering of null character in ast.rst (GH-116080)
(cherry picked from commit c04a981ff4)
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
GH-115986 Reorder pprint docs and amend some references (GH-116019)
Introduce a new subsubsection, 'Functions', for module level functions,
and place it before the PrettyPrinter class reference.
Also:
- Fix pprint.pprint() references so they properly link to the module
level function.
- Add links to sys.stdout.
(cherry picked from commit 6c1c94dc51)
Co-authored-by: Kerim Kabirov <39376984+Privat33r-dev@users.noreply.github.com>
doc: Use super() in subclassed JSONEncoder examples (GH-115565)
Replace calls to `json.JSONEncoder.default(self, obj)`
by `super().default(obj)` within the examples of the documentation.
(cherry picked from commit 647053fed1)
Co-authored-by: Jan Max Meyer <jmm@phorward.de>
Remove a left-over sentence that refers to an example that was present in Python 3.10 and was using ``Py_OptimizeFlag``.
(cherry picked from commit 915d7dd090)
Co-authored-by: Antti Haapala <antti.haapala@interjektio.fi>
* clean up fcntl module doc
* simplify
* a few changes, based on suggestion by CAM-Gerlach
* nitpick ignore for a couple other C functions mentioned in the fcntl module doc
* more changes, especially related to LOCK_* constants
* :data: back to :const:
* Apply suggestions from code review
---------
(cherry picked from commit 84a275c4a2)
Co-authored-by: Skip Montanaro <skip.montanaro@gmail.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Arguments to enterabs() are specified as Unix time.
If the scheduler use the time.monotonic timer, the code will take
decades to complete.
(cherry picked from commit cb287d3421)
Co-authored-by: mauricelambert <50479118+mauricelambert@users.noreply.github.com>
Added to repr entry in Doc/library/functions.rst.
---------
(cherry picked from commit 5770006ffa)
Co-authored-by: Oh seungmin <tmdals179@gmail.com>
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
Thanks to Pedro Arthur Duarte (pedroarthur.jedi at gmail.com) for help with this bug.
(cherry picked from commit f7455864f2)
Co-authored-by: Adorilson Bezerra <adorilson@gmail.com>
Doc/library/xml.rst: Document CVE-2023-52425 under "XML vulnerabilities"
(cherry picked from commit fbd40ce46e)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
Docs: Add explanation about little/big endian (GH-109841)
(cherry picked from commit 177b9cb52e)
Co-authored-by: Simon A. Eugster <simon.eu@gmail.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Co-authored-by: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
* [3.12] gh-115572: Move `codeobject.replace()` docs to the data model (GH-115631)
(cherry picked from commit 0c80da4c14)
Co-authored-by: Daler <48939169+daler-sz@users.noreply.github.com>
* Remove note about copy.replace
---------
Co-authored-by: Daler <48939169+daler-sz@users.noreply.github.com>
Update documentation for re library to explain that a backreference `\g<0>` is
expanded to the entire string when using Match.expand().
Note that numeric backreferences to group 0 (`\0`) are not supported.
(cherry picked from commit d2d7808853)
Co-authored-by: Stevoisiak <S.Vascellaro@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Since 2f3941d743 this function returns the
response string, rather than nothing.
(cherry picked from commit e88ebc1c40)
Co-authored-by: Matthew Hughes <34972397+matthewhughes934@users.noreply.github.com>
docs: Add glossary term references to shutil docs (GH-115559)
Add glossary term references to shutil docs
(cherry picked from commit 318f2190bc)
Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
Don't repeatedly say that keys and values are coerced into bytes.
(cherry picked from commit 81e140d10b)
Co-authored-by: Erlend E. Aasland <erlend@python.org>
gh-115403: Remove extra colon after "Examples" in datetime documentation (GH-115452)
(cherry picked from commit 6755c4e0c8)
Co-authored-by: Stanislav Lyu <wallseat@gmail.com>
ftplib docs: `timeout` doesn't have to be a whole number (GH-115443)
(cherry picked from commit 3fd2ad8241)
Co-authored-by: Alex Waygood <Alex.Waygood@Gmail.com>
