mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Modules/clinic
History
Sebastian Pipping 0a01ed6c2a
[3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248) 
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

- Please treat as a security fix related to CVE-2023-52425.

(cherry picked from commit 6a95676bb5)
(cherry picked from commit 73807eb634)
(cherry picked from commit eda2963378)

---------

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2024-03-06 22:01:45 +00:00
..
_abc.c.h
_asynciomodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_bisectmodule.c.h GH-102833: Mention the key function in the docstrings (GH-103009) 2023-03-25 02:19:20 -05:00
_bz2module.c.h
_codecsmodule.c.h
_collectionsmodule.c.h gh-103092: Isolate _collections (#103093) 2023-04-12 18:21:28 +05:30
_contextvarsmodule.c.h
_cryptmodule.c.h
_csv.c.h
_curses_panel.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_cursesmodule.c.h
_datetimemodule.c.h
_dbmmodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_elementtree.c.h [3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248) 2024-03-06 22:01:45 +00:00
_functoolsmodule.c.h
_gdbmmodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_hashopenssl.c.h
_heapqmodule.c.h
_localemodule.c.h
_lsprof.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_lzmamodule.c.h
_opcode.c.h
_operator.c.h
_pickle.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_posixsubprocess.c.h gh-94518: Port 23-argument _posixsubprocess.fork_exec to Argument Clinic (#94519) 2023-04-24 18:27:48 +00:00
_queuemodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_randommodule.c.h
_ssl.c.h
_statisticsmodule.c.h
_struct.c.h [3.12] gh-112358: Fix Python 3.12 regression with subclassing struct.Struct (GH-112424) (#112426) 2023-11-27 08:25:06 +00:00
_testclinic.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_testinternalcapi.c.h gh-104615: don't make unsafe swaps in apply_static_swaps (#104620) 2023-05-18 21:22:03 +00:00
_testmultiphase.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
_tkinter.c.h
_tracemalloc.c.h
_typingmodule.c.h
_weakref.c.h
_winapi.c.h Use Unicode unconditionally for _winapi.CreateFile (GH-114611) 2024-01-26 17:53:46 +00:00
_zoneinfo.c.h
arraymodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
audioop.c.h
binascii.c.h
cmathmodule.c.h
fcntlmodule.c.h
gcmodule.c.h
grpmodule.c.h
itertoolsmodule.c.h
mathmodule.c.h gh-94906: Support multiple steps in math.nextafter (#103881) 2023-05-19 21:03:49 +01:00
md5module.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
overlapped.c.h
posixmodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
pwdmodule.c.h
pyexpat.c.h [3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248) 2024-03-06 22:01:45 +00:00
readline.c.h
resource.c.h
selectmodule.c.h
sha1module.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
sha2module.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00
sha3module.c.h gh-99108: Replace SHA3 implementation HACL* version (#103597) 2023-05-07 20:50:04 -07:00
signalmodule.c.h
socketmodule.c.h
spwdmodule.c.h
symtablemodule.c.h
syslogmodule.c.h
termios.c.h
unicodedata.c.h
zlibmodule.c.h [3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067) 2024-02-06 11:20:16 +01:00