Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
123,403 Commits 6 Branches 592 Tags 2.8 GiB
Commit Graph

16 Commits

Author SHA1 Message Date
Miss Islington (bot) 9810dfa352
[3.13] gh-123678: Upgrade libexpat 2.6.3 (GH-123689) (GH-123707) 
gh-123678: Upgrade libexpat 2.6.3 (GH-123689)

(cherry picked from commit 40bdb0deee)

Co-authored-by: Seth Michael Larson <seth@python.org>
 2024-09-05 13:37:40 +02:00
Seth Michael Larson c9829eec08
gh-116741: Upgrade libexpat to 2.6.2 (#117296) 
Upgrade libexpat to 2.6.2
 2024-04-22 18:15:08 -07:00
Seth Michael Larson 669ef49c7d
gh-99108: Update and check HACL* version information (GH-117295) 
* Update and check HACL* version information
 2024-03-27 14:56:14 -07:00
Jonathan Protzenko 872e212378
gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237) 
Pulls in a new update from https://github.com/hacl-star/hacl-star and fixes our C "namespacing" done by `Modules/_hacl/refresh.sh`.
 2024-03-26 00:35:26 +00:00
Yuriy Chernyshov 9b9e819b51
gh-116116: Backport blake2 change to fix building with clang-cl on windows-i686 (GH-116117) 2024-03-04 16:59:57 +00:00
Sergey B Kirpichev 002a5948fc
gh-108562: Fix compiler warnings for libmpdec (#114751) 
If awailable, enable -fstrict-overflow for libmpdec. Also
shut off false positive warnings (-Warray-bounds).

The later was backported from mpdecimal-4.0.0.
 2024-03-03 08:25:39 +01:00
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
 2024-02-29 14:52:50 -08:00
Seth Michael Larson 889cc43cb1
gh-112302: Move pip SBOM discovery to release-tools (#115360) 2024-02-14 12:47:15 -07:00
Seth Michael Larson 4b2d1786cc
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
Seth Michael Larson 4bf41879d0
gh-112302: Change 'licenseConcluded' field to 'NOASSERTION' (#115038) 2024-02-06 12:25:58 +02:00
Stéphane Bidoul a4c298c149
gh-114965: Updated bundled pip to 24.0 (gh-114966) 
Updated bundled pip to 24.0
 2024-02-03 17:45:09 +00:00
Seth Michael Larson 582d95e8bb
gh-114250: Fetch metadata for pip and its vendored dependencies from PyPI (#114450) 2024-01-26 09:48:13 +00:00
Seth Michael Larson b221e03010
gh-113257: Automatically generate pip SBOM metadata from wheel (#113295) 
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
 2023-12-20 17:28:20 +00:00
Seth Michael Larson 4658464e9c
gh-113257: Fix SBOM metadata for pip 23.3.2 (#113262) 
Fix SBOM metadata for pip 23.3.2
 2023-12-19 08:34:53 +02:00
Stéphane Bidoul 4a24bf9a13
gh-113246: Updated bundled pip to 23.3.2 (gh-113249) 
Updated bundled pip to 23.3.2
 2023-12-18 10:21:46 +00:00
Seth Michael Larson 21221c398f
gh-112302: Add Software Bill-of-Materials (SBOM) tracking for dependencies (#112303) 2023-12-07 18:01:58 +02:00