Commit Graph

69 Commits

Author SHA1 Message Date
Seth Michael Larson c9829eec08
gh-116741: Upgrade libexpat to 2.6.2 (#117296)
Upgrade libexpat to 2.6.2
2024-04-22 18:15:08 -07:00
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
2024-02-29 14:52:50 -08:00
Seth Michael Larson 4b2d1786cc
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
Shaun Walbridge 3e07f827b3
gh-98739: Update libexpat from 2.4.9 to 2.5.0 (#98742)
* Update libexpat from 2.4.9 to 2.5.0 to address CVE-2022-43680.

Co-authored-by: Shaun Walbridge <shaun.walbridge@gmail.com>
2022-10-27 13:45:12 -07:00
Dong-hee Na 10e3d398c3
gh-97005: Update libexpat from 2.4.7 to 2.4.9 (gh-97006)
Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
2022-09-22 21:25:05 +09:00
Steve Dower 176835c3d5
bpo-46932: Update bundled libexpat to 2.4.7 (GH-31736) 2022-03-07 21:46:18 +00:00
Dong-hee Na 1935e1cc28
bpo-46794: Bump up the libexpat version into 2.4.6 (GH-31487) 2022-02-23 10:40:30 +09:00
Yilei "Dolee" Yang 6312c1052c
bpo-46784: Add newly exported expat symbols to the namespace. (GH-31397)
The libexpat 2.4.1 upgrade from  introduced the following new exported symbols:

* `testingAccountingGetCountBytesDirect`
* `testingAccountingGetCountBytesIndirect`
* `unsignedCharToPrintable`
* `XML_SetBillionLaughsAttackProtectionActivationThreshold`
* `XML_SetBillionLaughsAttackProtectionMaximumAmplification`

We need to adjust [Modules/expat/pyexpatns.h](https://github.com/python/cpython/blob/master/Modules/expat/pyexpatns.h)

(The newer libexpat upgrade  has no new symbols).

Automerge-Triggered-By: GH:gpshead
2022-02-18 14:33:06 -08:00
Cyril Jouve 8aaaf7e182
bpo-46400: Update libexpat from 2.4.1 to 2.4.4 (GH-31022) 2022-02-13 00:29:41 +09:00
Christian Heimes ec93721e00
bpo-45570: Simplify setup macros for pyexpat (GH-29159)
* ``HAVE_EXPAT_CONFIG_H`` is not used by our code and not used by
  system-wide expat header files
* ``USE_PYEXPAT_CAPI`` is no longer used by our code
* ``XML_POOR_ENTROPY`` should be defined in expat_config.h

Signed-off-by: Christian Heimes <christian@python.org>
2021-10-22 09:28:23 -07:00
Dong-hee Na d413c50363
no-issue: Make silence about warning '_POSIX_C_SOURCE redefined' (GH-28948) 2021-10-15 00:59:56 +09:00
Christian Clauss dd02a696e5
Fix typos in the Modules directory (GH-28761) 2021-10-07 01:34:42 -07:00
Victor Stinner 3fc5d84046
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
is most used on Windows and macOS.

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
2021-08-29 16:08:24 +02:00
Pablo Galindo be93f81e58
Fix compiler warning in the xml module (GH-26245)
The newest version of gcc complains about passing un-initialized arrays
as constant pointers:

```
/Modules/expat/xmltok_ns.c: In function ‘findEncodingNS’:
/Modules/expat/xmltok.h:272:10: warning: ‘buf’ may be used uninitialized [-Wmaybe-uninitialized]
  272 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Modules/expat/xmltok_ns.c:95:3: note: in expansion of macro ‘XmlUtf8Convert’
   95 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
/Modules/expat/xmltok.h:272:10: note: by argument 5 of type ‘const char *’ to ‘enum XML_Convert_Result(const ENCODING *, const char **, const char *, char **, const char *)’ {aka ‘enum XML_Convert_Result(const struct encoding *, const char **, const char *, char **, const char *)’}
  272 |   (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
      |   ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Modules/expat/xmltok_ns.c:95:3: note: in expansion of macro ‘XmlUtf8Convert’
   95 |   XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
      |   ^~~~~~~~~~~~~~
In file included from /Modules/expat/xmltok.c:1657:
/Modules/expat/xmltok_ns.c:92:8: note: ‘buf’ declared here
   92 |   char buf[ENCODING_MAX];

```
2021-05-19 19:05:40 +01:00
Pablo Galindo 8177404d52
bpo-37731: Reorder includes in xmltok.c to avoid redefinition of _POSIX_C_SOURCE (GH-16733) 2019-10-12 20:14:11 +01:00
Benjamin Peterson 52b9408038
closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346)
Fixes CVE-2019-15903. See full changelog at https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes.
2019-09-25 21:33:58 -07:00
Min ho Kim 39d87b5471 Fix typos mostly in comments, docs and test names (GH-15209) 2019-08-30 16:21:19 -04:00
Min ho Kim c4cacc8c5e Fix typos in comments, docs and test names (#15018)
* Fix typos in comments, docs and test names

* Update test_pyparse.py

account for change in string length

* Apply suggestion: splitable -> splittable

Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu>

* Apply suggestion: splitable -> splittable

Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu>

* Apply suggestion: Dealloccte -> Deallocate

Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu>

* Update posixmodule checksum.

* Reverse idlelib changes.
2019-07-30 18:16:13 -04:00
Benjamin Peterson 2cd07920bb
Put pyexpatns.h include back. bpo-37437 (GH-14539) 2019-07-01 22:07:44 -07:00
Benjamin Peterson 3b03b09fc9
closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436) 2019-06-27 20:54:44 -07:00
Victor Stinner b6ef6f69a9
bpo-31374: expat doesn't include <pyconfig.h> on Windows (GH-11079) 2018-12-10 16:06:18 +01:00
Victor Stinner cf247359d5
bpo-31374: Include pyconfig.h earlier in expat (GH-11064)
Include <pyconfig.h> ealier in Modules/expat/xmltok.c to define
properly _POSIX_C_SOURCE. Python defines _POSIX_C_SOURCE as 200809L,
whereas <features.h> (included indirectly by <string.h>) defines
_POSIX_C_SOURCE as 199506L.
2018-12-10 11:30:21 +01:00
Gregory P. Smith 9d4712bc8f
bpo-35011: Restore use of pyexpatns.h in libexpat (GH-9939)
Restores the use of pyexpatns.h to isolate our embedded copy of the expat C
library so that its symbols do not conflict at link or dynamic loading time
with an embedding application or other extension modules with their own
version of libexpat.

5dc3f23b5f (diff-3afaf7274c90ce1b7405f75ad825f545) inadvertently removed it when upgrading expat.
2018-10-17 18:10:46 -07:00
Benjamin Peterson 5033aa77aa
bpo-34625: Update vendorized expat version to 2.2.6. (GH-9150) 2018-09-10 21:04:00 -07:00
Benjamin Peterson 4e21100fa7
bpo-33956: update vendored expat to 2.2.5 (GH-7925) 2018-06-26 19:25:45 -07:00
luzpaz a5293b4ff2 Fix miscellaneous typos (#4275) 2017-11-05 15:37:50 +02:00
Benjamin Peterson b1d1c422cc remove configure check for memmove (#3716)
Python requires C implementations provide memmove, so we shouldn't need to check for it. The only place using this configure check was expat, where we can simply always define HAVE_MEMMOVE.
2017-09-24 12:08:40 -07:00
Serhiy Storchaka 13ad3b7a82 bpo-31462: Remove trailing whitespaces. (#3564) 2017-09-14 09:38:36 +03:00
Victor Stinner 759e30ec47 bpo-31170: Update libexpat from 2.2.3 to 2.2.4 (#3315)
* bpo-31170: Update libexpat from 2.2.3 to 2.2.4

Fix copying of partial characters for UTF-8 input (libexpat bug 115):
https://github.com/libexpat/libexpat/issues/115

* Add NEWS entry.
2017-09-05 01:58:08 +02:00
Victor Stinner 93d0cb58b4 bpo-30947: Update libexpat from 2.2.1 to 2.2.3 (#3106)
* bpo-30947: Update libexpat from 2.2.1 to 2.2.3

* Add NEWS entry

* Add new loadlibrary.c

* expat_external.h: restore include "pyexpatns.h"

* PCbuild: add expat/loadlibrary.c

* Define XML_POOR_ENTROPY to compile expat
2017-08-18 23:43:54 +02:00
Segev Finer f52325598e Avoid _GNU_SOURCE redefined warning in xmlparse.c (#2670) 2017-07-11 21:47:03 +02:00
Victor Stinner 8f525882fa bpo-30726: expat: Fix compiler warnings on Windows 64-bit (#2368)
Explicitly cast on integer downcasting to fix compiler warnings.

(cherry picked from libexpat commit 788bff7a3baad1983b15b17c29e19e1a1a795c48)
2017-06-24 01:08:56 +02:00
Victor Stinner 5ff7132313 bpo-30694: Upgrade Modules/expat/ to libexpat 2.2.1 (#2300)
New file: Modules/expat/siphash.h.
2017-06-21 14:39:22 +02:00
Victor Stinner 23ec4b57e1 bpo-29591: Upgrade Modules/expat to libexpat 2.2 (#2164)
* bpo-29591: Upgrade Modules/expat to libexpat 2.2

* bpo-29591: Restore Python changes on expat

* bpo-29591: Remove expat config of unsupported platforms

Remove the configuration (Modules/expat/*config.h) of unsupported
platforms:

* Amiga
* MacOS Classic on PPC32
* Open Watcom

* bpo-29591: Remove useless XML_HAS_SET_HASH_SALT

The XML_HAS_SET_HASH_SALT define of Modules/expat/expat.h became
useless since our local expat copy was upgrade to expat 2.1 (it's now
expat 2.2.0).
2017-06-15 00:54:36 +02:00
Benjamin Peterson 8ac46c972f revert expat changes 2016-09-19 22:20:13 -07:00
Benjamin Peterson e2e792d98f merge 3.5 (#28184) 2016-09-19 22:17:16 -07:00
Benjamin Peterson 06d49bb895 sync ordering of stddef.h includes with expat 2.1.1 2016-06-13 23:41:19 -07:00
Benjamin Peterson 196d7db395 upgrade expt to 2.1.1 (closes #26556) 2016-06-11 13:28:56 -07:00
Martin Panter 7462b64911 Issue #25523: Correct "a" article to "an" article
This changes the main documentation, doc strings, source code comments, and a
couple error messages in the test suite. In some cases the word was removed
or edited some other way to fix the grammar.
2015-11-02 03:37:02 +00:00
Benjamin Peterson e9e8907647 merge 3.3 (#19186) 2014-02-04 10:12:18 -05:00
Benjamin Peterson 091d017ab1 restore namespacing of pyexpat symbols (closes #19186) 2014-02-04 10:10:55 -05:00
Christian Heimes aa15276ee9 Load expat_config.h and therefore pyconfig.h before C stdlib headers are loaded.
This silences the pre-processor warning '_POSIX_C_SOURCE redefined'.
2013-12-06 23:43:50 +01:00
Terry Jan Reedy 0158af38b7 Issue #17047: remove doubled words found in 2.7 to 3.4 Modules/*,
as reported by Serhiy Storchaka and Matthew Barnett.
2013-03-11 17:42:46 -04:00
Gregory P. Smith 64359d203e Update the embedded copy of the expat XML parser to 2.1.0. It brings
with it a vareity of bug fixes, both security and behavior.  See
http://www.libexpat.org/ for the list.

NOTE: I already backported the expat hash randomization fix in March.

Fixes issue #14340.
2012-07-14 14:12:35 -07:00
Gregory P. Smith 2522771e47 Fixes Issue 14234: fix for the previous commit, keep compilation when
using --with-system-expat working when the system expat does not have
salted hash support.
2012-03-14 18:10:37 -07:00
Gregory P. Smith 8e91cf6a5e Fixes issue #14234: CVE-2012-0876: Randomize hashes of xml attributes
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 14:26:55 -07:00
Matthias Klose 167c3bc3c1 Merged revisions 84743 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84743 | matthias.klose | 2010-09-12 18:31:58 +0200 (So, 12 Sep 2010) | 3 lines

  - Issue #9817: Add expat COPYING file; add expat, libffi and expat licenses
    to Doc/license.rst.
........
2010-09-12 16:50:20 +00:00
Matthias Klose 865e33bb3d Merged revisions 77682 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r77682 | matthias.klose | 2010-01-22 02:10:19 +0100 (Fr, 22 Jan 2010) | 10 lines

  Merged revisions 77680 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r77680 | matthias.klose | 2010-01-22 01:39:04 +0100 (Fr, 22 Jan 2010) | 3 lines

    - Expat: Fix DoS via XML document with malformed UTF-8 sequences
      (CVE_2009_3560).
  ........
................
2010-01-22 01:13:15 +00:00
Brett Cannon 0c8110734a Backport of r74435. Not merged/blocked w/ svnmerge.py as the tool is erroring out on me. 2009-08-13 19:59:04 +00:00
Skip Montanaro eb33e5ae79 Remove support for BeOS 2007-08-17 12:57:41 +00:00