Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`
Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .
### Notes
- Please treat as a security fix related to CVE-2023-52425.
Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Carol Willing <carolcode@willingconsulting.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
Introduce a new subsubsection, 'Functions', for module level functions,
and place it before the PrettyPrinter class reference.
Also:
- Fix pprint.pprint() references so they properly link to the module
level function.
- Add links to sys.stdout.
Remove a left-over sentence that refers to Py_OptimizeFlag
Remove a left-over sentence that refers to an example that was present in Python 3.10 and was using ``Py_OptimizeFlag``.
Explain the `full_match()` / `glob()` / `rglob()` pattern language in its own section. Move `rglob()` documentation under `glob()` and reduce duplicated text.
* clean up fcntl module doc
* simplify
* a few changes, based on suggestion by CAM-Gerlach
* nitpick ignore for a couple other C functions mentioned in the fcntl module doc
* more changes, especially related to LOCK_* constants
* :data: back to :const:
* Apply suggestions from code review
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
---------
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Content adapted from https://devguide.python.org/development-tools/gdb/#
and https://wiki.python.org/moin/DebuggingWithGdb.
The original content on the Wiki page came from gdb debug help used by
the Launchpad (https://launchpad.net/) team.
Thanks to Anatoly Techtonik and user `rmf` for substantial improvements to the Wiki page.
The history of the Devguide page follows
(with log entries expanded for major content contributions):
Hugo van Kemenade, Sat Dec 30 21:22:04 2023 +0200
Hugo van Kemenade, Fri Dec 8 12:04:32 2023 +0200
Erlend E. Aasland & Hugo van Kemenade, Tue Aug 8 22:05:34 2023 +0200
Satish Mishra, Sat Feb 11 13:54:57 2023 +0530
Hugo van Kemenade, Fri Dec 23 17:33:33 2022 +0200
Skip Montanaro, Hugo, Erlend, & Ezio, Fri Nov 4 05:04:23 2022 -0500
Add a GDB tips section to Advanced Tools (#977)
Adam Turner, Wed Jun 15 21:19:23 2022 +0100
Adam Turner, Tue Jun 14 11:12:26 2022 +0100
Suriyaa, Fri Jun 8 19:39:23 2018 +0200
Jeff Allen, Tue Oct 24 18:12:53 2017 +0100
Jeff Allen, Fri Oct 13 13:43:43 2017 +0100
Mariatta, Wed Jan 4 09:14:55 2017 -0800
Carol Willing, Mon Sep 26 14:50:54 2016 -0700
Zachary Ware, Thu Jul 21 10:42:23 2016 -0500
Georg Brandl, Mon Nov 3 11:28:19 2014 +0100
Add instruction how to activate python-gdb.py
Georg Brandl, Sun Mar 9 10:32:01 2014 +0100
Georg Brandl, Tue Apr 3 09:12:53 2012 +0200
Georg Brandl, Sat Mar 5 17:32:35 2011 +0100
Dave Malcolm, Fri Jan 21 12:34:09 2011 -0500
Add documentation on the gdb extension commands provided in libpython.py
I adapted this from documentation I wrote for the Fedora wiki:
https://fedoraproject.org/wiki/Features/EasierPythonDebugging#New_gdb_commands
reformatting it as rst, and making other minor changes
Brett Cannon, Thu Jan 20 15:16:52 2011 -0800
Dave Malcolm, Thu Jan 20 16:17:23 2011 -0500
Add some notes on the gdb pretty-printer hooks
Antoine Pitrou, Thu Jan 20 21:17:49 2011 +0100
Give an example backtrace
Antoine Pitrou, Thu Jan 20 21:03:06 2011 +0100
Expand explanations about gdb support
Brett Cannon, Thu Jan 20 11:33:36 2011 -0800
Tweak the gdb support title to fit in better with the devguide.
Brett Cannon, Mon Jan 17 21:12:54 2011 +0000
Short README on gdb support.
Co-authored-by: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Co-authored-by: anatoly techtonik <techtonik@gmail.com>
Co-authored-by: Antoine Pitrou <solipsis@pitrou.net>
Co-authored-by: Brett Cannon <brett@python.org>
Co-authored-by: Carol Willing <carolcode@willingconsulting.com>
Co-authored-by: Dave Malcolm <dmalcolm@redhat.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
Co-authored-by: Georg Brandl <georg@python.org>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Jeff Allen <ja.py@farowl.co.uk>
Co-authored-by: Mariatta <Mariatta@users.noreply.github.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Satish Mishra <7506satish@gmail.com>
Co-authored-by: Skip Montanaro <skip.montanaro@gmail.com>
Co-authored-by: Suriyaa <isc.suriyaa@gmail.com>
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
This expands the examples to cover both realistic use cases for the API.
I noticed thing in the test that could be done better so I added those as well: We need to guarantee that all bytes of the result are overwritten and that too many are not written. Tests now pre-fills the result with data in order to ensure that.
Co-authored-by: Steve Dower <steve.dower@microsoft.com>
Tobias Rautenkranz
Raymond Hettinger
pan324
Kerim Kabirov
Iman Tabrizian
HarryLHW
Hugo van Kemenade
Gouvernathor
AN Long
Serhiy Storchaka
Sebastian Pipping
Shantanu
Carl Bordum Hansen
Erlend E. Aasland
Vinay Sajip
Ethan Furman
Jan Max Meyer
Jelle Zijlstra
Tahoma Software
Phil Elson
Antti Haapala
Terry Jan Reedy
Barney Gale
bssyousefi
Skip Montanaro
Matan Perelman
Laurie O
mauricelambert
Oh seungmin
Adorilson Bezerra
partev
jmcb
Stanley
Pablo Galindo Salgado
NewUserHa
Gregory P. Smith