cpython/Modules/clinic
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
2024-02-29 14:52:50 -08:00
..
_abc.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_asynciomodule.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_bisectmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_bz2module.c.h gh-67565: Remove redundant C-contiguity checks (GH-105521) 2023-10-23 12:54:46 +03:00
_codecsmodule.c.h gh-115026: Argument Clinic: handle PyBuffer_FillInfo errors in generated code (#115027) 2024-02-05 11:45:09 +01:00
_collectionsmodule.c.h gh-112050: Make collections.deque thread-safe in free-threaded builds (#113830) 2024-02-15 09:22:47 +01:00
_contextvarsmodule.c.h gh-107603: Argument Clinic: Only include pycore_gc.h if needed (#108726) 2023-08-31 23:42:34 +02:00
_csv.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_curses_panel.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_cursesmodule.c.h gh-111089: Revert PyUnicode_AsUTF8() changes (#111833) 2023-11-07 22:36:13 +00:00
_datetimemodule.c.h gh-112919: Speed-up datetime, date and time.replace() (GH-112921) 2024-01-30 15:19:46 +00:00
_dbmmodule.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_elementtree.c.h gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 2024-02-29 14:52:50 -08:00
_functoolsmodule.c.h gh-111903: Update AC to support "pycore_critical_section.h" header (gh-112251) 2023-11-19 10:13:58 +09:00
_gdbmmodule.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_hashopenssl.c.h gh-111089: Revert PyUnicode_AsUTF8() changes (#111833) 2023-11-07 22:36:13 +00:00
_heapqmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_localemodule.c.h gh-111089: Revert PyUnicode_AsUTF8() changes (#111833) 2023-11-07 22:36:13 +00:00
_lsprof.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_lzmamodule.c.h gh-67565: Remove redundant C-contiguity checks (GH-105521) 2023-10-23 12:54:46 +03:00
_opcode.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_operator.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_pickle.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_posixsubprocess.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_queuemodule.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_randommodule.c.h gh-112071: Make `_random.Random` methods thread-safe in `--disable-gil` builds (gh-112128) 2023-11-28 03:27:39 +00:00
_ssl.c.h gh-115026: Argument Clinic: handle PyBuffer_FillInfo errors in generated code (#115027) 2024-02-05 11:45:09 +01:00
_statisticsmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_struct.c.h gh-112358: Fix Python 3.12 regression with subclassing struct.Struct. (#112424) 2023-11-26 14:29:52 +00:00
_suggestions.c.h gh-110721: Remove unused code from suggestions.c after moving PyErr_Display to use the traceback module (#113712) 2024-01-08 15:10:45 +00:00
_sysconfig.c.h gh-88402: Add new sysconfig variables on Windows (GH-110049) 2023-10-04 22:50:29 +00:00
_testclinic.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_testclinic_depr.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_testclinic_limited.c.h gh-108494: Argument Clinic: inline parsing code for positional-only parameters in the limited C API (GH-108622) 2023-09-03 17:28:14 +03:00
_testinternalcapi.c.h gh-108082: Remove _PyErr_WriteUnraisableMsg() (GH-111643) 2023-11-03 09:45:53 +02:00
_testmultiphase.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
_tkinter.c.h gh-111089: Revert PyUnicode_AsUTF8() changes (#111833) 2023-11-07 22:36:13 +00:00
_tracemalloc.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
_typingmodule.c.h gh-107603: Argument Clinic: Only include pycore_gc.h if needed (#108726) 2023-08-31 23:42:34 +02:00
_weakref.c.h gh-112213: Update _weakref module to use new AC feature (gh-112250) 2023-11-19 10:43:51 +09:00
_winapi.c.h gh-89240: Enable multiprocessing on Windows to use large process pools (GH-107873) 2024-02-13 00:28:35 +00:00
_zoneinfo.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
arraymodule.c.h gh-114894: add array.array.clear() method (#114919) 2024-02-10 07:59:46 -08:00
binascii.c.h gh-67565: Remove redundant C-contiguity checks (GH-105521) 2023-10-23 12:54:46 +03:00
cmathmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
fcntlmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
gcmodule.c.h gh-112529: Simplify PyObject_GC_IsTracked and PyObject_GC_IsFinalized (#114732) 2024-02-28 15:37:59 -05:00
grpmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
itertoolsmodule.c.h gh-113202: Add a strict option to itertools.batched() (gh-113203) 2023-12-16 09:13:50 -06:00
mathmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
md5module.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
overlapped.c.h gh-67565: Remove redundant C-contiguity checks (GH-105521) 2023-10-23 12:54:46 +03:00
posixmodule.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
pwdmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
pyexpat.c.h gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 2024-02-29 14:52:50 -08:00
readline.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
resource.c.h gh-85283: Build resource extension with limited C API (#110989) 2023-10-17 23:52:58 +02:00
selectmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
sha1module.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
sha2module.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00
sha3module.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
signalmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
socketmodule.c.h socket: Update generated AC code (#111853) 2023-11-08 15:03:29 +00:00
symtablemodule.c.h gh-111089: Revert PyUnicode_AsUTF8() changes (#111833) 2023-11-07 22:36:13 +00:00
syslogmodule.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
termios.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
timemodule.c.h gh-111482: Use Argument Clinic for clock_gettime() (#111641) 2023-11-02 14:29:05 +01:00
unicodedata.c.h gh-110964: Remove private _PyArg functions (#110966) 2023-10-17 14:30:31 +02:00
zlibmodule.c.h gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) 2024-02-05 21:49:17 +01:00