Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Include
History
Sebastian Pipping 6a95676bb5
gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 .

### Notes

- Please treat as a security fix related to CVE-2023-52425.

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
 		2024-02-29 14:52:50 -08:00
..
cpython GH-115802: JIT "small" code for Windows (GH-115964) 2024-02-29 08:11:28 -08:00
internal gh-115685: Type/values propagate for TO_BOOL in tier 2 (GH-115686) 2024-03-01 06:13:38 +08:00
Python.h gh-110850: Add PyTime_t C API (GH-115215) 2024-02-12 18:13:10 +01:00
README.rst
abstract.h gh-108511: Add C API functions which do not silently ignore errors (GH-109025) 2023-09-17 14:23:31 +03:00
bltinmodule.h
boolobject.h gh-106560: Fix redundant declarations in Include/ (#112611) 2023-12-03 12:16:31 +01:00
bytearrayobject.h
bytesobject.h
ceval.h
codecs.h
compile.h gh-109596: Ensure repeated rules in the grammar are not allowed and fix incorrect soft keywords (#109606) 2023-09-22 19:03:23 +01:00
complexobject.h
datetime.h
descrobject.h
dictobject.h
dynamic_annotations.h
enumobject.h
errcode.h gh-107450: Check for overflow in the tokenizer and fix overflow test (#110832) 2023-10-16 16:42:49 +02:00
exports.h
fileobject.h
fileutils.h
floatobject.h
frameobject.h
genericaliasobject.h
import.h
interpreteridobject.h
intrcheck.h
iterobject.h
listobject.h gh-114329: Add `PyList_GetItemRef` function (GH-114504) 2024-02-02 14:03:15 +01:00
longobject.h gh-106560: Fix redundant declarations in Include/ (#112611) 2023-12-03 12:16:31 +01:00
marshal.h
memoryobject.h
methodobject.h gh-114626: Add again _PyCFunctionFastWithKeywords name (GH-115561) 2024-02-19 13:20:46 +01:00
modsupport.h gh-65210: Add const qualifiers in PyArg_VaParseTupleAndKeywords() (GH-105958) 2023-12-04 13:14:56 +02:00
moduleobject.h gh-111698: Restrict Py_mod_multiple_interpreters to 3.12+ Under Py_LIMITED_API (gh-111707) 2023-11-06 09:34:57 -07:00
object.h gh-112529: Remove PyGC_Head from object pre-header in free-threaded build (#114564) 2024-02-01 12:29:19 -08:00
objimpl.h gh-102013: Move PyUnstable_GC_VisitObjects() to Include/cpython/objimpl.h (#115560) 2024-02-16 15:49:13 +01:00
opcode.h
opcode_ids.h GH-111485: Generate instruction and uop metadata (GH-113287) 2023-12-20 14:27:25 +00:00
osdefs.h
osmodule.h
patchlevel.h Post 3.13.0a4 2024-02-15 21:52:49 +01:00
py_curses.h
pyatomic.h gh-108724: Add PyMutex and _PyParkingLot APIs (gh-109344) 2023-09-19 09:54:29 -06:00
pybuffer.h
pycapsule.h
pydtrace.d
pydtrace.h
pyerrors.h gh-113744: Add a new IncompleteInputError exception to improve incomplete input detection in the codeop module (#113745) 2024-01-30 16:21:30 +00:00
pyexpat.h gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) 2024-02-29 14:52:50 -08:00
pyframe.h
pyhash.h gh-111545: Add Include/cpython/pyhash.h header file (#112063) 2023-11-15 01:19:20 +01:00
pylifecycle.h gh-110397: Add Py_IsFinalizing() to the stable ABI (#110441) 2023-10-07 17:59:16 +02:00
pymacconfig.h gh-110820: Make sure processor specific defines are correct for Universal 2 build on macOS (#112828) 2023-12-08 10:09:34 +01:00
pymacro.h gh-111964: Implement stop-the-world pauses (gh-112471) 2024-01-23 11:08:23 -07:00
pymath.h
pymem.h gh-85283: Add PyMem_RawMalloc() to the limited C API (#108570) 2023-10-17 02:41:51 +02:00
pyport.h gh-112536: Add support for thread sanitizer (TSAN) (gh-112648) 2023-12-30 17:17:02 +09:00
pystate.h gh-108867: Add PyThreadState_GetUnchecked() function (#108870) 2023-10-03 16:53:51 +00:00
pystats.h
pystrcmp.h
pystrtod.h
pythonrun.h
pythread.h gh-81925: Implement native thread ids for kFreeBSD (#111761) 2023-11-09 21:02:30 +01:00
pytypedefs.h
rangeobject.h
setobject.h
sliceobject.h
structmember.h
structseq.h
sysmodule.h gh-109587: Allow "precompiled" perf-trampolines to largely mitigate the cost of enabling perf-trampolines (#109666) 2023-10-27 03:57:29 +00:00
traceback.h
tupleobject.h
typeslots.h
unicodeobject.h gh-111089: Revert PyUnicode_AsUTF8() changes (#111833) 2023-11-07 22:36:13 +00:00
warnings.h
weakrefobject.h

README.rst 

The Python C API
================

The C API is divided into these sections:

1. ``Include/``: Limited API
2. ``Include/cpython/``: CPython implementation details
3. ``Include/cpython/``, names with the ``PyUnstable_`` prefix: API that can
   change between minor releases
4. ``Include/internal/``, and any name with ``_`` prefix: The internal API

Information on changing the C API is available `in the developer guide`_

.. _in the developer guide: https://devguide.python.org/c-api/