Commit Graph

15 Commits

Author SHA1 Message Date
Gregory P. Smith c8ff46032f Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes
in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.
2012-03-14 15:28:10 -07:00
Matthias Klose 0d948ac90c - Expat: Fix DoS via XML document with malformed UTF-8 sequences
(CVE_2009_3560).
2010-01-22 00:39:04 +00:00
Neal Norwitz 26a8abf1f4 Handle failures from lookup.
Klocwork 341-342
2006-08-13 18:12:26 +00:00
Fred Drake 24a0f41d83 - back out Expat change; the final fix to Expat will be different
- change the pyexpat wrapper to not be so sensitive to this detail of the
  Expat implementation (the ex-crasher test still passes)
2006-07-06 05:13:22 +00:00
Fred Drake 6ffe499397 SF bug #1296433 (Expat bug #1515266): Unchecked calls to character data
handler would cause a segfault.  This merges in Expat's lib/xmlparse.c
revisions 1.154 and 1.155, which fix this and a closely related problem
(the later does not affect Python).

Moved the crasher test to the tests for xml.parsers.expat.
2006-07-01 16:28:20 +00:00
Trent Mick f08d663a2f Upgrade pyexpat to expat 2.0.0 (http://python.org/sf/1462338). 2006-06-19 23:21:25 +00:00
Neal Norwitz 9652baaf44 Fix breakage from patch 1471883 (r45800 & r45808) on OSF/1.
The problem was that pyconfig.h was being included before some system headers
which caused redefinitions and other breakage.  This moves system headers
after expat_config.h which includes pyconfig.h.
2006-05-02 07:27:47 +00:00
Neal Norwitz 52ca0dd712 Fix icc warnings: using wrong enum type 2006-01-07 21:21:16 +00:00
Fred Drake 31d485c0f5 update to Expat 1.95.8 2004-08-03 07:06:22 +00:00
Fred Drake 08317aefef Update to Expat 1.95.7; there are no changes to the Expat sources. 2003-10-21 15:38:55 +00:00
Fred Drake 4faea015f7 Update to the final version released as Expat 1.95.6 (maintaining
Martin's integration changes).
2003-01-28 06:42:40 +00:00
Martin v. Löwis c35d199404 Undo inclusion of Python.h. Remove HAVE_MEMCPY section.
Update Windows command line.
2003-01-26 08:40:50 +00:00
Martin v. Löwis fc03a94aac Incorporate Expat 1.95.6. 2003-01-25 22:41:29 +00:00
Martin v. Löwis 481f68aaa6 Disable usage of Expat's config.h. 2002-02-11 23:16:32 +00:00
Martin v. Löwis 1dbb1caf86 Initial revision 2002-02-11 23:13:04 +00:00