mirror/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-01-27 21:25:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cpython/Modules
History
Sebastian Pipping 0e4cd89781
[3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139527) 
* [3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234)

Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).

The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:

- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.

(cherry picked from commit f04bea44c37793561d753dd4ca6e7cd658137553)
(cherry picked from commit 68a1778b7721f3fb853cd3aa674f7039c2a4df36)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
2025-12-17 15:58:59 +01:00
..
_blake2
gh-116116: Backport blake2 change to fix building with clang-cl on windows-i686 (GH-116117)
2024-03-04 17:22:46 +00:00
_ctypes
[3.12] gh-131181: Assert that PyObject_stgdict isn't NULL for PyCData (#131188)
2025-03-13 15:06:39 +00:00
_decimal
[3.12] gh-114563: C decimal falls back to pydecimal for unsupported format strings (GH-114879) (GH-115353)
2024-02-12 23:31:12 +02:00
_hacl
[3.12] gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237) (GH-117243)
2024-03-26 01:43:24 +00:00
_io
[3.12] gh-131082: Add missing guards for WIN32_LEAN_AND_MEAN (#131044) (#131085)
2025-03-11 11:55:13 +00:00
_multiprocessing
[3.12] gh-111178: fix UBSan failures in Modules/_multiprocessing/semaphore.c (GH-129084) (#129101)
2025-01-20 21:00:09 +00:00
_sqlite
[3.12] gh-129603: Don't segfault if sqlite3.Row description is None (#129604) (#129924)
2025-02-10 00:14:40 +00:00
_sre
[3.12] gh-101955: Fix SystemError in possesive quantifier with alternative and group (GH-111362) (GH-126963)
2024-11-18 12:03:19 +00:00
_ssl
gh-131423: Update to OpenSSL 3.0.16. (GH-131839)
2025-03-28 15:29:20 +00:00
_testcapi
[3.12] gh-130824: Add tests for NULL in PyLong_*AndOverflow functions (GH-130828) (GH-130876)
2025-03-05 13:52:40 +02:00
_xxtestfuzz
[3.12] gh-121023: Improve _xxtestfuzz/README.rst (GH-121024) (#124141)
2024-09-16 20:29:02 +00:00
cjkcodecs
[3.12] gh-115015: Argument Clinic: fix generated code for METH_METHOD methods without params (#115016) (#115067)
2024-02-06 11:20:16 +01:00
clinic
[3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139527)
2025-12-17 15:58:59 +01:00
expat
[3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139527)
2025-12-17 15:58:59 +01:00
_abc.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_asynciomodule.c
[3.12] gh-126405: fix use-after-free in _asyncio.Future.remove_done_callback (GH-126733) (#126737)
2024-11-12 13:04:25 +00:00
_bisectmodule.c
[3.12] gh-126035: add missing whitespace to *Py_EnterRecursiveCall() messages (GH-126036) (#126059)
2024-10-27 22:12:20 +00:00
_bz2module.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_codecsmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_collectionsmodule.c
[3.12] gh-115243: Fix crash in deque.index() when the deque is concurrently modified (GH-115247) (GH-115465)
2024-02-14 17:17:58 +00:00
_contextvarsmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_cryptmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_csv.c
[3.12] gh-129409: Fix Integer overflow - SEGV while writing data more than 2GB in CSV file (GH-129413) (#129437)
2025-01-29 11:32:54 +00:00
_curses_panel.c
[3.12] gh-86493: Fix possible leaks in modules initialization: _curses_panel, _decimal, posix, xxsubtype (GH-106767) (#106849)
2023-07-18 10:03:59 +03:00
_cursesmodule.c
[3.12] gh-130163: Fix crashes related to PySys_GetObject() (GH-130503) (GH-130556) (GH-130576)
2025-02-26 17:20:47 +02:00
_datetimemodule.c
[3.12] gh-89039: Call subclass constructors in datetime.*.replace (GH-114780) (GH-131239)
2025-04-02 20:35:16 +03:00
_dbmmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_elementtree.c
[3.12] gh-126033: fix UAF in xml.etree.ElementTree.Element.remove when concurrent mutations happen (GH-126124) (#131930)
2025-03-31 14:50:13 +02:00
_functoolsmodule.c
[3.12] Align functools.reduce() docstring with PEP-257 (GH-126045) (#126114)
2024-10-29 10:13:52 +01:00
_gdbmmodule.c
[3.12] gh-126742: Add _PyErr_SetLocaleString, use it for gdbm & dlerror messages (GH-126746) (GH-128027)
2024-12-17 14:53:16 +02:00
_hashopenssl.c
[3.12] gh-127667: refactor and improve _hashopenssl.c error branches (#131145) (#131348)
2025-03-18 10:16:26 +01:00
_heapqmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_json.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_localemodule.c
[3.12] gh-126727: Fix locale.nl_langinfo(locale.ERA) (GH-126730) (GH-127098)
2024-11-21 11:44:37 +00:00
_lsprof.c
[3.12] gh-126425: Refactor _lsprof_Profiler_enable (GH-126426) (#126443)
2024-11-05 12:42:33 +00:00
_lzmamodule.c
[3.12] gh-104282: Fix null pointer dereference in lzma._decode_filter_properties (GH-104283) (GH-114181)
2024-01-17 13:31:33 +00:00
_math.h
_opcode.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_operator.c
[3.12] gh-113993: Make interned strings mortal (GH-120520, GH-121364, GH-121903, GH-122303) (#123065)
2024-09-27 13:28:48 -07:00
_pickle.c
[3.12] gh-130163: Fix crashes related to PySys_GetObject() (GH-130503) (GH-130556) (GH-130576)
2025-02-26 17:20:47 +02:00
_posixsubprocess.c
[3.12] gh-113964: Don't prevent new threads until all non-daemon threads exit (GH-116677) (#117029)
2024-03-19 15:22:42 -04:00
_queuemodule.c
[3.12] gh-104812: Run Pending Calls in any Thread (gh-104813) (gh-105752)
2023-06-14 00:50:08 +00:00
_randommodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_scproxy.c
gh-104180: Read SOCKS proxies from macOS System Configuration (#104181)
2023-05-09 10:24:29 +02:00
_ssl_data_31.h
[3.12] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (#105199)
2023-06-01 17:13:35 +00:00
_ssl_data_111.h
[3.12] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (#105199)
2023-06-01 17:13:35 +00:00
_ssl_data_300.h
[3.12] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (#105199)
2023-06-01 17:13:35 +00:00
_ssl_data.h
_ssl.c
gh-131423: Update to OpenSSL 3.0.16. (GH-131839)
2025-03-28 15:29:20 +00:00
_ssl.h
GH-103092: isolate _ssl (#104725)
2023-05-22 06:14:48 +05:30
_stat.c
[3.12] gh-86493: Fix possible leaks in some modules initialization (GH-106768) (GH-106855)
2023-07-18 15:14:10 +03:00
_statisticsmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_struct.c
[3.12] gh-125118: don't copy arbitrary values to _Bool in the struct module (GH-125169) (#125265)
2024-10-10 14:56:49 +00:00
_testbuffer.c
[3.12] gh-114670: Fix _testbuffer module initialization (GH-114672) (#115272)
2024-02-11 10:53:00 +03:00
_testcapi_feature_macros.inc
[3.12] gh-102304: doc: Add links to Stable ABI and Limited C API (#105345) (#105371)
2023-06-06 13:11:28 +00:00
_testcapimodule.c
[3.12] gh-129185: Fix PyTraceMalloc_Untrack() at Python exit (#129191) (#129217) (#129221)
2025-01-23 13:29:46 +00:00
_testclinic.c
[3.12] gh-118814: Fix the TypeVar constructor when name is passed by keyword (GH-122664) (GH-122807)
2024-08-08 09:49:50 +03:00
_testimportmultiple.c
_testinternalcapi.c
[3.12] gh-119213: Be More Careful About _PyArg_Parser.kwtuple Across Interpreters (gh-119331) (gh-119425)
2024-05-22 22:26:58 +00:00
_testmultiphase.c
[3.12] gh-129405: Fix doc for Py_mod_multiple_interpreters default, and add test (GH-129406) (GH-130510)
2025-02-27 16:30:46 +01:00
_testsinglephase.c
[3.12] gh-102251: Explicitly free state for test modules with state in test_import (GH-105085) (#105170)
2023-05-31 21:34:21 +00:00
_threadmodule.c
[3.12] gh-130163: Fix crashes related to PySys_GetObject() (GH-130503) (GH-130556) (GH-130576)
2025-02-26 17:20:47 +02:00
_tkinter.c
[3.12] gh-130163: Fix crashes related to PySys_GetObject() (GH-130503) (GH-130556) (GH-130576)
2025-02-26 17:20:47 +02:00
_tracemalloc.c
[3.12] gh-128679: Fix tracemalloc.stop() race conditions (#128897) (#129022)
2025-01-19 13:24:14 +00:00
_typingmodule.c
gh-104549: Set __module__ on TypeAliasType (#104550)
2023-05-18 15:56:15 -07:00
_uuidmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_weakref.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
_winapi.c
gh-128217: Validate the normalized_environment variable instead of the similarly named function (GH-128220)
2024-12-24 13:25:16 +00:00
_xxinterpchannelsmodule.c
[3.12] gh-76785: Use Pending Calls When Releasing Cross-Interpreter Data (gh-109556) (gh-112288)
2023-11-27 14:49:48 -07:00
_xxsubinterpretersmodule.c
[3.12] gh-105716: Support Background Threads in Subinterpreters Consistently (gh-109921) (gh-110707)
2023-11-27 19:01:05 -07:00
_zoneinfo.c
[3.12] gh-120155: Fix Coverity issue in zoneinfo load_data() (GH-120232) (#120311)
2024-06-10 10:12:25 +00:00
addrinfo.h
arraymodule.c
[3.12] gh-128961: Fix exhausted array iterator crash in __setstate__() (GH-128962) (#128977)
2025-01-18 10:14:07 +00:00
atexitmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
audioop.c
[3.12] gh-46968: Fix invalid reference to Sound eXchange (SoX) 12.17.7 license (#115094)
2024-02-06 18:59:23 +01:00
binascii.c
[3.12] gh-118314: Fix padding edge case in binascii.a2b_base64 strict mode (GH-118320) (GH-118691)
2024-05-07 09:35:49 +00:00
cmathmodule.c
[3.12] gh-86493: Fix possible leaks in some modules initialization (GH-106768) (GH-106855)
2023-07-18 15:14:10 +03:00
config.c.in
errnomodule.c
[3.12] gh-105375: Improve errnomodule error handling (#105590) (#105596)
2023-06-09 20:36:53 +00:00
faulthandler.c
[3.12] gh-130163: Fix crashes related to PySys_GetObject() (GH-130503) (GH-130556) (GH-130576)
2025-02-26 17:20:47 +02:00
fcntlmodule.c
[3.12] Revert "[3.12] gh-69214: Fix fcntl.ioctl() request type (#119498) (#1… (#119905)
2024-06-01 17:08:07 +02:00
gc_weakref.txt
gcmodule.c
[3.12] gh-131740: Update PyUnstable_GC_VisitObjects to traverse perm gen (#131828)
2025-03-28 14:55:58 +01:00
getaddrinfo.c
getbuildinfo.c
getnameinfo.c
getpath_noop.c
getpath.c
[3.12] gh-115136: Fix possible NULL deref in getpath_joinpath() (GH-115137) (GH-115157)
2024-02-08 11:18:38 +02:00
getpath.py
grpmodule.c
[3.12] gh-104432: Use memcpy() to avoid misaligned loads (GH-104433) (#107355)
2023-07-27 13:52:39 -07:00
hashlib.h
[3.12] gh-99108: Release the GIL around hashlib built-in computation (GH-104675) (#104776)
2023-05-23 11:24:02 +00:00
itertoolsmodule.c
[3.12] gh-126618: fix repr(itertools.count(sys.maxsize)) (GH-127048) (#127510)
2024-12-02 15:19:59 +01:00
ld_so_aix.in
main.c
[3.12] gh-126742: Add _PyErr_SetLocaleString, use it for gdbm & dlerror messages (GH-126746) (GH-128027)
2024-12-17 14:53:16 +02:00
makesetup
makexp_aix
mathmodule.c
[3.12] gh-123836: workaround fmod(x, y) bug on Windows (GH-124171) (#124186)
2024-09-17 21:44:52 +02:00
md5module.c
[3.12] gh-131418: remove unused legacy typedefs in {md5,sha1}module.c (GH-131420) (#131619)
2025-03-23 11:39:46 +00:00
mmapmodule.c
gh-81489: Use Unicode APIs for mmap tagname on Windows (GH-14133)
2024-01-11 23:13:02 +00:00
nismodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
ossaudiodev.c
overlapped.c
[3.12] gh-91227: Ignore ERROR_PORT_UNREACHABLE in proactor recvfrom() (GH-32011) (GH-117209)
2024-03-25 12:21:31 +02:00
posixmodule.c
[3.12] gh-129539: Include sysexits.h before checking EX_OK (#129590) (#129609)
2025-02-03 12:00:10 +00:00
posixmodule.h
pwdmodule.c
[3.12] gh-116545: Fix error handling in mkpwent in pwdmodule (GH-116548) (#116593)
2024-03-11 11:55:09 +00:00
pyexpat.c
[3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139527)
2025-12-17 15:58:59 +01:00
readline.c
[3.12] gh-122431: Disallow negative values in readline.append_history_file (GH-122469) (#127642)
2024-12-05 18:15:30 +01:00
README
resource.c
[3.12] gh-89886: Rely on HAVE_SYS_TIME_H (GH-105058) (#105192)
2023-06-01 12:08:37 +00:00
rotatingtree.c
rotatingtree.h
selectmodule.c
[3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013)
2024-07-19 09:08:33 +00:00
Setup
[3.12] gh-99108: Refresh HACL* (GH-104808) (#104893)
2023-05-24 20:55:37 +00:00
Setup.bootstrap.in
gh-103763: Implement PEP 695 (#103764)
2023-05-15 20:36:23 -07:00
Setup.stdlib.in
[3.12] gh-111495: Add more tests on PyEval C APIs (#122789) (#128987) (#129023)
2025-01-19 13:51:53 +00:00
sha1module.c
[3.12] gh-131418: remove unused legacy typedefs in {md5,sha1}module.c (GH-131420) (#131619)
2025-03-23 11:39:46 +00:00
sha2module.c
[3.12] gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237) (GH-117243)
2024-03-26 01:43:24 +00:00
sha3module.c
[3.12] gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237) (GH-117243)
2024-03-26 01:43:24 +00:00
signalmodule.c
[3.12] gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) (GH-122013)
2024-07-19 09:08:33 +00:00
socketmodule.c
[3.12] gh-132075: Fix possible use of sockaddr structures with uninitialized members (GH-132076) (GH-132087)
2025-04-04 14:29:12 +00:00
socketmodule.h
gh-103092: Isolate socket module (#103094)
2023-04-09 06:33:52 +05:30
spwdmodule.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
symtablemodule.c
[3.12] gh-110045: Update symtable module for PEP 695 (GH-110066) (#110070)
2023-09-29 08:10:22 +02:00
syslogmodule.c
[3.12] gh-130163: Fix crashes related to PySys_GetObject() (GH-130503) (GH-130556) (GH-130576)
2025-02-26 17:20:47 +02:00
termios.c
[3.12] gh-114492: Initialize struct termios before calling tcgetattr() (GH-114495) (GH-114502)
2024-01-23 22:02:02 +00:00
timemodule.c
[3.12] gh-52551: Fix encoding issues in strftime() (GH-125193) (GH-125657) (GH-125661)
2024-10-17 20:04:48 +00:00
tkappinit.c
gh-103538: Remove unused TK_AQUA code (GH-103539)
2023-05-10 18:53:13 +00:00
tkinter.h
gh-103532: Remove TKINTER_PROTECT_LOADTK code (GH-103535)
2023-04-14 09:04:16 -05:00
unicodedata_db.h
unicodedata.c
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
2023-05-05 21:11:27 +00:00
unicodename_db.h
winreparse.h
xxlimited_35.c
[3.12] gh-110968: Py_MOD_PER_INTERPRETER_GIL_SUPPORTED was added to 3.12 (#111588)
2023-11-01 18:13:31 +01:00
xxlimited.c
[3.12] gh-110968: Py_MOD_PER_INTERPRETER_GIL_SUPPORTED was added to 3.12 (#111588)
2023-11-01 18:13:31 +01:00
xxmodule.c
[3.12] gh-122040: reword Modules/xxmodule.c module-level comment (GH-132201) (#132208)
2025-04-07 08:19:54 +00:00
xxsubtype.c
[3.12] gh-86493: Fix possible leaks in modules initialization: _curses_panel, _decimal, posix, xxsubtype (GH-106767) (#106849)
2023-07-18 10:03:59 +03:00
zlibmodule.c
[3.12] gh-105967: Work around a macOS bug, limit zlib C library crc32 API calls to 1gig (GH-112615) (#112724)
2023-12-04 20:29:23 +00:00

README 

Source files for standard library extension modules,
and former extension modules that are now builtin modules.