mirror/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-01-28 13:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
cpython/Include
History
Sebastian Pipping fc9da96274
[3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (#116268) 
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from #115138 (comment) .

- Please treat as a security fix related to CVE-2023-52425.

(cherry picked from commit 6a95676)
(cherry picked from commit 73807eb)
(cherry picked from commit eda2963)

---------

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2024-03-06 14:17:02 -08:00
..
cpython
[3.11] gh-86493: Fix possible leaks in some modules initialization (GH-106768) (GH-106855) (GH-106863)
2023-07-19 09:40:38 +03:00
internal
[3.11] gh-106905: Use separate structs to track recursion depth in each PyAST_mod2obj call. (GH-113035) (GH-113472) (GH-113476)
2023-12-25 20:40:33 +00:00
abstract.h
bltinmodule.h
boolobject.h
bpo-45459: C API uses type names rather than structure names (GH-31528)
2022-02-24 17:51:59 +01:00
bytearrayobject.h
bytesobject.h
ceval.h
codecs.h
compile.h
complexobject.h
bpo-35134: Add Include/cpython/complexobject.h header (GH-32383)
2022-04-07 01:05:27 +02:00
datetime.h
descrobject.h
bpo-45459: C API uses type names rather than structure names (GH-31528)
2022-02-24 17:51:59 +01:00
dictobject.h
dynamic_annotations.h
gh-96959: Update HTTP links which are redirected to HTTPS (GH-96961)
2022-09-25 01:20:45 -07:00
enumobject.h
errcode.h
[3.11] gh-107450: Check for overflow in the tokenizer and fix overflow test (GH-110832) (#110939)
2023-10-18 00:34:56 +02:00
exports.h
fileobject.h
fileutils.h
floatobject.h
bpo-46656: Remove Py_NO_NAN macro (GH-31160)
2022-02-25 01:32:57 +01:00
frameobject.h
genericaliasobject.h
import.h
intrcheck.h
iterobject.h
listobject.h
longobject.h
bpo-45459: Add pytypedefs.h header file (GH-31527)
2022-02-24 17:07:12 +01:00
marshal.h
memoryobject.h
bpo-45459: Add Py_buffer to limited API (GH-29991)
2022-02-02 07:03:10 -08:00
methodobject.h
gh-92135: Rename _Py_reinterpret_cast() to _Py_CAST() (#92230)
2022-05-03 16:37:06 +02:00
modsupport.h
[3.11] gh-107226: PyModule_AddObjectRef() should only be in the limited API 3.10 (GH-107227) (GH-107261)
2023-07-25 23:02:06 +03:00
moduleobject.h
gh-91321: Fix PyModuleDef_HEAD_INIT on C++ (#92259)
2022-05-03 22:40:20 +02:00
object.h
[3.11] Revert "[3.11] gh-98724: Fix Py_CLEAR() macro side effects (#99100)" (#99573)
2022-11-21 18:01:10 +01:00
objimpl.h
gh-92135: Rename _Py_reinterpret_cast() to _Py_CAST() (#92230)
2022-05-03 16:37:06 +02:00
opcode.h
gh-91869: Fix tracing of specialized instructions with extended args (GH-91945)
2022-04-27 22:36:34 -06:00
osdefs.h
osmodule.h
patchlevel.h
Post 3.11.8
2024-02-06 23:38:18 +00:00
py_curses.h
pybuffer.h
bpo-45459: Add pytypedefs.h header file (GH-31527)
2022-02-24 17:07:12 +01:00
pycapsule.h
pydtrace.d
pydtrace.h
pyerrors.h
gh-90501: Add PyErr_GetHandledException and PyErr_SetHandledException (GH-30531)
2022-04-15 19:57:47 +01:00
pyexpat.h
[3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (#116268)
2024-03-06 14:17:02 -08:00
pyframe.h
gh-93937, C API: Move PyFrame_GetBack() to Python.h (#93938) (#94000)
2022-06-20 15:47:41 +02:00
pyhash.h
pylifecycle.h
pymacconfig.h
pymacro.h
gh-99069: Consolidate checks for static_assert (GH-94766)
2023-04-05 08:44:13 -07:00
pymath.h
bpo-46656: Remove Py_NO_NAN macro (GH-31160)
2022-02-25 01:32:57 +01:00
pymem.h
pyport.h
[3.11] [3.12] gh-63760: Don't declare gethostname() on Solaris (GH-108817) (GH-108824) (#108832)
2023-09-03 08:53:02 +02:00
pystate.h
bpo-45459: C API uses type names rather than structure names (GH-31528)
2022-02-24 17:51:59 +01:00
pystrcmp.h
pystrtod.h
bpo-45995: add "z" format specifer to coerce negative 0 to zero (GH-30049)
2022-04-11 15:34:18 +01:00
Python.h
bpo-35134: Remove the Include/code.h header file (GH-32385)
2022-04-07 02:29:52 +02:00
pythonrun.h
Docs: Clarify availability of PyOS_CheckStack (GH-91816)
2022-04-22 12:44:43 +02:00
pythread.h
gh-79315: Add Include/cpython/pythread.h header (#91798)
2022-04-21 23:00:42 +02:00
pytypedefs.h
bpo-45459: Fix PyModuleDef_Slot type in the limited C API (GH-31668)
2022-03-03 23:06:55 +01:00
rangeobject.h
README.rst
setobject.h
bpo-35134: Add Include/cpython/setobject.h header (GH-32384)
2022-04-07 01:26:24 +02:00
sliceobject.h
structmember.h
bpo-45459: C API uses type names rather than structure names (GH-31528)
2022-02-24 17:51:59 +01:00
structseq.h
bpo-45459: C API uses type names rather than structure names (GH-31528)
2022-02-24 17:51:59 +01:00
sysmodule.h
gh-88279: Deprecate PySys_SetArgvEx() (#92363)
2022-05-06 05:24:29 +02:00
token.h
traceback.h
tracemalloc.h
tupleobject.h
typeslots.h
bpo-45459: Add Py_buffer to limited API (GH-29991)
2022-02-02 07:03:10 -08:00
unicodeobject.h
bpo-47164: Add _PyASCIIObject_CAST() macro (GH-32191)
2022-03-31 09:59:27 +02:00
warnings.h
weakrefobject.h

README.rst 

The Python C API
================

The C API is divided into three sections:

1. ``Include/``: Limited API
2. ``Include/cpython/``: CPython implementation details
3. ``Include/internal/``: The internal API

Information on changing the C API is available `in the developer guide`_

.. _in the developer guide: https://devguide.python.org/c-api/