mirror of
https://github.com/python/cpython.git
synced 2024-11-27 20:04:41 +08:00
6a95676bb5
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . ### Notes - Please treat as a security fix related to CVE-2023-52425. Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. |
||
---|---|---|
.. | ||
ascii.h | ||
asciitab.h | ||
COPYING | ||
expat_config.h | ||
expat_external.h | ||
expat.h | ||
iasciitab.h | ||
internal.h | ||
latin1tab.h | ||
nametab.h | ||
pyexpatns.h | ||
siphash.h | ||
utf8tab.h | ||
winconfig.h | ||
xmlparse.c | ||
xmlrole.c | ||
xmlrole.h | ||
xmltok_impl.c | ||
xmltok_impl.h | ||
xmltok_ns.c | ||
xmltok.c | ||
xmltok.h |