summaryrefslogtreecommitdiffstats
path: root/Include
Commit message (Collapse)AuthorAgeFilesLines
* Python 3.10.19v3.10.19Pablo Galindo2025-10-091-2/+2
|
* Post 3.10.18Pablo Galindo2025-06-031-1/+1
|
* Python 3.10.18v3.10.18Pablo Galindo2025-06-031-2/+2
|
* [3.10] gh-133767: Fix use-after-free in the unicode-escape decoder with an ↵Serhiy Storchaka2025-06-022-0/+17
| | | | | | | | | | | | | | | | | | | | error handler (GH-129648) (GH-133944) (GH-134345) If the error handler is used, a new bytes object is created to set as the object attribute of UnicodeDecodeError, and that bytes object then replaces the original data. A pointer to the decoded data will became invalid after destroying that temporary bytes object. So we need other way to return the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). _PyBytes_DecodeEscape() does not have such issue, because it does not use the error handlers registry, but it should be changed for compatibility with _PyUnicode_DecodeUnicodeEscapeInternal(). (cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) (cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) (cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) (cherry picked from commit 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Post 3.10.17Pablo Galindo2025-04-081-1/+1
|
* Python 3.10.17v3.10.17Pablo Galindo2025-04-081-2/+2
|
* Post 3.10.16Pablo Galindo2024-12-031-1/+1
|
* Python 3.10.16v3.10.16Pablo Galindo2024-12-031-2/+2
|
* Post 3.10.15Pablo Galindo2024-09-071-1/+1
|
* Python 3.10.15v3.10.15Pablo Galindo2024-09-071-2/+2
|
* Post 3.10.14Łukasz Langa2024-03-191-1/+1
|
* Python 3.10.14v3.10.14Łukasz Langa2024-03-191-2/+2
|
* [3.10] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) ↵Sebastian Pipping2024-03-061-1/+3
| | | | | | | | | | | | | | | | | | (GH-115623) (GH-116270) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>
* Post 3.10.13Pablo Galindo2023-08-241-1/+1
|
* Python 3.10.13v3.10.13Pablo Galindo2023-08-241-2/+2
|
* Post 3.10.12Pablo Galindo2023-06-061-1/+1
|
* Python 3.10.12v3.10.12Pablo Galindo2023-06-061-2/+2
|
* Post 3.10.11Pablo Galindo2023-04-051-1/+1
|
* Python 3.10.11v3.10.11Pablo Galindo2023-04-041-2/+2
|
* Post 3.10.10Pablo Galindo2023-02-081-1/+1
|
* Python 3.10.10v3.10.10Pablo Galindo2023-02-071-2/+2
|
* Post 3.10.9Pablo Galindo2022-12-061-1/+1
|
* Python 3.10.9v3.10.9Pablo Galindo2022-12-061-2/+2
|
* Post 3.10.8Pablo Galindo2022-10-111-1/+1
|
* Python 3.10.8v3.10.8Pablo Galindo2022-10-111-2/+2
|
* gh-96959: Update HTTP links which are redirected to HTTPS (GH-96961)Miss Islington (bot)2022-09-251-2/+2
| | | | | (cherry picked from commit db39050396a104c73d0da473a2f00a62f9dfdfaa) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Post 3.10.7Pablo Galindo2022-09-061-1/+1
|
* Python 3.10.7v3.10.7Pablo Galindo2022-09-051-2/+2
|
* [3.10] gh-95778: Correctly pre-check for int-to-str conversion (GH-96537) ↵Gregory P. Smith2022-09-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#96563) Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =) The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact. The justification for the current check. The C code check is: ```c max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10 ``` In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is: $$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$ From this it follows that $$\frac{M}{3L} < \frac{s-1}{10}$$ hence that $$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$ So $$2^{L(s-1)} > 10^M.$$ But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check. <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> (cherry picked from commit b126196838bbaf5f4d35120e0e6bcde435b0b480) Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
* [3.10] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96501)Gregory P. Smith2022-09-023-0/+39
| | | | | | | | | | | | | | | | | Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds. This PR comes fresh from a pile of work done in our private PSRT security response team repo. This backports https://github.com/python/cpython/pull/96499 aka 511ca9452033ef95bc7d7fc404b8161068226002 Signed-off-by: Christian Heimes [Red Hat] <christian@python.org> Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org> Reviews via the private PSRT repo via many others (see the NEWS entry in the PR). <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
* Fix typo in internal/pycore_atomic.h (GH-95939)Miss Islington (bot)2022-08-131-1/+1
| | | | | (cherry picked from commit 8281cbddc6f0fbc94f0c21cacfac79a2d4057a4b) Co-authored-by: fluesvamp <105884371+fluesvamp@users.noreply.github.com>
* Post 3.10.6Pablo Galindo2022-08-021-1/+1
|
* Python 3.10.6v3.10.6Pablo Galindo2022-08-011-2/+2
|
* [3.11] gh-93741: Add private C API _PyImport_GetModuleAttrString() ↵Miss Islington (bot)2022-06-161-0/+3
| | | | | | | | | | | | (GH-93742) (GH-93792) It combines PyImport_ImportModule() and PyObject_GetAttrString() and saves 4-6 lines of code on every use. Add also _PyImport_GetModuleAttr() which takes Python strings as arguments. (cherry picked from commit 6fd4c8ec7740523bb81191c013118d9d6959bc9d) (cherry picked from commit d42b3689f4a14694f5b1ff75c155141102aa2557) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Post 3.10.5Pablo Galindo2022-06-061-1/+1
|
* Python 3.10.5v3.10.5Pablo Galindo2022-06-061-2/+2
|
* gh-93065: Fix HAMT to iterate correctly over 7-level deep trees (GH-93066) ↵Miss Islington (bot)2022-05-241-1/+13
| | | | | | | | | | | | (GH-93146) Also while there, clarify a few things about why we reduce the hash to 32 bits. Co-authored-by: Eli Libman <eli@hyro.ai> Co-authored-by: Yury Selivanov <yury@edgedb.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit c1f5c903a7e4ed27190488f4e33b00d3c3d952e5)
* Post 3.10.4Pablo Galindo2022-03-241-1/+1
|
* Python 3.10.4v3.10.4Pablo Galindo2022-03-231-2/+2
|
* Post 3.10.3Pablo Galindo2022-03-161-1/+1
|
* Python 3.10.3v3.10.3Pablo Galindo2022-03-161-2/+2
|
* [3.10] bpo-46521: Fix codeop to use a new partial-input mode of the parser ↵Pablo Galindo Salgado2022-02-082-1/+5
| | | | | | | (GH-31010). (GH-31213) (cherry picked from commit 69e10976b2e7682c6d57f4272932ebc19f8e8859) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
* Post 3.10.2Pablo Galindo2022-01-141-1/+1
|
* Python 3.10.2v3.10.2Pablo Galindo2022-01-131-2/+2
|
* [3.10] bpo-46006: Revert "bpo-40521: Per-interpreter interned strings ↵Victor Stinner2022-01-061-9/+3
| | | | | | | | | | | | | | | | | (GH-20085)" (GH-30422) (GH-30425) This reverts commit ea251806b8dffff11b30d2182af1e589caf88acf. Keep "assert(interned == NULL);" in _PyUnicode_Fini(), but only for the main interpreter. Keep _PyUnicode_ClearInterned() changes avoiding the creation of a temporary Python list object. Leave the PyInterpreterState structure unchanged to keep the ABI backward compatibility with Python 3.10.0: rename the "interned" member to "unused_interned". (cherry picked from commit 35d6540c904ef07b8602ff014e520603f84b5886)
* bpo-46042: Improve SyntaxError locations in the symbol table (GH-30059) ↵Miss Islington (bot)2021-12-121-2/+9
| | | | | | | | | (GH-30064) (cherry picked from commit 59435eea08d30796174552c0ca03c59b41adf8a5) Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com> Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
* Post 3.10.1Pablo Galindo2021-12-061-1/+1
|
* Python 3.10.1v3.10.1Pablo Galindo2021-12-061-2/+2
|
* bpo-39026: Fix Python.h when building with Xcode (GH-29488) (GH-29732)Victor Stinner2021-11-252-4/+1
| | | | | | Fix Python.h to build C extensions with Xcode: remove a relative include from Include/cpython/pystate.h. (cherry picked from commit 4ae26b9c1d0c33e3db92c6f305293f9240dea358)
* bpo-45893: Add missing extern C to initconfig.h (GH-29761)Miss Islington (bot)2021-11-241-0/+6
| | | | | | Co-authored-by: Steve Dower <steve.dower@python.org> (cherry picked from commit f4afc53bf68c8ded20b281cd1baa88a679b4a3fd) Co-authored-by: Christian Heimes <christian@python.org>
generated by cgit v0.12 at 2026-01-15 04:21:05 (GMT)