From cbfe4d4f8be569ea0d711646e298e70fdbd80986 Mon Sep 17 00:00:00 2001 From: Ezio Melotti Date: Sat, 25 Feb 2012 19:24:24 +0200 Subject: #14114: don't include copybutton.js in the htmlhelp output. --- Doc/tools/sphinxext/layout.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/tools/sphinxext/layout.html b/Doc/tools/sphinxext/layout.html index 8659ef0..d4bb105 100644 --- a/Doc/tools/sphinxext/layout.html +++ b/Doc/tools/sphinxext/layout.html @@ -6,7 +6,7 @@ {% endblock %} {% block extrahead %} - + {% if not embedded %}{% endif %} {{ super() }} {% endblock %} {% block footer %} -- cgit v0.12 From 29b925548c415b8b4d4085de5a353f68bf4062a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Sat, 25 Feb 2012 16:28:05 +0100 Subject: Fix long-standing bugs with MANIFEST.in parsing on Windows (#6884). These regex changes fix a number of issues for distutils on Windows: - #6884: impossible to include a file starting with 'build' - #9691 and #14004: sdist includes too many files - #13193: test_filelist failures This commit replaces the incorrect changes done in 0a94e2f807c7 and 90b30d62caf2 to fix #13193; we were too eager to fix the test failures and I did not study the code enough before greenlighting patches. This time we have unit tests from the problems reported by users to be sure we have the right fix. Thanks to Nadeem Vawda for his help. --- Lib/distutils/filelist.py | 22 +++--- Lib/distutils/tests/test_filelist.py | 130 +++++++++++++++++++++++++++-------- Lib/distutils/tests/test_sdist.py | 27 +++++--- Misc/NEWS | 3 + 4 files changed, 134 insertions(+), 48 deletions(-) diff --git a/Lib/distutils/filelist.py b/Lib/distutils/filelist.py index 9122032..db3f7a9 100644 --- a/Lib/distutils/filelist.py +++ b/Lib/distutils/filelist.py @@ -201,6 +201,7 @@ class FileList: Return True if files are found, False otherwise. """ + # XXX docstring lying about what the special chars are? files_found = False pattern_re = translate_pattern(pattern, anchor, prefix, is_regex) self.debug_print("include_pattern: applying regex r'%s'" % @@ -284,11 +285,14 @@ def glob_to_re(pattern): # IMHO is wrong -- '?' and '*' aren't supposed to match slash in Unix, # and by extension they shouldn't match such "special characters" under # any OS. So change all non-escaped dots in the RE to match any - # character except the special characters. - # XXX currently the "special characters" are just slash -- i.e. this is - # Unix-only. - pattern_re = re.sub(r'((? Date: Sat, 25 Feb 2012 18:30:26 +0100 Subject: 3.2.3rc1 done --- Include/patchlevel.h | 2 +- Misc/NEWS | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/Include/patchlevel.h b/Include/patchlevel.h index 334478d..14ab4df 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -23,7 +23,7 @@ #define PY_RELEASE_SERIAL 1 /* Version as a string */ -#define PY_VERSION "3.2.3rc1" +#define PY_VERSION "3.2.3rc1+" /*--end constants--*/ /* Subversion Revision number of this file (not of the repository). Empty diff --git a/Misc/NEWS b/Misc/NEWS index 329770f..3e63d86 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -2,10 +2,25 @@ Python News +++++++++++ +What's New in Python 3.2.3? +=========================== + +*Release date: XX-XXX-2012* + +Core and Builtins +----------------- + +Library +------- + +- Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils + on Windows. + + What's New in Python 3.2.3 release candidate 1? =============================================== -*Release date: 24-Feb-2011* +*Release date: 24-Feb-2012* Core and Builtins ----------------- @@ -124,9 +139,6 @@ Core and Builtins Library ------- -- Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils - on Windows. - - Issue #8033: sqlite3: Fix 64-bit integer handling in user functions on 32-bit architectures. Initial patch by Philippe Devalkeneer. -- cgit v0.12 From a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9 Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Thu, 15 Mar 2012 08:31:00 +0100 Subject: Transplant from main repo d6c197edd99b: Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes --- Misc/NEWS | 12 +++- Modules/expat/expat.h | 9 +++ Modules/expat/pyexpatns.h | 1 + Modules/expat/xmlparse.c | 177 ++++++++++++++++++++++++++++++---------------- Modules/pyexpat.c | 2 + 5 files changed, 140 insertions(+), 61 deletions(-) diff --git a/Misc/NEWS b/Misc/NEWS index 3e63d86..ae00af7 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -7,12 +7,20 @@ What's New in Python 3.2.3? *Release date: XX-XXX-2012* -Core and Builtins ------------------ + +What's New in Python 3.2.3 release candidate 2? +=============================================== + +*Release date: XX-Mar-2012* Library ------- +- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash + table internal to the pyexpat module's copy of the expat library to avoid a + denial of service due to hash collisions. Patch by David Malcolm with some + modifications by the expat project. + - Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils on Windows. diff --git a/Modules/expat/expat.h b/Modules/expat/expat.h index cf113ee..cffdb8f 100644 --- a/Modules/expat/expat.h +++ b/Modules/expat/expat.h @@ -883,6 +883,15 @@ XMLPARSEAPI(int) XML_SetParamEntityParsing(XML_Parser parser, enum XML_ParamEntityParsing parsing); +/* Sets the hash salt to use for internal hash calculations. + Helps in preventing DoS attacks based on predicting hash + function behavior. This must be called before parsing is started. + Returns 1 if successful, 0 when called after parsing has started. +*/ +XMLPARSEAPI(int) +XML_SetHashSalt(XML_Parser parser, + unsigned long hash_salt); + /* If XML_Parse or XML_ParseBuffer have returned XML_STATUS_ERROR, then XML_GetErrorCode returns information about the error. */ diff --git a/Modules/expat/pyexpatns.h b/Modules/expat/pyexpatns.h index 7fbd341..2f2f4f9 100644 --- a/Modules/expat/pyexpatns.h +++ b/Modules/expat/pyexpatns.h @@ -97,6 +97,7 @@ #define XML_SetEntityDeclHandler PyExpat_XML_SetEntityDeclHandler #define XML_SetExternalEntityRefHandler PyExpat_XML_SetExternalEntityRefHandler #define XML_SetExternalEntityRefHandlerArg PyExpat_XML_SetExternalEntityRefHandlerArg +#define XML_SetHashSalt PyExpat_XML_SetHashSalt #define XML_SetNamespaceDeclHandler PyExpat_XML_SetNamespaceDeclHandler #define XML_SetNotationDeclHandler PyExpat_XML_SetNotationDeclHandler #define XML_SetNotStandaloneHandler PyExpat_XML_SetNotStandaloneHandler diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c index 105958b..46f6507 100644 --- a/Modules/expat/xmlparse.c +++ b/Modules/expat/xmlparse.c @@ -17,6 +17,8 @@ #include #include /* memset(), memcpy() */ #include +#include /* UINT_MAX */ +#include /* time() */ #include "expat.h" @@ -387,12 +389,13 @@ static void dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms); static void dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms); static int -dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms); +dtdCopy(XML_Parser oldParser, + DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms); static int -copyEntityTable(HASH_TABLE *, STRING_POOL *, const HASH_TABLE *); - +copyEntityTable(XML_Parser oldParser, + HASH_TABLE *, STRING_POOL *, const HASH_TABLE *); static NAMED * -lookup(HASH_TABLE *table, KEY name, size_t createSize); +lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize); static void FASTCALL hashTableInit(HASH_TABLE *, const XML_Memory_Handling_Suite *ms); static void FASTCALL hashTableClear(HASH_TABLE *); @@ -425,6 +428,9 @@ static ELEMENT_TYPE * getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr, const char *end); +static unsigned long generate_hash_secret_salt(void); +static XML_Bool startParsing(XML_Parser parser); + static XML_Parser parserCreate(const XML_Char *encodingName, const XML_Memory_Handling_Suite *memsuite, @@ -542,6 +548,7 @@ struct XML_ParserStruct { XML_Bool m_useForeignDTD; enum XML_ParamEntityParsing m_paramEntityParsing; #endif + unsigned long m_hash_secret_salt; }; #define MALLOC(s) (parser->m_mem.malloc_fcn((s))) @@ -649,6 +656,7 @@ struct XML_ParserStruct { #define useForeignDTD (parser->m_useForeignDTD) #define paramEntityParsing (parser->m_paramEntityParsing) #endif /* XML_DTD */ +#define hash_secret_salt (parser->m_hash_secret_salt) XML_Parser XMLCALL XML_ParserCreate(const XML_Char *encodingName) @@ -671,22 +679,36 @@ static const XML_Char implicitContext[] = { 'n', 'a', 'm', 'e', 's', 'p', 'a', 'c', 'e', '\0' }; -XML_Parser XMLCALL -XML_ParserCreate_MM(const XML_Char *encodingName, - const XML_Memory_Handling_Suite *memsuite, - const XML_Char *nameSep) +static unsigned long +generate_hash_secret_salt(void) +{ + unsigned int seed = time(NULL) % UINT_MAX; + srand(seed); + return rand(); +} + +static XML_Bool /* only valid for root parser */ +startParsing(XML_Parser parser) { - XML_Parser parser = parserCreate(encodingName, memsuite, nameSep, NULL); - if (parser != NULL && ns) { + /* hash functions must be initialized before setContext() is called */ + + if (hash_secret_salt == 0) + hash_secret_salt = generate_hash_secret_salt(); + if (ns) { /* implicit context only set for root parser, since child parsers (i.e. external entity parsers) will inherit it */ - if (!setContext(parser, implicitContext)) { - XML_ParserFree(parser); - return NULL; - } + return setContext(parser, implicitContext); } - return parser; + return XML_TRUE; +} + +XML_Parser XMLCALL +XML_ParserCreate_MM(const XML_Char *encodingName, + const XML_Memory_Handling_Suite *memsuite, + const XML_Char *nameSep) +{ + return parserCreate(encodingName, memsuite, nameSep, NULL); } static XML_Parser @@ -860,6 +882,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) useForeignDTD = XML_FALSE; paramEntityParsing = XML_PARAM_ENTITY_PARSING_NEVER; #endif + hash_secret_salt = 0; } /* moves list of bindings to freeBindingList */ @@ -907,7 +930,7 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) poolClear(&temp2Pool); parserInit(parser, encodingName); dtdReset(_dtd, &parser->m_mem); - return setContext(parser, implicitContext); + return XML_TRUE; } enum XML_Status XMLCALL @@ -976,6 +999,12 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, int oldInEntityValue = prologState.inEntityValue; #endif XML_Bool oldns_triplets = ns_triplets; + /* Note that the new parser shares the same hash secret as the old + parser, so that dtdCopy and copyEntityTable can lookup values + from hash tables associated with either parser without us having + to worry which hash secrets each table has. + */ + unsigned long oldhash_secret_salt = hash_secret_salt; #ifdef XML_DTD if (!context) @@ -1029,13 +1058,14 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, externalEntityRefHandlerArg = oldExternalEntityRefHandlerArg; defaultExpandInternalEntities = oldDefaultExpandInternalEntities; ns_triplets = oldns_triplets; + hash_secret_salt = oldhash_secret_salt; parentParser = oldParser; #ifdef XML_DTD paramEntityParsing = oldParamEntityParsing; prologState.inEntityValue = oldInEntityValue; if (context) { #endif /* XML_DTD */ - if (!dtdCopy(_dtd, oldDtd, &parser->m_mem) + if (!dtdCopy(oldParser, _dtd, oldDtd, &parser->m_mem) || !setContext(parser, context)) { XML_ParserFree(parser); return NULL; @@ -1420,6 +1450,17 @@ XML_SetParamEntityParsing(XML_Parser parser, #endif } +int XMLCALL +XML_SetHashSalt(XML_Parser parser, + unsigned long hash_salt) +{ + /* block after XML_Parse()/XML_ParseBuffer() has been called */ + if (ps_parsing == XML_PARSING || ps_parsing == XML_SUSPENDED) + return 0; + hash_secret_salt = hash_salt; + return 1; +} + enum XML_Status XMLCALL XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) { @@ -1430,6 +1471,11 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) case XML_FINISHED: errorCode = XML_ERROR_FINISHED; return XML_STATUS_ERROR; + case XML_INITIALIZED: + if (parentParser == NULL && !startParsing(parser)) { + errorCode = XML_ERROR_NO_MEMORY; + return XML_STATUS_ERROR; + } default: ps_parsing = XML_PARSING; } @@ -1488,11 +1534,13 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) break; case XML_INITIALIZED: case XML_PARSING: - result = XML_STATUS_OK; if (isFinal) { ps_parsing = XML_FINISHED; - return result; + return XML_STATUS_OK; } + /* fall through */ + default: + result = XML_STATUS_OK; } } @@ -1553,6 +1601,11 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) case XML_FINISHED: errorCode = XML_ERROR_FINISHED; return XML_STATUS_ERROR; + case XML_INITIALIZED: + if (parentParser == NULL && !startParsing(parser)) { + errorCode = XML_ERROR_NO_MEMORY; + return XML_STATUS_ERROR; + } default: ps_parsing = XML_PARSING; } @@ -2231,7 +2284,7 @@ doContent(XML_Parser parser, next - enc->minBytesPerChar); if (!name) return XML_ERROR_NO_MEMORY; - entity = (ENTITY *)lookup(&dtd->generalEntities, name, 0); + entity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, 0); poolDiscard(&dtd->pool); /* First, determine if a check for an existing declaration is needed; if yes, check that the entity exists, and that it is internal, @@ -2618,12 +2671,12 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const XML_Char *localPart; /* lookup the element type name */ - elementType = (ELEMENT_TYPE *)lookup(&dtd->elementTypes, tagNamePtr->str,0); + elementType = (ELEMENT_TYPE *)lookup(parser, &dtd->elementTypes, tagNamePtr->str,0); if (!elementType) { const XML_Char *name = poolCopyString(&dtd->pool, tagNamePtr->str); if (!name) return XML_ERROR_NO_MEMORY; - elementType = (ELEMENT_TYPE *)lookup(&dtd->elementTypes, name, + elementType = (ELEMENT_TYPE *)lookup(parser, &dtd->elementTypes, name, sizeof(ELEMENT_TYPE)); if (!elementType) return XML_ERROR_NO_MEMORY; @@ -2792,9 +2845,9 @@ storeAtts(XML_Parser parser, const ENCODING *enc, if (s[-1] == 2) { /* prefixed */ ATTRIBUTE_ID *id; const BINDING *b; - unsigned long uriHash = 0; + unsigned long uriHash = hash_secret_salt; ((XML_Char *)s)[-1] = 0; /* clear flag */ - id = (ATTRIBUTE_ID *)lookup(&dtd->attributeIds, s, 0); + id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, s, 0); if (!id) return XML_ERROR_NO_MEMORY; b = id->prefix->binding; @@ -2818,7 +2871,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, } while (*s++); { /* Check hash table for duplicate of expanded name (uriName). - Derived from code in lookup(HASH_TABLE *table, ...). + Derived from code in lookup(parser, HASH_TABLE *table, ...). */ unsigned char step = 0; unsigned long mask = nsAttsSize - 1; @@ -3756,7 +3809,8 @@ doProlog(XML_Parser parser, case XML_ROLE_DOCTYPE_PUBLIC_ID: #ifdef XML_DTD useForeignDTD = XML_FALSE; - declEntity = (ENTITY *)lookup(&dtd->paramEntities, + declEntity = (ENTITY *)lookup(parser, + &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (!declEntity) @@ -3811,7 +3865,8 @@ doProlog(XML_Parser parser, XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; dtd->hasParamEntityRefs = XML_TRUE; if (paramEntityParsing && externalEntityRefHandler) { - ENTITY *entity = (ENTITY *)lookup(&dtd->paramEntities, + ENTITY *entity = (ENTITY *)lookup(parser, + &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (!entity) @@ -3855,7 +3910,7 @@ doProlog(XML_Parser parser, XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; dtd->hasParamEntityRefs = XML_TRUE; if (paramEntityParsing && externalEntityRefHandler) { - ENTITY *entity = (ENTITY *)lookup(&dtd->paramEntities, + ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (!entity) @@ -4069,7 +4124,8 @@ doProlog(XML_Parser parser, break; #else /* XML_DTD */ if (!declEntity) { - declEntity = (ENTITY *)lookup(&dtd->paramEntities, + declEntity = (ENTITY *)lookup(parser, + &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (!declEntity) @@ -4144,7 +4200,7 @@ doProlog(XML_Parser parser, const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); if (!name) return XML_ERROR_NO_MEMORY; - declEntity = (ENTITY *)lookup(&dtd->generalEntities, name, + declEntity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, sizeof(ENTITY)); if (!declEntity) return XML_ERROR_NO_MEMORY; @@ -4176,7 +4232,7 @@ doProlog(XML_Parser parser, const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); if (!name) return XML_ERROR_NO_MEMORY; - declEntity = (ENTITY *)lookup(&dtd->paramEntities, + declEntity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, sizeof(ENTITY)); if (!declEntity) return XML_ERROR_NO_MEMORY; @@ -4358,7 +4414,7 @@ doProlog(XML_Parser parser, next - enc->minBytesPerChar); if (!name) return XML_ERROR_NO_MEMORY; - entity = (ENTITY *)lookup(&dtd->paramEntities, name, 0); + entity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, 0); poolDiscard(&dtd->pool); /* first, determine if a check for an existing declaration is needed; if yes, check that the entity exists, and that it is internal, @@ -4882,7 +4938,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata, next - enc->minBytesPerChar); if (!name) return XML_ERROR_NO_MEMORY; - entity = (ENTITY *)lookup(&dtd->generalEntities, name, 0); + entity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, 0); poolDiscard(&temp2Pool); /* First, determine if a check for an existing declaration is needed; if yes, check that the entity exists, and that it is internal. @@ -4991,7 +5047,7 @@ storeEntityValue(XML_Parser parser, result = XML_ERROR_NO_MEMORY; goto endEntityValue; } - entity = (ENTITY *)lookup(&dtd->paramEntities, name, 0); + entity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, 0); poolDiscard(&tempPool); if (!entity) { /* not a well-formedness error - see XML 1.0: WFC Entity Declared */ @@ -5281,7 +5337,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) } if (!poolAppendChar(&dtd->pool, XML_T('\0'))) return 0; - prefix = (PREFIX *)lookup(&dtd->prefixes, poolStart(&dtd->pool), + prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool), sizeof(PREFIX)); if (!prefix) return 0; @@ -5310,7 +5366,7 @@ getAttributeId(XML_Parser parser, const ENCODING *enc, return NULL; /* skip quotation mark - its storage will be re-used (like in name[-1]) */ ++name; - id = (ATTRIBUTE_ID *)lookup(&dtd->attributeIds, name, sizeof(ATTRIBUTE_ID)); + id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, name, sizeof(ATTRIBUTE_ID)); if (!id) return NULL; if (id->name != name) @@ -5328,7 +5384,7 @@ getAttributeId(XML_Parser parser, const ENCODING *enc, if (name[5] == XML_T('\0')) id->prefix = &dtd->defaultPrefix; else - id->prefix = (PREFIX *)lookup(&dtd->prefixes, name + 6, sizeof(PREFIX)); + id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, name + 6, sizeof(PREFIX)); id->xmlns = XML_TRUE; } else { @@ -5343,7 +5399,7 @@ getAttributeId(XML_Parser parser, const ENCODING *enc, } if (!poolAppendChar(&dtd->pool, XML_T('\0'))) return NULL; - id->prefix = (PREFIX *)lookup(&dtd->prefixes, poolStart(&dtd->pool), + id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool), sizeof(PREFIX)); if (!id->prefix) return NULL; @@ -5441,7 +5497,7 @@ setContext(XML_Parser parser, const XML_Char *context) ENTITY *e; if (!poolAppendChar(&tempPool, XML_T('\0'))) return XML_FALSE; - e = (ENTITY *)lookup(&dtd->generalEntities, poolStart(&tempPool), 0); + e = (ENTITY *)lookup(parser, &dtd->generalEntities, poolStart(&tempPool), 0); if (e) e->open = XML_TRUE; if (*s != XML_T('\0')) @@ -5456,7 +5512,7 @@ setContext(XML_Parser parser, const XML_Char *context) else { if (!poolAppendChar(&tempPool, XML_T('\0'))) return XML_FALSE; - prefix = (PREFIX *)lookup(&dtd->prefixes, poolStart(&tempPool), + prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&tempPool), sizeof(PREFIX)); if (!prefix) return XML_FALSE; @@ -5620,7 +5676,7 @@ dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms) The new DTD has already been initialized. */ static int -dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) +dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) { HASH_TABLE_ITER iter; @@ -5635,7 +5691,7 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) name = poolCopyString(&(newDtd->pool), oldP->name); if (!name) return 0; - if (!lookup(&(newDtd->prefixes), name, sizeof(PREFIX))) + if (!lookup(oldParser, &(newDtd->prefixes), name, sizeof(PREFIX))) return 0; } @@ -5657,7 +5713,7 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) if (!name) return 0; ++name; - newA = (ATTRIBUTE_ID *)lookup(&(newDtd->attributeIds), name, + newA = (ATTRIBUTE_ID *)lookup(oldParser, &(newDtd->attributeIds), name, sizeof(ATTRIBUTE_ID)); if (!newA) return 0; @@ -5667,7 +5723,7 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) if (oldA->prefix == &oldDtd->defaultPrefix) newA->prefix = &newDtd->defaultPrefix; else - newA->prefix = (PREFIX *)lookup(&(newDtd->prefixes), + newA->prefix = (PREFIX *)lookup(oldParser, &(newDtd->prefixes), oldA->prefix->name, 0); } } @@ -5686,7 +5742,7 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) name = poolCopyString(&(newDtd->pool), oldE->name); if (!name) return 0; - newE = (ELEMENT_TYPE *)lookup(&(newDtd->elementTypes), name, + newE = (ELEMENT_TYPE *)lookup(oldParser, &(newDtd->elementTypes), name, sizeof(ELEMENT_TYPE)); if (!newE) return 0; @@ -5700,14 +5756,14 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) } if (oldE->idAtt) newE->idAtt = (ATTRIBUTE_ID *) - lookup(&(newDtd->attributeIds), oldE->idAtt->name, 0); + lookup(oldParser, &(newDtd->attributeIds), oldE->idAtt->name, 0); newE->allocDefaultAtts = newE->nDefaultAtts = oldE->nDefaultAtts; if (oldE->prefix) - newE->prefix = (PREFIX *)lookup(&(newDtd->prefixes), + newE->prefix = (PREFIX *)lookup(oldParser, &(newDtd->prefixes), oldE->prefix->name, 0); for (i = 0; i < newE->nDefaultAtts; i++) { newE->defaultAtts[i].id = (ATTRIBUTE_ID *) - lookup(&(newDtd->attributeIds), oldE->defaultAtts[i].id->name, 0); + lookup(oldParser, &(newDtd->attributeIds), oldE->defaultAtts[i].id->name, 0); newE->defaultAtts[i].isCdata = oldE->defaultAtts[i].isCdata; if (oldE->defaultAtts[i].value) { newE->defaultAtts[i].value @@ -5721,13 +5777,15 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) } /* Copy the entity tables. */ - if (!copyEntityTable(&(newDtd->generalEntities), + if (!copyEntityTable(oldParser, + &(newDtd->generalEntities), &(newDtd->pool), &(oldDtd->generalEntities))) return 0; #ifdef XML_DTD - if (!copyEntityTable(&(newDtd->paramEntities), + if (!copyEntityTable(oldParser, + &(newDtd->paramEntities), &(newDtd->pool), &(oldDtd->paramEntities))) return 0; @@ -5750,7 +5808,8 @@ dtdCopy(DTD *newDtd, const DTD *oldDtd, const XML_Memory_Handling_Suite *ms) } /* End dtdCopy */ static int -copyEntityTable(HASH_TABLE *newTable, +copyEntityTable(XML_Parser oldParser, + HASH_TABLE *newTable, STRING_POOL *newPool, const HASH_TABLE *oldTable) { @@ -5769,7 +5828,7 @@ copyEntityTable(HASH_TABLE *newTable, name = poolCopyString(newPool, oldE->name); if (!name) return 0; - newE = (ENTITY *)lookup(newTable, name, sizeof(ENTITY)); + newE = (ENTITY *)lookup(oldParser, newTable, name, sizeof(ENTITY)); if (!newE) return 0; if (oldE->systemId) { @@ -5827,16 +5886,16 @@ keyeq(KEY s1, KEY s2) } static unsigned long FASTCALL -hash(KEY s) +hash(XML_Parser parser, KEY s) { - unsigned long h = 0; + unsigned long h = hash_secret_salt; while (*s) h = CHAR_HASH(h, *s++); return h; } static NAMED * -lookup(HASH_TABLE *table, KEY name, size_t createSize) +lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) { size_t i; if (table->size == 0) { @@ -5853,10 +5912,10 @@ lookup(HASH_TABLE *table, KEY name, size_t createSize) return NULL; } memset(table->v, 0, tsize); - i = hash(name) & ((unsigned long)table->size - 1); + i = hash(parser, name) & ((unsigned long)table->size - 1); } else { - unsigned long h = hash(name); + unsigned long h = hash(parser, name); unsigned long mask = (unsigned long)table->size - 1; unsigned char step = 0; i = h & mask; @@ -5882,7 +5941,7 @@ lookup(HASH_TABLE *table, KEY name, size_t createSize) memset(newV, 0, tsize); for (i = 0; i < table->size; i++) if (table->v[i]) { - unsigned long newHash = hash(table->v[i]->name); + unsigned long newHash = hash(parser, table->v[i]->name); size_t j = newHash & newMask; step = 0; while (newV[j]) { @@ -6257,7 +6316,7 @@ getElementType(XML_Parser parser, if (!name) return NULL; - ret = (ELEMENT_TYPE *) lookup(&dtd->elementTypes, name, sizeof(ELEMENT_TYPE)); + ret = (ELEMENT_TYPE *) lookup(parser, &dtd->elementTypes, name, sizeof(ELEMENT_TYPE)); if (!ret) return NULL; if (ret->name != name) diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c index 849423f..c1142de 100644 --- a/Modules/pyexpat.c +++ b/Modules/pyexpat.c @@ -1150,6 +1150,8 @@ newxmlparseobject(char *encoding, char *namespace_separator, PyObject *intern) else { self->itself = XML_ParserCreate(encoding); } + XML_SetHashSalt(self->itself, + (unsigned long)_Py_HashSecret.prefix); self->intern = intern; Py_XINCREF(self->intern); PyObject_GC_Track(self); -- cgit v0.12 From c73f6dab11030c9f0071d25c1636184c909696e1 Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith" Date: Wed, 14 Mar 2012 18:10:37 -0700 Subject: Fixes Issue 14234: fix for the previous commit, keep compilation when using --with-system-expat working when the system expat does not have salted hash support. --- Modules/expat/expat.h | 2 ++ Modules/pyexpat.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/Modules/expat/expat.h b/Modules/expat/expat.h index cffdb8f..89646d2 100644 --- a/Modules/expat/expat.h +++ b/Modules/expat/expat.h @@ -892,6 +892,8 @@ XMLPARSEAPI(int) XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt); +#define XML_HAS_SET_HASH_SALT /* Python Only: Defined for pyexpat.c. */ + /* If XML_Parse or XML_ParseBuffer have returned XML_STATUS_ERROR, then XML_GetErrorCode returns information about the error. */ diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c index c1142de..bf81e2a 100644 --- a/Modules/pyexpat.c +++ b/Modules/pyexpat.c @@ -1150,8 +1150,13 @@ newxmlparseobject(char *encoding, char *namespace_separator, PyObject *intern) else { self->itself = XML_ParserCreate(encoding); } +#if ((XML_MAJOR_VERSION >= 2) && (XML_MINOR_VERSION >= 1)) || defined(XML_HAS_SET_HASH_SALT) + /* This feature was added upstream in libexpat 2.1.0. Our expat copy + * has a backport of this feature where we also define XML_HAS_SET_HASH_SALT + * to indicate that we can still use it. */ XML_SetHashSalt(self->itself, (unsigned long)_Py_HashSecret.prefix); +#endif self->intern = intern; Py_XINCREF(self->intern); PyObject_GC_Track(self); -- cgit v0.12 From 226af70a59df013eaa58b80e01f430f13fa998d3 Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Sun, 18 Mar 2012 07:34:49 +0100 Subject: Bump to 3.2.3rc2. --- Include/patchlevel.h | 4 ++-- Lib/distutils/__init__.py | 2 +- Lib/idlelib/idlever.py | 2 +- Misc/NEWS | 17 +++++++---------- Misc/RPM/python-3.2.spec | 2 +- README | 2 +- 6 files changed, 13 insertions(+), 16 deletions(-) diff --git a/Include/patchlevel.h b/Include/patchlevel.h index 14ab4df..d3f3217 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -20,10 +20,10 @@ #define PY_MINOR_VERSION 2 #define PY_MICRO_VERSION 3 #define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_GAMMA -#define PY_RELEASE_SERIAL 1 +#define PY_RELEASE_SERIAL 2 /* Version as a string */ -#define PY_VERSION "3.2.3rc1+" +#define PY_VERSION "3.2.3rc2" /*--end constants--*/ /* Subversion Revision number of this file (not of the repository). Empty diff --git a/Lib/distutils/__init__.py b/Lib/distutils/__init__.py index 3697505..d8d61c5 100644 --- a/Lib/distutils/__init__.py +++ b/Lib/distutils/__init__.py @@ -13,5 +13,5 @@ used from a setup script as # Updated automatically by the Python release process. # #--start constants-- -__version__ = "3.2.3rc1" +__version__ = "3.2.3rc2" #--end constants-- diff --git a/Lib/idlelib/idlever.py b/Lib/idlelib/idlever.py index cbcda05..250ecf0 100644 --- a/Lib/idlelib/idlever.py +++ b/Lib/idlelib/idlever.py @@ -1 +1 @@ -IDLE_VERSION = "3.2.3rc1" +IDLE_VERSION = "3.2.3rc2" diff --git a/Misc/NEWS b/Misc/NEWS index ae00af7..30b14fa 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -2,28 +2,25 @@ Python News +++++++++++ -What's New in Python 3.2.3? -=========================== - -*Release date: XX-XXX-2012* - - What's New in Python 3.2.3 release candidate 2? =============================================== -*Release date: XX-Mar-2012* +*Release date: 18-Mar-2012* Library ------- +- Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils + on Windows. + +Extension Modules +----------------- + - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. -- Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils - on Windows. - What's New in Python 3.2.3 release candidate 1? =============================================== diff --git a/Misc/RPM/python-3.2.spec b/Misc/RPM/python-3.2.spec index 985b79b..87bfda1 100644 --- a/Misc/RPM/python-3.2.spec +++ b/Misc/RPM/python-3.2.spec @@ -39,7 +39,7 @@ %define name python #--start constants-- -%define version 3.2.3rc1 +%define version 3.2.3rc2 %define libvers 3.2 #--end constants-- %define release 1pydotorg diff --git a/README b/README index 2ed1c05..332c9b1 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is Python version 3.2.3 rc1 +This is Python version 3.2.3 rc2 ================================ Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, -- cgit v0.12 From ed77feb503a3f7afcbea4702334b630f5ae70ef4 Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Sun, 18 Mar 2012 07:35:01 +0100 Subject: Added tag v3.2.3rc2 for changeset 428f05cb7277 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index 0830aaf..87582aa 100644 --- a/.hgtags +++ b/.hgtags @@ -95,3 +95,4 @@ ac1f7e5c05104d557d5acd922e95625ba5d1fe10 v3.2.1 c860feaa348d663e598986894ee4680480577e15 v3.2.2rc1 137e45f15c0bd262c9ad4c032d97425bc0589456 v3.2.2 7085403daf439adb3f9e70ef13f6bedb1c447376 v3.2.3rc1 +428f05cb7277e1d42bb9dd8d1af6b6270ebc6112 v3.2.3rc2 -- cgit v0.12 From 1eb0f9de991a6a22bd4d2732849d0c7f7531d3f8 Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Sun, 18 Mar 2012 08:36:53 +0100 Subject: Post-release updates for 3.2.3rc2. --- Include/patchlevel.h | 2 +- Misc/NEWS | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Include/patchlevel.h b/Include/patchlevel.h index d3f3217..4a9d9ce 100644 --- a/Include/patchlevel.h +++ b/Include/patchlevel.h @@ -23,7 +23,7 @@ #define PY_RELEASE_SERIAL 2 /* Version as a string */ -#define PY_VERSION "3.2.3rc2" +#define PY_VERSION "3.2.3rc2+" /*--end constants--*/ /* Subversion Revision number of this file (not of the repository). Empty diff --git a/Misc/NEWS b/Misc/NEWS index 30b14fa..8257286 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -2,6 +2,18 @@ Python News +++++++++++ +What's New in Python 3.2.3? +=========================== + +*Release date: XX-Mar-2012* + +Core and Builtins +----------------- + +Library +------- + + What's New in Python 3.2.3 release candidate 2? =============================================== -- cgit v0.12