[3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`
Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-
1932444270 .
- Please treat as a security fix related to CVE-2023-52425.
(cherry picked from commit
6a95676bb526261434dd068d6c49927c44d24a9b)
(cherry picked from commit
73807eb634315f70a464a18feaae33d9e065de09)
(cherry picked from commit
eda2963378a3c292cf6bb202bb00e94e46ee6d90)
---------
Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
projects / thirdparty / Python / cpython.git / commit
