bpo-34623: Use XML_SetHashSalt in _elementtree by tiran · Pull Request #9146 · python/cpython (original) (raw)
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation9 Commits1 Checks0 Files changed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Just a minor question on the NEWS entry.
| @@ -0,0 +1,2 @@ |
|---|
| The C accelerated _elementtree module now initializes hash randomization |
| salt from _Py_HashSecret instead of libexpat's default CPRNG. |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CPRNG or CSPRNG? :-) Maybe even write "cryptographic pseudo-random number generator (CPRNG)".
| @@ -48,6 +52,9 @@ struct PyExpat_CAPI |
|---|
| enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding); |
| int (*DefaultUnknownEncodingHandler)( |
| void *encodingHandlerData, const XML_Char *name, XML_Encoding *info); |
| #if PYEXPAT_COMBINED_VERSION >= 20100 |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couldn't adding the slot conditionally break binary compatibility?
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new PyExpat_CAPI_MAGIC version ensures that only compatible modules are loaded.
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7.
🐍🍒⛏🤖
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
Sorry, @tiran, I could not cleanly backport this to 2.7 due to a conflict.
Please backport using cherry_picker on command line.cherry_picker cb5778f00ce48631c7140f33ba242496aaf7102b 2.7
tiran added a commit to tiran/cpython that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623. (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
miss-islington added a commit that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
miss-islington added a commit that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
stratakis pushed a commit to stratakis/cpython that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
stratakis pushed a commit to stratakis/cpython that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
mingwandroid pushed a commit to mingwandroid/cpython that referenced this pull request
mingwandroid pushed a commit to mingwandroid/cpython that referenced this pull request
larryhastings pushed a commit that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org
larryhastings pushed a commit that referenced this pull request
The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat's default CPRNG.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue34623 (cherry picked from commit cb5778f)
Co-authored-by: Christian Heimes christian@python.org