Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new sys functions introduced to combat CVE-2020-10735 #8733

Merged
merged 2 commits into from
Sep 13, 2022
Merged

Add new sys functions introduced to combat CVE-2020-10735 #8733

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
265bc06
Add new `sys` functions introduced to combat CVE-2020-10735
AlexWaygood Sep 13, 2022
7ab7500
Update stdlib/sys.pyi
AlexWaygood Sep 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion stdlib/sys.pyi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,11 +190,15 @@ class _implementation:
int_info: _int_info

@final
class _int_info(structseq[int], tuple[int, int]):
class _int_info(structseq[int], tuple[int, int, int, int]):
@property
def bits_per_digit(self) -> int: ...
@property
def sizeof_digit(self) -> int: ...
@property
def default_max_str_digits(self) -> int: ...
@property
def str_digits_check_threshold(self) -> int: ...

@final
class _version_info(_UninstantiableStructseq, tuple[int, int, int, str, int]):
Expand Down Expand Up @@ -328,3 +332,8 @@ if sys.version_info < (3, 8):
_CoroWrapper: TypeAlias = Callable[[Coroutine[Any, Any, Any]], Any]
def set_coroutine_wrapper(__wrapper: _CoroWrapper) -> None: ...
def get_coroutine_wrapper() -> _CoroWrapper: ...

# The following two functions were added in 3.11.0, 3.10.7, 3.9.14, 3.8.14, & 3.7.14,
# as part of the response to CVE-2020-10735
def set_int_max_str_digits(maxdigits: int) -> None: ...
def get_int_max_str_digits() -> int: ...
2 changes: 2 additions & 0 deletions tests/stubtest_allowlists/py3_common.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,9 @@ socketserver.BaseServer.get_request # implemented in derived classes
socketserver.BaseServer.server_bind # implemented in derived classes
ssl.Purpose.__new__ # You cannot override __new__ in NamedTuple and runtime uses namedtuple.
ssl._ASN1Object.__new__ # You cannot override __new__ in NamedTuple and runtime uses namedtuple.
(sys.get_int_max_str_digits)? # Added in a patch release, backported to all security branches, but has yet to find its way to all GitHub Actions images
sys.implementation # Actually SimpleNamespace but then you wouldn't have convenient attributes
(sys.set_int_max_str_digits)? # Added in a patch release, backported to all security branches, but has yet to find its way to all GitHub Actions images
sys.thread_info
tarfile.TarFile.errors # errors is initialized for some reason as None even though it really only accepts str
threading.Condition.acquire # Condition functions are exported in __init__
Expand Down