Adds a PrivacyInfo.xcprivacy file when packaging `_hashlib` and `_ssl` modules
for iOS (based on the original OpenSSL sources); and adds handling to the build
script to allow any app to add `xcprivacy` handling for a binary module.
Expose the XML Expat 2.7.2 APIs to tune protections against
"billion laughs" [1] attacks.
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetBillionLaughsAttackProtectionActivationThreshold(threshold)`, and
- `parser.SetBillionLaughsAttackProtectionMaximumAmplification(max_factor)`.
This completes the work in f04bea44c3,
and improves the existing related documentation.
[1]: https://en.wikipedia.org/wiki/Billion_laughs_attack
Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
Functions that take timestamp or timeout arguments now accept any
real numbers (such as Decimal and Fraction), not only integers or floats,
although this does not improve precision.
Adds tooling to generate and test an iOS XCframework, in a way that will also facilitate
adding other XCframework targets for other Apple platforms (tvOS, watchOS, visionOS and
even macOS, potentially).
---------
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
* fix: available_timezones is reporting an invalid IANA zone name
* 📜🤖 Added by blurb_it.
* correct rst format for backticks
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Paul Ganssle <1377457+pganssle@users.noreply.github.com>
Adds a mention of binary releases to the Android documentation.
---------
Co-authored-by: Russell Keith-Magee <russell@keith-magee.com>
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Prior to 3.9, Py_AddPendingCall() would always run pending calls in the main interpreter, but then each interpreter got their own ceval state, and they were scheduled for any interpreter. In GH-104813, this was undone, so Py_AddPendingCall() would always schedule for the main interpreter.
This amends commit bf8bbe9a81 by
restricting `echo_char` in `getpass.getpass` to single printable
ASCII characters as it would be uncommon to use long strings or
multi-byte characters for keyboard feedback.
---------
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
