Skip to content

bpo-34424: Handle different policy.linesep lengths correctly.#8803

Merged
bitdancer merged 3 commits intopython:masterfrom
jenstroeger:bpo-34424
May 14, 2019
Merged

bpo-34424: Handle different policy.linesep lengths correctly.#8803
bitdancer merged 3 commits intopython:masterfrom
jenstroeger:bpo-34424

Conversation

@jenstroeger
Copy link
Contributor

@jenstroeger jenstroeger commented Aug 18, 2018
edited by bedevere-bot
Loading

@jenstroeger jenstroeger requested a review from a team as a code owner August 18, 2018 04:56
@the-knights-who-say-ni
Copy link

the-knights-who-say-ni commented Aug 18, 2018

Hello, and thanks for your contribution!

I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA).

Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA (this might be simply due to a missing "GitHub Name" entry in your b.p.o account settings). This is necessary for legal reasons before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue.

You can check yourself to see if the CLA has been received.

Thanks again for your contribution, we look forward to reviewing it!

@jenstroeger
Copy link
Contributor Author

jenstroeger commented Aug 29, 2018
edited
Loading

I did sign the PSF contributor agreement (CLA), so that label should be ok to be removed. Also, since this is a blocking issue on our system: can somebody please review?

jenstroeger
jenstroeger commented Aug 29, 2018
View reviewed changes
jenstroeger
jenstroeger commented Aug 29, 2018
View reviewed changes
bitdancer
bitdancer requested changes Oct 19, 2018
View reviewed changes
Copy link
Member

@bitdancer bitdancer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix and test look good in general. For unit test completeness it would be nice to add a header_value_parser test for this as well, but I don't think it is that important for this particular issue.

@bedevere-bot
Copy link

bedevere-bot commented Oct 19, 2018

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@jenstroeger
Copy link
Contributor Author

jenstroeger commented Oct 24, 2018
edited
Loading

I have made the requested changes; please review again.

Also, as a side note, I’ve been running the proposed change for a while now in a live production environment without further issues.

@bedevere-bot
Copy link

bedevere-bot commented Oct 24, 2018

Thanks for making the requested changes!

@bitdancer: please review the changes made to this pull request.

@jenstroeger
Copy link
Contributor Author

jenstroeger commented Dec 18, 2018

@bitdancer, any update on this? We could really need this change in mainstream as this is critical for our production servers. Thanks!

@jenstroeger
Copy link
Contributor Author

jenstroeger commented Feb 11, 2019

@bitdancer, a friendly poke… could this please be merged?

@csabella csabella requested review from bitdancer and warsaw May 13, 2019 12:37
@bitdancer bitdancer merged commit 45b2f88 into python:master May 14, 2019
@bedevere-bot
Copy link

bedevere-bot commented May 14, 2019

@bitdancer: Please replace # with GH- in the commit message next time. Thanks!

@miss-islington
Copy link
Contributor

miss-islington commented May 14, 2019

Thanks @jenstroeger for the PR, and @bitdancer for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request May 14, 2019
@jenstroeger @miss-islington
bpo-34424: Handle different policy.linesep lengths correctly. (python…
084c9a1 
…GH-8803)

(cherry picked from commit 45b2f88)

Co-authored-by: Jens Troeger <jenstroeger@users.noreply.github.com>
@bedevere-bot
Copy link

bedevere-bot commented May 14, 2019

GH-13302 is a backport of this pull request to the 3.7 branch.

@csabella
Copy link
Contributor

csabella commented May 14, 2019

@jenstroeger Thank you for the contribution! 🎉 🎉
@bitdancer Thank you for the review and merge!

miss-islington added a commit that referenced this pull request May 14, 2019
@miss-islington @jenstroeger
bpo-34424: Handle different policy.linesep lengths correctly. (GH-8803)
c0abd0c 
(cherry picked from commit 45b2f88)

Co-authored-by: Jens Troeger <jenstroeger@users.noreply.github.com>
@Julien00859
Copy link

Julien00859 commented Oct 29, 2019

The problem is also affecting latest python 3.6, could it be possible to backport it there ?

frenzymadness pushed a commit to frenzymadness/cpython that referenced this pull request Jan 30, 2026
@miss-islington @frenzymadness
00476: CVE-2026-1299
fc9cc0f 
pythongh-144125: email: verify headers are sound in BytesGenerator
(cherry picked from commit 052e55e)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Denis Ledoux <dle@odoo.com>
Co-authored-by: Denis Ledoux <5822488+beledouxdenis@users.noreply.github.com>
Co-authored-by: Petr Viktorin <302922+encukou@users.noreply.github.com>
Co-authored-by: Bas Bloemsaat <1586868+basbloemsaat@users.noreply.github.com>

The fix for the CVE uncovered a known issue in handling
policy.linesep lengths fixed by:

bpo-34424: Handle different policy.linesep lengths correctly. (python#8803)
frenzymadness pushed a commit to frenzymadness/cpython that referenced this pull request Feb 2, 2026
@miss-islington @jenstroeger @frenzymadness
00476: CVE-2026-1299
84728b6 
pythongh-144125: email: verify headers are sound in BytesGenerator

(cherry picked from commit 8cdf620)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Denis Ledoux <dle@odoo.com>
Co-authored-by: Denis Ledoux <5822488+beledouxdenis@users.noreply.github.com>
Co-authored-by: Petr Viktorin <302922+encukou@users.noreply.github.com>
Co-authored-by: Bas Bloemsaat <1586868+basbloemsaat@users.noreply.github.com>

The fix for the CVE uncovered a known issue in handling
policy.linesep lengths fixed by:

bpo-34424: Handle different policy.linesep lengths correctly. (python#8803)

(cherry-picked from commit 45b2f88)

Co-authored-by: Jens Troeger <jenstroeger@users.noreply.github.com>
hroncok pushed a commit to fedora-python/cpython that referenced this pull request Feb 3, 2026
@miss-islington @jenstroeger @hroncok
00476: CVE-2026-1299
fad58bc 
pythongh-144125: email: verify headers are sound in BytesGenerator

(cherry picked from commit 8cdf620)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Denis Ledoux <dle@odoo.com>
Co-authored-by: Denis Ledoux <5822488+beledouxdenis@users.noreply.github.com>
Co-authored-by: Petr Viktorin <302922+encukou@users.noreply.github.com>
Co-authored-by: Bas Bloemsaat <1586868+basbloemsaat@users.noreply.github.com>

The fix for the CVE uncovered a known issue in handling
policy.linesep lengths fixed by:

bpo-34424: Handle different policy.linesep lengths correctly. (python#8803)

(cherry-picked from commit 45b2f88)

Co-authored-by: Jens Troeger <jenstroeger@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bitdancer bitdancer bitdancer approved these changes

@warsaw warsaw Awaiting requested review from warsaw

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@jenstroeger @the-knights-who-say-ni @bedevere-bot @miss-islington @csabella @Julien00859 @bitdancer