Compare commits
No commits in common. 'i9c' and 'c9-beta' have entirely different histories.
@ -1,77 +0,0 @@
|
|||||||
From c9364e8727ea2426519a74593ab03ebcb0da72b8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lumir Balhar <lbalhar@redhat.com>
|
|
||||||
Date: Fri, 3 May 2024 14:17:48 +0200
|
|
||||||
Subject: [PATCH] Expect failures in tests not working properly with expat with
|
|
||||||
a fixed CVE in RHEL
|
|
||||||
|
|
||||||
---
|
|
||||||
Lib/test/test_xml_etree.py | 53 ++++++++++++++++++++++----------------
|
|
||||||
1 file changed, 31 insertions(+), 22 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py
|
|
||||||
index 7c346f2..24e0bb8 100644
|
|
||||||
--- a/Lib/test/test_xml_etree.py
|
|
||||||
+++ b/Lib/test/test_xml_etree.py
|
|
||||||
@@ -1391,28 +1391,37 @@ class XMLPullParserTest(unittest.TestCase):
|
|
||||||
self.assertEqual([(action, elem.tag) for action, elem in events],
|
|
||||||
expected)
|
|
||||||
|
|
||||||
- def test_simple_xml(self):
|
|
||||||
- for chunk_size in (None, 1, 5):
|
|
||||||
- with self.subTest(chunk_size=chunk_size):
|
|
||||||
- parser = ET.XMLPullParser()
|
|
||||||
- self.assert_event_tags(parser, [])
|
|
||||||
- self._feed(parser, "<!-- comment -->\n", chunk_size)
|
|
||||||
- self.assert_event_tags(parser, [])
|
|
||||||
- self._feed(parser,
|
|
||||||
- "<root>\n <element key='value'>text</element",
|
|
||||||
- chunk_size)
|
|
||||||
- self.assert_event_tags(parser, [])
|
|
||||||
- self._feed(parser, ">\n", chunk_size)
|
|
||||||
- self.assert_event_tags(parser, [('end', 'element')])
|
|
||||||
- self._feed(parser, "<element>text</element>tail\n", chunk_size)
|
|
||||||
- self._feed(parser, "<empty-element/>\n", chunk_size)
|
|
||||||
- self.assert_event_tags(parser, [
|
|
||||||
- ('end', 'element'),
|
|
||||||
- ('end', 'empty-element'),
|
|
||||||
- ])
|
|
||||||
- self._feed(parser, "</root>\n", chunk_size)
|
|
||||||
- self.assert_event_tags(parser, [('end', 'root')])
|
|
||||||
- self.assertIsNone(parser.close())
|
|
||||||
+ def test_simple_xml(self, chunk_size=None):
|
|
||||||
+ parser = ET.XMLPullParser()
|
|
||||||
+ self.assert_event_tags(parser, [])
|
|
||||||
+ self._feed(parser, "<!-- comment -->\n", chunk_size)
|
|
||||||
+ self.assert_event_tags(parser, [])
|
|
||||||
+ self._feed(parser,
|
|
||||||
+ "<root>\n <element key='value'>text</element",
|
|
||||||
+ chunk_size)
|
|
||||||
+ self.assert_event_tags(parser, [])
|
|
||||||
+ self._feed(parser, ">\n", chunk_size)
|
|
||||||
+ self.assert_event_tags(parser, [('end', 'element')])
|
|
||||||
+ self._feed(parser, "<element>text</element>tail\n", chunk_size)
|
|
||||||
+ self._feed(parser, "<empty-element/>\n", chunk_size)
|
|
||||||
+ self.assert_event_tags(parser, [
|
|
||||||
+ ('end', 'element'),
|
|
||||||
+ ('end', 'empty-element'),
|
|
||||||
+ ])
|
|
||||||
+ self._feed(parser, "</root>\n", chunk_size)
|
|
||||||
+ self.assert_event_tags(parser, [('end', 'root')])
|
|
||||||
+ self.assertIsNone(parser.close())
|
|
||||||
+
|
|
||||||
+ @unittest.expectedFailure
|
|
||||||
+ def test_simple_xml_chunk_1(self):
|
|
||||||
+ self.test_simple_xml(chunk_size=1)
|
|
||||||
+
|
|
||||||
+ @unittest.expectedFailure
|
|
||||||
+ def test_simple_xml_chunk_5(self):
|
|
||||||
+ self.test_simple_xml(chunk_size=5)
|
|
||||||
+
|
|
||||||
+ def test_simple_xml_chunk_22(self):
|
|
||||||
+ self.test_simple_xml(chunk_size=22)
|
|
||||||
|
|
||||||
def test_feed_while_iterating(self):
|
|
||||||
parser = ET.XMLPullParser()
|
|
||||||
--
|
|
||||||
2.45.0
|
|
||||||
|
|
@ -1,215 +0,0 @@
|
|||||||
From 5585334d772b253a01a6730e8202ffb1607c3d25 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Serhiy Storchaka <storchaka@gmail.com>
|
|
||||||
Date: Thu, 7 Dec 2023 18:37:10 +0200
|
|
||||||
Subject: [PATCH] [3.11] gh-91133: tempfile.TemporaryDirectory: fix symlink bug
|
|
||||||
in cleanup (GH-99930) (GH-112839)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
(cherry picked from commit 81c16cd94ec38d61aa478b9a452436dc3b1b524d)
|
|
||||||
|
|
||||||
Co-authored-by: Søren Løvborg <sorenl@unity3d.com>
|
|
||||||
---
|
|
||||||
Lib/tempfile.py | 27 +++--
|
|
||||||
Lib/test/test_tempfile.py | 111 +++++++++++++++++-
|
|
||||||
...2-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2 +
|
|
||||||
3 files changed, 125 insertions(+), 15 deletions(-)
|
|
||||||
create mode 100644 Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
|
|
||||||
|
|
||||||
diff --git a/Lib/tempfile.py b/Lib/tempfile.py
|
|
||||||
index aace11fa7b19b9..f59a63a7b45b36 100644
|
|
||||||
--- a/Lib/tempfile.py
|
|
||||||
+++ b/Lib/tempfile.py
|
|
||||||
@@ -270,6 +270,22 @@ def _mkstemp_inner(dir, pre, suf, flags, output_type):
|
|
||||||
raise FileExistsError(_errno.EEXIST,
|
|
||||||
"No usable temporary file name found")
|
|
||||||
|
|
||||||
+def _dont_follow_symlinks(func, path, *args):
|
|
||||||
+ # Pass follow_symlinks=False, unless not supported on this platform.
|
|
||||||
+ if func in _os.supports_follow_symlinks:
|
|
||||||
+ func(path, *args, follow_symlinks=False)
|
|
||||||
+ elif _os.name == 'nt' or not _os.path.islink(path):
|
|
||||||
+ func(path, *args)
|
|
||||||
+
|
|
||||||
+def _resetperms(path):
|
|
||||||
+ try:
|
|
||||||
+ chflags = _os.chflags
|
|
||||||
+ except AttributeError:
|
|
||||||
+ pass
|
|
||||||
+ else:
|
|
||||||
+ _dont_follow_symlinks(chflags, path, 0)
|
|
||||||
+ _dont_follow_symlinks(_os.chmod, path, 0o700)
|
|
||||||
+
|
|
||||||
|
|
||||||
# User visible interfaces.
|
|
||||||
|
|
||||||
@@ -863,17 +879,10 @@ def __init__(self, suffix=None, prefix=None, dir=None,
|
|
||||||
def _rmtree(cls, name, ignore_errors=False):
|
|
||||||
def onerror(func, path, exc_info):
|
|
||||||
if issubclass(exc_info[0], PermissionError):
|
|
||||||
- def resetperms(path):
|
|
||||||
- try:
|
|
||||||
- _os.chflags(path, 0)
|
|
||||||
- except AttributeError:
|
|
||||||
- pass
|
|
||||||
- _os.chmod(path, 0o700)
|
|
||||||
-
|
|
||||||
try:
|
|
||||||
if path != name:
|
|
||||||
- resetperms(_os.path.dirname(path))
|
|
||||||
- resetperms(path)
|
|
||||||
+ _resetperms(_os.path.dirname(path))
|
|
||||||
+ _resetperms(path)
|
|
||||||
|
|
||||||
try:
|
|
||||||
_os.unlink(path)
|
|
||||||
diff --git a/Lib/test/test_tempfile.py b/Lib/test/test_tempfile.py
|
|
||||||
index 1242ec7e3cc9a1..675edc8de9cca5 100644
|
|
||||||
--- a/Lib/test/test_tempfile.py
|
|
||||||
+++ b/Lib/test/test_tempfile.py
|
|
||||||
@@ -1565,6 +1565,103 @@ def test_cleanup_with_symlink_to_a_directory(self):
|
|
||||||
"were deleted")
|
|
||||||
d2.cleanup()
|
|
||||||
|
|
||||||
+ @os_helper.skip_unless_symlink
|
|
||||||
+ def test_cleanup_with_symlink_modes(self):
|
|
||||||
+ # cleanup() should not follow symlinks when fixing mode bits (#91133)
|
|
||||||
+ with self.do_create(recurse=0) as d2:
|
|
||||||
+ file1 = os.path.join(d2, 'file1')
|
|
||||||
+ open(file1, 'wb').close()
|
|
||||||
+ dir1 = os.path.join(d2, 'dir1')
|
|
||||||
+ os.mkdir(dir1)
|
|
||||||
+ for mode in range(8):
|
|
||||||
+ mode <<= 6
|
|
||||||
+ with self.subTest(mode=format(mode, '03o')):
|
|
||||||
+ def test(target, target_is_directory):
|
|
||||||
+ d1 = self.do_create(recurse=0)
|
|
||||||
+ symlink = os.path.join(d1.name, 'symlink')
|
|
||||||
+ os.symlink(target, symlink,
|
|
||||||
+ target_is_directory=target_is_directory)
|
|
||||||
+ try:
|
|
||||||
+ os.chmod(symlink, mode, follow_symlinks=False)
|
|
||||||
+ except NotImplementedError:
|
|
||||||
+ pass
|
|
||||||
+ try:
|
|
||||||
+ os.chmod(symlink, mode)
|
|
||||||
+ except FileNotFoundError:
|
|
||||||
+ pass
|
|
||||||
+ os.chmod(d1.name, mode)
|
|
||||||
+ d1.cleanup()
|
|
||||||
+ self.assertFalse(os.path.exists(d1.name))
|
|
||||||
+
|
|
||||||
+ with self.subTest('nonexisting file'):
|
|
||||||
+ test('nonexisting', target_is_directory=False)
|
|
||||||
+ with self.subTest('nonexisting dir'):
|
|
||||||
+ test('nonexisting', target_is_directory=True)
|
|
||||||
+
|
|
||||||
+ with self.subTest('existing file'):
|
|
||||||
+ os.chmod(file1, mode)
|
|
||||||
+ old_mode = os.stat(file1).st_mode
|
|
||||||
+ test(file1, target_is_directory=False)
|
|
||||||
+ new_mode = os.stat(file1).st_mode
|
|
||||||
+ self.assertEqual(new_mode, old_mode,
|
|
||||||
+ '%03o != %03o' % (new_mode, old_mode))
|
|
||||||
+
|
|
||||||
+ with self.subTest('existing dir'):
|
|
||||||
+ os.chmod(dir1, mode)
|
|
||||||
+ old_mode = os.stat(dir1).st_mode
|
|
||||||
+ test(dir1, target_is_directory=True)
|
|
||||||
+ new_mode = os.stat(dir1).st_mode
|
|
||||||
+ self.assertEqual(new_mode, old_mode,
|
|
||||||
+ '%03o != %03o' % (new_mode, old_mode))
|
|
||||||
+
|
|
||||||
+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
|
|
||||||
+ @os_helper.skip_unless_symlink
|
|
||||||
+ def test_cleanup_with_symlink_flags(self):
|
|
||||||
+ # cleanup() should not follow symlinks when fixing flags (#91133)
|
|
||||||
+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
|
|
||||||
+ self.check_flags(flags)
|
|
||||||
+
|
|
||||||
+ with self.do_create(recurse=0) as d2:
|
|
||||||
+ file1 = os.path.join(d2, 'file1')
|
|
||||||
+ open(file1, 'wb').close()
|
|
||||||
+ dir1 = os.path.join(d2, 'dir1')
|
|
||||||
+ os.mkdir(dir1)
|
|
||||||
+ def test(target, target_is_directory):
|
|
||||||
+ d1 = self.do_create(recurse=0)
|
|
||||||
+ symlink = os.path.join(d1.name, 'symlink')
|
|
||||||
+ os.symlink(target, symlink,
|
|
||||||
+ target_is_directory=target_is_directory)
|
|
||||||
+ try:
|
|
||||||
+ os.chflags(symlink, flags, follow_symlinks=False)
|
|
||||||
+ except NotImplementedError:
|
|
||||||
+ pass
|
|
||||||
+ try:
|
|
||||||
+ os.chflags(symlink, flags)
|
|
||||||
+ except FileNotFoundError:
|
|
||||||
+ pass
|
|
||||||
+ os.chflags(d1.name, flags)
|
|
||||||
+ d1.cleanup()
|
|
||||||
+ self.assertFalse(os.path.exists(d1.name))
|
|
||||||
+
|
|
||||||
+ with self.subTest('nonexisting file'):
|
|
||||||
+ test('nonexisting', target_is_directory=False)
|
|
||||||
+ with self.subTest('nonexisting dir'):
|
|
||||||
+ test('nonexisting', target_is_directory=True)
|
|
||||||
+
|
|
||||||
+ with self.subTest('existing file'):
|
|
||||||
+ os.chflags(file1, flags)
|
|
||||||
+ old_flags = os.stat(file1).st_flags
|
|
||||||
+ test(file1, target_is_directory=False)
|
|
||||||
+ new_flags = os.stat(file1).st_flags
|
|
||||||
+ self.assertEqual(new_flags, old_flags)
|
|
||||||
+
|
|
||||||
+ with self.subTest('existing dir'):
|
|
||||||
+ os.chflags(dir1, flags)
|
|
||||||
+ old_flags = os.stat(dir1).st_flags
|
|
||||||
+ test(dir1, target_is_directory=True)
|
|
||||||
+ new_flags = os.stat(dir1).st_flags
|
|
||||||
+ self.assertEqual(new_flags, old_flags)
|
|
||||||
+
|
|
||||||
@support.cpython_only
|
|
||||||
def test_del_on_collection(self):
|
|
||||||
# A TemporaryDirectory is deleted when garbage collected
|
|
||||||
@@ -1737,10 +1834,7 @@ def test_modes(self):
|
|
||||||
d.cleanup()
|
|
||||||
self.assertFalse(os.path.exists(d.name))
|
|
||||||
|
|
||||||
- @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
|
|
||||||
- def test_flags(self):
|
|
||||||
- flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
|
|
||||||
-
|
|
||||||
+ def check_flags(self, flags):
|
|
||||||
# skip the test if these flags are not supported (ex: FreeBSD 13)
|
|
||||||
filename = os_helper.TESTFN
|
|
||||||
try:
|
|
||||||
@@ -1749,13 +1843,18 @@ def test_flags(self):
|
|
||||||
os.chflags(filename, flags)
|
|
||||||
except OSError as exc:
|
|
||||||
# "OSError: [Errno 45] Operation not supported"
|
|
||||||
- self.skipTest(f"chflags() doesn't support "
|
|
||||||
- f"UF_IMMUTABLE|UF_NOUNLINK: {exc}")
|
|
||||||
+ self.skipTest(f"chflags() doesn't support flags "
|
|
||||||
+ f"{flags:#b}: {exc}")
|
|
||||||
else:
|
|
||||||
os.chflags(filename, 0)
|
|
||||||
finally:
|
|
||||||
os_helper.unlink(filename)
|
|
||||||
|
|
||||||
+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
|
|
||||||
+ def test_flags(self):
|
|
||||||
+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
|
|
||||||
+ self.check_flags(flags)
|
|
||||||
+
|
|
||||||
d = self.do_create(recurse=3, dirs=2, files=2)
|
|
||||||
with d:
|
|
||||||
# Change files and directories flags recursively.
|
|
||||||
diff --git a/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000000000..7991048fc48e03
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
|
|
||||||
@@ -0,0 +1,2 @@
|
|
||||||
+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer
|
|
||||||
+dereferences symlinks when working around file system permission errors.
|
|
@ -1,343 +0,0 @@
|
|||||||
From ba431579efdcbaed7a96f2ac4ea0775879a332fb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Viktorin <encukou@gmail.com>
|
|
||||||
Date: Thu, 25 Apr 2024 14:45:48 +0200
|
|
||||||
Subject: [PATCH] [3.11] gh-113171: gh-65056: Fix "private" (non-global) IP
|
|
||||||
address ranges (GH-113179) (GH-113186) (GH-118177) (#118227)
|
|
||||||
|
|
||||||
---
|
|
||||||
Doc/library/ipaddress.rst | 43 +++++++-
|
|
||||||
Doc/whatsnew/3.11.rst | 9 ++
|
|
||||||
Lib/ipaddress.py | 99 +++++++++++++++----
|
|
||||||
Lib/test/test_ipaddress.py | 21 +++-
|
|
||||||
...-03-14-01-38-44.gh-issue-113171.VFnObz.rst | 9 ++
|
|
||||||
5 files changed, 157 insertions(+), 24 deletions(-)
|
|
||||||
create mode 100644 Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst
|
|
||||||
|
|
||||||
diff --git a/Doc/library/ipaddress.rst b/Doc/library/ipaddress.rst
|
|
||||||
index 03dc956cd1352a..f57fa15aa5b930 100644
|
|
||||||
--- a/Doc/library/ipaddress.rst
|
|
||||||
+++ b/Doc/library/ipaddress.rst
|
|
||||||
@@ -178,18 +178,53 @@ write code that handles both IP versions correctly. Address objects are
|
|
||||||
|
|
||||||
.. attribute:: is_private
|
|
||||||
|
|
||||||
- ``True`` if the address is allocated for private networks. See
|
|
||||||
+ ``True`` if the address is defined as not globally reachable by
|
|
||||||
iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_
|
|
||||||
- (for IPv6).
|
|
||||||
+ (for IPv6) with the following exceptions:
|
|
||||||
+
|
|
||||||
+ * ``is_private`` is ``False`` for the shared address space (``100.64.0.0/10``)
|
|
||||||
+ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the
|
|
||||||
+ semantics of the underlying IPv4 addresses and the following condition holds
|
|
||||||
+ (see :attr:`IPv6Address.ipv4_mapped`)::
|
|
||||||
+
|
|
||||||
+ address.is_private == address.ipv4_mapped.is_private
|
|
||||||
+
|
|
||||||
+ ``is_private`` has value opposite to :attr:`is_global`, except for the shared address space
|
|
||||||
+ (``100.64.0.0/10`` range) where they are both ``False``.
|
|
||||||
+
|
|
||||||
+ .. versionchanged:: 3.11.10
|
|
||||||
+
|
|
||||||
+ Fixed some false positives and false negatives.
|
|
||||||
+
|
|
||||||
+ * ``192.0.0.0/24`` is considered private with the exception of ``192.0.0.9/32`` and
|
|
||||||
+ ``192.0.0.10/32`` (previously: only the ``192.0.0.0/29`` sub-range was considered private).
|
|
||||||
+ * ``64:ff9b:1::/48`` is considered private.
|
|
||||||
+ * ``2002::/16`` is considered private.
|
|
||||||
+ * There are exceptions within ``2001::/23`` (otherwise considered private): ``2001:1::1/128``,
|
|
||||||
+ ``2001:1::2/128``, ``2001:3::/32``, ``2001:4:112::/48``, ``2001:20::/28``, ``2001:30::/28``.
|
|
||||||
+ The exceptions are not considered private.
|
|
||||||
|
|
||||||
.. attribute:: is_global
|
|
||||||
|
|
||||||
- ``True`` if the address is allocated for public networks. See
|
|
||||||
+ ``True`` if the address is defined as globally reachable by
|
|
||||||
iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_
|
|
||||||
- (for IPv6).
|
|
||||||
+ (for IPv6) with the following exception:
|
|
||||||
+
|
|
||||||
+ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the
|
|
||||||
+ semantics of the underlying IPv4 addresses and the following condition holds
|
|
||||||
+ (see :attr:`IPv6Address.ipv4_mapped`)::
|
|
||||||
+
|
|
||||||
+ address.is_global == address.ipv4_mapped.is_global
|
|
||||||
+
|
|
||||||
+ ``is_global`` has value opposite to :attr:`is_private`, except for the shared address space
|
|
||||||
+ (``100.64.0.0/10`` range) where they are both ``False``.
|
|
||||||
|
|
||||||
.. versionadded:: 3.4
|
|
||||||
|
|
||||||
+ .. versionchanged:: 3.11.10
|
|
||||||
+
|
|
||||||
+ Fixed some false positives and false negatives, see :attr:`is_private` for details.
|
|
||||||
+
|
|
||||||
.. attribute:: is_unspecified
|
|
||||||
|
|
||||||
``True`` if the address is unspecified. See :RFC:`5735` (for IPv4)
|
|
||||||
diff --git a/Doc/whatsnew/3.11.rst b/Doc/whatsnew/3.11.rst
|
|
||||||
index f670fa1f097aa1..42b61c75c7e621 100644
|
|
||||||
--- a/Doc/whatsnew/3.11.rst
|
|
||||||
+++ b/Doc/whatsnew/3.11.rst
|
|
||||||
@@ -2727,3 +2727,12 @@ OpenSSL
|
|
||||||
* Windows builds and macOS installers from python.org now use OpenSSL 3.0.
|
|
||||||
|
|
||||||
.. _libb2: https://www.blake2.net/
|
|
||||||
+
|
|
||||||
+Notable changes in 3.11.10
|
|
||||||
+==========================
|
|
||||||
+
|
|
||||||
+ipaddress
|
|
||||||
+---------
|
|
||||||
+
|
|
||||||
+* Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``,
|
|
||||||
+ ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``.
|
|
||||||
diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
|
|
||||||
index 16ba16cd7de49a..567beb37e06318 100644
|
|
||||||
--- a/Lib/ipaddress.py
|
|
||||||
+++ b/Lib/ipaddress.py
|
|
||||||
@@ -1086,7 +1086,11 @@ def is_private(self):
|
|
||||||
"""
|
|
||||||
return any(self.network_address in priv_network and
|
|
||||||
self.broadcast_address in priv_network
|
|
||||||
- for priv_network in self._constants._private_networks)
|
|
||||||
+ for priv_network in self._constants._private_networks) and all(
|
|
||||||
+ self.network_address not in network and
|
|
||||||
+ self.broadcast_address not in network
|
|
||||||
+ for network in self._constants._private_networks_exceptions
|
|
||||||
+ )
|
|
||||||
|
|
||||||
@property
|
|
||||||
def is_global(self):
|
|
||||||
@@ -1333,18 +1337,41 @@ def is_reserved(self):
|
|
||||||
@property
|
|
||||||
@functools.lru_cache()
|
|
||||||
def is_private(self):
|
|
||||||
- """Test if this address is allocated for private networks.
|
|
||||||
+ """``True`` if the address is defined as not globally reachable by
|
|
||||||
+ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_
|
|
||||||
+ (for IPv6) with the following exceptions:
|
|
||||||
|
|
||||||
- Returns:
|
|
||||||
- A boolean, True if the address is reserved per
|
|
||||||
- iana-ipv4-special-registry.
|
|
||||||
+ * ``is_private`` is ``False`` for ``100.64.0.0/10``
|
|
||||||
+ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the
|
|
||||||
+ semantics of the underlying IPv4 addresses and the following condition holds
|
|
||||||
+ (see :attr:`IPv6Address.ipv4_mapped`)::
|
|
||||||
|
|
||||||
+ address.is_private == address.ipv4_mapped.is_private
|
|
||||||
+
|
|
||||||
+ ``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10``
|
|
||||||
+ IPv4 range where they are both ``False``.
|
|
||||||
"""
|
|
||||||
- return any(self in net for net in self._constants._private_networks)
|
|
||||||
+ return (
|
|
||||||
+ any(self in net for net in self._constants._private_networks)
|
|
||||||
+ and all(self not in net for net in self._constants._private_networks_exceptions)
|
|
||||||
+ )
|
|
||||||
|
|
||||||
@property
|
|
||||||
@functools.lru_cache()
|
|
||||||
def is_global(self):
|
|
||||||
+ """``True`` if the address is defined as globally reachable by
|
|
||||||
+ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_
|
|
||||||
+ (for IPv6) with the following exception:
|
|
||||||
+
|
|
||||||
+ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the
|
|
||||||
+ semantics of the underlying IPv4 addresses and the following condition holds
|
|
||||||
+ (see :attr:`IPv6Address.ipv4_mapped`)::
|
|
||||||
+
|
|
||||||
+ address.is_global == address.ipv4_mapped.is_global
|
|
||||||
+
|
|
||||||
+ ``is_global`` has value opposite to :attr:`is_private`, except for the ``100.64.0.0/10``
|
|
||||||
+ IPv4 range where they are both ``False``.
|
|
||||||
+ """
|
|
||||||
return self not in self._constants._public_network and not self.is_private
|
|
||||||
|
|
||||||
@property
|
|
||||||
@@ -1548,13 +1575,15 @@ class _IPv4Constants:
|
|
||||||
|
|
||||||
_public_network = IPv4Network('100.64.0.0/10')
|
|
||||||
|
|
||||||
+ # Not globally reachable address blocks listed on
|
|
||||||
+ # https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
|
|
||||||
_private_networks = [
|
|
||||||
IPv4Network('0.0.0.0/8'),
|
|
||||||
IPv4Network('10.0.0.0/8'),
|
|
||||||
IPv4Network('127.0.0.0/8'),
|
|
||||||
IPv4Network('169.254.0.0/16'),
|
|
||||||
IPv4Network('172.16.0.0/12'),
|
|
||||||
- IPv4Network('192.0.0.0/29'),
|
|
||||||
+ IPv4Network('192.0.0.0/24'),
|
|
||||||
IPv4Network('192.0.0.170/31'),
|
|
||||||
IPv4Network('192.0.2.0/24'),
|
|
||||||
IPv4Network('192.168.0.0/16'),
|
|
||||||
@@ -1565,6 +1594,11 @@ class _IPv4Constants:
|
|
||||||
IPv4Network('255.255.255.255/32'),
|
|
||||||
]
|
|
||||||
|
|
||||||
+ _private_networks_exceptions = [
|
|
||||||
+ IPv4Network('192.0.0.9/32'),
|
|
||||||
+ IPv4Network('192.0.0.10/32'),
|
|
||||||
+ ]
|
|
||||||
+
|
|
||||||
_reserved_network = IPv4Network('240.0.0.0/4')
|
|
||||||
|
|
||||||
_unspecified_address = IPv4Address('0.0.0.0')
|
|
||||||
@@ -2010,27 +2044,42 @@ def is_site_local(self):
|
|
||||||
@property
|
|
||||||
@functools.lru_cache()
|
|
||||||
def is_private(self):
|
|
||||||
- """Test if this address is allocated for private networks.
|
|
||||||
+ """``True`` if the address is defined as not globally reachable by
|
|
||||||
+ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_
|
|
||||||
+ (for IPv6) with the following exceptions:
|
|
||||||
|
|
||||||
- Returns:
|
|
||||||
- A boolean, True if the address is reserved per
|
|
||||||
- iana-ipv6-special-registry, or is ipv4_mapped and is
|
|
||||||
- reserved in the iana-ipv4-special-registry.
|
|
||||||
+ * ``is_private`` is ``False`` for ``100.64.0.0/10``
|
|
||||||
+ * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the
|
|
||||||
+ semantics of the underlying IPv4 addresses and the following condition holds
|
|
||||||
+ (see :attr:`IPv6Address.ipv4_mapped`)::
|
|
||||||
|
|
||||||
+ address.is_private == address.ipv4_mapped.is_private
|
|
||||||
+
|
|
||||||
+ ``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10``
|
|
||||||
+ IPv4 range where they are both ``False``.
|
|
||||||
"""
|
|
||||||
ipv4_mapped = self.ipv4_mapped
|
|
||||||
if ipv4_mapped is not None:
|
|
||||||
return ipv4_mapped.is_private
|
|
||||||
- return any(self in net for net in self._constants._private_networks)
|
|
||||||
+ return (
|
|
||||||
+ any(self in net for net in self._constants._private_networks)
|
|
||||||
+ and all(self not in net for net in self._constants._private_networks_exceptions)
|
|
||||||
+ )
|
|
||||||
|
|
||||||
@property
|
|
||||||
def is_global(self):
|
|
||||||
- """Test if this address is allocated for public networks.
|
|
||||||
+ """``True`` if the address is defined as globally reachable by
|
|
||||||
+ iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_
|
|
||||||
+ (for IPv6) with the following exception:
|
|
||||||
|
|
||||||
- Returns:
|
|
||||||
- A boolean, true if the address is not reserved per
|
|
||||||
- iana-ipv6-special-registry.
|
|
||||||
+ For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the
|
|
||||||
+ semantics of the underlying IPv4 addresses and the following condition holds
|
|
||||||
+ (see :attr:`IPv6Address.ipv4_mapped`)::
|
|
||||||
+
|
|
||||||
+ address.is_global == address.ipv4_mapped.is_global
|
|
||||||
|
|
||||||
+ ``is_global`` has value opposite to :attr:`is_private`, except for the ``100.64.0.0/10``
|
|
||||||
+ IPv4 range where they are both ``False``.
|
|
||||||
"""
|
|
||||||
return not self.is_private
|
|
||||||
|
|
||||||
@@ -2271,19 +2320,31 @@ class _IPv6Constants:
|
|
||||||
|
|
||||||
_multicast_network = IPv6Network('ff00::/8')
|
|
||||||
|
|
||||||
+ # Not globally reachable address blocks listed on
|
|
||||||
+ # https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
|
|
||||||
_private_networks = [
|
|
||||||
IPv6Network('::1/128'),
|
|
||||||
IPv6Network('::/128'),
|
|
||||||
IPv6Network('::ffff:0:0/96'),
|
|
||||||
+ IPv6Network('64:ff9b:1::/48'),
|
|
||||||
IPv6Network('100::/64'),
|
|
||||||
IPv6Network('2001::/23'),
|
|
||||||
- IPv6Network('2001:2::/48'),
|
|
||||||
IPv6Network('2001:db8::/32'),
|
|
||||||
- IPv6Network('2001:10::/28'),
|
|
||||||
+ # IANA says N/A, let's consider it not globally reachable to be safe
|
|
||||||
+ IPv6Network('2002::/16'),
|
|
||||||
IPv6Network('fc00::/7'),
|
|
||||||
IPv6Network('fe80::/10'),
|
|
||||||
]
|
|
||||||
|
|
||||||
+ _private_networks_exceptions = [
|
|
||||||
+ IPv6Network('2001:1::1/128'),
|
|
||||||
+ IPv6Network('2001:1::2/128'),
|
|
||||||
+ IPv6Network('2001:3::/32'),
|
|
||||||
+ IPv6Network('2001:4:112::/48'),
|
|
||||||
+ IPv6Network('2001:20::/28'),
|
|
||||||
+ IPv6Network('2001:30::/28'),
|
|
||||||
+ ]
|
|
||||||
+
|
|
||||||
_reserved_networks = [
|
|
||||||
IPv6Network('::/8'), IPv6Network('100::/8'),
|
|
||||||
IPv6Network('200::/7'), IPv6Network('400::/6'),
|
|
||||||
diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
|
|
||||||
index fc27628af17f8d..16c34163a007a2 100644
|
|
||||||
--- a/Lib/test/test_ipaddress.py
|
|
||||||
+++ b/Lib/test/test_ipaddress.py
|
|
||||||
@@ -2269,6 +2269,10 @@ def testReservedIpv4(self):
|
|
||||||
self.assertEqual(True, ipaddress.ip_address(
|
|
||||||
'172.31.255.255').is_private)
|
|
||||||
self.assertEqual(False, ipaddress.ip_address('172.32.0.0').is_private)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('192.0.0.0').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('192.0.0.9').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('192.0.0.10').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('192.0.0.255').is_global)
|
|
||||||
|
|
||||||
self.assertEqual(True,
|
|
||||||
ipaddress.ip_address('169.254.100.200').is_link_local)
|
|
||||||
@@ -2294,6 +2298,7 @@ def testPrivateNetworks(self):
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("169.254.0.0/16").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("172.16.0.0/12").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("192.0.0.0/29").is_private)
|
|
||||||
+ self.assertEqual(False, ipaddress.ip_network("192.0.0.9/32").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("192.0.0.170/31").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("192.0.2.0/24").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("192.168.0.0/16").is_private)
|
|
||||||
@@ -2310,8 +2315,8 @@ def testPrivateNetworks(self):
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("::/128").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("::ffff:0:0/96").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("100::/64").is_private)
|
|
||||||
- self.assertEqual(True, ipaddress.ip_network("2001::/23").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("2001:2::/48").is_private)
|
|
||||||
+ self.assertEqual(False, ipaddress.ip_network("2001:3::/48").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("2001:db8::/32").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("2001:10::/28").is_private)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network("fc00::/7").is_private)
|
|
||||||
@@ -2390,6 +2395,20 @@ def testReservedIpv6(self):
|
|
||||||
self.assertEqual(True, ipaddress.ip_address('0::0').is_unspecified)
|
|
||||||
self.assertEqual(False, ipaddress.ip_address('::1').is_unspecified)
|
|
||||||
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('64:ff9b:1::').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('2001::').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('2001:1::1').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('2001:1::2').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('2001:2::').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('2001:3::').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('2001:4::').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('2001:4:112::').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('2001:10::').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('2001:20::').is_global)
|
|
||||||
+ self.assertTrue(ipaddress.ip_address('2001:30::').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('2001:40::').is_global)
|
|
||||||
+ self.assertFalse(ipaddress.ip_address('2002::').is_global)
|
|
||||||
+
|
|
||||||
# some generic IETF reserved addresses
|
|
||||||
self.assertEqual(True, ipaddress.ip_address('100::').is_reserved)
|
|
||||||
self.assertEqual(True, ipaddress.ip_network('4000::1/128').is_reserved)
|
|
||||||
diff --git a/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst b/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000000000..f9a72473be4e2c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst
|
|
||||||
@@ -0,0 +1,9 @@
|
|
||||||
+Fixed various false positives and false negatives in
|
|
||||||
+
|
|
||||||
+* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
|
|
||||||
+* :attr:`ipaddress.IPv4Address.is_global`
|
|
||||||
+* :attr:`ipaddress.IPv6Address.is_private`
|
|
||||||
+* :attr:`ipaddress.IPv6Address.is_global`
|
|
||||||
+
|
|
||||||
+Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network`
|
|
||||||
+attributes.
|
|
@ -1,365 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Viktorin <encukou@gmail.com>
|
|
||||||
Date: Wed, 31 Jul 2024 00:19:48 +0200
|
|
||||||
Subject: [PATCH] 00435: gh-121650: Encode newlines in headers, and verify
|
|
||||||
headers are sound (GH-122233)
|
|
||||||
|
|
||||||
Per RFC 2047:
|
|
||||||
|
|
||||||
> [...] these encoding schemes allow the
|
|
||||||
> encoding of arbitrary octet values, mail readers that implement this
|
|
||||||
> decoding should also ensure that display of the decoded data on the
|
|
||||||
> recipient's terminal will not cause unwanted side-effects
|
|
||||||
|
|
||||||
It seems that the "quoted-word" scheme is a valid way to include
|
|
||||||
a newline character in a header value, just like we already allow
|
|
||||||
undecodable bytes or control characters.
|
|
||||||
They do need to be properly quoted when serialized to text, though.
|
|
||||||
|
|
||||||
This should fail for custom fold() implementations that aren't careful
|
|
||||||
about newlines.
|
|
||||||
|
|
||||||
(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)
|
|
||||||
|
|
||||||
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
|
||||||
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
|
|
||||||
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
||||||
---
|
|
||||||
Doc/library/email.errors.rst | 7 +++
|
|
||||||
Doc/library/email.policy.rst | 18 ++++++
|
|
||||||
Doc/whatsnew/3.11.rst | 13 ++++
|
|
||||||
Lib/email/_header_value_parser.py | 12 +++-
|
|
||||||
Lib/email/_policybase.py | 8 +++
|
|
||||||
Lib/email/errors.py | 4 ++
|
|
||||||
Lib/email/generator.py | 13 +++-
|
|
||||||
Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++
|
|
||||||
Lib/test/test_email/test_policy.py | 26 ++++++++
|
|
||||||
...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++
|
|
||||||
10 files changed, 164 insertions(+), 4 deletions(-)
|
|
||||||
create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
|
|
||||||
|
|
||||||
diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst
|
|
||||||
index 56aea6598b..27b0481a85 100644
|
|
||||||
--- a/Doc/library/email.errors.rst
|
|
||||||
+++ b/Doc/library/email.errors.rst
|
|
||||||
@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module:
|
|
||||||
:class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g.
|
|
||||||
:class:`~email.mime.image.MIMEImage`).
|
|
||||||
|
|
||||||
+
|
|
||||||
+.. exception:: HeaderWriteError()
|
|
||||||
+
|
|
||||||
+ Raised when an error occurs when the :mod:`~email.generator` outputs
|
|
||||||
+ headers.
|
|
||||||
+
|
|
||||||
+
|
|
||||||
.. exception:: MessageDefect()
|
|
||||||
|
|
||||||
This is the base class for all defects found when parsing email messages.
|
|
||||||
diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst
|
|
||||||
index bb406c5a56..3edba4028b 100644
|
|
||||||
--- a/Doc/library/email.policy.rst
|
|
||||||
+++ b/Doc/library/email.policy.rst
|
|
||||||
@@ -228,6 +228,24 @@ added matters. To illustrate::
|
|
||||||
|
|
||||||
.. versionadded:: 3.6
|
|
||||||
|
|
||||||
+
|
|
||||||
+ .. attribute:: verify_generated_headers
|
|
||||||
+
|
|
||||||
+ If ``True`` (the default), the generator will raise
|
|
||||||
+ :exc:`~email.errors.HeaderWriteError` instead of writing a header
|
|
||||||
+ that is improperly folded or delimited, such that it would
|
|
||||||
+ be parsed as multiple headers or joined with adjacent data.
|
|
||||||
+ Such headers can be generated by custom header classes or bugs
|
|
||||||
+ in the ``email`` module.
|
|
||||||
+
|
|
||||||
+ As it's a security feature, this defaults to ``True`` even in the
|
|
||||||
+ :class:`~email.policy.Compat32` policy.
|
|
||||||
+ For backwards compatible, but unsafe, behavior, it must be set to
|
|
||||||
+ ``False`` explicitly.
|
|
||||||
+
|
|
||||||
+ .. versionadded:: 3.11.10
|
|
||||||
+
|
|
||||||
+
|
|
||||||
The following :class:`Policy` method is intended to be called by code using
|
|
||||||
the email library to create policy instances with custom settings:
|
|
||||||
|
|
||||||
diff --git a/Doc/whatsnew/3.11.rst b/Doc/whatsnew/3.11.rst
|
|
||||||
index 42b61c75c7..f12c871998 100644
|
|
||||||
--- a/Doc/whatsnew/3.11.rst
|
|
||||||
+++ b/Doc/whatsnew/3.11.rst
|
|
||||||
@@ -2728,6 +2728,7 @@ OpenSSL
|
|
||||||
|
|
||||||
.. _libb2: https://www.blake2.net/
|
|
||||||
|
|
||||||
+
|
|
||||||
Notable changes in 3.11.10
|
|
||||||
==========================
|
|
||||||
|
|
||||||
@@ -2736,3 +2737,15 @@ ipaddress
|
|
||||||
|
|
||||||
* Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``,
|
|
||||||
``IPv6Address``, ``IPv4Network`` and ``IPv6Network``.
|
|
||||||
+
|
|
||||||
+email
|
|
||||||
+-----
|
|
||||||
+
|
|
||||||
+* Headers with embedded newlines are now quoted on output.
|
|
||||||
+
|
|
||||||
+ The :mod:`~email.generator` will now refuse to serialize (write) headers
|
|
||||||
+ that are improperly folded or delimited, such that they would be parsed as
|
|
||||||
+ multiple headers or joined with adjacent data.
|
|
||||||
+ If you need to turn this safety feature off,
|
|
||||||
+ set :attr:`~email.policy.Policy.verify_generated_headers`.
|
|
||||||
+ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.)
|
|
||||||
diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
|
|
||||||
index 8cb8852cf0..255a953092 100644
|
|
||||||
--- a/Lib/email/_header_value_parser.py
|
|
||||||
+++ b/Lib/email/_header_value_parser.py
|
|
||||||
@@ -92,6 +92,8 @@
|
|
||||||
ASPECIALS = TSPECIALS | set("*'%")
|
|
||||||
ATTRIBUTE_ENDS = ASPECIALS | WSP
|
|
||||||
EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%')
|
|
||||||
+NLSET = {'\n', '\r'}
|
|
||||||
+SPECIALSNL = SPECIALS | NLSET
|
|
||||||
|
|
||||||
def quote_string(value):
|
|
||||||
return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"'
|
|
||||||
@@ -2780,9 +2782,13 @@ def _refold_parse_tree(parse_tree, *, policy):
|
|
||||||
wrap_as_ew_blocked -= 1
|
|
||||||
continue
|
|
||||||
tstr = str(part)
|
|
||||||
- if part.token_type == 'ptext' and set(tstr) & SPECIALS:
|
|
||||||
- # Encode if tstr contains special characters.
|
|
||||||
- want_encoding = True
|
|
||||||
+ if not want_encoding:
|
|
||||||
+ if part.token_type == 'ptext':
|
|
||||||
+ # Encode if tstr contains special characters.
|
|
||||||
+ want_encoding = not SPECIALSNL.isdisjoint(tstr)
|
|
||||||
+ else:
|
|
||||||
+ # Encode if tstr contains newlines.
|
|
||||||
+ want_encoding = not NLSET.isdisjoint(tstr)
|
|
||||||
try:
|
|
||||||
tstr.encode(encoding)
|
|
||||||
charset = encoding
|
|
||||||
diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py
|
|
||||||
index c9cbadd2a8..d1f48211f9 100644
|
|
||||||
--- a/Lib/email/_policybase.py
|
|
||||||
+++ b/Lib/email/_policybase.py
|
|
||||||
@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
|
|
||||||
message_factory -- the class to use to create new message objects.
|
|
||||||
If the value is None, the default is Message.
|
|
||||||
|
|
||||||
+ verify_generated_headers
|
|
||||||
+ -- if true, the generator verifies that each header
|
|
||||||
+ they are properly folded, so that a parser won't
|
|
||||||
+ treat it as multiple headers, start-of-body, or
|
|
||||||
+ part of another header.
|
|
||||||
+ This is a check against custom Header & fold()
|
|
||||||
+ implementations.
|
|
||||||
"""
|
|
||||||
|
|
||||||
raise_on_defect = False
|
|
||||||
@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
|
|
||||||
max_line_length = 78
|
|
||||||
mangle_from_ = False
|
|
||||||
message_factory = None
|
|
||||||
+ verify_generated_headers = True
|
|
||||||
|
|
||||||
def handle_defect(self, obj, defect):
|
|
||||||
"""Based on policy, either raise defect or call register_defect.
|
|
||||||
diff --git a/Lib/email/errors.py b/Lib/email/errors.py
|
|
||||||
index 3ad0056554..02aa5eced6 100644
|
|
||||||
--- a/Lib/email/errors.py
|
|
||||||
+++ b/Lib/email/errors.py
|
|
||||||
@@ -29,6 +29,10 @@ class CharsetError(MessageError):
|
|
||||||
"""An illegal charset was given."""
|
|
||||||
|
|
||||||
|
|
||||||
+class HeaderWriteError(MessageError):
|
|
||||||
+ """Error while writing headers."""
|
|
||||||
+
|
|
||||||
+
|
|
||||||
# These are parsing defects which the parser was able to work around.
|
|
||||||
class MessageDefect(ValueError):
|
|
||||||
"""Base class for a message defect."""
|
|
||||||
diff --git a/Lib/email/generator.py b/Lib/email/generator.py
|
|
||||||
index eb597de76d..563ca17072 100644
|
|
||||||
--- a/Lib/email/generator.py
|
|
||||||
+++ b/Lib/email/generator.py
|
|
||||||
@@ -14,12 +14,14 @@
|
|
||||||
from copy import deepcopy
|
|
||||||
from io import StringIO, BytesIO
|
|
||||||
from email.utils import _has_surrogates
|
|
||||||
+from email.errors import HeaderWriteError
|
|
||||||
|
|
||||||
UNDERSCORE = '_'
|
|
||||||
NL = '\n' # XXX: no longer used by the code below.
|
|
||||||
|
|
||||||
NLCRE = re.compile(r'\r\n|\r|\n')
|
|
||||||
fcre = re.compile(r'^From ', re.MULTILINE)
|
|
||||||
+NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]')
|
|
||||||
|
|
||||||
|
|
||||||
class Generator:
|
|
||||||
@@ -222,7 +224,16 @@ def _dispatch(self, msg):
|
|
||||||
|
|
||||||
def _write_headers(self, msg):
|
|
||||||
for h, v in msg.raw_items():
|
|
||||||
- self.write(self.policy.fold(h, v))
|
|
||||||
+ folded = self.policy.fold(h, v)
|
|
||||||
+ if self.policy.verify_generated_headers:
|
|
||||||
+ linesep = self.policy.linesep
|
|
||||||
+ if not folded.endswith(self.policy.linesep):
|
|
||||||
+ raise HeaderWriteError(
|
|
||||||
+ f'folded header does not end with {linesep!r}: {folded!r}')
|
|
||||||
+ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)):
|
|
||||||
+ raise HeaderWriteError(
|
|
||||||
+ f'folded header contains newline: {folded!r}')
|
|
||||||
+ self.write(folded)
|
|
||||||
# A blank line always separates headers from body
|
|
||||||
self.write(self._NL)
|
|
||||||
|
|
||||||
diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py
|
|
||||||
index 89e7edeb63..d29400f0ed 100644
|
|
||||||
--- a/Lib/test/test_email/test_generator.py
|
|
||||||
+++ b/Lib/test/test_email/test_generator.py
|
|
||||||
@@ -6,6 +6,7 @@
|
|
||||||
from email.generator import Generator, BytesGenerator
|
|
||||||
from email.headerregistry import Address
|
|
||||||
from email import policy
|
|
||||||
+import email.errors
|
|
||||||
from test.test_email import TestEmailBase, parameterize
|
|
||||||
|
|
||||||
|
|
||||||
@@ -216,6 +217,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self):
|
|
||||||
g.flatten(msg)
|
|
||||||
self.assertEqual(s.getvalue(), self.typ(expected))
|
|
||||||
|
|
||||||
+ def test_keep_encoded_newlines(self):
|
|
||||||
+ msg = self.msgmaker(self.typ(textwrap.dedent("""\
|
|
||||||
+ To: nobody
|
|
||||||
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
|
|
||||||
+
|
|
||||||
+ None
|
|
||||||
+ """)))
|
|
||||||
+ expected = textwrap.dedent("""\
|
|
||||||
+ To: nobody
|
|
||||||
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
|
|
||||||
+
|
|
||||||
+ None
|
|
||||||
+ """)
|
|
||||||
+ s = self.ioclass()
|
|
||||||
+ g = self.genclass(s, policy=self.policy.clone(max_line_length=80))
|
|
||||||
+ g.flatten(msg)
|
|
||||||
+ self.assertEqual(s.getvalue(), self.typ(expected))
|
|
||||||
+
|
|
||||||
+ def test_keep_long_encoded_newlines(self):
|
|
||||||
+ msg = self.msgmaker(self.typ(textwrap.dedent("""\
|
|
||||||
+ To: nobody
|
|
||||||
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
|
|
||||||
+
|
|
||||||
+ None
|
|
||||||
+ """)))
|
|
||||||
+ expected = textwrap.dedent("""\
|
|
||||||
+ To: nobody
|
|
||||||
+ Subject: Bad subject
|
|
||||||
+ =?utf-8?q?=0A?=Bcc:
|
|
||||||
+ injection@example.com
|
|
||||||
+
|
|
||||||
+ None
|
|
||||||
+ """)
|
|
||||||
+ s = self.ioclass()
|
|
||||||
+ g = self.genclass(s, policy=self.policy.clone(max_line_length=30))
|
|
||||||
+ g.flatten(msg)
|
|
||||||
+ self.assertEqual(s.getvalue(), self.typ(expected))
|
|
||||||
+
|
|
||||||
|
|
||||||
class TestGenerator(TestGeneratorBase, TestEmailBase):
|
|
||||||
|
|
||||||
@@ -224,6 +263,29 @@ class TestGenerator(TestGeneratorBase, TestEmailBase):
|
|
||||||
ioclass = io.StringIO
|
|
||||||
typ = str
|
|
||||||
|
|
||||||
+ def test_verify_generated_headers(self):
|
|
||||||
+ """gh-121650: by default the generator prevents header injection"""
|
|
||||||
+ class LiteralHeader(str):
|
|
||||||
+ name = 'Header'
|
|
||||||
+ def fold(self, **kwargs):
|
|
||||||
+ return self
|
|
||||||
+
|
|
||||||
+ for text in (
|
|
||||||
+ 'Value\r\nBad Injection\r\n',
|
|
||||||
+ 'NoNewLine'
|
|
||||||
+ ):
|
|
||||||
+ with self.subTest(text=text):
|
|
||||||
+ message = message_from_string(
|
|
||||||
+ "Header: Value\r\n\r\nBody",
|
|
||||||
+ policy=self.policy,
|
|
||||||
+ )
|
|
||||||
+
|
|
||||||
+ del message['Header']
|
|
||||||
+ message['Header'] = LiteralHeader(text)
|
|
||||||
+
|
|
||||||
+ with self.assertRaises(email.errors.HeaderWriteError):
|
|
||||||
+ message.as_string()
|
|
||||||
+
|
|
||||||
|
|
||||||
class TestBytesGenerator(TestGeneratorBase, TestEmailBase):
|
|
||||||
|
|
||||||
diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py
|
|
||||||
index c6b9c80efe..baa35fd68e 100644
|
|
||||||
--- a/Lib/test/test_email/test_policy.py
|
|
||||||
+++ b/Lib/test/test_email/test_policy.py
|
|
||||||
@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase):
|
|
||||||
'raise_on_defect': False,
|
|
||||||
'mangle_from_': True,
|
|
||||||
'message_factory': None,
|
|
||||||
+ 'verify_generated_headers': True,
|
|
||||||
}
|
|
||||||
# These default values are the ones set on email.policy.default.
|
|
||||||
# If any of these defaults change, the docs must be updated.
|
|
||||||
@@ -294,6 +295,31 @@ def test_short_maxlen_error(self):
|
|
||||||
with self.assertRaises(email.errors.HeaderParseError):
|
|
||||||
policy.fold("Subject", subject)
|
|
||||||
|
|
||||||
+ def test_verify_generated_headers(self):
|
|
||||||
+ """Turning protection off allows header injection"""
|
|
||||||
+ policy = email.policy.default.clone(verify_generated_headers=False)
|
|
||||||
+ for text in (
|
|
||||||
+ 'Header: Value\r\nBad: Injection\r\n',
|
|
||||||
+ 'Header: NoNewLine'
|
|
||||||
+ ):
|
|
||||||
+ with self.subTest(text=text):
|
|
||||||
+ message = email.message_from_string(
|
|
||||||
+ "Header: Value\r\n\r\nBody",
|
|
||||||
+ policy=policy,
|
|
||||||
+ )
|
|
||||||
+ class LiteralHeader(str):
|
|
||||||
+ name = 'Header'
|
|
||||||
+ def fold(self, **kwargs):
|
|
||||||
+ return self
|
|
||||||
+
|
|
||||||
+ del message['Header']
|
|
||||||
+ message['Header'] = LiteralHeader(text)
|
|
||||||
+
|
|
||||||
+ self.assertEqual(
|
|
||||||
+ message.as_string(),
|
|
||||||
+ f"{text}\nBody",
|
|
||||||
+ )
|
|
||||||
+
|
|
||||||
# XXX: Need subclassing tests.
|
|
||||||
# For adding subclassed objects, make sure the usual rules apply (subclass
|
|
||||||
# wins), but that the order still works (right overrides left).
|
|
||||||
diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..83dd28d4ac
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
|
|
||||||
@@ -0,0 +1,5 @@
|
|
||||||
+:mod:`email` headers with embedded newlines are now quoted on output. The
|
|
||||||
+:mod:`~email.generator` will now refuse to serialize (write) headers that
|
|
||||||
+are unsafely folded or delimited; see
|
|
||||||
+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
|
|
||||||
+Bloemsaat and Petr Viktorin in :gh:`121650`.)
|
|
@ -1,128 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Jason R. Coombs" <jaraco@jaraco.com>
|
|
||||||
Date: Mon, 19 Aug 2024 19:28:20 -0400
|
|
||||||
Subject: [PATCH] 00436: [CVE-2024-8088] gh-122905: Sanitize names in
|
|
||||||
zipfile.Path.
|
|
||||||
|
|
||||||
Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
|
|
||||||
---
|
|
||||||
Lib/test/test_zipfile.py | 17 ++++++
|
|
||||||
Lib/zipfile.py | 61 ++++++++++++++++++-
|
|
||||||
...-08-11-14-08-04.gh-issue-122905.7tDsxA.rst | 1 +
|
|
||||||
3 files changed, 78 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
|
||||||
|
|
||||||
diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py
|
|
||||||
index 4de6f379a4..8bdc7a1b7d 100644
|
|
||||||
--- a/Lib/test/test_zipfile.py
|
|
||||||
+++ b/Lib/test/test_zipfile.py
|
|
||||||
@@ -3651,6 +3651,23 @@ def test_extract_orig_with_implied_dirs(self, alpharep):
|
|
||||||
zipfile.Path(zf)
|
|
||||||
zf.extractall(source_path.parent)
|
|
||||||
|
|
||||||
+ def test_malformed_paths(self):
|
|
||||||
+ """
|
|
||||||
+ Path should handle malformed paths.
|
|
||||||
+ """
|
|
||||||
+ data = io.BytesIO()
|
|
||||||
+ zf = zipfile.ZipFile(data, "w")
|
|
||||||
+ zf.writestr("/one-slash.txt", b"content")
|
|
||||||
+ zf.writestr("//two-slash.txt", b"content")
|
|
||||||
+ zf.writestr("../parent.txt", b"content")
|
|
||||||
+ zf.filename = ''
|
|
||||||
+ root = zipfile.Path(zf)
|
|
||||||
+ assert list(map(str, root.iterdir())) == [
|
|
||||||
+ 'one-slash.txt',
|
|
||||||
+ 'two-slash.txt',
|
|
||||||
+ 'parent.txt',
|
|
||||||
+ ]
|
|
||||||
+
|
|
||||||
|
|
||||||
class EncodedMetadataTests(unittest.TestCase):
|
|
||||||
file_names = ['\u4e00', '\u4e8c', '\u4e09'] # Han 'one', 'two', 'three'
|
|
||||||
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
|
|
||||||
index 86829abce4..b7bf9ef7e3 100644
|
|
||||||
--- a/Lib/zipfile.py
|
|
||||||
+++ b/Lib/zipfile.py
|
|
||||||
@@ -9,6 +9,7 @@
|
|
||||||
import itertools
|
|
||||||
import os
|
|
||||||
import posixpath
|
|
||||||
+import re
|
|
||||||
import shutil
|
|
||||||
import stat
|
|
||||||
import struct
|
|
||||||
@@ -2243,7 +2244,65 @@ def _difference(minuend, subtrahend):
|
|
||||||
return itertools.filterfalse(set(subtrahend).__contains__, minuend)
|
|
||||||
|
|
||||||
|
|
||||||
-class CompleteDirs(ZipFile):
|
|
||||||
+class SanitizedNames:
|
|
||||||
+ """
|
|
||||||
+ ZipFile mix-in to ensure names are sanitized.
|
|
||||||
+ """
|
|
||||||
+
|
|
||||||
+ def namelist(self):
|
|
||||||
+ return list(map(self._sanitize, super().namelist()))
|
|
||||||
+
|
|
||||||
+ @staticmethod
|
|
||||||
+ def _sanitize(name):
|
|
||||||
+ r"""
|
|
||||||
+ Ensure a relative path with posix separators and no dot names.
|
|
||||||
+ Modeled after
|
|
||||||
+ https://github.com/python/cpython/blob/bcc1be39cb1d04ad9fc0bd1b9193d3972835a57c/Lib/zipfile/__init__.py#L1799-L1813
|
|
||||||
+ but provides consistent cross-platform behavior.
|
|
||||||
+ >>> san = SanitizedNames._sanitize
|
|
||||||
+ >>> san('/foo/bar')
|
|
||||||
+ 'foo/bar'
|
|
||||||
+ >>> san('//foo.txt')
|
|
||||||
+ 'foo.txt'
|
|
||||||
+ >>> san('foo/.././bar.txt')
|
|
||||||
+ 'foo/bar.txt'
|
|
||||||
+ >>> san('foo../.bar.txt')
|
|
||||||
+ 'foo../.bar.txt'
|
|
||||||
+ >>> san('\\foo\\bar.txt')
|
|
||||||
+ 'foo/bar.txt'
|
|
||||||
+ >>> san('D:\\foo.txt')
|
|
||||||
+ 'D/foo.txt'
|
|
||||||
+ >>> san('\\\\server\\share\\file.txt')
|
|
||||||
+ 'server/share/file.txt'
|
|
||||||
+ >>> san('\\\\?\\GLOBALROOT\\Volume3')
|
|
||||||
+ '?/GLOBALROOT/Volume3'
|
|
||||||
+ >>> san('\\\\.\\PhysicalDrive1\\root')
|
|
||||||
+ 'PhysicalDrive1/root'
|
|
||||||
+ Retain any trailing slash.
|
|
||||||
+ >>> san('abc/')
|
|
||||||
+ 'abc/'
|
|
||||||
+ Raises a ValueError if the result is empty.
|
|
||||||
+ >>> san('../..')
|
|
||||||
+ Traceback (most recent call last):
|
|
||||||
+ ...
|
|
||||||
+ ValueError: Empty filename
|
|
||||||
+ """
|
|
||||||
+
|
|
||||||
+ def allowed(part):
|
|
||||||
+ return part and part not in {'..', '.'}
|
|
||||||
+
|
|
||||||
+ # Remove the drive letter.
|
|
||||||
+ # Don't use ntpath.splitdrive, because that also strips UNC paths
|
|
||||||
+ bare = re.sub('^([A-Z]):', r'\1', name, flags=re.IGNORECASE)
|
|
||||||
+ clean = bare.replace('\\', '/')
|
|
||||||
+ parts = clean.split('/')
|
|
||||||
+ joined = '/'.join(filter(allowed, parts))
|
|
||||||
+ if not joined:
|
|
||||||
+ raise ValueError("Empty filename")
|
|
||||||
+ return joined + '/' * name.endswith('/')
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+class CompleteDirs(SanitizedNames, ZipFile):
|
|
||||||
"""
|
|
||||||
A ZipFile subclass that ensures that implied directories
|
|
||||||
are always included in the namelist.
|
|
||||||
diff --git a/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..1be44c906c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
|
||||||
@@ -0,0 +1 @@
|
|
||||||
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
|
|
Loading…
Reference in new issue