From 51c3e28c8a163e58dc753765e3cc51d5a717e70d Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Sat, 22 Jan 2022 23:00:23 -0500
Subject: [PATCH] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with
 importlib_metadata 4.10.1) (GH-30803)

---
 Lib/importlib/metadata/__init__.py                            | 4 ++--
 .../next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst     | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst

diff --git a/Lib/importlib/metadata/__init__.py b/Lib/importlib/metadata/__init__.py
index 5ef6d9dc4893d1..371c4822095862 100644
--- a/Lib/importlib/metadata/__init__.py
+++ b/Lib/importlib/metadata/__init__.py
@@ -156,8 +156,8 @@ class EntryPoint(DeprecatedTuple):
 
     pattern = re.compile(
         r'(?P<module>[\w.]+)\s*'
-        r'(:\s*(?P<attr>[\w.]+))?\s*'
-        r'(?P<extras>\[.*\])?\s*$'
+        r'(:\s*(?P<attr>[\w.]+)\s*)?'
+        r'((?P<extras>\[.*\])\s*)?$'
     )
     """
     A regular expression describing the syntax for an entry point,
diff --git a/Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst b/Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst
new file mode 100644
index 00000000000000..156b7de4f67877
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-01-22-14-49-10.bpo-46474.eKQhvx.rst
@@ -0,0 +1,2 @@
+In ``importlib.metadata.EntryPoint.pattern``, avoid potential REDoS by
+limiting ambiguity in consecutive whitespace.