Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) #30803

Merged
merged 2 commits into from
Jan 23, 2022
Merged

bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) #30803

merged 2 commits into from
Jan 23, 2022

Conversation

jaraco
Copy link
Member

@jaraco jaraco commented Jan 22, 2022
edited
Loading

  • bpo-46474: Fix for REDoS in EntryPoint.pattern (importlib_metadata 4.10.1).

https://bugs.python.org/issue46474

@jaraco jaraco force-pushed the bpo-46474/entrypoint-regex-fix branch from 84d3bd8 to 567eb96 Compare January 22, 2022 19:53
@jaraco jaraco changed the base branch from main to bpo-46474/entrypoint-regex January 22, 2022 19:53
@jaraco jaraco added needs backport to 3.8 needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes type-security A security issue labels Jan 22, 2022
Base automatically changed from bpo-46474/entrypoint-regex to main January 23, 2022 02:39
@jaraco jaraco merged commit 51c3e28 into main Jan 23, 2022
@jaraco jaraco deleted the bpo-46474/entrypoint-regex-fix branch January 23, 2022 04:00
@miss-islington
Copy link
Contributor

Thanks @jaraco for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9, 3.10.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry @jaraco, I had trouble checking out the 3.10 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.10

@miss-islington
Copy link
Contributor

Sorry, @jaraco, I could not cleanly backport this to 3.9 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.9

@miss-islington
Copy link
Contributor

Sorry @jaraco, I had trouble checking out the 3.8 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.8

@miss-islington
Copy link
Contributor

Sorry, @jaraco, I could not cleanly backport this to 3.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.7

jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.10] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with import…
39d0ea1 
…lib_metadata 4.10.1) (GH-30803)

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
@bedevere-bot
Copy link

GH-30827 is a backport of this pull request to the 3.10 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.10 only security fixes label Jan 23, 2022
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.9] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
14fda9d 
…ib_metadata 4.10.1) (GH-30803).

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
@bedevere-bot
Copy link

GH-30828 is a backport of this pull request to the 3.9 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.9 only security fixes label Jan 23, 2022
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.8] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
e6d0920 
…ib_metadata 4.10.1) (GH-30803).

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
@bedevere-bot
Copy link

GH-30829 is a backport of this pull request to the 3.8 branch.

jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.8] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
6e4eb09 
…ib_metadata 4.10.1) (GH-30803).

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.10] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with import…
a7a4ca4 
…lib_metadata 4.10.1) (GH-30803) (GH-30827)

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.9] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
1514d12 
…ib_metadata 4.10.1) (GH-30803). (GH-30828)

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
ambv pushed a commit that referenced this pull request Feb 14, 2022
@jaraco
[3.8] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
8a84aef 
…ib_metadata 4.10.1) (GH-30803). (#30829)

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
@sobolevn sobolevn mentioned this pull request Apr 16, 2022
Closed
hello-adam pushed a commit to hello-adam/cpython that referenced this pull request Jun 2, 2022
@jaraco @hello-adam
[3.9] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
0c37b72 
…ib_metadata 4.10.1) (pythonGH-30803). (pythonGH-30828)

(cherry picked from commit 51c3e28)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jaraco jaraco

Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jaraco @miss-islington @bedevere-bot @the-knights-who-say-ni