Skip to content

bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1)#30803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jaraco merged 2 commits into from
Jan 23, 2022
Merged

bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) #30803

jaraco merged 2 commits into from
Jan 23, 2022

Conversation

@jaraco
Copy link
Member

@jaracojaraco commented Jan 22, 2022
edited
Loading

  • bpo-46474: Fix for REDoS in EntryPoint.pattern (importlib_metadata 4.10.1).

https://bugs.python.org/issue46474

@jaracojaracoforce-pushed the bpo-46474/entrypoint-regex-fix branch from 84d3bd8 to 567eb96CompareJanuary 22, 2022 19:53
@jaracojaraco changed the base branch from main to bpo-46474/entrypoint-regexJanuary 22, 2022 19:53
Base automatically changed from bpo-46474/entrypoint-regex to mainJanuary 23, 2022 02:39
@jaracojaraco merged commit 51c3e28 into mainJan 23, 2022
@jaracojaraco deleted the bpo-46474/entrypoint-regex-fix branch January 23, 2022 04:00
@miss-islington
Copy link
Contributor

miss-islington commented Jan 23, 2022

Thanks @jaraco for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7, 3.8, 3.9, 3.10.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

miss-islington commented Jan 23, 2022

Sorry @jaraco, I had trouble checking out the 3.10 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.10

@miss-islington
Copy link
Contributor

miss-islington commented Jan 23, 2022

Sorry, @jaraco, I could not cleanly backport this to 3.9 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.9

@miss-islington
Copy link
Contributor

miss-islington commented Jan 23, 2022

Sorry @jaraco, I had trouble checking out the 3.8 backport branch.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.8

@miss-islington
Copy link
Contributor

miss-islington commented Jan 23, 2022

Sorry, @jaraco, I could not cleanly backport this to 3.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 51c3e28c8a163e58dc753765e3cc51d5a717e70d 3.7

jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.10]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with import…
39d0ea1
…lib_metadata 4.10.1) (GH-30803) (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented Jan 23, 2022

GH-30827 is a backport of this pull request to the 3.10 branch.

@bedevere-botbedevere-bot removed the needs backport to 3.10 only security fixes label Jan 23, 2022
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.9]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
14fda9d
…ib_metadata 4.10.1) (GH-30803). (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented Jan 23, 2022

GH-30828 is a backport of this pull request to the 3.9 branch.

jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.8]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
e6d0920
…ib_metadata 4.10.1) (GH-30803). (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
@bedevere-bot
Copy link

bedevere-bot commented Jan 23, 2022

GH-30829 is a backport of this pull request to the 3.8 branch.

jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.8]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
6e4eb09
…ib_metadata 4.10.1) (GH-30803). (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.10]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with import…
a7a4ca4
…lib_metadata 4.10.1) (GH-30803) (GH-30827) (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
jaraco added a commit that referenced this pull request Jan 23, 2022
@jaraco
[3.9]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
1514d12
…ib_metadata 4.10.1) (GH-30803). (GH-30828) (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
ambv pushed a commit that referenced this pull request Feb 14, 2022
@jaraco
[3.8]bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
8a84aef
…ib_metadata 4.10.1) (GH-30803). (#30829) (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
@sobolevnsobolevn mentioned this pull request Apr 16, 2022
Closed
hello-adam pushed a commit to hello-adam/cpython that referenced this pull request Jun 2, 2022
@jaraco@hello-adam
[3.9] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importl…
0c37b72
…ib_metadata 4.10.1) (pythonGH-30803). (pythonGH-30828) (cherry picked from commit 51c3e28) Co-authored-by: Jason R. Coombs <[email protected]>
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jaracojaraco

Labels

type-securityA security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jaraco@miss-islington@bedevere-bot@the-knights-who-say-ni