-
-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3.8] bpo-36384: Leading zeros in IPv4 addresses are no longer tolerated (GH-25099) #27801
Conversation
…ythonGH-25099) Reverts commit e653d4d and makes parsing even more strict. Like socket.inet_pton() any leading zero is now treated as invalid input. Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Hello, and thanks for your contribution! I'm a bot set up to make sure that the project can legally accept this contribution by verifying everyone involved has signed the PSF contributor agreement (CLA). Recognized GitHub usernameWe couldn't find a bugs.python.org (b.p.o) account corresponding to the following GitHub usernames: This might be simply due to a missing "GitHub Name" entry in one's b.p.o account settings. This is necessary for legal reasons before we can look at this contribution. Please follow the steps outlined in the CPython devguide to rectify this issue. You can check yourself to see if the CLA has been received. Thanks again for the contribution, we look forward to reviewing it! |
See: https://bugs.python.org/issue36384#msg392684
|
@ambv please take note of my reply here, on why I think this is needed still: https://bugs.python.org/issue36384#msg399801 thx |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the backport. We need two more things. The first is mentioned in an inline comment. And the second is about "What's New". See how GH-25099 also touches Doc/whatsnew/3.9.rst
? This backport will need to do the same for Doc/whatsnew/3.8.rst
, adding "Notable Changes in Python 3.8.12". You can copy the text verbatim from the respective whatsnew edit in GH-25099.
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
I have made the requested changes; please review again. |
Thanks for making the requested changes! @ambv: please review the changes made to this pull request. |
@ambv I am pretty new with this workflow, would you mind helping me understand what the next step is, or perhaps the timeline of when this PR can get merged, and how it would be possible for us to start using the new python version, (let's say from conda since that's what we use). |
@achraf-mer, assuming all tests pass on this PR, I will merge it. It will be released as Python 3.8.12 on August 30th alongside Python 3.9.7. I will also make pull requests to the 3.9, 3.10, and main (3.11) branches to amend the This PR is currently the only fix slated for 3.8.12 (there are literally only 3 other commits on the branch, two are doc updates and one is a test improvement). Not sure how soon conda will release 3.8.12. Looking at 3.8.11, it took them 37 days from release (2021-06-28) to availability on https://anaconda.org/anaconda/python/files (2021-08-04). |
@achraf-mer, thank you for taking your time reporting and contributing the backport. You likely saved us a lot of grief we'd otherwise face due to the overblown severity mark on the CVE. |
@ambv 👍 thanks for the prompt reply+review. |
https://bugs.python.org/issue36384