Message345960
Using git bisect, I found which commit introduced the regression, bpo-27240:
commit a87ba60fe56ae2ebe80ab9ada6d280a6a1f3d552
Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Sun Dec 3 16:46:23 2017 -0800
bpo-27240 Rewrite the email header folding algorithm. (GH-3488) (#4693)
The original algorithm tried to delegate the folding to the tokens so
that those tokens whose folding rules differed could specify the
differences. However, this resulted in a lot of duplicated code because
most of the rules were the same.
The new algorithm moves all folding logic into a set of functions
external to the token classes, but puts the information about which
tokens can be folded in which ways on the tokens...with the exception of
mime-parameters, which are a special case (which was not even
implemented in the old folder).
This algorithm can still probably be improved and hopefully simplified
somewhat.
Note that some of the test expectations are changed. I believe the
changes are toward more desirable and consistent behavior: in general
when (re) folding a line the canonical version of the tokens is
generated, rather than preserving errors or extra whitespace.
(cherry picked from commit 85d5c18c9d83a1d54eecc4c2ad4dce63194107c6)
The first vulnerable release is Python 3.6.4: Python 3.6.3 and older are not affected by this vulnerability. So yes, I confirm that Python 2.7 and 3.5 are not vulnerable. By the way, a backport to 3.5 was requested but rejected :-)
https://bugs.python.org/issue27240#msg330030
I close the issue. Thanks Rad164 for the report and thanks Krzysztof Wojcik fo the fix! |
|
Date |
User |
Action |
Args |
2019-06-18 08:31:25 | vstinner | set | recipients:
+ vstinner, barry, ned.deily, r.david.murray, maxking, rad164, xtreak |
2019-06-18 08:31:25 | vstinner | set | messageid: <1560846685.57.0.322334107487.issue33529@roundup.psfhosted.org> |
2019-06-18 08:31:25 | vstinner | link | issue33529 messages |
2019-06-18 08:31:25 | vstinner | create | |
|