[Bug 6917] New: Changes to email.utils.getaddresses in Python 3.12.6 break patchbomb tests

mercurial-bugs at mercurial-scm.org mercurial-bugs at mercurial-scm.org
Wed Sep 18 23:58:03 UTC 2024


https://bz.mercurial-scm.org/show_bug.cgi?id=6917

            Bug ID: 6917
           Summary: Changes to email.utils.getaddresses in Python 3.12.6
                    break patchbomb tests
           Product: Mercurial
           Version: default branch
          Hardware: PC
                OS: Linux
            Status: UNCONFIRMED
          Severity: bug
          Priority: wish
         Component: patchbomb
          Assignee: bugzilla at mercurial-scm.org
          Reporter: dave.jones at canonical.com
                CC: mercurial-devel at mercurial-scm.org
    Python Version: ---

Strict parsing of e-mail addresses, introduced in Python 3.12.6 [1] in response
to CVE-2023-27043, break the "multi-address parsing" test in
tests/test-patchbomb.t on line 2416 [2]. Specifically, attempting to parse
"spam<spam><eggs>" no longer results in two addresses, but none.

Under Python 3.12.5:

  >>> getaddresses(['spam<spam><eggs>'])
  [('spam', 'spam'), ('', 'eggs')]

Under Python 3.12.6:

  >>> getaddresses(['spam<spam><eggs>'])
  [('', '')]

The strict parsing flag is introduced to getaddresses, defaulting to True,
which can be set to False to restore the old behaviour, but I'm assuming it's
preferable in this case to update the test? Presumably something like the
following which would largely preserve the intent of the test:

diff -r db7dbe6f7bb2 -r 35b3c7d07330 tests/test-patchbomb.t
--- a/tests/test-patchbomb.t    Wed Jun 19 14:49:35 2024 +0200
+++ b/tests/test-patchbomb.t    Thu Sep 19 00:30:42 2024 +0100
@@ -2414,7 +2414,7 @@


 test multi-address parsing:
-  $ hg email --date '1980-1-1 0:1' -m tmp.mbox -f quux -t 'spam<spam><eggs>' \
+  $ hg email --date '1980-1-1 0:1' -m tmp.mbox -f quux -t 'spam<spam>,<eggs>'
\
   >  -t toast -c 'foo,bar at example.com' -c '"A, B <>" <a at example.com>' -s test
-r 0 \
   >  --config email.bcc='"Quux, A." <quux>'
   this patch series consists of 1 patches.

[1]: https://docs.python.org/3/whatsnew/3.12.html#id11
[2]: https://repo.mercurial-scm.org/hg/file/tip/tests/test-patchbomb.t#l2416

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Mercurial-devel mailing list