Some IPv4 and IPv4-mapped IPv6 properties don't match #122792
Comments
…Pv4 (GH-122793) Make IPv4-mapped IPv6 address properties consistent with IPv4.
…with IPv4 (pythonGH-122793) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d) Co-authored-by: Seth Michael Larson <seth@python.org>
…with IPv4 (pythonGH-122793) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d) Co-authored-by: Seth Michael Larson <seth@python.org>
…with IPv4 (pythonGH-122793) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d) Co-authored-by: Seth Michael Larson <seth@python.org>
…with IPv4 (pythonGH-122793) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d) Co-authored-by: Seth Michael Larson <seth@python.org>
|
Hey, I learned about this issue just today and, as a user of this API, I'd like to express some opposition to it. My reasons, in no particular order:
cc @gpshead |
|
I think we're lacking the motivating reason behind the change, @sethmlarson can explain more. Agreed with (2), we need a docs update. But the merged change does not make it inconsistent, the Regarding (3) / (4) do you have practical examples of actual code in use that does not want the new behavior? (got links?) That'd help reason about where this falls into breaking change vs bug fix categories. Some general background: We've gotten security reports over the years about the |
|
@jstasiak Thanks for the question, indeed the primary motivation for this change is security, specifically folks using IP address filtering before establishing a connection. Since an IPv4-mapped IPv6 address gets established as an IPv4 address I figured these properties should match the mapped IPv4 address and not the IPv6 address that's mostly being used for framing. If you have better guidance about this case, please share! |
|
@jstasiak Do you have an opinion on the above comment? Otherwise we will continue back-porting this change, we want to make sure we're not breaking any legitimate use-cases unintentionally. |
…s consistent with IPv4 (pythonGH-122793) (pythonGH-123819) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d) (cherry picked from commit b58da40) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
Given no further comments by jstasiak I backported the rest. This issue is now resolved. Thanks, everyone. |
urlparse can throw ValueError when parsing a URL, we didn't experience this before because none of our tests were failing when calling urlparse, but there was a new release of python that now fails parsing some of our test cases python/cpython#122792.
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. python/cpython#122792 CVE-2024-9287, gh-124651: Properly quote template strings in venv activation scripts. python/cpython#124651 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
…stent with IPv4 (pythonGH-122793) (pythonGH-123819) (pythonGH-127571) Make IPv4-mapped IPv6 address properties consistent with IPv4. (cherry picked from commit 76a1c5d) (cherry picked from commit b58da40) Co-authored-by: Seth Michael Larson <seth@python.org>
Bug report
Bug description:
The following properties on an
IPv6Addressdon't match theirIPv4Addresscounterparts when using an IPv6-mapped IPv4 address (ie::ffff:<ipv4>):Proposed fix is to make all properties use their
IPv4Addressvalues for IPv4-mapped addresses.CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Linked PRs
The text was updated successfully, but these errors were encountered: