[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-02-23 Thread Éric Araujo 

Change by Éric Araujo :


--
stage: backport needed -> resolved
status: open -> closed
versions:  -Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-02-23 Thread Éric Araujo 

Éric Araujo  added the comment:

3.5 only accepts security fixes:
https://devguide.python.org/#status-of-python-branches

--
versions: +Python 3.8 -Python 3.4, Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-02-23 Thread Louis Lecaroz 

Louis Lecaroz  added the comment:

Hi,

First of all, thank you so much for having fixed this bug, I checked in 3.5 & 
it seems that this fix needs to be also backport in 3.5 branch & certainly 
others branches (like 3.4) ?

Thx in advance for your coming feedback
Best regards
Louis

--
nosy: +llecaroz
versions: +Python 3.4, Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-29 Thread Éric Araujo 

Éric Araujo  added the comment:


New changeset f5a793522d539afc84ac7888c9ad189097c43a75 by Éric Araujo (Bo 
Bayles) in branch '2.7':
bpo-32304: Fix distutils upload for tar files ending with b'\r' (GH-5264) 
(GH-5331)
https://github.com/python/cpython/commit/f5a793522d539afc84ac7888c9ad189097c43a75


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-28 Thread Éric Araujo 

Change by Éric Araujo :


--
assignee:  -> eric.araujo
resolution:  -> fixed
stage: patch review -> backport needed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-26 Thread Éric Araujo 

Éric Araujo  added the comment:


New changeset 995c60d2656c022359aac3fe713d8464c8db5716 by Éric Araujo (Bo 
Bayles) in branch '3.6':
[3.6] bpo-32304: Fix distutils upload for tar files ending with b'\r' (GH-5264) 
(GH-5330)
https://github.com/python/cpython/commit/995c60d2656c022359aac3fe713d8464c8db5716


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-25 Thread bbayles 

Change by bbayles :


--
pull_requests: +5176

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-25 Thread bbayles 

Change by bbayles :


--
pull_requests: +5175

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-25 Thread Éric Araujo 

Éric Araujo  added the comment:


New changeset 2fc98ae115e2a2095a0bcf388c27a878aafdb454 by Éric Araujo (Bo 
Bayles) in branch 'master':
bpo-32304: Fix distutils upload for sdists ending with \x0d (GH-5264)
https://github.com/python/cpython/commit/2fc98ae115e2a2095a0bcf388c27a878aafdb454


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-22 Thread bbayles 

Change by bbayles :


--
nosy: +bbayles

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2018-01-21 Thread bbayles 

Change by bbayles :


--
keywords: +patch
pull_requests: +5110
stage: needs patch -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2017-12-19 Thread Antoine Pitrou 

Antoine Pitrou  added the comment:

I agree with the suggested fix.  Do you want to submit a PR?

--
nosy: +pitrou -llecaroz
stage:  -> needs patch
versions: +Python 3.6 -Python 3.5, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32304] Upload failed (400): Digests do not match on .tar.gz ending with x0d binary code

2017-12-13 Thread Louis Lecaroz 

New submission from Louis Lecaroz :

Hi,
.tar.gz files can end with x0d bytes or whatever you want

When running setup.py sdist upload, depending on the project, the .tar.gz file, 
as said can sometimes end with x0d. When doing the upload, the line 
https://github.com/python/cpython/blob/master/Lib/distutils/command/upload.py#L162
 (if value and value[-1:] == b'\r') will remove the ending char of the .tar.gz 
generating a 400 response error from the server like: 

Upload failed (400): Digests do not match, found: 
09f23b52764a6802a87dd753009c2d3d, expected: 972b8e9d3dc8cf6ba6b4b1ad5991f013
error: Upload failed (400): Digests do not match, found: 
09f23b52764a6802a87dd753009c2d3d, expected: 972b8e9d3dc8cf6ba6b4b1ad5991f013

As this line is generic & run on all key/values, I clearly understand that this 
check was initially written to eliminate certainly some issues on values in 
text format. 

But the mistake here, is that you are also changing the content of the 
'content' key which contains the .tar.gz as value, and because you remove the 
ending 0D, you change the .tar.gz content to be uploaded. As consequence, the 
server will return a 400 error about a wrong digest/crc.

I was able to make the code working with all .tar.gz files by changing this 
line to:

if value and value[-1:] == '\r' and not key=='content':

With a such fix, the .tar.gz content will not see its ending \r to be removed & 
the computed CRC from the server will be the same as computed by 
md5(content).hexdigest() in upload.py

--
components: Distutils
messages: 308205
nosy: dstufft, eric.araujo, llecaroz
priority: normal
severity: normal
status: open
title: Upload failed (400): Digests do not match on .tar.gz ending with x0d 
binary code
type: security
versions: Python 2.7, Python 3.5, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com