From 2a122fd420f5b425fd39848a48f5eb196cee2aa7 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Thu, 15 Jan 2026 15:52:59 -0600
Subject: [PATCH] gh-143927: Normalize all line endings (CR, CRLF, and LF) in
 configparser

---
 Lib/configparser.py                                   |  4 +++-
 Lib/test/test_configparser.py                         | 11 +++++++++++
 .../2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst    |  2 ++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst

diff --git a/Lib/configparser.py b/Lib/configparser.py
index d435a5c2fe0da2..5e82852cc1a63a 100644
--- a/Lib/configparser.py
+++ b/Lib/configparser.py
@@ -985,7 +985,9 @@ def _write_section(self, fp, section_name, section_items, delimiter, unnamed=Fal
             value = self._interpolation.before_write(self, section_name, key,
                                                      value)
             if value is not None or not self._allow_no_value:
-                value = delimiter + str(value).replace('\n', '\n\t')
+                # Convert all possible line-endings into '\n\t'
+                value = (delimiter + str(value).replace('\r\n', '\n')
+                         .replace('\r', '\n').replace('\n', '\n\t'))
             else:
                 value = ""
             fp.write("{}{}\n".format(key, value))
diff --git a/Lib/test/test_configparser.py b/Lib/test/test_configparser.py
index 1bfb53ccbb1398..dac8e28d717f8d 100644
--- a/Lib/test/test_configparser.py
+++ b/Lib/test/test_configparser.py
@@ -526,6 +526,17 @@ def test_default_case_sensitivity(self):
             cf.get(self.default_section, "Foo"), "Bar",
             "could not locate option, expecting case-insensitive defaults")
 
+    def test_crlf_normalization(self):
+        cf = self.newconfig({"key1": "a\nb","key2": "a\rb", "key3": "a\r\nb", "key4": "a\r\nb"})
+        buf = io.StringIO()
+        cf.write(buf)
+        cf_str = buf.getvalue()
+        self.assertNotIn("\r", cf_str)
+        self.assertNotIn("\r\n", cf_str)
+        self.assertEqual(cf_str.count("\n"), 10)
+        self.assertEqual(cf_str.count("\n\t"), 4)
+        self.assertTrue(cf_str.endswith("\n\n"))
+
     def test_parse_errors(self):
         cf = self.newconfig()
         self.parse_error(cf, configparser.ParsingError,
diff --git a/Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst b/Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst
new file mode 100644
index 00000000000000..ca554997e5c396
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2026-01-16-11-58-19.gh-issue-143927.aviFeG.rst
@@ -0,0 +1,2 @@
+Normalize all line endings (CR, CRLF, and LF) to LF+TAB when writing
+multi-line configparser values.