diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2019-11-07 17:44:01 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-12-26 15:04:18 +0100 |
| commit | e9bd8a37793b2737c60e8aabb4e30540de6420cc (patch) | |
| tree | 00bd4de98587038aea60b202436e4d3e1c66cebd /main/python2/CVE-2019-9948.patch | |
| parent | 3eecbd309c911d0a7b9f4a4f28e6519055f38e6c (diff) | |
| download | aports-e9bd8a37793b2737c60e8aabb4e30540de6420cc.tar.bz2 aports-e9bd8a37793b2737c60e8aabb4e30540de6420cc.tar.xz | |
main/python2: security upgrade to 2.7.17
Diffstat (limited to 'main/python2/CVE-2019-9948.patch')
| -rw-r--r-- | main/python2/CVE-2019-9948.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/main/python2/CVE-2019-9948.patch b/main/python2/CVE-2019-9948.patch deleted file mode 100644 index e5d38bd0ac..0000000000 --- a/main/python2/CVE-2019-9948.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001 -From: push0ebp <push0ebp@shl-MacBook-Pro.local> -Date: Thu, 14 Feb 2019 02:05:46 +0900 -Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary - URL scheme in urllib - ---- - Lib/test/test_urllib.py | 12 ++++++++++++ - Lib/urllib.py | 5 ++++- - 2 files changed, 16 insertions(+), 1 deletion(-) - -diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py -index 1ce9201c0693..e5f210e62a18 100644 ---- a/Lib/test/test_urllib.py -+++ b/Lib/test/test_urllib.py -@@ -1023,6 +1023,18 @@ def open_spam(self, url): - "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"), - "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/") - -+ def test_local_file_open(self): -+ class DummyURLopener(urllib.URLopener): -+ def open_local_file(self, url): -+ return url -+ self.assertEqual(DummyURLopener().open( -+ 'local-file://example'), '//example') -+ self.assertEqual(DummyURLopener().open( -+ 'local_file://example'), '//example') -+ self.assertRaises(IOError, urllib.urlopen, -+ 'local-file://example') -+ self.assertRaises(IOError, urllib.urlopen, -+ 'local_file://example') - - # Just commented them out. - # Can't really tell why keep failing in windows and sparc. -diff --git a/Lib/urllib.py b/Lib/urllib.py -index d85504a5cb7e..a24e9a5c68fb 100644 ---- a/Lib/urllib.py -+++ b/Lib/urllib.py -@@ -203,7 +203,10 @@ def open(self, fullurl, data=None): - name = 'open_' + urltype - self.type = urltype - name = name.replace('-', '_') -- if not hasattr(self, name): -+ -+ # bpo-35907: # disallow the file reading with the type not allowed -+ if not hasattr(self, name) or \ -+ (self == _urlopener and name == 'open_local_file'): - if proxy: - return self.open_unknown_proxy(proxy, fullurl, data) - else: |