diff options
Diffstat (limited to 'meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch')
| -rw-r--r-- | meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch deleted file mode 100644 index f4c225d2fc..0000000000 --- a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001 -From: push0ebp <push0ebp@shl-MacBook-Pro.local> -Date: Thu, 14 Feb 2019 02:05:46 +0900 -Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary - URL scheme in urllib - -Upstream-Status: Submitted https://github.com/python/cpython/pull/11842 - -CVE: CVE-2019-9948 - -Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> ---- - Lib/test/test_urllib.py | 12 ++++++++++++ - Lib/urllib.py | 5 ++++- - 2 files changed, 16 insertions(+), 1 deletion(-) - -diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py -index 1ce9201c0693..e5f210e62a18 100644 ---- a/Lib/test/test_urllib.py -+++ b/Lib/test/test_urllib.py -@@ -1023,6 +1023,18 @@ def open_spam(self, url): - "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"), - "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/") - -+ def test_local_file_open(self): -+ class DummyURLopener(urllib.URLopener): -+ def open_local_file(self, url): -+ return url -+ self.assertEqual(DummyURLopener().open( -+ 'local-file://example'), '//example') -+ self.assertEqual(DummyURLopener().open( -+ 'local_file://example'), '//example') -+ self.assertRaises(IOError, urllib.urlopen, -+ 'local-file://example') -+ self.assertRaises(IOError, urllib.urlopen, -+ 'local_file://example') - - # Just commented them out. - # Can't really tell why keep failing in windows and sparc. -diff --git a/Lib/urllib.py b/Lib/urllib.py -index d85504a5cb7e..a24e9a5c68fb 100644 ---- a/Lib/urllib.py -+++ b/Lib/urllib.py -@@ -203,7 +203,10 @@ def open(self, fullurl, data=None): - name = 'open_' + urltype - self.type = urltype - name = name.replace('-', '_') -- if not hasattr(self, name): -+ -+ # bpo-35907: # disallow the file reading with the type not allowed -+ if not hasattr(self, name) or \ -+ (self == _urlopener and name == 'open_local_file'): - if proxy: - return self.open_unknown_proxy(proxy, fullurl, data) - else: |