diff --git a/00001-pydocnogui.patch b/00001-pydocnogui.patch old mode 100755 new mode 100644 diff --git a/00055-systemtap.patch b/00055-systemtap.patch old mode 100755 new mode 100644 diff --git a/00104-lib64-fix-for-test_install.patch b/00104-lib64-fix-for-test_install.patch old mode 100755 new mode 100644 diff --git a/00111-no-static-lib.patch b/00111-no-static-lib.patch old mode 100755 new mode 100644 diff --git a/00113-more-configuration-flags.patch b/00113-more-configuration-flags.patch old mode 100755 new mode 100644 diff --git a/00114-statvfs-f_flag-constants.patch b/00114-statvfs-f_flag-constants.patch old mode 100755 new mode 100644 diff --git a/00121-add-Modules-to-build-path.patch b/00121-add-Modules-to-build-path.patch old mode 100755 new mode 100644 diff --git a/00125-less-verbose-COUNT_ALLOCS.patch b/00125-less-verbose-COUNT_ALLOCS.patch old mode 100755 new mode 100644 diff --git a/00131-disable-tests-in-test_io.patch b/00131-disable-tests-in-test_io.patch old mode 100755 new mode 100644 diff --git a/00132-add-rpmbuild-hooks-to-unittest.patch b/00132-add-rpmbuild-hooks-to-unittest.patch old mode 100755 new mode 100644 diff --git a/00133-skip-test_dl.patch b/00133-skip-test_dl.patch old mode 100755 new mode 100644 diff --git a/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch b/00134-fix-COUNT_ALLOCS-failure-in-test_sys.patch old mode 100755 new mode 100644 diff --git a/00135-skip-test-within-test_weakref-in-debug-build.patch b/00135-skip-test-within-test_weakref-in-debug-build.patch old mode 100755 new mode 100644 diff --git a/00136-skip-tests-of-seeking-stdin-in-rpmbuild.patch b/00136-skip-tests-of-seeking-stdin-in-rpmbuild.patch old mode 100755 new mode 100644 diff --git a/00137-skip-distutils-tests-that-fail-in-rpmbuild.patch b/00137-skip-distutils-tests-that-fail-in-rpmbuild.patch old mode 100755 new mode 100644 diff --git a/00138-fix-distutils-tests-in-debug-build.patch b/00138-fix-distutils-tests-in-debug-build.patch old mode 100755 new mode 100644 diff --git a/00139-skip-test_float-known-failure-on-arm.patch b/00139-skip-test_float-known-failure-on-arm.patch old mode 100755 new mode 100644 diff --git a/00140-skip-test_ctypes-known-failure-on-sparc.patch b/00140-skip-test_ctypes-known-failure-on-sparc.patch old mode 100755 new mode 100644 diff --git a/00141-fix-test_gc_with_COUNT_ALLOCS.patch b/00141-fix-test_gc_with_COUNT_ALLOCS.patch old mode 100755 new mode 100644 diff --git a/00142-skip-failing-pty-tests-in-rpmbuild.patch b/00142-skip-failing-pty-tests-in-rpmbuild.patch old mode 100755 new mode 100644 diff --git a/00143-tsc-on-ppc.patch b/00143-tsc-on-ppc.patch old mode 100755 new mode 100644 diff --git a/00144-no-gdbm.patch b/00144-no-gdbm.patch old mode 100755 new mode 100644 diff --git a/00146-hashlib-fips.patch b/00146-hashlib-fips.patch old mode 100755 new mode 100644 diff --git a/00147-add-debug-malloc-stats.patch b/00147-add-debug-malloc-stats.patch old mode 100755 new mode 100644 diff --git a/00153-fix-test_gdb-noise.patch b/00153-fix-test_gdb-noise.patch old mode 100755 new mode 100644 diff --git a/00155-avoid-ctypes-thunks.patch b/00155-avoid-ctypes-thunks.patch old mode 100755 new mode 100644 diff --git a/00156-gdb-autoload-safepath.patch b/00156-gdb-autoload-safepath.patch old mode 100755 new mode 100644 diff --git a/00157-uid-gid-overflows.patch b/00157-uid-gid-overflows.patch old mode 100755 new mode 100644 diff --git a/00165-crypt-module-salt-backport.patch b/00165-crypt-module-salt-backport.patch old mode 100755 new mode 100644 diff --git a/00166-fix-fake-repr-in-gdb-hooks.patch b/00166-fix-fake-repr-in-gdb-hooks.patch old mode 100755 new mode 100644 diff --git a/00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch b/00167-disable-stack-navigation-tests-when-optimized-in-test_gdb.patch old mode 100755 new mode 100644 diff --git a/00168-distutils-cflags.patch b/00168-distutils-cflags.patch old mode 100755 new mode 100644 diff --git a/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch b/00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch old mode 100755 new mode 100644 diff --git a/00170-gc-assertions.patch b/00170-gc-assertions.patch old mode 100755 new mode 100644 diff --git a/00173-workaround-ENOPROTOOPT-in-bind_port.patch b/00173-workaround-ENOPROTOOPT-in-bind_port.patch old mode 100755 new mode 100644 diff --git a/00174-fix-for-usr-move.patch b/00174-fix-for-usr-move.patch old mode 100755 new mode 100644 diff --git a/00180-python-add-support-for-ppc64p7.patch b/00180-python-add-support-for-ppc64p7.patch old mode 100755 new mode 100644 diff --git a/00181-allow-arbitrary-timeout-in-condition-wait.patch b/00181-allow-arbitrary-timeout-in-condition-wait.patch old mode 100755 new mode 100644 diff --git a/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch b/00184-ctypes-should-build-with-libffi-multilib-wrapper.patch old mode 100755 new mode 100644 diff --git a/00185-urllib2-honors-noproxy-for-ftp.patch b/00185-urllib2-honors-noproxy-for-ftp.patch old mode 100755 new mode 100644 diff --git a/00186-memory-leak-marshalc.patch b/00186-memory-leak-marshalc.patch old mode 100755 new mode 100644 diff --git a/00187-add-RPATH-to-pyexpat.patch b/00187-add-RPATH-to-pyexpat.patch old mode 100755 new mode 100644 diff --git a/00188-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch b/00188-CVE-2013-4238-hostname-check-bypass-in-SSL-module.patch old mode 100755 new mode 100644 diff --git a/00189-gdb-py-bt-dont-raise-exception-from-eval.patch b/00189-gdb-py-bt-dont-raise-exception-from-eval.patch old mode 100755 new mode 100644 diff --git a/00190-gdb-fix-ppc64-failures.patch b/00190-gdb-fix-ppc64-failures.patch old mode 100755 new mode 100644 diff --git a/00191-add-RPATH-to-elementtree.patch b/00191-add-RPATH-to-elementtree.patch old mode 100755 new mode 100644 diff --git a/00192-Fix-missing-documentation-for-some-keywords.patch b/00192-Fix-missing-documentation-for-some-keywords.patch old mode 100755 new mode 100644 diff --git a/00193-buffer-overflow.patch b/00193-buffer-overflow.patch old mode 100755 new mode 100644 diff --git a/00194-gdb-dont-fail-on-frame-with-address.patch b/00194-gdb-dont-fail-on-frame-with-address.patch old mode 100755 new mode 100644 diff --git a/00195-make-multiproc-ignore-EINTR.patch b/00195-make-multiproc-ignore-EINTR.patch old mode 100755 new mode 100644 diff --git a/00196-avoid-double-close-of-pipes.patch b/00196-avoid-double-close-of-pipes.patch old mode 100755 new mode 100644 diff --git a/00197-add-missing-import-in-bdist_rpm.patch b/00197-add-missing-import-in-bdist_rpm.patch old mode 100755 new mode 100644 diff --git a/00198-fix-readline-erroneous-output.patch b/00198-fix-readline-erroneous-output.patch old mode 100755 new mode 100644 diff --git a/00199-CVE-2013-1753.patch b/00199-CVE-2013-1753.patch old mode 100755 new mode 100644 diff --git a/00200-CVE-2014-4616.patch b/00200-CVE-2014-4616.patch old mode 100755 new mode 100644 diff --git a/00201-CVE-2014-4650.patch b/00201-CVE-2014-4650.patch old mode 100755 new mode 100644 diff --git a/00202-CVE-2014-7185.patch b/00202-CVE-2014-7185.patch old mode 100755 new mode 100644 diff --git a/00203-CVE-2013-1752-nntplib.patch b/00203-CVE-2013-1752-nntplib.patch old mode 100755 new mode 100644 diff --git a/00204-CVE-2013-1752-ftplib.patch b/00204-CVE-2013-1752-ftplib.patch old mode 100755 new mode 100644 diff --git a/00205-CVE-2013-1752-httplib-headers.patch b/00205-CVE-2013-1752-httplib-headers.patch old mode 100755 new mode 100644 diff --git a/00206-CVE-2013-1752-poplib.patch b/00206-CVE-2013-1752-poplib.patch old mode 100755 new mode 100644 diff --git a/00207-CVE-2013-1752-smtplib.patch b/00207-CVE-2013-1752-smtplib.patch old mode 100755 new mode 100644 diff --git a/00208-CVE-2013-1752-imaplib.patch b/00208-CVE-2013-1752-imaplib.patch old mode 100755 new mode 100644 diff --git a/00209-pep466-backport-hmac.compare_digest.patch b/00209-pep466-backport-hmac.compare_digest.patch old mode 100755 new mode 100644 diff --git a/00210-pep466-backport-hashlib.pbkdf2_hmac.patch b/00210-pep466-backport-hashlib.pbkdf2_hmac.patch old mode 100755 new mode 100644 diff --git a/00211-pep466-UTF-7-decoder-fix-illegal-unicode.patch b/00211-pep466-UTF-7-decoder-fix-illegal-unicode.patch old mode 100755 new mode 100644 diff --git a/00212-pep466-pyunicode_fromformat-raise-overflow.patch b/00212-pep466-pyunicode_fromformat-raise-overflow.patch old mode 100755 new mode 100644 diff --git a/00213-pep466-pyunicode_fromformat-fix-formats.patch b/00213-pep466-pyunicode_fromformat-fix-formats.patch old mode 100755 new mode 100644 diff --git a/00214-pep466-backport-py3-ssl-changes.patch b/00214-pep466-backport-py3-ssl-changes.patch old mode 100755 new mode 100644 diff --git a/00215-pep466-reflect-openssl-settings-ssltests.patch b/00215-pep466-reflect-openssl-settings-ssltests.patch old mode 100755 new mode 100644 diff --git a/00216-pep466-fix-load-verify-locs-unicode.patch b/00216-pep466-fix-load-verify-locs-unicode.patch old mode 100755 new mode 100644 diff --git a/00217-pep466-backport-hashlib-algorithm-consts.patch b/00217-pep466-backport-hashlib-algorithm-consts.patch old mode 100755 new mode 100644 diff --git a/00218-pep466-backport-urandom-pers-fd.patch b/00218-pep466-backport-urandom-pers-fd.patch old mode 100755 new mode 100644 diff --git a/00219-pep466-fix-referenced-sslwrap.patch b/00219-pep466-fix-referenced-sslwrap.patch old mode 100755 new mode 100644 diff --git a/00220-pep466-allow-passing-ssl-urrlib-httplib.patch b/00220-pep466-allow-passing-ssl-urrlib-httplib.patch old mode 100755 new mode 100644 diff --git a/00222-add-2014-bit-dh-key.patch b/00222-add-2014-bit-dh-key.patch old mode 100755 new mode 100644 diff --git a/00223-pep476-verify-certs-by-default.patch b/00223-pep476-verify-certs-by-default.patch old mode 100755 new mode 100644 diff --git a/00224-pep476-add-toggle-for-cert-verify.patch b/00224-pep476-add-toggle-for-cert-verify.patch old mode 100755 new mode 100644 diff --git a/00225-cprofile-sort-option.patch b/00225-cprofile-sort-option.patch old mode 100755 new mode 100644 diff --git a/00227-accept-none-keyfile-loadcertchain.patch b/00227-accept-none-keyfile-loadcertchain.patch old mode 100755 new mode 100644 diff --git a/00228-backport-ssl-version.patch b/00228-backport-ssl-version.patch old mode 100755 new mode 100644 diff --git a/00229-Expect-a-failure-when-trying-to-connect-with-SSLv2-c.patch b/00229-Expect-a-failure-when-trying-to-connect-with-SSLv2-c.patch old mode 100755 new mode 100644 diff --git a/00230-force-all-child-threads-to-terminate-in-TestForkInThread.patch b/00230-force-all-child-threads-to-terminate-in-TestForkInThread.patch old mode 100755 new mode 100644 diff --git a/00231-Initialize-OpenSSL_add_all_digests-in-_hashlib.patch b/00231-Initialize-OpenSSL_add_all_digests-in-_hashlib.patch old mode 100755 new mode 100644 diff --git a/00232-man-page-date-macro-removal.patch b/00232-man-page-date-macro-removal.patch old mode 100755 new mode 100644 diff --git a/00233-Computed-Goto-dispatch.patch b/00233-Computed-Goto-dispatch.patch old mode 100755 new mode 100644 diff --git a/00234-PEP493-updated-implementation.patch b/00234-PEP493-updated-implementation.patch old mode 100755 new mode 100644 diff --git a/00235-JSON-decoder-lone-surrogates-fix.patch b/00235-JSON-decoder-lone-surrogates-fix.patch old mode 100755 new mode 100644 diff --git a/00236-use-Py_ssize_t-for-file-offset-and-length-computations-in-iteration.patch b/00236-use-Py_ssize_t-for-file-offset-and-length-computations-in-iteration.patch old mode 100755 new mode 100644 diff --git a/00237-CVE-2016-0772-smtplib.patch b/00237-CVE-2016-0772-smtplib.patch old mode 100755 new mode 100644 diff --git a/00238-CVE-2016-5699-httplib.patch b/00238-CVE-2016-5699-httplib.patch old mode 100755 new mode 100644 diff --git a/00240-increase-smtplib-tests-timeouts.patch b/00240-increase-smtplib-tests-timeouts.patch old mode 100755 new mode 100644 diff --git a/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch b/00241-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch old mode 100755 new mode 100644 diff --git a/00242-CVE-2016-1000110-httpoxy.patch b/00242-CVE-2016-1000110-httpoxy.patch old mode 100755 new mode 100644 diff --git a/00255-Fix-ssl-module-parsing-of-GEN_RID-subject-alternative-name-fields-in-X.509-certs.patch b/00255-Fix-ssl-module-parsing-of-GEN_RID-subject-alternative-name-fields-in-X.509-certs.patch old mode 100755 new mode 100644 diff --git a/00256-fix-incorrect-parsing-of-regular-expressions.patch b/00256-fix-incorrect-parsing-of-regular-expressions.patch old mode 100755 new mode 100644 diff --git a/00257-threading-wait-clamp-remaining-time.patch b/00257-threading-wait-clamp-remaining-time.patch old mode 100755 new mode 100644 diff --git a/00263-fix-ssl-reference-leaks.patch b/00263-fix-ssl-reference-leaks.patch old mode 100755 new mode 100644 diff --git a/00265-protect-key-list-during-fork.patch b/00265-protect-key-list-during-fork.patch old mode 100755 new mode 100644 diff --git a/00266-fix-shutil.make_archive-ignoring-empty-dirs.patch b/00266-fix-shutil.make_archive-ignoring-empty-dirs.patch old mode 100755 new mode 100644 diff --git a/00268-set-stream-name-to-None.patch b/00268-set-stream-name-to-None.patch old mode 100755 new mode 100644 diff --git a/00275-fix-fnctl-with-integer-on-big-endian.patch b/00275-fix-fnctl-with-integer-on-big-endian.patch old mode 100755 new mode 100644 diff --git a/00276-increase-imaplib-MAXLINE.patch b/00276-increase-imaplib-MAXLINE.patch old mode 100755 new mode 100644 diff --git a/00281-add-context-parameter-to-xmlrpclib.ServerProxy.patch b/00281-add-context-parameter-to-xmlrpclib.ServerProxy.patch old mode 100755 new mode 100644 diff --git a/00282-obmalloc-mmap-threshold.patch b/00282-obmalloc-mmap-threshold.patch old mode 100755 new mode 100644 diff --git a/00285-fix-non-deterministic-read-in-test_pty.patch b/00285-fix-non-deterministic-read-in-test_pty.patch old mode 100755 new mode 100644 diff --git a/00287-fix-thread-hanging-on-inaccessible-nfs-server.patch b/00287-fix-thread-hanging-on-inaccessible-nfs-server.patch old mode 100755 new mode 100644 diff --git a/00295-fix-https-behind-proxy.patch b/00295-fix-https-behind-proxy.patch old mode 100755 new mode 100644 diff --git a/00296-Readd-the-private-_set_hostport-api-to-httplib.patch b/00296-Readd-the-private-_set_hostport-api-to-httplib.patch old mode 100755 new mode 100644 diff --git a/00298-do-not-send-IP-in-SNI-TLS-extension.patch b/00298-do-not-send-IP-in-SNI-TLS-extension.patch old mode 100755 new mode 100644 diff --git a/00299-fix-ssl-module-pymax.patch b/00299-fix-ssl-module-pymax.patch old mode 100755 new mode 100644 diff --git a/00303-CVE-2018-1060-1.patch b/00303-CVE-2018-1060-1.patch old mode 100755 new mode 100644 diff --git a/00305-CVE-2016-2183.patch b/00305-CVE-2016-2183.patch old mode 100755 new mode 100644 diff --git a/00306-fix-oserror-17-upon-semaphores-creation.patch b/00306-fix-oserror-17-upon-semaphores-creation.patch old mode 100755 new mode 100644 diff --git a/00310-use-xml-sethashsalt-in-elementtree.patch b/00310-use-xml-sethashsalt-in-elementtree.patch old mode 100755 new mode 100644 diff --git a/00314-parser-check-e_io.patch b/00314-parser-check-e_io.patch old mode 100755 new mode 100644 diff --git a/00317-CVE-2019-5010-ssl-crl.patch b/00317-CVE-2019-5010-ssl-crl.patch old mode 100755 new mode 100644 diff --git a/00320-CVE-2019-9636-and-CVE-2019-10160.patch b/00320-CVE-2019-9636-and-CVE-2019-10160.patch old mode 100755 new mode 100644 diff --git a/00324-disallow-control-chars-in-http-urls.patch b/00324-disallow-control-chars-in-http-urls.patch old mode 100755 new mode 100644 diff --git a/00325-CVE-2019-9948.patch b/00325-CVE-2019-9948.patch old mode 100755 new mode 100644 diff --git a/00330-CVE-2018-20852.patch b/00330-CVE-2018-20852.patch old mode 100755 new mode 100644 diff --git a/00332-CVE-2019-16056.patch b/00332-CVE-2019-16056.patch old mode 100755 new mode 100644 diff --git a/00344-CVE-2019-16935.patch b/00344-CVE-2019-16935.patch old mode 100755 new mode 100644 diff --git a/00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch b/00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch old mode 100755 new mode 100644 diff --git a/00354-cve-2020-26116-http-request-method-crlf-injection-in-httplib.patch b/00354-cve-2020-26116-http-request-method-crlf-injection-in-httplib.patch old mode 100755 new mode 100644 diff --git a/00357-CVE-2021-3177.patch b/00357-CVE-2021-3177.patch old mode 100755 new mode 100644 diff --git a/00377-CVE-2022-0391.patch b/00377-CVE-2022-0391.patch old mode 100755 new mode 100644 diff --git a/00378-support-expat-2-4-5.patch b/00378-support-expat-2-4-5.patch old mode 100755 new mode 100644 diff --git a/00380-update-test-certs.patch b/00380-update-test-certs.patch old mode 100755 new mode 100644 diff --git a/00399-CVE-2023-24329.patch b/00399-CVE-2023-24329.patch new file mode 100644 index 0000000000000000000000000000000000000000..81b22d1b03592363972597e2e7fc6527fcd53d9d --- /dev/null +++ b/00399-CVE-2023-24329.patch @@ -0,0 +1,126 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Thu, 25 May 2023 10:03:57 +0200 +Subject: [PATCH] 00399: gh-102153: Start stripping C0 control and space chars + in `urlsplit` (GH-102508) (#104575) + +* gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) + +`urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. + +This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). + +Backported to Python 2 from Python 3.12. + +Co-authored-by: Illia Volochii +Co-authored-by: Gregory P. Smith [Google] +Co-authored-by: Lumir Balhar +--- + Lib/test/test_urlparse.py | 57 +++++++++++++++++++++++++++++++++++++++ + Lib/urlparse.py | 10 +++++++ + 2 files changed, 67 insertions(+) + +diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py +index 16eefed56f6..419e9c2bdcc 100644 +--- a/Lib/test/test_urlparse.py ++++ b/Lib/test/test_urlparse.py +@@ -666,7 +666,64 @@ class UrlParseTestCase(unittest.TestCase): + self.assertEqual(p.scheme, "https") + self.assertEqual(p.geturl(), "https://www.python.org/javascript:alert('msg')/?query=something#fragment") + ++ def test_urlsplit_strip_url(self): ++ noise = "".join([chr(i) for i in range(0, 0x20 + 1)]) ++ base_url = "http://User:Pass@www.python.org:080/doc/?query=yes#frag" + ++ url = noise.decode("utf-8") + base_url ++ p = urlparse.urlsplit(url) ++ self.assertEqual(p.scheme, "http") ++ self.assertEqual(p.netloc, "User:Pass@www.python.org:080") ++ self.assertEqual(p.path, "/doc/") ++ self.assertEqual(p.query, "query=yes") ++ self.assertEqual(p.fragment, "frag") ++ self.assertEqual(p.username, "User") ++ self.assertEqual(p.password, "Pass") ++ self.assertEqual(p.hostname, "www.python.org") ++ self.assertEqual(p.port, 80) ++ self.assertEqual(p.geturl(), base_url) ++ ++ url = noise + base_url.encode("utf-8") ++ p = urlparse.urlsplit(url) ++ self.assertEqual(p.scheme, b"http") ++ self.assertEqual(p.netloc, b"User:Pass@www.python.org:080") ++ self.assertEqual(p.path, b"/doc/") ++ self.assertEqual(p.query, b"query=yes") ++ self.assertEqual(p.fragment, b"frag") ++ self.assertEqual(p.username, b"User") ++ self.assertEqual(p.password, b"Pass") ++ self.assertEqual(p.hostname, b"www.python.org") ++ self.assertEqual(p.port, 80) ++ self.assertEqual(p.geturl(), base_url.encode("utf-8")) ++ ++ # Test that trailing space is preserved as some applications rely on ++ # this within query strings. ++ query_spaces_url = "https://www.python.org:88/doc/?query= " ++ p = urlparse.urlsplit(noise.decode("utf-8") + query_spaces_url) ++ self.assertEqual(p.scheme, "https") ++ self.assertEqual(p.netloc, "www.python.org:88") ++ self.assertEqual(p.path, "/doc/") ++ self.assertEqual(p.query, "query= ") ++ self.assertEqual(p.port, 88) ++ self.assertEqual(p.geturl(), query_spaces_url) ++ ++ p = urlparse.urlsplit("www.pypi.org ") ++ # That "hostname" gets considered a "path" due to the ++ # trailing space and our existing logic... YUCK... ++ # and re-assembles via geturl aka unurlsplit into the original. ++ # django.core.validators.URLValidator (at least through v3.2) relies on ++ # this, for better or worse, to catch it in a ValidationError via its ++ # regular expressions. ++ # Here we test the basic round trip concept of such a trailing space. ++ self.assertEqual(urlparse.urlunsplit(p), "www.pypi.org ") ++ ++ # with scheme as cache-key ++ url = "//www.python.org/" ++ scheme = noise.decode("utf-8") + "https" + noise.decode("utf-8") ++ for _ in range(2): ++ p = urlparse.urlsplit(url, scheme=scheme) ++ self.assertEqual(p.scheme, "https") ++ self.assertEqual(p.geturl(), "https://www.python.org/") + + def test_attributes_bad_port(self): + """Check handling of non-integer ports.""" +diff --git a/Lib/urlparse.py b/Lib/urlparse.py +index 6cc40a8d2fb..0f03a7cc4a9 100644 +--- a/Lib/urlparse.py ++++ b/Lib/urlparse.py +@@ -26,6 +26,10 @@ scenarios for parsing, and for backward compatibility purposes, some + parsing quirks from older RFCs are retained. The testcases in + test_urlparse.py provides a good indicator of parsing behavior. + ++The WHATWG URL Parser spec should also be considered. We are not compliant with ++it either due to existing user code API behavior expectations (Hyrum's Law). ++It serves as a useful guide when making changes. ++ + """ + + import re +@@ -63,6 +67,10 @@ scheme_chars = ('abcdefghijklmnopqrstuvwxyz' + '0123456789' + '+-.') + ++# Leading and trailing C0 control and space to be stripped per WHATWG spec. ++# == "".join([chr(i) for i in range(0, 0x20 + 1)]) ++_WHATWG_C0_CONTROL_OR_SPACE = '\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f ' ++ + # Unsafe bytes to be removed per WHATWG spec + _UNSAFE_URL_BYTES_TO_REMOVE = ['\t', '\r', '\n'] + +@@ -201,6 +209,8 @@ def urlsplit(url, scheme='', allow_fragments=True): + (e.g. netloc is a single string) and we don't expand % escapes.""" + url = _remove_unsafe_bytes_from_url(url) + scheme = _remove_unsafe_bytes_from_url(scheme) ++ url = url.lstrip(_WHATWG_C0_CONTROL_OR_SPACE) ++ scheme = scheme.strip(_WHATWG_C0_CONTROL_OR_SPACE) + allow_fragments = bool(allow_fragments) + key = url, scheme, allow_fragments, type(url), type(scheme) + cached = _parse_cache.get(key, None) diff --git a/05000-autotool-intermediates.patch b/05000-autotool-intermediates.patch old mode 100755 new mode 100644 diff --git a/10000-python-anolis-rebrand.patch b/10000-python-anolis-rebrand.patch index 89a6d0ab0cd49be15a31bb6f14a99eb75aedccd9..65cf7184df2d30594a9a48eb0373d389664fae97 100644 --- a/10000-python-anolis-rebrand.patch +++ b/10000-python-anolis-rebrand.patch @@ -1,9 +1,8 @@ -From 03b5ffe43421cab1ba3b7417483ab343181ca9bd Mon Sep 17 00:00:00 2001 -From: zhangbinchen -Date: Tue, 16 Mar 2021 11:30:43 +0800 -Subject: [PATCH] rebrand : rebrand txt use anolis +From c0e46e3d4c1ca4cf0ba537d9cdfc213fc8cde1ba Mon Sep 17 00:00:00 2001 +From: yangxianzhao +Date: Mon, 12 Jun 2023 11:10:07 +0800 +Subject: [PATCH] rebrand to anolis -Signed-off-by: zhangbinchen --- Doc/library/gettext.rst | 2 +- Doc/library/platform.rst | 4 ++-- @@ -11,7 +10,7 @@ Signed-off-by: zhangbinchen 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Doc/library/gettext.rst b/Doc/library/gettext.rst -index 4b4883a..e3c20fd 100644 +index 9b4eb0c..b0c1585 100644 --- a/Doc/library/gettext.rst +++ b/Doc/library/gettext.rst @@ -746,7 +746,7 @@ implementations, and valuable experience to the creation of this module: @@ -24,7 +23,7 @@ index 4b4883a..e3c20fd 100644 The :mod:`gettext` module does not try to support these system dependent defaults; instead its default is :file:`sys.prefix/share/locale`. For this diff --git a/Doc/library/platform.rst b/Doc/library/platform.rst -index 3d0743b..7e35ac8 100644 +index 26f587e..a18aecc 100644 --- a/Doc/library/platform.rst +++ b/Doc/library/platform.rst @@ -242,7 +242,7 @@ Unix Platforms @@ -46,10 +45,10 @@ index 3d0743b..7e35ac8 100644 Tries to determine the name of the Linux OS distribution name. diff --git a/Lib/platform.py b/Lib/platform.py -index e04d87f..e89fa52 100755 +index c0016a8..031f662 100755 --- a/Lib/platform.py +++ b/Lib/platform.py -@@ -292,7 +292,7 @@ _release_version = re.compile(r'([^0-9]+)' +@@ -258,7 +258,7 @@ _release_version = re.compile(r'([^0-9]+)' _supported_dists = ( 'SuSE', 'debian', 'fedora', 'redhat', 'centos', @@ -59,5 +58,5 @@ index e04d87f..e89fa52 100755 def _parse_release_file(firstline): -- -2.26.2 +1.8.3.1 diff --git a/10001-skip-pty_test.patch b/10001-skip-pty_test.patch new file mode 100644 index 0000000000000000000000000000000000000000..5fa9d2c099309fb06e6d84ee0af4805f989d82c5 --- /dev/null +++ b/10001-skip-pty_test.patch @@ -0,0 +1,24 @@ +From 9ae0215035950e246382f8fbea19b5357db4682c Mon Sep 17 00:00:00 2001 +From: ut003808 +Date: Tue, 13 Jun 2023 13:49:09 +0800 +Subject: [PATCH] skip pty_test + +--- + Lib/test/test_pty.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Lib/test/test_pty.py b/Lib/test/test_pty.py +index a0cff44..78bd4df 100644 +--- a/Lib/test/test_pty.py ++++ b/Lib/test/test_pty.py +@@ -77,6 +77,7 @@ class PtyTest(unittest.TestCase): + # remove alarm, restore old alarm handler + signal.alarm(0) + signal.signal(signal.SIGALRM, self.old_alarm) ++ @unittest.skip('Known error on aarch64') + def handle_sig(self, sig, frame): + self.fail("isatty hung") + +-- +2.18.4 + diff --git a/Python-2.7.5.tar.xz b/Python-2.7.5.tar.xz deleted file mode 100755 index 378e2e538924be7e38e7d308a7b32e9c4961bf56..0000000000000000000000000000000000000000 Binary files a/Python-2.7.5.tar.xz and /dev/null differ diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..ac5febceb32ad9cca8e3d03c36353680e48b9863 --- /dev/null +++ b/download @@ -0,0 +1 @@ +5eea8462f69ab1369d32f9c4cd6272ab Python-2.7.5.tar.xz diff --git a/libpython.stp b/libpython.stp old mode 100755 new mode 100644 diff --git a/pyfuntop.stp b/pyfuntop.stp old mode 100755 new mode 100644 diff --git a/pynche b/pynche old mode 100755 new mode 100644 diff --git a/python-2.5-cflags.patch b/python-2.5-cflags.patch old mode 100755 new mode 100644 diff --git a/python-2.5.1-plural-fix.patch b/python-2.5.1-plural-fix.patch old mode 100755 new mode 100644 diff --git a/python-2.5.1-sqlite-encoding.patch b/python-2.5.1-sqlite-encoding.patch old mode 100755 new mode 100644 diff --git a/python-2.6-rpath.patch b/python-2.6-rpath.patch old mode 100755 new mode 100644 diff --git a/python-2.6.4-distutils-rpath.patch b/python-2.6.4-distutils-rpath.patch old mode 100755 new mode 100644 diff --git a/python-2.7-lib64-sysconfig.patch b/python-2.7-lib64-sysconfig.patch old mode 100755 new mode 100644 diff --git a/python-2.7.1-config.patch b/python-2.7.1-config.patch old mode 100755 new mode 100644 diff --git a/python-2.7.1-fix_test_abc_with_COUNT_ALLOCS.patch b/python-2.7.1-fix_test_abc_with_COUNT_ALLOCS.patch old mode 100755 new mode 100644 diff --git a/python-2.7.2-add-extension-suffix-to-python-config.patch b/python-2.7.2-add-extension-suffix-to-python-config.patch old mode 100755 new mode 100644 diff --git a/python-2.7.3-debug-build.patch b/python-2.7.3-debug-build.patch old mode 100755 new mode 100644 diff --git a/python-2.7.3-lib64.patch b/python-2.7.3-lib64.patch old mode 100755 new mode 100644 diff --git a/python-2.7rc1-binutils-no-dep.patch b/python-2.7rc1-binutils-no-dep.patch old mode 100755 new mode 100644 diff --git a/python-2.7rc1-socketmodule-constants.patch b/python-2.7rc1-socketmodule-constants.patch old mode 100755 new mode 100644 diff --git a/python-2.7rc1-socketmodule-constants2.patch b/python-2.7rc1-socketmodule-constants2.patch old mode 100755 new mode 100644 diff --git a/python.conf b/python.conf old mode 100755 new mode 100644 diff --git a/python.spec b/python.spec old mode 100755 new mode 100644 index e8c15c2ed8a58a5cc35350cd638f7a750f2f434f..ac0933872928eba13012b317a9c4d6e931515675 --- a/python.spec +++ b/python.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.1 # ====================================================== # Conditionals and other variables controlling the build # ====================================================== @@ -114,7 +114,7 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{python} # Remember to also rebase python-docs when changing this: Version: 2.7.5 -Release: 92%{anolis_release}%{?dist} +Release: 93%{anolis_release}%{?dist} License: Python Group: Development/Languages Requires: %{python}-libs%{?_isa} = %{version}-%{release} @@ -1389,6 +1389,18 @@ Patch378: 00378-support-expat-2-4-5.patch # https://github.com/python/cpython/commit/49d65958e13db03b9a4240d8bdaff1a4be69a1d7 Patch380: 00380-update-test-certs.patch +# 00399 # +# gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) (#104575) +# +# * gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) +# +# `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. +# +# This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%%20any%%20leading%%20and%%20trailing%%20C0%%20control%%20or%%20space%%20from%%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). +# +# Backported to Python 2 from Python 3.12. +Patch399: 00399-CVE-2023-24329.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -1414,9 +1426,9 @@ Patch380: 00380-update-test-certs.patch # above: Patch5000: 05000-autotool-intermediates.patch - #Add by Anolis Patch10000: 10000-python-anolis-rebrand.patch +Patch10001: 10001-skip-pty_test.patch #End # ====================================================== @@ -1846,6 +1858,7 @@ mv Modules/cryptmodule.c Modules/_cryptmodule.c %patch377 -p1 %patch378 -p1 %patch380 -p1 +%patch399 -p1 # Patch 351 adds binary file for testing. We need to apply it using Git. @@ -2726,11 +2739,14 @@ rm -fr %{buildroot} # ====================================================== %changelog -* Fri Jul 01 2022 liuzhilin - 2.7.5-92.0.1 +* Mon Jun 12 2023 yangxianzhao - 2.7.5-93.0.1 - Rebrand for Anolis OS -- Cherry-pick [f096355] - Fix check build failed +* Thu May 25 2023 Lumír Balhar - 2.7.5-93 +- Fix for CVE-2023-24329 +Resolves: rhbz#2173917 + * Tue May 24 2022 Charalampos Stratakis - 2.7.5-92 - Security fix for CVE-2021-3177 Resolves: rhbz#1918168 diff --git a/systemtap-example.stp b/systemtap-example.stp old mode 100755 new mode 100644